kawasekit 0.1.0-beta.6 → 0.2.0

package/dist/asset-domain-4Ioxqn28.d.cts

@@ -0,0 +1,348 @@
+import { Address, Hex, Account } from 'viem';
+
+/**
+ * EIP-3009 typed-data builders and signing helpers.
+ *
+ * Token-agnostic: works for any EIP-3009-compliant token (JPYC, USDC, USDP,
+ * Centre FiatToken family). Pure off-chain construction — no chain RPC, no
+ * submission. Submission is the caller's job (M3 x402 flow, or arbitrary
+ * gas-paying relayer).
+ *
+ * @packageDocumentation
+ */
+
+/**
+ * EIP-712 domain for an EIP-3009-compliant token.
+ *
+ * `name` and `version` MUST match the values the token used when computing
+ * its `DOMAIN_SEPARATOR`. For JPYC see {@link JPYC_EIP712_DOMAIN_HINT}.
+ */
+interface Eip3009Domain {
+    readonly name: string;
+    readonly version: string;
+    readonly chainId: number;
+    readonly verifyingContract: Address;
+}
+/** Message body for {@link signTransferWithAuthorization}. */
+interface TransferWithAuthorizationMessage {
+    readonly from: Address;
+    readonly to: Address;
+    readonly value: bigint;
+    readonly validAfter: bigint;
+    readonly validBefore: bigint;
+    /** 32-byte random nonce. Generate with {@link generateAuthorizationNonce}. */
+    readonly nonce: Hex;
+}
+/** Message body for {@link signReceiveWithAuthorization}. */
+type ReceiveWithAuthorizationMessage = TransferWithAuthorizationMessage;
+/** Message body for {@link signCancelAuthorization}. */
+interface CancelAuthorizationMessage {
+    readonly authorizer: Address;
+    readonly nonce: Hex;
+}
+/**
+ * A signed EIP-3009 authorization, ready to be passed to the token's
+ * `*WithAuthorization` entrypoint as `(v, r, s)`.
+ */
+interface SignedAuthorization<TMessage> {
+    readonly signature: Hex;
+    readonly v: number;
+    readonly r: Hex;
+    readonly s: Hex;
+    readonly domain: Eip3009Domain;
+    readonly message: TMessage;
+}
+/**
+ * Canonical EIP-712 `TransferWithAuthorization` type definition.
+ *
+ * This is the **single source of truth** for the typed-data structure (field
+ * names, types, and order) that EIP-3009 hashes and `ecrecover` verifies.
+ * Exported so out-of-process / cross-language consumers — notably the `mpc-2p`
+ * co-signer backend (RFC M6-1 §4.5, H1) — bind to this exact definition (or
+ * codegen from it) instead of re-declaring it, and so the digest the policy
+ * gates on is provably the digest the chain verifies (see the digest-conformance
+ * corpus in `__fixtures__/eip3009-digest.vectors.json`).
+ */
+declare const transferWithAuthorizationTypes: {
+    readonly TransferWithAuthorization: readonly [{
+        readonly name: "from";
+        readonly type: "address";
+    }, {
+        readonly name: "to";
+        readonly type: "address";
+    }, {
+        readonly name: "value";
+        readonly type: "uint256";
+    }, {
+        readonly name: "validAfter";
+        readonly type: "uint256";
+    }, {
+        readonly name: "validBefore";
+        readonly type: "uint256";
+    }, {
+        readonly name: "nonce";
+        readonly type: "bytes32";
+    }];
+};
+/** Canonical EIP-712 `ReceiveWithAuthorization` types. See {@link transferWithAuthorizationTypes}. */
+declare const receiveWithAuthorizationTypes: {
+    readonly ReceiveWithAuthorization: readonly [{
+        readonly name: "from";
+        readonly type: "address";
+    }, {
+        readonly name: "to";
+        readonly type: "address";
+    }, {
+        readonly name: "value";
+        readonly type: "uint256";
+    }, {
+        readonly name: "validAfter";
+        readonly type: "uint256";
+    }, {
+        readonly name: "validBefore";
+        readonly type: "uint256";
+    }, {
+        readonly name: "nonce";
+        readonly type: "bytes32";
+    }];
+};
+/** Canonical EIP-712 `CancelAuthorization` types. See {@link transferWithAuthorizationTypes}. */
+declare const cancelAuthorizationTypes: {
+    readonly CancelAuthorization: readonly [{
+        readonly name: "authorizer";
+        readonly type: "address";
+    }, {
+        readonly name: "nonce";
+        readonly type: "bytes32";
+    }];
+};
+/**
+ * Generates a cryptographically random 32-byte EIP-3009 nonce.
