@witnium-tech/witniumchain 0.6.1 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.d.mts +158 -2
  2. package/dist/index.d.ts +158 -2
  3. package/dist/index.js +63 -3
  4. package/dist/index.js.map +1 -1
  5. package/dist/index.mjs +59 -4
  6. package/dist/index.mjs.map +1 -1
  7. package/package.json +2 -2
package/dist/index.d.mts CHANGED
@@ -4972,7 +4972,96 @@ interface paths$1 {
4972
4972
  };
4973
4973
  put?: never;
4974
4974
  post?: never;
4975
- delete?: never;
4975
+ /**
4976
+ * DEV-ONLY: delete the caller's account (pre-launch reset)
4977
+ * @description Hard-deletes the authenticated user + their organisation + contracts + delegated keys (Vault keys destroyed too) so signup can be re-run from scratch. Gated behind WITNIUM_PRE_LAUNCH — returns 403 otherwise. The on-chain contract is orphaned (immutable). This endpoint is removed before customer onboarding; do not build product UI on it.
4978
+ */
4979
+ delete: {
4980
+ parameters: {
4981
+ query?: never;
4982
+ header?: never;
4983
+ path?: never;
4984
+ cookie?: never;
4985
+ };
4986
+ requestBody?: never;
4987
+ responses: {
4988
+ /** @description Success */
4989
+ 200: {
4990
+ headers: {
4991
+ [name: string]: unknown;
4992
+ };
4993
+ content: {
4994
+ "application/json": {
4995
+ /** @enum {boolean} */
4996
+ deleted: true;
4997
+ /**
4998
+ * @description UUID v4
4999
+ * @example 550e8400-e29b-41d4-a716-446655440000
5000
+ */
5001
+ userId: string;
5002
+ /**
5003
+ * @description UUID v4
5004
+ * @example 550e8400-e29b-41d4-a716-446655440000
5005
+ */
5006
+ organizationId: string;
5007
+ /** @description How many OpenBao Transit keys were destroyed. */
5008
+ vaultKeysPurged: number;
5009
+ notice: string;
5010
+ };
5011
+ };
5012
+ };
5013
+ /** @description Unauthorized — authentication required or invalid */
5014
+ 401: {
5015
+ headers: {
5016
+ [name: string]: unknown;
5017
+ };
5018
+ content: {
5019
+ "application/json": {
5020
+ /**
5021
+ * @description HTTP status code
5022
+ * @example 400
5023
+ */
5024
+ statusCode?: number;
5025
+ /**
5026
+ * @description Short error label
5027
+ * @example Bad Request
5028
+ */
5029
+ error?: string;
5030
+ /**
5031
+ * @description Human-readable error message. Validation errors from `ZodError.flatten()` may be returned as an array.
5032
+ * @example Validation failed
5033
+ */
5034
+ message: string | string[];
5035
+ };
5036
+ };
5037
+ };
5038
+ /** @description Forbidden — insufficient permissions or scope */
5039
+ 403: {
5040
+ headers: {
5041
+ [name: string]: unknown;
5042
+ };
5043
+ content: {
5044
+ "application/json": {
5045
+ /**
5046
+ * @description HTTP status code
5047
+ * @example 400
5048
+ */
5049
+ statusCode?: number;
5050
+ /**
5051
+ * @description Short error label
5052
+ * @example Bad Request
5053
+ */
5054
+ error?: string;
5055
+ /**
5056
+ * @description Human-readable error message. Validation errors from `ZodError.flatten()` may be returned as an array.
