@reclaimprotocol/js-sdk 5.0.0-dev.2 → 5.0.0-dev.4

package/dist/index.d.ts

@@ -133,6 +133,16 @@ declare function fetchProviderHashRequirementsBy(providerId: string, exactProvid
 declare function generateSpecsFromRequestSpecTemplate(requestSpecTemplates: RequestSpec[], templateParameters: Record<string, string[]>): RequestSpec[];
 declare function takeTemplateParametersFromProofs(proofs?: Proof[]): Record<string, string[]>;
 declare function takePairsWhereValueIsArray(o: Record<string, string> | undefined): Record<string, string[]>;
+/**
+ * Builds and returns raw hash requirement spec that can be used with `getProviderHashRequirementsFromSpec` to computes the expected proof hashes for a provider configuration
+ * by combining its explicitly required requests and allowed injected requests.
+ * It resolves template parameters from provided proofs to generate the final request specifications.
+ *
+ * @param providerConfig - The provider configuration containing request data and allowed injected requests.
+ * @param proofs - Optional array of proofs used to extract template parameters for resolving placeholders in injected requests.
+ * @returns A structured configuration containing that can be used with `getProviderHashRequirementsFromSpec` to compute the hashes.
+ */
+declare function getProviderHashRequirementSpecFromProviderConfig(providerConfig: ReclaimProviderConfigWithRequestSpec, proofs?: Proof[]): ProviderHashRequirementSpec;
 /**
  * Transforms a raw provider hash requirement specification into a structured configuration for proof validation.
  * It computes the proof hashes for both required and allowed extra requests to correctly match uploaded proofs.
@@ -188,6 +198,10 @@ type HashRequirement = {
      */
     multiple?: boolean;
 };
+interface ReclaimProviderConfigWithRequestSpec {
+    requestData: InterceptorRequestSpec[];
+    allowedInjectedRequestData: InjectedRequestSpec[];
+}
 /**
  * Specific marker interface for intercepted request specifications.
  */
@@ -257,7 +271,7 @@ interface ResponseMatchSpec {
  */
 interface ResponseRedactionSpec {
     /** Optional hashing method applied to the redacted content (e.g., 'oprf') */
-    hash?: "oprf" | undefined;
+    hash?: "oprf" | "oprf-mpc" | undefined;
     /** JSON path for locating the value to redact */
     jsonPath: string;
     /** RegEx applied to correctly parse and extract/redact value */
@@ -266,81 +280,6 @@ interface ResponseRedactionSpec {
     xPath: string;
 }
 
-/**
- * Content validation configuration specifying essential required hashes and optional extra proofs.
- * Used to explicitly validate that a generated proof matches the exact request structure expected.
- */
-type ValidationConfigWithHash = {
-    /**
-     * Array of computed hashes that must be satisfied by the proofs.
-     *
-     * An element can be a `HashRequirement` object or a string that is equivalent to
-     * a `{ value: '<hash>', required: true, multiple: false }` as `HashRequirement`.
-     */
-    hashes: (string | HashRequirement)[];
-};
-/**
- * Content validation configuration specifying the provider id and version used in the verification session that generated the proofs.
- * Used to explicitly validate that a generated proof matches the exact request structure expected.
- *
- * See also:
- *
- * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
- */
-interface ValidationConfigWithProviderInformation {
-    /**
-     * The identifier of provider used in verifications that resulted in a proof
-     *
-     * See also:
-     *
-     * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
-     **/
-    providerId: string;
-    /**
-     * The exact version of provider used in verifications that resulted in a proof.
-     *
-     * This cannot be a version constaint or version expression. It can be undefined or left blank if proof must be validated with latest version of provider.
-     * Patches for the next provider version are also fetched and hashes from that spec is also be used to compare the hashes from proof.
-     *
-     * See also:
-     *
-     * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
-     **/
-    providerVersion?: string;
-    /**
-     * List of allowed pre-release tags.
-     * For example, if you are using AI, provide `['ai']` to allow AI patch versions of the provider.
-     */
-    allowedTags?: string[];
-}
-/**
- * Legacy configuration to completely bypass content validation during verification.
- * Warning: Using this poses a risk as it avoids strictly matching proof parameters to expected hashes.
