@hsuite/smart-engines-sdk 3.3.0 → 3.4.1

package/dist/nestjs/index.js

@@ -1100,6 +1100,99 @@ var ClusterDiscoveryClient = class {
   }
 };
 
+// src/discovery/discovery-client.ts
+var DiscoveryClient = class {
+  constructor(http) {
+    this.http = http;
+    this.platformImages = new PlatformImagesClient(http);
+  }
+  http;
+  /** Platform-image manifest discovery endpoints. */
+  platformImages;
+  /**
+   * `GET /api/v3/discovery/clusters` — active-set cluster registry,
+   * grouped by `clusterId`. This is the same data the bootstrap-seed
+   * flow consumes for random-pick connect.
+   */
+  async listClusters() {
+    return this.http.get("/discovery/clusters");
+  }
+  /**
+   * `GET /api/v3/discovery/clusters/all` — every node-level record
+   * (debug / audit view). Includes nodes that the active-set filter
+   * dropped (e.g. recently-departed validators still in the registry's
+   * eventual-consistency window).
+   */
+  async listAllClusters() {
+    return this.http.get("/discovery/clusters/all");
+  }
+  /**
+   * `GET /api/v3/discovery/clusters/:nodeId` — per-nodeId registry row.
+   * Returns `{ record: null }` (not 404) when the nodeId is unknown to
+   * this validator's registry view, so callers can branch without
+   * try/catch.
+   */
+  async getClusterByNode(nodeId) {
+    return this.http.get(`/discovery/clusters/${encodeURIComponent(nodeId)}`);
+  }
+};
+var PlatformImagesClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /**
+   * `GET /api/v3/discovery/platform-images` — every signed manifest the
+   * cluster has on record. One row per `(imageName, version)` pair.
+   */
+  async list() {
+    return this.http.get("/discovery/platform-images");
+  }
+  /**
+   * `GET /api/v3/discovery/platform-images/envelopes` — full signed
+   * envelopes (manifest + signature + publicKey). Heavier payload than
+   * {@link list}; for external re-verifiers that want to independently
+   * confirm authenticity.
+   */
+  async listEnvelopes() {
+    return this.http.get("/discovery/platform-images/envelopes");
+  }
+  /**
+   * `GET /api/v3/discovery/platform-images/:imageName` — every version
+   * of a single image. Useful for "which tags has the cluster
+   * authorized?" queries.
+   */
+  async get(imageName) {
+    return this.http.get(`/discovery/platform-images/${encodeURIComponent(imageName)}`);
+  }
+  /**
+   * `GET /api/v3/discovery/platform-images/:imageName/:version` —
+   * single signed manifest. Returns `{ manifest: null }` when the
+   * `(imageName, version)` pair is unknown.
+   */
+  async getVersion(imageName, version) {
+    return this.http.get(
+      `/discovery/platform-images/${encodeURIComponent(imageName)}/${encodeURIComponent(version)}`
+    );
+  }
+  /**
+   * `GET /api/v3/discovery/platform-images/:imageName/:version/verify?digest=...`
+   * — content-addressed verify gate. Returns `{ verified: true }` only
+   * when the supplied SHA-256 digest matches the on-record manifest.
+   *
+   * Use before pulling an image off a registry to make sure you're
+   * about to run cluster-signed bits and not whatever drifted into
+   * the registry namespace.
+   */
+  async verify(imageName, version, digest) {
+    return this.http.get(
+      `/discovery/platform-images/${encodeURIComponent(imageName)}/${encodeURIComponent(
+        version
+      )}/verify?digest=${encodeURIComponent(digest)}`
+    );
+  }
+};
+
 // src/auth/validator-auth.ts
 var SUPPORTED_AUTH_CHAINS = [
   "hedera",
@@ -1382,7 +1475,7 @@ function createHttpClient(config) {
   const timeout = config.timeout ?? 3e4;
   function getHeaders(contentType) {
     const headers = {};
-    {
+    if (contentType) {
       headers["Content-Type"] = contentType;
     }
     if (config.authToken) {
@@ -1432,6 +1525,36 @@ function createHttpClient(config) {
       throw new SdkHttpError(`Network error: ${err.message}`, 0, error);
     }
   }
+  async function getText(path) {
+    const url = `${config.baseUrl}${path}`;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), timeout);
+    try {
+      const response = await fetch(url, {
+        method: "GET",
+        headers: getHeaders(),
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!response.ok) {
+        const errBody = await response.json().catch(() => ({}));
+        throw new SdkHttpError(
+          errBody.message || `API error: ${response.status} ${response.statusText}`,
+          response.status,
+          errBody
+        );
+      }
+      return await response.text();
+    } catch (error) {
+      clearTimeout(timeoutId);
+      if (error instanceof SdkHttpError) throw error;
+      const err = error;
+      if (err.name === "AbortError") {
+        throw new SdkHttpError("Request timeout", 408);
+      }
+      throw new SdkHttpError(`Network error: ${err.message}`, 0, error);
+    }
+  }
   async function upload(path, file, filename, metadata, fieldName = "file") {
     const url = `${config.baseUrl}${path}`;
     const controller = new AbortController();
@@ -1482,7 +1605,9 @@ function createHttpClient(config) {
     post: (path, body) => request("POST", path, body),
     get: (path) => request("GET", path),
     put: (path, body) => request("PUT", path, body),
+    patch: (path, body) => request("PATCH", path, body),
     delete: (path) => request("DELETE", path),
+    getText,
     upload: ((path, file, filename, metadata, fieldName) => upload(path, file, filename, metadata, fieldName)),
     setAuthToken
   };
@@ -1618,6 +1743,80 @@ var SubscriptionClient = class {
   async getBalance(appId) {
     return this.http.get(`/subscription/balance/${encodeURIComponent(appId)}`);
   }
+  // ─── Tier-Change Endpoints ────────────────────────────────────────────────
+  /**
+   * Schedule a tier downgrade. The downgrade takes effect at the next
+   * renewal — the deposit is NOT partially refunded mid-lock. Excess
+   * collateral returns on eventual cancel.
+   */
+  async downgrade(request) {
+    return this.http.post("/subscription/downgrade", request);
+  }
+  /**
+   * Request a tier upgrade. The server records the upgrade and returns
+   * top-up deposit instructions for the price delta. The new tier flips
+   * only once the on-chain top-up is confirmed by the deposit monitor.
+   */
+  async upgrade(request) {
+    return this.http.post("/subscription/upgrade", request);
+  }
+  /** Cancel a pending (not-yet-applied) tier change. */
+  async cancelTierChange(request) {
+    return this.http.post("/subscription/tier-change/cancel", request);
+  }
+  // ─── Internal / Usage / Billing ───────────────────────────────────────────
+  /**
+   * Check whether a developer wallet has any active subscription. Used by
+   * smart-host's deploy gate via the cluster-internal API-key path; smart-app
+   * callers should not rely on this endpoint (server-side it requires the
+   * `INTERNAL_SERVICE_MESH_ROUTES` allowlist + an `X-API-Key` header).
