@nokinc-flur/sdk 1.0.0 → 1.0.3

package/dist/index.cjs

@@ -1,7 +1,9 @@
 "use strict";
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -15,12 +17,25 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
+  ACCOUNT_STATUSES: () => ACCOUNT_STATUSES,
+  ACCOUNT_TYPES: () => ACCOUNT_TYPES,
   ADDITIONAL_DATA_SUBFIELD: () => ADDITIONAL_DATA_SUBFIELD,
+  AccountMembershipSchema: () => AccountMembershipSchema,
+  AccountSchema: () => AccountSchema,
+  ApiCredentialPublicSchema: () => ApiCredentialPublicSchema,
   FIELD: () => FIELD,
   FlurApiError: () => FlurApiError,
   FlurCapExceededError: () => FlurCapExceededError,
@@ -28,6 +43,8 @@ __export(index_exports, {
   FlurError: () => FlurError,
   FlurExpiredError: () => FlurExpiredError,
   FlurReplayError: () => FlurReplayError,
+  MEMBERSHIP_ROLES: () => MEMBERSHIP_ROLES,
+  MintedApiCredentialSchema: () => MintedApiCredentialSchema,
   NGN_CURRENCY_CODE: () => NGN_CURRENCY_CODE,
   NG_COUNTRY_CODE: () => NG_COUNTRY_CODE,
   NQRParseError: () => NQRParseError,
@@ -37,18 +54,23 @@ __export(index_exports, {
   OAC_DEFAULT_VALIDITY_MS: () => OAC_DEFAULT_VALIDITY_MS,
   OfflinePaymentAuthorizationSchema: () => OfflinePaymentAuthorizationSchema,
   OfflinePaymentRequestSchema: () => OfflinePaymentRequestSchema,
+  OfflineTokenSchema: () => OfflineTokenSchema,
+  PARTNER_SCOPES: () => PARTNER_SCOPES,
   PASS_KINDS: () => PASS_KINDS,
   PASS_STATES: () => PASS_STATES,
   PAYLOAD_FORMAT_INDICATOR_VALUE: () => PAYLOAD_FORMAT_INDICATOR_VALUE,
   POINT_OF_INITIATION: () => POINT_OF_INITIATION,
   PassMetadataSchema: () => PassMetadataSchema,
   PassSchema: () => PassSchema,
+  PaymentClaimSchema: () => PaymentClaimSchema,
   RECEIPT_CHANNELS: () => RECEIPT_CHANNELS,
   RECEIPT_KINDS: () => RECEIPT_KINDS,
   REPLAY_WINDOW_MS: () => REPLAY_WINDOW_MS,
   ReceiptPayloadSchema: () => ReceiptPayloadSchema,
   ReceiptSchema: () => ReceiptSchema,
   RedemptionSchema: () => RedemptionSchema,
+  SettleResponseSchema: () => SettleResponseSchema,
+  SettlementSchema: () => SettlementSchema,
   bodySha256Hex: () => bodySha256Hex,
   buildAuthorization: () => buildAuthorization,
   buildOAC: () => buildOAC,
@@ -59,10 +81,15 @@ __export(index_exports, {
   canonicalJSONBytes: () => canonicalJSONBytes,
   canonicalJSONStringify: () => canonicalJSONStringify,
   canonicalRequestString: () => canonicalRequestString,
+  computeEncounterId: () => computeEncounterId,
   constantTimeEqual: () => constantTimeEqual,
   crc16ccitt: () => crc16ccitt,
   crc16ccittHex: () => crc16ccittHex,
+  createAccountsClient: () => createAccountsClient,
+  createApiCredentialsAdminClient: () => createApiCredentialsAdminClient,
+  createFlurPartnerClient: () => createFlurPartnerClient,
   createHmacFetch: () => createHmacFetch,
+  createOfflineSettlementsClient: () => createOfflineSettlementsClient,
   createPassesClient: () => createPassesClient,
   createReceiptsClient: () => createReceiptsClient,
   decodeAuthorizationQR: () => decodeAuthorizationQR,
@@ -90,6 +117,7 @@ __export(index_exports, {
   signAuthorization: () => signAuthorization,
   signCanonical: () => signCanonical,
   signOAC: () => signOAC,
+  signPartnerRequest: () => signPartnerRequest,
   signPass: () => signPass,
   signPaymentRequest: () => signPaymentRequest,
   signReceipt: () => signReceipt,
@@ -1536,6 +1564,111 @@ function decodeAuthorizationQR(s) {
   return OfflinePaymentAuthorizationSchema.parse(JSON.parse(json));
 }
 
+// src/offline/settlements.ts
+var import_zod6 = require("zod");
+var OfflineTokenSchema = import_zod6.z.object({
+  tokenId: import_zod6.z.string().uuid(),
+  tokenSerial: import_zod6.z.string(),
+  issuerAccountId: import_zod6.z.string().uuid(),
+  payerUserId: import_zod6.z.string().uuid(),
+  maxAmountKobo: import_zod6.z.number().int().positive(),
+  currency: import_zod6.z.string().length(3),
+  issuedAtMs: import_zod6.z.number().int().nonnegative(),
+  expiresAtMs: import_zod6.z.number().int().nonnegative(),
+  issuerSig: import_zod6.z.string()
+});
+var PaymentClaimSchema = import_zod6.z.object({
+  encounterId: import_zod6.z.string().regex(/^[0-9a-f]{64}$/i).optional(),
+  tokenSerial: import_zod6.z.string(),
+  payerUserId: import_zod6.z.string().uuid(),
+  payeeUserId: import_zod6.z.string().uuid(),
+  payerNonce: import_zod6.z.string(),
+  payeeNonce: import_zod6.z.string(),
