npm - @reclaimprotocol/js-sdk - Versions diffs - 5.0.0-dev.0 → 5.0.0-dev.2 - Mend

@reclaimprotocol/js-sdk 5.0.0-dev.0 → 5.0.0-dev.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -1,3 +1,11 @@
+interface TeeAttestation {
+    workload_digest: string;
+    verifier_digest: string;
+    nonce: string;
+    snp_report: string;
+    vlek_cert: string;
+    timestamp: string;
+}
 interface Proof {
     identifier: string;
     claimData: ProviderClaimData;
@@ -8,6 +16,7 @@ interface Proof {
         [key: string]: string;
     };
     taskId?: number;
+    teeAttestation?: TeeAttestation;
 }
 declare const RECLAIM_EXTENSION_ACTIONS: {
     CHECK_EXTENSION: string;
@@ -38,6 +47,14 @@ interface Context {
     contextAddress: string;
     contextMessage: string;
     reclaimSessionId: string;
+    extractedParameters?: Record<string, string>;
+    providerHash?: string;
+    attestationNonce?: string;
+    attestationNonceData?: {
+        applicationId: string;
+        sessionId: string;
+        timestamp: string;
+    };
 }
 interface Beacon {
     getState(epoch?: number): Promise<BeaconState>;
@@ -49,7 +66,100 @@ type BeaconState = {
     witnessesRequiredForClaim: number;
     nextEpochTimestampS: number;
 };
+/**
+ * Information of the exact provider and its version used in the verification session.
+ *
+ * See also:
+ *
+ * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
+ */
+interface ProviderVersionInfo {
+    /**
+     * The identifier of provider used in verifications that resulted in a proof
+     *
+     * See also:
+     *
+     * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
+     */
+    providerId: string;
+    /**
+     * The exact version of provider used in verifications that resulted in a proof.
+     *
+     * This cannot be a version constaint or version expression.
+     *
+     * See also:
+     *
+     * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
+     */
+    providerVersion: string;
+    /**
+     * List of allowed pre-release tags.
+     * For example, if you are using AI, provide `['ai']` to allow AI patch versions of the provider.
+     */
+    allowedTags: string[];
+}
+/**
+ * Fetches the provider configuration by the providerId and its version; and constructs the robust hash requirements needed for proof validation.
+ * It resolves both explicitly required HTTP requests and allowed injected requests based on the provider version.
+ *
+ * See also:
+ *
+ * * `ReclaimProofRequest.getProviderHashRequirements()` - An alternative of this function to get the expected hashes for a proof request. The result can be provided in verifyProof function's `config` parameter for proof validation.
+ * * `getProviderHashRequirementsFromSpec()` - An alternative of this function to get the expected hashes from a provider spec. The result can be provided in verifyProof function's `config` parameter for proof validation.
+ *
+ * @param providerId - The unique identifier of the selected provider.
+ * @param exactProviderVersionString - The specific version string of the provider configuration to ensure deterministic validation.
+ * @returns A promise that resolves to `ProviderHashRequirementsConfig` representing the expected hashes for proof validation.
+ */
+declare function fetchProviderHashRequirementsBy(providerId: string, exactProviderVersionString: string | null | undefined, allowedTags: string[] | null | undefined, proofs?: Proof[]): Promise<ProviderHashRequirementsConfig[]>;
+/**
+ * Generates an array of `RequestSpec` objects by replacing template parameters with their corresponding values.
+ *
+ * If the input template includes `templateParams` (e.g., `['param1', 'param2']`), this function will
+ * cartesian-map (or pairwise-map) the provided `templateParameters` record (e.g., `{ param1: ['v1', 'v2'], param2: ['a1', 'a2'] }`)
+ * to generate multiple unique `RequestSpec` configurations.
+ *
+ * The function ensures that:
+ * 1. Parameters strictly specified in `template.templateParams` are found.
+ * 2. All specified template parameters arrays have the exact same length (pairwise mapping).
+ * 3. String replacements are fully applied (all occurrences) to `responseMatches` (value) and `responseRedactions` (jsonPath, xPath, regex).
+ *
+ * @param requestSpecTemplates - The base template `RequestSpec` containing parameter placeholders.
+ * @param templateParameters - A record mapping parameter names to arrays of strings representing the extracted values.
+ * @returns An array of fully constructed `RequestSpec` objects with templates replaced.
