npm - @reclaimprotocol/js-sdk - Versions diffs - 5.0.0-dev.3 → 5.0.0-dev.5 - Mend

@reclaimprotocol/js-sdk 5.0.0-dev.3 → 5.0.0-dev.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -133,6 +133,16 @@ declare function fetchProviderHashRequirementsBy(providerId: string, exactProvid
 declare function generateSpecsFromRequestSpecTemplate(requestSpecTemplates: RequestSpec[], templateParameters: Record<string, string[]>): RequestSpec[];
 declare function takeTemplateParametersFromProofs(proofs?: Proof[]): Record<string, string[]>;
 declare function takePairsWhereValueIsArray(o: Record<string, string> | undefined): Record<string, string[]>;
+/**
+ * Builds and returns raw hash requirement spec that can be used with `getProviderHashRequirementsFromSpec` to computes the expected proof hashes for a provider configuration
+ * by combining its explicitly required requests and allowed injected requests.
+ * It resolves template parameters from provided proofs to generate the final request specifications.
+ *
+ * @param providerConfig - The provider configuration containing request data and allowed injected requests.
+ * @param proofs - Optional array of proofs used to extract template parameters for resolving placeholders in injected requests.
+ * @returns A structured configuration containing that can be used with `getProviderHashRequirementsFromSpec` to compute the hashes.
+ */
+declare function getProviderHashRequirementSpecFromProviderConfig(providerConfig: ReclaimProviderConfigWithRequestSpec, proofs?: Proof[]): ProviderHashRequirementSpec;
 /**
  * Transforms a raw provider hash requirement specification into a structured configuration for proof validation.
  * It computes the proof hashes for both required and allowed extra requests to correctly match uploaded proofs.
@@ -188,6 +198,10 @@ type HashRequirement = {
      */
     multiple?: boolean;
 };
+interface ReclaimProviderConfigWithRequestSpec {
+    requestData: InterceptorRequestSpec[];
+    allowedInjectedRequestData: InjectedRequestSpec[];
+}
 /**
  * Specific marker interface for intercepted request specifications.
  */
@@ -257,7 +271,7 @@ interface ResponseMatchSpec {
  */
 interface ResponseRedactionSpec {
     /** Optional hashing method applied to the redacted content (e.g., 'oprf') */
-    hash?: "oprf" | undefined;
+    hash?: "oprf" | "oprf-mpc" | undefined;
     /** JSON path for locating the value to redact */
     jsonPath: string;
     /** RegEx applied to correctly parse and extract/redact value */
@@ -323,7 +337,7 @@ type ProofRequestOptions = {
      */
     portalUrl?: string;
     customAppClipUrl?: string;
-    launchOptions?: ReclaimFlowLaunchOptions;
+    launchOptions?: ReclaimFlowInitOptions;
     /**
      * Whether the verification client should automatically submit necessary proofs once they are generated.
      * If set to false, the user must manually click a button to submit.
@@ -362,7 +376,7 @@ type ProofRequestOptions = {
      */
     acceptTeeAttestation?: boolean;
 };
-type ReclaimFlowLaunchOptions = {
+type ReclaimFlowInitOptions = {
     /**
      * Enables deferred deep links for the Reclaim verification flow.
      *
@@ -388,6 +402,8 @@ type ReclaimFlowLaunchOptions = {
      * @default 'portal'
      */
     verificationMode?: 'app' | 'portal';
+};
+type ReclaimFlowLaunchOptions = ReclaimFlowInitOptions & {
     /**
      * Target DOM element to embed the verification flow in an iframe.
      * When provided, the portal opens inside the element instead of a new tab.
@@ -583,15 +599,13 @@ type ProviderConfigResponse = {
     providerId?: string;
     providerVersionString?: string;
 };
-interface ReclaimProviderConfig {
+interface ReclaimProviderConfig extends ReclaimProviderConfigWithRequestSpec {
     loginUrl: string;
     customInjection: string;
     geoLocation: string;
     injectionType: string;
     disableRequestReplay: boolean;
     verificationType: string;
-    requestData: InterceptorRequestSpec[];
-    allowedInjectedRequestData: InjectedRequestSpec[];
 }
 type ProviderHashRequirementsResponse = {
     message?: string;
@@ -1376,6 +1390,49 @@ declare function updateSession(sessionId: string, status: SessionStatus): Promis
 declare function fetchStatusUrl(sessionId: string): Promise<StatusUrlResponse>;
 declare function fetchProviderConfigs(providerId: string, exactProviderVersionString: string | null | undefined, allowedTags: string[] | null | undefined): Promise<ProviderConfigResponse>;
+declare function createSignDataForClaim(data: CompleteClaimData): string;
+declare function getIdentifierFromClaimInfo(info: ClaimInfo): ClaimID;
+/**
+ * Computes the cryptographic claim hash(es) for the HTTP provider payload parameters.