+ *
+ * The nonce only needs to be unique per `(authorizer, contract)` — duplicates
+ * across different tokens are harmless because the contract scopes them.
+ *
+ * @example
+ * ```ts
+ * import { generateAuthorizationNonce } from "kawasekit";
+ *
+ * const nonce = generateAuthorizationNonce();
+ * ```
+ */
+declare function generateAuthorizationNonce(): Hex;
+/**
+ * Derives a **deterministic** 32-byte EIP-3009 nonce from a reasoning-step
+ * idempotency key, scoped to `(from, verifyingContract, chainId)` so the same
+ * key never collides across tokens or chains (M5-1, Half B).
+ *
+ * `nonce = keccak256(DOMAIN_TAG ‖ idempotencyKey ‖ from ‖ verifyingContract ‖
+ * chainId)`. **No shared secret**: determinism across replicas / sub-agents
+ * needs only a shared `conversationId` (the source of the key), not secret
+ * distribution. A replayed key ⇒ identical nonce ⇒ the token contract's
+ * `authorizationState` rejects the second settlement — the on-chain last line of
+ * defence against re-signed same-intent duplicate payments. Use in place of
+ * {@link generateAuthorizationNonce} only when a key is available.
+ *
+ * `chainId` is in the preimage, so the same JPYC address on Polygon / Avalanche
+ * / Kaia / Ethereum yields distinct nonces (cross-chain replay safety).
+ *
+ * @example
+ * ```ts
+ * import { deriveAuthorizationNonce } from "kawasekit";
+ *
+ * const nonce = deriveAuthorizationNonce(
+ *   { idempotencyKey },
+ *   { from: account.address, verifyingContract, chainId },
+ * );
+ * ```
+ */
+declare function deriveAuthorizationNonce(input: {
+    readonly idempotencyKey: string;
+}, scope: {
+    readonly from: Address;
+    readonly verifyingContract: Address;
+    readonly chainId: number;
+}): Hex;
+/**
+ * Returns a `validBefore` UNIX timestamp `seconds` in the future.
+ *
+ * @param seconds - Lifetime of the authorization, in seconds.
+ * @param nowSec - Optional override of "now" (defaults to {@link Date.now}).
+ *
+ * @example
+ * ```ts
+ * import { authorizationDeadlineFromNow } from "kawasekit";
+ *
+ * const validBefore = authorizationDeadlineFromNow(60 * 5); // 5 minutes
+ * ```
+ */
+declare function authorizationDeadlineFromNow(seconds: number, nowSec?: bigint): bigint;
+/**
+ * Signs an EIP-3009 `TransferWithAuthorization` message.
+ *
+ * The signing account MUST equal `message.from` — EIP-3009 rejects signatures
+ * from anyone else (the on-chain check is pure `ecrecover` against `from`).
