@secondlayer/sdk 6.12.0 → 6.14.0

package/README.md

@@ -128,6 +128,31 @@ for await (const event of streams.events.stream({
 }
 ```
 
+Real-time push (`events.subscribe`).
+
+Use `client.events.subscribe` for callback-style live delivery — it pushes each
+event to `onEvent` as it lands. It's fetch-based (so it carries the Bearer key)
+and works in browsers and Node 18+. It auto-reconnects from the last delivered
+cursor on a dropped connection, and returns an unsubscribe function.
+
+```typescript
+const unsubscribe = streams.events.subscribe({
+  types: ["ft_transfer"],          // notTypes / contractId / sender / recipient / assetIdentifier also filter
+  // fromCursor: lastCursor,       // resume strictly after this cursor; omit to tail from the tip
+  onEvent: async (event) => {
+    console.log(event.cursor, event.tx_id);
+  },
+  onError: (err) => console.error("reconnecting…", err),
+});
+
+// later
+unsubscribe(); // or pass `signal` and abort it
+```
+
+Each pushed frame is `{ event, sig, key_id }`. When the client was created with
+`verify` (or `{ publicKey }`), the per-frame ed25519 signature is checked before
+`onEvent` runs; a bad/missing signature throws `StreamsSignatureError`.
+
 Bulk parquet dumps.
 
 Finalized history is published as public parquet files. Set `dumpsBaseUrl`
@@ -135,6 +160,12 @@ Finalized history is published as public parquet files. Set `dumpsBaseUrl`
 decode parquet; `download` hands you sha256-verified bytes to process with your
 own tooling.
 
+The bulk **manifest is ed25519-signed**, and the SDK verifies that signature
+before it trusts any per-file sha256 listed in it. The `verifyDumpsManifest`
+option **defaults to `true`** — `dumps.list()` and `events.replay()` enforce it,
+so you don't trust the file hashes unless the manifest itself verifies. Opt out
+with `verifyDumpsManifest: false`.
+
 ```typescript
 const streams = createStreamsClient({
   apiKey: process.env.SL_API_KEY!,
@@ -215,6 +246,75 @@ for await (const transfer of sl.index.ftTransfers.walk({
 }
 ```
 
+## Transaction-inclusion proofs
+
+Verify — **without trusting Second Layer** — that a transaction is included in a
+Stacks (Nakamoto) block, and that ≥70% of the reward cycle's signer weight
+attested to that block. `verifyTransactionProof` recomputes everything
+client-side and trusts nothing the API returned.
+
+> Verification uses Node's crypto via `@secondlayer/shared` — Node/server-side use.
+
+```typescript
+import { verifyTransactionProof, fetchRewardSet } from "@secondlayer/sdk";
+
+const proof = await fetch(
+  `https://api.secondlayer.tools/v1/index/transactions/${txid}/proof`,
+).then((r) => r.json());
+
+const result = verifyTransactionProof(proof); // anchored + consensus (embedded set)
+// result.ok, result.level === "consensus", result.signerWeightBps
+
+// Fully trustless — resolve the reward set from your own node:
+const rewardSet = await fetchRewardSet({
+  nodeUrl: "https://your-stacks-node:20443",
+  cycle: proof.consensus.reward_cycle,
+});
+const trustless = verifyTransactionProof(proof, { rewardSet }); // rewardSetSource: "provided"
+```
+
+Two trust levels:
+
+- **Anchored** — recompute the txid from `raw_tx`, fold `tx_merkle_path` up to the
+  header's `tx_merkle_root`, and recompute `block_hash` + `index_block_hash` from
+  `raw_header`. The tx is in a header any node can corroborate.
+- **Consensus** — additionally recover the header's signer signatures and confirm
+  ≥70% of the reward cycle's signer weight signed the block. Fully trustless when
+  you pass a `rewardSet` resolved yourself via `fetchRewardSet`
+  (`rewardSetSource: "provided"`); otherwise it uses the proof's embedded set
+  (`rewardSetSource: "embedded"`).
