@reclaimprotocol/js-sdk 4.15.0 → 5.0.0-dev.1

package/dist/index.js

@@ -1,7 +1,9 @@
 "use strict";
 var __create = Object.create;
 var __defProp = Object.defineProperty;
+var __defProps = Object.defineProperties;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __getOwnPropSymbols = Object.getOwnPropertySymbols;
 var __getProtoOf = Object.getPrototypeOf;
@@ -19,6 +21,7 @@ var __spreadValues = (a, b) => {
     }
   return a;
 };
+var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
 var __commonJS = (cb, mod) => function __require() {
   return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
 };
@@ -69,7 +72,7 @@ var require_package = __commonJS({
   "package.json"(exports2, module2) {
     module2.exports = {
       name: "@reclaimprotocol/js-sdk",
-      version: "4.15.0",
+      version: "5.0.0-dev.1",
       description: "Designed to request proofs from the Reclaim protocol and manage the flow of claims and witness interactions.",
       main: "dist/index.js",
       types: "dist/index.d.ts",
@@ -143,7 +146,7 @@ var require_package = __commonJS({
       devDependencies: {
         "@commitlint/cli": "^17.7.1",
         "@commitlint/config-conventional": "^17.7.0",
-        "@release-it/conventional-changelog": "^10.0.1",
+        "@release-it/conventional-changelog": "10.0.6",
         "@types/jest": "^30.0.0",
         "@types/qs": "^6.9.11",
         "@types/url-parse": "^1.4.11",
@@ -151,7 +154,7 @@ var require_package = __commonJS({
         jest: "^30.1.3",
         "jest-environment-jsdom": "^30.1.2",
         qs: "^6.11.2",
-        "release-it": "^19.0.4",
+        "release-it": "^19.2.4",
         "ts-jest": "^29.4.1",
         tsup: "^8.0.1",
         typescript: "^5.3.3"
@@ -174,13 +177,28 @@ var require_package = __commonJS({
 var index_exports = {};
 __export(index_exports, {
   ReclaimProofRequest: () => ReclaimProofRequest,
-  assertValidProof: () => assertValidProof,
+  assertValidProofsByHash: () => assertValidProofsByHash,
+  assertValidateProof: () => assertValidateProof,
+  assertVerifiedProof: () => assertVerifiedProof,
   clearDeviceCache: () => clearDeviceCache,
+  createLinkWithTemplateData: () => createLinkWithTemplateData,
+  fetchProviderConfig: () => fetchProviderConfig,
+  fetchProviderHashRequirementsBy: () => fetchProviderHashRequirementsBy,
+  fetchStatusUrl: () => fetchStatusUrl,
+  getAttestors: () => getAttestors,
   getDeviceType: () => getDeviceType,
+  getHttpProviderClaimParamsFromProof: () => getHttpProviderClaimParamsFromProof,
   getMobileDeviceType: () => getMobileDeviceType,
+  getProviderHashRequirementsFromSpec: () => getProviderHashRequirementsFromSpec,
+  getShortenedUrl: () => getShortenedUrl,
+  hashRequestSpec: () => hashRequestSpec,
+  initSession: () => initSession,
   isDesktopDevice: () => isDesktopDevice,
+  isHttpProviderClaimParams: () => isHttpProviderClaimParams,
   isMobileDevice: () => isMobileDevice,
+  recoverSignersOfSignedClaim: () => recoverSignersOfSignedClaim,
   transformForOnchain: () => transformForOnchain,
+  updateSession: () => updateSession,
   verifyProof: () => verifyProof
 });
 module.exports = __toCommonJS(index_exports);
@@ -214,6 +232,8 @@ Caused by: ${innerError.stack}`;
 }
 var TimeoutError = createErrorClass("TimeoutError");
 var ProofNotVerifiedError = createErrorClass("ProofNotVerifiedError");
+var ProofNotValidatedError = createErrorClass("ProofNotValidatedError");
+var UnknownProofsNotValidatedError = createErrorClass("UnknownProofsNotValidatedError");
 var SessionNotStartedError = createErrorClass("SessionNotStartedError");
 var ProviderNotFoundError = createErrorClass("ProviderNotFoundError");
 var SignatureGeneratingError = createErrorClass("SignatureGeneratingError");
@@ -233,6 +253,7 @@ var SetContextError = createErrorClass("SetContextError");
 var SetSignatureError = createErrorClass("SetSignatureError");
 var GetAppCallbackUrlError = createErrorClass("GetAppCallbackUrlError");
 var StatusUrlError = createErrorClass("StatusUrlError");
+var ProviderConfigFetchError = createErrorClass("ProviderConfigFetchError");
 var InavlidParametersError = createErrorClass("InavlidParametersError");
 var ProofSubmissionFailedError = createErrorClass("ProofSubmissionFailedError");
 var ErrorDuringVerificationError = createErrorClass("ErrorDuringVerificationError");
@@ -328,9 +349,13 @@ var constants = {
   get DEFAULT_RECLAIM_STATUS_URL() {
     return `${BACKEND_BASE_URL}/api/sdk/session/`;
   },
+  // Default attestors URL for Reclaim sessions
   get DEFAULT_ATTESTORS_URL() {
     return `${BACKEND_BASE_URL}/api/attestors`;
   },
+  DEFAULT_PROVIDER_URL(providerId, exactProviderVersionString) {
