LIT-Protocol · Ansonhkg · Jul 31, 2025 · Jul 30, 2025 · Jul 31, 2025 · Jul 31, 2025
diff --git a/packages/auth-services/src/auth-server/src/routes/pkp/mint.ts b/packages/auth-services/src/auth-server/src/routes/pkp/mint.ts
@@ -1,13 +1,13 @@
-import { MintRequestRaw } from '@lit-protocol/networks';
 import { ElysiaInstance } from '../../types/ElysiaInstance.type';
 import { addJob } from '../../../../queue-manager/src/bullmqSetup';
 import { resp } from '../../response-helpers/response-helpers';
 import { mintPkpDoc } from '../../../../queue-manager/src/handlers/pkpMint/pkpMint.doc';
+import { AuthServiceMintRequestRaw } from '../../schemas/AuthServiceMintRequestSchema';
 
 export const mint = (app: ElysiaInstance) => {
   app.post(
     '/mint',
-    async ({ body }: { body: MintRequestRaw }) => {
+    async ({ body }: { body: AuthServiceMintRequestRaw }) => {
       try {
         const job = await addJob('pkpMint', { requestBody: body });
         return resp.QUEUED(job.id, 'PKP minting request queued successfully.');

diff --git a/packages/auth-services/src/auth-server/src/schemas/AuthServiceMintRequestSchema.ts b/packages/auth-services/src/auth-server/src/schemas/AuthServiceMintRequestSchema.ts
@@ -0,0 +1,41 @@
+import { t } from 'elysia';
+import { z } from 'zod';
+
+/**
+ * Schema for auth service PKP mint request
+ * This is a simplified version for minting with a single auth method
+ */
+export const AuthServiceMintRequestSchema = z.object({
+  authMethodType: z.string(),
+  authMethodId: z.string(),
+  pubkey: z.string().optional().default('0x'),
+  scopes: z
+    .array(z.enum(['sign-anything', 'personal-sign', 'no-permissions']))
+    .optional(),
+});
+
+// User Input Type - what the API accepts
+export type AuthServiceMintRequestRaw = z.input<
+  typeof AuthServiceMintRequestSchema
+>;
+
+// Transformed/Validated Type - after validation
+export type AuthServiceMintRequestTransformed = z.infer<
+  typeof AuthServiceMintRequestSchema
+>;
+
+// Elysia Schema for runtime validation
+export const tAuthServiceMintRequestSchema = t.Object({
+  authMethodType: t.String(),
+  authMethodId: t.String(),
+  pubkey: t.Optional(t.String({ default: '0x' })),
+  scopes: t.Optional(
+    t.Array(
+      t.Union([
+        t.Literal('sign-anything'),
+        t.Literal('personal-sign'),
+        t.Literal('no-permissions'),
+      ])
+    )
+  ),
+});
diff --git a/packages/auth-services/src/queue-manager/src/handlers/pkpMint/pkpMint.doc.ts b/packages/auth-services/src/queue-manager/src/handlers/pkpMint/pkpMint.doc.ts
@@ -36,6 +36,22 @@ export const mintPkpDoc = {
             "Public key associated with the authentication method. This is primarily used for WebAuthn, where it should be the public key obtained from the WebAuthn registration process. For other authentication types, if this field is omitted or an empty string is provided, it will default to '0x'. If explicitly providing for non-WebAuthn, use '0x'.",
         })
       ),
+      scopes: t.Optional(
+        t.Array(
+          t.Union([
+            t.Literal('sign-anything'),
+            t.Literal('personal-sign'),
+            t.Literal('no-permissions'),
+          ]),
+          {
+            description:
+              'Array of permission scopes to grant to the PKP. If omitted, defaults to an empty array (no permissions). Available scopes:\n' +
+              '- "sign-anything": Allows the PKP to sign any message\n' +
+              '- "personal-sign": Allows the PKP to sign personal messages only\n' +
+              '- "no-permissions": Explicitly sets no permissions',
+          }
+        )
+      ),
     },
     {
       description:

