@worldcoin/idkit-core 4.0.1-dev.123c6a8 → 4.0.1-dev.370b7c0

package/dist/index.d.ts

@@ -1,3 +1,6 @@
+export { RpSignature, signRequest } from './signing.js';
+export { hashSignal } from './hashing.js';
+
 /**
  * Configuration types for IDKit
  *
@@ -13,11 +16,10 @@ type AbiEncodedValue = Brand<{
     values: unknown[];
 }, "AbiEncodedValue">;
 /**
- * Relying Party context for protocol-level proof requests
+ * Relying Party context for IDKit requests
  *
- * Required for creating a verification session. Contains RP-specific data
- * needed to construct a ProofRequest. In production, this should be generated
- * and signed by your backend.
+ * Contains RP-specific data needed to construct a ProofRequest.
+ * This should be generated and signed by your backend.
  */
 type RpContext = {
     /** The registered RP ID (e.g., "rp_123456789abcdef0") */
@@ -45,69 +47,184 @@ type IDKitRequestConfig = {
     action_description?: string;
     /** URL to a third-party bridge to use when connecting to the World App. Optional. */
     bridge_url?: string;
+    /**
+     * Whether to accept legacy (v3) World ID proofs as fallback.
+     *
+     * - `true`: Accept both v3 and v4 proofs. Use during migration.
+     *   You must track both v3 and v4 nullifiers to prevent double-claims.
+     * - `false`: Only accept v4 proofs. Use after migration cutoff or for new apps.
+     */
+    allow_legacy_proofs: boolean;
+    /** Optional override for the connect base URL (e.g., for staging environments) */
+    override_connect_base_url?: string;
+    /** Optional environment override. Defaults to "production". */
+    environment?: "production" | "staging";
 };
+/**
+ * Configuration for IDKit.createSession() and IDKit.proveSession()
+ *
+ * Session requests don't have an action field - they're used for session-based
+ * authentication where the user proves they're the same person across visits.
+ *
+ * Sessions are always World ID v4 - there is no legacy (v3) session support.
+ */
+type IDKitSessionConfig = {
+    /** Unique identifier for the app verifying the session. This should be the app ID obtained from the Developer Portal. */
+    app_id: `app_${string}`;
+    /** RP context for protocol-level proof requests (required) */
+    rp_context: RpContext;
+    /** The description of the action (shown to users in World App). Optional. */
+    action_description?: string;
+    /** URL to a third-party bridge to use when connecting to the World App. Optional. */
+    bridge_url?: string;
+    /** Optional override for the connect base URL (e.g., for staging environments) */
+    override_connect_base_url?: string;
+    /** Optional environment override. Defaults to "production". */
+    environment?: "production" | "staging";
+};
+
+interface OrbLegacyPreset {
+    type: "OrbLegacy";
+    signal?: string;
+}
+
+interface SecureDocumentLegacyPreset {
+    type: "SecureDocumentLegacy";
+    signal?: string;
+}
+
+interface DocumentLegacyPreset {
+    type: "DocumentLegacy";
+    signal?: string;
+}
+
+type Preset = OrbLegacyPreset | SecureDocumentLegacyPreset | DocumentLegacyPreset;
+
+
 
-/** V4 response item (protocol version 4.0 / World ID v4) */
+/** V4 response item for World ID v4 uniqueness proofs */
 interface ResponseItemV4 {
-    /** Credential identifier */
-    identifier: CredentialType;
-    /** Compressed Groth16 proof (hex) */
-    proof: string;
+    /** Credential identifier (e.g., "orb", "face", "document") */
+    identifier: string;
+    /** Signal hash (optional, included if signal was provided in request) */
+    signal_hash?: string;
+    /** Encoded World ID proof: first 4 elements are compressed Groth16 proof, 5th is Merkle root (hex strings). Compatible with WorldIDVerifier.sol */
+    proof: string[];
     /** RP-scoped nullifier (hex) */
     nullifier: string;
-    /** Authenticator merkle root (hex) */
-    merkle_root: string;
-    /** Unix timestamp when proof was generated */
-    proof_timestamp: number;
-    /** Credential issuer schema ID (hex) */
-    issuer_schema_id: string;
+    /** Credential issuer schema ID (1=orb, 2=face, 3=secure_document, 4=document, 5=device) */
+    issuer_schema_id: number;
+    /** Minimum expiration timestamp (unix seconds) */
+    expires_at_min: number;
 }
 
