@cardanowall/sdk-ts 0.0.0

package/dist/types-BQMtbRCb.d.cts

@@ -0,0 +1,321 @@
+type FetchImpl = (input: string | URL, init?: RequestInit) => Promise<Response>;
+interface Cip309ClientConfig {
+    /**
+     * Bearer credential, forwarded verbatim as `Authorization: Bearer <apiKey>`.
+     *
+     * Treated as an OPAQUE token: the SDK never parses, validates, or infers
+     * anything from it, since each CIP-309 gateway issues keys in its own format.
+     * Omit for anonymous read-only usage.
+     */
+    readonly apiKey?: string;
+    /**
+     * Base URL of the CIP-309 gateway, e.g. `https://gateway.example.com`.
+     * REQUIRED — the client is gateway-agnostic and has no default deployment.
+     * Used VERBATIM (a single trailing slash is stripped). A missing or empty
+     * value throws `InvalidClientConfigError` from the constructor.
+     */
+    readonly baseUrl: string;
+    /** Optional custom fetch (defaults to `globalThis.fetch`). */
+    readonly fetch?: FetchImpl;
+}
+type StorageTarget = 'arweave';
+interface UploadsInput {
+    readonly target: StorageTarget;
+    /** 1..32 file blobs. Position `i` lands on the response as `uploads[i]`. */
+    readonly data: ReadonlyArray<Uint8Array>;
+    readonly idempotencyKey?: string;
+}
+interface UploadSuccessEntry {
+    readonly idx: number;
+    readonly ok: true;
+    readonly uri: string;
+    readonly sha256: string;
+    readonly bytes: number;
+}
+interface UploadFailureEntry {
+    readonly idx: number;
+    readonly ok: false;
+    readonly error: {
+        readonly code: string;
+        readonly detail: string;
+    };
+}
+type UploadEntry = UploadSuccessEntry | UploadFailureEntry;
+interface UploadsResponse {
+    readonly uploads: ReadonlyArray<UploadEntry>;
+}
+interface QuoteInput {
+    /** Canonical-CBOR record length in bytes (header + items). */
+    readonly recordBytes: number;
+    /** Number of sealed-PoE recipients (each adds an envelope slot). */
+    readonly recipientCount: number;
+    /** Sum of all file bytes uploaded for this record (0 for hash-only). */
+    readonly fileBytesTotal: number;
+}
+/**
+ * An opaque price lock returned by `POST /api/v1/poe/quote`. It is a sealed
+ * price token, not a pricing breakdown: pass `quote_id` to `/publish` and
+ * surface `amount` / `currency` / `expires_at` to the user. The gateway's
+ * pricing internals (FX, margins, per-component costs) are not exposed.
+ */
+interface QuoteResponse {
+    /** Opaque id of the persisted price lock; pass to /publish. */
+    readonly quote_id: string;
+    /** Total locked price, as a decimal string (promote to bigint/decimal as needed). */
+    readonly amount: string;
+    /** Currency the `amount` is denominated in (e.g. ISO 4217 `USD`). */
+    readonly currency: string;
+    /** ISO8601 expiry timestamp after which the gateway rejects the quote. */
+    readonly expires_at: string;
+}
+interface RecordSignature {
+    readonly cose_sign1: string;
+    readonly cose_key?: string;
+}
+interface PublishInput {
+    readonly record: Uint8Array | string;
+    /** UUID returned by POST /api/v1/poe/quote. */
+    readonly quoteId: string;
+    readonly signatures?: ReadonlyArray<RecordSignature>;
+    readonly idempotencyKey?: string;
+}
+type PoeStatus = 'submitting' | 'submitted' | 'confirmed' | 'permanent_failure';
+type ConformanceProfile = 'core' | 'signed' | 'sealed' | 'recipient-sealed';
+interface PoeItemResponse {
+    readonly item_idx: number;
+    readonly hashes: Record<string, string>;
+    readonly uris?: ReadonlyArray<string>;
+    readonly enc?: Record<string, unknown>;
+}
+interface PublishResponse {
+    /** Wire-format prefixed id (`poe_<26-char-crockford-base32>`) of the
+     *  freshly-inserted `poe_record` row. Stable across the submit→confirm
+     *  lifecycle; use it to subscribe to live status frames via
+     *  `GET /api/v1/poe/events/<id>`. */
+    readonly id: string;
+    readonly tx_hash: string | null;
+    readonly status: PoeStatus;
+    readonly items_count: number;
+    readonly signed: boolean;
+    readonly sealed: boolean;
+    readonly items: ReadonlyArray<PoeItemResponse>;
+    readonly conformance_profile: ConformanceProfile;
+    /** Account balance after the debit, USD micro-cents (decimal string). */
+    readonly balance_after_usd_micros: string;
+    /**
+     * `true` when the server returned 200 (dedup hit on the prior submission
+     * of an identical record by this account) rather than 202 (freshly
+     * enqueued).
