@nokinc-flur/sdk 1.0.4 → 1.0.6

package/dist/index.js

@@ -1,5 +1,5 @@
 // src/client.ts
-import { z as z3 } from "zod";
+import { z as z4 } from "zod";
 
 // src/contracts.ts
 import { z } from "zod";
@@ -41,7 +41,9 @@ var OnboardingCompleteResponseSchema = z.object({
   sessionToken: z.string().min(1),
   userId: UuidSchema,
   restricted: z.boolean(),
-  risk_reasons: z.array(z.enum(["SIM_SWAP_RECENT", "ROAMING", "CARRIER_CHANGED"])),
+  risk_reasons: z.array(
+    z.enum(["SIM_SWAP_RECENT", "ROAMING", "CARRIER_CHANGED"])
+  ),
   stepUpRequired: z.boolean().optional(),
   riskStatus: z.enum(["ok", "unavailable"]).optional()
 });
@@ -94,9 +96,11 @@ var RegisterSendDeviceKeyRequestSchema = z.object({
   deviceId: z.string().min(3),
   publicKey: z.string().min(32)
 });
+var SEND_AUTH_PURPOSES = ["send_money", "offline_revoke"];
 var SendChallengeRequestSchema = z.object({
   userId: UuidSchema,
-  deviceId: z.string().min(3)
+  deviceId: z.string().min(3),
+  purpose: z.enum(SEND_AUTH_PURPOSES).optional()
 });
 var SendChallengeResponseSchema = z.object({
   challengeId: UuidSchema,
@@ -383,6 +387,341 @@ function moneyMinorToNumber(amountMinor) {
   return asNumber;
 }
 
+// src/collections/client.ts
+import { z as z3 } from "zod";
+var MERCHANT_PROFILE_STATUSES = [
+  "pending",
+  "active",
+  "suspended",
+  "closed"
+];
+var SETTLEMENT_SCHEDULES = ["manual", "daily", "t1"];
+var COLLECTION_INTENT_STATUSES = [
+  "created",
+  "pending",
+  "paid",
+  "expired",
+  "cancelled",
+  "failed",
+  "reversed"
+];
+var COLLECTION_PAYMENT_STATUSES = [
+  "pending",
+  "paid",
+  "failed",
+  "reversed"
+];
+var MERCHANT_PAYOUT_STATUSES = [
+  "requested",
+  "processing",
+  "paid",
+  "failed",
+  "cancelled"
+];
+var MoneyKoboSchema = z3.number().int().positive().max(Number.MAX_SAFE_INTEGER);
+var MetadataSchema = z3.record(
+  z3.union([z3.string(), z3.number(), z3.boolean(), z3.null()])
+);
+var CurrencySchema2 = z3.string().trim().length(3).transform((value) => value.toUpperCase());
+var ReferenceSchema = z3.string().trim().min(6).max(128).regex(/^[A-Za-z0-9._:-]+$/);
+var MerchantProfileSchema = z3.object({
+  accountId: z3.string().uuid(),
+  legalName: z3.string(),
+  tradingName: z3.string(),
+  merchantCategoryCode: z3.string().regex(/^\d{4}$/),
+  nqrMerchantId: z3.string(),
+  settlementBankCode: z3.string(),
+  settlementAccountNumber: z3.string(),
+  settlementAccountName: z3.string(),
+  settlementSchedule: z3.enum(SETTLEMENT_SCHEDULES),
+  status: z3.enum(MERCHANT_PROFILE_STATUSES),
+  offlineEnabled: z3.boolean(),
+  perTxLimitKobo: MoneyKoboSchema,
+  dailyLimitKobo: MoneyKoboSchema,
+  metadata: MetadataSchema,
+  createdAtMs: z3.number().int().nonnegative(),
+  updatedAtMs: z3.number().int().nonnegative()
+});
+var UpsertMerchantProfileInputSchema = z3.object({
+  legalName: z3.string().trim().min(1).max(200),
+  tradingName: z3.string().trim().min(1).max(25),
+  merchantCategoryCode: z3.string().trim().regex(/^\d{4}$/),
+  nqrMerchantId: z3.string().trim().min(3).max(64),
+  settlementBankCode: z3.string().trim().min(2).max(16),
+  settlementAccountNumber: z3.string().trim().min(5).max(32),
+  settlementAccountName: z3.string().trim().min(1).max(200),
+  settlementSchedule: z3.enum(SETTLEMENT_SCHEDULES).optional(),
+  status: z3.enum(MERCHANT_PROFILE_STATUSES).optional(),
+  offlineEnabled: z3.boolean().optional(),
+  perTxLimitKobo: MoneyKoboSchema.optional(),
+  dailyLimitKobo: MoneyKoboSchema.optional(),
+  metadata: MetadataSchema.optional()
+});
+var CollectionIntentSchema = z3.object({
+  intentId: z3.string().uuid(),
+  accountId: z3.string().uuid(),
+  terminalId: z3.string().uuid().nullable(),
+  reference: z3.string(),