+ *
+ * @example
+ * ```ts
+ * import { privateKeyToAccount } from "viem/accounts";
+ * import {
+ *   authorizationDeadlineFromNow,
+ *   generateAuthorizationNonce,
+ *   JPYC_EIP712_DOMAIN_HINT,
+ *   polygon,
+ *   signTransferWithAuthorization,
+ * } from "kawasekit";
+ *
+ * const account = privateKeyToAccount("0x...");
+ * const signed = await signTransferWithAuthorization(account, {
+ *   ...JPYC_EIP712_DOMAIN_HINT,
+ *   chainId: polygon.id,
+ *   verifyingContract: "0xE7C3D8C9a439feDe00D2600032D5dB0Be71C3c29",
+ * }, {
+ *   from: account.address,
+ *   to: "0xBeef...",
+ *   value: 100n * 10n ** 18n,
+ *   validAfter: 0n,
+ *   validBefore: authorizationDeadlineFromNow(300),
+ *   nonce: generateAuthorizationNonce(),
+ * });
+ * // → submit (v, r, s) to token.transferWithAuthorization(...)
+ * ```
+ */
+declare function signTransferWithAuthorization(account: Account, domain: Eip3009Domain, message: TransferWithAuthorizationMessage): Promise<SignedAuthorization<TransferWithAuthorizationMessage>>;
+/**
+ * Signs an EIP-3009 `ReceiveWithAuthorization` message.
+ *
+ * Differs from {@link signTransferWithAuthorization} in two ways:
+ * 1. Uses the `ReceiveWithAuthorization` EIP-712 type.
+ * 2. The contract additionally enforces `msg.sender == to` at submission
+ *    time, so only `to` (or a relayer impersonating `to` — impossible in
+ *    practice) can land the tx.
+ */
+declare function signReceiveWithAuthorization(account: Account, domain: Eip3009Domain, message: ReceiveWithAuthorizationMessage): Promise<SignedAuthorization<ReceiveWithAuthorizationMessage>>;
+/**
+ * Signs an EIP-3009 `CancelAuthorization` message.
+ *
+ * Cancelling consumes the nonce so a later `transferWithAuthorization` or
+ * `receiveWithAuthorization` with the same nonce will revert.
+ */
+declare function signCancelAuthorization(account: Account, domain: Eip3009Domain, message: CancelAuthorizationMessage): Promise<SignedAuthorization<CancelAuthorizationMessage>>;
+
+/**
+ * Known-asset registry for {@link createX402PaymentSigner}'s
+ * `asset: { kind: "known", id }` discriminated-union branch.
+ *
+ * kawasekit only ships pinned EIP-712 domain definitions for assets it has
+ * verified empirically against the deployed contracts. Adding a new entry
+ * here requires citing the source-file + line reference for the contract
+ * that owns the `name` / `version` (so the next reviewer can spot-check the
+ * claim, the same discipline `docs/THREAT_MODEL.md` §0 demands of any ✅
+ * verdict that delegates to an out-of-scope component).
+ *
+ * @packageDocumentation
+ */
+
+/** Known asset identifiers. New entries must update this union AND the table. */
+type KnownAssetId = "jpyc-v2";
+/** Fully-pinned EIP-712 domain for a known asset. */
+interface KnownAssetDomain {
+    readonly id: KnownAssetId;
+    readonly name: string;
+    readonly version: string;
+    readonly verifyingContract: Address;
+}
+/**
+ * Look up a known asset's pinned EIP-712 domain by id.
+ *
+ * @returns The domain, or `undefined` if the id is not in the registry.
+ *
+ * @example
+ * ```ts
+ * import { getKnownAssetDomain } from "kawasekit";
+ *
+ * const jpyc = getKnownAssetDomain("jpyc-v2");
+ * if (jpyc === undefined) throw new Error("unreachable");
+ * console.log(jpyc.verifyingContract); // 0xE7C3D8C9a439feDe00D2600032D5dB0Be71C3c29
+ * ```
+ */
+declare function getKnownAssetDomain(id: KnownAssetId): KnownAssetDomain | undefined;
+/** List every known asset id (for diagnostics / error messages). */
+declare function listKnownAssetIds(): readonly KnownAssetId[];
+
+/**
+ * EIP-712 asset-domain resolution for x402 / EIP-3009 signing.
