@neus/sdk 1.1.2 → 1.1.5

package/README.md

@@ -1,8 +1,8 @@
 # @neus/sdk
 
-Create, check, and reuse NEUS trust receipts from apps and backends. The same package ships the **`neus`** CLI for hosted MCP setup.
+Create, check, and reuse NEUS trust receipts from apps and backends. The same package ships the **`neus`** CLI for assistant setup.
 
-NEUS makes trust portable across apps, agents, and ecosystems before access, payment, or action.
+NEUS is trust infrastructure for apps, agents, and ecosystems.
 
 Roadmap: [docs.neus.network/platform/status](https://docs.neus.network/platform/status)
 
@@ -18,25 +18,26 @@ One command detects your environment and configures hosted MCP for Claude Code,
 
 ```bash
 npx -y -p @neus/sdk neus setup
-npx -y -p @neus/sdk neus doctor --live
+npx -y -p @neus/sdk neus check
+npx -y -p @neus/sdk neus examples
 ```
 
-Call `neus_context` in your MCP client. For agent workflows, call `neus_agent_link` before assuming identity or delegation is ready.
+Ask your assistant: **"Use NEUS Verify before taking sensitive actions."**
 
 ## MCP docs
 
 | Topic                             | Link                                                                          |
 | --------------------------------- | ----------------------------------------------------------------------------- |
 | Setup, JSON snippets, and headers | [MCP setup](https://docs.neus.network/mcp/setup)                              |
-| Tools and session order           | [MCP overview](https://docs.neus.network/mcp/overview)                        |
+| Reuse-first MCP flow              | [MCP overview](https://docs.neus.network/mcp/overview)                        |
 | Discovery URLs                    | [Discovery and endpoints](https://docs.neus.network/mcp/endpoints)            |
-| NEUS for AI assistants          | [NEUS for AI assistants](https://docs.neus.network/mcp/ide-plugin)          |
+| Install NEUS                      | [Install NEUS](https://docs.neus.network/install)                               |
 
 Prefer `neus setup` over hand-editing config files so every host stays on **`https://mcp.neus.network/mcp`**.
 
 ## What you can ship
 
-- Hosted verification flows that return a reusable receipt
+- Hosted verification flows that return reusable receipts
 - Server checks before access, rewards, payments, or actions
 - React gates with `VerifyGate`
 - Agent identity and scoped delegation
@@ -50,7 +51,7 @@ Use Hosted Verify when you want NEUS to handle the signing/verification flow out
 import { getHostedCheckoutUrl } from '@neus/sdk';
 
 const url = getHostedCheckoutUrl({
-  gateId: 'gate_abc123',
+  gateId: 'gate_your-app-name',
   returnUrl: 'https://yourapp.com/auth/callback'
 });
 
@@ -103,7 +104,7 @@ import { VerifyGate } from '@neus/sdk/widgets';
 export function Page() {
   return (
     <VerifyGate
-      gateId="gate_abc123"
+      gateId="gate_your-app-name"
       onVerified={result => {
         console.log(result.qHash || result.qHashes);
       }}
@@ -124,7 +125,7 @@ import { NeusClient } from '@neus/sdk';
 const client = new NeusClient();
 
 const result = await client.gateCheck({
-  gateId: 'gate_abc123',
+  gateId: 'gate_your-app-name',
   address: '0x...'
 });
 
@@ -163,16 +164,23 @@ const client = new NeusClient({
 
 ```bash
 npx -y -p @neus/sdk neus setup
-npx -y -p @neus/sdk neus doctor --live
+npx -y -p @neus/sdk neus check
 ```
 
 `neus setup` configures MCP and signs you in: `NEUS_ACCESS_KEY` from the environment when set, otherwise the selected host starts OAuth. Cursor, VS Code, and Claude Code use browser sign-in on NEUS. Pass `--access-key <npk_...>` only to override.
 
