@missionsquad/mcp-server-tron 1.2.0

package/build/core/tools/wallet.js

@@ -0,0 +1,172 @@
+import { z } from "zod";
+import * as services from "../services/index.js";
+export function registerWalletTools(registerTool) {
+    registerTool("get_wallet_address", {
+        description: "Get the address of the configured wallet. Use this to verify which wallet is active.",
+        inputSchema: {},
+        annotations: {
+            title: "Get Wallet Address",
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    }, async () => {
+        try {
+            const address = await services.getOwnerAddress();
+            const walletId = services.getActiveWalletId();
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: JSON.stringify({
+                            walletId: walletId ?? undefined,
+                            address,
+                            base58: services.toBase58Address(address),
+                            hex: services.toHexAddress(address),
+                            message: "This is the wallet that will be used for all transactions",
+                        }, null, 2),
+                    },
+                ],
+            };
+        }
+        catch (error) {
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: `Error: ${error instanceof Error ? error.message : String(error)}`,
+                    },
+                ],
+                isError: true,
+            };
+        }
+    });
+    registerTool("list_wallets", {
+        description: "List all available wallets. Returns wallet IDs, types, and addresses. Use select_wallet to switch between them.",
+        inputSchema: {},
+        annotations: {
+            title: "List Wallets",
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    }, async () => {
+        try {
+            const wallets = await services.listAgentWallets();
+            const activeId = services.getActiveWalletId();
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: JSON.stringify({
+                            activeWalletId: activeId,
+                            wallets,
+                            message: wallets.length === 0
+                                ? "No wallet is currently configured."
+                                : wallets.length === 1
+                                    ? "Using the configured single wallet."
+                                    : `Found ${wallets.length} wallet(s). Use select_wallet to switch the active wallet.`,
+                        }, null, 2),
+                    },
+                ],
+            };
+        }
+        catch (error) {
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: `Error listing wallets: ${error instanceof Error ? error.message : String(error)}`,
+                    },
+                ],
+                isError: true,
+            };
+        }
+    });
+    registerTool("select_wallet", {
+        description: "Switch the active wallet at runtime. Use list_wallets to see available wallet IDs. Only available in Encrypted Storage mode.",
+        legacyOnly: true,
+        inputSchema: {
+            walletId: z.string().describe("The wallet ID to switch to"),
+        },
+        annotations: {
+            title: "Select Wallet",
+            readOnlyHint: false,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    }, async ({ walletId }) => {
+        try {
+            const result = await services.selectWallet(walletId);
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: JSON.stringify({
+                            id: result.id,
+                            address: result.address,
+                            message: `Wallet switched to "${result.id}". All subsequent transactions will use this wallet.`,
+                        }, null, 2),
+                    },
+                ],
+            };
+        }
+        catch (error) {
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: `Error selecting wallet: ${error instanceof Error ? error.message : String(error)}`,
+                    },
+                ],
+                isError: true,
+            };
+        }
+    });
+    registerTool("sign_message", {
+        description: "Sign an arbitrary message using the configured wallet.",
+        inputSchema: {
+            message: z.string().describe("The message to sign"),
+        },
+        annotations: {
+            title: "Sign Message",
+            readOnlyHint: false,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: false,
+        },
+    }, async ({ message }) => {
+        try {
+            const senderAddress = await services.getOwnerAddress();
+            const signature = await services.signMessage(message);
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: JSON.stringify({
+                            message,
+                            signature,
+                            signer: senderAddress,
+                            messageType: "personal_sign",
+                        }, null, 2),
+                    },
+                ],
+            };
+        }
+        catch (error) {
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: `Error signing message: ${error instanceof Error ? error.message : String(error)}`,
+                    },
+                ],
+                isError: true,
+            };
+        }
+    });
+}
+//# sourceMappingURL=wallet.js.map

