@worldcoin/idkit-core 2.0.2 → 4.0.0-dev.777cdbe

package/dist/index.d.ts

@@ -0,0 +1,763 @@
+/**
+ * Configuration types for IDKit
+ *
+ * Note: CredentialType, CredentialRequestType, and ConstraintNode are now
+ * re-exported from WASM (source of truth: rust/core/src/wasm_bindings.rs)
+ */
+declare const brand: unique symbol;
+type Brand<T, TBrand extends string> = T & {
+    [brand]: TBrand;
+};
+type AbiEncodedValue = Brand<{
+    types: string[];
+    values: unknown[];
+}, "AbiEncodedValue">;
+/**
+ * Relying Party context for IDKit requests
+ *
+ * Contains RP-specific data needed to construct a ProofRequest.
+ * This should be generated and signed by your backend.
+ */
+type RpContext = {
+    /** The registered RP ID (e.g., "rp_123456789abcdef0") */
+    rp_id: string;
+    /** Unique nonce for this proof request */
+    nonce: string;
+    /** Unix timestamp (seconds since epoch) when created */
+    created_at: number;
+    /** Unix timestamp (seconds since epoch) when expires */
+    expires_at: number;
+    /** The RP's ECDSA signature of the nonce and created_at timestamp */
+    signature: string;
+};
+/**
+ * Configuration for IDKit.request()
+ */
+type IDKitRequestConfig = {
+    /** Unique identifier for the app verifying the action. This should be the app ID obtained from the Developer Portal. */
+    app_id: `app_${string}`;
+    /** Identifier for the action the user is performing. Should be left blank for [Sign in with Worldcoin](https://docs.world.org/id/sign-in). */
+    action: AbiEncodedValue | string;
+    /** RP context for protocol-level proof requests (required) */
+    rp_context: RpContext;
+    /** The description of the specific action (shown to users in World App). Only recommended for actions created on-the-fly. */
+    action_description?: string;
+    /** URL to a third-party bridge to use when connecting to the World App. Optional. */
+    bridge_url?: string;
+    /**
+     * Whether to accept legacy (v3) World ID proofs as fallback.
+     *
+     * - `true`: Accept both v3 and v4 proofs. Use during migration.
+     *   You must track both v3 and v4 nullifiers to prevent double-claims.
+     * - `false`: Only accept v4 proofs. Use after migration cutoff or for new apps.
+     */
+    allow_legacy_proofs: boolean;
+    /** Optional override for the connect base URL (e.g., for staging environments) */
+    override_connect_base_url?: string;
+    /** Optional environment override. Defaults to "production". */
+    environment?: "production" | "staging";
+};
+/**
+ * Configuration for IDKit.createSession() and IDKit.proveSession()
+ *
+ * Session requests don't have an action field - they're used for session-based
+ * authentication where the user proves they're the same person across visits.
+ *
+ * Sessions are always World ID v4 - there is no legacy (v3) session support.
+ */
+type IDKitSessionConfig = {
+    /** Unique identifier for the app verifying the session. This should be the app ID obtained from the Developer Portal. */
+    app_id: `app_${string}`;
+    /** RP context for protocol-level proof requests (required) */
+    rp_context: RpContext;
+    /** The description of the action (shown to users in World App). Optional. */
+    action_description?: string;
+    /** URL to a third-party bridge to use when connecting to the World App. Optional. */
+    bridge_url?: string;
+    /** Optional override for the connect base URL (e.g., for staging environments) */
+    override_connect_base_url?: string;
+    /** Optional environment override. Defaults to "production". */
+    environment?: "production" | "staging";
+};
+
+type CredentialType = "orb" | "face" | "secure_document" | "document" | "device";
+
+interface CredentialRequestType {
+    type: CredentialType;
+    /** Signal can be a string or raw bytes (Uint8Array) */
+    signal?: string | Uint8Array;
+    genesis_issued_at_min?: number;
