@witnium-tech/witniumchain 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/README.md +95 -19
  2. package/dist/index.d.mts +4278 -107
  3. package/dist/index.d.ts +4278 -107
  4. package/dist/index.js +698 -28
  5. package/dist/index.js.map +1 -1
  6. package/dist/index.mjs +695 -29
  7. package/dist/index.mjs.map +1 -1
  8. package/package.json +7 -4
  9. package/README.md.bak +0 -160
package/dist/index.d.mts CHANGED
@@ -1,8 +1,40 @@
1
+ /**
2
+ * PKCE (RFC 7636) primitives for the Authorization Code + PKCE OAuth flow.
3
+ *
4
+ * Two functions and one storage interface, all browser-only (the OAuth helpers
5
+ * that consume them only make sense in a browser context — PKCE state has to
6
+ * survive the authorize redirect via sessionStorage or an equivalent).
7
+ *
8
+ * The maths is small: a random verifier, SHA-256 of the verifier base64url-
9
+ * encoded as the challenge, `S256` as the method. The server stores the
10
+ * challenge at /auth time and recomputes it from the verifier at /token time.
11
+ */
12
+ /**
13
+ * Storage for the PKCE verifier between `beginOAuthLogin` (which writes) and
14
+ * `completeOAuthLogin` (which reads + clears). Keyed by the OAuth `state`
15
+ * value so concurrent in-flight logins don't collide.
16
+ *
17
+ * Default implementation in {@link defaultVerifierStorage} wraps the browser's
18
+ * `sessionStorage` under namespaced keys. Tests inject a Map-backed mock.
19
+ */
20
+ interface PkceVerifierStorage {
21
+ set(stateKey: string, verifier: string): void;
22
+ get(stateKey: string): string | null;
23
+ remove(stateKey: string): void;
24
+ }
25
+ /**
26
+ * Default {@link PkceVerifierStorage} backed by `globalThis.sessionStorage`.
27
+ * Throws at construction time if sessionStorage is unavailable — the SDK
28
+ * shouldn't silently degrade to in-memory storage that loses state across
29
+ * the authorize redirect.
30
+ */
31
+ declare function defaultVerifierStorage(): PkceVerifierStorage;
32
+
1
33
  /**
2
34
  * This file was auto-generated by openapi-typescript.
3
35
  * Do not make direct changes to the file.
4
36
  */
5
- interface paths {
37
+ interface paths$1 {
6
38
  "/v1/auth/signup": {
7
39
  parameters: {
8
40
  query?: never;
@@ -2596,9 +2628,13 @@ interface paths {
2596
2628
  get?: never;
2597
2629
  put?: never;
2598
2630
  /**
2599
- * Sign arbitrary bytes with a delegated key
2631
+ * Sign bytes with a delegated key
2600
2632
  * @description Vault Transit signs the supplied payload using the user's delegated key. Vault returns the signature; the accounts-service process never sees the private bytes (delegated keys are created with `exportable=false`).
2601
2633
  *
2634
+ * **Use:** sign the canonical-intent JSON returned by chain-api `POST /v5/contracts/.../witnesses/propose` (and the analogous v4 endpoint). The endpoint signs whatever bytes you submit because sign:write is an explicit grant to use the user's key — the on-chain authority of the key is bounded to witness ops on the user's contract, and nothing else in Witnium currently consumes these signatures. Future signing surfaces that need different keys or scopes get their own.
2635
+ *
2636
+ * **Limits:** payload ≤ 8 KiB (16384 hex chars), per-user rate-limited at 20 signs/minute (429 + Retry-After on excess). Both are resource bounds, not access-control fences.
2637
+ *
2602
2638
  * Optional `X-Request-Id` request header gets forwarded into the audit-log line; a UUID is generated if absent.
2603
2639
  */
2604
2640
  post: {
@@ -2616,7 +2652,7 @@ interface paths {
2616
2652
  * @example 550e8400-e29b-41d4-a716-446655440000
2617
2653
  */
2618
2654
  delegatedKeyId: string;
2619
- /** @description Hex-encoded bytes to sign (no 0x prefix). Must have an even length. Witnium never logs the bytes themselves — only their SHA-256 hash is recorded for audit cross-correlation with Vault. */
2655
+ /** @description Hex-encoded bytes to sign (no 0x prefix). Must have an even length and at most 16384 hex characters (8 KiB raw). The expected use is signing the UTF-8 bytes of a v5 canonical-intent JSON returned by chain-api `/propose`, but the endpoint signs whatever bytes you submit — sign:write is an explicit grant to use the user's key. Witnium never logs the bytes; only their SHA-256 hash is recorded for audit cross-correlation with Vault. */
2620
2656
  payload: string;
2621
2657
  };
2622
2658
  };
@@ -5108,18 +5144,20 @@ interface paths {
5108
5144
  patch?: never;
5109
5145
  trace?: never;
5110
5146
  };
5111
- "/health/live": {
5147
+ "/v1/account/mfa/totp/enroll": {
5112
5148
  parameters: {
5113
5149
  query?: never;
5114
5150
  header?: never;
5115
5151
  path?: never;
5116
5152
  cookie?: never;
5117
5153
  };
5154
+ get?: never;
5155
+ put?: never;
5118
5156
  /**
5119
- * Liveness probe
5120
- * @description Returns 200/`{status:"ok"}` whenever the process is running. Used by Kubernetes to decide whether to restart the pod.
5157
+ * Start TOTP enrolment
5158
+ * @description Generates a fresh TOTP secret + otpauth URL. The user scans the QR (rendered client-side from `otpauthUrl`) into their authenticator app and then calls `/v1/account/mfa/totp/confirm` with the first 6-digit code. The enrolment is NOT a usable second factor until confirmed.
5121
5159
  */
5122
- get: {
5160
+ post: {
5123
5161
  parameters: {
5124
5162
  query?: never;
5125
5163
  header?: never;
@@ -5135,40 +5173,108 @@ interface paths {
5135
5173
  };
5136
5174
  content: {
5137
5175
  "application/json": {
5138
- /** @enum {string} */
5139
- status: "ok";
5176
+ /**
5177
+ * @description Base32 TOTP secret. Show to the user as a typeable fallback alongside the QR code rendered from `otpauthUrl`.
5178
+ * @example JBSWY3DPEHPK3PXP
5179
+ */
5180
+ secret: string;
5181
+ /**
5182
+ * @description Standard `otpauth://totp/...` URL. The dashboard renders this as a QR code; the user scans it with an authenticator app.
5183
+ * @example otpauth://totp/WitniumChain:alice%40example.com?secret=JBSWY3DPEHPK3PXP&issuer=WitniumChain&algorithm=SHA1&digits=6&period=30
5184
+ */
5185
+ otpauthUrl: string;
5186
+ };
5187
+ };
5188
+ };
5189
+ /** @description Bad Request — validation failed */
5190
+ 400: {
5191
+ headers: {
5192
+ [name: string]: unknown;
5193
+ };
5194
+ content: {
5195
+ "application/json": {
5196
+ /**
5197
+ * @description HTTP status code
5198
+ * @example 400
5199
+ */
5200
+ statusCode?: number;
5201
+ /**
5202
+ * @description Short error label
5203
+ * @example Bad Request
5204
+ */
5205
+ error?: string;
5206
+ /**
5207
+ * @description Human-readable error message. Validation errors from `ZodError.flatten()` may be returned as an array.
5208
+ * @example Validation failed
5209
+ */
5210
+ message: string | string[];
5211
+ };
5212
+ };
5213
+ };
5214
+ /** @description Unauthorized — authentication required or invalid */
5215
+ 401: {
5216
+ headers: {
5217
+ [name: string]: unknown;
5218
+ };
5219
+ content: {
5220
+ "application/json": {
5221
+ /**
5222
+ * @description HTTP status code
5223
+ * @example 400
5224
+ */
5225
+ statusCode?: number;
5226
+ /**
5227
+ * @description Short error label
5228
+ * @example Bad Request
5229
+ */
5230
+ error?: string;
5231
+ /**
5232
+ * @description Human-readable error message. Validation errors from `ZodError.flatten()` may be returned as an array.
5233
+ * @example Validation failed
5234
+ */
5235
+ message: string | string[];
5140
5236
  };
5141
5237
  };
5142
5238
  };
5143
5239
  };
5144
5240
  };
5145
- put?: never;
5146
- post?: never;
5147
5241
  delete?: never;
5148
5242
  options?: never;
5149
5243
  head?: never;
5150
5244
  patch?: never;
5151
5245
  trace?: never;
5152
5246
  };
5153
- "/health/ready": {
5247
+ "/v1/account/mfa/totp/confirm": {
5154
5248
  parameters: {
5155
5249
  query?: never;
5156
5250
  header?: never;
5157
5251
  path?: never;
5158
5252
  cookie?: never;
5159
5253
  };
5254
+ get?: never;
5255
+ put?: never;
5160
5256
  /**
5161
- * Readiness probe
5162
- * @description Returns 200/`{status:"ok"}` once a trivial `SELECT 1` succeeds against PostgreSQL. 503 if the DB is unreachable.
5257
+ * Confirm TOTP enrolment
5258
+ * @description Validates the first user-supplied code against the secret minted by `/enroll`, marks the enrolment confirmed, and returns 10 single-use recovery codes. The recovery codes appear ONCE in this response and are never readable again — the dashboard must show them immediately and prompt the user to store them.
5163
5259
  */
5164
- get: {
5260
+ post: {
5165
5261
  parameters: {
5166
5262
  query?: never;
5167
5263
  header?: never;
5168
5264
  path?: never;
5169
5265
  cookie?: never;
5170
5266
  };
5171
- requestBody?: never;
5267
+ requestBody?: {
5268
+ content: {
5269
+ "application/json": {
5270
+ /**
5271
+ * @description Current 6-digit TOTP code shown by the authenticator app.
5272
+ * @example 123456
5273
+ */
5274
+ code: string;
5275
+ };
5276
+ };
5277
+ };
5172
5278
  responses: {
5173
5279
  /** @description Success */
5174
5280
  200: {
@@ -5177,13 +5283,38 @@ interface paths {
5177
5283
  };
5178
5284
  content: {
5179
5285
  "application/json": {
5180
- /** @enum {string} */
5181
- status: "ok";
5286
+ /** @description Ten single-use recovery codes. Shown ONCE and never returned again — the user must store them now. Each code is consumed atomically when used in place of a TOTP code at MFA challenge time. */
5287
+ recoveryCodes: string[];
5182
5288
  };
5183
5289
  };
5184
5290
  };
5185
- /** @description Service Unavailable */
5186
- 503: {
5291
+ /** @description Bad Request — validation failed */
5292
+ 400: {
5293
+ headers: {
5294
+ [name: string]: unknown;
5295
+ };
5296
+ content: {
5297
+ "application/json": {
5298
+ /**
5299
+ * @description HTTP status code
5300
+ * @example 400
5301
+ */
5302
+ statusCode?: number;
5303
+ /**
5304
+ * @description Short error label
5305
+ * @example Bad Request
5306
+ */
5307
+ error?: string;
5308
+ /**
5309
+ * @description Human-readable error message. Validation errors from `ZodError.flatten()` may be returned as an array.
5310
+ * @example Validation failed
5311
+ */
5312
+ message: string | string[];
5313
+ };
5314
+ };
5315
+ };
5316
+ /** @description Unauthorized — authentication required or invalid */
5317
+ 401: {
5187
5318
  headers: {
5188
5319
  [name: string]: unknown;
5189
5320
  };
@@ -5209,85 +5340,3838 @@ interface paths {
5209
5340
  };
5210
5341
  };
5211
5342
  };
5212
- put?: never;
5213
- post?: never;
5214
5343
  delete?: never;
5215
5344
  options?: never;
5216
5345
  head?: never;
5217
5346
  patch?: never;
5218
5347
  trace?: never;
5219
5348
  };
5220
- }
5221
-
5222
- /**
5223
- * Type shortcuts over the openapi-typescript-generated `paths` interface.
5224
- *
5225
- * Patterns mirror chain-sdk-v5/src/types.ts: each request/response shape is
5226
- * `Req<path, method>` / `Res<path, method, status>` so callers see named,
5227
- * ergonomic types without losing the single-source-of-truth guarantee — the
5228
- * types are derived from the generated openapi types, not hand-rolled.
5229
- */
5230
-
5231
- type JsonBody<T> = T extends {
5232
- content: {
5233
- 'application/json': infer B;
5234
- };
5235
- } ? B : never;
5236
- type Req<P extends keyof paths, M extends keyof paths[P]> = JsonBody<Extract<paths[P][M], {
5237
- requestBody?: unknown;
5238
- }>['requestBody']>;
5239
- type Res<P extends keyof paths, M extends keyof paths[P], S extends number = 200> = paths[P][M] extends {
5240
- responses: {
5241
- [K in S]: infer R;
5349
+ "/v1/account/mfa/totp": {
5350
+ parameters: {
5351
+ query?: never;
5352
+ header?: never;
5353
+ path?: never;
5354
+ cookie?: never;
5355
+ };
5356
+ get?: never;
5357
+ put?: never;
5358
+ post?: never;
5359
+ /**
5360
+ * Disable TOTP and clear recovery codes
5361
+ * @description Wipes the TOTP secret and all recovery codes. The user re-enrolls from scratch with `/enroll`. Future versions of this endpoint will require a recent MFA assertion (step-up) — Thread E of Phase AUTH.
5362
+ */
5363
+ delete: {
5364
+ parameters: {
5365
+ query?: never;
5366
+ header?: never;
5367
+ path?: never;
5368
+ cookie?: never;
5369
+ };
5370
+ requestBody?: never;
5371
+ responses: {
5372
+ /** @description Success */
5373
+ 200: {
5374
+ headers: {
5375
+ [name: string]: unknown;
5376
+ };
5377
+ content: {
5378
+ "application/json": {
5379
+ /** @enum {boolean} */
5380
+ disabled: true;
5381
+ };
5382
+ };
5383
+ };
5384
+ /** @description Unauthorized — authentication required or invalid */
5385
+ 401: {
5386
+ headers: {
5387
+ [name: string]: unknown;
5388
+ };
5389
+ content: {
5390
+ "application/json": {
5391
+ /**
5392
+ * @description HTTP status code
5393
+ * @example 400
5394
+ */
5395
+ statusCode?: number;
5396
+ /**
5397
+ * @description Short error label
5398
+ * @example Bad Request
5399
+ */
5400
+ error?: string;
5401
+ /**
5402
+ * @description Human-readable error message. Validation errors from `ZodError.flatten()` may be returned as an array.
5403
+ * @example Validation failed
5404
+ */
5405
+ message: string | string[];
5406
+ };
5407
+ };
5408
+ };
5409
+ };
5410
+ };
5411
+ options?: never;
5412
+ head?: never;
5413
+ patch?: never;
5414
+ trace?: never;
5242
5415
  };
5243
- } ? JsonBody<R> : never;
5244
- type SignupRequest = Req<'/v1/auth/signup', 'post'>;
5245
- type SignupResponse = Res<'/v1/auth/signup', 'post'>;
5246
- type VerifyEmailResponse = Res<'/v1/auth/verify', 'get'>;
5247
- type LoginRequest = Req<'/v1/auth/login', 'post'>;
5248
- type LoginResponse = Res<'/v1/auth/login', 'post'>;
5249
- type LogoutResponse = Res<'/v1/auth/logout', 'post'>;
5250
- type ForgotPasswordRequest = Req<'/v1/auth/forgot-password', 'post'>;
5251
- type ForgotPasswordResponse = Res<'/v1/auth/forgot-password', 'post'>;
5252
- type ResetPasswordRequest = Req<'/v1/auth/reset-password', 'post'>;
5253
- type ResetPasswordResponse = Res<'/v1/auth/reset-password', 'post'>;
5254
- type CheckoutRequest = Req<'/v1/billing/checkout', 'post'>;
5255
- type CheckoutResponse = Res<'/v1/billing/checkout', 'post'>;
5256
- type PortalResponse = Res<'/v1/billing/portal', 'get'>;
5257
- type PublicOrgResponse = Res<'/v1/orgs/me', 'get'>;
5258
- type CreateUserRequest = Req<'/v1/orgs/me/users', 'post'>;
5259
- type CreateUserResponse = Res<'/v1/orgs/me/users', 'post'>;
5260
- type ListUsersResponse = Res<'/v1/orgs/me/users', 'get'>;
5261
- type CreateOrganizationRequest = Req<'/v1/admin/organizations', 'post'>;
5262
- type CreateOrganizationResponse = Res<'/v1/admin/organizations', 'post'>;
5263
- type SetAccountTypeRequest = Req<'/v1/admin/organizations/{id}/account-type', 'patch'>;
5264
- type SetAccountTypeResponse = Res<'/v1/admin/organizations/{id}/account-type', 'patch'>;
5265
- type VerifyOrganizationResponse = Res<'/v1/admin/organizations/{id}/verify', 'patch'>;
5266
- type RotateApiKeyResponse = Res<'/v1/admin/organizations/{id}/rotate-key', 'post'>;
5267
- type AdjustCreditsRequest = Req<'/v1/admin/organizations/{id}/adjust-credits', 'post'>;
5268
- type AdjustCreditsResponse = Res<'/v1/admin/organizations/{id}/adjust-credits', 'post'>;
5269
- type ListDelegatedKeysResponse = Res<'/v1/users/me/delegated-keys', 'get'>;
5270
- type PrepareDelegatedKeyRequest = Req<'/v1/users/me/delegated-keys', 'post'>;
5271
- type PreparedDelegatedKeyResponse = Res<'/v1/users/me/delegated-keys', 'post'>;
5272
- type SubmitDelegatedKeyRequest = Req<'/v1/users/me/delegated-keys/{id}/submit', 'post'>;
5273
- type SubmitDelegatedKeyResponse = Res<'/v1/users/me/delegated-keys/{id}/submit', 'post'>;
5274
- type RevokeDelegatedKeyResponse = Res<'/v1/users/me/delegated-keys/{id}', 'delete'>;
5275
- type SignRequest = Req<'/v1/sign', 'post'>;
5276
- type SignResponse = Res<'/v1/sign', 'post'>;
5277
- type ProvisionContractRequest = Req<'/v1/contracts/provision', 'post'>;
5278
- type ProvisionContractResponse = Res<'/v1/contracts/provision', 'post'>;
5279
- type AddSigningKeyRequest = Req<'/v1/keys', 'post'>;
5280
- type AddSigningKeyResponse = Res<'/v1/keys', 'post'>;
5281
- type RevokeSigningKeyRequest = Req<'/v1/keys/revoke', 'post'>;
5282
- type RevokeSigningKeyResponse = Res<'/v1/keys/revoke', 'post'>;
5283
- type PauseRequest = Req<'/v1/contracts/pause', 'post'>;
5284
- type PauseResponse = Res<'/v1/contracts/pause', 'post'>;
5285
- type UnpauseRequest = Req<'/v1/contracts/unpause', 'post'>;
5286
- type UnpauseResponse = Res<'/v1/contracts/unpause', 'post'>;
5287
- type ProposeWitnessRequest = Req<'/v1/contracts/{contractAddress}/witnesses/propose', 'post'>;
5288
- type ProposeWitnessResponse = Res<'/v1/contracts/{contractAddress}/witnesses/propose', 'post'>;
5289
- type SignWitnessRequest = Req<'/v1/contracts/{contractAddress}/witnesses/{witnessId}/sign', 'post'>;
5290
- type SignWitnessResponse = Res<'/v1/contracts/{contractAddress}/witnesses/{witnessId}/sign', 'post'>;
5416
+ "/v1/account/mfa/recovery-codes/regenerate": {
5417
+ parameters: {
5418
+ query?: never;
5419
+ header?: never;
5420
+ path?: never;
5421
+ cookie?: never;
5422
+ };
5423
+ get?: never;
5424
+ put?: never;
5425
+ /**
5426
+ * Generate a fresh set of recovery codes
5427
+ * @description Invalidates the prior set and issues 10 new codes. Future versions will require step-up auth.