+ *
+ * If the parameters comprise solely of rigid/required rules (or represents an extracted
+ * attested payload that enforces all its defined elements), this computes and returns a single deterministic string.
+ *
+ * **Combinatorial Hashes Intention:**
+ * If the payload configuration defines optional elements (`isOptional: true` on ResponseMatchSpec),
+ * a single rule configuration inherently encompasses multiple logical subset definitions.
+ * Since cryptographic hashes strictly enforce exact data byte-by-byte,
+ * this function recursively computes a hash for every mathematically valid permutation of the optional subsets
+ * (inclusive and exclusive) so the validator can verify the proof against any of the legitimate subset match signatures.
+ *
+ * @param params - The HTTP provider claim configuration or extracted attested parameters.
+ * @returns A single keccak256 hash string, or an array of hex-string hashes if parameter optionality generates combinations.
+ */
+declare function hashProofClaimParams(params: HttpProviderClaimParams): string | string[];
+/**
+ * Computes canonicalized string(s) for the provided HTTP parameter payload.
+ *
+ * **Architectural Concept**:
+ * In Reclaim, proof security revolves around generating a deterministic Hash based on the JSON stringified keys
+ * of matched specifications (e.g. `responseMatches` and `responseRedactions`).
+ * When processing a Provider Configuration containing `isOptional` rules, the protocol doesn't require users to generate a
+ * proof that matched *all* of the rules. A client could inherently omit any optional rules from claim before
+ * starting claim creation to make a valid proof if the server payload may not contain them.
+ *
+ * To ensure the eventual Proof's Hash safely validates against the parent template's Requirement Hash, logic here
+ * loops $2^N$ times using bitmask computation (where N = number of rule pairs) and yields canonically sorted
+ * permutations for every sub-set of optional combinations.
+ * Any combination forcefully omitting a mathematically required (`isOptional: false`) rule is stripped out.
+ *
+ * Note: When a user successfully generates a proof, their attested parameter payload does not contain `isOptional` tags
+ * because the client sending request to attestor omits rules where data may not be present in response,
+ * producing exactly 1 deterministic configuration subset (what the user actually proved!).
+ *
+ * @param params - The structured parameters.
+ * @returns Serialized string or array of strings.
+ */
+declare function getProviderParamsAsCanonicalizedString(params: HttpProviderClaimParams): string[];
 /**
  * Validates the hardware TEE attestation included in the proof.
  * Throws an error if the attestation is invalid or compromised.
@@ -1423,4 +1480,4 @@ declare function isDesktopDevice(): boolean;
  */
 declare function clearDeviceCache(): void;
-export { type Beacon, type BeaconState, type BodySniff, ClaimCreationType, type ClaimID, type ClaimInfo, type CompleteClaimData, type Context, type CreateVerificationRequest, DeviceType, type EmbeddedFlowHandle, type ExtensionMessage, type FlowHandle, type HashRequirement, type HashableHttpProviderClaimParams, type HttpFormEntry, type HttpProviderClaimParams, type HttpRedirectionMethod, type HttpRedirectionOptions, type InitSessionResponse, type InjectedRequestSpec, type InterceptorRequestSpec, type ModalOptions, type OnError, type OnSuccess, type Proof, type ProofPropertiesJSON, type ProofRequestOptions, type ProviderClaimData, type ProviderConfigResponse, type ProviderHashRequirementSpec, type ProviderHashRequirementsConfig, type ProviderHashRequirementsResponse, type ProviderVersionConfig, type ProviderVersionInfo, RECLAIM_EXTENSION_ACTIONS, type ReclaimFlowLaunchOptions, ReclaimProofRequest, type ReclaimProviderConfig, type RequestSpec, type ResponseMatchSpec, type ResponseRedactionSpec, type SerializableModalOptions, SessionStatus, type SignedClaim, type StartSessionParams, type StatusUrlResponse, type