+    expires_at_min?: number;
+}
+
+type ConstraintNode =
+    | CredentialRequestType
+    | { any: ConstraintNode[] }
+    | { all: ConstraintNode[] };
+
+
+
+/** V4 response item for World ID v4 uniqueness proofs */
+interface ResponseItemV4 {
+    /** Credential identifier (e.g., "orb", "face", "document") */
+    identifier: string;
+    /** Signal hash (optional, included if signal was provided in request) */
+    signal_hash?: string;
+    /** Encoded World ID proof: first 4 elements are compressed Groth16 proof, 5th is Merkle root (hex strings). Compatible with WorldIDVerifier.sol */
+    proof: string[];
+    /** RP-scoped nullifier (hex) */
+    nullifier: string;
+    /** Credential issuer schema ID (1=orb, 2=face, 3=secure_document, 4=document, 5=device) */
+    issuer_schema_id: number;
+    /** Minimum expiration timestamp (unix seconds) */
+    expires_at_min: number;
+}
+
+/** V3 response item for World ID v3 (legacy format) */
+interface ResponseItemV3 {
+    /** Credential identifier (e.g., "orb", "face") */
+    identifier: string;
+    /** Signal hash (optional, included if signal was provided in request) */
+    signal_hash?: string;
+    /** ABI-encoded proof (hex) */
+    proof: string;
+    /** Merkle root (hex) */
+    merkle_root: string;
+    /** Nullifier (hex) */
+    nullifier: string;
+}
+
+/** Session response item for World ID v4 session proofs */
+interface ResponseItemSession {
+    /** Credential identifier (e.g., "orb", "face", "document") */
+    identifier: string;
+    /** Signal hash (optional, included if signal was provided in request) */
+    signal_hash?: string;
+    /** Encoded World ID proof: first 4 elements are compressed Groth16 proof, 5th is Merkle root (hex strings). Compatible with WorldIDVerifier.sol */
+    proof: string[];
+    /** Session nullifier: 1st element is the session nullifier, 2nd is the generated action (hex strings) */
+    session_nullifier: string[];
+    /** Credential issuer schema ID (1=orb, 2=face, 3=secure_document, 4=document, 5=device) */
+    issuer_schema_id: number;
+    /** Minimum expiration timestamp (unix seconds) */
+    expires_at_min: number;
+}
+
+/** V3 result (legacy format - no session support) */
+interface IDKitResultV3 {
+    /** Protocol version 3.0 */
+    protocol_version: "3.0";
+    /** Nonce used in the request */
+    nonce: string;
+    /** Action identifier (only for uniqueness proofs) */
+    action?: string;
+    /** Action description (only if provided in input) */
+    action_description?: string;
+    /** Array of V3 credential responses */
+    responses: ResponseItemV3[];
+    /** The environment used for this request ("production" or "staging") */
+    environment: string;
+}
+
+/** V4 result for uniqueness proofs */
+interface IDKitResultV4 {
+    /** Protocol version 4.0 */
+    protocol_version: "4.0";
+    /** Nonce used in the request */
+    nonce: string;
+    /** Action identifier (required for uniqueness proofs) */
+    action: string;
+    /** Action description (only if provided in input) */
+    action_description?: string;
+    /** Array of V4 credential responses */
+    responses: ResponseItemV4[];
+    /** The environment used for this request ("production" or "staging") */
+    environment: string;
+}
+
+/** V4 result for session proofs */
+interface IDKitResultSession {
+    /** Protocol version 4.0 */
+    protocol_version: "4.0";
+    /** Nonce used in the request */
+    nonce: string;
+    /** Action description (only if provided in input) */
+    action_description?: string;
+    /** Session ID returned by the World App */
+    session_id: string;
+    /** Array of session credential responses */
+    responses: ResponseItemSession[];
+    /** The environment used for this request ("production" or "staging") */
+    environment: string;
+}
+
+/**
+ * The unified result structure for all proof types.
