@livo-build/runtime 0.2.5 → 0.2.12

package/dist/reads.js

@@ -0,0 +1,36 @@
+// Convenience contract reads on top of Chain.call — ERC-20 metadata + ERC-721
+// ownership. (For balances use tokenBalanceOf from ./gate; for native balance,
+// block number and receipts use chain.getBalance / chain.blockNumber /
+// chain.waitForReceipt directly.)
+/** ERC-20 name / symbol / decimals (each best-effort — missing fields stay undefined). */
+export async function tokenMetadata(chain, token) {
+    const t = token;
+    const [name, symbol, decimals] = await Promise.all([
+        chain.call(t, "name()(string)").catch(() => undefined),
+        chain.call(t, "symbol()(string)").catch(() => undefined),
+        chain.call(t, "decimals()(uint8)").catch(() => undefined),
+    ]);
+    return {
+        name: name,
+        symbol: symbol,
+        decimals: decimals !== undefined ? Number(decimals) : undefined,
+    };
+}
+/** Owner of an ERC-721 token id (or null if the read reverts, e.g. unminted). */
+export async function ownerOf(chain, token, tokenId) {
+    try {
+        return (await chain.call(token, "ownerOf(uint256)(address)", [tokenId]));
+    }
+    catch {
+        return null;
+    }
+}
+/** ERC-721 tokenURI for a token id (or null on revert). */
+export async function tokenURI(chain, token, tokenId) {
+    try {
+        return (await chain.call(token, "tokenURI(uint256)(string)", [tokenId]));
+    }
+    catch {
+        return null;
+    }
+}

package/dist/sessions.d.ts

@@ -0,0 +1,8 @@
+export interface SessionOptions {
+    /** Token lifetime in seconds (sets `exp`). Omit for non-expiring. */
+    ttlSeconds?: number;
+}
+/** Sign a payload into a `<payload>.<hmac>` token. */
+export declare function createSession<T extends Record<string, unknown>>(payload: T, secret: string, opts?: SessionOptions): Promise<string>;
+/** Verify + decode a session token. Returns the payload, or null if bad/expired. */
+export declare function verifySession<T = Record<string, unknown>>(token: string, secret: string): Promise<T | null>;

package/dist/sessions.js

@@ -0,0 +1,60 @@
+// Stateless signed sessions — an HMAC-SHA256 token (like a minimal JWT) you issue
+// after wallet auth and verify on later requests. Worker-safe (Web Crypto, base64url).
+const enc = (s) => new TextEncoder().encode(s);
+function b64url(bytes) {
+    let bin = "";
+    for (let i = 0; i < bytes.length; i++)
+        bin += String.fromCharCode(bytes[i]);
+    return btoa(bin).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function unb64url(s) {
+    const p = s.replace(/-/g, "+").replace(/_/g, "/");
+    const padded = p + "=".repeat((4 - (p.length % 4)) % 4);
+    const bin = atob(padded);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++)
+        out[i] = bin.charCodeAt(i);
+    return out;
+}
+async function hmac(secret, msg) {
+    const key = await crypto.subtle.importKey("raw", enc(secret), { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
+    return new Uint8Array(await crypto.subtle.sign("HMAC", key, enc(msg)));
+}
+function safeEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    let d = 0;
+    for (let i = 0; i < a.length; i++)
+        d |= a.charCodeAt(i) ^ b.charCodeAt(i);
+    return d === 0;
+}
+/** Sign a payload into a `<payload>.<hmac>` token. */
+export async function createSession(payload, secret, opts = {}) {
+    const body = { ...payload };
+    if (opts.ttlSeconds)
+        body.exp = Math.floor(Date.now() / 1000) + opts.ttlSeconds;
+    const p = b64url(enc(JSON.stringify(body)));
+    const sig = b64url(await hmac(secret, p));
+    return `${p}.${sig}`;
+}
+/** Verify + decode a session token. Returns the payload, or null if bad/expired. */
+export async function verifySession(token, secret) {
+    const dot = token.indexOf(".");
+    if (dot < 0)
+        return null;
+    const p = token.slice(0, dot);
+    const sig = token.slice(dot + 1);
+    const expected = b64url(await hmac(secret, p));
+    if (!safeEqual(expected, sig))
+        return null;
+    let body;
+    try {
+        body = JSON.parse(new TextDecoder().decode(unb64url(p)));
+    }
+    catch {
+        return null;
+    }
+    if (typeof body.exp === "number" && body.exp < Math.floor(Date.now() / 1000))
+        return null;
+    return body;
+}

