@nokinc-flur/sdk 1.0.0 → 1.0.2

package/dist/index.js

@@ -1426,6 +1426,111 @@ function decodeAuthorizationQR(s) {
   return OfflinePaymentAuthorizationSchema.parse(JSON.parse(json));
 }
 
+// src/offline/settlements.ts
+import { z as z6 } from "zod";
+var OfflineTokenSchema = z6.object({
+  tokenId: z6.string().uuid(),
+  tokenSerial: z6.string(),
+  issuerAccountId: z6.string().uuid(),
+  payerUserId: z6.string().uuid(),
+  maxAmountKobo: z6.number().int().positive(),
+  currency: z6.string().length(3),
+  issuedAtMs: z6.number().int().nonnegative(),
+  expiresAtMs: z6.number().int().nonnegative(),
+  issuerSig: z6.string()
+});
+var PaymentClaimSchema = z6.object({
+  encounterId: z6.string().regex(/^[0-9a-f]{64}$/i).optional(),
+  tokenSerial: z6.string(),
+  payerUserId: z6.string().uuid(),
+  payeeUserId: z6.string().uuid(),
+  payerNonce: z6.string(),
+  payeeNonce: z6.string(),
+  amountKobo: z6.number().int().positive(),
+  currency: z6.string().length(3).default("NGN"),
+  occurredAtMs: z6.number().int().nonnegative(),
+  completedAtMs: z6.number().int().nonnegative().optional(),
+  contextId: z6.string().optional(),
+  payerPubkey: z6.string().regex(/^[0-9a-f]{64}$/i),
+  payerSignature: z6.string().regex(/^[0-9a-f]+$/i),
+  payeePubkey: z6.string().regex(/^[0-9a-f]{64}$/i).optional(),
+  payeeSignature: z6.string().regex(/^[0-9a-f]+$/i).optional()
+});
+var SettlementSchema = z6.object({
+  settlementId: z6.string().uuid(),
+  settlementKey: z6.string().regex(/^[0-9a-f]{64}$/i),
+  encounterId: z6.string().regex(/^[0-9a-f]{64}$/i),
+  issuerAccountId: z6.string().uuid(),
+  tokenSerial: z6.string(),
+  payerUserId: z6.string().uuid(),
+  payeeUserId: z6.string().uuid(),
+  amountKobo: z6.number().int().nonnegative(),
+  currency: z6.string().length(3),
+  receiptId: z6.string().nullable(),
+  status: z6.enum(["SETTLED", "REVIEW", "REJECTED"]),
+  issuerSig: z6.string(),
+  createdAtMs: z6.number().int().nonnegative()
+});
+var SettleResponseSchema = z6.object({
+  settlement: SettlementSchema,
+  encounterId: z6.string().regex(/^[0-9a-f]{64}$/i),
+  replayed: z6.boolean()
+});
+var ENCOUNTER_DOMAIN = "offline:v1:encounter";
+async function sha256Hex(input) {
+  const subtle = globalThis.crypto?.subtle;
+  const enc2 = new TextEncoder().encode(input);
+  if (subtle) {
+    const buf = await subtle.digest("SHA-256", enc2);
+    return Array.from(new Uint8Array(buf)).map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+  const mod = await import("crypto");
+  return mod.createHash("sha256").update(input).digest("hex");
+}
+async function computeEncounterId(input) {
+  return sha256Hex(
+    ENCOUNTER_DOMAIN + "|" + [
+      input.payerUserId,
+      input.payeeUserId,
+      input.payerNonce,
+      input.payeeNonce,
+      input.tokenSerial
+    ].join("|")
+  );
+}
+function createOfflineSettlementsClient(partner) {
+  return {
+    issueOfflineToken: (input) => partner.request({
+      method: "POST",
+      path: "/v1/offline/tokens",
+      body: {
+        payerUserId: input.payerUserId,
+        maxAmountKobo: input.maxAmountKobo,
+        currency: input.currency ?? "NGN",
+        ttlMs: input.ttlMs,
+        ...input.tokenSerial ? { tokenSerial: input.tokenSerial } : {}
+      }
+    }),
+    getOfflineToken: (serial) => partner.request({
+      method: "GET",
+      path: `/v1/offline/tokens/${encodeURIComponent(serial)}`
+    }),
+    settle: (claim) => partner.request({
+      method: "POST",
+      path: "/v1/offline/settlements",
+      body: claim
+    }),
+    getSettlement: (id) => partner.request({
+      method: "GET",
+      path: `/v1/offline/settlements/${encodeURIComponent(id)}`
+    }),