+   */
+  async getActiveFor(walletAddress) {
+    return this.http.get(
+      `/subscription/active-for/${encodeURIComponent(walletAddress)}`
+    );
+  }
+  /** Today's consumption breakdown by category for an app. Owner-only. */
+  async getUsage(appId) {
+    return this.http.get(`/subscription/usage/${encodeURIComponent(appId)}`);
+  }
+  /**
+   * Current usage with overage info: usage percent, grace status,
+   * upgrade suggestion, projected days until limit. Owner-only.
+   */
+  async getUsageStatus(appId) {
+    return this.http.get(`/subscription/usage/status/${encodeURIComponent(appId)}`);
+  }
+  /**
+   * Subscription balance deduction history. Pagination + ISO-8601 range
+   * filtering supported. Owner-only.
+   */
+  async getBilling(appId, options) {
+    const params = new URLSearchParams();
+    if (options?.limit !== void 0) params.append("limit", String(options.limit));
+    if (options?.offset !== void 0) params.append("offset", String(options.offset));
+    if (options?.from) params.append("from", options.from);
+    if (options?.to) params.append("to", options.to);
+    const qs = params.toString();
+    return this.http.get(
+      `/subscription/billing/${encodeURIComponent(appId)}${qs ? `?${qs}` : ""}`
+    );
+  }
+  /**
+   * Mint a customer-subscription NFT on behalf of a smart-app.
+   *
+   * Distinct from `mintNft(appId)`, which mints the smart-app's own
+   * developer-level subscription NFT. This endpoint mints a *customer*
+   * NFT held by an end-user wallet — used by smart-host's
+   * `XrplCustomerNftIssuerAdapter` when an app calls
+   * `SubscriptionService.issueCustomerSubscription()` from the sandbox.
+   *
+   * v1 is XRPL-only (the `customerChain` field is a literal `'xrpl'`).
+   * Internal-by-design — server-side gated by `X-API-Key`.
+   */
+  async mintCustomer(request) {
+    return this.http.post("/subscription/customer/mint", request);
+  }
 };
 
 // src/tss/index.ts
@@ -1646,14 +1845,19 @@ var TSSClient = class {
     return this.http.get(`/tss/entity/${encodeURIComponent(entityId)}`);
   }
   /**
-   * Sign a transaction using MPC — chain-agnostic.
-   * Routes to the correct chain backend based on the `chain` parameter.
+   * Sign a transaction using MPC.
    *
-   * @param request - MPC signing request with chain, entityId, and transaction bytes
+   * Routes to `POST /api/v3/tss/hedera/sign-mpc`. Only `'hedera'` is wired
+   * server-side today (see
+   * `apps/smart-validator/src/tss/tss.controller.ts:279`); other chain
+   * signing paths run via their own controllers (XRPL multisig, Polkadot
+   * MPC) and are not exposed through this sub-client. The `chain` field is
+   * carried into the request body so the validator can log + route, but
+   * any non-`'hedera'` value will 404.
    */
   async signMPC(request) {
-    const chain = request.chain || "hedera";
-    return this.http.post(`/tss/${encodeURIComponent(chain)}/sign-mpc`, request);
+    const chain = "hedera";
+    return this.http.post(`/tss/${chain}/sign-mpc`, { ...request, chain });
   }
   /**
    * Get known validators and their public keys
@@ -1697,6 +1901,42 @@ var TSSClient = class {
   async getMultiSigStatus(txId) {
     return this.http.get(`/tss/multisig/transactions/${encodeURIComponent(txId)}`);
   }
+  /**
+   * Async-job variant of {@link createEntity}.
+   *
+   * Server returns 202 + `{ jobId, statusUrl, status: 'pending' }` immediately;
+   * the DKG ceremony runs in the background. Poll {@link getJob} until the
+   * status reaches `'success'` or `'failed'`.
+   */
+  async createEntityAsync(options) {
+    return this.http.post("/tss/entity/create/async", options);
+  }
+  /**
+   * Async-job variant of {@link reshareCluster}. Returns 202 + a polling
+   * descriptor; resharing runs in the background.
+   */
+  async reshareClusterAsync(request) {
+    return this.http.post("/tss/cluster/reshare/async", request);
+  }
+  /**
+   * Poll the status of an async TSS-ceremony job kicked off via
+   * {@link createEntityAsync} or {@link reshareClusterAsync}.
+   */
+  async getJob(jobId) {
+    return this.http.get(`/tss/jobs/${encodeURIComponent(jobId)}`);
+  }
+  /**
+   * Sign a hex payload as smart-app entity `appId` via the cluster's TSS
+   * quorum. Used by smart-deployer for per-entity BLS12-381 signatures over
+   * deployment-context payloads (trustless APP_TOKEN replacement).
+   *
+   * Payload constraints (enforced server-side):
+   *   - even-length lowercase hex
+   *   - ≥32 bytes, ≤8KB
+   */
+  async signForApp(appId, request) {
+    return this.http.post(`/tss/entity/${encodeURIComponent(appId)}/sign`, request);
+  }
 };
 
 // src/ipfs/index.ts
@@ -1766,12 +2006,59 @@ var IPFSClient = class {
   }
 };
 
+// src/hedera-tss/index.ts
+var HederaTssClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /** Create a Hedera account whose keys are controlled by the TSS cluster. */
+  async createAccount(request) {
+    return this.http.post("/hedera/tss/create-account", request);
+  }
+  /** Update an existing account's memo via TSS-signed transaction. */
+  async updateMemo(request) {
+    return this.http.post("/hedera/tss/update-memo", request);
+  }
+  /** Create a TSS-controlled HCS topic. */
+  async createTopic(request) {
+    return this.http.post("/hedera/tss/create-topic", request);
+  }
+  /** Submit a message to an HCS topic via TSS signing. */
+  async submitMessage(request) {
+    return this.http.post("/hedera/tss/submit-message", request);
+  }
+  /** Create an HTS token with TSS-controlled admin/supply/freeze/pause/wipe keys. */
+  async createToken(request) {
+    return this.http.post("/hedera/tss/create-token", request);
+  }
+  /** Mint tokens via TSS signing — optionally rule-validated via `validatorTopicId`. */
+  async mintToken(request) {
+    return this.http.post("/hedera/tss/mint-token", request);
+  }
+};
+
 // src/transactions/chains/hedera.ts
 var HederaTransactionsClient = class {
-  constructor(http) {
+  constructor(http, tssHttp) {
     this.http = http;
+    this.tss = new HederaTssClient(tssHttp ?? http);
   }
   http;
+  /**
+   * TSS-signed Hedera operations (`/api/v3/hedera/tss/*`).
+   *
+   * Distinct from the prepare-only routes on this class:
+   *   - `client.hedera.prepareTopicCreate(...)` returns bytes for local sign+submit.
+   *   - `client.hedera.tss.createTopic(...)` makes the cluster sign+submit in one call.
+   *
+   * `tssHttp` is the validator's `/api/v3`-rooted HTTP client (different from
+   * the `/api/transactions` one this class uses for prepare paths). When the
+   * legacy single-arg constructor is used (no tssHttp passed), `tss` falls
+   * back to the same `http` instance for backwards compatibility — callers
+   * outside `SmartEngineClient` rarely use the TSS surface.
