@neus/sdk 1.0.4 → 1.0.6

package/README.md

@@ -2,7 +2,7 @@
 
 [![npm](https://img.shields.io/npm/v/%40neus%2Fsdk?logo=npm&label=%40neus%2Fsdk&color=98C0EF)](https://www.npmjs.com/package/@neus/sdk)
 
-**Portable trust, shipped as APIs and widgets.** The JavaScript SDK runs NEUS verification, polling, and **`gateCheck`**. Store **`proofId`** (your **proof ID**) once, then reuse. NEUS runs the checks; you do not fork verifier logic into your repo.
+**Portable trust, shipped as APIs and widgets.** The JavaScript SDK runs NEUS verification, polling, and **`gateCheck`**. Store **`proofId`**, then reuse it. NEUS runs the checks; you do not fork verifier logic into your repo.
 
 ## Install
 
@@ -16,7 +16,22 @@ npm install @neus/sdk
 npx -y -p @neus/sdk neus init
 ```
 
-Prints the hosted MCP URL and documentation links in your terminal - fast setup in IDEs and agent clients.
+Configures supported MCP clients automatically. By default the command installs NEUS into user-level Claude Code, Cursor, and VS Code MCP config when those clients are detected.
+
+## CLI
+
+```bash
+# Autopilot setup for detected clients
+npx -y -p @neus/sdk neus init
+
+# Enable personal account tools such as neus_me and private reads
+npx -y -p @neus/sdk neus auth --access-key <npk_...>
+
+# Inspect current NEUS MCP setup
+npx -y -p @neus/sdk neus status --json
+```
+
+Use `neus init --project` when you want shared repo config instead of personal user-scope setup. Access keys stay user-scope only so secrets do not land in checked-in config.
 
 ## Minimal working example
 
@@ -51,10 +66,11 @@ const check = await client.gateCheck({
 | `client.gateCheck()` | **Server eligibility** (use for real gates) |
 | `client.checkGate()` | Local preview only |
 | `getHostedCheckoutUrl()` | Hosted verify URL |
+| `client.createWalletLinkData()` | Build advanced direct wallet-link payload |
 
 ## VerifyGate (React)
 
-Defaults: unlisted public create (`privacyLevel: 'public'`, `publicDisplay: false`). Set `proofOptions` for other visibility.
+Defaults: private create (`privacyLevel: 'private'`, `publicDisplay: false`). Set `proofOptions` only when you intentionally need public visibility.
 
 ```jsx
 import { VerifyGate } from '@neus/sdk/widgets';
@@ -79,8 +95,9 @@ const client = new NeusClient({
 ## Docs
 
 - [Quickstart](https://docs.neus.network/quickstart)
+- [Examples](https://docs.neus.network/examples) — start with the [trust receipts showcase](https://github.com/neus/network/tree/main/examples/trust-receipts-showcase) locally; [live demo](https://neus.network/demo) on the product site
 - [SDK](https://docs.neus.network/sdks/javascript)
-- [MCP](https://docs.neus.network/mcp/overview) (IDEs and assistants)
+- [MCP](https://docs.neus.network/mcp/overview) for IDEs and assistants
 - [Widgets](https://docs.neus.network/widgets/overview)
 - [API](https://docs.neus.network/api/overview)
 - [Hosted Verify](https://docs.neus.network/cookbook/auth-hosted-verify)

package/SECURITY.md

@@ -16,18 +16,23 @@ Treat **wallet signatures** and **API keys** as secrets. Do not log them, expose
 
 ## Privacy defaults
 
-**`client.verify()`** defaults to **private** stored results with **original content stored** (owner-authenticated reads).
+**`client.verify()`** defaults to **private**.
 
-**`VerifyGate`** create mode defaults to **unlisted public** (`privacyLevel: 'public'`, `publicDisplay: false`, `storeOriginalContent: true`) so gates and `gateCheck` work without extra options.
+**`VerifyGate`** create mode also defaults to **private**.
 
-For raw SDK flows that must power **`gateCheck`** without owner-authenticated access, set **unlisted public** explicitly (`privacyLevel: 'public'`, `publicDisplay: false`). Anyone with the proof id can resolve public proofs. Do not treat unlisted as secret.
+Use public visibility only when you intentionally need proof reuse without owner-authenticated access:
 
-**Hide original content** (metadata/hash only): set `storeOriginalContent: false` when your product must not persist original bytes.
+- unlisted public: `privacyLevel: 'public'`, `publicDisplay: false`
+- listed public: `privacyLevel: 'public'`, `publicDisplay: true`
+
+Do not treat unlisted public proofs as secret.
+
+`storeOriginalContent` is an advanced storage control. Most integrations should leave the default as-is.
 
