diff --git a/js/examples/nextjs/app/api/verify-integrity-bundle/route.ts b/js/examples/nextjs/app/api/verify-integrity-bundle/route.ts
new file mode 100644
index 0000000..97e8843
--- /dev/null
+++ b/js/examples/nextjs/app/api/verify-integrity-bundle/route.ts
@@ -0,0 +1,311 @@
+import { createHash, createPublicKey } from "crypto";
+import { NextResponse } from "next/server";
+import { createRemoteJWKSet, jwtVerify } from "jose";
+import { decode as cborDecode } from "cbor-x";
+import { p256 } from "@noble/curves/nist.js";
+
+export const runtime = "nodejs";
+
+interface IntegrityBundle {
+  version: number;
+  signature_format: string;
+  timestamp: number;
+  /** Hex-encoded CBOR assertion containing DER signature + authenticatorData */
+  signature: string;
+  /** Attestation Gateway JWT with cnf.jwk key binding */
+  jwt: string;
+}
+
+interface JWKPublicKey {
+  kty: string;
+  crv: string;
+  x: string;
+  y: string;
+  kid: string;
+}
+
+export async function POST(request: Request): Promise<Response> {
+  try {
+    const body = (await request.json()) as {
+      bundle?: IntegrityBundle;
+      proofs?: string[];
+      nonce?: string;
+      protocol_version?: string;
+      environment?: string;
+    };
+
+    if (
+      !body.bundle?.signature ||
+      !body.bundle?.jwt ||
+      !Array.isArray(body.proofs)
+    ) {
+      return NextResponse.json(
+        { error: "Missing required fields: bundle, proofs" },
+        { status: 400 },
+      );
+    }
+
+    const rpId = process.env.NEXT_PUBLIC_RP_ID?.trim();
+
+    const result = await verifyIntegrityBundle(
+      body.bundle,
+      body.proofs,
+      body.nonce,
+      body.protocol_version,
+      body.environment ?? "production",
+      rpId,
+    );
+
+    return NextResponse.json(result);
+  } catch (error) {
+    console.error("Integrity bundle verification error:", error);
+    return NextResponse.json(
+      {
+        error: error instanceof Error ? error.message : "Unknown server error",
+      },
+      { status: 500 },
+    );
+  }
+}
+
+async function verifyIntegrityBundle(
+  bundle: IntegrityBundle,
+  proofs: string[],
+  nonce: string | undefined,
+  protocol_version: string | undefined,
+  environment: string,
+  rp_id: string | undefined,
+) {
+  const base =
+    environment === "production"
+      ? "https://attestation.worldcoin.org"
+      : "https://attestation.worldcoin.dev";
+
+  // Decode JWT payload without signature verification for display purposes.
+  const rawJwtClaims = decodeJwtPayload(bundle.jwt);
+  const expectedIss =
+    environment === "production"
+      ? "attestation.worldcoin.org"
+      : "attestation.worldcoin.dev";
+
+  // Step 1: Fetch JWKS and verify JWT; extract cnf.jwk
+  const JWKS = createRemoteJWKSet(new URL(`${base}/.well-known/jwks.json`));
+
+  let cnfJWK: JWKPublicKey;
+  let jwtClaims: { issuer: string; audience: string[]; expiresAt: number };
+
+  try {
+    const { payload } = await jwtVerify(bundle.jwt, JWKS);
+
+    if (payload.iss !== expectedIss) {
+      throw new Error(
+        `Invalid JWT issuer: got "${payload.iss}", expected "${expectedIss}"`,
+      );
+    }
+
+    const audList = Array.isArray(payload.aud)
+      ? payload.aud
+      : [payload.aud ?? ""];
+    if (!rp_id) {
+      throw new Error("rp_id is required for audience validation");
+    }
+    if (!audList.includes(rp_id)) {
+      throw new Error(
+        `Invalid JWT audience: got [${audList.join(", ")}], expected "${rp_id}"`,
+      );
+    }
+
+    const cnf = payload.cnf as { jwk?: JWKPublicKey } | undefined;
+    if (!cnf?.jwk) {
+      throw new Error("JWT missing cnf key binding");
+    }
+
+    cnfJWK = cnf.jwk;
+    jwtClaims = {
+      issuer: payload.iss,
+      audience: audList,
+      expiresAt: payload.exp ?? 0,
+    };
+  } catch (error) {
+    return {
+      valid: false,
+      jwtValid: false,
+      jwtError:
+        error instanceof Error ? error.message : "JWT verification failed",
+      expectedIss,
+      rawJwtClaims,
+    };
+  }
+
+  // Step 2: Decode signature bytes — format depends on platform:
+  //   apple_app_attest: hex-encoded CBOR {signature, authenticatorData}
+  //   android_keystore: hex-encoded DER ECDSA signature (no authenticatorData)
+  let signature: Buffer;
+  let authenticatorData: Buffer | null = null;
+
+  try {
+    if (bundle.signature_format === "android_keystore") {
+      signature = Buffer.from(bundle.signature, "hex");
+    } else {
+      const assertionData = Buffer.from(bundle.signature, "hex");
+      const decoded = cborDecode(assertionData) as Record<string, Uint8Array>;
+
+      if (!decoded.signature || !decoded.authenticatorData) {
+        throw new Error("CBOR assertion missing required fields");
+      }
+
+      signature = Buffer.from(decoded.signature);
+      authenticatorData = Buffer.from(decoded.authenticatorData);
+    }
+  } catch (error) {
+    return {
+      valid: false,
+      jwtValid: true,
+      jwtClaims,
+      assertionValid: false,
+      assertionError:
+        error instanceof Error ? error.message : "Signature decode failed",
+    };
+  }
+
+  const step2 = {