+    listConflicts: () => partner.request({
+      method: "GET",
+      path: "/v1/offline/conflicts"
+    })
+  };
+}
+
 // src/auth/hmac.ts
 import { hmac } from "@noble/hashes/hmac";
 import { sha256 } from "@noble/hashes/sha256";
@@ -1550,7 +1655,7 @@ function createHmacFetch(opts) {
 }
 
 // src/passes/pass.ts
-import { z as z6 } from "zod";
+import { z as z7 } from "zod";
 var PASS_KINDS = [
   "ride-ticket",
   "transit-pass",
@@ -1566,41 +1671,41 @@ var PASS_STATES = [
   "expired",
   "revoked"
 ];
-var HexString2 = (length) => z6.string().regex(
+var HexString2 = (length) => z7.string().regex(
   new RegExp(`^[0-9a-fA-F]{${length * 2}}$`),
   `expected ${length}-byte hex string`
 );
-var PassMetadataSchema = z6.record(
-  z6.union([z6.string(), z6.number(), z6.boolean(), z6.null()])
+var PassMetadataSchema = z7.record(
+  z7.union([z7.string(), z7.number(), z7.boolean(), z7.null()])
 );
-var PassSchema = z6.object({
-  passId: z6.string().min(1),
+var PassSchema = z7.object({
+  passId: z7.string().min(1),
   /** Optional client/template grouping id (server may omit). */
-  templateId: z6.string().min(1).optional(),
+  templateId: z7.string().min(1).optional(),
   /** Optional human-facing holder identity (server may omit). The cryptographic binding
    *  is `holderDevicePubkey` below. */
-  holderUserId: z6.string().min(1).optional(),
-  kind: z6.enum(PASS_KINDS),
-  issuerId: z6.string().min(1),
-  issuedAtMs: z6.number().int().nonnegative(),
-  validFromMs: z6.number().int().nonnegative(),
-  validUntilMs: z6.number().int().positive(),
-  state: z6.enum(PASS_STATES),
+  holderUserId: z7.string().min(1).optional(),
+  kind: z7.enum(PASS_KINDS),
+  issuerId: z7.string().min(1),
+  issuedAtMs: z7.number().int().nonnegative(),
+  validFromMs: z7.number().int().nonnegative(),
+  validUntilMs: z7.number().int().positive(),
+  state: z7.enum(PASS_STATES),
   metadata: PassMetadataSchema,
-  nonce: z6.string().min(1),
+  nonce: z7.string().min(1),
   /** Device id this pass is bound to (FK to backend `device_keys`). */
-  holderDeviceId: z6.string().min(1),
+  holderDeviceId: z7.string().min(1),
   /** 32-byte hex Ed25519 public key of the bound device. The redemption signature
    *  is verified against this key — it is the security-critical binding. */
   holderDevicePubkey: HexString2(32),
   /** Optional fixed amount for monetary passes (vouchers, gift cards) in kobo. */
-  amountKobo: z6.number().int().nonnegative().optional(),
+  amountKobo: z7.number().int().nonnegative().optional(),
   /** ISO-4217-ish currency code; required on the wire. SDK builders default to NGN. */
-  currency: z6.string().min(3).max(8),
+  currency: z7.string().min(3).max(8),
   /** Monotonic redemption counter floor. Redemption.counter MUST be > counterSeed. */
-  counterSeed: z6.number().int().nonnegative(),
+  counterSeed: z7.number().int().nonnegative(),
   /** Optional cumulative spend cap in kobo across all redemptions of this pass. */
-  cumulativeCapKobo: z6.number().int().nonnegative().optional(),
+  cumulativeCapKobo: z7.number().int().nonnegative().optional(),
   issuerSig: HexString2(64)
 }).refine((v) => v.validUntilMs > v.validFromMs, {
   message: "validUntilMs must be greater than validFromMs"
@@ -1657,18 +1762,18 @@ function isPassWithinValidity(pass, nowMs) {
 }
 
 // src/passes/redemption.ts
-import { z as z7 } from "zod";
-var HexSig2 = z7.string().regex(/^[0-9a-fA-F]{128}$/, "expected 64-byte hex signature");
-var RedemptionSchema = z7.object({
+import { z as z8 } from "zod";
+var HexSig2 = z8.string().regex(/^[0-9a-fA-F]{128}$/, "expected 64-byte hex signature");
+var RedemptionSchema = z8.object({
   pass: PassSchema,