 Controls:
 
-- `privacyLevel` - private (vaulted to the wallet) vs public (eligible for policy checks without proving owner identity)
+- `privacyLevel` - private by default; switch to public only for intentional public reuse
 - `publicDisplay` - discovery vs unlisted
-- `storeOriginalContent` - retain original content vs hash/metadata only
+- `storeOriginalContent` - advanced content-storage control
 
 Discoverable listings require **`privacyLevel: 'public'`** and **`publicDisplay: true`**.

package/cjs/client.cjs

@@ -364,9 +364,7 @@ async function signMessage({ provider, message, walletAddress, chain } = {}) {
   throw new SDKError("Unable to sign message with provided wallet/provider", "SIGNER_UNAVAILABLE");
 }
 var NEUS_CONSTANTS = {
-  /** Default EVM chain id for NEUS protocol signing context (`HUB_CHAIN_ID` name kept for compatibility). */
   HUB_CHAIN_ID: 84532,
-  // Supported target chains for cross-chain propagation
   TESTNET_CHAINS: [
     11155111,
     // Ethereum Sepolia
@@ -377,15 +375,12 @@ var NEUS_CONSTANTS = {
     80002
     // Polygon Amoy
   ],
-  // API endpoints
   API_BASE_URL: "https://api.neus.network",
   API_VERSION: "v1",
-  // Timeouts and limits
   SIGNATURE_MAX_AGE_MS: 5 * 60 * 1e3,
   // 5 minutes
   REQUEST_TIMEOUT_MS: 30 * 1e3,
   // 30 seconds
-  // Default verifier set for quick starts
   DEFAULT_VERIFIERS: [
     "ownership-basic",
     "nft-ownership",
@@ -411,6 +406,21 @@ var FALLBACK_PUBLIC_VERIFIER_CATALOG = {
   "ai-content-moderation": { supportsDirectApi: true }
 };
 var EVM_ADDRESS_RE = /^0x[a-fA-F0-9]{40}$/;
+var WALLET_LINK_RELATIONSHIP_TYPES = /* @__PURE__ */ new Set(["primary", "personal", "org", "affiliate", "agent", "linked"]);
+function normalizeWalletLinkRelationshipType(value) {
+  const normalized = String(value || "").trim().toLowerCase();
+  return WALLET_LINK_RELATIONSHIP_TYPES.has(normalized) ? normalized : "linked";
+}
+function normalizeBrowserSignerString(raw) {
+  if (raw === null || raw === void 0) {
+    return null;
+  }
+  if (typeof raw === "string") {
+    const t = raw.trim();
+    return t.length > 0 ? t : null;
+  }
+  return null;
+}
 var validateVerifierData = (verifierId, data) => {
   if (!data || typeof data !== "object") {
     return { valid: false, error: "Data object is required" };
@@ -739,26 +749,49 @@ var NeusClient = class {
     if (!wallet) {
       throw new ConfigurationError("No wallet provider available");
     }
-    if (wallet.address) {
-      return { signerWalletAddress: wallet.address, provider: wallet };
+    if (wallet.address !== null && wallet.address !== void 0) {
+      const s = normalizeBrowserSignerString(
+        typeof wallet.address === "string" ? wallet.address : null
+      );
+      if (s) {
+        return { signerWalletAddress: s, provider: wallet };
+      }
     }
     if (wallet.publicKey && typeof wallet.publicKey.toBase58 === "function") {
-      return { signerWalletAddress: wallet.publicKey.toBase58(), provider: wallet };
+      const b58 = wallet.publicKey.toBase58();
+      const s = normalizeBrowserSignerString(typeof b58 === "string" ? b58 : null);
+      if (s) {
+        return { signerWalletAddress: s, provider: wallet };
+      }
     }
     if (typeof wallet.getAddress === "function") {
-      const signerWalletAddress = await wallet.getAddress().catch(() => null);
-      return { signerWalletAddress, provider: wallet };
+      const got = await wallet.getAddress().catch(() => null);
+      const s = normalizeBrowserSignerString(
+        got === null || got === void 0 ? null : typeof got === "string" ? got : null
+      );
+      if (s) {
+        return { signerWalletAddress: s, provider: wallet };
+      }
     }
     if (wallet.selectedAddress || wallet.request) {
       const provider = wallet;
       if (wallet.selectedAddress) {
-        return { signerWalletAddress: wallet.selectedAddress, provider };
+        const s2 = normalizeBrowserSignerString(
+          typeof wallet.selectedAddress === "string" ? wallet.selectedAddress : null
+        );
+        if (s2) {
+          return { signerWalletAddress: s2, provider };
