@reclaimprotocol/js-sdk 5.0.0 → 5.1.0-dev.1

package/README.md

@@ -138,7 +138,7 @@ Let's break down what's happening in this code:
 
    - Generate a request URL using `getRequestUrl()`. This URL is used to create the QR code.
    - Get the status URL using `getStatusUrl()`. This URL can be used to check the status of the claim process.
-   - Start a session with `startSession()`, which sets up callbacks for successful and failed verifications.
+   - Start a session with `startSession()`, which sets up callbacks for successful and failed verifications, and allows you to pass an optional `verificationConfig` to customize proof verification.
 
 3. We display a QR code using the request URL. When a user scans this code, it starts the verification process.
 

package/dist/index.d.ts

@@ -12,9 +12,11 @@ interface Proof {
     signatures: string[];
     witnesses: WitnessData[];
     extractedParameterValues: any;
-    publicData?: {
-        [key: string]: string;
-    };
+    /**
+     * A JSON serializable object that is returned by the provider as additional data attached to proof.
+     * This data is not verified or validated.
+     */
+    publicData?: any;
     taskId?: number;
     teeAttestation?: TeeAttestation;
 }
@@ -271,7 +273,7 @@ interface ResponseMatchSpec {
  */
 interface ResponseRedactionSpec {
     /** Optional hashing method applied to the redacted content (e.g., 'oprf') */
-    hash?: "oprf" | "oprf-mpc" | undefined;
+    hash?: "oprf" | "oprf-mpc" | "oprf-raw" | undefined;
     /** JSON path for locating the value to redact */
     jsonPath: string;
     /** RegEx applied to correctly parse and extract/redact value */
@@ -280,6 +282,88 @@ interface ResponseRedactionSpec {
     xPath: string;
 }
 
+/**
+ * Content validation configuration specifying essential required hashes and optional extra proofs.
+ * Used to explicitly validate that a generated proof matches the exact request structure expected.
+ */
+type ValidationConfigWithHash = {
+    /**
+     * Array of computed hashes that must be satisfied by the proofs.
+     *
+     * An element can be a `HashRequirement` object or a string that is equivalent to
+     * a `{ value: '<hash>', required: true, multiple: false }` as `HashRequirement`.
+     */
+    hashes: (string | HashRequirement)[];
+};
+/**
+ * Content validation configuration specifying the provider id and version used in the verification session that generated the proofs.
+ * Used to explicitly validate that a generated proof matches the exact request structure expected.
+ *
+ * See also:
+ *
+ * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
+ */
+interface ValidationConfigWithProviderInformation {
+    /**
+     * The identifier of provider used in verifications that resulted in a proof
+     *
+     * See also:
+     *
+     * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
+     **/
+    providerId: string;
+    /**
+     * The exact version of provider used in verifications that resulted in a proof.
+     *
+     * This cannot be a version constaint or version expression. It can be undefined or left blank if proof must be validated with latest version of provider.
+     * Patches for the next provider version are also fetched and hashes from that spec is also be used to compare the hashes from proof.
+     *
+     * See also:
+     *
+     * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
+     **/
+    providerVersion?: string;
+    /**
+     * List of allowed pre-release tags.
+     * For example, if you are using AI, provide `['ai']` to allow AI patch versions of the provider.
+     */
+    allowedTags?: string[];
+}
+/**
+ * Legacy configuration to completely bypass content validation during verification.
+ * Warning: Using this poses a risk as it avoids strictly matching proof parameters to expected hashes.
+ */
+interface ValidationConfigWithDisabledValidation {
+    dangerouslyDisableContentValidation: true;
+}
+/**
+ * Represents the configuration options applied when validating proof contents, allowing
+ * strict hash checking or intentionally skipping validation if flagged.
+ */
+type ValidationConfig = ValidationConfigWithHash | ValidationConfigWithProviderInformation | ValidationConfigWithDisabledValidation;
+/**
+ * Describes the comprehensive configuration required to initialize the proof verification process.