+  amountKobo: import_zod6.z.number().int().positive(),
+  currency: import_zod6.z.string().length(3).default("NGN"),
+  occurredAtMs: import_zod6.z.number().int().nonnegative(),
+  completedAtMs: import_zod6.z.number().int().nonnegative().optional(),
+  contextId: import_zod6.z.string().optional(),
+  payerPubkey: import_zod6.z.string().regex(/^[0-9a-f]{64}$/i),
+  payerSignature: import_zod6.z.string().regex(/^[0-9a-f]+$/i),
+  payeePubkey: import_zod6.z.string().regex(/^[0-9a-f]{64}$/i).optional(),
+  payeeSignature: import_zod6.z.string().regex(/^[0-9a-f]+$/i).optional()
+});
+var SettlementSchema = import_zod6.z.object({
+  settlementId: import_zod6.z.string().uuid(),
+  settlementKey: import_zod6.z.string().regex(/^[0-9a-f]{64}$/i),
+  encounterId: import_zod6.z.string().regex(/^[0-9a-f]{64}$/i),
+  issuerAccountId: import_zod6.z.string().uuid(),
+  tokenSerial: import_zod6.z.string(),
+  payerUserId: import_zod6.z.string().uuid(),
+  payeeUserId: import_zod6.z.string().uuid(),
+  amountKobo: import_zod6.z.number().int().nonnegative(),
+  currency: import_zod6.z.string().length(3),
+  receiptId: import_zod6.z.string().nullable(),
+  status: import_zod6.z.enum(["SETTLED", "REVIEW", "REJECTED"]),
+  issuerSig: import_zod6.z.string(),
+  createdAtMs: import_zod6.z.number().int().nonnegative()
+});
+var SettleResponseSchema = import_zod6.z.object({
+  settlement: SettlementSchema,
+  encounterId: import_zod6.z.string().regex(/^[0-9a-f]{64}$/i),
+  replayed: import_zod6.z.boolean()
+});
+var ENCOUNTER_DOMAIN = "offline:v1:encounter";
+async function sha256Hex(input) {
+  const subtle = globalThis.crypto?.subtle;
+  const enc2 = new TextEncoder().encode(input);
+  if (subtle) {
+    const buf = await subtle.digest("SHA-256", enc2);
+    return Array.from(new Uint8Array(buf)).map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+  const mod = await import("crypto");
+  return mod.createHash("sha256").update(input).digest("hex");
+}
+async function computeEncounterId(input) {
+  return sha256Hex(
+    ENCOUNTER_DOMAIN + "|" + [
+      input.payerUserId,
+      input.payeeUserId,
+      input.payerNonce,
+      input.payeeNonce,
+      input.tokenSerial
+    ].join("|")
+  );
+}
+function createOfflineSettlementsClient(partner) {
+  return {
+    issueOfflineToken: (input) => partner.request({
+      method: "POST",
+      path: "/v1/offline/tokens",
+      body: {
+        payerUserId: input.payerUserId,
+        maxAmountKobo: input.maxAmountKobo,
+        currency: input.currency ?? "NGN",
+        ttlMs: input.ttlMs,
+        ...input.tokenSerial ? { tokenSerial: input.tokenSerial } : {}
+      }
+    }),
+    getOfflineToken: (serial) => partner.request({
+      method: "GET",
+      path: `/v1/offline/tokens/${encodeURIComponent(serial)}`
+    }),
+    settle: (claim) => partner.request({
+      method: "POST",
+      path: "/v1/offline/settlements",
+      body: claim
+    }),
+    getSettlement: (id) => partner.request({
+      method: "GET",
+      path: `/v1/offline/settlements/${encodeURIComponent(id)}`
+    }),
+    listConflicts: () => partner.request({
+      method: "GET",
+      path: "/v1/offline/conflicts"
+    })
+  };
+}
+
 // src/auth/hmac.ts
 var import_hmac = require("@noble/hashes/hmac");
 var import_sha256 = require("@noble/hashes/sha256");
@@ -1660,7 +1793,7 @@ function createHmacFetch(opts) {
 }
 
 // src/passes/pass.ts
-var import_zod6 = require("zod");
+var import_zod7 = require("zod");
 var PASS_KINDS = [
   "ride-ticket",
   "transit-pass",
@@ -1676,41 +1809,41 @@ var PASS_STATES = [
   "expired",
   "revoked"
 ];
-var HexString2 = (length) => import_zod6.z.string().regex(
+var HexString2 = (length) => import_zod7.z.string().regex(
   new RegExp(`^[0-9a-fA-F]{${length * 2}}$`),
   `expected ${length}-byte hex string`
 );
-var PassMetadataSchema = import_zod6.z.record(
-  import_zod6.z.union([import_zod6.z.string(), import_zod6.z.number(), import_zod6.z.boolean(), import_zod6.z.null()])
+var PassMetadataSchema = import_zod7.z.record(
+  import_zod7.z.union([import_zod7.z.string(), import_zod7.z.number(), import_zod7.z.boolean(), import_zod7.z.null()])
 );
-var PassSchema = import_zod6.z.object({
-  passId: import_zod6.z.string().min(1),
+var PassSchema = import_zod7.z.object({
+  passId: import_zod7.z.string().min(1),
   /** Optional client/template grouping id (server may omit). */