+   */
+  tss;
   /** Prepare an HCS topic creation transaction. */
   async prepareTopicCreate(request) {
     return this.http.post("/topic/create/prepare", { ...request, chain: "hedera" });
@@ -1804,6 +2091,16 @@ var XrplTransactionsClient = class {
   async prepareTrustLine(request) {
     return this.http.post("/trustline/prepare", { ...request, chain: "xrpl" });
   }
+  /**
+   * Prepare the ordered XRPL account-setup transaction set
+   * (SignerListSet + AccountSet DisableMaster) for sovereignty mode.
+   *
+   * Returns `{ steps, sovereignty }`. Caller signs + submits each step in
+   * order; the master key remains usable until the final AccountSet lands.
+   */
+  async prepareAccountSetup(request) {
+    return this.http.post("/xrpl/account-setup/prepare", { ...request, chain: "xrpl" });
+  }
 };
 
 // src/transactions/chains/solana.ts
@@ -1860,6 +2157,28 @@ var TransactionsClient = class {
   async prepareNftTransfer(request) {
     return this.http.post("/nft/transfer/prepare", request);
   }
+  /**
+   * Prepare an NFT collection-create transaction (Polkadot pallet-nfts /
+   * Solana Metaplex master-edition).
+   */
+  async prepareNftCollectionCreate(request) {
+    return this.http.post("/nft/collection/create/prepare", request);
+  }
+  /** Prepare an NFT item set-metadata transaction (Polkadot pallet-nfts/uniques). */
+  async prepareNftSetMetadata(request) {
+    return this.http.post("/nft/set-metadata/prepare", request);
+  }
+  /** Prepare an NFT collection set-metadata transaction (Polkadot pallet-nfts/uniques). */
+  async prepareNftCollectionSetMetadata(request) {
+    return this.http.post("/nft/collection/set-metadata/prepare", request);
+  }
+  /**
+   * Prepare an NFT collection-lock transaction (Polkadot pallet-nfts only).
+   * Asset Hub runtimes on pallet-uniques fallback will reject with a 4xx.
+   */
+  async prepareNftCollectionLock(request) {
+    return this.http.post("/nft/collection/lock/prepare", request);
+  }
   /** Prepare a token creation transaction (Hedera, Solana, Polkadot, Cardano). */
   async prepareTokenCreate(request) {
     return this.http.post("/token/create/prepare", request);
@@ -2170,6 +2489,246 @@ var GovernanceClient = class {
   }
 };
 
+// src/dao/dashboard-client.ts
+function buildQuery(params) {
+  const search = new URLSearchParams();
+  for (const [key, value] of Object.entries(params)) {
+    if (value === void 0) continue;
+    search.set(key, String(value));
+  }
+  const qs = search.toString();
+  return qs ? `?${qs}` : "";
+}
+var DaoDashboardClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /** Aggregated dashboard counters for a user's governance home screen. */
+  async getStats(userAddress) {
+    return this.http.get(
+      `/dao/dashboard/stats/${encodeURIComponent(userAddress)}`
+    );
+  }
+  /** Active proposals across every DAO the user belongs to, with vote state. */
+  async getActiveProposals(userAddress) {
+    return this.http.get(
+      `/dao/dashboard/active-proposals/${encodeURIComponent(userAddress)}`
+    );
+  }
+  /** Paginated vote history across DAOs. */
+  async getVoteHistory(userAddress, opts = {}) {
+    const qs = buildQuery({ limit: opts.limit, offset: opts.offset });
+    return this.http.get(
+      `/dao/dashboard/vote-history/${encodeURIComponent(userAddress)}${qs}`
+    );
+  }
+  /** Activity feed (proposal-created/vote-cast/etc.) across user's DAOs. */
+  async getActivity(userAddress, opts = {}) {
+    const qs = buildQuery({ limit: opts.limit, daoId: opts.daoId });
+    return this.http.get(
+      `/dao/dashboard/activity/${encodeURIComponent(userAddress)}${qs}`
+    );
+  }
+  /** Items the user must act on (sign prepared messages, claim NFTs, …). */
+  async getPendingActions(userAddress) {
+    return this.http.get(
+      `/dao/dashboard/pending-actions/${encodeURIComponent(userAddress)}`
+    );
+  }
+  /** Governance impact metrics — weight delivered, success rate, streak. */
+  async getImpact(userAddress) {
+    return this.http.get(
+      `/dao/dashboard/impact/${encodeURIComponent(userAddress)}`
+    );
+  }
+};
+
+// src/dao/dao-client.ts
+function buildQuery2(params) {
+  const search = new URLSearchParams();
+  for (const [key, value] of Object.entries(params)) {
+    if (value === void 0) continue;
+    search.set(key, String(value));
+  }
+  const qs = search.toString();
+  return qs ? `?${qs}` : "";
+}
+function encodeDaoId(daoId) {
+  return encodeURIComponent(daoId);
+}
+function encodeProposalId(proposalId) {
+  return encodeURIComponent(proposalId);
+}
+function encodeAddress(address) {
+  return encodeURIComponent(address);
+}
+var DaoClient = class {
+  constructor(http) {
+    this.http = http;
+    this.dashboard = new DaoDashboardClient(http);
+  }
+  http;
+  /** Per-user rollups for the smart-app's governance home screen. */
+  dashboard;
+  // ─── Lifecycle ────────────────────────────────────────────────────────────
+  /** Create a new DAO. */
+  async create(request) {
+    return this.http.post("/dao/create", request);
+  }
+  /** List DAOs with optional status / creator filters. */
+  async list(opts = {}) {
+    const qs = buildQuery2({ status: opts.status, createdBy: opts.createdBy });
+    return this.http.get(`/dao/list${qs}`);
+  }
+  /** Fetch a single DAO by ID. */
+  async get(daoId) {
+    return this.http.get(`/dao/${encodeDaoId(daoId)}`);
+  }
+  /** Fetch a DAO together with its proposals (single round-trip). */
+  async getWithProposals(daoId) {
+    return this.http.get(`/dao/${encodeDaoId(daoId)}/with-proposals`);
+  }
+  // ─── Proposals ────────────────────────────────────────────────────────────
+  /** List proposals for a DAO, optionally filtered by status / proposer. */
+  async listProposals(daoId, opts = {}) {
+    const qs = buildQuery2({ status: opts.status, proposer: opts.proposer });
+    return this.http.get(`/dao/${encodeDaoId(daoId)}/proposals${qs}`);
+  }
+  /** Create a proposal (server activates the proposal immediately). */
+  async createProposal(daoId, request) {
+    return this.http.post(`/dao/${encodeDaoId(daoId)}/proposals`, request);
+  }
+  /**
+   * Prepare a proposal for off-chain signing (returns the message to sign).
+   * Use {@link signProposal} to submit the signature once captured.