+ * Aligns with `ValidationConfig` options for verifying signatures alongside proof contents.
+ */
+type VerificationConfig = ValidationConfig & {
+    /**
+     * If true, verifies TEE (Trusted Execution Environment) attestation included in the proof.
+     * When enabled, the result will include `isTeeVerified` and `isVerified` will be false
+     * if TEE data is missing or TEE verification fails.
+     */
+    verifyTEE?: boolean;
+};
+declare function assertValidProofsByHash(proofs: Proof[], config: ProviderHashRequirementsConfig): void;
+declare function isHttpProviderClaimParams(claimParams: unknown): claimParams is HttpProviderClaimParams;
+declare function getHttpProviderClaimParamsFromProof(proof: Proof): HttpProviderClaimParams;
+/**
+ * Asserts that the proof is validated by checking the content of proof with with expectations from provider config or hash based on [options]
+ * @param proofs - The proofs to validate
+ * @param config - The validation config
+ * @throws {ProofNotValidatedError} When the proof is not validated
+ */
+declare function assertValidateProof(proofs: Proof[], config: VerificationConfig): Promise<void>;
+
 type ClaimID = ProviderClaimData['identifier'];
 type ClaimInfo = Pick<ProviderClaimData, 'context' | 'provider' | 'parameters'>;
 type CompleteClaimData = Pick<ProviderClaimData, 'owner' | 'timestampS' | 'epoch'> & ClaimInfo;
@@ -306,10 +390,34 @@ type CreateVerificationRequest = {
     applicationSecret?: string;
 };
 type StartSessionParams = {
+    /**
+     * Callback function that is invoked when the session is successfully created.
+     *
+     * @param proofOrProofs - A single proof object or an array of proof objects. This can be empty when proofs are sent to callback.
+     */
     onSuccess: OnSuccess;
+    /**
+     * Callback function that is invoked when the session fails to be created.
+     *
+     * @param error - The error that caused the session to fail.
+     */
     onError: OnError;
+    /**
+     * Configuration for proof validation. Defaults to the provider id and version used in this session.
+     */
+    verificationConfig?: VerificationConfig;
 };
-type OnSuccess = (proof?: Proof | Proof[]) => void;
+/**
+ * Callback function that is invoked when the session is successfully created.
+ *
+ * @param proofOrProofs - A single proof object or an array of proof objects. This can be empty when proofs are sent to callback.
+ */
+type OnSuccess = (proofOrProofs: Proof | Proof[]) => void;
+/**
+ * Callback function that is invoked when the session fails to be created.
+ *
+ * @param error - The error that caused the session to fail.
+ */
 type OnError = (error: Error) => void;
 type ProofRequestOptions = {
     /**
@@ -562,12 +670,21 @@ type TrustedData = {
     context: Record<string, unknown>;
     extractedParameters: Record<string, string>;
 };
-type VerifyProofResult = {
-    isVerified: boolean;
+type VerifyProofResultSuccess = {
+    isVerified: true;
     isTeeVerified?: boolean;
+    error: undefined;
     data: TrustedData[];
-    error?: Error;
+    publicData: any[];
+};
+type VerifyProofResultFailure = {
+    isVerified: false;
+    isTeeVerified?: boolean;
+    error: Error;
+    data: [];
+    publicData: [];
 };
+type VerifyProofResult = VerifyProofResultSuccess | VerifyProofResultFailure;
 type ProviderVersionConfig = {
     major?: number;
     minor?: number;
@@ -614,88 +731,6 @@ type ProviderHashRequirementsResponse = {
     providerVersionString?: string;
 };
 
-/**
- * Content validation configuration specifying essential required hashes and optional extra proofs.
- * Used to explicitly validate that a generated proof matches the exact request structure expected.
- */
-type ValidationConfigWithHash = {
-    /**
-     * Array of computed hashes that must be satisfied by the proofs.
-     *
-     * An element can be a `HashRequirement` object or a string that is equivalent to
-     * a `{ value: '<hash>', required: true, multiple: false }` as `HashRequirement`.
