Skip to content

Add SIWE (Sign-In with Ethereum) auth for Claim flow#263

Merged
GsCommand merged 1 commit into
mainfrom
codex/add-sign-in-with-ethereum-authentication
May 22, 2026
Merged

Add SIWE (Sign-In with Ethereum) auth for Claim flow#263
GsCommand merged 1 commit into
mainfrom
codex/add-sign-in-with-ethereum-authentication

Conversation

@GsCommand
Copy link
Copy Markdown
Contributor

@GsCommand GsCommand commented May 22, 2026

Motivation

  • Add an authentication layer using SIWE/EIP-4361 to authenticate wallets before submitting Claim activation requests.
  • Keep Ethereum wallet authentication separate from the Ed25519 receipt signing key and make the UI copy and flow explicit.
  • Gate CommandLayer namespace activation submissions on an authenticated wallet while leaving ENS ownership checks, provisioning, payment, and ERC-8004 flows for later work.

Description

  • Added GET /api/auth/nonce at api/auth/nonce.js which issues a cryptographically-random hex nonce (16 bytes entropy), returns { ok: true, nonce }, and is stateless with Cache-Control: no-store.
  • Added POST /api/auth/verify at api/auth/verify.js which validates presence of message and signature, enforces domain/URI/chainId and statement intent checks (configurable via env), and calls siwe verification when the dependency is available, returning standardized AUTHENTICATED / AUTH_FAILED responses.
  • Updated public/claim.html to add a Sign-In with Ethereum panel, explanatory copy clarifying Ethereum auth vs Ed25519 receipts, UI elements (Sign-In with Ethereum button, Status, Connected wallet), client-side flow (/api/auth/nonce → construct SIWE-style message → personal_signPOST /api/auth/verify) and a gate that requires SIWE auth for CommandLayer namespace mode before continuing.
  • Added tests in tests/api-auth.test.js to assert nonce randomness and to ensure verify rejects missing or malformed inputs.
  • Included clear in-code handling for environments where siwe cannot be installed (server returns a 503-style AUTH_FAILED with explanatory error) rather than silently accepting requests.

Testing

  • Ran npm test and all repository tests passed (29 tests passed, 0 failed), including the new GET /api/auth/nonce and POST /api/auth/verify negative tests.
  • Ran cd examples/webhook-auto-verify && npm install && npm run check and the example checks succeeded.
  • Attempted to npm install siwe ethers, but registry access returned 403 in this environment, so siwe could not be installed and the verify handler reports dependency-unavailable errors as intended.
  • Ran npm run build and observed expected failure because the repository has no build script.

Codex Task

@vercel
Copy link
Copy Markdown

vercel Bot commented May 22, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
commandlayer-commandlayer-org Ready Ready Preview, Comment May 22, 2026 1:40am
commandlayer-org Ready Ready Preview, Comment May 22, 2026 1:40am
commandlayer-org111 Ready Ready Preview, Comment May 22, 2026 1:40am

Request Review

@GsCommand GsCommand merged commit 880e439 into main May 22, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@GsCommand