+    signatureBytes: signature.length,
+    signatureHex: signature.toString("hex"),
+    ...(authenticatorData
+      ? {
+          authenticatorDataBytes: authenticatorData.length,
+          authenticatorDataHex: authenticatorData.toString("hex"),
+        }
+      : {}),
+  };
+
+  // Step 3:
+  const xBytes = base64URLToBuffer(cnfJWK.x);
+  const yBytes = base64URLToBuffer(cnfJWK.y);
+  const x963 = Buffer.concat([Buffer.from([0x04]), xBytes, yBytes]);
+
+  // Step 4: clientDataHash depends on protocol version:
+  //   v4 = SHA256("worldcoin/proof-integrity/v4" || nonce_32_bytes_BE)
+  //   v3 = proofV3Digest(proofs)
+  const clientDataHash =
+    protocol_version === "4.0" && nonce
+      ? proofV4Digest(nonce)
+      : proofV3Digest(proofs);
+
+  // Bind the bundle timestamp: SHA256(timestamp_8_bytes_BE || clientDataHash)
+  const tsBuf = Buffer.alloc(8);
+  tsBuf.writeBigInt64BE(BigInt(bundle.timestamp));
+  const integrityDigest = createHash("sha256")
+    .update(Buffer.concat([tsBuf, clientDataHash]))
+    .digest();
+
+  const step4 = {
+    clientDataHash: clientDataHash.toString("hex"),
+    integrityDigest: integrityDigest.toString("hex"),
+  };
+
+  // For apple_app_attest: sigNonce = SHA256(authenticatorData || integrityDigest).
+  //   CryptoKit isValidSignature SHA256s its input, so the signed hash = SHA256(sigNonce).
+  // For android_keystore: NONEwithECDSA signs integrityDigest raw, so messageToVerify IS the hash.
+  const messageToVerify = authenticatorData
+    ? createHash("sha256")
+        .update(Buffer.concat([authenticatorData, integrityDigest]))
+        .digest()
+    : integrityDigest;
+
+  const step5 = authenticatorData
+    ? { sigNonce: messageToVerify.toString("hex") }
+    : {};
+
+  // Step 5: Verify ECDSA-P256 signature.
+  // Android (NONEwithECDSA): device signed integrityDigest raw — pass it directly as the hash.
+  // iOS (CryptoKit isValidSignature): internally SHA256s the input — pass SHA256(sigNonce).
+  // Both platforms emit DER-encoded signatures.
+  try {
+    const signatureValid = p256.verify(signature, messageToVerify, x963, {
+      format: "der",
+      lowS: false,
+      prehash: bundle.signature_format !== "android_keystore",
+    });
+
+    return {
+      valid: signatureValid,
+      jwtValid: true,
+      jwtClaims,
+      expectedIss,
+      rawJwtClaims,
+      assertionValid: signatureValid,
+      ...(signatureValid
+        ? {}
+        : { assertionError: "Assertion signature invalid" }),
+      signatureFormat: bundle.signature_format,
+      timestamp: bundle.timestamp,
+      version: bundle.version,
+      step2,
+      step4,
+      step5,
+    };
+  } catch (error) {
+    return {
+      valid: false,
+      jwtValid: true,
+      jwtClaims,
+      assertionValid: false,
+      assertionError:
+        error instanceof Error ? error.message : "Signature verification error",
+    };
+  }
+}
+
+// Domain-separated SHA256 over the RP-supplied nonce field element (32-byte BE).
+// Matches compute_proof_v4_digest in the Rust IDKit SDK.
+function proofV4Digest(nonce: string): Buffer {
+  const hash = createHash("sha256");
+  hash.update("worldcoin/proof-integrity/v4");
+  const nonceHex = nonce.startsWith("0x") ? nonce.slice(2) : nonce;
+  const nonceBytes = Buffer.from(nonceHex.padStart(64, "0"), "hex");
+  hash.update(nonceBytes);
+  return hash.digest();
+}
+
+// Domain-separated SHA256 over count and length-prefixed proof strings.
+// Matches proofV3Digest in IntegrityBundleVerifier.swift and
+// compute_proof_v3_digest in the Rust IDKit SDK.
+function proofV3Digest(proofs: string[]): Buffer {
+  const hash = createHash("sha256");
+  hash.update("worldcoin/proof-integrity/v3");
+
+  const countBuf = Buffer.alloc(4);
+  countBuf.writeUInt32BE(proofs.length, 0);
+  hash.update(countBuf);
+
+  for (const proof of proofs) {
+    const proofBuf = Buffer.from(proof, "utf8");
+    const lenBuf = Buffer.alloc(4);
+    lenBuf.writeUInt32BE(proofBuf.length, 0);
+    hash.update(lenBuf);
+    hash.update(proofBuf);
+  }
+
+  return hash.digest();
+}
+
+function base64URLToBuffer(str: string): Buffer {
+  const base64 = str.replace(/-/g, "+").replace(/_/g, "/");
+  const padded = base64 + "=".repeat((4 - (base64.length % 4)) % 4);
+  return Buffer.from(padded, "base64");
+}
+
+function decodeJwtPayload(jwt: string): Record<string, unknown> | null {
+  try {
+    const part = jwt.split(".")[1];
+    if (!part) return null;
+    const json = Buffer.from(
+      part.replace(/-/g, "+").replace(/_/g, "/"),
+      "base64",
+    ).toString("utf8");
+    return JSON.parse(json) as Record<string, unknown>;
+  } catch {
+    return null;
+  }
+}
diff --git a/js/examples/nextjs/app/api/verify-proof/route.ts b/js/examples/nextjs/app/api/verify-proof/route.ts
index a80a607..c48e315 100644
--- a/js/examples/nextjs/app/api/verify-proof/route.ts
+++ b/js/examples/nextjs/app/api/verify-proof/route.ts
@@ -8,10 +8,13 @@ export async function POST(request: Request): Promise<Response> {
     const body = (await request.json()) as {
       rp_id?: string;
       devPortalPayload?: IDKitResult;
+      devPortalBaseUrl?: string;
     };
 
