@witnium-tech/witniumchain 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/README.md +160 -0
  2. package/dist/index.d.mts +5696 -0
  3. package/dist/index.d.ts +5696 -0
  4. package/dist/index.js +740 -0
  5. package/dist/index.js.map +1 -0
  6. package/dist/index.mjs +729 -0
  7. package/dist/index.mjs.map +1 -0
  8. package/package.json +63 -0
package/dist/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/errors.ts","../src/client.ts","../src/admin-client.ts","../src/org-client.ts"],"names":[],"mappings":";;;AAQO,IAAM,uBAAA,GAAN,cAAsC,KAAA,CAAM;AAAA,EACxC,MAAA;AAAA,EACA,UAAA;AAAA,EACA,IAAA;AAAA,EAET,YAAY,IAAA,EAKT;AACD,IAAA,KAAA,CAAM,KAAK,OAAO,CAAA;AAClB,IAAA,IAAA,CAAK,IAAA,GAAO,yBAAA;AACZ,IAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AACnB,IAAA,IAAA,CAAK,aAAa,IAAA,CAAK,UAAA;AACvB,IAAA,IAAA,CAAK,IAAA,GAAO,KAAK,IAAA,IAAQ,IAAA;AAAA,EAC3B;AACF;;;AC8LO,IAAM,wBAAN,MAA4B;AAAA,EAChB,OAAA;AAAA,EACA,GAAA;AAAA,EACA,OAAA;AAAA,EACA,SAAA;AAAA;AAAA,EAGR,aAAA;AAAA;AAAA,EAEA,aAAA;AAAA;AAAA,EAEA,IAAA;AAAA;AAAA,EAEA,KAAA;AAAA,EAET,YAAY,MAAA,EAAqC;AAC/C,IAAA,IAAI,CAAC,OAAO,OAAA,EAAS;AACnB,MAAA,MAAM,IAAI,MAAM,4CAA4C,CAAA;AAAA,IAC9D;AACA,IAAA,IAAA,CAAK,GAAA,GAAM,MAAA;AACX,IAAA,IAAA,CAAK,OAAA,GAAU,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC/C,IAAA,IAAA,CAAK,OAAA,GAAU,OAAO,OAAA,IAAW,GAAA;AACjC,IAAA,IAAA,CAAK,SAAA,GAAY,MAAA,CAAO,KAAA,IAAS,UAAA,CAAW,KAAA;AAC5C,IAAA,IAAI,CAAC,KAAK,SAAA,EAAW;AACnB,MAAA,MAAM,IAAI,KAAA;AAAA,QACR;AAAA,OACF;AAAA,IACF;AACA,IAAA,IAAA,CAAK,aAAA,GAAgB,IAAI,aAAA,CAAc,IAAI,CAAA;AAC3C,IAAA,IAAA,CAAK,aAAA,GAAgB,IAAI,aAAA,CAAc,IAAI,CAAA;AAC3C,IAAA,IAAA,CAAK,IAAA,GAAO,IAAI,WAAA,CAAY,IAAI,CAAA;AAChC,IAAA,IAAA,CAAK,KAAA,GAAQ,IAAI,cAAA,CAAe,IAAI,CAAA;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,EAAA,GAA+B;AAC7B,IAAA,OAAO,KAAK,UAAA,EAAW;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,IAAA,EAA8C;AACnD,IAAA,OAAO,IAAA,CAAK,IAAI,MAAA,EAAQ,iBAAA,EAAmB,EAAE,IAAA,EAAM,QAAA,EAAU,MAAM,CAAA;AAAA,EACrE;AAAA,EAEA,YAAY,KAAA,EAA6C;AACvD,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,KAAA,EAAO,iBAAA,EAAmB;AAAA,MACxC,IAAA,EAAM,QAAA;AAAA,MACN,KAAA,EAAO,EAAE,KAAA;AAAM,KAChB,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,IAAA,EAA4C;AAChD,IAAA,OAAO,IAAA,CAAK,IAAI,MAAA,EAAQ,gBAAA,EAAkB,EAAE,IAAA,EAAM,QAAA,EAAU,MAAM,CAAA;AAAA,EACpE;AAAA,EAEA,MAAA,GAAkC;AAChC,IAAA,OAAO,KAAK,GAAA,CAAI,MAAA,EAAQ,mBAAmB,EAAE,IAAA,EAAM,UAAU,CAAA;AAAA,EAC/D;AAAA,EAEA,eAAe,IAAA,EAA8D;AAC3E,IAAA,OAAO,IAAA,CAAK,IAAI,MAAA,EAAQ,0BAAA,EAA4B,EAAE,IAAA,EAAM,QAAA,EAAU,MAAM,CAAA;AAAA,EAC9E;AAAA,EAEA,cAAc,IAAA,EAA4D;AACxE,IAAA,OAAO,IAAA,CAAK,IAAI,MAAA,EAAQ,yBAAA,EAA2B,EAAE,IAAA,EAAM,QAAA,EAAU,MAAM,CAAA;AAAA,EAC7E;AAAA;AAAA;AAAA;AAAA,EAMA,sBAAsB,IAAA,EAAkD;AACtE,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,MAAA,EAAQ,sBAAA,EAAwB;AAAA,MAC9C,IAAA,EAAM,eAAA;AAAA,MACN;AAAA,KACD,CAAA;AAAA,EACH;AAAA,EAEA,mBAAA,GAA+C;AAC7C,IAAA,OAAO,KAAK,GAAA,CAAI,KAAA,EAAO,sBAAsB,EAAE,IAAA,EAAM,iBAAiB,CAAA;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,QAAA,GAAuC;AACrC,IAAA,OAAO,KAAK,GAAA,CAAI,KAAA,EAAO,eAAe,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EAC7D;AAAA,EAEA,cAAc,IAAA,EAAsD;AAClE,IAAA,OAAO,IAAA,CAAK,IAAI,MAAA,EAAQ,mBAAA,EAAqB,EAAE,IAAA,EAAM,WAAA,EAAa,MAAM,CAAA;AAAA,EAC1E;AAAA,EAEA,YAAA,GAA2C;AACzC,IAAA,OAAO,KAAK,GAAA,CAAI,KAAA,EAAO,qBAAqB,EAAE,IAAA,EAAM,aAAa,CAAA;AAAA,EACnE;AAAA;AAAA;AAAA;AAAA,EAMA,mBACE,IAAA,EACqC;AACrC,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,MAAA,EAAQ,yBAAA,EAA2B;AAAA,MACjD,IAAA,EAAM,YAAA;AAAA,MACN;AAAA,KACD,CAAA;AAAA,EACH;AAAA,EAEA,iBAAA,CACE,IACA,IAAA,EACiC;AACjC,IAAA,OAAO,IAAA,CAAK,GAAA;AAAA,MACV,OAAA;AAAA,MACA,CAAA,wBAAA,EAA2B,kBAAA,CAAmB,EAAE,CAAC,CAAA,aAAA,CAAA;AAAA,MACjD,EAAE,IAAA,EAAM,YAAA,EAAc,IAAA;AAAK,KAC7B;AAAA,EACF;AAAA,EAEA,mBAAmB,EAAA,EAAiD;AAClE,IAAA,OAAO,IAAA,CAAK,GAAA;AAAA,MACV,OAAA;AAAA,MACA,CAAA,wBAAA,EAA2B,kBAAA,CAAmB,EAAE,CAAC,CAAA,OAAA,CAAA;AAAA,MACjD,EAAE,MAAM,YAAA;AAAa,KACvB;AAAA,EACF;AAAA,EAEA,gBAAgB,EAAA,EAA2C;AACzD,IAAA,OAAO,IAAA,CAAK,GAAA;AAAA,MACV,MAAA;AAAA,MACA,CAAA,wBAAA,EAA2B,kBAAA,CAAmB,EAAE,CAAC,CAAA,WAAA,CAAA;AAAA,MACjD,EAAE,MAAM,YAAA;AAAa,KACvB;AAAA,EACF;AAAA,EAEA,gBAAA,CACE,IACA,IAAA,EACgC;AAChC,IAAA,OAAO,IAAA,CAAK,GAAA;AAAA,MACV,MAAA;AAAA,MACA,CAAA,wBAAA,EAA2B,kBAAA,CAAmB,EAAE,CAAC,CAAA,eAAA,CAAA;AAAA,MACjD,EAAE,IAAA,EAAM,YAAA,EAAc,IAAA;AAAK,KAC7B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA,kBAAkB,KAAA,EAGqB;AACrC,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,KAAA,EAAO,6BAAA,EAA+B;AAAA,MACpD,IAAA,EAAM,WAAA;AAAA,MACN,KAAA,EAAO,SAAS;AAAC,KAClB,CAAA;AAAA,EACH;AAAA,EAEA,oBACE,IAAA,EACuC;AACvC,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,MAAA,EAAQ,6BAAA,EAA+B;AAAA,MACrD,IAAA,EAAM,WAAA;AAAA,MACN;AAAA,KACD,CAAA;AAAA,EACH;AAAA,EAEA,kBAAA,CACE,IACA,IAAA,EACqC;AACrC,IAAA,OAAO,IAAA,CAAK,GAAA;AAAA,MACV,MAAA;AAAA,MACA,CAAA,4BAAA,EAA+B,kBAAA,CAAmB,EAAE,CAAC,CAAA,OAAA,CAAA;AAAA,MACrD,EAAE,IAAA,EAAM,WAAA,EAAa,IAAA;AAAK,KAC5B;AAAA,EACF;AAAA,EAEA,mBAAmB,EAAA,EAAiD;AAClE,IAAA,OAAO,IAAA,CAAK,GAAA;AAAA,MACV,QAAA;AAAA,MACA,CAAA,4BAAA,EAA+B,kBAAA,CAAmB,EAAE,CAAC,CAAA,CAAA;AAAA,MACrD,EAAE,MAAM,WAAA;AAAY,KACtB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA,IAAA,CAAK,MAAmB,SAAA,EAA2C;AACjE,IAAA,MAAM,OAAA,GAAU,SAAA,GAAY,EAAE,cAAA,EAAgB,WAAU,GAAI,MAAA;AAC5D,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,MAAA,EAAQ,UAAA,EAAY;AAAA,MAClC,IAAA,EAAM,WAAA;AAAA,MACN,IAAA;AAAA,MACA,GAAI,OAAA,GAAU,EAAE,OAAA,KAAY;AAAC,KAC9B,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAMA,kBACE,IAAA,EACoC;AACpC,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,MAAA,EAAQ,yBAAA,EAA2B;AAAA,MACjD,IAAA,EAAM,QAAA;AAAA,MACN;AAAA,KACD,CAAA;AAAA,EACH;AAAA,EAEA,cAAc,IAAA,EAA4D;AACxE,IAAA,OAAO,IAAA,CAAK,IAAI,MAAA,EAAQ,UAAA,EAAY,EAAE,IAAA,EAAM,eAAA,EAAiB,MAAM,CAAA;AAAA,EACrE;AAAA,EAEA,iBACE,IAAA,EACmC;AACnC,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,MAAA,EAAQ,iBAAA,EAAmB;AAAA,MACzC,IAAA,EAAM,eAAA;AAAA,MACN;AAAA,KACD,CAAA;AAAA,EACH;AAAA,EAEA,cAAc,IAAA,EAA4C;AACxD,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,MAAA,EAAQ,qBAAA,EAAuB;AAAA,MAC7C,IAAA,EAAM,eAAA;AAAA,MACN;AAAA,KACD,CAAA;AAAA,EACH;AAAA,EAEA,gBAAgB,IAAA,EAAgD;AAC9D,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,MAAA,EAAQ,uBAAA,EAAyB;AAAA,MAC/C,IAAA,EAAM,eAAA;AAAA,MACN;AAAA,KACD,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAMA,cAAA,CACE,eAAA,EACA,IAAA,EACA,cAAA,EACiC;AAKjC,IAAA,MAAM,GAAA,GAAM,kBAAkB,UAAA,EAAW;AACzC,IAAA,OAAO,IAAA,CAAK,GAAA;AAAA,MACV,MAAA;AAAA,MACA,CAAA,cAAA,EAAiB,kBAAA,CAAmB,eAAe,CAAC,CAAA,kBAAA,CAAA;AAAA,MACpD,EAAE,MAAM,eAAA,EAAiB,IAAA,EAAM,SAAS,EAAE,iBAAA,EAAmB,KAAI;AAAE,KACrE;AAAA,EACF;AAAA,EAEA,WAAA,CACE,eAAA,EACA,SAAA,EACA,IAAA,EAC8B;AAC9B,IAAA,OAAO,IAAA,CAAK,GAAA;AAAA,MACV,MAAA;AAAA,MACA,iBAAiB,kBAAA,CAAmB,eAAe,CAAC,CAAA,WAAA,EAAc,kBAAA,CAAmB,SAAS,CAAC,CAAA,KAAA,CAAA;AAAA,MAC/F,EAAE,IAAA,EAAM,eAAA,EAAiB,IAAA;AAAK,KAChC;AAAA,EACF;AAAA,EAEA,eAAA,CACE,iBACA,SAAA,EACkC;AAClC,IAAA,OAAO,IAAA,CAAK,GAAA;AAAA,MACV,MAAA;AAAA,MACA,iBAAiB,kBAAA,CAAmB,eAAe,CAAC,CAAA,WAAA,EAAc,kBAAA,CAAmB,SAAS,CAAC,CAAA,SAAA,CAAA;AAAA,MAC/F,EAAE,MAAM,eAAA;AAAgB,KAC1B;AAAA,EACF;AAAA,EAEA,aAAA,CACE,eAAA,EACA,SAAA,EACA,IAAA,EACA,cAAA,EACgC;AAChC,IAAA,MAAM,GAAA,GAAM,kBAAkB,UAAA,EAAW;AACzC,IAAA,OAAO,IAAA,CAAK,GAAA;AAAA,MACV,MAAA;AAAA,MACA,iBAAiB,kBAAA,CAAmB,eAAe,CAAC,CAAA,WAAA,EAAc,kBAAA,CAAmB,SAAS,CAAC,CAAA,OAAA,CAAA;AAAA,MAC/F,EAAE,MAAM,eAAA,EAAiB,IAAA,EAAM,SAAS,EAAE,iBAAA,EAAmB,KAAI;AAAE,KACrE;AAAA,EACF;AAAA,EAEA,UAAA,CACE,iBACA,SAAA,EAC6B;AAC7B,IAAA,OAAO,IAAA,CAAK,GAAA;AAAA,MACV,KAAA;AAAA,MACA,iBAAiB,kBAAA,CAAmB,eAAe,CAAC,CAAA,WAAA,EAAc,kBAAA,CAAmB,SAAS,CAAC,CAAA,CAAA;AAAA,MAC/F,EAAE,MAAM,QAAA;AAAS,KACnB