-  templateId: import_zod6.z.string().min(1).optional(),
+  templateId: import_zod7.z.string().min(1).optional(),
   /** Optional human-facing holder identity (server may omit). The cryptographic binding
    *  is `holderDevicePubkey` below. */
-  holderUserId: import_zod6.z.string().min(1).optional(),
-  kind: import_zod6.z.enum(PASS_KINDS),
-  issuerId: import_zod6.z.string().min(1),
-  issuedAtMs: import_zod6.z.number().int().nonnegative(),
-  validFromMs: import_zod6.z.number().int().nonnegative(),
-  validUntilMs: import_zod6.z.number().int().positive(),
-  state: import_zod6.z.enum(PASS_STATES),
+  holderUserId: import_zod7.z.string().min(1).optional(),
+  kind: import_zod7.z.enum(PASS_KINDS),
+  issuerId: import_zod7.z.string().min(1),
+  issuedAtMs: import_zod7.z.number().int().nonnegative(),
+  validFromMs: import_zod7.z.number().int().nonnegative(),
+  validUntilMs: import_zod7.z.number().int().positive(),
+  state: import_zod7.z.enum(PASS_STATES),
   metadata: PassMetadataSchema,
-  nonce: import_zod6.z.string().min(1),
+  nonce: import_zod7.z.string().min(1),
   /** Device id this pass is bound to (FK to backend `device_keys`). */
-  holderDeviceId: import_zod6.z.string().min(1),
+  holderDeviceId: import_zod7.z.string().min(1),
   /** 32-byte hex Ed25519 public key of the bound device. The redemption signature
    *  is verified against this key — it is the security-critical binding. */
   holderDevicePubkey: HexString2(32),
   /** Optional fixed amount for monetary passes (vouchers, gift cards) in kobo. */
-  amountKobo: import_zod6.z.number().int().nonnegative().optional(),
+  amountKobo: import_zod7.z.number().int().nonnegative().optional(),
   /** ISO-4217-ish currency code; required on the wire. SDK builders default to NGN. */
-  currency: import_zod6.z.string().min(3).max(8),
+  currency: import_zod7.z.string().min(3).max(8),
   /** Monotonic redemption counter floor. Redemption.counter MUST be > counterSeed. */
-  counterSeed: import_zod6.z.number().int().nonnegative(),
+  counterSeed: import_zod7.z.number().int().nonnegative(),
   /** Optional cumulative spend cap in kobo across all redemptions of this pass. */
-  cumulativeCapKobo: import_zod6.z.number().int().nonnegative().optional(),
+  cumulativeCapKobo: import_zod7.z.number().int().nonnegative().optional(),
   issuerSig: HexString2(64)
 }).refine((v) => v.validUntilMs > v.validFromMs, {
   message: "validUntilMs must be greater than validFromMs"
@@ -1767,18 +1900,18 @@ function isPassWithinValidity(pass, nowMs) {
 }
 
 // src/passes/redemption.ts
-var import_zod7 = require("zod");
-var HexSig2 = import_zod7.z.string().regex(/^[0-9a-fA-F]{128}$/, "expected 64-byte hex signature");
-var RedemptionSchema = import_zod7.z.object({
+var import_zod8 = require("zod");
+var HexSig2 = import_zod8.z.string().regex(/^[0-9a-fA-F]{128}$/, "expected 64-byte hex signature");
+var RedemptionSchema = import_zod8.z.object({
   pass: PassSchema,
-  redeemerId: import_zod7.z.string().min(1),
-  redeemedAtMs: import_zod7.z.number().int().nonnegative(),
+  redeemerId: import_zod8.z.string().min(1),
+  redeemedAtMs: import_zod8.z.number().int().nonnegative(),
   /** Strictly monotonic counter scoped to a single pass. Must be > pass.counterSeed
    *  and > the redeemer's lastSeenCounter for this pass. */
-  counter: import_zod7.z.number().int().positive(),
+  counter: import_zod8.z.number().int().positive(),
   /** Amount being redeemed in kobo (0 for non-monetary passes like ride tickets). */
-  amountKobo: import_zod7.z.number().int().nonnegative(),
-  nonce: import_zod7.z.string().min(1),
+  amountKobo: import_zod8.z.number().int().nonnegative(),
+  nonce: import_zod8.z.string().min(1),
   holderSig: HexSig2
 });
 var REDEEMABLE_STATES = /* @__PURE__ */ new Set(["issued", "active"]);
@@ -1863,118 +1996,44 @@ function verifyRedemption(r, issuerPublicKey) {
   }
 }
 
-// src/passes/client.ts
-function createPassesClient(opts) {
-  const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
-  if (!fetchImpl)
-    throw new Error("createPassesClient: no fetch implementation available");
-  const baseUrl = opts.baseUrl.replace(/\/$/, "");
-  async function call(method, path, body, parser) {
-    const init2 = {
-      method,
-      headers: {
-        "content-type": "application/json",
-        accept: "application/json"