-  redeemerId: z7.string().min(1),
-  redeemedAtMs: z7.number().int().nonnegative(),
+  redeemerId: z8.string().min(1),
+  redeemedAtMs: z8.number().int().nonnegative(),
   /** Strictly monotonic counter scoped to a single pass. Must be > pass.counterSeed
    *  and > the redeemer's lastSeenCounter for this pass. */
-  counter: z7.number().int().positive(),
+  counter: z8.number().int().positive(),
   /** Amount being redeemed in kobo (0 for non-monetary passes like ride tickets). */
-  amountKobo: z7.number().int().nonnegative(),
-  nonce: z7.string().min(1),
+  amountKobo: z8.number().int().nonnegative(),
+  nonce: z8.string().min(1),
   holderSig: HexSig2
 });
 var REDEEMABLE_STATES = /* @__PURE__ */ new Set(["issued", "active"]);
@@ -1753,118 +1858,44 @@ function verifyRedemption(r, issuerPublicKey) {
   }
 }
 
-// src/passes/client.ts
-function createPassesClient(opts) {
-  const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
-  if (!fetchImpl)
-    throw new Error("createPassesClient: no fetch implementation available");
-  const baseUrl = opts.baseUrl.replace(/\/$/, "");
-  async function call(method, path, body, parser) {
-    const init2 = {
-      method,
-      headers: {
-        "content-type": "application/json",
-        accept: "application/json"
-      }
-    };
-    if (body !== void 0) init2.body = JSON.stringify(body);
-    const resp = await fetchImpl(`${baseUrl}${path}`, init2);
-    const text = await resp.text();
-    let raw = void 0;
-    if (text) {
-      try {
-        raw = JSON.parse(text);
-      } catch {
-      }
-    }
-    if (!resp.ok) {
-      const code = (raw && typeof raw === "object" && "code" in raw && typeof raw.code === "string" ? raw.code : void 0) ?? `http_${resp.status}`;
-      const message = (raw && typeof raw === "object" && "message" in raw && typeof raw.message === "string" ? raw.message : void 0) ?? `request failed with status ${resp.status}`;
-      throw new FlurApiError(resp.status, code, message, raw);
-    }
-    return parser(raw);
-  }
-  return {
-    issuePass: (input) => call("POST", "/v1/passes", input, (raw) => PassSchema.parse(raw)),
-    listPasses: (input) => {
-      const qs = new URLSearchParams();
-      if (input.holderDeviceId) qs.set("holderDeviceId", input.holderDeviceId);
-      if (input.holderUserId) qs.set("holderUserId", input.holderUserId);
-      if (input.state) qs.set("state", input.state);
-      if (input.kind) qs.set("kind", input.kind);
-      if (input.templateId) qs.set("templateId", input.templateId);
-      if (typeof input.limit === "number") qs.set("limit", String(input.limit));
-      if (input.cursor) qs.set("cursor", input.cursor);
-      const path = `/v1/passes${qs.size > 0 ? `?${qs.toString()}` : ""}`;
-      return call("GET", path, void 0, (raw) => {
-        const obj = raw;
-        const items = obj.items.map(
-          (it) => PassSchema.parse(it)
-        );
-        const nextCursor = typeof obj.nextCursor === "string" ? obj.nextCursor : null;
-        return { items, nextCursor };
-      });
-    },
-    getPass: (passId) => call(
-      "GET",
-      `/v1/passes/${encodeURIComponent(passId)}`,
-      void 0,
-      (raw) => PassSchema.parse(raw)
-    ),
-    redeemPass: (passId, redemption) => call(
-      "POST",
-      `/v1/passes/${encodeURIComponent(passId)}/redeem`,
-      RedemptionSchema.parse(redemption),
-      (raw) => PassSchema.parse(raw)
-    ),
-    revokePass: (passId, input) => call(
-      "POST",
-      `/v1/passes/${encodeURIComponent(passId)}/revoke`,
-      input,
-      (raw) => PassSchema.parse(raw)
-    ),
-    verifyPass: (pass, issuerPublicKey) => verifyPass(pass, issuerPublicKey)
-  };
-}
-
