insumer-verify 1.3.10 → 1.4.0

package/README.md

@@ -133,8 +133,8 @@ XRPL attestation results use `ledgerIndex` (integer) and `ledgerHash` (string) i
   "evaluatedCondition": {
     "type": "token_balance",
     "chainId": "xrpl",
-    "currency": "524C555344...",
-    "issuer": "rMxCKbEDwqr76QuheSUMdEGf4B9xJ8m5De",
+    "contractAddress": "rMxCKbEDwqr76QuheSUMdEGf4B9xJ8m5De",
+    "currency": "524C555344000000000000000000000000000000",
     "operator": "gte",
     "threshold": 100,
     "decimals": 6
@@ -271,6 +271,25 @@ Each attestation result includes an `evaluatedCondition` object and a `condition
 
 This ensures the condition that was actually evaluated on-chain can be independently verified by any third party.
 
+## Examples
+
+The [`examples/`](./examples/) directory contains runnable scripts covering common patterns:
+
+| Example | What it shows |
+|---------|--------------|
+| [`basic-attest.mjs`](./examples/basic-attest.mjs) | Single token balance check + verification |
+| [`multi-condition.mjs`](./examples/multi-condition.mjs) | Multiple conditions across different chains |
+| [`jwt-format.mjs`](./examples/jwt-format.mjs) | JWT format for gateway integration (Kong, Nginx, Cloudflare Access) |
+| [`verify-manual.mjs`](./examples/verify-manual.mjs) | DIY verification with Web Crypto — no library, proving the format is open |
+| [`express-gate.mjs`](./examples/express-gate.mjs) | Express middleware: verify attestation before granting access |
+| [`xrpl-trustline.mjs`](./examples/xrpl-trustline.mjs) | XRPL trust line tokens (RLUSD, USDC) |
+
+```bash
+INSUMER_API_KEY=insr_live_... node examples/basic-attest.mjs
+```
+
+The attestation format is an open standard — `verify-manual.mjs` demonstrates full verification using only the Web Crypto API with no dependencies. See the [State Attestation Spec](https://insumermodel.com/state-attestation-spec) for the complete format definition.
+
 ## Pricing
 
 **Tiers:** Free (10 credits) | Pro $9/mo (10,000/day) | Enterprise $29/mo (100,000/day)

package/examples/README.md

@@ -0,0 +1,58 @@
+# insumer-verify examples
+
+Runnable examples showing how to request, verify, and gate access with InsumerAPI attestations.
+
+## Philosophy
+
+InsumerAPI standardizes the **format and verification model** of eligibility attestations, not the underlying computation method. Any conforming implementation may use direct reads, proof systems, or delegated verification, but it must emit a privacy-preserving, signed, time-bounded attestation that can be independently verified by relying parties without real-time issuer communication.
+
+What this means in practice: every example below produces or consumes the same signed attestation format. The verification side never needs to know *how* the attestation was produced — only that it conforms to the [State Attestation Spec](https://insumermodel.com/state-attestation-spec).
+
+## Examples
+
+| File | What it shows |
+|------|--------------|
+| `basic-attest.mjs` | Single token balance check + verification |
+| `multi-condition.mjs` | Multiple conditions across different chains |
+| `jwt-format.mjs` | Request JWT format for gateway integration (Kong, Nginx, Cloudflare Access) |
+| `verify-manual.mjs` | DIY verification with Web Crypto — no library, proving the format is open |
+| `express-gate.mjs` | Express middleware: verify attestation before granting access |
+| `xrpl-trustline.mjs` | XRPL trust line tokens (RLUSD, USDC) with issuer addressing |
+
+## Prerequisites
+
+```bash
+npm install insumer-verify  # for library examples
+```
+
+Get a free API key:
+
+```bash
+curl -s -X POST https://api.insumermodel.com/v1/keys/create \
+  -H "Content-Type: application/json" \
+  -d '{"email": "you@example.com", "appName": "examples"}' | jq .
+```
+
+Set it as an environment variable:
+
+```bash
+export INSUMER_API_KEY=insr_live_your_key_here
+```
+
+## Run
+
+```bash
+node examples/basic-attest.mjs
+node examples/verify-manual.mjs   # no library needed
+```
+
+## Verification spec
+
+All examples verify attestations against the [State Attestation Specification](https://insumermodel.com/state-attestation-spec). The spec defines:
+
+- **Attestation format** — signed boolean assertions over on-chain state
+- **Signing scheme** — ECDSA P-256 (ES256) with JWKS key distribution
+- **Condition hashes** — SHA-256 tamper seals over evaluated predicates
+- **Verification algorithm** — 4 checks any relying party can run offline
+
+The format is the standard. The computation behind it is an implementation detail.