5428
+ */
5429
+ post: {
5430
+ parameters: {
5431
+ query?: never;
5432
+ header?: never;
5433
+ path?: never;
5434
+ cookie?: never;
5435
+ };
5436
+ requestBody?: never;
5437
+ responses: {
5438
+ /** @description Success */
5439
+ 200: {
5440
+ headers: {
5441
+ [name: string]: unknown;
5442
+ };
5443
+ content: {
5444
+ "application/json": {
5445
+ /** @description Ten single-use recovery codes. Shown ONCE and never returned again — the user must store them now. Each code is consumed atomically when used in place of a TOTP code at MFA challenge time. */
5446
+ recoveryCodes: string[];
5447
+ };
5448
+ };
5449
+ };
5450
+ /** @description Bad Request — validation failed */
5451
+ 400: {
5452
+ headers: {
5453
+ [name: string]: unknown;
5454
+ };
5455
+ content: {
5456
+ "application/json": {
5457
+ /**
5458
+ * @description HTTP status code
5459
+ * @example 400
5460
+ */
5461
+ statusCode?: number;
5462
+ /**
5463
+ * @description Short error label
5464
+ * @example Bad Request
5465
+ */
5466
+ error?: string;
5467
+ /**
5468
+ * @description Human-readable error message. Validation errors from `ZodError.flatten()` may be returned as an array.
5469
+ * @example Validation failed
5470
+ */
5471
+ message: string | string[];
5472
+ };
5473
+ };
5474
+ };
5475
+ /** @description Unauthorized — authentication required or invalid */
5476
+ 401: {
5477
+ headers: {
5478
+ [name: string]: unknown;
5479
+ };
5480
+ content: {
5481
+ "application/json": {
5482
+ /**
5483
+ * @description HTTP status code
5484
+ * @example 400
5485
+ */
5486
+ statusCode?: number;
5487
+ /**
5488
+ * @description Short error label
5489
+ * @example Bad Request
5490
+ */
5491
+ error?: string;
5492
+ /**
5493
+ * @description Human-readable error message. Validation errors from `ZodError.flatten()` may be returned as an array.
5494
+ * @example Validation failed
5495
+ */
5496
+ message: string | string[];
5497
+ };
5498
+ };
5499
+ };
5500
+ };
5501
+ };
5502
+ delete?: never;
5503
+ options?: never;
5504
+ head?: never;
5505
+ patch?: never;
5506
+ trace?: never;
5507
+ };
5508
+ "/health/live": {
5509
+ parameters: {
5510
+ query?: never;
5511
+ header?: never;
5512
+ path?: never;
5513
+ cookie?: never;
5514
+ };
5515
+ /**
5516
+ * Liveness probe
5517
+ * @description Returns 200/`{status:"ok"}` whenever the process is running. Used by Kubernetes to decide whether to restart the pod.
5518
+ */
5519
+ get: {
5520
+ parameters: {
5521
+ query?: never;
5522
+ header?: never;
5523
+ path?: never;
5524
+ cookie?: never;
5525
+ };
5526
+ requestBody?: never;
5527
+ responses: {
5528
+ /** @description Success */
5529
+ 200: {
5530
+ headers: {
5531
+ [name: string]: unknown;
5532
+ };
5533
+ content: {
5534
+ "application/json": {
5535
+ /** @enum {string} */
5536
+ status: "ok";
5537
+ };
5538
+ };
5539
+ };
5540
+ };
5541
+ };
5542
+ put?: never;
5543
+ post?: never;
5544
+ delete?: never;
5545
+ options?: never;
5546
+ head?: never;
5547
+ patch?: never;
5548
+ trace?: never;
5549
+ };
5550
+ "/health/ready": {
5551
+ parameters: {
5552
+ query?: never;
5553
+ header?: never;
5554
+ path?: never;
5555
+ cookie?: never;
5556
+ };
5557
+ /**
5558
+ * Readiness probe
5559
+ * @description Returns 200/`{status:"ok"}` once a trivial `SELECT 1` succeeds against PostgreSQL. 503 if the DB is unreachable.
5560
+ */
5561
+ get: {
5562
+ parameters: {
5563
+ query?: never;
5564
+ header?: never;
5565
+ path?: never;
5566
+ cookie?: never;
5567
+ };
5568
+ requestBody?: never;
5569
+ responses: {
5570
+ /** @description Success */
5571
+ 200: {
5572
+ headers: {
5573
+ [name: string]: unknown;
5574
+ };
5575
+ content: {
5576
+ "application/json": {
5577
+ /** @enum {string} */
5578
+ status: "ok";
5579
+ };
5580
+ };
5581
+ };
5582
+ /** @description Service Unavailable */
5583
+ 503: {
5584
+ headers: {
5585
+ [name: string]: unknown;
5586
+ };
5587
+ content: {
5588
+ "application/json": {
5589
+ /**
5590
+ * @description HTTP status code
5591
+ * @example 400
5592
+ */
5593
+ statusCode?: number;
5594
+ /**
5595
+ * @description Short error label
5596
+ * @example Bad Request
5597
+ */
5598
+ error?: string;
5599
+ /**
5600
+ * @description Human-readable error message. Validation errors from `ZodError.flatten()` may be returned as an array.
5601
+ * @example Validation failed
5602
+ */
5603
+ message: string | string[];
5604
+ };
5605
+ };
5606
+ };
5607
+ };
5608
+ };
5609
+ put?: never;
5610
+ post?: never;
5611
+ delete?: never;
5612
+ options?: never;
5613
+ head?: never;
5614
+ patch?: never;
5615
+ trace?: never;
5616
+ };
5617
+ }
5618
+
5619
+ /**
5620
+ * This file was auto-generated by openapi-typescript.
5621
+ * Do not make direct changes to the file.
5622
+ */
5623
+ interface paths {
5624
+ "/v5/contracts/deploy": {
5625
+ parameters: {
5626
+ query?: never;
5627
+ header?: never;
5628
+ path?: never;
5629
+ cookie?: never;
5630
+ };
5631
+ get?: never;
5632
+ put?: never;
5633
+ /**
5634
+ * Deploy a WitnessRegistry v5 contract (Admin)
5635
+ * @description Deploy a v5 contract with owner key + initial signing key. V5 adds optional drand IBE time-lock per witness (see /v5/contracts/{addr}/witnesses/propose).
5636
+ */
5637
+ post: {
5638
+ parameters: {
5639
+ query?: never;
5640
+ header?: never;
5641
+ path?: never;
5642
+ cookie?: never;
5643
+ };
5644
+ requestBody?: {
5645
+ content: {
5646
+ "application/json": {
5647
+ contractId: string;
5648
+ /**
5649
+ * Ed25519PublicKey
5650
+ * @description 32-byte Ed25519 public key (hex, no 0x prefix)
5651
+ */
5652
+ ownerPublicKey: string;
5653
+ /**
5654
+ * Ed25519PublicKey
5655
+ * @description 32-byte Ed25519 public key (hex, no 0x prefix)
5656
+ */
5657
+ initialSigningPublicKey: string;
5658
+ strictSeries: boolean;
5659
+ metadata?: {
5660
+ [key: string]: unknown;
5661
+ };
5662
+ };
5663
+ };
5664
+ };
5665
+ responses: {
5666
+ /** @description Success */
5667
+ 200: {
5668
+ headers: {
5669
+ [name: string]: unknown;
5670
+ };
5671
+ content: {
5672
+ "application/json": {
5673
+ /**
5674
+ * @description Ethereum address (0x + 40 hex characters)
5675
+ * @example 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0
5676
+ */
5677
+ contractAddress: string;
5678
+ /**
5679
+ * @description Ethereum address (0x + 40 hex characters)
5680
+ * @example 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0
5681
+ */
5682
+ walletAddress: string;
5683
+ /**
5684
+ * @description Ethereum transaction hash (0x + 64 hex characters)
5685
+ * @example 0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
5686
+ */
5687
+ transactionHash: string;
5688
+ blockNumber: number;
5689
+ contractVersion: string;
5690
+ };
5691
+ };
5692
+ };
5693
+ /** @description Bad Request - Validation failed */
5694
+ 400: {
5695
+ headers: {
5696
+ [name: string]: unknown;
5697
+ };
5698
+ content: {
5699
+ "application/json": {
5700
+ /**
5701
+ * @description Error message
5702
+ * @example Validation failed
5703
+ */
5704
+ error: string;
5705
+ /**
5706
+ * @description Machine-readable error code
5707
+ * @example VALIDATION_FAILED
5708
+ */
5709
+ code?: string;
5710
+ /** @description Field-level validation errors */
5711
+ details?: {
5712
+ [key: string]: string[];
5713
+ };
5714
+ };
5715
+ };
5716
+ };
5717
+ /** @description Unauthorized - Authentication required */
5718
+ 401: {
5719
+ headers: {
5720
+ [name: string]: unknown;
5721
+ };
5722
+ content: {
5723
+ "application/json": {
5724
+ /**
5725
+ * @description Error message
5726
+ * @example Validation failed
5727
+ */
5728
+ error: string;
5729
+ /**
5730
+ * @description Machine-readable error code
5731
+ * @example VALIDATION_FAILED
5732
+ */
5733
+ code?: string;
5734
+ /** @description Field-level validation errors */
5735
+ details?: {
5736
+ [key: string]: string[];
5737
+ };
5738
+ };
5739
+ };
5740
+ };
5741
+ /** @description Internal Server Error */
5742
+ 500: {
5743
+ headers: {
5744
+ [name: string]: unknown;
5745
+ };
5746
+ content: {
5747
+ "application/json": {
5748
+ /**
5749
+ * @description Error message
5750
+ * @example Validation failed
5751
+ */
5752
+ error: string;
5753
+ /**
5754
+ * @description Machine-readable error code
5755
+ * @example VALIDATION_FAILED
5756
+ */
5757
+ code?: string;
5758
+ /** @description Field-level validation errors */
5759
+ details?: {
5760
+ [key: string]: string[];
5761
+ };
5762
+ };
5763
+ };
5764
+ };
5765
+ };
5766
+ };
5767
+ delete?: never;
5768
+ options?: never;
5769
+ head?: never;
5770
+ patch?: never;
5771
+ trace?: never;
5772
+ };
5773
+ "/v5/contracts/{contractAddress}/info": {
5774
+ parameters: {
5775
+ query?: never;
5776
+ header?: never;
5777
+ path?: never;
5778
+ cookie?: never;
5779
+ };
5780
+ /**
5781
+ * Get v5 contract metadata + active signing keys
5782
+ * @description Returns the contract record from chain-api storage: owner key, signing keys (with addedAt/revokedAt block timestamps), strictSeries flag, current pause state, owner nonce, and deployment block. This endpoint reads chain-api storage, not the chain directly — it returns 404 if the contract was deployed outside chain-api.
5783
+ */
5784
+ get: {
5785
+ parameters: {
5786
+ query?: never;
5787
+ header?: never;
5788
+ path: {
5789
+ /** @description Ethereum address (0x + 40 hex characters) */
5790
+ contractAddress: string;
5791
+ };
5792
+ cookie?: never;
5793
+ };
5794
+ requestBody?: never;
5795
+ responses: {
5796
+ /** @description Success */
5797
+ 200: {
5798
+ headers: {
5799
+ [name: string]: unknown;
5800
+ };
5801
+ content: {
5802
+ "application/json": {
5803
+ /**
5804
+ * @description Ethereum address (0x + 40 hex characters)
5805
+ * @example 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0
5806
+ */
5807
+ contractAddress: string;
5808
+ contractId: string;
5809
+ contractVersion: string;
5810
+ /**
5811
+ * @description Ethereum address (0x + 40 hex characters)
5812
+ * @example 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0
5813
+ */
5814
+ walletAddress: string;
5815
+ /**
5816
+ * Ed25519PublicKey
5817
+ * @description 32-byte Ed25519 public key (hex, no 0x prefix)
5818
+ */
5819
+ ownerKey: string;
5820
+ strictSeries: boolean;
5821
+ paused: boolean;
5822
+ ownerNonce: number;
5823
+ signingKeys: {
5824
+ /**
5825
+ * Ed25519PublicKey
5826
+ * @description 32-byte Ed25519 public key (hex, no 0x prefix)
5827
+ */
5828
+ publicKey: string;
5829
+ /** @description block.timestamp at which the signing key was added */
5830
+ addedAt: number;
5831
+ /** @description 0 if active, else block.timestamp at revocation */
5832
+ revokedAt: number;
5833
+ }[];
5834
+ deploymentBlockNumber: number;
5835
+ isActive: boolean;
5836
+ };
5837
+ };
5838
+ };
5839
+ /** @description Not Found */
5840
+ 404: {
5841
+ headers: {
5842
+ [name: string]: unknown;
5843
+ };
5844
+ content: {
5845
+ "application/json": {
5846
+ /**
5847
+ * @description Error message
5848
+ * @example Validation failed
5849
+ */
5850
+ error: string;
5851
+ /**
5852
+ * @description Machine-readable error code
5853
+ * @example VALIDATION_FAILED
5854
+ */
5855
+ code?: string;
5856
+ /** @description Field-level validation errors */
5857
+ details?: {
5858
+ [key: string]: string[];
5859
+ };
5860
+ };
5861
+ };
5862
+ };
5863
+ /** @description Internal Server Error */
5864
+ 500: {
5865
+ headers: {
5866
+ [name: string]: unknown;
5867
+ };
5868
+ content: {
5869
+ "application/json": {
5870
+ /**
5871
+ * @description Error message
5872
+ * @example Validation failed
5873
+ */
5874
+ error: string;
5875
+ /**
5876
+ * @description Machine-readable error code
5877
+ * @example VALIDATION_FAILED
5878
+ */
5879
+ code?: string;
5880
+ /** @description Field-level validation errors */
5881
+ details?: {
5882
+ [key: string]: string[];
5883
+ };
5884
+ };
5885
+ };
5886
+ };
5887
+ };
5888
+ };
5889
+ put?: never;
5890
+ post?: never;
5891
+ delete?: never;
5892
+ options?: never;
5893
+ head?: never;
5894
+ patch?: never;
5895
+ trace?: never;
5896
+ };
5897
+ "/v5/contracts/{contractAddress}/verify": {
5898
+ parameters: {
5899
+ query?: never;
5900
+ header?: never;
5901
+ path?: never;
5902
+ cookie?: never;
5903
+ };
5904
+ /**
5905
+ * Check whether an address has deployed contract bytecode
5906
+ * @description Lightweight existence check: returns `exists: true` if `eth_getCode` returns non-empty bytecode at the address. Does NOT verify the contract is a WitnessRegistry V5 — that requires `/info`.
5907
+ */
5908
+ get: {
5909
+ parameters: {
5910
+ query?: never;
5911
+ header?: never;
5912
+ path: {
5913
+ /** @description Ethereum address (0x + 40 hex characters) */
5914
+ contractAddress: string;
5915
+ };
5916
+ cookie?: never;
5917
+ };
5918
+ requestBody?: never;
5919
+ responses: {
5920
+ /** @description Success */
5921
+ 200: {
5922
+ headers: {
5923
+ [name: string]: unknown;
5924
+ };
5925
+ content: {
5926
+ "application/json": {
5927
+ /**
5928
+ * @description Ethereum address (0x + 40 hex characters)
5929
+ * @example 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0
5930
+ */
5931
+ contractAddress: string;
5932
+ /** @description true if the address has deployed bytecode on the chain (any contract). Does NOT verify that the bytecode is a WitnessRegistry V5 — use /info for that. */
5933
+ exists: boolean;
5934
+ };
5935
+ };
5936
+ };
5937
+ /** @description Internal Server Error */
5938
+ 500: {
5939
+ headers: {
5940
+ [name: string]: unknown;
5941
+ };
5942
+ content: {
5943
+ "application/json": {
5944
+ /**
5945
+ * @description Error message
5946
+ * @example Validation failed
5947
+ */
5948
+ error: string;
5949
+ /**
5950
+ * @description Machine-readable error code
5951
+ * @example VALIDATION_FAILED
5952
+ */
5953
+ code?: string;
5954
+ /** @description Field-level validation errors */
5955
+ details?: {
5956
+ [key: string]: string[];
5957
+ };
5958
+ };
5959
+ };
5960
+ };
5961
+ };
5962
+ };
5963
+ put?: never;
5964
+ post?: never;
5965
+ delete?: never;
5966
+ options?: never;
5967
+ head?: never;
5968
+ patch?: never;
5969
+ trace?: never;
5970
+ };
5971
+ "/v5/contracts/{contractAddress}/witnesses/propose": {
5972
+ parameters: {
5973
+ query?: never;
5974
+ header?: never;
5975
+ path?: never;
5976
+ cookie?: never;
5977
+ };
5978
+ get?: never;
5979
+ put?: never;
5980
+ /**
5981
+ * Propose a v5 witness
5982
+ * @description Propose a v5 witness, optionally with a drand IBE time-lock pair (drandRound + tlockCiphertext). Returns intentId + canonical intent payload to sign. Each required signer calls /sign before /finalize. The witnessId is unknown until /finalize completes.
5983
+ */
5984
+ post: {
5985
+ parameters: {
5986
+ query?: never;
5987
+ header?: never;
5988
+ path: {
5989
+ /** @description Ethereum address (0x + 40 hex characters) */
5990
+ contractAddress: string;
5991
+ };
5992
+ cookie?: never;
5993
+ };
5994
+ requestBody?: {
5995
+ content: {
5996
+ "application/json": {
5997
+ /**
5998
+ * DataIdV5
5999
+ * @description SHA256 hash of the witnessed data (64 hex chars)
6000
+ */
6001
+ dataId: string;
6002
+ requiredSigners: string[];
6003
+ /**
6004
+ * UserTimestamp
6005
+ * @description User-asserted event time as ISO 8601 UTC second-precision. Optional; when omitted, the witness has no user timestamp.
6006
+ * @example 2026-05-19T08:14:04Z
6007
+ */
6008
+ userTimestamp?: string;
6009
+ /**
6010
+ * WitnessIdV5
6011
+ * @description 32-byte contract-derived witness identifier (hex, no 0x prefix)
6012
+ */
6013
+ previousWitnessId?: string;
6014
+ metadataCommitment?: string;
6015
+ revealAfter?: number;
6016
+ /**
6017
+ * DrandRound
6018
+ * @description drand quicknet round number (uint64). Must be strictly in the future, and ≥60s away in wall-clock terms.
6019
+ * @example 19000000
6020
+ */
6021
+ drandRound?: number;
6022
+ /**
6023
+ * TlockCiphertext
6024
+ * @description AGE-armored tlock ciphertext, hex-encoded UTF-8. Output of tlock-js `timelockEncrypt`. Max 4096 bytes (8192 hex chars).
6025
+ */
6026
+ tlockCiphertext?: string;
6027
+ /**
6028
+ * Format: uri
6029
+ * @description Valid URL
6030
+ * @example https://example.com/path
6031
+ */
6032
+ callbackUrl?: string;
6033
+ };
6034
+ };
6035
+ };
6036
+ responses: {
6037
+ /** @description Success */
6038
+ 200: {
6039
+ headers: {
6040
+ [name: string]: unknown;
6041
+ };
6042
+ content: {
6043
+ "application/json": {
6044
+ /**
6045
+ * IntentId
6046
+ * Format: uuid
6047
+ * @description UUID issued by chain-api at /propose time. Used to correlate /sign and /finalize calls. Distinct from the witnessId, which is only known once the contract mines the createWitness tx.