package/build/core/tools/wallet.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"wallet.js","sourceRoot":"","sources":["../../../src/core/tools/wallet.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,QAAQ,MAAM,sBAAsB,CAAC;AAGjD,MAAM,UAAU,mBAAmB,CAAC,YAA4B;IAC9D,YAAY,CACV,oBAAoB,EACpB;QACE,WAAW,EACT,sFAAsF;QACxF,WAAW,EAAE,EAAE;QACf,WAAW,EAAE;YACX,KAAK,EAAE,oBAAoB;YAC3B,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,KAAK;SACrB;KACF,EACD,KAAK,IAAI,EAAE;QACT,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,eAAe,EAAE,CAAC;YACjD,MAAM,QAAQ,GAAG,QAAQ,CAAC,iBAAiB,EAAE,CAAC;YAC9C,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB;4BACE,QAAQ,EAAE,QAAQ,IAAI,SAAS;4BAC/B,OAAO;4BACP,MAAM,EAAE,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC;4BACzC,GAAG,EAAE,QAAQ,CAAC,YAAY,CAAC,OAAO,CAAC;4BACnC,OAAO,EAAE,2DAA2D;yBACrE,EACD,IAAI,EACJ,CAAC,CACF;qBACF;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,UAAU,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;qBACzE;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;IAEF,YAAY,CACV,cAAc,EACd;QACE,WAAW,EACT,iHAAiH;QACnH,WAAW,EAAE,EAAE;QACf,WAAW,EAAE;YACX,KAAK,EAAE,cAAc;YACrB,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,KAAK;SACrB;KACF,EACD,KAAK,IAAI,EAAE;QACT,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,gBAAgB,EAAE,CAAC;YAClD,MAAM,QAAQ,GAAG,QAAQ,CAAC,iBAAiB,EAAE,CAAC;YAC9C,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB;4BACE,cAAc,EAAE,QAAQ;4BACxB,OAAO;4BACP,OAAO,EACL,OAAO,CAAC,MAAM,KAAK,CAAC;gCAClB,CAAC,CAAC,oCAAoC;gCACtC,CAAC,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC;oCACpB,CAAC,CAAC,qCAAqC;oCACvC,CAAC,CAAC,SAAS,OAAO,CAAC,MAAM,4DAA4D;yBAC5F,EACD,IAAI,EACJ,CAAC,CACF;qBACF;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,0BAA0B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;qBACzF;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;IAEF,YAAY,CACV,eAAe,EACf;QACE,WAAW,EACT,8HAA8H;QAChI,UAAU,EAAE,IAAI;QAChB,WAAW,EAAE;YACX,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4BAA4B,CAAC;SAC5D;QACD,WAAW,EAAE;YACX,KAAK,EAAE,eAAe;YACtB,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,KAAK;SACrB;KACF,EACD,KAAK,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;QACrB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;YACrD,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB;4BACE,EAAE,EAAE,MAAM,CAAC,EAAE;4BACb,OAAO,EAAE,MAAM,CAAC,OAAO;4BACvB,OAAO,EAAE,uBAAuB,MAAM,CAAC,EAAE,sDAAsD;yBAChG,EACD,IAAI,EACJ,CAAC,CACF;qBACF;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,2BAA2B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;qBAC1F;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;IAEF,YAAY,CACV,cAAc,EACd;QACE,WAAW,EAAE,wDAAwD;QACrE,WAAW,EAAE;YACX,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,qBAAqB,CAAC;SACpD;QACD,WAAW,EAAE;YACX,KAAK,EAAE,cAAc;YACrB,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,KAAK;SACrB;KACF,EACD,KAAK,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;QACpB,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,eAAe,EAAE,CAAC;YACvD,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACtD,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB;4BACE,OAAO;4BACP,SAAS;4BACT,MAAM,EAAE,aAAa;4BACrB,WAAW,EAAE,eAAe;yBAC7B,EACD,IAAI,EACJ,CAAC,CACF;qBACF;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,0BAA0B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;qBACzF;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC"}

package/build/index.d.ts

@@ -0,0 +1 @@
+export {};