+ * Check `session_id` to determine if this is a session proof:
+ * - session_id !== undefined → session proof
+ * - session_id === undefined → uniqueness proof
+ */
+type IDKitResult = IDKitResultV3 | IDKitResultV4 | IDKitResultSession;
+
+/** Error codes from World App (mirrors Rust AppError) */
+type IDKitErrorCode =
+    | "user_rejected"
+    | "verification_rejected"
+    | "credential_unavailable"
+    | "malformed_request"
+    | "invalid_network"
+    | "inclusion_proof_pending"
+    | "inclusion_proof_failed"
+    | "unexpected_response"
+    | "connection_failed"
+    | "max_verifications_reached"
+    | "failed_by_host_app"
+    | "generic_error";
+
+/** Status returned from pollForStatus() */
+type Status$1 =
+    | { type: "waiting_for_connection" }
+    | { type: "awaiting_confirmation" }
+    | { type: "confirmed"; result: IDKitResult }
+    | { type: "failed"; error: IDKitErrorCode };
+
+
+
+interface OrbLegacyPreset {
+    type: "OrbLegacy";
+    signal?: string;
+}
+
+interface SecureDocumentLegacyPreset {
+    type: "SecureDocumentLegacy";
+    signal?: string;
+}
+
+interface DocumentLegacyPreset {
+    type: "DocumentLegacy";
+    signal?: string;
+}
+
+type Preset = OrbLegacyPreset | SecureDocumentLegacyPreset | DocumentLegacyPreset;
+/**
+ * Unified builder for creating `IDKit` requests and sessions (WASM)
+ */
+declare class IDKitBuilder$1 {
+  free(): void;
+  [Symbol.dispose](): void;
+  /**
+   * Creates a `BridgeConnection` with the given constraints
+   */
+  constraints(constraints_json: any): Promise<any>;
+  /**
+   * Creates a new builder for proving an existing session
+   */
+  static forProveSession(session_id: string, app_id: string, rp_context: RpContextWasm, action_description?: string | null, bridge_url?: string | null, override_connect_base_url?: string | null, environment?: string | null): IDKitBuilder$1;
+  /**
+   * Creates a new builder for creating a new session
+   */
+  static forCreateSession(app_id: string, rp_context: RpContextWasm, action_description?: string | null, bridge_url?: string | null, override_connect_base_url?: string | null, environment?: string | null): IDKitBuilder$1;
+  /**
+   * Creates a new builder for uniqueness requests
+   */
+  constructor(app_id: string, action: string, rp_context: RpContextWasm, action_description: string | null | undefined, bridge_url: string | null | undefined, allow_legacy_proofs: boolean, override_connect_base_url?: string | null, environment?: string | null);
+  /**
+   * Creates a `BridgeConnection` from a preset (works for all request types)
+   */
+  preset(preset_json: any): Promise<any>;
+}
+/**
+ * RP Context for protocol-level proof requests (WASM binding)
+ *
+ * Contains RP-specific data needed to construct a `ProofRequest`.
+ */
+declare class RpContextWasm {
+  free(): void;
+  [Symbol.dispose](): void;
+  /**
+   * Creates a new RP context
+   *
+   * # Arguments
+   * * `rp_id` - The registered RP ID (e.g., `"rp_123456789abcdef0"`)
+   * * `nonce` - Unique nonce for this proof request
+   * * `created_at` - Unix timestamp (seconds since epoch) when created
+   * * `expires_at` - Unix timestamp (seconds since epoch) when expires
+   * * `signature` - The RP's ECDSA signature of the `nonce` and `created_at` timestamp
+   *
+   * # Errors
+   *
+   * Returns an error if `rp_id` is not a valid RP ID (must start with `rp_`)
+   */
+  constructor(rp_id: string, nonce: string, created_at: bigint, expires_at: bigint, signature: string);
+}
+
+
+
+interface RpSignature {
+    sig: string;
+    nonce: string;
+    createdAt: number;
+    expiresAt: number;
+    toJSON(): { sig: string; nonce: string; createdAt: number; expiresAt: number };
+}
+declare class RpSignature {
+  private constructor();
+  free(): void;
+  [Symbol.dispose](): void;
+  /**
+   * Converts to JSON
+   *
+   * # Errors
+   *
+   * Returns an error if setting object properties fails
+   */
+  toJSON(): any;
+  /**
+   * Gets the creation timestamp
+   */
+  readonly createdAt: bigint;
+  /**
+   * Gets the expiration timestamp
+   */
+  readonly expiresAt: bigint;
+  /**
+   * Gets the signature as hex string (0x-prefixed, 65 bytes)
+   */
+  readonly sig: string;
+  /**
+   * Gets the nonce as hex string (0x-prefixed field element)
+   */
+  readonly nonce: string;
+}
+
+/**
+ * WASM initialization and management
+ */
+
+/**
+ * Initializes the WASM module for browser environments
+ * Uses fetch-based loading (works with http/https URLs)
+ * This must be called before using any WASM-powered functions
+ * Safe to call multiple times - initialization only happens once
+ */
+declare function initIDKit(): Promise<void>;
+/**
+ * Initializes the WASM module for Node.js/server environments
+ * Uses fs-based loading since Node.js fetch doesn't support file:// URLs
+ * This must be called before using any WASM-powered functions
+ * Safe to call multiple times - initialization only happens once
+ */
+declare function initIDKitServer(): Promise<void>;
+
+/**
+ * Result types - re-exported from WASM bindings
+ *
+ * Source of truth: rust/core/src/wasm_bindings.rs (typescript_custom_section)
+ */
+
+/**
+ * IDKit error codes enum — runtime values for matching against errors.