+   */
+  async prepareProposal(daoId, request) {
+    return this.http.post(
+      `/dao/${encodeDaoId(daoId)}/proposals/prepare`,
+      request
+    );
+  }
+  /** Submit the signed prepared-proposal payload. */
+  async signProposal(daoId, proposalId, request) {
+    return this.http.post(
+      `/dao/${encodeDaoId(daoId)}/proposals/${encodeProposalId(proposalId)}/sign`,
+      request
+    );
+  }
+  /** Prepare a vote message for off-chain signing. */
+  async prepareVote(daoId, proposalId, request) {
+    return this.http.post(
+      `/dao/${encodeDaoId(daoId)}/proposals/${encodeProposalId(proposalId)}/prepare-vote`,
+      request
+    );
+  }
+  /** Submit the signed prepared-vote payload. */
+  async submitVote(daoId, proposalId, request) {
+    return this.http.post(
+      `/dao/${encodeDaoId(daoId)}/proposals/${encodeProposalId(proposalId)}/submit-vote`,
+      request
+    );
+  }
+  /**
+   * Cast a vote directly (no separate prepare/sign hop — server records the
+   * vote on the caller's behalf). Use {@link prepareVote} + {@link submitVote}
+   * when the smart-app's signing model requires client-side signing.
+   */
+  async vote(daoId, proposalId, request) {
+    return this.http.post(
+      `/dao/${encodeDaoId(daoId)}/proposals/${encodeProposalId(proposalId)}/vote`,
+      request
+    );
+  }
+  /**
+   * Manually execute a passed proposal via TSS. Proposals auto-execute after
+   * the execution delay; this endpoint is for the governance-admin override
+   * path.
+   */
+  async execute(daoId, proposalId) {
+    return this.http.post(
+      `/dao/${encodeDaoId(daoId)}/proposals/${encodeProposalId(proposalId)}/execute`,
+      {}
+    );
+  }
+  /** Paginated vote list for a proposal. */
+  async getVotes(daoId, proposalId, opts = {}) {
+    const qs = buildQuery2({ limit: opts.limit, offset: opts.offset });
+    return this.http.get(
+      `/dao/${encodeDaoId(daoId)}/proposals/${encodeProposalId(proposalId)}/votes${qs}`
+    );
+  }
+  /** Resolved tally / quorum / pass-fail for a proposal. */
+  async getResults(daoId, proposalId) {
+    return this.http.get(
+      `/dao/${encodeDaoId(daoId)}/proposals/${encodeProposalId(proposalId)}/results`
+    );
+  }
+  /** Raw vote counts by option ID (no quorum / pass logic). */
+  async getVoteCounts(daoId, proposalId) {
+    return this.http.get(
+      `/dao/${encodeDaoId(daoId)}/proposals/${encodeProposalId(proposalId)}/vote-counts`
+    );
+  }
+  /** Fetch a single voter's vote on a proposal. */
+  async getVoterRecord(daoId, proposalId, voterAddress) {
+    return this.http.get(
+      `/dao/${encodeDaoId(daoId)}/proposals/${encodeProposalId(proposalId)}/voter/${encodeAddress(voterAddress)}`
+    );
+  }
+  /** Fetch a single proposal by ID. */
+  async getProposal(daoId, proposalId) {
+    return this.http.get(
+      `/dao/${encodeDaoId(daoId)}/proposals/${encodeProposalId(proposalId)}`
+    );
+  }
+  // ─── Treasury ─────────────────────────────────────────────────────────────
+  /** Per-chain treasury balances for a DAO. */
+  async getTreasury(daoId, chain) {
+    const qs = buildQuery2({ chain });
+    return this.http.get(`/dao/${encodeDaoId(daoId)}/treasury${qs}`);
+  }
+  /** Paginated treasury transaction history (in/out/swap). */
+  async getTreasuryHistory(daoId, opts = {}) {
+    const qs = buildQuery2({
+      chain: opts.chain,
+      limit: opts.limit,
+      offset: opts.offset
+    });
+    return this.http.get(`/dao/${encodeDaoId(daoId)}/treasury/history${qs}`);
+  }
+  // ─── Members ──────────────────────────────────────────────────────────────
+  /** List a DAO's members, optionally filtered by status. */
+  async listMembers(daoId, opts = {}) {
+    const qs = buildQuery2({ status: opts.status });
+    return this.http.get(`/dao/${encodeDaoId(daoId)}/members${qs}`);
+  }
+  /** Add a member to a DAO. */
+  async addMember(daoId, request) {
+    return this.http.post(`/dao/${encodeDaoId(daoId)}/members`, request);
+  }
+  /** Remove a member from a DAO. */
+  async removeMember(daoId, address) {
+    return this.http.delete(
+      `/dao/${encodeDaoId(daoId)}/members/${encodeAddress(address)}`
+    );
+  }
+  /** Bind a held membership NFT serial to a member record. */
+  async claimMemberNft(daoId, address, request) {
+    return this.http.post(
+      `/dao/${encodeDaoId(daoId)}/members/${encodeAddress(address)}/claim-nft`,
+      request
+    );
+  }
+  /** Fetch the NFT serials + status for a member. */
+  async getMemberNft(daoId, address) {
+    return this.http.get(
+      `/dao/${encodeDaoId(daoId)}/members/${encodeAddress(address)}/nft`
+    );
+  }
+};
+
 // src/personhood/personhood-client.ts
 var PersonhoodClient = class {
   constructor(http) {
@@ -2214,15 +2773,25 @@ var AgentsClient = class {
   async list() {
     return this.http.get("/api/agents");
   }
-  /** Fund an agent */
+  /**
+   * Fund agent treasury (owner-only). Returns a
+   * `PreparedTransactionResponse` wrapped in a `success: true` envelope —
+   * the caller is expected to sign and submit the prepared bytes.
+   */
   async fund(agentId, request) {
     return this.http.post(`/api/agents/${encodeURIComponent(agentId)}/fund`, request);
   }
-  /** Execute a trade */
+  /**
+   * Execute a trade (agent-wallet OR owner). Returns a
+   * `PreparedTransactionResponse` wrapped in a `success: true` envelope.
+   */
   async trade(agentId, request) {
     return this.http.post(`/api/agents/${encodeURIComponent(agentId)}/trade`, request);
   }
-  /** Withdraw funds from agent */
+  /**
+   * Withdraw from agent treasury (owner-only). Returns a
+   * `PreparedTransactionResponse` wrapped in a `success: true` envelope.
+   */
   async withdraw(agentId, request) {
     return this.http.post(`/api/agents/${encodeURIComponent(agentId)}/withdraw`, request);
   }
@@ -2238,9 +2807,16 @@ var AgentsClient = class {
   async revoke(agentId) {
     return this.http.post(`/api/agents/${encodeURIComponent(agentId)}/revoke`, {});
   }
-  /** Update agent rules */
+  /**
+   * Update agent rules.
+   *
+   * Server route is PATCH `/api/agents/:agentId/rules`
+   * (`agents.controller.ts:375`). The previous PUT variant 404'd because
+   * Nest matched the dynamic `:agentId` GET/POST handlers and rejected
+   * the verb mismatch.
+   */
   async updateRules(agentId, rules) {
-    return this.http.put(`/api/agents/${encodeURIComponent(agentId)}/rules`, rules);
+    return this.http.patch(`/api/agents/${encodeURIComponent(agentId)}/rules`, rules);
   }
   /** Get agent events */
   async getEvents(agentId) {
@@ -2366,6 +2942,276 @@ var DeploymentClient = class {
   async getStats() {
     return this.http.get("/api/deployment/stats");
   }
+  /**
+   * Register or update the developer-facing webhook URL for runtime
+   * lifecycle events (`runtime.deploying` / `running` / `failed` /
+   * `suspended` / `resumed` / `retired`).