     const baseUrl =
-      process.env.DEV_PORTAL_BASE_URL?.trim() || "https://developer.world.org";
+      body.devPortalBaseUrl?.trim() ||
+      process.env.DEV_PORTAL_BASE_URL?.trim() ||
+      "https://developer.world.org";
 
     const response = await fetch(`${baseUrl}/api/v4/verify/${body.rp_id}`, {
       method: "POST",
diff --git a/js/examples/nextjs/app/ui.tsx b/js/examples/nextjs/app/ui.tsx
index 21dc940..7da0a07 100644
--- a/js/examples/nextjs/app/ui.tsx
+++ b/js/examples/nextjs/app/ui.tsx
@@ -13,6 +13,7 @@ import {
   setDebug,
   type ConstraintNode,
   type IDKitResult,
+  type IntegrityBundle,
   type RpContext,
   Preset,
 } from "@worldcoin/idkit";
@@ -22,8 +23,11 @@ setDebug(true);
 const APP_ID = process.env.NEXT_PUBLIC_APP_ID as `app_${string}` | undefined;
 const RP_ID = process.env.NEXT_PUBLIC_RP_ID;
 const STAGING_CONNECT_BASE_URL = "https://staging.world.org/verify";
+const STAGING_DEVPORTAL_BASE_URL = "https://staging-developer.worldcoin.org";
 const CONNECT_URL_OVERRIDE_TOOLTIP =
   "Enable this to change the deeplink base URL to the staging verify endpoint. Useful when testing with a Staging iOS World App build that supports this override.";
+const DEVPORTAL_URL_OVERRIDE_TOOLTIP =
+  "Enable this to send proof verification requests to the staging Developer Portal instead of production.";
 const GENESIS_ISSUED_AT_MIN_TOOLTIP =
   "Minimum genesis_issued_at timestamp that the used Credential must meet. " +
   "If present, the proof will include a constraint that the credential's genesis issued at timestamp " +
@@ -107,7 +111,10 @@ async function fetchRpContext(action: string): Promise<RpContext> {
   };
 }
 
-async function verifyProof(payload: IDKitResult): Promise<unknown> {
+async function verifyProof(
+  payload: IDKitResult,
+  devPortalBaseUrl?: string,
+): Promise<unknown> {
   if (!RP_ID) {
     throw new Error("Missing NEXT_PUBLIC_RP_ID");
   }
@@ -115,7 +122,11 @@ async function verifyProof(payload: IDKitResult): Promise<unknown> {
   const response = await fetch("/api/verify-proof", {
     method: "POST",
     headers: { "content-type": "application/json" },
-    body: JSON.stringify({ rp_id: RP_ID, devPortalPayload: payload }),
+    body: JSON.stringify({
+      rp_id: RP_ID,
+      devPortalPayload: payload,
+      devPortalBaseUrl,
+    }),
   });
 
   const json = await response.json();
@@ -132,6 +143,61 @@ async function verifyProof(payload: IDKitResult): Promise<unknown> {
   return json;
 }
 