-      }
-    };
-    if (body !== void 0) init2.body = JSON.stringify(body);
-    const resp = await fetchImpl(`${baseUrl}${path}`, init2);
-    const text = await resp.text();
-    let raw = void 0;
-    if (text) {
-      try {
-        raw = JSON.parse(text);
-      } catch {
-      }
-    }
-    if (!resp.ok) {
-      const code = (raw && typeof raw === "object" && "code" in raw && typeof raw.code === "string" ? raw.code : void 0) ?? `http_${resp.status}`;
-      const message = (raw && typeof raw === "object" && "message" in raw && typeof raw.message === "string" ? raw.message : void 0) ?? `request failed with status ${resp.status}`;
-      throw new FlurApiError(resp.status, code, message, raw);
-    }
-    return parser(raw);
-  }
-  return {
-    issuePass: (input) => call("POST", "/v1/passes", input, (raw) => PassSchema.parse(raw)),
-    listPasses: (input) => {
-      const qs = new URLSearchParams();
-      if (input.holderDeviceId) qs.set("holderDeviceId", input.holderDeviceId);
-      if (input.holderUserId) qs.set("holderUserId", input.holderUserId);
-      if (input.state) qs.set("state", input.state);
-      if (input.kind) qs.set("kind", input.kind);
-      if (input.templateId) qs.set("templateId", input.templateId);
-      if (typeof input.limit === "number") qs.set("limit", String(input.limit));
-      if (input.cursor) qs.set("cursor", input.cursor);
-      const path = `/v1/passes${qs.size > 0 ? `?${qs.toString()}` : ""}`;
-      return call("GET", path, void 0, (raw) => {
-        const obj = raw;
-        const items = obj.items.map(
-          (it) => PassSchema.parse(it)
-        );
-        const nextCursor = typeof obj.nextCursor === "string" ? obj.nextCursor : null;
-        return { items, nextCursor };
-      });
-    },
-    getPass: (passId) => call(
-      "GET",
-      `/v1/passes/${encodeURIComponent(passId)}`,
-      void 0,
-      (raw) => PassSchema.parse(raw)
-    ),
-    redeemPass: (passId, redemption) => call(
-      "POST",
-      `/v1/passes/${encodeURIComponent(passId)}/redeem`,
-      RedemptionSchema.parse(redemption),
-      (raw) => PassSchema.parse(raw)
-    ),
-    revokePass: (passId, input) => call(
-      "POST",
-      `/v1/passes/${encodeURIComponent(passId)}/revoke`,
-      input,
-      (raw) => PassSchema.parse(raw)
-    ),
-    verifyPass: (pass, issuerPublicKey) => verifyPass(pass, issuerPublicKey)
-  };
-}
-
 // src/receipts/receipt.ts
-var import_zod8 = require("zod");
+var import_zod9 = require("zod");
 var RECEIPT_CHANNELS = ["cash", "pass"];
 var RECEIPT_KINDS = RECEIPT_CHANNELS;
-var HexString3 = (length) => import_zod8.z.string().regex(
+var HexString3 = (length) => import_zod9.z.string().regex(
   new RegExp(`^[0-9a-fA-F]{${length * 2}}$`),
   `expected ${length}-byte hex string`
 );
-var ReceiptPayloadSchema = import_zod8.z.record(
-  import_zod8.z.union([import_zod8.z.string(), import_zod8.z.number(), import_zod8.z.boolean(), import_zod8.z.null()])
+var ReceiptPayloadSchema = import_zod9.z.record(
+  import_zod9.z.union([import_zod9.z.string(), import_zod9.z.number(), import_zod9.z.boolean(), import_zod9.z.null()])
 );
-var ReceiptSchema = import_zod8.z.object({
-  receiptId: import_zod8.z.string().min(1),
-  channel: import_zod8.z.enum(RECEIPT_CHANNELS),
+var ReceiptSchema = import_zod9.z.object({
+  receiptId: import_zod9.z.string().min(1),
+  channel: import_zod9.z.enum(RECEIPT_CHANNELS),
   /** Cash-channel: send_intents.id. Required when channel === 'cash'. */
-  intentId: import_zod8.z.string().min(1).optional(),
+  intentId: import_zod9.z.string().min(1).optional(),
   /** Pass-channel: pass_redemptions.id. Required when channel === 'pass'. */
-  passRedemptionId: import_zod8.z.string().min(1).optional(),
-  payerUserId: import_zod8.z.string().min(1),
-  payeeUserId: import_zod8.z.string().min(1),
-  amountKobo: import_zod8.z.number().int().nonnegative(),
-  currency: import_zod8.z.string().min(3).max(8),
-  issuedAtMs: import_zod8.z.number().int().nonnegative(),
-  issuerId: import_zod8.z.string().min(1),
+  passRedemptionId: import_zod9.z.string().min(1).optional(),
+  payerUserId: import_zod9.z.string().min(1),
+  payeeUserId: import_zod9.z.string().min(1),
+  amountKobo: import_zod9.z.number().int().nonnegative(),
+  currency: import_zod9.z.string().min(3).max(8),
+  issuedAtMs: import_zod9.z.number().int().nonnegative(),