-/** V3 response item (protocol version 3.0 / World ID v3 - legacy format) */
+/** V3 response item for World ID v3 (legacy format) */
 interface ResponseItemV3 {
-    /** Credential identifier */
-    identifier: CredentialType;
+    /** Credential identifier (e.g., "orb", "face") */
+    identifier: string;
+    /** Signal hash (optional, included if signal was provided in request) */
+    signal_hash?: string;
     /** ABI-encoded proof (hex) */
     proof: string;
     /** Merkle root (hex) */
     merkle_root: string;
-    /** Nullifier hash (hex) */
-    nullifier_hash: string;
+    /** Nullifier (hex) */
+    nullifier: string;
 }
 
-/**
- * A single credential response item - unified type for both bridge and SDK.
- * Type narrowing: use 'proof_timestamp' in item for V4, 'nullifier_hash' in item for V3.
- */
-type ResponseItem = ResponseItemV4 | ResponseItemV3;
+/** Session response item for World ID v4 session proofs */
+interface ResponseItemSession {
+    /** Credential identifier (e.g., "orb", "face", "document") */
+    identifier: string;
+    /** Signal hash (optional, included if signal was provided in request) */
+    signal_hash?: string;
+    /** Encoded World ID proof: first 4 elements are compressed Groth16 proof, 5th is Merkle root (hex strings). Compatible with WorldIDVerifier.sol */
+    proof: string[];
+    /** Session nullifier: 1st element is the session nullifier, 2nd is the generated action (hex strings) */
+    session_nullifier: string[];
+    /** Credential issuer schema ID (1=orb, 2=face, 3=secure_document, 4=document, 5=device) */
+    issuer_schema_id: number;
+    /** Minimum expiration timestamp (unix seconds) */
+    expires_at_min: number;
+}
 
 /** V3 result (legacy format - no session support) */
 interface IDKitResultV3 {
     /** Protocol version 3.0 */
     protocol_version: "3.0";
+    /** Nonce used in the request */
+    nonce: string;
+    /** Action identifier (only for uniqueness proofs) */
+    action?: string;
+    /** Action description (only if provided in input) */
+    action_description?: string;
     /** Array of V3 credential responses */
     responses: ResponseItemV3[];
+    /** The environment used for this request ("production" or "staging") */
+    environment: string;
 }
 
-/** V4 result (current format - supports sessions) */
+/** V4 result for uniqueness proofs */
 interface IDKitResultV4 {
     /** Protocol version 4.0 */
     protocol_version: "4.0";
-    /** Session ID (for session proofs) */
-    session_id?: string;
+    /** Nonce used in the request */
+    nonce: string;
+    /** Action identifier (required for uniqueness proofs) */
+    action: string;
+    /** Action description (only if provided in input) */
+    action_description?: string;
     /** Array of V4 credential responses */
     responses: ResponseItemV4[];
+    /** The environment used for this request ("production" or "staging") */
+    environment: string;
+}
+
+/** V4 result for session proofs */
+interface IDKitResultSession {
+    /** Protocol version 4.0 */
+    protocol_version: "4.0";
+    /** Nonce used in the request */
+    nonce: string;
+    /** Action description (only if provided in input) */
+    action_description?: string;
+    /** Session ID returned by the World App */
+    session_id: string;
+    /** Array of session credential responses */
+    responses: ResponseItemSession[];
+    /** The environment used for this request ("production" or "staging") */
+    environment: string;
 }
 
-/** The unified response structure - discriminated union by protocol_version */
-type IDKitResult = IDKitResultV3 | IDKitResultV4;
+/**
+ * The unified result structure for all proof types.
+ * Check `session_id` to determine if this is a session proof:
+ * - session_id !== undefined → session proof
+ * - session_id === undefined → uniqueness proof
+ */
+type IDKitResult = IDKitResultV3 | IDKitResultV4 | IDKitResultSession;
+
+/** Error codes from World App (mirrors Rust AppError) */
+type IDKitErrorCode =
+    | "user_rejected"
+    | "verification_rejected"
+    | "credential_unavailable"
+    | "malformed_request"
+    | "invalid_network"
+    | "inclusion_proof_pending"
+    | "inclusion_proof_failed"
+    | "unexpected_response"
+    | "connection_failed"
+    | "max_verifications_reached"
+    | "failed_by_host_app"
+    | "generic_error";
 