- */
-interface ValidationConfigWithDisabledValidation {
-    dangerouslyDisableContentValidation: true;
-}
-/**
- * Represents the configuration options applied when validating proof contents, allowing
- * strict hash checking or intentionally skipping validation if flagged.
- */
-type ValidationConfig = ValidationConfigWithHash | ValidationConfigWithProviderInformation | ValidationConfigWithDisabledValidation;
-/**
- * Describes the comprehensive configuration required to initialize the proof verification process.
- * Aligns with `ValidationConfig` options for verifying signatures alongside proof contents.
- */
-type VerificationConfig = ValidationConfig;
-declare function assertValidProofsByHash(proofs: Proof[], config: ProviderHashRequirementsConfig): void;
-declare function isHttpProviderClaimParams(claimParams: unknown): claimParams is HttpProviderClaimParams;
-declare function getHttpProviderClaimParamsFromProof(proof: Proof): HttpProviderClaimParams;
-/**
- * Asserts that the proof is validated by checking the content of proof with with expectations from provider config or hash based on [options]
- * @param proofs - The proofs to validate
- * @param config - The validation config
- * @throws {ProofNotValidatedError} When the proof is not validated
- */
-declare function assertValidateProof(proofs: Proof[], config: VerificationConfig): Promise<void>;
-
 type ClaimID = ProviderClaimData['identifier'];
 type ClaimInfo = Pick<ProviderClaimData, 'context' | 'provider' | 'parameters'>;
 type CompleteClaimData = Pick<ProviderClaimData, 'owner' | 'timestampS' | 'epoch'> & ClaimInfo;
@@ -369,7 +308,6 @@ type CreateVerificationRequest = {
 type StartSessionParams = {
     onSuccess: OnSuccess;
     onError: OnError;
-    verificationConfig?: VerificationConfig;
 };
 type OnSuccess = (proof?: Proof | Proof[]) => void;
 type OnError = (error: Error) => void;
@@ -456,7 +394,7 @@ type ReclaimFlowLaunchOptions = {
      * Verification mode for the flow.
      *
      * - `'portal'`: Opens the portal URL in the browser (remote browser verification).
-     * - `'app'`: Native app flow via the share page. If `useAppClip` is `true`, uses App Clip on iOS.
+     * - `'app'`: Verifier app flow via the share page. If `useAppClip` is `true`, uses App Clip on iOS.
      *
      * Can be set at call time via `triggerReclaimFlow({ verificationMode })` or `getRequestUrl({ verificationMode })`,
      * or at init time via `launchOptions: { verificationMode }`.
@@ -464,7 +402,28 @@ type ReclaimFlowLaunchOptions = {
      * @default 'portal'
      */
     verificationMode?: 'app' | 'portal';
+    /**
+     * Target DOM element to embed the verification flow in an iframe.
+     * When provided, the portal opens inside the element instead of a new tab.
+     * Use `closeEmbeddedFlow()` to remove the iframe programmatically.
+     *
+     * Only applies to portal mode.
+     */
+    target?: HTMLElement;
 };
+/**
+ * Handle returned by `triggerReclaimFlow` to control the launched flow.
+ */
+type FlowHandle = {
+    /** Closes the flow (removes iframe, closes tab, stops polling) */
+    close: () => void;
+    /** The iframe element when using embedded mode, `undefined` otherwise */
+    iframe?: HTMLIFrameElement;
+    /** The tab/window reference when using new tab mode, `undefined` otherwise */
+    tab?: Window | null;
+};
+/** Alias for `FlowHandle` */
+type EmbeddedFlowHandle = FlowHandle;
 type ModalOptions = {
     title?: string;
     description?: string;
@@ -544,7 +503,7 @@ type HttpRedirectionMethod = 'GET' | 'POST';
 /**
  * Options for HTTP redirection.
  *
- * Only supported by In-Browser SDK.
+ * Only supported by Portal flow.
  * On other SDKs, this will be ignored and a GET redirection will be performed with the URL.