+  amountKobo: z3.number().int().positive().nullable(),
+  currency: z3.string().length(3),
+  status: z3.enum(COLLECTION_INTENT_STATUSES),
+  description: z3.string().nullable(),
+  nqrPayload: z3.string(),
+  provider: z3.string(),
+  providerReference: z3.string().nullable(),
+  metadata: MetadataSchema,
+  expiresAtMs: z3.number().int().nonnegative().nullable(),
+  paidAtMs: z3.number().int().nonnegative().nullable(),
+  createdAtMs: z3.number().int().nonnegative(),
+  updatedAtMs: z3.number().int().nonnegative()
+});
+var CreateCollectionIntentInputSchema = z3.object({
+  reference: ReferenceSchema.optional(),
+  amountKobo: MoneyKoboSchema.optional(),
+  currency: CurrencySchema2.optional(),
+  terminalId: z3.string().uuid().optional(),
+  terminalLabel: z3.string().trim().min(1).max(25).optional(),
+  merchantCity: z3.string().trim().min(1).max(15).optional(),
+  description: z3.string().trim().min(1).max(280).optional(),
+  expiresAtMs: z3.number().int().positive().optional(),
+  provider: z3.string().trim().min(1).max(40).optional(),
+  metadata: MetadataSchema.optional()
+});
+var PublicCollectionIntentSchema = z3.object({
+  intentId: z3.string().uuid(),
+  reference: z3.string(),
+  amountKobo: z3.number().int().positive().nullable(),
+  currency: z3.string().length(3),
+  status: z3.enum(COLLECTION_INTENT_STATUSES),
+  merchantAccountId: z3.string().uuid(),
+  merchantName: z3.string(),
+  merchantCategoryCode: z3.string(),
+  description: z3.string().nullable(),
+  expiresAtMs: z3.number().int().nonnegative().nullable()
+});
+var PayCollectionInputSchema = z3.object({
+  reference: ReferenceSchema,
+  amountKobo: MoneyKoboSchema.optional(),
+  currency: CurrencySchema2.optional(),
+  idempotencyKey: z3.string().trim().min(8).max(160).optional()
+});
+var CollectionPaymentSchema = z3.object({
+  paymentId: z3.string().uuid(),
+  intentId: z3.string().uuid(),
+  accountId: z3.string().uuid(),
+  payerUserId: z3.string().uuid().nullable(),
+  merchantOwnerUserId: z3.string().uuid(),
+  amountKobo: MoneyKoboSchema,
+  currency: z3.string().length(3),
+  status: z3.enum(COLLECTION_PAYMENT_STATUSES),
+  provider: z3.string(),
+  providerReference: z3.string().nullable(),
+  idempotencyKey: z3.string().nullable(),
+  ledgerRef: z3.string(),
+  failureCode: z3.string().nullable(),
+  failureMessage: z3.string().nullable(),
+  paidAtMs: z3.number().int().nonnegative().nullable(),
+  createdAtMs: z3.number().int().nonnegative(),
+  updatedAtMs: z3.number().int().nonnegative()
+});
+var CollectionPaymentResultSchema = z3.object({
+  payment: CollectionPaymentSchema,
+  intent: CollectionIntentSchema,
+  receipt: z3.unknown().optional(),
+  replayed: z3.boolean()
+});
+var CollectionReportSummarySchema = z3.object({
+  accountId: z3.string().uuid(),
+  fromMs: z3.number().int().nonnegative(),
+  toMs: z3.number().int().nonnegative(),
+  currency: z3.string().length(3),
+  paidCount: z3.number().int().nonnegative(),
+  paidAmountKobo: z3.number().int().nonnegative(),
+  pendingCount: z3.number().int().nonnegative(),
+  failedCount: z3.number().int().nonnegative(),
+  reversedCount: z3.number().int().nonnegative(),
+  availableBalanceKobo: z3.number().int().nonnegative()
+});
+var CollectionStatementSchema = z3.object({
+  accountId: z3.string().uuid(),
+  year: z3.number().int(),
+  month: z3.number().int().min(1).max(12),
+  currency: z3.string().length(3),
+  totalPaidKobo: z3.number().int().nonnegative(),
+  items: z3.array(CollectionPaymentSchema)
+});
+var CreatePayoutInputSchema = z3.object({
+  amountKobo: MoneyKoboSchema,
+  currency: CurrencySchema2.optional(),
+  idempotencyKey: z3.string().trim().min(8).max(160)
+});
+var MerchantPayoutSchema = z3.object({