+     */
+    readonly dedup_hit: boolean;
+}
+interface PublishBatchEntry {
+    readonly record: Uint8Array | string;
+    /** UUID returned by POST /api/v1/poe/quote, scoped to this record. */
+    readonly quoteId: string;
+    readonly signatures?: ReadonlyArray<RecordSignature>;
+}
+interface PublishBatchInput {
+    readonly records: ReadonlyArray<PublishBatchEntry>;
+    readonly idempotencyKey?: string;
+}
+interface PublishBatchSuccessEntry {
+    readonly record_idx: number;
+    readonly id: string;
+    readonly tx_hash: string | null;
+    readonly status: PoeStatus;
+    readonly items_count: number;
+    readonly signed: boolean;
+    readonly sealed: boolean;
+    readonly items: ReadonlyArray<PoeItemResponse>;
+    readonly conformance_profile: ConformanceProfile;
+}
+interface PublishBatchFailureError {
+    readonly code: string;
+    readonly detail: string;
+    readonly errors?: ReadonlyArray<{
+        readonly field: string;
+        readonly code: string;
+        readonly detail: string;
+    }>;
+    readonly extensions?: Record<string, unknown>;
+}
+interface PublishBatchFailureEntry {
+    readonly record_idx: number;
+    readonly error: PublishBatchFailureError;
+}
+type PublishBatchResultEntry = PublishBatchSuccessEntry | PublishBatchFailureEntry;
+interface PublishBatchResponse {
+    readonly results: ReadonlyArray<PublishBatchResultEntry>;
+    /** Aggregate balance after every successful debit in the batch. */
+    readonly balance_after_usd_micros: string;
+}
+type RecordStatus = 'submitting' | 'confirming' | 'confirmed' | 'failed';
+type RecordScheme = 0 | 1 | 2;
+interface RecordResource {
+    readonly tx_hash: string;
+    readonly status: RecordStatus | null;
+    readonly block_height: number | null;
+    readonly block_time: string | null;
+    readonly num_confirmations: number;
+    readonly scheme: RecordScheme;
+    readonly item_count: number;
+    readonly signer_ed25519: string | null;
+    readonly metadata_cbor_base64: string;
+    /** Owner-only — present iff the caller authenticated as the row's owner. */
+    readonly account_id?: string;
+}
+interface RecordsListInput {
+    /** Opaque pagination cursor — pass back the `next_cursor` from a prior page. */
+    readonly cursor?: string | null;
+    /** Page size (the gateway may clamp). */
+    readonly limit?: number;
+    /**
+     * When `true`, restrict the page to sealed records addressed to the
+     * authenticated caller. When omitted, list every record the caller may read.
+     */
+    readonly sealed?: boolean;
+}
+interface RecordsListResponse {
+    readonly object: 'list';
+    readonly data: ReadonlyArray<RecordResource>;
+    readonly has_more: boolean;
+    readonly next_cursor: string | null;
+    readonly url: string;
+    /**
+     * The chain tip block height observed when this page was served, used to
+     * compute confirmation depth during a sealed-record sync.
+     *
+     * Optional: a gateway that reports it (JSON key `tip_block_height`) populates
+     * confirmation data directly; otherwise the SDK derives it from the page rows
+     * as `max(block_height + num_confirmations - 1)`, falling back to `null` for
+     * an empty page or rows without a block height.
+     */
+    readonly tip_block_height?: number | null;
+}
+/**
+ * The caller's current prepaid USD balance.
+ *
+ * `balanceUsdMicros` is the gateway's `balance_usd_micros` wire field — the
+ * balance in USD micro-cents, carried as a decimal STRING (never a JS number)
+ * so the bigint value survives JSON without precision loss. An account with no
+ * ledger activity yet reads `"0"`.
