accounts

import { Address, Hex } from 'ox'; import { SignatureEnvelope } from 'ox/tempo'; import { type Chain, type Client, type Transport } from 'viem'; import * as z from 'zod/mini'; import type { MaybePromise } from '../internal/types.js'; import type { Kv } from './Kv.js'; /** Supported access-key types for CLI bootstrap. */ export declare const keyType: z.ZodMiniUnion<readonly [z.ZodMiniLiteral<"secp256k1">, z.ZodMiniLiteral<"p256">, z.ZodMiniLiteral<"webAuthn">]>; /** Signed key authorization returned by the device-code flow. */ export declare const keyAuthorization: z.ZodMiniObject<{ address: z.ZodMiniTemplateLiteral<`0x${string}`>; chainId: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; expiry: z.ZodMiniUnion<readonly [z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniNumber<number>>, z.ZodMiniNull, z.ZodMiniUndefined]>; keyId: z.ZodMiniTemplateLiteral<`0x${string}`>; keyType: z.ZodMiniUnion<readonly [z.ZodMiniLiteral<"secp256k1">, z.ZodMiniLiteral<"p256">, z.ZodMiniLiteral<"webAuthn">]>; limits: z.ZodMiniOptional<z.ZodMiniReadonly<z.ZodMiniArray<z.ZodMiniObject<{ token: z.ZodMiniTemplateLiteral<`0x${string}`>; limit: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; }, z.core.$strip>>>>; signature: z.ZodMiniCustom<SignatureEnvelope.SignatureEnvelopeRpc, SignatureEnvelope.SignatureEnvelopeRpc>; }, z.core.$strip>; /** CLI auth device-code creation request body. */ export declare const createRequest: z.ZodMiniObject<{ account: z.ZodMiniOptional<z.ZodMiniTemplateLiteral<`0x${string}`>>; chainId: z.ZodMiniOptional<z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>>; codeChallenge: z.ZodMiniString<string>; expiry: z.ZodMiniOptional<z.ZodMiniNumber<number>>; keyType: z.ZodMiniOptional<z.ZodMiniUnion<readonly [z.ZodMiniLiteral<"secp256k1">, z.ZodMiniLiteral<"p256">, z.ZodMiniLiteral<"webAuthn">]>>; limits: z.ZodMiniOptional<z.ZodMiniReadonly<z.ZodMiniArray<z.ZodMiniObject<{ token: z.ZodMiniTemplateLiteral<`0x${string}`>; limit: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; }, z.core.$strip>>>>; pubKey: z.ZodMiniTemplateLiteral<`0x${string}`>; }, z.core.$strip>; /** Response body for `POST /cli-auth/device-code`. */ export declare const createResponse: z.ZodMiniObject<{ code: z.ZodMiniString<string>; }, z.core.$strip>; /** Request body for `POST /auth/pkce/poll/:code`. */ export declare const pollRequest: z.ZodMiniObject<{ codeVerifier: z.ZodMiniString<string>; }, z.core.$strip>; /** Response body for `POST /auth/pkce/poll/:code`. */ export declare const pollResponse: Omit<z.ZodMiniUnion<readonly [z.ZodMiniObject<{ status: z.ZodMiniLiteral<"pending">; }, z.core.$strip>, z.ZodMiniObject<{ status: z.ZodMiniLiteral<"authorized">; accountAddress: z.ZodMiniTemplateLiteral<`0x${string}`>; keyAuthorization: z.ZodMiniObject<{ address: z.ZodMiniTemplateLiteral<`0x${string}`>; chainId: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; expiry: z.ZodMiniUnion<readonly [z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniNumber<number>>, z.ZodMiniNull, z.ZodMiniUndefined]>; keyId: z.ZodMiniTemplateLiteral<`0x${string}`>; keyType: z.ZodMiniUnion<readonly [z.ZodMiniLiteral<"secp256k1">, z.ZodMiniLiteral<"p256">, z.ZodMiniLiteral<"webAuthn">]>; limits: z.ZodMiniOptional<z.ZodMiniReadonly<z.ZodMiniArray<z.ZodMiniObject<{ token: z.ZodMiniTemplateLiteral<`0x${string}`>; limit: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; }, z.core.$strip>>>>; signature: z.ZodMiniCustom<SignatureEnvelope.SignatureEnvelopeRpc, SignatureEnvelope.SignatureEnvelopeRpc>; }, z.core.$strip>; }, z.core.$strip>, z.ZodMiniObject<{ status: z.ZodMiniLiteral<"expired">; }, z.core.$strip>]>, "_zod"> & { _zod: Omit<z.core.