-     */
-    hashes: (string | HashRequirement)[];
-};
-/**
- * Content validation configuration specifying the provider id and version used in the verification session that generated the proofs.
- * Used to explicitly validate that a generated proof matches the exact request structure expected.
- *
- * See also:
- *
- * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
- */
-interface ValidationConfigWithProviderInformation {
-    /**
-     * The identifier of provider used in verifications that resulted in a proof
-     *
-     * See also:
-     *
-     * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
-     **/
-    providerId: string;
-    /**
-     * The exact version of provider used in verifications that resulted in a proof.
-     *
-     * This cannot be a version constaint or version expression. It can be undefined or left blank if proof must be validated with latest version of provider.
-     * Patches for the next provider version are also fetched and hashes from that spec is also be used to compare the hashes from proof.
-     *
-     * See also:
-     *
-     * * `ReclaimProofRequest.getProviderVersion()` - With a ReclaimProofRequest object, you can get the provider id & exact version of provider used in verification session.
-     **/
-    providerVersion?: string;
-    /**
-     * List of allowed pre-release tags.
-     * For example, if you are using AI, provide `['ai']` to allow AI patch versions of the provider.
-     */
-    allowedTags?: string[];
-}
-/**
- * Legacy configuration to completely bypass content validation during verification.
- * Warning: Using this poses a risk as it avoids strictly matching proof parameters to expected hashes.
- */
-interface ValidationConfigWithDisabledValidation {
-    dangerouslyDisableContentValidation: true;
-}
-/**
- * Represents the configuration options applied when validating proof contents, allowing
- * strict hash checking or intentionally skipping validation if flagged.
- */
-type ValidationConfig = ValidationConfigWithHash | ValidationConfigWithProviderInformation | ValidationConfigWithDisabledValidation;
-/**
- * Describes the comprehensive configuration required to initialize the proof verification process.
- * Aligns with `ValidationConfig` options for verifying signatures alongside proof contents.
- */
-type VerificationConfig = ValidationConfig & {
-    /**
-     * If true, verifies TEE (Trusted Execution Environment) attestation included in the proof.
-     * When enabled, the result will include `isTeeVerified` and `isVerified` will be false
-     * if TEE data is missing or TEE verification fails.
-     */
-    verifyTEE?: boolean;
-};
-declare function assertValidProofsByHash(proofs: Proof[], config: ProviderHashRequirementsConfig): void;
-declare function isHttpProviderClaimParams(claimParams: unknown): claimParams is HttpProviderClaimParams;
-declare function getHttpProviderClaimParamsFromProof(proof: Proof): HttpProviderClaimParams;
-/**
- * Asserts that the proof is validated by checking the content of proof with with expectations from provider config or hash based on [options]
- * @param proofs - The proofs to validate
- * @param config - The validation config
- * @throws {ProofNotValidatedError} When the proof is not validated
- */
-declare function assertValidateProof(proofs: Proof[], config: VerificationConfig): Promise<void>;
-
 /**
  * Verifies one or more Reclaim proofs by validating signatures, verifying witness information,
  * and performing content validation against the expected configuration.
@@ -756,6 +791,8 @@ declare function assertValidateProof(proofs: Proof[], config: VerificationConfig
  * ```
  */
 declare function verifyProof(proofOrProofs: Proof | Proof[], config: VerificationConfig): Promise<VerifyProofResult>;
+declare function createTrustedDataFromProofData(proof: Proof): TrustedData;
+declare function getPublicDataFromProofs(proofs: Proof[]): any[];
 /**
  * Transforms a Reclaim proof into a format suitable for on-chain verification
  *
@@ -1281,10 +1318,11 @@ declare class ReclaimProofRequest {
      * and the startSession function source for more details.
