signet-auth 1.0.0-beta.0

package/dist/strategies/cookie.strategy.js

@@ -0,0 +1,118 @@
+import { ok, err } from '../core/result.js';
+import { BrowserError } from '../core/errors.js';
+import { parseDuration } from '../utils/duration.js';
+import { runHybridFlow } from '../browser/flows/hybrid-flow.js';
+import { isLoginPage } from '../browser/flows/form-login.flow.js';
+import { hasOAuthTokens } from '../browser/flows/oauth-consent.flow.js';
+const DEFAULT_TTL = '24h';
+/**
+ * Cookie-based authentication strategy.
+ * Launches a browser, navigates to the login page, waits for user auth,
+ * then extracts cookies from the authenticated session.
+ */
+class CookieStrategy {
+    ttlMs;
+    requiredCookies;
+    strategyConfig;
+    constructor(config) {
+        this.strategyConfig = config;
+        this.ttlMs = parseDuration(config.ttl ?? DEFAULT_TTL);
+        this.requiredCookies = config.requiredCookies ?? [];
+    }
+    validate(credential) {
+        if (credential.type !== 'cookie')
+            return ok(false);
+        // Check TTL based on obtainedAt
+        const obtainedAt = new Date(credential.obtainedAt).getTime();
+        if (Date.now() - obtainedAt > this.ttlMs) {
+            return ok(false);
+        }
+        // Check individual cookie expiry
+        const now = Date.now() / 1000;
+        const hasExpired = credential.cookies.some(c => c.expires > 0 && c.expires < now);
+        if (hasExpired)
+            return ok(false);
+        // Ensure we have at least one cookie
+        if (credential.cookies.length === 0)
+            return ok(false);
+        return ok(true);
+    }
+    async authenticate(provider, context) {
+        const adapter = context.browserAdapter;
+        if (!provider.entryUrl) {
+            return err(new BrowserError(`Provider "${provider.id}" requires an entryUrl for cookie authentication.`, provider.id));
+        }
+        return await runHybridFlow(adapter, {
+            entryUrl: provider.entryUrl,
+            browserConfig: context.browserConfig,
+            forceVisible: provider.forceVisible ?? false,
+            // Cookie auth needs networkidle to ensure all post-SSO Set-Cookie responses arrive
+            waitUntil: 'networkidle',
+            xHeaders: provider.xHeaders,
+            providerDomains: provider.domains,
+            isAuthenticated: async (page) => {
+                // If requiredCookies is set, auth is complete only when those cookies exist
+                if (this.requiredCookies.length > 0) {
+                    const urls = provider.domains.map(d => `https://${d}/`);
+                    const cookies = await page.cookies(urls);
+                    const cookieNames = new Set(cookies.map(c => c.name));
+                    return this.requiredCookies.every(name => cookieNames.has(name));
+                }
+                // Default: auth is complete when we're no longer on a login page
+                const onLoginPage = await isLoginPage(page);
+                return !onLoginPage;
+            },
+            extractCredentials: async (page, xHeaders, meta) => {
+                // Only extract cookies matching this provider's domains (not all cookies from the shared profile)
+                // Include both domain roots AND current page URL (to capture path-scoped cookies like /wiki)
+                const urls = provider.domains.map(d => `https://${d}/`);
+                const currentUrl = page.url();
+                if (currentUrl && !urls.includes(currentUrl))
+                    urls.push(currentUrl);
+                const cookies = await page.cookies(urls);
+                if (cookies.length === 0) {
+                    return err(new BrowserError('No cookies found after authentication.', provider.id));
+                }
+                // Probe for OAuth tokens in browser storage (strategy mismatch detection)
+                const oauthTokensDetected = await hasOAuthTokens(page).catch(() => false);
+                const credential = {
+                    type: 'cookie',
+                    cookies,
+                    obtainedAt: new Date().toISOString(),
+                    ...(xHeaders && Object.keys(xHeaders).length > 0 ? { xHeaders } : {}),
+                };
+                // Attach diagnostics metadata for post-auth validation
+                credential.__diagnostics = {
+                    authDetectedImmediately: meta?.immediateAuth ?? false,
+                    oauthTokensDetected,
+                    cookiesExtracted: cookies.length,
+                };
+                return ok(credential);
+            },
+        });
+    }
+    async refresh() {
+        // Cookies can't be refreshed — must re-authenticate via browser
+        return ok(null);
+    }
+    applyToRequest(credential) {
+        if (credential.type !== 'cookie')
+            return {};
+        const cookieStr = credential.cookies
+            .map(c => `${c.name}=${c.value}`)
+            .join('; ');
+        // Apply x-headers first, then set Cookie so it always wins
+        const headers = { ...credential.xHeaders };
+        headers['Cookie'] = cookieStr;
+        return headers;
+    }
+}
+export class CookieStrategyFactory {
+    name = 'cookie';
+    create(config) {
+        if (config.strategy !== 'cookie') {
+            throw new Error(`CookieStrategyFactory received wrong config type: ${config.strategy}`);
+        }
+        return new CookieStrategy(config);
+    }
+}

