npm - @reclaimprotocol/js-sdk - Versions diffs - 5.0.0-dev.1 → 5.0.0-dev.2 - Mend

@reclaimprotocol/js-sdk 5.0.0-dev.1 → 5.0.0-dev.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -1,3 +1,11 @@
+interface TeeAttestation {
+    workload_digest: string;
+    verifier_digest: string;
+    nonce: string;
+    snp_report: string;
+    vlek_cert: string;
+    timestamp: string;
+}
 interface Proof {
     identifier: string;
     claimData: ProviderClaimData;
@@ -8,6 +16,7 @@ interface Proof {
         [key: string]: string;
     };
     taskId?: number;
+    teeAttestation?: TeeAttestation;
 }
 declare const RECLAIM_EXTENSION_ACTIONS: {
     CHECK_EXTENSION: string;
@@ -38,6 +47,14 @@ interface Context {
     contextAddress: string;
     contextMessage: string;
     reclaimSessionId: string;
+    extractedParameters?: Record<string, string>;
+    providerHash?: string;
+    attestationNonce?: string;
+    attestationNonceData?: {
+        applicationId: string;
+        sessionId: string;
+        timestamp: string;
+    };
 }
 interface Beacon {
     getState(epoch?: number): Promise<BeaconState>;
@@ -49,7 +66,73 @@ type BeaconState = {
     witnessesRequiredForClaim: number;
     nextEpochTimestampS: number;
 };
+/**
+ * Information of the exact provider and its version used in the verification session.
+ *
+ * See also:
+ *
+ * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
+ */
+interface ProviderVersionInfo {
+    /**
+     * The identifier of provider used in verifications that resulted in a proof
+     *
+     * See also:
+     *
+     * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
+     */
+    providerId: string;
+    /**
+     * The exact version of provider used in verifications that resulted in a proof.
+     *
+     * This cannot be a version constaint or version expression.
+     *
+     * See also:
+     *
+     * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
+     */
+    providerVersion: string;
+    /**
+     * List of allowed pre-release tags.
+     * For example, if you are using AI, provide `['ai']` to allow AI patch versions of the provider.
+     */
+    allowedTags: string[];
+}
+/**
+ * Fetches the provider configuration by the providerId and its version; and constructs the robust hash requirements needed for proof validation.
+ * It resolves both explicitly required HTTP requests and allowed injected requests based on the provider version.
+ *
+ * See also:
+ *
+ * * `ReclaimProofRequest.getProviderHashRequirements()` - An alternative of this function to get the expected hashes for a proof request. The result can be provided in verifyProof function's `config` parameter for proof validation.
+ * * `getProviderHashRequirementsFromSpec()` - An alternative of this function to get the expected hashes from a provider spec. The result can be provided in verifyProof function's `config` parameter for proof validation.
+ *
+ * @param providerId - The unique identifier of the selected provider.
+ * @param exactProviderVersionString - The specific version string of the provider configuration to ensure deterministic validation.
+ * @returns A promise that resolves to `ProviderHashRequirementsConfig` representing the expected hashes for proof validation.
+ */
+declare function fetchProviderHashRequirementsBy(providerId: string, exactProviderVersionString: string | null | undefined, allowedTags: string[] | null | undefined, proofs?: Proof[]): Promise<ProviderHashRequirementsConfig[]>;
+/**
+ * Generates an array of `RequestSpec` objects by replacing template parameters with their corresponding values.
+ *
+ * If the input template includes `templateParams` (e.g., `['param1', 'param2']`), this function will
+ * cartesian-map (or pairwise-map) the provided `templateParameters` record (e.g., `{ param1: ['v1', 'v2'], param2: ['a1', 'a2'] }`)
+ * to generate multiple unique `RequestSpec` configurations.
+ *
+ * The function ensures that:
+ * 1. Parameters strictly specified in `template.templateParams` are found.
+ * 2. All specified template parameters arrays have the exact same length (pairwise mapping).
+ * 3. String replacements are fully applied (all occurrences) to `responseMatches` (value) and `responseRedactions` (jsonPath, xPath, regex).
+ *
+ * @param requestSpecTemplates - The base template `RequestSpec` containing parameter placeholders.