+ * Values mirror Rust's AppError enum (snake_case via serde rename_all).
+ * Includes client-side codes (timeout, cancelled) not from World App.
+ */
+declare enum IDKitErrorCodes {
+    UserRejected = "user_rejected",
+    VerificationRejected = "verification_rejected",
+    CredentialUnavailable = "credential_unavailable",
+    MalformedRequest = "malformed_request",
+    InvalidNetwork = "invalid_network",
+    InclusionProofPending = "inclusion_proof_pending",
+    InclusionProofFailed = "inclusion_proof_failed",
+    UnexpectedResponse = "unexpected_response",
+    ConnectionFailed = "connection_failed",
+    MaxVerificationsReached = "max_verifications_reached",
+    FailedByHostApp = "failed_by_host_app",
+    GenericError = "generic_error",
+    Timeout = "timeout",
+    Cancelled = "cancelled"
+}
+
+/**
+ * IDKit Request
+ * Pure functional API for World ID verification - no dependencies
+ */
+
+/** Options for pollUntilCompletion() */
+interface WaitOptions {
+    /** Milliseconds between polls (default: 1000) */
+    pollInterval?: number;
+    /** Total timeout in milliseconds (default: 300000 = 5 minutes) */
+    timeout?: number;
+    /** AbortSignal for cancellation */
+    signal?: AbortSignal;
+}
+/** Status returned from pollOnce() */
+interface Status {
+    type: "waiting_for_connection" | "awaiting_confirmation" | "confirmed" | "failed";
+    result?: IDKitResult;
+    error?: IDKitErrorCodes;
+}
+/** Result from pollUntilCompletion() — discriminated union, never throws */
+type IDKitCompletionResult = {
+    success: true;
+    result: IDKitResult;
+} | {
+    success: false;
+    error: IDKitErrorCodes;
+};
+
+/**
+ * A World ID verification request
+ *
+ * Provides a clean, promise-based API for World ID verification flows.
+ * Each request represents a single verification attempt.
+ */
+interface IDKitRequest {
+    /** QR code URL for World App - display this as a QR code for users to scan */
+    readonly connectorURI: string;
+    /** Unique request ID for this verification */
+    readonly requestId: string;
+    /** Poll once for current status (for manual polling) */
+    pollOnce(): Promise<Status>;
+    /** Poll continuously until completion or timeout */
+    pollUntilCompletion(options?: WaitOptions): Promise<IDKitCompletionResult>;
+}
+/**
+ * Creates a CredentialRequest for a credential type
+ *
+ * @param credential_type - The type of credential to request (e.g., 'orb', 'face')
+ * @param options - Optional signal, genesis_issued_at_min, and expires_at_min
+ * @returns A CredentialRequest object
+ *
+ * @example
+ * ```typescript
+ * const orb = CredentialRequest('orb', { signal: 'user-123' })
+ * const face = CredentialRequest('face')
+ * // Require credential to be valid for at least one year
+ * const withExpiry = CredentialRequest('orb', { expires_at_min: Date.now() / 1000 + 60 * 60 * 60 * 24 * 365 })
+ * ```
+ */
+declare function CredentialRequest(credential_type: CredentialType, options?: {
+    signal?: string;
+    genesis_issued_at_min?: number;
+    expires_at_min?: number;
+}): CredentialRequestType;
+/**
+ * Creates an OR constraint - at least one child must be satisfied
+ *
+ * @param nodes - Constraint nodes (CredentialRequests or nested constraints)
+ * @returns An "any" constraint node
+ *
+ * @example
+ * ```typescript
+ * const constraint = any(CredentialRequest('orb'), CredentialRequest('face'))
+ * ```
+ */
+declare function any(...nodes: ConstraintNode[]): {
+    any: ConstraintNode[];
+};
+/**
+ * Creates an AND constraint - all children must be satisfied
+ *
+ * @param nodes - Constraint nodes (CredentialRequests or nested constraints)
+ * @returns An "all" constraint node
+ *
+ * @example
+ * ```typescript
+ * const constraint = all(CredentialRequest('orb'), any(CredentialRequest('document'), CredentialRequest('secure_document')))
+ * ```
+ */
+declare function all(...nodes: ConstraintNode[]): {
+    all: ConstraintNode[];
+};
+
+/**
+ * Creates an OrbLegacy preset for World ID 3.0 legacy support
+ *
+ * This preset creates an IDKit request compatible with both World ID 4.0 and 3.0 protocols.