package/dist/strategies/oauth2.strategy.d.ts

@@ -0,0 +1,6 @@
+import type { IAuthStrategy, IAuthStrategyFactory } from '../core/interfaces/auth-strategy.js';
+import type { StrategyConfig } from '../config/schema.js';
+export declare class OAuth2StrategyFactory implements IAuthStrategyFactory {
+    readonly name = "oauth2";
+    create(config: StrategyConfig): IAuthStrategy;
+}

package/dist/strategies/oauth2.strategy.js

@@ -0,0 +1,134 @@
+import { ok, err } from '../core/result.js';
+import { BrowserError, RefreshError } from '../core/errors.js';
+import { runHybridFlow } from '../browser/flows/hybrid-flow.js';
+import { extractOAuthTokens, hasOAuthTokens } from '../browser/flows/oauth-consent.flow.js';
+import { isLoginPage } from '../browser/flows/form-login.flow.js';
+const EXPIRY_BUFFER_MS = 5 * 60 * 1000; // 5 minutes
+/**
+ * OAuth2 authentication strategy.
+ * Supports browser-based authorization with token extraction from localStorage,
+ * and silent refresh using refresh tokens.
+ */
+class OAuth2Strategy {
+    strategyConfig;
+    constructor(config) {
+        this.strategyConfig = config;
+    }
+    validate(credential) {
+        if (credential.type !== 'bearer')
+            return ok(false);
+        if (!credential.accessToken || credential.accessToken.trim() === '') {
+            return ok(false);
+        }
+        // Check expiry with buffer
+        if (credential.expiresAt) {
+            const expiresAtMs = new Date(credential.expiresAt).getTime();
+            if (Date.now() + EXPIRY_BUFFER_MS >= expiresAtMs) {
+                return ok(false);
+            }
+        }
+        return ok(true);
+    }
+    async authenticate(provider, context) {
+        const adapter = context.browserAdapter;
+        if (!provider.entryUrl) {
+            return err(new BrowserError(`Provider "${provider.id}" requires an entryUrl for OAuth2 authentication.`, provider.id));
+        }
+        return await runHybridFlow(adapter, {
+            entryUrl: provider.entryUrl,
+            browserConfig: context.browserConfig,
+            forceVisible: provider.forceVisible ?? false,
+            xHeaders: provider.xHeaders,
+            providerDomains: provider.domains,
+            isAuthenticated: async (page) => {
+                const onLogin = await isLoginPage(page);
+                if (onLogin)
+                    return false;
+                return await hasOAuthTokens(page, this.strategyConfig.audiences);
+            },
+            extractCredentials: async (page, xHeaders, meta) => {
+                const result = await extractOAuthTokens(page, {
+                    audiences: this.strategyConfig.audiences,
+                    extractRefreshToken: true,
+                    maxRetries: 8, // Up to 16s of waiting for MSAL to store tokens
+                });
+                // Attach captured headers to the bearer credential
+                if (result.ok && xHeaders && Object.keys(xHeaders).length > 0) {
+                    const cred = result.value;
+                    cred.xHeaders = xHeaders;
+                }
+                // Attach diagnostics metadata for post-auth validation
+                if (result.ok) {
+                    result.value.__diagnostics = {
+                        authDetectedImmediately: meta?.immediateAuth ?? false,
+                        oauthTokensDetected: true,
+                        cookiesExtracted: 0,
+                    };
+                }
+                return result;
+            },
+        });
+    }
+    async refresh(credential) {
+        if (credential.type !== 'bearer')
+            return ok(null);
+        if (!credential.refreshToken)
+            return ok(null);
+        if (!this.strategyConfig.tokenEndpoint || !this.strategyConfig.clientId) {
+            return ok(null); // Can't refresh without endpoint and client ID
+        }
+        try {
+            const body = new URLSearchParams({
+                grant_type: 'refresh_token',
+                client_id: this.strategyConfig.clientId,
+                refresh_token: credential.refreshToken,
+            });
+            if (this.strategyConfig.scopes && this.strategyConfig.scopes.length > 0) {
+                body.set('scope', this.strategyConfig.scopes.join(' '));
+            }
+            const response = await fetch(this.strategyConfig.tokenEndpoint, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+                body: body.toString(),
+            });
+            if (!response.ok) {
+                const errorBody = await response.text();
+                return err(new RefreshError(credential.tokenEndpoint ?? 'unknown', `Token refresh failed (${response.status}): ${errorBody}`));
+            }
+            const tokenResponse = await response.json();
+            const expiresAt = tokenResponse.expires_in
+                ? new Date(Date.now() + tokenResponse.expires_in * 1000).toISOString()
+                : undefined;
+            const refreshed = {
+                type: 'bearer',
+                accessToken: tokenResponse.access_token,
+                refreshToken: tokenResponse.refresh_token ?? credential.refreshToken,
+                expiresAt,
+                scopes: tokenResponse.scope?.split(' '),
+                tokenEndpoint: credential.tokenEndpoint,
+                ...(credential.xHeaders ? { xHeaders: credential.xHeaders } : {}),
+            };
+            return ok(refreshed);
+        }
+        catch (e) {
+            return err(new RefreshError(credential.tokenEndpoint ?? 'unknown', e.message));
+        }
+    }
+    applyToRequest(credential) {
+        if (credential.type !== 'bearer')
+            return {};
+        // Apply x-headers first, then set Authorization so it always wins
+        const headers = { ...credential.xHeaders };
+        headers['Authorization'] = `Bearer ${credential.accessToken}`;
+        return headers;
+    }
+}
+export class OAuth2StrategyFactory {
+    name = 'oauth2';
+    create(config) {
+        if (config.strategy !== 'oauth2') {
+            throw new Error(`OAuth2StrategyFactory received wrong config type: ${config.strategy}`);
+        }
+        return new OAuth2Strategy(config);
+    }
+}