package/dist/signals.d.ts

@@ -0,0 +1,131 @@
+interface MinimalEnv {
+    [key: string]: unknown;
+}
+/** The public Livo signals engine. Override via `{ url }` or `SIGNALS_URL`. */
+export declare const DEFAULT_SIGNALS_URL = "https://signals.livo.build";
+export interface SignalsOptions {
+    /** Override the engine base URL (takes precedence over env). */
+    url?: string;
+    /** env key holding the engine base URL. Default `SIGNALS_URL`. */
+    urlSecret?: string;
+}
+/** A live, above-floor market the engine is metering. USD figures are dollars;
+ *  `chg*` are percent; `spark` is recent candle closes (oldest→newest). */
+export interface Market {
+    pair: string;
+    base: string;
+    quote: string;
+    pool: string;
+    price: number;
+    liq: number;
+    vol5m: number;
+    vol1h: number;
+    vol24h: number;
+    trades5m: number;
+    buyers: number;
+    chg5m: number;
+    chg1h: number;
+    chg24h: number;
+    spark: number[];
+}
+/** A fired signal-match (the public house feed: whale_buy/sell, price_surge, new_pool, …). */
+export interface SignalMatch {
+    signal: string;
+    detail: string;
+    pair: string;
+    base: string;
+    pool: string;
+    side: string;
+    usd: number;
+    actor: string;
+    ago: number;
+}
+/** A recent priced swap from the firehose. */
+export interface Swap {
+    block: number;
+    pair: string;
+    base: string;
+    pool: string;
+    side: string;
+    usd: number;
+    conf: string;
+    ago: number;
+}
+/** A newly-launched pool (young + climbing). `age` seconds, `pct` since launch. */
+export interface Launch {
+    pair: string;
+    base: string;
+    pool: string;
+    age: number;
+    price: number;
+    pct: number;
+    vol: number;
+    buyers: number;
+    liq: number;
+}
+/** The full engine snapshot (the `/data` document). */
+export interface EngineSnapshot {
+    mode: string;
+    caught_up: boolean;
+    head_block: number;
+    markets_tracked: number;
+    matches_total: number;
+    swaps_total: number;
+    markets: Market[];
+    matches: SignalMatch[];
+    swaps: Swap[];
+    launches: Launch[];
+    [key: string]: unknown;
+}
+export interface MarketFilter {
+    /** Min real TVL (USD). */
+    minLiq?: number;
+    /** Min 5-minute volume (USD) — "heating up right now". */
+    minVol5m?: number;
+    /** Min 24h volume (USD). */
+    minVol24h?: number;
+    /** Substring match on the pair, case-insensitive (e.g. "WETH"). */
+    pair?: string;
+    /** Cap the number returned (already sorted by 5m volume, desc). */
+    limit?: number;
+}
+export declare class Signals {
+    readonly url: string;
+    constructor(env?: MinimalEnv, options?: SignalsOptions);
+    /** The raw engine snapshot (markets + recent swaps + fired matches + launches). */
+    data(): Promise<EngineSnapshot>;
+    /** Live markets, newest-hottest first, optionally filtered. */
+    markets(filter?: MarketFilter): Promise<Market[]>;
+    /** One market by pool OR base-token address (0x-insensitive). undefined if absent. */
+    market(poolOrToken: string): Promise<Market | undefined>;
+    /** Find a token's deepest market by address or pair symbol (e.g. "PEPE"). */
+    token(addressOrSymbol: string): Promise<Market | undefined>;
+    /** Recently fired public signal-matches, newest first. */
+    matches(opts?: {
+        signal?: string;
+        limit?: number;
+    }): Promise<SignalMatch[]>;
+    /** Recent priced swaps (firehose), newest first. */
+    swaps(opts?: {
+        minUsd?: number;
+        side?: "BUY" | "SELL";
+        limit?: number;
+    }): Promise<Swap[]>;
+    /** Newly-launched pools (young + climbing). */
+    launches(): Promise<Launch[]>;
+    /** True if the engine is live and caught up to the chain tip. */
+    health(): Promise<boolean>;
+    /**
+     * Subscribe to the live Server-Sent-Events stream (for long-lived servers /
+     * Durable Objects). `onEvent` is called with each event's topic
+     * (`stats` | `swap` | `signal` | `pending`) and parsed JSON payload. Runs until
+     * the stream closes or `signal` (AbortSignal) aborts. Keepers should poll
+     * `markets()`/`matches()` on their schedule instead.
+     */
+    stream(onEvent: (topic: string, data: unknown) => void | Promise<void>, opts?: {
+        signal?: AbortSignal;
+    }): Promise<void>;
+}
+/** Convenience: `await signals(env).markets({ minVol5m: 50_000 })`. */
+export declare function signals(env?: MinimalEnv, options?: SignalsOptions): Signals;
+export {};

