@worldcoin/idkit-core 4.0.1-dev.123c6a8 → 4.0.1-dev.370b7c0

package/dist/index.cjs

@@ -1,5 +1,11 @@
 'use strict';
 
+var sha3 = require('@noble/hashes/sha3');
+var utils = require('@noble/hashes/utils');
+var hmac = require('@noble/hashes/hmac');
+var sha2 = require('@noble/hashes/sha2');
+var secp256k1 = require('@noble/secp256k1');
+
 var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
 var __defProp = Object.defineProperty;
 var __export = (target, all2) => {
@@ -7,54 +13,43 @@ var __export = (target, all2) => {
     __defProp(target, name, { get: all2[name], enumerable: true });
 };
 
-// src/types/bridge.ts
-var AppErrorCodes = /* @__PURE__ */ ((AppErrorCodes2) => {
-  AppErrorCodes2["ConnectionFailed"] = "connection_failed";
-  AppErrorCodes2["VerificationRejected"] = "verification_rejected";
-  AppErrorCodes2["MaxVerificationsReached"] = "max_verifications_reached";
-  AppErrorCodes2["CredentialUnavailable"] = "credential_unavailable";
-  AppErrorCodes2["MalformedRequest"] = "malformed_request";
-  AppErrorCodes2["InvalidNetwork"] = "invalid_network";
-  AppErrorCodes2["InclusionProofFailed"] = "inclusion_proof_failed";
-  AppErrorCodes2["InclusionProofPending"] = "inclusion_proof_pending";
-  AppErrorCodes2["UnexpectedResponse"] = "unexpected_response";
-  AppErrorCodes2["FailedByHostApp"] = "failed_by_host_app";
-  AppErrorCodes2["GenericError"] = "generic_error";
-  return AppErrorCodes2;
-})(AppErrorCodes || {});
-var VerificationState = /* @__PURE__ */ ((VerificationState2) => {
-  VerificationState2["PreparingClient"] = "loading_widget";
-  VerificationState2["WaitingForConnection"] = "awaiting_connection";
-  VerificationState2["WaitingForApp"] = "awaiting_app";
-  VerificationState2["Confirmed"] = "confirmed";
-  VerificationState2["Failed"] = "failed";
-  return VerificationState2;
-})(VerificationState || {});
-var ResponseStatus = /* @__PURE__ */ ((ResponseStatus2) => {
-  ResponseStatus2["Retrieved"] = "retrieved";
-  ResponseStatus2["Completed"] = "completed";
-  ResponseStatus2["Initialized"] = "initialized";
-  return ResponseStatus2;
-})(ResponseStatus || {});
+// src/types/result.ts
+var IDKitErrorCodes = /* @__PURE__ */ ((IDKitErrorCodes2) => {
+  IDKitErrorCodes2["UserRejected"] = "user_rejected";
+  IDKitErrorCodes2["VerificationRejected"] = "verification_rejected";
+  IDKitErrorCodes2["CredentialUnavailable"] = "credential_unavailable";
+  IDKitErrorCodes2["MalformedRequest"] = "malformed_request";
+  IDKitErrorCodes2["InvalidNetwork"] = "invalid_network";
+  IDKitErrorCodes2["InclusionProofPending"] = "inclusion_proof_pending";
+  IDKitErrorCodes2["InclusionProofFailed"] = "inclusion_proof_failed";
+  IDKitErrorCodes2["UnexpectedResponse"] = "unexpected_response";
+  IDKitErrorCodes2["ConnectionFailed"] = "connection_failed";
+  IDKitErrorCodes2["MaxVerificationsReached"] = "max_verifications_reached";
+  IDKitErrorCodes2["FailedByHostApp"] = "failed_by_host_app";
+  IDKitErrorCodes2["GenericError"] = "generic_error";
+  IDKitErrorCodes2["Timeout"] = "timeout";
+  IDKitErrorCodes2["Cancelled"] = "cancelled";
+  return IDKitErrorCodes2;
+})(IDKitErrorCodes || {});
 
 // wasm/idkit_wasm.js
 var idkit_wasm_exports = {};
 __export(idkit_wasm_exports, {
   BridgeEncryption: () => BridgeEncryption,
   CredentialRequestWasm: () => CredentialRequestWasm,
+  IDKitBuilder: () => IDKitBuilder,
   IDKitProof: () => IDKitProof,
   IDKitRequest: () => IDKitRequest,
-  IDKitRequestBuilderWasm: () => IDKitRequestBuilderWasm,
   RpContextWasm: () => RpContextWasm,
   RpSignature: () => RpSignature,
   base64Decode: () => base64Decode,
   base64Encode: () => base64Encode,
+  createSession: () => createSession,
   default: () => idkit_wasm_default,
   hashSignal: () => hashSignal,
-  hashSignalBytes: () => hashSignalBytes,
   initSync: () => initSync,
   init_wasm: () => init_wasm,
-  orbLegacy: () => orbLegacy,
+  proveSession: () => proveSession,
   request: () => request,
   signRequest: () => signRequest
 });
@@ -251,54 +246,28 @@ function makeMutClosure(arg0, arg1, dtor, f) {
   CLOSURE_DTORS.register(real, state, state);
   return real;
 }
-function hashSignal(signal) {
-  let deferred2_0;
-  let deferred2_1;
-  try {
-    const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-    const ptr0 = passStringToWasm0(signal, wasm.__wbindgen_export, wasm.__wbindgen_export2);
-    const len0 = WASM_VECTOR_LEN;
-    wasm.hashSignal(retptr, ptr0, len0);
-    var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
-    var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
-    deferred2_0 = r0;
-    deferred2_1 = r1;
-    return getStringFromWasm0(r0, r1);
-  } finally {
-    wasm.__wbindgen_add_to_stack_pointer(16);
-    wasm.__wbindgen_export4(deferred2_0, deferred2_1, 1);
-  }
-}
-function passArray8ToWasm0(arg, malloc) {
-  const ptr = malloc(arg.length * 1, 1) >>> 0;
-  getUint8ArrayMemory0().set(arg, ptr / 1);
-  WASM_VECTOR_LEN = arg.length;
-  return ptr;
-}
-function hashSignalBytes(bytes) {
-  let deferred2_0;
-  let deferred2_1;
-  try {
-    const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-    const ptr0 = passArray8ToWasm0(bytes, wasm.__wbindgen_export);
-    const len0 = WASM_VECTOR_LEN;
-    wasm.hashSignal(retptr, ptr0, len0);
-    var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
-    var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
-    deferred2_0 = r0;
-    deferred2_1 = r1;
-    return getStringFromWasm0(r0, r1);
-  } finally {
-    wasm.__wbindgen_add_to_stack_pointer(16);
-    wasm.__wbindgen_export4(deferred2_0, deferred2_1, 1);
-  }
-}
 function _assertClass(instance, klass) {
   if (!(instance instanceof klass)) {
     throw new Error(`expected instance of ${klass.name}`);
   }
 }
-function request(app_id, action, rp_context, action_description, bridge_url) {
+function createSession(app_id, rp_context, action_description, bridge_url, override_connect_base_url, environment) {