+  payoutId: z3.string().uuid(),
+  accountId: z3.string().uuid(),
+  amountKobo: MoneyKoboSchema,
+  currency: z3.string().length(3),
+  status: z3.enum(MERCHANT_PAYOUT_STATUSES),
+  idempotencyKey: z3.string().nullable(),
+  ledgerRef: z3.string(),
+  providerReference: z3.string().nullable(),
+  requestedByUserId: z3.string().uuid().nullable(),
+  failureCode: z3.string().nullable(),
+  failureMessage: z3.string().nullable(),
+  createdAtMs: z3.number().int().nonnegative(),
+  updatedAtMs: z3.number().int().nonnegative()
+});
+var ProviderEventInputSchema = z3.object({
+  provider: z3.string().trim().min(1).max(80),
+  eventId: z3.string().trim().min(1).max(160),
+  eventType: z3.string().trim().min(1).max(120),
+  payload: z3.record(z3.unknown()).optional()
+});
+var ProviderEventRecordSchema = z3.object({
+  id: z3.string().uuid(),
+  provider: z3.string(),
+  eventId: z3.string(),
+  eventType: z3.string(),
+  signatureVerified: z3.boolean(),
+  receivedAtMs: z3.number().int().nonnegative(),
+  processedAtMs: z3.number().int().nonnegative().nullable()
+});
+function createCollectionsClient(opts) {
+  const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
+  if (!fetchImpl) {
+    throw new Error(
+      "createCollectionsClient: no fetch implementation available"
+    );
+  }
+  const baseUrl = opts.baseUrl.replace(/\/$/, "");
+  async function call(method, path, body, parser) {
+    const init2 = {
+      method,
+      headers: { accept: "application/json" }
+    };
+    if (body !== void 0) {
+      init2.body = JSON.stringify(body);
+      init2.headers = { ...init2.headers, "content-type": "application/json" };
+    }
+    const resp = await fetchImpl(`${baseUrl}${path}`, init2);
+    const text = await resp.text();
+    let raw;
+    if (text) {
+      try {
+        raw = JSON.parse(text);
+      } catch {
+        raw = text;
+      }
+    }
+    if (!resp.ok) {
+      const code = raw && typeof raw === "object" && "code" in raw && typeof raw.code === "string" ? raw.code : `http_${resp.status}`;
+      const message = raw && typeof raw === "object" && "message" in raw && typeof raw.message === "string" ? raw.message : `request failed with status ${resp.status}`;
+      throw new FlurApiError(resp.status, code, message, raw);
+    }
+    return parser(raw);
+  }
+  return {
+    upsertMerchantProfile: (accountId, input) => call(
+      "PUT",
+      `/v1/accounts/${encodeURIComponent(accountId)}/merchant-profile`,
+      UpsertMerchantProfileInputSchema.parse(input),
+      (raw) => MerchantProfileSchema.parse(raw)
+    ),
+    getMerchantProfile: (accountId) => call(
+      "GET",
+      `/v1/accounts/${encodeURIComponent(accountId)}/merchant-profile`,
+      void 0,
+      (raw) => MerchantProfileSchema.parse(raw)
+    ),
+    createIntent: (input) => call(
+      "POST",
+      "/v1/collections/intents",
+      CreateCollectionIntentInputSchema.parse(input),
+      (raw) => CollectionIntentSchema.parse(raw)
+    ),
+    getIntent: (intentId) => call(
+      "GET",
+      `/v1/collections/intents/${encodeURIComponent(intentId)}`,
+      void 0,
+      (raw) => CollectionIntentSchema.parse(raw)
+    ),
+    resolveIntent: (reference) => call(
+      "GET",
+      `/v1/collections/resolve/${encodeURIComponent(reference)}`,
+      void 0,
+      (raw) => PublicCollectionIntentSchema.parse(raw)
+    ),
+    pay: (input) => call(
+      "POST",
+      "/v1/collections/pay",
+      PayCollectionInputSchema.parse(input),
+      (raw) => CollectionPaymentResultSchema.parse(raw)
+    ),
+    reportSummary: (input) => {
+      const qs = new URLSearchParams({
+        fromMs: String(input.fromMs),
+        toMs: String(input.toMs)