+   *
+   * The host's `DeployWebhookDispatcher` POSTs to this URL whenever the
+   * smart-deployer reconciler emits a `runtime.*` NATS event, signed with
+   * the returned `webhookSecret`:
+   *
+   *   `X-HSuite-Signature: sha256=<hmac-sha256(secret, raw-body)>`
+   *
+   * Store `webhookSecret` server-side and re-compute the signature over
+   * the raw delivery body to verify authenticity. The secret is surfaced
+   * only on PUT — re-call this method to rotate.
+   *
+   * Server validates: HTTPS only, no loopback / RFC1918 / link-local /
+   * CGNAT / cloud metadata destinations (SSRF guard).
+   */
+  async setWebhook(appId, webhookUrl) {
+    return this.http.put(`/api/deployment/apps/${encodeURIComponent(appId)}/webhook`, {
+      webhookUrl
+    });
+  }
+  /**
+   * Per-app Prometheus metrics in the standard exposition format
+   * (text/plain; version=0.0.4). The server filters smart-deployer's
+   * `/metrics` to lines that mention this app's `appId` label, while
+   * preserving HELP / TYPE comment lines and cluster-wide metrics.
+   *
+   * Returned as a raw string so callers can pipe directly into a
+   * Prometheus parser (`prom-client`, `parse-prometheus-text-format`,
+   * etc.) without an intermediate JSON decode that would corrupt the
+   * exposition format.
+   */
+  async getMetrics(appId) {
+    return this.http.getText(`/api/deployment/apps/${encodeURIComponent(appId)}/metrics`);
+  }
+  /**
+   * Rotate the smart-app's tenant-secret KEK (ADR-011 Phase 6).
+   *
+   * Re-encrypts every `runtime.env` envelope at the new KEK version
+   * transparently. Previous versions remain valid until explicitly
+   * revoked via {@link revokeKek}. Owner-only.
+   */
+  async rotateKek(appId) {
+    return this.http.post(
+      `/api/deployment/apps/${encodeURIComponent(appId)}/credentials/rotate-kek`,
+      {}
+    );
+  }
+  /**
+   * Revoke a tenant-secret KEK version (ADR-011 Phase 6 emergency burn).
+   *
+   * Envelopes at the revoked version become operationally dead —
+   * decryption inside the smart-app pod fails. Owner-only and
+   * **irreversible**. Returns the cumulative list of revoked versions
+   * for this app.
+   */
+  async revokeKek(appId, version) {
+    return this.http.post(
+      `/api/deployment/apps/${encodeURIComponent(appId)}/credentials/revoke-kek`,
+      { version }
+    );
+  }
+};
+
+// src/bridge/bridge-client.ts
+var BridgeClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /** Create a new bridge instance — triggers DKG + TSS entity creation server-side. */
+  async create(request) {
+    return this.http.post("/bridge/create", request);
+  }
+  /** List bridges. Both filters are optional. */
+  async list(options) {
+    const params = new URLSearchParams();
+    if (options?.status) params.append("status", options.status);
+    if (options?.sourceChain) params.append("sourceChain", options.sourceChain);
+    const qs = params.toString();
+    return this.http.get(`/bridge/list${qs ? `?${qs}` : ""}`);
+  }
+  /** Get bridge configuration. */
+  async get(bridgeId) {
+    return this.http.get(`/bridge/${encodePathParam(bridgeId)}`);
+  }
+  /** Port tokens from source → destination. */
+  async port(bridgeId, request) {
+    return this.http.post(`/bridge/${encodePathParam(bridgeId)}/port`, request);
+  }
+  /**
+   * Return tokens from destination → source. Only meaningful on two-way
+   * bridges; the validator rejects the call on one-way bridges with a 400.
+   *
+   * Method name is `return_` to avoid colliding with the reserved JS
+   * keyword in some downstream codegen. Prefer `client.bridge.return(...)`
+   * via the named alias below.
+   */
+  async return(bridgeId, request) {
+    return this.http.post(`/bridge/${encodePathParam(bridgeId)}/return`, request);
+  }
+  /** Get claim status by claim ID under a given bridge. */
+  async getStatus(bridgeId, claimId) {
+    return this.http.get(
+      `/bridge/${encodePathParam(bridgeId)}/status/${encodePathParam(claimId)}`
+    );
+  }
+  /** Get aggregate supply view for a bridge. */
+  async getSupply(bridgeId) {
+    return this.http.get(`/bridge/${encodePathParam(bridgeId)}/supply`);
+  }
+  /** List bridge claims with optional pagination. */
+  async listClaims(bridgeId, options) {
+    const params = new URLSearchParams();
+    if (options?.limit !== void 0) params.append("limit", String(options.limit));
+    if (options?.offset !== void 0) params.append("offset", String(options.offset));
+    const qs = params.toString();
+    return this.http.get(
+      `/bridge/${encodePathParam(bridgeId)}/claims${qs ? `?${qs}` : ""}`
+    );
+  }
+};
+
+// src/resources/resources-client.ts
+var ResourcesClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /** Network-wide consumption summary across all nodes. */
+  async getSummary() {
+    return this.http.get("/resources/summary");
+  }
+  /** Current-day consumption breakdown for an app. */
+  async getConsumption(appId) {
+    return this.http.get(`/resources/consumption/${encodePathParam(appId)}`);
+  }
+  /** Daily usage history from the persistent store. `days` defaults to 30 server-side. */
+  async getHistory(appId, days) {
+    const qs = days !== void 0 ? `?days=${days}` : "";
+    return this.http.get(
+      `/resources/consumption/${encodePathParam(appId)}/history${qs}`
+    );
+  }
+  /** Paginated billing ledger. All filters optional. */
+  async getLedger(appId, options) {
+    const params = new URLSearchParams();
+    if (options?.limit !== void 0) params.append("limit", String(options.limit));
+    if (options?.offset !== void 0) params.append("offset", String(options.offset));
+    if (options?.since) params.append("since", options.since);
+    if (options?.until) params.append("until", options.until);
+    if (options?.category) params.append("category", options.category);
+    const qs = params.toString();
+    return this.http.get(
+      `/resources/consumption/${encodePathParam(appId)}/ledger${qs ? `?${qs}` : ""}`
+    );
+  }
+  /**
+   * Current consumption status with threshold warnings and upgrade hints.
+   * `dailyLimit` overrides the per-app tier default and is rare —
+   * smart-app callers should leave it unset.
+   */
+  async getStatus(appId, dailyLimit) {
+    const qs = dailyLimit !== void 0 ? `?dailyLimit=${dailyLimit}` : "";
+    return this.http.get(
+      `/resources/consumption/${encodePathParam(appId)}/status${qs}`
+    );
+  }
+  /** Consumption aggregated by category over the supplied window. */
+  async getBreakdown(appId, options) {
+    const params = new URLSearchParams();
+    if (options?.since) params.append("since", options.since);
+    if (options?.until) params.append("until", options.until);
+    const qs = params.toString();
+    return this.http.get(
+      `/resources/consumption/${encodePathParam(appId)}/breakdown${qs ? `?${qs}` : ""}`
+    );
+  }
+  /** Per-node consumption reports. */
+  async listNodes() {
+    return this.http.get("/resources/nodes");
+  }
+  /** Single node's report. */
+  async getNode(nodeId) {
+    return this.http.get(`/resources/nodes/${encodePathParam(nodeId)}`);
+  }
+};
+
+// src/envelope/envelope-client.ts
+var EnvelopeClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /**
+   * Seal `plaintext` under the per-app KEK for `appId` at `kekVersion`.
