@proofchain/sdk 2.21.1 → 2.23.0

package/dist/index.d.mts

@@ -3520,12 +3520,29 @@ declare class NftClient {
 
 /**
  * Partner Keys Resource - OTT (One-Time Token) auth for partner integrations
+ *
+ * Flow:
+ *   1. Mobile app generates OTT: POST /partner-keys/generate (tenant API key + user JWT)
+ *   2. OTT is passed to partner webview via URL param
+ *   3. Partner backend redeems OTT: POST /partner-keys/redeem (integrator API key)
  */
 
-interface OTTRequestResponse {
+interface OTTGenerateRequest {
+    ttl?: number;
+    session_data_keys?: string[];
+}
+interface OTTGenerateResponse {
     ott: string;
     expires_in: number;
 }
+interface OTTRedeemResponse {
+    user_id: string;
+    tenant_id: string;
+    tenant_name: string | null;
+    session_data: Record<string, unknown>;
+    issued_at: string;
+    expires_at: string;
+}
 interface OTTConfigUpdate {
     ott_enabled?: boolean;
     ott_ttl_seconds?: number;
@@ -3542,21 +3559,210 @@ interface OTTConfigResponse {
     ott_jwt_ttl_seconds: number;
     ott_session_data_keys?: string[];
 }
+/** @deprecated Use OTTGenerateResponse */
+type OTTRequestResponse = OTTGenerateResponse;
 declare class PartnerKeysClient {
     private http;
     constructor(http: HttpClient);
     /**
-     * Request a one-time token for a partner key (end-user JWKS auth).
+     * Generate a one-time token for the authenticated end-user.
+     *
+     * Requires: tenant API key (X-API-Key) + end-user JWT (Authorization: Bearer).
+     * The SDK must be initialised with both `apiKey` and `userToken`.
+     *
+     * @param options.ttl - Token lifetime in seconds (30–3600, default 300)
+     * @param options.session_data_keys - Whitelist of JWT claims to include
+     */
+    generate(options?: OTTGenerateRequest): Promise<OTTGenerateResponse>;
+    /**
+     * Redeem a one-time token to get the user's identity.
+     *
+     * Requires: integrator API key (X-API-Key). The token is single-use
+     * and deleted on successful redemption.
+     *
+     * @param ott - The opaque one-time token
      */
-    requestOTT(keyId: string): Promise<OTTRequestResponse>;
+    redeem(ott: string): Promise<OTTRedeemResponse>;
     /**
-     * Update OTT configuration for a partner key.
+     * Update OTT configuration for a partner key (tenant admin).
      */
     updateOTTConfig(keyId: string, config: OTTConfigUpdate): Promise<OTTConfigResponse>;
     /**
-     * Get OTT configuration for a partner key.
+     * Get OTT configuration for a partner key (tenant admin).
      */
     getOTTConfig(keyId: string): Promise<OTTConfigResponse>;
+    /** @deprecated Use generate() */
+    requestOTT(_keyId: string): Promise<OTTGenerateResponse>;
+}
+
+/**
+ * Attestations API Client
+ *
+ * Manage on-chain and off-chain attestations — EIP-712 signed credentials
+ * issued to users' smart wallet addresses.
+ *
+ * Includes public credential discovery endpoints that require no authentication.
+ */
+
+interface AttestationSchema {
+    id: string;
+    name: string;
+    slug: string;
+    description?: string;
+    attestation_type: string;
+    schema_definition: Record<string, any>;
+    revocable: boolean;
+    default_expiry_days?: number;
+    icon?: string;
+    color?: string;
+    version: number;
+    is_active: boolean;
+    created_at: string;
+}
+interface Attestation {
+    id: string;
+    uid: string;
+    tenant_id: string;
+    schema_id: string;
+    attester_address: string;
+    attester_type: string;
+    subject_address: string;
+    subject_user_id?: string;
+    data: Record<string, any>;
+    ref_type?: string;
+    ref_id?: string;
+    signature?: string;
+    signature_type?: string;
+    status: string;
+    expires_at?: string;
+    revoked_at?: string;
+    revocation_reason?: string;
+    tx_hash?: string;
+    block_number?: number;
+    ipfs_hash?: string;
+    created_at: string;
+}
+interface WalletCredential {
+    uid: string;
+    attestation_type?: string;
+    issuer_name?: string;
+    issuer_client_id?: string;
+    subject_address: string;
+    data: Record<string, any>;
+    signature?: string;
+    signature_type?: string;
+    status: string;
+    tx_hash?: string;
+    expires_at?: string;
+    created_at: string;
+}
+interface WalletCredentialVerifySummary {
+    wallet_address: string;
+    total_credentials: number;
+    credential_types: Record<string, number>;
+    latest_scores: Record<string, any>;
+    is_verified: boolean;
+}
+interface AttestationConfig {
+    id: string;
+    tenant_id: string;
+    auto_attest_passports: boolean;
+    auto_attest_cohort_scores: boolean;
+    attest_on_score_change: boolean;
+    min_score_change_threshold: number;
+    anchor_attestations: boolean;
+    reward_anchoring_mode: string;
+    public_attestations: boolean;
+}
+interface CreateAttestationRequest {
+    schema_id: string;
+    subject_address: string;
+    data: Record<string, any>;
+    subject_user_id?: string;
+    ref_type?: string;
+    ref_id?: string;
+    expires_at?: string;
+}
+interface ListAttestationsOptions {
+    attestation_type?: string;
+    status?: string;
+    limit?: number;
+}
+interface ListWalletCredentialsOptions {
+    attestation_type?: string;
+    limit?: number;
+    offset?: number;
+}
+interface UpdateConfigRequest {
+    attest_on_score_change?: boolean;
+    min_score_change_threshold?: number;
+    anchor_attestations?: boolean;
+    reward_anchoring_mode?: string;
+    auto_attest_cohort_scores?: boolean;
+    public_attestations?: boolean;
+}
+declare class AttestationsClient {
+    private http;
+    constructor(http: HttpClient);
+    /**
+     * List attestation schemas for the tenant
+     */
+    listSchemas(options?: {
+        attestation_type?: string;
+    }): Promise<AttestationSchema[]>;
+    /**
+     * Get a specific schema
+     */
+    getSchema(schemaId: string): Promise<AttestationSchema>;
+    /**
+     * Create a new attestation. The attestation will be EIP-712 signed
+     * by the tenant's treasury wallet.
+     */
+    create(request: CreateAttestationRequest): Promise<Attestation>;
+    /**
+     * List attestations created by the tenant
+     */
+    list(options?: ListAttestationsOptions): Promise<Attestation[]>;
+    /**
+     * List attestations for a specific subject wallet within the tenant
+     */
+    listBySubject(subjectAddress: string, options?: ListAttestationsOptions): Promise<Attestation[]>;
+    /**
+     * Get a specific attestation by ID
+     */
+    get(attestationId: string): Promise<Attestation>;
+    /**
+     * Revoke an attestation
+     */
+    revoke(attestationId: string, reason?: string): Promise<Attestation>;
+    /**
+     * Anchor an attestation on-chain (requires anchor_attestations enabled)
+     */
+    anchor(attestationId: string): Promise<Attestation>;
+    /**
+     * Get the tenant's attestation configuration
+     */
+    getConfig(): Promise<AttestationConfig>;
+    /**
+     * Update the tenant's attestation configuration
+     */
+    updateConfig(request: UpdateConfigRequest): Promise<AttestationConfig>;
+    /**
+     * List all valid credentials held by a wallet address.
+     * This is a public endpoint — no authentication required.
+     */
+    getWalletCredentials(walletAddress: string, options?: ListWalletCredentialsOptions): Promise<WalletCredential[]>;
+    /**
+     * Get a specific credential by wallet address and attestation UID.
+     * This is a public endpoint — no authentication required.
+     */
+    getWalletCredential(walletAddress: string, attestationUid: string): Promise<WalletCredential>;
+    /**
+     * Get an aggregate verification summary for a wallet's credentials.
+     * Returns credential counts by type and latest score values.
+     * This is a public endpoint — no authentication required.
+     */
+    verifyWalletCredentials(walletAddress: string): Promise<WalletCredentialVerifySummary>;
 }
 
