From 7e5aa2e7f1c058f6a4f376e49014d23f28190f5a Mon Sep 17 00:00:00 2001
From: Jeff Emmett <jeffemmett@gmail.com>
Date: Wed, 11 Mar 2026 21:59:09 -0700
Subject: [PATCH] fix(rwallet): use claims.did instead of claims.sub for CRDT
 token balance lookup

JWT sub contains the userId (not the DID). The DID is in claims.did.
Without this fix, my-balances never matches any token holder.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 modules/rwallet/mod.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/rwallet/mod.ts b/modules/rwallet/mod.ts
index 2e3b3ff..60c9e8c 100644
--- a/modules/rwallet/mod.ts
+++ b/modules/rwallet/mod.ts
@@ -588,7 +588,7 @@ routes.get("/api/crdt-tokens/my-balances", async (c) => {
 	const claims = await verifyWalletAuth(c);
 	if (!claims) return c.json({ error: "Authentication required" }, 401);
 
-	const did = claims.sub;
+	const did = (claims as any).did || claims.sub;
 	const docIds = listTokenDocs();
 	const balances = docIds.map((docId) => {
 		const tokenId = docId.replace('global:tokens:ledgers:', '');