+    return `${BACKEND_BASE_URL}/api/providers/${providerId}?versionNumber=${exactProviderVersionString}`;
+  },
   // URL for sharing Reclaim templates
   RECLAIM_SHARE_URL: "https://share.reclaimprotocol.org/verifier/?template=",
   // Chrome extension URL for Reclaim Protocol
@@ -577,6 +602,92 @@ var http = {
   }
 };
 
+// src/witness.ts
+var import_ethers2 = require("ethers");
+function createSignDataForClaim(data) {
+  const identifier = getIdentifierFromClaimInfo(data);
+  const lines = [
+    identifier,
+    data.owner.toLowerCase(),
+    data.timestampS.toString(),
+    data.epoch.toString()
+  ];
+  return lines.join("\n");
+}
+function getIdentifierFromClaimInfo(info) {
+  let canonicalContext = info.context || "";
+  if (canonicalContext.length > 0) {
+    try {
+      const ctx = JSON.parse(canonicalContext);
+      canonicalContext = canonicalStringify(ctx);
+    } catch (e) {
+      throw new Error("unable to parse non-empty context. Must be JSON");
+    }
+  }
+  const str = `${info.provider}
+${info.parameters}
+${canonicalContext}`;
+  return import_ethers2.ethers.keccak256(strToUint8Array(str)).toLowerCase();
+}
+function hashProofClaimParams(params) {
+  const serializedParams = getProviderParamsAsCanonicalizedString(params);
+  return import_ethers2.ethers.keccak256(
+    strToUint8Array(serializedParams)
+  ).toLowerCase();
+}
+function strToUint8Array(str) {
+  return new TextEncoder().encode(str);
+}
+function getProviderParamsAsCanonicalizedString(params) {
+  var _a, _b, _c, _d, _e, _f, _g;
+  const filteredParams = {
+    url: (_a = params == null ? void 0 : params.url) != null ? _a : "",
+    // METHOD needs to be explicitly specified and absence or unknown method should cause error, but we're choosing to ignore it in this case
+    method: (_b = params == null ? void 0 : params.method) != null ? _b : "GET",
+    body: (_c = params == null ? void 0 : params.body) != null ? _c : "",
+    responseMatches: (_e = (_d = params == null ? void 0 : params.responseMatches) == null ? void 0 : _d.map((it) => {
+      var _a2, _b2;
+      return {
+        value: (_a2 = it.value) != null ? _a2 : "",
+        // This needs to be explicitly specified and absence should cause error, but we're choosing to ignore it in this case
+        type: (_b2 = it.type) != null ? _b2 : "contains",
+        invert: it.invert || void 0,
+        isOptional: it.isOptional || void 0
+      };
+    })) != null ? _e : [],
+    responseRedactions: (_g = (_f = params == null ? void 0 : params.responseRedactions) == null ? void 0 : _f.map((it) => {
+      var _a2, _b2, _c2;
+      return {
+        xPath: (_a2 = it.xPath) != null ? _a2 : "",
+        jsonPath: (_b2 = it.jsonPath) != null ? _b2 : "",
+        regex: (_c2 = it.regex) != null ? _c2 : "",
+        hash: it.hash || void 0
+      };
+    })) != null ? _g : []
+  };
+  const serializedParams = canonicalStringify(filteredParams);
+  return serializedParams;
+}
+
+// src/utils/providerUtils.ts
+function getProviderHashRequirementsFromSpec(spec) {
+  var _a;
+  return {
+    hashes: ((_a = spec == null ? void 0 : spec.requests) == null ? void 0 : _a.map(hashRequestSpec)) || []
+  };
+}
+function hashRequestSpec(request) {
+  const hash = hashProofClaimParams(__spreadProps(__spreadValues({}, request), {
+    // Body is strictly empty unless body sniff is explicitly enabled
+    body: request.bodySniff.enabled ? request.bodySniff.template : ""
+  }));
+  return {
+    value: hash,
+    required: request.required,
+    multiple: request.multiple
+  };
+}
+
 // src/utils/sessionUtils.ts
 var logger4 = logger_default.logger;
 function initSession(providerId, appId, timestamp, signature, versionNumber) {
@@ -653,42 +764,47 @@ function fetchStatusUrl(sessionId) {
     }
   });
 }
-
-// src/utils/proofUtils.ts
-var import_ethers3 = require("ethers");
-
-// src/witness.ts
-var import_ethers2 = require("ethers");
-function createSignDataForClaim(data) {
-  const identifier = getIdentifierFromClaimInfo(data);
-  const lines = [
-    identifier,
-    data.owner.toLowerCase(),
-    data.timestampS.toString(),
-    data.epoch.toString()
-  ];
-  return lines.join("\n");
-}
-function getIdentifierFromClaimInfo(info) {
-  let canonicalContext = info.context || "";
-  if (canonicalContext.length > 0) {
+function fetchProviderConfig(providerId, exactProviderVersionString) {
+  return __async(this, null, function* () {
+    validateFunctionParams(
+      [
+        { input: providerId, paramName: "providerId", isString: true },
+        { input: exactProviderVersionString, paramName: "exactProviderVersionString", isString: true }
+      ],
+      "fetchProviderConfig"
+    );
     try {