 /** Status returned from pollForStatus() */
 type Status$1 =
     | { type: "waiting_for_connection" }
     | { type: "awaiting_confirmation" }
     | { type: "confirmed"; result: IDKitResult }
-    | { type: "failed"; error: string };
+    | { type: "failed"; error: IDKitErrorCode };
 
 
 
@@ -115,8 +232,10 @@ type CredentialType = "orb" | "face" | "secure_document" | "document" | "device"
 
 interface CredentialRequestType {
     type: CredentialType;
-    signal?: string;
+    /** Signal can be a string or raw bytes (Uint8Array) */
+    signal?: string | Uint8Array;
     genesis_issued_at_min?: number;
+    expires_at_min?: number;
 }
 
 type ConstraintNode =
@@ -124,88 +243,45 @@ type ConstraintNode =
     | { any: ConstraintNode[] }
     | { all: ConstraintNode[] };
 
-
-
-interface RpSignature {
-    sig: string;
-    nonce: string;
-    createdAt: number;
-    expiresAt: number;
-    toJSON(): { sig: string; nonce: string; createdAt: number; expiresAt: number };
-}
-declare class RpSignature {
-  private constructor();
-  free(): void;
-  [Symbol.dispose](): void;
-  /**
-   * Converts to JSON
-   *
-   * # Errors
-   *
-   * Returns an error if setting object properties fails
-   */
-  toJSON(): any;
-  /**
-   * Gets the creation timestamp
-   */
-  readonly createdAt: bigint;
-  /**
-   * Gets the expiration timestamp
-   */
-  readonly expiresAt: bigint;
-  /**
-   * Gets the signature as hex string (0x-prefixed, 65 bytes)
-   */
-  readonly sig: string;
-  /**
-   * Gets the nonce as hex string (0x-prefixed field element)
-   */
-  readonly nonce: string;
-}
-
 /**
- * WASM initialization and management
+ * Result types - re-exported from WASM bindings
+ *
+ * Source of truth: rust/core/src/wasm_bindings.rs (typescript_custom_section)
  */
 
 /**
- * Initializes the WASM module for browser environments
- * Uses fetch-based loading (works with http/https URLs)
- * This must be called before using any WASM-powered functions
- * Safe to call multiple times - initialization only happens once
+ * IDKit error codes enum — runtime values for matching against errors.
+ * Values mirror Rust's AppError enum (snake_case via serde rename_all).
+ * Includes client-side codes (timeout, cancelled) not from World App.
  */
-declare function initIDKit(): Promise<void>;
-/**
- * Initializes the WASM module for Node.js/server environments
- * Uses fs-based loading since Node.js fetch doesn't support file:// URLs
- * This must be called before using any WASM-powered functions
- * Safe to call multiple times - initialization only happens once
- */
-declare function initIDKitServer(): Promise<void>;
-
-declare enum AppErrorCodes {
-    ConnectionFailed = "connection_failed",
+declare enum IDKitErrorCodes {
+    UserRejected = "user_rejected",
     VerificationRejected = "verification_rejected",
-    MaxVerificationsReached = "max_verifications_reached",
     CredentialUnavailable = "credential_unavailable",
     MalformedRequest = "malformed_request",
     InvalidNetwork = "invalid_network",
-    InclusionProofFailed = "inclusion_proof_failed",
     InclusionProofPending = "inclusion_proof_pending",
+    InclusionProofFailed = "inclusion_proof_failed",
     UnexpectedResponse = "unexpected_response",
+    ConnectionFailed = "connection_failed",
+    MaxVerificationsReached = "max_verifications_reached",
     FailedByHostApp = "failed_by_host_app",
-    GenericError = "generic_error"
-}
-declare enum VerificationState {
-    PreparingClient = "loading_widget",
-    WaitingForConnection = "awaiting_connection",
-    WaitingForApp = "awaiting_app",
-    Confirmed = "confirmed",
-    Failed = "failed"
+    GenericError = "generic_error",
+    Timeout = "timeout",
+    Cancelled = "cancelled"
 }
-declare enum ResponseStatus {
-    Retrieved = "retrieved",
-    Completed = "completed",
-    Initialized = "initialized"
+
+interface BuilderConfig {
+    type: "request" | "session" | "proveSession";
+    app_id: string;
+    action?: string;
+    session_id?: string;
+    rp_context?: RpContext;
+    action_description?: string;
+    bridge_url?: string;
+    allow_legacy_proofs?: boolean;
+    override_connect_base_url?: string;
+    environment?: string;
 }
 