 /**
@@ -3761,6 +3967,8 @@ declare class ProofChain {
     nft: NftClient;
     /** Partner Keys client for OTT auth operations */
     partnerKeys: PartnerKeysClient;
+    /** Attestations client for EIP-712 signed credentials and public discovery */
+    attestations: AttestationsClient;
     constructor(options: ProofChainOptions);
     /**
      * Create a client for end-user JWT authentication (PWA/frontend use).
@@ -3978,4 +4186,4 @@ declare class TimeoutError extends ProofChainError {
     constructor(message?: string);
 }
 
-export { type Achievement, type ActivitySummaryView, type AddNFTRequest, type AnchorResult, type ApiKey, type AttestRequest, type AttestationMode, type AttestationResult, AuthenticationError, AuthorizationError, type AvailableView, type Badge, type BatchIngestRequest, type BatchIngestResponse, type BatchVerifyResult, type BlockchainProof, type BlockchainStats, type Certificate, type CertificateVerifyResult, CertificatesResource, type Channel, type ChannelState, type ChannelStatus, ChannelsResource, type ClaimNFTResult, type ClaimRewardResult, type CohortDefinition, type CohortGroupStats, CohortLeaderboardClient, type CohortLeaderboardEntry, type CohortLeaderboardOptions, type CohortLeaderboardResponse, type ComprehensiveWalletInfo, type CreateAchievementRequest, type CreateApiKeyRequest, type CreateBadgeRequest, type CreateChannelRequest, type CreateCredentialTypeRequest, type CreateDataViewRequest, type CreateDualWalletsRequest, type CreateEndUserRequest, type CreateEventRequest, type CreatePassportDefinitionRequest, type CreatePassportRequest, type CreateQuestRequest, type CreateQuestStepRequest, type CreateRewardDefinitionRequest, type CreateSchemaRequest, type CreateTemplateFieldRequest, type CreateTemplateRequest, type CreateWalletRequest as CreateUserWalletRequest, type CreateWalletRequest$1 as CreateWalletRequest, type CreateWebhookRequest, type CredentialType, type CredentialVerifyResult, CredentialsClient, type DataViewColumn, type DataViewComputation, type DataViewDetail, type DataViewExecuteResult, type DataViewInfo, type DataViewListResponse, type DataViewPreviewRequest, type DataViewPreviewResult, type DataViewSummary, DataViewsClient, type DistributeResult, DocumentsResource, type DualWallets, type EarnedReward, type EndUser, EndUserIngestionClient, type EndUserIngestionClientOptions, type EndUserListResponse, EndUsersClient, type Event, type EventBatchProof, type EventMetadata, type EventStatus, EventsResource, type ExecuteSwapRequest, type Facet, type FacetsResponse, type FanProfileView, type FanpassGroupStats, FanpassLeaderboardClient, type FanpassLeaderboardEntry, type FanpassLeaderboardOptions, type FanpassLeaderboardResponse, type FanpassUserComparisonResponse, type FieldValue, type GDPRDeletionRequest, type GDPRDeletionResponse, type GDPRPreviewResponse, type IngestEventRequest, type IngestEventResponse, IngestionClient, type IngestionClientOptions, type IssueCertificateRequest, type IssueCredentialRequest, type IssuedCredential, type LeaderboardUserProfile$1 as LeaderboardUserProfile, type LinkWalletRequest, type ListCertificatesRequest, type ListCohortsOptions, type ListEndUsersOptions, type ListEventsRequest, type ListIssuedCredentialsOptions, type ListMintsOptions, type ListMintsResponse, type ListQuestsOptions, type ListRewardsOptions, type ListSchemasOptions, type ManualRewardRequest, type MergeUsersRequest, type Milestone, type MintNFTRequest, type NFT, type NFTMint, NetworkError, NftClient, NotFoundError, type NotificationCallback, type NotificationEvent, type NotificationEventType, NotificationsClient, type OTTConfigResponse, type OTTConfigUpdate, type OTTRequestResponse, PartnerKeysClient, type Passport, PassportClient, type PassportDefinition, type PassportFieldValue, type PassportHistory, type PassportTemplate, type PassportV2Data, type PassportWithFields, ProofChain, ProofChainError, type ProofChainOptions, type ProofVerifyResult, type PushSubscriptionJSON, type Quest, type QuestStep, type QuestWithProgress, QuestsClient, RateLimitError, type RegisterWalletRequest, type RevokeResult, type RewardAsset, type RewardAttestationResult, type RewardDefinition, type RewardEarned, type VerifyResult as RewardVerifyResult, RewardsClient, type Schema, type SchemaDetail, type SchemaField, type SchemaListResponse, type ValidationError$1 as SchemaValidationError, SchemasClient, type SearchFilters, type SearchQueryRequest, type SearchRequest, SearchResource, type SearchResponse, type SearchResult, type SearchStats, ServerError, type SetProfileRequest, type Settlement, type StepCompletionResult, type StepProgress, type StepStartResult, type StreamAck, type StreamEventRequest, type SubscribeOptions, type SwapQuote, type SwapQuoteRequest, type SwapResult, type TemplateField, type TenantInfo, TenantResource, type TierDefinition, TimeoutError, type TokenBalance, type TransferRequest, type TransferResult, type Unsubscribe, type UpdateDataViewRequest, type UpdateEndUserRequest, type UpdatePassportRequest, type UpdateWebhookRequest, type UsageStats, type UserAchievement, type UserActivity, type UserActivityResponse, type UserBadge, type UserBreakdownResponse, type UserCohortBreakdownEntry, type UserCredentialsSummary, type UserQuestProgress, type UserReward$1 as UserReward, type UserRewardsResponse, type UserWalletSummary, type UserWithWallets, type UsersWithWalletsResponse, type ValidateDataRequest, ValidationError, type ValidationErrorDetail, type ValidationResult, type VaultFile, type VaultFolder, type VaultListResponse, VaultResource, type VaultStats, type VaultUploadRequest, type VerificationResult, VerifyResource, type ViewColumn, type ViewTemplate, type Wallet, type WalletBalance, WalletClient, type WalletCreationResult, type WalletStats, type Webhook, WebhooksResource };