$ZodUnionInternals<readonly [z.ZodMiniObject<{ status: z.ZodMiniLiteral<"pending">; }, z.core.$strip>, z.ZodMiniObject<{ status: z.ZodMiniLiteral<"authorized">; accountAddress: z.ZodMiniTemplateLiteral<`0x${string}`>; keyAuthorization: z.ZodMiniObject<{ address: z.ZodMiniTemplateLiteral<`0x${string}`>; chainId: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; expiry: z.ZodMiniUnion<readonly [z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniNumber<number>>, z.ZodMiniNull, z.ZodMiniUndefined]>; keyId: z.ZodMiniTemplateLiteral<`0x${string}`>; keyType: z.ZodMiniUnion<readonly [z.ZodMiniLiteral<"secp256k1">, z.ZodMiniLiteral<"p256">, z.ZodMiniLiteral<"webAuthn">]>; limits: z.ZodMiniOptional<z.ZodMiniReadonly<z.ZodMiniArray<z.ZodMiniObject<{ token: z.ZodMiniTemplateLiteral<`0x${string}`>; limit: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; }, z.core.$strip>>>>; signature: z.ZodMiniCustom<SignatureEnvelope.SignatureEnvelopeRpc, SignatureEnvelope.SignatureEnvelopeRpc>; }, z.core.$strip>; }, z.core.$strip>, z.ZodMiniObject<{ status: z.ZodMiniLiteral<"expired">; }, z.core.$strip>]>, "output"> & { output: { status: "pending"; keyAuthorization?: undefined; accountAddress?: undefined; } | { status: "authorized"; accountAddress: `0x${string}`; keyAuthorization: { address: `0x${string}`; chainId: bigint; expiry: number | null | undefined; keyId: `0x${string}`; keyType: "secp256k1" | "p256" | "webAuthn"; signature: SignatureEnvelope.SignatureEnvelopeRpc; limits?: readonly { token: `0x${string}`; limit: bigint; }[] | undefined; }; } | { status: "expired"; keyAuthorization?: undefined; accountAddress?: undefined; }; }; }; /** Response body for `GET /auth/pkce/pending/:code`. */ export declare const pendingResponse: z.ZodMiniObject<{ accessKeyAddress: z.ZodMiniTemplateLiteral<`0x${string}`>; account: z.ZodMiniOptional<z.ZodMiniTemplateLiteral<`0x${string}`>>; chainId: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; code: z.ZodMiniString<string>; expiry: z.ZodMiniNumber<number>; keyType: z.ZodMiniUnion<readonly [z.ZodMiniLiteral<"secp256k1">, z.ZodMiniLiteral<"p256">, z.ZodMiniLiteral<"webAuthn">]>; limits: z.ZodMiniOptional<z.ZodMiniReadonly<z.ZodMiniArray<z.ZodMiniObject<{ token: z.ZodMiniTemplateLiteral<`0x${string}`>; limit: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; }, z.core.$strip>>>>; pubKey: z.ZodMiniTemplateLiteral<`0x${string}`>; status: z.ZodMiniLiteral<"pending">; }, z.core.$strip>; /** Request body for `POST /auth/pkce`. */ export declare const authorizeRequest: z.ZodMiniObject<{ accountAddress: z.ZodMiniTemplateLiteral<`0x${string}`>; code: z.ZodMiniString<string>; keyAuthorization: z.ZodMiniObject<{ address: z.ZodMiniTemplateLiteral<`0x${string}`>; chainId: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; expiry: z.ZodMiniUnion<readonly [z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniNumber<number>>, z.ZodMiniNull, z.ZodMiniUndefined]>; keyId: z.ZodMiniTemplateLiteral<`0x${string}`>; keyType: z.ZodMiniUnion<readonly [z.ZodMiniLiteral<"secp256k1">, z.ZodMiniLiteral<"p256">, z.ZodMiniLiteral<"webAuthn">]>; limits: z.ZodMiniOptional<z.ZodMiniReadonly<z.ZodMiniArray<z.ZodMiniObject<{ token: z.ZodMiniTemplateLiteral<`0x${string}`>; limit: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; }, z.core.$strip>>>>; signature: z.ZodMiniCustom<SignatureEnvelope.SignatureEnvelopeRpc, SignatureEnvelope.SignatureEnvelopeRpc>; }, z.core.$strip>; }, z.core.$strip>; /** Response body for `POST /cli-auth/authorize`. */ export declare const authorizeResponse: z.ZodMiniObject<{ status: z.ZodMiniLiteral<"authorized">; }, z.core.