@neus/sdk 1.0.3 → 1.0.5

package/cjs/index.cjs

@@ -181,8 +181,7 @@ function encodeBase58Bytes(input) {
   } else {
     throw new SDKError("Unsupported non-EVM signature byte format", "INVALID_SIGNATURE_FORMAT");
   }
-  if (source.length === 0)
-    return "";
+  if (source.length === 0) return "";
   let zeroes = 0;
   while (zeroes < source.length && source[zeroes] === 0) {
     zeroes++;
@@ -216,16 +215,28 @@ function deterministicStringify(obj) {
     return JSON.stringify(obj);
   }
   if (typeof obj !== "object") {
+    if (typeof obj === "string") return JSON.stringify(obj.normalize("NFC"));
     return JSON.stringify(obj);
   }
   if (Array.isArray(obj)) {
-    return "[" + obj.map((item) => deterministicStringify(item)).join(",") + "]";
+    return `[${obj.map((item) => item === void 0 ? "null" : deterministicStringify(item)).join(",")}]`;
   }
-  const sortedKeys = Object.keys(obj).sort();
+  const sortedKeys = Object.keys(obj).filter((k) => obj[k] !== void 0).sort();
   const pairs = sortedKeys.map(
-    (key) => JSON.stringify(key) + ":" + deterministicStringify(obj[key])
+    (key) => `${JSON.stringify(key)}:${deterministicStringify(obj[key])}`
   );
-  return "{" + pairs.join(",") + "}";
+  return `{${pairs.join(",")}}`;
+}
+function chainLineForPortableProofSigner(chain, chainId) {
+  if (typeof chain === "string" && chain.length > 0) {
+    const m = chain.match(/^eip155:(\d+)$/);
+    if (m) return Number(m[1]);
+    return chain;
+  }
+  if (typeof chainId === "number" && Number.isFinite(chainId) && chainId > 0) {
+    return chainId;
+  }
+  throw new SDKError("chainId is required (or provide chain for universal mode)", "INVALID_CHAIN_CONTEXT");
 }
 function constructVerificationMessage({ walletAddress, signedTimestamp, data, verifierIds, chainId, chain }) {
   if (!walletAddress || typeof walletAddress !== "string") {
@@ -240,28 +251,28 @@ function constructVerificationMessage({ walletAddress, signedTimestamp, data, ve
   if (!Array.isArray(verifierIds) || verifierIds.length === 0) {
     throw new SDKError("verifierIds is required and must be a non-empty array", "INVALID_VERIFIER_IDS");
   }
-  const chainContext = typeof chain === "string" && chain.length > 0 ? chain : chainId;
-  if (!chainContext) {
+  if ((typeof chain !== "string" || !chain.length) && !(typeof chainId === "number" && chainId > 0)) {
     throw new SDKError("chainId is required (or provide chain for universal mode)", "INVALID_CHAIN_CONTEXT");
   }
-  if (chainContext === chainId && typeof chainId !== "number") {
-    throw new SDKError("chainId must be a number when provided", "INVALID_CHAIN_ID");
-  }
-  if (chainContext === chain && (typeof chain !== "string" || !chain.includes(":"))) {
+  if (typeof chain === "string" && chain.length > 0 && !chain.includes(":")) {
     throw new SDKError('chain must be a "namespace:reference" string', "INVALID_CHAIN");
   }
+  if ((!chain || !chain.length) && typeof chainId !== "number") {
+    throw new SDKError("chainId must be a number when provided", "INVALID_CHAIN_ID");
+  }
+  const chainLine = chainLineForPortableProofSigner(chain, chainId);
   const namespace = typeof chain === "string" && chain.includes(":") ? chain.split(":")[0] : "eip155";
   const normalizedWalletAddress = namespace === "eip155" ? walletAddress.toLowerCase() : walletAddress;
   const dataString = deterministicStringify(data);
   const messageComponents = [
-    "NEUS Verification Request",
+    PORTABLE_PROOF_SIGNER_HEADER,
     `Wallet: ${normalizedWalletAddress}`,
-    `Chain: ${chainContext}`,
+    `Chain: ${chainLine}`,
     `Verifiers: ${verifierIds.join(",")}`,
     `Data: ${dataString}`,
     `Timestamp: ${signedTimestamp}`
   ];
-  return messageComponents.join("\n");
+  return messageComponents.join("\n").normalize("NFC");
 }
 function validateWalletAddress(address) {
   if (!address || typeof address !== "string") {
@@ -270,17 +281,13 @@ function validateWalletAddress(address) {
   return /^0x[a-fA-F0-9]{40}$/.test(address);
 }
 function validateUniversalAddress(address, chain) {
-  if (!address || typeof address !== "string")
-    return false;
+  if (!address || typeof address !== "string") return false;
   const value = address.trim();
-  if (!value)
-    return false;
+  if (!value) return false;
   const chainRef = typeof chain === "string" ? chain.trim().toLowerCase() : "";
   const namespace = chainRef.includes(":") ? chainRef.split(":")[0] : "";
-  if (validateWalletAddress(value))
-    return true;
-  if (namespace === "eip155")
-    return false;
+  if (validateWalletAddress(value)) return true;
+  if (namespace === "eip155") return false;
   if (namespace === "solana") {
     return /^[1-9A-HJ-NP-Za-km-z]{32,44}$/.test(value);
   }
@@ -342,16 +349,12 @@ async function resolveDID(params, options = {}) {
   const endpointPath = options.endpoint || "/api/v1/profile/did/resolve";
   const apiUrl = typeof options.apiUrl === "string" ? options.apiUrl.trim() : "";
   const resolveEndpoint = (path) => {
-    if (!path || typeof path !== "string")
-      return null;
+    if (!path || typeof path !== "string") return null;
     const trimmedPath = path.trim();
-    if (!trimmedPath)
-      return null;
-    if (/^https?:\/\//i.test(trimmedPath))
-      return trimmedPath;
+    if (!trimmedPath) return null;
+    if (/^https?:\/\//i.test(trimmedPath)) return trimmedPath;
     if (trimmedPath.startsWith("/")) {
-      if (!apiUrl)
-        return trimmedPath;
+      if (!apiUrl) return trimmedPath;
       try {
         return new URL(trimmedPath, apiUrl.endsWith("/") ? apiUrl : `${apiUrl}/`).toString();
       } catch {
@@ -359,8 +362,7 @@ async function resolveDID(params, options = {}) {
       }
     }
     const base = apiUrl || NEUS_CONSTANTS.API_BASE_URL;
-    if (!base || typeof base !== "string")
-      return null;
+    if (!base || typeof base !== "string") return null;
     try {
       return new URL(trimmedPath, base.endsWith("/") ? base : `${base}/`).toString();
     } catch {
@@ -400,8 +402,7 @@ async function resolveDID(params, options = {}) {
     }
     return { did, data: json?.data || null, raw: json };
   } catch (error) {
-    if (error instanceof SDKError)
-      throw error;
+    if (error instanceof SDKError) throw error;
     throw new SDKError(`DID resolution failed: ${error?.message || error}`, "DID_RESOLVE_FAILED");
   }
 }
@@ -409,16 +410,12 @@ async function standardizeVerificationRequest(params, options = {}) {
   const endpointPath = options.endpoint || "/api/v1/verification/standardize";
   const apiUrl = typeof options.apiUrl === "string" ? options.apiUrl.trim() : "";
   const resolveEndpoint = (path) => {
-    if (!path || typeof path !== "string")
-      return null;
+    if (!path || typeof path !== "string") return null;
     const trimmedPath = path.trim();
-    if (!trimmedPath)
-      return null;
-    if (/^https?:\/\//i.test(trimmedPath))
-      return trimmedPath;
+    if (!trimmedPath) return null;
+    if (/^https?:\/\//i.test(trimmedPath)) return trimmedPath;
     if (trimmedPath.startsWith("/")) {
-      if (!apiUrl)
-        return trimmedPath;
+      if (!apiUrl) return trimmedPath;
       try {
         return new URL(trimmedPath, apiUrl.endsWith("/") ? apiUrl : `${apiUrl}/`).toString();
       } catch {
@@ -426,8 +423,7 @@ async function standardizeVerificationRequest(params, options = {}) {
       }
     }
     const base = apiUrl || NEUS_CONSTANTS.API_BASE_URL;
-    if (!base || typeof base !== "string")
-      return null;
+    if (!base || typeof base !== "string") return null;
     try {
       return new URL(trimmedPath, base.endsWith("/") ? base : `${base}/`).toString();
     } catch {
@@ -458,8 +454,7 @@ async function standardizeVerificationRequest(params, options = {}) {
     }
     return json?.data || json;