5057
+ * @example Validation failed
5058
+ */
5059
+ message: string | string[];
5060
+ };
5061
+ };
5062
+ };
5063
+ };
5064
+ };
4976
5065
  options?: never;
4977
5066
  head?: never;
4978
5067
  patch?: never;
@@ -9319,6 +9408,7 @@ type FinalizeWitnessV5Response = Res<'/v5/contracts/{contractAddress}/witnesses/
9319
9408
  type RevokeWitnessV5Request = Req<'/v5/contracts/{contractAddress}/witnesses/{witnessId}/revoke', 'post'>;
9320
9409
  type RevokeWitnessV5Response = Res<'/v5/contracts/{contractAddress}/witnesses/{witnessId}/revoke', 'post'>;
9321
9410
  type AccountResponse = Res<'/v1/account', 'get'>;
9411
+ type ResetAccountResponse = Res<'/v1/account', 'delete'>;
9322
9412
  type LedgerResponse = Res<'/v1/account/ledger', 'get'>;
9323
9413
  type TotpEnrollResponse = Res<'/v1/account/mfa/totp/enroll', 'post'>;
9324
9414
  type TotpConfirmRequest = Req<'/v1/account/mfa/totp/confirm', 'post'>;
@@ -9626,6 +9716,14 @@ declare class WitniumchainClient {
9626
9716
  revokeWitnessV5(contractAddress: string, witnessId: string, body: RevokeWitnessV5Request, idempotencyKey?: string): Promise<RevokeWitnessV5Response>;
9627
9717
  getAccount(): Promise<AccountResponse>;
9628
9718
  getLedger(): Promise<LedgerResponse>;
9719
+ /**
9720
+ * DEV-ONLY: hard-delete the authenticated user + their org + contracts +
9721
+ * delegated keys so signup can be re-run from scratch. Gated behind
9722
+ * WITNIUM_PRE_LAUNCH on the server (throws 403 otherwise). The on-chain
9723
+ * contract is orphaned (immutable). Removed before customer onboarding —
9724
+ * do not build product UI on this; it's a dev-loop convenience.
9725
+ */
9726
+ deleteAccount(): Promise<ResetAccountResponse>;
9629
9727
  enrollTotp(): Promise<TotpEnrollResponse>;
9630
9728
  confirmTotp(body: TotpConfirmRequest): Promise<TotpConfirmResponse>;
9631
9729
  disableTotp(): Promise<TotpDisableResponse>;
@@ -10070,4 +10168,62 @@ declare class WitniumchainApiError extends Error {
10070
10168
  });
10071
10169
  }
10072
10170
 
10073
- export { type AccountResponse, type AccountType, type paths$1 as AccountsPaths, type AddSigningKeyRequest$1 as AddSigningKeyRequest, type AddSigningKeyResponse, type AdjustCreditsRequest, type AdjustCreditsResponse, type BeginOAuthLoginArgs, type BeginOAuthLoginResult, type paths as ChainPaths, type CheckoutRequest, type CheckoutResponse, type CreateOrgRequest, type CreateOrgResponse, type CreateOrganizationRequest, type CreateOrganizationResponse, type CreateUserRequest, type CreateUserResponse, DelegatedKeys, type FinalizeWitnessResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GetWitnessResponse, type HealthLiveResponse, type HealthReadyResponse, type LedgerResponse, type ListDelegatedKeysResponse, type ListOauthSessionsResponse, type ListUsersResponse, type LoginRequest, type LoginResponse, type LogoutResponse, MfaNamespace, MfaRecoveryCodes, MfaTotp, type OAuthTokenSnapshot, OauthNamespace, OauthSessions, OrgUsers, type OwnerSigner, type PauseRequest$1 as PauseRequest, type PauseResponse, type PkceVerifierStorage, type PortalResponse, type PrepareDelegatedKeyRequest, type PreparedDelegatedKeyResponse, type ProposeWitnessRequest, type ProposeWitnessResponse, type ProvisionContractRequest, type ProvisionContractResponse, type ProvisionDelegatedKeyArgs, type ProvisionDelegatedKeyResult, type PublicOrgResponse, type RecoveryCodesRegenerateResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDelegatedKeyResponse, type RevokeSigningKeyRequest$1 as RevokeSigningKeyRequest, type RevokeSigningKeyResponse, type RevokeWitnessRequest, type RevokeWitnessResponse, type RotateApiKeyResponse, type SetAccountTypeRequest, type SetAccountTypeResponse, type SignRequest, type SignResponse, type SignWitnessRequest, type SignWitnessResponse, type SignedRequestSigner, SigningKeys, type SignupRequest, type SignupResponse, type SubmitDelegatedKeyRequest, type SubmitDelegatedKeyResponse, Subscriptions, type TotpConfirmRequest, type TotpConfirmResponse, type TotpDisableResponse, type TotpEnrollResponse, type UnpauseRequest, type UnpauseResponse, type VerifyEmailResponse, type VerifyOrganizationResponse, WitniumchainAdminClient, type WitniumchainAdminClientConfig, WitniumchainApiError, WitniumchainChainAdminClient, type WitniumchainChainAdminClientConfig, WitniumchainClient, type WitniumchainClientConfig, WitniumchainOrgClient, type WitniumchainOrgClientConfig, defaultVerifierStorage };
10171
+ /**
10172
+ * Canonical owner-operation messages.