$strip>; /** Stored device-code entry schema. */ export declare const entry: Omit<z.ZodMiniUnion<readonly [z.ZodMiniObject<{ account: z.ZodMiniOptional<z.ZodMiniTemplateLiteral<`0x${string}`>>; chainId: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; code: z.ZodMiniString<string>; codeChallenge: z.ZodMiniString<string>; createdAt: z.ZodMiniNumber<number>; expiresAt: z.ZodMiniNumber<number>; expiry: z.ZodMiniNumber<number>; keyType: z.ZodMiniUnion<readonly [z.ZodMiniLiteral<"secp256k1">, z.ZodMiniLiteral<"p256">, z.ZodMiniLiteral<"webAuthn">]>; limits: z.ZodMiniOptional<z.ZodMiniReadonly<z.ZodMiniArray<z.ZodMiniObject<{ token: z.ZodMiniTemplateLiteral<`0x${string}`>; limit: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; }, z.core.$strip>>>>; pubKey: z.ZodMiniTemplateLiteral<`0x${string}`>; status: z.ZodMiniLiteral<"pending">; }, z.core.$strip>, z.ZodMiniObject<{ account: z.ZodMiniOptional<z.ZodMiniTemplateLiteral<`0x${string}`>>; accountAddress: z.ZodMiniTemplateLiteral<`0x${string}`>; authorizedAt: z.ZodMiniNumber<number>; chainId: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; code: z.ZodMiniString<string>; codeChallenge: z.ZodMiniString<string>; createdAt: z.ZodMiniNumber<number>; expiresAt: z.ZodMiniNumber<number>; expiry: z.ZodMiniNumber<number>; keyAuthorization: z.ZodMiniObject<{ address: z.ZodMiniTemplateLiteral<`0x${string}`>; chainId: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; expiry: z.ZodMiniUnion<readonly [z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniNumber<number>>, z.ZodMiniNull, z.ZodMiniUndefined]>; keyId: z.ZodMiniTemplateLiteral<`0x${string}`>; keyType: z.ZodMiniUnion<readonly [z.ZodMiniLiteral<"secp256k1">, z.ZodMiniLiteral<"p256">, z.ZodMiniLiteral<"webAuthn">]>; limits: z.ZodMiniOptional<z.ZodMiniReadonly<z.ZodMiniArray<z.ZodMiniObject<{ token: z.ZodMiniTemplateLiteral<`0x${string}`>; limit: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; }, z.core.$strip>>>>; signature: z.ZodMiniCustom<SignatureEnvelope.SignatureEnvelopeRpc, SignatureEnvelope.SignatureEnvelopeRpc>; }, z.core.$strip>; keyType: z.ZodMiniUnion<readonly [z.ZodMiniLiteral<"secp256k1">, z.ZodMiniLiteral<"p256">, z.ZodMiniLiteral<"webAuthn">]>; limits: z.ZodMiniOptional<z.ZodMiniReadonly<z.ZodMiniArray<z.ZodMiniObject<{ token: z.ZodMiniTemplateLiteral<`0x${string}`>; limit: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; }, z.core.$strip>>>>; pubKey: z.ZodMiniTemplateLiteral<`0x${string}`>; status: z.ZodMiniLiteral<"authorized">; }, z.core.$strip>, z.ZodMiniObject<{ account: z.ZodMiniOptional<z.ZodMiniTemplateLiteral<`0x${string}`>>; accountAddress: z.ZodMiniTemplateLiteral<`0x${string}`>; authorizedAt: z.ZodMiniNumber<number>; chainId: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; code: z.ZodMiniString<string>; codeChallenge: z.ZodMiniString<string>; consumedAt: z.ZodMiniNumber<number>; createdAt: z.ZodMiniNumber<number>; expiresAt: z.ZodMiniNumber<number>; expiry: z.ZodMiniNumber<number>; keyAuthorization: z.ZodMiniObject<{ address: z.ZodMiniTemplateLiteral<`0x${string}`>; chainId: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; expiry: z.ZodMiniUnion<readonly [z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniNumber<number>>, z.ZodMiniNull, z.ZodMiniUndefined]>; keyId: z.ZodMiniTemplateLiteral<`0x${string}`>; keyType: z.ZodMiniUnion<readonly [z.ZodMiniLiteral<"secp256k1">, z.ZodMiniLiteral<"p256">, z.ZodMiniLiteral<"webAuthn">]>; limits: z.ZodMiniOptional<z.ZodMiniReadonly<z.ZodMiniArray<z.ZodMiniObject<{ token: z.ZodMiniTemplateLiteral<`0x${string}`>; limit: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; }, z.core.$strip>>>>; signature: z.ZodMiniCustom<SignatureEnvelope.SignatureEnvelopeRpc, SignatureEnvelope.SignatureEnvelopeRpc>; }, z.core.