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,gBAAA,CACE,eAAA,EACA,IAAA,EACA,cAAA,EACmC;AACnC,IAAA,MAAM,GAAA,GAAM,kBAAkB,UAAA,EAAW;AACzC,IAAA,OAAO,IAAA,CAAK,GAAA;AAAA,MACV,MAAA;AAAA,MACA,CAAA,cAAA,EAAiB,kBAAA,CAAmB,eAAe,CAAC,CAAA,kBAAA,CAAA;AAAA,MACpD,EAAE,MAAM,WAAA,EAAa,IAAA,EAAM,SAAS,EAAE,iBAAA,EAAmB,KAAI;AAAE,KACjE;AAAA,EACF;AAAA,EAEA,aAAA,CACE,eAAA,EACA,QAAA,EACA,IAAA,EACoC;AACpC,IAAA,OAAO,IAAA,CAAK,GAAA;AAAA,MACV,MAAA;AAAA,MACA,iBAAiB,kBAAA,CAAmB,eAAe,CAAC,CAAA,WAAA,EAAc,kBAAA,CAAmB,QAAQ,CAAC,CAAA,KAAA,CAAA;AAAA,MAC9F,EAAE,IAAA,EAAM,WAAA,EAAa,IAAA;AAAK,KAC5B;AAAA,EACF;AAAA,EAEA,iBAAA,CACE,iBACA,QAAA,EACoC;AACpC,IAAA,OAAO,IAAA,CAAK,GAAA;AAAA,MACV,MAAA;AAAA,MACA,iBAAiB,kBAAA,CAAmB,eAAe,CAAC,CAAA,WAAA,EAAc,kBAAA,CAAmB,QAAQ,CAAC,CAAA,SAAA,CAAA;AAAA,MAC9F,EAAE,MAAM,WAAA;AAAY,KACtB;AAAA,EACF;AAAA,EAEA,eAAA,CACE,eAAA,EACA,SAAA,EACA,IAAA,EACA,cAAA,EACkC;AAClC,IAAA,MAAM,GAAA,GAAM,kBAAkB,UAAA,EAAW;AACzC,IAAA,OAAO,IAAA,CAAK,GAAA;AAAA,MACV,MAAA;AAAA,MACA,iBAAiB,kBAAA,CAAmB,eAAe,CAAC,CAAA,WAAA,EAAc,kBAAA,CAAmB,SAAS,CAAC,CAAA,OAAA,CAAA;AAAA,MAC/F,EAAE,MAAM,WAAA,EAAa,IAAA,EAAM,SAAS,EAAE,iBAAA,EAAmB,KAAI;AAAE,KACjE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA,UAAA,GAAuC;AACrC,IAAA,OAAO,KAAK,GAAA,CAAI,KAAA,EAAO,eAAe,EAAE,IAAA,EAAM,iBAAiB,CAAA;AAAA,EACjE;AAAA,EAEA,SAAA,GAAqC;AACnC,IAAA,OAAO,KAAK,GAAA,CAAI,KAAA,EAAO,sBAAsB,EAAE,IAAA,EAAM,iBAAiB,CAAA;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA,EAMA,iBAAA,GAAwD;AACtD,IAAA,OAAO,KAAK,GAAA,CAAI,KAAA,EAAO,sBAAsB,EAAE,IAAA,EAAM,iBAAiB,CAAA;AAAA,EACxE;AAAA,EAEA,mBAAmB,GAAA,EAA4B;AAC7C,IAAA,OAAO,KAAK,GAAA,CAAI,QAAA,EAAU,sBAAsB,kBAAA,CAAmB,GAAG,CAAC,CAAA,CAAA,EAAI;AAAA,MACzE,IAAA,EAAM,eAAA;AAAA,MACN,eAAA,EAAiB;AAAA,KAClB,CAAA;AAAA,EACH;AAAA,EAEA,sBAAA,GAAwC;AACtC,IAAA,OAAO,IAAA,CAAK,GAAA,CAAI,QAAA,EAAU,oBAAA,EAAsB;AAAA,MAC9C,IAAA,EAAM,eAAA;AAAA,MACN,eAAA,EAAiB;AAAA,KAClB,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAMA,UAAA,GAA0C;AACxC,IAAA,OAAO,KAAK,GAAA,CAAI,KAAA,EAAO,gBAAgB,EAAE,IAAA,EAAM,UAAU,CAAA;AAAA,EAC3D;AAAA,EAEA,WAAA,GAA4C;AAC1C,IAAA,OAAO,KAAK,GAAA,CAAI,KAAA,EAAO,iBAAiB,EAAE,IAAA,EAAM,UAAU,CAAA;AAAA,EAC5D;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,GAAA,CACZ,MAAA,EACA,IAAA,EACA,IAAA,EACY;AACZ,IAAA,MAAM,GAAA,GAAM,IAAA,CAAK,QAAA,CAAS,IAAA,EAAM,KAAK,KAAK,CAAA;AAC1C,IAAA,MAAM,OAAA,GAAkC;AAAA,MACtC,MAAA,EAAQ,kBAAA;AAAA,MACR,GAAI,IAAA,CAAK,OAAA,IAAW;AAAC,KACvB;AAEA,IAAA,IAAI,IAAA,CAAK,SAAS,MAAA,EAAW;AAC3B,MAAA,OAAA,CAAQ,cAAc,CAAA,GAAI,kBAAA;AAAA,IAC5B;AAEA,IAAA,MAAM,UAAA,GACJ,KAAK,IAAA,KAAS,MAAA,GAAY,KAAK,SAAA,CAAU,IAAA,CAAK,IAAI,CAAA,GAAI,MAAA;AAExD,IAAA,MAAM,IAAA,CAAK,UAAU,OAAA,EAAS,IAAA,CAAK,MAAM,MAAA,EAAQ,IAAA,EAAM,cAAc,EAAE,CAAA;AAEvE,IAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,IAAA,MAAM,QAAQ,UAAA,CAAW,MAAM,WAAW,KAAA,EAAM,EAAG,KAAK,OAAO,CAAA;AAE/D,IAAA,IAAI,GAAA;AACJ,IAAA,IAAI;AACF,MAAA,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CAAU,GAAA,EAAK;AAAA,QAC9B,MAAA;AAAA,QACA,OAAA;AAAA,QACA,IAAA,EAAM,UAAA;AAAA,QACN,QAAQ,UAAA,CAAW,MAAA;AAAA;AAAA;AAAA,QAGnB,WAAA,EAAa;AAAA,OACd,CAAA;AAAA,IACH,SAAS,GAAA,EAAK;AACZ,MAAA,MAAM,IAAI,uBAAA,CAAwB;AAAA,QAChC,MAAA,EAAQ,CAAA;AAAA,QACR,OAAA,EACE,GAAA,YAAe,KAAA,GACX,CAAA,yBAAA,EAA4B,IAAA,CAAK,OAAO,CAAA,EAAA,EAAK,GAAA,CAAI,OAAO,CAAA,CAAA,GACxD,CAAA,yBAAA,EAA4B,IAAA,CAAK,OAAO,CAAA;AAAA,OAC/C,CAAA;AAAA,IACH,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,KAAK,CAAA;AAAA,IACpB;AAEA,IAAA,IAAI,KAAK,eAAA,EAAiB;AACxB,MAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,QAAA,MAAM,MAAM,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA;AAAA,MACjC;AACA,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,EAAK;AAC5B,IAAA,IAAI,MAAA,GAAkB,IAAA;AACtB,IAAA,IAAI,IAAA,CAAK,SAAS,CAAA,EAAG;AACnB,MAAA,IAAI;AACF,QAAA,MAAA,GAAS,IAAA,CAAK,MAAM,IAAI,CAAA;AAAA,MAC1B,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AAEA,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,IAAA,CAAK,aAAA,CAAc,GAAA,CAAI,MAAA,EAAQ,QAAQ,IAAI,CAAA;AAAA,IACnD;AAEA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA,EAEQ,QAAA,CACN,MACA,KAAA,EACQ;AACR,IAAA,IAAI,CAAC,KAAA,EAAO,OAAO,GAAG,IAAA,CAAK,OAAO,GAAG,IAAI,CAAA,CAAA;AACzC,IAAA,MAAM,EAAA,GAAK,IAAI,eAAA,EAAgB;AAC/B,IAAA,KAAA,MAAW,CAAC,CAAA,EAAG,CAAC,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AAC1C,MAAA,IAAI,MAAM,MAAA,EAAW,EAAA,CAAG,IAAI,CAAA,EAAG,MAAA,CAAO,CAAC,CAAC,CAAA;AAAA,IAC1C;AACA,IAAA,MAAM,MAAA,GAAS,GAAG,QAAA,EAAS;AAC3B,IAAA,OAAO,MAAA,GAAS,CAAA,EAAG,IAAA,CAAK,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA,GAAK,CAAA,EAAG,IAAA,CAAK,OAAO,GAAG,IAAI,CAAA,CAAA;AAAA,EAC7E;AAAA,EAEA,MAAc,SAAA,CACZ,OAAA,EACA,IAAA,EACA,MAAA,EACA,MACA,UAAA,EACe;AACf,IAAA,QAAQ,IAAA;AAAM,MACZ,KAAK,QAAA;AACH,QAAA;AAAA,MACF,KAAK,eAAA,EAAiB;AACpB,QAAA,IAAI,IAAA,CAAK,IAAI,aAAA,EAAe;AAI1B,UAAA,OAAA,CAAQ,QAAQ,CAAA,GAAI,CAAA,YAAA,EAAe,IAAA,CAAK,IAAI,aAAa,CAAA,CAAA;AAAA,QAC3D;AACA,QAAA;AAAA,MACF;AAAA,MACA,KAAK,WAAA,EAAa;AAChB,QAAA,IAAI,CAAC,IAAA,CAAK,GAAA,CAAI,WAAA,EAAa;AACzB,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,CAAA,uBAAA,EAA0B,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA,yEAAA;AAAA,WAC1C;AAAA,QACF;AACA,QAAA,OAAA,CAAQ,eAAe,CAAA,GAAI,CAAA,OAAA,EAAU,IAAA,CAAK,IAAI,WAAW,CAAA,CAAA;AACzD,QAAA;AAAA,MACF;AAAA,MACA,KAAK,WAAA,EAAa;AAChB,QAAA,IAAI,CAAC,IAAA,CAAK,GAAA,CAAI,SAAA,EAAW;AACvB,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,CAAA,uBAAA,EAA0B,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA,yEAAA;AAAA,WAC1C;AAAA,QACF;AACA,QAAA,OAAA,CAAQ,eAAe,CAAA,GAAI,CAAA,OAAA,EAAU,IAAA,CAAK,IAAI,SAAS,CAAA,CAAA;AACvD,QAAA;AAAA,MACF;AAAA,MACA,KAAK,YAAA,EAAc;AACjB,QAAA,IAAI,CAAC,IAAA,CAAK,GAAA,CAAI,UAAA,EAAY;AACxB,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,CAAA,uBAAA,EAA0B,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA,iEAAA;AAAA,WAC1C;AAAA,QACF;AACA,QAAA,OAAA,CAAQ,eAAe,CAAA,GAAI,CAAA,OAAA,EAAU,IAAA,CAAK,IAAI,UAAU,CAAA,CAAA;AACxD,QAAA;AAAA,MACF;AAAA,MACA,KAAK,eAAA,EAAiB;AACpB,QAAA,IAAI,CAAC,IAAA,CAAK,GAAA,CAAI,aAAA,EAAe;AAC3B,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,CAAA,uBAAA,EAA0B,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA,6EAAA;AAAA,WAC1C;AAAA,QACF;AACA,QAAA,MAAM,SAAA,GAAY,KAAK,KAAA,CAAM,IAAA,CAAK,KAAI,GAAI,GAAI,EAAE,QAAA,EAAS;AACzD,QAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,UAAU,CAAA;AAI3C,QAAA,MAAM,OAAA,GAAU,OAAA,CAAQ,iBAAiB,CAAA,IAAK,EAAA;AAC9C,QAAA,MAAM,SAAA,GAAY,CAAA,EAAG,MAAA,CAAO,WAAA,EAAa;AAAA,EAAK,IAAI;AAAA,EAAK,SAAS;AAAA,EAAK,OAAO;AAAA,EAAK,QAAQ,CAAA,CAAA;AACzF,QAAA,MAAM,YAAY,MAAM,IAAA,CAAK,GAAA,CAAI,aAAA,CAAc,KAAK,SAAS,CAAA;AAC7D,QAAA,OAAA,CAAQ,eAAe,CAAA,GAAI,IAAA,CAAK,GAAA,CAAI,aAAA,CAAc,YAAA;AAClD,QAAA,OAAA,CAAQ,qBAAqB,CAAA,GAAI,SAAA;AACjC,QAAA,OAAA,CAAQ,qBAAqB,CAAA,GAAI,SAAA;AACjC,QAAA;AAAA,MACF;AAAA;AACF,EACF;AAAA,EAEQ,aAAA,CACN,MAAA,EACA,MAAA,EACA,OAAA,EACyB;AACzB,IAAA,MAAM,IAAA,GAAO,MAAA;AAGb,IAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,IAAA,EAAM,OAAO,CAAA,GACvC,IAAA,CAAM,QAAQ,IAAA,CAAK,IAAI,IACvB,OAAO,IAAA,EAAM,YAAY,QAAA,GACvB,IAAA,CAAM,UACN,IAAA,EAAM,KAAA,IAAS,QAAQ,MAAM,CAAA,CAAA;AACnC,IAAA,OAAO,IAAI,uBAAA,CAAwB;AAAA,MACjC,MAAA;AAAA,MACA,OAAA;AAAA,MACA,YAAY,IAAA,EAAM,KAAA;AAAA,MAClB,MAAM,MAAA,IAAU;AAAA,KACjB,CAAA;AAAA,EACH;AAAA,EAEA,MAAc,WAAW,GAAA,EAAiD;AACxE,IAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,EAAK;AAC5B,IAAA,IAAI,MAAA,GAAkB,IAAA;AACtB,IAAA,IAAI,IAAA,CAAK,SAAS,CAAA,EAAG;AACnB,MAAA,IAAI;AACF,QAAA,MAAA,GAAS,IAAA,CAAK,MAAM,IAAI,CAAA;AAAA,MAC1B,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AACA,IAAA,OAAO,IAAA,CAAK,aAAA,CAAc,GAAA,CAAI,MAAA,EAAQ,QAAQ,IAAI,CAAA;AAAA,EACpD;AACF;AAaO,IAAM,gBAAN,MAAoB;AAAA,EACzB,YAA6B,MAAA,EAA+B;AAA/B,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA,EAAgC;AAAA,EAAhC,MAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAO7B,UAAU,IAAA,EAAkD;AAC1D,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,qBAAA,CAAsB,IAAI,CAAA;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAA,GAAkC;AAChC,IAAA,OAAO,IAAA,CAAK,OAAO,mBAAA,EAAoB;AAAA,EACzC;AAAA;AAAA,EAGA,SAAA,GAAqC;AACnC,IAAA,OAAO,IAAA,CAAK,OAAO,SAAA,EAAU;AAAA,EAC/B;AACF;AAGO,IAAM,gBAAN,MAAoB;AAAA,EACzB,YAA6B,MAAA,EAA+B;AAA/B,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA,EAAgC;AAAA,EAAhC,MAAA;AAAA;AAAA,EAG7B,KAAK,KAAA,EAGkC;AACrC,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,iBAAA,CAAkB,KAAK,CAAA;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBA,MAAM,UACJ,IAAA,EACsC;AACtC,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,MAAA,CAAO,mBAAA,CAAoB;AAAA,MACjD,iBAAiB,IAAA,CAAK;AAAA,KACvB,CAAA;AACD,IAAA,MAAM,iBAAiB,MAAM,IAAA,CAAK,WAAA,CAAY,IAAA,CAAK,KAAK,aAAa,CAAA;AACrE,IAAA,IAAI,GAAA,GAAM,MAAM,IAAA,CAAK,MAAA,CAAO,mBAAmB,IAAA,CAAK,EAAA,EAAI,EAAE,cAAA,EAAgB,CAAA;AAE1E,IAAA,IAAI,CAAC,IAAI,SAAA,EAAW;AAClB,MAAA,MAAM,QAAA,GAAW,KAAK,cAAA,IAAkB,GAAA;AACxC,MAAA,MAAM,OAAA,GAAU,KAAK,aAAA,IAAiB,GAAA;AACtC,MAAA,MAAM,QAAA,GAAW,IAAA,CAAK,GAAA,EAAI,GAAI,OAAA;AAC9B,MAAA,OAAO,CAAC,GAAA,CAAI,SAAA,IAAa,IAAA,CAAK,GAAA,KAAQ,QAAA,EAAU;AAC9C,QAAA,MAAM,MAAM,QAAQ,CAAA;AACpB,QAAA,GAAA,GAAM,MAAM,IAAA,CAAK,MAAA,CAAO,mBAAmB,IAAA,CAAK,EAAA,EAAI,EAAE,CAAA;AAAA,MACxD;AAAA,IACF;AAEA,IAAA,OAAO;AAAA,MACL,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,iBAAiB,GAAA,CAAI,eAAA;AAAA,MACrB,WAAW,GAAA,CAAI,SAAA;AAAA,MACf,aAAa,GAAA,CAAI;AAAA,KACnB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAO,EAAA,EAAiD;AACtD,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,kBAAA,CAAmB,EAAE,CAAA;AAAA,EAC1C;AACF;AAUO,IAAM,cAAN,MAAkB;AAAA,EACvB,YAA6B,MAAA,EAA+B;AAA/B,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA,EAAgC;AAAA,EAAhC,MAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAO7B,MAAM,IAAA,GAAgD;AACpD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,MAAA,CAAO,UAAA,EAAW;AAC7C,IAAA,OAAO,OAAA,CAAQ,WAAA;AAAA,EACjB;AAAA,EAEA,IAAI,IAAA,EAA4D;AAC9D,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,aAAA,CAAc,IAAI,CAAA;AAAA,EACvC;AAAA,EAEA,OAAO,IAAA,EAAkE;AACvE,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,gBAAA,CAAiB,IAAI,CAAA;AAAA,EAC1C;AACF;AAGO,IAAM,iBAAN,MAAqB;AAAA,EACjB,QAAA;AAAA,EACT,YAAY,MAAA,EAA+B;AACzC,IAAA,IAAA,CAAK,QAAA,GAAW,IAAI,aAAA,CAAc,MAAM,CAAA;AAAA,EAC1C;AACF;AAEO,IAAM,gBAAN,MAAoB;AAAA,EACzB,YAA6B,MAAA,EAA+B;AAA/B,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA,EAAgC;AAAA,EAAhC,MAAA;AAAA,EAE7B,IAAA,GAA2C;AACzC,IAAA,OAAO,IAAA,CAAK,OAAO,iBAAA,EAAkB;AAAA,EACvC;AAAA,EAEA,OAAO,GAAA,EAA4B;AACjC,IAAA,OAAO,IAAA,CAAK,MAAA,CAAO,kBAAA,CAAmB,GAAG,CAAA;AAAA,EAC3C;AAAA,EAEA,SAAA,GAA2B;AACzB,IAAA,OAAO,IAAA,CAAK,OAAO,sBAAA,EAAuB;AAAA,EAC5C;AACF;AAEA,SAAS,MAAM,EAAA,EAA2B;AACxC,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,EAAE,CAAC,CAAA;AACzD;AAOA,SAAS,UAAA,GAAqB;AAC5B,EAAA,MAAM,IAAK,UAAA,CAA0D,MAAA;AACrE,EAAA,IAAI,CAAC,GAAG,UAAA,EAAY;AAClB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KACF;AAAA,EACF;AACA,EAAA,OAAO,EAAE,UAAA,EAAW;AACtB;AAMA,eAAe,UAAU,KAAA,EAAgC;AACvD,EAAA,MAAM,MAAA,GAAU,WAAsD,MAAA,EAClE,MAAA;AACJ,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KACF;AAAA,EACF;AACA,EAAA,MAAM,IAAA,GAAO,IAAI,WAAA,EAAY,CAAE,OAAO,KAAK,CAAA;AAC3C,EAAA,MAAM,MAAA,GAAS,MAAM,MAAA,CAAO,MAAA,CAAO,WAAW,IAAI,CAAA;AAClD,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,GAAA,GAAM,EAAA;AACV,EAAA,KAAA,MAAW,CAAA,IAAK,OAAO,GAAA,IAAO,CAAA,CAAE,SAAS,EAAE,CAAA,CAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAA;AAC5D,EAAA,OAAO,GAAA;AACT;;;ACr+BO,IAAM,6BAAN,MAAiC;AAAA,EACrB,KAAA;AAAA,EAEjB,YAAY,MAAA,EAA0C;AACpD,IAAA,IAAI,CAAC,OAAO,UAAA,EAAY;AACtB,MAAA,MAAM,IAAI,MAAM,oDAAoD,CAAA;AAAA,IACtE;AACA,IAAA,IAAA,CAAK,KAAA,GAAQ,IAAI,qBAAA,CAAsB;AAAA,MACrC,SAAS,MAAA,CAAO,OAAA;AAAA,MAChB,YAAY,MAAA,CAAO,UAAA;AAAA,MACnB,SAAS,MAAA,CAAO,OAAA;AAAA,MAChB,OAAO,MAAA,CAAO;AAAA,KACf,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,mBACE,IAAA,EACqC;AACrC,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,kBAAA,CAAmB,IAAI,CAAA;AAAA,EAC3C;AAAA;AAAA,EAGA,cAAA,CACE,OACA,WAAA,EACiC;AACjC,IAAA,OAAO,KAAK,KAAA,CAAM,iBAAA,CAAkB,KAAA,EAAO,EAAE,aAAa,CAAA;AAAA,EAC5D;AAAA;AAAA,EAGA,YAAY,KAAA,EAAoD;AAC9D,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,kBAAA,CAAmB,KAAK,CAAA;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,KAAA,EAA8C;AACzD,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,eAAA,CAAgB,KAAK,CAAA;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,aAAA,CACE,KAAA,EACA,KAAA,EACA,IAAA,EACgC;AAChC,IAAA,OAAO,KAAK,KAAA,CAAM,gBAAA,CAAiB,OAAO,EAAE,KAAA,EAAO,MAAM,CAAA;AAAA,EAC3D;AACF;;;ACrEO,IAAM,2BAAN,MAA+B;AAAA,EACnB,KAAA;AAAA;AAAA,EAER,KAAA;AAAA,EAET,YAAY,MAAA,EAAwC;AAClD,IAAA,IAAI,CAAC,OAAO,SAAA,EAAW;AACrB,MAAA,MAAM,IAAI,MAAM,iDAAiD,CAAA;AAAA,IACnE;AACA,IAAA,IAAA,CAAK,KAAA,GAAQ,IAAI,qBAAA,CAAsB;AAAA,MACrC,SAAS,MAAA,CAAO,OAAA;AAAA,MAChB,WAAW,MAAA,CAAO,SAAA;AAAA,MAClB,SAAS,MAAA,CAAO,OAAA;AAAA,MAChB,OAAO,MAAA,CAAO;AAAA,KACf,CAAA;AACD,IAAA,IAAA,CAAK,KAAA,GAAQ,IAAI,QAAA,CAAS,IAAA,CAAK,KAAK,CAAA;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,EAAA,GAAiC;AAC/B,IAAA,OAAO,IAAA,CAAK,MAAM,QAAA,EAAS;AAAA,EAC7B;AACF;AAGO,IAAM,WAAN,MAAe;AAAA,EACpB,YAA6B,KAAA,EAA8B;AAA9B,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAAA,EAA+B;AAAA,EAA/B,KAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAM7B,OAAO,IAAA,EAAsD;AAC3D,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,aAAA,CAAc,IAAI,CAAA;AAAA,EACtC;AAAA;AAAA,EAGA,IAAA,GAAmC;AACjC,IAAA,OAAO,IAAA,CAAK,MAAM,YAAA,EAAa;AAAA,EACjC;AACF","file":"index.js","sourcesContent":["/**\n * Error thrown for any non-2xx response from the accounts API.\n *\n * The accounts service emits NestJS-style HttpException bodies — typically\n * `{ statusCode: number; error: string; message: string | string[] }`. Both\n * shapes are forwarded as `body`; the more useful fields are surfaced as\n * top-level properties.\n */\nexport class WitniumAccountsApiError extends Error {\n readonly status: number;\n readonly errorLabel: string | undefined;\n readonly body: unknown;\n\n constructor(args: {\n status: number;\n message: string;\n errorLabel?: string | undefined;\n body?: unknown;\n }) {\n super(args.message);\n this.name = 'WitniumAccountsApiError';\n this.status = args.status;\n this.errorLabel = args.errorLabel;\n this.body = args.body ?? null;\n }\n}\n","/**\n * WitniumAccountsClient — typed HTTP client for the WitniumChain accounts API.\n *\n * This is the v1 \"shell\" client: one low-level method per OpenAPI route.\n * Thread 4 (per docs/PLAN-PHASE-C-HARDEN-SURFACES.md) will layer three\n * higher-level clients on top — `WitniumAccountsClient` (end-user),\n * `WitniumAccountsOrgClient` (org admin), `WitniumAccountsAdminClient`\n * (sysadmin) — with ergonomic helpers for signup, subscriptions,\n * delegated-key provisioning, Stripe Connect onboarding, etc.\n *\n * Auth model — five distinct credentials, each used by a known subset of\n * routes. Configure whichever you'll actually use; methods that need a\n * credential you didn't supply throw at call time.\n *\n * - sessionCookie — `wac_session` value for browser-cookie routes.\n * - accessToken — OAuth Bearer JWT for end-user API.\n * - orgApiKey — `wcorg_live_…` for org admin.\n * - adminToken — sysadmin token.\n * - signedRequest — Ed25519 signer for SDK signed-request routes\n * (witnesses propose/sign/finalize/revoke). The SDK\n * does the canonical-message construction; you supply\n * only the public key + signing callback.\n *\n * Every request/response type is derived from the published OpenAPI spec.