+ * @param templateParameters - A record mapping parameter names to arrays of strings representing the extracted values.
+ * @returns An array of fully constructed `RequestSpec` objects with templates replaced.
+ * @throws {InvalidRequestSpecError} If required parameters are missing or parameter value arrays have mismatched lengths.
+ */
+declare function generateSpecsFromRequestSpecTemplate(requestSpecTemplates: RequestSpec[], templateParameters: Record<string, string[]>): RequestSpec[];
+declare function takeTemplateParametersFromProofs(proofs?: Proof[]): Record<string, string[]>;
+declare function takePairsWhereValueIsArray(o: Record<string, string> | undefined): Record<string, string[]>;
 /**
  * Transforms a raw provider hash requirement specification into a structured configuration for proof validation.
  * It computes the proof hashes for both required and allowed extra requests to correctly match uploaded proofs.
@@ -91,9 +174,9 @@ type ProviderHashRequirementsConfig = {
  */
 type HashRequirement = {
     /**
-     * The hash value to match
+     * The hash value(s) to match. An array represents multiple valid hashes for optional configurations.
      */
-    value: string;
+    value: string | string[];
     /**
      * Whether the hash is required to be present in the proof.
      * Defaults to true
@@ -138,9 +221,14 @@ interface RequestSpec {
     required?: boolean;
     /**
      * Whether request matching this spec is allowed to appear multiple times in list of proofs.
-     * Defaults to false.
+     * Defaults to true.
      */
     multiple?: boolean;
+    /**
+     * Template parameter variables for the request spec that should be replaced with real values
+     * during dynamic request spec construction.
+     */
+    templateParams?: string[];
 }
 /**
  * Defines the configuration for identifying/sniffing the request body.
@@ -178,16 +266,98 @@ interface ResponseRedactionSpec {
     xPath: string;
 }
+/**
+ * Content validation configuration specifying essential required hashes and optional extra proofs.
+ * Used to explicitly validate that a generated proof matches the exact request structure expected.
+ */
+type ValidationConfigWithHash = {
+    /**
+     * Array of computed hashes that must be satisfied by the proofs.
+     *
+     * An element can be a `HashRequirement` object or a string that is equivalent to
+     * a `{ value: '<hash>', required: true, multiple: false }` as `HashRequirement`.
+     */
+    hashes: (string | HashRequirement)[];
+};
+/**
+ * Content validation configuration specifying the provider id and version used in the verification session that generated the proofs.
+ * Used to explicitly validate that a generated proof matches the exact request structure expected.
+ *
+ * See also:
+ *
+ * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
+ */
+interface ValidationConfigWithProviderInformation {
+    /**
+     * The identifier of provider used in verifications that resulted in a proof
+     *
+     * See also:
+     *
+     * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
+     **/
+    providerId: string;
+    /**
+     * The exact version of provider used in verifications that resulted in a proof.
+     *
+     * This cannot be a version constaint or version expression. It can be undefined or left blank if proof must be validated with latest version of provider.
+     * Patches for the next provider version are also fetched and hashes from that spec is also be used to compare the hashes from proof.
+     *
+     * See also:
+     *
+     * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
+     **/
+    providerVersion?: string;
+    /**
+     * List of allowed pre-release tags.
+     * For example, if you are using AI, provide `['ai']` to allow AI patch versions of the provider.
+     */
+    allowedTags?: string[];
+}
+/**
+ * Legacy configuration to completely bypass content validation during verification.
+ * Warning: Using this poses a risk as it avoids strictly matching proof parameters to expected hashes.
+ */
+interface ValidationConfigWithDisabledValidation {
+    dangerouslyDisableContentValidation: true;
+}
+/**
+ * Represents the configuration options applied when validating proof contents, allowing
+ * strict hash checking or intentionally skipping validation if flagged.
+ */
+type ValidationConfig = ValidationConfigWithHash | ValidationConfigWithProviderInformation | ValidationConfigWithDisabledValidation;
+/**
+ * Describes the comprehensive configuration required to initialize the proof verification process.
+ * Aligns with `ValidationConfig` options for verifying signatures alongside proof contents.