+export { type Achievement, type ActivitySummaryView, type AddNFTRequest, type AnchorResult, type ApiKey, type AttestRequest, type AttestationConfig, type AttestationMode, type Attestation as AttestationRecord, type AttestationResult, type AttestationSchema, AttestationsClient, AuthenticationError, AuthorizationError, type AvailableView, type Badge, type BatchIngestRequest, type BatchIngestResponse, type BatchVerifyResult, type BlockchainProof, type BlockchainStats, type Certificate, type CertificateVerifyResult, CertificatesResource, type Channel, type ChannelState, type ChannelStatus, ChannelsResource, type ClaimNFTResult, type ClaimRewardResult, type CohortDefinition, type CohortGroupStats, CohortLeaderboardClient, type CohortLeaderboardEntry, type CohortLeaderboardOptions, type CohortLeaderboardResponse, type ComprehensiveWalletInfo, type CreateAchievementRequest, type CreateApiKeyRequest, type CreateAttestationRequest, type CreateBadgeRequest, type CreateChannelRequest, type CreateCredentialTypeRequest, type CreateDataViewRequest, type CreateDualWalletsRequest, type CreateEndUserRequest, type CreateEventRequest, type CreatePassportDefinitionRequest, type CreatePassportRequest, type CreateQuestRequest, type CreateQuestStepRequest, type CreateRewardDefinitionRequest, type CreateSchemaRequest, type CreateTemplateFieldRequest, type CreateTemplateRequest, type CreateWalletRequest as CreateUserWalletRequest, type CreateWalletRequest$1 as CreateWalletRequest, type CreateWebhookRequest, type CredentialType, type CredentialVerifyResult, CredentialsClient, type DataViewColumn, type DataViewComputation, type DataViewDetail, type DataViewExecuteResult, type DataViewInfo, type DataViewListResponse, type DataViewPreviewRequest, type DataViewPreviewResult, type DataViewSummary, DataViewsClient, type DistributeResult, DocumentsResource, type DualWallets, type EarnedReward, type EndUser, EndUserIngestionClient, type EndUserIngestionClientOptions, type EndUserListResponse, EndUsersClient, type Event, type EventBatchProof, type EventMetadata, type EventStatus, EventsResource, type ExecuteSwapRequest, type Facet, type FacetsResponse, type FanProfileView, type FanpassGroupStats, FanpassLeaderboardClient, type FanpassLeaderboardEntry, type FanpassLeaderboardOptions, type FanpassLeaderboardResponse, type FanpassUserComparisonResponse, type FieldValue, type GDPRDeletionRequest, type GDPRDeletionResponse, type GDPRPreviewResponse, type IngestEventRequest, type IngestEventResponse, IngestionClient, type IngestionClientOptions, type IssueCertificateRequest, type IssueCredentialRequest, type IssuedCredential, type LeaderboardUserProfile$1 as LeaderboardUserProfile, type LinkWalletRequest, type ListAttestationsOptions, type ListCertificatesRequest, type ListCohortsOptions, type ListEndUsersOptions, type ListEventsRequest, type ListIssuedCredentialsOptions, type ListMintsOptions, type ListMintsResponse, type ListQuestsOptions, type ListRewardsOptions, type ListSchemasOptions, type ListWalletCredentialsOptions, type ManualRewardRequest, type MergeUsersRequest, type Milestone, type MintNFTRequest, type NFT, type NFTMint, NetworkError, NftClient, NotFoundError, type NotificationCallback, type NotificationEvent, type NotificationEventType, NotificationsClient, type OTTConfigResponse, type OTTConfigUpdate, type OTTGenerateRequest, type OTTGenerateResponse, type OTTRedeemResponse, type OTTRequestResponse, PartnerKeysClient, type Passport, PassportClient, type PassportDefinition, type PassportFieldValue, type PassportHistory, type PassportTemplate, type PassportV2Data, type PassportWithFields, ProofChain, ProofChainError, type ProofChainOptions, type ProofVerifyResult, type PushSubscriptionJSON, type Quest, type QuestStep, type QuestWithProgress, QuestsClient, RateLimitError, type RegisterWalletRequest, type RevokeResult, type RewardAsset, type RewardAttestationResult, type RewardDefinition, type RewardEarned, type VerifyResult as RewardVerifyResult, RewardsClient, type Schema, type SchemaDetail, type SchemaField, type SchemaListResponse, type ValidationError$1 as SchemaValidationError, SchemasClient, type SearchFilters, type SearchQueryRequest, type SearchRequest, SearchResource, type SearchResponse, type SearchResult, type SearchStats, ServerError, type SetProfileRequest, type Settlement, type StepCompletionResult, type StepProgress, type StepStartResult, type StreamAck, type StreamEventRequest, type SubscribeOptions, type SwapQuote, type SwapQuoteRequest, type SwapResult, type TemplateField, type TenantInfo, TenantResource, type TierDefinition, TimeoutError, type TokenBalance, type TransferRequest, type TransferResult, type Unsubscribe, type UpdateConfigRequest as UpdateAttestationConfigRequest, type UpdateDataViewRequest, type UpdateEndUserRequest, type UpdatePassportRequest, type UpdateWebhookRequest, type UsageStats, type UserAchievement, type UserActivity, type UserActivityResponse, type UserBadge, type UserBreakdownResponse, type UserCohortBreakdownEntry, type UserCredentialsSummary, type UserQuestProgress, type UserReward$1 as UserReward, type UserRewardsResponse, type UserWalletSummary, type UserWithWallets, type UsersWithWalletsResponse, type ValidateDataRequest, ValidationError, type ValidationErrorDetail, type ValidationResult, type VaultFile, type VaultFolder, type VaultListResponse, VaultResource, type VaultStats, type VaultUploadRequest, type VerificationResult, VerifyResource, type ViewColumn, type ViewTemplate, type Wallet, type WalletBalance, WalletClient, type WalletCreationResult, type WalletCredential, type WalletCredentialVerifySummary, type WalletStats, type Webhook, WebhooksResource };

package/dist/index.d.ts

@@ -3520,12 +3520,29 @@ declare class NftClient {
 
 /**
  * Partner Keys Resource - OTT (One-Time Token) auth for partner integrations
+ *
+ * Flow:
+ *   1. Mobile app generates OTT: POST /partner-keys/generate (tenant API key + user JWT)
+ *   2. OTT is passed to partner webview via URL param
+ *   3. Partner backend redeems OTT: POST /partner-keys/redeem (integrator API key)
  */
 