+  issuerId: import_zod9.z.string().min(1),
   payload: ReceiptPayloadSchema,
   issuerSig: HexString3(64)
 }).superRefine((v, ctx) => {
   if (v.channel === "cash") {
     if (!v.intentId) {
       ctx.addIssue({
-        code: import_zod8.z.ZodIssueCode.custom,
+        code: import_zod9.z.ZodIssueCode.custom,
         message: "cash receipts require intentId",
         path: ["intentId"]
       });
     }
     if (v.passRedemptionId) {
       ctx.addIssue({
-        code: import_zod8.z.ZodIssueCode.custom,
+        code: import_zod9.z.ZodIssueCode.custom,
         message: "cash receipts must not carry passRedemptionId",
         path: ["passRedemptionId"]
       });
@@ -1982,14 +2041,14 @@ var ReceiptSchema = import_zod8.z.object({
   } else if (v.channel === "pass") {
     if (!v.passRedemptionId) {
       ctx.addIssue({
-        code: import_zod8.z.ZodIssueCode.custom,
+        code: import_zod9.z.ZodIssueCode.custom,
         message: "pass receipts require passRedemptionId",
         path: ["passRedemptionId"]
       });
     }
     if (v.intentId) {
       ctx.addIssue({
-        code: import_zod8.z.ZodIssueCode.custom,
+        code: import_zod9.z.ZodIssueCode.custom,
         message: "pass receipts must not carry intentId",
         path: ["intentId"]
       });
@@ -2047,6 +2106,114 @@ function verifyReceipt(r, issuerPublicKey) {
   }
 }
 
+// src/passes/client.ts
+function createPassesClient(opts) {
+  const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
+  if (!fetchImpl)
+    throw new Error("createPassesClient: no fetch implementation available");
+  const baseUrl = opts.baseUrl.replace(/\/$/, "");
+  async function call(method, path, body, parser) {
+    const init2 = {
+      method,
+      headers: {
+        "content-type": "application/json",
+        accept: "application/json"
+      }
+    };
+    if (body !== void 0) init2.body = JSON.stringify(body);
+    const resp = await fetchImpl(`${baseUrl}${path}`, init2);
+    const text = await resp.text();
+    let raw = void 0;
+    if (text) {
+      try {
+        raw = JSON.parse(text);
+      } catch {
+      }
+    }
+    if (!resp.ok) {
+      const code = (raw && typeof raw === "object" && "code" in raw && typeof raw.code === "string" ? raw.code : void 0) ?? `http_${resp.status}`;
+      const message = (raw && typeof raw === "object" && "message" in raw && typeof raw.message === "string" ? raw.message : void 0) ?? `request failed with status ${resp.status}`;
+      throw new FlurApiError(resp.status, code, message, raw);
+    }
+    return parser(raw);
+  }
+  return {
+    issuePass: (input) => call("POST", "/v1/passes", input, (raw) => PassSchema.parse(raw)),
+    listPasses: (input) => {
+      const qs = new URLSearchParams();
+      if (input.holderDeviceId) qs.set("holderDeviceId", input.holderDeviceId);
+      if (input.holderUserId) qs.set("holderUserId", input.holderUserId);
+      if (input.state) qs.set("state", input.state);
+      if (input.kind) qs.set("kind", input.kind);
+      if (input.templateId) qs.set("templateId", input.templateId);
+      if (typeof input.limit === "number") qs.set("limit", String(input.limit));
+      if (input.cursor) qs.set("cursor", input.cursor);
+      const path = `/v1/passes${qs.size > 0 ? `?${qs.toString()}` : ""}`;
+      return call("GET", path, void 0, (raw) => {
+        const obj = raw;
+        const items = obj.items.map(
+          (it) => PassSchema.parse(it)
+        );
+        const nextCursor = typeof obj.nextCursor === "string" ? obj.nextCursor : null;
+        return { items, nextCursor };
+      });
+    },
+    getPass: (passId) => call(
+      "GET",
+      `/v1/passes/${encodeURIComponent(passId)}`,
+      void 0,
+      (raw) => PassSchema.parse(raw)
+    ),
+    redeemPass: (passId, redemption) => call(
+      "POST",
+      `/v1/passes/${encodeURIComponent(passId)}/redeem`,
+      RedemptionSchema.parse(redemption),
+      (raw) => {
+        const obj = raw;
+        return {
+          pass: PassSchema.parse(raw),
+          redemptionId: typeof obj.redemptionId === "string" ? obj.redemptionId : ""
+        };
+      }
+    ).then((result) => result.pass),
+    redeemPassDetailed: (passId, redemption) => call(
+      "POST",
+      `/v1/passes/${encodeURIComponent(passId)}/redeem`,
+      RedemptionSchema.parse(redemption),