6048
+ */
6049
+ intentId: string;
6050
+ witnessNonce: string;
6051
+ /** @description Canonical intent JSON to Ed25519-sign. JSON.stringify({dataId, userTimestamp, nonce, previousWitnessId, requiredSigners, drandRound, tlockCiphertextHash}). drandRound is 0 and tlockCiphertextHash is "0".repeat(64) when no time-lock. */
6052
+ payloadToSign: string;
6053
+ expiresInSeconds: number;
6054
+ requiredSigners: string[];
6055
+ };
6056
+ };
6057
+ };
6058
+ /** @description Bad Request - Validation failed */
6059
+ 400: {
6060
+ headers: {
6061
+ [name: string]: unknown;
6062
+ };
6063
+ content: {
6064
+ "application/json": {
6065
+ /**
6066
+ * @description Error message
6067
+ * @example Validation failed
6068
+ */
6069
+ error: string;
6070
+ /**
6071
+ * @description Machine-readable error code
6072
+ * @example VALIDATION_FAILED
6073
+ */
6074
+ code?: string;
6075
+ /** @description Field-level validation errors */
6076
+ details?: {
6077
+ [key: string]: string[];
6078
+ };
6079
+ };
6080
+ };
6081
+ };
6082
+ /** @description Not Found */
6083
+ 404: {
6084
+ headers: {
6085
+ [name: string]: unknown;
6086
+ };
6087
+ content: {
6088
+ "application/json": {
6089
+ /**
6090
+ * @description Error message
6091
+ * @example Validation failed
6092
+ */
6093
+ error: string;
6094
+ /**
6095
+ * @description Machine-readable error code
6096
+ * @example VALIDATION_FAILED
6097
+ */
6098
+ code?: string;
6099
+ /** @description Field-level validation errors */
6100
+ details?: {
6101
+ [key: string]: string[];
6102
+ };
6103
+ };
6104
+ };
6105
+ };
6106
+ /** @description Conflict */
6107
+ 409: {
6108
+ headers: {
6109
+ [name: string]: unknown;
6110
+ };
6111
+ content: {
6112
+ "application/json": {
6113
+ /**
6114
+ * @description Error message
6115
+ * @example Validation failed
6116
+ */
6117
+ error: string;
6118
+ /**
6119
+ * @description Machine-readable error code
6120
+ * @example VALIDATION_FAILED
6121
+ */
6122
+ code?: string;
6123
+ /** @description Field-level validation errors */
6124
+ details?: {
6125
+ [key: string]: string[];
6126
+ };
6127
+ };
6128
+ };
6129
+ };
6130
+ /** @description Internal Server Error */
6131
+ 500: {
6132
+ headers: {
6133
+ [name: string]: unknown;
6134
+ };
6135
+ content: {
6136
+ "application/json": {
6137
+ /**
6138
+ * @description Error message
6139
+ * @example Validation failed
6140
+ */
6141
+ error: string;
6142
+ /**
6143
+ * @description Machine-readable error code
6144
+ * @example VALIDATION_FAILED
6145
+ */
6146
+ code?: string;
6147
+ /** @description Field-level validation errors */
6148
+ details?: {
6149
+ [key: string]: string[];
6150
+ };
6151
+ };
6152
+ };
6153
+ };
6154
+ };
6155
+ };
6156
+ delete?: never;
6157
+ options?: never;
6158
+ head?: never;
6159
+ patch?: never;
6160
+ trace?: never;
6161
+ };
6162
+ "/v5/contracts/{contractAddress}/witnesses/{intentId}/sign": {
6163
+ parameters: {
6164
+ query?: never;
6165
+ header?: never;
6166
+ path?: never;
6167
+ cookie?: never;
6168
+ };
6169
+ get?: never;
6170
+ put?: never;
6171
+ /**
6172
+ * Submit a signature for a pending v5 witness
6173
+ * @description Each required signer calls this with their pubkey + Ed25519 signature over the canonical intent JSON returned from /propose.
6174
+ */
6175
+ post: {
6176
+ parameters: {
6177
+ query?: never;
6178
+ header?: never;
6179
+ path: {
6180
+ /** @description Ethereum address (0x + 40 hex characters) */
6181
+ contractAddress: string;
6182
+ /** @description UUID issued by chain-api at /propose time. Used to correlate /sign and /finalize calls. Distinct from the witnessId, which is only known once the contract mines the createWitness tx. */
6183
+ intentId: string;
6184
+ };
6185
+ cookie?: never;
6186
+ };
6187
+ requestBody?: {
6188
+ content: {
6189
+ "application/json": {
6190
+ /**
6191
+ * Ed25519PublicKey
6192
+ * @description 32-byte Ed25519 public key (hex, no 0x prefix)
6193
+ */
6194
+ signerPubKey: string;
6195
+ /**
6196
+ * Ed25519Signature
6197
+ * @description 64-byte Ed25519 signature (hex, no 0x prefix)
6198
+ */
6199
+ signature: string;
6200
+ };
6201
+ };
6202
+ };
6203
+ responses: {
6204
+ /** @description Success */
6205
+ 200: {
6206
+ headers: {
6207
+ [name: string]: unknown;
6208
+ };
6209
+ content: {
6210
+ "application/json": {
6211
+ signaturesCollected: number;
6212
+ signaturesRequired: number;
6213
+ ready: boolean;
6214
+ };
6215
+ };
6216
+ };
6217
+ /** @description Bad Request - Validation failed */
6218
+ 400: {
6219
+ headers: {
6220
+ [name: string]: unknown;
6221
+ };
6222
+ content: {
6223
+ "application/json": {
6224
+ /**
6225
+ * @description Error message
6226
+ * @example Validation failed
6227
+ */
6228
+ error: string;
6229
+ /**
6230
+ * @description Machine-readable error code
6231
+ * @example VALIDATION_FAILED
6232
+ */
6233
+ code?: string;
6234
+ /** @description Field-level validation errors */
6235
+ details?: {
6236
+ [key: string]: string[];
6237
+ };
6238
+ };
6239
+ };
6240
+ };
6241
+ /** @description Unauthorized - Authentication required */
6242
+ 401: {
6243
+ headers: {
6244
+ [name: string]: unknown;
6245
+ };
6246
+ content: {
6247
+ "application/json": {
6248
+ /**
6249
+ * @description Error message
6250
+ * @example Validation failed
6251
+ */
6252
+ error: string;
6253
+ /**
6254
+ * @description Machine-readable error code
6255
+ * @example VALIDATION_FAILED
6256
+ */
6257
+ code?: string;
6258
+ /** @description Field-level validation errors */
6259
+ details?: {
6260
+ [key: string]: string[];
6261
+ };
6262
+ };
6263
+ };
6264
+ };
6265
+ /** @description Conflict */
6266
+ 409: {
6267
+ headers: {
6268
+ [name: string]: unknown;
6269
+ };
6270
+ content: {
6271
+ "application/json": {
6272
+ /**
6273
+ * @description Error message
6274
+ * @example Validation failed
6275
+ */
6276
+ error: string;
6277
+ /**
6278
+ * @description Machine-readable error code
6279
+ * @example VALIDATION_FAILED
6280
+ */
6281
+ code?: string;
6282
+ /** @description Field-level validation errors */
6283
+ details?: {
6284
+ [key: string]: string[];
6285
+ };
6286
+ };
6287
+ };
6288
+ };
6289
+ /** @description Response */
6290
+ 410: {
6291
+ headers: {
6292
+ [name: string]: unknown;
6293
+ };
6294
+ content: {
6295
+ "application/json": {
6296
+ /**
6297
+ * @description Error message
6298
+ * @example Validation failed
6299
+ */
6300
+ error: string;
6301
+ /**
6302
+ * @description Machine-readable error code
6303
+ * @example VALIDATION_FAILED
6304
+ */
6305
+ code?: string;
6306
+ /** @description Field-level validation errors */
6307
+ details?: {
6308
+ [key: string]: string[];
6309
+ };
6310
+ };
6311
+ };
6312
+ };
6313
+ /** @description Internal Server Error */
6314
+ 500: {
6315
+ headers: {
6316
+ [name: string]: unknown;
6317
+ };
6318
+ content: {
6319
+ "application/json": {
6320
+ /**
6321
+ * @description Error message
6322
+ * @example Validation failed
6323
+ */
6324
+ error: string;
6325
+ /**
6326
+ * @description Machine-readable error code
6327
+ * @example VALIDATION_FAILED
6328
+ */
6329
+ code?: string;
6330
+ /** @description Field-level validation errors */
6331
+ details?: {
6332
+ [key: string]: string[];
6333
+ };
6334
+ };
6335
+ };
6336
+ };
6337
+ };
6338
+ };
6339
+ delete?: never;
6340
+ options?: never;
6341
+ head?: never;
6342
+ patch?: never;
6343
+ trace?: never;
6344
+ };
6345
+ "/v5/contracts/{contractAddress}/witnesses/{intentId}/finalize": {
6346
+ parameters: {
6347
+ query?: never;
6348
+ header?: never;
6349
+ path?: never;
6350
+ cookie?: never;
6351
+ };
6352
+ get?: never;
6353
+ put?: never;
6354
+ /**
6355
+ * Finalize a v5 witness (broadcast + wait for receipt)
6356
+ * @description Broadcasts createWitness and blocks until the tx is mined so the contract-derived witnessId can be returned. Typical latency: 10–15s on Witnium (10s QBFT block period).
6357
+ */
6358
+ post: {
6359
+ parameters: {
6360
+ query?: never;
6361
+ header?: never;
6362
+ path: {
6363
+ /** @description Ethereum address (0x + 40 hex characters) */
6364
+ contractAddress: string;
6365
+ /** @description UUID issued by chain-api at /propose time. Used to correlate /sign and /finalize calls. Distinct from the witnessId, which is only known once the contract mines the createWitness tx. */
6366
+ intentId: string;
6367
+ };
6368
+ cookie?: never;
6369
+ };
6370
+ requestBody?: never;
6371
+ responses: {
6372
+ /** @description Success */
6373
+ 200: {
6374
+ headers: {
6375
+ [name: string]: unknown;
6376
+ };
6377
+ content: {
6378
+ "application/json": {
6379
+ /**
6380
+ * IntentId
6381
+ * Format: uuid
6382
+ * @description UUID issued by chain-api at /propose time. Used to correlate /sign and /finalize calls. Distinct from the witnessId, which is only known once the contract mines the createWitness tx.
6383
+ */
6384
+ intentId: string;
6385
+ /**
6386
+ * WitnessIdV5
6387
+ * @description 32-byte contract-derived witness identifier (hex, no 0x prefix)
6388
+ */
6389
+ witnessId: string;
6390
+ /**
6391
+ * @description Ethereum transaction hash (0x + 64 hex characters)
6392
+ * @example 0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
6393
+ */
6394
+ transactionHash: string;
6395
+ blockNumber: number;
6396
+ /** @description block.timestamp at the block that included the createWitness tx — this is the value the contract used as chainTimestamp when deriving the witnessId. */
6397
+ chainTimestamp: number;
6398
+ /** @description drand round encoded in the witness (0 when not time-locked). */
6399
+ drandRound: number;
6400
+ status: string;
6401
+ };
6402
+ };
6403
+ };
6404
+ /** @description Conflict */
6405
+ 409: {
6406
+ headers: {
6407
+ [name: string]: unknown;
6408
+ };
6409
+ content: {
6410
+ "application/json": {
6411
+ /**
6412
+ * @description Error message
6413
+ * @example Validation failed
6414
+ */
6415
+ error: string;
6416
+ /**
6417
+ * @description Machine-readable error code
6418
+ * @example VALIDATION_FAILED
6419
+ */
6420
+ code?: string;
6421
+ /** @description Field-level validation errors */
6422
+ details?: {
6423
+ [key: string]: string[];
6424
+ };
6425
+ };
6426
+ };
6427
+ };
6428
+ /** @description Response */
6429
+ 410: {
6430
+ headers: {
6431
+ [name: string]: unknown;
6432
+ };
6433
+ content: {
6434
+ "application/json": {
6435
+ /**
6436
+ * @description Error message
6437
+ * @example Validation failed
6438
+ */
6439
+ error: string;
6440
+ /**
6441
+ * @description Machine-readable error code
6442
+ * @example VALIDATION_FAILED
6443
+ */
6444
+ code?: string;
6445
+ /** @description Field-level validation errors */
6446
+ details?: {
6447
+ [key: string]: string[];
6448
+ };
6449
+ };
6450
+ };
6451
+ };
6452
+ /** @description Internal Server Error */
6453
+ 500: {
6454
+ headers: {
6455
+ [name: string]: unknown;
6456
+ };
6457
+ content: {
6458
+ "application/json": {
6459
+ /**
6460
+ * @description Error message
6461
+ * @example Validation failed
6462
+ */
6463
+ error: string;
6464
+ /**
6465
+ * @description Machine-readable error code
6466
+ * @example VALIDATION_FAILED
6467
+ */
6468
+ code?: string;
6469
+ /** @description Field-level validation errors */
6470
+ details?: {
6471
+ [key: string]: string[];
6472
+ };
6473
+ };
6474
+ };
6475
+ };
6476
+ };
6477
+ };
6478
+ delete?: never;
6479
+ options?: never;
6480
+ head?: never;
6481
+ patch?: never;
6482
+ trace?: never;
6483
+ };
6484
+ "/v5/contracts/{contractAddress}/witnesses/{witnessId}/revoke": {
6485
+ parameters: {
6486
+ query?: never;
6487
+ header?: never;
6488
+ path?: never;
6489
+ cookie?: never;
6490
+ };
6491
+ get?: never;
6492
+ put?: never;
6493
+ /** Revoke a v5 witness (tombstone) */
6494
+ post: {
6495
+ parameters: {
6496
+ query?: never;
6497
+ header?: never;
6498
+ path: {
6499
+ /** @description Ethereum address (0x + 40 hex characters) */
6500
+ contractAddress: string;
6501
+ /** @description 32-byte contract-derived witness identifier (hex, no 0x prefix) */
6502
+ witnessId: string;
6503
+ };
6504
+ cookie?: never;
6505
+ };
6506
+ requestBody?: {
6507
+ content: {
6508
+ "application/json": {
6509
+ reasonHash: string;
6510
+ /**
6511
+ * Ed25519PublicKey
6512
+ * @description 32-byte Ed25519 public key (hex, no 0x prefix)
6513
+ */
6514
+ revokerPubKey: string;
6515
+ /**
6516
+ * Ed25519Signature
6517
+ * @description 64-byte Ed25519 signature (hex, no 0x prefix)
6518
+ */
6519
+ revokerSignature: string;
6520
+ };
6521
+ };
6522
+ };
6523
+ responses: {
6524
+ /** @description Success */
6525
+ 200: {
6526
+ headers: {
6527
+ [name: string]: unknown;
6528
+ };
6529
+ content: {
6530
+ "application/json": {
6531
+ /**
6532
+ * @description Ethereum transaction hash (0x + 64 hex characters)
6533
+ * @example 0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
6534
+ */
6535
+ transactionHash: string;
6536
+ };
6537
+ };
6538
+ };
6539
+ /** @description Bad Request - Validation failed */
6540
+ 400: {
6541
+ headers: {
6542
+ [name: string]: unknown;
6543
+ };
6544
+ content: {
6545
+ "application/json": {
6546
+ /**
6547
+ * @description Error message
6548
+ * @example Validation failed
6549
+ */
6550
+ error: string;
6551
+ /**
6552
+ * @description Machine-readable error code
6553
+ * @example VALIDATION_FAILED
6554
+ */
6555
+ code?: string;
6556
+ /** @description Field-level validation errors */
6557
+ details?: {
6558
+ [key: string]: string[];
6559
+ };
6560
+ };
6561
+ };
6562
+ };
6563
+ /** @description Unauthorized - Authentication required */
6564
+ 401: {
6565
+ headers: {
6566
+ [name: string]: unknown;
6567
+ };
6568
+ content: {
6569
+ "application/json": {
6570
+ /**
6571
+ * @description Error message
6572
+ * @example Validation failed
6573
+ */
6574
+ error: string;
6575
+ /**
6576
+ * @description Machine-readable error code
6577
+ * @example VALIDATION_FAILED
6578
+ */
6579
+ code?: string;
6580
+ /** @description Field-level validation errors */
6581
+ details?: {
6582
+ [key: string]: string[];
6583
+ };
6584
+ };
6585
+ };
6586
+ };
6587
+ /** @description Conflict */
6588
+ 409: {
6589
+ headers: {
6590
+ [name: string]: unknown;
6591
+ };
6592
+ content: {
6593
+ "application/json": {
6594
+ /**
6595
+ * @description Error message
6596
+ * @example Validation failed
6597
+ */
6598
+ error: string;
6599
+ /**
6600
+ * @description Machine-readable error code
6601
+ * @example VALIDATION_FAILED
6602
+ */
6603
+ code?: string;
6604
+ /** @description Field-level validation errors */
6605
+ details?: {
6606
+ [key: string]: string[];
6607
+ };
6608
+ };
6609
+ };
6610
+ };
6611
+ /** @description Internal Server Error */
6612
+ 500: {
6613
+ headers: {
6614
+ [name: string]: unknown;
6615
+ };
6616
+ content: {
6617
+ "application/json": {
6618
+ /**
6619
+ * @description Error message
6620
+ * @example Validation failed
6621
+ */
6622
+ error: string;
6623
+ /**
6624
+ * @description Machine-readable error code
6625
+ * @example VALIDATION_FAILED
6626
+ */
6627
+ code?: string;
6628
+ /** @description Field-level validation errors */
6629
+ details?: {
6630
+ [key: string]: string[];
6631
+ };
6632
+ };
6633
+ };
6634
+ };
6635
+ };
6636
+ };
6637
+ delete?: never;
6638
+ options?: never;
6639
+ head?: never;
6640
+ patch?: never;
6641
+ trace?: never;
6642
+ };
6643
+ "/v5/contracts/{contractAddress}/keys": {
6644
+ parameters: {
6645
+ query?: never;
6646
+ header?: never;
6647
+ path?: never;
6648
+ cookie?: never;
6649
+ };
6650
+ get?: never;
6651
+ put?: never;
6652
+ /**
6653
+ * Add a signing key (owner-signed)
6654
+ * @description Add a new Ed25519 signing key to the contract. Payload is owner-signed; the bytes signed are the canonical JSON `{op:1, contract, nonce, newKey}` (UTF-8, no whitespace). The Admin bearer token authenticates the caller (typically the accounts service forwarding the owner-signed payload). Owner-op `op` codes (numeric, match on-chain): 1=addSigningKey, 2=revokeSigningKey, 3=pause, 4=unpause.
6655
+ */
6656
+ post: {
6657
+ parameters: {
6658
+ query?: never;
6659
+ header?: never;
6660
+ path: {
6661
+ /** @description Ethereum address (0x + 40 hex characters) */
6662
+ contractAddress: string;
6663
+ };
6664
+ cookie?: never;
6665
+ };
6666
+ requestBody?: {
6667
+ content: {
6668
+ "application/json": {
6669
+ /**
6670
+ * Ed25519PublicKey
6671
+ * @description 32-byte Ed25519 public key (hex, no 0x prefix)
6672
+ */
6673
+ newKey: string;
6674
+ /** @description Monotonic owner nonce. Read the current value from /v5/contracts/{addr}/info as `ownerNonce`, then use `ownerNonce + 1` here. */
6675
+ ownerNonce: number;
6676
+ /**
6677
+ * Ed25519Signature
6678
+ * @description 64-byte Ed25519 signature (hex, no 0x prefix)
6679
+ */
6680
+ ownerSignature: string;
6681
+ };
6682
+ };
6683
+ };
6684
+ responses: {
6685
+ /** @description Success */
6686
+ 200: {
6687
+ headers: {
6688
+ [name: string]: unknown;
6689
+ };
6690
+ content: {
6691
+ "application/json": {
6692
+ /**
6693
+ * @description Ethereum transaction hash (0x + 64 hex characters)
6694
+ * @example 0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
6695
+ */
6696
+ transactionHash: string;
6697
+ };
6698
+ };
6699
+ };
6700
+ /** @description Bad Request - Validation failed */
6701
+ 400: {
6702
+ headers: {
6703
+ [name: string]: unknown;
6704
+ };
6705
+ content: {
6706
+ "application/json": {
6707
+ /**
6708
+ * @description Error message
6709
+ * @example Validation failed
6710
+ */
6711
+ error: string;
6712
+ /**
6713
+ * @description Machine-readable error code
6714
+ * @example VALIDATION_FAILED
6715
+ */
6716
+ code?: string;
6717
+ /** @description Field-level validation errors */
6718
+ details?: {
6719
+ [key: string]: string[];
6720
+ };
6721
+ };
6722
+ };
6723
+ };
6724
+ /** @description Unauthorized - Authentication required */
6725
+ 401: {
6726
+ headers: {
6727
+ [name: string]: unknown;
6728
+ };
6729
+ content: {
6730
+ "application/json": {
6731
+ /**
6732
+ * @description Error message
6733
+ * @example Validation failed
6734
+ */
6735
+ error: string;
6736
+ /**
6737
+ * @description Machine-readable error code
6738
+ * @example VALIDATION_FAILED
6739
+ */
6740
+ code?: string;
6741
+ /** @description Field-level validation errors */
6742
+ details?: {
6743
+ [key: string]: string[];
6744
+ };
6745
+ };
6746
+ };
6747
+ };
6748
+ /** @description Conflict */
6749
+ 409: {
6750
+ headers: {
6751
+ [name: string]: unknown;
6752
+ };
6753
+ content: {
6754
+ "application/json": {
6755
+ /**
6756
+ * @description Error message
6757
+ * @example Validation failed
6758
+ */
6759
+ error: string;
6760
+ /**
6761
+ * @description Machine-readable error code
6762
+ * @example VALIDATION_FAILED
6763
+ */
6764
+ code?: string;
6765
+ /** @description Field-level validation errors */
6766
+ details?: {
6767
+ [key: string]: string[];
6768
+ };
6769
+ };
6770
+ };
6771
+ };
6772
+ /** @description Internal Server Error */
6773
+ 500: {
6774
+ headers: {
6775
+ [name: string]: unknown;
6776
+ };
6777
+ content: {
6778
+ "application/json": {
6779
+ /**
6780
+ * @description Error message
6781
+ * @example Validation failed
6782
+ */
6783
+ error: string;
6784
+ /**
6785
+ * @description Machine-readable error code
6786
+ * @example VALIDATION_FAILED
6787
+ */
6788
+ code?: string;
6789
+ /** @description Field-level validation errors */
6790
+ details?: {
6791
+ [key: string]: string[];
6792
+ };
6793
+ };
6794
+ };
6795
+ };
6796
+ };
6797
+ };
6798
+ delete?: never;
6799
+ options?: never;
6800
+ head?: never;
6801
+ patch?: never;
6802
+ trace?: never;
6803
+ };
6804
+ "/v5/contracts/{contractAddress}/keys/revoke": {
6805
+ parameters: {
6806
+ query?: never;
6807
+ header?: never;
6808
+ path?: never;
6809
+ cookie?: never;
6810
+ };
6811
+ get?: never;
6812
+ put?: never;
6813
+ /**
6814
+ * Revoke a signing key (owner-signed)
6815
+ * @description Revoke an existing Ed25519 signing key. Once revoked, the key cannot create new witnesses but previously-created witnesses are unaffected. The bytes signed are the canonical JSON `{op:2, contract, nonce, key}` (UTF-8, no whitespace). Owner-op `op` codes (numeric, match on-chain): 1=addSigningKey, 2=revokeSigningKey, 3=pause, 4=unpause.