package/examples/basic-attest.mjs

@@ -0,0 +1,64 @@
+/**
+ * basic-attest.mjs — Single token balance attestation + verification.
+ *
+ * Demonstrates the core flow:
+ * 1. Send conditions to InsumerAPI
+ * 2. Receive a signed attestation (boolean, not balance)
+ * 3. Verify it cryptographically — offline, no API callback needed
+ *
+ * Usage: INSUMER_API_KEY=insr_live_... node examples/basic-attest.mjs
+ */
+
+import { verifyAttestation } from "insumer-verify";
+
+const API_KEY = process.env.INSUMER_API_KEY;
+if (!API_KEY) {
+  console.error("Set INSUMER_API_KEY environment variable");
+  process.exit(1);
+}
+
+// 1. Request an attestation — "does this wallet hold >= 1000 USDC on Ethereum?"
+const res = await fetch("https://api.insumermodel.com/v1/attest", {
+  method: "POST",
+  headers: {
+    "Content-Type": "application/json",
+    "X-API-Key": API_KEY,
+  },
+  body: JSON.stringify({
+    wallet: "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045",
+    conditions: [
+      {
+        type: "token_balance",
+        chainId: 1,
+        contractAddress: "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
+        threshold: 1000,
+        decimals: 6,
+        label: "USDC >= 1000 on Ethereum",
+      },
+    ],
+  }),
+});
+
+const apiResponse = await res.json();
+
+// Check for RPC failure (retryable, not a verification failure)
+if (!apiResponse.ok && apiResponse.error?.code === "rpc_failure") {
+  console.log("RPC failure — retry after 2-5 seconds:", apiResponse.error.failedConditions);
+  process.exit(1);
+}
+
+// 2. Verify the attestation — signature, condition hashes, freshness, expiry
+const result = await verifyAttestation(apiResponse, {
+  maxAge: 120, // reject if block data is older than 2 minutes
+});
+
+console.log("Verification:", result.valid ? "PASSED" : "FAILED");
+console.log("Checks:", JSON.stringify(result.checks, null, 2));
+
+if (result.valid) {
+  const { pass, results } = apiResponse.data.attestation;
+  console.log(`\nAttestation: ${pass ? "ALL MET" : "NOT ALL MET"}`);
+  for (const r of results) {
+    console.log(`  ${r.label}: ${r.met ? "met" : "not met"} (block ${r.blockNumber})`);
+  }
+}

package/examples/express-gate.mjs

@@ -0,0 +1,94 @@
+/**
+ * express-gate.mjs — Express middleware: verify attestation before granting access.
+ *
+ * Pattern: the client calls InsumerAPI, gets an attestation, and sends it
+ * to your server. Your server verifies it cryptographically — no API
+ * callback, no real-time issuer communication. The attestation is
+ * self-contained proof that the wallet meets the conditions.
+ *
+ * This is the relying party pattern: your server never touches the
+ * blockchain or the attestation issuer. It only needs the public key
+ * (via JWKS) and the verification algorithm (4 checks).
+ *
+ * Usage: node examples/express-gate.mjs
+ * Then:  curl -X POST http://localhost:3000/api/premium \
+ *          -H "Content-Type: application/json" \
+ *          -d '{"attestation": <full API response or JWT string>}'
+ *
+ * Requires: npm install express insumer-verify
+ */
+
+import express from "express";
+import { verifyAttestation } from "insumer-verify";
+
+const app = express();
+app.use(express.json());
+
+/**
+ * Middleware: require a valid InsumerAPI attestation.
+ * Accepts either a raw attestation object or a JWT string.
+ */
+function requireAttestation(options = {}) {
+  const { maxAge = 120 } = options;
+
+  return async (req, res, next) => {
+    const attestationData = req.body.attestation;
+
+    if (!attestationData) {
+      return res.status(401).json({ error: "Missing attestation" });
+    }
+
+    try {
+      const result = await verifyAttestation(attestationData, { maxAge });
+
+      if (!result.valid) {
+        return res.status(403).json({
+          error: "Attestation verification failed",
+          checks: result.checks,
+        });
+      }
+
+      // Attach verified attestation to request for downstream use
+      if (typeof attestationData === "string") {
+        // JWT — decode claims
+        const [, payloadB64] = attestationData.split(".");
+        req.attestation = JSON.parse(
+          Buffer.from(payloadB64, "base64url").toString()
+        );
+      } else {
+        req.attestation = attestationData.data.attestation;
+      }
+
+      next();
+    } catch (err) {
+      return res.status(400).json({ error: "Invalid attestation format" });
+    }
+  };
+}
+
+// Protected route — only accessible with a valid attestation
+app.post("/api/premium", requireAttestation({ maxAge: 120 }), (req, res) => {
+  const { pass, results, id } = req.attestation;
+
+  if (!pass) {
+    return res.status(403).json({
+      error: "Conditions not met",
+      attestationId: id,
+    });
+  }
+
+  res.json({
+    message: "Welcome, verified holder",
+    attestationId: id,
+    conditionsMet: results.filter((r) => r.met).map((r) => r.label),
+  });
+});
+
+// Health check
+app.get("/health", (req, res) => res.json({ ok: true }));
+
+const PORT = process.env.PORT || 3000;
+app.listen(PORT, () => {
+  console.log(`Server running on http://localhost:${PORT}`);
+  console.log("POST /api/premium with { attestation: <response or JWT> }");
+});