$strip>; keyType: z.ZodMiniUnion<readonly [z.ZodMiniLiteral<"secp256k1">, z.ZodMiniLiteral<"p256">, z.ZodMiniLiteral<"webAuthn">]>; limits: z.ZodMiniOptional<z.ZodMiniReadonly<z.ZodMiniArray<z.ZodMiniObject<{ token: z.ZodMiniTemplateLiteral<`0x${string}`>; limit: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; }, z.core.$strip>>>>; pubKey: z.ZodMiniTemplateLiteral<`0x${string}`>; status: z.ZodMiniLiteral<"consumed">; }, z.core.$strip>]>, "_zod"> & { _zod: Omit<z.core.$ZodUnionInternals<readonly [z.ZodMiniObject<{ account: z.ZodMiniOptional<z.ZodMiniTemplateLiteral<`0x${string}`>>; chainId: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; code: z.ZodMiniString<string>; codeChallenge: z.ZodMiniString<string>; createdAt: z.ZodMiniNumber<number>; expiresAt: z.ZodMiniNumber<number>; expiry: z.ZodMiniNumber<number>; keyType: z.ZodMiniUnion<readonly [z.ZodMiniLiteral<"secp256k1">, z.ZodMiniLiteral<"p256">, z.ZodMiniLiteral<"webAuthn">]>; limits: z.ZodMiniOptional<z.ZodMiniReadonly<z.ZodMiniArray<z.ZodMiniObject<{ token: z.ZodMiniTemplateLiteral<`0x${string}`>; limit: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; }, z.core.$strip>>>>; pubKey: z.ZodMiniTemplateLiteral<`0x${string}`>; status: z.ZodMiniLiteral<"pending">; }, z.core.$strip>, z.ZodMiniObject<{ account: z.ZodMiniOptional<z.ZodMiniTemplateLiteral<`0x${string}`>>; accountAddress: z.ZodMiniTemplateLiteral<`0x${string}`>; authorizedAt: z.ZodMiniNumber<number>; chainId: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; code: z.ZodMiniString<string>; codeChallenge: z.ZodMiniString<string>; createdAt: z.ZodMiniNumber<number>; expiresAt: z.ZodMiniNumber<number>; expiry: z.ZodMiniNumber<number>; keyAuthorization: z.ZodMiniObject<{ address: z.ZodMiniTemplateLiteral<`0x${string}`>; chainId: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; expiry: z.ZodMiniUnion<readonly [z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniNumber<number>>, z.ZodMiniNull, z.ZodMiniUndefined]>; keyId: z.ZodMiniTemplateLiteral<`0x${string}`>; keyType: z.ZodMiniUnion<readonly [z.ZodMiniLiteral<"secp256k1">, z.ZodMiniLiteral<"p256">, z.ZodMiniLiteral<"webAuthn">]>; limits: z.ZodMiniOptional<z.ZodMiniReadonly<z.ZodMiniArray<z.ZodMiniObject<{ token: z.ZodMiniTemplateLiteral<`0x${string}`>; limit: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; }, z.core.$strip>>>>; signature: z.ZodMiniCustom<SignatureEnvelope.SignatureEnvelopeRpc, SignatureEnvelope.SignatureEnvelopeRpc>; }, z.core.$strip>; keyType: z.ZodMiniUnion<readonly [z.ZodMiniLiteral<"secp256k1">, z.ZodMiniLiteral<"p256">, z.ZodMiniLiteral<"webAuthn">]>; limits: z.ZodMiniOptional<z.ZodMiniReadonly<z.ZodMiniArray<z.ZodMiniObject<{ token: z.ZodMiniTemplateLiteral<`0x${string}`>; limit: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; }, z.core.$strip>>>>; pubKey: z.ZodMiniTemplateLiteral<`0x${string}`>; status: z.ZodMiniLiteral<"authorized">; }, z.core.$strip>, z.ZodMiniObject<{ account: z.ZodMiniOptional<z.ZodMiniTemplateLiteral<`0x${string}`>>; accountAddress: z.ZodMiniTemplateLiteral<`0x${string}`>; authorizedAt: z.ZodMiniNumber<number>; chainId: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; code: z.ZodMiniString<string>; codeChallenge: z.ZodMiniString<string>; consumedAt: z.ZodMiniNumber<number>; createdAt: z.ZodMiniNumber<number>; expiresAt: z.ZodMiniNumber<number>; expiry: z.ZodMiniNumber<number>; keyAuthorization: z.ZodMiniObject<{ address: z.ZodMiniTemplateLiteral<`0x${string}`>; chainId: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; expiry: z.ZodMiniUnion<readonly [z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniNumber<number>>, z.ZodMiniNull, z.ZodMiniUndefined]>; keyId: z.ZodMiniTemplateLiteral<`0x${string}`>; keyType: z.ZodMiniUnion<readonly [z.ZodMiniLiteral<"secp256k1">, z.ZodMiniLiteral<"p256">, z.ZodMiniLiteral<"webAuthn">]>; limits: z.ZodMiniOptional<z.ZodMiniReadonly<z.ZodMiniArray<z.ZodMiniObject<{ token: z.ZodMiniTemplateLiteral<`0x${string}`>; limit: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; }, z.core.