-interface OTTRequestResponse {
+interface OTTGenerateRequest {
+    ttl?: number;
+    session_data_keys?: string[];
+}
+interface OTTGenerateResponse {
     ott: string;
     expires_in: number;
 }
+interface OTTRedeemResponse {
+    user_id: string;
+    tenant_id: string;
+    tenant_name: string | null;
+    session_data: Record<string, unknown>;
+    issued_at: string;
+    expires_at: string;
+}
 interface OTTConfigUpdate {
     ott_enabled?: boolean;
     ott_ttl_seconds?: number;
@@ -3542,21 +3559,210 @@ interface OTTConfigResponse {
     ott_jwt_ttl_seconds: number;
     ott_session_data_keys?: string[];
 }
+/** @deprecated Use OTTGenerateResponse */
+type OTTRequestResponse = OTTGenerateResponse;
 declare class PartnerKeysClient {
     private http;
     constructor(http: HttpClient);
     /**
-     * Request a one-time token for a partner key (end-user JWKS auth).
+     * Generate a one-time token for the authenticated end-user.
+     *
+     * Requires: tenant API key (X-API-Key) + end-user JWT (Authorization: Bearer).
+     * The SDK must be initialised with both `apiKey` and `userToken`.
+     *
+     * @param options.ttl - Token lifetime in seconds (30–3600, default 300)
+     * @param options.session_data_keys - Whitelist of JWT claims to include
+     */
+    generate(options?: OTTGenerateRequest): Promise<OTTGenerateResponse>;
+    /**
+     * Redeem a one-time token to get the user's identity.
+     *
+     * Requires: integrator API key (X-API-Key). The token is single-use
+     * and deleted on successful redemption.
+     *
+     * @param ott - The opaque one-time token
      */
-    requestOTT(keyId: string): Promise<OTTRequestResponse>;
+    redeem(ott: string): Promise<OTTRedeemResponse>;
     /**
-     * Update OTT configuration for a partner key.
+     * Update OTT configuration for a partner key (tenant admin).
      */
     updateOTTConfig(keyId: string, config: OTTConfigUpdate): Promise<OTTConfigResponse>;
     /**
-     * Get OTT configuration for a partner key.
+     * Get OTT configuration for a partner key (tenant admin).
      */
     getOTTConfig(keyId: string): Promise<OTTConfigResponse>;
+    /** @deprecated Use generate() */
+    requestOTT(_keyId: string): Promise<OTTGenerateResponse>;
+}
+
+/**
+ * Attestations API Client
+ *
+ * Manage on-chain and off-chain attestations — EIP-712 signed credentials
+ * issued to users' smart wallet addresses.
+ *
+ * Includes public credential discovery endpoints that require no authentication.
+ */
+
+interface AttestationSchema {
+    id: string;
+    name: string;
+    slug: string;
+    description?: string;
+    attestation_type: string;
+    schema_definition: Record<string, any>;
+    revocable: boolean;
+    default_expiry_days?: number;
+    icon?: string;
+    color?: string;
+    version: number;
+    is_active: boolean;
+    created_at: string;
+}
+interface Attestation {
+    id: string;
+    uid: string;
+    tenant_id: string;
+    schema_id: string;
+    attester_address: string;
+    attester_type: string;
+    subject_address: string;
+    subject_user_id?: string;
+    data: Record<string, any>;
+    ref_type?: string;
+    ref_id?: string;
+    signature?: string;
+    signature_type?: string;
+    status: string;
+    expires_at?: string;
+    revoked_at?: string;
+    revocation_reason?: string;
+    tx_hash?: string;
+    block_number?: number;
+    ipfs_hash?: string;
+    created_at: string;
+}
+interface WalletCredential {
+    uid: string;
+    attestation_type?: string;
+    issuer_name?: string;
+    issuer_client_id?: string;
+    subject_address: string;
+    data: Record<string, any>;
+    signature?: string;
+    signature_type?: string;
+    status: string;
+    tx_hash?: string;
+    expires_at?: string;
+    created_at: string;
+}
+interface WalletCredentialVerifySummary {
+    wallet_address: string;
+    total_credentials: number;
+    credential_types: Record<string, number>;
+    latest_scores: Record<string, any>;
+    is_verified: boolean;
+}
+interface AttestationConfig {
+    id: string;
+    tenant_id: string;
+    auto_attest_passports: boolean;
+    auto_attest_cohort_scores: boolean;
+    attest_on_score_change: boolean;
+    min_score_change_threshold: number;
+    anchor_attestations: boolean;
+    reward_anchoring_mode: string;
+    public_attestations: boolean;
+}
+interface CreateAttestationRequest {
+    schema_id: string;
+    subject_address: string;
+    data: Record<string, any>;
+    subject_user_id?: string;
+    ref_type?: string;
+    ref_id?: string;
+    expires_at?: string;
+}
+interface ListAttestationsOptions {
+    attestation_type?: string;
+    status?: string;
+    limit?: number;
+}
+interface ListWalletCredentialsOptions {
+    attestation_type?: string;
+    limit?: number;
+    offset?: number;
+}
+interface UpdateConfigRequest {
+    attest_on_score_change?: boolean;
+    min_score_change_threshold?: number;
+    anchor_attestations?: boolean;
+    reward_anchoring_mode?: string;
+    auto_attest_cohort_scores?: boolean;
+    public_attestations?: boolean;
+}
+declare class AttestationsClient {
+    private http;
+    constructor(http: HttpClient);
+    /**
+     * List attestation schemas for the tenant
+     */
+    listSchemas(options?: {
+        attestation_type?: string;
+    }): Promise<AttestationSchema[]>;
+    /**
+     * Get a specific schema
+     */
+    getSchema(schemaId: string): Promise<AttestationSchema>;
+    /**
+     * Create a new attestation. The attestation will be EIP-712 signed
+     * by the tenant's treasury wallet.
+     */
+    create(request: CreateAttestationRequest): Promise<Attestation>;
+    /**
+     * List attestations created by the tenant
+     */
+    list(options?: ListAttestationsOptions): Promise<Attestation[]>;
+    /**
+     * List attestations for a specific subject wallet within the tenant
+     */
+    listBySubject(subjectAddress: string, options?: ListAttestationsOptions): Promise<Attestation[]>;
+    /**
+     * Get a specific attestation by ID
+     */
+    get(attestationId: string): Promise<Attestation>;
+    /**
+     * Revoke an attestation
+     */
+    revoke(attestationId: string, reason?: string): Promise<Attestation>;
+    /**
+     * Anchor an attestation on-chain (requires anchor_attestations enabled)
+     */
+    anchor(attestationId: string): Promise<Attestation>;
+    /**
+     * Get the tenant's attestation configuration
+     */
+    getConfig(): Promise<AttestationConfig>;
+    /**
+     * Update the tenant's attestation configuration
+     */
+    updateConfig(request: UpdateConfigRequest): Promise<AttestationConfig>;
+    /**
+     * List all valid credentials held by a wallet address.
+     * This is a public endpoint — no authentication required.
+     */
+    getWalletCredentials(walletAddress: string, options?: ListWalletCredentialsOptions): Promise<WalletCredential[]>;
+    /**
+     * Get a specific credential by wallet address and attestation UID.
+     * This is a public endpoint — no authentication required.
+     */
+    getWalletCredential(walletAddress: string, attestationUid: string): Promise<WalletCredential>;
+    /**
+     * Get an aggregate verification summary for a wallet's credentials.
+     * Returns credential counts by type and latest score values.
+     * This is a public endpoint — no authentication required.
+     */
+    verifyWalletCredentials(walletAddress: string): Promise<WalletCredentialVerifySummary>;
 }
 
