npm - @witnium-tech/witniumchain - Versions diffs - 0.6.0 → 0.6.2 - Mend

@witnium-tech/witniumchain 0.6.0 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/FRONTEND-INTEGRATION.md CHANGED Viewed

@@ -202,6 +202,15 @@ You have two choices:
   - revoke: `{"op":2,"contract":"<addr>","nonce":<ownerNonce+2>,"key":"<pub>"}`
   (canonical JSON, signed as UTF-8 bytes with the owner key)
+**Dev cross-origin shortcut (pre-launch):** the accounts-rendered sign-keys
+page now also accepts a **recovery-file upload** (the §5 JSON). So while you're
+building on a different origin (e.g. Lovable), the user can export their
+recovery file from your app and upload it on the accounts sign-keys page — the
+page extracts the owner key for the matching contract. This sidesteps the
+same-origin localStorage limitation (§7) without any postMessage plumbing. It's
+a dev convenience, not the production answer; production should solve §7
+properly.
 To get refresh tokens (required for the agent to stay connected + for the
 disconnect-on-revoke cascade), the OAuth client **must request
 `prompt=consent`** and include `offline_access` in scope. Without
@@ -233,6 +242,29 @@ This decision blocks the key-storage implementation, so settle it early.
 ---
+## 7b. Dev workflow — reset + re-run
+Testing signup repeatedly piles up users/orgs/contracts. A **pre-launch-only**
+self-serve reset is available:
+```ts
+// Authenticated with the wac_session cookie (must be logged in).
+await fetch('https://auth.witniumchain.com/v1/account', {
+  method: 'DELETE',
+  credentials: 'include',
+});
+// → { deleted: true, userId, organizationId, vaultKeysPurged, notice }
+```
+Deletes the caller's user + org + contracts + delegated keys (Vault keys
+destroyed too), so you can sign up fresh. The on-chain contract is orphaned
+(immutable — fine). Returns **403** unless `WITNIUM_PRE_LAUNCH=true` on the
+server (it is, on the current dev deploy). This endpoint will be removed before
+customer onboarding; don't build product UI on it — it's purely a dev-loop tool.
+(Alternatively: just sign up with a fresh email each time, no cleanup needed.)
+---
 ## 8. Known limitations / sharp edges
 | Issue | Impact | Status |

package/dist/index.d.mts CHANGED Viewed

@@ -4972,7 +4972,96 @@ interface paths$1 {
         };
         put?: never;
         post?: never;
-        delete?: never;
+        /**
+         * DEV-ONLY: delete the caller's account (pre-launch reset)
+         * @description Hard-deletes the authenticated user + their organisation + contracts + delegated keys (Vault keys destroyed too) so signup can be re-run from scratch. Gated behind WITNIUM_PRE_LAUNCH — returns 403 otherwise. The on-chain contract is orphaned (immutable). This endpoint is removed before customer onboarding; do not build product UI on it.
+         */
+        delete: {
+            parameters: {
+                query?: never;
+                header?: never;
+                path?: never;
+                cookie?: never;
+            };
+            requestBody?: never;
+            responses: {
+                /** @description Success */
+                200: {
+                    headers: {
+                        [name: string]: unknown;
+                    };
+                    content: {
+                        "application/json": {
+                            /** @enum {boolean} */
+                            deleted: true;
+                            /**
+                             * @description UUID v4
+                             * @example 550e8400-e29b-41d4-a716-446655440000
+                             */
+                            userId: string;
+                            /**
+                             * @description UUID v4
+                             * @example 550e8400-e29b-41d4-a716-446655440000
+                             */
+                            organizationId: string;
+                            /** @description How many OpenBao Transit keys were destroyed. */
+                            vaultKeysPurged: number;
+                            notice: string;
+                        };
+                    };
+                };
+                /** @description Unauthorized — authentication required or invalid */
+                401: {
+                    headers: {
+                        [name: string]: unknown;
+                    };
+                    content: {
+                        "application/json": {
+                            /**
+                             * @description HTTP status code
+                             * @example 400
+                             */
+                            statusCode?: number;
+                            /**
+                             * @description Short error label
+                             * @example Bad Request
+                             */
+                            error?: string;
+                            /**
+                             * @description Human-readable error message. Validation errors from `ZodError.flatten()` may be returned as an array.