10173
+ *
10174
+ * Owner ops (add/revoke a signing key, pause/unpause a contract) are
10175
+ * authorized by an ed25519 signature from the contract OWNER key over a
10176
+ * canonical message. chain-api re-builds the exact same string server-side
10177
+ * and verifies the signature against the contract's stored owner key, so
10178
+ * the bytes MUST match to the character.
10179
+ *
10180
+ * The canonical form is `JSON.stringify({ op, contract, nonce, ...payload })`
10181
+ * with the contract address LOWER-CASED. (Verified against
10182
+ * ContractsV5Service.executeOwnerOp + a live on-chain addSigningKey.)
10183
+ *
10184
+ * Do NOT hand-roll this as `op:contract:nonce` or any other shape — the
10185
+ * signature will be silently rejected by chain-api ("Invalid owner
10186
+ * signature"). Use these helpers so a future chain-spec change is a single
10187
+ * SDK bump, not a silent break in every consumer.
10188
+ */
10189
+ /** Owner-op type codes — mirror the contract constants (V3–V5). */
10190
+ declare const OWNER_OP: {
10191
+ readonly addSigningKey: 1;
10192
+ readonly revokeSigningKey: 2;
10193
+ readonly pause: 3;
10194
+ readonly unpause: 4;
10195
+ };
10196
+ type OwnerOpName = keyof typeof OWNER_OP;
10197
+ /**
10198
+ * Canonical message to sign for `pause`. `nonce` must be the contract's
10199
+ * current `ownerNonce + 1`.
10200
+ */
10201
+ declare function buildPausePayload(args: {
10202
+ contractAddress: string;
10203
+ nonce: number;
10204
+ }): string;
10205
+ /** Canonical message to sign for `unpause`. */
10206
+ declare function buildUnpausePayload(args: {
10207
+ contractAddress: string;
10208
+ nonce: number;
10209
+ }): string;
10210
+ /**
10211
+ * Canonical message to sign for `addSigningKey`. `newKey` is the 64-hex-char
10212
+ * ed25519 public key being added (no 0x).
10213
+ */
10214
+ declare function buildAddSigningKeyPayload(args: {
10215
+ contractAddress: string;
10216
+ nonce: number;
10217
+ newKey: string;
10218
+ }): string;
10219
+ /**
10220
+ * Canonical message to sign for `revokeSigningKey`. `key` is the 64-hex-char
10221
+ * ed25519 public key being revoked (no 0x).
10222
+ */
10223
+ declare function buildRevokeSigningKeyPayload(args: {
10224
+ contractAddress: string;
10225
+ nonce: number;
10226
+ key: string;
10227
+ }): string;
10228
+
10229
+ export { type AccountResponse, type AccountType, type paths$1 as AccountsPaths, type AddSigningKeyRequest$1 as AddSigningKeyRequest, type AddSigningKeyResponse, type AdjustCreditsRequest, type AdjustCreditsResponse, type BeginOAuthLoginArgs, type BeginOAuthLoginResult, type paths as ChainPaths, type CheckoutRequest, type CheckoutResponse, type CreateOrgRequest, type CreateOrgResponse, type CreateOrganizationRequest, type CreateOrganizationResponse, type CreateUserRequest, type CreateUserResponse, DelegatedKeys, type FinalizeWitnessResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GetWitnessResponse, type HealthLiveResponse, type HealthReadyResponse, type LedgerResponse, type ListDelegatedKeysResponse, type ListOauthSessionsResponse, type ListUsersResponse, type LoginRequest, type LoginResponse, type LogoutResponse, MfaNamespace, MfaRecoveryCodes, MfaTotp, type OAuthTokenSnapshot, OWNER_OP, OauthNamespace, OauthSessions, OrgUsers, type OwnerOpName, type OwnerSigner, type PauseRequest$1 as PauseRequest, type PauseResponse, type PkceVerifierStorage, type PortalResponse, type PrepareDelegatedKeyRequest, type PreparedDelegatedKeyResponse, type ProposeWitnessRequest, type ProposeWitnessResponse, type ProvisionContractRequest, type ProvisionContractResponse, type ProvisionDelegatedKeyArgs, type ProvisionDelegatedKeyResult, type PublicOrgResponse, type RecoveryCodesRegenerateResponse, type ResetAccountResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDelegatedKeyResponse, type RevokeSigningKeyRequest$1 as RevokeSigningKeyRequest, type RevokeSigningKeyResponse, type RevokeWitnessRequest, type RevokeWitnessResponse, type RotateApiKeyResponse, type SetAccountTypeRequest, type SetAccountTypeResponse, type SignRequest, type SignResponse, type SignWitnessRequest, type SignWitnessResponse, type SignedRequestSigner, SigningKeys, type SignupRequest, type SignupResponse, type SubmitDelegatedKeyRequest, type SubmitDelegatedKeyResponse, Subscriptions, type TotpConfirmRequest, type TotpConfirmResponse, type TotpDisableResponse, type TotpEnrollResponse, type UnpauseRequest, type UnpauseResponse, type VerifyEmailResponse, type VerifyOrganizationResponse, WitniumchainAdminClient, type WitniumchainAdminClientConfig, WitniumchainApiError, WitniumchainChainAdminClient, type WitniumchainChainAdminClientConfig, WitniumchainClient, type WitniumchainClientConfig, WitniumchainOrgClient, type WitniumchainOrgClientConfig, buildAddSigningKeyPayload, buildPausePayload, buildRevokeSigningKeyPayload, buildUnpausePayload, defaultVerifierStorage };
package/dist/index.d.ts CHANGED
@@ -4972,7 +4972,96 @@ interface paths$1 {
4972
4972
  };
4973
4973
  put?: never;
4974
4974
  post?: never;
4975
- delete?: never;
4975
+ /**
4976
+ * DEV-ONLY: delete the caller's account (pre-launch reset)
4977
+ * @description Hard-deletes the authenticated user + their organisation + contracts + delegated keys (Vault keys destroyed too) so signup can be re-run from scratch. Gated behind WITNIUM_PRE_LAUNCH — returns 403 otherwise. The on-chain contract is orphaned (immutable). This endpoint is removed before customer onboarding; do not build product UI on it.
4978
+ */
4979
+ delete: {
4980
+ parameters: {
4981
+ query?: never;
4982
+ header?: never;
4983
+ path?: never;
4984
+ cookie?: never;
4985
+ };
4986
+ requestBody?: never;
4987
+ responses: {
4988
+ /** @description Success */
4989
+ 200: {
4990
+ headers: {
4991
+ [name: string]: unknown;
4992
+ };
4993
+ content: {
4994
+ "application/json": {
4995
+ /** @enum {boolean} */
4996
+ deleted: true;
4997
+ /**
4998
+ * @description UUID v4
4999
+ * @example 550e8400-e29b-41d4-a716-446655440000
5000
+ */
5001
+ userId: string;
5002
+ /**
5003
+ * @description UUID v4
5004
+ * @example 550e8400-e29b-41d4-a716-446655440000
5005
+ */
5006
+ organizationId: string;
5007
+ /** @description How many OpenBao Transit keys were destroyed. */
5008
+ vaultKeysPurged: number;
5009
+ notice: string;
5010
+ };
5011
+ };
5012
+ };
5013
+ /** @description Unauthorized — authentication required or invalid */
5014
+ 401: {
5015
+ headers: {
5016
+ [name: string]: unknown;
5017
+ };
5018
+ content: {
5019
+ "application/json": {
5020
+ /**
5021
+ * @description HTTP status code
5022
+ * @example 400
5023
+ */
5024
+ statusCode?: number;
5025
+ /**
5026
+ * @description Short error label
5027
+ * @example Bad Request
5028
+ */
5029
+ error?: string;
5030
+ /**
5031
+ * @description Human-readable error message. Validation errors from `ZodError.flatten()` may be returned as an array.
5032
+ * @example Validation failed
5033
+ */
5034
+ message: string | string[];
5035
+ };
5036
+ };
5037
+ };
5038
+ /** @description Forbidden — insufficient permissions or scope */
5039
+ 403: {
5040
+ headers: {
5041
+ [name: string]: unknown;
5042
+ };
5043
+ content: {
5044
+ "application/json": {
5045
+ /**
5046
+ * @description HTTP status code
5047
+ * @example 400
5048
+ */
5049
+ statusCode?: number;
5050
+ /**
5051
+ * @description Short error label
5052
+ * @example Bad Request
5053
+ */
5054
+ error?: string;
5055
+ /**
5056
+ * @description Human-readable error message. Validation errors from `ZodError.flatten()` may be returned as an array.