  *
  * @since 4.11.0
@@ -597,13 +556,15 @@ type TemplateData = {
     metadata?: Record<string, string>;
     preferredLocale?: ProofRequestOptions['preferredLocale'];
 };
+type TrustedData = {
+    context: Record<string, unknown>;
+    extractedParameters: Record<string, string>;
+};
 type VerifyProofResult = {
     isVerified: boolean;
     isTeeVerified?: boolean;
-    data: {
-        context: Record<string, unknown>;
-        extractedParameters: Record<string, string>;
-    }[];
+    data: TrustedData[];
+    error?: Error;
 };
 type ProviderVersionConfig = {
     major?: number;
@@ -636,15 +597,13 @@ type ProviderConfigResponse = {
     providerId?: string;
     providerVersionString?: string;
 };
-interface ReclaimProviderConfig {
+interface ReclaimProviderConfig extends ReclaimProviderConfigWithRequestSpec {
     loginUrl: string;
     customInjection: string;
     geoLocation: string;
     injectionType: string;
     disableRequestReplay: boolean;
     verificationType: string;
-    requestData: InterceptorRequestSpec[];
-    allowedInjectedRequestData: InjectedRequestSpec[];
 }
 type ProviderHashRequirementsResponse = {
     message?: string;
@@ -653,6 +612,88 @@ type ProviderHashRequirementsResponse = {
     providerVersionString?: string;
 };
 
+/**
+ * Content validation configuration specifying essential required hashes and optional extra proofs.
+ * Used to explicitly validate that a generated proof matches the exact request structure expected.
+ */
+type ValidationConfigWithHash = {
+    /**
+     * Array of computed hashes that must be satisfied by the proofs.
+     *
+     * An element can be a `HashRequirement` object or a string that is equivalent to
+     * a `{ value: '<hash>', required: true, multiple: false }` as `HashRequirement`.
+     */
+    hashes: (string | HashRequirement)[];
+};
+/**
+ * Content validation configuration specifying the provider id and version used in the verification session that generated the proofs.
+ * Used to explicitly validate that a generated proof matches the exact request structure expected.
+ *
+ * See also:
+ *
+ * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
+ */
+interface ValidationConfigWithProviderInformation {
+    /**
+     * The identifier of provider used in verifications that resulted in a proof
+     *
+     * See also:
+     *
+     * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
+     **/
+    providerId: string;
+    /**
+     * The exact version of provider used in verifications that resulted in a proof.
+     *
+     * This cannot be a version constaint or version expression. It can be undefined or left blank if proof must be validated with latest version of provider.
+     * Patches for the next provider version are also fetched and hashes from that spec is also be used to compare the hashes from proof.
+     *
+     * See also:
+     *
+     * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
+     **/
+    providerVersion?: string;
+    /**
+     * List of allowed pre-release tags.
+     * For example, if you are using AI, provide `['ai']` to allow AI patch versions of the provider.
+     */
+    allowedTags?: string[];
+}
+/**
+ * Legacy configuration to completely bypass content validation during verification.
+ * Warning: Using this poses a risk as it avoids strictly matching proof parameters to expected hashes.
+ */
+interface ValidationConfigWithDisabledValidation {
+    dangerouslyDisableContentValidation: true;
+}
+/**
+ * Represents the configuration options applied when validating proof contents, allowing
+ * strict hash checking or intentionally skipping validation if flagged.
+ */
+type ValidationConfig = ValidationConfigWithHash | ValidationConfigWithProviderInformation | ValidationConfigWithDisabledValidation;
+/**
+ * Describes the comprehensive configuration required to initialize the proof verification process.
+ * Aligns with `ValidationConfig` options for verifying signatures alongside proof contents.
+ */
+type VerificationConfig = ValidationConfig & {
+    /**
+     * If true, verifies TEE (Trusted Execution Environment) attestation included in the proof.
+     * When enabled, the result will include `isTeeVerified` and `isVerified` will be false
+     * if TEE data is missing or TEE verification fails.
+     */
+    verifyTEE?: boolean;
+};
+declare function assertValidProofsByHash(proofs: Proof[], config: ProviderHashRequirementsConfig): void;
+declare function isHttpProviderClaimParams(claimParams: unknown): claimParams is HttpProviderClaimParams;
+declare function getHttpProviderClaimParamsFromProof(proof: Proof): HttpProviderClaimParams;
+/**
+ * Asserts that the proof is validated by checking the content of proof with with expectations from provider config or hash based on [options]
+ * @param proofs - The proofs to validate
+ * @param config - The validation config
+ * @throws {ProofNotValidatedError} When the proof is not validated
+ */
+declare function assertValidateProof(proofs: Proof[], config: VerificationConfig): Promise<void>;
+
 /**
  * Verifies one or more Reclaim proofs by validating signatures, verifying witness information,
  * and performing content validation against the expected configuration.