 Codex owns its local MCP OAuth session. Use `npx -y -p @neus/sdk neus setup --client codex`, then `npx -y -p @neus/sdk neus auth --client codex`.
 
-Integrators embedding install UX in apps should import **`@neus/sdk/mcp-hosts`** (setup commands, deeplinks, host labels) instead of duplicating strings.
+Embed install UX with **`@neus/sdk/mcp-hosts`** (setup commands, deeplinks, host labels).
 
-Editors with plugin marketplaces can install **`neus-trust@neus`** for the bundled session workflow. In Claude Code, run `/plugin marketplace add https://github.com/neus/network` and `/plugin install neus-trust@neus` inside chat. Other hosts: [NEUS for AI assistants](https://docs.neus.network/mcp/ide-plugin).
+Claude Code users can install **`neus-trust@neus`** for the bundled session workflow:
+
+```text
+/plugin marketplace add https://github.com/neus/network
+/plugin install neus-trust@neus
+```
+
+Other hosts: [Install NEUS](https://docs.neus.network/install).
 
 ## Docs
 

package/SECURITY.md

@@ -1,38 +1,38 @@
-# NEUS SDK security notes
-
-Treat **wallet signatures** and **API keys** as secrets. Do not log them, expose them to clients, or store them in analytics.
-
-## Authentication model
-
-- **Verification requests** are authenticated with a wallet signature over the **CAIP-380 Portable Proof** six-line signing string. Never roll your own message format in production—use the SDK or the hosted preparation step documented for HTTP integrations.
-- **Proof lookups by `qHash`** are safe for public proofs. Private proofs return a minimal payload unless the caller proves ownership (authenticated owner or signed request).
-- **Owner-only reads** of private proof payloads require an extra owner-signed request. The SDK attaches the required signed headers for you.
-
-## Do not
-
-- Do not treat proof signatures as bearer tokens (they are request-bound).
-- Do not embed API keys in browser apps. Keep API keys server-side only.
-- Do not log or persist proof signatures, API keys, or third-party auth credentials (if your integration uses them).
-
-## Privacy defaults
-
-**`client.verify()`** defaults to **private**.
-
-**`VerifyGate`** create mode also defaults to **private**.
-
-Use public visibility only when you need proof reuse without owner-authenticated access:
-
-- unlisted public: `privacyLevel: 'public'`, `publicDisplay: false`
-- listed public: `privacyLevel: 'public'`, `publicDisplay: true`
-
-Do not treat unlisted public proofs as secret.
-
-`storeOriginalContent` is an advanced storage control. Most integrations should leave the default as-is.
-
-Controls:
-
-- `privacyLevel` - private by default; switch to public only for intentional public reuse
-- `publicDisplay` - discovery vs unlisted
-- `storeOriginalContent` - advanced content-storage control
-
-Discoverable listings require **`privacyLevel: 'public'`** and **`publicDisplay: true`**.
+# NEUS SDK security notes
+
+Treat **wallet signatures** and **API keys** as secrets. Do not log them, expose them to clients, or store them in analytics.
+
+## Authentication model
+
+- **Verification requests** are authenticated with a wallet signature over the **CAIP-380 Portable Proof** six-line signing string. Never roll your own message format in production—use the SDK or the hosted preparation step documented for HTTP integrations.
+- **Proof lookups by `qHash`** are safe for public proofs. Private proofs return a minimal payload unless the caller proves ownership (authenticated owner or signed request).
+- **Owner-only reads** of private proof payloads require an extra owner-signed request. The SDK attaches the required signed headers for you.
+
+## Do not
+
+- Do not treat proof signatures as bearer tokens (they are request-bound).
+- Do not embed API keys in browser apps. Keep API keys server-side only.
+- Do not log or persist proof signatures, API keys, or third-party auth credentials (if your integration uses them).
+
+## Privacy defaults
+
+**`client.verify()`** defaults to **private**.
+
+**`VerifyGate`** create mode also defaults to **private**.
+
+Use public visibility only when you need proof reuse without owner-authenticated access:
+
+- unlisted public: `privacyLevel: 'public'`, `publicDisplay: false`
+- listed public: `privacyLevel: 'public'`, `publicDisplay: true`
+
+Do not treat unlisted public proofs as secret.
+
+`storeOriginalContent` is an advanced storage control. Most integrations should leave the default as-is.
+
+Controls:
+
+- `privacyLevel` - private by default; switch to public only for intentional public reuse
+- `publicDisplay` - discovery vs unlisted
+- `storeOriginalContent` - advanced content-storage control
+
+Discoverable listings require **`privacyLevel: 'public'`** and **`publicDisplay: true`**.