+ */
+interface AccountBalance {
+    readonly balanceUsdMicros: string;
+}
+interface PoeVerifyInput {
+    readonly verify_uris?: boolean;
+    readonly decryption?: ReadonlyArray<{
+        readonly item_idx: number;
+        readonly recipient_secret_key?: string;
+        readonly passphrase?: string;
+    }>;
+}
+/**
+ * Pluggable Ed25519 signer for the high-level publish helpers. The SDK does
+ * NOT hold identity keys (see the privacy contract in `off-host-sign.ts`); the
+ * caller owns the key material and decides how to expose signing — in-memory
+ * `@noble/ed25519`,
+ * AWS KMS, GCP HSM, YubiHSM, an air-gapped offline signer, or a CIP-30
+ * wallet wrapper.
+ *
+ * `signerPubkey` MUST be the 32-byte raw Ed25519 public key.
+ *
+ * `sign(sigStructureBytes)` receives the canonical-CBOR
+ * `[ "Signature1", protected_bytes, h'' /* empty external_aad *\/, to_sign ]`
+ * bytes and MUST return a 64-byte raw Ed25519 signature (NOT a DER-encoded
+ * one). This is byte-identical to the input accepted by AWS KMS `Sign` for
+ * Ed25519 keys.
+ */
+interface Signer {
+    readonly signerPubkey: Uint8Array;
+    sign(sigStructureBytes: Uint8Array): Promise<Uint8Array>;
+}
+type SupportedHashAlg = 'sha2-256' | 'blake2b-256';
+interface PublishContentInput {
+    /** Content bytes to anchor. Strings are UTF-8 encoded before hashing. */
+    readonly content: Uint8Array | string;
+    /** UUID returned by POST /api/v1/poe/quote. */
+    readonly quoteId: string;
+    /** Hash algorithm registered in the CIP-309 hash registry. */
+    readonly hashAlg?: SupportedHashAlg;
+    /** Optional signer — when omitted the record publishes unsigned (profile=core). */
+    readonly signer?: Signer;
+    readonly idempotencyKey?: string;
+}
+/**
+ * Hash-already-computed variant. Use when the caller already holds the
+ * content digest (`sha2-256` and/or `blake2b-256`) — e.g. the CLI's `--hash`
+ * mode, an air-gapped offline hashing flow, or a system that proxies digests
+ * from another tool. The SDK does not re-hash; it constructs a single-item
+ * record with the supplied digests in `items[0].hashes` and (optionally)
+ * signs.
+ */
+interface PublishPrehashedInput {
+    readonly hashes: Partial<Record<SupportedHashAlg, string>>;
+    /** UUID returned by POST /api/v1/poe/quote. */
+    readonly quoteId: string;
+    readonly signer?: Signer;
+    readonly idempotencyKey?: string;
+}
+/**
+ * Sealed-PoE helper input. Encrypts `content` to the supplied X25519
+ * recipient public keys (age-style sealed envelope), uploads the ciphertext
+ * to Arweave via /uploads, builds a CIP-309 record with the resulting
+ * `ar://` URI in `items[0].uris`, optionally signs it, and submits to
+ * /publish.
+ *
+ * Each recipient public key is a 32-byte raw X25519 public key. At least
+ * one recipient is required; the sender SHOULD include themselves as a
+ * recipient to retain decrypt access.
+ */
+interface PublishSealedInput {
+    readonly content: Uint8Array | string;
+    /**
+     * Recipient public keys. The length each key MUST be matches the chosen
+     * `kem`: 32 bytes for `x25519`, 1216 bytes for `mlkem768x25519` (X-Wing).
+     */
+    readonly recipients: ReadonlyArray<Uint8Array>;
+    /** UUID returned by POST /api/v1/poe/quote. */
+    readonly quoteId: string;
+    /** Hash algorithm for the plaintext-bind hash in `items[0].hashes`. */
+    readonly hashAlg?: SupportedHashAlg;
+    /**
+     * KEM the sealed envelope is built under. Defaults to `mlkem768x25519`
+     * (X-Wing hybrid, ML-KEM-768 + X25519) — the post-quantum-safe choice. Pass
+     * `x25519` only for the classical, higher-capacity path. Every recipient MUST
+     * be addressed under this single KEM; mixing is not permitted.