-      const ctx = JSON.parse(canonicalContext);
-      canonicalContext = canonicalStringify(ctx);
-    } catch (e) {
-      throw new Error("unable to parse non-empty context. Must be JSON");
+      const response = yield http.client(constants.DEFAULT_PROVIDER_URL(providerId, exactProviderVersionString), {
+        method: "GET",
+        headers: { "Content-Type": "application/json" }
+      });
+      const res = yield response.json();
+      if (!response.ok) {
+        const errorMessage = `Error fetching provider config for providerId: ${providerId}, exactProviderVersionString: ${exactProviderVersionString}. Status Code: ${response.status}`;
+        logger4.info(errorMessage, res);
+        throw new ProviderConfigFetchError(errorMessage);
+      }
+      return res;
+    } catch (err) {
+      const errorMessage = `Failed to fetch provider config for providerId: ${providerId}, exactProviderVersionString: ${exactProviderVersionString}`;
+      logger4.info(errorMessage, err);
+      throw new ProviderConfigFetchError(`Error fetching provider config for providerId: ${providerId}, exactProviderVersionString: ${exactProviderVersionString}`);
     }
-  }
-  const str = `${info.provider}
-${info.parameters}
-${canonicalContext}`;
-  return import_ethers2.ethers.keccak256(strToUint8Array(str)).toLowerCase();
+  });
 }
-function strToUint8Array(str) {
-  return new TextEncoder().encode(str);
+function fetchProviderHashRequirementsBy(providerId, exactProviderVersion) {
+  return __async(this, null, function* () {
+    var _a, _b;
+    const providerResponse = yield fetchProviderConfig(providerId, exactProviderVersion);
+    const providerConfig = providerResponse.providers;
+    return getProviderHashRequirementsFromSpec({
+      requests: [...(_a = providerConfig == null ? void 0 : providerConfig.requestData) != null ? _a : [], ...(_b = providerConfig == null ? void 0 : providerConfig.allowedInjectedRequestData) != null ? _b : []]
+    });
+  });
 }
 
 // src/utils/proofUtils.ts
+var import_ethers3 = require("ethers");
 var logger5 = logger_default.logger;
 function getShortenedUrl(url) {
   return __async(this, null, function* () {
@@ -752,6 +868,17 @@ function recoverSignersOfSignedClaim({
   );
   return signers;
 }
+function assertVerifiedProof(proof, attestors) {
+  return __async(this, null, function* () {
+    const signers = recoverSignersOfSignedClaim({
+      claim: proof.claimData,
+      signatures: proof.signatures.map((signature) => import_ethers3.ethers.getBytes(signature))
+    });
+    if (!attestors.some((attestor) => signers.includes(attestor.id.toLowerCase()))) {
+      throw new ProofNotVerifiedError("Identifier mismatch");
+    }
+  });
+}
 
 // src/utils/modalUtils.ts
 var logger6 = logger_default.logger;
@@ -1202,35 +1329,108 @@ function clearDeviceCache() {
   cachedMobileType = null;
 }
 
-// src/Reclaim.ts
+// src/utils/proofValidationUtils.ts
 var logger7 = logger_default.logger;
+var HASH_REQUIRED_DEFAULT = true;
+var HASH_MATCH_MULTIPLE_DEFAULT = false;
+function assertValidProofsByHash(proofs, config) {
+  var _a, _b;
+  if (!config.hashes) {
+    throw new ProofNotValidatedError("No proof hash was provided for validation");
+  }
+  const unvalidatedProofHashByIndex = /* @__PURE__ */ new Map();
+  for (let i = 0; i < proofs.length; i++) {
+    const proof = proofs[i];
+    const claimParams = getHttpProviderClaimParamsFromProof(proof);
+    const computedHashOfProof = hashProofClaimParams(claimParams).toLowerCase().trim();
+    unvalidatedProofHashByIndex.set(i, computedHashOfProof);
+  }
+  for (const hashRequirement of config.hashes) {
+    let found = false;
+    const expectedHash = hashRequirement.value.toLowerCase().trim();
+    const isRequired = (_a = hashRequirement.required) != null ? _a : HASH_REQUIRED_DEFAULT;
+    const canMatchMultiple = (_b = hashRequirement.multiple) != null ? _b : HASH_MATCH_MULTIPLE_DEFAULT;
+    for (const [i, proofHash] of unvalidatedProofHashByIndex.entries()) {
+      if (proofHash === expectedHash) {
+        unvalidatedProofHashByIndex.delete(i);
+        if (!found) {
+          found = true;
+        } else if (!canMatchMultiple) {
+          throw new ProofNotValidatedError(`Proof by hash '${expectedHash}' is not allowed to appear more than once`);
+        }
+      }
+    }
+    if (!found && isRequired) {
+      throw new ProofNotValidatedError(`Proof by required hash '${expectedHash}' was not found`);
+    }
+  }
+  if (unvalidatedProofHashByIndex.size > 0) {
+    const contactSupport = "Please contact Reclaim Protocol Support team or mail us at support@reclaimprotocol.org.";