 /**
@@ -3761,6 +3967,8 @@ declare class ProofChain {
     nft: NftClient;
     /** Partner Keys client for OTT auth operations */
     partnerKeys: PartnerKeysClient;
+    /** Attestations client for EIP-712 signed credentials and public discovery */
+    attestations: AttestationsClient;
     constructor(options: ProofChainOptions);
     /**
      * Create a client for end-user JWT authentication (PWA/frontend use).
@@ -3978,4 +4186,4 @@ declare class TimeoutError extends ProofChainError {
     constructor(message?: string);
 }
 
-export { type Achievement, type ActivitySummaryView, type AddNFTRequest, type AnchorResult, type ApiKey, type AttestRequest, type AttestationMode, type AttestationResult, AuthenticationError, AuthorizationError, type AvailableView, type Badge, type BatchIngestRequest, type BatchIngestResponse, type BatchVerifyResult, type BlockchainProof, type BlockchainStats, type Certificate, type CertificateVerifyResult, CertificatesResource, type Channel, type ChannelState, type ChannelStatus, ChannelsResource, type ClaimNFTResult, type ClaimRewardResult, type CohortDefinition, type CohortGroupStats, CohortLeaderboardClient, type CohortLeaderboardEntry, type CohortLeaderboardOptions, type CohortLeaderboardResponse, type ComprehensiveWalletInfo, type CreateAchievementRequest, type CreateApiKeyRequest, type CreateBadgeRequest, type CreateChannelRequest, type CreateCredentialTypeRequest, type CreateDataViewRequest, type CreateDualWalletsRequest, type CreateEndUserRequest, type CreateEventRequest, type CreatePassportDefinitionRequest, type CreatePassportRequest, type CreateQuestRequest, type CreateQuestStepRequest, type CreateRewardDefinitionRequest, type CreateSchemaRequest, type CreateTemplateFieldRequest, type CreateTemplateRequest, type CreateWalletRequest as CreateUserWalletRequest, type CreateWalletRequest$1 as CreateWalletRequest, type CreateWebhookRequest, type CredentialType, type CredentialVerifyResult, CredentialsClient, type DataViewColumn, type DataViewComputation, type DataViewDetail, type DataViewExecuteResult, type DataViewInfo, type DataViewListResponse, type DataViewPreviewRequest, type DataViewPreviewResult, type DataViewSummary, DataViewsClient, type DistributeResult, DocumentsResource, type DualWallets, type EarnedReward, type EndUser, EndUserIngestionClient, type EndUserIngestionClientOptions, type EndUserListResponse, EndUsersClient, type Event, type EventBatchProof, type EventMetadata, type EventStatus, EventsResource, type ExecuteSwapRequest, type Facet, type FacetsResponse, type FanProfileView, type FanpassGroupStats, FanpassLeaderboardClient, type FanpassLeaderboardEntry, type FanpassLeaderboardOptions, type FanpassLeaderboardResponse, type FanpassUserComparisonResponse, type FieldValue, type GDPRDeletionRequest, type GDPRDeletionResponse, type GDPRPreviewResponse, type IngestEventRequest, type IngestEventResponse, IngestionClient, type IngestionClientOptions, type IssueCertificateRequest, type IssueCredentialRequest, type IssuedCredential, type LeaderboardUserProfile$1 as LeaderboardUserProfile, type LinkWalletRequest, type ListCertificatesRequest, type ListCohortsOptions, type ListEndUsersOptions, type ListEventsRequest, type ListIssuedCredentialsOptions, type ListMintsOptions, type ListMintsResponse, type ListQuestsOptions, type ListRewardsOptions, type ListSchemasOptions, type ManualRewardRequest, type MergeUsersRequest, type Milestone, type MintNFTRequest, type NFT, type NFTMint, NetworkError, NftClient, NotFoundError, type NotificationCallback, type NotificationEvent, type NotificationEventType, NotificationsClient, type OTTConfigResponse, type OTTConfigUpdate, type OTTRequestResponse, PartnerKeysClient, type Passport, PassportClient, type PassportDefinition, type PassportFieldValue, type PassportHistory, type PassportTemplate, type PassportV2Data, type PassportWithFields, ProofChain, ProofChainError, type ProofChainOptions, type ProofVerifyResult, type PushSubscriptionJSON, type Quest, type QuestStep, type QuestWithProgress, QuestsClient, RateLimitError, type RegisterWalletRequest, type RevokeResult, type RewardAsset, type RewardAttestationResult, type RewardDefinition, type RewardEarned, type VerifyResult as RewardVerifyResult, RewardsClient, type Schema, type SchemaDetail, type SchemaField, type SchemaListResponse, type ValidationError$1 as SchemaValidationError, SchemasClient, type SearchFilters, type SearchQueryRequest, type SearchRequest, SearchResource, type SearchResponse, type SearchResult, type SearchStats, ServerError, type SetProfileRequest, type Settlement, type StepCompletionResult, type StepProgress, type StepStartResult, type StreamAck, type StreamEventRequest, type SubscribeOptions, type SwapQuote, type SwapQuoteRequest, type SwapResult, type TemplateField, type TenantInfo, TenantResource, type TierDefinition, TimeoutError, type TokenBalance, type TransferRequest, type TransferResult, type Unsubscribe, type UpdateDataViewRequest, type UpdateEndUserRequest, type UpdatePassportRequest, type UpdateWebhookRequest, type UsageStats, type UserAchievement, type UserActivity, type UserActivityResponse, type UserBadge, type UserBreakdownResponse, type UserCohortBreakdownEntry, type UserCredentialsSummary, type UserQuestProgress, type UserReward$1 as UserReward, type UserRewardsResponse, type UserWalletSummary, type UserWithWallets, type UsersWithWalletsResponse, type ValidateDataRequest, ValidationError, type ValidationErrorDetail, type ValidationResult, type VaultFile, type VaultFolder, type VaultListResponse, VaultResource, type VaultStats, type VaultUploadRequest, type VerificationResult, VerifyResource, type ViewColumn, type ViewTemplate, type Wallet, type WalletBalance, WalletClient, type WalletCreationResult, type WalletStats, type Webhook, WebhooksResource };