+
+```typescript
+verifyTransactionProof(
+  proof: TransactionProof,
+  opts?: { rewardSet?: RewardSet },
+): TransactionProofVerifyResult;
+
+fetchRewardSet(opts: {
+  nodeUrl: string;            // your own stacks-node
+  cycle: number;             // reward cycle — proof.consensus.reward_cycle
+  fetchImpl?: typeof fetch;
+}): Promise<RewardSet | null>; // reads /v3/stacker_set/{cycle}
+```
+
+`verifyTransactionProof` returns a `TransactionProofVerifyResult`:
+
+```typescript
+{
+  level: "anchored" | "consensus";
+  txidMatches: boolean;
+  includedInHeader: boolean;
+  headerSelfConsistent: boolean;
+  signerWeightBps?: number;   // consensus only
+  thresholdMet?: boolean;     // consensus only — ≥70% (7000 bps)
+  rewardSetSource?: "provided" | "embedded";
+  ok: boolean;
+  errors: string[];
+}
+```
+
+Exported types: `TransactionProof`, `TransactionProofVerifyResult`, `RewardSet`.
+
 ## Stacks Subgraphs
 
 Deploy and query app-specific L3 tables.
@@ -248,6 +348,30 @@ const gaps = await sl.subgraphs.gaps("my-subgraph");
 const result = await sl.subgraphs.deploy({ name, sources, schema, handlerCode });
 ```
 
+Stream rows live with the typed client — each table exposes `subscribe`
+alongside `findMany`/`count`:
+
+```typescript
+const subgraph = sl.subgraphs.typed(myDefinition); // { transfers, ... }
+
+const unsubscribe = subgraph.transfers.subscribe(
+  (row) => console.log(row),
+  {
+    where: { amount: { gte: "1000000" } }, // optional row filter
+    since: 180000,                          // optional: replay from this block_height, then tail
+    onError: (err) => console.error(err),
+  },
+);
+
+// later
+unsubscribe();
+```
+
+`subscribe` is an SSE stream over the global `EventSource` (available in
+browsers and Node ≥ 22; it throws if no `EventSource` is present). Frames are
+unsigned rows. `since: <block_height>` replays matching rows from that height,
+then tails the live edge; omit it to tail only.
+
 ## Subscriptions
 
 Signed HTTP webhooks. Subscriptions are polymorphic — pick one kind:
@@ -327,6 +451,38 @@ const { data: dead } = await sl.subscriptions.dead(id);
 await sl.subscriptions.requeueDead(id, outboxId);
 ```
 
+### Verifying deliveries
+
+Every delivery — any kind, any `format` — also carries a universal authenticity
+signature you can verify with one published key, no per-subscription secret. The
+headers are `webhook-id`, `x-secondlayer-signature`, and
+`x-secondlayer-signature-keyid`; the signed content is `` `${webhook-id}.${rawBody}` ``
+(ed25519). Fetch the public key from `GET /public/streams/signing-key`.
+
+```typescript
+import { verifySecondlayerSignature } from "@secondlayer/sdk";
+
+app.post("/webhook", async (c) => {
+  const raw = await c.req.text(); // raw body — never re-stringify the parsed JSON
+  if (!verifySecondlayerSignature(raw, c.req.raw.headers, SECONDLAYER_PUBLIC_KEY)) {
+    return c.text("Invalid signature", 401);
+  }
+  // ... trusted ...
+  return c.body(null, 204);
+});
+```
+
+```typescript
+verifySecondlayerSignature(
+  rawBody: string,
+  headers: WebhookHeaderInput,   // plain object, Fetch `Headers`, or a lookup fn
+  publicKeyPem: string,
+): boolean;
+```
+
+Prefer the per-subscription HMAC (Standard Webhooks) secret instead? Use
+`verifyWebhookSignature(rawBody, headers, secret)` — raw body first.
+
 ## Error Handling
 
 ```typescript

package/dist/index.d.ts

@@ -1014,6 +1014,14 @@ type StreamsTip = {
 	*/
 	finalized_height?: number
 	lag_seconds: number
+	/**
+	* Oldest height still seekable on the live API for the caller's tier
+	* (`tip - retention`). `null` = unlimited retention. Older reads must use the
+	* cold dumps lane. Optional for back-compat.