+     */
+    readonly kem?: 'x25519' | 'mlkem768x25519';
+    readonly signer?: Signer;
+    readonly idempotencyKey?: string;
+}
+interface PublishMerkleInput {
+    /**
+     * Leaf hashes — either raw 32-byte Uint8Array digests or hex-encoded
+     * strings (64 chars, case-insensitive). Tree size is `leaves.length`.
+     */
+    readonly leaves: ReadonlyArray<Uint8Array | string>;
+    /** UUID returned by POST /api/v1/poe/quote. */
+    readonly quoteId: string;
+    /**
+     * Leaf-hash algorithm. Only `'sha2-256'` is supported in v1 because the
+     * single registered tree algorithm is `rfc9162-sha256` (SHA-256 underlying).
+     */
+    readonly hashAlg?: 'sha2-256';
+    readonly signer?: Signer;
+    readonly idempotencyKey?: string;
+}
+interface PublishMerkleResponse {
+    readonly id: string;
+    readonly tx_hash: string | null;
+    readonly status: PoeStatus;
+    readonly root: string;
+    readonly leaf_count: number;
+    readonly ar_uri: string;
+    /** Account balance after the debit, USD micro-cents (decimal string). */
+    readonly balance_after_usd_micros: string;
+}
+
+export type { AccountBalance as A, UploadSuccessEntry as B, Cip309ClientConfig as C, UploadsInput as D, UploadsResponse as E, FetchImpl as F, PoeItemResponse as P, QuoteInput as Q, RecordResource as R, Signer as S, UploadEntry as U, ConformanceProfile as a, PoeStatus as b, PoeVerifyInput as c, PublishBatchEntry as d, PublishBatchFailureEntry as e, PublishBatchFailureError as f, PublishBatchInput as g, PublishBatchResponse as h, PublishBatchResultEntry as i, PublishBatchSuccessEntry as j, PublishContentInput as k, PublishInput as l, PublishMerkleInput as m, PublishMerkleResponse as n, PublishPrehashedInput as o, PublishResponse as p, PublishSealedInput as q, QuoteResponse as r, RecordScheme as s, RecordSignature as t, RecordStatus as u, RecordsListInput as v, RecordsListResponse as w, StorageTarget as x, SupportedHashAlg as y, UploadFailureEntry as z };

package/dist/types-BQMtbRCb.d.ts

@@ -0,0 +1,321 @@
+type FetchImpl = (input: string | URL, init?: RequestInit) => Promise<Response>;
+interface Cip309ClientConfig {
+    /**
+     * Bearer credential, forwarded verbatim as `Authorization: Bearer <apiKey>`.
+     *
+     * Treated as an OPAQUE token: the SDK never parses, validates, or infers
+     * anything from it, since each CIP-309 gateway issues keys in its own format.
+     * Omit for anonymous read-only usage.
+     */
+    readonly apiKey?: string;
+    /**
+     * Base URL of the CIP-309 gateway, e.g. `https://gateway.example.com`.
+     * REQUIRED — the client is gateway-agnostic and has no default deployment.
+     * Used VERBATIM (a single trailing slash is stripped). A missing or empty
+     * value throws `InvalidClientConfigError` from the constructor.
+     */
+    readonly baseUrl: string;
+    /** Optional custom fetch (defaults to `globalThis.fetch`). */
+    readonly fetch?: FetchImpl;
+}
+type StorageTarget = 'arweave';
+interface UploadsInput {
+    readonly target: StorageTarget;
+    /** 1..32 file blobs. Position `i` lands on the response as `uploads[i]`. */
+    readonly data: ReadonlyArray<Uint8Array>;
+    readonly idempotencyKey?: string;
+}
+interface UploadSuccessEntry {
+    readonly idx: number;
+    readonly ok: true;
+    readonly uri: string;
+    readonly sha256: string;
+    readonly bytes: number;
+}
+interface UploadFailureEntry {
+    readonly idx: number;
+    readonly ok: false;
+    readonly error: {
+        readonly code: string;
+        readonly detail: string;
+    };
+}
+type UploadEntry = UploadSuccessEntry | UploadFailureEntry;
+interface UploadsResponse {
+    readonly uploads: ReadonlyArray<UploadEntry>;
+}
+interface QuoteInput {
+    /** Canonical-CBOR record length in bytes (header + items). */
+    readonly recordBytes: number;
+    /** Number of sealed-PoE recipients (each adds an envelope slot). */
+    readonly recipientCount: number;
+    /** Sum of all file bytes uploaded for this record (0 for hash-only). */
+    readonly fileBytesTotal: number;
+}
+/**
+ * An opaque price lock returned by `POST /api/v1/poe/quote`. It is a sealed
+ * price token, not a pricing breakdown: pass `quote_id` to `/publish` and
+ * surface `amount` / `currency` / `expires_at` to the user. The gateway's
+ * pricing internals (FX, margins, per-component costs) are not exposed.