\n * A CI drift test in the accounts repo asserts the spec matches what the\n * deployed server serves; another asserts the regenerated SDK types match\n * the committed `src/generated/openapi.ts`.\n */\n\nimport { WitniumAccountsApiError } from './errors';\nimport type {\n // Auth\n SignupRequest,\n SignupResponse,\n VerifyEmailResponse,\n LoginRequest,\n LoginResponse,\n LogoutResponse,\n ForgotPasswordRequest,\n ForgotPasswordResponse,\n ResetPasswordRequest,\n ResetPasswordResponse,\n // Billing\n CheckoutRequest,\n CheckoutResponse,\n PortalResponse,\n // Orgs\n PublicOrgResponse,\n CreateUserRequest,\n CreateUserResponse,\n ListUsersResponse,\n // Admin\n CreateOrganizationRequest,\n CreateOrganizationResponse,\n SetAccountTypeRequest,\n SetAccountTypeResponse,\n VerifyOrganizationResponse,\n RotateApiKeyResponse,\n AdjustCreditsRequest,\n AdjustCreditsResponse,\n // Delegated keys\n ListDelegatedKeysResponse,\n PrepareDelegatedKeyRequest,\n PreparedDelegatedKeyResponse,\n SubmitDelegatedKeyRequest,\n SubmitDelegatedKeyResponse,\n RevokeDelegatedKeyResponse,\n // Sign\n SignRequest,\n SignResponse,\n // Contracts\n ProvisionContractRequest,\n ProvisionContractResponse,\n AddSigningKeyRequest,\n AddSigningKeyResponse,\n RevokeSigningKeyRequest,\n RevokeSigningKeyResponse,\n PauseRequest,\n PauseResponse,\n UnpauseRequest,\n UnpauseResponse,\n // Witnesses (v1 — legacy v3 proxy)\n ProposeWitnessRequest,\n ProposeWitnessResponse,\n SignWitnessRequest,\n SignWitnessResponse,\n FinalizeWitnessResponse,\n RevokeWitnessRequest,\n RevokeWitnessResponse,\n GetWitnessResponse,\n // v5 Witnesses (metered proxy)\n ProposeWitnessV5Request,\n ProposeWitnessV5Response,\n SubmitSignatureV5Request,\n SubmitSignatureV5Response,\n FinalizeWitnessV5Response,\n RevokeWitnessV5Request,\n RevokeWitnessV5Response,\n // Users\n AccountResponse,\n LedgerResponse,\n // OAuth\n ListOauthSessionsResponse,\n // Health\n HealthLiveResponse,\n HealthReadyResponse,\n} from './types';\n\nexport interface SignedRequestSigner {\n /** Ed25519 public key as 64-char hex (no 0x prefix). Sent in X-Witnium-Key. */\n publicKeyHex: string;\n /**\n * Sign the canonical message\n * `<METHOD>\\n<PATH>\\n<TIMESTAMP>\\n<IDEMPOTENCY-KEY>\\n<sha256(body) hex>`\n * (empty string when the Idempotency-Key header is absent) and return\n * the 128-char hex Ed25519 signature. The SDK builds the canonical\n * message; the caller only needs to apply the private key.\n */\n sign: (canonicalMessage: string) => Promise<string>;\n}\n\n/**\n * Owner-Ed25519 signer used by {@link WitniumAccountsClient.delegatedKeys.provision}.\n *\n * Structurally identical to {@link SignedRequestSigner} — both are\n * `{ publicKeyHex, sign(message) }` — but kept as a distinct type so the\n * semantic role (owner key for delegated-key authorisation vs. signed-request\n * headers) is explicit at the call site.\n *\n * The `sign` callback receives the raw `messageToSign` string returned by the\n * server's prepare step (canonical JSON of the addSigningKey intent); the\n * caller's job is to apply their owner private key and return the 128-hex\n * Ed25519 signature.\n */\nexport interface OwnerSigner {\n /** Owner Ed25519 public key as 64-char hex (no 0x prefix). */\n publicKeyHex: string;\n /** Sign the `messageToSign` string and return the 128-char hex signature. */\n sign: (messageToSign: string) => Promise<string>;\n}\n\n/**\n * Arguments to the one-call delegated-key provisioning flow.\n *\n * The SDK orchestrates prepare → owner-sign → submit → poll-until-confirmed.\n * The caller supplies the contract address, an owner signer, and optional\n * polling tuning. Returns the final delegated-key record after the on-chain\n * `addSigningKey` tx confirms (or the polling budget is exhausted).\n */\nexport interface ProvisionDelegatedKeyArgs {\n /** EIP-55 / lowercase contract address the delegated key will be bound to. */\n contractAddress: string;\n /** Owner Ed25519 signer for the addSigningKey intent. */\n ownerSigner: OwnerSigner;\n /**\n * Polling interval in ms between submit re-polls when the first submit\n * didn't confirm within the server's 8 s budget. Default 2000.\n */\n pollIntervalMs?: number;\n /**\n * Total polling budget in ms (including the first submit). Default 60000.\n * On timeout the method returns the last-known status with `confirmed: false`\n * so the caller can decide whether to keep polling or surface the txHash.\n */\n pollTimeoutMs?: number;\n}\n\nexport interface ProvisionDelegatedKeyResult {\n /** Server-assigned delegated-key id (UUID). */\n id: string;\n /** Delegated key's Ed25519 public key, 64 hex (this is what's now on-chain). */\n publicKey: string;\n /** chain-api `addSigningKey` tx hash. */\n transactionHash: string;\n /** `true` if the tx mined within `pollTimeoutMs`. */\n confirmed: boolean;\n /** Block number, populated once `confirmed === true`. */\n blockNumber?: number;\n}\n\nexport interface WitniumAccountsClientConfig {\n /** Base URL, e.g. `https://auth.witniumchain.com`. Trailing slash optional. */\n baseUrl: string;\n /** Session cookie value (the `wac_session` cookie's body, not the full header). */\n sessionCookie?: string;\n /** OAuth 2.1 access token (Bearer JWT). */\n accessToken?: string;\n /** Organisation API key (`wcorg_live_…`). */\n orgApiKey?: string;\n /** System-admin token (`Authorization: Bearer <ADMIN_TOKEN>`). */\n adminToken?: string;\n /** Ed25519 signer for SDK signed-request routes (witness write ops). */\n signedRequest?: SignedRequestSigner;\n /** Per-request timeout in milliseconds. Default 30000. */\n timeout?: number;\n /** Alternate fetch implementation (e.g. for tests). Default `globalThis.fetch`. */\n fetch?: typeof fetch;\n}\n\ntype AuthMode =\n | 'SessionCookie'\n | 'BearerJWT'\n | 'OrgApiKey'\n | 'AdminToken'\n | 'SignedRequest'\n | 'Public';\n\ninterface RequestOpts {\n body?: unknown;\n query?: Record<string, string | number | undefined>;\n headers?: Record<string, string>;\n auth: AuthMode;\n expectNoContent?: boolean;\n}\n\nexport class WitniumAccountsClient {\n private readonly baseUrl: string;\n private readonly cfg: WitniumAccountsClientConfig;\n private readonly timeout: number;\n private readonly fetchImpl: typeof fetch;\n\n /** Subscriptions / billing helpers. See {@link Subscriptions}. */\n readonly subscriptions: Subscriptions;\n /** Delegated-key namespace including the one-call {@link DelegatedKeys.provision} flow. */\n readonly delegatedKeys: DelegatedKeys;\n /** Owner signing-key management (list / add / revoke). */\n readonly keys: SigningKeys;\n /** OAuth session management. Accessed as `client.oauth.sessions.*`. */\n readonly oauth: OauthNamespace;\n\n constructor(config: WitniumAccountsClientConfig) {\n if (!config.baseUrl) {\n throw new Error('WitniumAccountsClient: baseUrl is required');\n }\n this.cfg = config;\n this.baseUrl = config.baseUrl.replace(/\\/$/, '');\n this.timeout = config.timeout ?? 30000;\n this.fetchImpl = config.fetch ?? globalThis.fetch;\n if (!this.fetchImpl) {\n throw new Error(\n 'WitniumAccountsClient: no fetch implementation available. Pass `config.fetch`.',\n );\n }\n this.subscriptions = new Subscriptions(this);\n this.delegatedKeys = new DelegatedKeys(this);\n this.keys = new SigningKeys(this);\n this.oauth = new OauthNamespace(this);\n }\n\n /**\n * Convenience alias for {@link getAccount} — returns the authenticated\n * user's profile, the org they belong to, and their signing keys.