   } catch (error) {
-    if (error instanceof SDKError)
-      throw error;
+    if (error instanceof SDKError) throw error;
     throw new SDKError(`Standardize request failed: ${error?.message || error}`, "STANDARDIZE_FAILED");
   }
 }
@@ -493,34 +488,27 @@ async function signMessage({ provider, message, walletAddress, chain } = {}) {
   const chainStr = typeof chain === "string" && chain.trim().length > 0 ? chain.trim() : "eip155";
   const namespace = chainStr.includes(":") ? chainStr.split(":")[0] || "eip155" : "eip155";
   const resolveAddress = async () => {
-    if (typeof walletAddress === "string" && walletAddress.trim().length > 0)
-      return walletAddress;
+    if (typeof walletAddress === "string" && walletAddress.trim().length > 0) return walletAddress;
     if (namespace === "solana") {
       if (resolvedProvider?.publicKey && typeof resolvedProvider.publicKey.toBase58 === "function") {
         const pk = resolvedProvider.publicKey.toBase58();
-        if (typeof pk === "string" && pk)
-          return pk;
+        if (typeof pk === "string" && pk) return pk;
       }
       if (typeof resolvedProvider.getAddress === "function") {
         const addr = await resolvedProvider.getAddress().catch(() => null);
-        if (typeof addr === "string" && addr)
-          return addr;
+        if (typeof addr === "string" && addr) return addr;
       }
-      if (typeof resolvedProvider.address === "string" && resolvedProvider.address)
-        return resolvedProvider.address;
+      if (typeof resolvedProvider.address === "string" && resolvedProvider.address) return resolvedProvider.address;
       return null;
     }
-    if (typeof resolvedProvider.address === "string" && resolvedProvider.address)
-      return resolvedProvider.address;
-    if (typeof resolvedProvider.getAddress === "function")
-      return await resolvedProvider.getAddress();
+    if (typeof resolvedProvider.address === "string" && resolvedProvider.address) return resolvedProvider.address;
+    if (typeof resolvedProvider.getAddress === "function") return resolvedProvider.getAddress();
     if (typeof resolvedProvider.request === "function") {
       let accounts = await resolvedProvider.request({ method: "eth_accounts" }).catch(() => []);
       if (!Array.isArray(accounts) || accounts.length === 0) {
         accounts = await resolvedProvider.request({ method: "eth_requestAccounts" }).catch(() => []);
       }
-      if (Array.isArray(accounts) && accounts[0])
-        return accounts[0];
+      if (Array.isArray(accounts) && accounts[0]) return accounts[0];
     }
     return null;
   };
@@ -528,16 +516,11 @@ async function signMessage({ provider, message, walletAddress, chain } = {}) {
     if (typeof resolvedProvider.signMessage === "function") {
       const encoded = typeof msg === "string" ? new TextEncoder().encode(msg) : msg;
       const result = await resolvedProvider.signMessage(encoded);
-      if (typeof result === "string" && result)
-        return result;
-      if (result instanceof Uint8Array)
-        return encodeBase58Bytes(result);
-      if (result instanceof ArrayBuffer)
-        return encodeBase58Bytes(new Uint8Array(result));
-      if (ArrayBuffer.isView(result))
-        return encodeBase58Bytes(result);
-      if (typeof Buffer !== "undefined" && typeof Buffer.isBuffer === "function" && Buffer.isBuffer(result))
-        return encodeBase58Bytes(result);
+      if (typeof result === "string" && result) return result;
+      if (result instanceof Uint8Array) return encodeBase58Bytes(result);
+      if (result instanceof ArrayBuffer) return encodeBase58Bytes(new Uint8Array(result));
+      if (ArrayBuffer.isView(result)) return encodeBase58Bytes(result);
+      if (typeof Buffer !== "undefined" && typeof Buffer.isBuffer === "function" && Buffer.isBuffer(result)) return encodeBase58Bytes(result);
     }
     throw new SDKError("Non-EVM signing requires provider.signMessage", "SIGNER_UNAVAILABLE");
   }
@@ -546,16 +529,14 @@ async function signMessage({ provider, message, walletAddress, chain } = {}) {
     let firstPersonalSignError = null;
     try {
       const sig = await resolvedProvider.request({ method: "personal_sign", params: [msg, address] });
-      if (typeof sig === "string" && sig)
-        return sig;
+      if (typeof sig === "string" && sig) return sig;
     } catch (error) {
       firstPersonalSignError = error;
     }
     let secondPersonalSignError = null;
     try {
       const sig = await resolvedProvider.request({ method: "personal_sign", params: [address, msg] });
-      if (typeof sig === "string" && sig)
-        return sig;
+      if (typeof sig === "string" && sig) return sig;
     } catch (error) {
       secondPersonalSignError = error;
       const signatureErrorMessage = String(
@@ -566,16 +547,14 @@ async function signMessage({ provider, message, walletAddress, chain } = {}) {
         try {
           const hexMsg = toHexUtf8(msg);
           const sig = await resolvedProvider.request({ method: "personal_sign", params: [hexMsg, address] });
-          if (typeof sig === "string" && sig)
-            return sig;
+          if (typeof sig === "string" && sig) return sig;
         } catch {
         }
       }
     }
     try {
       const sig = await resolvedProvider.request({ method: "eth_sign", params: [address, msg] });
-      if (typeof sig === "string" && sig)
-        return sig;
+      if (typeof sig === "string" && sig) return sig;
     } catch {
     }
     if (secondPersonalSignError || firstPersonalSignError) {
@@ -588,14 +567,12 @@ async function signMessage({ provider, message, walletAddress, chain } = {}) {
   }
   if (typeof resolvedProvider.signMessage === "function") {
     const result = await resolvedProvider.signMessage(msg);
-    if (typeof result === "string" && result)
-      return result;
+    if (typeof result === "string" && result) return result;
   }
   throw new SDKError("Unable to sign message with provided wallet/provider", "SIGNER_UNAVAILABLE");
 }
 function isTerminalStatus(status) {
-  if (!status || typeof status !== "string")
-    return false;
+  if (!status || typeof status !== "string") return false;
   const successStates = [
     "verified",
     "verified_no_verifiers",
@@ -616,8 +593,7 @@ function isTerminalStatus(status) {
   return successStates.includes(status) || failureStates.includes(status);
 }
 function isSuccessStatus(status) {
-  if (!status || typeof status !== "string")
-    return false;
+  if (!status || typeof status !== "string") return false;
   const successStates = [
     "verified",
     "verified_no_verifiers",
@@ -628,8 +604,7 @@ function isSuccessStatus(status) {
   return successStates.includes(status);
 }
 function isFailureStatus(status) {
-  if (!status || typeof status !== "string")
-    return false;
+  if (!status || typeof status !== "string") return false;
   const failureStates = [
     "rejected",
     "rejected_verifier_failure",
@@ -780,23 +755,20 @@ function validateVerifierPayload(verifierId, data) {
   const id = verifierId.replace(/@\d+$/, "");
   if (id === "nft-ownership") {
     ["contractAddress", "tokenId", "chainId"].forEach((key) => {
-      if (!(key in data))
-        result.missing.push(key);
+      if (!(key in data)) result.missing.push(key);
     });
     if (!("ownerAddress" in data)) {
       result.warnings.push("ownerAddress omitted (defaults to the signed walletAddress)");
     }
   } else if (id === "token-holding") {
     ["contractAddress", "minBalance", "chainId"].forEach((key) => {
-      if (!(key in data))
-        result.missing.push(key);
+      if (!(key in data)) result.missing.push(key);
     });
     if (!("ownerAddress" in data)) {
       result.warnings.push("ownerAddress omitted (defaults to the signed walletAddress)");
     }