+ */
+type VerificationConfig = ValidationConfig;
+declare function assertValidProofsByHash(proofs: Proof[], config: ProviderHashRequirementsConfig): void;
+declare function isHttpProviderClaimParams(claimParams: unknown): claimParams is HttpProviderClaimParams;
+declare function getHttpProviderClaimParamsFromProof(proof: Proof): HttpProviderClaimParams;
+/**
+ * Asserts that the proof is validated by checking the content of proof with with expectations from provider config or hash based on [options]
+ * @param proofs - The proofs to validate
+ * @param config - The validation config
+ * @throws {ProofNotValidatedError} When the proof is not validated
+ */
+declare function assertValidateProof(proofs: Proof[], config: VerificationConfig): Promise<void>;
 type ClaimID = ProviderClaimData['identifier'];
 type ClaimInfo = Pick<ProviderClaimData, 'context' | 'provider' | 'parameters'>;
 type CompleteClaimData = Pick<ProviderClaimData, 'owner' | 'timestampS' | 'epoch'> & ClaimInfo;
 interface HttpProviderClaimParams {
-    body: string;
+    body?: string | null;
     method: RequestSpec['method'];
     responseMatches: ResponseMatchSpec[];
     responseRedactions: ResponseRedactionSpec[];
     url: string;
 }
+interface HashableHttpProviderClaimParams {
+    body: string;
+    method: RequestSpec['method'];
+    responseMatches: (Omit<ResponseMatchSpec, 'isOptional'>)[];
+    responseRedactions: ResponseRedactionSpec[];
+    url: string;
+}
 type SignedClaim = {
     claim: CompleteClaimData;
     signatures: Uint8Array[];
@@ -199,6 +369,7 @@ type CreateVerificationRequest = {
 type StartSessionParams = {
     onSuccess: OnSuccess;
     onError: OnError;
+    verificationConfig?: VerificationConfig;
 };
 type OnSuccess = (proof?: Proof | Proof[]) => void;
 type OnError = (error: Error) => void;
@@ -217,7 +388,16 @@ type ProofRequestOptions = {
     useBrowserExtension?: boolean;
     extensionID?: string;
     providerVersion?: string;
+    /**
+     * @deprecated Use `portalUrl` instead.
+     */
     customSharePageUrl?: string;
+    /**
+     * URL of the portal/share page for the verification flow.
+     *
+     * @default 'https://portal.reclaimprotocol.org'
+     */
+    portalUrl?: string;
     customAppClipUrl?: string;
     launchOptions?: ReclaimFlowLaunchOptions;
     /**
@@ -253,6 +433,10 @@ type ProofRequestOptions = {
      * @since 4.7.0
      */
     metadata?: Record<string, string>;
+    /**
+     * If true, generates a TEE attestation nonce during session initialization and expects a TEE attestation in the proof.
+     */
+    acceptTeeAttestation?: boolean;
 };
 type ReclaimFlowLaunchOptions = {
     /**
@@ -268,6 +452,18 @@ type ReclaimFlowLaunchOptions = {
      * once fully released. See: https://blog.reclaimprotocol.org/posts/moving-beyond-google-play-instant
      */
     canUseDeferredDeepLinksFlow?: boolean;
+    /**
+     * Verification mode for the flow.
+     *
+     * - `'portal'`: Opens the portal URL in the browser (remote browser verification).
+     * - `'app'`: Native app flow via the share page. If `useAppClip` is `true`, uses App Clip on iOS.
+     *
+     * Can be set at call time via `triggerReclaimFlow({ verificationMode })` or `getRequestUrl({ verificationMode })`,
+     * or at init time via `launchOptions: { verificationMode }`.