+        }
       }
       const accounts = await provider.request({ method: "eth_accounts" });
       if (!accounts || accounts.length === 0) {
         throw new ConfigurationError("No wallet accounts available");
       }
-      return { signerWalletAddress: accounts[0], provider };
+      const s = normalizeBrowserSignerString(accounts[0]);
+      if (!s) {
+        throw new ConfigurationError("No wallet accounts available");
+      }
+      return { signerWalletAddress: s, provider };
     }
     throw new ConfigurationError("Invalid wallet provider");
   }
@@ -821,47 +854,74 @@ var NeusClient = class {
       signatureMethod: params.signatureMethod
     });
   }
-  /**
-   * Create a verification proof.
-   *
-   * Supports two paths:
-   *   - **Auto:** Supply `verifier`, `content`, and/or `data` with an optional
-   *     `wallet` provider. The SDK performs signing in the client.
-   *   - **Manual:** Supply pre-signed `verifierIds`, `data`, `walletAddress`,
-   *     `signature`, and `signedTimestamp`.
-   *
-   * @param {Object} params - Verification parameters
-   * @param {string} [params.verifier] - Verifier ID (auto path, e.g. 'ownership-basic')
-   * @param {string} [params.content] - Content to verify (auto path)
-   * @param {Object} [params.data] - Structured verification data
-   * @param {Object} [params.wallet] - Wallet provider (auto path)
-   * @param {Object} [params.options] - Additional options
-   * @param {Array<string>} [params.verifierIds] - Array of verifier IDs (manual path)
-   * @param {string} [params.walletAddress] - Wallet address that signed the request (manual path)
-   * @param {string} [params.signature] - EIP-191 signature (manual path)
-   * @param {number} [params.signedTimestamp] - Unix timestamp when signature was created (manual path)
-   * @param {number} [params.chainId] - EVM signing-context hint; when omitted, resolved to the NEUS protocol primary chain for signing
-   * @returns {Promise<Object>} Verification result with proofId
-   *
-   * @example
-   * // Auto path
-   * const proof = await client.verify({
-   *   verifier: 'ownership-basic',
-   *   content: 'Hello World',
-   *   wallet: window.ethereum
-   * });
-   *
-   * @example
-   * // Manual path
-   * const proof = await client.verify({
-   *   verifierIds: ['ownership-basic'],
-   *   data: { content: "My content", owner: walletAddress },
-   *   walletAddress: '0x...',
-   *   signature: '0x...',
-   *   signedTimestamp: Date.now(),
-   *   options: { targetChains: [421614, 11155111] }
-   * });
-   */
+  async createWalletLinkData(params = {}) {
+    const normalizedPrimary = this._normalizeIdentity(params.primaryWalletAddress);
+    const normalizedSecondary = this._normalizeIdentity(params.secondaryWalletAddress);
+    if (!EVM_ADDRESS_RE.test(normalizedPrimary)) {
+      throw new ValidationError("wallet-link requires a valid primaryWalletAddress");
+    }
+    if (!EVM_ADDRESS_RE.test(normalizedSecondary)) {
+      throw new ValidationError("wallet-link requires a valid secondaryWalletAddress");
+    }
+    if (normalizedPrimary === normalizedSecondary) {
+      throw new ValidationError("wallet-link secondaryWalletAddress must differ from primaryWalletAddress");
+    }
+    const providerWallet = params.wallet || this._getDefaultBrowserWallet();
+    const { signerWalletAddress, provider } = await this._resolveWalletSigner(providerWallet);
+    const normalizedSigner = this._normalizeIdentity(signerWalletAddress);
+    if (!EVM_ADDRESS_RE.test(normalizedSigner)) {
+      throw new ValidationError("wallet-link requires an EVM wallet/provider for the secondary wallet");
+    }
+    if (normalizedSigner !== normalizedSecondary) {
+      throw new ValidationError("wallet-link wallet/provider must be connected to secondaryWalletAddress");
+    }
+    const resolvedChain = (() => {
+      const raw = String(params.chain || "").trim();
+      if (!raw) return `eip155:${this._getHubChainId()}`;
+      if (!/^eip155:\d+$/.test(raw)) {
+        throw new ValidationError("wallet-link requires chain in the form eip155:<chainId>");