+ *
+ * Construction-time pinning of the EIP-712 domain (`name` / `version` /
+ * `verifyingContract`) a signer will use. The integrator declares an
+ * {@link X402AssetParam} — either a kawasekit-maintained `known` asset or a
+ * loud `unsafeOverride` — and {@link resolveAssetParam} resolves it to a pinned
+ * {@link ResolvedAsset}. The signer then trusts only this pinned domain and
+ * refuses to sign for a mismatched advertised asset (Threat 1.4: misadvertised
+ * EIP-712 domain).
+ *
+ * Token-domain concern, reused by both the x402 signer (`src/x402/client.ts`)
+ * and the M6 PolicyGatedSigner (`src/signer/`).
+ *
+ * @packageDocumentation
+ */
+
+/** EIP-712 token domain `name` / `version` pair. */
+interface X402TokenDomain {
+    readonly name: string;
+    readonly version: string;
+}
+/**
+ * Asset binding for {@link createX402PaymentSigner} and the M6 PolicyGatedSigner.
+ * Required, discriminated.
+ *
+ * **Default-on whitelist**: integrators MUST declare which asset they intend
+ * to sign for. The `known` branch references a kawasekit-maintained
+ * whitelist (see `src/tokens/known-assets.ts`); the `unsafeOverride` branch
+ * is the deliberate escape hatch for any other asset and is named loudly so
+ * it survives a code review. Either way, the signer pins the EIP-712 domain
+ * at construction time and refuses to sign if `paymentRequirements.asset`
+ * disagrees with the pinned `verifyingContract`.
+ *
+ * Closes Threat 1.4 (misadvertised EIP-712 domain): the server's advertised
+ * `extra.name` / `extra.version` and `asset` are all ignored for signing
+ * purposes — the signer trusts only what the integrator declared here.
+ */
+type X402AssetParam = {
+    /** Use a kawasekit-maintained pinned EIP-712 domain. */
+    readonly kind: "known";
+    /** The asset id to pin. See {@link KnownAssetId} for the registry. */
+    readonly id: KnownAssetId;
+} | {
+    /**
+     * Use a caller-supplied EIP-712 domain for an asset NOT on the
+     * kawasekit whitelist. The name is deliberately loud — pick this
+     * branch only when you have separately audited the contract and its
+     * `eip712Domain()` output.
+     */
+    readonly kind: "unsafeOverride";
+    readonly domain: {
+        readonly name: string;
+        readonly version: string;
+        readonly verifyingContract: Address;
+    };
+};
+/** Construction-time resolution of an {@link X402AssetParam} to a pinned domain. */
+interface ResolvedAsset {
+    readonly name: string;
+    readonly version: string;
+    readonly verifyingContract: Address;
+}
+/**
+ * Assemble the EIP-712 {@link Eip3009Domain} from a construction-time pinned
+ * {@link ResolvedAsset} and the runtime `chainId`.
+ *
+ * The single place that maps `(pinned asset, chainId) -> domain`, so every
+ * signing path (`src/x402/client.ts`, `src/signer/`) builds the domain
+ * identically — the domain half of the EIP-712 single-source-of-truth the
+ * `mpc-2p` backend relies on (RFC M6-1 §4.5, H1). `name` / `version` /
+ * `verifyingContract` come from the pinned asset; only `chainId` is per-request.
+ */
+declare function resolvedAssetToEip3009Domain(asset: ResolvedAsset, chainId: number): Eip3009Domain;
+
+export { type CancelAuthorizationMessage as C, type Eip3009Domain as E, type KnownAssetDomain as K, type ReceiveWithAuthorizationMessage as R, type SignedAuthorization as S, type TransferWithAuthorizationMessage as T, type X402AssetParam as X, type KnownAssetId as a, type ResolvedAsset as b, type X402TokenDomain as c, authorizationDeadlineFromNow as d, cancelAuthorizationTypes as e, deriveAuthorizationNonce as f, generateAuthorizationNonce as g, getKnownAssetDomain as h, resolvedAssetToEip3009Domain as i, signReceiveWithAuthorization as j, signTransferWithAuthorization as k, listKnownAssetIds as l, receiveWithAuthorizationTypes as r, signCancelAuthorization as s, transferWithAuthorizationTypes as t };

package/dist/asset-domain-4Ioxqn28.d.ts

@@ -0,0 +1,348 @@
+import { Address, Hex, Account } from 'viem';
+
+/**
+ * EIP-3009 typed-data builders and signing helpers.