+      });
+      if (input.currency) qs.set("currency", input.currency);
+      return call(
+        "GET",
+        `/v1/collections/reports/summary?${qs.toString()}`,
+        void 0,
+        (raw) => CollectionReportSummarySchema.parse(raw)
+      );
+    },
+    monthlyStatement: (input) => {
+      const qs = new URLSearchParams({
+        year: String(input.year),
+        month: String(input.month)
+      });
+      if (input.currency) qs.set("currency", input.currency);
+      return call(
+        "GET",
+        `/v1/collections/statements/monthly?${qs.toString()}`,
+        void 0,
+        (raw) => CollectionStatementSchema.parse(raw)
+      );
+    },
+    createPayout: (input) => call(
+      "POST",
+      "/v1/collections/payouts",
+      CreatePayoutInputSchema.parse(input),
+      (raw) => MerchantPayoutSchema.parse(raw)
+    ),
+    getPayout: (payoutId) => call(
+      "GET",
+      `/v1/collections/payouts/${encodeURIComponent(payoutId)}`,
+      void 0,
+      (raw) => MerchantPayoutSchema.parse(raw)
+    ),
+    recordProviderEvent: (input) => call(
+      "POST",
+      "/v1/collections/provider-events",
+      ProviderEventInputSchema.parse(input),
+      (raw) => ProviderEventRecordSchema.parse(raw)
+    )
+  };
+}
+function createPartnerCollectionsClient(opts) {
+  const client = createCollectionsClient(opts);
+  return {
+    createIntent: client.createIntent,
+    getIntent: client.getIntent,
+    reportSummary: client.reportSummary,
+    monthlyStatement: client.monthlyStatement,
+    createPayout: client.createPayout,
+    getPayout: client.getPayout,
+    recordProviderEvent: client.recordProviderEvent
+  };
+}
+function createConsumerCollectionsClient(opts) {
+  const client = createCollectionsClient(opts);
+  return {
+    resolveIntent: client.resolveIntent,
+    pay: client.pay
+  };
+}
+
 // src/client.ts
 var FlurClient = class {
   baseUrl;
@@ -396,10 +735,20 @@ var FlurClient = class {
     this.getExtraHeaders = opts.getExtraHeaders;
   }
   async health() {
-    return this.requestJson("/health", { method: "GET" }, void 0, HealthResponseSchema);
+    return this.requestJson(
+      "/health",
+      { method: "GET" },
+      void 0,
+      HealthResponseSchema
+    );
   }
   async welcome() {
-    return this.requestJson("/welcome", { method: "GET" }, void 0, WelcomeResponseSchema);
+    return this.requestJson(
+      "/welcome",
+      { method: "GET" },
+      void 0,
+      WelcomeResponseSchema
+    );
   }
   async onboardingStart(input) {
     return this.requestJson(
@@ -544,24 +893,33 @@ var FlurClient = class {
   }
   async registerBiometricDeviceKey(input) {
     const publicKey = await input.signer.getOrCreateKeyPair(input.deviceId);
-    return this.registerSendDeviceKey({
-      userId: input.userId,
-      deviceId: input.deviceId,
-      publicKey
-    }, { accessToken: input.accessToken });
+    return this.registerSendDeviceKey(
+      {
+        userId: input.userId,
+        deviceId: input.deviceId,
+        publicKey
+      },
+      { accessToken: input.accessToken }
+    );
   }
   async authorizeSendWithBiometric(input) {
-    const challenge = await this.createSendChallenge({
-      userId: input.userId,
-      deviceId: input.deviceId
-    }, { accessToken: input.accessToken });
+    const challenge = await this.createSendChallenge(
+      {
+        userId: input.userId,
+        deviceId: input.deviceId
+      },
+      { accessToken: input.accessToken }
+    );
     const signature = await input.signer.sign(challenge.nonce);
-    return this.verifySendChallenge({
-      userId: input.userId,
-      deviceId: input.deviceId,
-      challengeId: challenge.challengeId,