package/dist/strategies/registry.d.ts

@@ -0,0 +1,13 @@
+import type { IAuthStrategy, IAuthStrategyFactory } from '../core/interfaces/auth-strategy.js';
+import type { StrategyConfig } from '../config/schema.js';
+/**
+ * Registry that maps strategy names to their factories.
+ * Built-in strategies are registered at startup; users can add custom ones.
+ */
+export declare class StrategyRegistry {
+    private factories;
+    register(factory: IAuthStrategyFactory): void;
+    get(name: string, config: StrategyConfig): IAuthStrategy;
+    has(name: string): boolean;
+    list(): string[];
+}

package/dist/strategies/registry.js

@@ -0,0 +1,25 @@
+import { ConfigError } from '../core/errors.js';
+/**
+ * Registry that maps strategy names to their factories.
+ * Built-in strategies are registered at startup; users can add custom ones.
+ */
+export class StrategyRegistry {
+    factories = new Map();
+    register(factory) {
+        this.factories.set(factory.name, factory);
+    }
+    get(name, config) {
+        const factory = this.factories.get(name);
+        if (!factory) {
+            const available = Array.from(this.factories.keys()).join(', ');
+            throw new ConfigError(`Unknown strategy "${name}". Available strategies: ${available || 'none'}`);
+        }
+        return factory.create(config);
+    }
+    has(name) {
+        return this.factories.has(name);
+    }
+    list() {
+        return Array.from(this.factories.keys());
+    }
+}

package/dist/sync/remote-config.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Remote configuration — reads/writes from the unified ~/.signet/config.yaml.
+ */
+import type { RemoteConfig } from './types.js';
+export declare function getRemotes(): Promise<RemoteConfig[]>;
+export declare function getRemote(name: string): Promise<RemoteConfig | null>;
+export declare function addRemote(remote: RemoteConfig): Promise<void>;
+export declare function removeRemote(name: string): Promise<boolean>;