+ * @throws {InvalidRequestSpecError} If required parameters are missing or parameter value arrays have mismatched lengths.
+ */
+declare function generateSpecsFromRequestSpecTemplate(requestSpecTemplates: RequestSpec[], templateParameters: Record<string, string[]>): RequestSpec[];
+declare function takeTemplateParametersFromProofs(proofs?: Proof[]): Record<string, string[]>;
+declare function takePairsWhereValueIsArray(o: Record<string, string> | undefined): Record<string, string[]>;
+/**
+ * Transforms a raw provider hash requirement specification into a structured configuration for proof validation.
+ * It computes the proof hashes for both required and allowed extra requests to correctly match uploaded proofs.
+ *
+ * See also:
+ *
+ * * `fetchProviderHashRequirementsBy()` - An alternative of this function to get the expected hashes for a provider version by providing providerId and exactProviderVersionString. The result can be provided in verifyProof function's `config` parameter for proof validation.
+ * * `ReclaimProofRequest.getProviderHashRequirements()` - An alternative of this function to get the expected hashes for a proof request. The result can be provided in verifyProof function's `config` parameter for proof validation.
+ *
+ * @param spec - The raw provider specifications including required and allowed requests.
+ * @returns A structured configuration containing computed required and allowed hashes for validation.
+ */
+declare function getProviderHashRequirementsFromSpec(spec: ProviderHashRequirementSpec): ProviderHashRequirementsConfig;
+/**
+ * Computes the claim hash for a specific request specification based on its properties.
+ *
+ * @param request - The HTTP request specification (e.g., URL, method, sniffs).
+ * @returns A string representing the hashed proof claim parameters.
+ */
+declare function hashRequestSpec(request: RequestSpec): HashRequirement;
+/**
+ * Represents the raw specification of hash requirements provided by a provider's configuration.
+ */
+interface ProviderHashRequirementSpec {
+    /** List of request specs that can match with HTTP requests to create a proof using Reclaim Protocol */
+    requests: RequestSpec[] | undefined;
+}
 /**
  * The structured hash requirements configuration used during proof verification and content validation.
  */
@@ -64,9 +174,9 @@ type ProviderHashRequirementsConfig = {
  */
 type HashRequirement = {
     /**
-     * The hash value to match
+     * The hash value(s) to match. An array represents multiple valid hashes for optional configurations.
      */
-    value: string;
+    value: string | string[];
     /**
      * Whether the hash is required to be present in the proof.
      * Defaults to true
@@ -111,9 +221,14 @@ interface RequestSpec {
     required?: boolean;
     /**
      * Whether request matching this spec is allowed to appear multiple times in list of proofs.
-     * Defaults to false.
+     * Defaults to true.
      */
     multiple?: boolean;
+    /**
+     * Template parameter variables for the request spec that should be replaced with real values
+     * during dynamic request spec construction.
+     */
+    templateParams?: string[];
 }
 /**
  * Defines the configuration for identifying/sniffing the request body.
@@ -151,16 +266,98 @@ interface ResponseRedactionSpec {
     xPath: string;
 }
+/**
+ * Content validation configuration specifying essential required hashes and optional extra proofs.
+ * Used to explicitly validate that a generated proof matches the exact request structure expected.
+ */
+type ValidationConfigWithHash = {
+    /**
+     * Array of computed hashes that must be satisfied by the proofs.
+     *
+     * An element can be a `HashRequirement` object or a string that is equivalent to
+     * a `{ value: '<hash>', required: true, multiple: false }` as `HashRequirement`.
+     */
+    hashes: (string | HashRequirement)[];
+};
+/**
+ * Content validation configuration specifying the provider id and version used in the verification session that generated the proofs.
+ * Used to explicitly validate that a generated proof matches the exact request structure expected.
+ *
+ * See also:
+ *
+ * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
+ */
+interface ValidationConfigWithProviderInformation {
+    /**
+     * The identifier of provider used in verifications that resulted in a proof
+     *
+     * See also:
+     *
+     * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
+     **/
+    providerId: string;
+    /**
+     * The exact version of provider used in verifications that resulted in a proof.
+     *
+     * This cannot be a version constaint or version expression. It can be undefined or left blank if proof must be validated with latest version of provider.
+     * Patches for the next provider version are also fetched and hashes from that spec is also be used to compare the hashes from proof.