+    throw new UnknownProofsNotValidatedError(`Extra ${unvalidatedProofHashByIndex.size} proof(s) by hashes ${[...unvalidatedProofHashByIndex.values()].join(", ")} was found but could not be validated and indicates a security risk. ${contactSupport}`);
+  }
+}
+var allowedHttpMethods = /* @__PURE__ */ new Set(["GET", "POST", "PUT", "PATCH", "DELETE"]);
+function isHttpProviderClaimParams(claimParams) {
+  if (!claimParams || typeof claimParams !== "object" || Array.isArray(claimParams)) {
+    return false;
+  }
+  const params = claimParams;
+  return typeof params.url === "string" && typeof params.method === "string" && allowedHttpMethods.has(params.method) && typeof params.body === "string" && Array.isArray(params.responseMatches) && params.responseMatches.length > 0 && Array.isArray(params.responseRedactions);
+}
+function getHttpProviderClaimParamsFromProof(proof) {
+  try {
+    const claimParams = JSON.parse(proof.claimData.parameters);
+    if (isHttpProviderClaimParams(claimParams)) {
+      return claimParams;
+    }
+  } catch (_) {
+  }
+  throw new ProofNotValidatedError("Proof has no HTTP provider params to hash");
+}
+function assertValidateProof(proofs, config) {
+  if ("dangerouslyDisableContentValidation" in config && config.dangerouslyDisableContentValidation) {
+    logger7.warn("Validation skipped because it was disabled during proof verification");
+    return;
+  }
+  const effectiveHashRequirement = ("hashes" in config && Array.isArray(config == null ? void 0 : config.hashes) ? config.hashes : []).map((it) => {
+    if (typeof it == "string") {
+      return {
+        value: it
+      };
+    } else {
+      return it;
+    }
+  });
+  return assertValidProofsByHash(proofs, {
+    hashes: effectiveHashRequirement
+  });
+}
+
+// src/Reclaim.ts
+var logger8 = logger_default.logger;
 var sdkVersion = require_package().version;
-function verifyProof(proofOrProofs, allowAiWitness = false) {
+function verifyProof(proofOrProofs, config) {
   return __async(this, null, function* () {
     try {
-      yield assertValidProof(proofOrProofs, allowAiWitness);
+      const proofs = Array.isArray(proofOrProofs) ? proofOrProofs : [proofOrProofs];
+      if (proofs.length === 0) {
+        throw new ProofNotValidatedError("No proofs provided");
+      }
+      if (!config) {
+        throw new ProofNotValidatedError("Verification configuration is required for `verifyProof(proof, config)`");
+      }
+      const attestors = yield getAttestors();
+      for (const proof of proofs) {
+        yield assertVerifiedProof(proof, attestors);
+      }
+      assertValidateProof(proofs, config);
       return true;
     } catch (error) {
-      logger7.error("error in validating proof", error);
+      logger8.error("Error in validating proof:", error);
       return false;
     }
   });
 }
-function assertValidProof(proofOrProofs, allowAiWitness = false) {
-  return __async(this, null, function* () {
-    const attestors = yield getAttestors();
-    proofOrProofs = Array.isArray(proofOrProofs) ? proofOrProofs : [proofOrProofs];
-    for (const proof of proofOrProofs) {
-      const signers = recoverSignersOfSignedClaim({
-        claim: proof.claimData,
-        signatures: proof.signatures.map((signature) => import_ethers4.ethers.getBytes(signature))
-      });
-      if (!attestors.some((attestor) => signers.includes(attestor.id.toLowerCase()))) {
-        throw new ProofNotVerifiedError("Identifier mismatch");
-      }
-    }
-  });
-}
 function transformForOnchain(proof) {
   const claimInfoBuilder = /* @__PURE__ */ new Map([
     ["context", proof.claimData.context],
@@ -1274,7 +1474,7 @@ var emptyTemplateData = {
 var ReclaimProofRequest = class _ReclaimProofRequest {
   // 30 seconds timeout, can be adjusted
   constructor(applicationId, providerId, options) {
-    this.context = { contextAddress: "0x0", contextMessage: "sample context" };
+    this.context = { contextAddress: "0x0", contextMessage: "sample context", reclaimSessionId: "" };
     this.claimCreationType = "createClaim" /* STANDALONE */;
     this.intervals = /* @__PURE__ */ new Map();
     this.jsonProofResponse = false;
@@ -1364,7 +1564,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
     }
     this.options = options;
     this.sdkVersion = "js-" + sdkVersion;
-    logger7.info(`Initializing client with applicationId: ${this.applicationId}`);
+    logger8.info(`Initializing client with applicationId: ${this.applicationId}`);
   }
   /**
    * Initializes a new Reclaim proof request instance with automatic signature generation and session creation
@@ -1457,7 +1657,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
                   Intl.getCanonicalLocales(options.preferredLocale);
                   return true;