package/cjs/client.cjs

@@ -468,19 +468,19 @@ var NEUS_CONSTANTS = {
 // client.js
 var FALLBACK_PUBLIC_VERIFIER_CATALOG = {
   "ownership-basic": { supportsDirectApi: true },
+  "ownership-social": { supportsDirectApi: false },
   "ownership-pseudonym": { supportsDirectApi: true },
   "ownership-dns-txt": { supportsDirectApi: true },
-  "ownership-social": { supportsDirectApi: false },
   "ownership-org-oauth": { supportsDirectApi: false },
   "contract-ownership": { supportsDirectApi: true },
+  "proof-of-human": { supportsDirectApi: false },
   "nft-ownership": { supportsDirectApi: true },
   "token-holding": { supportsDirectApi: true },
-  "wallet-link": { supportsDirectApi: true },
   "wallet-risk": { supportsDirectApi: true },
-  "proof-of-human": { supportsDirectApi: false },
+  "wallet-link": { supportsDirectApi: true },
+  "ai-content-moderation": { supportsDirectApi: true },
   "agent-identity": { supportsDirectApi: true },
-  "agent-delegation": { supportsDirectApi: true },
-  "ai-content-moderation": { supportsDirectApi: true }
+  "agent-delegation": { supportsDirectApi: true }
 };
 var EVM_ADDRESS_RE = /^0x[a-fA-F0-9]{40}$/;
 var WALLET_LINK_RELATIONSHIP_TYPES = /* @__PURE__ */ new Set(["primary", "personal", "org", "affiliate", "agent", "linked"]);

package/cjs/index.cjs

@@ -1180,19 +1180,19 @@ var init_client = __esm({
     init_utils();
     FALLBACK_PUBLIC_VERIFIER_CATALOG = {
       "ownership-basic": { supportsDirectApi: true },
+      "ownership-social": { supportsDirectApi: false },
       "ownership-pseudonym": { supportsDirectApi: true },
       "ownership-dns-txt": { supportsDirectApi: true },
-      "ownership-social": { supportsDirectApi: false },
       "ownership-org-oauth": { supportsDirectApi: false },
       "contract-ownership": { supportsDirectApi: true },
+      "proof-of-human": { supportsDirectApi: false },
       "nft-ownership": { supportsDirectApi: true },
       "token-holding": { supportsDirectApi: true },
-      "wallet-link": { supportsDirectApi: true },
       "wallet-risk": { supportsDirectApi: true },
-      "proof-of-human": { supportsDirectApi: false },
+      "wallet-link": { supportsDirectApi: true },
+      "ai-content-moderation": { supportsDirectApi: true },
       "agent-identity": { supportsDirectApi: true },
-      "agent-delegation": { supportsDirectApi: true },
-      "ai-content-moderation": { supportsDirectApi: true }
+      "agent-delegation": { supportsDirectApi: true }
     };
     EVM_ADDRESS_RE = /^0x[a-fA-F0-9]{40}$/;
     WALLET_LINK_RELATIONSHIP_TYPES = /* @__PURE__ */ new Set(["primary", "personal", "org", "affiliate", "agent", "linked"]);