+      (raw) => {
+        const obj = raw;
+        return {
+          pass: PassSchema.parse(raw),
+          redemptionId: typeof obj.redemptionId === "string" ? obj.redemptionId : ""
+        };
+      }
+    ),
+    redeemPassWithReceipt: (passId, redemption, receipt) => call(
+      "POST",
+      `/v1/passes/${encodeURIComponent(passId)}/redeem-with-receipt`,
+      {
+        redemption: RedemptionSchema.parse(redemption),
+        receipt
+      },
+      (raw) => {
+        const obj = raw;
+        return {
+          pass: PassSchema.parse(obj.pass),
+          redemptionId: typeof obj.redemptionId === "string" ? obj.redemptionId : "",
+          receipt: ReceiptSchema.parse(obj.receipt)
+        };
+      }
+    ),
+    revokePass: (passId, input) => call(
+      "POST",
+      `/v1/passes/${encodeURIComponent(passId)}/revoke`,
+      input,
+      (raw) => PassSchema.parse(raw)
+    ),
+    verifyPass: (pass, issuerPublicKey) => verifyPass(pass, issuerPublicKey)
+  };
+}
+
 // src/receipts/client.ts
 function createReceiptsClient(opts) {
   const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
@@ -2203,9 +2370,316 @@ function init(opts) {
     receipts
   };
 }
+
+// src/accounts/client.ts
+var import_zod10 = require("zod");
+var ACCOUNT_TYPES = ["personal", "business", "partner"];
+var ACCOUNT_STATUSES = ["active", "suspended", "closed"];
+var MEMBERSHIP_ROLES = ["owner", "admin", "driver", "staff"];
+var AccountSchema = import_zod10.z.object({
+  accountId: import_zod10.z.string().uuid(),
+  type: import_zod10.z.enum(ACCOUNT_TYPES),
+  displayName: import_zod10.z.string().min(1),
+  status: import_zod10.z.enum(ACCOUNT_STATUSES),
+  ownerUserId: import_zod10.z.string().uuid().nullable(),
+  createdAtMs: import_zod10.z.number().int().nonnegative()
+});
+var AccountMembershipSchema = import_zod10.z.object({
+  accountId: import_zod10.z.string().uuid(),
+  userId: import_zod10.z.string().uuid(),
+  role: import_zod10.z.enum(MEMBERSHIP_ROLES),
+  createdAtMs: import_zod10.z.number().int().nonnegative()
+});
+function createAccountsClient(opts) {
+  const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
+  if (!fetchImpl) {
+    throw new Error("createAccountsClient: no fetch implementation available");
+  }
+  const baseUrl = opts.baseUrl.replace(/\/$/, "");
+  async function call(method, path, body, parser) {
+    const init2 = {
+      method,
+      headers: {
+        "content-type": "application/json",
+        accept: "application/json"
+      }
+    };
+    if (body !== void 0) init2.body = JSON.stringify(body);
+    const resp = await fetchImpl(`${baseUrl}${path}`, init2);
+    const text = await resp.text();
+    let raw = void 0;
+    if (text) {
+      try {
+        raw = JSON.parse(text);
+      } catch {
+      }
+    }
+    if (!resp.ok) {
+      const code = raw && typeof raw === "object" && "code" in raw && typeof raw.code === "string" ? raw.code : `http_${resp.status}`;
+      const message = raw && typeof raw === "object" && "message" in raw && typeof raw.message === "string" ? raw.message : `request failed with status ${resp.status}`;
+      throw new FlurApiError(resp.status, code, message, raw);
+    }
+    return parser(raw);
+  }
+  const itemsSchema = import_zod10.z.object({ items: import_zod10.z.array(AccountSchema) });
+  const memberItemsSchema = import_zod10.z.object({
+    items: import_zod10.z.array(AccountMembershipSchema)
+  });
+  return {
+    listMyAccounts: () => call(
+      "GET",
+      "/v1/accounts/me",
+      void 0,
+      (raw) => itemsSchema.parse(raw)
+    ),
+    getAccount: (accountId) => call(
+      "GET",
+      `/v1/accounts/${encodeURIComponent(accountId)}`,
+      void 0,
+      (raw) => AccountSchema.parse(raw)
+    ),
+    listMembers: (accountId) => call(
+      "GET",
+      `/v1/accounts/${encodeURIComponent(accountId)}/members`,
+      void 0,
+      (raw) => memberItemsSchema.parse(raw)
+    ),
+    createBusinessAccount: (input) => call("POST", "/v1/accounts", input, (raw) => AccountSchema.parse(raw)),
+    addMember: (accountId, input) => call(
+      "POST",
+      `/v1/accounts/${encodeURIComponent(accountId)}/members`,
+      input,
+      (raw) => AccountMembershipSchema.parse(raw)
+    )
+  };
+}
+
+// src/partner/client.ts
+var import_zod11 = require("zod");
+var PARTNER_SCOPES = [
+  "passes:write",