   } else if (id === "ownership-basic") {
-    if (!("owner" in data))
-      result.missing.push("owner");
+    if (!("owner" in data)) result.missing.push("owner");
     const hasContent = typeof data.content === "string" && data.content.length > 0;
     const hasContentHash = typeof data.contentHash === "string" && data.contentHash.length > 0;
     const hasRefId = typeof data.reference?.id === "string" && data.reference.id.length > 0;
@@ -860,8 +832,7 @@ async function withRetry(fn, options = {}) {
       return await fn();
     } catch (error) {
       lastError = error;
-      if (attempt === maxAttempts)
-        break;
+      if (attempt === maxAttempts) break;
       const delayMs = Math.min(
         baseDelay * Math.pow(backoffFactor, attempt - 1),
         maxDelay
@@ -929,11 +900,72 @@ function validateSignatureComponents({ walletAddress, signature, signedTimestamp
   }
   return result;
 }
-var BASE58_ALPHABET, StatusPoller, NEUS_CONSTANTS;
+function toAgentDelegationMaxSpend(humanAmount, decimals) {
+  if (humanAmount === void 0 || humanAmount === null) {
+    throw new ValidationError("humanAmount is required", "humanAmount", humanAmount);
+  }
+  const s0 = String(humanAmount).trim();
+  if (!s0) {
+    throw new ValidationError("humanAmount must be non-empty", "humanAmount", humanAmount);
+  }
+  if (s0.startsWith("-") || s0.startsWith("+")) {
+    throw new ValidationError("humanAmount must be non-negative", "humanAmount", humanAmount);
+  }
+  const d = Number(decimals);
+  if (!Number.isInteger(d) || d < 0 || d > 78) {
+    throw new ValidationError("decimalPlaces must be an integer from 0 to 78", "decimals", decimals);
+  }
+  if (!/^(?:\d+\.?\d*|\.\d+)$/.test(s0)) {
+    throw new ValidationError(
+      'humanAmount must be a decimal string (e.g. "100" or "100.50")',
+      "humanAmount",
+      humanAmount
+    );
+  }
+  const dot = s0.indexOf(".");
+  const intPart = dot === -1 ? s0 : s0.slice(0, dot);
+  const fracRaw = dot === -1 ? "" : s0.slice(dot + 1);
+  const intNormalized = intPart === "" ? "0" : (() => {
+    const s = intPart.replace(/^0+/, "");
+    return s === "" ? "0" : s;
+  })();
+  if (!/^\d+$/.test(intNormalized)) {
+    throw new ValidationError("humanAmount has an invalid integer part", "humanAmount", humanAmount);
+  }
+  if (fracRaw && !/^\d*$/.test(fracRaw)) {
+    throw new ValidationError("humanAmount has an invalid fractional part", "humanAmount", humanAmount);
+  }
+  const fracPadded = `${fracRaw}${"0".repeat(d)}`.slice(0, d);
+  const base = BigInt(10) ** BigInt(d);
+  const value = BigInt(intNormalized) * base + BigInt(fracPadded || "0");
+  const out = value.toString();
+  if (out.length > 78) {
+    throw new ValidationError("maxSpend exceeds 78-digit limit after conversion", "humanAmount", humanAmount);
+  }
+  return out;
+}
+function getHostedCheckoutUrl(opts = {}) {
+  const base = typeof opts.baseUrl === "string" && opts.baseUrl.trim() ? opts.baseUrl.replace(/\/+$/, "") : DEFAULT_HOSTED_VERIFY_URL;
+  const params = new URLSearchParams();
+  if (opts.gateId) params.set("gateId", String(opts.gateId));
+  if (opts.returnUrl) params.set("returnUrl", String(opts.returnUrl));
+  if (Array.isArray(opts.verifiers) && opts.verifiers.length > 0) {
+    params.set("verifiers", opts.verifiers.filter(Boolean).join(","));
+  }
+  if (opts.preset) params.set("preset", String(opts.preset));
+  if (opts.mode) params.set("mode", String(opts.mode));
+  if (opts.intent) params.set("intent", String(opts.intent));
+  if (opts.origin) params.set("origin", String(opts.origin));
+  if (opts.oauthProvider) params.set("oauthProvider", String(opts.oauthProvider));
+  const qs = params.toString();
+  return qs ? `${base}?${qs}` : base;
+}
+var PORTABLE_PROOF_SIGNER_HEADER, BASE58_ALPHABET, StatusPoller, NEUS_CONSTANTS, DEFAULT_HOSTED_VERIFY_URL;
 var init_utils = __esm({
   "utils.js"() {
     "use strict";
     init_errors();
+    PORTABLE_PROOF_SIGNER_HEADER = "Portable Proof Verification Request";
     BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
     StatusPoller = class {
       constructor(client, qHash, options = {}) {
@@ -957,7 +989,7 @@ var init_utils = __esm({
           const pollAttempt = async () => {
             try {
               this.attempt++;
-              const response = await this.client.getStatus(this.qHash);
+              const response = await this.client.getProof(this.qHash);
               if (isTerminalStatus(response.status)) {
                 resolve(response);
                 return;
@@ -1002,7 +1034,7 @@ var init_utils = __esm({
       }
     };
     NEUS_CONSTANTS = {
-      // Hub chain (where all verifications occur)
+      /** Default EVM chain id for NEUS protocol signing context (`HUB_CHAIN_ID` name kept for compatibility). */
       HUB_CHAIN_ID: 84532,
       // Supported target chains for cross-chain propagation
       TESTNET_CHAINS: [
@@ -1030,6 +1062,7 @@ var init_utils = __esm({
         "token-holding"
       ]
     };
+    DEFAULT_HOSTED_VERIFY_URL = "https://neus.network/verify";
   }
 });
 
@@ -1037,36 +1070,37 @@ var init_utils = __esm({
 var client_exports = {};
 __export(client_exports, {
   NeusClient: () => NeusClient,
+  PORTABLE_PROOF_SIGNER_HEADER: () => PORTABLE_PROOF_SIGNER_HEADER,
   constructVerificationMessage: () => constructVerificationMessage
 });
-var FALLBACK_PUBLIC_VERIFIERS, INTERACTIVE_VERIFIERS, EVM_ADDRESS_RE, validateVerifierData, NeusClient;
+function normalizeWalletLinkRelationshipType(value) {
+  const normalized = String(value || "").trim().toLowerCase();
+  return WALLET_LINK_RELATIONSHIP_TYPES.has(normalized) ? normalized : "linked";
+}
+var FALLBACK_PUBLIC_VERIFIER_CATALOG, EVM_ADDRESS_RE, WALLET_LINK_RELATIONSHIP_TYPES, validateVerifierData, NeusClient;
 var init_client = __esm({
   "client.js"() {
     "use strict";
     init_errors();
     init_utils();
-    FALLBACK_PUBLIC_VERIFIERS = [
-      "ownership-basic",
-      "ownership-pseudonym",
-      "ownership-dns-txt",
-      "ownership-social",
-      "ownership-org-oauth",
-      "contract-ownership",
-      "nft-ownership",
-      "token-holding",
-      "wallet-link",
-      "wallet-risk",
-      "proof-of-human",
-      "agent-identity",
-      "agent-delegation",
-      "ai-content-moderation"
-    ];
-    INTERACTIVE_VERIFIERS = /* @__PURE__ */ new Set([
-      "ownership-social",
-      "ownership-org-oauth",
-      "proof-of-human"
-    ]);
+    FALLBACK_PUBLIC_VERIFIER_CATALOG = {
+      "ownership-basic": { supportsDirectApi: true },
+      "ownership-pseudonym": { supportsDirectApi: true },
+      "ownership-dns-txt": { supportsDirectApi: true },
+      "ownership-social": { supportsDirectApi: false },
+      "ownership-org-oauth": { supportsDirectApi: false },
+      "contract-ownership": { supportsDirectApi: true },
+      "nft-ownership": { supportsDirectApi: true },
+      "token-holding": { supportsDirectApi: true },
+      "wallet-link": { supportsDirectApi: true },
+      "wallet-risk": { supportsDirectApi: true },
+      "proof-of-human": { supportsDirectApi: false },
+      "agent-identity": { supportsDirectApi: true },
+      "agent-delegation": { supportsDirectApi: true },
+      "ai-content-moderation": { supportsDirectApi: true }
+    };
     EVM_ADDRESS_RE = /^0x[a-fA-F0-9]{40}$/;
+    WALLET_LINK_RELATIONSHIP_TYPES = /* @__PURE__ */ new Set(["primary", "personal", "org", "affiliate", "agent", "linked"]);
     validateVerifierData = (verifierId, data) => {
       if (!data || typeof data !== "object") {
         return { valid: false, error: "Data object is required" };
@@ -1284,7 +1318,10 @@ var init_client = __esm({
                 const maxBytes = 50 * 1024;
                 const bytes = typeof TextEncoder !== "undefined" ? new TextEncoder().encode(data.content).length : String(data.content).length;