5057
+ * @example Validation failed
5058
+ */
5059
+ message: string | string[];
5060
+ };
5061
+ };
5062
+ };
5063
+ };
5064
+ };
4976
5065
  options?: never;
4977
5066
  head?: never;
4978
5067
  patch?: never;
@@ -9319,6 +9408,7 @@ type FinalizeWitnessV5Response = Res<'/v5/contracts/{contractAddress}/witnesses/
9319
9408
  type RevokeWitnessV5Request = Req<'/v5/contracts/{contractAddress}/witnesses/{witnessId}/revoke', 'post'>;
9320
9409
  type RevokeWitnessV5Response = Res<'/v5/contracts/{contractAddress}/witnesses/{witnessId}/revoke', 'post'>;
9321
9410
  type AccountResponse = Res<'/v1/account', 'get'>;
9411
+ type ResetAccountResponse = Res<'/v1/account', 'delete'>;
9322
9412
  type LedgerResponse = Res<'/v1/account/ledger', 'get'>;
9323
9413
  type TotpEnrollResponse = Res<'/v1/account/mfa/totp/enroll', 'post'>;
9324
9414
  type TotpConfirmRequest = Req<'/v1/account/mfa/totp/confirm', 'post'>;
@@ -9626,6 +9716,14 @@ declare class WitniumchainClient {
9626
9716
  revokeWitnessV5(contractAddress: string, witnessId: string, body: RevokeWitnessV5Request, idempotencyKey?: string): Promise<RevokeWitnessV5Response>;
9627
9717
  getAccount(): Promise<AccountResponse>;
9628
9718
  getLedger(): Promise<LedgerResponse>;
9719
+ /**
9720
+ * DEV-ONLY: hard-delete the authenticated user + their org + contracts +
9721
+ * delegated keys so signup can be re-run from scratch. Gated behind
9722
+ * WITNIUM_PRE_LAUNCH on the server (throws 403 otherwise). The on-chain
9723
+ * contract is orphaned (immutable). Removed before customer onboarding —
9724
+ * do not build product UI on this; it's a dev-loop convenience.
9725
+ */
9726
+ deleteAccount(): Promise<ResetAccountResponse>;
9629
9727
  enrollTotp(): Promise<TotpEnrollResponse>;
9630
9728
  confirmTotp(body: TotpConfirmRequest): Promise<TotpConfirmResponse>;
9631
9729
  disableTotp(): Promise<TotpDisableResponse>;
@@ -10070,4 +10168,62 @@ declare class WitniumchainApiError extends Error {
10070
10168
  });
10071
10169
  }
10072
10170
 
10073
- export { type AccountResponse, type AccountType, type paths$1 as AccountsPaths, type AddSigningKeyRequest$1 as AddSigningKeyRequest, type AddSigningKeyResponse, type AdjustCreditsRequest, type AdjustCreditsResponse, type BeginOAuthLoginArgs, type BeginOAuthLoginResult, type paths as ChainPaths, type CheckoutRequest, type CheckoutResponse, type CreateOrgRequest, type CreateOrgResponse, type CreateOrganizationRequest, type CreateOrganizationResponse, type CreateUserRequest, type CreateUserResponse, DelegatedKeys, type FinalizeWitnessResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GetWitnessResponse, type HealthLiveResponse, type HealthReadyResponse, type LedgerResponse, type ListDelegatedKeysResponse, type ListOauthSessionsResponse, type ListUsersResponse, type LoginRequest, type LoginResponse, type LogoutResponse, MfaNamespace, MfaRecoveryCodes, MfaTotp, type OAuthTokenSnapshot, OauthNamespace, OauthSessions, OrgUsers, type OwnerSigner, type PauseRequest$1 as PauseRequest, type PauseResponse, type PkceVerifierStorage, type PortalResponse, type PrepareDelegatedKeyRequest, type PreparedDelegatedKeyResponse, type ProposeWitnessRequest, type ProposeWitnessResponse, type ProvisionContractRequest, type ProvisionContractResponse, type ProvisionDelegatedKeyArgs, type ProvisionDelegatedKeyResult, type PublicOrgResponse, type RecoveryCodesRegenerateResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDelegatedKeyResponse, type RevokeSigningKeyRequest$1 as RevokeSigningKeyRequest, type RevokeSigningKeyResponse, type RevokeWitnessRequest, type RevokeWitnessResponse, type RotateApiKeyResponse, type SetAccountTypeRequest, type SetAccountTypeResponse, type SignRequest, type SignResponse, type SignWitnessRequest, type SignWitnessResponse, type SignedRequestSigner, SigningKeys, type SignupRequest, type SignupResponse, type SubmitDelegatedKeyRequest, type SubmitDelegatedKeyResponse, Subscriptions, type TotpConfirmRequest, type TotpConfirmResponse, type TotpDisableResponse, type TotpEnrollResponse, type UnpauseRequest, type UnpauseResponse, type VerifyEmailResponse, type VerifyOrganizationResponse, WitniumchainAdminClient, type WitniumchainAdminClientConfig, WitniumchainApiError, WitniumchainChainAdminClient, type WitniumchainChainAdminClientConfig, WitniumchainClient, type WitniumchainClientConfig, WitniumchainOrgClient, type WitniumchainOrgClientConfig, defaultVerifierStorage };
10171
+ /**
10172
+ * Canonical owner-operation messages.