package/dist/signals.js

@@ -0,0 +1,146 @@
+// Signals — a read client for the Livo on-chain signals engine ("Signal Radar").
+// The engine is a SHARED public service (mainnet DEX activity, priced + metered):
+// live markets, recent swaps, and fired signal-matches. This is the PULL side —
+// poll it from a keeper or read it from a server/bot. The PUSH side (get a webhook
+// when a signal fires for YOUR token) is `defineWatcher` + the create_watcher tool.
+//
+//   import { signals } from "@livo-build/runtime";
+//   const sig = signals(env);                       // zero-config → signals.livo.build
+//   const hot = await sig.markets({ minVol5m: 50_000 });   // markets heating up now
+//   const m   = await sig.token("0x6982…");          // one token's market
+//   const fired = await sig.matches({ signal: "whale_buy" });
+//
+// Zero config: defaults to the public engine, so it works out of the box. Override
+// with { url } or a SIGNALS_URL binding for a private/local engine.
+/** The public Livo signals engine. Override via `{ url }` or `SIGNALS_URL`. */
+export const DEFAULT_SIGNALS_URL = "https://signals.livo.build";
+const bare = (a) => a.replace(/^0x/, "").toLowerCase();
+export class Signals {
+    url;
+    constructor(env, options = {}) {
+        const fromEnv = env?.[options.urlSecret ?? "SIGNALS_URL"];
+        this.url = (options.url ?? fromEnv ?? DEFAULT_SIGNALS_URL).replace(/\/$/, "");
+    }
+    /** The raw engine snapshot (markets + recent swaps + fired matches + launches). */
+    async data() {
+        const res = await fetch(`${this.url}/data`, { headers: { accept: "application/json" } });
+        if (!res.ok) {
+            throw new Error(`signals engine /data failed: HTTP ${res.status}`);
+        }
+        return (await res.json());
+    }
+    /** Live markets, newest-hottest first, optionally filtered. */
+    async markets(filter = {}) {
+        let rows = (await this.data()).markets ?? [];
+        if (filter.minLiq != null)
+            rows = rows.filter((m) => m.liq >= filter.minLiq);
+        if (filter.minVol5m != null)
+            rows = rows.filter((m) => m.vol5m >= filter.minVol5m);
+        if (filter.minVol24h != null)
+            rows = rows.filter((m) => m.vol24h >= filter.minVol24h);
+        if (filter.pair) {
+            const q = filter.pair.toLowerCase();
+            rows = rows.filter((m) => m.pair.toLowerCase().includes(q));
+        }
+        return filter.limit != null ? rows.slice(0, filter.limit) : rows;
+    }
+    /** One market by pool OR base-token address (0x-insensitive). undefined if absent. */
+    async market(poolOrToken) {
+        const q = bare(poolOrToken);
+        return (await this.data()).markets?.find((m) => bare(m.pool) === q || bare(m.base) === q);
+    }
+    /** Find a token's deepest market by address or pair symbol (e.g. "PEPE"). */
+    async token(addressOrSymbol) {
+        const rows = (await this.data()).markets ?? [];
+        const q = addressOrSymbol.toLowerCase();
+        const byAddr = rows.find((m) => bare(m.base) === bare(addressOrSymbol));
+        if (byAddr)
+            return byAddr;
+        // Symbol match → the deepest (highest-liq) market for that base symbol.
+        const matches = rows.filter((m) => m.pair.toLowerCase().split("/")[0] === q);