package/build/index.js

@@ -0,0 +1,21 @@
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import startServer from "./server/server.js";
+// Start the server
+async function main() {
+    try {
+        const isReadOnly = process.argv.includes("--readonly") || process.argv.includes("-r");
+        const server = await startServer({ readOnly: isReadOnly, transport: "stdio" });
+        const transport = new StdioServerTransport();
+        await server.connect(transport);
+        console.error(`mcp-server-tron running on stdio${isReadOnly ? " (readonly)" : ""}`);
+    }
+    catch (error) {
+        console.error("Error starting MCP server:", error);
+        process.exit(1);
+    }
+}
+main().catch((error) => {
+    console.error("Fatal error in main():", error);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/build/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,WAAW,MAAM,oBAAoB,CAAC;AAE7C,mBAAmB;AACnB,KAAK,UAAU,IAAI;IACjB,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACtF,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;QAC/E,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;QAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChC,OAAO,CAAC,KAAK,CAAC,mCAAmC,UAAU,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACtF,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;QACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;IAC/C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/build/middleware/auth.d.ts

@@ -0,0 +1,16 @@
+import type express from "express";
+import type { TenantManager } from "../tenant/TenantManager.js";
+import type { TenantRecord } from "../tenant/types.js";
+declare module "express-serve-static-core" {
+    interface Request {
+        tenantAuth?: {
+            tenant: TenantRecord;
+        } | null;
+    }
+}
+export declare function optionalOAuthTenantAuth(params: {
+    tenantManager: TenantManager;
+    jwtSecret: string;
+    issuer: string;
+    audience: string;
+}): express.RequestHandler;

package/build/middleware/auth.js

@@ -0,0 +1,44 @@
+import jwt from "jsonwebtoken";
+export function optionalOAuthTenantAuth(params) {
+    return (req, res, next) => {
+        const authorization = req.headers.authorization;
+        if (!authorization) {
+            req.tenantAuth = null;
+            next();
+            return;
+        }
+        if (!authorization.startsWith("Bearer ")) {
+            res.status(401).json({ error: "Invalid Authorization header format." });
+            return;
+        }
+        const token = authorization.slice("Bearer ".length).trim();
+        if (!token) {
+            res.status(401).json({ error: "Missing bearer token." });
+            return;
+        }
+        try {
+            const payload = jwt.verify(token, params.jwtSecret, {
+                algorithms: ["HS256"],
+                issuer: params.issuer,
+                audience: params.audience,
+            });
+            const tenant = params.tenantManager.getTenantById(payload.tenantId);
+            if (!tenant) {
+                res.status(401).json({ error: "Tenant not found for access token." });
+                return;
+            }
+            if (tenant.sessionVersion !== payload.sessionVersion) {
+                res.status(401).json({ error: "OAuth token session is no longer valid." });
+                return;
+            }
+            req.tenantAuth = { tenant };
+            next();
+        }
+        catch (error) {
+            res.status(401).json({
+                error: error instanceof Error ? error.message : "Invalid access token.",
+            });
+        }
+    };
+}
+//# sourceMappingURL=auth.js.map

package/build/middleware/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/middleware/auth.ts"],"names":[],"mappings":"AAEA,OAAO,GAAG,MAAM,cAAc,CAAC;AAa/B,MAAM,UAAU,uBAAuB,CAAC,MAKvC;IACC,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAI,EAAE,EAAE;QAC3C,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;QAChD,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC;YACtB,IAAI,EAAE,CAAC;YACP,OAAO;QACT,CAAC;QAED,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACzC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAC,CAAC;YACxE,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;YACzD,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,SAAS,EAAE;gBAClD,UAAU,EAAE,CAAC,OAAO,CAAC;gBACrB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;aAC1B,CAA4B,CAAC;YAE9B,MAAM,MAAM,GAAG,MAAM,CAAC,aAAa,CAAC,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACpE,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC,CAAC;gBACtE,OAAO;YACT,CAAC;YACD,IAAI,MAAM,CAAC,cAAc,KAAK,OAAO,CAAC,cAAc,EAAE,CAAC;gBACrD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC,CAAC;gBAC3E,OAAO;YACT,CAAC;YAED,GAAG,CAAC,UAAU,GAAG,EAAE,MAAM,EAAE,CAAC;YAC5B,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB;aACxE,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/build/oauth/OAuthService.d.ts