10173
+ *
10174
+ * Owner ops (add/revoke a signing key, pause/unpause a contract) are
10175
+ * authorized by an ed25519 signature from the contract OWNER key over a
10176
+ * canonical message. chain-api re-builds the exact same string server-side
10177
+ * and verifies the signature against the contract's stored owner key, so
10178
+ * the bytes MUST match to the character.
10179
+ *
10180
+ * The canonical form is `JSON.stringify({ op, contract, nonce, ...payload })`
10181
+ * with the contract address LOWER-CASED. (Verified against
10182
+ * ContractsV5Service.executeOwnerOp + a live on-chain addSigningKey.)
10183
+ *
10184
+ * Do NOT hand-roll this as `op:contract:nonce` or any other shape — the
10185
+ * signature will be silently rejected by chain-api ("Invalid owner
10186
+ * signature"). Use these helpers so a future chain-spec change is a single
10187
+ * SDK bump, not a silent break in every consumer.
10188
+ */
10189
+ /** Owner-op type codes — mirror the contract constants (V3–V5). */
10190
+ declare const OWNER_OP: {
10191
+ readonly addSigningKey: 1;
10192
+ readonly revokeSigningKey: 2;
10193
+ readonly pause: 3;
10194
+ readonly unpause: 4;
10195
+ };
10196
+ type OwnerOpName = keyof typeof OWNER_OP;
10197
+ /**
10198
+ * Canonical message to sign for `pause`. `nonce` must be the contract's
10199
+ * current `ownerNonce + 1`.
10200
+ */
10201
+ declare function buildPausePayload(args: {
10202
+ contractAddress: string;
10203
+ nonce: number;
10204
+ }): string;
10205
+ /** Canonical message to sign for `unpause`. */
10206
+ declare function buildUnpausePayload(args: {
10207
+ contractAddress: string;
10208
+ nonce: number;
10209
+ }): string;
10210
+ /**
10211
+ * Canonical message to sign for `addSigningKey`. `newKey` is the 64-hex-char
10212
+ * ed25519 public key being added (no 0x).
10213
+ */
10214
+ declare function buildAddSigningKeyPayload(args: {
10215
+ contractAddress: string;
10216
+ nonce: number;
10217
+ newKey: string;
10218
+ }): string;
10219
+ /**
10220
+ * Canonical message to sign for `revokeSigningKey`. `key` is the 64-hex-char
10221
+ * ed25519 public key being revoked (no 0x).