+	*/
+	oldest_seekable_height?: number | null
+	/** Oldest seekable cursor (`<oldest_seekable_height>:0`); `null` = unlimited. */
+	oldest_cursor?: string | null
 };
 type StreamsCanonicalBlock = {
 	block_height: number
@@ -1274,7 +1282,7 @@ type StreamsUsage = {
 		events_this_month: number
 	}
 };
-import { CreateSubscriptionRequest, CreateSubscriptionResponse, DeadRow, DeliveryRow, ReplayResult, RotateSecretResponse, SubscriptionDetail, SubscriptionSummary, UpdateSubscriptionRequest } from "@secondlayer/shared/schemas/subscriptions";
+import { CreateSubscriptionRequest, CreateSubscriptionResponse, DeadRow, DeliveryRow, ReplayResult, RotateSecretResponse, SubscriptionDetail, SubscriptionSummary, SubscriptionTestResult, UpdateSubscriptionRequest } from "@secondlayer/shared/schemas/subscriptions";
 import { ChainTrigger, ChainTriggerType, CreateSubscriptionRequest as CreateSubscriptionRequest2, CreateSubscriptionResponse as CreateSubscriptionResponse2, DeadRow as DeadRow2, DeliveryRow as DeliveryRow2, ReplayResult as ReplayResult2, RotateSecretResponse as RotateSecretResponse2, SubscriptionDetail as SubscriptionDetail2, SubscriptionFormat, SubscriptionKind, SubscriptionRuntime, SubscriptionStatus, SubscriptionSummary as SubscriptionSummary2, UpdateSubscriptionRequest as UpdateSubscriptionRequest2 } from "@secondlayer/shared/schemas/subscriptions";
 import { trigger } from "@secondlayer/shared/schemas/subscriptions";
 declare class Subscriptions extends BaseClient {
@@ -1290,6 +1298,9 @@ declare class Subscriptions extends BaseClient {
 		ok: true
 	}>;
 	rotateSecret(id: string): Promise<RotateSecretResponse>;
+	/** Send a one-off test webhook to the subscription's URL (built for its
+	*  format, SSRF-guarded). Logged as a delivery row, visible via recentDeliveries. */
+	test(id: string): Promise<SubscriptionTestResult>;
 	recentDeliveries(id: string): Promise<{
 		data: DeliveryRow[]
 	}>;
@@ -1828,10 +1839,90 @@ declare function verifyWebhookSignature(rawBody: string, headers: WebhookHeaderI
 * ```
 */
 declare function verifySecondlayerSignature(rawBody: string, headers: WebhookHeaderInput, publicKeyPem: string): boolean;
+import { RewardSet } from "@secondlayer/shared/node/consensus";
+import { MerkleProofStep } from "@secondlayer/shared/node/nakamoto";
+/**
+* Trustless transaction-inclusion proof verification.
+*
+* Given a proof from `GET /v1/index/transactions/:txid/proof`, the consumer
+* re-derives everything itself — it does NOT trust any value Secondlayer
+* computed. Anchored level: (1) recompute the txid from the raw tx bytes, (2)
+* fold it up the merkle path to the header's `tx_merkle_root`, (3) recompute the
+* header's `block_hash` and `index_block_hash` from the raw header — "this tx is
+* included in a header any node can corroborate". Consensus level (when the proof
+* carries a `consensus` field, or a `rewardSet` is passed): additionally recover
+* the header's signer signatures and confirm ≥70% of reward-set signer weight
+* signed the block.
+*
+* Note: uses Node's crypto via `@secondlayer/shared` (same as the Streams
+* signature verify); intended for Node/server verification.