@@ -0,0 +1,100 @@
+import type { TenantManager } from "../tenant/TenantManager.js";
+import type { TenantRecord } from "../tenant/types.js";
+import type { ChallengeRecord, OAuthAccessTokenPayload, PendingAuthorizationRequest } from "./types.js";
+export interface OAuthServiceOptions {
+    publicOrigin: string;
+    jwtSecret: string;
+    dataDir: string;
+    authChallengeTtlSeconds?: number;
+    oauthAuthCodeTtlSeconds?: number;
+    oauthAccessTokenTtlSeconds?: number;
+    oauthRefreshTokenTtlSeconds?: number;
+    clientMetadataTimeoutMs?: number;
+}
+export declare class OAuthService {
+    readonly publicOrigin: string;
+    readonly resourceUri: string;
+    readonly authCodeCookieName = "mcp_oauth_request";
+    private readonly jwtSecret;
+    private readonly dataDir;
+    private readonly authChallengeTtlSeconds;
+    private readonly oauthAuthCodeTtlSeconds;
+    private readonly oauthAccessTokenTtlSeconds;
+    private readonly oauthRefreshTokenTtlSeconds;
+    private readonly clientMetadataTimeoutMs;
+    private readonly pendingAuthorizations;
+    private readonly challenges;
+    private readonly authorizationCodes;
+    constructor(options: OAuthServiceOptions);
+    getAuthorizationServerMetadata(): {
+        issuer: string;
+        authorization_endpoint: string;
+        token_endpoint: string;
+        response_types_supported: string[];
+        grant_types_supported: string[];
+        code_challenge_methods_supported: string[];
+        token_endpoint_auth_methods_supported: string[];
+    };
+    getProtectedResourceMetadata(): {
+        resource: string;
+        authorization_servers: string[];
+        bearer_methods_supported: string[];
+    };
+    createPendingAuthorization(params: {
+        responseType?: string;
+        clientId?: string;
+        redirectUri?: string;
+        state?: string;
+        scope?: string;
+        resource?: string;
+        codeChallenge?: string;
+        codeChallengeMethod?: string;
+        now?: number;
+    }): Promise<PendingAuthorizationRequest>;
+    getPendingAuthorization(authRequestId: string): PendingAuthorizationRequest;
+    createWalletChallenge(authRequestId: string, tenant: TenantRecord, now?: number): ChallengeRecord;
+    verifyWalletChallenge(params: {
+        authRequestId: string;
+        tenantManager: TenantManager;
+        walletAddress: string;
+        challenge: string;
+        signature: string;
+        now?: number;
+    }): Promise<{
+        redirectTo: string;
+        tenant: TenantRecord;
+    }>;
+    createWalletAndAuthorize(params: {
+        authRequestId: string;
+        tenantManager: TenantManager;
+        now?: number;
+    }): Promise<{
+        redirectTo: string;
+        tenant: TenantRecord;
+        wallet: {
+            tenantId: string;
+            walletAddress: string;
+            walletAddressHex: string;
+            privateKey: string;
+        };
+    }>;
+    exchangeToken(body: Record<string, unknown>, tenantManager: TenantManager): Promise<{
+        access_token: string;
+        refresh_token?: string;
+        token_type: "Bearer";
+        expires_in: number;
+        scope: string;
+    }>;
+    verifyAccessToken(token: string): OAuthAccessTokenPayload;
+    private exchangeAuthorizationCode;
+    private exchangeRefreshToken;
+    private issueAuthorizationCode;
+    private issueAccessToken;
+    private issueRefreshToken;
+    private loadRefreshTokenRecord;
+    private writeRefreshTokenRecord;
+    private getRefreshTokenDir;
+    private getRefreshTokenPath;
+    private requireChallenge;
+    private validateClientMetadata;
+}