      *
      * > [!TIP]
-     * > **Best Practice:** When using `setAppCallbackUrl` and/or `setCancelCallbackUrl`, your backend receives the proof or cancellation details directly. We recommend your backend notifies the frontend (e.g. via WebSockets, SSE, or polling) to stop the verification process and handle the appropriate success/failure action. Do not rely completely on `startSession` callbacks on the frontend when using these backend callbacks.
+     * > **Best Practice:** When using `setAppCallbackUrl` and/or `setCancelCallbackUrl`, your backend receives the proof or cancellation details directly. We recommend your backend notifies the frontend (e.g. via WebSockets, SSE, or polling) to stop the verification process and handle the appropriate success/failure action. When a callback is set, `onSuccess` callback provided to `startSession` will have an empty array as its argument.
      *
      * @param onSuccess - Callback function invoked when proof is successfully submitted
      * @param onError - Callback function invoked when an error occurs during the session
+     * @param verificationConfig - Optional configuration to customize proof verification
      * @returns Promise<void>
      * @throws {SessionNotStartedError} When session ID is not defined
      * @throws {ProofNotVerifiedError} When proof verification fails (default callback only)
@@ -1303,7 +1341,7 @@ declare class ReclaimProofRequest {
      * });
      * ```
      */
-    startSession({ onSuccess, onError }: StartSessionParams): Promise<void>;
+    startSession({ onSuccess, onError, verificationConfig }: StartSessionParams): Promise<void>;
     /**
      * Closes the QR code modal if it is currently open
      *
@@ -1480,4 +1518,4 @@ declare function isDesktopDevice(): boolean;
  */
 declare function clearDeviceCache(): void;
 
-export { type Beacon, type BeaconState, type BodySniff, ClaimCreationType, type ClaimID, type ClaimInfo, type CompleteClaimData, type Context, type CreateVerificationRequest, DeviceType, type EmbeddedFlowHandle, type ExtensionMessage, type FlowHandle, type HashRequirement, type HashableHttpProviderClaimParams, type HttpFormEntry, type HttpProviderClaimParams, type HttpRedirectionMethod, type HttpRedirectionOptions, type InitSessionResponse, type InjectedRequestSpec, type InterceptorRequestSpec, type ModalOptions, type OnError, type OnSuccess, type Proof, type ProofPropertiesJSON, type ProofRequestOptions, type ProviderClaimData, type ProviderConfigResponse, type ProviderHashRequirementSpec, type ProviderHashRequirementsConfig, type ProviderHashRequirementsResponse, type ProviderVersionConfig, type ProviderVersionInfo, RECLAIM_EXTENSION_ACTIONS, type ReclaimFlowInitOptions, type ReclaimFlowLaunchOptions, ReclaimProofRequest, type ReclaimProviderConfig, type ReclaimProviderConfigWithRequestSpec, type RequestSpec, type ResponseMatchSpec, type ResponseRedactionSpec, type SerializableModalOptions, SessionStatus, type SignedClaim, type StartSessionParams, type StatusUrlResponse, type TeeAttestation, TeeVerificationError, type TemplateData, type TrustedData, type UpdateSessionResponse, type ValidationConfig, type ValidationConfigWithDisabledValidation, type ValidationConfigWithHash, type ValidationConfigWithProviderInformation, type VerificationConfig, type VerifyProofResult, type WitnessData, assertValidProofsByHash, assertValidateProof, assertVerifiedProof, clearDeviceCache, createLinkWithTemplateData, createSignDataForClaim, fetchProviderConfigs, fetchProviderHashRequirementsBy, fetchStatusUrl, generateSpecsFromRequestSpecTemplate, getAttestors, getDeviceType, getHttpProviderClaimParamsFromProof, getIdentifierFromClaimInfo, getMobileDeviceType, getProviderHashRequirementSpecFromProviderConfig, getProviderHashRequirementsFromSpec, getProviderParamsAsCanonicalizedString, getShortenedUrl, hashProofClaimParams, hashRequestSpec, initSession, isDesktopDevice, isHttpProviderClaimParams, isMobileDevice, recoverSignersOfSignedClaim, takePairsWhereValueIsArray, takeTemplateParametersFromProofs, transformForOnchain, updateSession, verifyProof, verifyTeeAttestation };
