MetaMask · chaitanyapotti · Mar 31, 2026 · Mar 27, 2026 · Mar 27, 2026 · Mar 27, 2026
diff --git a/.gitignore b/.gitignore
@@ -105,3 +105,5 @@ dist
 
 .env.test
 **/*.DS_Store
+
+.npmrc
diff --git a/package-lock.json b/package-lock.json
diff --git a/src/helpers/citadelUtils.ts b/src/helpers/citadelUtils.ts
@@ -1,17 +1,34 @@
-import { BUILD_ENV_TYPE, CITADEL_SERVER_MAP } from "@toruslabs/constants";
-import { get } from "@toruslabs/http-helpers";
+import { BUILD_ENV_TYPE, CITADEL_SERVER_MAP, TORUS_NETWORK_TYPE } from "@toruslabs/constants";
+import { get, put } from "@toruslabs/http-helpers";
 
-export interface CitadelAllowParams {
+import { RetrieveSharesParams } from "../interfaces";
+
+export interface CitadelAuthFlowAuditParams {
+  oauthInitiated?: boolean;
+  oauthVerified?: boolean;
+  oauthCompleted?: boolean;
+  oauthVerificationFailed?: boolean;
+  oauthFailed?: boolean;
+}
+
+export interface CitadelAllowParams extends CitadelAuthFlowAuditParams {
   buildEnv: BUILD_ENV_TYPE;
   verifier: string;
   verifierId: string;
   network: string;
   clientId: string;
   recordId: string;
   source?: string;
-  torusLoginInitiated?: boolean;
-  torusLoginSuccess?: boolean;
-  torusLoginFailed?: boolean;
+}
+
+export interface CitadelAuditParams extends CitadelAuthFlowAuditParams {
+  recordId: string;
+  authConnection: string;
+  authConnectionId: string;
+  groupedAuthConnectionId: string;
+  oAuthUserId: string;
+  web3AuthNetwork: string;
+  web3AuthClientId: string;
 }
 
 export function buildAllowUrl(params: CitadelAllowParams): string {
@@ -24,22 +41,55 @@ export function buildAllowUrl(params: CitadelAllowParams): string {
   if (params.source) {
     url.searchParams.set("source", params.source);
   }
-  if (typeof params.torusLoginInitiated !== "undefined") {
-    url.searchParams.set("toruslogininitiated", params.torusLoginInitiated.toString());
+  if (params.oauthInitiated) {
+    url.searchParams.set("oauthinitiated", params.oauthInitiated.toString());
+  }
+  if (params.oauthVerified) {
+    url.searchParams.set("oauthverified", params.oauthVerified.toString());
   }
-  if (typeof params.torusLoginSuccess !== "undefined") {
-    url.searchParams.set("torusloginsuccess", params.torusLoginSuccess.toString());
+  if (params.oauthCompleted) {
+    url.searchParams.set("oauthcompleted", params.oauthCompleted.toString());
   }
-  if (typeof params.torusLoginFailed !== "undefined") {
-    url.searchParams.set("torusloginfailed", params.torusLoginFailed.toString());
+  if (params.oauthVerificationFailed) {
+    url.searchParams.set("oauthverificationfailed", params.oauthVerificationFailed.toString());
+  }
+  if (params.oauthFailed) {
+    url.searchParams.set("oauthfailed", params.oauthFailed.toString());
   }
   return url.toString();
 }
 
+export function buildAuditPayload(
+  network: TORUS_NETWORK_TYPE,
+  clientId: string,
+  params: RetrieveSharesParams,
+  authFlowAuditParams: CitadelAuthFlowAuditParams
+): CitadelAuditParams {
+  if (!params.recordId) {
+    params.recordId = generateRecordId();
+  }
+
+  return {
+    ...authFlowAuditParams,
+    recordId: params.recordId,
+    authConnection: params.authConnection || "",
+    authConnectionId: params.verifierParams.sub_verifier_ids?.[0] || "",
+    groupedAuthConnectionId: params.verifier || "",
+    oAuthUserId: params.verifierParams.verifier_id || "",
+    web3AuthNetwork: network,
+    web3AuthClientId: clientId,
+  };
+}
+
 export async function callAllowApi(params: CitadelAllowParams): Promise<void> {
   await get<void>(buildAllowUrl(params));
 }
 
+export async function callAuditApi(buildEnv: BUILD_ENV_TYPE, params: CitadelAuditParams): Promise<void> {
+  const url = new URL(`${CITADEL_SERVER_MAP[buildEnv]}/v1/auth/audit`);
+  await put<void>(url.toString(), params);
+}
+
 export function generateRecordId(): string {
   const cr = typeof globalThis === "object" ? globalThis.crypto : null;
   if (typeof cr?.randomUUID !== "function") throw new Error("crypto.randomUUID must be defined");

diff --git a/src/helpers/nodeUtils.ts b/src/helpers/nodeUtils.ts
@@ -390,6 +390,7 @@ export async function retrieveOrImportShare(params: {
     source,
     recordId,
   } = params;
+  // call feature-gating check before share retrieval
   await callAllowApi({
     buildEnv,
     verifier,
@@ -398,7 +399,6 @@ export async function retrieveOrImportShare(params: {
     clientId,
     source,
     recordId,
-    torusLoginInitiated: true,
   });
 
   // generate temporary private and public key that is used to secure receive shares

diff --git a/src/interfaces.ts b/src/interfaces.ts
@@ -221,6 +221,7 @@ export interface VerifierParams {
   [key: string]: unknown;
   verifier_id: string;
   extended_verifier_id?: string;
+  sub_verifier_ids?: string[];
 }
 
 export type StringifiedType = Record<string, unknown>;
@@ -283,6 +284,11 @@ export interface ImportKeyParams {
   newPrivateKey: string;
   extraParams?: TorusUtilsExtraParams;
   checkCommitment?: boolean;
+
+  /**
+   * Optional recordId to used for the analytics tracking.
+   */
+  recordId?: string;
 }
 
 export interface RetrieveSharesParams {
@@ -295,4 +301,15 @@ export interface RetrieveSharesParams {
   extraParams?: TorusUtilsExtraParams;
   useDkg?: boolean;
   checkCommitment?: boolean;
+
+  /**
+   * User social login provider name.
+   * This is used for the analytics tracking.
+   */
+  authConnection?: string;
+
+  /**
+   * Optional recordId to used for the analytics tracking.
+   */
+  recordId?: string;
 }
Original file line number	Diff line number	Diff line change
Expand Up		@@ -105,3 +105,5 @@ dist

		.env.test
		*/.DS_Store

		.npmrc