+   * Returns the canonical envelope shape suitable for persistence in
+   * Mongo / NATS / on the EventBus.
+   */
+  async encrypt(request) {
+    return this.http.post("/envelope/encrypt", request);
+  }
+  /**
+   * Open `envelope` for `appId`. The plaintext is returned in the response
+   * body — callers MUST treat it as ephemeral (no logs, no Mongo, no
+   * NATS broadcast). The validator never persists or replays it.
+   */
+  async decrypt(request) {
+    return this.http.post("/envelope/decrypt", request);
+  }
+};
+
+// src/tokens/tokens-client.ts
+var TokensClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /** Initiate a token migration to TSS-controlled keys. */
+  async migrate(request) {
+    return this.http.post("/tokens/migrate", request);
+  }
+  /** List all known migrations on this validator. */
+  async listMigrations() {
+    return this.http.get("/tokens/migrations");
+  }
+  /**
+   * Get one migration's status by id. The server returns
+   * `{ error: string }` (NOT a 404) when the migration is unknown, so the
+   * union type makes the failure mode explicit.
+   */
+  async getMigration(migrationId) {
+    return this.http.get(`/tokens/migrations/${encodePathParam(migrationId)}`);
+  }
+  /** All migrations recorded against a specific token id. */
+  async getMigrationsForToken(tokenId) {
+    return this.http.get(`/tokens/${encodePathParam(tokenId)}/migrations`);
+  }
+  /**
+   * Get token details. NOTE: collides with `client.getTokenInfo(...)` —
+   * see the class JSDoc above for the route-order details. Prefer
+   * `client.getTokenInfo(...)` unless you have a reason to call this one.
+   */
+  async getDetails(chain, tokenId) {
+    return this.http.get(
+      `/tokens/${encodePathParam(chain)}/${encodePathParam(tokenId)}`
+    );
+  }
+};
+
+// src/operator/operator-client.ts
+var OperatorClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /** Get the on-chain HBAR + token balance of an operator account. */
+  async getBalance(chain, accountId) {
+    return this.http.get(
+      `/operator/balance/${encodePathParam(chain)}/${encodePathParam(accountId)}`
+    );
+  }
+  /** Get top-up guidance for an operator account (recommended balance + status). */
+  async getTopup(chain, accountId) {
+    return this.http.get(
+      `/operator/topup/${encodePathParam(chain)}/${encodePathParam(accountId)}`
+    );
+  }
 };
 
 // src/client.ts
@@ -2402,12 +3248,26 @@ var SmartEngineClient = class _SmartEngineClient {
   settlement;
   /** Governance proposal dry-run (simulate-only) */
   governance;
+  /** DAO governance — DAOs, proposals, votes, treasury, members, dashboard */
+  dao;
   /** Personhood verification (HPP one-human-one-member) */
   personhood;
   /** BaaS smart-agent lifecycle (register/fund/trade/withdraw/pause/resume/revoke/...) */
   agents;
   /** BaaS smart-app deployment lifecycle (init/uploadFrontend/deploy/rollback/status/...) */
   deployments;
+  /** Universal Token Bridge — port/return/claim across chains */
+  bridge;
+  /** Network + per-app resource consumption (summary, history, ledger, nodes) */
+  resources;
+  /** AES-256-GCM envelope encrypt/decrypt under the TSS-backed master KEK */
+  envelope;
+  /** Token migration — move existing tokens to TSS-controlled keys */
+  tokens;
+  /** Operator account funding helpers (balance + top-up guidance) */
+  operator;
+  /** Discovery endpoints — cluster registry + platform-image manifests */
+  discovery;
   constructor(config) {
     this.allowInsecure = config.allowInsecure ?? false;
     this.baseUrl = validateClientUrl(config.baseUrl, this.allowInsecure);
@@ -2427,7 +3287,7 @@ var SmartEngineClient = class _SmartEngineClient {
     this.tss = new TSSClient(this.http);
     this.ipfs = new IPFSClient(this.http);
     this.transactions = new TransactionsClient(this.txHttp);
-    this.hedera = new HederaTransactionsClient(this.txHttp);
+    this.hedera = new HederaTransactionsClient(this.txHttp, this.http);
     this.xrpl = new XrplTransactionsClient(this.txHttp);
     this.solana = new SolanaTransactionsClient(this.txHttp);
     this.polkadot = new PolkadotTransactionsClient(this.txHttp);
@@ -2435,6 +3295,7 @@ var SmartEngineClient = class _SmartEngineClient {
     this.historicalBalance = HistoricalBalanceClient.fromHttp(this.http);
     this.settlement = new SettlementClient(this.http);
     this.governance = new GovernanceClient(this.http);
+    this.dao = new DaoClient(this.http);
     this.personhood = new PersonhoodClient(this.http);
     const rootHttp = createHttpClient({
       baseUrl: this.baseUrl,
@@ -2444,6 +3305,12 @@ var SmartEngineClient = class _SmartEngineClient {
     });
     this.agents = new AgentsClient(rootHttp);
     this.deployments = new DeploymentClient(rootHttp);
+    this.bridge = new BridgeClient(this.http);
+    this.resources = new ResourcesClient(this.http);
+    this.envelope = new EnvelopeClient(this.http);
+    this.tokens = new TokensClient(this.http);
+    this.operator = new OperatorClient(this.http);
+    this.discovery = new DiscoveryClient(this.http);
   }
   /**
    * Build a `SmartEngineClient` from a plain env object. Reads:
@@ -2659,7 +3526,19 @@ var SmartEngineClient = class _SmartEngineClient {
     const validated = MintTokenRequestSchema.parse(request);
     return this.http.post("/tokens/mint", validated);
   }
-  /** Get token information */
+  /**
+   * Get token information.
+   *
+   * Route `GET /api/v3/tokens/:chain/:tokenId` is registered twice on the
+   * validator: by `ValidatorController` at
+   * `apps/smart-validator/src/validator.controller.ts:497` and by
+   * `TokenMigrationController` at
+   * `apps/smart-validator/src/token-migration/token-migration.controller.ts:173`.
+   * Nest resolves routes in `controllers: [...]` order — `ValidatorController`
+   * is registered first (`apps/smart-validator/src/smart-validator.module.ts:1222`),
+   * so `multiChain.getTokenInfo(chain, tokenId)` wins and the
+   * token-migration handler is unreachable via this path.
+   */
   async getTokenInfo(chain, tokenId) {
     return this.http.get(`/tokens/${encodePathParam(chain)}/${encodePathParam(tokenId)}`);
   }
@@ -2807,47 +3686,56 @@ var RoutingClient = class {
     this.http = http;
   }
   http;
-  /** Register a new host */
+  /**
+   * Register a new host. The server validates the payload via Zod (appId
+   * pattern, IP/hostname format, port range) and kicks off async
+   * verification. Response includes the registered host plus a status
+   * message about verification.