+  const ptr0 = passStringToWasm0(app_id, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+  const len0 = WASM_VECTOR_LEN;
+  _assertClass(rp_context, RpContextWasm);
+  var ptr1 = rp_context.__destroy_into_raw();
+  var ptr2 = isLikeNone(action_description) ? 0 : passStringToWasm0(action_description, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+  var len2 = WASM_VECTOR_LEN;
+  var ptr3 = isLikeNone(bridge_url) ? 0 : passStringToWasm0(bridge_url, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+  var len3 = WASM_VECTOR_LEN;
+  var ptr4 = isLikeNone(override_connect_base_url) ? 0 : passStringToWasm0(override_connect_base_url, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+  var len4 = WASM_VECTOR_LEN;
+  var ptr5 = isLikeNone(environment) ? 0 : passStringToWasm0(environment, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+  var len5 = WASM_VECTOR_LEN;
+  const ret = wasm.createSession(ptr0, len0, ptr1, ptr2, len2, ptr3, len3, ptr4, len4, ptr5, len5);
+  return IDKitBuilder.__wrap(ret);
+}
+function request(app_id, action, rp_context, action_description, bridge_url, allow_legacy_proofs, override_connect_base_url, environment) {
   const ptr0 = passStringToWasm0(app_id, wasm.__wbindgen_export, wasm.__wbindgen_export2);
   const len0 = WASM_VECTOR_LEN;
   const ptr1 = passStringToWasm0(action, wasm.__wbindgen_export, wasm.__wbindgen_export2);
@@ -309,28 +278,56 @@ function request(app_id, action, rp_context, action_description, bridge_url) {
   var len3 = WASM_VECTOR_LEN;
   var ptr4 = isLikeNone(bridge_url) ? 0 : passStringToWasm0(bridge_url, wasm.__wbindgen_export, wasm.__wbindgen_export2);
   var len4 = WASM_VECTOR_LEN;
-  const ret = wasm.idkitrequestbuilderwasm_new(ptr0, len0, ptr1, len1, ptr2, ptr3, len3, ptr4, len4);
-  return IDKitRequestBuilderWasm.__wrap(ret);
+  var ptr5 = isLikeNone(override_connect_base_url) ? 0 : passStringToWasm0(override_connect_base_url, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+  var len5 = WASM_VECTOR_LEN;
+  var ptr6 = isLikeNone(environment) ? 0 : passStringToWasm0(environment, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+  var len6 = WASM_VECTOR_LEN;
+  const ret = wasm.idkitbuilder_new(ptr0, len0, ptr1, len1, ptr2, ptr3, len3, ptr4, len4, allow_legacy_proofs, ptr5, len5, ptr6, len6);
+  return IDKitBuilder.__wrap(ret);
 }
-function orbLegacy(signal) {
+function base64Decode(data) {
   try {
     const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-    var ptr0 = isLikeNone(signal) ? 0 : passStringToWasm0(signal, wasm.__wbindgen_export, wasm.__wbindgen_export2);
-    var len0 = WASM_VECTOR_LEN;
-    wasm.orbLegacy(retptr, ptr0, len0);
+    const ptr0 = passStringToWasm0(data, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    const len0 = WASM_VECTOR_LEN;
+    wasm.base64Decode(retptr, ptr0, len0);
     var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
     var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
     var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
-    if (r2) {
-      throw takeObject(r1);
+    var r3 = getDataViewMemory0().getInt32(retptr + 4 * 3, true);
+    if (r3) {
+      throw takeObject(r2);
     }
-    return takeObject(r0);
+    var v2 = getArrayU8FromWasm0(r0, r1).slice();
+    wasm.__wbindgen_export4(r0, r1 * 1, 1);
+    return v2;
   } finally {
     wasm.__wbindgen_add_to_stack_pointer(16);
   }
 }
-function init_wasm() {
-  wasm.init_wasm();
+function proveSession(session_id, app_id, rp_context, action_description, bridge_url, override_connect_base_url, environment) {
+  const ptr0 = passStringToWasm0(session_id, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+  const len0 = WASM_VECTOR_LEN;
+  const ptr1 = passStringToWasm0(app_id, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+  const len1 = WASM_VECTOR_LEN;
+  _assertClass(rp_context, RpContextWasm);
+  var ptr2 = rp_context.__destroy_into_raw();
+  var ptr3 = isLikeNone(action_description) ? 0 : passStringToWasm0(action_description, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+  var len3 = WASM_VECTOR_LEN;
+  var ptr4 = isLikeNone(bridge_url) ? 0 : passStringToWasm0(bridge_url, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+  var len4 = WASM_VECTOR_LEN;
+  var ptr5 = isLikeNone(override_connect_base_url) ? 0 : passStringToWasm0(override_connect_base_url, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+  var len5 = WASM_VECTOR_LEN;
+  var ptr6 = isLikeNone(environment) ? 0 : passStringToWasm0(environment, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+  var len6 = WASM_VECTOR_LEN;
+  const ret = wasm.idkitbuilder_forProveSession(ptr0, len0, ptr1, len1, ptr2, ptr3, len3, ptr4, len4, ptr5, len5, ptr6, len6);
+  return IDKitBuilder.__wrap(ret);
+}
+function passArray8ToWasm0(arg, malloc) {
+  const ptr = malloc(arg.length * 1, 1) >>> 0;
+  getUint8ArrayMemory0().set(arg, ptr / 1);
+  WASM_VECTOR_LEN = arg.length;
+  return ptr;
 }
 function base64Encode(data) {
   let deferred2_0;
@@ -350,53 +347,61 @@ function base64Encode(data) {
     wasm.__wbindgen_export4(deferred2_0, deferred2_1, 1);
   }
 }
-function base64Decode(data) {
+function init_wasm() {
+  wasm.init_wasm();
+}
+function signRequest(action, signing_key_hex, ttl_seconds) {
   try {
     const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-    const ptr0 = passStringToWasm0(data, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    const ptr0 = passStringToWasm0(action, wasm.__wbindgen_export, wasm.__wbindgen_export2);
     const len0 = WASM_VECTOR_LEN;
-    wasm.base64Decode(retptr, ptr0, len0);
+    const ptr1 = passStringToWasm0(signing_key_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    const len1 = WASM_VECTOR_LEN;
+    wasm.signRequest(retptr, ptr0, len0, ptr1, len1, !isLikeNone(ttl_seconds), isLikeNone(ttl_seconds) ? BigInt(0) : ttl_seconds);
     var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
     var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