+     *
+     * See also:
+     *
+     * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
+     **/
+    providerVersion?: string;
+    /**
+     * List of allowed pre-release tags.
+     * For example, if you are using AI, provide `['ai']` to allow AI patch versions of the provider.
+     */
+    allowedTags?: string[];
+}
+/**
+ * Legacy configuration to completely bypass content validation during verification.
+ * Warning: Using this poses a risk as it avoids strictly matching proof parameters to expected hashes.
+ */
+interface ValidationConfigWithDisabledValidation {
+    dangerouslyDisableContentValidation: true;
+}
+/**
+ * Represents the configuration options applied when validating proof contents, allowing
+ * strict hash checking or intentionally skipping validation if flagged.
+ */
+type ValidationConfig = ValidationConfigWithHash | ValidationConfigWithProviderInformation | ValidationConfigWithDisabledValidation;
+/**
+ * Describes the comprehensive configuration required to initialize the proof verification process.
+ * Aligns with `ValidationConfig` options for verifying signatures alongside proof contents.
+ */
+type VerificationConfig = ValidationConfig;
+declare function assertValidProofsByHash(proofs: Proof[], config: ProviderHashRequirementsConfig): void;
+declare function isHttpProviderClaimParams(claimParams: unknown): claimParams is HttpProviderClaimParams;
+declare function getHttpProviderClaimParamsFromProof(proof: Proof): HttpProviderClaimParams;
+/**
+ * Asserts that the proof is validated by checking the content of proof with with expectations from provider config or hash based on [options]
+ * @param proofs - The proofs to validate
+ * @param config - The validation config
+ * @throws {ProofNotValidatedError} When the proof is not validated
+ */
+declare function assertValidateProof(proofs: Proof[], config: VerificationConfig): Promise<void>;
 type ClaimID = ProviderClaimData['identifier'];
 type ClaimInfo = Pick<ProviderClaimData, 'context' | 'provider' | 'parameters'>;
 type CompleteClaimData = Pick<ProviderClaimData, 'owner' | 'timestampS' | 'epoch'> & ClaimInfo;
 interface HttpProviderClaimParams {
-    body: string;
+    body?: string | null;
     method: RequestSpec['method'];
     responseMatches: ResponseMatchSpec[];
     responseRedactions: ResponseRedactionSpec[];
     url: string;
 }
+interface HashableHttpProviderClaimParams {
+    body: string;
+    method: RequestSpec['method'];
+    responseMatches: (Omit<ResponseMatchSpec, 'isOptional'>)[];
+    responseRedactions: ResponseRedactionSpec[];
+    url: string;
+}
 type SignedClaim = {
     claim: CompleteClaimData;
     signatures: Uint8Array[];
@@ -172,6 +369,7 @@ type CreateVerificationRequest = {
 type StartSessionParams = {
     onSuccess: OnSuccess;
     onError: OnError;
+    verificationConfig?: VerificationConfig;
 };
 type OnSuccess = (proof?: Proof | Proof[]) => void;
 type OnError = (error: Error) => void;
@@ -190,7 +388,16 @@ type ProofRequestOptions = {
     useBrowserExtension?: boolean;
     extensionID?: string;
     providerVersion?: string;
+    /**
+     * @deprecated Use `portalUrl` instead.
+     */
     customSharePageUrl?: string;
+    /**
+     * URL of the portal/share page for the verification flow.
+     *
+     * @default 'https://portal.reclaimprotocol.org'
+     */
+    portalUrl?: string;
     customAppClipUrl?: string;
     launchOptions?: ReclaimFlowLaunchOptions;
     /**
@@ -226,6 +433,10 @@ type ProofRequestOptions = {
      * @since 4.7.0
      */
     metadata?: Record<string, string>;
+    /**
+     * If true, generates a TEE attestation nonce during session initialization and expects a TEE attestation in the proof.
+     */
+    acceptTeeAttestation?: boolean;
 };
 type ReclaimFlowLaunchOptions = {
     /**
@@ -241,6 +452,18 @@ type ReclaimFlowLaunchOptions = {
      * once fully released. See: https://blog.reclaimprotocol.org/posts/moving-beyond-google-play-instant
      */
     canUseDeferredDeepLinksFlow?: boolean;
+    /**
+     * Verification mode for the flow.
+     *
+     * - `'portal'`: Opens the portal URL in the browser (remote browser verification).