TeeAttestation, TeeVerificationError, type TemplateData, type TrustedData, type UpdateSessionResponse, type ValidationConfig, type ValidationConfigWithDisabledValidation, type ValidationConfigWithHash, type ValidationConfigWithProviderInformation, type VerificationConfig, type VerifyProofResult, type WitnessData, assertValidProofsByHash, assertValidateProof, assertVerifiedProof, clearDeviceCache, createLinkWithTemplateData, fetchProviderConfigs, fetchProviderHashRequirementsBy, fetchStatusUrl, generateSpecsFromRequestSpecTemplate, getAttestors, getDeviceType, getHttpProviderClaimParamsFromProof, getMobileDeviceType, getProviderHashRequirementsFromSpec, getShortenedUrl, hashRequestSpec, initSession, isDesktopDevice, isHttpProviderClaimParams, isMobileDevice, recoverSignersOfSignedClaim, takePairsWhereValueIsArray, takeTemplateParametersFromProofs, transformForOnchain, updateSession, verifyProof, verifyTeeAttestation };
+export { type Beacon, type BeaconState, type BodySniff, ClaimCreationType, type ClaimID, type ClaimInfo, type CompleteClaimData, type Context, type CreateVerificationRequest, DeviceType, type EmbeddedFlowHandle, type ExtensionMessage, type FlowHandle, type HashRequirement, type HashableHttpProviderClaimParams, type HttpFormEntry, type HttpProviderClaimParams, type HttpRedirectionMethod, type HttpRedirectionOptions, type InitSessionResponse, type InjectedRequestSpec, type InterceptorRequestSpec, type ModalOptions, type OnError, type OnSuccess, type Proof, type ProofPropertiesJSON, type ProofRequestOptions, type ProviderClaimData, type ProviderConfigResponse, type ProviderHashRequirementSpec, type ProviderHashRequirementsConfig, type ProviderHashRequirementsResponse, type ProviderVersionConfig, type ProviderVersionInfo, RECLAIM_EXTENSION_ACTIONS, type ReclaimFlowInitOptions, type ReclaimFlowLaunchOptions, ReclaimProofRequest, type ReclaimProviderConfig, type ReclaimProviderConfigWithRequestSpec, type RequestSpec, type ResponseMatchSpec, type ResponseRedactionSpec, type SerializableModalOptions, SessionStatus, type SignedClaim, type StartSessionParams, type StatusUrlResponse, type TeeAttestation, TeeVerificationError, type TemplateData, type TrustedData, type UpdateSessionResponse, type ValidationConfig, type ValidationConfigWithDisabledValidation, type ValidationConfigWithHash, type ValidationConfigWithProviderInformation, type VerificationConfig, type VerifyProofResult, type WitnessData, assertValidProofsByHash, assertValidateProof, assertVerifiedProof, clearDeviceCache, createLinkWithTemplateData, createSignDataForClaim, fetchProviderConfigs, fetchProviderHashRequirementsBy, fetchStatusUrl, generateSpecsFromRequestSpecTemplate, getAttestors, getDeviceType, getHttpProviderClaimParamsFromProof, getIdentifierFromClaimInfo, getMobileDeviceType, getProviderHashRequirementSpecFromProviderConfig, getProviderHashRequirementsFromSpec, getProviderParamsAsCanonicalizedString, getShortenedUrl, hashProofClaimParams, hashRequestSpec, initSession, isDesktopDevice, isHttpProviderClaimParams, isMobileDevice, recoverSignersOfSignedClaim, takePairsWhereValueIsArray, takeTemplateParametersFromProofs, transformForOnchain, updateSession, verifyProof, verifyTeeAttestation };

package/dist/index.js CHANGED Viewed

@@ -84,7 +84,7 @@ var require_package = __commonJS({
   "package.json"(exports2, module2) {
     module2.exports = {
       name: "@reclaimprotocol/js-sdk",
-      version: "5.0.0-dev.3",
+      version: "5.0.0-dev.5",
       description: "Designed to request proofs from the Reclaim protocol and manage the flow of claims and witness interactions.",
       main: "dist/index.js",
       types: "dist/index.d.ts",
@@ -199,6 +199,7 @@ __export(index_exports, {
   assertVerifiedProof: () => assertVerifiedProof,
   clearDeviceCache: () => clearDeviceCache,
   createLinkWithTemplateData: () => createLinkWithTemplateData,
+  createSignDataForClaim: () => createSignDataForClaim,
   fetchProviderConfigs: () => fetchProviderConfigs,
   fetchProviderHashRequirementsBy: () => fetchProviderHashRequirementsBy,