 // src/receipts/receipt.ts
-import { z as z8 } from "zod";
+import { z as z9 } from "zod";
 var RECEIPT_CHANNELS = ["cash", "pass"];
 var RECEIPT_KINDS = RECEIPT_CHANNELS;
-var HexString3 = (length) => z8.string().regex(
+var HexString3 = (length) => z9.string().regex(
   new RegExp(`^[0-9a-fA-F]{${length * 2}}$`),
   `expected ${length}-byte hex string`
 );
-var ReceiptPayloadSchema = z8.record(
-  z8.union([z8.string(), z8.number(), z8.boolean(), z8.null()])
+var ReceiptPayloadSchema = z9.record(
+  z9.union([z9.string(), z9.number(), z9.boolean(), z9.null()])
 );
-var ReceiptSchema = z8.object({
-  receiptId: z8.string().min(1),
-  channel: z8.enum(RECEIPT_CHANNELS),
+var ReceiptSchema = z9.object({
+  receiptId: z9.string().min(1),
+  channel: z9.enum(RECEIPT_CHANNELS),
   /** Cash-channel: send_intents.id. Required when channel === 'cash'. */
-  intentId: z8.string().min(1).optional(),
+  intentId: z9.string().min(1).optional(),
   /** Pass-channel: pass_redemptions.id. Required when channel === 'pass'. */
-  passRedemptionId: z8.string().min(1).optional(),
-  payerUserId: z8.string().min(1),
-  payeeUserId: z8.string().min(1),
-  amountKobo: z8.number().int().nonnegative(),
-  currency: z8.string().min(3).max(8),
-  issuedAtMs: z8.number().int().nonnegative(),
-  issuerId: z8.string().min(1),
+  passRedemptionId: z9.string().min(1).optional(),
+  payerUserId: z9.string().min(1),
+  payeeUserId: z9.string().min(1),
+  amountKobo: z9.number().int().nonnegative(),
+  currency: z9.string().min(3).max(8),
+  issuedAtMs: z9.number().int().nonnegative(),
+  issuerId: z9.string().min(1),
   payload: ReceiptPayloadSchema,
   issuerSig: HexString3(64)
 }).superRefine((v, ctx) => {
   if (v.channel === "cash") {
     if (!v.intentId) {
       ctx.addIssue({
-        code: z8.ZodIssueCode.custom,
+        code: z9.ZodIssueCode.custom,
         message: "cash receipts require intentId",
         path: ["intentId"]
       });
     }
     if (v.passRedemptionId) {
       ctx.addIssue({
-        code: z8.ZodIssueCode.custom,
+        code: z9.ZodIssueCode.custom,
         message: "cash receipts must not carry passRedemptionId",
         path: ["passRedemptionId"]
       });
@@ -1872,14 +1903,14 @@ var ReceiptSchema = z8.object({
   } else if (v.channel === "pass") {
     if (!v.passRedemptionId) {
       ctx.addIssue({
-        code: z8.ZodIssueCode.custom,
+        code: z9.ZodIssueCode.custom,
         message: "pass receipts require passRedemptionId",
         path: ["passRedemptionId"]
       });
     }
     if (v.intentId) {
       ctx.addIssue({
-        code: z8.ZodIssueCode.custom,
+        code: z9.ZodIssueCode.custom,
         message: "pass receipts must not carry intentId",
         path: ["intentId"]
       });
@@ -1937,6 +1968,114 @@ function verifyReceipt(r, issuerPublicKey) {
   }
 }
 
+// src/passes/client.ts
+function createPassesClient(opts) {
+  const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
+  if (!fetchImpl)
+    throw new Error("createPassesClient: no fetch implementation available");
+  const baseUrl = opts.baseUrl.replace(/\/$/, "");
+  async function call(method, path, body, parser) {
+    const init2 = {
+      method,
+      headers: {
+        "content-type": "application/json",
+        accept: "application/json"
+      }
+    };
+    if (body !== void 0) init2.body = JSON.stringify(body);
+    const resp = await fetchImpl(`${baseUrl}${path}`, init2);
+    const text = await resp.text();
+    let raw = void 0;
+    if (text) {
+      try {
+        raw = JSON.parse(text);
+      } catch {
+      }
+    }
+    if (!resp.ok) {
+      const code = (raw && typeof raw === "object" && "code" in raw && typeof raw.code === "string" ? raw.code : void 0) ?? `http_${resp.status}`;