+        return matches.sort((a, b) => b.liq - a.liq)[0];
+    }
+    /** Recently fired public signal-matches, newest first. */
+    async matches(opts = {}) {
+        let rows = (await this.data()).matches ?? [];
+        if (opts.signal)
+            rows = rows.filter((m) => m.signal === opts.signal);
+        return opts.limit != null ? rows.slice(0, opts.limit) : rows;
+    }
+    /** Recent priced swaps (firehose), newest first. */
+    async swaps(opts = {}) {
+        let rows = (await this.data()).swaps ?? [];
+        if (opts.minUsd != null)
+            rows = rows.filter((s) => s.usd >= opts.minUsd);
+        if (opts.side)
+            rows = rows.filter((s) => s.side === opts.side);
+        return opts.limit != null ? rows.slice(0, opts.limit) : rows;
+    }
+    /** Newly-launched pools (young + climbing). */
+    async launches() {
+        return (await this.data()).launches ?? [];
+    }
+    /** True if the engine is live and caught up to the chain tip. */
+    async health() {
+        try {
+            const res = await fetch(`${this.url}/health`);
+            return res.ok;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Subscribe to the live Server-Sent-Events stream (for long-lived servers /
+     * Durable Objects). `onEvent` is called with each event's topic
+     * (`stats` | `swap` | `signal` | `pending`) and parsed JSON payload. Runs until
+     * the stream closes or `signal` (AbortSignal) aborts. Keepers should poll
+     * `markets()`/`matches()` on their schedule instead.
+     */
+    async stream(onEvent, opts = {}) {
+        const res = await fetch(`${this.url}/stream`, {
+            headers: { accept: "text/event-stream" },
+            signal: opts.signal,
+        });
+        if (!res.ok || !res.body) {
+            throw new Error(`signals engine /stream failed: HTTP ${res.status}`);
+        }
+        const reader = res.body.getReader();
+        const decoder = new TextDecoder();
+        let buf = "";
+        for (;;) {
+            const { value, done } = await reader.read();
+            if (done)
+                break;
+            buf += decoder.decode(value, { stream: true });
+            // SSE frames are separated by a blank line; each has `event:` + `data:` lines.
+            let sep;
+            while ((sep = buf.indexOf("\n\n")) !== -1) {
+                const frame = buf.slice(0, sep);
+                buf = buf.slice(sep + 2);
+                let topic = "message";
+                const dataLines = [];
+                for (const line of frame.split("\n")) {
+                    if (line.startsWith("event:"))
+                        topic = line.slice(6).trim();
+                    else if (line.startsWith("data:"))
+                        dataLines.push(line.slice(5).trim());
+                }
+                if (!dataLines.length)
+                    continue;
+                let payload = dataLines.join("\n");
+                try {
+                    payload = JSON.parse(payload);
+                }
+                catch {
+                    /* leave as string */
+                }
+                await onEvent(topic, payload);
+            }
+        }
+    }
+}
+/** Convenience: `await signals(env).markets({ minVol5m: 50_000 })`. */
+export function signals(env, options) {
+    return new Signals(env, options);
+}