   fetchStatusUrl: () => fetchStatusUrl,
@@ -206,9 +207,13 @@ __export(index_exports, {
   getAttestors: () => getAttestors,
   getDeviceType: () => getDeviceType,
   getHttpProviderClaimParamsFromProof: () => getHttpProviderClaimParamsFromProof,
+  getIdentifierFromClaimInfo: () => getIdentifierFromClaimInfo,
   getMobileDeviceType: () => getMobileDeviceType,
+  getProviderHashRequirementSpecFromProviderConfig: () => getProviderHashRequirementSpecFromProviderConfig,
   getProviderHashRequirementsFromSpec: () => getProviderHashRequirementsFromSpec,
+  getProviderParamsAsCanonicalizedString: () => getProviderParamsAsCanonicalizedString,
   getShortenedUrl: () => getShortenedUrl,
+  hashProofClaimParams: () => hashProofClaimParams,
   hashRequestSpec: () => hashRequestSpec,
   initSession: () => initSession,
   isDesktopDevice: () => isDesktopDevice,
@@ -379,6 +384,10 @@ var constants = {
   DEFAULT_PROVIDER_CONFIGS_URL(providerId, exactProviderVersionString, allowedTags) {
     return `${BACKEND_BASE_URL}/api/providers/${providerId}/configs?versionNumber=${exactProviderVersionString || ""}&allowedTags=${(allowedTags == null ? void 0 : allowedTags.join(",")) || ""}`;
   },
+  // Default portal URL
+  DEFAULT_PORTAL_URL: "https://portal.reclaimprotocol.org",
+  // Default sharepage URL
+  DEFAULT_APP_SHARE_PAGE_URL: "https://share.reclaimprotocol.org/verifier",
   // URL for sharing Reclaim templates
   RECLAIM_SHARE_URL: "https://share.reclaimprotocol.org/verifier/?template=",
   // Chrome extension URL for Reclaim Protocol
@@ -838,9 +847,9 @@ function getProviderParamsAsCanonicalizedString(params) {
       responseMatches: [],
       responseRedactions: []
     };
-    return canonicalStringify(filteredParams);
+    return [canonicalStringify(filteredParams)];
   }
-  return validCanonicalizedStrings.length === 1 ? validCanonicalizedStrings[0] : validCanonicalizedStrings;
+  return validCanonicalizedStrings;
 }
 // src/utils/proofUtils.ts
@@ -1378,7 +1387,6 @@ function clearDeviceCache() {
 var logger7 = logger_default.logger;
 function fetchProviderHashRequirementsBy(providerId, exactProviderVersionString, allowedTags, proofs) {
   return __async(this, null, function* () {
-    var _a, _b;
     const providerResponse = yield fetchProviderConfigs(providerId, exactProviderVersionString, allowedTags);
     try {
       const providerConfigs = providerResponse.providers;
@@ -1387,9 +1395,8 @@ function fetchProviderHashRequirementsBy(providerId, exactProviderVersionString,
       }
       const hashRequirements = [];
       for (const providerConfig of providerConfigs) {
-        hashRequirements.push(getProviderHashRequirementsFromSpec({
-          requests: [...(_a = providerConfig == null ? void 0 : providerConfig.requestData) != null ? _a : [], ...generateSpecsFromRequestSpecTemplate((_b = providerConfig == null ? void 0 : providerConfig.allowedInjectedRequestData) != null ? _b : [], takeTemplateParametersFromProofs(proofs))]
-        }));
+        const requestSpec = getProviderHashRequirementSpecFromProviderConfig(providerConfig, proofs);
+        hashRequirements.push(getProviderHashRequirementsFromSpec(requestSpec));
       }
       return hashRequirements;
     } catch (e) {
@@ -1469,6 +1476,12 @@ function takePairsWhereValueIsArray(o) {
   }
   return pairs;
 }
+function getProviderHashRequirementSpecFromProviderConfig(providerConfig, proofs) {
+  var _a, _b;
+  return {
+    requests: [...(_a = providerConfig == null ? void 0 : providerConfig.requestData) != null ? _a : [], ...generateSpecsFromRequestSpecTemplate((_b = providerConfig == null ? void 0 : providerConfig.allowedInjectedRequestData) != null ? _b : [], takeTemplateParametersFromProofs(proofs))]
+  };
+}
 function getProviderHashRequirementsFromSpec(spec) {
   var _a;
   return {
@@ -2442,7 +2455,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
     this.intervals = /* @__PURE__ */ new Map();
     this.jsonProofResponse = false;
     this.extensionID = "reclaim-extension";