+      }
+      return raw;
+    })();
+    const signedTimestamp = Number.isFinite(Number(params.signedTimestamp)) && Number(params.signedTimestamp) > 0 ? Number(params.signedTimestamp) : Date.now();
+    const linkData = {
+      primaryAccountId: `${resolvedChain}:${normalizedPrimary}`,
+      secondaryAccountId: `${resolvedChain}:${normalizedSecondary}`,
+      primaryWalletAddress: normalizedPrimary,
+      secondaryWalletAddress: normalizedSecondary
+    };
+    const message = constructVerificationMessage({
+      walletAddress: normalizedSecondary,
+      signedTimestamp,
+      data: linkData,
+      verifierIds: ["wallet-link"],
+      chain: resolvedChain
+    });
+    let signature;
+    try {
+      signature = await signMessage({
+        provider,
+        message,
+        walletAddress: signerWalletAddress
+      });
+    } catch (error) {
+      if (error?.code === 4001) {
+        throw new ValidationError("User rejected wallet-link signature request");
+      }
+      throw new ValidationError(`Failed to sign wallet-link message: ${error?.message || String(error)}`);
+    }
+    const label = String(params.label || "").trim().slice(0, 64);
+    return {
+      primaryWalletAddress: normalizedPrimary,
+      secondaryWalletAddress: normalizedSecondary,
+      signature,
+      chain: resolvedChain,
+      signatureMethod: "eip191",
+      signedTimestamp,
+      relationshipType: normalizeWalletLinkRelationshipType(params.relationshipType),
+      ...label ? { label } : {}
+    };
+  }
   async verify(params) {
     if ((!params?.signature || !params?.walletAddress) && (params?.verifier || params?.content || params?.data)) {
       const { content, verifier = "ownership-basic", data: data2 = null, wallet = null, options: options2 = {} } = params;
@@ -903,11 +963,16 @@ var NeusClient = class {
       }
       let walletAddress2, provider;
       if (wallet) {
-        walletAddress2 = wallet.address || wallet.selectedAddress || wallet.walletAddress || (typeof wallet.getAddress === "function" ? await wallet.getAddress() : null);
+        walletAddress2 = wallet.address || wallet.selectedAddress || wallet.walletAddress || (typeof wallet.getAddress === "function" ? await wallet.getAddress().catch(() => null) : null);
         provider = wallet.provider || wallet;
         if (!walletAddress2 && provider && typeof provider.request === "function") {
-          const accounts = await provider.request({ method: "eth_accounts" });
-          walletAddress2 = Array.isArray(accounts) ? accounts[0] : null;
+          let accounts = await provider.request({ method: "eth_accounts" });
+          walletAddress2 = Array.isArray(accounts) && accounts.length > 0 ? accounts[0] : null;
+          if (!walletAddress2) {
+            await provider.request({ method: "eth_requestAccounts" });
+            accounts = await provider.request({ method: "eth_accounts" });
+            walletAddress2 = Array.isArray(accounts) && accounts.length > 0 ? accounts[0] : null;
+          }
         }
       } else {
         if (typeof window === "undefined" || !window.ethereum) {
@@ -918,6 +983,15 @@ var NeusClient = class {
         const accounts = await provider.request({ method: "eth_accounts" });
         walletAddress2 = accounts[0];
       }
+      {
+        const normalized = normalizeBrowserSignerString(
+          typeof walletAddress2 === "string" ? walletAddress2 : null
+        );
+        if (!normalized) {
+          throw new ConfigurationError("No wallet accounts available. Connect a wallet to continue.");
+        }
+        walletAddress2 = normalized;
+      }
       let verificationData;
       if (verifier === "ownership-basic") {
         if (data2 && typeof data2 === "object") {
@@ -1069,8 +1143,6 @@ var NeusClient = class {
         verificationData = {
           walletAddress: data2?.walletAddress || walletAddress2,
           ...data2?.provider && { provider: data2.provider },
-          // Mainnet-first semantics: if caller doesn't provide chainId, default to Ethereum mainnet (1).