+  "passes:read",
+  "passes:redeem",
+  "receipts:write",
+  "receipts:read",
+  "offline:issue",
+  "offline:settle",
+  "offline:read"
+];
+var ApiCredentialPublicSchema = import_zod11.z.object({
+  id: import_zod11.z.string().uuid(),
+  accountId: import_zod11.z.string().uuid(),
+  keyId: import_zod11.z.string(),
+  scopes: import_zod11.z.array(import_zod11.z.enum(PARTNER_SCOPES)),
+  label: import_zod11.z.string().nullable(),
+  createdAtMs: import_zod11.z.number().int().nonnegative(),
+  lastUsedAtMs: import_zod11.z.number().int().nonnegative().nullable(),
+  revokedAtMs: import_zod11.z.number().int().nonnegative().nullable()
+});
+var MintedApiCredentialSchema = ApiCredentialPublicSchema.extend({
+  secret: import_zod11.z.string().min(1)
+});
+async function getSubtle() {
+  const c = globalThis.crypto;
+  if (c?.subtle) return c.subtle;
+  const mod = await import("crypto");
+  return mod.webcrypto.subtle;
+}
+var enc = new TextEncoder();
+function bytesToHex3(buf) {
+  const u = new Uint8Array(buf);
+  let s = "";
+  for (let i = 0; i < u.length; i++) {
+    s += u[i].toString(16).padStart(2, "0");
+  }
+  return s;
+}
+async function sha256Hex2(input) {
+  const subtle = await getSubtle();
+  const data = typeof input === "string" ? enc.encode(input) : input;
+  const buffer = data.byteOffset === 0 && data.byteLength === data.buffer.byteLength ? data.buffer : data.slice().buffer;
+  const buf = await subtle.digest("SHA-256", buffer);
+  return bytesToHex3(buf);
+}
+async function hmacSha256Hex(keyHex, message) {
+  const subtle = await getSubtle();
+  const key = await subtle.importKey(
+    "raw",
+    enc.encode(keyHex),
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign"]
+  );
+  const sig = await subtle.sign("HMAC", key, enc.encode(message));
+  return bytesToHex3(sig);
+}
+function defaultNonce2() {
+  const c = globalThis.crypto;
+  if (c?.randomUUID) return c.randomUUID();
+  return `${Date.now().toString(16)}-${Math.random().toString(16).slice(2)}`;
+}
+function canonical(params) {
+  return [
+    params.method.toUpperCase(),
+    params.path,
+    params.ts,
+    params.nonce,
+    params.bodyHash
+  ].join("\n");
+}
+async function signPartnerRequest(params) {
+  const ts = String(Math.floor((params.nowMs ?? Date.now()) / 1e3));
+  const nonce = params.nonce ?? defaultNonce2();
+  const bodyData = typeof params.body === "string" ? enc.encode(params.body) : params.body ?? new Uint8Array();
+  const bodyHash = await sha256Hex2(bodyData);
+  const message = canonical({
+    method: params.method,
+    path: params.path,
+    ts,
+    nonce,
+    bodyHash
+  });
+  const signingKey = await sha256Hex2(params.secret);
+  const sig = await hmacSha256Hex(signingKey, message);
+  return {
+    authorization: `Flur-Hmac key=${params.keyId}, ts=${ts}, nonce=${nonce}, sig=${sig}`,
+    ts,
+    nonce,
+    bodyHash
+  };
+}
+function createFlurPartnerClient(opts) {
+  const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
+  if (!fetchImpl) {
+    throw new Error(
+      "createFlurPartnerClient: no fetch implementation available"
+    );
+  }
+  const baseUrl = opts.baseUrl.replace(/\/$/, "");
+  async function makeSignedInit(method, path, body) {
+    const sig = await signPartnerRequest({
+      keyId: opts.keyId,
+      secret: opts.secret,
+      method,
+      path,
+      body: body ?? "",
+      nowMs: opts.nowMs?.(),
+      nonce: opts.nonce?.()
+    });
+    const headers = {
+      authorization: sig.authorization,
+      accept: "application/json"
+    };
+    if (body !== void 0) headers["content-type"] = "application/json";
+    const init2 = { method, headers };
+    if (body !== void 0) init2.body = body;
+    return init2;
+  }
+  async function request(opts2) {
+    const bodyStr = opts2.body === void 0 ? void 0 : JSON.stringify(opts2.body);
+    const init2 = await makeSignedInit(opts2.method, opts2.path, bodyStr);
+    const resp = await fetchImpl(`${baseUrl}${opts2.path}`, init2);
+    const text = await resp.text();
+    let raw;
+    if (text) {
+      try {
+        raw = JSON.parse(text);
+      } catch {
+      }
+    }
+    if (!resp.ok) {
+      const code = raw && typeof raw === "object" && "code" in raw && typeof raw.code === "string" ? raw.code : `http_${resp.status}`;
