/** * Sign-In-With-X (SIWx) Type Definitions * * CAIP-122 compliant wallet-based identity assertions for t402 protocol. */ /** * Supported signature schemes for SIWx. */ type SignatureScheme = "eip191" | "eip712" | "eip1271" | "eip6492" | "siws" | "sep10"; /** * Information provided by server about SIWx requirements. */ interface SIWxExtensionInfo { /** Domain derived from resourceUri (without protocol) */ domain: string; /** Full resource URI */ uri: string; /** Optional statement explaining what the signature is for */ statement?: string; /** SIWx version (default: "1") */ version: string; /** Chain ID in CAIP-2 format (e.g., "eip155:8453") */ chainId: string; /** Cryptographically secure nonce */ nonce: string; /** ISO 8601 timestamp when message was issued */ issuedAt: string; /** ISO 8601 timestamp when signature expires */ expirationTime?: string; /** ISO 8601 timestamp before which signature is not valid */ notBefore?: string; /** Optional request ID for session correlation */ requestId?: string; /** Resources being authenticated for */ resources: string[]; /** Preferred signature scheme */ signatureScheme?: SignatureScheme; } /** * SIWx extension declaration for server responses. */ interface SIWxExtension { /** Extension information */ info: SIWxExtensionInfo; /** JSON Schema for validation */ schema: object; } /** * Complete SIWx payload including signature. */ interface SIWxPayload { /** Domain from the server */ domain: string; /** Wallet address making the assertion */ address: string; /** Optional statement */ statement?: string; /** Resource URI */ uri: string; /** SIWx version */ version: string; /** Chain ID in CAIP-2 format */ chainId: string; /** Nonce from server */ nonce: string; /** ISO 8601 timestamp when message was issued */ issuedAt: string; /** ISO 8601 timestamp when signature expires */ expirationTime?: string; /** ISO 8601 timestamp before which signature is not valid */ notBefore?: string; /** Optional request ID */ requestId?: string; /** Resources array */ resources?: string[]; /** Cryptographic signature */ signature: string; } /** * Options for declaring SIWx extension on server. */ interface DeclareSIWxOptions { /** Full URI of the resource (domain derived from this) */ resourceUri: string; /** Optional statement explaining the sign-in purpose */ statement?: string; /** SIWx version (defaults to "1") */ version?: string; /** Network in CAIP-2 format (e.g., "eip155:8453") */ network: `${string}:${string}`; /** Expiration time (auto-set to +5 minutes if not provided) */ expirationTime?: string; /** Preferred signature scheme */ signatureScheme?: SignatureScheme; } /** * Options for validating SIWx messages. */ interface ValidateSIWxOptions { /** Maximum age of issuedAt in milliseconds (default: 5 minutes) */ maxAge?: number; /** Custom nonce validation function */ checkNonce?: (nonce: string) => boolean; } /** * Options for verifying SIWx signatures. */ interface VerifySIWxOptions { /** Web3 provider for on-chain verification */ provider?: unknown; /** Enable EIP-1271/6492 smart wallet verification */ checkSmartWallet?: boolean; } /** * Result of SIWx message validation. */ interface SIWxValidationResult { /** Whether the message is valid */ valid: boolean; /** Error message if invalid */ error?: string; } /** * Result of SIWx signature verification. */ interface SIWxVerificationResult { /** Whether the signature is valid */ valid: boolean; /** Recovered/verified address */ address?: string; /** Error message if invalid */ error?: string; } /** * Signer interface for client-side signing. */ interface SIWxSigner { /** Wallet address */ address: string; /** Sign a message using personal_sign (EIP-191) */ signMessage?(message: string): Promise; /** Sign typed data (EIP-712) */ signTypedData?(data: unknown): Promise; } /** * Sign-In-With-X (SIWx) Server-Side Implementation * * Provides functions for servers to declare SIWx requirements, * parse client headers, and verify signatures. */ /** * Declares a SIWx extension for server responses. * * @param options - Extension declaration options * @returns SIWx extension object ready for response * * @example * ```typescript * const extension = declareSIWxExtension({ * resourceUri: "https://api.example.com/premium", * network: "eip155:8453", * statement: "Sign in to access premium content", * }); * ``` */ declare function declareSIWxExtension(options: DeclareSIWxOptions): SIWxExtension; /** * Parses a SIWx header from client request. * * The header format is base64-encoded JSON. * * @param header - Base64-encoded SIWx header value * @returns Parsed SIWx payload * @throws Error if header is invalid * * @example * ```typescript * const payload = parseSIWxHeader(request.headers['x-t402-siwx']); * ``` */ declare function parseSIWxHeader(header: string): SIWxPayload; /** * Validates a SIWx message against expected values. * * @param message - The SIWx payload to validate * @param expectedResourceUri - Expected resource URI (domain validated from this) * @param options - Validation options * @returns Validation result * * @example * ```typescript * const result = validateSIWxMessage(payload, "https://api.example.com/premium", { * maxAge: 5 * 60 * 1000, // 5 minutes * checkNonce: (nonce) => usedNonces.has(nonce) === false, * }); * ``` */ declare function validateSIWxMessage(message: SIWxPayload, expectedResourceUri: string, options?: ValidateSIWxOptions): SIWxValidationResult; /** * Verifies a SIWx signature. * * Supports EIP-191 personal signatures for EVM chains, Ed25519 for Solana/Stellar/TON, * TRON secp256k1 with base58check addresses, * and can optionally verify smart wallet signatures via EIP-1271/6492. * * @param message - The SIWx payload to verify * @param signature - The signature to verify (hex-encoded) * @param options - Verification options * @returns Verification result with recovered address * * @example * ```typescript * const result = await verifySIWxSignature(payload, payload.signature, { * checkSmartWallet: true, * provider: web3Provider, * }); * ``` */ declare function verifySIWxSignature(message: SIWxPayload, signature: string, options?: VerifySIWxOptions): Promise; /** * Constructs the CAIP-122 message string from payload. * * @param payload - SIWx payload * @returns CAIP-122 formatted message string */ declare function constructMessage(payload: SIWxPayload): string; /** * Hashes a message with the Ethereum signed message prefix (EIP-191). * * @param message - Message to hash * @returns Hex-encoded keccak256 hash with 0x prefix */ declare function hashMessage(message: string): string; /** * Verifies a signature using EIP-6492 (universal signature verification). * * This supports both deployed and undeployed smart wallets. * * @param walletAddress - Wallet address (may be counterfactual) * @param messageHash - Hash of the message that was signed * @param signature - The signature (may include deployment data) * @param provider - Ethereum provider * @returns True if signature is valid */ declare function verifyEIP6492Signature(walletAddress: string, messageHash: string, signature: string, provider: unknown): Promise; /** * Sign-In-With-X (SIWx) Client-Side Implementation * * Provides functions for clients to create and sign SIWx messages. */ /** * Encodes a SIWx payload for transmission in HTTP header. * * @param payload - The SIWx payload to encode * @returns Base64-encoded JSON string * * @example * ```typescript * const header = encodeSIWxHeader(payload); * fetch(url, { * headers: { 'X-T402-SIWx': header } * }); * ``` */ declare function encodeSIWxHeader(payload: SIWxPayload): string; /** * Creates a CAIP-122 formatted message string from server info. * * @param serverInfo - Extension info from server * @param address - Wallet address signing the message * @returns CAIP-122 formatted message string ready for signing * * @example * ```typescript * const message = createSIWxMessage(extension.info, wallet.address); * const signature = await wallet.signMessage(message); * ``` */ declare function createSIWxMessage(serverInfo: SIWxExtensionInfo, address: string): string; /** * Creates EIP-712 typed data for SIWx signing. * * @param serverInfo - Extension info from server * @param address - Wallet address signing the message * @returns EIP-712 typed data object */ declare function createSIWxTypedData(serverInfo: SIWxExtensionInfo, address: string): { domain: { name: string; version: string; chainId: number; }; types: { SIWx: Array<{ name: string; type: string; }>; }; primaryType: "SIWx"; message: Record; }; /** * Signs a SIWx message using the provided signer. * * @param message - CAIP-122 formatted message to sign * @param signer - Wallet/signer interface with signMessage * @param options - Signing options * @param options.signatureScheme - Signature scheme to use * @param options.serverInfo - Server info for verification * @returns Hex-encoded signature * * @example * ```typescript * const signature = await signSIWxMessage(message, wallet, { * signatureScheme: 'eip191' * }); * ``` */ declare function signSIWxMessage(message: string, signer: SIWxSigner, options?: { signatureScheme?: SignatureScheme; serverInfo?: SIWxExtensionInfo; }): Promise; /** * Creates a complete SIWx payload from server extension and signer. * * This is the main entry point for clients - it handles message construction, * signing, and payload assembly. * * @param serverExtension - Extension from server's 402 response * @param signer - Wallet/signer interface * @returns Complete signed SIWx payload ready for header encoding * * @example * ```typescript * // Get extension from server 402 response * const extension = paymentRequirements.extensions?.siwx; * * // Create signed payload * const payload = await createSIWxPayload(extension, wallet); * * // Encode and send with retry * const header = encodeSIWxHeader(payload); * fetch(url, { * headers: { 'X-T402-SIWx': header } * }); * ``` */ declare function createSIWxPayload(serverExtension: SIWxExtension, signer: SIWxSigner): Promise; /** * Extension key for SIWx in payment requirements. */ declare const SIWX_EXTENSION_KEY = "siwx"; /** * HTTP header name for SIWx payload. */ declare const SIWX_HEADER_NAME = "X-T402-SIWx"; export { type DeclareSIWxOptions, SIWX_EXTENSION_KEY, SIWX_HEADER_NAME, type SIWxExtension, type SIWxExtensionInfo, type SIWxPayload, type SIWxSigner, type SIWxValidationResult, type SIWxVerificationResult, type SignatureScheme, type ValidateSIWxOptions, type VerifySIWxOptions, constructMessage, createSIWxMessage, createSIWxPayload, createSIWxTypedData, declareSIWxExtension, encodeSIWxHeader, hashMessage, parseSIWxHeader, signSIWxMessage, validateSIWxMessage, verifyEIP6492Signature, verifySIWxSignature };