+ *
+ * Token-agnostic: works for any EIP-3009-compliant token (JPYC, USDC, USDP,
+ * Centre FiatToken family). Pure off-chain construction — no chain RPC, no
+ * submission. Submission is the caller's job (M3 x402 flow, or arbitrary
+ * gas-paying relayer).
+ *
+ * @packageDocumentation
+ */
+
+/**
+ * EIP-712 domain for an EIP-3009-compliant token.
+ *
+ * `name` and `version` MUST match the values the token used when computing
+ * its `DOMAIN_SEPARATOR`. For JPYC see {@link JPYC_EIP712_DOMAIN_HINT}.
+ */
+interface Eip3009Domain {
+    readonly name: string;
+    readonly version: string;
+    readonly chainId: number;
+    readonly verifyingContract: Address;
+}
+/** Message body for {@link signTransferWithAuthorization}. */
+interface TransferWithAuthorizationMessage {
+    readonly from: Address;
+    readonly to: Address;
+    readonly value: bigint;
+    readonly validAfter: bigint;
+    readonly validBefore: bigint;
+    /** 32-byte random nonce. Generate with {@link generateAuthorizationNonce}. */
+    readonly nonce: Hex;
+}
+/** Message body for {@link signReceiveWithAuthorization}. */
+type ReceiveWithAuthorizationMessage = TransferWithAuthorizationMessage;
+/** Message body for {@link signCancelAuthorization}. */
+interface CancelAuthorizationMessage {
+    readonly authorizer: Address;
+    readonly nonce: Hex;
+}
+/**
+ * A signed EIP-3009 authorization, ready to be passed to the token's
+ * `*WithAuthorization` entrypoint as `(v, r, s)`.
+ */
+interface SignedAuthorization<TMessage> {
+    readonly signature: Hex;
+    readonly v: number;
+    readonly r: Hex;
+    readonly s: Hex;
+    readonly domain: Eip3009Domain;
+    readonly message: TMessage;
+}
+/**
+ * Canonical EIP-712 `TransferWithAuthorization` type definition.
+ *
+ * This is the **single source of truth** for the typed-data structure (field
+ * names, types, and order) that EIP-3009 hashes and `ecrecover` verifies.
+ * Exported so out-of-process / cross-language consumers — notably the `mpc-2p`
+ * co-signer backend (RFC M6-1 §4.5, H1) — bind to this exact definition (or
+ * codegen from it) instead of re-declaring it, and so the digest the policy
+ * gates on is provably the digest the chain verifies (see the digest-conformance
+ * corpus in `__fixtures__/eip3009-digest.vectors.json`).
+ */
+declare const transferWithAuthorizationTypes: {
+    readonly TransferWithAuthorization: readonly [{
+        readonly name: "from";
+        readonly type: "address";
+    }, {
+        readonly name: "to";
+        readonly type: "address";
+    }, {
+        readonly name: "value";
+        readonly type: "uint256";
+    }, {
+        readonly name: "validAfter";
+        readonly type: "uint256";
+    }, {
+        readonly name: "validBefore";
+        readonly type: "uint256";
+    }, {
+        readonly name: "nonce";
+        readonly type: "bytes32";
+    }];
+};
+/** Canonical EIP-712 `ReceiveWithAuthorization` types. See {@link transferWithAuthorizationTypes}. */
+declare const receiveWithAuthorizationTypes: {
+    readonly ReceiveWithAuthorization: readonly [{
+        readonly name: "from";
+        readonly type: "address";
+    }, {
+        readonly name: "to";
+        readonly type: "address";
+    }, {
+        readonly name: "value";
+        readonly type: "uint256";
+    }, {
+        readonly name: "validAfter";
+        readonly type: "uint256";
+    }, {
+        readonly name: "validBefore";
+        readonly type: "uint256";
+    }, {
+        readonly name: "nonce";
+        readonly type: "bytes32";
+    }];
+};
+/** Canonical EIP-712 `CancelAuthorization` types. See {@link transferWithAuthorizationTypes}. */
+declare const cancelAuthorizationTypes: {
+    readonly CancelAuthorization: readonly [{
+        readonly name: "authorizer";
+        readonly type: "address";
+    }, {
+        readonly name: "nonce";
+        readonly type: "bytes32";
+    }];
+};
+/**
+ * Generates a cryptographically random 32-byte EIP-3009 nonce.