     var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
-    var r3 = getDataViewMemory0().getInt32(retptr + 4 * 3, true);
-    if (r3) {
-      throw takeObject(r2);
+    if (r2) {
+      throw takeObject(r1);
     }
-    var v2 = getArrayU8FromWasm0(r0, r1).slice();
-    wasm.__wbindgen_export4(r0, r1 * 1, 1);
-    return v2;
+    return RpSignature.__wrap(r0);
   } finally {
     wasm.__wbindgen_add_to_stack_pointer(16);
   }
 }
-function signRequest(action, signing_key_hex, ttl_seconds) {
+function hashSignal(signal) {
+  let deferred2_0;
+  let deferred2_1;
   try {
     const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-    const ptr0 = passStringToWasm0(action, wasm.__wbindgen_export, wasm.__wbindgen_export2);
-    const len0 = WASM_VECTOR_LEN;
-    const ptr1 = passStringToWasm0(signing_key_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
-    const len1 = WASM_VECTOR_LEN;
-    wasm.signRequest(retptr, ptr0, len0, ptr1, len1, !isLikeNone(ttl_seconds), isLikeNone(ttl_seconds) ? BigInt(0) : ttl_seconds);
+    wasm.hashSignal(retptr, addHeapObject(signal));
     var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
     var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
     var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
-    if (r2) {
-      throw takeObject(r1);
+    var r3 = getDataViewMemory0().getInt32(retptr + 4 * 3, true);
+    var ptr1 = r0;
+    var len1 = r1;
+    if (r3) {
+      ptr1 = 0;
+      len1 = 0;
+      throw takeObject(r2);
     }
-    return RpSignature.__wrap(r0);
+    deferred2_0 = ptr1;
+    deferred2_1 = len1;
+    return getStringFromWasm0(ptr1, len1);
   } finally {
     wasm.__wbindgen_add_to_stack_pointer(16);
+    wasm.__wbindgen_export4(deferred2_0, deferred2_1, 1);
   }
 }
-function __wasm_bindgen_func_elem_551(arg0, arg1) {
-  wasm.__wasm_bindgen_func_elem_551(arg0, arg1);
+function __wasm_bindgen_func_elem_597(arg0, arg1) {
+  wasm.__wasm_bindgen_func_elem_597(arg0, arg1);
 }
-function __wasm_bindgen_func_elem_914(arg0, arg1, arg2) {
-  wasm.__wasm_bindgen_func_elem_914(arg0, arg1, addHeapObject(arg2));
+function __wasm_bindgen_func_elem_960(arg0, arg1, arg2) {
+  wasm.__wasm_bindgen_func_elem_960(arg0, arg1, addHeapObject(arg2));
 }
-function __wasm_bindgen_func_elem_1281(arg0, arg1, arg2, arg3) {
-  wasm.__wasm_bindgen_func_elem_1281(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
+function __wasm_bindgen_func_elem_1345(arg0, arg1, arg2, arg3) {
+  wasm.__wasm_bindgen_func_elem_1345(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
 }
 var __wbindgen_enum_RequestCache = ["default", "no-store", "reload", "no-cache", "force-cache", "only-if-cached"];
 var __wbindgen_enum_RequestCredentials = ["omit", "same-origin", "include"];
@@ -575,7 +580,7 @@ var CredentialRequestWasm = class _CredentialRequestWasm {
     wasm.__wbg_credentialrequestwasm_free(ptr, 0);
   }
   /**
-   * Creates a new request item with ABI-encoded bytes for the signal
+   * Creates a new request item with raw bytes for the signal
    *
    * # Errors
    *
@@ -657,6 +662,34 @@ var CredentialRequestWasm = class _CredentialRequestWasm {
       wasm.__wbindgen_add_to_stack_pointer(16);
     }
   }
+  /**
+   * Creates a new request item with expiration minimum timestamp
+   *
+   * # Errors
+   *
+   * Returns an error if the credential type is invalid
+   * @param {any} credential_type
+   * @param {string | null | undefined} signal
+   * @param {bigint} expires_at_min
+   * @returns {CredentialRequestWasm}
+   */
+  static withExpiresAtMin(credential_type, signal, expires_at_min) {
+    try {
+      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+      var ptr0 = isLikeNone(signal) ? 0 : passStringToWasm0(signal, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+      var len0 = WASM_VECTOR_LEN;
+      wasm.credentialrequestwasm_withExpiresAtMin(retptr, addHeapObject(credential_type), ptr0, len0, expires_at_min);
+      var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+      var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+      var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
+      if (r2) {
+        throw takeObject(r1);
+      }
+      return _CredentialRequestWasm.__wrap(r0);
+    } finally {
+      wasm.__wbindgen_add_to_stack_pointer(16);
+    }
+  }
   /**
    * Creates a new request item
    *
@@ -714,6 +747,191 @@ var CredentialRequestWasm = class _CredentialRequestWasm {
   }
 };
 if (Symbol.dispose) CredentialRequestWasm.prototype[Symbol.dispose] = CredentialRequestWasm.prototype.free;
+var IDKitBuilderFinalization = typeof FinalizationRegistry === "undefined" ? { register: () => {
+}, unregister: () => {
+} } : new FinalizationRegistry((ptr) => wasm.__wbg_idkitbuilder_free(ptr >>> 0, 1));
+var IDKitBuilder = class _IDKitBuilder {
+  static __wrap(ptr) {
+    ptr = ptr >>> 0;
+    const obj = Object.create(_IDKitBuilder.prototype);
+    obj.__wbg_ptr = ptr;
+    IDKitBuilderFinalization.register(obj, obj.__wbg_ptr, obj);
+    return obj;
+  }
+  __destroy_into_raw() {
+    const ptr = this.__wbg_ptr;
+    this.__wbg_ptr = 0;
+    IDKitBuilderFinalization.unregister(this);
+    return ptr;
+  }
+  free() {
+    const ptr = this.__destroy_into_raw();
+    wasm.__wbg_idkitbuilder_free(ptr, 0);
+  }
+  /**
+   * Creates a `BridgeConnection` with the given constraints
+   * @param {any} constraints_json
+   * @returns {Promise<any>}
+   */
+  constraints(constraints_json) {
+    const ptr = this.__destroy_into_raw();
+    const ret = wasm.idkitbuilder_constraints(ptr, addHeapObject(constraints_json));
+    return takeObject(ret);
+  }
+  /**
+   * Builds the native payload for constraints (synchronous, no bridge connection).
+   *
+   * Used by the native transport to get the same payload format as the bridge
+   * without creating a network connection.
+   *
+   * # Errors
+   *
+   * Returns an error if constraints are invalid or payload construction fails.