+*/
+interface TransactionProof {
+	txid: string;
+	index_block_hash: string;
+	block_height: number;
+	tx_index: number;
+	/** Raw consensus-serialized transaction bytes (hex). */
+	raw_tx: string;
+	/** Raw Nakamoto block-header bytes (hex) — parsed + re-hashed by the verifier. */
+	raw_header: string;
+	/** Authentication path from the tx leaf to `tx_merkle_root`. */
+	tx_merkle_path: MerkleProofStep[];
+	/** Present when consensus-level verification is available: the reward cycle and
+	*  its signer set, against which the header's signer signatures are checked. */
+	consensus?: {
+		reward_cycle: number
+		reward_set: RewardSet
+	};
+}
+interface TransactionProofVerifyResult {
+	/** Highest level actually verified. "consensus" requires the proof's
+	*  `consensus` field and a met signer-weight threshold. */
+	level: "anchored" | "consensus";
+	/** Recomputed txid === proof.txid. */
+	txidMatches: boolean;
+	/** Merkle path folds the txid to the header's tx_merkle_root. */
+	includedInHeader: boolean;
+	/** Recomputed block_hash + index_block_hash match the header / proof. */
+	headerSelfConsistent: boolean;
+	/** Basis points (0–10000) of reward-set signer weight that signed the block.
+	*  Only set when the proof carries a `consensus` field. */
+	signerWeightBps?: number;
+	/** ≥70% of signer weight signed. Only set with a `consensus` field. */
+	thresholdMet?: boolean;
+	/** Which reward set the signer check used: "provided" (caller-resolved →
+	*  fully trustless) or "embedded" (the one Secondlayer put in the proof). */
+	rewardSetSource?: "provided" | "embedded";
+	/** All applicable checks passed (incl. the threshold when consensus is present). */
+	ok: boolean;
+	errors: string[];
+}
+/**
+* Resolve a reward set directly from a stacks-node (`/v3/stacker_set/{cycle}`),
+* so a caller can verify the consensus layer against a node IT trusts rather than
+* the reward set Secondlayer embedded in the proof. Pass the result as
+* `verifyTransactionProof(proof, { rewardSet })`.
+*/
+declare function fetchRewardSet(opts: {
+	nodeUrl: string
+	cycle: number
+	fetchImpl?: typeof fetch
+}): Promise<RewardSet | null>;
+/**
+* Verify a transaction-inclusion proof. Every check is recomputed client-side,
+* so a `true` result does not rely on trusting Secondlayer. Pass
+* `{ rewardSet }` (resolved via {@link fetchRewardSet} from your own node) to
+* verify the consensus layer against a reward set you trust rather than the one
+* embedded in the proof.
+*/
+declare function verifyTransactionProof(proof: TransactionProof, opts?: {
+	rewardSet?: RewardSet
+}): TransactionProofVerifyResult;
+import { RewardSet as RewardSet2 } from "@secondlayer/shared/node/consensus";
 /** Make a cvToValue result JSON-serializable: Clarity (u)ints decode to bigint,
 *  which JSON.stringify can't handle — convert recursively to strings. */
 declare function toJsonSafe(value: unknown): unknown;
 /** Decode a hex-encoded Clarity value to JSON-safe JS (uints as strings,
 *  buffers as `0x…` hex, tuples as objects). Returns the input hex on failure. */
 declare function decodeClarityValue(hex: string): unknown;