+                             * @example Validation failed
+                             */
+                            message: string | string[];
+                        };
+                    };
+                };
+                /** @description Forbidden — insufficient permissions or scope */
+                403: {
+                    headers: {
+                        [name: string]: unknown;
+                    };
+                    content: {
+                        "application/json": {
+                            /**
+                             * @description HTTP status code
+                             * @example 400
+                             */
+                            statusCode?: number;
+                            /**
+                             * @description Short error label
+                             * @example Bad Request
+                             */
+                            error?: string;
+                            /**
+                             * @description Human-readable error message. Validation errors from `ZodError.flatten()` may be returned as an array.
+                             * @example Validation failed
+                             */
+                            message: string | string[];
+                        };
+                    };
+                };
+            };
+        };
         options?: never;
         head?: never;
         patch?: never;
@@ -9319,6 +9408,7 @@ type FinalizeWitnessV5Response = Res<'/v5/contracts/{contractAddress}/witnesses/
 type RevokeWitnessV5Request = Req<'/v5/contracts/{contractAddress}/witnesses/{witnessId}/revoke', 'post'>;
 type RevokeWitnessV5Response = Res<'/v5/contracts/{contractAddress}/witnesses/{witnessId}/revoke', 'post'>;
 type AccountResponse = Res<'/v1/account', 'get'>;
+type ResetAccountResponse = Res<'/v1/account', 'delete'>;
 type LedgerResponse = Res<'/v1/account/ledger', 'get'>;
 type TotpEnrollResponse = Res<'/v1/account/mfa/totp/enroll', 'post'>;
 type TotpConfirmRequest = Req<'/v1/account/mfa/totp/confirm', 'post'>;
@@ -9626,6 +9716,14 @@ declare class WitniumchainClient {
     revokeWitnessV5(contractAddress: string, witnessId: string, body: RevokeWitnessV5Request, idempotencyKey?: string): Promise<RevokeWitnessV5Response>;
     getAccount(): Promise<AccountResponse>;
     getLedger(): Promise<LedgerResponse>;
+    /**
+     * DEV-ONLY: hard-delete the authenticated user + their org + contracts +
+     * delegated keys so signup can be re-run from scratch. Gated behind
+     * WITNIUM_PRE_LAUNCH on the server (throws 403 otherwise). The on-chain
+     * contract is orphaned (immutable). Removed before customer onboarding —
+     * do not build product UI on this; it's a dev-loop convenience.