                 if (bytes > maxBytes) {
-                  return { valid: false, error: `content exceeds ${maxBytes} bytes limit for ai-content-moderation verifier (text)` };
+                  return {
+                    valid: false,
+                    error: `content exceeds ${maxBytes} bytes limit for ai-content-moderation verifier (text)`
+                  };
                 }
               } catch {
               }
@@ -1343,20 +1380,15 @@ var init_client = __esm({
         if (typeof this.config.appId === "string" && this.config.appId.trim().length > 0) {
           this.defaultHeaders["X-Neus-App"] = this.config.appId.trim();
         }
-        if (typeof this.config.sponsorGrant === "string" && this.config.sponsorGrant.trim().length > 0) {
-          this.defaultHeaders["X-Sponsor-Grant"] = this.config.sponsorGrant.trim();
-        }
         if (typeof this.config.paymentSignature === "string" && this.config.paymentSignature.trim().length > 0) {
           this.defaultHeaders["PAYMENT-SIGNATURE"] = this.config.paymentSignature.trim();
         }
         if (this.config.extraHeaders && typeof this.config.extraHeaders === "object") {
           for (const [k, v] of Object.entries(this.config.extraHeaders)) {
-            if (!k || v === void 0 || v === null)
-              continue;
+            if (!k || v === void 0 || v === null) continue;
             const key = String(k).trim();
             const value = String(v).trim();
-            if (!key || !value)
-              continue;
+            if (!key || !value) continue;
             this.defaultHeaders[key] = value;
           }
         }
@@ -1369,14 +1401,12 @@ var init_client = __esm({
       }
       _getHubChainId() {
         const configured = Number(this.config?.hubChainId);
-        if (Number.isFinite(configured) && configured > 0)
-          return Math.floor(configured);
+        if (Number.isFinite(configured) && configured > 0) return Math.floor(configured);
         return NEUS_CONSTANTS.HUB_CHAIN_ID;
       }
       _normalizeIdentity(value) {
         let raw = String(value || "").trim();
-        if (!raw)
-          return "";
+        if (!raw) return "";
         const didMatch = raw.match(/^did:pkh:([^:]+):([^:]+):(.+)$/i);
         if (didMatch && didMatch[3]) {
           raw = String(didMatch[3]).trim();
@@ -1384,8 +1414,7 @@ var init_client = __esm({
         return EVM_ADDRESS_RE.test(raw) ? raw.toLowerCase() : raw;
       }
       _inferChainForAddress(address, explicitChain) {
-        if (typeof explicitChain === "string" && explicitChain.includes(":"))
-          return explicitChain.trim();
+        if (typeof explicitChain === "string" && explicitChain.includes(":")) return explicitChain.trim();
         const raw = String(address || "").trim();
         const didMatch = raw.match(/^did:pkh:([^:]+):([^:]+):(.+)$/i);
         if (didMatch && didMatch[1] && didMatch[2]) {
@@ -1424,8 +1453,7 @@ var init_client = __esm({
         throw new ConfigurationError("Invalid wallet provider");
       }
       _getDefaultBrowserWallet() {
-        if (typeof window === "undefined")
-          return null;
+        if (typeof window === "undefined") return null;
         return window.ethereum || window.solana || window.phantom && window.phantom.solana || null;
       }
       async _buildPrivateGateAuth({ address, wallet, chain, signatureMethod } = {}) {
@@ -1483,80 +1511,134 @@ var init_client = __esm({
           signatureMethod: params.signatureMethod
         });
       }
-      // ============================================================================
-      // CORE VERIFICATION METHODS
-      // ============================================================================
+      async createWalletLinkData(params = {}) {
+        const normalizedPrimary = this._normalizeIdentity(params.primaryWalletAddress);
+        const normalizedSecondary = this._normalizeIdentity(params.secondaryWalletAddress);
+        if (!EVM_ADDRESS_RE.test(normalizedPrimary)) {
+          throw new ValidationError("wallet-link requires a valid primaryWalletAddress");
+        }
+        if (!EVM_ADDRESS_RE.test(normalizedSecondary)) {
+          throw new ValidationError("wallet-link requires a valid secondaryWalletAddress");
+        }
+        if (normalizedPrimary === normalizedSecondary) {
+          throw new ValidationError("wallet-link secondaryWalletAddress must differ from primaryWalletAddress");
+        }
+        const providerWallet = params.wallet || this._getDefaultBrowserWallet();
+        const { signerWalletAddress, provider } = await this._resolveWalletSigner(providerWallet);
+        const normalizedSigner = this._normalizeIdentity(signerWalletAddress);
+        if (!EVM_ADDRESS_RE.test(normalizedSigner)) {
+          throw new ValidationError("wallet-link requires an EVM wallet/provider for the secondary wallet");
+        }
+        if (normalizedSigner !== normalizedSecondary) {
+          throw new ValidationError("wallet-link wallet/provider must be connected to secondaryWalletAddress");
+        }
+        const resolvedChain = (() => {
+          const raw = String(params.chain || "").trim();
+          if (!raw) return `eip155:${this._getHubChainId()}`;
+          if (!/^eip155:\d+$/.test(raw)) {
+            throw new ValidationError("wallet-link requires chain in the form eip155:<chainId>");
+          }
+          return raw;
+        })();
+        const signedTimestamp = Number.isFinite(Number(params.signedTimestamp)) && Number(params.signedTimestamp) > 0 ? Number(params.signedTimestamp) : Date.now();
+        const linkData = {
+          primaryAccountId: `${resolvedChain}:${normalizedPrimary}`,
+          secondaryAccountId: `${resolvedChain}:${normalizedSecondary}`,
+          primaryWalletAddress: normalizedPrimary,
+          secondaryWalletAddress: normalizedSecondary
+        };
+        const message = constructVerificationMessage({
+          walletAddress: normalizedSecondary,
+          signedTimestamp,
+          data: linkData,
+          verifierIds: ["wallet-link"],
+          chain: resolvedChain
+        });
+        let signature;
+        try {
+          signature = await signMessage({
+            provider,
+            message,
+            walletAddress: signerWalletAddress
+          });
+        } catch (error) {
+          if (error?.code === 4001) {
+            throw new ValidationError("User rejected wallet-link signature request");
+          }
+          throw new ValidationError(`Failed to sign wallet-link message: ${error?.message || String(error)}`);
+        }
+        const label = String(params.label || "").trim().slice(0, 64);
+        return {
+          primaryWalletAddress: normalizedPrimary,
+          secondaryWalletAddress: normalizedSecondary,
+          signature,
+          chain: resolvedChain,
+          signatureMethod: "eip191",
+          signedTimestamp,
+          relationshipType: normalizeWalletLinkRelationshipType(params.relationshipType),
+          ...label ? { label } : {}
+        };
+      }
       /**
-       * VERIFY - Standard verification (auto or manual)
-       * 
-       * Create proofs with complete control over the verification process.
-       * If signature and walletAddress are omitted but verifier/content are provided,
-       * this method performs the wallet flow inline (no aliases, no secondary methods).
-       * 
+       * Create a verification proof.
+       *
+       * Supports two paths:
+       *   - **Auto:** Supply `verifier`, `content`, and/or `data` with an optional
+       *     `wallet` provider. The SDK performs signing in the client.
+       *   - **Manual:** Supply pre-signed `verifierIds`, `data`, `walletAddress`,
+       *     `signature`, and `signedTimestamp`.