+     * - `'app'`: Native app flow via the share page. If `useAppClip` is `true`, uses App Clip on iOS.
+     *
+     * Can be set at call time via `triggerReclaimFlow({ verificationMode })` or `getRequestUrl({ verificationMode })`,
+     * or at init time via `launchOptions: { verificationMode }`.
+     *
+     * @default 'portal'
+     */
+    verificationMode?: 'app' | 'portal';
 };
 type ModalOptions = {
     title?: string;
@@ -311,6 +534,7 @@ type ProofPropertiesJSON = {
     jsonProofResponse?: boolean;
     resolvedProviderVersion: string;
     modalOptions?: SerializableModalOptions;
+    teeAttestation?: TeeAttestation | string;
 };
 type HttpFormEntry = {
     name: string;
@@ -373,6 +597,14 @@ type TemplateData = {
     metadata?: Record<string, string>;
     preferredLocale?: ProofRequestOptions['preferredLocale'];
 };
+type VerifyProofResult = {
+    isVerified: boolean;
+    isTeeVerified?: boolean;
+    data: {
+        context: Record<string, unknown>;
+        extractedParameters: Record<string, string>;
+    }[];
+};
 type ProviderVersionConfig = {
     major?: number;
     minor?: number;
@@ -391,12 +623,16 @@ type StatusUrlResponse = {
         sessionId: string;
         proofs?: Proof[];
         statusV2: string;
+        error?: {
+            type: string;
+            message: string;
+        };
     };
     providerId?: string;
 };
 type ProviderConfigResponse = {
     message: string;
-    providers?: ReclaimProviderConfig;
+    providers?: ReclaimProviderConfig[];
     providerId?: string;
     providerVersionString?: string;
 };
@@ -410,37 +646,12 @@ interface ReclaimProviderConfig {
     requestData: InterceptorRequestSpec[];
     allowedInjectedRequestData: InjectedRequestSpec[];
 }
-/**
- * Content validation configuration specifying essential required hashes and optional extra proofs.
- * Used to explicitly validate that a generated proof matches the exact request structure expected.
- */
-type ValidationConfigWithHash = {
-    /**
-     * Array of computed hashes that must be satisfied by the proofs.
-     *
-     * An element can be a `HashRequirement` object or a string that is equivalent to
-     * a `{ value: '<hash>', required: true, multiple: false }` as `HashRequirement`.
-     */
-    hashes: (string | HashRequirement)[];
+type ProviderHashRequirementsResponse = {
+    message?: string;
+    hashRequirements?: ProviderHashRequirementsConfig;
+    providerId?: string;
+    providerVersionString?: string;
 };
-/**
- * Legacy configuration to completely bypass content validation during verification.
- * Warning: Using this poses a risk as it avoids strictly matching proof parameters to expected hashes.
- */
-interface ValidationConfigWithDisabledValidation {
-    dangerouslyDisableContentValidation: true;
-}
-/**
- * Represents the configuration options applied when validating proof contents, allowing
- * strict hash checking or intentionally skipping validation if flagged.
- */
-type ValidationConfig = ValidationConfigWithHash | ValidationConfigWithDisabledValidation;
-/**
- * Describes the comprehensive configuration required to initialize the proof verification process.
- * Aligns with `ValidationConfig` options for verifying signatures alongside proof contents.
- */
-type VerificationConfig = ValidationConfig;
 /**
  * Verifies one or more Reclaim proofs by validating signatures, verifying witness information,
@@ -455,27 +666,54 @@ type VerificationConfig = ValidationConfig;
  *
  * @param proofOrProofs - A single proof object or an array of proof objects to be verified.
  * @param config - Verification configuration that specifies required hashes, allowed extra hashes, or disables content validation.
- * @returns Promise<boolean> - Returns `true` if all proofs are successfully verified and validated, `false` otherwise.
- * @throws {ProofNotVerifiedError} When signature validation or identifier mismatch occurs.
- * @throws {ProofNotValidatedError} When no proofs are provided, when the configuration is missing, or when proof content does not match the expectations set in the config.
+ * @param verifyTEE - If `true`, requires and verifies TEE attestation on the proofs. Verification fails if TEE data is missing or invalid.