+   * @param {any} constraints_json
+   * @returns {any}
+   */
+  nativePayload(constraints_json) {
+    try {
+      const ptr = this.__destroy_into_raw();
+      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+      wasm.idkitbuilder_nativePayload(retptr, ptr, addHeapObject(constraints_json));
+      var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+      var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+      var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
+      if (r2) {
+        throw takeObject(r1);
+      }
+      return takeObject(r0);
+    } finally {
+      wasm.__wbindgen_add_to_stack_pointer(16);
+    }
+  }
+  /**
+   * Creates a new builder for proving an existing session
+   * @param {string} session_id
+   * @param {string} app_id
+   * @param {RpContextWasm} rp_context
+   * @param {string | null} [action_description]
+   * @param {string | null} [bridge_url]
+   * @param {string | null} [override_connect_base_url]
+   * @param {string | null} [environment]
+   * @returns {IDKitBuilder}
+   */
+  static forProveSession(session_id, app_id, rp_context, action_description, bridge_url, override_connect_base_url, environment) {
+    const ptr0 = passStringToWasm0(session_id, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    const len0 = WASM_VECTOR_LEN;
+    const ptr1 = passStringToWasm0(app_id, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    const len1 = WASM_VECTOR_LEN;
+    _assertClass(rp_context, RpContextWasm);
+    var ptr2 = rp_context.__destroy_into_raw();
+    var ptr3 = isLikeNone(action_description) ? 0 : passStringToWasm0(action_description, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    var len3 = WASM_VECTOR_LEN;
+    var ptr4 = isLikeNone(bridge_url) ? 0 : passStringToWasm0(bridge_url, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    var len4 = WASM_VECTOR_LEN;
+    var ptr5 = isLikeNone(override_connect_base_url) ? 0 : passStringToWasm0(override_connect_base_url, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    var len5 = WASM_VECTOR_LEN;
+    var ptr6 = isLikeNone(environment) ? 0 : passStringToWasm0(environment, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    var len6 = WASM_VECTOR_LEN;
+    const ret = wasm.idkitbuilder_forProveSession(ptr0, len0, ptr1, len1, ptr2, ptr3, len3, ptr4, len4, ptr5, len5, ptr6, len6);
+    return _IDKitBuilder.__wrap(ret);
+  }
+  /**
+   * Creates a new builder for creating a new session
+   * @param {string} app_id
+   * @param {RpContextWasm} rp_context
+   * @param {string | null} [action_description]
+   * @param {string | null} [bridge_url]
+   * @param {string | null} [override_connect_base_url]
+   * @param {string | null} [environment]
+   * @returns {IDKitBuilder}
+   */
+  static forCreateSession(app_id, rp_context, action_description, bridge_url, override_connect_base_url, environment) {
+    const ptr0 = passStringToWasm0(app_id, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    const len0 = WASM_VECTOR_LEN;
+    _assertClass(rp_context, RpContextWasm);
+    var ptr1 = rp_context.__destroy_into_raw();
+    var ptr2 = isLikeNone(action_description) ? 0 : passStringToWasm0(action_description, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    var len2 = WASM_VECTOR_LEN;
+    var ptr3 = isLikeNone(bridge_url) ? 0 : passStringToWasm0(bridge_url, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    var len3 = WASM_VECTOR_LEN;
+    var ptr4 = isLikeNone(override_connect_base_url) ? 0 : passStringToWasm0(override_connect_base_url, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    var len4 = WASM_VECTOR_LEN;
+    var ptr5 = isLikeNone(environment) ? 0 : passStringToWasm0(environment, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    var len5 = WASM_VECTOR_LEN;
+    const ret = wasm.createSession(ptr0, len0, ptr1, ptr2, len2, ptr3, len3, ptr4, len4, ptr5, len5);
+    return _IDKitBuilder.__wrap(ret);
+  }
+  /**
+   * Builds the native payload from a preset (synchronous, no bridge connection).
+   *
+   * Used by the native transport to get the same payload format as the bridge
+   * without creating a network connection.
+   *
+   * # Errors
+   *
+   * Returns an error if the preset is invalid or payload construction fails.
+   * @param {any} preset_json
+   * @returns {any}
+   */
+  nativePayloadFromPreset(preset_json) {
+    try {
+      const ptr = this.__destroy_into_raw();
+      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+      wasm.idkitbuilder_nativePayloadFromPreset(retptr, ptr, addHeapObject(preset_json));
+      var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+      var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+      var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
+      if (r2) {
+        throw takeObject(r1);
+      }
+      return takeObject(r0);
+    } finally {
+      wasm.__wbindgen_add_to_stack_pointer(16);
+    }
+  }
+  /**
+   * Creates a new builder for uniqueness requests
+   * @param {string} app_id
+   * @param {string} action
+   * @param {RpContextWasm} rp_context
+   * @param {string | null | undefined} action_description
+   * @param {string | null | undefined} bridge_url
+   * @param {boolean} allow_legacy_proofs
+   * @param {string | null} [override_connect_base_url]
+   * @param {string | null} [environment]
+   */
+  constructor(app_id, action, rp_context, action_description, bridge_url, allow_legacy_proofs, override_connect_base_url, environment) {
+    const ptr0 = passStringToWasm0(app_id, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    const len0 = WASM_VECTOR_LEN;
+    const ptr1 = passStringToWasm0(action, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    const len1 = WASM_VECTOR_LEN;
+    _assertClass(rp_context, RpContextWasm);
+    var ptr2 = rp_context.__destroy_into_raw();
+    var ptr3 = isLikeNone(action_description) ? 0 : passStringToWasm0(action_description, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    var len3 = WASM_VECTOR_LEN;
+    var ptr4 = isLikeNone(bridge_url) ? 0 : passStringToWasm0(bridge_url, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    var len4 = WASM_VECTOR_LEN;
+    var ptr5 = isLikeNone(override_connect_base_url) ? 0 : passStringToWasm0(override_connect_base_url, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    var len5 = WASM_VECTOR_LEN;
+    var ptr6 = isLikeNone(environment) ? 0 : passStringToWasm0(environment, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+    var len6 = WASM_VECTOR_LEN;
+    const ret = wasm.idkitbuilder_new(ptr0, len0, ptr1, len1, ptr2, ptr3, len3, ptr4, len4, allow_legacy_proofs, ptr5, len5, ptr6, len6);
+    this.__wbg_ptr = ret >>> 0;
+    IDKitBuilderFinalization.register(this, this.__wbg_ptr, this);