+ */
+interface QuoteResponse {
+    /** Opaque id of the persisted price lock; pass to /publish. */
+    readonly quote_id: string;
+    /** Total locked price, as a decimal string (promote to bigint/decimal as needed). */
+    readonly amount: string;
+    /** Currency the `amount` is denominated in (e.g. ISO 4217 `USD`). */
+    readonly currency: string;
+    /** ISO8601 expiry timestamp after which the gateway rejects the quote. */
+    readonly expires_at: string;
+}
+interface RecordSignature {
+    readonly cose_sign1: string;
+    readonly cose_key?: string;
+}
+interface PublishInput {
+    readonly record: Uint8Array | string;
+    /** UUID returned by POST /api/v1/poe/quote. */
+    readonly quoteId: string;
+    readonly signatures?: ReadonlyArray<RecordSignature>;
+    readonly idempotencyKey?: string;
+}
+type PoeStatus = 'submitting' | 'submitted' | 'confirmed' | 'permanent_failure';
+type ConformanceProfile = 'core' | 'signed' | 'sealed' | 'recipient-sealed';
+interface PoeItemResponse {
+    readonly item_idx: number;
+    readonly hashes: Record<string, string>;
+    readonly uris?: ReadonlyArray<string>;
+    readonly enc?: Record<string, unknown>;
+}
+interface PublishResponse {
+    /** Wire-format prefixed id (`poe_<26-char-crockford-base32>`) of the
+     *  freshly-inserted `poe_record` row. Stable across the submit→confirm
+     *  lifecycle; use it to subscribe to live status frames via
+     *  `GET /api/v1/poe/events/<id>`. */
+    readonly id: string;
+    readonly tx_hash: string | null;
+    readonly status: PoeStatus;
+    readonly items_count: number;
+    readonly signed: boolean;
+    readonly sealed: boolean;
+    readonly items: ReadonlyArray<PoeItemResponse>;
+    readonly conformance_profile: ConformanceProfile;
+    /** Account balance after the debit, USD micro-cents (decimal string). */
+    readonly balance_after_usd_micros: string;
+    /**
+     * `true` when the server returned 200 (dedup hit on the prior submission
+     * of an identical record by this account) rather than 202 (freshly
+     * enqueued).
+     */
+    readonly dedup_hit: boolean;
+}
+interface PublishBatchEntry {
+    readonly record: Uint8Array | string;
+    /** UUID returned by POST /api/v1/poe/quote, scoped to this record. */
+    readonly quoteId: string;
+    readonly signatures?: ReadonlyArray<RecordSignature>;
+}
+interface PublishBatchInput {
+    readonly records: ReadonlyArray<PublishBatchEntry>;
+    readonly idempotencyKey?: string;
+}
+interface PublishBatchSuccessEntry {
+    readonly record_idx: number;
+    readonly id: string;
+    readonly tx_hash: string | null;
+    readonly status: PoeStatus;
+    readonly items_count: number;
+    readonly signed: boolean;
+    readonly sealed: boolean;
+    readonly items: ReadonlyArray<PoeItemResponse>;
+    readonly conformance_profile: ConformanceProfile;
+}
+interface PublishBatchFailureError {
+    readonly code: string;
+    readonly detail: string;
+    readonly errors?: ReadonlyArray<{
+        readonly field: string;
+        readonly code: string;
+        readonly detail: string;
+    }>;
+    readonly extensions?: Record<string, unknown>;
+}
+interface PublishBatchFailureEntry {
+    readonly record_idx: number;
+    readonly error: PublishBatchFailureError;
+}
+type PublishBatchResultEntry = PublishBatchSuccessEntry | PublishBatchFailureEntry;
+interface PublishBatchResponse {
+    readonly results: ReadonlyArray<PublishBatchResultEntry>;
+    /** Aggregate balance after every successful debit in the batch. */
+    readonly balance_after_usd_micros: string;
+}
+type RecordStatus = 'submitting' | 'confirming' | 'confirmed' | 'failed';
+type RecordScheme = 0 | 1 | 2;
+interface RecordResource {
+    readonly tx_hash: string;
+    readonly status: RecordStatus | null;
+    readonly block_height: number | null;
+    readonly block_time: string | null;
+    readonly num_confirmations: number;
+    readonly scheme: RecordScheme;
+    readonly item_count: number;
+    readonly signer_ed25519: string | null;
+    readonly metadata_cbor_base64: string;
+    /** Owner-only — present iff the caller authenticated as the row's owner. */
+    readonly account_id?: string;
+}
+interface RecordsListInput {
+    /** Opaque pagination cursor — pass back the `next_cursor` from a prior page. */
+    readonly cursor?: string | null;
+    /** Page size (the gateway may clamp). */
+    readonly limit?: number;
+    /**
+     * When `true`, restrict the page to sealed records addressed to the
+     * authenticated caller. When omitted, list every record the caller may read.