+     *
+     * @default 'portal'
+     */
+    verificationMode?: 'app' | 'portal';
 };
 type ModalOptions = {
     title?: string;
@@ -338,6 +534,7 @@ type ProofPropertiesJSON = {
     jsonProofResponse?: boolean;
     resolvedProviderVersion: string;
     modalOptions?: SerializableModalOptions;
+    teeAttestation?: TeeAttestation | string;
 };
 type HttpFormEntry = {
     name: string;
@@ -400,6 +597,14 @@ type TemplateData = {
     metadata?: Record<string, string>;
     preferredLocale?: ProofRequestOptions['preferredLocale'];
 };
+type VerifyProofResult = {
+    isVerified: boolean;
+    isTeeVerified?: boolean;
+    data: {
+        context: Record<string, unknown>;
+        extractedParameters: Record<string, string>;
+    }[];
+};
 type ProviderVersionConfig = {
     major?: number;
     minor?: number;
@@ -418,12 +623,16 @@ type StatusUrlResponse = {
         sessionId: string;
         proofs?: Proof[];
         statusV2: string;
+        error?: {
+            type: string;
+            message: string;
+        };
     };
     providerId?: string;
 };
 type ProviderConfigResponse = {
     message: string;
-    providers?: ReclaimProviderConfig;
+    providers?: ReclaimProviderConfig[];
     providerId?: string;
     providerVersionString?: string;
 };
@@ -437,47 +646,12 @@ interface ReclaimProviderConfig {
     requestData: InterceptorRequestSpec[];
     allowedInjectedRequestData: InjectedRequestSpec[];
 }
-/**
- * Content validation configuration specifying essential required hashes and optional extra proofs.
- * Used to explicitly validate that a generated proof matches the exact request structure expected.
- */
-type ValidationConfigWithHash = {
-    /**
-     * Array of computed hashes that must be satisfied by the proofs.
-     *
-     * An element can be a `HashRequirement` object or a string that is equivalent to
-     * a `{ value: '<hash>', required: true, multiple: false }` as `HashRequirement`.
-     */
-    hashes: (string | HashRequirement)[];
+type ProviderHashRequirementsResponse = {
+    message?: string;
+    hashRequirements?: ProviderHashRequirementsConfig;
+    providerId?: string;
+    providerVersionString?: string;
 };
-/**
- * Legacy configuration to completely bypass content validation during verification.
- * Warning: Using this poses a risk as it avoids strictly matching proof parameters to expected hashes.
- */
-interface ValidationConfigWithDisabledValidation {
-    dangerouslyDisableContentValidation: true;
-}
-/**
- * Represents the configuration options applied when validating proof contents, allowing
- * strict hash checking or intentionally skipping validation if flagged.
- */
-type ValidationConfig = ValidationConfigWithHash | ValidationConfigWithDisabledValidation;
-/**
- * Describes the comprehensive configuration required to initialize the proof verification process.
- * Aligns with `ValidationConfig` options for verifying signatures alongside proof contents.
- */
-type VerificationConfig = ValidationConfig;
-declare function assertValidProofsByHash(proofs: Proof[], config: ProviderHashRequirementsConfig): void;
-declare function isHttpProviderClaimParams(claimParams: unknown): claimParams is HttpProviderClaimParams;
-declare function getHttpProviderClaimParamsFromProof(proof: Proof): HttpProviderClaimParams;
-/**
- * Asserts that the proof is validated by checking the content of proof with with expectations from provider config or hash based on [options]
- * @param proofs - The proofs to validate
- * @param config - The validation config
- * @throws {ProofNotValidatedError} When the proof is not validated
- */
-declare function assertValidateProof(proofs: Proof[], config: VerificationConfig): void;
 /**
  * Verifies one or more Reclaim proofs by validating signatures, verifying witness information,
@@ -492,27 +666,54 @@ declare function assertValidateProof(proofs: Proof[], config: VerificationConfig
  *
  * @param proofOrProofs - A single proof object or an array of proof objects to be verified.
  * @param config - Verification configuration that specifies required hashes, allowed extra hashes, or disables content validation.
- * @returns Promise<boolean> - Returns `true` if all proofs are successfully verified and validated, `false` otherwise.
- * @throws {ProofNotVerifiedError} When signature validation or identifier mismatch occurs.
- * @throws {ProofNotValidatedError} When no proofs are provided, when the configuration is missing, or when proof content does not match the expectations set in the config.
+ * @param verifyTEE - If `true`, requires and verifies TEE attestation on the proofs. Verification fails if TEE data is missing or invalid.