+       *
        * @param {Object} params - Verification parameters
+       * @param {string} [params.verifier] - Verifier ID (auto path, e.g. 'ownership-basic')
+       * @param {string} [params.content] - Content to verify (auto path)
+       * @param {Object} [params.data] - Structured verification data
+       * @param {Object} [params.wallet] - Wallet provider (auto path)
+       * @param {Object} [params.options] - Additional options
        * @param {Array<string>} [params.verifierIds] - Array of verifier IDs (manual path)
-       * @param {Object} [params.data] - Verification data object (manual path)
        * @param {string} [params.walletAddress] - Wallet address that signed the request (manual path)
        * @param {string} [params.signature] - EIP-191 signature (manual path)
        * @param {number} [params.signedTimestamp] - Unix timestamp when signature was created (manual path)
-       * @param {number} [params.chainId] - Chain ID for verification context (optional, managed by protocol)
-       * @param {Object} [params.options] - Additional options
-       * @param {string} [params.verifier] - Verifier ID (auto path)
-       * @param {string} [params.content] - Content/description (auto path)
-       * @param {Object} [params.wallet] - Optional injected wallet/provider (auto path)
-       * @returns {Promise<Object>} Verification result with proofId (qHash is a deprecated alias)
-       * 
+       * @param {number} [params.chainId] - EVM signing-context hint; when omitted, resolved to the NEUS protocol primary chain for signing
+       * @returns {Promise<Object>} Verification result with proofId
+       *
        * @example
+       * // Auto path
+       * const proof = await client.verify({
+       *   verifier: 'ownership-basic',
+       *   content: 'Hello World',
+       *   wallet: window.ethereum
+       * });
+       *
+       * @example
+       * // Manual path
        * const proof = await client.verify({
        *   verifierIds: ['ownership-basic'],
-       *   data: {
-       *     content: "My content",
-       *     owner: walletAddress, // or ownerAddress for nft-ownership/token-holding
-       *     reference: { type: 'other', id: 'my-unique-identifier' }
-       *   },
+       *   data: { content: "My content", owner: walletAddress },
        *   walletAddress: '0x...',
        *   signature: '0x...',
        *   signedTimestamp: Date.now(),
        *   options: { targetChains: [421614, 11155111] }
        * });
        */
-      /**
-       * Create a verification proof
-       *
-       * @param {Object} params - Verification parameters
-       * @param {string} [params.verifier] - Verifier ID (e.g., 'ownership-basic')
-       * @param {string} [params.content] - Content to verify
-       * @param {Object} [params.data] - Structured verification data
-       * @param {Object} [params.wallet] - Wallet provider
-       * @param {Object} [params.options] - Additional options
-       * @returns {Promise<Object>} Verification result with proofId (qHash is a deprecated alias)
-       *
-       * @example
-       * // Simple ownership proof
-       * const proof = await client.verify({
-       *   verifier: 'ownership-basic',
-       *   content: 'Hello World',
-       *   wallet: window.ethereum
-       * });
-       */
       async verify(params) {
         if ((!params?.signature || !params?.walletAddress) && (params?.verifier || params?.content || params?.data)) {
           const { content, verifier = "ownership-basic", data: data2 = null, wallet = null, options: options2 = {} } = params;
           if (verifier === "ownership-basic" && !data2 && (!content || typeof content !== "string")) {
             throw new ValidationError("content is required and must be a string (or use data param with owner + reference)");
           }
-          let validVerifiers = FALLBACK_PUBLIC_VERIFIERS;
+          let verifierCatalog = FALLBACK_PUBLIC_VERIFIER_CATALOG;
           try {
-            const discovered = await this.getVerifiers();
-            if (Array.isArray(discovered) && discovered.length > 0) {
-              validVerifiers = discovered;
+            const discovered = await this.getVerifierCatalog();
+            if (discovered && discovered.metadata && Object.keys(discovered.metadata).length > 0) {
+              verifierCatalog = discovered.metadata;
             }
           } catch {
           }
+          const validVerifiers = Object.keys(verifierCatalog);
           if (!validVerifiers.includes(verifier)) {
             throw new ValidationError(`Invalid verifier '${verifier}'. Must be one of: ${validVerifiers.join(", ")}.`);
           }
-          if (INTERACTIVE_VERIFIERS.has(verifier)) {
+          if (verifierCatalog?.[verifier]?.supportsDirectApi === false) {
             const hostedCheckoutUrl = options2?.hostedCheckoutUrl || "https://neus.network/verify";
             throw new ValidationError(
               `${verifier} requires hosted interactive checkout. Use VerifyGate or redirect to ${hostedCheckoutUrl}.`
@@ -1697,7 +1779,10 @@ var init_client = __esm({
               ...data2?.agentLabel && { agentLabel: data2.agentLabel },
               ...data2?.agentType && { agentType: data2.agentType },
               ...data2?.description && { description: data2.description },
-              ...data2?.capabilities && { capabilities: data2.capabilities }
+              ...data2?.capabilities && { capabilities: data2.capabilities },
+              ...data2?.instructions && { instructions: data2.instructions },
+              ...data2?.skills && { skills: data2.skills },
+              ...data2?.services && { services: data2.services }
             };
           } else if (verifier === "agent-delegation") {
             if (!data2?.agentWallet) {
@@ -1710,7 +1795,11 @@ var init_client = __esm({
               ...data2?.scope && { scope: data2.scope },
               ...data2?.permissions && { permissions: data2.permissions },
               ...data2?.maxSpend && { maxSpend: data2.maxSpend },
-              ...data2?.expiresAt && { expiresAt: data2.expiresAt }
+              ...data2?.allowedPaymentTypes && { allowedPaymentTypes: data2.allowedPaymentTypes },
+              ...data2?.receiptDisclosure && { receiptDisclosure: data2.receiptDisclosure },
+              ...data2?.expiresAt && { expiresAt: data2.expiresAt },
+              ...data2?.instructions && { instructions: data2.instructions },
+              ...data2?.skills && { skills: data2.skills }
             };
           } else if (verifier === "ai-content-moderation") {
             if (!data2?.content) {
@@ -1770,31 +1859,24 @@ var init_client = __esm({
                 const enc = new TextEncoder();
                 const bytes = enc.encode(s);
                 let hex = "0x";
-                for (let i = 0; i < bytes.length; i++)
-                  hex += bytes[i].toString(16).padStart(2, "0");
+                for (let i = 0; i < bytes.length; i++) hex += bytes[i].toString(16).padStart(2, "0");
                 return hex;
               } catch {
                 let hex = "0x";
-                for (let i = 0; i < s.length; i++)
-                  hex += s.charCodeAt(i).toString(16).padStart(2, "0");
+                for (let i = 0; i < s.length; i++) hex += s.charCodeAt(i).toString(16).padStart(2, "0");
                 return hex;
               }
             };
             const isFarcasterWallet = (() => {
-              if (typeof window === "undefined")
-                return false;
+              if (typeof window === "undefined") return false;
               try {
                 const w = window;
                 const fc = w.farcaster;
-                if (!fc || !fc.context)
-                  return false;
+                if (!fc || !fc.context) return false;
                 const fcProvider = fc.provider || fc.walletProvider || fc.context && fc.context.walletProvider;
-                if (fcProvider === provider)
-                  return true;
-                if (w.mini && w.mini.wallet === provider && fc && fc.context)
-                  return true;
-                if (w.ethereum === provider && fc && fc.context)
-                  return true;
+                if (fcProvider === provider) return true;
+                if (w.mini && w.mini.wallet === provider && fc && fc.context) return true;
+                if (w.ethereum === provider && fc && fc.context) return true;
               } catch {
               }
               return false;
@@ -1813,7 +1895,8 @@ var init_client = __esm({
                 const msg = String(e && (e.message || e.reason) || e || "").toLowerCase();
                 const errCode = e && (e.code || e.error && e.error.code) || null;
                 const needsHex = /byte|bytes|invalid byte sequence|encoding|non-hex/i.test(msg);
-                const methodUnsupported = /method.*not.*supported|unsupported|not implemented|method not found|unknown method|does not support/i.test(msg) || errCode === -32601 || errCode === 4200 || msg.includes("personal_sign") && msg.includes("not") || msg.includes("request method") && msg.includes("not supported");
+                const unsupportedRe = /method.*not.*supported|unsupported|not implemented|method not found|unknown method|does not support/i;
+                const methodUnsupported = unsupportedRe.test(msg) || errCode === -32601 || errCode === 4200 || msg.includes("personal_sign") && msg.includes("not") || msg.includes("request method") && msg.includes("not supported");
                 if (methodUnsupported) {
                   this._log("personal_sign not supported; attempting eth_sign fallback");
                   try {
@@ -1822,28 +1905,23 @@ var init_client = __esm({
                     const prefix = `Ethereum Signed Message:
 ${bytes.length}`;
                     const full = new Uint8Array(prefix.length + bytes.length);
-                    for (let i = 0; i < prefix.length; i++)
-                      full[i] = prefix.charCodeAt(i);
+                    for (let i = 0; i < prefix.length; i++) full[i] = prefix.charCodeAt(i);
                     full.set(bytes, prefix.length);
                     let payloadHex = "0x";
-                    for (let i = 0; i < full.length; i++)
-                      payloadHex += full[i].toString(16).padStart(2, "0");
+                    for (let i = 0; i < full.length; i++) payloadHex += full[i].toString(16).padStart(2, "0");
                     try {
-                      if (typeof window !== "undefined")
-                        window.__NEUS_ALLOW_ETH_SIGN__ = true;
+                      if (typeof window !== "undefined") window.__NEUS_ALLOW_ETH_SIGN__ = true;
                     } catch {
                     }
                     signature2 = await provider.request({ method: "eth_sign", params: [walletAddress2, payloadHex], neusAllowEthSign: true });
                     try {
-                      if (typeof window !== "undefined")
-                        delete window.__NEUS_ALLOW_ETH_SIGN__;
+                      if (typeof window !== "undefined") delete window.__NEUS_ALLOW_ETH_SIGN__;
                     } catch {
                     }
                   } catch (fallbackErr) {
                     this._log("eth_sign fallback failed", { message: fallbackErr?.message || String(fallbackErr) });
                     try {
-                      if (typeof window !== "undefined")
-                        delete window.__NEUS_ALLOW_ETH_SIGN__;
+                      if (typeof window !== "undefined") delete window.__NEUS_ALLOW_ETH_SIGN__;
                     } catch {
                     }
                     throw e;
@@ -1885,8 +1963,7 @@ ${bytes.length}`;
         } = params;
         const resolvedChainId = chainId || (chain ? null : NEUS_CONSTANTS.HUB_CHAIN_ID);
         const normalizeVerifierId = (id) => {
-          if (typeof id !== "string")
-            return id;
+          if (typeof id !== "string") return id;
           const match = id.match(/^(.*)@\d+$/);
           return match ? match[1] : id;
         };
@@ -1921,10 +1998,9 @@ ${bytes.length}`;
           // Privacy and storage options (defaults)
           privacyLevel: options?.privacyLevel || "private",
           publicDisplay: options?.publicDisplay || false,
-          storeOriginalContent: options?.storeOriginalContent || false
+          storeOriginalContent: typeof options?.storeOriginalContent === "boolean" ? options.storeOriginalContent : true
         };
-        if (typeof options?.enableIpfs === "boolean")
-          optionsPayload.enableIpfs = options.enableIpfs;
+        if (typeof options?.enableIpfs === "boolean") optionsPayload.enableIpfs = options.enableIpfs;
         const requestData = {
           verifierIds: normalizedVerifierIds,
           data,
@@ -1942,41 +2018,37 @@ ${bytes.length}`;
         }
         return this._formatResponse(response);
       }
-      // ============================================================================
-      // STATUS AND UTILITY METHODS
-      // ============================================================================
       /**
-       * Get verification status
+       * Get proof record by proof receipt id.