+export { type Beacon, type BeaconState, type BodySniff, ClaimCreationType, type ClaimID, type ClaimInfo, type CompleteClaimData, type Context, type CreateVerificationRequest, DeviceType, type EmbeddedFlowHandle, type ExtensionMessage, type FlowHandle, type HashRequirement, type HashableHttpProviderClaimParams, type HttpFormEntry, type HttpProviderClaimParams, type HttpRedirectionMethod, type HttpRedirectionOptions, type InitSessionResponse, type InjectedRequestSpec, type InterceptorRequestSpec, type ModalOptions, type OnError, type OnSuccess, type Proof, type ProofPropertiesJSON, type ProofRequestOptions, type ProviderClaimData, type ProviderConfigResponse, type ProviderHashRequirementSpec, type ProviderHashRequirementsConfig, type ProviderHashRequirementsResponse, type ProviderVersionConfig, type ProviderVersionInfo, RECLAIM_EXTENSION_ACTIONS, type ReclaimFlowInitOptions, type ReclaimFlowLaunchOptions, ReclaimProofRequest, type ReclaimProviderConfig, type ReclaimProviderConfigWithRequestSpec, type RequestSpec, type ResponseMatchSpec, type ResponseRedactionSpec, type SerializableModalOptions, SessionStatus, type SignedClaim, type StartSessionParams, type StatusUrlResponse, type TeeAttestation, TeeVerificationError, type TemplateData, type TrustedData, type UpdateSessionResponse, type ValidationConfig, type ValidationConfigWithDisabledValidation, type ValidationConfigWithHash, type ValidationConfigWithProviderInformation, type VerificationConfig, type VerifyProofResult, type VerifyProofResultFailure, type VerifyProofResultSuccess, type WitnessData, assertValidProofsByHash, assertValidateProof, assertVerifiedProof, clearDeviceCache, createLinkWithTemplateData, createSignDataForClaim, createTrustedDataFromProofData, fetchProviderConfigs, fetchProviderHashRequirementsBy, fetchStatusUrl, generateSpecsFromRequestSpecTemplate, getAttestors, getDeviceType, getHttpProviderClaimParamsFromProof, getIdentifierFromClaimInfo, getMobileDeviceType, getProviderHashRequirementSpecFromProviderConfig, getProviderHashRequirementsFromSpec, getProviderParamsAsCanonicalizedString, getPublicDataFromProofs, getShortenedUrl, hashProofClaimParams, hashRequestSpec, initSession, isDesktopDevice, isHttpProviderClaimParams, isMobileDevice, recoverSignersOfSignedClaim, takePairsWhereValueIsArray, takeTemplateParametersFromProofs, transformForOnchain, updateSession, verifyProof, verifyTeeAttestation };

package/dist/index.js

@@ -84,7 +84,7 @@ var require_package = __commonJS({
   "package.json"(exports2, module2) {
     module2.exports = {
       name: "@reclaimprotocol/js-sdk",
-      version: "5.0.0",
+      version: "5.1.0-dev.1",
       description: "Designed to request proofs from the Reclaim protocol and manage the flow of claims and witness interactions.",
       main: "dist/index.js",
       types: "dist/index.d.ts",
@@ -200,6 +200,7 @@ __export(index_exports, {
   clearDeviceCache: () => clearDeviceCache,
   createLinkWithTemplateData: () => createLinkWithTemplateData,
   createSignDataForClaim: () => createSignDataForClaim,
+  createTrustedDataFromProofData: () => createTrustedDataFromProofData,
   fetchProviderConfigs: () => fetchProviderConfigs,
   fetchProviderHashRequirementsBy: () => fetchProviderHashRequirementsBy,
   fetchStatusUrl: () => fetchStatusUrl,
@@ -212,6 +213,7 @@ __export(index_exports, {
   getProviderHashRequirementSpecFromProviderConfig: () => getProviderHashRequirementSpecFromProviderConfig,
   getProviderHashRequirementsFromSpec: () => getProviderHashRequirementsFromSpec,
   getProviderParamsAsCanonicalizedString: () => getProviderParamsAsCanonicalizedString,
+  getPublicDataFromProofs: () => getPublicDataFromProofs,
   getShortenedUrl: () => getShortenedUrl,
   hashProofClaimParams: () => hashProofClaimParams,
   hashRequestSpec: () => hashRequestSpec,
@@ -585,6 +587,16 @@ function validateModalOptions(modalOptions, functionName, paramPrefix = "") {
     ], functionName);
   }
 }
+function hashObject(o) {
+  try {
+    const canonicalData = canonicalStringify(o);
+    const messageHash = import_ethers.ethers.keccak256(new TextEncoder().encode(canonicalData));
+    return messageHash;
+  } catch (e) {
+    logger3.info(`Failed to hash object: ${e.message}`);
+    throw new Error(`Failed to hash object: ${e.message}`);
