Types

Every type listed here is re-exported from the framework adapters (x511/hono, x511/elysia, x511/next, x511/adonis) and from the root x511 package. The dedicated subpath x511/session exports SessionAdapter separately.

X511Mode

type X511Mode =
  | { type: 'session'; ttl: number }
  | { type: 'one-shot' }

Cookie strategy.

• session — the x511 cookie remains valid for ttl seconds. Subsequent requests pass straight through.
• one-shot — the cookie is consumed (cleared) on the first verified request. The cookie's Max-Age is 30s and the underlying claim TTL in the adapter is 60s.

ResolvedDisclosures

interface ResolvedDisclosures {
  minAge?: number
  nationality?: CountryFilter
  issuingState?: CountryFilter
}

The set of identity claims the user must prove. Every field is optional — but disclosures itself is required, even if empty (disclosures: {}).

• minAge — minimum age in years. Forwarded to the provider's age proof query.
• nationality — restricts accepted passport nationalities. See CountryFilter.
• issuingState — restricts accepted passport issuing states. See CountryFilter.

A provider may override these values via its own disclosures field; the merged set is what the provider receives in ProviderContext.

X511Routes

interface X511Routes {
  sse?: string                         // default: '/sse'
  claim?: string                       // default: '/claim'
}

Override the internal route paths. Each is composed with basePath (e.g. basePath: '/x511' and routes.sse: '/events' mounts SSE at /x511/events).

X511Config

The shape passed to x511(). See the dedicated x511() page for the full table.

ResolvedConfig

interface ResolvedConfig {
  domain: string
  basePath: string                     // default applied
  dev: boolean                         // default applied
  routes: { sse: string; claim: string }
  disclosures: ResolvedDisclosures
  mode: X511Mode
  pendingTtl: number                   // default applied
  providers: Provider[]
  sessionAdapter: SessionAdapter       // default applied
}

The X511Config after defaults are filled in. Returned as the third field of x511()'s return value and passed back to providers via ProviderContext.

Provider

See Providers › Provider.

ProviderContext

See Providers › ProviderContext.

ProviderRender

interface ProviderRender {
  kind: string
  payload: unknown
}

A kind + payload pair built for each provider when the 511 page is rendered. The verification page uses kind to pick the matching client-side handler and reads payload for provider-specific data (Self universal link, ZKPassport domain, etc.).

VerificationState

type VerificationState =
  | {
      type: 'pending'
      config: ResolvedConfig
      sessionId: string
      providerRenders: ProviderRender[]
    }
  | { type: 'verified'; cookie?: string; uniqueId?: string }

The result of the core verified(request) call (the framework adapters consume this and turn it into a framework-shaped response).

• pending — the user is not verified yet. The HTML page is rendered from this state by buildPage().
• verified — the cookie checked out. cookie is set only in one-shot mode (where it carries the Max-Age=0 invalidation header). uniqueId is the SHA-256 hex of whatever the provider passed to permit().

PendingState

type PendingState = VerificationState & { type: 'pending' }

A type alias for the pending arm of VerificationState. Used as the input type of the internal HTML renderer.

SessionAdapter

See Session storage › SessionAdapter.

Framework context types

These are the minimal shapes the adapters operate against. They are intentionally narrow so the adapter can target multiple framework versions; the framework's own context type is always assignable to them.

Type	Adapter	Notable fields
HonoCtx	x511/hono	req.raw: Request, html(), header(), status(), set()
ElysiaCtx	x511/elysia	request: Request, set.status, set.headers, store
NextCtx	x511/next	request: Request
AdonisCtx	x511/adonis	request, response.{header, status, send}