StateSignerInterface
Signs and verifies an opaque payload string, independent of what that payload contains — the tamper-evidence primitive underneath {@see \Milpa\Live\Contracts\Transport\StateTransferCodecInterface} and {@see \Milpa\Live\Contracts\Sync\SyncCodecInterface} signed variants. Callers embed domain claims (component id, kind, revision, ...) in `$claims`/`$requiredClaims` so a signature valid for one payload/claim set cannot be replayed against another.
StateSignerInterface::sign()
abstract public function sign(string $payload, array $claims = []): Milpa\Live\ValueObjects\StateSignatureSigns `$payload`, binding `$claims` into the signature so {@see verify()} can later confirm both the payload and the claims are unmodified and intact.
Parameters
| Name | Type | Description |
|---|---|---|
| $payload | string | |
| $claims | array<string, mixed> | Domain data to bind into the signature (e.g. component id, kind). |
StateSignerInterface::verify()
abstract public function verify(string $payload, Milpa\Live\ValueObjects\StateSignature $signature, array $requiredClaims = []): boolVerifies that `$signature` was produced by {@see sign()} for this exact `$payload`, has not expired, and — if `$requiredClaims` is given — that every required claim is present in the signature with a matching value. MUST NOT throw on an invalid signature; failure is reported via the boolean return.
Parameters
| Name | Type | Description |
|---|---|---|
| $payload | string | |
| $signature | Milpa\Live\ValueObjects\StateSignature | |
| $requiredClaims | array<string, mixed> | Claims that MUST be present (and match) in `$signature` for verification to succeed; an empty array checks only the cryptographic signature and expiry. |