+ * @returns Verification result with `isVerified`, extracted `data` from each proof, and `isTeeVerified` when `verifyTEE` is `true`
  *
  * @example
  * ```typescript
+ * // Fast and simple automatically fetched verification
+ * const { isVerified, data } = await verifyProof(proof, request.getProviderVersion());
+ *
+ * // With TEE attestation verification (fails if TEE data is missing or invalid)
+ * const { isVerified, isTeeVerified, data } = await verifyProof(proof, request.getProviderVersion(), true);
+ *
+ * // Or, by manually providing the details:
+ *
+ * const { isVerified, data } = await verifyProof(proof, {
+ *   providerId: "YOUR_PROVIDER_ID",
+ *   // The exact provider version used in the session.
+ *   providerVersion: "1.0.0",
+ *   // Optionally provide tags. For example, this can be `['ai']` when you want to allow patches from ai.
+ *   allowedTags: ["ai"]
+ * });
+ *
  * // Validate a single proof against expected hash
- * const isValid = await verifyProof(proof, { hashes: ['0xAbC...'] });
+ * const { isVerified, data } = await verifyProof(proof, { hashes: ['0xAbC...'] });
+ * if (isVerified) {
+ *   console.log(data[0].context);
+ *   console.log(data[0].extractedParameters);
+ * }
  *
  * // Validate multiple proofs
- * const areAllValid = await verifyProof([proof1, proof2], {
+ * const { isVerified, data } = await verifyProof([proof1, proof2], {
  *   hashes: ['0xAbC...', '0xF22..'],
  * });
  *
- * // Validate 1 required proofs, any number of multiple with same hash, and one optional
- * const areAllValid = await verifyProof([proof1, proof2, sameAsProof2], {
- *   hashes: ['0xAbC...', { value: '0xF22..', multiple: true }, { value: '0xE33..', required: false }],
+ * // Validate multiple proofs and handle optional matches or repeated proofs
+ * const { isVerified, data } = await verifyProof([proof1, proof2, sameAsProof2], {
+ *   hashes: [
+ *     // A string hash is perfectly equivalent to { value: '...', required: true, multiple: true }
+ *     '0xStrict1...',
+ *     // An array 'value' means 1 proof can have any 1 matching hash from this list.
+ *     // 'multiple: true' (the default) means any proof matching this hash is allowed to appear multiple times in the list of proofs.
+ *     { value: ['0xOpt1..', '0xOpt2..'], multiple: true },
+ *     // 'required: false' means there can be 0 proofs matching this hash. Such proofs may be optionally present. (Defaults to true).
+ *     { value: '0xE33..', required: false }
+ *   ],
  * });
  * ```
  */
-declare function verifyProof(proofOrProofs: Proof | Proof[], config: VerificationConfig): Promise<boolean>;
+declare function verifyProof(proofOrProofs: Proof | Proof[], config: VerificationConfig, verifyTEE?: boolean): Promise<VerifyProofResult>;
 /**
  * Transforms a Reclaim proof into a format suitable for on-chain verification
  *
@@ -536,6 +737,8 @@ declare class ReclaimProofRequest {
     private sessionId;
     private options?;
     private context;
+    private attestationNonce?;
+    private attestationNonceData?;
     private claimCreationType?;
     private providerId;
     private resolvedProviderVersion?;
@@ -559,13 +762,13 @@ declare class ReclaimProofRequest {
     private readonly FAILURE_TIMEOUT;
     private constructor();
     /**
-     * Initializes a new Reclaim proof request instance with automatic signature generation and session creation
+     * Initializes a new Reclaim proof request instance with automatic signature generation and session creation.
      *
      * @param applicationId - Your Reclaim application ID
      * @param appSecret - Your application secret key for signing requests
      * @param providerId - The ID of the provider to use for proof generation
      * @param options - Optional configuration options for the proof request
-     * @returns Promise<ReclaimProofRequest> - A fully initialized proof request instance
+     * @returns A fully initialized proof request instance
      * @throws {InitError} When initialization fails due to invalid parameters or session creation errors
      *
      * @example
@@ -574,7 +777,7 @@ declare class ReclaimProofRequest {
      *   'your-app-id',
      *   'your-app-secret',
      *   'provider-id',
-     *   { log: true, acceptAiProviders: true }
+     *   { portalUrl: 'https://portal.reclaimprotocol.org', log: true }
      * );
      * ```
      */
@@ -861,6 +1064,8 @@ declare class ReclaimProofRequest {
     private setSignature;
     private generateSignature;
     private clearInterval;
+    private setAttestationContext;
+    private applyAttestationContext;
     private buildSharePageUrl;
     /**
      * Exports the Reclaim proof verification request as a JSON string
@@ -885,13 +1090,15 @@ declare class ReclaimProofRequest {
      */
     private getTemplateData;
     /**
-     * Generates and returns the request URL for proof verification
+     * Generates and returns the request URL for proof verification.