@@ -665,9 +706,8 @@ type ProviderHashRequirementsResponse = {
  * * All 3 functions above are alternatives of each other and result from these functions can be directly used as `config` parameter in this function for proof validation.
  *
  * @param proofOrProofs - A single proof object or an array of proof objects to be verified.
- * @param config - Verification configuration that specifies required hashes, allowed extra hashes, or disables content validation.
- * @param verifyTEE - If `true`, requires and verifies TEE attestation on the proofs. Verification fails if TEE data is missing or invalid.
- * @returns Verification result with `isVerified`, extracted `data` from each proof, and `isTeeVerified` when `verifyTEE` is `true`
+ * @param config - Verification configuration that specifies required hashes, allowed extra hashes, or disables content validation. Optionally includes `verifyTEE` to require TEE attestation verification.
+ * @returns Verification result with `isVerified`, extracted `data` from each proof, optional `error` on failure, and `isTeeVerified` when `verifyTEE` is enabled.
  *
  * @example
  * ```typescript
@@ -675,7 +715,7 @@ type ProviderHashRequirementsResponse = {
  * const { isVerified, data } = await verifyProof(proof, request.getProviderVersion());
  *
  * // With TEE attestation verification (fails if TEE data is missing or invalid)
- * const { isVerified, isTeeVerified, data } = await verifyProof(proof, request.getProviderVersion(), true);
+ * const { isVerified, isTeeVerified, data } = await verifyProof(proof, { ...request.getProviderVersion(), verifyTEE: true });
  *
  * // Or, by manually providing the details:
  *
@@ -713,7 +753,7 @@ type ProviderHashRequirementsResponse = {
  * });
  * ```
  */
-declare function verifyProof(proofOrProofs: Proof | Proof[], config: VerificationConfig, verifyTEE?: boolean): Promise<VerifyProofResult>;
+declare function verifyProof(proofOrProofs: Proof | Proof[], config: VerificationConfig): Promise<VerifyProofResult>;
 /**
  * Transforms a Reclaim proof into a format suitable for on-chain verification
  *
@@ -756,7 +796,10 @@ declare class ReclaimProofRequest {
     private templateData;
     private extensionID;
     private customSharePageUrl?;
+    private appSharePageUrl;
     private customAppClipUrl?;
+    private portalTab?;
+    private portalIframe?;
     private modalOptions?;
     private modal?;
     private readonly FAILURE_TIMEOUT;
@@ -832,11 +875,11 @@ declare class ReclaimProofRequest {
      *
      * @param url - The URL where users should be redirected after successful proof generation
      * @param method - The redirection method that should be used for redirection. Allowed options: `GET`, and `POST`.
-     * `POST` form redirection is only supported in In-Browser SDK.
+     * `POST` form redirection is only supported in Portal flow.
      * @param body - List of name-value pairs to be sent as the body of the form request.
      * `When `method` is set to `POST`, `body` will be sent with 'application/x-www-form-urlencoded' content type.
      * When `method` is set to `GET`, if `body` is set then `body` will be sent as query parameters.
-     * Sending `body` on redirection is only supported in In-Browser SDK.
+     * Sending `body` on redirection is only supported in Portal flow.
      *
      * @throws {InvalidParamError} When URL is invalid
      *
@@ -889,11 +932,11 @@ declare class ReclaimProofRequest {
      *
      * @param url - The URL where users should be redirected after an error which aborts the verification process
      * @param method - The redirection method that should be used for redirection. Allowed options: `GET`, and `POST`.
-     * `POST` form redirection is only supported in In-Browser SDK.
+     * `POST` form redirection is only supported in Portal flow.
      * @param body - List of name-value pairs to be sent as the body of the form request.
      * When `method` is set to `POST`, `body` will be sent with 'application/x-www-form-urlencoded' content type.
      * When `method` is set to `GET`, if `body` is set then `body` will be sent as query parameters.
-     * Sending `body` on redirection is only supported in In-Browser SDK.
+     * Sending `body` on redirection is only supported in Portal flow.