+   */
   async registerHost(request) {
     return this.http.post("/routing/hosts", request);
   }
-  /** Unregister a host */
+  /** Unregister a host. */
   async unregisterHost(hostId) {
     return this.http.delete(`/routing/hosts/${encodeURIComponent(hostId)}`);
   }
-  /** Get all registered hosts */
+  /** Get all registered hosts. */
   async getAllHosts() {
     return this.http.get("/routing/hosts");
   }
-  /** Get only verified hosts */
+  /** Get only verified hosts. */
   async getVerifiedHosts() {
     return this.http.get("/routing/hosts/verified");
   }
-  /** Get a specific host by ID */
+  /** Get a specific host by ID. */
   async getHost(hostId) {
     return this.http.get(`/routing/hosts/${encodeURIComponent(hostId)}`);
   }
-  /** Verify a host */
+  /** Trigger host re-verification. */
   async verifyHost(hostId) {
     return this.http.post(`/routing/hosts/${encodeURIComponent(hostId)}/verify`, {});
   }
-  /** Set routing configuration for an app */
+  /** Set routing configuration for an app. */
   async setRoutingConfig(appId, config) {
     return this.http.put(`/routing/config/${encodeURIComponent(appId)}`, config);
   }
-  /** Get routing configuration for an app */
+  /** Get routing configuration for an app. */
   async getRoutingConfig(appId) {
     return this.http.get(`/routing/config/${encodeURIComponent(appId)}`);
   }
-  /** Proxy a request through the gateway */
+  /** Proxy a request through the gateway. */
   async proxyRequest(request) {
     return this.http.post("/routing/proxy", request);
   }
-  /** Get routing statistics */
+  /** Get routing statistics. */
   async getStats() {
     return this.http.get("/routing/stats");
   }
-  /** Map a domain to an application */
+  /**
+   * Map a domain/subdomain to an application for hostname-based routing.
+   * The server returns `{ domain, appId, message }` — there is no `success`
+   * field; treat `appId` as the success signal.
+   */
   async mapDomainToApp(domain, appId) {
     return this.http.post(`/routing/domains/${encodeURIComponent(domain)}/map`, { appId });
   }
@@ -2876,7 +3764,11 @@ var DomainsClient = class {
     const params = owner ? `?owner=${encodeURIComponent(owner)}` : "";
     return this.http.get(`/domains${params}`);
   }
-  /** Generate a verification token */
+  /**
+   * Generate a verification token. Server accepts one of `dns-txt`,
+   * `dns-cname`, `http-file`, `email` (see controller Swagger enum at
+   * `apps/smart-gateway/src/domains/domains.controller.ts:226-234`).
+   */
   async generateVerificationToken(domain, method) {
     return this.http.post(`/domains/${encodeURIComponent(domain)}/verification`, { method });
   }
@@ -2992,6 +3884,23 @@ var DnsClient = class {
   }
 };
 
+// src/gateway/health/index.ts
+var HealthClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /**
+   * Per-cluster aggregate health probe. Wraps
+   * `GET /api/v3/cluster/health` — see
+   * `apps/smart-gateway/src/health/health.controller.ts:213-263`. Returns
+   * local validator + host + genesis state in a single payload.
+   */
+  async getCluster() {
+    return this.http.get("/cluster/health");
+  }
+};
+
 // src/gateway/client.ts
 var SmartGatewayClient = class {
   http;
@@ -3001,6 +3910,8 @@ var SmartGatewayClient = class {
   domains;
   /** DNS resolution and zone management */
   dns;
+  /** Per-cluster aggregate health probe (validator + host + genesis state) */
+  health;
   constructor(config) {
     const baseUrl = config.baseUrl.replace(/\/+$/, "");
     this.http = createHttpClient({
@@ -3012,30 +3923,41 @@ var SmartGatewayClient = class {
     this.routing = new RoutingClient(this.http);
     this.domains = new DomainsClient(this.http);
     this.dns = new DnsClient(this.http);
+    this.health = new HealthClient(this.http);
   }
   // ========== Health & Metrics ==========
-  /** Get gateway health status */
+  /** Get gateway-only health status (binary `status: 'ok'` snapshot). */
   async getHealth() {
     return this.http.get("/health");
   }
-  /** Get gateway status with host and domain counts */
+  /**
+   * Get detailed gateway status — `subsystems` tree (dns/routing/verification)
+   * plus the operating `mode` snapshot. Aggregated counts live on `getMetrics()`.
+   */
   async getStatus() {
     return this.http.get("/status");
   }
-  /** Check gateway readiness */
+  /**
+   * Check gateway readiness. Returns either `{ status: 'ready', ... }` with
+   * a verified host count or `{ status: 'not_ready', reason, ... }`.
+   */
   async getReadiness() {
     return this.http.get("/ready");
   }
-  /** Check gateway liveness */
+  /** Check gateway liveness. */
   async getLiveness() {
     return this.http.get("/live");
   }
-  /** Get detailed gateway metrics */
+  /**
+   * Get aggregated network metrics across all clusters — per-cluster health,
+   * chain connectivity, gateway counts, and genesis state. Server caches the
+   * payload (default 30s); pass `refresh=true` to force a fresh fetch.
+   */
   async getMetrics(refresh) {
     const params = refresh ? "?refresh=true" : "";
     return this.http.get(`/metrics${params}`);
   }
-  /** Get metrics summary */
+  /** Get lightweight network summary (status-badge-friendly). */
   async getMetricsSummary() {
     return this.http.get("/metrics/summary");
   }
@@ -3096,11 +4018,37 @@ var DatabaseClient = class {
     );
   }
   /**
-   * List collections for the app
+   * List collections for the app.
+   *
+   * Server route is `/api/db/:appId/collections`
+   * (`database.controller.ts:106`). The previous bare-`:appId` GET 404'd
+   * — Nest reserves that pattern for the document-find router below.
    */
   async listCollections() {
     const appId = this.getAppId();
-    return this.http.get(`/api/db/${encodeURIComponent(appId)}`);
+    return this.http.get(`/api/db/${encodeURIComponent(appId)}/collections`);
+  }
+  /**
+   * Create a new collection in the database.
+   *
+   * Server returns `{ success: true; collection: string }`
+   * (`database.controller.ts:96`).
+   */
+  async createCollection(name) {
+    const appId = this.getAppId();
+    return this.http.post(`/api/db/${encodeURIComponent(appId)}/collections`, { name });
+  }
+  /**
+   * Drop a collection and all its documents.
+   *
+   * Server returns `{ success: true }`
+   * (`database.controller.ts:133`).