+// Extract flat proof strings from an IDKit result for the integrity bundle digest.
+// V3 responses have proof: string; V4 responses have proof: string[].
+function extractProofs(result: IDKitResult): string[] {
+  return (result.responses as Array<{ proof: string | string[] }>).flatMap(
+    (r) => (Array.isArray(r.proof) ? r.proof : [r.proof]),
+  );
+}
+
+interface IntegrityBundleVerifyResult {
+  valid: boolean;
+  jwtValid: boolean;
+  jwtError?: string;
+  jwtClaims?: { issuer: string; audience: string[]; expiresAt: number };
+  expectedIss?: string;
+  rawJwtClaims?: Record<string, unknown> | null;
+  assertionValid?: boolean;
+  assertionError?: string;
+  signatureFormat?: string;
+  timestamp?: number;
+  version?: number;
+  step2?: {
+    signatureBytes: number;
+    signatureHex: string;
+    authenticatorDataBytes?: number;
+    authenticatorDataHex?: string;
+  };
+  step3?: { computedKid: string; jwtKid: string };
+  step4?: { clientDataHash: string; integrityDigest: string };
+  step5?: { messageToVerify: string; sigNonce?: string };
+}
+
+async function verifyIntegrityBundle(
+  result: IDKitResult,
+  environment: string,
+): Promise<IntegrityBundleVerifyResult> {
+  const response = await fetch("/api/verify-integrity-bundle", {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: JSON.stringify({
+      bundle: result.integrity_bundle,
+      proofs: extractProofs(result),
+      nonce: result.nonce,
+      protocol_version: result.protocol_version,
+      environment,
+    }),
+  });
+
+  const json = await response.json();
+  if (!response.ok) {
+    throw new Error(json.error ?? "Integrity bundle verification failed");
+  }
+
+  return json as IntegrityBundleVerifyResult;
+}
+
 export function DemoClient(): ReactElement {
   const [isLightTheme, setIsLightTheme] = useState(false);
   const [widgetOpen, setWidgetOpen] = useState(false);
@@ -142,6 +208,11 @@ export function DemoClient(): ReactElement {
   const [widgetVerifyResult, setWidgetVerifyResult] = useState<unknown>(null);
   const [widgetIdkitResult, setWidgetIdkitResult] =
     useState<IDKitResult | null>(null);
+  const [integrityBundleResult, setIntegrityBundleResult] =
+    useState<IntegrityBundleVerifyResult | null>(null);
+  const [integrityBundleError, setIntegrityBundleError] = useState<
+    string | null
+  >(null);
   const [widgetSignal, setWidgetSignal] = useState("demo-signal-initial");
   const [action, setAction] = useState("test-action");
   const [environment, setEnvironment] = useState<"production" | "staging">(
@@ -150,6 +221,9 @@ export function DemoClient(): ReactElement {
   const [useStagingConnectBaseUrl, setUseStagingConnectBaseUrl] =
     useState(false);
   const [isConnectUrlTooltipOpen, setIsConnectUrlTooltipOpen] = useState(false);
+  const [useStagingDevPortalUrl, setUseStagingDevPortalUrl] = useState(false);
+  const [isDevPortalUrlTooltipOpen, setIsDevPortalUrlTooltipOpen] =
+    useState(false);
   const [worldIdVersion, setWorldIdVersion] = useState<"3.0" | "4.0">("3.0");
   const [v4CredentialType, setV4CredentialType] =
     useState<V4CredentialType>("proof_of_human");
@@ -195,6 +269,10 @@ export function DemoClient(): ReactElement {
     environment === "staging" && useStagingConnectBaseUrl
       ? STAGING_CONNECT_BASE_URL
       : undefined;
+  const overrideDevPortalBaseUrl =
+    environment === "staging" && useStagingDevPortalUrl
+      ? STAGING_DEVPORTAL_BASE_URL
+      : undefined;
   const effectiveReturnTo = useReturnTo
     ? returnTo.trim() || undefined
     : undefined;
@@ -210,6 +288,8 @@ export function DemoClient(): ReactElement {
     if (environment !== "staging") {
       setUseStagingConnectBaseUrl(false);
       setIsConnectUrlTooltipOpen(false);
+      setUseStagingDevPortalUrl(false);
+      setIsDevPortalUrlTooltipOpen(false);
     }
   }, [environment]);
 
@@ -232,10 +312,28 @@ export function DemoClient(): ReactElement {
     );
   }, []);
 
+  // Auto-verify integrity bundle when idkit result arrives and bundle is present
+  useEffect(() => {
+    if (!widgetIdkitResult?.integrity_bundle) return;
+
+    setIntegrityBundleResult(null);
+    setIntegrityBundleError(null);
+
+    verifyIntegrityBundle(widgetIdkitResult, environment)
+      .then(setIntegrityBundleResult)
+      .catch((err) =>
+        setIntegrityBundleError(
+          err instanceof Error ? err.message : "Unknown error",
+        ),
+      );
+  }, [widgetIdkitResult, environment]);
+
   const startWidgetFlow = async () => {
     setWidgetError(null);
     setWidgetVerifyResult(null);
     setWidgetIdkitResult(null);
+    setIntegrityBundleResult(null);
+    setIntegrityBundleError(null);
 
     try {
       const rpContext = await fetchRpContext(action || "test-action");
@@ -361,6 +459,52 @@ export function DemoClient(): ReactElement {
           </div>
         )}
 
+        {environment === "staging" && (
+          <div className="config-row">
+            <label htmlFor="cfgOverrideDevPortalBaseUrl">
+              DevPortal URL override
+            </label>
+            <div
+              className="tooltip"
+              onMouseEnter={() => setIsDevPortalUrlTooltipOpen(true)}
+              onMouseLeave={() => setIsDevPortalUrlTooltipOpen(false)}
+            >
+              <button
+                type="button"
+                className="tooltip-trigger"
+                aria-label="Explain DevPortal URL override"
+                aria-describedby={
+                  isDevPortalUrlTooltipOpen
+                    ? "devportal-url-override-tooltip"
+                    : undefined
+                }
+                aria-expanded={isDevPortalUrlTooltipOpen}
+                onFocus={() => setIsDevPortalUrlTooltipOpen(true)}
+                onBlur={() => setIsDevPortalUrlTooltipOpen(false)}
+                onClick={() => setIsDevPortalUrlTooltipOpen(true)}
+              >
+                ?
+              </button>
+              {isDevPortalUrlTooltipOpen && (
+                <span
+                  id="devportal-url-override-tooltip"
+                  role="tooltip"
+                  className="tooltip-content"
+                >
+                  {DEVPORTAL_URL_OVERRIDE_TOOLTIP}
+                </span>
+              )}
+            </div>
+            <input
+              type="checkbox"
+              id="cfgOverrideDevPortalBaseUrl"
+              checked={useStagingDevPortalUrl}
+              onChange={(e) => setUseStagingDevPortalUrl(e.target.checked)}
+            />
+            <span className="config-note">{STAGING_DEVPORTAL_BASE_URL}</span>
+          </div>
+        )}
+
         <div className="config-row">
           <label htmlFor="cfgWorldID">World ID</label>
           <select
@@ -538,7 +682,10 @@ export function DemoClient(): ReactElement {
             onSuccess={(result) => {}}
             handleVerify={async (result) => {
               setWidgetIdkitResult(result);
-              const verified = await verifyProof(result);
+              const verified = await verifyProof(
+                result,
+                overrideDevPortalBaseUrl,
+              );
               setWidgetVerifyResult(verified);
             }}
             onError={(errorCode) => {
@@ -560,7 +707,10 @@ export function DemoClient(): ReactElement {
             onSuccess={(result) => {}}
             handleVerify={async (result) => {
               setWidgetIdkitResult(result);
-              const verified = await verifyProof(result);
+              const verified = await verifyProof(
+                result,
+                overrideDevPortalBaseUrl,
+              );
               setWidgetVerifyResult(verified);
             }}
             onError={(errorCode) => {
@@ -574,7 +724,7 @@ export function DemoClient(): ReactElement {
 