      * @throws {InvalidParamError} When URL is invalid
      *
      * @example
@@ -1066,7 +1109,24 @@ declare class ReclaimProofRequest {
     private clearInterval;
     private setAttestationContext;
     private applyAttestationContext;
+    private encodeTemplateData;
     private buildSharePageUrl;
+    private openPortalTab;
+    private closePortalTab;
+    private embedPortalIframe;
+    /**
+     * Closes the embedded portal iframe and stops the session polling.
+     *
+     * Call this to programmatically cancel the embedded verification flow
+     * that was started with `triggerReclaimFlow({ target: element })`.
+     * Also called automatically when verification succeeds or fails.
+     *
+     * @example
+     * ```typescript
+     * proofRequest.closeEmbeddedFlow();
+     * ```
+     */
+    closeEmbeddedFlow(): void;
     /**
      * Exports the Reclaim proof verification request as a JSON string
      *
@@ -1109,7 +1169,7 @@ declare class ReclaimProofRequest {
      * // Portal URL (default)
      * const url = await proofRequest.getRequestUrl();
      *
-     * // Native app flow URL
+     * // Verifier app flow URL
      * const url = await proofRequest.getRequestUrl({ verificationMode: 'app' });
      * ```
      */
@@ -1118,8 +1178,9 @@ declare class ReclaimProofRequest {
      * Triggers the appropriate Reclaim verification flow based on device type and configuration.
      *
      * Defaults to portal mode (remote browser verification). Pass `{ verificationMode: 'app' }`
-     * for native app flow via the share page.
+     * for verifier app flow via the share page.
      *
+     * - **Embedded iframe**: Pass `{ target: element }` to embed the portal inside a DOM element instead of a new tab
      * - Desktop: browser extension takes priority in both modes
      * - Desktop portal mode (no extension): opens portal in new tab
      * - Desktop app mode (no extension): shows QR code modal with share page URL
@@ -1127,15 +1188,22 @@ declare class ReclaimProofRequest {
      * - Mobile app mode: opens share page (or App Clip on iOS if `useAppClip` is `true`)
      *
      * @param launchOptions - Optional launch configuration to override default behavior
-     * @returns Promise<void>
+     * @returns Promise<FlowHandle> - Handle to control the flow (close, access iframe)
      * @throws {SignatureNotFoundError} When signature is not set
      *
      * @example
      * ```typescript
-     * // Portal flow (default)
-     * await proofRequest.triggerReclaimFlow();
+     * // Portal flow (default) — opens in new tab
+     * const handle = await proofRequest.triggerReclaimFlow();
+     * handle.tab;   // Window reference to the opened tab
+     * handle.close(); // close tab and stop polling
+     *
+     * // Embed portal in an iframe inside a DOM element
+     * const handle = await proofRequest.triggerReclaimFlow({ target: document.getElementById('reclaim-container') });
+     * handle.iframe; // HTMLIFrameElement reference
+     * handle.close(); // remove iframe and stop polling
      *
-     * // Native app flow
+     * // Verifier app flow
      * await proofRequest.triggerReclaimFlow({ verificationMode: 'app' });
      *
      * // App Clip on iOS (requires useAppClip: true at init)
@@ -1149,7 +1217,7 @@ declare class ReclaimProofRequest {
      * await request.triggerReclaimFlow(); // uses 'app' mode from init
      * ```
      */
-    triggerReclaimFlow(launchOptions?: ReclaimFlowLaunchOptions): Promise<void>;
+    triggerReclaimFlow(launchOptions?: ReclaimFlowLaunchOptions): Promise<FlowHandle>;
     /**
      * Checks if the Reclaim browser extension is installed and available
      *
@@ -1233,7 +1301,7 @@ declare class ReclaimProofRequest {
      * });
      * ```
      */
-    startSession({ onSuccess, onError, verificationConfig }: StartSessionParams): Promise<void>;
+    startSession({ onSuccess, onError }: StartSessionParams): Promise<void>;
     /**
      * Closes the QR code modal if it is currently open
      *
@@ -1320,12 +1388,69 @@ declare function updateSession(sessionId: string, status: SessionStatus): Promis
 declare function fetchStatusUrl(sessionId: string): Promise<StatusUrlResponse>;
 declare function fetchProviderConfigs(providerId: string, exactProviderVersionString: string | null | undefined, allowedTags: string[] | null | undefined): Promise<ProviderConfigResponse>;
 
+declare function createSignDataForClaim(data: CompleteClaimData): string;
+declare function getIdentifierFromClaimInfo(info: ClaimInfo): ClaimID;
+/**
+ * Computes the cryptographic claim hash(es) for the HTTP provider payload parameters.