-          // This avoids accidental testnet semantics for risk providers.
           chainId: typeof data2?.chainId === "number" && Number.isFinite(data2.chainId) ? data2.chainId : 1,
           ...data2?.includeDetails !== void 0 && { includeDetails: data2.includeDetails }
         };
@@ -1092,7 +1164,6 @@ var NeusClient = class {
         data: verificationData,
         verifierIds: verifierIds2,
         chainId: this._getHubChainId()
-        // Protocol-managed chain
       });
       let signature2;
       try {
@@ -1128,6 +1199,7 @@ var NeusClient = class {
             const hexMsg = toHexUtf82(message);
             signature2 = await provider.request({ method: "personal_sign", params: [hexMsg, walletAddress2] });
           } catch (e) {
+            void e;
           }
         }
         if (!signature2) {
@@ -1237,7 +1309,6 @@ ${bytes.length}`;
     const optionsPayload = {
       ...options && typeof options === "object" ? options : {},
       targetChains: Array.isArray(options?.targetChains) ? options.targetChains : [],
-      // Privacy and storage options (defaults)
       privacyLevel: options?.privacyLevel || "private",
       publicDisplay: options?.publicDisplay || false,
       storeOriginalContent: typeof options?.storeOriginalContent === "boolean" ? options.storeOriginalContent : true
@@ -1260,16 +1331,6 @@ ${bytes.length}`;
     }
     return this._formatResponse(response);
   }
-  /**
-   * Get proof record by proof receipt id.
-   *
-   * @param {string} proofId - Proof receipt ID (0x + 64 hex).
-   * @returns {Promise<Object>} Proof record and verification state
-   *
-   * @example
-   * const result = await client.getProof('0x...');
-   * console.log('Status:', result.status);
-   */
   async getProof(proofId) {
     if (!proofId || typeof proofId !== "string") {
       throw new ValidationError("proofId is required");
@@ -1280,16 +1341,6 @@ ${bytes.length}`;
     }
     return this._formatResponse(response);
   }
-  /**
-   * Get private proof record with wallet signature
-   *
-   * @param {string} proofId - Proof receipt ID.
-   * @param {Object} wallet - Wallet provider (window.ethereum or ethers Wallet)
-   * @returns {Promise<Object>} Private proof record and verification state
-   *
-   * @example
-   * const privateData = await client.getPrivateProof(proofId, window.ethereum);
-   */
   async getPrivateProof(proofId, wallet = null) {
     if (!proofId || typeof proofId !== "string") {
       throw new ValidationError("proofId is required");
@@ -1357,11 +1408,6 @@ ${bytes.length}`;
     }
     return this._formatResponse(response);
   }
-  /**
-   * Check API health
-   *
-   * @returns {Promise<boolean>} True if API is healthy
-   */
   async isHealthy() {
     try {
       const response = await this._makeRequest("GET", "/api/v1/health");
@@ -1370,19 +1416,10 @@ ${bytes.length}`;
       return false;
     }
   }
-  /**
-   * List available verifiers
-   *
-   * @returns {Promise<string[]>} Array of verifier IDs
-   */
   async getVerifiers() {
     const catalog = await this.getVerifierCatalog();
     return Array.isArray(catalog?.data) ? catalog.data : [];
   }
-  /**
-   * Get the public verifier catalog with per-verifier capabilities.
-   * @returns {Promise<{data: string[], metadata: Record<string, { supportsDirectApi?: boolean }>, meta?: object}>}
-   */
   async getVerifierCatalog() {
     const response = await this._makeRequest("GET", "/api/v1/verification/verifiers");
     if (!response.success) {
@@ -1394,31 +1431,6 @@ ${bytes.length}`;
       meta: response.meta && typeof response.meta === "object" && !Array.isArray(response.meta) ? response.meta : {}
     };
   }
-  /**
-   * POLL PROOF STATUS - Wait for verification completion
-   *
-   * Polls the verification status until it reaches a terminal state (completed or failed).
-   * Useful for providing real-time feedback to users during verification.
-   *
-   * @param {string} proofId - Proof ID to poll.
-   * @param {Object} [options] - Polling options
-   * @param {number} [options.interval=5000] - Polling interval in ms
-   * @param {number} [options.timeout=120000] - Total timeout in ms