-export { verifyWebhookSignature, verifySecondlayerSignature, trigger, toJsonSafe, isStxTransfer, isStxMint, isStxLock, isStxBurn, isPrint, isNftTransfer, isNftMint, isNftBurn, isFtTransfer, isFtMint, isFtBurn, getSubgraph, decodeStxTransfer, decodeStxMint, decodeStxLock, decodeStxBurn, decodePrint, decodeNftTransfer, decodeNftMint, decodeNftBurn, decodeFtTransfer, decodeFtMint, decodeFtBurn, decodeClarityValue, createStreamsClient, VersionConflictError, ValidationError, UpdateSubscriptionRequest2 as UpdateSubscriptionRequest, TransactionsWalkParams, TransactionsListParams, TransactionsEnvelope, TransactionEnvelope, Subscriptions, SubscriptionSummary2 as SubscriptionSummary, SubscriptionStatus, SubscriptionRuntime, SubscriptionKind, SubscriptionFormat, SubscriptionDetail2 as SubscriptionDetail, Subgraphs, SubgraphSpecOptions3 as SubgraphSpecOptions, SubgraphSpecFormat2 as SubgraphSpecFormat, SubgraphOperationStatus, SubgraphAgentSchema3 as SubgraphAgentSchema, StreamsUsage, StreamsTip, StreamsSignatureError, StreamsServerError, StreamsReorgsListParams, StreamsReorgsListEnvelope, StreamsReorgContext, StreamsReorg, StreamsEventsSubscribeParams, StreamsEventsStreamParams, StreamsEventsListParams, StreamsEventsListEnvelope, StreamsEventsEnvelope, StreamsEventsConsumeResult, StreamsEventsConsumeParams, StreamsEventType, StreamsEventPayload, StreamsEvent, StreamsDumpsManifest, StreamsDumps, StreamsDumpFile, StreamsClient, StreamsCanonicalBlock, StreamsBatchContext, StackingWalkParams, StackingListParams, StackingEnvelope, SecondLayerOptions, SecondLayer, ScopedKeyProduct, RotateSecretResponse2 as RotateSecretResponse, ReplayResult2 as ReplayResult, RateLimitError, Pox4CallsParams, NftTransfersWalkParams, NftTransfersListParams, NftTransfersEnvelope, NftTransferPayload, NftTransferEvent, NftTransfer, MempoolWalkParams, MempoolTransactionEnvelope, MempoolListParams, MempoolEnvelope, IndexUsage, IndexTransaction, IndexTip, IndexStackingAction, IndexReorg, IndexPostCondition, IndexMempoolTransaction, IndexEventType, IndexEvent, IndexContractCall, IndexCanonicalBlock, IndexBlock, Index, FtTransfersWalkParams, FtTransfersListParams, FtTransfersEnvelope, FtTransferPayload, FtTransferEvent, FtTransfer, FetchLike2 as FetchLike, EventsWalkParams, EventsListParams, EventsEnvelope, DeliveryRow2 as DeliveryRow, DecodedStxTransferPayload, DecodedStxTransfer, DecodedStxMintPayload, DecodedStxMint, DecodedStxLockPayload, DecodedStxLock, DecodedStxBurnPayload, DecodedStxBurn, DecodedPrintValue, DecodedPrintPayload, DecodedPrint, DecodedNftTransferPayload, DecodedNftTransfer, DecodedNftMintPayload, DecodedNftMint, DecodedNftBurnPayload, DecodedNftBurn, DecodedFtTransferPayload, DecodedFtTransfer, DecodedFtMintPayload, DecodedFtMint, DecodedFtBurnPayload, DecodedFtBurn, DecodedEventRow, DecodedEventColumns, DeadRow2 as DeadRow, Datasets, DatasetRow, CursorListParams, CursorEnvelope, Cursor, CreateSubscriptionResponse2 as CreateSubscriptionResponse, CreateSubscriptionRequest2 as CreateSubscriptionRequest, CreateApiKeyResponse, CreateApiKeyParams, ContractsListParams, ContractsEnvelope, Contracts, ContractSummary, ContractConformance, ContractCallsWalkParams, ContractCallsListParams, ContractCallsEnvelope, ContextSnapshot, ContextAccount, ChainTriggerType, ChainTrigger, CanonicalWalkParams, CanonicalListParams, CanonicalEnvelope, CURSOR_SLUGS, BlocksWalkParams, BlocksListParams, BlocksEnvelope, BlockEnvelope, AuthError, ApiKeys, ApiError, ActiveSubgraphOperation };