+ *
+ * If the parameters comprise solely of rigid/required rules (or represents an extracted
+ * attested payload that enforces all its defined elements), this computes and returns a single deterministic string.
+ *
+ * **Combinatorial Hashes Intention:**
+ * If the payload configuration defines optional elements (`isOptional: true` on ResponseMatchSpec),
+ * a single rule configuration inherently encompasses multiple logical subset definitions.
+ * Since cryptographic hashes strictly enforce exact data byte-by-byte,
+ * this function recursively computes a hash for every mathematically valid permutation of the optional subsets
+ * (inclusive and exclusive) so the validator can verify the proof against any of the legitimate subset match signatures.
+ *
+ * @param params - The HTTP provider claim configuration or extracted attested parameters.
+ * @returns A single keccak256 hash string, or an array of hex-string hashes if parameter optionality generates combinations.
+ */
+declare function hashProofClaimParams(params: HttpProviderClaimParams): string | string[];
+/**
+ * Computes canonicalized string(s) for the provided HTTP parameter payload.
+ *
+ * **Architectural Concept**:
+ * In Reclaim, proof security revolves around generating a deterministic Hash based on the JSON stringified keys
+ * of matched specifications (e.g. `responseMatches` and `responseRedactions`).
+ * When processing a Provider Configuration containing `isOptional` rules, the protocol doesn't require users to generate a
+ * proof that matched *all* of the rules. A client could inherently omit any optional rules from claim before
+ * starting claim creation to make a valid proof if the server payload may not contain them.
+ *
+ * To ensure the eventual Proof's Hash safely validates against the parent template's Requirement Hash, logic here
+ * loops $2^N$ times using bitmask computation (where N = number of rule pairs) and yields canonically sorted
+ * permutations for every sub-set of optional combinations.
+ * Any combination forcefully omitting a mathematically required (`isOptional: false`) rule is stripped out.
+ *
+ * Note: When a user successfully generates a proof, their attested parameter payload does not contain `isOptional` tags
+ * because the client sending request to attestor omits rules where data may not be present in response,
+ * producing exactly 1 deterministic configuration subset (what the user actually proved!).
+ *
+ * @param params - The structured parameters.
+ * @returns Serialized string or array of strings.
+ */
+declare function getProviderParamsAsCanonicalizedString(params: HttpProviderClaimParams): string[];
+
 /**
  * Validates the hardware TEE attestation included in the proof.
  * Throws an error if the attestation is invalid or compromised.
  */
 declare function verifyTeeAttestation(proof: Proof, expectedApplicationId?: string): Promise<boolean>;
 
+declare const TeeVerificationError: {
+    new (message?: string, innerError?: unknown | undefined): {
+        innerError?: unknown | undefined;
+        name: string;
+        message: string;
+        stack?: string;
+        cause?: unknown;
+    };
+    isError(error: unknown): error is Error;
+    captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+    prepareStackTrace?: ((err: Error, stackTraces: NodeJS.CallSite[]) => any) | undefined;
+    stackTraceLimit: number;
+};
+
 /**
  * Highly accurate device type detection - returns only 'desktop' or 'mobile'
  * Uses multiple detection methods and scoring system for maximum accuracy
@@ -1353,4 +1478,4 @@ declare function isDesktopDevice(): boolean;
  */
 declare function clearDeviceCache(): void;
 