 /**
@@ -213,7 +289,7 @@ declare enum ResponseStatus {
  * Pure functional API for World ID verification - no dependencies
  */
 
-/** Options for pollForUpdates() */
+/** Options for pollUntilCompletion() */
 interface WaitOptions {
     /** Milliseconds between polls (default: 1000) */
     pollInterval?: number;
@@ -226,8 +302,16 @@ interface WaitOptions {
 interface Status {
     type: "waiting_for_connection" | "awaiting_confirmation" | "confirmed" | "failed";
     result?: IDKitResult;
-    error?: AppErrorCodes;
+    error?: IDKitErrorCodes;
 }
+/** Result from pollUntilCompletion() — discriminated union, never throws */
+type IDKitCompletionResult = {
+    success: true;
+    result: IDKitResult;
+} | {
+    success: false;
+    error: IDKitErrorCodes;
+};
 
 /**
  * A World ID verification request
@@ -243,24 +327,27 @@ interface IDKitRequest {
     /** Poll once for current status (for manual polling) */
     pollOnce(): Promise<Status>;
     /** Poll continuously until completion or timeout */
-    pollForUpdates(options?: WaitOptions): Promise<IDKitResult>;
+    pollUntilCompletion(options?: WaitOptions): Promise<IDKitCompletionResult>;
 }
 /**
  * Creates a CredentialRequest for a credential type
  *
  * @param credential_type - The type of credential to request (e.g., 'orb', 'face')
- * @param options - Optional signal and genesis_issued_at_min
+ * @param options - Optional signal, genesis_issued_at_min, and expires_at_min
  * @returns A CredentialRequest object
  *
  * @example
  * ```typescript
  * const orb = CredentialRequest('orb', { signal: 'user-123' })
  * const face = CredentialRequest('face')
+ * // Require credential to be valid for at least one year
+ * const withExpiry = CredentialRequest('orb', { expires_at_min: Date.now() / 1000 + 60 * 60 * 60 * 24 * 365 })
  * ```
  */
 declare function CredentialRequest(credential_type: CredentialType, options?: {
     signal?: string;
     genesis_issued_at_min?: number;
+    expires_at_min?: number;
 }): CredentialRequestType;
 /**
  * Creates an OR constraint - at least one child must be satisfied
@@ -290,23 +377,11 @@ declare function any(...nodes: ConstraintNode[]): {
 declare function all(...nodes: ConstraintNode[]): {
     all: ConstraintNode[];
 };
-/**
- * OrbLegacy preset configuration
- */
-interface OrbLegacyPreset {
-    type: "OrbLegacy";
-    data: {
-        signal?: string;
-    };
-}
-/**
- * Preset types for simplified session creation
- */
-type Preset = OrbLegacyPreset;
+
 /**
  * Creates an OrbLegacy preset for World ID 3.0 legacy support
  *
- * This preset creates a session compatible with both World ID 4.0 and 3.0 protocols.
+ * This preset creates an IDKit request compatible with both World ID 4.0 and 3.0 protocols.
  * Use this when you need backward compatibility with older World App versions.
  *
  * @param opts - Optional configuration with signal
@@ -314,7 +389,7 @@ type Preset = OrbLegacyPreset;
  *
  * @example
  * ```typescript
- * const session = await verify({ app_id, action, rp_context })
+ * const request = await IDKit.request({ app_id, action, rp_context, allow_legacy_proofs: true })
  *   .preset(orbLegacy({ signal: 'user-123' }))
  * ```
  */
@@ -322,11 +397,51 @@ declare function orbLegacy(opts?: {
     signal?: string;
 }): OrbLegacyPreset;
 /**
- * Builder for creating IDKit requests
+ * Creates a SecureDocumentLegacy preset for World ID 3.0 legacy support
+ *
+ * This preset creates an IDKit request compatible with both World ID 4.0 and 3.0 protocols.
+ * Use this when you need backward compatibility with older World App versions.
+ *
+ * @param opts - Optional configuration with signal
+ * @returns A SecureDocumentLegacy preset
+ *
+ * @example
+ * ```typescript
+ * const request = await IDKit.request({ app_id, action, rp_context, allow_legacy_proofs: true })
+ *   .preset(secureDocumentLegacy({ signal: 'user-123' }))
+ * ```
+ */
+declare function secureDocumentLegacy(opts?: {
+    signal?: string;
+}): SecureDocumentLegacyPreset;
+/**
+ * Creates a DocumentLegacy preset for World ID 3.0 legacy support
+ *
+ * This preset creates an IDKit request compatible with both World ID 4.0 and 3.0 protocols.
+ * Use this when you need backward compatibility with older World App versions.
+ *
+ * @param opts - Optional configuration with signal
+ * @returns A DocumentLegacy preset
+ *
+ * @example
+ * ```typescript
+ * const request = await IDKit.request({ app_id, action, rp_context, allow_legacy_proofs: true })