+ *
+ * The nonce only needs to be unique per `(authorizer, contract)` — duplicates
+ * across different tokens are harmless because the contract scopes them.
+ *
+ * @example
+ * ```ts
+ * import { generateAuthorizationNonce } from "kawasekit";
+ *
+ * const nonce = generateAuthorizationNonce();
+ * ```
+ */
+declare function generateAuthorizationNonce(): Hex;
+/**
+ * Derives a **deterministic** 32-byte EIP-3009 nonce from a reasoning-step
+ * idempotency key, scoped to `(from, verifyingContract, chainId)` so the same
+ * key never collides across tokens or chains (M5-1, Half B).
+ *
+ * `nonce = keccak256(DOMAIN_TAG ‖ idempotencyKey ‖ from ‖ verifyingContract ‖
+ * chainId)`. **No shared secret**: determinism across replicas / sub-agents
+ * needs only a shared `conversationId` (the source of the key), not secret
+ * distribution. A replayed key ⇒ identical nonce ⇒ the token contract's
+ * `authorizationState` rejects the second settlement — the on-chain last line of
+ * defence against re-signed same-intent duplicate payments. Use in place of
+ * {@link generateAuthorizationNonce} only when a key is available.
+ *
+ * `chainId` is in the preimage, so the same JPYC address on Polygon / Avalanche
+ * / Kaia / Ethereum yields distinct nonces (cross-chain replay safety).
+ *
+ * @example
+ * ```ts
+ * import { deriveAuthorizationNonce } from "kawasekit";
+ *
+ * const nonce = deriveAuthorizationNonce(
+ *   { idempotencyKey },
+ *   { from: account.address, verifyingContract, chainId },
+ * );
+ * ```
+ */
+declare function deriveAuthorizationNonce(input: {
+    readonly idempotencyKey: string;
+}, scope: {
+    readonly from: Address;
+    readonly verifyingContract: Address;
+    readonly chainId: number;
+}): Hex;
+/**
+ * Returns a `validBefore` UNIX timestamp `seconds` in the future.
+ *
+ * @param seconds - Lifetime of the authorization, in seconds.
+ * @param nowSec - Optional override of "now" (defaults to {@link Date.now}).
+ *
+ * @example
+ * ```ts
+ * import { authorizationDeadlineFromNow } from "kawasekit";
+ *
+ * const validBefore = authorizationDeadlineFromNow(60 * 5); // 5 minutes
+ * ```
+ */
+declare function authorizationDeadlineFromNow(seconds: number, nowSec?: bigint): bigint;
+/**
+ * Signs an EIP-3009 `TransferWithAuthorization` message.
+ *
+ * The signing account MUST equal `message.from` — EIP-3009 rejects signatures
+ * from anyone else (the on-chain check is pure `ecrecover` against `from`).
+ *
+ * @example
+ * ```ts
+ * import { privateKeyToAccount } from "viem/accounts";
+ * import {
+ *   authorizationDeadlineFromNow,
+ *   generateAuthorizationNonce,
+ *   JPYC_EIP712_DOMAIN_HINT,
+ *   polygon,
+ *   signTransferWithAuthorization,
+ * } from "kawasekit";
+ *
+ * const account = privateKeyToAccount("0x...");
+ * const signed = await signTransferWithAuthorization(account, {
+ *   ...JPYC_EIP712_DOMAIN_HINT,
+ *   chainId: polygon.id,
+ *   verifyingContract: "0xE7C3D8C9a439feDe00D2600032D5dB0Be71C3c29",
+ * }, {
+ *   from: account.address,
+ *   to: "0xBeef...",
+ *   value: 100n * 10n ** 18n,
+ *   validAfter: 0n,
+ *   validBefore: authorizationDeadlineFromNow(300),
+ *   nonce: generateAuthorizationNonce(),
+ * });
+ * // → submit (v, r, s) to token.transferWithAuthorization(...)