                 } catch (error) {
-                  logger7.info("Failed to canonicalize locale", error);
+                  logger8.info("Failed to canonicalize locale", error);
                   return false;
                 }
               }
@@ -1470,10 +1670,11 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
         const data = yield initSession(providerId, applicationId, proofRequestInstance.timeStamp, signature, options == null ? void 0 : options.providerVersion);
         proofRequestInstance.sessionId = data.sessionId;
         proofRequestInstance.resolvedProviderVersion = data.resolvedProviderVersion;
+        proofRequestInstance.context.reclaimSessionId = data.sessionId;
         return proofRequestInstance;
       } catch (error) {
         console.error(error);
-        logger7.info("Failed to initialize ReclaimProofRequest", error);
+        logger8.info("Failed to initialize ReclaimProofRequest", error);
         throw new InitError("Failed to initialize ReclaimProofRequest", error);
       }
     });
@@ -1590,7 +1791,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
                 Intl.getCanonicalLocales(options.preferredLocale);
                 return true;
               } catch (error) {
-                logger7.info("Failed to canonicalize locale", error);
+                logger8.info("Failed to canonicalize locale", error);
                 return false;
               }
             }
@@ -1614,7 +1815,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
         proofRequestInstance.cancelRedirectUrlOptions = cancelRedirectUrlOptions;
         return proofRequestInstance;
       } catch (error) {
-        logger7.info("Failed to parse JSON string in fromJsonString:", error);
+        logger8.info("Failed to parse JSON string in fromJsonString:", error);
         throw new InvalidParamError("Invalid JSON string provided to fromJsonString");
       }
     });
@@ -1775,9 +1976,9 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
     try {
       validateModalOptions(options, "setModalOptions");
       this.modalOptions = __spreadValues(__spreadValues({}, this.modalOptions), options);
-      logger7.info("Modal options set successfully");
+      logger8.info("Modal options set successfully");
     } catch (error) {
-      logger7.info("Error setting modal options:", error);
+      logger8.info("Error setting modal options:", error);
       throw new SetParamsError("Error setting modal options", error);
     }
   }
@@ -1804,9 +2005,9 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
       validateFunctionParams([
         { input: context, paramName: "context", isString: false }
       ], "setJsonContext");
-      this.context = JSON.parse(canonicalStringify(context));
+      this.context = JSON.parse(canonicalStringify(__spreadProps(__spreadValues({}, context), { reclaimSessionId: this.sessionId })));
     } catch (error) {
-      logger7.info("Error setting context", error);
+      logger8.info("Error setting context", error);
       throw new SetContextError("Error setting context", error);
     }
   }
@@ -1835,9 +2036,9 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
         { input: address, paramName: "address", isString: true },
         { input: message, paramName: "message", isString: true }
       ], "setContext");
-      this.context = { contextAddress: address, contextMessage: message };
+      this.context = { contextAddress: address, contextMessage: message, reclaimSessionId: this.sessionId };
     } catch (error) {
-      logger7.info("Error setting context", error);
+      logger8.info("Error setting context", error);
       throw new SetContextError("Error setting context", error);
     }
   }
@@ -1872,7 +2073,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
       validateParameters(params);
       this.parameters = __spreadValues(__spreadValues({}, this.parameters), params);
     } catch (error) {
-      logger7.info("Error Setting Params:", error);
+      logger8.info("Error Setting Params:", error);
       throw new SetParamsError("Error setting params", error);
     }
   }
@@ -1896,7 +2097,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
       validateFunctionParams([{ input: this.sessionId, paramName: "sessionId", isString: true }], "getAppCallbackUrl");
       return this.appCallbackUrl || `${constants.DEFAULT_RECLAIM_CALLBACK_URL}${this.sessionId}`;
     } catch (error) {
-      logger7.info("Error getting app callback url", error);
+      logger8.info("Error getting app callback url", error);
       throw new GetAppCallbackUrlError("Error getting app callback url", error);
     }
   }
@@ -1920,7 +2121,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