+export { verifyWebhookSignature, verifyTransactionProof, verifySecondlayerSignature, trigger, toJsonSafe, isStxTransfer, isStxMint, isStxLock, isStxBurn, isPrint, isNftTransfer, isNftMint, isNftBurn, isFtTransfer, isFtMint, isFtBurn, getSubgraph, fetchRewardSet, decodeStxTransfer, decodeStxMint, decodeStxLock, decodeStxBurn, decodePrint, decodeNftTransfer, decodeNftMint, decodeNftBurn, decodeFtTransfer, decodeFtMint, decodeFtBurn, decodeClarityValue, createStreamsClient, VersionConflictError, ValidationError, UpdateSubscriptionRequest2 as UpdateSubscriptionRequest, TransactionsWalkParams, TransactionsListParams, TransactionsEnvelope, TransactionProofVerifyResult, TransactionProof, TransactionEnvelope, Subscriptions, SubscriptionSummary2 as SubscriptionSummary, SubscriptionStatus, SubscriptionRuntime, SubscriptionKind, SubscriptionFormat, SubscriptionDetail2 as SubscriptionDetail, Subgraphs, SubgraphSpecOptions3 as SubgraphSpecOptions, SubgraphSpecFormat2 as SubgraphSpecFormat, SubgraphOperationStatus, SubgraphAgentSchema3 as SubgraphAgentSchema, StreamsUsage, StreamsTip, StreamsSignatureError, StreamsServerError, StreamsReorgsListParams, StreamsReorgsListEnvelope, StreamsReorgContext, StreamsReorg, StreamsEventsSubscribeParams, StreamsEventsStreamParams, StreamsEventsListParams, StreamsEventsListEnvelope, StreamsEventsEnvelope, StreamsEventsConsumeResult, StreamsEventsConsumeParams, StreamsEventType, StreamsEventPayload, StreamsEvent, StreamsDumpsManifest, StreamsDumps, StreamsDumpFile, StreamsClient, StreamsCanonicalBlock, StreamsBatchContext, StackingWalkParams, StackingListParams, StackingEnvelope, SecondLayerOptions, SecondLayer, ScopedKeyProduct, RotateSecretResponse2 as RotateSecretResponse, RewardSet2 as RewardSet, ReplayResult2 as ReplayResult, RateLimitError, Pox4CallsParams, NftTransfersWalkParams, NftTransfersListParams, NftTransfersEnvelope, NftTransferPayload, NftTransferEvent, NftTransfer, MempoolWalkParams, MempoolTransactionEnvelope, MempoolListParams, MempoolEnvelope, IndexUsage, IndexTransaction, IndexTip, IndexStackingAction, IndexReorg, IndexPostCondition, IndexMempoolTransaction, IndexEventType, IndexEvent, IndexContractCall, IndexCanonicalBlock, IndexBlock, Index, FtTransfersWalkParams, FtTransfersListParams, FtTransfersEnvelope, FtTransferPayload, FtTransferEvent, FtTransfer, FetchLike2 as FetchLike, EventsWalkParams, EventsListParams, EventsEnvelope, DeliveryRow2 as DeliveryRow, DecodedStxTransferPayload, DecodedStxTransfer, DecodedStxMintPayload, DecodedStxMint, DecodedStxLockPayload, DecodedStxLock, DecodedStxBurnPayload, DecodedStxBurn, DecodedPrintValue, DecodedPrintPayload, DecodedPrint, DecodedNftTransferPayload, DecodedNftTransfer, DecodedNftMintPayload, DecodedNftMint, DecodedNftBurnPayload, DecodedNftBurn, DecodedFtTransferPayload, DecodedFtTransfer, DecodedFtMintPayload, DecodedFtMint, DecodedFtBurnPayload, DecodedFtBurn, DecodedEventRow, DecodedEventColumns, DeadRow2 as DeadRow, Datasets, DatasetRow, CursorListParams, CursorEnvelope, Cursor, CreateSubscriptionResponse2 as CreateSubscriptionResponse, CreateSubscriptionRequest2 as CreateSubscriptionRequest, CreateApiKeyResponse, CreateApiKeyParams, ContractsListParams, ContractsEnvelope, Contracts, ContractSummary, ContractConformance, ContractCallsWalkParams, ContractCallsListParams, ContractCallsEnvelope, ContextSnapshot, ContextAccount, ChainTriggerType, ChainTrigger, CanonicalWalkParams, CanonicalListParams, CanonicalEnvelope, CURSOR_SLUGS, BlocksWalkParams, BlocksListParams, BlocksEnvelope, BlockEnvelope, AuthError, ApiKeys, ApiError, ActiveSubgraphOperation };

package/dist/index.js

@@ -1542,6 +1542,9 @@ class Subscriptions extends BaseClient {
   async rotateSecret(id) {
     return this.request("POST", `/api/subscriptions/${id}/rotate-secret`);
   }
+  async test(id) {
+    return this.request("POST", `/api/subscriptions/${id}/test`);
+  }
   async recentDeliveries(id) {