+ * ```
+ */
+declare function signTransferWithAuthorization(account: Account, domain: Eip3009Domain, message: TransferWithAuthorizationMessage): Promise<SignedAuthorization<TransferWithAuthorizationMessage>>;
+/**
+ * Signs an EIP-3009 `ReceiveWithAuthorization` message.
+ *
+ * Differs from {@link signTransferWithAuthorization} in two ways:
+ * 1. Uses the `ReceiveWithAuthorization` EIP-712 type.
+ * 2. The contract additionally enforces `msg.sender == to` at submission
+ *    time, so only `to` (or a relayer impersonating `to` — impossible in
+ *    practice) can land the tx.
+ */
+declare function signReceiveWithAuthorization(account: Account, domain: Eip3009Domain, message: ReceiveWithAuthorizationMessage): Promise<SignedAuthorization<ReceiveWithAuthorizationMessage>>;
+/**
+ * Signs an EIP-3009 `CancelAuthorization` message.
+ *
+ * Cancelling consumes the nonce so a later `transferWithAuthorization` or
+ * `receiveWithAuthorization` with the same nonce will revert.
+ */
+declare function signCancelAuthorization(account: Account, domain: Eip3009Domain, message: CancelAuthorizationMessage): Promise<SignedAuthorization<CancelAuthorizationMessage>>;
+
+/**
+ * Known-asset registry for {@link createX402PaymentSigner}'s
+ * `asset: { kind: "known", id }` discriminated-union branch.
+ *
+ * kawasekit only ships pinned EIP-712 domain definitions for assets it has
+ * verified empirically against the deployed contracts. Adding a new entry
+ * here requires citing the source-file + line reference for the contract
+ * that owns the `name` / `version` (so the next reviewer can spot-check the
+ * claim, the same discipline `docs/THREAT_MODEL.md` §0 demands of any ✅
+ * verdict that delegates to an out-of-scope component).
+ *
+ * @packageDocumentation
+ */
+
+/** Known asset identifiers. New entries must update this union AND the table. */
+type KnownAssetId = "jpyc-v2";
+/** Fully-pinned EIP-712 domain for a known asset. */
+interface KnownAssetDomain {
+    readonly id: KnownAssetId;
+    readonly name: string;
+    readonly version: string;
+    readonly verifyingContract: Address;
+}
+/**
+ * Look up a known asset's pinned EIP-712 domain by id.
+ *
+ * @returns The domain, or `undefined` if the id is not in the registry.
+ *
+ * @example
+ * ```ts
+ * import { getKnownAssetDomain } from "kawasekit";
+ *
+ * const jpyc = getKnownAssetDomain("jpyc-v2");
+ * if (jpyc === undefined) throw new Error("unreachable");
+ * console.log(jpyc.verifyingContract); // 0xE7C3D8C9a439feDe00D2600032D5dB0Be71C3c29
+ * ```
+ */
+declare function getKnownAssetDomain(id: KnownAssetId): KnownAssetDomain | undefined;
+/** List every known asset id (for diagnostics / error messages). */
+declare function listKnownAssetIds(): readonly KnownAssetId[];
+
+/**
+ * EIP-712 asset-domain resolution for x402 / EIP-3009 signing.