6816
+ */
6817
+ post: {
6818
+ parameters: {
6819
+ query?: never;
6820
+ header?: never;
6821
+ path: {
6822
+ /** @description Ethereum address (0x + 40 hex characters) */
6823
+ contractAddress: string;
6824
+ };
6825
+ cookie?: never;
6826
+ };
6827
+ requestBody?: {
6828
+ content: {
6829
+ "application/json": {
6830
+ /**
6831
+ * Ed25519PublicKey
6832
+ * @description 32-byte Ed25519 public key (hex, no 0x prefix)
6833
+ */
6834
+ keyToRevoke: string;
6835
+ ownerNonce: number;
6836
+ /**
6837
+ * Ed25519Signature
6838
+ * @description 64-byte Ed25519 signature (hex, no 0x prefix)
6839
+ */
6840
+ ownerSignature: string;
6841
+ };
6842
+ };
6843
+ };
6844
+ responses: {
6845
+ /** @description Success */
6846
+ 200: {
6847
+ headers: {
6848
+ [name: string]: unknown;
6849
+ };
6850
+ content: {
6851
+ "application/json": {
6852
+ /**
6853
+ * @description Ethereum transaction hash (0x + 64 hex characters)
6854
+ * @example 0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
6855
+ */
6856
+ transactionHash: string;
6857
+ };
6858
+ };
6859
+ };
6860
+ /** @description Bad Request - Validation failed */
6861
+ 400: {
6862
+ headers: {
6863
+ [name: string]: unknown;
6864
+ };
6865
+ content: {
6866
+ "application/json": {
6867
+ /**
6868
+ * @description Error message
6869
+ * @example Validation failed
6870
+ */
6871
+ error: string;
6872
+ /**
6873
+ * @description Machine-readable error code
6874
+ * @example VALIDATION_FAILED
6875
+ */
6876
+ code?: string;
6877
+ /** @description Field-level validation errors */
6878
+ details?: {
6879
+ [key: string]: string[];
6880
+ };
6881
+ };
6882
+ };
6883
+ };
6884
+ /** @description Unauthorized - Authentication required */
6885
+ 401: {
6886
+ headers: {
6887
+ [name: string]: unknown;
6888
+ };
6889
+ content: {
6890
+ "application/json": {
6891
+ /**
6892
+ * @description Error message
6893
+ * @example Validation failed
6894
+ */
6895
+ error: string;
6896
+ /**
6897
+ * @description Machine-readable error code
6898
+ * @example VALIDATION_FAILED
6899
+ */
6900
+ code?: string;
6901
+ /** @description Field-level validation errors */
6902
+ details?: {
6903
+ [key: string]: string[];
6904
+ };
6905
+ };
6906
+ };
6907
+ };
6908
+ /** @description Conflict */
6909
+ 409: {
6910
+ headers: {
6911
+ [name: string]: unknown;
6912
+ };
6913
+ content: {
6914
+ "application/json": {
6915
+ /**
6916
+ * @description Error message
6917
+ * @example Validation failed
6918
+ */
6919
+ error: string;
6920
+ /**
6921
+ * @description Machine-readable error code
6922
+ * @example VALIDATION_FAILED
6923
+ */
6924
+ code?: string;
6925
+ /** @description Field-level validation errors */
6926
+ details?: {
6927
+ [key: string]: string[];
6928
+ };
6929
+ };
6930
+ };
6931
+ };
6932
+ /** @description Internal Server Error */
6933
+ 500: {
6934
+ headers: {
6935
+ [name: string]: unknown;
6936
+ };
6937
+ content: {
6938
+ "application/json": {
6939
+ /**
6940
+ * @description Error message
6941
+ * @example Validation failed
6942
+ */
6943
+ error: string;
6944
+ /**
6945
+ * @description Machine-readable error code
6946
+ * @example VALIDATION_FAILED
6947
+ */
6948
+ code?: string;
6949
+ /** @description Field-level validation errors */
6950
+ details?: {
6951
+ [key: string]: string[];
6952
+ };
6953
+ };
6954
+ };
6955
+ };
6956
+ };
6957
+ };
6958
+ delete?: never;
6959
+ options?: never;
6960
+ head?: never;
6961
+ patch?: never;
6962
+ trace?: never;
6963
+ };
6964
+ "/v5/contracts/{contractAddress}/pause": {
6965
+ parameters: {
6966
+ query?: never;
6967
+ header?: never;
6968
+ path?: never;
6969
+ cookie?: never;
6970
+ };
6971
+ get?: never;
6972
+ put?: never;
6973
+ /**
6974
+ * Pause a contract (owner-signed)
6975
+ * @description Pause witness creation on the contract. While paused, /propose/sign/finalize reject. Reads continue to work. Pair with /unpause to resume. The bytes signed are the canonical JSON `{op:3, contract, nonce}` (UTF-8, no whitespace). Owner-op `op` codes (numeric, match on-chain): 1=addSigningKey, 2=revokeSigningKey, 3=pause, 4=unpause.
6976
+ */
6977
+ post: {
6978
+ parameters: {
6979
+ query?: never;
6980
+ header?: never;
6981
+ path: {
6982
+ /** @description Ethereum address (0x + 40 hex characters) */
6983
+ contractAddress: string;
6984
+ };
6985
+ cookie?: never;
6986
+ };
6987
+ requestBody?: {
6988
+ content: {
6989
+ "application/json": {
6990
+ ownerNonce: number;
6991
+ /**
6992
+ * Ed25519Signature
6993
+ * @description 64-byte Ed25519 signature (hex, no 0x prefix)
6994
+ */
6995
+ ownerSignature: string;
6996
+ };
6997
+ };
6998
+ };
6999
+ responses: {
7000
+ /** @description Success */
7001
+ 200: {
7002
+ headers: {
7003
+ [name: string]: unknown;
7004
+ };
7005
+ content: {
7006
+ "application/json": {
7007
+ /**
7008
+ * @description Ethereum transaction hash (0x + 64 hex characters)
7009
+ * @example 0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
7010
+ */
7011
+ transactionHash: string;
7012
+ };
7013
+ };
7014
+ };
7015
+ /** @description Bad Request - Validation failed */
7016
+ 400: {
7017
+ headers: {
7018
+ [name: string]: unknown;
7019
+ };
7020
+ content: {
7021
+ "application/json": {
7022
+ /**
7023
+ * @description Error message
7024
+ * @example Validation failed
7025
+ */
7026
+ error: string;
7027
+ /**
7028
+ * @description Machine-readable error code
7029
+ * @example VALIDATION_FAILED
7030
+ */
7031
+ code?: string;
7032
+ /** @description Field-level validation errors */
7033
+ details?: {
7034
+ [key: string]: string[];
7035
+ };
7036
+ };
7037
+ };
7038
+ };
7039
+ /** @description Unauthorized - Authentication required */
7040
+ 401: {
7041
+ headers: {
7042
+ [name: string]: unknown;
7043
+ };
7044
+ content: {
7045
+ "application/json": {
7046
+ /**
7047
+ * @description Error message
7048
+ * @example Validation failed
7049
+ */
7050
+ error: string;
7051
+ /**
7052
+ * @description Machine-readable error code
7053
+ * @example VALIDATION_FAILED
7054
+ */
7055
+ code?: string;
7056
+ /** @description Field-level validation errors */
7057
+ details?: {
7058
+ [key: string]: string[];
7059
+ };
7060
+ };
7061
+ };
7062
+ };
7063
+ /** @description Conflict */
7064
+ 409: {
7065
+ headers: {
7066
+ [name: string]: unknown;
7067
+ };
7068
+ content: {
7069
+ "application/json": {
7070
+ /**
7071
+ * @description Error message
7072
+ * @example Validation failed
7073
+ */
7074
+ error: string;
7075
+ /**
7076
+ * @description Machine-readable error code
7077
+ * @example VALIDATION_FAILED
7078
+ */
7079
+ code?: string;
7080
+ /** @description Field-level validation errors */
7081
+ details?: {
7082
+ [key: string]: string[];
7083
+ };
7084
+ };
7085
+ };
7086
+ };
7087
+ /** @description Internal Server Error */
7088
+ 500: {
7089
+ headers: {
7090
+ [name: string]: unknown;
7091
+ };
7092
+ content: {
7093
+ "application/json": {
7094
+ /**
7095
+ * @description Error message
7096
+ * @example Validation failed
7097
+ */
7098
+ error: string;
7099
+ /**
7100
+ * @description Machine-readable error code
7101
+ * @example VALIDATION_FAILED
7102
+ */
7103
+ code?: string;
7104
+ /** @description Field-level validation errors */
7105
+ details?: {
7106
+ [key: string]: string[];
7107
+ };
7108
+ };
7109
+ };
7110
+ };
7111
+ };
7112
+ };
7113
+ delete?: never;
7114
+ options?: never;
7115
+ head?: never;
7116
+ patch?: never;
7117
+ trace?: never;
7118
+ };
7119
+ "/v5/contracts/{contractAddress}/unpause": {
7120
+ parameters: {
7121
+ query?: never;
7122
+ header?: never;
7123
+ path?: never;
7124
+ cookie?: never;
7125
+ };
7126
+ get?: never;
7127
+ put?: never;
7128
+ /**
7129
+ * Unpause a contract (owner-signed)
7130
+ * @description Inverse of /pause. The bytes signed are the canonical JSON `{op:4, contract, nonce}` (UTF-8, no whitespace). Owner-op `op` codes (numeric, match on-chain): 1=addSigningKey, 2=revokeSigningKey, 3=pause, 4=unpause.
7131
+ */
7132
+ post: {
7133
+ parameters: {
7134
+ query?: never;
7135
+ header?: never;
7136
+ path: {
7137
+ /** @description Ethereum address (0x + 40 hex characters) */
7138
+ contractAddress: string;
7139
+ };
7140
+ cookie?: never;
7141
+ };
7142
+ requestBody?: {
7143
+ content: {
7144
+ "application/json": {
7145
+ ownerNonce: number;
7146
+ /**
7147
+ * Ed25519Signature
7148
+ * @description 64-byte Ed25519 signature (hex, no 0x prefix)
7149
+ */
7150
+ ownerSignature: string;
7151
+ };
7152
+ };
7153
+ };
7154
+ responses: {
7155
+ /** @description Success */
7156
+ 200: {
7157
+ headers: {
7158
+ [name: string]: unknown;
7159
+ };
7160
+ content: {
7161
+ "application/json": {
7162
+ /**
7163
+ * @description Ethereum transaction hash (0x + 64 hex characters)
7164
+ * @example 0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
7165
+ */
7166
+ transactionHash: string;
7167
+ };
7168
+ };
7169
+ };
7170
+ /** @description Bad Request - Validation failed */
7171
+ 400: {
7172
+ headers: {
7173
+ [name: string]: unknown;
7174
+ };
7175
+ content: {
7176
+ "application/json": {
7177
+ /**
7178
+ * @description Error message
7179
+ * @example Validation failed
7180
+ */
7181
+ error: string;
7182
+ /**
7183
+ * @description Machine-readable error code
7184
+ * @example VALIDATION_FAILED
7185
+ */
7186
+ code?: string;
7187
+ /** @description Field-level validation errors */
7188
+ details?: {
7189
+ [key: string]: string[];
7190
+ };
7191
+ };
7192
+ };
7193
+ };
7194
+ /** @description Unauthorized - Authentication required */
7195
+ 401: {
7196
+ headers: {
7197
+ [name: string]: unknown;
7198
+ };
7199
+ content: {
7200
+ "application/json": {
7201
+ /**
7202
+ * @description Error message
7203
+ * @example Validation failed
7204
+ */
7205
+ error: string;
7206
+ /**
7207
+ * @description Machine-readable error code
7208
+ * @example VALIDATION_FAILED
7209
+ */
7210
+ code?: string;
7211
+ /** @description Field-level validation errors */
7212
+ details?: {
7213
+ [key: string]: string[];
7214
+ };
7215
+ };
7216
+ };
7217
+ };
7218
+ /** @description Conflict */
7219
+ 409: {
7220
+ headers: {
7221
+ [name: string]: unknown;
7222
+ };
7223
+ content: {
7224
+ "application/json": {
7225
+ /**
7226
+ * @description Error message
7227
+ * @example Validation failed
7228
+ */
7229
+ error: string;
7230
+ /**
7231
+ * @description Machine-readable error code
7232
+ * @example VALIDATION_FAILED
7233
+ */
7234
+ code?: string;
7235
+ /** @description Field-level validation errors */
7236
+ details?: {
7237
+ [key: string]: string[];
7238
+ };
7239
+ };
7240
+ };
7241
+ };
7242
+ /** @description Internal Server Error */
7243
+ 500: {
7244
+ headers: {
7245
+ [name: string]: unknown;
7246
+ };
7247
+ content: {
7248
+ "application/json": {
7249
+ /**
7250
+ * @description Error message
7251
+ * @example Validation failed
7252
+ */
7253
+ error: string;
7254
+ /**
7255
+ * @description Machine-readable error code
7256
+ * @example VALIDATION_FAILED
7257
+ */
7258
+ code?: string;
7259
+ /** @description Field-level validation errors */
7260
+ details?: {
7261
+ [key: string]: string[];
7262
+ };
7263
+ };
7264
+ };
7265
+ };
7266
+ };
7267
+ };
7268
+ delete?: never;
7269
+ options?: never;
7270
+ head?: never;
7271
+ patch?: never;
7272
+ trace?: never;
7273
+ };
7274
+ "/v5/contracts/{contractAddress}/witnesses": {
7275
+ parameters: {
7276
+ query?: never;
7277
+ header?: never;
7278
+ path?: never;
7279
+ cookie?: never;
7280
+ };
7281
+ /**
7282
+ * List v5 witnesses (optionally filtered by dataId)
7283
+ * @description Scans the WitnessCreated event log from contract deployment to head. The v5 event adds drandRound — non-zero means the witness carries a drand IBE ciphertext decryptable at that round. Query the full witness via /get for the ciphertext bytes.
7284
+ */
7285
+ get: {
7286
+ parameters: {
7287
+ query?: {
7288
+ dataId?: string;
7289
+ limit?: number;
7290
+ offset?: number | null;
7291
+ };
7292
+ header?: never;
7293
+ path: {
7294
+ /** @description Ethereum address (0x + 40 hex characters) */
7295
+ contractAddress: string;
7296
+ };
7297
+ cookie?: never;
7298
+ };
7299
+ requestBody?: never;
7300
+ responses: {
7301
+ /** @description Success */
7302
+ 200: {
7303
+ headers: {
7304
+ [name: string]: unknown;
7305
+ };
7306
+ content: {
7307
+ "application/json": {
7308
+ witnesses: {
7309
+ /**
7310
+ * WitnessIdV5
7311
+ * @description 32-byte contract-derived witness identifier (hex, no 0x prefix)
7312
+ */
7313
+ witnessId: string;
7314
+ dataId: string;
7315
+ timestamp: number;
7316
+ blockNumber: number;
7317
+ previousWitnessId: string | null;
7318
+ signerCount: number;
7319
+ timeLocked: boolean;
7320
+ hasUserTimestamp: boolean;
7321
+ drandRound: number;
7322
+ }[];
7323
+ hasMore: boolean;
7324
+ totalReturned: number;
7325
+ };
7326
+ };
7327
+ };
7328
+ /** @description Not Found */
7329
+ 404: {
7330
+ headers: {
7331
+ [name: string]: unknown;
7332
+ };
7333
+ content: {
7334
+ "application/json": {
7335
+ /**
7336
+ * @description Error message
7337
+ * @example Validation failed
7338
+ */
7339
+ error: string;
7340
+ /**
7341
+ * @description Machine-readable error code
7342
+ * @example VALIDATION_FAILED
7343
+ */
7344
+ code?: string;
7345
+ /** @description Field-level validation errors */
7346
+ details?: {
7347
+ [key: string]: string[];
7348
+ };
7349
+ };
7350
+ };
7351
+ };
7352
+ /** @description Internal Server Error */
7353
+ 500: {
7354
+ headers: {
7355
+ [name: string]: unknown;
7356
+ };
7357
+ content: {
7358
+ "application/json": {
7359
+ /**
7360
+ * @description Error message
7361
+ * @example Validation failed
7362
+ */
7363
+ error: string;
7364
+ /**
7365
+ * @description Machine-readable error code
7366
+ * @example VALIDATION_FAILED
7367
+ */
7368
+ code?: string;
7369
+ /** @description Field-level validation errors */
7370
+ details?: {
7371
+ [key: string]: string[];
7372
+ };
7373
+ };
7374
+ };
7375
+ };
7376
+ };
7377
+ };
7378
+ put?: never;
7379
+ post?: never;
7380
+ delete?: never;
7381
+ options?: never;
7382
+ head?: never;
7383
+ patch?: never;
7384
+ trace?: never;
7385
+ };
7386
+ "/v5/contracts/{contractAddress}/witnesses/{witnessId}": {
7387
+ parameters: {
7388
+ query?: never;
7389
+ header?: never;
7390
+ path?: never;
7391
+ cookie?: never;
7392
+ };
7393
+ /**
7394
+ * Get a single v5 witness by ID
7395
+ * @description Returns the full on-chain witness record. For time-locked witnesses (drandRound != 0), the `tlockCiphertext` is returned as hex-encoded AGE-armored bytes; decrypt it via MCP `reveal_witness` after the drand round publishes.