-      signature
-    }, { accessToken: input.accessToken });
+    return this.verifySendChallenge(
+      {
+        userId: input.userId,
+        deviceId: input.deviceId,
+        challengeId: challenge.challengeId,
+        signature
+      },
+      { accessToken: input.accessToken }
+    );
   }
   async resolveRecipient(input, options) {
     return this.requestJson(
@@ -612,6 +970,36 @@ var FlurClient = class {
       }
     );
   }
+  async resolveCollection(reference, options) {
+    return this.requestJson(
+      `/v1/collections/resolve/${encodeURIComponent(reference)}`,
+      {
+        method: "GET",
+        headers: {
+          authorization: `Bearer ${options.accessToken}`
+        }
+      },
+      void 0,
+      PublicCollectionIntentSchema
+    );
+  }
+  async payCollection(input, options) {
+    const idempotencyKey = input.idempotencyKey ?? options.idempotencyKey ?? getSecureRandomUuid();
+    return this.requestJson(
+      "/v1/collections/pay",
+      {
+        method: "POST",
+        headers: {
+          "content-type": "application/json",
+          authorization: `Bearer ${options.accessToken}`,
+          "x-idempotency-key": idempotencyKey
+        }
+      },
+      PayCollectionInputSchema,
+      CollectionPaymentResultSchema,
+      { ...input, idempotencyKey }
+    );
+  }
   async accountSummary(options) {
     return this.requestJson(
       "/api/v1/account/summary",
@@ -710,7 +1098,7 @@ var FlurClient = class {
     try {
       body = requestSchema ? JSON.stringify(requestSchema.parse(input)) : init2.body;
     } catch (err) {
-      if (err instanceof z3.ZodError) {
+      if (err instanceof z4.ZodError) {
         throw new FlurError("Invalid request payload", "INVALID_REQUEST", {
           details: err.flatten()
         });
@@ -726,17 +1114,26 @@ var FlurClient = class {
         ...init2.headers,
         ...extraHeaders
       };
-      const res = await this.fetchImpl(url, { ...init2, headers: finalHeaders, body, signal: controller.signal });
+      const res = await this.fetchImpl(url, {
+        ...init2,
+        headers: finalHeaders,
+        body,
+        signal: controller.signal
+      });
       if (!res.ok) throw await mapToFlurError(res);
       const payload = await res.json();
       if (!responseSchema) return payload;
       try {
         return responseSchema.parse(payload);
       } catch (err) {
-        if (err instanceof z3.ZodError) {
-          throw new FlurError("SDK contract validation failed", "INVALID_REQUEST", {
-            details: err.flatten()
-          });
+        if (err instanceof z4.ZodError) {
+          throw new FlurError(
+            "SDK contract validation failed",
+            "INVALID_REQUEST",
+            {
+              details: err.flatten()
+            }
+          );
         }
         throw err;
       }
@@ -745,7 +1142,9 @@ var FlurClient = class {
         throw new FlurError("Request timed out", "TIMEOUT");
       }
       if (err instanceof FlurError) throw err;
-      throw new FlurError("Network error", "NETWORK_ERROR", { details: String(err) });
+      throw new FlurError("Network error", "NETWORK_ERROR", {
+        details: String(err)
+      });
     } finally {
       clearTimeout(t);
     }
@@ -755,7 +1154,10 @@ function getSecureRandomUuid() {
   if (typeof globalThis.crypto?.randomUUID === "function") {
     return globalThis.crypto.randomUUID();
   }
-  throw new FlurError("Secure UUID generator unavailable; provide idempotencyKey", "INVALID_REQUEST");
+  throw new FlurError(
+    "Secure UUID generator unavailable; provide idempotencyKey",
+    "INVALID_REQUEST"
+  );
 }
 
 // src/nqr/fields.ts