       {widgetIdkitResult && (
         <>
-          <h3>IDKit response</h3>
+          <h3>IDKit result</h3>
           <pre style={{ whiteSpace: "pre-wrap", wordBreak: "break-all" }}>
             {JSON.stringify(widgetIdkitResult, null, 2)}
           </pre>
@@ -587,6 +737,321 @@ export function DemoClient(): ReactElement {
           <pre>{JSON.stringify(widgetVerifyResult, null, 2)}</pre>
         </>
       )}
+
+      {widgetIdkitResult?.integrity_bundle && (
+        <>
+          <h3>Integrity Bundle</h3>
+          <IntegrityBundlePanel
+            bundle={widgetIdkitResult.integrity_bundle}
+            result={integrityBundleResult}
+            error={integrityBundleError}
+            environment={environment}
+            protocolVersion={widgetIdkitResult.protocol_version}
+            signatureFormat={
+              widgetIdkitResult.integrity_bundle.signature_format
+            }
+          />
+        </>
+      )}
     </>
   );
 }
+
+function IntegrityBundlePanel({
+  bundle,
+  result,
+  error,
+  environment,
+  protocolVersion,
+  signatureFormat,
+}: {
+  bundle: IntegrityBundle;
+  result: IntegrityBundleVerifyResult | null;
+  error: string | null;
+  environment: string;
+  protocolVersion?: string;
+  signatureFormat?: string;
+}): ReactElement {
+  if (error) {
+    return (
+      <section>
+        <p style={{ color: "var(--color-error, #ef4444)" }}>
+          Failed to verify: {error}
+        </p>
+      </section>
+    );
+  }
+
+  if (!result) {
+    return (
+      <section>
+        <p>Verifying…</p>
+      </section>
+    );
+  }
+
+  const attestationHost =
+    environment === "production"
+      ? "attestation.worldcoin.org"
+      : "attestation.worldcoin.dev";
+
+  return (
+    <section>
+      {/* Overall verdict */}
+      <div
+        style={{
+          fontWeight: "bold",
+          padding: "8px",
+          borderRadius: "4px",
+          marginBottom: "12px",
+          backgroundColor: result.valid ? "#22c55e" : "#ef4444",
+          color: "white",
+        }}
+      >
+        {result.valid ? "Integrity Bundle Valid" : "Integrity Bundle Invalid"}
+      </div>
+
+      {/* Bundle metadata */}
+      <table
+        style={{ borderCollapse: "collapse", width: "100%", margin: "8px 0" }}
+      >
+        <tbody>
+          <MetaRow label="Version" value={String(bundle.version)} />
+          <MetaRow label="Signature format" value={bundle.signature_format} />
+          <MetaRow
+            label="Timestamp"
+            value={`${bundle.timestamp} (${new Date(bundle.timestamp * 1000).toISOString()})`}
+          />
+        </tbody>
+      </table>
+
+      {/* Step 1: JWT */}
+      <ResultCard valid={result.jwtValid}>
+        <strong>
+          Step 1 — JWT Verification: {result.jwtValid ? "✓ Valid" : "✗ Invalid"}
+        </strong>
+        {result.jwtError && (
+          <div>
+            <em>Error:</em> {result.jwtError}
+          </div>
+        )}
+        {(() => {
+          const claims =
+            result.jwtClaims ??
+            (result.rawJwtClaims
+              ? {
+                  issuer: result.rawJwtClaims.iss as string | undefined,
+                  audience: Array.isArray(result.rawJwtClaims.aud)
+                    ? (result.rawJwtClaims.aud as string[])
+                    : result.rawJwtClaims.aud
+                      ? [result.rawJwtClaims.aud as string]
+                      : [],
+                  expiresAt: result.rawJwtClaims.exp as number | undefined,
+                }
+              : null);
+          if (!claims) return null;
+          return (
+            <>
+              <div>
+                <em>Issuer:</em> {claims.issuer ?? "—"}
+                {!result.jwtValid && result.expectedIss && (
+                  <span style={{ opacity: 0.8 }}>
+                    {" "}
+                    (expected: {result.expectedIss})
+                  </span>
+                )}
+              </div>
+              <div>
+                <em>Audience:</em> {claims.audience?.join(", ") || "—"}
+              </div>
+              {claims.expiresAt != null && (
+                <div>
+                  <em>Expires:</em> {claims.expiresAt} (
+                  {new Date(claims.expiresAt * 1000).toISOString()})
+                </div>
+              )}
+              {result.rawJwtClaims?.platform && (
+                <div>
+                  <em>Platform:</em> {String(result.rawJwtClaims.platform)}
+                </div>
+              )}
+              {result.rawJwtClaims?.app_version && (
+                <div>
+                  <em>App version:</em>{" "}
+                  {String(result.rawJwtClaims.app_version)}
+                </div>
+              )}
+            </>
+          );
+        })()}
+        <div>
+          <em>JWKS source:</em> {attestationHost}/.well-known/jwks.json
+        </div>
+      </ResultCard>
+
+      {/* Steps 2–5: decode + kid + signature */}
+      {result.jwtValid && (
+        <ResultCard valid={result.assertionValid ?? false}>
+          <strong>
+            Steps 2–5 — Signature decode + kid + verify:{" "}
+            {result.assertionValid ? "✓ Valid" : "✗ Invalid"}
+          </strong>
+          <ul style={{ margin: "6px 0 0 16px", padding: 0, listStyle: "none" }}>
+            <StepItem ok={result.assertionValid}>
+              {signatureFormat === "android_keystore"