7396
+ */
7397
+ get: {
7398
+ parameters: {
7399
+ query?: never;
7400
+ header?: never;
7401
+ path: {
7402
+ /** @description Ethereum address (0x + 40 hex characters) */
7403
+ contractAddress: string;
7404
+ /** @description 32-byte contract-derived witness identifier (hex, no 0x prefix) */
7405
+ witnessId: string;
7406
+ };
7407
+ cookie?: never;
7408
+ };
7409
+ requestBody?: never;
7410
+ responses: {
7411
+ /** @description Success */
7412
+ 200: {
7413
+ headers: {
7414
+ [name: string]: unknown;
7415
+ };
7416
+ content: {
7417
+ "application/json": {
7418
+ /**
7419
+ * WitnessIdV5
7420
+ * @description 32-byte contract-derived witness identifier (hex, no 0x prefix)
7421
+ */
7422
+ witnessId: string;
7423
+ /** @description SHA256 of the witnessed data, as 64 hex chars. */
7424
+ dataId: string;
7425
+ /** @description block.timestamp at the block that created the witness */
7426
+ timestamp: number;
7427
+ blockNumber: number;
7428
+ /** @description Witness ID this witness chains from, or null. Used by strictSeries contracts to enforce a single linear chain. */
7429
+ previousWitnessId: string | null;
7430
+ /** @description Per-witness nonce (64 hex chars). Generated by chain-api at /propose time. */
7431
+ nonce: string;
7432
+ /** @description 32-byte commitment to off-chain metadata, or "0".repeat(64) if none. */
7433
+ metadataCommitment: string;
7434
+ /** @description Legacy time-lock unix timestamp from V3/V4 — left for shape compatibility. For real time-lock use `drandRound` + `tlockCiphertext` instead. */
7435
+ revealAfter: number;
7436
+ /** @description User-asserted event time as ISO 8601 UTC second-precision, or "" if none was supplied at propose time. */
7437
+ userTimestamp: string;
7438
+ /** @description 0 if active, else block.timestamp at revocation. */
7439
+ revokedAt: number;
7440
+ /** @description 32-byte hash of the revocation reason, or "0".repeat(64) if never revoked. */
7441
+ revokedReason: string;
7442
+ /** @description true if `revealAfter` is set and still in the future. Sealed witnesses redact `userTimestamp` to "". Not related to drand time-lock. */
7443
+ sealed: boolean;
7444
+ exists: boolean;
7445
+ /** @description drand quicknet round at which `tlockCiphertext` becomes decryptable. 0 means the witness is not drand-time-locked. */
7446
+ drandRound: number;
7447
+ /** @description AGE-armored ciphertext, hex-encoded UTF-8. Empty string when the witness is not drand-time-locked. Decrypt via MCP `reveal_witness` after `drandRound` has published. */
7448
+ tlockCiphertext: string;
7449
+ signers: {
7450
+ /**
7451
+ * Ed25519PublicKey
7452
+ * @description 32-byte Ed25519 public key (hex, no 0x prefix)
7453
+ */
7454
+ pubKey: string;
7455
+ /** @description R component of the Ed25519 signature, 32 hex chars. */
7456
+ sigR: string;
7457
+ /** @description S component of the Ed25519 signature, 32 hex chars. */
7458
+ sigS: string;
7459
+ }[];
7460
+ };
7461
+ };
7462
+ };
7463
+ /** @description Not Found */
7464
+ 404: {
7465
+ headers: {
7466
+ [name: string]: unknown;
7467
+ };
7468
+ content: {
7469
+ "application/json": {
7470
+ /**
7471
+ * @description Error message
7472
+ * @example Validation failed
7473
+ */
7474
+ error: string;
7475
+ /**
7476
+ * @description Machine-readable error code
7477
+ * @example VALIDATION_FAILED
7478
+ */
7479
+ code?: string;
7480
+ /** @description Field-level validation errors */
7481
+ details?: {
7482
+ [key: string]: string[];
7483
+ };
7484
+ };
7485
+ };
7486
+ };
7487
+ /** @description Internal Server Error */
7488
+ 500: {
7489
+ headers: {
7490
+ [name: string]: unknown;
7491
+ };
7492
+ content: {
7493
+ "application/json": {
7494
+ /**
7495
+ * @description Error message
7496
+ * @example Validation failed
7497
+ */
7498
+ error: string;
7499
+ /**
7500
+ * @description Machine-readable error code
7501
+ * @example VALIDATION_FAILED
7502
+ */
7503
+ code?: string;
7504
+ /** @description Field-level validation errors */
7505
+ details?: {
7506
+ [key: string]: string[];
7507
+ };
7508
+ };
7509
+ };
7510
+ };
7511
+ };
7512
+ };
7513
+ put?: never;
7514
+ post?: never;
7515
+ delete?: never;
7516
+ options?: never;
7517
+ head?: never;
7518
+ patch?: never;
7519
+ trace?: never;
7520
+ };
7521
+ "/v5/transactions/{txHash}": {
7522
+ parameters: {
7523
+ query?: never;
7524
+ header?: never;
7525
+ path?: never;
7526
+ cookie?: never;
7527
+ };
7528
+ /**
7529
+ * Get transaction status
7530
+ * @description Lightweight mempool + chain lookup for a tx hash. Use this to poll a tx after /finalize or any owner op until it confirms.
7531
+ */
7532
+ get: {
7533
+ parameters: {
7534
+ query?: never;
7535
+ header?: never;
7536
+ path: {
7537
+ /** @description Ethereum transaction hash (0x + 64 hex characters) */
7538
+ txHash: string;
7539
+ };
7540
+ cookie?: never;
7541
+ };
7542
+ requestBody?: never;
7543
+ responses: {
7544
+ /** @description Success */
7545
+ 200: {
7546
+ headers: {
7547
+ [name: string]: unknown;
7548
+ };
7549
+ content: {
7550
+ "application/json": {
7551
+ /**
7552
+ * @description Ethereum transaction hash (0x + 64 hex characters)
7553
+ * @example 0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
7554
+ */
7555
+ transactionHash: string;
7556
+ /** @description Block number if mined, null if still pending in mempool. */
7557
+ blockNumber: number | null;
7558
+ /**
7559
+ * @description `confirmed` once mined into a block; `pending` if in mempool but not mined; `not-found` if no node has seen it.
7560
+ * @enum {string}
7561
+ */
7562
+ status: "pending" | "confirmed" | "not-found";
7563
+ };
7564
+ };
7565
+ };
7566
+ /** @description Internal Server Error */
7567
+ 500: {
7568
+ headers: {
7569
+ [name: string]: unknown;
7570
+ };
7571
+ content: {
7572
+ "application/json": {
7573
+ /**
7574
+ * @description Error message
7575
+ * @example Validation failed
7576
+ */
7577
+ error: string;
7578
+ /**
7579
+ * @description Machine-readable error code
7580
+ * @example VALIDATION_FAILED
7581
+ */
7582
+ code?: string;
7583
+ /** @description Field-level validation errors */
7584
+ details?: {
7585
+ [key: string]: string[];
7586
+ };
7587
+ };
7588
+ };
7589
+ };
7590
+ };
7591
+ };
7592
+ put?: never;
7593
+ post?: never;
7594
+ delete?: never;
7595
+ options?: never;
7596
+ head?: never;
7597
+ patch?: never;
7598
+ trace?: never;
7599
+ };
7600
+ "/v5/contracts/{contractAddress}/transactions/{txHash}": {
7601
+ parameters: {
7602
+ query?: never;
7603
+ header?: never;
7604
+ path?: never;
7605
+ cookie?: never;
7606
+ };
7607
+ /**
7608
+ * Get full transaction details
7609
+ * @description Returns receipt-level detail: block + timestamp + gas + sender/recipient. `contractAddress` is contextual (not used in the lookup) — included so consumers can scope tx lookups to a contract namespace.
7610
+ */
7611
+ get: {
7612
+ parameters: {
7613
+ query?: never;
7614
+ header?: never;
7615
+ path: {
7616
+ /** @description Ethereum address (0x + 40 hex characters) */
7617
+ contractAddress: string;
7618
+ /** @description Ethereum transaction hash (0x + 64 hex characters) */
7619
+ txHash: string;
7620
+ };
7621
+ cookie?: never;
7622
+ };
7623
+ requestBody?: never;
7624
+ responses: {
7625
+ /** @description Success */
7626
+ 200: {
7627
+ headers: {
7628
+ [name: string]: unknown;
7629
+ };
7630
+ content: {
7631
+ "application/json": {
7632
+ /**
7633
+ * @description Ethereum transaction hash (0x + 64 hex characters)
7634
+ * @example 0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef
7635
+ */
7636
+ transactionHash: string;
7637
+ blockNumber: number;
7638
+ /** @description 0x-prefixed 32-byte block hash that included the tx. */
7639
+ blockHash: string;
7640
+ /** @description block.timestamp (unix seconds) of the including block. */
7641
+ blockTimestamp: number;
7642
+ transactionIndex: number;
7643
+ /** @description Decimal string (wei units of gas units), big-int-safe. */
7644
+ gasUsed: string;
7645
+ /** @description Decimal string (wei per gas unit), big-int-safe. */
7646
+ effectiveGasPrice: string;
7647
+ /**
7648
+ * @description Ethereum address (0x + 40 hex characters)
7649
+ * @example 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0
7650
+ */
7651
+ from: string;
7652
+ /**
7653
+ * @description Ethereum address (0x + 40 hex characters)
7654
+ * @example 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0
7655
+ */
7656
+ to: string;
7657
+ } | null;
7658
+ };
7659
+ };
7660
+ /** @description Internal Server Error */
7661
+ 500: {
7662
+ headers: {
7663
+ [name: string]: unknown;
7664
+ };
7665
+ content: {
7666
+ "application/json": {
7667
+ /**
7668
+ * @description Error message
7669
+ * @example Validation failed
7670
+ */
7671
+ error: string;
7672
+ /**
7673
+ * @description Machine-readable error code
7674
+ * @example VALIDATION_FAILED
7675
+ */
7676
+ code?: string;
7677
+ /** @description Field-level validation errors */
7678
+ details?: {
7679
+ [key: string]: string[];
7680
+ };
7681
+ };
7682
+ };
7683
+ };
7684
+ };
7685
+ };
7686
+ put?: never;
7687
+ post?: never;
7688
+ delete?: never;
7689
+ options?: never;
7690
+ head?: never;
7691
+ patch?: never;
7692
+ trace?: never;
7693
+ };
7694
+ "/v5/wallets/{address}/balance": {
7695
+ parameters: {
7696
+ query?: never;
7697
+ header?: never;
7698
+ path?: never;
7699
+ cookie?: never;
7700
+ };
7701
+ /**
7702
+ * Get the native-token balance of an address
7703
+ * @description Returns the address balance in both ETH-formatted and wei representations. Useful for checking that a per-contract wallet has gas to fund subsequent createWitness txs.
7704
+ */
7705
+ get: {
7706
+ parameters: {
7707
+ query?: never;
7708
+ header?: never;
7709
+ path: {
7710
+ /** @description Ethereum address (0x + 40 hex characters) */
7711
+ address: string;
7712
+ };
7713
+ cookie?: never;
7714
+ };
7715
+ requestBody?: never;
7716
+ responses: {
7717
+ /** @description Success */
7718
+ 200: {
7719
+ headers: {
7720
+ [name: string]: unknown;
7721
+ };
7722
+ content: {
7723
+ "application/json": {
7724
+ /**
7725
+ * @description Ethereum address (0x + 40 hex characters)
7726
+ * @example 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0
7727
+ */
7728
+ address: string;
7729
+ /**
7730
+ * @description Balance formatted as ETH (decimal string, 18-decimal place).
7731
+ * @example 1.234567890123456789
7732
+ */
7733
+ balanceEth: string;
7734
+ /**
7735
+ * @description Balance in wei (big-int as decimal string).
7736
+ * @example 1234567890123456789
7737
+ */
7738
+ balanceWei: string;
7739
+ };
7740
+ };
7741
+ };
7742
+ /** @description Internal Server Error */
7743
+ 500: {
7744
+ headers: {
7745
+ [name: string]: unknown;
7746
+ };
7747
+ content: {
7748
+ "application/json": {
7749
+ /**
7750
+ * @description Error message
7751
+ * @example Validation failed
7752
+ */
7753
+ error: string;
7754
+ /**
7755
+ * @description Machine-readable error code
7756
+ * @example VALIDATION_FAILED
7757
+ */
7758
+ code?: string;
7759
+ /** @description Field-level validation errors */
7760
+ details?: {
7761
+ [key: string]: string[];
7762
+ };
7763
+ };
7764
+ };
7765
+ };
7766
+ };
7767
+ };
7768
+ put?: never;
7769
+ post?: never;
7770
+ delete?: never;
7771
+ options?: never;
7772
+ head?: never;
7773
+ patch?: never;
7774
+ trace?: never;
7775
+ };
7776
+ "/v5/dashboard/witnesses": {
7777
+ parameters: {
7778
+ query?: never;
7779
+ header?: never;
7780
+ path?: never;
7781
+ cookie?: never;
7782
+ };
7783
+ /**
7784
+ * List the authenticated user's witnesses, filtered (newest-first)
7785
+ * @description Returns paginated witness headers for the contract resolved from the OAuth
7786
+ * JWT `contract` claim. Filters are applied during the event scan:
7787
+ *
7788
+ * - `from` / `to`: unix-second range over `block.timestamp`
7789
+ * - `timeLock`: structural filter on whether the witness carries a drandRound
7790
+ *
7791
+ * Response shape is identical to GET /v5/contracts/{addr}/witnesses; the
7792
+ * scan is always newest-first.
7793
+ */
7794
+ get: {
7795
+ parameters: {
7796
+ query?: {
7797
+ /** @description Filter to witnesses with block.timestamp >= this unix-second value. */
7798
+ from?: number;
7799
+ /** @description Filter to witnesses with block.timestamp <= this unix-second value. */
7800
+ to?: number;
7801
+ /** @description Filter by drand IBE time-lock state. "locked" = witness has a drandRound, "none" = no time-lock, "any" = no filter (default). */
7802
+ timeLock?: "locked" | "none" | "any";
7803
+ /** @description Page size, 1-200, default 50. */
7804
+ limit?: number;
7805
+ /** @description Offset into the filtered set, default 0. */
7806
+ offset?: number | null;
7807
+ };
7808
+ header?: never;
7809
+ path?: never;
7810
+ cookie?: never;
7811
+ };
7812
+ requestBody?: never;
7813
+ responses: {
7814
+ /** @description Success */
7815
+ 200: {
7816
+ headers: {
7817
+ [name: string]: unknown;
7818
+ };
7819
+ content: {
7820
+ "application/json": {
7821
+ witnesses: {
7822
+ /**
7823
+ * WitnessIdV5
7824
+ * @description 32-byte contract-derived witness identifier (hex, no 0x prefix)
7825
+ */
7826
+ witnessId: string;
7827
+ dataId: string;
7828
+ timestamp: number;
7829
+ blockNumber: number;
7830
+ previousWitnessId: string | null;
7831
+ signerCount: number;
7832
+ timeLocked: boolean;
7833
+ hasUserTimestamp: boolean;
7834
+ drandRound: number;
7835
+ }[];
7836
+ hasMore: boolean;
7837
+ totalReturned: number;
7838
+ };
7839
+ };
7840
+ };
7841
+ /** @description Unauthorized - Authentication required */
7842
+ 401: {
7843
+ headers: {
7844
+ [name: string]: unknown;
7845
+ };
7846
+ content: {
7847
+ "application/json": {
7848
+ /**
7849
+ * @description Error message
7850
+ * @example Validation failed
7851
+ */
7852
+ error: string;
7853
+ /**
7854
+ * @description Machine-readable error code
7855
+ * @example VALIDATION_FAILED
7856
+ */
7857
+ code?: string;
7858
+ /** @description Field-level validation errors */
7859
+ details?: {
7860
+ [key: string]: string[];
7861
+ };
7862
+ };
7863
+ };
7864
+ };
7865
+ /** @description Not Found */
7866
+ 404: {
7867
+ headers: {
7868
+ [name: string]: unknown;
7869
+ };
7870
+ content: {
7871
+ "application/json": {
7872
+ /**
7873
+ * @description Error message
7874
+ * @example Validation failed
7875
+ */
7876
+ error: string;
7877
+ /**
7878
+ * @description Machine-readable error code
7879
+ * @example VALIDATION_FAILED
7880
+ */
7881
+ code?: string;
7882
+ /** @description Field-level validation errors */
7883
+ details?: {
7884
+ [key: string]: string[];
7885
+ };
7886
+ };
7887
+ };
7888
+ };
7889
+ /** @description Internal Server Error */
7890
+ 500: {
7891
+ headers: {
7892
+ [name: string]: unknown;
7893
+ };
7894
+ content: {
7895
+ "application/json": {
7896
+ /**
7897
+ * @description Error message
7898
+ * @example Validation failed
7899
+ */
7900
+ error: string;
7901
+ /**
7902
+ * @description Machine-readable error code
7903
+ * @example VALIDATION_FAILED
7904
+ */
7905
+ code?: string;
7906
+ /** @description Field-level validation errors */
7907
+ details?: {
7908
+ [key: string]: string[];
7909
+ };
7910
+ };
7911
+ };
7912
+ };
7913
+ };
7914
+ };
7915
+ put?: never;
7916
+ post?: never;
7917
+ delete?: never;
7918
+ options?: never;
7919
+ head?: never;
7920
+ patch?: never;
7921
+ trace?: never;
7922
+ };
7923
+ "/v5/dashboard/contract": {
7924
+ parameters: {
7925
+ query?: never;
7926
+ header?: never;
7927
+ path?: never;
7928
+ cookie?: never;
7929
+ };
7930
+ /**
7931
+ * Get the authenticated user's contract info
7932
+ * @description Returns the contract record for the contract resolved from the OAuth JWT
7933
+ * `contract` claim — same shape as GET /v5/contracts/{addr}/info, but with
7934
+ * no address in the URL: identity is taken from the bearer token.
7935
+ */
7936
+ get: {
7937
+ parameters: {
7938
+ query?: never;
7939
+ header?: never;
7940
+ path?: never;
7941
+ cookie?: never;
7942
+ };
7943
+ requestBody?: never;
7944
+ responses: {
7945
+ /** @description Success */
7946
+ 200: {
7947
+ headers: {
7948
+ [name: string]: unknown;
7949
+ };
7950
+ content: {
7951
+ "application/json": {
7952
+ /**
7953
+ * @description Ethereum address (0x + 40 hex characters)
7954
+ * @example 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0
7955
+ */
7956
+ contractAddress: string;
7957
+ contractId: string;
7958
+ contractVersion: string;
7959
+ /**
7960
+ * @description Ethereum address (0x + 40 hex characters)
7961
+ * @example 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0
7962
+ */
7963
+ walletAddress: string;
7964
+ /**
7965
+ * Ed25519PublicKey
7966
+ * @description 32-byte Ed25519 public key (hex, no 0x prefix)
7967
+ */
7968
+ ownerKey: string;
7969
+ strictSeries: boolean;
7970
+ paused: boolean;
7971
+ ownerNonce: number;
7972
+ signingKeys: {
7973
+ /**
7974
+ * Ed25519PublicKey
7975
+ * @description 32-byte Ed25519 public key (hex, no 0x prefix)
7976
+ */
7977
+ publicKey: string;
7978
+ /** @description block.timestamp at which the signing key was added */
7979
+ addedAt: number;
7980
+ /** @description 0 if active, else block.timestamp at revocation */
7981
+ revokedAt: number;
7982
+ }[];
7983
+ deploymentBlockNumber: number;
7984
+ isActive: boolean;
7985
+ };
7986
+ };
7987
+ };
7988
+ /** @description Unauthorized - Authentication required */
7989
+ 401: {
7990
+ headers: {
7991
+ [name: string]: unknown;
7992
+ };
7993
+ content: {
7994
+ "application/json": {
7995
+ /**
7996
+ * @description Error message
7997
+ * @example Validation failed
7998
+ */
7999
+ error: string;
8000
+ /**
8001
+ * @description Machine-readable error code
8002
+ * @example VALIDATION_FAILED
8003
+ */
8004
+ code?: string;
8005
+ /** @description Field-level validation errors */
8006
+ details?: {
8007
+ [key: string]: string[];
8008
+ };
8009
+ };
8010
+ };
8011
+ };
8012
+ /** @description Not Found */
8013
+ 404: {
8014
+ headers: {
8015
+ [name: string]: unknown;
8016
+ };
8017
+ content: {
8018
+ "application/json": {
8019
+ /**
8020
+ * @description Error message
8021
+ * @example Validation failed
8022
+ */
8023
+ error: string;
8024
+ /**
8025
+ * @description Machine-readable error code
8026
+ * @example VALIDATION_FAILED
8027
+ */
8028
+ code?: string;
8029
+ /** @description Field-level validation errors */
8030
+ details?: {
8031
+ [key: string]: string[];
8032
+ };
8033
+ };
8034
+ };
8035
+ };
8036
+ /** @description Internal Server Error */
8037
+ 500: {
8038
+ headers: {
8039
+ [name: string]: unknown;
8040
+ };
8041
+ content: {
8042
+ "application/json": {
8043
+ /**
8044
+ * @description Error message
8045
+ * @example Validation failed
8046
+ */
8047
+ error: string;
8048
+ /**
8049
+ * @description Machine-readable error code
8050
+ * @example VALIDATION_FAILED
8051
+ */
8052
+ code?: string;
8053
+ /** @description Field-level validation errors */
8054
+ details?: {
8055
+ [key: string]: string[];
8056
+ };
8057
+ };
8058
+ };
8059
+ };
8060
+ };
8061
+ };
8062
+ put?: never;
8063
+ post?: never;
8064
+ delete?: never;
8065
+ options?: never;
8066
+ head?: never;
8067
+ patch?: never;
8068
+ trace?: never;
8069
+ };
8070
+ "/admin/validators/propose": {
8071
+ parameters: {
8072
+ query?: never;
8073
+ header?: never;
8074
+ path?: never;
8075
+ cookie?: never;
8076
+ };
8077
+ get?: never;
8078
+ put?: never;
8079
+ /**
8080
+ * Propose adding or removing a validator
8081
+ * @description Submit a vote to add or remove a validator from the network.