+    return this;
+  }
+  /**
+   * Creates a `BridgeConnection` from a preset (works for all request types)
+   * @param {any} preset_json
+   * @returns {Promise<any>}
+   */
+  preset(preset_json) {
+    const ptr = this.__destroy_into_raw();
+    const ret = wasm.idkitbuilder_preset(ptr, addHeapObject(preset_json));
+    return takeObject(ret);
+  }
+};
+if (Symbol.dispose) IDKitBuilder.prototype[Symbol.dispose] = IDKitBuilder.prototype.free;
 var IDKitProofFinalization = typeof FinalizationRegistry === "undefined" ? { register: () => {
 }, unregister: () => {
 } } : new FinalizationRegistry((ptr) => wasm.__wbg_idkitproof_free(ptr >>> 0, 1));
@@ -896,98 +1114,6 @@ var IDKitRequest = class _IDKitRequest {
   }
 };
 if (Symbol.dispose) IDKitRequest.prototype[Symbol.dispose] = IDKitRequest.prototype.free;
-var IDKitRequestBuilderWasmFinalization = typeof FinalizationRegistry === "undefined" ? { register: () => {
-}, unregister: () => {
-} } : new FinalizationRegistry((ptr) => wasm.__wbg_idkitrequestbuilderwasm_free(ptr >>> 0, 1));
-var IDKitRequestBuilderWasm = class _IDKitRequestBuilderWasm {
-  static __wrap(ptr) {
-    ptr = ptr >>> 0;
-    const obj = Object.create(_IDKitRequestBuilderWasm.prototype);
-    obj.__wbg_ptr = ptr;
-    IDKitRequestBuilderWasmFinalization.register(obj, obj.__wbg_ptr, obj);
-    return obj;
-  }
-  __destroy_into_raw() {
-    const ptr = this.__wbg_ptr;
-    this.__wbg_ptr = 0;
-    IDKitRequestBuilderWasmFinalization.unregister(this);
-    return ptr;
-  }
-  free() {
-    const ptr = this.__destroy_into_raw();
-    wasm.__wbg_idkitrequestbuilderwasm_free(ptr, 0);
-  }
-  /**
-   * Creates an `IDKit` request with the given constraints
-   *
-   * # Arguments
-   * * `constraints_json` - Constraint tree as JSON (`CredentialRequest` or `{any: []}` or `{all: []}`)
-   *
-   * # Errors
-   *
-   * Returns an error if the request cannot be created
-   * @param {any} constraints_json
-   * @returns {Promise<any>}
-   */
-  constraints(constraints_json) {
-    const ptr = this.__destroy_into_raw();
-    const ret = wasm.idkitrequestbuilderwasm_constraints(ptr, addHeapObject(constraints_json));
-    return takeObject(ret);
-  }
-  /**
-   * Creates a new `IDKitRequestBuilder`
-   *
-   * # Arguments
-   * * `app_id` - Application ID from the Developer Portal
-   * * `action` - Action identifier
-   * * `rp_context` - RP context for building protocol-level `ProofRequest`
-   * * `action_description` - Optional action description shown to users
-   * * `bridge_url` - Optional bridge URL (defaults to production)
-   * @param {string} app_id
-   * @param {string} action
-   * @param {RpContextWasm} rp_context
-   * @param {string | null} [action_description]
-   * @param {string | null} [bridge_url]
-   */
-  constructor(app_id, action, rp_context, action_description, bridge_url) {
-    const ptr0 = passStringToWasm0(app_id, wasm.__wbindgen_export, wasm.__wbindgen_export2);
-    const len0 = WASM_VECTOR_LEN;
-    const ptr1 = passStringToWasm0(action, wasm.__wbindgen_export, wasm.__wbindgen_export2);
-    const len1 = WASM_VECTOR_LEN;
-    _assertClass(rp_context, RpContextWasm);
-    var ptr2 = rp_context.__destroy_into_raw();
-    var ptr3 = isLikeNone(action_description) ? 0 : passStringToWasm0(action_description, wasm.__wbindgen_export, wasm.__wbindgen_export2);
-    var len3 = WASM_VECTOR_LEN;
-    var ptr4 = isLikeNone(bridge_url) ? 0 : passStringToWasm0(bridge_url, wasm.__wbindgen_export, wasm.__wbindgen_export2);
-    var len4 = WASM_VECTOR_LEN;
-    const ret = wasm.idkitrequestbuilderwasm_new(ptr0, len0, ptr1, len1, ptr2, ptr3, len3, ptr4, len4);
-    this.__wbg_ptr = ret >>> 0;
-    IDKitRequestBuilderWasmFinalization.register(this, this.__wbg_ptr, this);
-    return this;
-  }
-  /**
-   * Creates an `IDKit` request from a preset
-   *
-   * Presets provide a simplified way to create requests with predefined
-   * credential configurations. The preset is converted to both World ID 4.0
-   * constraints and World ID 3.0 legacy fields for backward compatibility.
-   *
-   * # Arguments
-   * * `preset_json` - Preset object from `orbLegacy()`
-   *
-   * # Errors
-   *
-   * Returns an error if the request cannot be created
-   * @param {any} preset_json
-   * @returns {Promise<any>}
-   */
-  preset(preset_json) {
-    const ptr = this.__destroy_into_raw();
-    const ret = wasm.idkitrequestbuilderwasm_preset(ptr, addHeapObject(preset_json));
-    return takeObject(ret);
-  }
-};
-if (Symbol.dispose) IDKitRequestBuilderWasm.prototype[Symbol.dispose] = IDKitRequestBuilderWasm.prototype.free;
 var RpContextWasmFinalization = typeof FinalizationRegistry === "undefined" ? { register: () => {
 }, unregister: () => {
 } } : new FinalizationRegistry((ptr) => wasm.__wbg_rpcontextwasm_free(ptr >>> 0, 1));
@@ -1343,10 +1469,6 @@ function __wbg_get_imports() {
       return addHeapObject(ret);
     }, arguments);
   };
-  imports.wbg.__wbg_get_with_ref_key_1dc361bd10053bfe = function(arg0, arg1) {
-    const ret = getObject(arg0)[getObject(arg1)];
-    return addHeapObject(ret);
-  };
   imports.wbg.__wbg_has_787fafc980c3ccdb = function() {
     return handleError(function(arg0, arg1) {
       const ret = Reflect.has(getObject(arg0), getObject(arg1));
@@ -1442,7 +1564,7 @@ function __wbg_get_imports() {
         const a = state0.a;
         state0.a = 0;
         try {
-          return __wasm_bindgen_func_elem_1281(a, state0.b, arg02, arg12);
+          return __wasm_bindgen_func_elem_1345(a, state0.b, arg02, arg12);
         } finally {
           state0.a = a;
         }
@@ -1660,7 +1782,7 @@ function __wbg_get_imports() {
     return addHeapObject(ret);
   };
   imports.wbg.__wbindgen_cast_91c43ecf1f8dafb8 = function(arg0, arg1) {
-    const ret = makeMutClosure(arg0, arg1, wasm.__wasm_bindgen_func_elem_550, __wasm_bindgen_func_elem_551);
+    const ret = makeMutClosure(arg0, arg1, wasm.__wasm_bindgen_func_elem_596, __wasm_bindgen_func_elem_597);
     return addHeapObject(ret);
   };
   imports.wbg.__wbindgen_cast_9ae0607507abb057 = function(arg0) {
@@ -1668,7 +1790,7 @@ function __wbg_get_imports() {
     return addHeapObject(ret);
   };
   imports.wbg.__wbindgen_cast_ab10518eebecf9a3 = function(arg0, arg1) {
-    const ret = makeMutClosure(arg0, arg1, wasm.__wasm_bindgen_func_elem_913, __wasm_bindgen_func_elem_914);
+    const ret = makeMutClosure(arg0, arg1, wasm.__wasm_bindgen_func_elem_959, __wasm_bindgen_func_elem_960);
     return addHeapObject(ret);
   };
   imports.wbg.__wbindgen_cast_cb9088102bce6b30 = function(arg0, arg1) {
@@ -1754,27 +1876,178 @@ async function initIDKit() {
   })();
   return wasmInitPromise;
 }
-async function initIDKitServer() {
-  if (wasmInitialized) {
-    return;
+
+// src/transports/native.ts