package/examples/jwt-format.mjs

@@ -0,0 +1,78 @@
+/**
+ * jwt-format.mjs — Request attestation as a JWT for gateway integration.
+ *
+ * Adding "format": "jwt" to the request returns a standard ES256 JWT
+ * alongside the raw attestation. The JWT is verifiable by any standard
+ * JWT library or gateway (Kong, Nginx, Cloudflare Access, AWS API Gateway)
+ * using the JWKS endpoint — no custom code needed on the gateway side.
+ *
+ * This is the bridge between InsumerAPI and existing auth infrastructure:
+ * the attestation format is standard, so it plugs into standard tools.
+ *
+ * Usage: INSUMER_API_KEY=insr_live_... node examples/jwt-format.mjs
+ */
+
+import { verifyAttestation } from "insumer-verify";
+
+const API_KEY = process.env.INSUMER_API_KEY;
+if (!API_KEY) {
+  console.error("Set INSUMER_API_KEY environment variable");
+  process.exit(1);
+}
+
+// Request JWT format
+const res = await fetch("https://api.insumermodel.com/v1/attest", {
+  method: "POST",
+  headers: {
+    "Content-Type": "application/json",
+    "X-API-Key": API_KEY,
+  },
+  body: JSON.stringify({
+    wallet: "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045",
+    conditions: [
+      {
+        type: "token_balance",
+        chainId: 1,
+        contractAddress: "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
+        threshold: 100,
+        decimals: 6,
+        label: "USDC >= 100 on Ethereum",
+      },
+    ],
+    format: "jwt",
+  }),
+});
+
+const apiResponse = await res.json();
+
+if (!apiResponse.ok) {
+  console.error("API error:", apiResponse.error);
+  process.exit(1);
+}
+
+// The JWT is in the response data
+const jwt = apiResponse.data.jwt;
+console.log("JWT token:", jwt);
+console.log();
+
+// Decode and inspect JWT claims (without verification, for display)
+const [, payloadB64] = jwt.split(".");
+const claims = JSON.parse(Buffer.from(payloadB64, "base64url").toString());
+console.log("JWT claims:");
+console.log(`  iss: ${claims.iss}`);
+console.log(`  sub: ${claims.sub} (wallet)`);
+console.log(`  jti: ${claims.jti} (attestation ID)`);
+console.log(`  pass: ${claims.pass}`);
+console.log(`  iat: ${new Date(claims.iat * 1000).toISOString()}`);
+console.log(`  exp: ${new Date(claims.exp * 1000).toISOString()}`);
+console.log();
+
+// Verify the JWT — insumer-verify auto-detects string input as JWT
+const result = await verifyAttestation(jwt);
+
+console.log("JWT verification:", result.valid ? "PASSED" : "FAILED");
+console.log("Checks:", JSON.stringify(result.checks, null, 2));
+
+// You can also verify the raw attestation from the same response
+const rawResult = await verifyAttestation(apiResponse);
+console.log("\nRaw attestation verification:", rawResult.valid ? "PASSED" : "FAILED");