+   */
+  async dropCollection(name) {
+    const appId = this.getAppId();
+    return this.http.delete(
+      `/api/db/${encodeURIComponent(appId)}/collections/${encodeURIComponent(name)}`
+    );
   }
   // ========== State Proofs ==========
   /**
@@ -3161,13 +4109,15 @@ var StorageClient = class {
    * Download a file by CID
    */
   async download(cid) {
-    return this.http.get(`/api/storage/download/${encodeURIComponent(cid)}`);
+    const appId = this.getAppId();
+    return this.http.get(`/api/storage/${encodeURIComponent(appId)}/download/${encodeURIComponent(cid)}`);
   }
   /**
    * Get file metadata
    */
   async getMetadata(cid) {
-    return this.http.get(`/api/storage/metadata/${encodeURIComponent(cid)}`);
+    const appId = this.getAppId();
+    return this.http.get(`/api/storage/${encodeURIComponent(appId)}/metadata/${encodeURIComponent(cid)}`);
   }
   /**
    * Delete a file
@@ -3177,20 +4127,29 @@ var StorageClient = class {
     return this.http.delete(`/api/storage/${encodeURIComponent(appId)}/${encodeURIComponent(cid)}`);
   }
   /**
-   * Get file info
+   * Get file info.
+   *
+   * @deprecated The smart-host storage controller does not expose a
+   * bare-CID metadata route — every metadata lookup must go through
+   * `getMetadata(cid)` (`/api/storage/:appId/metadata/:cid`) or the
+   * stream body via `download(cid)`. This alias forwards to `download`
+   * for back-compat; remove in the next major SDK release.
    */
   async getFile(cid) {
-    const appId = this.getAppId();
-    return this.http.get(`/api/storage/${encodeURIComponent(appId)}/${encodeURIComponent(cid)}`);
+    return this.download(cid);
   }
   /**
    * List all files for the app
+   *
+   * @param pagination.offset Server reads `offset`; the legacy `skip`
+   *   option was a client-only synonym that the server silently ignored.
+   *   Use `offset` going forward.
    */
   async listFiles(pagination) {
     const appId = this.getAppId();
     const params = new URLSearchParams();
     if (pagination?.limit !== void 0) params.set("limit", String(pagination.limit));
-    if (pagination?.skip !== void 0) params.set("skip", String(pagination.skip));
+    if (pagination?.offset !== void 0) params.set("offset", String(pagination.offset));
     const qs = params.toString();
     return this.http.get(`/api/storage/${encodeURIComponent(appId)}/files${qs ? `?${qs}` : ""}`);
   }
@@ -3198,13 +4157,15 @@ var StorageClient = class {
    * Get storage usage for the current app
    */
   async getUsage() {
-    return this.http.get("/api/storage/usage");
+    const appId = this.getAppId();
+    return this.http.get(`/api/storage/${encodeURIComponent(appId)}/usage`);
   }
   /**
    * Check if a file exists
    */
   async exists(cid) {
-    return this.http.get(`/api/storage/exists/${encodeURIComponent(cid)}`);
+    const appId = this.getAppId();
+    return this.http.get(`/api/storage/${encodeURIComponent(appId)}/exists/${encodeURIComponent(cid)}`);
   }
 };
 
@@ -3227,42 +4188,60 @@ var FunctionsClient = class {
    * Invoke a function
    */
   async invoke(functionId, payload) {
-    return this.http.post(`/api/functions/${encodeURIComponent(functionId)}/invoke`, payload ?? {});
+    const appId = this.getAppId();
+    return this.http.post(
+      `/api/functions/${encodeURIComponent(appId)}/${encodeURIComponent(functionId)}/invoke`,
+      payload ?? {}
+    );
   }
   /**
-   * List all functions
+   * List all functions for the current app
    */
   async list() {
-    return this.http.get("/api/functions");
+    const appId = this.getAppId();
+    return this.http.get(`/api/functions/${encodeURIComponent(appId)}`);
   }
   /**
    * Get function details
    */
   async get(functionId) {
-    return this.http.get(`/api/functions/${encodeURIComponent(functionId)}`);
+    const appId = this.getAppId();
+    return this.http.get(
+      `/api/functions/${encodeURIComponent(appId)}/${encodeURIComponent(functionId)}`
+    );
   }
   /**
    * Update a function
    */
   async update(functionId, updates) {
-    return this.http.put(`/api/functions/${encodeURIComponent(functionId)}`, updates);
+    const appId = this.getAppId();
+    return this.http.put(
+      `/api/functions/${encodeURIComponent(appId)}/${encodeURIComponent(functionId)}`,
+      updates
+    );
   }
   /**
    * Delete a function
    */
   async delete(functionId) {
-    return this.http.delete(`/api/functions/${encodeURIComponent(functionId)}`);
+    const appId = this.getAppId();
+    return this.http.delete(
+      `/api/functions/${encodeURIComponent(appId)}/${encodeURIComponent(functionId)}`
+    );
   }
   /**
    * Get function execution logs
    */
   async getLogs(functionId, options) {
+    const appId = this.getAppId();
     const params = new URLSearchParams();
     if (options?.limit !== void 0) params.set("limit", String(options.limit));
     if (options?.startTime) params.set("startTime", options.startTime);
     if (options?.level) params.set("level", options.level);
     const qs = params.toString();
-    return this.http.get(`/api/functions/${encodeURIComponent(functionId)}/logs${qs ? `?${qs}` : ""}`);
+    return this.http.get(
+      `/api/functions/${encodeURIComponent(appId)}/${encodeURIComponent(functionId)}/logs${qs ? `?${qs}` : ""}`
+    );
   }
   /**
    * Get function statistics for an app
@@ -3334,25 +4313,43 @@ var MessagingClient = class {
     );
   }
   /**
-   * Set presence for a member
+   * Set presence for a member in a channel.
+   *
+   * BREAKING CHANGE (SDK 3.3.0): presence is channel-scoped on the server
+   * (`messaging.controller.ts:312`). Previous signature
+   * `setPresence(member)` hit a non-existent appId-scoped route and 404'd
+   * in production. The channel is now the first argument.
    */
-  async setPresence(member) {
+  async setPresence(channel, member) {
     const appId = this.getAppId();
-    return this.http.post(`/api/messaging/${encodeURIComponent(appId)}/presence`, member);
+    return this.http.post(
+      `/api/messaging/${encodeURIComponent(appId)}/channels/${encodeURIComponent(channel)}/presence`,
+      member
+    );
   }
   /**
-   * Remove presence for a member
+   * Remove a member's presence from a channel.
+   *
+   * BREAKING CHANGE (SDK 3.3.0): server route is
+   * `/api/messaging/:appId/channels/:channel/presence/:clientId`
+   * (`messaging.controller.ts:352`). `channel` is now the first arg and
+   * `clientId` (not `memberId`) the second — they're the same identifier
+   * but renamed to match the server param.
    */
-  async removePresence(memberId) {
+  async removePresence(channel, clientId) {
     const appId = this.getAppId();
-    return this.http.delete(`/api/messaging/${encodeURIComponent(appId)}/presence/${encodeURIComponent(memberId)}`);
+    return this.http.delete(
+      `/api/messaging/${encodeURIComponent(appId)}/channels/${encodeURIComponent(channel)}/presence/${encodeURIComponent(clientId)}`
+    );
   }
   /**
    * Get presence info for a channel
    */
   async getPresence(channel) {
     const appId = this.getAppId();
-    return this.http.get(`/api/messaging/${encodeURIComponent(appId)}/presence/${encodeURIComponent(channel)}`);
+    return this.http.get(
+      `/api/messaging/${encodeURIComponent(appId)}/channels/${encodeURIComponent(channel)}/presence`
+    );
   }
   /**
    * Get messaging statistics