+     */
+    readonly sealed?: boolean;
+}
+interface RecordsListResponse {
+    readonly object: 'list';
+    readonly data: ReadonlyArray<RecordResource>;
+    readonly has_more: boolean;
+    readonly next_cursor: string | null;
+    readonly url: string;
+    /**
+     * The chain tip block height observed when this page was served, used to
+     * compute confirmation depth during a sealed-record sync.
+     *
+     * Optional: a gateway that reports it (JSON key `tip_block_height`) populates
+     * confirmation data directly; otherwise the SDK derives it from the page rows
+     * as `max(block_height + num_confirmations - 1)`, falling back to `null` for
+     * an empty page or rows without a block height.
+     */
+    readonly tip_block_height?: number | null;
+}
+/**
+ * The caller's current prepaid USD balance.
+ *
+ * `balanceUsdMicros` is the gateway's `balance_usd_micros` wire field — the
+ * balance in USD micro-cents, carried as a decimal STRING (never a JS number)
+ * so the bigint value survives JSON without precision loss. An account with no
+ * ledger activity yet reads `"0"`.
+ */
+interface AccountBalance {
+    readonly balanceUsdMicros: string;
+}
+interface PoeVerifyInput {
+    readonly verify_uris?: boolean;
+    readonly decryption?: ReadonlyArray<{
+        readonly item_idx: number;
+        readonly recipient_secret_key?: string;
+        readonly passphrase?: string;
+    }>;
+}
+/**
+ * Pluggable Ed25519 signer for the high-level publish helpers. The SDK does
+ * NOT hold identity keys (see the privacy contract in `off-host-sign.ts`); the
+ * caller owns the key material and decides how to expose signing — in-memory
+ * `@noble/ed25519`,
+ * AWS KMS, GCP HSM, YubiHSM, an air-gapped offline signer, or a CIP-30
+ * wallet wrapper.
+ *
+ * `signerPubkey` MUST be the 32-byte raw Ed25519 public key.
+ *
+ * `sign(sigStructureBytes)` receives the canonical-CBOR
+ * `[ "Signature1", protected_bytes, h'' /* empty external_aad *\/, to_sign ]`
+ * bytes and MUST return a 64-byte raw Ed25519 signature (NOT a DER-encoded
+ * one). This is byte-identical to the input accepted by AWS KMS `Sign` for
+ * Ed25519 keys.
+ */
+interface Signer {
+    readonly signerPubkey: Uint8Array;
+    sign(sigStructureBytes: Uint8Array): Promise<Uint8Array>;
+}
+type SupportedHashAlg = 'sha2-256' | 'blake2b-256';
+interface PublishContentInput {
+    /** Content bytes to anchor. Strings are UTF-8 encoded before hashing. */
+    readonly content: Uint8Array | string;
+    /** UUID returned by POST /api/v1/poe/quote. */
+    readonly quoteId: string;
+    /** Hash algorithm registered in the CIP-309 hash registry. */
+    readonly hashAlg?: SupportedHashAlg;
+    /** Optional signer — when omitted the record publishes unsigned (profile=core). */
+    readonly signer?: Signer;
+    readonly idempotencyKey?: string;
+}
+/**
+ * Hash-already-computed variant. Use when the caller already holds the
+ * content digest (`sha2-256` and/or `blake2b-256`) — e.g. the CLI's `--hash`
+ * mode, an air-gapped offline hashing flow, or a system that proxies digests
+ * from another tool. The SDK does not re-hash; it constructs a single-item
+ * record with the supplied digests in `items[0].hashes` and (optionally)
+ * signs.