+                ? "Step 2: hex-decode bundle.signature → raw DER ECDSA bytes"
+                : "Step 2: hex-decode bundle.signature → CBOR-decode → DER ECDSA sig + authenticatorData"}
+              {result.step2 && (
+                <StepOutput>
+                  <Out
+                    label="sig"
+                    value={`${result.step2.signatureBytes}B: ${result.step2.signatureHex}`}
+                  />
+                  {result.step2.authenticatorDataHex && (
+                    <Out
+                      label="authData"
+                      value={`${result.step2.authenticatorDataBytes}B: ${result.step2.authenticatorDataHex}`}
+                    />
+                  )}
+                </StepOutput>
+              )}
+            </StepItem>
+            <StepItem ok={result.assertionValid}>
+              {protocolVersion === "4.0"
+                ? 'Step 4a: clientDataHash = SHA256("worldcoin/proof-integrity/v4" ‖ nonce[32 BE])'
+                : 'Step 4a: clientDataHash = SHA256("worldcoin/proof-integrity/v3" ‖ count ‖ len-prefixed proofs)'}
+              {result.step4 && (
+                <StepOutput>
+                  <Out
+                    label="clientDataHash"
+                    value={result.step4.clientDataHash}
+                  />
+                </StepOutput>
+              )}
+            </StepItem>
+            <StepItem ok={result.assertionValid}>
+              Step 4b: integrityDigest = SHA256(timestamp[8 BE] ‖
+              clientDataHash)
+              {result.step4 && (
+                <StepOutput>
+                  <Out
+                    label="integrityDigest"
+                    value={result.step4.integrityDigest}
+                  />
+                </StepOutput>
+              )}
+            </StepItem>
+            {signatureFormat === "android_keystore" ? (
+              <StepItem ok={result.assertionValid}>
+                Step 5: verify ECDSA-P256 sig over SHA256(integrityDigest)
+              </StepItem>
+            ) : (
+              <>
+                <StepItem ok={result.assertionValid}>
+                  Step 5a: sigNonce = SHA256(authenticatorData ‖
+                  integrityDigest)
+                  {result.step5?.sigNonce && (
+                    <StepOutput>
+                      <Out label="sigNonce" value={result.step5.sigNonce} />
+                    </StepOutput>
+                  )}
+                </StepItem>
+                <StepItem ok={result.assertionValid}>
+                  Step 5b: verify ECDSA-P256 sig over SHA256(sigNonce)
+                </StepItem>
+              </>
+            )}
+          </ul>
+          {result.assertionError && (
+            <div>
+              <em>Error:</em> {result.assertionError}
+            </div>
+          )}
+        </ResultCard>
+      )}
+
+      {/* Raw JSON */}
+      <details style={{ marginTop: "8px" }}>
+        <summary>Raw JSON</summary>
+        <pre>{JSON.stringify(result, null, 2)}</pre>
+      </details>
+    </section>
+  );
+}
+
+function ResultCard({
+  valid,
+  children,
+}: {
+  valid: boolean;
+  children: React.ReactNode;
+}): ReactElement {
+  return (
+    <div
+      style={{
+        padding: "12px",
+        borderRadius: "6px",
+        margin: "8px 0",
+        backgroundColor: valid ? "#22c55e" : "#ef4444",
+        color: "white",
+      }}
+    >
+      {children}
+    </div>
+  );
+}
+
+function MetaRow({
+  label,
+  value,
+}: {
+  label: string;
+  value: string;
+}): ReactElement {
+  return (
+    <tr>
+      <td style={{ padding: "4px 8px", opacity: 0.7, whiteSpace: "nowrap" }}>
+        {label}
+      </td>
+      <td style={{ padding: "4px 8px", fontFamily: "monospace" }}>{value}</td>
+    </tr>
+  );
+}
+
+function StepItem({
+  ok,
+  children,
+}: {
+  ok?: boolean;
+  children: React.ReactNode;
+}): ReactElement {
+  return (
+    <li style={{ margin: "4px 0" }}>
+      <span style={{ marginRight: 6 }}>
+        {ok ? "✓" : ok === false ? "✗" : "?"}
+      </span>
+      {children}
+    </li>
+  );
+}
+
+function StepOutput({ children }: { children: React.ReactNode }): ReactElement {
+  return (
+    <div
+      style={{ marginLeft: 18, marginTop: 2, fontSize: "0.85em", opacity: 0.9 }}
+    >
+      {children}
+    </div>
+  );
+}
+
+function Out({ label, value }: { label: string; value: string }): ReactElement {
+  return (
+    <div>
+      <span style={{ opacity: 0.75 }}>{label}: </span>
+      <span style={{ fontFamily: "monospace", wordBreak: "break-all" }}>
+        {value}
+      </span>
+    </div>
+  );
+}
diff --git a/js/examples/nextjs/package.json b/js/examples/nextjs/package.json
index 9507e67..a929a2b 100644
--- a/js/examples/nextjs/package.json
+++ b/js/examples/nextjs/package.json
@@ -8,13 +8,16 @@
     "start": "next start -p 4001"
   },
   "dependencies": {
+    "@noble/curves": "^2.2.0",
     "@worldcoin/idkit": "workspace:*",
     "@worldcoin/idkit-server": "workspace:*",
-    "takis-minikit-js": "2.0.0-dev.1",
+    "cbor-x": "^1.5.9",
     "eruda": "^3.4.1",
+    "jose": "^5.9.6",
     "next": "^15.4.0",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
+    "takis-minikit-js": "2.0.0-dev.1",
     "viem": "^2.47.2"
   },
   "devDependencies": {
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index f2248c5..7f6be93 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -42,15 +42,24 @@ importers:
 