8082
+ */
8083
+ post: {
8084
+ parameters: {
8085
+ query?: never;
8086
+ header?: never;
8087
+ path?: never;
8088
+ cookie?: never;
8089
+ };
8090
+ requestBody?: {
8091
+ content: {
8092
+ "application/json": {
8093
+ /**
8094
+ * @description Ethereum address (0x + 40 hex characters)
8095
+ * @example 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0
8096
+ */
8097
+ validatorAddress: string;
8098
+ /** @description true = vote to add, false = vote to remove */
8099
+ add: boolean;
8100
+ };
8101
+ };
8102
+ };
8103
+ responses: {
8104
+ /** @description Success */
8105
+ 200: {
8106
+ headers: {
8107
+ [name: string]: unknown;
8108
+ };
8109
+ content: {
8110
+ "application/json": {
8111
+ /** @enum {boolean} */
8112
+ success: true;
8113
+ /**
8114
+ * @description Ethereum address (0x + 40 hex characters)
8115
+ * @example 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0
8116
+ */
8117
+ validatorAddress: string;
8118
+ add: boolean;
8119
+ message: string;
8120
+ };
8121
+ };
8122
+ };
8123
+ /** @description Bad Request - Validation failed */
8124
+ 400: {
8125
+ headers: {
8126
+ [name: string]: unknown;
8127
+ };
8128
+ content: {
8129
+ "application/json": {
8130
+ /**
8131
+ * @description Error message
8132
+ * @example Validation failed
8133
+ */
8134
+ error: string;
8135
+ /**
8136
+ * @description Machine-readable error code
8137
+ * @example VALIDATION_FAILED
8138
+ */
8139
+ code?: string;
8140
+ /** @description Field-level validation errors */
8141
+ details?: {
8142
+ [key: string]: string[];
8143
+ };
8144
+ };
8145
+ };
8146
+ };
8147
+ /** @description Internal Server Error */
8148
+ 500: {
8149
+ headers: {
8150
+ [name: string]: unknown;
8151
+ };
8152
+ content: {
8153
+ "application/json": {
8154
+ /**
8155
+ * @description Error message
8156
+ * @example Validation failed
8157
+ */
8158
+ error: string;
8159
+ /**
8160
+ * @description Machine-readable error code
8161
+ * @example VALIDATION_FAILED
8162
+ */
8163
+ code?: string;
8164
+ /** @description Field-level validation errors */
8165
+ details?: {
8166
+ [key: string]: string[];
8167
+ };
8168
+ };
8169
+ };
8170
+ };
8171
+ };
8172
+ };
8173
+ delete?: never;
8174
+ options?: never;
8175
+ head?: never;
8176
+ patch?: never;
8177
+ trace?: never;
8178
+ };
8179
+ "/admin/validators/vote/{address}": {
8180
+ parameters: {
8181
+ query?: never;
8182
+ header?: never;
8183
+ path?: never;
8184
+ cookie?: never;
8185
+ };
8186
+ get?: never;
8187
+ put?: never;
8188
+ post?: never;
8189
+ /**
8190
+ * Discard a vote for a validator
8191
+ * @description Remove a vote for adding or removing a validator.
8192
+ */
8193
+ delete: {
8194
+ parameters: {
8195
+ query?: never;
8196
+ header?: never;
8197
+ path: {
8198
+ /** @description Ethereum address (0x + 40 hex characters) */
8199
+ address: string;
8200
+ };
8201
+ cookie?: never;
8202
+ };
8203
+ requestBody?: never;
8204
+ responses: {
8205
+ /** @description Success */
8206
+ 200: {
8207
+ headers: {
8208
+ [name: string]: unknown;
8209
+ };
8210
+ content: {
8211
+ "application/json": {
8212
+ /** @enum {boolean} */
8213
+ success: true;
8214
+ message: string;
8215
+ };
8216
+ };
8217
+ };
8218
+ /** @description Bad Request - Validation failed */
8219
+ 400: {
8220
+ headers: {
8221
+ [name: string]: unknown;
8222
+ };
8223
+ content: {
8224
+ "application/json": {
8225
+ /**
8226
+ * @description Error message
8227
+ * @example Validation failed
8228
+ */
8229
+ error: string;
8230
+ /**
8231
+ * @description Machine-readable error code
8232
+ * @example VALIDATION_FAILED
8233
+ */
8234
+ code?: string;
8235
+ /** @description Field-level validation errors */
8236
+ details?: {
8237
+ [key: string]: string[];
8238
+ };
8239
+ };
8240
+ };
8241
+ };
8242
+ /** @description Not Found */
8243
+ 404: {
8244
+ headers: {
8245
+ [name: string]: unknown;
8246
+ };
8247
+ content: {
8248
+ "application/json": {
8249
+ /**
8250
+ * @description Error message
8251
+ * @example Validation failed
8252
+ */
8253
+ error: string;
8254
+ /**
8255
+ * @description Machine-readable error code
8256
+ * @example VALIDATION_FAILED
8257
+ */
8258
+ code?: string;
8259
+ /** @description Field-level validation errors */
8260
+ details?: {
8261
+ [key: string]: string[];
8262
+ };
8263
+ };
8264
+ };
8265
+ };
8266
+ /** @description Internal Server Error */
8267
+ 500: {
8268
+ headers: {
8269
+ [name: string]: unknown;
8270
+ };
8271
+ content: {
8272
+ "application/json": {
8273
+ /**
8274
+ * @description Error message
8275
+ * @example Validation failed
8276
+ */
8277
+ error: string;
8278
+ /**
8279
+ * @description Machine-readable error code
8280
+ * @example VALIDATION_FAILED
8281
+ */
8282
+ code?: string;
8283
+ /** @description Field-level validation errors */
8284
+ details?: {
8285
+ [key: string]: string[];
8286
+ };
8287
+ };
8288
+ };
8289
+ };
8290
+ };
8291
+ };
8292
+ options?: never;
8293
+ head?: never;
8294
+ patch?: never;
8295
+ trace?: never;
8296
+ };
8297
+ "/admin/validators": {
8298
+ parameters: {
8299
+ query?: never;
8300
+ header?: never;
8301
+ path?: never;
8302
+ cookie?: never;
8303
+ };
8304
+ /**
8305
+ * Get list of validators
8306
+ * @description Get the current list of validators in the network.
8307
+ */
8308
+ get: {
8309
+ parameters: {
8310
+ query?: never;
8311
+ header?: never;
8312
+ path?: never;
8313
+ cookie?: never;
8314
+ };
8315
+ requestBody?: never;
8316
+ responses: {
8317
+ /** @description Success */
8318
+ 200: {
8319
+ headers: {
8320
+ [name: string]: unknown;
8321
+ };
8322
+ content: {
8323
+ "application/json": {
8324
+ validators: {
8325
+ /**
8326
+ * @description Ethereum address (0x + 40 hex characters)
8327
+ * @example 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0
8328
+ */
8329
+ address: string;
8330
+ added: boolean;
8331
+ }[];
8332
+ };
8333
+ };
8334
+ };
8335
+ /** @description Internal Server Error */
8336
+ 500: {
8337
+ headers: {
8338
+ [name: string]: unknown;
8339
+ };
8340
+ content: {
8341
+ "application/json": {
8342
+ /**
8343
+ * @description Error message
8344
+ * @example Validation failed
8345
+ */
8346
+ error: string;
8347
+ /**
8348
+ * @description Machine-readable error code
8349
+ * @example VALIDATION_FAILED
8350
+ */
8351
+ code?: string;
8352
+ /** @description Field-level validation errors */
8353
+ details?: {
8354
+ [key: string]: string[];
8355
+ };
8356
+ };
8357
+ };
8358
+ };
8359
+ };
8360
+ };
8361
+ put?: never;
8362
+ post?: never;
8363
+ delete?: never;
8364
+ options?: never;
8365
+ head?: never;
8366
+ patch?: never;
8367
+ trace?: never;
8368
+ };
8369
+ "/admin/validators/pending": {
8370
+ parameters: {
8371
+ query?: never;
8372
+ header?: never;
8373
+ path?: never;
8374
+ cookie?: never;
8375
+ };
8376
+ /**
8377
+ * Get list of pending validators
8378
+ * @description Get validators that have votes but are not yet added/removed.
8379
+ */
8380
+ get: {
8381
+ parameters: {
8382
+ query?: never;
8383
+ header?: never;
8384
+ path?: never;
8385
+ cookie?: never;
8386
+ };
8387
+ requestBody?: never;
8388
+ responses: {
8389
+ /** @description Success */
8390
+ 200: {
8391
+ headers: {
8392
+ [name: string]: unknown;
8393
+ };
8394
+ content: {
8395
+ "application/json": {
8396
+ pending: {
8397
+ /**
8398
+ * @description Ethereum address (0x + 40 hex characters)
8399
+ * @example 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0
8400
+ */
8401
+ address: string;
8402
+ addVotes: number;
8403
+ removeVotes: number;
8404
+ }[];
8405
+ };
8406
+ };
8407
+ };
8408
+ /** @description Internal Server Error */
8409
+ 500: {
8410
+ headers: {
8411
+ [name: string]: unknown;
8412
+ };
8413
+ content: {
8414
+ "application/json": {
8415
+ /**
8416
+ * @description Error message
8417
+ * @example Validation failed
8418
+ */
8419
+ error: string;
8420
+ /**
8421
+ * @description Machine-readable error code
8422
+ * @example VALIDATION_FAILED
8423
+ */
8424
+ code?: string;
8425
+ /** @description Field-level validation errors */
8426
+ details?: {
8427
+ [key: string]: string[];
8428
+ };
8429
+ };
8430
+ };
8431
+ };
8432
+ };
8433
+ };
8434
+ put?: never;
8435
+ post?: never;
8436
+ delete?: never;
8437
+ options?: never;
8438
+ head?: never;
8439
+ patch?: never;
8440
+ trace?: never;
8441
+ };
8442
+ "/admin/network/status": {
8443
+ parameters: {
8444
+ query?: never;
8445
+ header?: never;
8446
+ path?: never;
8447
+ cookie?: never;
8448
+ };
8449
+ /**
8450
+ * Get network status
8451
+ * @description Get the current status of the blockchain network.
8452
+ */
8453
+ get: {
8454
+ parameters: {
8455
+ query?: never;
8456
+ header?: never;
8457
+ path?: never;
8458
+ cookie?: never;
8459
+ };
8460
+ requestBody?: never;
8461
+ responses: {
8462
+ /** @description Success */
8463
+ 200: {
8464
+ headers: {
8465
+ [name: string]: unknown;
8466
+ };
8467
+ content: {
8468
+ "application/json": {
8469
+ chainId: number;
8470
+ blockNumber: number;
8471
+ validatorCount: number;
8472
+ };
8473
+ };
8474
+ };
8475
+ /** @description Internal Server Error */
8476
+ 500: {
8477
+ headers: {
8478
+ [name: string]: unknown;
8479
+ };
8480
+ content: {
8481
+ "application/json": {
8482
+ /**
8483
+ * @description Error message
8484
+ * @example Validation failed
8485
+ */
8486
+ error: string;
8487
+ /**
8488
+ * @description Machine-readable error code
8489
+ * @example VALIDATION_FAILED
8490
+ */
8491
+ code?: string;
8492
+ /** @description Field-level validation errors */
8493
+ details?: {
8494
+ [key: string]: string[];
8495
+ };
8496
+ };
8497
+ };
8498
+ };
8499
+ };
8500
+ };
8501
+ put?: never;
8502
+ post?: never;
8503
+ delete?: never;
8504
+ options?: never;
8505
+ head?: never;
8506
+ patch?: never;
8507
+ trace?: never;
8508
+ };
8509
+ "/admin/network/peers": {
8510
+ parameters: {
8511
+ query?: never;
8512
+ header?: never;
8513
+ path?: never;
8514
+ cookie?: never;
8515
+ };
8516
+ /**
8517
+ * Get network peers
8518
+ * @description Get the list of connected network peers.
8519
+ */
8520
+ get: {
8521
+ parameters: {
8522
+ query?: never;
8523
+ header?: never;
8524
+ path?: never;
8525
+ cookie?: never;
8526
+ };
8527
+ requestBody?: never;
8528
+ responses: {
8529
+ /** @description Success */
8530
+ 200: {
8531
+ headers: {
8532
+ [name: string]: unknown;
8533
+ };
8534
+ content: {
8535
+ "application/json": {
8536
+ peers: {
8537
+ id: string;
8538
+ name?: string;
8539
+ enode: string;
8540
+ /** @enum {string} */
8541
+ status: "connected" | "disconnected";
8542
+ }[];
8543
+ };
8544
+ };
8545
+ };
8546
+ /** @description Internal Server Error */
8547
+ 500: {
8548
+ headers: {
8549
+ [name: string]: unknown;
8550
+ };
8551
+ content: {
8552
+ "application/json": {
8553
+ /**
8554
+ * @description Error message
8555
+ * @example Validation failed
8556
+ */
8557
+ error: string;
8558
+ /**
8559
+ * @description Machine-readable error code
8560
+ * @example VALIDATION_FAILED
8561
+ */
8562
+ code?: string;
8563
+ /** @description Field-level validation errors */
8564
+ details?: {
8565
+ [key: string]: string[];
8566
+ };
8567
+ };
8568
+ };
8569
+ };
8570
+ };
8571
+ };
8572
+ put?: never;
8573
+ /**
8574
+ * Add a network peer
8575
+ * @description Add a peer to the network.
8576
+ */
8577
+ post: {
8578
+ parameters: {
8579
+ query?: never;
8580
+ header?: never;
8581
+ path?: never;
8582
+ cookie?: never;
8583
+ };
8584
+ requestBody?: {
8585
+ content: {
8586
+ "application/json": {
8587
+ enode: string;
8588
+ };
8589
+ };
8590
+ };
8591
+ responses: {
8592
+ /** @description Success */
8593
+ 200: {
8594
+ headers: {
8595
+ [name: string]: unknown;
8596
+ };
8597
+ content: {
8598
+ "application/json": {
8599
+ /** @enum {boolean} */
8600
+ success: true;
8601
+ message: string;
8602
+ };
8603
+ };
8604
+ };
8605
+ /** @description Bad Request - Validation failed */
8606
+ 400: {
8607
+ headers: {
8608
+ [name: string]: unknown;
8609
+ };
8610
+ content: {
8611
+ "application/json": {
8612
+ /**
8613
+ * @description Error message
8614
+ * @example Validation failed
8615
+ */
8616
+ error: string;
8617
+ /**
8618
+ * @description Machine-readable error code
8619
+ * @example VALIDATION_FAILED
8620
+ */
8621
+ code?: string;
8622
+ /** @description Field-level validation errors */
8623
+ details?: {
8624
+ [key: string]: string[];
8625
+ };
8626
+ };
8627
+ };
8628
+ };
8629
+ /** @description Internal Server Error */
8630
+ 500: {
8631
+ headers: {
8632
+ [name: string]: unknown;
8633
+ };
8634
+ content: {
8635
+ "application/json": {
8636
+ /**
8637
+ * @description Error message
8638
+ * @example Validation failed
8639
+ */
8640
+ error: string;
8641
+ /**
8642
+ * @description Machine-readable error code
8643
+ * @example VALIDATION_FAILED
8644
+ */
8645
+ code?: string;
8646
+ /** @description Field-level validation errors */
8647
+ details?: {
8648
+ [key: string]: string[];
8649
+ };
8650
+ };
8651
+ };
8652
+ };
8653
+ };
8654
+ };
8655
+ /**
8656
+ * Remove a network peer
8657
+ * @description Remove a peer from the network.
8658
+ */
8659
+ delete: {
8660
+ parameters: {
8661
+ query?: never;
8662
+ header?: never;
8663
+ path?: never;
8664
+ cookie?: never;
8665
+ };
8666
+ requestBody?: {
8667
+ content: {
8668
+ "application/json": {
8669
+ enode: string;
8670
+ };
8671
+ };
8672
+ };
8673
+ responses: {
8674
+ /** @description Success */
8675
+ 200: {
8676
+ headers: {
8677
+ [name: string]: unknown;
8678
+ };
8679
+ content: {
8680
+ "application/json": {
8681
+ /** @enum {boolean} */
8682
+ success: true;
8683
+ message: string;
8684
+ };
8685
+ };
8686
+ };
8687
+ /** @description Bad Request - Validation failed */
8688
+ 400: {
8689
+ headers: {
8690
+ [name: string]: unknown;
8691
+ };
8692
+ content: {
8693
+ "application/json": {
8694
+ /**
8695
+ * @description Error message
8696
+ * @example Validation failed
8697
+ */
8698
+ error: string;
8699
+ /**
8700
+ * @description Machine-readable error code
8701
+ * @example VALIDATION_FAILED
8702
+ */
8703
+ code?: string;
8704
+ /** @description Field-level validation errors */
8705
+ details?: {
8706
+ [key: string]: string[];
8707
+ };
8708
+ };
8709
+ };
8710
+ };
8711
+ /** @description Internal Server Error */
8712
+ 500: {
8713
+ headers: {
8714
+ [name: string]: unknown;
8715
+ };
8716
+ content: {
8717
+ "application/json": {
8718
+ /**
8719
+ * @description Error message
8720
+ * @example Validation failed
8721
+ */
8722
+ error: string;
8723
+ /**
8724
+ * @description Machine-readable error code
8725
+ * @example VALIDATION_FAILED
8726
+ */
8727
+ code?: string;
8728
+ /** @description Field-level validation errors */
8729
+ details?: {
8730
+ [key: string]: string[];
8731
+ };
8732
+ };
8733
+ };
8734
+ };
8735
+ };
8736
+ };
8737
+ options?: never;
8738
+ head?: never;
8739
+ patch?: never;
8740
+ trace?: never;
8741
+ };
8742
+ "/admin/utils/pubkey-to-address": {
8743
+ parameters: {
8744
+ query?: never;
8745
+ header?: never;
8746
+ path?: never;
8747
+ cookie?: never;
8748
+ };
8749
+ get?: never;
8750
+ put?: never;
8751
+ /**
8752
+ * Convert public key to Ethereum address
8753
+ * @description Utility endpoint to convert a public key to an Ethereum address.
8754
+ */
8755
+ post: {
8756
+ parameters: {
8757
+ query?: never;
8758
+ header?: never;
8759
+ path?: never;
8760
+ cookie?: never;
8761
+ };
8762
+ requestBody?: {
8763
+ content: {
8764
+ "application/json": {
8765
+ pubkey: string;
8766
+ };
8767
+ };
8768
+ };
8769
+ responses: {
8770
+ /** @description Success */
8771
+ 200: {
8772
+ headers: {
8773
+ [name: string]: unknown;
8774
+ };
8775
+ content: {
8776
+ "application/json": {
8777
+ /**
8778
+ * @description Ethereum address (0x + 40 hex characters)
8779
+ * @example 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb0
8780
+ */
8781
+ address: string;
8782
+ pubkey: string;
8783
+ };
8784
+ };
8785
+ };
8786
+ /** @description Bad Request - Validation failed */
8787
+ 400: {
8788
+ headers: {
8789
+ [name: string]: unknown;
8790
+ };
8791
+ content: {
8792
+ "application/json": {
8793
+ /**
8794
+ * @description Error message
8795
+ * @example Validation failed
8796
+ */
8797
+ error: string;
8798
+ /**
8799
+ * @description Machine-readable error code
8800
+ * @example VALIDATION_FAILED
8801
+ */
8802
+ code?: string;
8803
+ /** @description Field-level validation errors */
8804
+ details?: {
8805
+ [key: string]: string[];
8806
+ };
8807
+ };
8808
+ };
8809
+ };
8810
+ /** @description Internal Server Error */
8811
+ 500: {
8812
+ headers: {
8813
+ [name: string]: unknown;
8814
+ };
8815
+ content: {
8816
+ "application/json": {
8817
+ /**
8818
+ * @description Error message
8819
+ * @example Validation failed
8820
+ */
8821
+ error: string;
8822
+ /**
8823
+ * @description Machine-readable error code
8824
+ * @example VALIDATION_FAILED
8825
+ */
8826
+ code?: string;
8827
+ /** @description Field-level validation errors */
8828
+ details?: {
8829
+ [key: string]: string[];
8830
+ };
8831
+ };
8832
+ };
8833
+ };
8834
+ };
8835
+ };
8836
+ delete?: never;
8837
+ options?: never;
8838
+ head?: never;
8839
+ patch?: never;
8840
+ trace?: never;
8841
+ };
8842
+ "/health/live": {
8843
+ parameters: {
8844
+ query?: never;
8845
+ header?: never;
8846
+ path?: never;
8847
+ cookie?: never;
8848
+ };
8849
+ /**
8850
+ * Liveness probe
8851
+ * @description Kubernetes liveness probe. Fails if queue connection lost for > 1 minute.