+      const message = (raw && typeof raw === "object" && "message" in raw && typeof raw.message === "string" ? raw.message : void 0) ?? `request failed with status ${resp.status}`;
+      throw new FlurApiError(resp.status, code, message, raw);
+    }
+    return parser(raw);
+  }
+  return {
+    issuePass: (input) => call("POST", "/v1/passes", input, (raw) => PassSchema.parse(raw)),
+    listPasses: (input) => {
+      const qs = new URLSearchParams();
+      if (input.holderDeviceId) qs.set("holderDeviceId", input.holderDeviceId);
+      if (input.holderUserId) qs.set("holderUserId", input.holderUserId);
+      if (input.state) qs.set("state", input.state);
+      if (input.kind) qs.set("kind", input.kind);
+      if (input.templateId) qs.set("templateId", input.templateId);
+      if (typeof input.limit === "number") qs.set("limit", String(input.limit));
+      if (input.cursor) qs.set("cursor", input.cursor);
+      const path = `/v1/passes${qs.size > 0 ? `?${qs.toString()}` : ""}`;
+      return call("GET", path, void 0, (raw) => {
+        const obj = raw;
+        const items = obj.items.map(
+          (it) => PassSchema.parse(it)
+        );
+        const nextCursor = typeof obj.nextCursor === "string" ? obj.nextCursor : null;
+        return { items, nextCursor };
+      });
+    },
+    getPass: (passId) => call(
+      "GET",
+      `/v1/passes/${encodeURIComponent(passId)}`,
+      void 0,
+      (raw) => PassSchema.parse(raw)
+    ),
+    redeemPass: (passId, redemption) => call(
+      "POST",
+      `/v1/passes/${encodeURIComponent(passId)}/redeem`,
+      RedemptionSchema.parse(redemption),
+      (raw) => {
+        const obj = raw;
+        return {
+          pass: PassSchema.parse(raw),
+          redemptionId: typeof obj.redemptionId === "string" ? obj.redemptionId : ""
+        };
+      }
+    ).then((result) => result.pass),
+    redeemPassDetailed: (passId, redemption) => call(
+      "POST",
+      `/v1/passes/${encodeURIComponent(passId)}/redeem`,
+      RedemptionSchema.parse(redemption),
+      (raw) => {
+        const obj = raw;
+        return {
+          pass: PassSchema.parse(raw),
+          redemptionId: typeof obj.redemptionId === "string" ? obj.redemptionId : ""
+        };
+      }
+    ),
+    redeemPassWithReceipt: (passId, redemption, receipt) => call(
+      "POST",
+      `/v1/passes/${encodeURIComponent(passId)}/redeem-with-receipt`,
+      {
+        redemption: RedemptionSchema.parse(redemption),
+        receipt
+      },
+      (raw) => {
+        const obj = raw;
+        return {
+          pass: PassSchema.parse(obj.pass),
+          redemptionId: typeof obj.redemptionId === "string" ? obj.redemptionId : "",
+          receipt: ReceiptSchema.parse(obj.receipt)
+        };
+      }
+    ),
+    revokePass: (passId, input) => call(
+      "POST",
+      `/v1/passes/${encodeURIComponent(passId)}/revoke`,
+      input,
+      (raw) => PassSchema.parse(raw)
+    ),
+    verifyPass: (pass, issuerPublicKey) => verifyPass(pass, issuerPublicKey)
+  };
+}
+
 // src/receipts/client.ts
 function createReceiptsClient(opts) {
   const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
@@ -2093,8 +2232,315 @@ function init(opts) {
     receipts
   };
 }
+
+// src/accounts/client.ts
+import { z as z10 } from "zod";
+var ACCOUNT_TYPES = ["personal", "business", "partner"];
+var ACCOUNT_STATUSES = ["active", "suspended", "closed"];
+var MEMBERSHIP_ROLES = ["owner", "admin", "driver", "staff"];
+var AccountSchema = z10.object({
+  accountId: z10.string().uuid(),
+  type: z10.enum(ACCOUNT_TYPES),
+  displayName: z10.string().min(1),