-   * @param {Function} [options.onProgress] - Progress callback function
-   * @returns {Promise<Object>} Final verification status
-   *
-   * @example
-   * const finalStatus = await client.pollProofStatus(proofId, {
-   *   interval: 3000,
-   *   timeout: 60000,
-   *   onProgress: (status) => {
-   *     console.log('Current status:', status.status);
-   *     if (status.crosschain) {
-   *       console.log(`Cross-chain: ${status.crosschain.finalized}/${status.crosschain.totalChains}`);
-   *     }
-   *   }
-   * });
-   */
   async pollProofStatus(proofId, options = {}) {
     const {
       interval = 5e3,
@@ -1463,11 +1475,6 @@ ${bytes.length}`;
     }
     throw new NetworkError(`Polling timeout after ${timeout}ms`, "POLLING_TIMEOUT");
   }
-  /**
-   * DETECT CHAIN ID - Get current wallet chain
-   *
-   * @returns {Promise<number>} Current chain ID
-   */
   async detectChainId() {
     if (typeof window === "undefined" || !window.ethereum) {
       throw new ConfigurationError("No Web3 wallet detected");
@@ -1479,7 +1486,6 @@ ${bytes.length}`;
       throw new NetworkError(`Failed to detect chain ID: ${error.message}`);
     }
   }
-  /** Revoke your own proof (owner-signed) */
   async revokeOwnProof(proofId, wallet) {
     if (!proofId || typeof proofId !== "string") {
       throw new ValidationError("proofId is required");
@@ -1530,22 +1536,6 @@ ${bytes.length}`;
     }
     return true;
   }
-  /**
-   * GET PROOFS BY WALLET - Fetch proofs for a wallet address
-   *
-   * @param {string} walletAddress - Wallet identity (EVM/Solana/DID)
-   * @param {Object} [options] - Filter options
-   * @param {number} [options.limit] - Max results (default: 50; higher limits require owner access)
-   * @param {number} [options.offset] - Pagination offset (default: 0)
-   * @param {string} [options.qHash] - Filter to single proof by qHash
-   * @returns {Promise<Object>} Proofs result
-   *
-   * @example
-   * const result = await client.getProofsByWallet('0x...', {
-   *   limit: 50,
-   *   offset: 0
-   * });
-   */
   async getProofsByWallet(walletAddress, options = {}) {
     if (!walletAddress || typeof walletAddress !== "string") {
       throw new ValidationError("walletAddress is required");
@@ -1573,18 +1563,6 @@ ${bytes.length}`;
       nextOffset: response.data?.nextOffset ?? null
     };
   }
-  /**
-   * Get proofs by wallet (owner access)
-   *
-   * Signs an owner-access intent and requests private proofs via signature headers.
-   *
-   * @param {string} walletAddress - Wallet identity (EVM/Solana/DID)
-   * @param {Object} [options]
-   * @param {number} [options.limit] - Max results (server enforces caps)
-   * @param {number} [options.offset] - Pagination offset
-   * @param {string} [options.qHash] - Filter to single proof by qHash
-   * @param {Object} [wallet] - Optional injected wallet/provider (MetaMask/ethers Wallet)
-   */
   async getPrivateProofsByWallet(walletAddress, options = {}, wallet = null) {
     if (!walletAddress || typeof walletAddress !== "string") {
       throw new ValidationError("walletAddress is required");
@@ -1655,31 +1633,6 @@ ${bytes.length}`;
       nextOffset: response.data?.nextOffset ?? null
     };
   }
-  /**
-   * Gate check (HTTP API) — minimal eligibility response.
-   *
-   * Calls the gate endpoint and returns a **minimal** yes/no response.
-   * By default this checks **public + unlisted** proofs.
-   *
-   * When `includePrivate=true`, this can perform owner-signed private checks
-   * (no full proof payloads returned) by providing a wallet/provider.
-   *
-   * Prefer this over `checkGate()` when you need the smallest, most stable
-   * response shape and do not need full proof payloads.
-   *
-   * @param {Object} params - Gate check query params
-   * @param {string} params.address - Wallet identity to check (EVM/Solana/DID)
-   * @param {Array<string>|string} [params.verifierIds] - Verifier IDs to match (array or comma-separated)
-   * @param {boolean} [params.requireAll] - Require all verifierIds on a single proof
-   * @param {number} [params.minCount] - Minimum number of matching proofs