+ * @returns Verification result with `isVerified`, extracted `data` from each proof, and `isTeeVerified` when `verifyTEE` is `true`
  *
  * @example
  * ```typescript
+ * // Fast and simple automatically fetched verification
+ * const { isVerified, data } = await verifyProof(proof, request.getProviderVersion());
+ *
+ * // With TEE attestation verification (fails if TEE data is missing or invalid)
+ * const { isVerified, isTeeVerified, data } = await verifyProof(proof, request.getProviderVersion(), true);
+ *
+ * // Or, by manually providing the details:
+ *
+ * const { isVerified, data } = await verifyProof(proof, {
+ *   providerId: "YOUR_PROVIDER_ID",
+ *   // The exact provider version used in the session.
+ *   providerVersion: "1.0.0",
+ *   // Optionally provide tags. For example, this can be `['ai']` when you want to allow patches from ai.
+ *   allowedTags: ["ai"]
+ * });
+ *
  * // Validate a single proof against expected hash
- * const isValid = await verifyProof(proof, { hashes: ['0xAbC...'] });
+ * const { isVerified, data } = await verifyProof(proof, { hashes: ['0xAbC...'] });
+ * if (isVerified) {
+ *   console.log(data[0].context);
+ *   console.log(data[0].extractedParameters);
+ * }
  *
  * // Validate multiple proofs
- * const areAllValid = await verifyProof([proof1, proof2], {
+ * const { isVerified, data } = await verifyProof([proof1, proof2], {
  *   hashes: ['0xAbC...', '0xF22..'],
  * });
  *
- * // Validate 1 required proofs, any number of multiple with same hash, and one optional
- * const areAllValid = await verifyProof([proof1, proof2, sameAsProof2], {
- *   hashes: ['0xAbC...', { value: '0xF22..', multiple: true }, { value: '0xE33..', required: false }],
+ * // Validate multiple proofs and handle optional matches or repeated proofs
+ * const { isVerified, data } = await verifyProof([proof1, proof2, sameAsProof2], {
+ *   hashes: [
+ *     // A string hash is perfectly equivalent to { value: '...', required: true, multiple: true }
+ *     '0xStrict1...',
+ *     // An array 'value' means 1 proof can have any 1 matching hash from this list.
+ *     // 'multiple: true' (the default) means any proof matching this hash is allowed to appear multiple times in the list of proofs.
+ *     { value: ['0xOpt1..', '0xOpt2..'], multiple: true },
+ *     // 'required: false' means there can be 0 proofs matching this hash. Such proofs may be optionally present. (Defaults to true).
+ *     { value: '0xE33..', required: false }
+ *   ],
  * });
  * ```
  */
-declare function verifyProof(proofOrProofs: Proof | Proof[], config: VerificationConfig): Promise<boolean>;
+declare function verifyProof(proofOrProofs: Proof | Proof[], config: VerificationConfig, verifyTEE?: boolean): Promise<VerifyProofResult>;
 /**
  * Transforms a Reclaim proof into a format suitable for on-chain verification
  *
@@ -499,6 +737,8 @@ declare class ReclaimProofRequest {
     private sessionId;
     private options?;
     private context;
+    private attestationNonce?;
+    private attestationNonceData?;
     private claimCreationType?;
     private providerId;
     private resolvedProviderVersion?;
@@ -522,13 +762,13 @@ declare class ReclaimProofRequest {
     private readonly FAILURE_TIMEOUT;
     private constructor();
     /**
-     * Initializes a new Reclaim proof request instance with automatic signature generation and session creation
+     * Initializes a new Reclaim proof request instance with automatic signature generation and session creation.
      *
      * @param applicationId - Your Reclaim application ID
      * @param appSecret - Your application secret key for signing requests
      * @param providerId - The ID of the provider to use for proof generation
      * @param options - Optional configuration options for the proof request
-     * @returns Promise<ReclaimProofRequest> - A fully initialized proof request instance
+     * @returns A fully initialized proof request instance
      * @throws {InitError} When initialization fails due to invalid parameters or session creation errors
      *
      * @example
@@ -537,7 +777,7 @@ declare class ReclaimProofRequest {
      *   'your-app-id',
      *   'your-app-secret',
      *   'provider-id',
-     *   { log: true, acceptAiProviders: true }
+     *   { portalUrl: 'https://portal.reclaimprotocol.org', log: true }
      * );
      * ```
      */
@@ -824,6 +1064,8 @@ declare class ReclaimProofRequest {
     private setSignature;
     private generateSignature;
     private clearInterval;
+    private setAttestationContext;
+    private applyAttestationContext;
     private buildSharePageUrl;
     /**
      * Exports the Reclaim proof verification request as a JSON string
@@ -848,13 +1090,15 @@ declare class ReclaimProofRequest {
      */
     private getTemplateData;
     /**
-     * Generates and returns the request URL for proof verification
+     * Generates and returns the request URL for proof verification.
