EIP-712 Verification Rules
This chapter documents the acceptance checks executed by epress node when receiving signed typed-data payloads in epress world protocol.
Page Navigation
epress world protocol
Protocol Fundamentals
EIP-712 Signing Layer
epress node Developer Docs
OpenCollapsed while browsing epress world protocol docs.
Cross-node Verification
These rules gate protocol transitions between peer nodes in epress world protocol.
CreateConnectionCross-node
Target
POST /ewp/connections
Verification Checklist
- typedData and signature payload shape must be complete
- verifyTypedData must pass for expected signer address
- timestamp must be within one-hour window
- followee identity in message must match fetched profile identity
DeleteConnectionCross-node
Target
DELETE /ewp/connections
Verification Checklist
- typedData.message requires followeeAddress, followerAddress, timestamp
- timestamp must be integer and in one-hour window
- recoverTypedDataAddress must equal followerAddress
- local node role must match follower or followee orientation
StatementOfSourceCross-node
Target
POST /ewp/replications
Verification Checklist
- publisher must be in follow relationship state
- verifyTypedData must pass for publisherAddress
- content hash recalculation must equal message.contentHash
- publisherAddress in message must equal synced node address
NodeProfileUpdateCross-node
Target
PATCH /ewp/nodes/:address
Verification Checklist
- path address must match typedData.message.publisherAddress
- recoverTypedDataAddress must equal publisherAddress
- incoming timestamp must be newer than local updated_at to patch
Node-local Verification
These rules apply to application-side workflows running inside one epress node.
CommentSignatureNode-local
Target
GraphQL confirmComment
Verification Checklist
- server-side typedData is rebuilt to prevent client tampering
- recoverTypedDataAddress must equal comment.author_id
- signature validity window is 600 seconds from comment timestamp
DeleteCommentNode-local
Target
GraphQL destroyComment
Verification Checklist
- server-side typedData is rebuilt from stored comment fields
- recoverTypedDataAddress must equal requester/comment author
DATANode-local
Target
POST /api/install
Verification Checklist
- typedData payload shape includes node/settings/timestamp
- verifyTypedData must pass for node address signer
- timestamp must be within one-hour window
Error Matrix
Observed error outcomes mapped to each verification target.
CreateConnectionPOST /ewp/connections
- 400 INVALID_PAYLOAD
- 400 INVALID_SIGNATURE
- 400 INVALID_TIMESTAMP
- 400 INVALID_URL_FORMAT
- 401 FOLLOWEE_IDENTITY_MISMATCH
- 409 CONNECTION_ALREADY_EXISTS
DeleteConnectionDELETE /ewp/connections
- 400 INVALID_PAYLOAD
- 400 INVALID_TIMESTAMP
- 400 INVALID_SIGNATURE
StatementOfSourcePOST /ewp/replications
- 400 INVALID_PAYLOAD
- 400 INVALID_SIGNATURE
- 400 CONTENT_HASH_MISMATCH
- 400 CONTENT_DESCRIPTION_MISSING
- 401 NOT_FOLLOWING
- 409 REPLICATION_ALREADY_EXISTS
NodeProfileUpdatePATCH /ewp/nodes/:address
- 400 INVALID_PAYLOAD
- 400 ADDRESS_MISMATCH
- 400 INVALID_ADDRESS
- 400 INVALID_SIGNATURE
CommentSignatureGraphQL confirmComment
- VALIDATION_FAILED
- NOT_FOUND
- FORBIDDEN
- EXPIRED_SIGNATURE
- INVALID_SIGNATURE
DeleteCommentGraphQL destroyComment
- NOT_FOUND
- FORBIDDEN
- INVALID_SIGNATURE
DATAPOST /api/install
- preCheck failure
- initialSchema failure
- initialData failure