+     */
+    deleteAccount(): Promise<ResetAccountResponse>;
     enrollTotp(): Promise<TotpEnrollResponse>;
     confirmTotp(body: TotpConfirmRequest): Promise<TotpConfirmResponse>;
     disableTotp(): Promise<TotpDisableResponse>;
@@ -10070,4 +10168,4 @@ declare class WitniumchainApiError extends Error {
     });
 }
-export { type AccountResponse, type AccountType, type paths$1 as AccountsPaths, type AddSigningKeyRequest$1 as AddSigningKeyRequest, type AddSigningKeyResponse, type AdjustCreditsRequest, type AdjustCreditsResponse, type BeginOAuthLoginArgs, type BeginOAuthLoginResult, type paths as ChainPaths, type CheckoutRequest, type CheckoutResponse, type CreateOrgRequest, type CreateOrgResponse, type CreateOrganizationRequest, type CreateOrganizationResponse, type CreateUserRequest, type CreateUserResponse, DelegatedKeys, type FinalizeWitnessResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GetWitnessResponse, type HealthLiveResponse, type HealthReadyResponse, type LedgerResponse, type ListDelegatedKeysResponse, type ListOauthSessionsResponse, type ListUsersResponse, type LoginRequest, type LoginResponse, type LogoutResponse, MfaNamespace, MfaRecoveryCodes, MfaTotp, type OAuthTokenSnapshot, OauthNamespace, OauthSessions, OrgUsers, type OwnerSigner, type PauseRequest$1 as PauseRequest, type PauseResponse, type PkceVerifierStorage, type PortalResponse, type PrepareDelegatedKeyRequest, type PreparedDelegatedKeyResponse, type ProposeWitnessRequest, type ProposeWitnessResponse, type ProvisionContractRequest, type ProvisionContractResponse, type ProvisionDelegatedKeyArgs, type ProvisionDelegatedKeyResult, type PublicOrgResponse, type RecoveryCodesRegenerateResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDelegatedKeyResponse, type RevokeSigningKeyRequest$1 as RevokeSigningKeyRequest, type RevokeSigningKeyResponse, type RevokeWitnessRequest, type RevokeWitnessResponse, type RotateApiKeyResponse, type SetAccountTypeRequest, type SetAccountTypeResponse, type SignRequest, type SignResponse, type SignWitnessRequest, type SignWitnessResponse, type SignedRequestSigner, SigningKeys, type SignupRequest, type SignupResponse, type SubmitDelegatedKeyRequest, type SubmitDelegatedKeyResponse, Subscriptions, type TotpConfirmRequest, type TotpConfirmResponse, type TotpDisableResponse, type TotpEnrollResponse, type UnpauseRequest, type UnpauseResponse, type VerifyEmailResponse, type VerifyOrganizationResponse, WitniumchainAdminClient, type WitniumchainAdminClientConfig, WitniumchainApiError, WitniumchainChainAdminClient, type WitniumchainChainAdminClientConfig, WitniumchainClient, type WitniumchainClientConfig, WitniumchainOrgClient, type WitniumchainOrgClientConfig, defaultVerifierStorage };
+export { type AccountResponse, type AccountType, type paths$1 as AccountsPaths, type AddSigningKeyRequest$1 as AddSigningKeyRequest, type AddSigningKeyResponse, type AdjustCreditsRequest, type AdjustCreditsResponse, type BeginOAuthLoginArgs, type BeginOAuthLoginResult, type paths as ChainPaths, type CheckoutRequest, type CheckoutResponse, type CreateOrgRequest, type CreateOrgResponse, type CreateOrganizationRequest, type CreateOrganizationResponse, type CreateUserRequest, type CreateUserResponse, DelegatedKeys, type FinalizeWitnessResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GetWitnessResponse, type HealthLiveResponse, type HealthReadyResponse, type LedgerResponse, type ListDelegatedKeysResponse, type ListOauthSessionsResponse, type ListUsersResponse, type LoginRequest, type LoginResponse, type LogoutResponse, MfaNamespace, MfaRecoveryCodes, MfaTotp, type OAuthTokenSnapshot, OauthNamespace, OauthSessions, OrgUsers, type OwnerSigner, type PauseRequest$1 as PauseRequest, type PauseResponse, type PkceVerifierStorage, type PortalResponse, type PrepareDelegatedKeyRequest, type PreparedDelegatedKeyResponse, type ProposeWitnessRequest, type ProposeWitnessResponse, type ProvisionContractRequest, type ProvisionContractResponse, type ProvisionDelegatedKeyArgs, type ProvisionDelegatedKeyResult, type PublicOrgResponse, type RecoveryCodesRegenerateResponse, type ResetAccountResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDelegatedKeyResponse, type RevokeSigningKeyRequest$1 as RevokeSigningKeyRequest, type RevokeSigningKeyResponse, type RevokeWitnessRequest, type RevokeWitnessResponse, type RotateApiKeyResponse, type SetAccountTypeRequest, type SetAccountTypeResponse, type SignRequest, type SignResponse, type SignWitnessRequest, type SignWitnessResponse, type SignedRequestSigner, SigningKeys, type SignupRequest, type SignupResponse, type SubmitDelegatedKeyRequest, type SubmitDelegatedKeyResponse, Subscriptions, type TotpConfirmRequest, type TotpConfirmResponse, type TotpDisableResponse, type TotpEnrollResponse, type UnpauseRequest, type UnpauseResponse, type VerifyEmailResponse, type VerifyOrganizationResponse, WitniumchainAdminClient, type WitniumchainAdminClientConfig, WitniumchainApiError, WitniumchainChainAdminClient, type WitniumchainChainAdminClientConfig, WitniumchainClient, type WitniumchainClientConfig, WitniumchainOrgClient, type WitniumchainOrgClientConfig, defaultVerifierStorage };