-export { type Beacon, type BeaconState, type BodySniff, ClaimCreationType, type ClaimID, type ClaimInfo, type CompleteClaimData, type Context, type CreateVerificationRequest, DeviceType, type ExtensionMessage, type HashRequirement, type HashableHttpProviderClaimParams, type HttpFormEntry, type HttpProviderClaimParams, type HttpRedirectionMethod, type HttpRedirectionOptions, type InitSessionResponse, type InjectedRequestSpec, type InterceptorRequestSpec, type ModalOptions, type OnError, type OnSuccess, type Proof, type ProofPropertiesJSON, type ProofRequestOptions, type ProviderClaimData, type ProviderConfigResponse, type ProviderHashRequirementSpec, type ProviderHashRequirementsConfig, type ProviderHashRequirementsResponse, type ProviderVersionConfig, type ProviderVersionInfo, RECLAIM_EXTENSION_ACTIONS, type ReclaimFlowLaunchOptions, ReclaimProofRequest, type ReclaimProviderConfig, type RequestSpec, type ResponseMatchSpec, type ResponseRedactionSpec, type SerializableModalOptions, SessionStatus, type SignedClaim, type StartSessionParams, type StatusUrlResponse, type TeeAttestation, type TemplateData, type UpdateSessionResponse, type ValidationConfig, type ValidationConfigWithDisabledValidation, type ValidationConfigWithHash, type ValidationConfigWithProviderInformation, type VerificationConfig, type VerifyProofResult, type WitnessData, assertValidProofsByHash, assertValidateProof, assertVerifiedProof, clearDeviceCache, createLinkWithTemplateData, fetchProviderConfigs, fetchProviderHashRequirementsBy, fetchStatusUrl, generateSpecsFromRequestSpecTemplate, getAttestors, getDeviceType, getHttpProviderClaimParamsFromProof, getMobileDeviceType, getProviderHashRequirementsFromSpec, getShortenedUrl, hashRequestSpec, initSession, isDesktopDevice, isHttpProviderClaimParams, isMobileDevice, recoverSignersOfSignedClaim, takePairsWhereValueIsArray, takeTemplateParametersFromProofs, transformForOnchain, updateSession, verifyProof, verifyTeeAttestation };
+export { type Beacon, type BeaconState, type BodySniff, ClaimCreationType, type ClaimID, type ClaimInfo, type CompleteClaimData, type Context, type CreateVerificationRequest, DeviceType, type EmbeddedFlowHandle, type ExtensionMessage, type FlowHandle, type HashRequirement, type HashableHttpProviderClaimParams, type HttpFormEntry, type HttpProviderClaimParams, type HttpRedirectionMethod, type HttpRedirectionOptions, type InitSessionResponse, type InjectedRequestSpec, type InterceptorRequestSpec, type ModalOptions, type OnError, type OnSuccess, type Proof, type ProofPropertiesJSON, type ProofRequestOptions, type ProviderClaimData, type ProviderConfigResponse, type ProviderHashRequirementSpec, type ProviderHashRequirementsConfig, type ProviderHashRequirementsResponse, type ProviderVersionConfig, type ProviderVersionInfo, RECLAIM_EXTENSION_ACTIONS, type ReclaimFlowLaunchOptions, ReclaimProofRequest, type ReclaimProviderConfig, type ReclaimProviderConfigWithRequestSpec, type RequestSpec, type ResponseMatchSpec, type ResponseRedactionSpec, type SerializableModalOptions, SessionStatus, type SignedClaim, type StartSessionParams, type StatusUrlResponse, type TeeAttestation, TeeVerificationError, type TemplateData, type TrustedData, type UpdateSessionResponse, type ValidationConfig, type ValidationConfigWithDisabledValidation, type ValidationConfigWithHash, type ValidationConfigWithProviderInformation, type VerificationConfig, type VerifyProofResult, type WitnessData, assertValidProofsByHash, assertValidateProof, assertVerifiedProof, clearDeviceCache, createLinkWithTemplateData, createSignDataForClaim, fetchProviderConfigs, fetchProviderHashRequirementsBy, fetchStatusUrl, generateSpecsFromRequestSpecTemplate, getAttestors, getDeviceType, getHttpProviderClaimParamsFromProof, getIdentifierFromClaimInfo, getMobileDeviceType, getProviderHashRequirementSpecFromProviderConfig, getProviderHashRequirementsFromSpec, getProviderParamsAsCanonicalizedString, getShortenedUrl, hashProofClaimParams, hashRequestSpec, initSession, isDesktopDevice, isHttpProviderClaimParams, isMobileDevice, recoverSignersOfSignedClaim, takePairsWhereValueIsArray, takeTemplateParametersFromProofs, transformForOnchain, updateSession, verifyProof, verifyTeeAttestation };