@@ -1182,24 +1584,24 @@ function verifyCanonical(value, signature, publicKey) {
 }
 
 // src/offline/oac.ts
-import { z as z4 } from "zod";
+import { z as z5 } from "zod";
 var OAC_DEFAULT_PER_TX_KOBO = 5e5;
 var OAC_DEFAULT_CUMULATIVE_KOBO = 2e6;
 var OAC_DEFAULT_VALIDITY_MS = 24 * 60 * 60 * 1e3;
-var HexString = (length) => z4.string().regex(
+var HexString = (length) => z5.string().regex(
   new RegExp(`^[0-9a-fA-F]{${length * 2}}$`),
   `expected ${length}-byte hex string`
 );
-var OACSchema = z4.object({
-  userId: z4.string().min(1),
-  deviceId: z4.string().min(1),
+var OACSchema = z5.object({
+  userId: z5.string().min(1),
+  deviceId: z5.string().min(1),
   devicePublicKey: HexString(32),
-  perTxCapKobo: z4.number().int().nonnegative(),
-  cumulativeCapKobo: z4.number().int().nonnegative(),
-  validFromMs: z4.number().int().nonnegative(),
-  validUntilMs: z4.number().int().positive(),
-  counterSeed: z4.number().int().nonnegative(),
-  nonce: z4.string().min(1),
+  perTxCapKobo: z5.number().int().nonnegative(),
+  cumulativeCapKobo: z5.number().int().nonnegative(),
+  validFromMs: z5.number().int().nonnegative(),
+  validUntilMs: z5.number().int().positive(),
+  counterSeed: z5.number().int().nonnegative(),
+  nonce: z5.string().min(1),
   issuerSig: HexString(64)
 }).refine((v) => v.validUntilMs > v.validFromMs, {
   message: "validUntilMs must be greater than validFromMs"
@@ -1306,19 +1708,19 @@ function decodeBase45(s) {
 }
 
 // src/offline/messages.ts
-import { z as z5 } from "zod";
-var HexSig = z5.string().regex(/^[0-9a-fA-F]{128}$/, "expected 64-byte hex signature");
-var OfflinePaymentRequestSchema = z5.object({
-  reference: z5.string().min(1),
-  amountKobo: z5.number().int().positive(),
+import { z as z6 } from "zod";
+var HexSig = z6.string().regex(/^[0-9a-fA-F]{128}$/, "expected 64-byte hex signature");
+var OfflinePaymentRequestSchema = z6.object({
+  reference: z6.string().min(1),
+  amountKobo: z6.number().int().positive(),
   merchantOAC: OACSchema,
-  expiresAtMs: z5.number().int().positive(),
+  expiresAtMs: z6.number().int().positive(),
   merchantSig: HexSig
 });
-var OfflinePaymentAuthorizationSchema = z5.object({
+var OfflinePaymentAuthorizationSchema = z6.object({
   request: OfflinePaymentRequestSchema,
   payerOAC: OACSchema,
-  payerCounter: z5.number().int().positive(),
+  payerCounter: z6.number().int().positive(),
   payerSig: HexSig
 });
 function buildPaymentRequest(input) {
@@ -1427,56 +1829,56 @@ function decodeAuthorizationQR(s) {
 }
 
 // src/offline/settlements.ts
-import { z as z6 } from "zod";
+import { z as z7 } from "zod";
 import { sha256 } from "@noble/hashes/sha256";
 import { bytesToHex as bytesToHex2 } from "@noble/hashes/utils";
-var OfflineTokenSchema = z6.object({
-  tokenId: z6.string().uuid(),
-  tokenSerial: z6.string(),
-  issuerAccountId: z6.string().uuid(),
-  payerUserId: z6.string().uuid(),
-  maxAmountKobo: z6.number().int().positive(),
-  currency: z6.string().length(3),
-  issuedAtMs: z6.number().int().nonnegative(),
-  expiresAtMs: z6.number().int().nonnegative(),
-  issuerSig: z6.string()
-});
-var PaymentClaimSchema = z6.object({
-  encounterId: z6.string().regex(/^[0-9a-f]{64}$/i).optional(),
-  tokenSerial: z6.string(),
-  payerUserId: z6.string().uuid(),
-  payeeUserId: z6.string().uuid(),
-  payerNonce: z6.string(),
-  payeeNonce: z6.string(),
-  amountKobo: z6.number().int().positive(),
-  currency: z6.string().length(3).default("NGN"),
-  occurredAtMs: z6.number().int().nonnegative(),
-  completedAtMs: z6.number().int().nonnegative().optional(),
-  contextId: z6.string().optional(),
-  payerPubkey: z6.string().regex(/^[0-9a-f]{64}$/i),
-  payerSignature: z6.string().regex(/^[0-9a-f]+$/i),