+  status: z10.enum(ACCOUNT_STATUSES),
+  ownerUserId: z10.string().uuid().nullable(),
+  createdAtMs: z10.number().int().nonnegative()
+});
+var AccountMembershipSchema = z10.object({
+  accountId: z10.string().uuid(),
+  userId: z10.string().uuid(),
+  role: z10.enum(MEMBERSHIP_ROLES),
+  createdAtMs: z10.number().int().nonnegative()
+});
+function createAccountsClient(opts) {
+  const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
+  if (!fetchImpl) {
+    throw new Error("createAccountsClient: no fetch implementation available");
+  }
+  const baseUrl = opts.baseUrl.replace(/\/$/, "");
+  async function call(method, path, body, parser) {
+    const init2 = {
+      method,
+      headers: {
+        "content-type": "application/json",
+        accept: "application/json"
+      }
+    };
+    if (body !== void 0) init2.body = JSON.stringify(body);
+    const resp = await fetchImpl(`${baseUrl}${path}`, init2);
+    const text = await resp.text();
+    let raw = void 0;
+    if (text) {
+      try {
+        raw = JSON.parse(text);
+      } catch {
+      }
+    }
+    if (!resp.ok) {
+      const code = raw && typeof raw === "object" && "code" in raw && typeof raw.code === "string" ? raw.code : `http_${resp.status}`;
+      const message = raw && typeof raw === "object" && "message" in raw && typeof raw.message === "string" ? raw.message : `request failed with status ${resp.status}`;
+      throw new FlurApiError(resp.status, code, message, raw);
+    }
+    return parser(raw);
+  }
+  const itemsSchema = z10.object({ items: z10.array(AccountSchema) });
+  const memberItemsSchema = z10.object({
+    items: z10.array(AccountMembershipSchema)
+  });
+  return {
+    listMyAccounts: () => call(
+      "GET",
+      "/v1/accounts/me",
+      void 0,
+      (raw) => itemsSchema.parse(raw)
+    ),
+    getAccount: (accountId) => call(
+      "GET",
+      `/v1/accounts/${encodeURIComponent(accountId)}`,
+      void 0,
+      (raw) => AccountSchema.parse(raw)
+    ),
+    listMembers: (accountId) => call(
+      "GET",
+      `/v1/accounts/${encodeURIComponent(accountId)}/members`,
+      void 0,
+      (raw) => memberItemsSchema.parse(raw)
+    ),
+    createBusinessAccount: (input) => call("POST", "/v1/accounts", input, (raw) => AccountSchema.parse(raw)),
+    addMember: (accountId, input) => call(
+      "POST",
+      `/v1/accounts/${encodeURIComponent(accountId)}/members`,
+      input,
+      (raw) => AccountMembershipSchema.parse(raw)
+    )
+  };
+}
+
+// src/partner/client.ts
+import { z as z11 } from "zod";
+var PARTNER_SCOPES = [
+  "passes:write",
+  "passes:read",
+  "passes:redeem",
+  "receipts:write",
+  "receipts:read",
+  "offline:issue",
+  "offline:settle",
+  "offline:read"
+];
+var ApiCredentialPublicSchema = z11.object({
+  id: z11.string().uuid(),
+  accountId: z11.string().uuid(),
+  keyId: z11.string(),
+  scopes: z11.array(z11.enum(PARTNER_SCOPES)),
+  label: z11.string().nullable(),
+  createdAtMs: z11.number().int().nonnegative(),
+  lastUsedAtMs: z11.number().int().nonnegative().nullable(),
+  revokedAtMs: z11.number().int().nonnegative().nullable()
+});
+var MintedApiCredentialSchema = ApiCredentialPublicSchema.extend({
+  secret: z11.string().min(1)
+});
+async function getSubtle() {
+  const c = globalThis.crypto;
+  if (c?.subtle) return c.subtle;
+  const mod = await import("crypto");
+  return mod.webcrypto.subtle;
+}
+var enc = new TextEncoder();
+function bytesToHex3(buf) {
+  const u = new Uint8Array(buf);
+  let s = "";
+  for (let i = 0; i < u.length; i++) {
+    s += u[i].toString(16).padStart(2, "0");
+  }
+  return s;
+}
+async function sha256Hex2(input) {
+  const subtle = await getSubtle();