+  }
+}
 
 // src/utils/fetch.ts
 var import_fetch_retry = __toESM(require("fetch-retry"));
@@ -2350,49 +2362,69 @@ function verifyProof(proofOrProofs, config) {
         yield assertVerifiedProof(proof, attestors);
       }
       yield assertValidateProof(proofs, config);
-      const result = {
-        isVerified: true,
-        data: proofs.map(extractProofData)
-      };
+      let isTeeVerified = void 0;
       if (config.verifyTEE) {
         const hasTeeData = proofs.every((proof) => proof.teeAttestation || JSON.parse(proof.claimData.context).attestationNonce);
         if (!hasTeeData) {
           const teeError = new TeeVerificationError("TEE verification requested but one or more proofs are missing TEE attestation data");
           logger10.error(teeError.message);
-          result.isTeeVerified = false;
-          result.isVerified = false;
-          result.error = teeError;
-          return result;
+          const errorResult = {
+            isVerified: false,
+            isTeeVerified: false,
+            error: teeError,
+            data: [],
+            publicData: []
+          };
+          return errorResult;
         }
         try {
           const teeResults = yield Promise.all(proofs.map((proof) => verifyTeeAttestation(proof)));
-          result.isTeeVerified = teeResults.every((r) => r === true);
-          if (!result.isTeeVerified) {
+          isTeeVerified = teeResults.every((r) => r === true);
+          if (!isTeeVerified) {
             const teeError = new TeeVerificationError("TEE attestation verification failed for one or more proofs");
             logger10.error(teeError.message);
-            result.isVerified = false;
-            result.error = teeError;
+            const errorResult = {
+              isVerified: false,
+              isTeeVerified: false,
+              error: teeError,
+              data: [],
+              publicData: []
+            };
+            return errorResult;
           }
         } catch (error) {
           const teeError = new TeeVerificationError("Error verifying TEE attestation", error);
           logger10.error(teeError.message);
-          result.isTeeVerified = false;
-          result.isVerified = false;
-          result.error = teeError;
+          const errorResult = {
+            isVerified: false,
+            isTeeVerified: false,
+            error: teeError,
+            data: [],
+            publicData: []
+          };
+          return errorResult;
         }
       }
+      const result = {
+        isVerified: true,
+        isTeeVerified,
+        data: proofs.map(createTrustedDataFromProofData),
+        publicData: getPublicDataFromProofs(proofs),
+        error: void 0
+      };
       return result;
     } catch (error) {
       logger10.error("Error in validating proof:", error);
       return {
         isVerified: false,
+        error: error instanceof Error ? error : new Error(String(error)),
         data: [],
-        error: error instanceof Error ? error : new Error(String(error))
+        publicData: []
       };
     }
   });
 }
-function extractProofData(proof) {
+function createTrustedDataFromProofData(proof) {
   try {
     const context = JSON.parse(proof.claimData.context);
     const _a = context, { extractedParameters } = _a, rest = __objRest(_a, ["extractedParameters"]);
@@ -2407,6 +2439,26 @@ function extractProofData(proof) {
     };
   }
 }
+function getPublicDataFromProofs(proofs) {
+  const data = [];
+  const seenData = /* @__PURE__ */ new Set();
+  for (const proof of proofs) {
+    const publicData = proof.publicData;
+    if (publicData === null || publicData === void 0) {
+      continue;
+    }
+    try {
+      const hash = hashObject(publicData);
+      if (seenData.has(hash)) {
+        continue;
+      }
+      seenData.add(hash);
+    } catch (_) {
+    }
+    data.push(publicData);
+  }
+  return data;
+}
 function transformForOnchain(proof) {
   const claimInfoBuilder = /* @__PURE__ */ new Map([
     ["context", proof.claimData.context],
@@ -3715,10 +3767,11 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
    * and the startSession function source for more details.