   js/examples/nextjs:
     dependencies:
+      '@noble/curves':
+        specifier: ^2.2.0
+        version: 2.2.0
       '@worldcoin/idkit':
         specifier: workspace:*
         version: link:../../packages/react
       '@worldcoin/idkit-server':
         specifier: workspace:*
         version: link:../../packages/server
+      cbor-x:
+        specifier: ^1.5.9
+        version: 1.6.4
       eruda:
         specifier: ^3.4.1
         version: 3.4.3
+      jose:
+        specifier: ^5.9.6
+        version: 5.10.0
       next:
         specifier: ^15.4.0
         version: 15.5.12(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
@@ -210,6 +219,36 @@ packages:
     resolution: {integrity: sha512-6zABk/ECA/QYSCQ1NGiVwwbQerUCZ+TQbp64Q3AgmfNvurHH0j8TtXa1qbShXA6qqkpAj4V5W8pP6mLe1mcMqA==}
     engines: {node: '>=18'}
 
+  '@cbor-extract/cbor-extract-darwin-arm64@2.2.2':
+    resolution: {integrity: sha512-ZKZ/F8US7JR92J4DMct6cLW/Y66o2K576+zjlEN/MevH70bFIsB10wkZEQPLzl2oNh2SMGy55xpJ9JoBRl5DOA==}
+    cpu: [arm64]
+    os: [darwin]
+
+  '@cbor-extract/cbor-extract-darwin-x64@2.2.2':
+    resolution: {integrity: sha512-32b1mgc+P61Js+KW9VZv/c+xRw5EfmOcPx990JbCBSkYJFY0l25VinvyyWfl+3KjibQmAcYwmyzKF9J4DyKP/Q==}
+    cpu: [x64]
+    os: [darwin]
+
+  '@cbor-extract/cbor-extract-linux-arm64@2.2.2':
+    resolution: {integrity: sha512-wfqgzqCAy/Vn8i6WVIh7qZd0DdBFaWBjPdB6ma+Wihcjv0gHqD/mw3ouVv7kbbUNrab6dKEx/w3xQZEdeXIlzg==}
+    cpu: [arm64]
+    os: [linux]
+
+  '@cbor-extract/cbor-extract-linux-arm@2.2.2':
+    resolution: {integrity: sha512-tNg0za41TpQfkhWjptD+0gSD2fggMiDCSacuIeELyb2xZhr7PrhPe5h66Jc67B/5dmpIhI2QOUtv4SBsricyYQ==}
+    cpu: [arm]
+    os: [linux]
+
+  '@cbor-extract/cbor-extract-linux-x64@2.2.2':
+    resolution: {integrity: sha512-rpiLnVEsqtPJ+mXTdx1rfz4RtUGYIUg2rUAZgd1KjiC1SehYUSkJN7Yh+aVfSjvCGtVP0/bfkQkXpPXKbmSUaA==}
+    cpu: [x64]
+    os: [linux]
+
+  '@cbor-extract/cbor-extract-win32-x64@2.2.2':
+    resolution: {integrity: sha512-dI+9P7cfWxkTQ+oE+7Aa6onEn92PHgfWXZivjNheCRmTBDBf2fx6RyTi0cmgpYLnD1KLZK9ZYrMxaPZ4oiXhGA==}
+    cpu: [x64]
+    os: [win32]
+
   '@emnapi/runtime@1.8.1':
     resolution: {integrity: sha512-mehfKSMWjjNol8659Z8KxEMrdSJDDot5SXMq00dM8BN4o+CLNXQ0xH2V7EchNHV4RmbZLmmPdEaXZc5H2FXmDg==}
 
@@ -578,10 +617,18 @@ packages:
     resolution: {integrity: sha512-k11yZxZg+t+gWvBbIswW0yoJlu8cHOC7dhunwOzoWH/mXGBiYyR4YY6hAEK/3EUs4UpB8la1RfdRpeGsFHkWsA==}
     engines: {node: ^14.21.3 || >=16}
 
+  '@noble/curves@2.2.0':
+    resolution: {integrity: sha512-T/BoHgFXirb0ENSPBquzX0rcjXeM6Lo892a2jlYJkqk83LqZx0l1Of7DzlKJ6jkpvMrkHSnAcgb5JegL8SeIkQ==}
+    engines: {node: '>= 20.19.0'}
+
   '@noble/hashes@1.8.0':
     resolution: {integrity: sha512-jCs9ldd7NwzpgXDIf6P3+NrHh9/sD6CQdxHyjQI+h/6rDNo88ypBxxz45UDuZHz9r3tNz7N/VInSVoVdtXEI4A==}
     engines: {node: ^14.21.3 || >=16}
 
+  '@noble/hashes@2.2.0':
+    resolution: {integrity: sha512-IYqDGiTXab6FniAgnSdZwgWbomxpy9FtYvLKs7wCUs2a8RkITG+DFGO1DM9cr+E3/RgADRpFjrKVaJ1z6sjtEg==}
+    engines: {node: '>= 20.19.0'}
+
   '@noble/secp256k1@2.3.0':
     resolution: {integrity: sha512-0TQed2gcBbIrh7Ccyw+y/uZQvbJwm7Ao4scBUxqpBCcsOlZG0O4KGfjtNAy/li4W8n1xt3dxrwJ0beZ2h2G6Kw==}
 