\n */\n me(): Promise<AccountResponse> {\n return this.getAccount();\n }\n\n // ────────────────────────────────────────────────────────────────────────\n // Auth (/v1/auth/*)\n // ────────────────────────────────────────────────────────────────────────\n\n signup(body: SignupRequest): Promise<SignupResponse> {\n return this.req('POST', '/v1/auth/signup', { auth: 'Public', body });\n }\n\n verifyEmail(token: string): Promise<VerifyEmailResponse> {\n return this.req('GET', '/v1/auth/verify', {\n auth: 'Public',\n query: { token },\n });\n }\n\n login(body: LoginRequest): Promise<LoginResponse> {\n return this.req('POST', '/v1/auth/login', { auth: 'Public', body });\n }\n\n logout(): Promise<LogoutResponse> {\n return this.req('POST', '/v1/auth/logout', { auth: 'Public' });\n }\n\n forgotPassword(body: ForgotPasswordRequest): Promise<ForgotPasswordResponse> {\n return this.req('POST', '/v1/auth/forgot-password', { auth: 'Public', body });\n }\n\n resetPassword(body: ResetPasswordRequest): Promise<ResetPasswordResponse> {\n return this.req('POST', '/v1/auth/reset-password', { auth: 'Public', body });\n }\n\n // ────────────────────────────────────────────────────────────────────────\n // Billing (/v1/billing/*)\n // ────────────────────────────────────────────────────────────────────────\n\n createCheckoutSession(body: CheckoutRequest): Promise<CheckoutResponse> {\n return this.req('POST', '/v1/billing/checkout', {\n auth: 'SessionCookie',\n body,\n });\n }\n\n createPortalSession(): Promise<PortalResponse> {\n return this.req('GET', '/v1/billing/portal', { auth: 'SessionCookie' });\n }\n\n // Webhook endpoint is intentionally NOT exposed: only Stripe should call it.\n\n // ────────────────────────────────────────────────────────────────────────\n // Orgs (/v1/orgs/me/*)\n // ────────────────────────────────────────────────────────────────────────\n\n getMyOrg(): Promise<PublicOrgResponse> {\n return this.req('GET', '/v1/orgs/me', { auth: 'OrgApiKey' });\n }\n\n createOrgUser(body: CreateUserRequest): Promise<CreateUserResponse> {\n return this.req('POST', '/v1/orgs/me/users', { auth: 'OrgApiKey', body });\n }\n\n listOrgUsers(): Promise<ListUsersResponse> {\n return this.req('GET', '/v1/orgs/me/users', { auth: 'OrgApiKey' });\n }\n\n // ────────────────────────────────────────────────────────────────────────\n // Admin (/v1/admin/organizations/*)\n // ────────────────────────────────────────────────────────────────────────\n\n createOrganization(\n body: CreateOrganizationRequest,\n ): Promise<CreateOrganizationResponse> {\n return this.req('POST', '/v1/admin/organizations', {\n auth: 'AdminToken',\n body,\n });\n }\n\n setOrgAccountType(\n id: string,\n body: SetAccountTypeRequest,\n ): Promise<SetAccountTypeResponse> {\n return this.req(\n 'PATCH',\n `/v1/admin/organizations/${encodeURIComponent(id)}/account-type`,\n { auth: 'AdminToken', body },\n );\n }\n\n verifyOrganization(id: string): Promise<VerifyOrganizationResponse> {\n return this.req(\n 'PATCH',\n `/v1/admin/organizations/${encodeURIComponent(id)}/verify`,\n { auth: 'AdminToken' },\n );\n }\n\n rotateOrgApiKey(id: string): Promise<RotateApiKeyResponse> {\n return this.req(\n 'POST',\n `/v1/admin/organizations/${encodeURIComponent(id)}/rotate-key`,\n { auth: 'AdminToken' },\n );\n }\n\n adjustOrgCredits(\n id: string,\n body: AdjustCreditsRequest,\n ): Promise<AdjustCreditsResponse> {\n return this.req(\n 'POST',\n `/v1/admin/organizations/${encodeURIComponent(id)}/adjust-credits`,\n { auth: 'AdminToken', body },\n );\n }\n\n // ────────────────────────────────────────────────────────────────────────\n // Delegated keys (/v1/users/me/delegated-keys/*)\n // ────────────────────────────────────────────────────────────────────────\n\n listDelegatedKeys(query?: {\n contractAddress?: string;\n active?: 'true' | 'false';\n }): Promise<ListDelegatedKeysResponse> {\n return this.req('GET', '/v1/users/me/delegated-keys', {\n auth: 'BearerJWT',\n query: query ?? {},\n });\n }\n\n prepareDelegatedKey(\n body: PrepareDelegatedKeyRequest,\n ): Promise<PreparedDelegatedKeyResponse> {\n return this.req('POST', '/v1/users/me/delegated-keys', {\n auth: 'BearerJWT',\n body,\n });\n }\n\n submitDelegatedKey(\n id: string,\n body: SubmitDelegatedKeyRequest,\n ): Promise<SubmitDelegatedKeyResponse> {\n return this.req(\n 'POST',\n `/v1/users/me/delegated-keys/${encodeURIComponent(id)}/submit`,\n { auth: 'BearerJWT', body },\n );\n }\n\n revokeDelegatedKey(id: string): Promise<RevokeDelegatedKeyResponse> {\n return this.req(\n 'DELETE',\n `/v1/users/me/delegated-keys/${encodeURIComponent(id)}`,\n { auth: 'BearerJWT' },\n );\n }\n\n // ────────────────────────────────────────────────────────────────────────\n // Sign (/v1/sign)\n // ────────────────────────────────────────────────────────────────────────\n\n sign(body: SignRequest, requestId?: string): Promise<SignResponse> {\n const headers = requestId ? { 'x-request-id': requestId } : undefined;\n return this.req('POST', '/v1/sign', {\n auth: 'BearerJWT',\n body,\n ...(headers ? { headers } : {}),\n });\n }\n\n // ────────────────────────────────────────────────────────────────────────\n // Contracts (/v1/contracts/* + /v1/keys/*)\n // ────────────────────────────────────────────────────────────────────────\n\n provisionContract(\n body: ProvisionContractRequest,\n ): Promise<ProvisionContractResponse> {\n return this.req('POST', '/v1/contracts/provision', {\n auth: 'Public',\n body,\n });\n }\n\n addSigningKey(body: AddSigningKeyRequest): Promise<AddSigningKeyResponse> {\n return this.req('POST', '/v1/keys', { auth: 'SessionCookie', body });\n }\n\n revokeSigningKey(\n body: RevokeSigningKeyRequest,\n ): Promise<RevokeSigningKeyResponse> {\n return this.req('POST', '/v1/keys/revoke', {\n auth: 'SessionCookie',\n body,\n });\n }\n\n pauseContract(body: PauseRequest): Promise<PauseResponse> {\n return this.req('POST', '/v1/contracts/pause', {\n auth: 'SessionCookie',\n body,\n });\n }\n\n unpauseContract(body: UnpauseRequest): Promise<UnpauseResponse> {\n return this.req('POST', '/v1/contracts/unpause', {\n auth: 'SessionCookie',\n body,\n });\n }\n\n // ────────────────────────────────────────────────────────────────────────\n // Witnesses (/v1/contracts/{addr}/witnesses/*)\n // ────────────────────────────────────────────────────────────────────────\n\n proposeWitness(\n contractAddress: string,\n body: ProposeWitnessRequest,\n idempotencyKey?: string,\n ): Promise<ProposeWitnessResponse> {\n // Idempotency-Key is required by the server (it's part of the signed\n // canonical so retries can't replay with a different key). Generate\n // one if the caller didn't supply one — every propose is therefore\n // implicitly idempotent.\n const key = idempotencyKey ?? randomUUID();\n return this.req(\n 'POST',\n `/v1/contracts/${encodeURIComponent(contractAddress)}/witnesses/propose`,\n { auth: 'SignedRequest', body, headers: { 'idempotency-key': key } },\n );\n }\n\n signWitness(\n contractAddress: string,\n witnessId: string,\n body: SignWitnessRequest,\n ): Promise<SignWitnessResponse> {\n return this.req(\n 'POST',\n `/v1/contracts/${encodeURIComponent(contractAddress)}/witnesses/${encodeURIComponent(witnessId)}/sign`,\n { auth: 'SignedRequest', body },\n );\n }\n\n finalizeWitness(\n contractAddress: string,\n witnessId: string,\n ): Promise<FinalizeWitnessResponse> {\n return this.req(\n 'POST',\n `/v1/contracts/${encodeURIComponent(contractAddress)}/witnesses/${encodeURIComponent(witnessId)}/finalize`,\n { auth: 'SignedRequest' },\n );\n }\n\n revokeWitness(\n contractAddress: string,\n witnessId: string,\n body: RevokeWitnessRequest,\n idempotencyKey?: string,\n ): Promise<RevokeWitnessResponse> {\n const key = idempotencyKey ?? randomUUID();\n return this.req(\n 'POST',\n `/v1/contracts/${encodeURIComponent(contractAddress)}/witnesses/${encodeURIComponent(witnessId)}/revoke`,\n { auth: 'SignedRequest', body, headers: { 'idempotency-key': key } },\n );\n }\n\n getWitness(\n contractAddress: string,\n witnessId: string,\n ): Promise<GetWitnessResponse> {\n return this.req(\n 'GET',\n `/v1/contracts/${encodeURIComponent(contractAddress)}/witnesses/${encodeURIComponent(witnessId)}`,\n { auth: 'Public' },\n );\n }\n\n // ────────────────────────────────────────────────────────────────────────\n // v5 Witnesses (/v5/contracts/{addr}/witnesses/*)\n //\n // The v5 write surface is a metered proxy in accounts: every billable\n // call (propose, revoke) reserves a credit; sign/finalize forward to\n // chain-api with the admin token. Auth is OAuth Bearer; the URL\n // contract must match the user's bound contract.