+  const data = typeof input === "string" ? enc.encode(input) : input;
+  const buffer = data.byteOffset === 0 && data.byteLength === data.buffer.byteLength ? data.buffer : data.slice().buffer;
+  const buf = await subtle.digest("SHA-256", buffer);
+  return bytesToHex3(buf);
+}
+async function hmacSha256Hex(keyHex, message) {
+  const subtle = await getSubtle();
+  const key = await subtle.importKey(
+    "raw",
+    enc.encode(keyHex),
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign"]
+  );
+  const sig = await subtle.sign("HMAC", key, enc.encode(message));
+  return bytesToHex3(sig);
+}
+function defaultNonce2() {
+  const c = globalThis.crypto;
+  if (c?.randomUUID) return c.randomUUID();
+  return `${Date.now().toString(16)}-${Math.random().toString(16).slice(2)}`;
+}
+function canonical(params) {
+  return [
+    params.method.toUpperCase(),
+    params.path,
+    params.ts,
+    params.nonce,
+    params.bodyHash
+  ].join("\n");
+}
+async function signPartnerRequest(params) {
+  const ts = String(Math.floor((params.nowMs ?? Date.now()) / 1e3));
+  const nonce = params.nonce ?? defaultNonce2();
+  const bodyData = typeof params.body === "string" ? enc.encode(params.body) : params.body ?? new Uint8Array();
+  const bodyHash = await sha256Hex2(bodyData);
+  const message = canonical({
+    method: params.method,
+    path: params.path,
+    ts,
+    nonce,
+    bodyHash
+  });
+  const signingKey = await sha256Hex2(params.secret);
+  const sig = await hmacSha256Hex(signingKey, message);
+  return {
+    authorization: `Flur-Hmac key=${params.keyId}, ts=${ts}, nonce=${nonce}, sig=${sig}`,
+    ts,
+    nonce,
+    bodyHash
+  };
+}
+function createFlurPartnerClient(opts) {
+  const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
+  if (!fetchImpl) {
+    throw new Error(
+      "createFlurPartnerClient: no fetch implementation available"
+    );
+  }
+  const baseUrl = opts.baseUrl.replace(/\/$/, "");
+  async function makeSignedInit(method, path, body) {
+    const sig = await signPartnerRequest({
+      keyId: opts.keyId,
+      secret: opts.secret,
+      method,
+      path,
+      body: body ?? "",
+      nowMs: opts.nowMs?.(),
+      nonce: opts.nonce?.()
+    });
+    const headers = {
+      authorization: sig.authorization,
+      accept: "application/json"
+    };
+    if (body !== void 0) headers["content-type"] = "application/json";
+    const init2 = { method, headers };
+    if (body !== void 0) init2.body = body;
+    return init2;
+  }
+  async function request(opts2) {
+    const bodyStr = opts2.body === void 0 ? void 0 : JSON.stringify(opts2.body);
+    const init2 = await makeSignedInit(opts2.method, opts2.path, bodyStr);
+    const resp = await fetchImpl(`${baseUrl}${opts2.path}`, init2);
+    const text = await resp.text();
+    let raw;
+    if (text) {
+      try {
+        raw = JSON.parse(text);
+      } catch {
+      }
+    }
+    if (!resp.ok) {
+      const code = raw && typeof raw === "object" && "code" in raw && typeof raw.code === "string" ? raw.code : `http_${resp.status}`;
+      const message = raw && typeof raw === "object" && "message" in raw && typeof raw.message === "string" ? raw.message : `request failed with status ${resp.status}`;
+      throw new FlurApiError(resp.status, code, message, raw);
+    }
+    return raw;
+  }
+  const fetchLike = async (input, init2) => {
+    const url = typeof input === "string" ? input : input.toString();
+    const u = new URL(url, baseUrl);
+    const path = `${u.pathname}${u.search}`;
+    const method = (init2?.method ?? "GET").toUpperCase();
+    let bodyStr;
+    if (init2?.body) {
+      bodyStr = typeof init2.body === "string" ? init2.body : init2.body.toString();