8852
+ */
8853
+ get: {
8854
+ parameters: {
8855
+ query?: never;
8856
+ header?: never;
8857
+ path?: never;
8858
+ cookie?: never;
8859
+ };
8860
+ requestBody?: never;
8861
+ responses: {
8862
+ /** @description Success */
8863
+ 200: {
8864
+ headers: {
8865
+ [name: string]: unknown;
8866
+ };
8867
+ content: {
8868
+ "application/json": {
8869
+ /** @enum {string} */
8870
+ status: "healthy";
8871
+ /**
8872
+ * QueueStatus
8873
+ * @description Queue health status
8874
+ */
8875
+ queue: {
8876
+ healthy: boolean;
8877
+ timeSinceLastPingMs: number;
8878
+ /** Format: date-time */
8879
+ lastPing?: string;
8880
+ };
8881
+ };
8882
+ };
8883
+ };
8884
+ /** @description Service Unavailable */
8885
+ 503: {
8886
+ headers: {
8887
+ [name: string]: unknown;
8888
+ };
8889
+ content: {
8890
+ "application/json": {
8891
+ /**
8892
+ * @description Error message
8893
+ * @example Validation failed
8894
+ */
8895
+ error: string;
8896
+ /**
8897
+ * @description Machine-readable error code
8898
+ * @example VALIDATION_FAILED
8899
+ */
8900
+ code?: string;
8901
+ /** @description Field-level validation errors */
8902
+ details?: {
8903
+ [key: string]: string[];
8904
+ };
8905
+ };
8906
+ };
8907
+ };
8908
+ };
8909
+ };
8910
+ put?: never;
8911
+ post?: never;
8912
+ delete?: never;
8913
+ options?: never;
8914
+ head?: never;
8915
+ patch?: never;
8916
+ trace?: never;
8917
+ };
8918
+ "/health/ready": {
8919
+ parameters: {
8920
+ query?: never;
8921
+ header?: never;
8922
+ path?: never;
8923
+ cookie?: never;
8924
+ };
8925
+ /**
8926
+ * Readiness probe
8927
+ * @description Kubernetes readiness probe. Fails if queue or blockchain is unhealthy.
8928
+ */
8929
+ get: {
8930
+ parameters: {
8931
+ query?: never;
8932
+ header?: never;
8933
+ path?: never;
8934
+ cookie?: never;
8935
+ };
8936
+ requestBody?: never;
8937
+ responses: {
8938
+ /** @description Success */
8939
+ 200: {
8940
+ headers: {
8941
+ [name: string]: unknown;
8942
+ };
8943
+ content: {
8944
+ "application/json": {
8945
+ /** @enum {string} */
8946
+ status: "ready";
8947
+ /**
8948
+ * QueueStatus
8949
+ * @description Queue health status
8950
+ */
8951
+ queue: {
8952
+ healthy: boolean;
8953
+ timeSinceLastPingMs: number;
8954
+ /** Format: date-time */
8955
+ lastPing?: string;
8956
+ };
8957
+ /**
8958
+ * BlockchainStatus
8959
+ * @description Blockchain connection status
8960
+ */
8961
+ blockchain: {
8962
+ connected: boolean;
8963
+ chainId?: number;
8964
+ blockNumber?: number;
8965
+ };
8966
+ };
8967
+ };
8968
+ };
8969
+ /** @description Service Unavailable */
8970
+ 503: {
8971
+ headers: {
8972
+ [name: string]: unknown;
8973
+ };
8974
+ content: {
8975
+ "application/json": {
8976
+ /**
8977
+ * @description Error message
8978
+ * @example Validation failed
8979
+ */
8980
+ error: string;
8981
+ /**
8982
+ * @description Machine-readable error code
8983
+ * @example VALIDATION_FAILED
8984
+ */
8985
+ code?: string;
8986
+ /** @description Field-level validation errors */
8987
+ details?: {
8988
+ [key: string]: string[];
8989
+ };
8990
+ };
8991
+ };
8992
+ };
8993
+ };
8994
+ };
8995
+ put?: never;
8996
+ post?: never;
8997
+ delete?: never;
8998
+ options?: never;
8999
+ head?: never;
9000
+ patch?: never;
9001
+ trace?: never;
9002
+ };
9003
+ "/health": {
9004
+ parameters: {
9005
+ query?: never;
9006
+ header?: never;
9007
+ path?: never;
9008
+ cookie?: never;
9009
+ };
9010
+ /**
9011
+ * Detailed health check
9012
+ * @description Get detailed health status for debugging. Not used for K8s probes.
9013
+ */
9014
+ get: {
9015
+ parameters: {
9016
+ query?: never;
9017
+ header?: never;
9018
+ path?: never;
9019
+ cookie?: never;
9020
+ };
9021
+ requestBody?: never;
9022
+ responses: {
9023
+ /** @description Success */
9024
+ 200: {
9025
+ headers: {
9026
+ [name: string]: unknown;
9027
+ };
9028
+ content: {
9029
+ "application/json": {
9030
+ /** @enum {string} */
9031
+ status: "healthy" | "degraded";
9032
+ /** Format: date-time */
9033
+ timestamp: string;
9034
+ /**
9035
+ * QueueStatus
9036
+ * @description Queue health status
9037
+ */
9038
+ queue: {
9039
+ healthy: boolean;
9040
+ timeSinceLastPingMs: number;
9041
+ /** Format: date-time */
9042
+ lastPing?: string;
9043
+ };
9044
+ /**
9045
+ * BlockchainStatus
9046
+ * @description Blockchain connection status
9047
+ */
9048
+ blockchain: {
9049
+ connected: boolean;
9050
+ chainId?: number;
9051
+ blockNumber?: number;
9052
+ };
9053
+ /**
9054
+ * RedisStatus
9055
+ * @description Redis connection status
9056
+ */
9057
+ redis?: {
9058
+ connected: boolean;
9059
+ };
9060
+ };
9061
+ };
9062
+ };
9063
+ /** @description Service Unavailable */
9064
+ 503: {
9065
+ headers: {
9066
+ [name: string]: unknown;
9067
+ };
9068
+ content: {
9069
+ "application/json": {
9070
+ /**
9071
+ * @description Error message
9072
+ * @example Validation failed
9073
+ */
9074
+ error: string;
9075
+ /**
9076
+ * @description Machine-readable error code
9077
+ * @example VALIDATION_FAILED
9078
+ */
9079
+ code?: string;
9080
+ /** @description Field-level validation errors */
9081
+ details?: {
9082
+ [key: string]: string[];
9083
+ };
9084
+ };
9085
+ };
9086
+ };
9087
+ };
9088
+ };
9089
+ put?: never;
9090
+ post?: never;
9091
+ delete?: never;
9092
+ options?: never;
9093
+ head?: never;
9094
+ patch?: never;
9095
+ trace?: never;
9096
+ };
9097
+ }
9098
+
9099
+ /**
9100
+ * Type shortcuts over the openapi-typescript-generated `paths` interfaces of
9101
+ * both services.
9102
+ *
9103
+ * Patterns mirror chain-sdk-v5/src/types.ts: each request/response shape is
9104
+ * `Req<path, method>` / `Res<path, method, status>` for accounts, and
9105
+ * `ChainReq<...>` / `ChainRes<...>` for chain-api. Callers see named,
9106
+ * ergonomic types without losing the single-source-of-truth guarantee — the
9107
+ * types are derived from the generated openapi types, not hand-rolled.
9108
+ */
9109
+
9110
+ type JsonBody<T> = T extends {
9111
+ content: {
9112
+ 'application/json': infer B;
9113
+ };
9114
+ } ? B : never;
9115
+ type Req<P extends keyof paths$1, M extends keyof paths$1[P]> = JsonBody<Extract<paths$1[P][M], {
9116
+ requestBody?: unknown;
9117
+ }>['requestBody']>;
9118
+ type Res<P extends keyof paths$1, M extends keyof paths$1[P], S extends number = 200> = paths$1[P][M] extends {
9119
+ responses: {
9120
+ [K in S]: infer R;
9121
+ };
9122
+ } ? JsonBody<R> : never;
9123
+ type ChainRes<P extends keyof paths, M extends keyof paths[P], S extends number = 200> = paths[P][M] extends {
9124
+ responses: {
9125
+ [K in S]: infer R;
9126
+ };
9127
+ } ? JsonBody<R> : never;
9128
+ type SignupRequest = Req<'/v1/auth/signup', 'post'>;
9129
+ type SignupResponse = Res<'/v1/auth/signup', 'post'>;
9130
+ type VerifyEmailResponse = Res<'/v1/auth/verify', 'get'>;
9131
+ type LoginRequest = Req<'/v1/auth/login', 'post'>;
9132
+ type LoginResponse = Res<'/v1/auth/login', 'post'>;
9133
+ type LogoutResponse = Res<'/v1/auth/logout', 'post'>;
9134
+ type ForgotPasswordRequest = Req<'/v1/auth/forgot-password', 'post'>;
9135
+ type ForgotPasswordResponse = Res<'/v1/auth/forgot-password', 'post'>;
9136
+ type ResetPasswordRequest = Req<'/v1/auth/reset-password', 'post'>;
9137
+ type ResetPasswordResponse = Res<'/v1/auth/reset-password', 'post'>;
9138
+ type CheckoutRequest = Req<'/v1/billing/checkout', 'post'>;
9139
+ type CheckoutResponse = Res<'/v1/billing/checkout', 'post'>;
9140
+ type PortalResponse = Res<'/v1/billing/portal', 'get'>;
9141
+ type PublicOrgResponse = Res<'/v1/orgs/me', 'get'>;
9142
+ type CreateUserRequest = Req<'/v1/orgs/me/users', 'post'>;
9143
+ type CreateUserResponse = Res<'/v1/orgs/me/users', 'post'>;
9144
+ type ListUsersResponse = Res<'/v1/orgs/me/users', 'get'>;
9145
+ type CreateOrganizationRequest = Req<'/v1/admin/organizations', 'post'>;
9146
+ type CreateOrganizationResponse = Res<'/v1/admin/organizations', 'post'>;
9147
+ type SetAccountTypeRequest = Req<'/v1/admin/organizations/{id}/account-type', 'patch'>;
9148
+ type SetAccountTypeResponse = Res<'/v1/admin/organizations/{id}/account-type', 'patch'>;
9149
+ type VerifyOrganizationResponse = Res<'/v1/admin/organizations/{id}/verify', 'patch'>;
9150
+ type RotateApiKeyResponse = Res<'/v1/admin/organizations/{id}/rotate-key', 'post'>;
9151
+ type AdjustCreditsRequest = Req<'/v1/admin/organizations/{id}/adjust-credits', 'post'>;
9152
+ type AdjustCreditsResponse = Res<'/v1/admin/organizations/{id}/adjust-credits', 'post'>;
9153
+ type ListDelegatedKeysResponse = Res<'/v1/users/me/delegated-keys', 'get'>;
9154
+ type PrepareDelegatedKeyRequest = Req<'/v1/users/me/delegated-keys', 'post'>;
9155
+ type PreparedDelegatedKeyResponse = Res<'/v1/users/me/delegated-keys', 'post'>;
9156
+ type SubmitDelegatedKeyRequest = Req<'/v1/users/me/delegated-keys/{id}/submit', 'post'>;
9157
+ type SubmitDelegatedKeyResponse = Res<'/v1/users/me/delegated-keys/{id}/submit', 'post'>;
9158
+ type RevokeDelegatedKeyResponse = Res<'/v1/users/me/delegated-keys/{id}', 'delete'>;
9159
+ type SignRequest = Req<'/v1/sign', 'post'>;
9160
+ type SignResponse = Res<'/v1/sign', 'post'>;
9161
+ type ProvisionContractRequest = Req<'/v1/contracts/provision', 'post'>;
9162
+ type ProvisionContractResponse = Res<'/v1/contracts/provision', 'post'>;
9163
+ type AddSigningKeyRequest = Req<'/v1/keys', 'post'>;
9164
+ type AddSigningKeyResponse = Res<'/v1/keys', 'post'>;
9165
+ type RevokeSigningKeyRequest = Req<'/v1/keys/revoke', 'post'>;
9166
+ type RevokeSigningKeyResponse = Res<'/v1/keys/revoke', 'post'>;
9167
+ type PauseRequest = Req<'/v1/contracts/pause', 'post'>;
9168
+ type PauseResponse = Res<'/v1/contracts/pause', 'post'>;
9169
+ type UnpauseRequest = Req<'/v1/contracts/unpause', 'post'>;
9170
+ type UnpauseResponse = Res<'/v1/contracts/unpause', 'post'>;
9171
+ type ProposeWitnessRequest = Req<'/v1/contracts/{contractAddress}/witnesses/propose', 'post'>;
9172
+ type ProposeWitnessResponse = Res<'/v1/contracts/{contractAddress}/witnesses/propose', 'post'>;
9173
+ type SignWitnessRequest = Req<'/v1/contracts/{contractAddress}/witnesses/{witnessId}/sign', 'post'>;
9174
+ type SignWitnessResponse = Res<'/v1/contracts/{contractAddress}/witnesses/{witnessId}/sign', 'post'>;
5291
9175
  type FinalizeWitnessResponse = Res<'/v1/contracts/{contractAddress}/witnesses/{witnessId}/finalize', 'post'>;
5292
9176
  type RevokeWitnessRequest = Req<'/v1/contracts/{contractAddress}/witnesses/{witnessId}/revoke', 'post'>;
5293
9177
  type RevokeWitnessResponse = Res<'/v1/contracts/{contractAddress}/witnesses/{witnessId}/revoke', 'post'>;
@@ -5301,19 +9185,36 @@ type RevokeWitnessV5Request = Req<'/v5/contracts/{contractAddress}/witnesses/{wi
5301
9185
  type RevokeWitnessV5Response = Res<'/v5/contracts/{contractAddress}/witnesses/{witnessId}/revoke', 'post'>;
5302
9186
  type AccountResponse = Res<'/v1/account', 'get'>;
5303
9187
  type LedgerResponse = Res<'/v1/account/ledger', 'get'>;
9188
+ type TotpEnrollResponse = Res<'/v1/account/mfa/totp/enroll', 'post'>;
9189
+ type TotpConfirmRequest = Req<'/v1/account/mfa/totp/confirm', 'post'>;
9190
+ type TotpConfirmResponse = Res<'/v1/account/mfa/totp/confirm', 'post'>;
9191
+ type TotpDisableResponse = Res<'/v1/account/mfa/totp', 'delete'>;
9192
+ type RecoveryCodesRegenerateResponse = Res<'/v1/account/mfa/recovery-codes/regenerate', 'post'>;
5304
9193
  type ListOauthSessionsResponse = Res<'/v1/oauth/sessions', 'get'>;
5305
9194
  type HealthLiveResponse = Res<'/health/live', 'get'>;
5306
9195
  type HealthReadyResponse = Res<'/health/ready', 'get'>;
9196
+ type ContractInfoResponse = ChainRes<'/v5/contracts/{contractAddress}/info', 'get'>;
9197
+ type VerifyContractResponse = ChainRes<'/v5/contracts/{contractAddress}/verify', 'get'>;
9198
+ type ListWitnessesResponse = ChainRes<'/v5/contracts/{contractAddress}/witnesses', 'get'>;
9199
+ type GetChainWitnessResponse = ChainRes<'/v5/contracts/{contractAddress}/witnesses/{witnessId}', 'get'>;
9200
+ type GetContractTransactionResponse = ChainRes<'/v5/contracts/{contractAddress}/transactions/{txHash}', 'get'>;
9201
+ type GetTransactionResponse = ChainRes<'/v5/transactions/{txHash}', 'get'>;
9202
+ type GetWalletBalanceResponse = ChainRes<'/v5/wallets/{address}/balance', 'get'>;
9203
+ type DashboardContractResponse = ChainRes<'/v5/dashboard/contract', 'get'>;
9204
+ type DashboardWitnessesResponse = ChainRes<'/v5/dashboard/witnesses', 'get'>;
5307
9205
 
5308
9206
  /**
5309
- * WitniumchainClient — typed HTTP client for the WitniumChain accounts API.
9207
+ * WitniumchainClient — typed HTTP client for the WitniumChain API surface.
5310
9208
  *
5311
- * This is the v1 "shell" client: one low-level method per OpenAPI route.
5312
- * Thread 4 (per docs/PLAN-PHASE-C-HARDEN-SURFACES.md) will layer three
5313
- * higher-level clients on top `WitniumchainClient` (end-user),
5314
- * `WitniumchainOrgClient` (org admin), `WitniumchainAdminClient`
5315
- * (sysadmin) — with ergonomic helpers for signup, subscriptions,
5316
- * delegated-key provisioning, Stripe Connect onboarding, etc.
9209
+ * Covers both accounts (identity / billing / OAuth / delegated keys / witness
9210
+ * writes via the metered v5 proxy) and chain-api read surfaces (contract
9211
+ * info / witness lookup / wallet balance / dashboards). Three convenience
9212
+ * clients layer on top — `WitniumchainClient` (end-user),
9213
+ * `WitniumchainOrgClient` (org admin), `WitniumchainAdminClient` (sysadmin) —
9214
+ * with helpers for signup, subscriptions, and delegated-key provisioning.
9215
+ *
9216
+ * Stripe surface is intentionally Checkout + Customer Portal ONLY. Witnium is
9217
+ * not a marketplace, so there is no Stripe Connect onboarding.
5317
9218
  *
5318
9219
  * Auth model — five distinct credentials, each used by a known subset of
5319
9220
  * routes. Configure whichever you'll actually use; methods that need a
@@ -5328,10 +9229,11 @@ type HealthReadyResponse = Res<'/health/ready', 'get'>;
5328
9229
  * does the canonical-message construction; you supply
5329
9230
  * only the public key + signing callback.
5330
9231
  *
5331
- * Every request/response type is derived from the published OpenAPI spec.
5332
- * A CI drift test in the accounts repo asserts the spec matches what the
5333
- * deployed server serves; another asserts the regenerated SDK types match
5334
- * the committed `src/generated/openapi.ts`.
9232
+ * Every request/response type is derived from the published OpenAPI specs of
9233
+ * both accounts and chain-api. A CI drift test in each repo asserts the spec
9234
+ * matches what the deployed server serves; another asserts the regenerated
9235
+ * SDK types match the committed `src/generated/accounts.ts` and
9236
+ * `src/generated/chain.ts`.
5335
9237
  */
5336
9238
 
5337
9239
  interface SignedRequestSigner {
@@ -5403,12 +9305,48 @@ interface ProvisionDelegatedKeyResult {
5403
9305
  blockNumber?: number;
5404
9306
  }
5405
9307
  interface WitniumchainClientConfig {
5406
- /** Base URL, e.g. `https://auth.witniumchain.com`. Trailing slash optional. */
9308
+ /** Accounts base URL, e.g. `https://auth.witniumchain.com`. Trailing slash optional. */
5407
9309
  baseUrl: string;
9310
+ /**
9311
+ * Chain-api base URL, e.g. `https://api.witniumchain.com`. Required only if you
9312
+ * call chain-api read methods (`getWitness`, `getContractInfo`, etc.). Methods
9313
+ * that need it will throw a clear `WitniumchainApiError` at call time if
9314
+ * unconfigured. Same `accessToken` is reused — accounts mints OAuth tokens with
9315
+ * `aud=https://api.witniumchain.com`, so they're valid against both services.
9316
+ */
9317
+ chainBaseUrl?: string;
5408
9318
  /** Session cookie value (the `wac_session` cookie's body, not the full header). */
5409
9319
  sessionCookie?: string;
5410
- /** OAuth 2.1 access token (Bearer JWT). */
9320
+ /**
9321
+ * OAuth 2.1 access token (Bearer JWT). The SDK treats this as in-memory
9322
+ * mutable state — {@link WitniumchainClient.completeOAuthLogin} and
9323
+ * {@link WitniumchainClient.refreshAccessToken} both update it; reads of
9324
+ * `BearerJWT`-authed routes pick up the latest value. Pass an initial value
9325
+ * if you already have one (e.g. server-side rendering); leave it unset and
9326
+ * let `completeOAuthLogin` populate it from the OAuth flow.
9327
+ */
5411
9328
  accessToken?: string;
9329
+ /**
9330
+ * OAuth client id of the registered application using this SDK. Required if
9331
+ * you call {@link WitniumchainClient.beginOAuthLogin} OR
9332
+ * {@link WitniumchainClient.refreshAccessToken}. Methods that need it will
9333
+ * throw a clear `WitniumchainApiError` at call time when unconfigured.
9334
+ *
9335
+ * Registered via the org-admin OAuth-clients UI (Thread G of Phase AUTH).
9336
+ */
9337
+ oauthClientId?: string;
9338
+ /**
9339
+ * Storage adapter for the PKCE verifier between authorize redirect and
9340
+ * token exchange. Defaults to a `globalThis.sessionStorage` wrapper —
9341
+ * suitable for browser SPAs. Tests inject a Map-backed mock; non-browser
9342
+ * callers (Node SSR, native apps with their own storage) supply their own.