       validateFunctionParams([{ input: this.sessionId, paramName: "sessionId", isString: true }], "getCancelCallbackUrl");
       return this.cancelCallbackUrl || `${constants.DEFAULT_RECLAIM_CANCEL_CALLBACK_URL}${this.sessionId}`;
     } catch (error) {
-      logger7.info("Error getting cancel callback url", error);
+      logger8.info("Error getting cancel callback url", error);
       throw new GetAppCallbackUrlError("Error getting cancel callback url", error);
     }
   }
@@ -1943,7 +2144,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
       validateFunctionParams([{ input: this.sessionId, paramName: "sessionId", isString: true }], "getStatusUrl");
       return `${constants.DEFAULT_RECLAIM_STATUS_URL}${this.sessionId}`;
     } catch (error) {
-      logger7.info("Error fetching Status Url", error);
+      logger8.info("Error fetching Status Url", error);
       throw new GetStatusUrlError("Error fetching status url", error);
     }
   }
@@ -1973,9 +2174,9 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
     try {
       validateFunctionParams([{ input: signature, paramName: "signature", isString: true }], "setSignature");
       this.signature = signature;
-      logger7.info(`Signature set successfully for applicationId: ${this.applicationId}`);
+      logger8.info(`Signature set successfully for applicationId: ${this.applicationId}`);
     } catch (error) {
-      logger7.info("Error setting signature", error);
+      logger8.info("Error setting signature", error);
       throw new SetSignatureError("Error setting signature", error);
     }
   }
@@ -1990,7 +2191,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
         const messageHash = import_ethers4.ethers.keccak256(new TextEncoder().encode(canonicalData));
         return yield wallet.signMessage(import_ethers4.ethers.getBytes(messageHash));
       } catch (err) {
-        logger7.info(`Error generating proof request for applicationId: ${this.applicationId}, providerId: ${this.providerId}, signature: ${this.signature}, timeStamp: ${this.timeStamp}`, err);
+        logger8.info(`Error generating proof request for applicationId: ${this.applicationId}, providerId: ${this.providerId}, signature: ${this.signature}, timeStamp: ${this.timeStamp}`, err);
         throw new SignatureGeneratingError(`Error generating signature for applicationSecret: ${applicationSecret}`);
       }
     });
@@ -2082,7 +2283,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
     return __async(this, null, function* () {
       var _a, _b, _c;
       const options = launchOptions || ((_a = this.options) == null ? void 0 : _a.launchOptions) || {};
-      logger7.info("Creating Request Url");
+      logger8.info("Creating Request Url");
       if (!this.signature) {
         throw new SignatureNotFoundError("Signature is not set.");
       }
@@ -2101,20 +2302,20 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
             if (isDeferredDeeplinksFlowEnabled) {
               instantAppUrl = instantAppUrl.replace("/verifier", "/link");
             }
-            logger7.info("Instant App Url created successfully: " + instantAppUrl);
+            logger8.info("Instant App Url created successfully: " + instantAppUrl);
             return instantAppUrl;
           } else {
             const appClipUrl = this.customAppClipUrl ? `${this.customAppClipUrl}&template=${template}` : `https://appclip.apple.com/id?p=org.reclaimprotocol.app.clip&template=${template}`;
-            logger7.info("App Clip Url created successfully: " + appClipUrl);
+            logger8.info("App Clip Url created successfully: " + appClipUrl);
             return appClipUrl;
           }
         } else {
           const link = yield createLinkWithTemplateData(templateData, this.customSharePageUrl);
-          logger7.info("Request Url created successfully: " + link);
+          logger8.info("Request Url created successfully: " + link);
           return link;
         }
       } catch (error) {
-        logger7.info("Error creating Request Url:", error);
+        logger8.info("Error creating Request Url:", error);
         throw error;
       }
     });
@@ -2148,31 +2349,31 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
       try {
         const templateData = this.getTemplateData();
         this.templateData = templateData;
-        logger7.info("Triggering Reclaim flow");
+        logger8.info("Triggering Reclaim flow");
         const deviceType = getDeviceType();
         updateSession(this.sessionId, "SESSION_STARTED" /* SESSION_STARTED */);
         if (deviceType === "desktop" /* DESKTOP */) {
           const extensionAvailable = yield this.isBrowserExtensionAvailable();