+    }
+    const signed = await makeSignedInit(method, path, bodyStr);
+    return fetchImpl(`${baseUrl}${path}`, {
+      ...init2,
+      ...signed,
+      headers: {
+        ...init2?.headers,
+        ...signed.headers
+      }
+    });
+  };
+  return { request, fetch: fetchLike };
+}
+function createApiCredentialsAdminClient(opts) {
+  const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
+  if (!fetchImpl) {
+    throw new Error(
+      "createApiCredentialsAdminClient: no fetch implementation available"
+    );
+  }
+  const baseUrl = opts.baseUrl.replace(/\/$/, "");
+  async function call(method, path, body, parser) {
+    const init2 = {
+      method,
+      headers: {
+        "content-type": "application/json",
+        accept: "application/json"
+      }
+    };
+    if (body !== void 0) init2.body = JSON.stringify(body);
+    const resp = await fetchImpl(`${baseUrl}${path}`, init2);
+    const text = await resp.text();
+    let raw;
+    if (text) {
+      try {
+        raw = JSON.parse(text);
+      } catch {
+      }
+    }
+    if (!resp.ok) {
+      const code = raw && typeof raw === "object" && "code" in raw && typeof raw.code === "string" ? raw.code : `http_${resp.status}`;
+      const message = raw && typeof raw === "object" && "message" in raw && typeof raw.message === "string" ? raw.message : `request failed with status ${resp.status}`;
+      throw new FlurApiError(resp.status, code, message, raw);
+    }
+    return parser(raw);
+  }
+  const listSchema = z11.object({
+    items: z11.array(ApiCredentialPublicSchema)
+  });
+  return {
+    list: (accountId) => call(
+      "GET",
+      `/v1/accounts/${accountId}/api-credentials`,
+      void 0,
+      (raw) => listSchema.parse(raw)
+    ),
+    mint: (accountId, input) => call(
+      "POST",
+      `/v1/accounts/${accountId}/api-credentials`,
+      input,
+      (raw) => MintedApiCredentialSchema.parse(raw)
+    ),
+    revoke: (accountId, credentialId) => call(
+      "DELETE",
+      `/v1/accounts/${accountId}/api-credentials/${credentialId}`,
+      void 0,
+      (raw) => ApiCredentialPublicSchema.parse(raw)
+    )
+  };
+}
 export {
+  ACCOUNT_STATUSES,
+  ACCOUNT_TYPES,
   ADDITIONAL_DATA_SUBFIELD,
+  AccountMembershipSchema,
+  AccountSchema,
+  ApiCredentialPublicSchema,
   FIELD,
   FlurApiError,
   FlurCapExceededError,
@@ -2102,6 +2548,8 @@ export {
   FlurError,
   FlurExpiredError,
   FlurReplayError,
+  MEMBERSHIP_ROLES,
+  MintedApiCredentialSchema,
   NGN_CURRENCY_CODE,
   NG_COUNTRY_CODE,
   NQRParseError,
@@ -2111,18 +2559,23 @@ export {
   OAC_DEFAULT_VALIDITY_MS,
   OfflinePaymentAuthorizationSchema,
   OfflinePaymentRequestSchema,
+  OfflineTokenSchema,
+  PARTNER_SCOPES,
   PASS_KINDS,
   PASS_STATES,
   PAYLOAD_FORMAT_INDICATOR_VALUE,
   POINT_OF_INITIATION,
   PassMetadataSchema,
   PassSchema,
+  PaymentClaimSchema,
   RECEIPT_CHANNELS,
   RECEIPT_KINDS,
   REPLAY_WINDOW_MS,
   ReceiptPayloadSchema,
   ReceiptSchema,
   RedemptionSchema,
+  SettleResponseSchema,
+  SettlementSchema,
   bodySha256Hex,
   buildAuthorization,
   buildOAC,
@@ -2133,10 +2586,15 @@ export {
   canonicalJSONBytes,
   canonicalJSONStringify,
   canonicalRequestString,
+  computeEncounterId,
   constantTimeEqual,
   crc16ccitt,
   crc16ccittHex,
+  createAccountsClient,
+  createApiCredentialsAdminClient,
+  createFlurPartnerClient,
   createHmacFetch,
+  createOfflineSettlementsClient,
   createPassesClient,
   createReceiptsClient,
   decodeAuthorizationQR,
@@ -2164,6 +2622,7 @@ export {
   signAuthorization,
   signCanonical,
   signOAC,
+  signPartnerRequest,
   signPass,
   signPaymentRequest,
   signReceipt,