-  payeePubkey: z6.string().regex(/^[0-9a-f]{64}$/i).optional(),
-  payeeSignature: z6.string().regex(/^[0-9a-f]+$/i).optional()
-});
-var SettlementSchema = z6.object({
-  settlementId: z6.string().uuid(),
-  settlementKey: z6.string().regex(/^[0-9a-f]{64}$/i),
-  encounterId: z6.string().regex(/^[0-9a-f]{64}$/i),
-  issuerAccountId: z6.string().uuid(),
-  tokenSerial: z6.string(),
-  payerUserId: z6.string().uuid(),
-  payeeUserId: z6.string().uuid(),
-  amountKobo: z6.number().int().nonnegative(),
-  currency: z6.string().length(3),
-  receiptId: z6.string().nullable(),
-  status: z6.enum(["SETTLED", "REVIEW", "REJECTED"]),
-  issuerSig: z6.string(),
-  createdAtMs: z6.number().int().nonnegative()
-});
-var SettleResponseSchema = z6.object({
+var OfflineTokenSchema = z7.object({
+  tokenId: z7.string().uuid(),
+  tokenSerial: z7.string(),
+  issuerAccountId: z7.string().uuid(),
+  payerUserId: z7.string().uuid(),
+  maxAmountKobo: z7.number().int().positive(),
+  currency: z7.string().length(3),
+  issuedAtMs: z7.number().int().nonnegative(),
+  expiresAtMs: z7.number().int().nonnegative(),
+  issuerSig: z7.string()
+});
+var PaymentClaimSchema = z7.object({
+  encounterId: z7.string().regex(/^[0-9a-f]{64}$/i).optional(),
+  tokenSerial: z7.string(),
+  payerUserId: z7.string().uuid(),
+  payeeUserId: z7.string().uuid(),
+  payerNonce: z7.string(),
+  payeeNonce: z7.string(),
+  amountKobo: z7.number().int().positive(),
+  currency: z7.string().length(3).default("NGN"),
+  occurredAtMs: z7.number().int().nonnegative(),
+  completedAtMs: z7.number().int().nonnegative().optional(),
+  contextId: z7.string().optional(),
+  payerPubkey: z7.string().regex(/^[0-9a-f]{64}$/i),
+  payerSignature: z7.string().regex(/^[0-9a-f]+$/i),
+  payeePubkey: z7.string().regex(/^[0-9a-f]{64}$/i).optional(),
+  payeeSignature: z7.string().regex(/^[0-9a-f]+$/i).optional()
+});
+var SettlementSchema = z7.object({
+  settlementId: z7.string().uuid(),
+  settlementKey: z7.string().regex(/^[0-9a-f]{64}$/i),
+  encounterId: z7.string().regex(/^[0-9a-f]{64}$/i),
+  issuerAccountId: z7.string().uuid(),
+  tokenSerial: z7.string(),
+  payerUserId: z7.string().uuid(),
+  payeeUserId: z7.string().uuid(),
+  amountKobo: z7.number().int().nonnegative(),
+  currency: z7.string().length(3),
+  receiptId: z7.string().nullable(),
+  status: z7.enum(["SETTLED", "REVIEW", "REJECTED"]),
+  issuerSig: z7.string(),
+  createdAtMs: z7.number().int().nonnegative()
+});
+var SettleResponseSchema = z7.object({
   settlement: SettlementSchema,
-  encounterId: z6.string().regex(/^[0-9a-f]{64}$/i),
-  replayed: z6.boolean()
+  encounterId: z7.string().regex(/^[0-9a-f]{64}$/i),
+  replayed: z7.boolean()
 });
 var ENCOUNTER_DOMAIN = "offline:v1:encounter";
 async function sha256Hex(input) {
@@ -1649,126 +2051,344 @@ function createHmacFetch(opts) {
   });
 }
 
-// src/passes/pass.ts
-import { z as z7 } from "zod";
-var PASS_KINDS = [
-  "ride-ticket",
-  "transit-pass",
-  "event-ticket",
-  "voucher",
-  "loyalty",
-  "receipt-link"
-];
-var PASS_STATES = [
-  "issued",
-  "active",
-  "redeemed",
-  "expired",
-  "revoked"
+// src/partner/client.ts
+import { z as z8 } from "zod";
+import { sha256 as sha2563 } from "@noble/hashes/sha256";
+import { hmac as hmac2 } from "@noble/hashes/hmac";
+import { bytesToHex as bytesToHex4 } from "@noble/hashes/utils";
+var PARTNER_SCOPES = [
+  "passes:write",
+  "passes:read",
+  "passes:redeem",
+  "receipts:write",
+  "receipts:read",
+  "offline:issue",
+  "offline:settle",
+  "offline:read",
+  "collections:write",
+  "collections:read",
+  "collections:pay",
+  "collections:webhook",
+  "reports:read",
+  "payouts:write",
+  "payouts:read",
+  "partner:funding:write",