+ *   .preset(documentLegacy({ signal: 'user-123' }))
+ * ```
+ */
+declare function documentLegacy(opts?: {
+    signal?: string;
+}): DocumentLegacyPreset;
+/**
+ * Builder for IDKit requests
+ *
+ * Stores configuration and defers transport selection to `.preset()` / `.constraints()`.
+ * In World App: uses native postMessage transport (no WASM needed).
+ * On web: uses WASM bridge transport (QR code + polling).
  */
-declare class IDKitRequestBuilder {
+declare class IDKitBuilder {
     private config;
-    constructor(config: IDKitRequestConfig);
+    constructor(config: BuilderConfig);
     /**
      * Creates an IDKit request with the given constraints
      *
@@ -335,100 +450,148 @@ declare class IDKitRequestBuilder {
      *
      * @example
      * ```typescript
-     * const request = await IDKit.request({ app_id, action, rp_context })
-     *   .constraints(any(CredentialRequest('orb'), CredentialRequest('face')))
+     * const request = await IDKit.request({ app_id, action, rp_context, allow_legacy_proofs: false })
+     *   .constraints(any(CredentialRequest('orb'), CredentialRequest('face')));
      * ```
      */
     constraints(constraints: ConstraintNode): Promise<IDKitRequest>;
     /**
-     * Creates an IDKit request from a preset
+     * Creates an IDKit request from a preset (works for all request types)
      *
      * Presets provide a simplified way to create requests with predefined
-     * credential configurations. The preset is converted to both World ID 4.0
-     * constraints and World ID 3.0 legacy fields for backward compatibility.
+     * credential configurations.
      *
-     * @param preset - A preset object from orbLegacy()
+     * @param preset - A preset object from orbLegacy(), secureDocumentLegacy(), or documentLegacy()
      * @returns A new IDKitRequest instance
      *
      * @example
      * ```typescript
-     * const request = await IDKit.request({ app_id, action, rp_context })
-     *   .preset(orbLegacy({ signal: 'user-123' }))
+     * const request = await IDKit.request({ app_id, action, rp_context, allow_legacy_proofs: true })
+     *   .preset(orbLegacy({ signal: 'user-123' }));
      * ```
      */
     preset(preset: Preset): Promise<IDKitRequest>;
 }
 /**
- * Creates an IDKit request builder
+ * Creates an IDKit verification request builder
  *
  * This is the main entry point for creating World ID verification requests.
- * Use the builder pattern with constraints to specify which credentials to accept.
+ * Use the builder pattern with `.preset()` or `.constraints()` to specify
+ * which credentials to accept.
  *
  * @param config - Request configuration
- * @returns An IDKitRequestBuilder instance
+ * @returns IDKitBuilder - A builder instance
  *
  * @example
  * ```typescript
- * import { IDKit, CredentialRequest, any } from '@worldcoin/idkit-core'
- *
- * // Initialize WASM (only needed once)
- * await IDKit.init()
+ * import { IDKit, CredentialRequest, any, orbLegacy } from '@worldcoin/idkit-core'
  *
- * // Create request items
- * const orb = CredentialRequest('orb', { signal: 'user-123' })
- * const face = CredentialRequest('face')
+ * // With preset (legacy support)
+ * const request = await IDKit.request({
+ *   app_id: 'app_staging_xxxxx',
+ *   action: 'my-action',
+ *   rp_context: { ... },
+ *   allow_legacy_proofs: true,
+ * }).preset(orbLegacy({ signal: 'user-123' }));
  *
- * // Create a verification request with constraints
+ * // With constraints (v4 only)
  * const request = await IDKit.request({
  *   app_id: 'app_staging_xxxxx',
  *   action: 'my-action',
- *   rp_context: {
- *     rp_id: 'rp_123456789abcdef0',
- *     nonce: 'unique-nonce',
- *     created_at: Math.floor(Date.now() / 1000),
- *     expires_at: Math.floor(Date.now() / 1000) + 3600,
- *     signature: 'ecdsa-signature-from-backend',
- *   },
- * }).constraints(any(orb, face))
- *
- * // Display QR code
- * console.log('Scan this:', request.connectorURI)
- *
- * // Wait for proof
- * const proof = await request.pollForUpdates()
- * console.log('Success:', proof)
+ *   rp_context: { ... },
+ *   allow_legacy_proofs: false,
+ * }).constraints(any(CredentialRequest('orb'), CredentialRequest('face')));
+ *
+ * // In World App: connectorURI is empty, result comes via postMessage
+ * // On web: connectorURI is the QR URL to display
+ * console.log(request.connectorURI);
+ *
+ * // Wait for result — same interface in both environments