+     *
+     * Defaults to portal mode. Pass `{ verificationMode: 'app' }` for native app flow URLs.
      *
-     * This URL can be shared with users to initiate the proof generation process.
-     * The URL format varies based on device type:
-     * - Mobile iOS: Returns App Clip URL (if useAppClip is enabled)
-     * - Mobile Android: Returns Instant App URL (if useAppClip is enabled)
-     * - Desktop/Other: Returns standard verification URL
+     * - Portal mode (default): returns portal URL on all platforms
+     * - App mode: returns share page URL on all platforms
+     * - App mode + `useAppClip: true` on iOS: returns App Clip URL instead
+     *
+     * Falls back to `launchOptions` set at init time if not passed at call time.
      *
      * @param launchOptions - Optional launch configuration to override default behavior
      * @returns Promise<string> - The generated request URL
@@ -899,19 +1106,25 @@ declare class ReclaimProofRequest {
      *
      * @example
      * ```typescript
-     * const requestUrl = await proofRequest.getRequestUrl();
-     * // Share this URL with users or display as QR code
+     * // Portal URL (default)
+     * const url = await proofRequest.getRequestUrl();
+     *
+     * // Native app flow URL
+     * const url = await proofRequest.getRequestUrl({ verificationMode: 'app' });
      * ```
      */
     getRequestUrl(launchOptions?: ReclaimFlowLaunchOptions): Promise<string>;
     /**
-     * Triggers the appropriate Reclaim verification flow based on device type and configuration
+     * Triggers the appropriate Reclaim verification flow based on device type and configuration.
+     *
+     * Defaults to portal mode (remote browser verification). Pass `{ verificationMode: 'app' }`
+     * for native app flow via the share page.
      *
-     * This method automatically detects the device type and initiates the optimal verification flow:
-     * - Desktop with browser extension: Triggers extension flow
-     * - Desktop without extension: Shows QR code modal
-     * - Mobile Android: Redirects to Instant App
-     * - Mobile iOS: Redirects to App Clip
+     * - Desktop: browser extension takes priority in both modes
+     * - Desktop portal mode (no extension): opens portal in new tab
+     * - Desktop app mode (no extension): shows QR code modal with share page URL
+     * - Mobile portal mode: opens portal in new tab
+     * - Mobile app mode: opens share page (or App Clip on iOS if `useAppClip` is `true`)
      *
      * @param launchOptions - Optional launch configuration to override default behavior
      * @returns Promise<void>
@@ -919,8 +1132,21 @@ declare class ReclaimProofRequest {
      *
      * @example
      * ```typescript
+     * // Portal flow (default)
      * await proofRequest.triggerReclaimFlow();
-     * // The appropriate verification method will be triggered automatically
+     *
+     * // Native app flow
+     * await proofRequest.triggerReclaimFlow({ verificationMode: 'app' });
+     *
+     * // App Clip on iOS (requires useAppClip: true at init)
+     * const request = await ReclaimProofRequest.init(APP_ID, SECRET, PROVIDER, { useAppClip: true });
+     * await request.triggerReclaimFlow({ verificationMode: 'app' });
+     *
+     * // Can also set verificationMode at init time via launchOptions
+     * const request = await ReclaimProofRequest.init(APP_ID, SECRET, PROVIDER, {
+     *   launchOptions: { verificationMode: 'app' }
+     * });
+     * await request.triggerReclaimFlow(); // uses 'app' mode from init
      * ```
      */
     triggerReclaimFlow(launchOptions?: ReclaimFlowLaunchOptions): Promise<void>;
@@ -946,16 +1172,28 @@ declare class ReclaimProofRequest {
     private showQRCodeModal;
     private redirectToInstantApp;
     private redirectToAppClip;
+    /**
+     * Returns the provider id and exact version of the provider that was used in the verification session of this request.