10222
+ */
10223
+ declare function buildRevokeSigningKeyPayload(args: {
10224
+ contractAddress: string;
10225
+ nonce: number;
10226
+ key: string;
10227
+ }): string;
10228
+
10229
+ export { type AccountResponse, type AccountType, type paths$1 as AccountsPaths, type AddSigningKeyRequest$1 as AddSigningKeyRequest, type AddSigningKeyResponse, type AdjustCreditsRequest, type AdjustCreditsResponse, type BeginOAuthLoginArgs, type BeginOAuthLoginResult, type paths as ChainPaths, type CheckoutRequest, type CheckoutResponse, type CreateOrgRequest, type CreateOrgResponse, type CreateOrganizationRequest, type CreateOrganizationResponse, type CreateUserRequest, type CreateUserResponse, DelegatedKeys, type FinalizeWitnessResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GetWitnessResponse, type HealthLiveResponse, type HealthReadyResponse, type LedgerResponse, type ListDelegatedKeysResponse, type ListOauthSessionsResponse, type ListUsersResponse, type LoginRequest, type LoginResponse, type LogoutResponse, MfaNamespace, MfaRecoveryCodes, MfaTotp, type OAuthTokenSnapshot, OWNER_OP, OauthNamespace, OauthSessions, OrgUsers, type OwnerOpName, type OwnerSigner, type PauseRequest$1 as PauseRequest, type PauseResponse, type PkceVerifierStorage, type PortalResponse, type PrepareDelegatedKeyRequest, type PreparedDelegatedKeyResponse, type ProposeWitnessRequest, type ProposeWitnessResponse, type ProvisionContractRequest, type ProvisionContractResponse, type ProvisionDelegatedKeyArgs, type ProvisionDelegatedKeyResult, type PublicOrgResponse, type RecoveryCodesRegenerateResponse, type ResetAccountResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDelegatedKeyResponse, type RevokeSigningKeyRequest$1 as RevokeSigningKeyRequest, type RevokeSigningKeyResponse, type RevokeWitnessRequest, type RevokeWitnessResponse, type RotateApiKeyResponse, type SetAccountTypeRequest, type SetAccountTypeResponse, type SignRequest, type SignResponse, type SignWitnessRequest, type SignWitnessResponse, type SignedRequestSigner, SigningKeys, type SignupRequest, type SignupResponse, type SubmitDelegatedKeyRequest, type SubmitDelegatedKeyResponse, Subscriptions, type TotpConfirmRequest, type TotpConfirmResponse, type TotpDisableResponse, type TotpEnrollResponse, type UnpauseRequest, type UnpauseResponse, type VerifyEmailResponse, type VerifyOrganizationResponse, WitniumchainAdminClient, type WitniumchainAdminClientConfig, WitniumchainApiError, WitniumchainChainAdminClient, type WitniumchainChainAdminClientConfig, WitniumchainClient, type WitniumchainClientConfig, WitniumchainOrgClient, type WitniumchainOrgClientConfig, buildAddSigningKeyPayload, buildPausePayload, buildRevokeSigningKeyPayload, buildUnpausePayload, defaultVerifierStorage };
package/dist/index.js CHANGED
@@ -129,12 +129,13 @@ var WitniumchainClient = class {
129
129
  this.baseUrl = config.baseUrl.replace(/\/$/, "");
130
130
  this.chainBaseUrl = config.chainBaseUrl?.replace(/\/$/, "");
131
131
  this.timeout = config.timeout ?? 3e4;
132
- this.fetchImpl = config.fetch ?? globalThis.fetch;
133
- if (!this.fetchImpl) {
132
+ const resolvedFetch = config.fetch ?? (globalThis.fetch ? globalThis.fetch.bind(globalThis) : void 0);
133
+ if (!resolvedFetch) {
134
134
  throw new Error(
135
135
  "WitniumchainClient: no fetch implementation available. Pass `config.fetch`."
136
136
  );
137
137
  }
138
+ this.fetchImpl = resolvedFetch;
138
139
  this.accessToken = config.accessToken;
139
140
  this.oauthClientId = config.oauthClientId;
140
141
  this.verifierStorage = config.verifierStorage;
@@ -414,6 +415,16 @@ var WitniumchainClient = class {
414
415
  getLedger() {
415
416
  return this.req("GET", "/v1/account/ledger", { auth: "SessionCookie" });
416
417
  }
418
+ /**
419
+ * DEV-ONLY: hard-delete the authenticated user + their org + contracts +
420
+ * delegated keys so signup can be re-run from scratch. Gated behind
421
+ * WITNIUM_PRE_LAUNCH on the server (throws 403 otherwise). The on-chain
422
+ * contract is orphaned (immutable). Removed before customer onboarding —
423
+ * do not build product UI on this; it's a dev-loop convenience.