+export { type Achievement, type ActivitySummaryView, type AddNFTRequest, type AnchorResult, type ApiKey, type AttestRequest, type AttestationConfig, type AttestationMode, type Attestation as AttestationRecord, type AttestationResult, type AttestationSchema, AttestationsClient, AuthenticationError, AuthorizationError, type AvailableView, type Badge, type BatchIngestRequest, type BatchIngestResponse, type BatchVerifyResult, type BlockchainProof, type BlockchainStats, type Certificate, type CertificateVerifyResult, CertificatesResource, type Channel, type ChannelState, type ChannelStatus, ChannelsResource, type ClaimNFTResult, type ClaimRewardResult, type CohortDefinition, type CohortGroupStats, CohortLeaderboardClient, type CohortLeaderboardEntry, type CohortLeaderboardOptions, type CohortLeaderboardResponse, type ComprehensiveWalletInfo, type CreateAchievementRequest, type CreateApiKeyRequest, type CreateAttestationRequest, type CreateBadgeRequest, type CreateChannelRequest, type CreateCredentialTypeRequest, type CreateDataViewRequest, type CreateDualWalletsRequest, type CreateEndUserRequest, type CreateEventRequest, type CreatePassportDefinitionRequest, type CreatePassportRequest, type CreateQuestRequest, type CreateQuestStepRequest, type CreateRewardDefinitionRequest, type CreateSchemaRequest, type CreateTemplateFieldRequest, type CreateTemplateRequest, type CreateWalletRequest as CreateUserWalletRequest, type CreateWalletRequest$1 as CreateWalletRequest, type CreateWebhookRequest, type CredentialType, type CredentialVerifyResult, CredentialsClient, type DataViewColumn, type DataViewComputation, type DataViewDetail, type DataViewExecuteResult, type DataViewInfo, type DataViewListResponse, type DataViewPreviewRequest, type DataViewPreviewResult, type DataViewSummary, DataViewsClient, type DistributeResult, DocumentsResource, type DualWallets, type EarnedReward, type EndUser, EndUserIngestionClient, type EndUserIngestionClientOptions, type EndUserListResponse, EndUsersClient, type Event, type EventBatchProof, type EventMetadata, type EventStatus, EventsResource, type ExecuteSwapRequest, type Facet, type FacetsResponse, type FanProfileView, type FanpassGroupStats, FanpassLeaderboardClient, type FanpassLeaderboardEntry, type FanpassLeaderboardOptions, type FanpassLeaderboardResponse, type FanpassUserComparisonResponse, type FieldValue, type GDPRDeletionRequest, type GDPRDeletionResponse, type GDPRPreviewResponse, type IngestEventRequest, type IngestEventResponse, IngestionClient, type IngestionClientOptions, type IssueCertificateRequest, type IssueCredentialRequest, type IssuedCredential, type LeaderboardUserProfile$1 as LeaderboardUserProfile, type LinkWalletRequest, type ListAttestationsOptions, type ListCertificatesRequest, type ListCohortsOptions, type ListEndUsersOptions, type ListEventsRequest, type ListIssuedCredentialsOptions, type ListMintsOptions, type ListMintsResponse, type ListQuestsOptions, type ListRewardsOptions, type ListSchemasOptions, type ListWalletCredentialsOptions, type ManualRewardRequest, type MergeUsersRequest, type Milestone, type MintNFTRequest, type NFT, type NFTMint, NetworkError, NftClient, NotFoundError, type NotificationCallback, type NotificationEvent, type NotificationEventType, NotificationsClient, type OTTConfigResponse, type OTTConfigUpdate, type OTTGenerateRequest, type OTTGenerateResponse, type OTTRedeemResponse, type OTTRequestResponse, PartnerKeysClient, type Passport, PassportClient, type PassportDefinition, type PassportFieldValue, type PassportHistory, type PassportTemplate, type PassportV2Data, type PassportWithFields, ProofChain, ProofChainError, type ProofChainOptions, type ProofVerifyResult, type PushSubscriptionJSON, type Quest, type QuestStep, type QuestWithProgress, QuestsClient, RateLimitError, type RegisterWalletRequest, type RevokeResult, type RewardAsset, type RewardAttestationResult, type RewardDefinition, type RewardEarned, type VerifyResult as RewardVerifyResult, RewardsClient, type Schema, type SchemaDetail, type SchemaField, type SchemaListResponse, type ValidationError$1 as SchemaValidationError, SchemasClient, type SearchFilters, type SearchQueryRequest, type SearchRequest, SearchResource, type SearchResponse, type SearchResult, type SearchStats, ServerError, type SetProfileRequest, type Settlement, type StepCompletionResult, type StepProgress, type StepStartResult, type StreamAck, type StreamEventRequest, type SubscribeOptions, type SwapQuote, type SwapQuoteRequest, type SwapResult, type TemplateField, type TenantInfo, TenantResource, type TierDefinition, TimeoutError, type TokenBalance, type TransferRequest, type TransferResult, type Unsubscribe, type UpdateConfigRequest as UpdateAttestationConfigRequest, type UpdateDataViewRequest, type UpdateEndUserRequest, type UpdatePassportRequest, type UpdateWebhookRequest, type UsageStats, type UserAchievement, type UserActivity, type UserActivityResponse, type UserBadge, type UserBreakdownResponse, type UserCohortBreakdownEntry, type UserCredentialsSummary, type UserQuestProgress, type UserReward$1 as UserReward, type UserRewardsResponse, type UserWalletSummary, type UserWithWallets, type UsersWithWalletsResponse, type ValidateDataRequest, ValidationError, type ValidationErrorDetail, type ValidationResult, type VaultFile, type VaultFolder, type VaultListResponse, VaultResource, type VaultStats, type VaultUploadRequest, type VerificationResult, VerifyResource, type ViewColumn, type ViewTemplate, type Wallet, type WalletBalance, WalletClient, type WalletCreationResult, type WalletCredential, type WalletCredentialVerifySummary, type WalletStats, type Webhook, WebhooksResource };

