insumer-verify 1.1.3 → 1.1.4

package/README.md

@@ -4,7 +4,7 @@ Client-side verifier for [InsumerAPI](https://insumermodel.com/developers/) atte
 
 **In production:** [DJD Agent Score](https://github.com/jacobsd32-cpu/djdagentscore) (Coinbase x402 ecosystem) uses insumer-verify for client-side cryptographic verification in their AI agent wallet trust scoring pipeline. [Case study](https://insumermodel.com/blog/djd-agent-score-insumer-api-integration.html).
 
-Part of the InsumerAPI ecosystem: [REST API](https://insumermodel.com/developers/) (17 endpoints, 31 chains) | [MCP server](https://www.npmjs.com/package/mcp-server-insumer) (npm) | [LangChain](https://pypi.org/project/langchain-insumer/) (PyPI) | [OpenAI GPT](https://chatgpt.com/g/g-699c5e43ce2481918b3f1e7f144c8a49-insumerapi-verify) (GPT Store)
+Part of the InsumerAPI ecosystem: [REST API](https://insumermodel.com/developers/) (25 endpoints, 31 chains) | [MCP server](https://www.npmjs.com/package/mcp-server-insumer) (npm) | [LangChain](https://pypi.org/project/langchain-insumer/) (PyPI) | [OpenAI GPT](https://chatgpt.com/g/g-699c5e43ce2481918b3f1e7f144c8a49-insumerapi-verify) (GPT Store)
 
 ## Install
 
@@ -14,27 +14,28 @@ npm install insumer-verify
 
 ## Usage
 
-### Node.js
+Call InsumerAPI, get a signed attestation, verify it:
 
 ```typescript
 import { verifyAttestation } from "insumer-verify";
 
-// Call InsumerAPI
+// 1. Call InsumerAPI
 const res = await fetch("https://api.insumermodel.com/v1/attest", {
   method: "POST",
   headers: {
     "Content-Type": "application/json",
-    "X-API-Key": "your-api-key",
+    "X-API-Key": "insr_live_your_key_here",
   },
   body: JSON.stringify({
-    wallet: "0x...",
+    wallet: "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045",
     conditions: [
       {
         type: "token_balance",
         chainId: 1,
-        contractAddress: "0xA0b8...",
-        threshold: "1000000",
+        contractAddress: "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
+        threshold: 1000,
         decimals: 6,
+        label: "USDC >= 1000 on Ethereum",
       },
     ],
   }),
@@ -42,45 +43,79 @@ const res = await fetch("https://api.insumermodel.com/v1/attest", {
 
 const apiResponse = await res.json();
 
-// Verify the attestation
-const result = await verifyAttestation(apiResponse);
+// 2. Verify the attestation (signature, condition hashes, freshness, expiry)
+const result = await verifyAttestation(apiResponse, {
+  jwksUrl: "https://insumermodel.com/.well-known/jwks.json",
+  maxAge: 120,
+});
 
 if (result.valid) {
-  console.log("Attestation verified");
+  const { pass, results } = apiResponse.data.attestation;
+  console.log(`All conditions ${pass ? "met" : "not met"}`);
+  for (const r of results) {
+    console.log(`  ${r.label}: ${r.met ? "met" : "not met"}`);
+  }
 } else {
   console.log("Verification failed:", result.checks);
 }
 ```
 
+### What the API returns
+
+The attestation response you're verifying looks like this:
+
+```json
+{
+  "ok": true,
+  "data": {
+    "attestation": {
+      "id": "ATST-A7C3E",
+      "pass": true,
+      "results": [
+        {
+          "condition": 0,
+          "met": true,
+          "label": "USDC >= 1000 on Ethereum",
+          "type": "token_balance",
+          "chainId": 1,
+          "evaluatedCondition": {
+            "chainId": 1,
+            "contractAddress": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
+            "decimals": 6,
+            "operator": "gte",
+            "threshold": 1000,
+            "type": "token_balance"
+          },
+          "conditionHash": "0x8a3b...",
+          "blockNumber": "0x129e3f7",
+          "blockTimestamp": "2026-02-28T12:34:56.000Z"
+        }
+      ],
+      "passCount": 1,
+      "failCount": 0,
+      "attestedAt": "2026-02-28T12:34:57.000Z",
+      "expiresAt": "2026-02-28T13:04:57.000Z"
+    },
+    "sig": "MEUCIQD...(base64 ECDSA signature)...",
+    "kid": "insumer-attest-v1"
+  },
+  "meta": { "version": "1.0", "creditsCharged": 1, "creditsRemaining": 99 }
+}
+```
+
+No balances. No amounts. Just a signed true/false per condition.
+
 ### Browser
 
 ```html
 <script type="module">
   import { verifyAttestation } from "https://esm.sh/insumer-verify";
 
-  const res = await fetch("https://api.insumermodel.com/v1/attest", {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      "X-API-Key": "your-api-key",
-    },
-    body: JSON.stringify({
-      wallet: "0x...",
-      conditions: [
-        {
-          type: "token_balance",
-          chainId: 1,
-          contractAddress: "0xA0b8...",
-          threshold: "1000000",
-          decimals: 6,
-        },
-      ],
-    }),
+  // apiResponse = attestation from your backend
+  const result = await verifyAttestation(apiResponse, {
+    jwksUrl: "https://insumermodel.com/.well-known/jwks.json",
   });
-
-  const apiResponse = await res.json();
-  const result = await verifyAttestation(apiResponse);
-  console.log(result);
+  console.log(result.valid, result.checks);
 </script>
 ```
 
@@ -101,7 +136,7 @@ By default, insumer-verify uses the hardcoded InsumerAPI public key. You can opt
 
 ```typescript
 const result = await verifyAttestation(apiResponse, {
-  jwksUrl: "https://insumermodel.com/.well-known/jwks.json"
+  jwksUrl: "https://insumermodel.com/.well-known/jwks.json",
 });
 ```
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "insumer-verify",
-  "version": "1.1.3",
+  "version": "1.1.4",
   "description": "Client-side verifier for InsumerAPI attestations. ECDSA P-256 signatures, condition hashes, block freshness, expiry. Zero dependencies. Used by DJD Agent Score (Coinbase x402).",
   "type": "module",
   "main": "build/index.js",