@witnium-tech/witniumchain 0.6.0 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/FRONTEND-INTEGRATION.md +32 -0
- package/package.json +1 -1
package/FRONTEND-INTEGRATION.md
CHANGED
|
@@ -202,6 +202,15 @@ You have two choices:
|
|
|
202
202
|
- revoke: `{"op":2,"contract":"<addr>","nonce":<ownerNonce+2>,"key":"<pub>"}`
|
|
203
203
|
(canonical JSON, signed as UTF-8 bytes with the owner key)
|
|
204
204
|
|
|
205
|
+
**Dev cross-origin shortcut (pre-launch):** the accounts-rendered sign-keys
|
|
206
|
+
page now also accepts a **recovery-file upload** (the §5 JSON). So while you're
|
|
207
|
+
building on a different origin (e.g. Lovable), the user can export their
|
|
208
|
+
recovery file from your app and upload it on the accounts sign-keys page — the
|
|
209
|
+
page extracts the owner key for the matching contract. This sidesteps the
|
|
210
|
+
same-origin localStorage limitation (§7) without any postMessage plumbing. It's
|
|
211
|
+
a dev convenience, not the production answer; production should solve §7
|
|
212
|
+
properly.
|
|
213
|
+
|
|
205
214
|
To get refresh tokens (required for the agent to stay connected + for the
|
|
206
215
|
disconnect-on-revoke cascade), the OAuth client **must request
|
|
207
216
|
`prompt=consent`** and include `offline_access` in scope. Without
|
|
@@ -233,6 +242,29 @@ This decision blocks the key-storage implementation, so settle it early.
|
|
|
233
242
|
|
|
234
243
|
---
|
|
235
244
|
|
|
245
|
+
## 7b. Dev workflow — reset + re-run
|
|
246
|
+
|
|
247
|
+
Testing signup repeatedly piles up users/orgs/contracts. A **pre-launch-only**
|
|
248
|
+
self-serve reset is available:
|
|
249
|
+
|
|
250
|
+
```ts
|
|
251
|
+
// Authenticated with the wac_session cookie (must be logged in).
|
|
252
|
+
await fetch('https://auth.witniumchain.com/v1/account', {
|
|
253
|
+
method: 'DELETE',
|
|
254
|
+
credentials: 'include',
|
|
255
|
+
});
|
|
256
|
+
// → { deleted: true, userId, organizationId, vaultKeysPurged, notice }
|
|
257
|
+
```
|
|
258
|
+
|
|
259
|
+
Deletes the caller's user + org + contracts + delegated keys (Vault keys
|
|
260
|
+
destroyed too), so you can sign up fresh. The on-chain contract is orphaned
|
|
261
|
+
(immutable — fine). Returns **403** unless `WITNIUM_PRE_LAUNCH=true` on the
|
|
262
|
+
server (it is, on the current dev deploy). This endpoint will be removed before
|
|
263
|
+
customer onboarding; don't build product UI on it — it's purely a dev-loop tool.
|
|
264
|
+
(Alternatively: just sign up with a fresh email each time, no cleanup needed.)
|
|
265
|
+
|
|
266
|
+
---
|
|
267
|
+
|
|
236
268
|
## 8. Known limitations / sharp edges
|
|
237
269
|
|
|
238
270
|
| Issue | Impact | Status |
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@witnium-tech/witniumchain",
|
|
3
|
-
"version": "0.6.
|
|
3
|
+
"version": "0.6.1",
|
|
4
4
|
"description": "TypeScript SDK for WitniumChain — identity, billing, OAuth, witness writes (v5), key management, and chain-api read surfaces (contracts, witnesses, wallets, transactions, dashboards). Single canonical SDK; supersedes @witnium-tech/accounts-sdk and @witnium-tech/chain-sdk-v5.",
|
|
5
5
|
"main": "./dist/index.js",
|
|
6
6
|
"module": "./dist/index.mjs",
|