\n //\n // The propose/revoke methods auto-generate an Idempotency-Key when the\n // caller doesn't supply one — server side that header is part of the\n // billing identity and is required.\n // ────────────────────────────────────────────────────────────────────────\n\n proposeWitnessV5(\n contractAddress: string,\n body: ProposeWitnessV5Request,\n idempotencyKey?: string,\n ): Promise<ProposeWitnessV5Response> {\n const key = idempotencyKey ?? randomUUID();\n return this.req(\n 'POST',\n `/v5/contracts/${encodeURIComponent(contractAddress)}/witnesses/propose`,\n { auth: 'BearerJWT', body, headers: { 'idempotency-key': key } },\n );\n }\n\n signWitnessV5(\n contractAddress: string,\n intentId: string,\n body: SubmitSignatureV5Request,\n ): Promise<SubmitSignatureV5Response> {\n return this.req(\n 'POST',\n `/v5/contracts/${encodeURIComponent(contractAddress)}/witnesses/${encodeURIComponent(intentId)}/sign`,\n { auth: 'BearerJWT', body },\n );\n }\n\n finalizeWitnessV5(\n contractAddress: string,\n intentId: string,\n ): Promise<FinalizeWitnessV5Response> {\n return this.req(\n 'POST',\n `/v5/contracts/${encodeURIComponent(contractAddress)}/witnesses/${encodeURIComponent(intentId)}/finalize`,\n { auth: 'BearerJWT' },\n );\n }\n\n revokeWitnessV5(\n contractAddress: string,\n witnessId: string,\n body: RevokeWitnessV5Request,\n idempotencyKey?: string,\n ): Promise<RevokeWitnessV5Response> {\n const key = idempotencyKey ?? randomUUID();\n return this.req(\n 'POST',\n `/v5/contracts/${encodeURIComponent(contractAddress)}/witnesses/${encodeURIComponent(witnessId)}/revoke`,\n { auth: 'BearerJWT', body, headers: { 'idempotency-key': key } },\n );\n }\n\n // ────────────────────────────────────────────────────────────────────────\n // Users / account (/v1/account/*)\n // ────────────────────────────────────────────────────────────────────────\n\n getAccount(): Promise<AccountResponse> {\n return this.req('GET', '/v1/account', { auth: 'SessionCookie' });\n }\n\n getLedger(): Promise<LedgerResponse> {\n return this.req('GET', '/v1/account/ledger', { auth: 'SessionCookie' });\n }\n\n // ────────────────────────────────────────────────────────────────────────\n // OAuth sessions (/v1/oauth/sessions*)\n // ────────────────────────────────────────────────────────────────────────\n\n listOauthSessions(): Promise<ListOauthSessionsResponse> {\n return this.req('GET', '/v1/oauth/sessions', { auth: 'SessionCookie' });\n }\n\n revokeOauthSession(jti: string): Promise<void> {\n return this.req('DELETE', `/v1/oauth/sessions/${encodeURIComponent(jti)}`, {\n auth: 'SessionCookie',\n expectNoContent: true,\n });\n }\n\n revokeAllOauthSessions(): Promise<void> {\n return this.req('DELETE', '/v1/oauth/sessions', {\n auth: 'SessionCookie',\n expectNoContent: true,\n });\n }\n\n // ────────────────────────────────────────────────────────────────────────\n // Health (/health/*)\n // ────────────────────────────────────────────────────────────────────────\n\n healthLive(): Promise<HealthLiveResponse> {\n return this.req('GET', '/health/live', { auth: 'Public' });\n }\n\n healthReady(): Promise<HealthReadyResponse> {\n return this.req('GET', '/health/ready', { auth: 'Public' });\n }\n\n // ────────────────────────────────────────────────────────────────────────\n // Internal: fetch wrapper that maps non-2xx → WitniumAccountsApiError\n // and applies the configured credential to the request.\n // ────────────────────────────────────────────────────────────────────────\n\n private async req<T>(\n method: string,\n path: string,\n opts: RequestOpts,\n ): Promise<T> {\n const url = this.buildUrl(path, opts.query);\n const headers: Record<string, string> = {\n accept: 'application/json',\n ...(opts.headers ?? {}),\n };\n\n if (opts.body !== undefined) {\n headers['content-type'] = 'application/json';\n }\n\n const bodyString =\n opts.body !== undefined ? JSON.stringify(opts.body) : undefined;\n\n await this.applyAuth(headers, opts.auth, method, path, bodyString ?? '');\n\n const controller = new AbortController();\n const timer = setTimeout(() => controller.abort(), this.timeout);\n\n let res: Response;\n try {\n res = await this.fetchImpl(url, {\n method,\n headers,\n body: bodyString,\n signal: controller.signal,\n // Send cookies cross-origin when the consumer is a browser using\n // SessionCookie auth via document.cookie.\n credentials: 'include',\n });\n } catch (err) {\n throw new WitniumAccountsApiError({\n status: 0,\n message:\n err instanceof Error\n ? `Network error contacting ${this.baseUrl}: ${err.message}`\n : `Network error contacting ${this.baseUrl}`,\n });\n } finally {\n clearTimeout(timer);\n }\n\n if (opts.expectNoContent) {\n if (!res.ok) {\n throw await this.toApiError(res);\n }\n return undefined as T;\n }\n\n const text = await res.text();\n let parsed: unknown = null;\n if (text.length > 0) {\n try {\n parsed = JSON.parse(text);\n } catch {\n // Non-JSON body. Carry raw text in the error if !ok.\n }\n }\n\n if (!res.ok) {\n throw this.parseApiError(res.status, parsed, text);\n }\n\n return parsed as T;\n }\n\n private buildUrl(\n path: string,\n query: Record<string, string | number | undefined> | undefined,\n ): string {\n if (!query) return `${this.baseUrl}${path}`;\n const qs = new URLSearchParams();\n for (const [k, v] of Object.entries(query)) {\n if (v !== undefined) qs.set(k, String(v));\n }\n const suffix = qs.toString();\n return suffix ? `${this.baseUrl}${path}?${suffix}` : `${this.baseUrl}${path}`;\n }\n\n private async applyAuth(\n headers: Record<string, string>,\n auth: AuthMode,\n method: string,\n path: string,\n bodyString: string,\n ): Promise<void> {\n switch (auth) {\n case 'Public':\n return;\n case 'SessionCookie': {\n if (this.cfg.sessionCookie) {\n // In Node the SDK has to send the cookie itself; in a browser the\n // browser will attach it from document.cookie when credentials:\n // 'include' is set. Set the header anyway — it's safe in both.\n headers['cookie'] = `wac_session=${this.cfg.sessionCookie}`;\n }\n return;\n }\n case 'BearerJWT': {\n if (!this.cfg.accessToken) {\n throw new Error(\n `WitniumAccountsClient: ${method} ${path} requires an OAuth access token. Pass \\`accessToken\\` to the constructor.`,\n );\n }\n headers['authorization'] = `Bearer ${this.cfg.accessToken}`;\n return;\n }\n case 'OrgApiKey': {\n if (!this.cfg.orgApiKey) {\n throw new Error(\n `WitniumAccountsClient: ${method} ${path} requires an organisation API key. Pass \\`orgApiKey\\` to the constructor.`,\n );\n }\n headers['authorization'] = `Bearer ${this.cfg.orgApiKey}`;\n return;\n }\n case 'AdminToken': {\n if (!this.cfg.adminToken) {\n throw new Error(\n `WitniumAccountsClient: ${method} ${path} requires an admin token. Pass \\`adminToken\\` to the constructor.