        *
-       * @param {string} proofId - Proof ID (standard). `qHash` is a deprecated alias (same value).
-       * @returns {Promise<Object>} Verification status and data
+       * @param {string} proofId - Proof receipt ID (0x + 64 hex).
+       * @returns {Promise<Object>} Proof record and verification state
        *
        * @example
-       * const result = await client.getStatus('0x...');
+       * const result = await client.getProof('0x...');
        * console.log('Status:', result.status);
        */
-      async getStatus(proofId) {
+      async getProof(proofId) {
         if (!proofId || typeof proofId !== "string") {
           throw new ValidationError("proofId is required");
         }
-        const response = await this._makeRequest("GET", `/api/v1/verification/status/${proofId}`);
+        const response = await this._makeRequest("GET", `/api/v1/proofs/${proofId}`);
         if (!response.success) {
-          throw new ApiError(`Failed to get status: ${response.error?.message || "Unknown error"}`, response.error);
+          throw new ApiError(`Failed to get proof: ${response.error?.message || "Unknown error"}`, response.error);
         }
         return this._formatResponse(response);
       }
       /**
-       * Get private proof status with wallet signature
+       * Get private proof record with wallet signature
        *
-       * @param {string} proofId - Proof ID (standard). `qHash` is a deprecated alias (same value).
+       * @param {string} proofId - Proof receipt ID.
        * @param {Object} wallet - Wallet provider (window.ethereum or ethers Wallet)
-       * @returns {Promise<Object>} Private verification status and data
+       * @returns {Promise<Object>} Private proof record and verification state
        *
        * @example
-       * // Access private proof
-       * const privateData = await client.getPrivateStatus(proofId, window.ethereum);
+       * const privateData = await client.getPrivateProof(proofId, window.ethereum);
        */
-      async getPrivateStatus(proofId, wallet = null) {
+      async getPrivateProof(proofId, wallet = null) {
         if (!proofId || typeof proofId !== "string") {
           throw new ValidationError("proofId is required");
         }
@@ -1990,7 +2062,7 @@ ${bytes.length}`;
             ...typeof auth.chain === "string" && auth.chain.trim() ? { "x-chain": auth.chain.trim() } : {},
             ...typeof auth.signatureMethod === "string" && auth.signatureMethod.trim() ? { "x-signature-method": auth.signatureMethod.trim() } : {}
           };
-          const response2 = await this._makeRequest("GET", `/api/v1/verification/status/${proofId}`, null, headers);
+          const response2 = await this._makeRequest("GET", `/api/v1/proofs/${proofId}`, null, headers);
           if (!response2.success) {
             throw new ApiError(
               `Failed to access private proof: ${response2.error?.message || "Unauthorized"}`,
@@ -2029,7 +2101,7 @@ ${bytes.length}`;
           }
           throw new ValidationError(`Failed to sign message: ${error.message}`);
         }
-        const response = await this._makeRequest("GET", `/api/v1/verification/status/${proofId}`, null, {
+        const response = await this._makeRequest("GET", `/api/v1/proofs/${proofId}`, null, {
           "x-wallet-address": walletAddress,
           "x-signature": signature,
           "x-signed-timestamp": signedTimestamp.toString(),
@@ -2062,25 +2134,37 @@ ${bytes.length}`;
        * @returns {Promise<string[]>} Array of verifier IDs
        */
       async getVerifiers() {
+        const catalog = await this.getVerifierCatalog();
+        return Array.isArray(catalog?.data) ? catalog.data : [];
+      }
+      /**
+       * Get the public verifier catalog with per-verifier capabilities.
+       * @returns {Promise<{data: string[], metadata: Record<string, { supportsDirectApi?: boolean }>, meta?: object}>}
+       */
+      async getVerifierCatalog() {
         const response = await this._makeRequest("GET", "/api/v1/verification/verifiers");
         if (!response.success) {
           throw new ApiError(`Failed to get verifiers: ${response.error?.message || "Unknown error"}`, response.error);
         }
-        return Array.isArray(response.data) ? response.data : [];
+        return {
+          data: Array.isArray(response.data) ? response.data : [],
+          metadata: response.metadata && typeof response.metadata === "object" && !Array.isArray(response.metadata) ? response.metadata : {},
+          meta: response.meta && typeof response.meta === "object" && !Array.isArray(response.meta) ? response.meta : {}
+        };
       }
       /**
        * POLL PROOF STATUS - Wait for verification completion
-       * 
+       *
        * Polls the verification status until it reaches a terminal state (completed or failed).
        * Useful for providing real-time feedback to users during verification.
-       * 
-       * @param {string} proofId - Proof ID to poll (standard). `qHash` is a deprecated alias (same value).
+       *
+       * @param {string} proofId - Proof ID to poll.
        * @param {Object} [options] - Polling options
        * @param {number} [options.interval=5000] - Polling interval in ms
        * @param {number} [options.timeout=120000] - Total timeout in ms
        * @param {Function} [options.onProgress] - Progress callback function
        * @returns {Promise<Object>} Final verification status
-       * 
+       *
        * @example
        * const finalStatus = await client.pollProofStatus(proofId, {
        *   interval: 3000,
@@ -2106,7 +2190,7 @@ ${bytes.length}`;
         let consecutiveRateLimits = 0;
         while (Date.now() - startTime < timeout) {
           try {
-            const status = await this.getStatus(proofId);
+            const status = await this.getProof(proofId);
             consecutiveRateLimits = 0;
             if (onProgress && typeof onProgress === "function") {
               onProgress(status.data || status);
@@ -2139,7 +2223,7 @@ ${bytes.length}`;
       }
       /**
        * DETECT CHAIN ID - Get current wallet chain
-       * 
+       *
        * @returns {Promise<number>} Current chain ID
        */
       async detectChainId() {
@@ -2170,7 +2254,6 @@ ${bytes.length}`;
         const message = constructVerificationMessage({
           walletAddress: address,
           signedTimestamp,
-          // Keep wire payload key `qHash` for backwards compatibility.
           data: { action: "revoke_proof", qHash: proofId },
           verifierIds: ["ownership-basic"],
           ...signerIsEvm ? { chainId: this._getHubChainId() } : { chain }
@@ -2189,9 +2272,8 @@ ${bytes.length}`;
           }
           throw new ValidationError(`Failed to sign revocation: ${error.message}`);
         }
-        const res = await fetch(`${this.config.apiUrl}/api/v1/proofs/${proofId}/revoke-self`, {
+        const res = await fetch(`${this.config.apiUrl}/api/v1/proofs/revoke-self/${proofId}`, {
           method: "POST",
-          // SECURITY: Do not put proof signatures into Authorization headers.