+function isInWorldApp() {
+  return typeof window !== "undefined" && Boolean(window.WorldApp);
+}
+var _requestCounter = 0;
+var _activeNativeRequest = null;
+function createNativeRequest(wasmPayload, config) {
+  if (_activeNativeRequest) {
+    _activeNativeRequest.cancel();
+  }
+  const request2 = new NativeIDKitRequest(wasmPayload, config);
+  _activeNativeRequest = request2;
+  return request2;
+}
+var NativeIDKitRequest = class {
+  constructor(wasmPayload, config) {
+    this.connectorURI = "";
+    this.resolved = false;
+    this.cancelled = false;
+    this.resolvedResult = null;
+    this.messageHandler = null;
+    this.rejectFn = null;
+    this.requestId = crypto.randomUUID?.() ?? `native-${Date.now()}-${++_requestCounter}`;
+    this.resultPromise = new Promise((resolve, reject) => {
+      this.rejectFn = reject;
+      const handler = (event) => {
+        if (this.cancelled) return;
+        const data = event.data;
+        if (data?.type === "miniapp-verify-action" || data?.command === "miniapp-verify-action") {
+          this.cleanup();
+          const responsePayload = data.payload ?? data;
+          if (responsePayload.status === "error") {
+            reject(
+              new NativeVerifyError(
+                responsePayload.error_code ?? "generic_error" /* GenericError */
+              )
+            );
+          } else {
+            this.resolved = true;
+            const result = nativeResultToIDKitResult(responsePayload, config);
+            this.resolvedResult = result;
+            resolve(result);
+          }
+        }
+      };
+      this.messageHandler = handler;
+      window.addEventListener("message", handler);
+      const sendPayload = {
+        command: "verify",
+        version: 2,
+        payload: wasmPayload
+      };
+      const w = window;
+      if (w.webkit?.messageHandlers?.minikit) {
+        w.webkit.messageHandlers.minikit.postMessage(sendPayload);
+      } else if (w.Android) {
+        w.Android.postMessage(JSON.stringify(sendPayload));
+      } else {
+        this.cleanup();
+        reject(new Error("No WebView bridge available"));
+      }
+    });
+    this.resultPromise.catch(() => {
+    }).finally(() => {
+      this.cleanup();
+      if (_activeNativeRequest === this) {
+        _activeNativeRequest = null;
+      }
+    });
   }
-  if (wasmInitPromise) {
-    return wasmInitPromise;
+  /**
+   * Cancel this request. Removes the message listener so it cannot consume
+   * a response meant for a later request, and rejects the pending promise.
+   */
+  cancel() {
+    if (this.resolved || this.cancelled) return;
+    this.cancelled = true;
+    this.cleanup();
+    this.rejectFn?.(new NativeVerifyError("cancelled" /* Cancelled */));
+    if (_activeNativeRequest === this) {
+      _activeNativeRequest = null;
+    }
   }
-  wasmInitPromise = (async () => {
+  cleanup() {
+    if (this.messageHandler) {
+      window.removeEventListener("message", this.messageHandler);
+      this.messageHandler = null;
+    }
+  }
+  async pollOnce() {
+    if (this.resolved && this.resolvedResult) {
+      return { type: "confirmed", result: this.resolvedResult };
+    }
+    return { type: "awaiting_confirmation" };
+  }
+  async pollUntilCompletion(options) {
+    const timeout = options?.timeout ?? 3e5;
     try {
-      const { readFile } = await import('fs/promises');
-      const { fileURLToPath } = await import('url');
-      const wasmUrl = new URL("idkit_wasm_bg.wasm", (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('index.cjs', document.baseURI).href)));
-      const wasmBuffer = await readFile(fileURLToPath(wasmUrl));
-      await idkit_wasm_default({ module_or_path: wasmBuffer });
-      wasmInitialized = true;
+      const result = await Promise.race([
+        this.resultPromise,
+        new Promise((_, reject) => {
+          if (options?.signal) {
+            options.signal.addEventListener(
+              "abort",
+              () => reject(new NativeVerifyError("cancelled" /* Cancelled */))
+            );
+          }
+          setTimeout(
+            () => reject(new NativeVerifyError("timeout" /* Timeout */)),
+            timeout
+          );
+        })
+      ]);
+      return { success: true, result };
     } catch (error) {
-      wasmInitPromise = null;
-      throw new Error(`Failed to initialize IDKit WASM for server: ${error}`);
+      if (error instanceof NativeVerifyError) {
+        return { success: false, error: error.code };
+      }
+      return { success: false, error: "generic_error" /* GenericError */ };
     }
-  })();
-  return wasmInitPromise;
+  }
+};
+var NativeVerifyError = class extends Error {
+  constructor(code) {
+    super(code);
+    this.code = code;
+  }
+};
+function nativeResultToIDKitResult(payload, config) {
+  const rpNonce = config.rp_context?.nonce ?? "";
+  if ("responses" in payload && Array.isArray(payload.responses)) {
+    return {
+      protocol_version: payload.protocol_version ?? "4.0",
+      nonce: payload.nonce ?? rpNonce,
+      action: payload.action ?? config.action ?? "",
+      action_description: payload.action_description,
+      session_id: payload.session_id,
+      responses: payload.responses,
+      environment: payload.environment ?? config.environment ?? "production"
+    };
+  }
+  if ("verifications" in payload) {
+    return {
+      protocol_version: "4.0",
+      nonce: rpNonce,
+      action: config.action ?? "",
+      responses: payload.verifications.map((v) => ({
+        identifier: v.verification_level,
+        proof: [v.proof],
+        nullifier: v.nullifier_hash,
+        merkle_root: v.merkle_root,
+        issuer_schema_id: 0,
+        expires_at_min: 0
+      })),
+      environment: "production"
+    };
+  }
+  return {
+    protocol_version: "3.0",
+    nonce: rpNonce,
+    action: config.action ?? "",
+    responses: [
+      {
+        identifier: payload.verification_level,
+        proof: payload.proof,
+        merkle_root: payload.merkle_root,
+        nullifier: payload.nullifier_hash
+      }
+    ],
+    environment: "production"
+  };
 }
 
 // src/request.ts
@@ -1793,24 +2066,26 @@ var IDKitRequestImpl = class {
   async pollOnce() {
     return await this.wasmRequest.pollForStatus();
   }
-  async pollForUpdates(options) {
+  async pollUntilCompletion(options) {
     const pollInterval = options?.pollInterval ?? 1e3;
     const timeout = options?.timeout ?? 3e5;
     const startTime = Date.now();
     while (true) {
       if (options?.signal?.aborted) {
-        throw new Error("Verification cancelled");
+        return { success: false, error: "cancelled" /* Cancelled */ };
       }
       if (Date.now() - startTime > timeout) {