+     *
+     * Defaults to portal mode. Pass `{ verificationMode: 'app' }` for native app flow URLs.
+     *
+     * - Portal mode (default): returns portal URL on all platforms
+     * - App mode: returns share page URL on all platforms
+     * - App mode + `useAppClip: true` on iOS: returns App Clip URL instead
      *
-     * This URL can be shared with users to initiate the proof generation process.
-     * The URL format varies based on device type:
-     * - Mobile iOS: Returns App Clip URL (if useAppClip is enabled)
-     * - Mobile Android: Returns Instant App URL (if useAppClip is enabled)
-     * - Desktop/Other: Returns standard verification URL
+     * Falls back to `launchOptions` set at init time if not passed at call time.
      *
      * @param launchOptions - Optional launch configuration to override default behavior
      * @returns Promise<string> - The generated request URL
@@ -862,19 +1106,25 @@ declare class ReclaimProofRequest {
      *
      * @example
      * ```typescript
-     * const requestUrl = await proofRequest.getRequestUrl();
-     * // Share this URL with users or display as QR code
+     * // Portal URL (default)
+     * const url = await proofRequest.getRequestUrl();
+     *
+     * // Native app flow URL
+     * const url = await proofRequest.getRequestUrl({ verificationMode: 'app' });
      * ```
      */
     getRequestUrl(launchOptions?: ReclaimFlowLaunchOptions): Promise<string>;
     /**
-     * Triggers the appropriate Reclaim verification flow based on device type and configuration
+     * Triggers the appropriate Reclaim verification flow based on device type and configuration.
+     *
+     * Defaults to portal mode (remote browser verification). Pass `{ verificationMode: 'app' }`
+     * for native app flow via the share page.
      *
-     * This method automatically detects the device type and initiates the optimal verification flow:
-     * - Desktop with browser extension: Triggers extension flow
-     * - Desktop without extension: Shows QR code modal
-     * - Mobile Android: Redirects to Instant App
-     * - Mobile iOS: Redirects to App Clip
+     * - Desktop: browser extension takes priority in both modes
+     * - Desktop portal mode (no extension): opens portal in new tab
+     * - Desktop app mode (no extension): shows QR code modal with share page URL
+     * - Mobile portal mode: opens portal in new tab
+     * - Mobile app mode: opens share page (or App Clip on iOS if `useAppClip` is `true`)
      *
      * @param launchOptions - Optional launch configuration to override default behavior
      * @returns Promise<void>
@@ -882,8 +1132,21 @@ declare class ReclaimProofRequest {
      *
      * @example
      * ```typescript
+     * // Portal flow (default)
      * await proofRequest.triggerReclaimFlow();
-     * // The appropriate verification method will be triggered automatically
+     *
+     * // Native app flow
+     * await proofRequest.triggerReclaimFlow({ verificationMode: 'app' });
+     *
+     * // App Clip on iOS (requires useAppClip: true at init)
+     * const request = await ReclaimProofRequest.init(APP_ID, SECRET, PROVIDER, { useAppClip: true });
+     * await request.triggerReclaimFlow({ verificationMode: 'app' });
+     *
+     * // Can also set verificationMode at init time via launchOptions
+     * const request = await ReclaimProofRequest.init(APP_ID, SECRET, PROVIDER, {
+     *   launchOptions: { verificationMode: 'app' }
+     * });
+     * await request.triggerReclaimFlow(); // uses 'app' mode from init
      * ```
      */
     triggerReclaimFlow(launchOptions?: ReclaimFlowLaunchOptions): Promise<void>;
@@ -909,16 +1172,28 @@ declare class ReclaimProofRequest {
     private showQRCodeModal;
     private redirectToInstantApp;
     private redirectToAppClip;
+    /**
+     * Returns the provider id and exact version of the provider that was used in the verification session of this request.
+     *
+     * This can be provided as a config parameter to the `verifyProof` function to verify the proof.