package/dist/index.d.ts CHANGED Viewed

@@ -4972,7 +4972,96 @@ interface paths$1 {
         };
         put?: never;
         post?: never;
-        delete?: never;
+        /**
+         * DEV-ONLY: delete the caller's account (pre-launch reset)
+         * @description Hard-deletes the authenticated user + their organisation + contracts + delegated keys (Vault keys destroyed too) so signup can be re-run from scratch. Gated behind WITNIUM_PRE_LAUNCH — returns 403 otherwise. The on-chain contract is orphaned (immutable). This endpoint is removed before customer onboarding; do not build product UI on it.
+         */
+        delete: {
+            parameters: {
+                query?: never;
+                header?: never;
+                path?: never;
+                cookie?: never;
+            };
+            requestBody?: never;
+            responses: {
+                /** @description Success */
+                200: {
+                    headers: {
+                        [name: string]: unknown;
+                    };
+                    content: {
+                        "application/json": {
+                            /** @enum {boolean} */
+                            deleted: true;
+                            /**
+                             * @description UUID v4
+                             * @example 550e8400-e29b-41d4-a716-446655440000
+                             */
+                            userId: string;
+                            /**
+                             * @description UUID v4
+                             * @example 550e8400-e29b-41d4-a716-446655440000
+                             */
+                            organizationId: string;
+                            /** @description How many OpenBao Transit keys were destroyed. */
+                            vaultKeysPurged: number;
+                            notice: string;
+                        };
+                    };
+                };
+                /** @description Unauthorized — authentication required or invalid */
+                401: {
+                    headers: {
+                        [name: string]: unknown;
+                    };
+                    content: {
+                        "application/json": {
+                            /**
+                             * @description HTTP status code
+                             * @example 400
+                             */
+                            statusCode?: number;
+                            /**
+                             * @description Short error label
+                             * @example Bad Request
+                             */
+                            error?: string;
+                            /**
+                             * @description Human-readable error message. Validation errors from `ZodError.flatten()` may be returned as an array.
+                             * @example Validation failed
+                             */
+                            message: string | string[];
+                        };
+                    };
+                };
+                /** @description Forbidden — insufficient permissions or scope */
+                403: {
+                    headers: {
+                        [name: string]: unknown;
+                    };
+                    content: {
+                        "application/json": {
+                            /**
+                             * @description HTTP status code
+                             * @example 400
+                             */
+                            statusCode?: number;
+                            /**
+                             * @description Short error label
+                             * @example Bad Request
+                             */
+                            error?: string;
+                            /**
+                             * @description Human-readable error message. Validation errors from `ZodError.flatten()` may be returned as an array.