    *
    * > [!TIP]
-   * > **Best Practice:** When using `setAppCallbackUrl` and/or `setCancelCallbackUrl`, your backend receives the proof or cancellation details directly. We recommend your backend notifies the frontend (e.g. via WebSockets, SSE, or polling) to stop the verification process and handle the appropriate success/failure action. Do not rely completely on `startSession` callbacks on the frontend when using these backend callbacks.
+   * > **Best Practice:** When using `setAppCallbackUrl` and/or `setCancelCallbackUrl`, your backend receives the proof or cancellation details directly. We recommend your backend notifies the frontend (e.g. via WebSockets, SSE, or polling) to stop the verification process and handle the appropriate success/failure action. When a callback is set, `onSuccess` callback provided to `startSession` will have an empty array as its argument.
    *
    * @param onSuccess - Callback function invoked when proof is successfully submitted
    * @param onError - Callback function invoked when an error occurs during the session
+   * @param verificationConfig - Optional configuration to customize proof verification
    * @returns Promise<void>
    * @throws {SessionNotStartedError} When session ID is not defined
    * @throws {ProofNotVerifiedError} When proof verification fails (default callback only)
@@ -3738,7 +3791,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
    * ```
    */
   startSession(_0) {
-    return __async(this, arguments, function* ({ onSuccess, onError }) {
+    return __async(this, arguments, function* ({ onSuccess, onError, verificationConfig }) {
       if (!this.sessionId) {
         const message = "Session can't be started due to undefined value of sessionId";
         logger10.info(message);
@@ -3772,10 +3825,10 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
             if (statusUrlResponse.session.proofs && statusUrlResponse.session.proofs.length > 0) {
               const proofs = statusUrlResponse.session.proofs;
               if (this.claimCreationType === "createClaim" /* STANDALONE */) {
-                const { isVerified: verified } = yield verifyProof(proofs, this.getProviderVersion());
-                if (!verified) {
+                const result = yield verifyProof(proofs, verificationConfig != null ? verificationConfig : this.getProviderVersion());
+                if (!result.isVerified) {
                   logger10.info(`Proofs not verified: count=${proofs == null ? void 0 : proofs.length}`);
-                  throw new ProofNotVerifiedError();
+                  throw new ProofNotVerifiedError(`Proofs not verified: count=${proofs == null ? void 0 : proofs.length}`, result.error);
                 }
               }
               if (proofs.length === 1) {
@@ -3860,6 +3913,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
   clearDeviceCache,
   createLinkWithTemplateData,
   createSignDataForClaim,
+  createTrustedDataFromProofData,
   fetchProviderConfigs,
   fetchProviderHashRequirementsBy,
   fetchStatusUrl,
@@ -3872,6 +3926,7 @@ var ReclaimProofRequest = class _ReclaimProofRequest {
   getProviderHashRequirementSpecFromProviderConfig,
   getProviderHashRequirementsFromSpec,
   getProviderParamsAsCanonicalizedString,
+  getPublicDataFromProofs,
   getShortenedUrl,
   hashProofClaimParams,
   hashRequestSpec,