424
+ */
425
+ deleteAccount() {
426
+ return this.req("DELETE", "/v1/account", { auth: "SessionCookie" });
427
+ }
417
428
  // ────────────────────────────────────────────────────────────────────────
418
429
  // MFA (/v1/account/mfa/*)
419
430
  //
@@ -1384,7 +1395,7 @@ var WitniumchainChainAdminClient = class {
1384
1395
  this.adminToken = config.adminToken;
1385
1396
  this.adminTokenProvider = config.adminTokenProvider;
1386
1397
  this.timeout = config.timeout ?? 3e4;
1387
- this.fetchImpl = config.fetch ?? globalThis.fetch;
1398
+ this.fetchImpl = config.fetch ?? globalThis.fetch.bind(globalThis);
1388
1399
  }
1389
1400
  async deployContract(body) {
1390
1401
  return this.req("POST", "/v5/contracts/deploy", body);
@@ -1505,10 +1516,55 @@ var OrgUsers = class {
1505
1516
  }
1506
1517
  };
1507
1518
 
1519
+ // src/owner-ops.ts
1520
+ var OWNER_OP = {
1521
+ addSigningKey: 1,
1522
+ revokeSigningKey: 2,
1523
+ pause: 3,
1524
+ unpause: 4
1525
+ };
1526
+ function build(op, contractAddress, nonce, payload = {}) {
1527
+ if (!/^0x[0-9a-fA-F]{40}$/.test(contractAddress)) {
1528
+ throw new Error("contractAddress must be 0x + 40 hex chars");
1529
+ }
1530
+ if (!Number.isInteger(nonce) || nonce < 0) {
1531
+ throw new Error("nonce must be a non-negative integer");
1532
+ }
1533
+ return JSON.stringify({
1534
+ op,
1535
+ contract: contractAddress.toLowerCase(),
1536
+ nonce,
1537
+ ...payload
1538
+ });
1539
+ }
1540
+ function buildPausePayload(args) {
1541
+ return build(OWNER_OP.pause, args.contractAddress, args.nonce);
1542
+ }
1543
+ function buildUnpausePayload(args) {
1544
+ return build(OWNER_OP.unpause, args.contractAddress, args.nonce);
1545
+ }
1546
+ function buildAddSigningKeyPayload(args) {
1547
+ if (!/^[0-9a-fA-F]{64}$/.test(args.newKey)) {
1548
+ throw new Error("newKey must be 64 hex chars (no 0x)");
1549
+ }
1550
+ return build(OWNER_OP.addSigningKey, args.contractAddress, args.nonce, {
1551
+ newKey: args.newKey
1552
+ });
1553
+ }
1554
+ function buildRevokeSigningKeyPayload(args) {
1555
+ if (!/^[0-9a-fA-F]{64}$/.test(args.key)) {
1556
+ throw new Error("key must be 64 hex chars (no 0x)");
1557
+ }
1558
+ return build(OWNER_OP.revokeSigningKey, args.contractAddress, args.nonce, {
1559
+ key: args.key
1560
+ });
1561
+ }
1562
+
1508
1563
  exports.DelegatedKeys = DelegatedKeys;
1509
1564
  exports.MfaNamespace = MfaNamespace;
1510
1565
  exports.MfaRecoveryCodes = MfaRecoveryCodes;
1511
1566
  exports.MfaTotp = MfaTotp;
1567
+ exports.OWNER_OP = OWNER_OP;
1512
1568
  exports.OauthNamespace = OauthNamespace;
1513
1569
  exports.OauthSessions = OauthSessions;
1514
1570
  exports.OrgUsers = OrgUsers;
@@ -1519,6 +1575,10 @@ exports.WitniumchainApiError = WitniumchainApiError;
1519
1575
  exports.WitniumchainChainAdminClient = WitniumchainChainAdminClient;
1520
1576
  exports.WitniumchainClient = WitniumchainClient;
1521
1577
  exports.WitniumchainOrgClient = WitniumchainOrgClient;
1578
+ exports.buildAddSigningKeyPayload = buildAddSigningKeyPayload;
1579
+ exports.buildPausePayload = buildPausePayload;
1580
+ exports.buildRevokeSigningKeyPayload = buildRevokeSigningKeyPayload;
1581
+ exports.buildUnpausePayload = buildUnpausePayload;
1522
1582
  exports.defaultVerifierStorage = defaultVerifierStorage;
1523
1583
  //# sourceMappingURL=index.js.map
1524
1584
  //# sourceMappingURL=index.js.map