package/dist/index.js

@@ -20,6 +20,7 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
+  AttestationsClient: () => AttestationsClient,
   AuthenticationError: () => AuthenticationError,
   AuthorizationError: () => AuthorizationError,
   CertificatesResource: () => CertificatesResource,
@@ -136,13 +137,14 @@ var HttpClient = class {
       "Content-Type": "application/json",
       "User-Agent": USER_AGENT
     };
+    if (this.apiKey) {
+      headers["X-API-Key"] = this.apiKey;
+    }
     if (this.userToken) {
       headers["Authorization"] = `Bearer ${this.userToken}`;
       if (this.tenantId) {
         headers["X-Tenant-ID"] = this.tenantId;
       }
-    } else if (this.apiKey) {
-      headers["X-API-Key"] = this.apiKey;
     }
     return headers;
   }
@@ -238,13 +240,14 @@ var HttpClient = class {
     const headers = {
       "User-Agent": USER_AGENT
     };
+    if (this.apiKey) {
+      headers["X-API-Key"] = this.apiKey;
+    }
     if (this.userToken) {
       headers["Authorization"] = `Bearer ${this.userToken}`;
       if (this.tenantId) {
         headers["X-Tenant-ID"] = this.tenantId;
       }
-    } else if (this.apiKey) {
-      headers["X-API-Key"] = this.apiKey;
     }
     return this.fetchWithRetry(url, {
       method: "POST",
@@ -2710,23 +2713,177 @@ var PartnerKeysClient = class {
     this.http = http;
   }
   /**
-   * Request a one-time token for a partner key (end-user JWKS auth).
+   * Generate a one-time token for the authenticated end-user.
+   *
+   * Requires: tenant API key (X-API-Key) + end-user JWT (Authorization: Bearer).
+   * The SDK must be initialised with both `apiKey` and `userToken`.
+   *
+   * @param options.ttl - Token lifetime in seconds (30–3600, default 300)
+   * @param options.session_data_keys - Whitelist of JWT claims to include
    */
-  async requestOTT(keyId) {
-    return this.http.post(`/partner-keys/${keyId}/ott/request`);
+  async generate(options) {
+    return this.http.post("/partner-keys/generate", options ?? {});
   }
   /**
-   * Update OTT configuration for a partner key.
+   * Redeem a one-time token to get the user's identity.
+   *
+   * Requires: integrator API key (X-API-Key). The token is single-use
+   * and deleted on successful redemption.
+   *
+   * @param ott - The opaque one-time token
+   */
+  async redeem(ott) {
+    return this.http.post("/partner-keys/redeem", { ott });
+  }
+  /**
+   * Update OTT configuration for a partner key (tenant admin).
    */
   async updateOTTConfig(keyId, config) {
     return this.http.patch(`/partner-keys/${keyId}/ott-config`, config);
   }
   /**
-   * Get OTT configuration for a partner key.
+   * Get OTT configuration for a partner key (tenant admin).
    */
   async getOTTConfig(keyId) {
     return this.http.get(`/partner-keys/${keyId}/ott-config`);
   }
+  /** @deprecated Use generate() */
+  async requestOTT(_keyId) {
+    return this.generate();
+  }
+};
+
+// src/attestations.ts
+var AttestationsClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  // ---------------------------------------------------------------------------
+  // Schemas
+  // ---------------------------------------------------------------------------
+  /**
+   * List attestation schemas for the tenant
+   */
+  async listSchemas(options) {
+    return this.http.get("/attestations/schemas", {
+      attestation_type: options?.attestation_type
+    });
+  }
+  /**
+   * Get a specific schema
+   */
+  async getSchema(schemaId) {
+    return this.http.get(`/attestations/schemas/${schemaId}`);
+  }
+  // ---------------------------------------------------------------------------
+  // Attestation Management (authenticated)
+  // ---------------------------------------------------------------------------
+  /**
+   * Create a new attestation. The attestation will be EIP-712 signed
+   * by the tenant's treasury wallet.
+   */
+  async create(request) {
+    return this.http.post("/attestations", request);
+  }
+  /**
+   * List attestations created by the tenant
+   */
+  async list(options) {
+    return this.http.get("/attestations", {
+      attestation_type: options?.attestation_type,
+      status: options?.status,
+      limit: options?.limit
+    });
+  }
+  /**
+   * List attestations for a specific subject wallet within the tenant
+   */
+  async listBySubject(subjectAddress, options) {
+    return this.http.get(
+      `/attestations/by-subject/${subjectAddress}`,
+      {
+        attestation_type: options?.attestation_type,
+        status: options?.status,
+        limit: options?.limit
+      }
+    );
+  }
+  /**
+   * Get a specific attestation by ID
+   */
+  async get(attestationId) {
+    return this.http.get(`/attestations/${attestationId}`);
+  }
+  /**
+   * Revoke an attestation
+   */
+  async revoke(attestationId, reason) {
+    const params = reason ? `?reason=${encodeURIComponent(reason)}` : "";
+    return this.http.post(
+      `/attestations/${attestationId}/revoke${params}`,
+      {}
+    );
+  }
+  /**
+   * Anchor an attestation on-chain (requires anchor_attestations enabled)
+   */
+  async anchor(attestationId) {
+    return this.http.post(
+      `/attestations/${attestationId}/anchor`,
+      {}
+    );
+  }
+  // ---------------------------------------------------------------------------
+  // Configuration
+  // ---------------------------------------------------------------------------
+  /**
+   * Get the tenant's attestation configuration
+   */
+  async getConfig() {
+    return this.http.get("/attestations/config");
+  }
+  /**
+   * Update the tenant's attestation configuration
+   */
+  async updateConfig(request) {
+    return this.http.put("/attestations/config", request);
+  }
+  // ---------------------------------------------------------------------------
+  // Public Credential Discovery (no auth required)
+  // ---------------------------------------------------------------------------
+  /**
+   * List all valid credentials held by a wallet address.
+   * This is a public endpoint — no authentication required.
+   */
+  async getWalletCredentials(walletAddress, options) {
+    return this.http.get(
+      `/public/credentials/${walletAddress}`,
+      {
+        attestation_type: options?.attestation_type,
+        limit: options?.limit,
+        offset: options?.offset
+      }
+    );
+  }
+  /**
+   * Get a specific credential by wallet address and attestation UID.
+   * This is a public endpoint — no authentication required.
+   */
+  async getWalletCredential(walletAddress, attestationUid) {
+    return this.http.get(
+      `/public/credentials/${walletAddress}/${attestationUid}`
+    );
+  }
+  /**
+   * Get an aggregate verification summary for a wallet's credentials.
+   * Returns credential counts by type and latest score values.
+   * This is a public endpoint — no authentication required.
+   */
+  async verifyWalletCredentials(walletAddress) {
+    return this.http.get(
+      `/public/credentials/${walletAddress}/verify`
+    );
+  }
 };
 
 // src/client.ts
@@ -3030,6 +3187,7 @@ var ProofChain = class _ProofChain {
     this.credentials = new CredentialsClient(this.http);
     this.nft = new NftClient(this.http);
     this.partnerKeys = new PartnerKeysClient(this.http);
+    this.attestations = new AttestationsClient(this.http);
   }
   /**
    * Create a client for end-user JWT authentication (PWA/frontend use).
@@ -3371,6 +3529,7 @@ var EndUserIngestionClient = class {
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  AttestationsClient,
   AuthenticationError,
   AuthorizationError,
   CertificatesResource,