-   * @param {number} [params.sinceDays] - Optional time window in days
-   * @param {number} [params.since] - Optional unix timestamp in ms (lower bound)
-   * @param {number} [params.limit] - Max rows to scan (server may clamp)
-   * @param {boolean} [params.includePrivate] - Include private proofs for owner-authenticated requests
-   * @param {boolean} [params.includeQHashes] - Include matched qHashes in response (minimal IDs only)
-   * @param {Object} [params.wallet] - Optional wallet/provider used to sign includePrivate owner checks
-   * @returns {Promise<Object>} API response ({ success, data })
-   */
   async gateCheck(params = {}) {
     const address = (params.address || "").toString();
     if (!validateUniversalAddress(address, params.chain)) {
@@ -1751,8 +1704,7 @@ ${bytes.length}`;
           });
         }
       }
-      if (!auth) {
-      } else {
+      if (auth) {
         const normalizedAuthWallet = this._normalizeIdentity(auth.walletAddress);
         const normalizedAddress = this._normalizeIdentity(address);
         if (!normalizedAuthWallet || normalizedAuthWallet !== normalizedAddress) {
@@ -1775,45 +1727,6 @@ ${bytes.length}`;
     }
     return response;
   }
-  /**
-   * CHECK GATE — Local preview against proofs you already have in memory or from `getProofsByWallet`.
-   *
-   * **Not authoritative for access control.** For production allow/deny, use {@link NeusClient#gateCheck}
-   * (`GET /api/v1/proofs/check`), which applies the same rules as the NEUS API. This method is useful for
-   * UI previews, offline-ish flows, or when you already fetched proofs and want a quick match without
-   * another round trip — but it can disagree with the server (e.g. `contentHash` matching uses a local
-   * approximation when proof data only has inline `content`; the API uses the standard server-side hash).
-   *
-   * Gate-first verification: checks if wallet has valid proofs satisfying requirements.
-   * Returns which requirements are missing/expired.
-   *
-   * @param {Object} params - Gate check parameters
-   * @param {string} params.walletAddress - Target wallet
-   * @param {Array<Object>} params.requirements - Array of gate requirements
-   * @param {string} params.requirements[].verifierId - Required verifier ID
-   * @param {number} [params.requirements[].maxAgeMs] - Max proof age in ms (TTL)
-   * @param {boolean} [params.requirements[].optional] - If true, not required for gate satisfaction
-   * @param {number} [params.requirements[].minCount] - Minimum proofs needed (default: 1)
-   * @param {Object} [params.requirements[].match] - Verifier data match criteria
-   *   Supports nested fields: 'reference.type', 'reference.id', 'content', 'contentHash', 'input.*', 'license.*'
-   *   Supports verifier-specific:
-   *     - NFT/Token: 'contractAddress', 'tokenId', 'chainId', 'ownerAddress', 'minBalance'
-   *     - DNS: 'domain', 'walletAddress'
-   *     - Wallet-link: 'primaryWalletAddress', 'secondaryWalletAddress', 'chain', 'signatureMethod'
-   *     - Contract-ownership: 'contractAddress', 'chainId', 'owner', 'verificationMethod'
-   *   Note: contentHash matching uses approximation in SDK; for exact SHA-256 matching, use backend API
-   * @param {Array} [params.proofs] - Pre-fetched proofs (skip API call)
-   * @returns {Promise<Object>} Gate result with satisfied, missing, existing
-   *
-   * @example
-   * // Basic gate check
-   * const result = await client.checkGate({
-   *   walletAddress: '0x...',
-   *   requirements: [
-   *     { verifierId: 'nft-ownership', match: { contractAddress: '0x...' } }
-   *   ]
-   * });
-   */
   async checkGate(params) {
     const { walletAddress, requirements, proofs: preloadedProofs } = params;
     if (!validateUniversalAddress(walletAddress)) {
@@ -2045,7 +1958,6 @@ ${bytes.length}`;
     ];
     return typeof status === "string" && terminalStates.some((state) => status.includes(state));
   }
-  /** SDK logging (opt-in via config.enableLogging) */
   _log(message, data = {}) {
     if (this.config.enableLogging) {
       try {