+ *
+ * Construction-time pinning of the EIP-712 domain (`name` / `version` /
+ * `verifyingContract`) a signer will use. The integrator declares an
+ * {@link X402AssetParam} — either a kawasekit-maintained `known` asset or a
+ * loud `unsafeOverride` — and {@link resolveAssetParam} resolves it to a pinned
+ * {@link ResolvedAsset}. The signer then trusts only this pinned domain and
+ * refuses to sign for a mismatched advertised asset (Threat 1.4: misadvertised
+ * EIP-712 domain).
+ *
+ * Token-domain concern, reused by both the x402 signer (`src/x402/client.ts`)
+ * and the M6 PolicyGatedSigner (`src/signer/`).
+ *
+ * @packageDocumentation
+ */
+
+/** EIP-712 token domain `name` / `version` pair. */
+interface X402TokenDomain {
+    readonly name: string;
+    readonly version: string;
+}
+/**
+ * Asset binding for {@link createX402PaymentSigner} and the M6 PolicyGatedSigner.
+ * Required, discriminated.
+ *
+ * **Default-on whitelist**: integrators MUST declare which asset they intend
+ * to sign for. The `known` branch references a kawasekit-maintained
+ * whitelist (see `src/tokens/known-assets.ts`); the `unsafeOverride` branch
+ * is the deliberate escape hatch for any other asset and is named loudly so
+ * it survives a code review. Either way, the signer pins the EIP-712 domain
+ * at construction time and refuses to sign if `paymentRequirements.asset`
+ * disagrees with the pinned `verifyingContract`.
+ *
+ * Closes Threat 1.4 (misadvertised EIP-712 domain): the server's advertised
+ * `extra.name` / `extra.version` and `asset` are all ignored for signing
+ * purposes — the signer trusts only what the integrator declared here.
+ */
+type X402AssetParam = {
+    /** Use a kawasekit-maintained pinned EIP-712 domain. */
+    readonly kind: "known";
+    /** The asset id to pin. See {@link KnownAssetId} for the registry. */
+    readonly id: KnownAssetId;
+} | {
+    /**
+     * Use a caller-supplied EIP-712 domain for an asset NOT on the
+     * kawasekit whitelist. The name is deliberately loud — pick this
+     * branch only when you have separately audited the contract and its
+     * `eip712Domain()` output.
+     */
+    readonly kind: "unsafeOverride";
+    readonly domain: {
+        readonly name: string;
+        readonly version: string;
+        readonly verifyingContract: Address;
+    };
+};
+/** Construction-time resolution of an {@link X402AssetParam} to a pinned domain. */
+interface ResolvedAsset {
+    readonly name: string;
+    readonly version: string;
+    readonly verifyingContract: Address;
+}
+/**
+ * Assemble the EIP-712 {@link Eip3009Domain} from a construction-time pinned
+ * {@link ResolvedAsset} and the runtime `chainId`.
+ *
+ * The single place that maps `(pinned asset, chainId) -> domain`, so every
+ * signing path (`src/x402/client.ts`, `src/signer/`) builds the domain
+ * identically — the domain half of the EIP-712 single-source-of-truth the
+ * `mpc-2p` backend relies on (RFC M6-1 §4.5, H1). `name` / `version` /
+ * `verifyingContract` come from the pinned asset; only `chainId` is per-request.
+ */
+declare function resolvedAssetToEip3009Domain(asset: ResolvedAsset, chainId: number): Eip3009Domain;
+
+export { type CancelAuthorizationMessage as C, type Eip3009Domain as E, type KnownAssetDomain as K, type ReceiveWithAuthorizationMessage as R, type SignedAuthorization as S, type TransferWithAuthorizationMessage as T, type X402AssetParam as X, type KnownAssetId as a, type ResolvedAsset as b, type X402TokenDomain as c, authorizationDeadlineFromNow as d, cancelAuthorizationTypes as e, deriveAuthorizationNonce as f, generateAuthorizationNonce as g, getKnownAssetDomain as h, resolvedAssetToEip3009Domain as i, signReceiveWithAuthorization as j, signTransferWithAuthorization as k, listKnownAssetIds as l, receiveWithAuthorizationTypes as r, signCancelAuthorization as s, transferWithAuthorizationTypes as t };