+ * Use this when you need backward compatibility with older World App versions.
+ *
+ * @param opts - Optional configuration with signal
+ * @returns An OrbLegacy preset
+ *
+ * @example
+ * ```typescript
+ * const request = await IDKit.request({ app_id, action, rp_context })
+ *   .preset(orbLegacy({ signal: 'user-123' }))
+ * ```
+ */
+declare function orbLegacy(opts?: {
+    signal?: string;
+}): OrbLegacyPreset;
+/**
+ * Creates a SecureDocumentLegacy preset for World ID 3.0 legacy support
+ *
+ * This preset creates an IDKit request compatible with both World ID 4.0 and 3.0 protocols.
+ * Use this when you need backward compatibility with older World App versions.
+ *
+ * @param opts - Optional configuration with signal
+ * @returns A SecureDocumentLegacy preset
+ *
+ * @example
+ * ```typescript
+ * const request = await IDKit.request({ app_id, action, rp_context })
+ *   .preset(secureDocumentLegacy({ signal: 'user-123' }))
+ * ```
+ */
+declare function secureDocumentLegacy(opts?: {
+    signal?: string;
+}): SecureDocumentLegacyPreset;
+/**
+ * Creates a DocumentLegacy preset for World ID 3.0 legacy support
+ *
+ * This preset creates an IDKit request compatible with both World ID 4.0 and 3.0 protocols.
+ * Use this when you need backward compatibility with older World App versions.
+ *
+ * @param opts - Optional configuration with signal
+ * @returns A DocumentLegacy preset
+ *
+ * @example
+ * ```typescript
+ * const request = await IDKit.request({ app_id, action, rp_context })
+ *   .preset(documentLegacy({ signal: 'user-123' }))
+ * ```
+ */
+declare function documentLegacy(opts?: {
+    signal?: string;
+}): DocumentLegacyPreset;
+/**
+ * Merged builder for IDKit requests
+ */
+declare class IDKitBuilder {
+    private wasmBuilder;
+    constructor(wasmBuilder: IDKitBuilder$1);
+    /**
+     * Creates an IDKit request with the given constraints
+     *
+     * @param constraints - Constraint tree (CredentialRequest or any/all combinators)
+     * @returns A new IDKitRequest instance
+     *
+     * @example
+     * ```typescript
+     * const builder = await IDKit.request({ app_id, action, rp_context });
+     * const request = await builder.constraints(any(CredentialRequest('orb'), CredentialRequest('face')));
+     * ```
+     */
+    /**
+     * Creates an IDKit request from a preset (works for all request types)
+     *
+     * Presets provide a simplified way to create requests with predefined
+     * credential configurations.
+     *
+     * @param preset - A preset object from orbLegacy()
+     * @returns A new IDKitRequest instance
+     *
+     * @example
+     * ```typescript
+     * const builder = await IDKit.request({ app_id, action, rp_context });
+     * const request = await builder.preset(orbLegacy({ signal: 'user-123' }));
+     * ```
+     */
+    preset(preset: Preset): Promise<IDKitRequest>;
+}
+/**
+ * Creates an IDKit request builder
+ *
+ * This is the main entry point for creating World ID verification requests.
+ * Use the builder pattern with constraints to specify which credentials to accept.