9343
+ *
9344
+ * sessionStorage is the chosen default because it's tab-scoped (resilient
9345
+ * to cross-tab interference) and cleared on tab close (no stale verifier
9346
+ * persistence). It is NOT localStorage — that would survive tab close and
9347
+ * is reachable from any same-origin script, weakening the XSS posture.
9348
+ */
9349
+ verifierStorage?: PkceVerifierStorage;
5412
9350
  /** Organisation API key (`wcorg_live_…`). */
5413
9351
  orgApiKey?: string;
5414
9352
  /** System-admin token (`Authorization: Bearer <ADMIN_TOKEN>`). */
@@ -5420,11 +9358,72 @@ interface WitniumchainClientConfig {
5420
9358
  /** Alternate fetch implementation (e.g. for tests). Default `globalThis.fetch`. */
5421
9359
  fetch?: typeof fetch;
5422
9360
  }
9361
+ /**
9362
+ * Arguments to {@link WitniumchainClient.beginOAuthLogin}. The OAuth client id
9363
+ * is sourced from `WitniumchainClientConfig.oauthClientId` at construction —
9364
+ * not repeated here — so the same client can drive multiple authorize calls
9365
+ * (e.g. retry on user cancellation) without rethreading the id every time.
9366
+ */
9367
+ interface BeginOAuthLoginArgs {
9368
+ /**
9369
+ * Where the authorization server should redirect after the user authenticates.
9370
+ * Must exactly match one of the redirect URIs registered for the OAuth client.
9371
+ * Stored alongside the PKCE verifier so {@link WitniumchainClient.completeOAuthLogin}
9372
+ * can rebuild the canonical token-exchange request without the caller having
9373
+ * to thread the same URI through twice.
9374
+ */
9375
+ redirectUri: string;
9376
+ /**
9377
+ * OAuth scopes to request. Default: `['openid', 'profile', 'email']` — the
9378
+ * standard OIDC sign-in trio. Pass a wider list if the caller's tokens need
9379
+ * additional scopes (e.g. `witnesses:write`); the authorization server
9380
+ * filters out scopes the user isn't allowed to grant.
9381
+ */
9382
+ scope?: readonly string[];
9383
+ /**
9384
+ * Custom OAuth `state` value. Default: a freshly-generated 32-byte URL-safe
9385
+ * random. Passing a custom value is useful when the caller needs to round-
9386
+ * trip application-level context through the redirect (e.g. "which page was
9387
+ * the user on before login"); the value is otherwise treated as opaque.
9388
+ */
9389
+ state?: string;
9390
+ /**
9391
+ * Standard OIDC `prompt` parameter. `'login'` forces the AS to re-prompt for
9392
+ * credentials even if the user has a live session; `'none'` asks for silent
9393
+ * SSO (returns `login_required` if not possible). Default: unset.
9394
+ */
9395
+ prompt?: 'login' | 'none';
9396
+ }
9397
+ interface BeginOAuthLoginResult {
9398
+ /** URL to redirect the user to. The caller does `window.location.assign(...)`. */
9399
+ authorizationUrl: string;
9400
+ /**
9401
+ * The state value bound to this login attempt. Same as the `state` passed
9402
+ * in (if any) or a freshly generated one. {@link WitniumchainClient.completeOAuthLogin}
9403
+ * validates that the state in the callback URL matches a value it issued.
9404
+ */
9405
+ state: string;
9406
+ }
9407
+ interface OAuthTokenSnapshot {
9408
+ /** OAuth Bearer access token. */
9409
+ accessToken: string;
9410
+ /** Unix seconds at which the access token expires. */
9411
+ expiresAt: number;
9412
+ }
5423
9413
  declare class WitniumchainClient {
5424
9414
  private readonly baseUrl;
9415
+ private readonly chainBaseUrl;
5425
9416
  private readonly cfg;
5426
9417
  private readonly timeout;
5427
9418
  private readonly fetchImpl;
9419
+ private accessToken;
9420
+ private refreshToken;
9421
+ private hasRefreshCookie;
9422
+ private readonly oauthClientId;
9423
+ private pendingLogins;
9424
+ private readonly verifierStorage;
9425
+ private discoveryCache;
9426
+ private refreshInFlight;
5428
9427
  /** Subscriptions / billing helpers. See {@link Subscriptions}. */
5429
9428
  readonly subscriptions: Subscriptions;
5430
9429
  /** Delegated-key namespace including the one-call {@link DelegatedKeys.provision} flow. */
@@ -5433,6 +9432,8 @@ declare class WitniumchainClient {
5433
9432
  readonly keys: SigningKeys;
5434
9433
  /** OAuth session management. Accessed as `client.oauth.sessions.*`. */
5435
9434
  readonly oauth: OauthNamespace;
9435
+ /** MFA self-management. Accessed as `client.mfa.totp.*` and `client.mfa.recoveryCodes.*`. */
9436
+ readonly mfa: MfaNamespace;
5436
9437
  constructor(config: WitniumchainClientConfig);
5437
9438
  /**
5438
9439
  * Convenience alias for {@link getAccount} — returns the authenticated
@@ -5479,13 +9480,141 @@ declare class WitniumchainClient {
5479
9480
  revokeWitnessV5(contractAddress: string, witnessId: string, body: RevokeWitnessV5Request, idempotencyKey?: string): Promise<RevokeWitnessV5Response>;
5480
9481
  getAccount(): Promise<AccountResponse>;
5481
9482
  getLedger(): Promise<LedgerResponse>;
9483
+ enrollTotp(): Promise<TotpEnrollResponse>;
9484
+ confirmTotp(body: TotpConfirmRequest): Promise<TotpConfirmResponse>;
9485
+ disableTotp(): Promise<TotpDisableResponse>;
9486
+ regenerateRecoveryCodes(): Promise<RecoveryCodesRegenerateResponse>;
5482
9487
  listOauthSessions(): Promise<ListOauthSessionsResponse>;
5483
9488
  revokeOauthSession(jti: string): Promise<void>;
5484
9489
  revokeAllOauthSessions(): Promise<void>;
5485
9490
  healthLive(): Promise<HealthLiveResponse>;
5486
9491
  healthReady(): Promise<HealthReadyResponse>;
9492
+ getContractInfo(contractAddress: string): Promise<ContractInfoResponse>;
9493
+ getContractVerification(contractAddress: string): Promise<VerifyContractResponse>;
9494
+ listWitnessesV5(contractAddress: string, params?: {
9495
+ dataId?: string;
9496
+ limit?: number;
9497
+ offset?: number;
9498
+ }): Promise<ListWitnessesResponse>;
9499
+ getWitnessV5(contractAddress: string, witnessId: string): Promise<GetChainWitnessResponse>;
9500
+ getContractTransaction(contractAddress: string, txHash: string): Promise<GetContractTransactionResponse>;
9501
+ getTransaction(txHash: string): Promise<GetTransactionResponse>;
9502
+ getWalletBalance(address: string): Promise<GetWalletBalanceResponse>;
9503
+ getDashboardContract(): Promise<DashboardContractResponse>;
9504
+ getDashboardWitnesses(params?: {
9505
+ from?: number;
9506
+ to?: number;
9507
+ timeLock?: 'locked' | 'none';
9508
+ limit?: number;
9509
+ offset?: number;
9510
+ }): Promise<DashboardWitnessesResponse>;
9511
+ /**
9512
+ * Build the authorization-server URL for the start of an OAuth login flow.
9513
+ *
9514
+ * Generates a fresh PKCE verifier + challenge, stashes the verifier in the
9515
+ * configured {@link PkceVerifierStorage} under the `state` key, and returns
9516
+ * the URL the caller should redirect the user to. Side-effects:
9517
+ *
9518
+ * - sessionStorage gets a PKCE entry under `witniumchain.pkce.<state>`.
9519
+ * - The client instance remembers the `redirectUri` for this `state`
9520
+ * so {@link completeOAuthLogin} can rebuild the matching token request
9521
+ * without the caller threading the URI through twice.
9522
+ *
9523
+ * The caller is responsible for the redirect itself
9524
+ * (`window.location.assign(result.authorizationUrl)`); the SDK doesn't
9525
+ * touch `window` directly so SSR + non-browser callers are not broken.
9526
+ */
9527
+ beginOAuthLogin(args: BeginOAuthLoginArgs): Promise<BeginOAuthLoginResult>;
9528
+ /**
9529
+ * Exchange an authorization-code callback for an access token.
9530
+ *
9531
+ * Reads `code` and `state` from the callback URL, validates the state
9532
+ * against a stored verifier, exchanges the code at the token endpoint,
9533
+ * and stores the access token (and refresh token) in the client's
9534
+ * in-memory state. Returns the access token + its expiry for callers
9535
+ * who want to display the session or schedule a proactive refresh.
9536
+ *
9537
+ * Throws (without consuming the verifier) when the callback URL is
9538
+ * missing `code` or `state`, or when the state has no matching verifier
9539
+ * — the latter happens when the user opens an old/forged callback URL,
9540
+ * or when sessionStorage was cleared between authorize and callback.
9541
+ *
9542
+ * The caller is responsible for stripping `code` and `state` from the
9543
+ * browser URL afterwards (`window.history.replaceState`) so a refresh
9544
+ * doesn't re-trigger the exchange against an already-consumed code.
9545
+ */
9546
+ completeOAuthLogin(callbackUrl: string | URL): Promise<OAuthTokenSnapshot>;
9547
+ /**
9548
+ * Refresh the access token. Sends `grant_type=refresh_token` to the token
9549
+ * endpoint with the in-memory refresh token, and updates `accessToken`
9550
+ * (and the rotated refresh token) on success.
9551
+ *
9552
+ * Concurrent callers — including the 401-retry interceptor inside `req()`
9553
+ * fanning out N parallel calls — share a single in-flight refresh promise:
9554
+ * refresh tokens rotate on use, so issuing two concurrent refreshes would
9555
+ * race and one would 401 with `invalid_grant`.
9556
+ *
9557
+ * Throws `WitniumchainApiError` if the refresh token is missing (the SDK
9558
+ * was constructed without one and `completeOAuthLogin` was never called)
9559
+ * or if the AS rejects the refresh (token revoked / expired). On rejection
9560
+ * the in-memory tokens are cleared so subsequent BearerJWT calls fail fast
9561
+ * instead of retrying with a now-invalid token.
9562
+ */
9563
+ refreshAccessToken(): Promise<OAuthTokenSnapshot>;
9564
+ /**
9565
+ * End the OAuth session.
9566
+ *
9567
+ * Clears the in-memory access + refresh tokens. Best-effort revocation of
9568
+ * the server-side session would require a server endpoint that accepts a
9569
+ * Bearer-token-authenticated DELETE (today's `/v1/oauth/sessions` requires
9570
+ * the first-party `wac_session` cookie, see oauth-sessions.controller.ts).
9571
+ * That endpoint will arrive with Phase AUTH Thread E; until then,
9572
+ * `signOut` clears local state only and the access token's natural TTL
9573
+ * (currently 60 min) bounds residual risk if the refresh token is also
9574
+ * dropped — which it is, here.
9575
+ */
9576
+ signOut(): void;
9577
+ private verifierStorageOrDefault;
9578
+ private fetchDiscovery;
9579
+ private postTokenEndpoint;
9580
+ private persistTokenResponse;
9581
+ private refreshAccessTokenInternal;
5487
9582
  private req;
5488
- private buildUrl;
9583
+ /**
9584
+ * Decide whether a non-2xx response on a `BearerJWT` route should trigger
9585
+ * a refresh + single retry. Returns false (no retry) when:
9586
+ *
9587
+ * - this call IS the retry — never recurse,
9588
+ * - the auth mode isn't BearerJWT — refresh only helps Bearer tokens,
9589
+ * - the status isn't 401 — refresh doesn't unstick 403/404/500/etc,
9590
+ * - we don't have a refresh token in memory — nothing to refresh with,
9591
+ * - the response body doesn't look like an expired-token signal.
9592
+ *
9593
+ * On a positive answer, the method ALSO performs the refresh in-line:
9594
+ * the caller just gets back `true` and replays the original request,
9595
+ * which picks up the freshly-rotated `accessToken` via `applyAuth`.
9596
+ * Refresh failures are swallowed here (the caller falls through to the
9597
+ * regular error path); `refreshAccessTokenInternal` already cleared the
9598
+ * in-memory tokens so the retry won't have anything to send.
9599
+ */
9600
+ private shouldRefreshAndRetry;
9601
+ /**
9602
+ * Same decision as `shouldRefreshAndRetry` but for the JSON-parsed path,
9603
+ * where we have the body. Adds one extra gate: only retry when the parsed
9604
+ * body looks like a "token expired" signal (`error: 'token_expired'` per
9605
+ * the AUTH plan, or `error: 'invalid_token'` per RFC 6750 §3.1). A 401
9606
+ * with any other `error` label is a real authn/authz failure that refresh
9607
+ * won't fix — surface it instead of burning a refresh token.
9608
+ */
9609
+ private shouldRefreshAndRetryParsed;
9610
+ /**
9611
+ * Resolve which base URL to call. Default is accounts (`baseUrl`). When a
9612
+ * method opts into 'chain', `chainBaseUrl` must be configured — throw at call
9613
+ * time with a clear message rather than fall back silently to accounts (no
9614
+ * defaults: a wrong base URL is a real bug and would mask itself as a 404).
9615
+ */
9616
+ private resolveBaseUrl;
9617
+ private buildPathWithQuery;
5489
9618
  private applyAuth;
5490
9619
  private parseApiError;
5491
9620
  private toApiError;
@@ -5576,6 +9705,48 @@ declare class OauthSessions {
5576
9705
  revoke(jti: string): Promise<void>;
5577
9706
  revokeAll(): Promise<void>;
5578
9707
  }
9708
+ /**
9709
+ * `client.mfa.*` — TOTP and recovery-code self-management for the
9710
+ * authenticated user. The split into `mfa.totp.*` and `mfa.recoveryCodes.*`
9711
+ * mirrors the server-side controller structure and matches the AUTH plan's
9712
+ * D8 SDK surface (`client.mfa.totp.enroll/confirm/disable` +
9713
+ * `client.mfa.recoveryCodes.regenerate`).
9714
+ */
9715
+ declare class MfaNamespace {
9716
+ readonly totp: MfaTotp;
9717
+ readonly recoveryCodes: MfaRecoveryCodes;
9718
+ constructor(client: WitniumchainClient);
9719
+ }
9720
+ declare class MfaTotp {
9721
+ private readonly client;
9722
+ constructor(client: WitniumchainClient);
9723
+ /**
9724
+ * Start enrolment. Returns the secret + otpauth URL — render the URL as a
9725
+ * QR code in your dashboard (any QR library will do; the SDK doesn't bundle
9726
+ * one). The enrolment is NOT yet a usable second factor: call
9727
+ * {@link confirm} with the first 6-digit code from the authenticator app
9728
+ * to activate it AND receive the recovery codes.
9729
+ */
9730
+ enroll(): Promise<TotpEnrollResponse>;
9731
+ /**
9732
+ * Confirm enrolment with the first user-supplied code. Returns the 10
9733
+ * single-use recovery codes — show them to the user ONCE; the server never
9734
+ * returns them again. Throws `WitniumchainApiError` with status 400 when
9735
+ * the code is invalid or the enrolment is already confirmed.
9736
+ */
9737
+ confirm(code: string): Promise<TotpConfirmResponse>;
9738
+ /** Disable TOTP, wiping both the secret and all recovery codes. */
9739
+ disable(): Promise<TotpDisableResponse>;
9740
+ }
9741
+ declare class MfaRecoveryCodes {
9742
+ private readonly client;
9743
+ constructor(client: WitniumchainClient);
9744
+ /**
9745
+ * Issue a fresh set of 10 recovery codes, invalidating the prior ones.
9746
+ * Same as `confirm` — codes are returned ONCE and never readable again.
9747
+ */
9748
+ regenerate(): Promise<RecoveryCodesRegenerateResponse>;
9749
+ }
5579
9750
 
5580
9751
  interface WitniumchainAdminClientConfig {
5581
9752
  /** Base URL, e.g. `https://auth.witniumchain.com`. Trailing slash optional. */
@@ -5693,4 +9864,4 @@ declare class WitniumchainApiError extends Error {
5693
9864
  });
5694
9865
  }
5695
9866
 
5696
- export { type AccountResponse, type AccountType, type AddSigningKeyRequest, type AddSigningKeyResponse, type AdjustCreditsRequest, type AdjustCreditsResponse, type CheckoutRequest, type CheckoutResponse, type CreateOrganizationRequest, type CreateOrganizationResponse, type CreateUserRequest, type CreateUserResponse, DelegatedKeys, type FinalizeWitnessResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GetWitnessResponse, type HealthLiveResponse, type HealthReadyResponse, type LedgerResponse, type ListDelegatedKeysResponse, type ListOauthSessionsResponse, type ListUsersResponse, type LoginRequest, type LoginResponse, type LogoutResponse, OauthNamespace, OauthSessions, OrgUsers, type OwnerSigner, type PauseRequest, type PauseResponse, type PortalResponse, type PrepareDelegatedKeyRequest, type PreparedDelegatedKeyResponse, type ProposeWitnessRequest, type ProposeWitnessResponse, type ProvisionContractRequest, type ProvisionContractResponse, type ProvisionDelegatedKeyArgs, type ProvisionDelegatedKeyResult, type PublicOrgResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDelegatedKeyResponse, type RevokeSigningKeyRequest, type RevokeSigningKeyResponse, type RevokeWitnessRequest, type RevokeWitnessResponse, type RotateApiKeyResponse, type SetAccountTypeRequest, type SetAccountTypeResponse, type SignRequest, type SignResponse, type SignWitnessRequest, type SignWitnessResponse, type SignedRequestSigner, SigningKeys, type SignupRequest, type SignupResponse, type SubmitDelegatedKeyRequest, type SubmitDelegatedKeyResponse, Subscriptions, type UnpauseRequest, type UnpauseResponse, type VerifyEmailResponse, type VerifyOrganizationResponse, WitniumchainAdminClient, type WitniumchainAdminClientConfig, WitniumchainApiError, WitniumchainClient, type WitniumchainClientConfig, WitniumchainOrgClient, type WitniumchainOrgClientConfig, type paths };
9867
+ export { type AccountResponse, type AccountType, type paths$1 as AccountsPaths, type AddSigningKeyRequest, type AddSigningKeyResponse, type AdjustCreditsRequest, type AdjustCreditsResponse, type BeginOAuthLoginArgs, type BeginOAuthLoginResult, type paths as ChainPaths, type CheckoutRequest, type CheckoutResponse, type CreateOrganizationRequest, type CreateOrganizationResponse, type CreateUserRequest, type CreateUserResponse, DelegatedKeys, type FinalizeWitnessResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GetWitnessResponse, type HealthLiveResponse, type HealthReadyResponse, type LedgerResponse, type ListDelegatedKeysResponse, type ListOauthSessionsResponse, type ListUsersResponse, type LoginRequest, type LoginResponse, type LogoutResponse, MfaNamespace, MfaRecoveryCodes, MfaTotp, type OAuthTokenSnapshot, OauthNamespace, OauthSessions, OrgUsers, type OwnerSigner, type PauseRequest, type PauseResponse, type PkceVerifierStorage, type PortalResponse, type PrepareDelegatedKeyRequest, type PreparedDelegatedKeyResponse, type ProposeWitnessRequest, type ProposeWitnessResponse, type ProvisionContractRequest, type ProvisionContractResponse, type ProvisionDelegatedKeyArgs, type ProvisionDelegatedKeyResult, type PublicOrgResponse, type RecoveryCodesRegenerateResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDelegatedKeyResponse, type RevokeSigningKeyRequest, type RevokeSigningKeyResponse, type RevokeWitnessRequest, type RevokeWitnessResponse, type RotateApiKeyResponse, type SetAccountTypeRequest, type SetAccountTypeResponse, type SignRequest, type SignResponse, type SignWitnessRequest, type SignWitnessResponse, type SignedRequestSigner, SigningKeys, type SignupRequest, type SignupResponse, type SubmitDelegatedKeyRequest, type SubmitDelegatedKeyResponse, Subscriptions, type TotpConfirmRequest, type TotpConfirmResponse, type TotpDisableResponse, type TotpEnrollResponse, type UnpauseRequest, type UnpauseResponse, type VerifyEmailResponse, type VerifyOrganizationResponse, WitniumchainAdminClient, type WitniumchainAdminClientConfig, WitniumchainApiError, WitniumchainClient, type WitniumchainClientConfig, WitniumchainOrgClient, type WitniumchainOrgClientConfig, defaultVerifierStorage };