-    this.appSharePageUrl = "https://share.reclaimprotocol.org/verify";
+    this.appSharePageUrl = constants.DEFAULT_APP_SHARE_PAGE_URL;
     this.FAILURE_TIMEOUT = 30 * 1e3;
     /**
      * Validates signature and returns template data
@@ -2493,7 +2506,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
       };
       return templateData;
     };
-    var _a, _b;
+    var _a;
     this.providerId = providerId;
     this.timeStamp = Date.now().toString();
     this.applicationId = applicationId;
@@ -2512,9 +2525,9 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
     if (options.useAppClip === void 0) {
       options.useAppClip = false;
     }
-    const customUrl = (_b = options.portalUrl) != null ? _b : options.customSharePageUrl;
-    this.customSharePageUrl = customUrl != null ? customUrl : "https://portal.reclaimprotocol.org";
-    if (customUrl) {
+    const customUrl = options.portalUrl || options.customSharePageUrl;
+    this.customSharePageUrl = customUrl || constants.DEFAULT_PORTAL_URL;
+    if (customUrl && customUrl !== constants.DEFAULT_PORTAL_URL) {
       this.appSharePageUrl = customUrl;
     }
     options.customSharePageUrl = this.customSharePageUrl;
@@ -3363,7 +3376,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
   getRequestUrl(launchOptions) {
     return __async(this, null, function* () {
       var _a, _b, _c;
-      const options = launchOptions || ((_a = this.options) == null ? void 0 : _a.launchOptions) || {};
+      const options = __spreadValues(__spreadValues({}, (_a = this.options) == null ? void 0 : _a.launchOptions), launchOptions);
       const mode = (_b = options.verificationMode) != null ? _b : "portal";
       logger10.info("Creating Request Url");
       if (!this.signature) {
@@ -3438,7 +3451,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
   triggerReclaimFlow(launchOptions) {
     return __async(this, null, function* () {
       var _a, _b, _c, _d, _e;
-      const options = launchOptions || ((_a = this.options) == null ? void 0 : _a.launchOptions) || {};
+      const options = __spreadValues(__spreadValues({}, (_a = this.options) == null ? void 0 : _a.launchOptions), launchOptions);
       const mode = (_b = options.verificationMode) != null ? _b : "portal";
       if (!this.signature) {
         throw new SignatureNotFoundError("Signature is not set.");
@@ -3449,11 +3462,11 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
         logger10.info(`Triggering Reclaim flow (mode: ${mode})`);
         const deviceType = getDeviceType();
         updateSession(this.sessionId, "SESSION_STARTED" /* SESSION_STARTED */);
-        if ("target" in options && !options.target) {
+        if (launchOptions && "target" in launchOptions && !launchOptions.target) {
           logger10.warn("triggerReclaimFlow: target was provided but is null/undefined \u2014 falling back to default flow. Ensure the element exists in the DOM.");
         }
-        if (options.target && mode === "portal") {
-          yield this.embedPortalIframe(templateData, options.target);
+        if ((launchOptions == null ? void 0 : launchOptions.target) && mode === "portal") {
+          yield this.embedPortalIframe(templateData, launchOptions.target);
           return {
             close: () => this.closeEmbeddedFlow(),
             iframe: this.portalIframe
@@ -3846,6 +3859,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
   assertVerifiedProof,
   clearDeviceCache,
   createLinkWithTemplateData,
+  createSignDataForClaim,
   fetchProviderConfigs,
   fetchProviderHashRequirementsBy,
   fetchStatusUrl,
@@ -3853,9 +3867,13 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
   getAttestors,
   getDeviceType,
   getHttpProviderClaimParamsFromProof,
+  getIdentifierFromClaimInfo,
   getMobileDeviceType,
+  getProviderHashRequirementSpecFromProviderConfig,
   getProviderHashRequirementsFromSpec,
+  getProviderParamsAsCanonicalizedString,
   getShortenedUrl,
+  hashProofClaimParams,
   hashRequestSpec,
   initSession,
   isDesktopDevice,