@@ -927,6 +974,13 @@ packages:
   caniuse-lite@1.0.30001769:
     resolution: {integrity: sha512-BCfFL1sHijQlBGWBMuJyhZUhzo7wer5sVj9hqekB/7xn0Ypy+pER/edCYQm4exbXj4WiySGp40P8UuTh6w1srg==}
 
+  cbor-extract@2.2.2:
+    resolution: {integrity: sha512-hlSxxI9XO2yQfe9g6msd3g4xCfDqK5T5P0fRMLuaLHhxn4ViPrm+a+MUfhrvH2W962RGxcBwEGzLQyjbDG1gng==}
+    hasBin: true
+
+  cbor-x@1.6.4:
+    resolution: {integrity: sha512-UGKHjp6RHC6QuZ2yy5LCKm7MojM4716DwoSaqwQpaH4DvZvbBTGcoDNTiG9Y2lByXZYFEs9WRkS5tLl96IrF1Q==}
+
   chai@6.2.2:
     resolution: {integrity: sha512-NUPRluOfOiTKBKvWPtSD4PhFvWCqOi0BGStNWs57X9js7XGTprSmFoz5F0tWhR4WPjNeR9jXqdC7/UpSJTnlRg==}
     engines: {node: '>=18'}
@@ -1211,6 +1265,9 @@ packages:
     resolution: {integrity: sha512-HGYWWS/ehqTV3xN10i23tkPkpH46MLCIMFNCaaKNavAXTF1RkqxawEPtnjnGZ6XKSInBKkiOA5BKS+aZiY3AvA==}
     engines: {node: '>=8'}
 
+  jose@5.10.0:
+    resolution: {integrity: sha512-s+3Al/p9g32Iq+oqXxkW//7jk2Vig6FF1CFqzVXoTUXt2qz89YWbL+OwS17NFYEvxC35n0FKeGO2LGYSxeM2Gg==}
+
   joycon@3.1.1:
     resolution: {integrity: sha512-34wB/Y7MW7bzjKRjUKTa46I2Z7eV62Rkhva+KkopW7Qvv/OSWBqvkSY7vusOPrNuZcUG3tApvdVgNB8POj3SPw==}
     engines: {node: '>=10'}
@@ -1317,6 +1374,10 @@ packages:
       sass:
         optional: true
 
+  node-gyp-build-optional-packages@5.1.1:
+    resolution: {integrity: sha512-+P72GAjVAbTxjjwUmwjVrqrdZROD4nf8KgpBoDxqXXTiYZZt/ud60dE5yvCSr9lRO8e8yv6kgJIC0K0PfZFVQw==}
+    hasBin: true
+
   object-assign@4.1.1:
     resolution: {integrity: sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==}
     engines: {node: '>=0.10.0'}
@@ -1868,6 +1929,24 @@ snapshots:
 
   '@bcoe/v8-coverage@1.0.2': {}
 
+  '@cbor-extract/cbor-extract-darwin-arm64@2.2.2':
+    optional: true
+
+  '@cbor-extract/cbor-extract-darwin-x64@2.2.2':
+    optional: true
+
+  '@cbor-extract/cbor-extract-linux-arm64@2.2.2':
+    optional: true
+
+  '@cbor-extract/cbor-extract-linux-arm@2.2.2':
+    optional: true
+
+  '@cbor-extract/cbor-extract-linux-x64@2.2.2':
+    optional: true
+
+  '@cbor-extract/cbor-extract-win32-x64@2.2.2':
+    optional: true
+
   '@emnapi/runtime@1.8.1':
     dependencies:
       tslib: 2.8.1
@@ -2094,8 +2173,14 @@ snapshots:
     dependencies:
       '@noble/hashes': 1.8.0
 
+  '@noble/curves@2.2.0':
+    dependencies:
+      '@noble/hashes': 2.2.0
+
   '@noble/hashes@1.8.0': {}
 
+  '@noble/hashes@2.2.0': {}
+
   '@noble/secp256k1@2.3.0': {}
 
   '@rollup/rollup-android-arm-eabi@4.57.0':
@@ -2416,6 +2501,22 @@ snapshots:
 
   caniuse-lite@1.0.30001769: {}
 
+  cbor-extract@2.2.2:
+    dependencies:
+      node-gyp-build-optional-packages: 5.1.1
+    optionalDependencies:
+      '@cbor-extract/cbor-extract-darwin-arm64': 2.2.2
+      '@cbor-extract/cbor-extract-darwin-x64': 2.2.2
+      '@cbor-extract/cbor-extract-linux-arm': 2.2.2
+      '@cbor-extract/cbor-extract-linux-arm64': 2.2.2
+      '@cbor-extract/cbor-extract-linux-x64': 2.2.2
+      '@cbor-extract/cbor-extract-win32-x64': 2.2.2
+    optional: true
+
+  cbor-x@1.6.4:
+    optionalDependencies:
+      cbor-extract: 2.2.2
+
   chai@6.2.2: {}
 
   chalk@4.1.2:
@@ -2711,6 +2812,8 @@ snapshots:
       html-escaper: 2.0.2
       istanbul-lib-report: 3.0.1
 
+  jose@5.10.0: {}
+
   joycon@3.1.1: {}
 
   js-tokens@4.0.0: {}
@@ -2803,6 +2906,11 @@ snapshots:
       - '@babel/core'
       - babel-plugin-macros
 
+  node-gyp-build-optional-packages@5.1.1:
+    dependencies:
+      detect-libc: 2.1.2
+    optional: true
+
   object-assign@4.1.1: {}
 
   object-inspect@1.13.4: {}