package/dist/index.mjs

@@ -77,13 +77,14 @@ var HttpClient = class {
       "Content-Type": "application/json",
       "User-Agent": USER_AGENT
     };
+    if (this.apiKey) {
+      headers["X-API-Key"] = this.apiKey;
+    }
     if (this.userToken) {
       headers["Authorization"] = `Bearer ${this.userToken}`;
       if (this.tenantId) {
         headers["X-Tenant-ID"] = this.tenantId;
       }
-    } else if (this.apiKey) {
-      headers["X-API-Key"] = this.apiKey;
     }
     return headers;
   }
@@ -179,13 +180,14 @@ var HttpClient = class {
     const headers = {
       "User-Agent": USER_AGENT
     };
+    if (this.apiKey) {
+      headers["X-API-Key"] = this.apiKey;
+    }
     if (this.userToken) {
       headers["Authorization"] = `Bearer ${this.userToken}`;
       if (this.tenantId) {
         headers["X-Tenant-ID"] = this.tenantId;
       }
-    } else if (this.apiKey) {
-      headers["X-API-Key"] = this.apiKey;
     }
     return this.fetchWithRetry(url, {
       method: "POST",
@@ -2651,23 +2653,177 @@ var PartnerKeysClient = class {
     this.http = http;
   }
   /**
-   * Request a one-time token for a partner key (end-user JWKS auth).
+   * Generate a one-time token for the authenticated end-user.
+   *
+   * Requires: tenant API key (X-API-Key) + end-user JWT (Authorization: Bearer).
+   * The SDK must be initialised with both `apiKey` and `userToken`.
+   *
+   * @param options.ttl - Token lifetime in seconds (30–3600, default 300)
+   * @param options.session_data_keys - Whitelist of JWT claims to include
    */
-  async requestOTT(keyId) {
-    return this.http.post(`/partner-keys/${keyId}/ott/request`);
+  async generate(options) {
+    return this.http.post("/partner-keys/generate", options ?? {});
   }
   /**
-   * Update OTT configuration for a partner key.
+   * Redeem a one-time token to get the user's identity.
+   *
+   * Requires: integrator API key (X-API-Key). The token is single-use
+   * and deleted on successful redemption.
+   *
+   * @param ott - The opaque one-time token
+   */
+  async redeem(ott) {
+    return this.http.post("/partner-keys/redeem", { ott });
+  }
+  /**
+   * Update OTT configuration for a partner key (tenant admin).
    */
   async updateOTTConfig(keyId, config) {
     return this.http.patch(`/partner-keys/${keyId}/ott-config`, config);
   }
   /**
-   * Get OTT configuration for a partner key.
+   * Get OTT configuration for a partner key (tenant admin).
    */
   async getOTTConfig(keyId) {
     return this.http.get(`/partner-keys/${keyId}/ott-config`);
   }
+  /** @deprecated Use generate() */
+  async requestOTT(_keyId) {
+    return this.generate();
+  }
+};
+
+// src/attestations.ts
+var AttestationsClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  // ---------------------------------------------------------------------------
+  // Schemas
+  // ---------------------------------------------------------------------------
+  /**
+   * List attestation schemas for the tenant
+   */
+  async listSchemas(options) {
+    return this.http.get("/attestations/schemas", {
+      attestation_type: options?.attestation_type
+    });
+  }
+  /**
+   * Get a specific schema
+   */
+  async getSchema(schemaId) {
+    return this.http.get(`/attestations/schemas/${schemaId}`);
+  }
+  // ---------------------------------------------------------------------------
+  // Attestation Management (authenticated)
+  // ---------------------------------------------------------------------------
+  /**
+   * Create a new attestation. The attestation will be EIP-712 signed
+   * by the tenant's treasury wallet.
+   */
+  async create(request) {
+    return this.http.post("/attestations", request);
+  }
+  /**
+   * List attestations created by the tenant
+   */
+  async list(options) {
+    return this.http.get("/attestations", {
+      attestation_type: options?.attestation_type,
+      status: options?.status,
+      limit: options?.limit
+    });
+  }
+  /**
+   * List attestations for a specific subject wallet within the tenant
+   */
+  async listBySubject(subjectAddress, options) {
+    return this.http.get(
+      `/attestations/by-subject/${subjectAddress}`,
+      {
+        attestation_type: options?.attestation_type,
+        status: options?.status,
+        limit: options?.limit
+      }
+    );
+  }
+  /**
+   * Get a specific attestation by ID
+   */
+  async get(attestationId) {
+    return this.http.get(`/attestations/${attestationId}`);
+  }
+  /**
+   * Revoke an attestation
+   */
+  async revoke(attestationId, reason) {
+    const params = reason ? `?reason=${encodeURIComponent(reason)}` : "";
+    return this.http.post(
+      `/attestations/${attestationId}/revoke${params}`,
+      {}
+    );
+  }
+  /**
+   * Anchor an attestation on-chain (requires anchor_attestations enabled)
+   */
+  async anchor(attestationId) {
+    return this.http.post(
+      `/attestations/${attestationId}/anchor`,
+      {}
+    );
+  }
+  // ---------------------------------------------------------------------------
+  // Configuration
+  // ---------------------------------------------------------------------------
+  /**
+   * Get the tenant's attestation configuration
+   */
+  async getConfig() {
+    return this.http.get("/attestations/config");
+  }
+  /**
+   * Update the tenant's attestation configuration
+   */
+  async updateConfig(request) {
+    return this.http.put("/attestations/config", request);
+  }
+  // ---------------------------------------------------------------------------
+  // Public Credential Discovery (no auth required)
+  // ---------------------------------------------------------------------------
+  /**
+   * List all valid credentials held by a wallet address.
+   * This is a public endpoint — no authentication required.
+   */
+  async getWalletCredentials(walletAddress, options) {
+    return this.http.get(
+      `/public/credentials/${walletAddress}`,
+      {
+        attestation_type: options?.attestation_type,
+        limit: options?.limit,
+        offset: options?.offset
+      }
+    );
+  }
+  /**
+   * Get a specific credential by wallet address and attestation UID.
+   * This is a public endpoint — no authentication required.
+   */
+  async getWalletCredential(walletAddress, attestationUid) {
+    return this.http.get(
+      `/public/credentials/${walletAddress}/${attestationUid}`
+    );
+  }
+  /**
+   * Get an aggregate verification summary for a wallet's credentials.
+   * Returns credential counts by type and latest score values.
+   * This is a public endpoint — no authentication required.
+   */
+  async verifyWalletCredentials(walletAddress) {
+    return this.http.get(
+      `/public/credentials/${walletAddress}/verify`
+    );
+  }
 };
 
 // src/client.ts
@@ -2971,6 +3127,7 @@ var ProofChain = class _ProofChain {
     this.credentials = new CredentialsClient(this.http);
     this.nft = new NftClient(this.http);
     this.partnerKeys = new PartnerKeysClient(this.http);
+    this.attestations = new AttestationsClient(this.http);
   }
   /**
    * Create a client for end-user JWT authentication (PWA/frontend use).
@@ -3311,6 +3468,7 @@ var EndUserIngestionClient = class {
   }
 };
 export {
+  AttestationsClient,
   AuthenticationError,
   AuthorizationError,
   CertificatesResource,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@proofchain/sdk",
-  "version": "2.21.1",
+  "version": "2.23.0",
   "description": "Official JavaScript/TypeScript SDK for ProofChain - blockchain-anchored document attestation",
   "main": "dist/index.js",
   "module": "dist/index.mjs",