package/dist/siwe.d.ts

@@ -0,0 +1,24 @@
+export interface SiweParams {
+    /** The domain requesting the sign-in (e.g. "app.livo.build"). */
+    domain: string;
+    address: string;
+    uri: string;
+    chainId: number;
+    nonce: string;
+    statement?: string;
+    /** ISO timestamp; defaults to now. */
+    issuedAt?: string;
+    /** ISO timestamp; if set, verifySiweMessage rejects after it. */
+    expirationTime?: string;
+    version?: string;
+}
+export declare function createSiweMessage(p: SiweParams): string;
+export interface SiweVerifyResult {
+    valid: boolean;
+    address?: string;
+    nonce?: string;
+}
+export declare function verifySiweMessage(message: string, signature: string, opts?: {
+    nonce?: string;
+    domain?: string;
+}): Promise<SiweVerifyResult>;

package/dist/siwe.js

@@ -0,0 +1,33 @@
+// Sign-In With Ethereum (EIP-4361) — build the canonical message + verify a signed
+// one. The standard way to authenticate a wallet to a backend; pairs with sessions.
+import { verifyMessage } from "./sig.js";
+export function createSiweMessage(p) {
+    const lines = [`${p.domain} wants you to sign in with your Ethereum account:`, p.address, ""];
+    if (p.statement)
+        lines.push(p.statement, "");
+    lines.push(`URI: ${p.uri}`, `Version: ${p.version ?? "1"}`, `Chain ID: ${p.chainId}`, `Nonce: ${p.nonce}`, `Issued At: ${p.issuedAt ?? new Date().toISOString()}`);
+    if (p.expirationTime)
+        lines.push(`Expiration Time: ${p.expirationTime}`);
+    return lines.join("\n");
+}
+function field(message, label) {
+    const m = new RegExp(`^${label}(.*)$`, "m").exec(message);
+    return m?.[1]?.trim();
+}
+// Verify a SIWE message + signature: the signature recovers to the claimed address,
+// the nonce matches (if given), and it isn't expired.
+export async function verifySiweMessage(message, signature, opts = {}) {
+    const address = message.split("\n")[1]?.trim();
+    if (!address || !/^0x[0-9a-fA-F]{40}$/.test(address))
+        return { valid: false };
+    const nonce = field(message, "Nonce: ");
+    if (opts.nonce && nonce !== opts.nonce)
+        return { valid: false };
+    if (opts.domain && !message.startsWith(opts.domain + " "))
+        return { valid: false };
+    const exp = field(message, "Expiration Time: ");
+    if (exp && Date.parse(exp) < Date.now())
+        return { valid: false };
+    const ok = await verifyMessage({ address: address, message, signature: signature });
+    return { valid: ok, address: ok ? address : undefined, nonce };
+}

package/dist/sse.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/sse.test.js

@@ -0,0 +1,28 @@
+import { describe, it, expect } from "vitest";
+import { sse } from "./http.js";
+async function readAll(res) {
+    return await res.text();
+}
+describe("sse", () => {
+    it("formats events (data/event/id) and a heartbeat, and sets the right headers", async () => {
+        const conn = sse();
+        expect(conn.response.headers.get("content-type")).toBe("text/event-stream");
+        conn.send({ px: 100 });
+        conn.send("hello", { event: "tick", id: "7" });
+        conn.ping();
+        conn.send("a\nb"); // multiline → two data: lines
+        conn.close();
+        const text = await readAll(conn.response);
+        expect(text).toContain('data: {"px":100}\n\n');
+        expect(text).toContain("event: tick\nid: 7\ndata: hello\n\n");
+        expect(text).toContain(": ping\n\n");
+        expect(text).toContain("data: a\ndata: b\n\n");
+        expect(conn.closed).toBe(true);
+    });
+    it("stops writing after close (no throw)", async () => {
+        const conn = sse();
+        conn.close();
+        conn.send({ ignored: true });
+        expect(await readAll(conn.response)).toBe("");
+    });
+});

package/dist/telegram.d.ts

@@ -67,5 +67,36 @@ export declare class Telegram {
         command: string;
         description: string;
     }>): Promise<void>;
+    private api;
+    /** Parse a `chat_join_request` update (a user asking to join a join-request chat). */
+    joinRequest(update: Record<string, unknown>): ChatJoinRequest | null;
+    /** Admit a pending join request. */
+    approveJoinRequest(chatId: number | string, userId: number): Promise<unknown>;
+    /** Reject a pending join request. */
+    declineJoinRequest(chatId: number | string, userId: number): Promise<unknown>;
+    /** Remove (ban) a member — the "boot" when they no longer qualify. */
+    banMember(chatId: number | string, userId: number, opts?: {
+        untilDate?: number;
+        revokeMessages?: boolean;
+    }): Promise<unknown>;
+    /** Lift a ban so a re-qualified user can rejoin (does NOT add them back). */
+    unbanMember(chatId: number | string, userId: number, opts?: {
+        onlyIfBanned?: boolean;
+    }): Promise<unknown>;
+    /** Create an invite link. With createsJoinRequest, joins need bot approval (the gate). */
+    createInviteLink(chatId: number | string, opts?: {
+        name?: string;
+        createsJoinRequest?: boolean;
+        expireDate?: number;
+    }): Promise<string>;
+    /** A member's status in a chat ("member" | "left" | "kicked" | "administrator" | "creator" | "restricted"). */
+    memberStatus(chatId: number | string, userId: number): Promise<string | null>;
+}
+export interface ChatJoinRequest {
+    chatId: number;
+    userId: number;
+    username?: string;
+    from: Record<string, unknown>;
+    raw: Record<string, unknown>;
 }
 export {};