     return this.request("GET", `/api/subscriptions/${id}/deliveries`);
   }
@@ -1965,8 +1968,84 @@ function verifySecondlayerSignature(rawBody, headers, publicKeyPem) {
   const signature = pickHeader(headers, "x-secondlayer-signature");
   return verifySecondlayerSignatureValues(rawBody, id, signature, publicKeyPem);
 }
+// src/proofs.ts
+import {
+  verifySignerSignatures
+} from "@secondlayer/shared/node/consensus";
+import {
+  nakamotoBlockHash,
+  nakamotoBlockId,
+  parseNakamotoBlockHeader,
+  stacksTxid,
+  verifyTxMerkleProof
+} from "@secondlayer/shared/node/nakamoto";
+var strip = (h) => h.startsWith("0x") ? h.slice(2) : h;
+var bytes = (h) => Uint8Array.from(Buffer.from(strip(h), "hex"));
+async function fetchRewardSet(opts) {
+  const f = opts.fetchImpl ?? fetch;
+  const res = await f(`${opts.nodeUrl.replace(/\/+$/, "")}/v3/stacker_set/${opts.cycle}`);
+  if (res.status === 404)
+    return null;
+  if (!res.ok) {
+    throw new Error(`/v3/stacker_set/${opts.cycle} returned ${res.status}`);
+  }
+  const body = await res.json();
+  const signers = body.stacker_set.signers.map((s) => ({
+    signing_key: strip(s.signing_key),
+    weight: s.weight
+  }));
+  return {
+    signers,
+    total_weight: signers.reduce((sum, s) => sum + s.weight, 0)
+  };
+}
+function verifyTransactionProof(proof, opts) {
+  const errors = [];
+  const computedTxid = stacksTxid(bytes(proof.raw_tx));
+  const txidMatches = computedTxid === strip(proof.txid);
+  if (!txidMatches)
+    errors.push("txid does not match raw_tx");
+  const header = parseNakamotoBlockHeader(bytes(proof.raw_header));
+  const includedInHeader = verifyTxMerkleProof(computedTxid, proof.tx_merkle_path, header.txMerkleRoot);
+  if (!includedInHeader)
+    errors.push("merkle path does not reach tx_merkle_root");
+  const blockHash = nakamotoBlockHash(header);
+  const indexBlockHash = nakamotoBlockId(blockHash, header.consensusHash);
+  const headerSelfConsistent = indexBlockHash === strip(proof.index_block_hash);
+  if (!headerSelfConsistent) {
+    errors.push("recomputed index_block_hash does not match proof");
+  }
+  const anchoredOk = txidMatches && includedInHeader && headerSelfConsistent;
+  const rewardSet = opts?.rewardSet ?? proof.consensus?.reward_set;
+  let level = "anchored";
+  let signerWeightBps;
+  let thresholdMet;
+  let rewardSetSource;
+  if (rewardSet) {
+    const v = verifySignerSignatures(blockHash, header.signerSignatures, rewardSet);
+    signerWeightBps = v.totalWeight > 0 ? Math.round(v.signedWeight / v.totalWeight * 1e4) : 0;
+    thresholdMet = v.thresholdMet;
+    rewardSetSource = opts?.rewardSet ? "provided" : "embedded";
+    if (!thresholdMet)
+      errors.push("signer weight below the 70% threshold");
+    if (anchoredOk && thresholdMet)
+      level = "consensus";
+  }
+  return {
+    level,
+    txidMatches,
+    includedInHeader,
+    headerSelfConsistent,
+    signerWeightBps,
+    thresholdMet,
+    rewardSetSource,
+    ok: anchoredOk && (rewardSet ? thresholdMet === true : true),
+    errors
+  };
+}
 export {
   verifyWebhookSignature,
+  verifyTransactionProof,
   verifySecondlayerSignature,
   trigger,
   toJsonSafe,
@@ -1982,6 +2061,7 @@ export {
   isFtMint,
   isFtBurn,
   getSubgraph,
+  fetchRewardSet,
   decodeStxTransfer,
   decodeStxMint,
   decodeStxLock,
@@ -2013,5 +2093,5 @@ export {
   ApiError
 };
 
-//# debugId=7E891A303DCCD65B64756E2164756E21
+//# debugId=9DCF0337E6524B2364756E2164756E21
 //# sourceMappingURL=index.js.map