+ *
+ * @param config - Request configuration
+ * @returns IDKitBuilder - A builder instance
+ *
+ * @example
+ * ```typescript
+ * import { IDKit, CredentialRequest, any } from '@worldcoin/idkit-core'
+ *
+ * // Initialize WASM (only needed once)
+ * await IDKit.init()
+ *
+ * // Create request items
+ * const orb = CredentialRequest('orb', { signal: 'user-123' })
+ * const face = CredentialRequest('face')
+ *
+ * // Create a verification request with constraints
+ * const request = await IDKit.request({
+ *   app_id: 'app_staging_xxxxx',
+ *   action: 'my-action',
+ *   rp_context: {
+ *     rp_id: 'rp_123456789abcdef0',
+ *     nonce: 'unique-nonce',
+ *     created_at: Math.floor(Date.now() / 1000),
+ *     expires_at: Math.floor(Date.now() / 1000) + 3600,
+ *     signature: 'ecdsa-signature-from-backend',
+ *   },
+ *   allow_legacy_proofs: false,
+ * }).constraints(any(orb, face));
+ *
+ * // Display QR code
+ * console.log('Scan this:', request.connectorURI)
+ *
+ * // Wait for proof
+ * const proof = await request.pollUntilCompletion()
+ * console.log('Success:', proof)
+ * ```
+ */
+declare function createRequest(config: IDKitRequestConfig): IDKitBuilder;
+/**
+ * Creates a new session builder (no action, no existing session_id)
+ *
+ * Use this when creating a new session for a user who doesn't have one yet.
+ * The response will include a `session_id` that should be saved for future
+ * session proofs with `proveSession()`.
+ *
+ * @param config - Session configuration (no action field)
+ * @returns IDKitBuilder - A builder instance
+ *
+ * @example
+ * ```typescript
+ * import { IDKit, CredentialRequest, any } from '@worldcoin/idkit-core'
+ *
+ * // Create a new session (user doesn't have session_id yet)
+ * const request = await IDKit.createSession({
+ *   app_id: 'app_staging_xxxxx',
+ *   rp_context: { ... },
+ * }).constraints(any(CredentialRequest('orb'), CredentialRequest('face')));
+ *
+ * // Display QR, wait for proof
+ * const result = await request.pollUntilCompletion();
+ * // result.session_id -> save this for future sessions
+ * // result.responses[0].session_nullifier -> for session tracking
+ * ```
+ */
+declare function createSession(config: IDKitSessionConfig): IDKitBuilder;
+/**
+ * Creates a builder for proving an existing session (no action, has session_id)
+ *
+ * Use this when a returning user needs to prove they own an existing session.
+ * The `sessionId` should be a value previously returned from `createSession()`.
+ *
+ * @param sessionId - The session ID from a previous session creation
+ * @param config - Session configuration (no action field)
+ * @returns IDKitBuilder - A builder instance
+ *
+ * @example
+ * ```typescript
+ * import { IDKit, CredentialRequest, any } from '@worldcoin/idkit-core'
+ *
+ * // Prove an existing session (user returns)
+ * const request = await IDKit.proveSession(savedSessionId, {
+ *   app_id: 'app_staging_xxxxx',
+ *   rp_context: { ... },
+ * }).constraints(any(CredentialRequest('orb'), CredentialRequest('face')));
+ *
+ * const result = await request.pollUntilCompletion();
+ * // result.session_id -> same session
+ * // result.responses[0].session_nullifier -> should match for same user
+ * ```
+ */
+declare function proveSession(sessionId: string, config: IDKitSessionConfig): IDKitBuilder;
+/**
+ * IDKit namespace providing the main API entry points
+ *
+ * @example
+ * ```typescript
+ * import { IDKit, CredentialRequest, any } from '@worldcoin/idkit-core'
+ *
+ * // Initialize (only needed once)
+ * await IDKit.init()
+ *
+ * // Create a request
+ * const request = await IDKit.request({
+ *   app_id: 'app_staging_xxxxx',
+ *   action: 'my-action',
+ *   rp_context: { ... },
+ * }).constraints(any(CredentialRequest('orb'), CredentialRequest('face')))
+ *
+ * // Display QR and wait for proof
+ * console.log(request.connectorURI)
+ * const proof = await request.pollUntilCompletion()
+ * ```
+ */
+declare const IDKit: {
+    /** Initialize WASM for browser environments */
+    init: typeof initIDKit;
