July 2025 Development Updates #1
Hey devs, we’ve shipped a fresh batch of updates across the Reclaim stack. Whether you're crafting mobile flows, building for the web, or cooking up something cool with zkFetch, there’s something here for you.
Here’s what’s hot and worth knowing:
JS SDK (v4.2.3)
The QR modal got a glow-up. It's now cleaner, sleeker, and plays nice with browser extensions detecting them automagically so users aren’t left staring at the screen wondering what to do next. Fewer clicks, more joy.
Mobile SDKs (v0.10.3)
We packed in a bunch of subtle (but mighty) improvements:
Async locks to stop race conditions from turning into race disasters
Friendlier error handling
More readable summaries in the verification review UI
And more stable communication with the attestor
Browser Extension
Big shift here: we’ve gone dynamic with provider scripts. No more bundling them into the extension. Now we fetch them from the backend in real time - meaning faster updates. Plus: smoother animations, better performance, and stronger security. Your extension just got smarter.
Attestor Core
Okay, this one’s big: introducing createClaimOnMechain().
You can now create claims across multiple attestors, rather than relying on a single verification point. This is our first real leap toward making zkFetch truly decentralized. Yes, the mesh is forming. Yes, it’s pretty damn cool.
💡 What you might wanna do next:
If you're using the JS SDK, bump to
v4.2.3- the QR modal is way smoother now.On mobile? Upgrade to
v0.10.3.Working on the browser extension? Switch to the new dynamic script model. It’s a lighter lift and a better dev experience.
Building or playing with zkFetch? Try out
createClaimOnMechain()- decentralized claims are now real and ready.
Technical Details & Implementation
Want the nitty-gritty? Here's exactly what we changed with commit links
JavaScript SDK v4.2.3
Repository: reclaim-js-sdk
Changed
QR Code Modal Interface - Improved modal experience with cleaner default appearance and better extension integration. The modal now provides a streamlined verification flow with automatic browser extension detection. (ae413ee)
Package version updated to 4.2.3 (19fedcc)
Mobile SDK Ecosystem v0.10.0 → v0.10.3
SDKs Repositories: React Native | Android | iOS
v0.10.3
Fixed
Verification Review UI - Resolved param key text overflow in verification review interface
Attestor Communication - Fixed liveliness checks for JavaScript calls sent to attestor webview
Changed
Dependencies - Updated inapp module dependency to 0.10.3
v0.10.2
Added
User Experience - Humanized summary of values shown in verification review UI
Concurrency - Async lock around JSON & XML path evaluations to prevent RPC request deadlock
Changed
Login Detection - Improved user login interaction requirement detection
Dependencies - Updated inapp module dependency to 0.10.2
Fixed
Request Handling - Response selection handling for requests without match or redaction options
v0.10.0
Added
Reliability - Retry mechanism for timeout scenarios during claim creation
Platform Support - Unsupported platform warning for non-64-bit runtimes
Device Identification - Device logging ID as fallback device identifier
Error Handling - 4xx error checking for
ReclaimExpiredSessionExceptionManual Review - Feature flags for customizing manual review messages and prompts
Changed
Dependencies - Updated inapp module dependency to 0.10.0
Logging - Enhanced log printing to debugging consoles when upload fails
Exception Handling - Updated exception handling cases
Manual Review Copy - Improved manual review messaging
Fixed
Performance - Various bug fixes and performance improvements
Attestor Startup - Pre-initialized separate browser RPC client to prevent request deadlock
Migration (v0.10.3 )
Make sure if you are using the latest versions of
ReclaimInAppSdkcocoapod if you have overriden this dependency in yourPodfile. Latest version on cocoapods.org is 0.10.3.Run a
pod install --repo-update. If this fails for reasons related to theReclaimInAppSdk, try runningpod update ReclaimInAppSdk.Refer: https://github.com/reclaimprotocol/reclaim-inapp-reactnative-sdk/blob/main/README.md#ios-setup
Browser Extension
Repository: reclaim-extension
Added
Dynamic Provider Scripts - Major architectural shift from bundled scripts to dynamic backend-driven injection system. Eliminates need for bundled provider scripts and enables real-time script updates without extension releases. (8f41df1)
// Before v1.0.3 - Script injection in sessionManager.js const scriptUrl = `js-scripts/${templateData.providerId}.js`; chrome.scripting.executeScript({ target: { tabId: tab.id }, files: [scriptUrl], world: 'MAIN' }); // After v1.0.3 - Dynamic script fetching in injection-scripts.js async function fetchProviderInjectionScript(providerId) { const response = await fetch(PROVIDER_API_ENDPOINT(providerId), { method: 'GET', headers: { 'Content-Type': 'application/json' } }); return await response.text(); }ZK Circuit Management - Post-install script for automatic ZK circuit downloads (cbc70cf)
The new download-circuits.js script automatically downloads ZK circuit files (
circuit_final.zkey,circuit.wasm,circuit.r1cs) for different encryption ciphers (chacha20, aes-256-ctr, aes-128-ctr) directly from the GitHub repository, with progress tracking and retry logic. This eliminates the need to bundle large circuit files in node_modules and ensures users always get the latest ZK circuits.
Changed
Security & Performance - Major refactoring addressing popup security, performance optimization, and managed tab verification (161399c)
Animation Performance - Replaced width-based transitions with transform/opacity for better rendering performance
Build System - Enhanced webpack configuration with improved error handling (ee6190e)
Core Infrastructure - Attestor Core
Repository: attestor-core
Added
Decentralized Claims - New
createClaimOnMechainmethod for decentralized claim creation supporting multiple attestors. Enables decentralized zkFetch functionality by creating claims across multiple attestors instead of relying on single verification point. (Pull Request #26)
// Method Signature Update:
// Before
async zkFetch(
url: string,
options?: Options,
secretOptions?: secretOptions,
)
// After: Added decentralized attestor support
async zkFetch(
url: string,
options?: Options,
secretOptions?: secretOptions,
isDecentralized?: boolean, // New parameter
)
// Implementation Changes:
// New branching logic for attestor selection
let claim: ClaimTunnelResponse | MechainResponse;
if (isDecentralized) {
// Decentralized path: Use Mechain attestor
claim = await createClaimOnMechain({
name: "http",
params: {
method: (options?.method as HttpMethod) || HttpMethod.GET,
url: url,
responseMatches: secretOptions?.responseMatches || [
{ type: "regex", value: "(?<data>.*)" }
],
headers: options?.headers,
geoLocation: options?.geoLocation,
responseRedactions: secretOptions?.responseRedactions || [],
body: options?.body || "",
paramValues: options?.paramValues,
},
context: options?.context,
secretParams: {
cookieStr: secretOptions?.cookieStr || "",
headers: secretOptions?.headers || {},
paramValues: secretOptions?.paramValues,
},
ownerPrivateKey: this.applicationSecret,
logger: logger,
client: { url: ATTESTOR_NODE_URL },
});
// Multiple responses from decentralized attestors
return claim.responses.map(transformProof);
} else {
// Centralized path: Use traditional attestor (default)
claim = await createClaimOnAttestor({
// Same params structure as above
});
if (claim.error) {
throw new Error(`Failed to create claim on attestor: ${claim.error.message}`);
}
return transformProof(claim);
}
Want to follow updates like this? Subscribe to our newsletter to get the latest developments delivered straight to your inbox.
Ready to start building your next big idea with zkTLS? Visit reclaimprotocol.org and dive into our developer docs.
Check out all our open-source code on GitHub.
Happy building! 🛠️