diff --git a/packages/auth-services/src/queue-manager/src/handlers/pkpMint/pkpMint.handler.ts b/packages/auth-services/src/queue-manager/src/handlers/pkpMint/pkpMint.handler.ts
@@ -12,6 +12,7 @@ export async function handlePkpMintTask(jobData: {
     authMethodType: string;
     authMethodId: Hex;
     pubkey: Hex;
+    scopes?: ('sign-anything' | 'personal-sign' | 'no-permissions')[];
   };
 }): Promise<any> {
   const userAuthData: Optional<AuthData, 'accessToken'> = {
@@ -23,7 +24,7 @@ export async function handlePkpMintTask(jobData: {
   const result = await globalThis.systemContext.litClient.mintWithAuth({
     account: globalThis.systemContext.account,
     authData: userAuthData,
-    scopes: ['sign-anything'],
+    scopes: jobData.requestBody.scopes || [],
   });
 
   console.log(

diff --git a/packages/lit-client/src/lib/LitClient/createLitClient.ts b/packages/lit-client/src/lib/LitClient/createLitClient.ts
@@ -866,7 +866,7 @@ export const _createNagaLitClient = async (
       });
     },
     authService: {
-      mintWithAuth: networkModule.authService.pkpMint,
+      mintWithAuth:  networkModule.authService.pkpMint,
     },
     executeJs: async (
       params: z.infer<typeof networkModule.api.executeJs.schemas.Input>

diff --git a/packages/networks/src/networks/vNaga/envs/naga-dev/naga-dev.module.ts b/packages/networks/src/networks/vNaga/envs/naga-dev/naga-dev.module.ts
@@ -447,6 +447,7 @@ const networkModuleObject = {
     pkpMint: async (params: {
       authData: AuthData;
       authServiceBaseUrl?: string;
+      scopes?: ('sign-anything' | 'personal-sign' | 'no-permissions')[];
     }) => {
       return await handleAuthServerRequest<PKPData>({
         jobName: 'PKP Minting',
@@ -458,6 +459,7 @@ const networkModuleObject = {
           authMethodType: params.authData.authMethodType,
           authMethodId: params.authData.authMethodId,
           pubkey: params.authData.publicKey,
+          scopes: params.scopes,
         },
       });
     },

diff --git a/packages/networks/src/networks/vNaga/envs/naga-local/naga-local.module.ts b/packages/networks/src/networks/vNaga/envs/naga-local/naga-local.module.ts
@@ -447,6 +447,7 @@ const networkModuleObject = {
     pkpMint: async (params: {
       authData: AuthData;
       authServiceBaseUrl?: string;
+      scopes?: ('sign-anything' | 'personal-sign' | 'no-permissions')[];
     }) => {
       return await handleAuthServerRequest<PKPData>({
         jobName: 'PKP Minting',
@@ -458,6 +459,7 @@ const networkModuleObject = {
           authMethodType: params.authData.authMethodType,
           authMethodId: params.authData.authMethodId,
           pubkey: params.authData.publicKey,
+          scopes: params.scopes,
         },
       });
     },

diff --git a/packages/networks/src/networks/vNaga/envs/naga-staging/naga-staging.module.ts b/packages/networks/src/networks/vNaga/envs/naga-staging/naga-staging.module.ts
@@ -447,6 +447,7 @@ const networkModuleObject = {
     pkpMint: async (params: {
       authData: AuthData;
       authServiceBaseUrl?: string;
+      scopes?: ('sign-anything' | 'personal-sign' | 'no-permissions')[];
     }) => {
       return await handleAuthServerRequest<PKPData>({
         jobName: 'PKP Minting',
@@ -458,6 +459,7 @@ const networkModuleObject = {
           authMethodType: params.authData.authMethodType,
           authMethodId: params.authData.authMethodId,
           pubkey: params.authData.publicKey,
+          scopes: params.scopes,
         },
       });
     },

diff --git a/packages/networks/src/networks/vNaga/envs/naga-test/naga-test.module.ts b/packages/networks/src/networks/vNaga/envs/naga-test/naga-test.module.ts
@@ -447,6 +447,7 @@ const networkModuleObject = {
     pkpMint: async (params: {
       authData: AuthData;
       authServiceBaseUrl?: string;
+      scopes?: ('sign-anything' | 'personal-sign' | 'no-permissions')[];
     }) => {
       return await handleAuthServerRequest<PKPData>({
         jobName: 'PKP Minting',
@@ -458,6 +459,7 @@ const networkModuleObject = {
           authMethodType: params.authData.authMethodType,
           authMethodId: params.authData.authMethodId,
           pubkey: params.authData.publicKey,
+          scopes: params.scopes,
         },
       });
     },