`,\n );\n }\n headers['authorization'] = `Bearer ${this.cfg.adminToken}`;\n return;\n }\n case 'SignedRequest': {\n if (!this.cfg.signedRequest) {\n throw new Error(\n `WitniumAccountsClient: ${method} ${path} requires a signed-request signer. Pass \\`signedRequest\\` to the constructor.`,\n );\n }\n const timestamp = Math.floor(Date.now() / 1000).toString();\n const bodyHash = await sha256Hex(bodyString);\n // Idempotency-Key is part of the signed canonical so a captured\n // signed request can't be replayed with a different key. Empty\n // string when absent; the server uses the same convention.\n const idemKey = headers['idempotency-key'] ?? '';\n const canonical = `${method.toUpperCase()}\\n${path}\\n${timestamp}\\n${idemKey}\\n${bodyHash}`;\n const signature = await this.cfg.signedRequest.sign(canonical);\n headers['x-witnium-key'] = this.cfg.signedRequest.publicKeyHex;\n headers['x-witnium-timestamp'] = timestamp;\n headers['x-witnium-signature'] = signature;\n return;\n }\n }\n }\n\n private parseApiError(\n status: number,\n parsed: unknown,\n rawText: string,\n ): WitniumAccountsApiError {\n const body = parsed as\n | { error?: string; message?: string | string[] }\n | null;\n const message = Array.isArray(body?.message)\n ? body!.message.join('; ')\n : typeof body?.message === 'string'\n ? body!.message\n : body?.error ?? `HTTP ${status}`;\n return new WitniumAccountsApiError({\n status,\n message,\n errorLabel: body?.error,\n body: parsed ?? rawText,\n });\n }\n\n private async toApiError(res: Response): Promise<WitniumAccountsApiError> {\n const text = await res.text();\n let parsed: unknown = null;\n if (text.length > 0) {\n try {\n parsed = JSON.parse(text);\n } catch {\n // ignore — surface raw text\n }\n }\n return this.parseApiError(res.status, parsed, text);\n }\n}\n\n// ============================================================================\n// End-user namespace classes\n// ============================================================================\n//\n// Lightweight facades over the low-level methods on WitniumAccountsClient.\n// They exist to give the end-user surface a discoverable shape\n// (`client.subscriptions.subscribe(...)` rather than the route-shaped\n// `client.createCheckoutSession(...)`) while keeping the low-level methods\n// available as escape hatches.\n\n/** `client.subscriptions.*` — Stripe Checkout + portal + credit ledger. */\nexport class Subscriptions {\n constructor(private readonly client: WitniumAccountsClient) {}\n\n /**\n * Start a Stripe Checkout session for the supplied price. Returns the\n * hosted Checkout URL; redirect the user to it. Stripe's\n * `checkout.session.completed` webhook grants credits on success.\n */\n subscribe(body: CheckoutRequest): Promise<CheckoutResponse> {\n return this.client.createCheckoutSession(body);\n }\n\n /**\n * Open the Stripe Billing Portal for the calling user's org. Returns the\n * hosted portal URL — redirect the user there for subscription /\n * payment-method management.\n */\n manage(): Promise<PortalResponse> {\n return this.client.createPortalSession();\n }\n\n /** Recent credit-ledger entries (most recent 200). */\n getLedger(): Promise<LedgerResponse> {\n return this.client.getLedger();\n }\n}\n\n/** `client.delegatedKeys.*` — list, one-call provision, and revoke. */\nexport class DelegatedKeys {\n constructor(private readonly client: WitniumAccountsClient) {}\n\n /** List the caller's delegated keys, optionally filtered by contract or active flag. */\n list(query?: {\n contractAddress?: string;\n active?: 'true' | 'false';\n }): Promise<ListDelegatedKeysResponse> {\n return this.client.listDelegatedKeys(query);\n }\n\n /**\n * One-call delegated-key provisioning: prepare → owner-sign → submit →\n * poll until the on-chain `addSigningKey` tx confirms (or the polling\n * budget elapses). The server mints the delegated key in Vault; the caller\n * never sees its private key.\n *\n * Failure modes that surface as thrown {@link WitniumAccountsApiError}:\n * - 409 from prepare → an active key already exists for this contract;\n * caller must revoke the existing one first.\n * - 400 from submit → ownerSignature didn't verify against the prepared\n * message (wrong owner key, or the on-chain nonce shifted between\n * prepare and submit and the caller must re-provision).\n *\n * Returns `confirmed: false` (without throwing) when the on-chain tx is\n * still pending after `pollTimeoutMs` — caller can keep polling via\n * {@link list} or chain-api's receipt endpoint.\n */\n async provision(\n args: ProvisionDelegatedKeyArgs,\n ): Promise<ProvisionDelegatedKeyResult> {\n const prep = await this.client.prepareDelegatedKey({\n contractAddress: args.contractAddress,\n });\n const ownerSignature = await args.ownerSigner.sign(prep.messageToSign);\n let res = await this.client.submitDelegatedKey(prep.id, { ownerSignature });\n\n if (!res.confirmed) {\n const interval = args.pollIntervalMs ?? 2000;\n const timeout = args.pollTimeoutMs ?? 60000;\n const deadline = Date.now() + timeout;\n while (!res.confirmed && Date.now() < deadline) {\n await sleep(interval);\n res = await this.client.submitDelegatedKey(prep.id, {});\n }\n }\n\n return {\n id: prep.id,\n publicKey: prep.publicKey,\n transactionHash: res.transactionHash,\n confirmed: res.confirmed,\n blockNumber: res.blockNumber,\n };\n }\n\n /**\n * Locally revoke a delegated key. Wipes the Vault Transit key and sets\n * `revoked_at` on the row. The on-chain trust record persists — the caller\n * must invoke `WitnessRegistryV3.revokeSigningKey` with their owner key to\n * fully un-trust the key on the contract.\n */\n revoke(id: string): Promise<RevokeDelegatedKeyResponse> {\n return this.client.revokeDelegatedKey(id);\n }\n}\n\n/**\n * `client.keys.*` — owner signing-key management (add / revoke + a list\n * helper derived from {@link WitniumAccountsClient.getAccount}).\n *\n * Distinct from {@link DelegatedKeys} — those are Vault-held keys minted by\n * the server for delegated signing. The methods here manage the owner's own\n * signing keys registered against their contract.\n */\nexport class SigningKeys {\n constructor(private readonly client: WitniumAccountsClient) {}\n\n /**\n * The signing keys attached to the calling user's contract. There is no\n * dedicated list endpoint; this method calls {@link\n * WitniumAccountsClient.getAccount} and returns the `signingKeys` slice.\n */\n async list(): Promise<AccountResponse['signingKeys']> {\n const account = await this.client.getAccount();\n return account.signingKeys;\n }\n\n add(body: AddSigningKeyRequest): Promise<AddSigningKeyResponse> {\n return this.client.addSigningKey(body);\n }\n\n revoke(body: RevokeSigningKeyRequest): Promise<RevokeSigningKeyResponse> {\n return this.client.revokeSigningKey(body);\n }\n}\n\n/** `client.oauth.sessions.*` — list and revoke active OAuth sessions. */\nexport class OauthNamespace {\n readonly sessions: OauthSessions;\n constructor(client: WitniumAccountsClient) {\n this.sessions = new OauthSessions(client);\n }\n}\n\nexport class OauthSessions {\n constructor(private readonly client: WitniumAccountsClient) {}\n\n list(): Promise<ListOauthSessionsResponse> {\n return this.client.listOauthSessions();\n }\n\n revoke(jti: string): Promise<void> {\n return this.client.revokeOauthSession(jti);\n }\n\n revokeAll(): Promise<void> {\n return this.client.revokeAllOauthSessions();\n }\n}\n\nfunction sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\n/**\n * RFC 4122 v4 UUID using the platform Crypto API. Available in modern\n * browsers and Node 19+. We surface a helpful error message if absent so\n * the SDK's behavior is debuggable in stripped-down test environments.