+    /** Initialize WASM for Node.js/server environments */
+    initServer: typeof initIDKitServer;
+    /** Create a new verification request */
+    request: typeof createRequest;
+    /** Create a new session (no action, no existing session_id) */
+    createSession: typeof createSession;
+    /** Prove an existing session (no action, has session_id) */
+    proveSession: typeof proveSession;
+    /** Create a CredentialRequest for a credential type */
+    CredentialRequest: typeof CredentialRequest;
+    /** Create an OR constraint - at least one child must be satisfied */
+    any: typeof any;
+    /** Create an AND constraint - all children must be satisfied */
+    all: typeof all;
+    /** Create an OrbLegacy preset for World ID 3.0 legacy support */
+    orbLegacy: typeof orbLegacy;
+    /** Create a SecureDocumentLegacy preset for World ID 3.0 legacy support */
+    secureDocumentLegacy: typeof secureDocumentLegacy;
+    /** Create a DocumentLegacy preset for World ID 3.0 legacy support */
+    documentLegacy: typeof documentLegacy;
+};
+
+/**
+ * Platform detection utilities
+ *
+ * These functions help detect the runtime environment (React Native, Web, Node.js)
+ * to enable platform-specific behavior or warnings.
+ */
+/**
+ * Checks if the code is running in React Native environment
+ * @returns true if running in React Native, false otherwise
+ */
+declare const isReactNative: () => boolean;
+/**
+ * Checks if the code is running in a web browser environment
+ * @returns true if running in a browser, false otherwise
+ */
+declare const isWeb: () => boolean;
+/**
+ * Checks if the code is running in Node.js environment
+ * @returns true if running in Node.js, false otherwise
+ */
+declare const isNode: () => boolean;
+
+/**
+ * Signs an RP request for World ID proof verification
+ *
+ * **Backend-only**: This function should ONLY be used in Node.js/server environments.
+ * Never use this in browser/client-side code as it requires access to your signing key.
+ *
+ * This function generates a cryptographic signature that authenticates your proof request.
+ * The returned signature, nonce, and timestamps should be passed as `rp_context` to the client.
+ *
+ * @param action - The action tied to the proof request
+ * @param signingKeyHex - The ECDSA private key as hex (0x-prefixed or not, 32 bytes)
+ * @param ttlSeconds - Optional time-to-live in seconds (defaults to 300 = 5 minutes)
+ * @returns RpSignature object with sig, nonce, createdAt, expiresAt to use as rp_context
+ * @throws Error if called in non-Node.js environment or if parameters are invalid
+ *
+ * @example
+ * ```typescript
+ * import { signRequest } from '@worldcoin/idkit-core'
+ *
+ * const signingKey = process.env.RP_SIGNING_KEY // Load from secure env var
+ * const signature = signRequest('my-action', signingKey)
+ * console.log(signature.sig, signature.nonce, signature.createdAt, signature.expiresAt)
+ * ```
+ */
+declare function signRequest(action: string, signingKeyHex: string, ttlSeconds?: number): RpSignature;
+
+/**
+ * Hashes a Signal (string or Uint8Array) to its hash representation.
+ * This is the same hashing used internally when constructing proof requests.
+ *
+ * @param signal - The signal to hash (string or Uint8Array)
+ * @returns 0x-prefixed hex string representing the signal hash
+ */
+declare function hashSignal(signal: string | Uint8Array): string;
+
+export { type AbiEncodedValue, type ConstraintNode, CredentialRequest, type CredentialRequestType, type CredentialType, type DocumentLegacyPreset, IDKit, type IDKitCompletionResult, type IDKitErrorCode, IDKitErrorCodes, type IDKitRequest, type IDKitRequestConfig, type IDKitResult, type IDKitResultSession, type IDKitSessionConfig, type OrbLegacyPreset, type Preset, type ResponseItemSession, type ResponseItemV3, type ResponseItemV4, type RpContext, RpSignature, type SecureDocumentLegacyPreset, type Status$1 as Status, type WaitOptions, all, any, documentLegacy, hashSignal, isNode, isReactNative, isWeb, orbLegacy, secureDocumentLegacy, signRequest };