+     *
+     * See also:
+     * * `verifyProof()` - Verifies a proof against the expected provider configuration.
+     * * `getProviderHashRequirements()` - An alternative of this function to get the expected hashes for a provider version by providing providerId and exactProviderVersionString. The result can be provided in verifyProof function's `config` parameter for proof validation.
+     * * `getProviderHashRequirementsFromSpec()` - An alternative of this function to get the expected hashes from a provider spec. The result can be provided in verifyProof function's `config` parameter for proof validation.
+     */
+    getProviderVersion(): ProviderVersionInfo;
     /**
      * Fetches the provider config that was used for this session and returns the hash requirements
      *
      * See also:
+     * * `verifyProof()` - Verifies a proof against the expected provider configuration.
      * * `fetchProviderHashRequirementsBy()` - An alternative of this function to get the expected hashes for a provider version by providing providerId and exactProviderVersionString. The result can be provided in verifyProof function's `config` parameter for proof validation.
      * * `getProviderHashRequirementsFromSpec()` - An alternative of this function to get the expected hashes from a provider spec. The result can be provided in verifyProof function's `config` parameter for proof validation.
      *
-     * @returns A promise that resolves to a ProviderHashRequirementsConfig
+     * @returns A promise that resolves to a `ProviderHashRequirementsConfig` or `ProviderHashRequirementsConfig[]`
      */
-    getProviderHashRequirements(): Promise<ProviderHashRequirementsConfig>;
+    getProviderHashRequirements(proofs: Proof[], allowedTags: string[] | null | undefined): Promise<ProviderHashRequirementsConfig[]>;
     /**
      * Starts the proof request session and monitors for proof submission
      *
@@ -958,7 +1233,7 @@ declare class ReclaimProofRequest {
      * });
      * ```
      */
-    startSession({ onSuccess, onError }: StartSessionParams): Promise<void>;
+    startSession({ onSuccess, onError, verificationConfig }: StartSessionParams): Promise<void>;
     /**
      * Closes the QR code modal if it is currently open
      *
@@ -986,6 +1261,71 @@ declare class ReclaimProofRequest {
     getJsonProofResponse(): boolean;
 }
+/**
+ * Retrieves a shortened URL for the given URL
+ * @param url - The URL to be shortened
+ * @returns A promise that resolves to the shortened URL, or the original URL if shortening fails
+ */
+declare function getShortenedUrl(url: string): Promise<string>;
+/**
+ * Creates a link with embedded template data
+ * @param templateData - The data to be embedded in the link
+ * @param sharePagePath - The path to the share page (optional)
+ * @returns A promise that resolves to the created link (shortened if possible)
+ */
+declare function createLinkWithTemplateData(templateData: TemplateData, sharePagePath?: string): Promise<string>;
+/**
+ * Retrieves the list of witnesses for a given claim
+ */
+declare function getAttestors(): Promise<WitnessData[]>;
+/**
+ * Recovers the signers' addresses from a signed claim
+ * @param claim - The signed claim object
+ * @param signatures - The signatures associated with the claim
+ * @returns An array of recovered signer addresses
+ */
+declare function recoverSignersOfSignedClaim({ claim, signatures }: SignedClaim): string[];
+/**
+ * Asserts that the proof is verified by checking the signatures and witness information
+ * @param proof - The proof to verify
+ * @param attestors - The attestors to check against
+ * @throws {ProofNotVerifiedError} When the proof is not verified
+ */
+declare function assertVerifiedProof(proof: Proof, attestors: WitnessData[]): Promise<void>;
+/**
+ * Initializes a session with the provided parameters
+ * @param providerId - The ID of the provider
+ * @param appId - The ID of the application
+ * @param timestamp - The timestamp of the request
+ * @param signature - The signature for authentication
+ * @returns A promise that resolves to an InitSessionResponse
+ * @throws InitSessionError if the session initialization fails
+ */
+declare function initSession(providerId: string, appId: string, timestamp: string, signature: string, versionNumber?: string): Promise<InitSessionResponse>;
+/**
+ * Updates the status of an existing session
+ * @param sessionId - The ID of the session to update
+ * @param status - The new status of the session
+ * @returns A promise that resolves to the update response
+ * @throws UpdateSessionError if the session update fails
+ */
+declare function updateSession(sessionId: string, status: SessionStatus): Promise<any>;
+/**
+ * Fetches the status URL for a given session ID
+ * @param sessionId - The ID of the session to fetch the status URL for
+ * @returns A promise that resolves to a StatusUrlResponse
+ * @throws StatusUrlError if the status URL fetch fails
+ */
+declare function fetchStatusUrl(sessionId: string): Promise<StatusUrlResponse>;
+declare function fetchProviderConfigs(providerId: string, exactProviderVersionString: string | null | undefined, allowedTags: string[] | null | undefined): Promise<ProviderConfigResponse>;
+/**
+ * Validates the hardware TEE attestation included in the proof.