\n */\nfunction randomUUID(): string {\n const c = (globalThis as { crypto?: { randomUUID?: () => string } }).crypto;\n if (!c?.randomUUID) {\n throw new Error(\n 'WitniumAccountsClient: globalThis.crypto.randomUUID is required (Node 19+ or modern browser). Polyfill for older runtimes.',\n );\n }\n return c.randomUUID();\n}\n\n/**\n * Compute lowercase hex of sha256(input bytes) using SubtleCrypto.\n * Requires a runtime with `crypto.subtle` — modern browsers and Node 18+.\n */\nasync function sha256Hex(input: string): Promise<string> {\n const subtle = (globalThis as { crypto?: { subtle?: SubtleCrypto } }).crypto\n ?.subtle;\n if (!subtle) {\n throw new Error(\n 'WitniumAccountsClient: SubtleCrypto is not available. Polyfill `globalThis.crypto.subtle` for SignedRequest auth.',\n );\n }\n const data = new TextEncoder().encode(input);\n const digest = await subtle.digest('SHA-256', data);\n const bytes = new Uint8Array(digest);\n let out = '';\n for (const b of bytes) out += b.toString(16).padStart(2, '0');\n return out;\n}\n","/**\n * WitniumAccountsAdminClient — system-admin facade over the accounts API.\n *\n * Wraps the five `/v1/admin/organizations/*` routes that mint orgs, flip\n * account types, verify emails, rotate API keys, and apply manual credit\n * adjustments. This is the client our internal admin frontend and ops scripts\n * consume — there is no UI surface here, just typed RPC.\n *\n * Auth is AdminToken (the `BEARER_TOKEN` env value on the server side).\n * Construction throws if `adminToken` is missing; the underlying HTTP client\n * would throw at call time, but failing at construction surfaces config bugs\n * in the wiring step rather than the first request.\n */\nimport { WitniumAccountsClient } from './client';\nimport type {\n CreateOrganizationRequest,\n CreateOrganizationResponse,\n SetAccountTypeResponse,\n VerifyOrganizationResponse,\n RotateApiKeyResponse,\n AdjustCreditsResponse,\n} from './types';\n\nexport interface WitniumAccountsAdminClientConfig {\n /** Base URL, e.g. `https://auth.witniumchain.com`. Trailing slash optional. */\n baseUrl: string;\n /** System-admin token (`Authorization: Bearer <ADMIN_TOKEN>`). */\n adminToken: string;\n /** Per-request timeout in milliseconds. Default 30000. */\n timeout?: number;\n /** Alternate fetch implementation (e.g. for tests). Default `globalThis.fetch`. */\n fetch?: typeof fetch;\n}\n\nexport type AccountType = 'metered' | 'unlimited';\n\nexport class WitniumAccountsAdminClient {\n private readonly inner: WitniumAccountsClient;\n\n constructor(config: WitniumAccountsAdminClientConfig) {\n if (!config.adminToken) {\n throw new Error('WitniumAccountsAdminClient: adminToken is required');\n }\n this.inner = new WitniumAccountsClient({\n baseUrl: config.baseUrl,\n adminToken: config.adminToken,\n timeout: config.timeout,\n fetch: config.fetch,\n });\n }\n\n /**\n * Mint a new organisation. The returned `apiKey` is shown ONCE — the server\n * only retains its SHA-256 hash. Persist it before the response leaves\n * scope; there is no recovery path.\n *\n * @param body Organisation seed: name, email, optional accountType and\n * signup credit grant, optional skip-email-verification flag.\n */\n createOrganization(\n body: CreateOrganizationRequest,\n ): Promise<CreateOrganizationResponse> {\n return this.inner.createOrganization(body);\n }\n\n /** Flip an org between `metered` (Stripe checkout + credit ledger) and `unlimited` (flat-fee). */\n setAccountType(\n orgId: string,\n accountType: AccountType,\n ): Promise<SetAccountTypeResponse> {\n return this.inner.setOrgAccountType(orgId, { accountType });\n }\n\n /** Mark an org's email as verified. Prerequisite for the org to create users. */\n verifyEmail(orgId: string): Promise<VerifyOrganizationResponse> {\n return this.inner.verifyOrganization(orgId);\n }\n\n /**\n * Rotate the org's API key. The previous `wcorg_live_…` is invalidated and\n * the new key is returned ONCE — same one-time-secret semantics as\n * {@link createOrganization}.\n */\n rotateApiKey(orgId: string): Promise<RotateApiKeyResponse> {\n return this.inner.rotateOrgApiKey(orgId);\n }\n\n /**\n * Apply a signed credit delta to an org's ledger. Positive `delta` grants\n * credits (goodwill, migration backfill); negative claws them back.\n * Recorded as `reason: adjustment` with the supplied `note`.\n *\n * Use sparingly — this bypasses Stripe and should be auditable from the\n * `note` alone.\n */\n adjustCredits(\n orgId: string,\n delta: number,\n note?: string,\n ): Promise<AdjustCreditsResponse> {\n return this.inner.adjustOrgCredits(orgId, { delta, note });\n }\n}\n","/**\n * WitniumAccountsOrgClient — org-admin facade over the accounts API.\n *\n * Wraps the three `/v1/orgs/me/*` routes that org admins use to read their\n * own org profile and manage their users. This is the client B2B2C apps and\n * customer-admin dashboards consume — auth is the `wcorg_live_…` API key\n * minted via `WitniumAccountsAdminClient.createOrganization` or returned by\n * a subsequent `rotateApiKey`.\n *\n * The surface is intentionally minimal — the underlying API only exposes\n * profile read + user create + user list. Anything more powerful (provision\n * credits, change account type, verify email) requires the sysadmin\n * `AdminToken` and therefore lives on `WitniumAccountsAdminClient`.\n */\nimport { WitniumAccountsClient } from './client';\nimport type {\n PublicOrgResponse,\n CreateUserRequest,\n CreateUserResponse,\n ListUsersResponse,\n} from './types';\n\nexport interface WitniumAccountsOrgClientConfig {\n /** Base URL, e.g. `https://auth.witniumchain.com`. Trailing slash optional. */\n baseUrl: string;\n /** Organisation API key (`wcorg_live_…`). */\n orgApiKey: string;\n /** Per-request timeout in milliseconds. Default 30000. */\n timeout?: number;\n /** Alternate fetch implementation (e.g. for tests). Default `globalThis.fetch`. */\n fetch?: typeof fetch;\n}\n\nexport class WitniumAccountsOrgClient {\n private readonly inner: WitniumAccountsClient;\n /** User-management namespace — `client.users.create/list`. */\n readonly users: OrgUsers;\n\n constructor(config: WitniumAccountsOrgClientConfig) {\n if (!config.orgApiKey) {\n throw new Error('WitniumAccountsOrgClient: orgApiKey is required');\n }\n this.inner = new WitniumAccountsClient({\n baseUrl: config.baseUrl,\n orgApiKey: config.orgApiKey,\n timeout: config.timeout,\n fetch: config.fetch,\n });\n this.users = new OrgUsers(this.inner);\n }\n\n /**\n * The org's own profile — name, email, account type, cached credit\n * balance (null for `unlimited` accounts), and the `isPersonal` flag.\n *\n * Note: a 401 here usually means the API key was rotated; rotate-key\n * invalidates the previous one.\n */\n me(): Promise<PublicOrgResponse> {\n return this.inner.getMyOrg();\n }\n}\n\n/** `client.users.*` — create + list users in the org. */\nexport class OrgUsers {\n constructor(private readonly inner: WitniumAccountsClient) {}\n\n /**\n * Provision a new user inside the org. Requires the org's email to have\n * been verified (sysadmin gate) — otherwise the server returns 403.\n */\n create(body: CreateUserRequest): Promise<CreateUserResponse> {\n return this.inner.createOrgUser(body);\n }\n\n /** List the org's users. */\n list(): Promise<ListUsersResponse> {\n return this.inner.listOrgUsers();\n }\n}\n"]}