package/examples/multi-condition.mjs

@@ -0,0 +1,79 @@
+/**
+ * multi-condition.mjs — Multiple conditions across different chains.
+ *
+ * A single attestation request can check up to 10 conditions across any
+ * combination of the 32 supported chains. The response is one signed
+ * attestation covering all conditions — pass is true only if ALL are met.
+ *
+ * Usage: INSUMER_API_KEY=insr_live_... node examples/multi-condition.mjs
+ */
+
+import { verifyAttestation } from "insumer-verify";
+
+const API_KEY = process.env.INSUMER_API_KEY;
+if (!API_KEY) {
+  console.error("Set INSUMER_API_KEY environment variable");
+  process.exit(1);
+}
+
+// Check multiple conditions in a single call:
+// - USDC on Ethereum (EVM, chainId 1)
+// - UNI governance token on Ethereum
+// - USDC on Base (EVM, chainId 8453)
+const res = await fetch("https://api.insumermodel.com/v1/attest", {
+  method: "POST",
+  headers: {
+    "Content-Type": "application/json",
+    "X-API-Key": API_KEY,
+  },
+  body: JSON.stringify({
+    wallet: "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045",
+    conditions: [
+      {
+        type: "token_balance",
+        chainId: 1,
+        contractAddress: "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
+        threshold: 100,
+        decimals: 6,
+        label: "USDC >= 100 on Ethereum",
+      },
+      {
+        type: "token_balance",
+        chainId: 1,
+        contractAddress: "0x1f9840a85d5aF5bf1D1762F925BDADdC4201F984",
+        threshold: 1,
+        decimals: 18,
+        label: "UNI >= 1 on Ethereum",
+      },
+      {
+        type: "token_balance",
+        chainId: 8453,
+        contractAddress: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
+        threshold: 50,
+        decimals: 6,
+        label: "USDC >= 50 on Base",
+      },
+    ],
+  }),
+});
+
+const apiResponse = await res.json();
+
+if (!apiResponse.ok) {
+  console.error("API error:", apiResponse.error);
+  process.exit(1);
+}
+
+// Verify once — covers all conditions in the attestation
+const result = await verifyAttestation(apiResponse, { maxAge: 120 });
+
+console.log("Verification:", result.valid ? "PASSED" : "FAILED");
+
+const { attestation } = apiResponse.data;
+console.log(`\nAttestation ${attestation.id}:`);
+console.log(`  Overall: ${attestation.pass ? "ALL MET" : "NOT ALL MET"} (${attestation.passCount} passed, ${attestation.failCount} failed)`);
+console.log(`  Expires: ${attestation.expiresAt}`);
+
+for (const r of attestation.results) {
+  console.log(`  [${r.met ? "PASS" : "FAIL"}] ${r.label} (chain ${r.chainId}, block ${r.blockNumber})`);
+}