-        throw new Error(`Timeout waiting for proof after ${timeout}ms`);
+        return { success: false, error: "timeout" /* Timeout */ };
       }
       const status = await this.pollOnce();
       if (status.type === "confirmed" && status.result) {
-        return status.result;
+        return { success: true, result: status.result };
       }
       if (status.type === "failed") {
-        const errorCode = status.error ?? "generic_error" /* GenericError */;
-        throw new Error(`Verification failed: ${errorCode}`);
+        return {
+          success: false,
+          error: status.error ?? "generic_error" /* GenericError */
+        };
       }
       await new Promise((resolve) => setTimeout(resolve, pollInterval));
     }
@@ -1820,7 +2095,8 @@ function CredentialRequest(credential_type, options) {
   return {
     type: credential_type,
     signal: options?.signal,
-    genesis_issued_at_min: options?.genesis_issued_at_min
+    genesis_issued_at_min: options?.genesis_issued_at_min,
+    expires_at_min: options?.expires_at_min
   };
 }
 function any(...nodes) {
@@ -1829,10 +2105,59 @@ function any(...nodes) {
 function all(...nodes) {
   return { all: nodes };
 }
-function orbLegacy2(opts = {}) {
-  return { type: "OrbLegacy", data: { signal: opts.signal } };
+function orbLegacy(opts = {}) {
+  return { type: "OrbLegacy", signal: opts.signal };
+}
+function secureDocumentLegacy(opts = {}) {
+  return { type: "SecureDocumentLegacy", signal: opts.signal };
 }
-var IDKitRequestBuilder = class {
+function documentLegacy(opts = {}) {
+  return { type: "DocumentLegacy", signal: opts.signal };
+}
+function createWasmBuilderFromConfig(config) {
+  if (!config.rp_context) {
+    throw new Error("rp_context is required for WASM bridge transport");
+  }
+  const rpContext = new idkit_wasm_exports.RpContextWasm(
+    config.rp_context.rp_id,
+    config.rp_context.nonce,
+    BigInt(config.rp_context.created_at),
+    BigInt(config.rp_context.expires_at),
+    config.rp_context.signature
+  );
+  if (config.type === "request") {
+    return idkit_wasm_exports.request(
+      config.app_id,
+      String(config.action ?? ""),
+      rpContext,
+      config.action_description ?? null,
+      config.bridge_url ?? null,
+      config.allow_legacy_proofs ?? false,
+      config.override_connect_base_url ?? null,
+      config.environment ?? null
+    );
+  }
+  if (config.type === "proveSession") {
+    return idkit_wasm_exports.proveSession(
+      config.session_id,
+      config.app_id,
+      rpContext,
+      config.action_description ?? null,
+      config.bridge_url ?? null,
+      config.override_connect_base_url ?? null,
+      config.environment ?? null
+    );
+  }
+  return idkit_wasm_exports.createSession(
+    config.app_id,
+    rpContext,
+    config.action_description ?? null,
+    config.bridge_url ?? null,
+    config.override_connect_base_url ?? null,
+    config.environment ?? null
+  );
+}
+var IDKitBuilder2 = class {
   constructor(config) {
     this.config = config;
   }
@@ -1844,63 +2169,44 @@ var IDKitRequestBuilder = class {
    *
    * @example
    * ```typescript
-   * const request = await IDKit.request({ app_id, action, rp_context })
-   *   .constraints(any(CredentialRequest('orb'), CredentialRequest('face')))
+   * const request = await IDKit.request({ app_id, action, rp_context, allow_legacy_proofs: false })
+   *   .constraints(any(CredentialRequest('orb'), CredentialRequest('face')));
    * ```
    */
   async constraints(constraints) {
     await initIDKit();
-    const rpContext = new idkit_wasm_exports.RpContextWasm(
-      this.config.rp_context.rp_id,
-      this.config.rp_context.nonce,
-      BigInt(this.config.rp_context.created_at),
-      BigInt(this.config.rp_context.expires_at),
-      this.config.rp_context.signature
-    );
-    const wasmBuilder = idkit_wasm_exports.request(
-      this.config.app_id,
-      String(this.config.action),
-      rpContext,
-      this.config.action_description ?? null,
-      this.config.bridge_url ?? null
-    );
+    const wasmBuilder = createWasmBuilderFromConfig(this.config);
+    if (isInWorldApp()) {
+      const payload = wasmBuilder.nativePayload(constraints);
+      return createNativeRequest(payload, this.config);
+    }
     const wasmRequest = await wasmBuilder.constraints(
       constraints
     );
     return new IDKitRequestImpl(wasmRequest);
   }
   /**
-   * Creates an IDKit request from a preset
+   * Creates an IDKit request from a preset (works for all request types)
    *
    * Presets provide a simplified way to create requests with predefined
-   * credential configurations. The preset is converted to both World ID 4.0
-   * constraints and World ID 3.0 legacy fields for backward compatibility.
+   * credential configurations.
    *
-   * @param preset - A preset object from orbLegacy()
+   * @param preset - A preset object from orbLegacy(), secureDocumentLegacy(), or documentLegacy()
    * @returns A new IDKitRequest instance
    *
    * @example
    * ```typescript
-   * const request = await IDKit.request({ app_id, action, rp_context })
-   *   .preset(orbLegacy({ signal: 'user-123' }))
+   * const request = await IDKit.request({ app_id, action, rp_context, allow_legacy_proofs: true })
+   *   .preset(orbLegacy({ signal: 'user-123' }));
    * ```
    */
   async preset(preset) {
     await initIDKit();
-    const rpContext = new idkit_wasm_exports.RpContextWasm(
-      this.config.rp_context.rp_id,
-      this.config.rp_context.nonce,
-      BigInt(this.config.rp_context.created_at),
-      BigInt(this.config.rp_context.expires_at),
-      this.config.rp_context.signature
-    );
-    const wasmBuilder = idkit_wasm_exports.request(
-      this.config.app_id,
-      String(this.config.action),
-      rpContext,
-      this.config.action_description ?? null,
-      this.config.bridge_url ?? null
-    );
+    const wasmBuilder = createWasmBuilderFromConfig(this.config);
+    if (isInWorldApp()) {
+      const payload = wasmBuilder.nativePayloadFromPreset(preset);
+      return createNativeRequest(payload, this.config);
+    }
     const wasmRequest = await wasmBuilder.preset(
       preset
     );
@@ -1915,17 +2221,76 @@ function createRequest(config) {
     throw new Error("action is required");
   }
   if (!config.rp_context) {
-    throw new Error("rp_context is required");
+    throw new Error(
+      "rp_context is required. Generate it on your backend using signRequest()."
+    );
   }
-  return new IDKitRequestBuilder(config);
+  if (typeof config.allow_legacy_proofs !== "boolean") {
+    throw new Error(
+      "allow_legacy_proofs is required. Set to true to accept v3 proofs during migration, or false to only accept v4 proofs."