+      const message = raw && typeof raw === "object" && "message" in raw && typeof raw.message === "string" ? raw.message : `request failed with status ${resp.status}`;
+      throw new FlurApiError(resp.status, code, message, raw);
+    }
+    return raw;
+  }
+  const fetchLike = async (input, init2) => {
+    const url = typeof input === "string" ? input : input.toString();
+    const u = new URL(url, baseUrl);
+    const path = `${u.pathname}${u.search}`;
+    const method = (init2?.method ?? "GET").toUpperCase();
+    let bodyStr;
+    if (init2?.body) {
+      bodyStr = typeof init2.body === "string" ? init2.body : init2.body.toString();
+    }
+    const signed = await makeSignedInit(method, path, bodyStr);
+    return fetchImpl(`${baseUrl}${path}`, {
+      ...init2,
+      ...signed,
+      headers: {
+        ...init2?.headers,
+        ...signed.headers
+      }
+    });
+  };
+  return { request, fetch: fetchLike };
+}
+function createApiCredentialsAdminClient(opts) {
+  const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
+  if (!fetchImpl) {
+    throw new Error(
+      "createApiCredentialsAdminClient: no fetch implementation available"
+    );
+  }
+  const baseUrl = opts.baseUrl.replace(/\/$/, "");
+  async function call(method, path, body, parser) {
+    const init2 = {
+      method,
+      headers: {
+        "content-type": "application/json",
+        accept: "application/json"
+      }
+    };
+    if (body !== void 0) init2.body = JSON.stringify(body);
+    const resp = await fetchImpl(`${baseUrl}${path}`, init2);
+    const text = await resp.text();
+    let raw;
+    if (text) {
+      try {
+        raw = JSON.parse(text);
+      } catch {
+      }
+    }
+    if (!resp.ok) {
+      const code = raw && typeof raw === "object" && "code" in raw && typeof raw.code === "string" ? raw.code : `http_${resp.status}`;
+      const message = raw && typeof raw === "object" && "message" in raw && typeof raw.message === "string" ? raw.message : `request failed with status ${resp.status}`;
+      throw new FlurApiError(resp.status, code, message, raw);
+    }
+    return parser(raw);
+  }
+  const listSchema = import_zod11.z.object({
+    items: import_zod11.z.array(ApiCredentialPublicSchema)
+  });
+  return {
+    list: (accountId) => call(
+      "GET",
+      `/v1/accounts/${accountId}/api-credentials`,
+      void 0,
+      (raw) => listSchema.parse(raw)
+    ),
+    mint: (accountId, input) => call(
+      "POST",
+      `/v1/accounts/${accountId}/api-credentials`,
+      input,
+      (raw) => MintedApiCredentialSchema.parse(raw)
+    ),
+    revoke: (accountId, credentialId) => call(
+      "DELETE",
+      `/v1/accounts/${accountId}/api-credentials/${credentialId}`,
+      void 0,
+      (raw) => ApiCredentialPublicSchema.parse(raw)
+    )
+  };
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  ACCOUNT_STATUSES,
+  ACCOUNT_TYPES,
   ADDITIONAL_DATA_SUBFIELD,
+  AccountMembershipSchema,
+  AccountSchema,
+  ApiCredentialPublicSchema,
   FIELD,
   FlurApiError,
   FlurCapExceededError,
@@ -2213,6 +2687,8 @@ function init(opts) {
   FlurError,
   FlurExpiredError,
   FlurReplayError,
+  MEMBERSHIP_ROLES,
+  MintedApiCredentialSchema,
   NGN_CURRENCY_CODE,
   NG_COUNTRY_CODE,
   NQRParseError,
@@ -2222,18 +2698,23 @@ function init(opts) {
   OAC_DEFAULT_VALIDITY_MS,
   OfflinePaymentAuthorizationSchema,
   OfflinePaymentRequestSchema,
+  OfflineTokenSchema,
+  PARTNER_SCOPES,
   PASS_KINDS,
   PASS_STATES,
   PAYLOAD_FORMAT_INDICATOR_VALUE,
   POINT_OF_INITIATION,
   PassMetadataSchema,
   PassSchema,
+  PaymentClaimSchema,
   RECEIPT_CHANNELS,
   RECEIPT_KINDS,
   REPLAY_WINDOW_MS,
   ReceiptPayloadSchema,
   ReceiptSchema,
   RedemptionSchema,
+  SettleResponseSchema,
+  SettlementSchema,
   bodySha256Hex,
   buildAuthorization,
   buildOAC,
@@ -2244,10 +2725,15 @@ function init(opts) {
   canonicalJSONBytes,
   canonicalJSONStringify,
   canonicalRequestString,
+  computeEncounterId,
   constantTimeEqual,
   crc16ccitt,
   crc16ccittHex,
+  createAccountsClient,
+  createApiCredentialsAdminClient,
+  createFlurPartnerClient,
   createHmacFetch,
+  createOfflineSettlementsClient,
   createPassesClient,
   createReceiptsClient,
   decodeAuthorizationQR,
@@ -2275,6 +2761,7 @@ function init(opts) {
   signAuthorization,
   signCanonical,
   signOAC,
+  signPartnerRequest,
   signPass,
   signPaymentRequest,
   signReceipt,