package/examples/verify-manual.mjs

@@ -0,0 +1,154 @@
+/**
+ * verify-manual.mjs — DIY attestation verification with Web Crypto.
+ *
+ * No library. No dependencies. Just the Web Crypto API and the spec.
+ *
+ * This example proves that the attestation format is open and independently
+ * verifiable. You don't need insumer-verify, you don't need to trust any
+ * library — you can verify directly against the JWKS public key using
+ * standard cryptographic primitives available in every modern runtime.
+ *
+ * The protocol standardizes the format and verification model, not the
+ * implementation. This file IS a conforming verifier.
+ *
+ * Implements all 4 verification checks from the State Attestation Spec:
+ *   1. Signature — ECDSA P-256 over {id, pass, results, attestedAt}
+ *   2. Condition hashes — SHA-256 of canonical sorted-key JSON
+ *   3. Freshness — blockTimestamp age vs maxAge
+ *   4. Expiry — attestation validity window
+ *
+ * Usage: INSUMER_API_KEY=insr_live_... node examples/verify-manual.mjs
+ */
+
+const API_KEY = process.env.INSUMER_API_KEY;
+if (!API_KEY) {
+  console.error("Set INSUMER_API_KEY environment variable");
+  process.exit(1);
+}
+
+// ── Step 1: Fetch the signing key from JWKS ──────────────────────
+
+const jwksRes = await fetch("https://api.insumermodel.com/v1/jwks");
+const jwks = await jwksRes.json();
+const keyData = jwks.keys[0]; // or match by kid
+
+const publicKey = await crypto.subtle.importKey(
+  "jwk",
+  { kty: keyData.kty, crv: keyData.crv, x: keyData.x, y: keyData.y },
+  { name: "ECDSA", namedCurve: "P-256" },
+  false,
+  ["verify"]
+);
+
+console.log("Imported public key (kid:", keyData.kid, ")");
+
+// ── Step 2: Request an attestation ───────────────────────────────
+
+const res = await fetch("https://api.insumermodel.com/v1/attest", {
+  method: "POST",
+  headers: {
+    "Content-Type": "application/json",
+    "X-API-Key": API_KEY,
+  },
+  body: JSON.stringify({
+    wallet: "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045",
+    conditions: [
+      {
+        type: "token_balance",
+        chainId: 1,
+        contractAddress: "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
+        threshold: 100,
+        decimals: 6,
+        label: "USDC >= 100 on Ethereum",
+      },
+    ],
+  }),
+});
+
+const apiResponse = await res.json();
+if (!apiResponse.ok) {
+  console.error("API error:", apiResponse.error);
+  process.exit(1);
+}
+
+const { attestation, sig, kid } = apiResponse.data;
+console.log("Received attestation:", attestation.id);
+
+// ── Check 1: Signature verification ─────────────────────────────
+// The signed payload is JSON.stringify({id, pass, results, attestedAt})
+// in that exact field order.
+
+const signedPayload = JSON.stringify({
+  id: attestation.id,
+  pass: attestation.pass,
+  results: attestation.results,
+  attestedAt: attestation.attestedAt,
+});
+
+const payloadBytes = new TextEncoder().encode(signedPayload);
+const sigBytes = Uint8Array.from(atob(sig), (c) => c.charCodeAt(0));
+
+const sigValid = await crypto.subtle.verify(
+  { name: "ECDSA", hash: "SHA-256" },
+  publicKey,
+  sigBytes,
+  payloadBytes
+);
+
+console.log("\nCheck 1 — Signature:", sigValid ? "PASSED" : "FAILED");
+
+// ── Check 2: Condition hash integrity ────────────────────────────
+// Each result's conditionHash must equal SHA-256 of its evaluatedCondition
+// serialized with sorted keys.
+
+let hashesValid = true;
+for (const r of attestation.results) {
+  const sortedKeys = Object.keys(r.evaluatedCondition).sort();
+  const canonical = JSON.stringify(r.evaluatedCondition, sortedKeys);
+  const hashBuffer = await crypto.subtle.digest(
+    "SHA-256",
+    new TextEncoder().encode(canonical)
+  );
+  const computed =
+    "0x" +
+    Array.from(new Uint8Array(hashBuffer))
+      .map((b) => b.toString(16).padStart(2, "0"))
+      .join("");
+
+  if (computed !== r.conditionHash) {
+    console.log(`Check 2 — Condition hash MISMATCH at index ${r.condition}`);
+    console.log(`  Expected: ${r.conditionHash}`);
+    console.log(`  Computed: ${computed}`);
+    hashesValid = false;
+  }
+}
+console.log("Check 2 — Condition hashes:", hashesValid ? "PASSED" : "FAILED");
+
+// ── Check 3: Freshness ───────────────────────────────────────────
+// Reject if blockTimestamp is older than maxAge seconds.
+
+const MAX_AGE_SECONDS = 120;
+let freshnessValid = true;
+for (const r of attestation.results) {
+  if (!r.blockTimestamp) continue; // skip chains without block timestamps
+  const ageMs = Date.now() - new Date(r.blockTimestamp).getTime();
+  if (ageMs > MAX_AGE_SECONDS * 1000) {
+    console.log(
+      `Check 3 — Result ${r.condition} is ${Math.round(ageMs / 1000)}s old (max: ${MAX_AGE_SECONDS}s)`
+    );
+    freshnessValid = false;
+  }
+}
+console.log("Check 3 — Freshness:", freshnessValid ? "PASSED" : "FAILED");
+
+// ── Check 4: Expiry ──────────────────────────────────────────────
+// Reject if the attestation's validity window has elapsed.
+
+const expiryValid = Date.now() <= new Date(attestation.expiresAt).getTime();
+console.log("Check 4 — Expiry:", expiryValid ? "PASSED" : "FAILED");
+
+// ── Summary ──────────────────────────────────────────────────────
+
+const allPassed = sigValid && hashesValid && freshnessValid && expiryValid;
+console.log("\nOverall:", allPassed ? "VALID" : "INVALID");
+console.log(`Attestation ${attestation.id}: ${attestation.pass ? "conditions met" : "conditions not met"}`);