           if (((_b = this.options) == null ? void 0 : _b.useBrowserExtension) && extensionAvailable) {
-            logger7.info("Triggering browser extension flow");
+            logger8.info("Triggering browser extension flow");
             this.triggerBrowserExtensionFlow();
             return;
           } else {
-            logger7.info("Browser extension not available, showing QR code modal");
+            logger8.info("Browser extension not available, showing QR code modal");
             yield this.showQRCodeModal();
           }
         } else if (deviceType === "mobile" /* MOBILE */) {
           const mobileDeviceType = getMobileDeviceType();
           if (mobileDeviceType === "android" /* ANDROID */) {
-            logger7.info("Redirecting to Android instant app");
+            logger8.info("Redirecting to Android instant app");
             yield this.redirectToInstantApp(options);
           } else if (mobileDeviceType === "ios" /* IOS */) {
-            logger7.info("Redirecting to iOS app clip");
+            logger8.info("Redirecting to iOS app clip");
             this.redirectToAppClip();
           }
         }
       } catch (error) {
-        logger7.info("Error triggering Reclaim flow:", error);
+        logger8.info("Error triggering Reclaim flow:", error);
         throw error;
       }
     });
@@ -2220,7 +2421,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
           window.postMessage(message, "*");
         });
       } catch (error) {
-        logger7.info("Error checking Reclaim extension installed:", error);
+        logger8.info("Error checking Reclaim extension installed:", error);
         return false;
       }
     });
@@ -2233,7 +2434,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
       extensionID: this.extensionID
     };
     window.postMessage(message, "*");
-    logger7.info("Browser extension flow triggered");
+    logger8.info("Browser extension flow triggered");
   }
   showQRCodeModal() {
     return __async(this, null, function* () {
@@ -2242,7 +2443,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
         this.modal = new QRCodeModal(this.modalOptions);
         yield this.modal.show(requestUrl);
       } catch (error) {
-        logger7.info("Error showing QR code modal:", error);
+        logger8.info("Error showing QR code modal:", error);
         throw error;
       }
     });
@@ -2255,7 +2456,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
         template = replaceAll(template, "(", "%28");
         template = replaceAll(template, ")", "%29");
         let instantAppUrl = this.buildSharePageUrl(template);
-        logger7.info("Redirecting to Android instant app: " + instantAppUrl);
+        logger8.info("Redirecting to Android instant app: " + instantAppUrl);
         const isDeferredDeeplinksFlowEnabled = (_a = options.canUseDeferredDeepLinksFlow) != null ? _a : false;
         if (isDeferredDeeplinksFlowEnabled) {
           instantAppUrl = instantAppUrl.replace("/verifier", "/link");
@@ -2305,7 +2506,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
         }
         window.location.href = instantAppUrl;
       } catch (error) {
-        logger7.info("Error redirecting to instant app:", error);
+        logger8.info("Error redirecting to instant app:", error);
         throw error;
       }
     });
@@ -2316,17 +2517,30 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
       template = replaceAll(template, "(", "%28");
       template = replaceAll(template, ")", "%29");
       const appClipUrl = this.customAppClipUrl ? `${this.customAppClipUrl}&template=${template}` : `https://appclip.apple.com/id?p=org.reclaimprotocol.app.clip&template=${template}`;
-      logger7.info("Redirecting to iOS app clip: " + appClipUrl);
+      logger8.info("Redirecting to iOS app clip: " + appClipUrl);
       const verifierUrl = `https://share.reclaimprotocol.org/verifier/?template=${template}`;
       window.location.href = appClipUrl;
       setTimeout(() => {
         window.location.href = verifierUrl;
       }, 5 * 1e3);
     } catch (error) {
-      logger7.info("Error redirecting to app clip:", error);
+      logger8.info("Error redirecting to app clip:", error);
       throw error;
     }
   }
+  /**
+   * Fetches the provider config that was used for this session and returns the hash requirements
+   * 
+   * See also:
+   * * `fetchProviderHashRequirementsBy()` - An alternative of this function to get the expected hashes for a provider version by providing providerId and exactProviderVersionString. The result can be provided in verifyProof function's `config` parameter for proof validation.