           headers: { "Content-Type": "application/json" },
           body: JSON.stringify({
             walletAddress: address,
@@ -2206,18 +2288,16 @@ ${bytes.length}`;
         }
         return true;
       }
-      // ============================================================================
-      // PROOFS & GATING METHODS
-      // ============================================================================
       /**
        * GET PROOFS BY WALLET - Fetch proofs for a wallet address
-       * 
+       *
        * @param {string} walletAddress - Wallet identity (EVM/Solana/DID)
        * @param {Object} [options] - Filter options
        * @param {number} [options.limit] - Max results (default: 50; higher limits require owner access)
        * @param {number} [options.offset] - Pagination offset (default: 0)
+       * @param {string} [options.qHash] - Filter to single proof by qHash
        * @returns {Promise<Object>} Proofs result
-       * 
+       *
        * @example
        * const result = await client.getProofsByWallet('0x...', {
        *   limit: 50,
@@ -2231,14 +2311,13 @@ ${bytes.length}`;
         const id = walletAddress.trim();
         const pathId = /^0x[a-fA-F0-9]{40}$/i.test(id) ? id.toLowerCase() : id;
         const qs = [];
-        if (options.limit)
-          qs.push(`limit=${encodeURIComponent(String(options.limit))}`);
-        if (options.offset)
-          qs.push(`offset=${encodeURIComponent(String(options.offset))}`);
+        if (options.limit) qs.push(`limit=${encodeURIComponent(String(options.limit))}`);
+        if (options.offset) qs.push(`offset=${encodeURIComponent(String(options.offset))}`);
+        if (options.qHash) qs.push(`qHash=${encodeURIComponent(options.qHash.toLowerCase())}`);
         const query = qs.length ? `?${qs.join("&")}` : "";
         const response = await this._makeRequest(
           "GET",
-          `/api/v1/proofs/byWallet/${encodeURIComponent(pathId)}${query}`
+          `/api/v1/proofs/by-wallet/${encodeURIComponent(pathId)}${query}`
         );
         if (!response.success) {
           throw new ApiError(`Failed to get proofs: ${response.error?.message || "Unknown error"}`, response.error);
@@ -2261,6 +2340,7 @@ ${bytes.length}`;
        * @param {Object} [options]
        * @param {number} [options.limit] - Max results (server enforces caps)
        * @param {number} [options.offset] - Pagination offset
+       * @param {string} [options.qHash] - Filter to single proof by qHash
        * @param {Object} [wallet] - Optional injected wallet/provider (MetaMask/ethers Wallet)
        */
       async getPrivateProofsByWallet(walletAddress, options = {}, wallet = null) {
@@ -2311,12 +2391,11 @@ ${bytes.length}`;
           throw new ValidationError(`Failed to sign message: ${error.message}`);
         }
         const qs = [];
-        if (options.limit)
-          qs.push(`limit=${encodeURIComponent(String(options.limit))}`);
-        if (options.offset)
-          qs.push(`offset=${encodeURIComponent(String(options.offset))}`);
+        if (options.limit) qs.push(`limit=${encodeURIComponent(String(options.limit))}`);
+        if (options.offset) qs.push(`offset=${encodeURIComponent(String(options.offset))}`);
+        if (options.qHash) qs.push(`qHash=${encodeURIComponent(options.qHash.toLowerCase())}`);
         const query = qs.length ? `?${qs.join("&")}` : "";
-        const response = await this._makeRequest("GET", `/api/v1/proofs/byWallet/${encodeURIComponent(pathId)}${query}`, null, {
+        const response = await this._makeRequest("GET", `/api/v1/proofs/by-wallet/${encodeURIComponent(pathId)}${query}`, null, {
           "x-wallet-address": signerWalletAddress,
           "x-signature": signature,
           "x-signed-timestamp": signedTimestamp.toString(),
@@ -2335,16 +2414,16 @@ ${bytes.length}`;
         };
       }
       /**
-       * GATE CHECK (API) - Minimal eligibility check
+       * Gate check (HTTP API) — minimal eligibility response.
        *
        * Calls the gate endpoint and returns a **minimal** yes/no response.
-       * By default this checks **public + discoverable** proofs only.
+       * By default this checks **public + unlisted** proofs.
        *
        * When `includePrivate=true`, this can perform owner-signed private checks
        * (no full proof payloads returned) by providing a wallet/provider.
        *
-       * Prefer this over `checkGate()` for integrations that want the
-       * smallest, most stable surface area (and do NOT need full proof payloads).
+       * Prefer this over `checkGate()` when you need the smallest, most stable
+       * response shape and do not need full proof payloads.
        *
        * @param {Object} params - Gate check query params
        * @param {string} params.address - Wallet identity to check (EVM/Solana/DID)
@@ -2367,25 +2446,20 @@ ${bytes.length}`;
         const qs = new URLSearchParams();
         qs.set("address", address);
         const setIfPresent = (key, value) => {
-          if (value === void 0 || value === null)
-            return;
+          if (value === void 0 || value === null) return;
           const str = typeof value === "string" ? value : String(value);
-          if (str.length === 0)
-            return;
+          if (str.length === 0) return;
           qs.set(key, str);
         };
         const setBoolIfPresent = (key, value) => {
-          if (value === void 0 || value === null)
-            return;
+          if (value === void 0 || value === null) return;
           qs.set(key, value ? "true" : "false");
         };
         const setCsvIfPresent = (key, value) => {
-          if (value === void 0 || value === null)
-            return;
+          if (value === void 0 || value === null) return;
           if (Array.isArray(value)) {
             const items = value.map((v) => String(v).trim()).filter(Boolean);
-            if (items.length)
-              qs.set(key, items.join(","));
+            if (items.length) qs.set(key, items.join(","));
             return;
           }
           setIfPresent(key, value);
@@ -2411,6 +2485,8 @@ ${bytes.length}`;
         setIfPresent("domain", params.domain);
         setIfPresent("minBalance", params.minBalance);
         setIfPresent("provider", params.provider);
+        setIfPresent("handle", params.handle);
+        setIfPresent("namespace", params.namespace);
         setIfPresent("ownerAddress", params.ownerAddress);
         setIfPresent("riskLevel", params.riskLevel);
         setBoolIfPresent("sanctioned", params.sanctioned);
@@ -2458,11 +2534,17 @@ ${bytes.length}`;
         return response;
       }
       /**
-       * CHECK GATE - Evaluate requirements against existing proofs
-       * 
+       * CHECK GATE — Local preview against proofs you already have in memory or from `getProofsByWallet`.
+       *
+       * **Not authoritative for access control.** For production allow/deny, use {@link NeusClient#gateCheck}
+       * (`GET /api/v1/proofs/check`), which applies the same rules as the NEUS API. This method is useful for
+       * UI previews, offline-ish flows, or when you already fetched proofs and want a quick match without
+       * another round trip — but it can disagree with the server (e.g. `contentHash` matching uses a local
+       * approximation when proof data only has inline `content`; the API uses the standard server-side hash).
+       *
        * Gate-first verification: checks if wallet has valid proofs satisfying requirements.
        * Returns which requirements are missing/expired.