package/examples/xrpl-trustline.mjs

@@ -0,0 +1,100 @@
+/**
+ * xrpl-trustline.mjs — XRPL trust line token attestation.
+ *
+ * XRPL uses a different addressing model than EVM chains:
+ * - Tokens are identified by issuer address + currency code
+ * - The contractAddress field holds the issuer's r-address
+ * - Results include ledgerIndex/ledgerHash instead of blockNumber/blockTimestamp
+ * - Trust line tokens include trustLineState with frozen status
+ *
+ * The attestation format is the same — signed, verifiable, boolean.
+ * The chain-specific details are in the evaluatedCondition and result fields.
+ *
+ * Usage: INSUMER_API_KEY=insr_live_... node examples/xrpl-trustline.mjs
+ */
+
+import { verifyAttestation } from "insumer-verify";
+
+const API_KEY = process.env.INSUMER_API_KEY;
+if (!API_KEY) {
+  console.error("Set INSUMER_API_KEY environment variable");
+  process.exit(1);
+}
+
+// XRPL token issuers and currency codes
+const RLUSD_ISSUER = "rMxCKbEDwqr76QuheSUMdEGf4B9xJ8m5De";
+const RLUSD_CURRENCY = "524C555344000000000000000000000000000000";
+
+const USDC_ISSUER = "rGm7WCVp9gb4jZHWTEtGUr4dd74z2XuWhE";
+const USDC_CURRENCY = "5553444300000000000000000000000000000000";
+
+// Check RLUSD and USDC on XRPL
+// Note: XRPL uses xrplWallet parameter (not wallet, which is EVM)
+const res = await fetch("https://api.insumermodel.com/v1/attest", {
+  method: "POST",
+  headers: {
+    "Content-Type": "application/json",
+    "X-API-Key": API_KEY,
+  },
+  body: JSON.stringify({
+    xrplWallet: "ra8xqX4QhcogFfxpMxMByvFnXyxw9E8rzY",
+    conditions: [
+      {
+        type: "token_balance",
+        chainId: "xrpl",
+        contractAddress: RLUSD_ISSUER,
+        currency: RLUSD_CURRENCY,
+        threshold: 10,
+        decimals: 6,
+        label: "RLUSD >= 10 on XRPL",
+      },
+      {
+        type: "token_balance",
+        chainId: "xrpl",
+        contractAddress: USDC_ISSUER,
+        currency: USDC_CURRENCY,
+        threshold: 5,
+        decimals: 6,
+        label: "USDC >= 5 on XRPL",
+      },
+    ],
+  }),
+});
+
+const apiResponse = await res.json();
+
+if (!apiResponse.ok) {
+  console.error("API error:", apiResponse.error);
+  process.exit(1);
+}
+
+// Verify — same function, same checks. XRPL results use ledgerIndex
+// instead of blockTimestamp, so freshness check skips them gracefully.
+const result = await verifyAttestation(apiResponse, { maxAge: 120 });
+
+console.log("Verification:", result.valid ? "PASSED" : "FAILED");
+
+const { attestation } = apiResponse.data;
+console.log(`\nAttestation ${attestation.id}:`);
+
+for (const r of attestation.results) {
+  console.log(`\n  ${r.label}: ${r.met ? "MET" : "NOT MET"}`);
+  console.log(`    Chain: ${r.chainId}`);
+
+  // XRPL-specific fields
+  if (r.ledgerIndex) {
+    console.log(`    Ledger index: ${r.ledgerIndex}`);
+  }
+  if (r.ledgerHash) {
+    console.log(`    Ledger hash: ${r.ledgerHash}`);
+  }
+
+  // Trust line state (non-native tokens only)
+  if (r.trustLineState) {
+    console.log(`    Trust line frozen: ${r.trustLineState.frozen}`);
+  }
+
+  // The evaluatedCondition uses contractAddress for the issuer
+  console.log(`    Issuer (contractAddress): ${r.evaluatedCondition.contractAddress}`);
+  console.log(`    Currency: ${r.evaluatedCondition.currency}`);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "insumer-verify",
-  "version": "1.3.10",
+  "version": "1.4.0",
   "description": "Client-side verifier for InsumerAPI attestations. ECDSA P-256 signatures, condition hashes, block freshness, expiry. Zero dependencies. Used by DJD Agent Score (Coinbase x402).",
   "type": "module",
   "main": "build/index.js",
@@ -13,6 +13,7 @@
   },
   "files": [
     "build",
+    "examples",
     "README.md"
   ],
   "scripts": {