$strip>>>>; signature: z.ZodMiniCustom<SignatureEnvelope.SignatureEnvelopeRpc, SignatureEnvelope.SignatureEnvelopeRpc>; }, z.core.$strip>; keyType: z.ZodMiniUnion<readonly [z.ZodMiniLiteral<"secp256k1">, z.ZodMiniLiteral<"p256">, z.ZodMiniLiteral<"webAuthn">]>; limits: z.ZodMiniOptional<z.ZodMiniReadonly<z.ZodMiniArray<z.ZodMiniObject<{ token: z.ZodMiniTemplateLiteral<`0x${string}`>; limit: z.ZodMiniCodec<z.ZodMiniTemplateLiteral<`0x${string}`>, z.ZodMiniBigInt<bigint>>; }, z.core.$strip>>>>; pubKey: z.ZodMiniTemplateLiteral<`0x${string}`>; status: z.ZodMiniLiteral<"consumed">; }, z.core.$strip>]>, "output"> & { output: { chainId: bigint; code: string; codeChallenge: string; createdAt: number; expiresAt: number; expiry: number; keyType: "secp256k1" | "p256" | "webAuthn"; pubKey: `0x${string}`; status: "pending"; account?: `0x${string}` | undefined; limits?: readonly { token: `0x${string}`; limit: bigint; }[] | undefined; keyAuthorization?: undefined; accountAddress?: undefined; authorizedAt?: undefined; consumedAt?: undefined; } | { accountAddress: `0x${string}`; authorizedAt: number; chainId: bigint; code: string; codeChallenge: string; createdAt: number; expiresAt: number; expiry: number; keyAuthorization: { address: `0x${string}`; chainId: bigint; expiry: number | null | undefined; keyId: `0x${string}`; keyType: "secp256k1" | "p256" | "webAuthn"; signature: SignatureEnvelope.SignatureEnvelopeRpc; limits?: readonly { token: `0x${string}`; limit: bigint; }[] | undefined; }; keyType: "secp256k1" | "p256" | "webAuthn"; pubKey: `0x${string}`; status: "authorized"; account?: `0x${string}` | undefined; limits?: readonly { token: `0x${string}`; limit: bigint; }[] | undefined; consumedAt?: undefined; } | { accountAddress: `0x${string}`; authorizedAt: number; chainId: bigint; code: string; codeChallenge: string; consumedAt: number; createdAt: number; expiresAt: number; expiry: number; keyAuthorization: { address: `0x${string}`; chainId: bigint; expiry: number | null | undefined; keyId: `0x${string}`; keyType: "secp256k1" | "p256" | "webAuthn"; signature: SignatureEnvelope.SignatureEnvelopeRpc; limits?: readonly { token: `0x${string}`; limit: bigint; }[] | undefined; }; keyType: "secp256k1" | "p256" | "webAuthn"; pubKey: `0x${string}`; status: "consumed"; account?: `0x${string}` | undefined; limits?: readonly { token: `0x${string}`; limit: bigint; }[] | undefined; }; }; }; /** Shared CLI auth helper with pre-bound defaults and cached clients. */ export type CliAuth = { /** Creates and stores a new device code. */ createDeviceCode: (options: createDeviceCode.Parameters) => Promise<createDeviceCode.ReturnType>; /** Looks up a pending device code for browser approval UIs. */ pending: (options: pending.Parameters) => Promise<pending.ReturnType>; /** Polls a device code with PKCE verification. */ poll: (options: poll.Parameters) => Promise<poll.ReturnType>; /** Authorizes a pending device code after validating the signed key authorization. */ authorize: (options: authorize.Parameters) => Promise<authorize.ReturnType>; }; /** Stored device-code entry. */ export type Entry = z.output<typeof entry>; /** Device-code storage contract. */ export type Store = { /** Saves a new pending device-code entry. */ create: (entry: Entry.Pending) => MaybePromise<void>; /** Loads a device-code entry by verification code. */ get: (code: string) => MaybePromise<Entry | undefined>; /** Marks a pending device-code as authorized. */ authorize: (options: Store.authorize.Options) => MaybePromise<Entry.Authorized | undefined>; /** Consumes an authorized device-code exactly once. */ consume: (code: string) => MaybePromise<Entry.Authorized | undefined>; /** Deletes a device-code entry. */ delete: (code: string) => MaybePromise<void>; }; /** Host validation and sanitization for requested CLI auth defaults. */ export type Policy = { /** Validates and optionally rewrites requested defaults before the entry is stored. */ validate: (options: Policy.validate.Options) => MaybePromise<Policy.validate.ReturnType>; }; /** Request rate limiter used by CLI auth handlers. */ export type RateLimit = { /** Returns whether the request is allowed to continue. */ limit: (options: RateLimit.limit.Options) => MaybePromise<RateLimit.limit.ReturnType>; }; export declare namespace Entry { /** Pending device-code entry. */ type Pending = Extract<z.output<typeof entry>, { status: 'pending'; }>; /** Authorized device-code entry. */ type Authorized = Extract<z.output<typeof entry>, { status: 'authorized'; }>; /** Consumed device-code entry. */ type Consumed = Extract<z.output<typeof entry>, { status: 'consumed'; }>; } export declare namespace Store { namespace authorize { type Options = { /** Root account that approved the access key. */ accountAddress: Address.Address; /** Signed key authorization. */ keyAuthorization: z.output<typeof keyAuthorization>; /** Verification code to authorize. */ code: string; }; } namespace kv { type Options = { /** Prefix used for KV keys. @default "cli-auth" */ key?: string | undefined; }; } } export declare namespace Policy { namespace validate { type Options = { /** Requested root account restriction. */ account?: Address.Address | undefined; /** Requested chain ID. */ chainId: bigint; /** Requested access-key expiry timestamp. Omit to let the server choose one. */ expiry?: number | undefined; /** Requested key type. */ keyType: z.output<typeof keyType>; /** Requested spending limits. */ limits?: readonly { token: Address.Address; limit: bigint; }[] | undefined; /** Requested access-key public key. */ pubKey: Hex.Hex; }; type ReturnType = { /** Suggested access-key expiry timestamp. */ expiry: number; /** Suggested spending limits. */ limits?: readonly { token: Address.Address; limit: bigint; }[] | undefined; }; } } export declare namespace RateLimit { namespace limit { type Options = { /** Rate-limit key derived from the request. */ key: string; /** Incoming request being rate-limited. */ request: Request; }; type ReturnType = { /** Whether the request is allowed to continue. */ success: boolean; }; } namespace memory { type Options = { /** Maximum requests per key in a window. */ max: number; /** Window duration in milliseconds. */ windowMs: number; }; } namespace cloudflare { type Limiter = { /** Cloudflare Rate Limit binding method. */ limit: (options: { key: string; }) => MaybePromise<{ success: boolean; }>; }; type Options = { /** Prefix added to the derived request key. @default "cli-auth" */ key?: string | undefined; }; } } /** Error thrown when pending device-code lookup cannot return a pending request. */ export declare class PendingError extends Error { /** HTTP status returned by handler surfaces. */ status: 400 | 404; constructor(message: string, status: 400 | 404); } /** Built-in device-code store helpers. */ export declare const Store: { /** * Creates an in-memory device-code store. * * Useful for tests and single-process servers. */ memory(): Store; /** * Creates a key-value backed device-code store. * * Stored values are encoded through the shared entry schema so they remain * JSON-safe across KV implementations. */ kv(kv: Kv, options?: Store.kv.Options): Store; }; /** Built-in policy