+ */
+interface PublishPrehashedInput {
+    readonly hashes: Partial<Record<SupportedHashAlg, string>>;
+    /** UUID returned by POST /api/v1/poe/quote. */
+    readonly quoteId: string;
+    readonly signer?: Signer;
+    readonly idempotencyKey?: string;
+}
+/**
+ * Sealed-PoE helper input. Encrypts `content` to the supplied X25519
+ * recipient public keys (age-style sealed envelope), uploads the ciphertext
+ * to Arweave via /uploads, builds a CIP-309 record with the resulting
+ * `ar://` URI in `items[0].uris`, optionally signs it, and submits to
+ * /publish.
+ *
+ * Each recipient public key is a 32-byte raw X25519 public key. At least
+ * one recipient is required; the sender SHOULD include themselves as a
+ * recipient to retain decrypt access.
+ */
+interface PublishSealedInput {
+    readonly content: Uint8Array | string;
+    /**
+     * Recipient public keys. The length each key MUST be matches the chosen
+     * `kem`: 32 bytes for `x25519`, 1216 bytes for `mlkem768x25519` (X-Wing).
+     */
+    readonly recipients: ReadonlyArray<Uint8Array>;
+    /** UUID returned by POST /api/v1/poe/quote. */
+    readonly quoteId: string;
+    /** Hash algorithm for the plaintext-bind hash in `items[0].hashes`. */
+    readonly hashAlg?: SupportedHashAlg;
+    /**
+     * KEM the sealed envelope is built under. Defaults to `mlkem768x25519`
+     * (X-Wing hybrid, ML-KEM-768 + X25519) — the post-quantum-safe choice. Pass
+     * `x25519` only for the classical, higher-capacity path. Every recipient MUST
+     * be addressed under this single KEM; mixing is not permitted.
+     */
+    readonly kem?: 'x25519' | 'mlkem768x25519';
+    readonly signer?: Signer;
+    readonly idempotencyKey?: string;
+}
+interface PublishMerkleInput {
+    /**
+     * Leaf hashes — either raw 32-byte Uint8Array digests or hex-encoded
+     * strings (64 chars, case-insensitive). Tree size is `leaves.length`.
+     */
+    readonly leaves: ReadonlyArray<Uint8Array | string>;
+    /** UUID returned by POST /api/v1/poe/quote. */
+    readonly quoteId: string;
+    /**
+     * Leaf-hash algorithm. Only `'sha2-256'` is supported in v1 because the
+     * single registered tree algorithm is `rfc9162-sha256` (SHA-256 underlying).
+     */
+    readonly hashAlg?: 'sha2-256';
+    readonly signer?: Signer;
+    readonly idempotencyKey?: string;
+}
+interface PublishMerkleResponse {
+    readonly id: string;
+    readonly tx_hash: string | null;
+    readonly status: PoeStatus;
+    readonly root: string;
+    readonly leaf_count: number;
+    readonly ar_uri: string;
+    /** Account balance after the debit, USD micro-cents (decimal string). */
+    readonly balance_after_usd_micros: string;
+}
+
+export type { AccountBalance as A, UploadSuccessEntry as B, Cip309ClientConfig as C, UploadsInput as D, UploadsResponse as E, FetchImpl as F, PoeItemResponse as P, QuoteInput as Q, RecordResource as R, Signer as S, UploadEntry as U, ConformanceProfile as a, PoeStatus as b, PoeVerifyInput as c, PublishBatchEntry as d, PublishBatchFailureEntry as e, PublishBatchFailureError as f, PublishBatchInput as g, PublishBatchResponse as h, PublishBatchResultEntry as i, PublishBatchSuccessEntry as j, PublishContentInput as k, PublishInput as l, PublishMerkleInput as m, PublishMerkleResponse as n, PublishPrehashedInput as o, PublishResponse as p, PublishSealedInput as q, QuoteResponse as r, RecordScheme as s, RecordSignature as t, RecordStatus as u, RecordsListInput as v, RecordsListResponse as w, StorageTarget as x, SupportedHashAlg as y, UploadFailureEntry as z };