+ * const proof = await request.pollUntilCompletion();
  * ```
  */
-declare function createRequest(config: IDKitRequestConfig): IDKitRequestBuilder;
+declare function createRequest(config: IDKitRequestConfig): IDKitBuilder;
 /**
- * IDKit namespace providing the main API entry points
+ * Creates a new session builder (no action, no existing session_id)
+ *
+ * Use this when creating a new session for a user who doesn't have one yet.
+ * The response will include a `session_id` that should be saved for future
+ * session proofs with `proveSession()`.
+ *
+ * @param config - Session configuration (no action field)
+ * @returns IDKitBuilder - A builder instance
  *
  * @example
  * ```typescript
  * import { IDKit, CredentialRequest, any } from '@worldcoin/idkit-core'
  *
- * // Initialize (only needed once)
- * await IDKit.init()
+ * // Create a new session (user doesn't have session_id yet)
+ * const request = await IDKit.createSession({
+ *   app_id: 'app_staging_xxxxx',
+ *   rp_context: { ... },
+ * }).constraints(any(CredentialRequest('orb'), CredentialRequest('face')));
+ *
+ * // Display QR, wait for proof
+ * const result = await request.pollUntilCompletion();
+ * // result.session_id -> save this for future sessions
+ * // result.responses[0].session_nullifier -> for session tracking
+ * ```
+ */
+declare function createSession(config: IDKitSessionConfig): IDKitBuilder;
+/**
+ * Creates a builder for proving an existing session (no action, has session_id)
+ *
+ * Use this when a returning user needs to prove they own an existing session.
+ * The `sessionId` should be a value previously returned from `createSession()`.
  *
- * // Create a request
+ * @param sessionId - The session ID from a previous session creation
+ * @param config - Session configuration (no action field)
+ * @returns IDKitBuilder - A builder instance
+ *
+ * @example
+ * ```typescript
+ * import { IDKit, CredentialRequest, any } from '@worldcoin/idkit-core'
+ *
+ * // Prove an existing session (user returns)
+ * const request = await IDKit.proveSession(savedSessionId, {
+ *   app_id: 'app_staging_xxxxx',
+ *   rp_context: { ... },
+ * }).constraints(any(CredentialRequest('orb'), CredentialRequest('face')));
+ *
+ * const result = await request.pollUntilCompletion();
+ * // result.session_id -> same session
+ * // result.responses[0].session_nullifier -> should match for same user
+ * ```
+ */
+declare function proveSession(sessionId: string, config: IDKitSessionConfig): IDKitBuilder;
+/**
+ * IDKit namespace providing the main API entry points
+ *
+ * @example
+ * ```typescript
+ * import { IDKit, CredentialRequest, any, orbLegacy } from '@worldcoin/idkit-core'
+ *
+ * // Create a verification request
  * const request = await IDKit.request({
  *   app_id: 'app_staging_xxxxx',
  *   action: 'my-action',
  *   rp_context: { ... },
- * }).constraints(any(CredentialRequest('orb'), CredentialRequest('face')))
+ *   allow_legacy_proofs: true,
+ * }).preset(orbLegacy({ signal: 'user-123' }))
  *
- * // Display QR and wait for proof
+ * // In World App: result comes via postMessage (no QR needed)
+ * // On web: display QR code and wait for proof
  * console.log(request.connectorURI)
- * const proof = await request.pollForUpdates()
+ * const proof = await request.pollUntilCompletion()
  * ```
  */
 declare const IDKit: {
-    /** Initialize WASM for browser environments */
-    init: typeof initIDKit;
-    /** Initialize WASM for Node.js/server environments */
-    initServer: typeof initIDKitServer;
     /** Create a new verification request */
     request: typeof createRequest;
+    /** Create a new session (no action, no existing session_id) */
+    createSession: typeof createSession;
+    /** Prove an existing session (no action, has session_id) */
+    proveSession: typeof proveSession;
     /** Create a CredentialRequest for a credential type */
     CredentialRequest: typeof CredentialRequest;
     /** Create an OR constraint - at least one child must be satisfied */
@@ -437,6 +600,10 @@ declare const IDKit: {
     all: typeof all;
     /** Create an OrbLegacy preset for World ID 3.0 legacy support */
     orbLegacy: typeof orbLegacy;
+    /** Create a SecureDocumentLegacy preset for World ID 3.0 legacy support */
+    secureDocumentLegacy: typeof secureDocumentLegacy;
+    /** Create a DocumentLegacy preset for World ID 3.0 legacy support */
+    documentLegacy: typeof documentLegacy;
 };
 