package/dist/sync/remote-config.js

@@ -0,0 +1,49 @@
+/**
+ * Remote configuration — reads/writes from the unified ~/.signet/config.yaml.
+ */
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import os from 'node:os';
+import YAML from 'yaml';
+const CONFIG_PATH = path.join(os.homedir(), '.signet', 'config.yaml');
+async function loadRawConfig() {
+    try {
+        const content = await fs.readFile(CONFIG_PATH, 'utf-8');
+        return YAML.parse(content) ?? {};
+    }
+    catch (e) {
+        if (e.code === 'ENOENT')
+            return {};
+        throw e;
+    }
+}
+async function saveRawConfig(config) {
+    await fs.mkdir(path.dirname(CONFIG_PATH), { recursive: true });
+    await fs.writeFile(CONFIG_PATH, YAML.stringify(config), 'utf-8');
+}
+export async function getRemotes() {
+    const config = await loadRawConfig();
+    if (!config.remotes)
+        return [];
+    return Object.entries(config.remotes).map(([name, r]) => ({ name, ...r }));
+}
+export async function getRemote(name) {
+    const remotes = await getRemotes();
+    return remotes.find(r => r.name === name) ?? null;
+}
+export async function addRemote(remote) {
+    const config = await loadRawConfig();
+    if (!config.remotes)
+        config.remotes = {};
+    const { name, ...rest } = remote;
+    config.remotes[name] = rest;
+    await saveRawConfig(config);
+}
+export async function removeRemote(name) {
+    const config = await loadRawConfig();
+    if (!config.remotes || !config.remotes[name])
+        return false;
+    delete config.remotes[name];
+    await saveRawConfig(config);
+    return true;
+}

package/dist/sync/sync-engine.d.ts

@@ -0,0 +1,10 @@
+import type { IStorage } from '../core/interfaces/storage.js';
+import type { RemoteConfig, SyncResult } from './types.js';
+export declare class SyncEngine {
+    private readonly storage;
+    private readonly remote;
+    private readonly transport;
+    constructor(storage: IStorage, remote: RemoteConfig);
+    push(providerIds?: string[], force?: boolean): Promise<SyncResult>;
+    pull(providerIds?: string[], force?: boolean): Promise<SyncResult>;
+}

package/dist/sync/sync-engine.js

@@ -0,0 +1,96 @@
+import { SshTransport } from './transports/ssh.js';
+function sanitizeId(providerId) {
+    return providerId.replace(/[^a-zA-Z0-9._-]/g, '_');
+}
+export class SyncEngine {
+    storage;
+    remote;
+    transport;
+    constructor(storage, remote) {
+        this.storage = storage;
+        this.remote = remote;
+        this.transport = new SshTransport();
+    }
+    async push(providerIds, force = false) {
+        const result = { pushed: [], pulled: [], skipped: [], errors: [] };
+        // Get local entries
+        const localEntries = await this.storage.list();
+        const toPush = providerIds
+            ? localEntries.filter(e => providerIds.includes(e.providerId))
+            : localEntries;
+        if (toPush.length === 0) {
+            return result;
+        }
+        // Get remote entries for conflict detection
+        const remoteEntries = await this.transport.listRemote(this.remote);
+        const remoteMap = new Map(remoteEntries.map(e => [e.providerId, e]));
+        for (const entry of toPush) {
+            try {
+                const filename = `${sanitizeId(entry.providerId)}.json`;
+                const remoteEntry = remoteMap.get(entry.providerId);
+                // Conflict detection: skip if remote is newer
+                if (remoteEntry && !force) {
+                    const localTime = new Date(entry.updatedAt).getTime();
+                    const remoteTime = new Date(remoteEntry.updatedAt).getTime();
+                    if (remoteTime > localTime) {
+                        result.skipped.push(entry.providerId);
+                        continue;
+                    }
+                }
+                const stored = await this.storage.get(entry.providerId);
+                if (!stored)
+                    continue;
+                await this.transport.writeRemote(this.remote, filename, stored);
+                result.pushed.push(entry.providerId);
+            }
+            catch (e) {
+                result.errors.push({
+                    providerId: entry.providerId,
+                    error: e.message,
+                });
+            }
+        }
+        return result;
+    }
+    async pull(providerIds, force = false) {
+        const result = { pushed: [], pulled: [], skipped: [], errors: [] };
+        // Get remote entries
+        const remoteEntries = await this.transport.listRemote(this.remote);
+        const toPull = providerIds
+            ? remoteEntries.filter(e => providerIds.includes(e.providerId))
+            : remoteEntries;
+        if (toPull.length === 0) {
+            return result;
+        }
+        for (const entry of toPull) {
+            try {
+                // Conflict detection
+                if (!force) {
+                    const local = await this.storage.get(entry.providerId);
+                    if (local) {
+                        const localTime = new Date(local.updatedAt).getTime();
+                        const remoteTime = new Date(entry.updatedAt).getTime();
+                        if (localTime > remoteTime) {
+                            result.skipped.push(entry.providerId);
+                            continue;
+                        }
+                    }
+                }
+                const stored = await this.transport.readRemote(this.remote, entry.filename);
+                if (!stored) {
+                    result.errors.push({ providerId: entry.providerId, error: 'Failed to read from remote' });
+                    continue;
+                }
+                await this.storage.set(entry.providerId, stored);
+                result.pulled.push(entry.providerId);
+            }
+            catch (e) {
+                result.errors.push({
+                    providerId: entry.providerId,
+                    error: e.message,
+                });
+            }
+        }
+        return result;
+    }
+}