+                             * @example Validation failed
+                             */
+                            message: string | string[];
+                        };
+                    };
+                };
+            };
+        };
         options?: never;
         head?: never;
         patch?: never;
@@ -9319,6 +9408,7 @@ type FinalizeWitnessV5Response = Res<'/v5/contracts/{contractAddress}/witnesses/
 type RevokeWitnessV5Request = Req<'/v5/contracts/{contractAddress}/witnesses/{witnessId}/revoke', 'post'>;
 type RevokeWitnessV5Response = Res<'/v5/contracts/{contractAddress}/witnesses/{witnessId}/revoke', 'post'>;
 type AccountResponse = Res<'/v1/account', 'get'>;
+type ResetAccountResponse = Res<'/v1/account', 'delete'>;
 type LedgerResponse = Res<'/v1/account/ledger', 'get'>;
 type TotpEnrollResponse = Res<'/v1/account/mfa/totp/enroll', 'post'>;
 type TotpConfirmRequest = Req<'/v1/account/mfa/totp/confirm', 'post'>;
@@ -9626,6 +9716,14 @@ declare class WitniumchainClient {
     revokeWitnessV5(contractAddress: string, witnessId: string, body: RevokeWitnessV5Request, idempotencyKey?: string): Promise<RevokeWitnessV5Response>;
     getAccount(): Promise<AccountResponse>;
     getLedger(): Promise<LedgerResponse>;
+    /**
+     * DEV-ONLY: hard-delete the authenticated user + their org + contracts +
+     * delegated keys so signup can be re-run from scratch. Gated behind
+     * WITNIUM_PRE_LAUNCH on the server (throws 403 otherwise). The on-chain
+     * contract is orphaned (immutable). Removed before customer onboarding —
+     * do not build product UI on this; it's a dev-loop convenience.
+     */
+    deleteAccount(): Promise<ResetAccountResponse>;
     enrollTotp(): Promise<TotpEnrollResponse>;
     confirmTotp(body: TotpConfirmRequest): Promise<TotpConfirmResponse>;
     disableTotp(): Promise<TotpDisableResponse>;
@@ -10070,4 +10168,4 @@ declare class WitniumchainApiError extends Error {
     });
 }
-export { type AccountResponse, type AccountType, type paths$1 as AccountsPaths, type AddSigningKeyRequest$1 as AddSigningKeyRequest, type AddSigningKeyResponse, type AdjustCreditsRequest, type AdjustCreditsResponse, type BeginOAuthLoginArgs, type BeginOAuthLoginResult, type paths as ChainPaths, type CheckoutRequest, type CheckoutResponse, type CreateOrgRequest, type CreateOrgResponse, type CreateOrganizationRequest, type CreateOrganizationResponse, type CreateUserRequest, type CreateUserResponse, DelegatedKeys, type FinalizeWitnessResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GetWitnessResponse, type HealthLiveResponse, type HealthReadyResponse, type LedgerResponse, type ListDelegatedKeysResponse, type ListOauthSessionsResponse, type ListUsersResponse, type LoginRequest, type LoginResponse, type LogoutResponse, MfaNamespace, MfaRecoveryCodes, MfaTotp, type OAuthTokenSnapshot, OauthNamespace, OauthSessions, OrgUsers, type OwnerSigner, type PauseRequest$1 as PauseRequest, type PauseResponse, type PkceVerifierStorage, type PortalResponse, type PrepareDelegatedKeyRequest, type PreparedDelegatedKeyResponse, type ProposeWitnessRequest, type ProposeWitnessResponse, type ProvisionContractRequest, type ProvisionContractResponse, type ProvisionDelegatedKeyArgs, type ProvisionDelegatedKeyResult, type PublicOrgResponse, type RecoveryCodesRegenerateResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDelegatedKeyResponse, type RevokeSigningKeyRequest$1 as RevokeSigningKeyRequest, type RevokeSigningKeyResponse, type RevokeWitnessRequest, type RevokeWitnessResponse, type RotateApiKeyResponse, type SetAccountTypeRequest, type SetAccountTypeResponse, type SignRequest, type SignResponse, type SignWitnessRequest, type SignWitnessResponse, type SignedRequestSigner, SigningKeys, type SignupRequest, type SignupResponse, type