helpers. */ export declare const Policy: { /** Creates an allow-all policy with a default 24-hour expiry when omitted. */ allow(): Policy; /** Returns the provided policy unchanged. */ from(policy: Policy): Policy; }; /** Built-in CLI auth rate-limit helpers. */ export declare const RateLimit: { /** * Creates a Cloudflare Rate Limit binding adapter. * * Uses the request-derived key for all CLI auth endpoints so one budget is * shared across create, pending, poll, and authorize requests. */ cloudflare(limiter: RateLimit.cloudflare.Limiter, options?: RateLimit.cloudflare.Options): RateLimit; /** Creates an in-memory fixed-window limiter for dev and single-process servers. */ memory(options: RateLimit.memory.Options): RateLimit; }; /** * Instantiates a CLI auth helper with shared defaults and cached clients. * * * @param {from.Options} options - Shared CLI auth defaults. * @returns {CliAuth} CLI auth helper. * * @example * ```ts * import { CliAuth } from 'accounts/server' * * const cli = CliAuth.from({ * store: CliAuth.Store.memory(), * }) * * const created = await cli.createDeviceCode({ request }) * const authorized = await cli.authorize({ request }) * const polled = await cli.poll({ request }) * const pending = await cli.pending({ code }) * ``` */ export declare function from(options?: from.Options): CliAuth; export declare namespace from { /** Shared CLI auth helper configuration. */ type Options = { /** Default chain ID embedded into created device codes. @default tempo.id */ chainId?: bigint | number | undefined; /** * Preconfigured chains used to build and cache viem clients. * * Unknown chain IDs are cached lazily using a tempo-shaped chain object so * standalone helpers can still verify signatures without a full chain list. * * @default [tempo] */ chains?: readonly [Chain, ...Chain[]] | undefined; /** Time source used for TTL evaluation. */ now?: (() => number) | undefined; /** Policy used to validate requested expiry and limits. */ policy?: Policy | undefined; /** Random byte generator used for verification code allocation. */ random?: ((size: number) => Uint8Array) | undefined; /** Device-code store. */ store?: Store | undefined; /** Pending entry TTL in milliseconds. @default 600000 */ ttlMs?: number | undefined; /** Transports keyed by chain ID. Defaults to `http()` for each chain. */ transports?: Record<number, Transport> | undefined; }; } /** * Creates and stores a new device code. * * @param {createDeviceCode.Options} options - Shared defaults plus the incoming request. * @returns {Promise<createDeviceCode.ReturnType>} Created device code. * * @example * ```ts * import { Hono } from 'hono' * import { CliAuth } from 'accounts/server' * import { zValidator } from '@hono/zod-validator' * * export default new Hono<{ Bindings: Cloudflare.Env }>() * // ... other routes (`/authorize`, `/poll:code`, `/pending:code`) * .post('/code', * zValidator('json', CliAuth.createRequest), * async (c) => { * const request = c.req.valid('json') * const result = await CliAuth.createDeviceCode({ request }) * return c.json(z.encode(CliAuth.createResponse, result)) * }) * ``` */ export declare function createDeviceCode(options: createDeviceCode.Options): Promise<createDeviceCode.ReturnType>; export declare namespace createDeviceCode { /** Parameters for creating a new device code. */ type Parameters = { /** Incoming device-code creation request. */ request: z.output<typeof createRequest>; }; /** Shared CLI auth defaults plus create-device-code parameters. */ type Options = from.Options & Parameters; /** Created device-code response body. */ type ReturnType = z.output<typeof createResponse>; } /** * Looks up a pending device code for browser approval UIs. * * @param {pending.Options} options - Shared defaults plus the pending lookup parameters. * @returns {Promise<pending.ReturnType>} Pending device-code payload. * * @example * ```ts * import { Hono } from 'hono' * import { CliAuth } from 'accounts/server' * import { zValidator } from '@hono/zod-validator' * * export default new Hono<{ Bindings: Cloudflare.Env }>() * // ... other routes (`/code`, `/authorize`, `/poll:code`) * .get('/pending:code', * zValidator('param', z.object({ code: z.string() })), * async (c) => { * const code = c.req.param('code') * const result = await CliAuth.pending({ code }) * return c.json(z.encode(CliAuth.pendingResponse, result)) * }) */ export declare function pending(options: pending.Options): Promise<pending.ReturnType>; export declare namespace pending { /** Parameters for looking up a pending device code. */ type Parameters = { /** Verification code from the route path. */ code: string; }; /** Shared CLI auth defaults plus pending lookup parameters. */ type Options = from.Options & Parameters; /** Pending device-code response body. */ type ReturnType = z.output<typeof pendingResponse>; } /** * Polls a device code with PKCE verification. * * @param {poll.Options} options - Shared defaults plus the poll parameters. * @returns {Promise<poll.ReturnType>} Pending, authorized, or expired poll response. * * @example * ```ts * import { Hono } from 'hono' * import { CliAuth } from 'accounts/server' * import { zValidator } from '@hono/zod-validator' * * export default new Hono<{ Bindings: Cloudflare.Env }>() * // ... other routes (`/code`, `/authorize`, `/pending:code`) * .post('/poll:code', * zValidator('json', CliAuth.pollRequest), * async (c) => { * const request = c.req.valid('json') * const result = await CliAuth.poll({ request }) * return c.json(z.encode(CliAuth.pollResponse, result)) * }) * ``` */ export declare function poll(options: poll.Options): Promise<poll.ReturnType>; export declare namespace poll { /** Parameters for polling a device code. */ type Parameters = { /** Verification code from the route path. */ code: string; /** Poll request body. */ request: z.output<typeof pollRequest>; }; /** Shared CLI auth defaults plus poll parameters. */ type Options = from.Options & Parameters; /** Poll response body. */ type ReturnType = z.output<typeof pollResponse>; } /** * Authorizes a pending device code after validating the signed key authorization. * * @param {authorize.Options} options - Shared defaults plus the authorization request. * @returns {Promise<authorize.ReturnType>} Authorized response body. * * @example * ```ts * import { Hono } from 'hono' * import { CliAuth } from 'accounts/server' * import { zValidator } from '@hono/zod-validator' * * export default new Hono<{ Bindings: Cloudflare.Env }>() * // ... other routes (`/code`, `/poll:code`, `/pending:code`) * .post('/authorize', * zValidator('json', CliAuth.authorizeRequest), * async (c) => { * const request = c.req.valid('json') * const result = await CliAuth.authorize({ request }) * return c.json(z.encode(CliAuth.authorizeResponse, result)) * }) * ``` */ export declare function authorize(options: authorize.Options): Promise<authorize.ReturnType>; export declare namespace authorize { /** Parameters for authorizing a pending device code. */ type Parameters = { /** Client used to verify the signed key authorization. */ client?: Client<Transport, Chain | undefined> | undefined; /** Authorize request body. */ request: z.output<typeof authorizeRequest>; }; /** Shared CLI auth defaults plus authorization parameters. */ type Options = from.Options & Parameters; /** Authorization response body. */ type ReturnType = z.output<typeof authorizeResponse>; } //# sourceMappingURL=CliAuth.d.ts.map