package/dist/sync/transports/ssh.d.ts

@@ -0,0 +1,18 @@
+import type { RemoteConfig } from '../types.js';
+import type { StoredCredential } from '../../core/types.js';
+export declare class SshTransport {
+    private sshArgs;
+    private remoteTarget;
+    private remotePath;
+    /** List provider files on the remote */
+    listRemote(remote: RemoteConfig): Promise<{
+        providerId: string;
+        updatedAt: string;
+        filename: string;
+    }[]>;
+    /** Read a single credential from remote */
+    readRemote(remote: RemoteConfig, filename: string): Promise<StoredCredential | null>;
+    /** Write a credential file to remote via ssh pipe (avoids scp tilde issues) */
+    writeRemote(remote: RemoteConfig, filename: string, stored: StoredCredential): Promise<void>;
+    private sshWrite;
+}

package/dist/sync/transports/ssh.js

@@ -0,0 +1,115 @@
+import { execFile } from 'node:child_process';
+import { promisify } from 'node:util';
+import path from 'node:path';
+import os from 'node:os';
+const execFileAsync = promisify(execFile);
+const DEFAULT_REMOTE_PATH = '~/.signet/credentials';
+export class SshTransport {
+    sshArgs(remote) {
+        const args = [];
+        if (remote.sshKey)
+            args.push('-i', remote.sshKey);
+        args.push('-o', 'BatchMode=yes', '-o', 'StrictHostKeyChecking=accept-new');
+        return args;
+    }
+    remoteTarget(remote) {
+        const user = remote.user ?? os.userInfo().username;
+        return `${user}@${remote.host}`;
+    }
+    remotePath(remote) {
+        return remote.path ?? DEFAULT_REMOTE_PATH;
+    }
+    /** List provider files on the remote */
+    async listRemote(remote) {
+        const target = this.remoteTarget(remote);
+        const rpath = this.remotePath(remote);
+        try {
+            const { stdout } = await execFileAsync('ssh', [
+                ...this.sshArgs(remote),
+                target,
+                `find ${rpath} -maxdepth 1 -name '*.json' -print 2>/dev/null || true`,
+            ]);
+            const files = stdout.trim().split('\n').filter(Boolean);
+            const entries = [];
+            for (const file of files) {
+                const filename = path.basename(file);
+                try {
+                    const { stdout: content } = await execFileAsync('ssh', [
+                        ...this.sshArgs(remote),
+                        target,
+                        `cat "${file}"`,
+                    ]);
+                    const data = JSON.parse(content);
+                    entries.push({
+                        providerId: data.providerId,
+                        updatedAt: data.updatedAt,
+                        filename,
+                    });
+                }
+                catch {
+                    // Skip unreadable files
+                }
+            }
+            return entries;
+        }
+        catch {
+            return [];
+        }
+    }
+    /** Read a single credential from remote */
+    async readRemote(remote, filename) {
+        const target = this.remoteTarget(remote);
+        const rpath = this.remotePath(remote);
+        try {
+            const { stdout } = await execFileAsync('ssh', [
+                ...this.sshArgs(remote),
+                target,
+                `cat ${rpath}/"${filename}"`,
+            ]);
+            const data = JSON.parse(stdout);
+            return {
+                credential: data.credential,
+                providerId: data.providerId,
+                strategy: data.strategy,
+                updatedAt: data.updatedAt,