package/dist/telegram.js

@@ -132,4 +132,77 @@ export class Telegram {
             body: JSON.stringify({ commands }),
         });
     }
+    // ---- Group / membership management (token-gated rooms) --------------------
+    // Generic Bot API call: POST JSON, return result, throw on Telegram error.
+    async api(method, body) {
+        if (!this.token)
+            throw new Error("Telegram: no bot token (set_secret TELEGRAM_BOT_TOKEN=<token>).");
+        const res = await fetch(`${API}${this.token}/${method}`, {
+            method: "POST",
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify(body),
+        });
+        const j = (await res.json().catch(() => null));
+        if (!res.ok || !j?.ok)
+            throw new Error(`Telegram ${method} failed: ${j?.description ?? "HTTP " + res.status}`);
+        return j.result;
+    }
+    /** Parse a `chat_join_request` update (a user asking to join a join-request chat). */
+    joinRequest(update) {
+        const r = update.chat_join_request;
+        if (!r)
+            return null;
+        const from = r.from;
+        const chat = r.chat;
+        if (!from || !chat)
+            return null;
+        return {
+            chatId: chat.id,
+            userId: from.id,
+            username: from.username,
+            from,
+            raw: r,
+        };
+    }
+    /** Admit a pending join request. */
+    approveJoinRequest(chatId, userId) {
+        return this.api("approveChatJoinRequest", { chat_id: chatId, user_id: userId });
+    }
+    /** Reject a pending join request. */
+    declineJoinRequest(chatId, userId) {
+        return this.api("declineChatJoinRequest", { chat_id: chatId, user_id: userId });
+    }
+    /** Remove (ban) a member — the "boot" when they no longer qualify. */
+    banMember(chatId, userId, opts = {}) {
+        return this.api("banChatMember", {
+            chat_id: chatId,
+            user_id: userId,
+            ...(opts.untilDate ? { until_date: opts.untilDate } : {}),
+            ...(opts.revokeMessages ? { revoke_messages: true } : {}),
+        });
+    }
+    /** Lift a ban so a re-qualified user can rejoin (does NOT add them back). */
+    unbanMember(chatId, userId, opts = { onlyIfBanned: true }) {
+        return this.api("unbanChatMember", { chat_id: chatId, user_id: userId, only_if_banned: opts.onlyIfBanned !== false });
+    }
+    /** Create an invite link. With createsJoinRequest, joins need bot approval (the gate). */
+    async createInviteLink(chatId, opts = {}) {
+        const result = (await this.api("createChatInviteLink", {
+            chat_id: chatId,
+            ...(opts.name ? { name: opts.name } : {}),
+            ...(opts.createsJoinRequest ? { creates_join_request: true } : {}),
+            ...(opts.expireDate ? { expire_date: opts.expireDate } : {}),
+        }));
+        return result.invite_link ?? "";
+    }
+    /** A member's status in a chat ("member" | "left" | "kicked" | "administrator" | "creator" | "restricted"). */
+    async memberStatus(chatId, userId) {
+        try {
+            const result = (await this.api("getChatMember", { chat_id: chatId, user_id: userId }));
+            return result.status ?? null;
+        }
+        catch {
+            return null;
+        }
+    }
 }

package/dist/telegramAuth.d.ts

@@ -0,0 +1,16 @@
+export interface TelegramUser {
+    id: number;
+    username?: string;
+    firstName?: string;
+    lastName?: string;
+    languageCode?: string;
+    isPremium?: boolean;
+    photoUrl?: string;
+}
+export interface VerifyOptions {
+    /** Reject if auth_date is older than this many seconds (0 = no check). Default 86400. */
+    maxAgeSeconds?: number;
+}
+export declare function verifyTelegramInitData(initData: string, botToken: string, options?: VerifyOptions): Promise<TelegramUser | null>;
+export declare function verifyTelegramLoginWidget(data: Record<string, string | number | undefined>, botToken: string, options?: VerifyOptions): Promise<TelegramUser | null>;
+export declare function parseStartPayload(text: string): string | null;