-       * 
+       *
        * @param {Object} params - Gate check parameters
        * @param {string} params.walletAddress - Target wallet
        * @param {Array<Object>} params.requirements - Array of gate requirements
@@ -2480,7 +2562,7 @@ ${bytes.length}`;
        *   Note: contentHash matching uses approximation in SDK; for exact SHA-256 matching, use backend API
        * @param {Array} [params.proofs] - Pre-fetched proofs (skip API call)
        * @returns {Promise<Object>} Gate result with satisfied, missing, existing
-       * 
+       *
        * @example
        * // Basic gate check
        * const result = await client.checkGate({
@@ -2513,20 +2595,20 @@ ${bytes.length}`;
             const verifier = verifiedVerifiers.find(
               (v) => v.verifierId === verifierId && v.verified === true
             );
-            if (!verifier)
-              return false;
-            if (proof.revokedAt)
-              return false;
+            if (!verifier) return false;
+            if (proof.revokedAt) return false;
             if (maxAgeMs) {
               const proofTimestamp = proof.createdAt || proof.signedTimestamp || 0;
               const proofAge = now - proofTimestamp;
-              if (proofAge > maxAgeMs)
-                return false;
+              if (proofAge > maxAgeMs) return false;
             }
             if (match && typeof match === "object") {
               const data = verifier.data || {};
               const input = data.input || {};
-              for (const [key, expected] of Object.entries(match)) {
+              const matchObj = Array.isArray(match) ? Object.fromEntries(
+                match.filter((m) => m && m.path && String(m.value ?? "").trim() !== "").map((m) => [String(m.path).trim(), m.value])
+              ) : match;
+              for (const [key, expected] of Object.entries(matchObj)) {
                 let actualValue = null;
                 if (key.includes(".")) {
                   const parts = key.split(".");
@@ -2551,6 +2633,7 @@ ${bytes.length}`;
                   actualValue = data.reference?.id || data.content;
                 }
                 if (actualValue === void 0) {
+                  const claims = data.claims || {};
                   if (key === "contractAddress") {
                     actualValue = input.contractAddress || data.contractAddress;
                   } else if (key === "tokenId") {
@@ -2569,6 +2652,22 @@ ${bytes.length}`;
                     actualValue = data.verificationMethod;
                   } else if (key === "domain") {
                     actualValue = data.domain;
+                  } else if (key === "handle") {
+                    actualValue = data.handle || data.pseudonymId;
+                  } else if (key === "namespace") {
+                    actualValue = data.namespace !== void 0 && data.namespace !== null && data.namespace !== "" ? data.namespace : "neus";
+                  } else if (key === "claims.sanctions_passed") {
+                    actualValue = claims.sanctions_passed ?? claims.sanctionsPassed;
+                  } else if (key === "claims.age_min") {
+                    actualValue = claims.age_min ?? claims.ageMin;
+                  } else if (key === "neusPersonhoodId") {
+                    actualValue = data.neusPersonhoodId;
+                  } else if (key === "riskLevel") {
+                    actualValue = data.riskLevel;
+                  } else if (key === "sanctioned") {
+                    actualValue = data.sanctioned;
+                  } else if (key === "poisoned") {
+                    actualValue = data.poisoned;
                   }
                 }
                 if (key === "contentHash" && actualValue === void 0 && data.content) {
@@ -2580,7 +2679,7 @@ ${bytes.length}`;
                       hash = (hash << 5) - hash + char;
                       hash = hash & hash;
                     }
-                    actualValue = "0x" + Math.abs(hash).toString(16).padStart(64, "0").substring(0, 66);
+                    actualValue = `0x${Math.abs(hash).toString(16).padStart(64, "0").substring(0, 66)}`;
                   } catch {
                     actualValue = String(data.content);
                   }
@@ -2590,11 +2689,16 @@ ${bytes.length}`;
                 if (actualValue === void 0 || actualValue === null) {
                   return false;
                 }
+                if (typeof actualValue === "boolean" || key && (key.includes("sanctions") || key.includes("sanctioned") || key.includes("poisoned"))) {
+                  const bActual = Boolean(actualValue);
+                  const bExpected = expected === true || expected === "true" || String(expected).toLowerCase() === "true";
+                  if (bActual !== bExpected) return false;
+                  continue;
+                }
                 if (key === "chainId" || key === "tokenId" && (typeof actualValue === "number" || !isNaN(Number(actualValue)))) {
                   normalizedActual = Number(actualValue);
                   normalizedExpected = Number(expected);
-                  if (isNaN(normalizedActual) || isNaN(normalizedExpected))
-                    return false;
+                  if (isNaN(normalizedActual) || isNaN(normalizedExpected)) return false;
                 } else if (typeof actualValue === "string" && (actualValue.startsWith("0x") || actualValue.length > 20)) {
                   normalizedActual = actualValue.toLowerCase();
                   normalizedExpected = typeof expected === "string" ? String(expected).toLowerCase() : expected;
@@ -2623,13 +2727,6 @@ ${bytes.length}`;
           allProofs: proofs
         };
       }
-      // ============================================================================
-      // PRIVATE UTILITY METHODS
-      // ============================================================================
-      /**
-       * Get connected wallet address
-       * @private
-       */
       async _getWalletAddress() {
         if (typeof window === "undefined" || !window.ethereum) {
           throw new ConfigurationError("No Web3 wallet detected");
@@ -2640,10 +2737,6 @@ ${bytes.length}`;
         }
         return accounts[0];
       }
-      /**
-       * Make HTTP request to API
-       * @private
-       */
       async _makeRequest(method, endpoint, data = null, headersOverride = null) {
         const url = `${this.baseUrl}${endpoint}`;
         const controller = new AbortController();
@@ -2681,10 +2774,6 @@ ${bytes.length}`;
           throw new NetworkError(`Network error: ${error.message}`);
         }
       }
-      /**
-       * Format API response for consistent structure
-       * @private
-       */
       _formatResponse(response) {
         const proofId = response?.data?.proofId || response?.proofId || response?.data?.resource?.proofId || response?.data?.qHash || response?.qHash || response?.data?.resource?.qHash || response?.data?.id;
         const qHash = response?.data?.qHash || response?.qHash || response?.data?.resource?.qHash || proofId || response?.data?.id;
@@ -2699,13 +2788,9 @@ ${bytes.length}`;
           data: response.data,
           message: response.message,
           timestamp: Date.now(),
-          statusUrl: finalProofId ? `${this.baseUrl}/api/v1/verification/status/${finalProofId}` : null
+          proofUrl: finalProofId ? `${this.baseUrl}/api/v1/proofs/${finalProofId}` : null
         };
       }
-      /**
-       * Check if status is terminal (completed or failed)
-       * @private
-       */
       _isTerminalStatus(status) {
         const terminalStates = [
           "verified",
@@ -2737,12 +2822,13 @@ ${bytes.length}`;
 });
 
 // index.js
-var sdk_exports = {};
-__export(sdk_exports, {
+var index_exports = {};
+__export(index_exports, {
   ApiError: () => ApiError,
   AuthenticationError: () => AuthenticationError,
   ConfigurationError: () => ConfigurationError,
   DAY: () => DAY,
+  DEFAULT_HOSTED_VERIFY_URL: () => DEFAULT_HOSTED_VERIFY_URL,
   GATE_AGENT_DELEGATION: () => GATE_AGENT_DELEGATION,
   GATE_AGENT_IDENTITY: () => GATE_AGENT_IDENTITY,
   GATE_CONTENT_MODERATION: () => GATE_CONTENT_MODERATION,
@@ -2758,6 +2844,7 @@ __export(sdk_exports, {
   NEUS_CONSTANTS: () => NEUS_CONSTANTS,
   NetworkError: () => NetworkError,
   NeusClient: () => NeusClient,
+  PORTABLE_PROOF_SIGNER_HEADER: () => PORTABLE_PROOF_SIGNER_HEADER,
   SDKError: () => SDKError,
   StatusPoller: () => StatusPoller,
   ValidationError: () => ValidationError,
@@ -2770,11 +2857,12 @@ __export(sdk_exports, {
   constructVerificationMessage: () => constructVerificationMessage,
   createGate: () => createGate,
   createVerificationData: () => createVerificationData,
-  default: () => sdk_default,
+  default: () => index_default,
   delay: () => delay,
   deriveDid: () => deriveDid,
   formatTimestamp: () => formatTimestamp,
   formatVerificationStatus: () => formatVerificationStatus,
+  getHostedCheckoutUrl: () => getHostedCheckoutUrl,
   isFailureStatus: () => isFailureStatus,
   isSuccessStatus: () => isSuccessStatus,
   isSupportedChain: () => isSupportedChain,
@@ -2784,6 +2872,7 @@ __export(sdk_exports, {
   resolveZkPassportConfig: () => resolveZkPassportConfig,
   signMessage: () => signMessage,
   standardizeVerificationRequest: () => standardizeVerificationRequest,
+  toAgentDelegationMaxSpend: () => toAgentDelegationMaxSpend,
   toHexUtf8: () => toHexUtf8,
   validateQHash: () => validateQHash,
   validateSignatureComponents: () => validateSignatureComponents,
@@ -2793,7 +2882,7 @@ __export(sdk_exports, {
   validateWalletAddress: () => validateWalletAddress,
   withRetry: () => withRetry
 });
-module.exports = __toCommonJS(sdk_exports);
+module.exports = __toCommonJS(index_exports);
 init_client();
 init_utils();
 
@@ -2858,7 +2947,7 @@ function combineGates(...gates) {
 
 // index.js
 init_errors();
-var sdk_default = {
+var index_default = {
   NeusClient: () => Promise.resolve().then(() => (init_client(), client_exports)).then((m) => m.NeusClient),
   toString: () => "[neus/sdk]"
 };
@@ -2868,6 +2957,7 @@ var sdk_default = {
   AuthenticationError,
   ConfigurationError,
   DAY,
+  DEFAULT_HOSTED_VERIFY_URL,
   GATE_AGENT_DELEGATION,
   GATE_AGENT_IDENTITY,
   GATE_CONTENT_MODERATION,
@@ -2883,6 +2973,7 @@ var sdk_default = {
   NEUS_CONSTANTS,
   NetworkError,
   NeusClient,
+  PORTABLE_PROOF_SIGNER_HEADER,
   SDKError,
   StatusPoller,
   ValidationError,
@@ -2899,6 +2990,7 @@ var sdk_default = {
   deriveDid,
   formatTimestamp,
   formatVerificationStatus,
+  getHostedCheckoutUrl,
   isFailureStatus,
   isSuccessStatus,
   isSupportedChain,
@@ -2908,6 +3000,7 @@ var sdk_default = {
   resolveZkPassportConfig,
   signMessage,
   standardizeVerificationRequest,
+  toAgentDelegationMaxSpend,
   toHexUtf8,
   validateQHash,
   validateSignatureComponents,