@pouchy_ai/companion-sdk - v0.1.0
    Preparing search index...

    Interface ConfirmRequestPayload

    Payload of a companion.confirm_request event — the companion is asking the user to approve a sensitive op (a payment, a skill run, a friend message). Who may approve depends on the token: a PLATFORM SESSION TOKEN (an end-user instance minted via /v1/sessions) resolves it directly with client.confirmAction — the embedding app's end user is that account's human. A first-party user's token can only OBSERVE: approval of a real Pouchy user's ops is authed as that user (their app / a hosted confirm page), so a third-party DOM can never confirm a spend, and the first-party host can gate approval behind a biometric (Face ID / passkey) — see docs/companion-wallet-noncustodial.md.

    interface ConfirmRequestPayload {
        confirmId: string;
        scope: string;
        stepUp?: boolean;
        summary: string;
    }
    Index
    confirmId: string

    Opaque id the first-party surface passes to the confirm endpoint.

    scope: string

    The scope of the op needing approval (e.g. wallet.spend).

    stepUp?: boolean

    Advisory: when true, the first-party approval surface should require a stronger user gesture — a biometric / passkey (Face ID, Touch ID) — before approving, not just a tap. Set for irreversible money ops (wallet.spend). Cryptographic enforcement is server-side follow-up; this is the host's cue.

    summary: string

    A human, user-facing summary of what approving will do.