+                ...(data.metadata ? { metadata: data.metadata } : {}),
+            };
+        }
+        catch {
+            return null;
+        }
+    }
+    /** Write a credential file to remote via ssh pipe (avoids scp tilde issues) */
+    async writeRemote(remote, filename, stored) {
+        const rpath = this.remotePath(remote);
+        const data = {
+            version: 1,
+            providerId: stored.providerId,
+            credential: stored.credential,
+            strategy: stored.strategy,
+            updatedAt: stored.updatedAt,
+            ...(stored.metadata ? { metadata: stored.metadata } : {}),
+        };
+        const content = JSON.stringify(data, null, 2);
+        // Write via ssh stdin pipe — avoids scp's tilde expansion issues
+        // The remote shell handles ~ expansion in mkdir and cat redirect
+        await this.sshWrite(remote, `mkdir -p ${rpath} && cat > ${rpath}/"${filename}"`, content);
+    }
+    sshWrite(remote, command, stdin) {
+        return new Promise((resolve, reject) => {
+            const target = this.remoteTarget(remote);
+            const proc = execFile('ssh', [
+                ...this.sshArgs(remote),
+                target,
+                command,
+            ], (error) => {
+                if (error)
+                    reject(error);
+                else
+                    resolve();
+            });
+            proc.stdin?.write(stdin);
+            proc.stdin?.end();
+        });
+    }
+}

package/dist/sync/types.d.ts

@@ -0,0 +1,17 @@
+export interface RemoteConfig {
+    name: string;
+    type: 'ssh';
+    host: string;
+    user?: string;
+    path?: string;
+    sshKey?: string;
+}
+export interface SyncResult {
+    pushed: string[];
+    pulled: string[];
+    skipped: string[];
+    errors: {
+        providerId: string;
+        error: string;
+    }[];
+}

package/dist/sync/types.js

@@ -0,0 +1 @@
+export {};

package/dist/utils/duration.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Parse human-readable duration strings into milliseconds.
+ * Supports: "30s", "5m", "24h", "7d"
+ */
+export declare function parseDuration(input: string): number;
+/**
+ * Format milliseconds into a human-readable duration.
+ */
+export declare function formatDuration(ms: number): string;

package/dist/utils/duration.js

@@ -0,0 +1,34 @@
+/**
+ * Parse human-readable duration strings into milliseconds.
+ * Supports: "30s", "5m", "24h", "7d"
+ */
+export function parseDuration(input) {
+    const match = input.trim().match(/^(\d+(?:\.\d+)?)\s*(ms|s|m|h|d)$/i);
+    if (!match) {
+        throw new Error(`Invalid duration format: "${input}". Expected format like "30s", "5m", "24h", "7d".`);
+    }
+    const value = parseFloat(match[1]);
+    const unit = match[2].toLowerCase();
+    const multipliers = {
+        ms: 1,
+        s: 1_000,
+        m: 60_000,
+        h: 3_600_000,
+        d: 86_400_000,
+    };
+    return value * multipliers[unit];
+}
+/**
+ * Format milliseconds into a human-readable duration.
+ */
+export function formatDuration(ms) {
+    if (ms < 1_000)
+        return `${ms}ms`;
+    if (ms < 60_000)
+        return `${Math.round(ms / 1_000)}s`;
+    if (ms < 3_600_000)
+        return `${Math.round(ms / 60_000)}m`;
+    if (ms < 86_400_000)
+        return `${(ms / 3_600_000).toFixed(1)}h`;
+    return `${(ms / 86_400_000).toFixed(1)}d`;
+}

package/dist/utils/http.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Build a User-Agent string identifying signet.
+ */
+export declare function buildUserAgent(): string;