+   * * `getProviderHashRequirementsFromSpec()` - An alternative of this function to get the expected hashes from a provider spec. The result can be provided in verifyProof function's `config` parameter for proof validation.
+   *
+   * @returns A promise that resolves to a ProviderHashRequirementsConfig
+   */
+  getProviderHashRequirements() {
+    var _a;
+    return fetchProviderHashRequirementsBy(this.providerId, (_a = this.resolvedProviderVersion) != null ? _a : "");
+  }
   /**
    * Starts the proof request session and monitors for proof submission
    *
@@ -2370,13 +2584,13 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
     return __async(this, arguments, function* ({ onSuccess, onError }) {
       if (!this.sessionId) {
         const message = "Session can't be started due to undefined value of sessionId";
-        logger7.info(message);
+        logger8.info(message);
         throw new SessionNotStartedError(message);
       }
-      logger7.info("Starting session");
+      logger8.info("Starting session");
       const sessionUpdatePollingInterval = 3 * 1e3;
       const interval = setInterval(() => __async(this, null, function* () {
-        var _a, _b, _c, _d;
+        var _a, _b, _c;
         try {
           const statusUrlResponse = yield fetchStatusUrl(this.sessionId);
           if (!statusUrlResponse.session) return;
@@ -2400,9 +2614,9 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
             if (statusUrlResponse.session.proofs && statusUrlResponse.session.proofs.length > 0) {
               const proofs = statusUrlResponse.session.proofs;
               if (this.claimCreationType === "createClaim" /* STANDALONE */) {
-                const verified = yield verifyProof(proofs, (_a = this.options) == null ? void 0 : _a.acceptAiProviders);
+                const verified = yield verifyProof(proofs, yield this.getProviderHashRequirements());
                 if (!verified) {
-                  logger7.info(`Proofs not verified: ${JSON.stringify(proofs)}`);
+                  logger8.info(`Proofs not verified: ${JSON.stringify(proofs)}`);
                   throw new ProofNotVerifiedError();
                 }
               }
@@ -2412,7 +2626,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
                 onSuccess(proofs);
               }
               this.clearInterval();
-              (_b = this.modal) == null ? void 0 : _b.close();
+              (_a = this.modal) == null ? void 0 : _a.close();
             }
           } else {
             if (statusUrlResponse.session.statusV2 === "PROOF_SUBMISSION_FAILED" /* PROOF_SUBMISSION_FAILED */) {
@@ -2423,7 +2637,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
                 onSuccess([]);
               }
               this.clearInterval();
-              (_c = this.modal) == null ? void 0 : _c.close();
+              (_b = this.modal) == null ? void 0 : _b.close();
             }
           }
         } catch (e) {
@@ -2431,7 +2645,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
             onError(e);
           }
           this.clearInterval();
-          (_d = this.modal) == null ? void 0 : _d.close();
+          (_c = this.modal) == null ? void 0 : _c.close();
         }
       }), sessionUpdatePollingInterval);
       this.intervals.set(this.sessionId, interval);
@@ -2453,7 +2667,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
   closeModal() {
     if (this.modal) {
       this.modal.close();
-      logger7.info("Modal closed by user");
+      logger8.info("Modal closed by user");
     }
   }
   /**
@@ -2474,13 +2688,28 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   ReclaimProofRequest,
-  assertValidProof,
+  assertValidProofsByHash,
+  assertValidateProof,
+  assertVerifiedProof,
   clearDeviceCache,
+  createLinkWithTemplateData,
+  fetchProviderConfig,
+  fetchProviderHashRequirementsBy,
+  fetchStatusUrl,
+  getAttestors,
   getDeviceType,
+  getHttpProviderClaimParamsFromProof,
   getMobileDeviceType,
+  getProviderHashRequirementsFromSpec,
+  getShortenedUrl,
+  hashRequestSpec,
+  initSession,
   isDesktopDevice,
+  isHttpProviderClaimParams,
   isMobileDevice,
+  recoverSignersOfSignedClaim,
   transformForOnchain,
+  updateSession,
   verifyProof
 });
 //# sourceMappingURL=index.js.map