+     *
+     * This can be provided as a config parameter to the `verifyProof` function to verify the proof.
+     *
+     * See also:
+     * * `verifyProof()` - Verifies a proof against the expected provider configuration.
+     * * `getProviderHashRequirements()` - An alternative of this function to get the expected hashes for a provider version by providing providerId and exactProviderVersionString. The result can be provided in verifyProof function's `config` parameter for proof validation.
+     * * `getProviderHashRequirementsFromSpec()` - An alternative of this function to get the expected hashes from a provider spec. The result can be provided in verifyProof function's `config` parameter for proof validation.
+     */
+    getProviderVersion(): ProviderVersionInfo;
     /**
      * Fetches the provider config that was used for this session and returns the hash requirements
      *
      * See also:
+     * * `verifyProof()` - Verifies a proof against the expected provider configuration.
      * * `fetchProviderHashRequirementsBy()` - An alternative of this function to get the expected hashes for a provider version by providing providerId and exactProviderVersionString. The result can be provided in verifyProof function's `config` parameter for proof validation.
      * * `getProviderHashRequirementsFromSpec()` - An alternative of this function to get the expected hashes from a provider spec. The result can be provided in verifyProof function's `config` parameter for proof validation.
      *
-     * @returns A promise that resolves to a ProviderHashRequirementsConfig
+     * @returns A promise that resolves to a `ProviderHashRequirementsConfig` or `ProviderHashRequirementsConfig[]`
      */
-    getProviderHashRequirements(): Promise<ProviderHashRequirementsConfig>;
+    getProviderHashRequirements(proofs: Proof[], allowedTags: string[] | null | undefined): Promise<ProviderHashRequirementsConfig[]>;
     /**
      * Starts the proof request session and monitors for proof submission
      *
@@ -995,7 +1233,7 @@ declare class ReclaimProofRequest {
      * });
      * ```
      */
-    startSession({ onSuccess, onError }: StartSessionParams): Promise<void>;
+    startSession({ onSuccess, onError, verificationConfig }: StartSessionParams): Promise<void>;
     /**
      * Closes the QR code modal if it is currently open
      *
@@ -1080,21 +1318,13 @@ declare function updateSession(sessionId: string, status: SessionStatus): Promis
  * @throws StatusUrlError if the status URL fetch fails
  */
 declare function fetchStatusUrl(sessionId: string): Promise<StatusUrlResponse>;
-declare function fetchProviderConfig(providerId: string, exactProviderVersionString: string): Promise<ProviderConfigResponse>;
+declare function fetchProviderConfigs(providerId: string, exactProviderVersionString: string | null | undefined, allowedTags: string[] | null | undefined): Promise<ProviderConfigResponse>;
 /**
- * Fetches the provider configuration by the providerId and its version; and constructs the robust hash requirements needed for proof validation.
- * It resolves both explicitly required HTTP requests and allowed injected requests based on the provider version.
- *
- * See also:
- *
- * * `ReclaimProofRequest.getProviderHashRequirements()` - An alternative of this function to get the expected hashes for a proof request. The result can be provided in verifyProof function's `config` parameter for proof validation.
- * * `getProviderHashRequirementsFromSpec()` - An alternative of this function to get the expected hashes from a provider spec. The result can be provided in verifyProof function's `config` parameter for proof validation.
- *
- * @param providerId - The unique identifier of the selected provider.
- * @param exactProviderVersion - The specific version string of the provider configuration to ensure deterministic validation.
- * @returns A promise that resolves to `ProviderHashRequirementsConfig` representing the expected hashes for proof validation.
+ * Validates the hardware TEE attestation included in the proof.
+ * Throws an error if the attestation is invalid or compromised.
