npm - insumer-verify - Versions diffs - 1.3.3 → 1.3.5 - Mend

insumer-verify 1.3.3 → 1.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -22,7 +22,7 @@ curl -s -X POST https://us-central1-insumer-merchant.cloudfunctions.net/createDe
   -d '{"email": "you@example.com", "appName": "insumer-verify", "tier": "free"}' | jq .
 ```
-Returns an `insr_live_...` key with 100 credits and 100 calls/day. One free key per email.
+Returns an `insr_live_...` key with 10 credits and 100 calls/day. One free key per email.
 Or get one at [insumermodel.com/developers](https://insumermodel.com/developers/).
@@ -119,6 +119,40 @@ The attestation response you're verifying looks like this:
 No balances. No amounts. Just a signed true/false per condition.
+#### XRPL-specific fields
+XRPL attestation results use `ledgerIndex` (integer) and `ledgerHash` (string) instead of `blockNumber` and `blockTimestamp`:
+```json
+{
+  "condition": 0,
+  "met": true,
+  "label": "RLUSD >= 100 on XRPL",
+  "type": "token_balance",
+  "chainId": "xrpl",
+  "evaluatedCondition": {
+    "type": "token_balance",
+    "chainId": "xrpl",
+    "currency": "524C555344...",
+    "issuer": "rMxCKbEDwqr76QuheSUMdEGf4B9xJ8m5De",
+    "operator": "gte",
+    "threshold": 100,
+    "decimals": 6
+  },
+  "conditionHash": "0x9f2c...",
+  "ledgerIndex": 96482715,
+  "ledgerHash": "A1B2C3D4..."
+}
+```
+Trust line token conditions may also include `trustLineState` with a `frozen` boolean indicating whether the trust line is frozen:
+```json
+"trustLineState": { "frozen": false }
+```
+Because XRPL results have no `blockTimestamp`, the freshness check (`maxAge`) skips them rather than failing. Condition hash and signature checks work identically across all chains.
 ### Handling `rpc_failure` errors
 If the API cannot reach one or more data sources (RPC nodes, Helius, XRPL, Covalent) after retries, it returns `ok: false` with error code `rpc_failure` instead of issuing an attestation. **No signature, no JWT, no credits charged.** This is a retryable error — retry the same request after a short delay (2-5 seconds).
@@ -177,7 +211,7 @@ const result = await verifyAttestation(apiResponse, { maxAge: 120 });
 // Fails if any blockTimestamp is older than 120 seconds
 ```
-Results without `blockTimestamp` (Covalent, Solana, and XRPL chains) are skipped, not treated as failures.
+Results without `blockTimestamp` (Covalent, Solana, and XRPL chains) are skipped, not treated as failures. XRPL results use `ledgerIndex` and `ledgerHash` instead.
 ### JWKS key discovery

package/build/index.d.ts CHANGED Viewed

@@ -25,7 +25,7 @@ export interface CheckResult {
     reason?: string;
 }
 export interface VerifyOptions {
-    /** Maximum acceptable age of blockTimestamp in seconds. Results without blockTimestamp are skipped. */
+    /** Maximum acceptable age of blockTimestamp in seconds. Results without blockTimestamp (e.g. XRPL, which uses ledgerIndex/ledgerHash instead) are skipped. */
     maxAge?: number;
     /** JWKS URL for dynamic key discovery. When set, fetches the signing key from this URL instead of using the hardcoded key. Example: "https://insumermodel.com/.well-known/jwks.json" */
     jwksUrl?: string;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "insumer-verify",
-  "version": "1.3.3",
+  "version": "1.3.5",
   "description": "Client-side verifier for InsumerAPI attestations. ECDSA P-256 signatures, condition hashes, block freshness, expiry. Zero dependencies. Used by DJD Agent Score (Coinbase x402).",
   "type": "module",
   "main": "build/index.js",