+    );
+  }
+  return new IDKitBuilder2({
+    type: "request",
+    app_id: config.app_id,
+    action: String(config.action),
+    rp_context: config.rp_context,
+    action_description: config.action_description,
+    bridge_url: config.bridge_url,
+    allow_legacy_proofs: config.allow_legacy_proofs,
+    override_connect_base_url: config.override_connect_base_url,
+    environment: config.environment
+  });
+}
+function createSession2(config) {
+  if (!config.app_id) {
+    throw new Error("app_id is required");
+  }
+  if (!config.rp_context) {
+    throw new Error(
+      "rp_context is required. Generate it on your backend using signRequest()."
+    );
+  }
+  return new IDKitBuilder2({
+    type: "session",
+    app_id: config.app_id,
+    rp_context: config.rp_context,
+    action_description: config.action_description,
+    bridge_url: config.bridge_url,
+    override_connect_base_url: config.override_connect_base_url,
+    environment: config.environment
+  });
+}
+function proveSession2(sessionId, config) {
+  if (!sessionId) {
+    throw new Error("session_id is required");
+  }
+  if (!config.app_id) {
+    throw new Error("app_id is required");
+  }
+  if (!config.rp_context) {
+    throw new Error(
+      "rp_context is required. Generate it on your backend using signRequest()."
+    );
+  }
+  return new IDKitBuilder2({
+    type: "proveSession",
+    session_id: sessionId,
+    app_id: config.app_id,
+    rp_context: config.rp_context,
+    action_description: config.action_description,
+    bridge_url: config.bridge_url,
+    override_connect_base_url: config.override_connect_base_url,
+    environment: config.environment
+  });
 }
 var IDKit = {
-  /** Initialize WASM for browser environments */
-  init: initIDKit,
-  /** Initialize WASM for Node.js/server environments */
-  initServer: initIDKitServer,
   /** Create a new verification request */
   request: createRequest,
+  /** Create a new session (no action, no existing session_id) */
+  createSession: createSession2,
+  /** Prove an existing session (no action, has session_id) */
+  proveSession: proveSession2,
   /** Create a CredentialRequest for a credential type */
   CredentialRequest,
   /** Create an OR constraint - at least one child must be satisfied */
@@ -1933,7 +2298,11 @@ var IDKit = {
   /** Create an AND constraint - all children must be satisfied */
   all,
   /** Create an OrbLegacy preset for World ID 3.0 legacy support */
-  orbLegacy: orbLegacy2
+  orbLegacy,
+  /** Create a SecureDocumentLegacy preset for World ID 3.0 legacy support */
+  secureDocumentLegacy,
+  /** Create a DocumentLegacy preset for World ID 3.0 legacy support */
+  documentLegacy
 };
 
 // src/lib/platform.ts
@@ -1958,29 +2327,83 @@ var isServerEnvironment = () => {
   }
   return false;
 };
+function hashToField(input) {
+  const hash = BigInt("0x" + utils.bytesToHex(sha3.keccak_256(input))) >> 8n;
+  return utils.hexToBytes(hash.toString(16).padStart(64, "0"));
+}
+function hashSignal2(signal) {
+  let input;
+  if (signal instanceof Uint8Array) {
+    input = signal;
+  } else if (signal.startsWith("0x") && isValidHex(signal.slice(2))) {
+    input = utils.hexToBytes(signal.slice(2));
+  } else {
+    input = new TextEncoder().encode(signal);
+  }
+  return "0x" + utils.bytesToHex(hashToField(input));
+}
+function isValidHex(s) {
+  if (s.length === 0) return false;
+  if (s.length % 2 !== 0) return false;
+  return /^[0-9a-fA-F]+$/.test(s);
+}
 
-// src/lib/rp-signature.ts
-function signRequest2(action, signingKeyHex, ttlSeconds) {
+// src/lib/signing.ts
+secp256k1.etc.hmacSha256Sync = (key, ...msgs) => hmac.hmac(sha2.sha256, key, secp256k1.etc.concatBytes(...msgs));
+var DEFAULT_TTL_SEC = 300;
+function computeRpSignatureMessage(nonceBytes, createdAt, expiresAt) {
+  const message = new Uint8Array(48);
+  message.set(nonceBytes, 0);
+  const view = new DataView(message.buffer);
+  view.setBigUint64(32, BigInt(createdAt), false);
+  view.setBigUint64(40, BigInt(expiresAt), false);
+  return message;
+}
+function signRequest2(_action, signingKeyHex, ttl = DEFAULT_TTL_SEC) {
   if (!isServerEnvironment()) {
     throw new Error(
       "signRequest can only be used in Node.js environments. This function requires access to signing keys and should never be called from browser/client-side code."
     );
   }
-  const ttlBigInt = ttlSeconds !== void 0 ? BigInt(ttlSeconds) : void 0;
-  return idkit_wasm_exports.signRequest(action, signingKeyHex, ttlBigInt);
+  const keyHex = signingKeyHex.startsWith("0x") ? signingKeyHex.slice(2) : signingKeyHex;
+  if (!/^[0-9a-fA-F]+$/.test(keyHex)) {
+    throw new Error("Invalid signing key: contains non-hex characters");
+  }
+  if (keyHex.length !== 64) {
+    throw new Error(
+      `Invalid signing key: expected 32 bytes (64 hex chars), got ${keyHex.length / 2} bytes`
+    );
+  }
+  const privKey = secp256k1.etc.hexToBytes(keyHex);
+  const randomBytes = crypto.getRandomValues(new Uint8Array(32));
+  const nonceBytes = hashToField(randomBytes);
+  const createdAt = Math.floor(Date.now() / 1e3);
+  const expiresAt = createdAt + ttl;
+  const message = computeRpSignatureMessage(nonceBytes, createdAt, expiresAt);
+  const msgHash = sha3.keccak_256(message);
+  const recSig = secp256k1.sign(msgHash, privKey);
+  const compact = recSig.toCompactRawBytes();
+  const sig65 = new Uint8Array(65);
+  sig65.set(compact, 0);
+  sig65[64] = recSig.recovery + 27;
+  return {
+    sig: "0x" + utils.bytesToHex(sig65),
+    nonce: "0x" + utils.bytesToHex(nonceBytes),
+    createdAt,
+    expiresAt
+  };
 }
 
-exports.AppErrorCodes = AppErrorCodes;
 exports.CredentialRequest = CredentialRequest;
 exports.IDKit = IDKit;
-exports.ResponseStatus = ResponseStatus;
-exports.VerificationState = VerificationState;
+exports.IDKitErrorCodes = IDKitErrorCodes;
 exports.all = all;
 exports.any = any;
+exports.documentLegacy = documentLegacy;
+exports.hashSignal = hashSignal2;
 exports.isNode = isNode;
 exports.isReactNative = isReactNative;
 exports.isWeb = isWeb;
-exports.orbLegacy = orbLegacy2;
+exports.orbLegacy = orbLegacy;
+exports.secureDocumentLegacy = secureDocumentLegacy;
 exports.signRequest = signRequest2;
-//# sourceMappingURL=index.cjs.map
-//# sourceMappingURL=index.cjs.map