 /**
@@ -461,30 +628,4 @@ declare const isWeb: () => boolean;
  */
 declare const isNode: () => boolean;
 
-/**
- * Signs an RP request for World ID proof verification
- *
- * **Backend-only**: This function should ONLY be used in Node.js/server environments.
- * Never use this in browser/client-side code as it requires access to your signing key.
- *
- * This function generates a cryptographic signature that authenticates your proof request.
- * The returned signature, nonce, and timestamps should be passed as `rp_context` to the client.
- *
- * @param action - The action tied to the proof request
- * @param signingKeyHex - The ECDSA private key as hex (0x-prefixed or not, 32 bytes)
- * @param ttlSeconds - Optional time-to-live in seconds (defaults to 300 = 5 minutes)
- * @returns RpSignature object with sig, nonce, createdAt, expiresAt to use as rp_context
- * @throws Error if called in non-Node.js environment or if parameters are invalid
- *
- * @example
- * ```typescript
- * import { signRequest } from '@worldcoin/idkit-core'
- *
- * const signingKey = process.env.RP_SIGNING_KEY // Load from secure env var
- * const signature = signRequest('my-action', signingKey)
- * console.log(signature.sig, signature.nonce, signature.createdAt, signature.expiresAt)
- * ```
- */
-declare function signRequest(action: string, signingKeyHex: string, ttlSeconds?: number): RpSignature;
-
-export { type AbiEncodedValue, AppErrorCodes, type ConstraintNode, CredentialRequest, type CredentialRequestType, type CredentialType, IDKit, type IDKitRequest, type IDKitRequestConfig, type IDKitResult, type OrbLegacyPreset, type Preset, type ResponseItem, type ResponseItemV3, type ResponseItemV4, ResponseStatus, type RpContext, RpSignature, type Status$1 as Status, VerificationState, type WaitOptions, all, any, isNode, isReactNative, isWeb, orbLegacy, signRequest };
+export { type AbiEncodedValue, type ConstraintNode, CredentialRequest, type CredentialRequestType, type CredentialType, type DocumentLegacyPreset, IDKit, type IDKitCompletionResult, type IDKitErrorCode, IDKitErrorCodes, type IDKitRequest, type IDKitRequestConfig, type IDKitResult, type IDKitResultSession, type IDKitSessionConfig, type OrbLegacyPreset, type Preset, type ResponseItemSession, type ResponseItemV3, type ResponseItemV4, type RpContext, type SecureDocumentLegacyPreset, type Status$1 as Status, type WaitOptions, all, any, documentLegacy, isNode, isReactNative, isWeb, orbLegacy, secureDocumentLegacy };