+ * Throws an error if the attestation is invalid or compromised.
+ */
+declare function verifyTeeAttestation(proof: Proof, expectedApplicationId?: string): Promise<boolean>;
 /**
  * Highly accurate device type detection - returns only 'desktop' or 'mobile'
  * Uses multiple detection methods and scoring system for maximum accuracy
@@ -1013,4 +1353,4 @@ declare function isDesktopDevice(): boolean;
  */
 declare function clearDeviceCache(): void;
-export { type Beacon, type BeaconState, ClaimCreationType, type ClaimID, type ClaimInfo, type CompleteClaimData, type Context, type CreateVerificationRequest, DeviceType, type ExtensionMessage, type HttpFormEntry, type HttpProviderClaimParams, type HttpRedirectionMethod, type HttpRedirectionOptions, type InitSessionResponse, type ModalOptions, type OnError, type OnSuccess, type Proof, type ProofPropertiesJSON, type ProofRequestOptions, type ProviderClaimData, type ProviderConfigResponse, type ProviderVersionConfig, RECLAIM_EXTENSION_ACTIONS, type ReclaimFlowLaunchOptions, ReclaimProofRequest, type ReclaimProviderConfig, type SerializableModalOptions, SessionStatus, type SignedClaim, type StartSessionParams, type StatusUrlResponse, type TemplateData, type UpdateSessionResponse, type WitnessData, clearDeviceCache, getDeviceType, getMobileDeviceType, isDesktopDevice, isMobileDevice, transformForOnchain, verifyProof };
+export { type Beacon, type BeaconState, type BodySniff, ClaimCreationType, type ClaimID, type ClaimInfo, type CompleteClaimData, type Context, type CreateVerificationRequest, DeviceType, type ExtensionMessage, type HashRequirement, type HashableHttpProviderClaimParams, type HttpFormEntry, type HttpProviderClaimParams, type HttpRedirectionMethod, type HttpRedirectionOptions, type InitSessionResponse, type InjectedRequestSpec, type InterceptorRequestSpec, type ModalOptions, type OnError, type OnSuccess, type Proof, type ProofPropertiesJSON, type ProofRequestOptions, type ProviderClaimData, type ProviderConfigResponse, type ProviderHashRequirementSpec, type ProviderHashRequirementsConfig, type ProviderHashRequirementsResponse, type ProviderVersionConfig, type ProviderVersionInfo, RECLAIM_EXTENSION_ACTIONS, type ReclaimFlowLaunchOptions, ReclaimProofRequest, type ReclaimProviderConfig, type RequestSpec, type ResponseMatchSpec, type ResponseRedactionSpec, type SerializableModalOptions, SessionStatus, type SignedClaim, type StartSessionParams, type StatusUrlResponse, type TeeAttestation, type TemplateData, type UpdateSessionResponse, type ValidationConfig, type ValidationConfigWithDisabledValidation, type ValidationConfigWithHash, type ValidationConfigWithProviderInformation, type VerificationConfig, type VerifyProofResult, type WitnessData, assertValidProofsByHash, assertValidateProof, assertVerifiedProof, clearDeviceCache, createLinkWithTemplateData, fetchProviderConfigs, fetchProviderHashRequirementsBy, fetchStatusUrl, generateSpecsFromRequestSpecTemplate, getAttestors, getDeviceType, getHttpProviderClaimParamsFromProof, getMobileDeviceType, getProviderHashRequirementsFromSpec, getShortenedUrl, hashRequestSpec, initSession, isDesktopDevice, isHttpProviderClaimParams, isMobileDevice, recoverSignersOfSignedClaim, takePairsWhereValueIsArray, takeTemplateParametersFromProofs, transformForOnchain, updateSession, verifyProof, verifyTeeAttestation };