SubmitDelegatedKeyRequest, type SubmitDelegatedKeyResponse, Subscriptions, type TotpConfirmRequest, type TotpConfirmResponse, type TotpDisableResponse, type TotpEnrollResponse, type UnpauseRequest, type UnpauseResponse, type VerifyEmailResponse, type VerifyOrganizationResponse, WitniumchainAdminClient, type WitniumchainAdminClientConfig, WitniumchainApiError, WitniumchainChainAdminClient, type WitniumchainChainAdminClientConfig, WitniumchainClient, type WitniumchainClientConfig, WitniumchainOrgClient, type WitniumchainOrgClientConfig, defaultVerifierStorage };
+export { type AccountResponse, type AccountType, type paths$1 as AccountsPaths, type AddSigningKeyRequest$1 as AddSigningKeyRequest, type AddSigningKeyResponse, type AdjustCreditsRequest, type AdjustCreditsResponse, type BeginOAuthLoginArgs, type BeginOAuthLoginResult, type paths as ChainPaths, type CheckoutRequest, type CheckoutResponse, type CreateOrgRequest, type CreateOrgResponse, type CreateOrganizationRequest, type CreateOrganizationResponse, type CreateUserRequest, type CreateUserResponse, DelegatedKeys, type FinalizeWitnessResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GetWitnessResponse, type HealthLiveResponse, type HealthReadyResponse, type LedgerResponse, type ListDelegatedKeysResponse, type ListOauthSessionsResponse, type ListUsersResponse, type LoginRequest, type LoginResponse, type LogoutResponse, MfaNamespace, MfaRecoveryCodes, MfaTotp, type OAuthTokenSnapshot, OauthNamespace, OauthSessions, OrgUsers, type OwnerSigner, type PauseRequest$1 as PauseRequest, type PauseResponse, type PkceVerifierStorage, type PortalResponse, type PrepareDelegatedKeyRequest, type PreparedDelegatedKeyResponse, type ProposeWitnessRequest, type ProposeWitnessResponse, type ProvisionContractRequest, type ProvisionContractResponse, type ProvisionDelegatedKeyArgs, type ProvisionDelegatedKeyResult, type PublicOrgResponse, type RecoveryCodesRegenerateResponse, type ResetAccountResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDelegatedKeyResponse, type RevokeSigningKeyRequest$1 as RevokeSigningKeyRequest, type RevokeSigningKeyResponse, type RevokeWitnessRequest, type RevokeWitnessResponse, type RotateApiKeyResponse, type SetAccountTypeRequest, type SetAccountTypeResponse, type SignRequest, type SignResponse, type SignWitnessRequest, type SignWitnessResponse, type SignedRequestSigner, SigningKeys, type SignupRequest, type SignupResponse, type SubmitDelegatedKeyRequest, type SubmitDelegatedKeyResponse, Subscriptions, type TotpConfirmRequest, type TotpConfirmResponse, type TotpDisableResponse, type TotpEnrollResponse, type UnpauseRequest, type UnpauseResponse, type VerifyEmailResponse, type VerifyOrganizationResponse, WitniumchainAdminClient, type WitniumchainAdminClientConfig, WitniumchainApiError, WitniumchainChainAdminClient, type WitniumchainChainAdminClientConfig, WitniumchainClient, type WitniumchainClientConfig, WitniumchainOrgClient, type WitniumchainOrgClientConfig, defaultVerifierStorage };

package/dist/index.js CHANGED Viewed

@@ -414,6 +414,16 @@ var WitniumchainClient = class {
   getLedger() {
     return this.req("GET", "/v1/account/ledger", { auth: "SessionCookie" });
   }
+  /**
+   * DEV-ONLY: hard-delete the authenticated user + their org + contracts +
+   * delegated keys so signup can be re-run from scratch. Gated behind
+   * WITNIUM_PRE_LAUNCH on the server (throws 403 otherwise). The on-chain
+   * contract is orphaned (immutable). Removed before customer onboarding —
+   * do not build product UI on this; it's a dev-loop convenience.
+   */
+  deleteAccount() {
+    return this.req("DELETE", "/v1/account", { auth: "SessionCookie" });
+  }
   // ────────────────────────────────────────────────────────────────────────
   // MFA (/v1/account/mfa/*)
   //