  */
-declare function fetchProviderHashRequirementsBy(providerId: string, exactProviderVersion: string): Promise<ProviderHashRequirementsConfig>;
+declare function verifyTeeAttestation(proof: Proof, expectedApplicationId?: string): Promise<boolean>;
 /**
  * Highly accurate device type detection - returns only 'desktop' or 'mobile'
@@ -1123,4 +1353,4 @@ declare function isDesktopDevice(): boolean;
  */
 declare function clearDeviceCache(): void;
-export { type Beacon, type BeaconState, type BodySniff, ClaimCreationType, type ClaimID, type ClaimInfo, type CompleteClaimData, type Context, type CreateVerificationRequest, DeviceType, type ExtensionMessage, type HashRequirement, type HttpFormEntry, type HttpProviderClaimParams, type HttpRedirectionMethod, type HttpRedirectionOptions, type InitSessionResponse, type InjectedRequestSpec, type InterceptorRequestSpec, type ModalOptions, type OnError, type OnSuccess, type Proof, type ProofPropertiesJSON, type ProofRequestOptions, type ProviderClaimData, type ProviderConfigResponse, type ProviderHashRequirementSpec, type ProviderHashRequirementsConfig, type ProviderVersionConfig, RECLAIM_EXTENSION_ACTIONS, type ReclaimFlowLaunchOptions, ReclaimProofRequest, type ReclaimProviderConfig, type RequestSpec, type ResponseMatchSpec, type ResponseRedactionSpec, type SerializableModalOptions, SessionStatus, type SignedClaim, type StartSessionParams, type StatusUrlResponse, type TemplateData, type UpdateSessionResponse, type ValidationConfig, type ValidationConfigWithDisabledValidation, type ValidationConfigWithHash, type VerificationConfig, type WitnessData, assertValidProofsByHash, assertValidateProof, assertVerifiedProof, clearDeviceCache, createLinkWithTemplateData, fetchProviderConfig, fetchProviderHashRequirementsBy, fetchStatusUrl, getAttestors, getDeviceType, getHttpProviderClaimParamsFromProof, getMobileDeviceType, getProviderHashRequirementsFromSpec, getShortenedUrl, hashRequestSpec, initSession, isDesktopDevice, isHttpProviderClaimParams, isMobileDevice, recoverSignersOfSignedClaim, transformForOnchain, updateSession, verifyProof };
+export { type Beacon, type BeaconState, type BodySniff, ClaimCreationType, type ClaimID, type ClaimInfo, type CompleteClaimData, type Context, type CreateVerificationRequest, DeviceType, type ExtensionMessage, type HashRequirement, type HashableHttpProviderClaimParams, type HttpFormEntry, type HttpProviderClaimParams, type HttpRedirectionMethod, type HttpRedirectionOptions, type InitSessionResponse, type InjectedRequestSpec, type InterceptorRequestSpec, type ModalOptions, type OnError, type OnSuccess, type Proof, type ProofPropertiesJSON, type ProofRequestOptions, type ProviderClaimData, type ProviderConfigResponse, type ProviderHashRequirementSpec, type ProviderHashRequirementsConfig, type ProviderHashRequirementsResponse, type ProviderVersionConfig, type ProviderVersionInfo, RECLAIM_EXTENSION_ACTIONS, type ReclaimFlowLaunchOptions, ReclaimProofRequest, type ReclaimProviderConfig, type RequestSpec, type ResponseMatchSpec, type ResponseRedactionSpec, type SerializableModalOptions, SessionStatus, type SignedClaim, type StartSessionParams, type StatusUrlResponse, type TeeAttestation, type TemplateData, type UpdateSessionResponse, type ValidationConfig, type ValidationConfigWithDisabledValidation, type ValidationConfigWithHash, type ValidationConfigWithProviderInformation, type VerificationConfig, type VerifyProofResult, type WitnessData, assertValidProofsByHash, assertValidateProof, assertVerifiedProof, clearDeviceCache, createLinkWithTemplateData, fetchProviderConfigs, fetchProviderHashRequirementsBy, fetchStatusUrl, generateSpecsFromRequestSpecTemplate, getAttestors, getDeviceType, getHttpProviderClaimParamsFromProof, getMobileDeviceType, getProviderHashRequirementsFromSpec, getShortenedUrl, hashRequestSpec, initSession, isDesktopDevice, isHttpProviderClaimParams, isMobileDevice, recoverSignersOfSignedClaim, takePairsWhereValueIsArray, takeTemplateParametersFromProofs, transformForOnchain, updateSession, verifyProof, verifyTeeAttestation };