+  "partner:payout:write",
+  "partner:reconciliation:read"
 ];
-var HexString2 = (length) => z7.string().regex(
-  new RegExp(`^[0-9a-fA-F]{${length * 2}}$`),
-  `expected ${length}-byte hex string`
-);
-var PassMetadataSchema = z7.record(
-  z7.union([z7.string(), z7.number(), z7.boolean(), z7.null()])
-);
-var PassSchema = z7.object({
-  passId: z7.string().min(1),
-  /** Optional client/template grouping id (server may omit). */
-  templateId: z7.string().min(1).optional(),
-  /** Optional human-facing holder identity (server may omit). The cryptographic binding
-   *  is `holderDevicePubkey` below. */
-  holderUserId: z7.string().min(1).optional(),
-  kind: z7.enum(PASS_KINDS),
-  issuerId: z7.string().min(1),
-  issuedAtMs: z7.number().int().nonnegative(),
-  validFromMs: z7.number().int().nonnegative(),
-  validUntilMs: z7.number().int().positive(),
-  state: z7.enum(PASS_STATES),
-  metadata: PassMetadataSchema,
-  nonce: z7.string().min(1),
-  /** Device id this pass is bound to (FK to backend `device_keys`). */
-  holderDeviceId: z7.string().min(1),
-  /** 32-byte hex Ed25519 public key of the bound device. The redemption signature
-   *  is verified against this key — it is the security-critical binding. */
-  holderDevicePubkey: HexString2(32),
-  /** Optional fixed amount for monetary passes (vouchers, gift cards) in kobo. */
-  amountKobo: z7.number().int().nonnegative().optional(),
-  /** ISO-4217-ish currency code; required on the wire. SDK builders default to NGN. */
-  currency: z7.string().min(3).max(8),
-  /** Monotonic redemption counter floor. Redemption.counter MUST be > counterSeed. */
-  counterSeed: z7.number().int().nonnegative(),
-  /** Optional cumulative spend cap in kobo across all redemptions of this pass. */
-  cumulativeCapKobo: z7.number().int().nonnegative().optional(),
-  issuerSig: HexString2(64)
-}).refine((v) => v.validUntilMs > v.validFromMs, {
-  message: "validUntilMs must be greater than validFromMs"
+var ApiCredentialPublicSchema = z8.object({
+  id: z8.string().uuid(),
+  accountId: z8.string().uuid(),
+  keyId: z8.string(),
+  scopes: z8.array(z8.enum(PARTNER_SCOPES)),
+  label: z8.string().nullable(),
+  createdAtMs: z8.number().int().nonnegative(),
+  lastUsedAtMs: z8.number().int().nonnegative().nullable(),
+  revokedAtMs: z8.number().int().nonnegative().nullable()
 });
-function buildPass(input) {
-  if (input.validUntilMs <= input.validFromMs) {
-    throw new Error("validUntilMs must be greater than validFromMs");
-  }
-  const out = {
-    passId: input.passId,
-    kind: input.kind,
-    issuerId: input.issuerId,
-    issuedAtMs: input.issuedAtMs,
-    validFromMs: input.validFromMs,
-    validUntilMs: input.validUntilMs,
-    state: input.state,
-    metadata: input.metadata,
-    nonce: input.nonce,
-    holderDeviceId: input.holderDeviceId,
-    holderDevicePubkey: input.holderDevicePubkey,
-    currency: input.currency ?? "NGN",
-    counterSeed: input.counterSeed
-  };
-  if (typeof input.templateId === "string") out.templateId = input.templateId;
-  if (typeof input.holderUserId === "string")
-    out.holderUserId = input.holderUserId;
-  if (typeof input.amountKobo === "number") out.amountKobo = input.amountKobo;
-  if (typeof input.cumulativeCapKobo === "number") {
-    out.cumulativeCapKobo = input.cumulativeCapKobo;
-  }
-  return out;
+var MintedApiCredentialSchema = ApiCredentialPublicSchema.extend({
+  secret: z8.string().min(1)
+});
+var enc = new TextEncoder();
+async function sha256Hex2(input) {
+  const data = typeof input === "string" ? enc.encode(input) : input;
+  return bytesToHex4(sha2563(data));
 }
-function signPass(unsigned, issuerPrivateKey) {
-  const issuerSig = bytesToHex(
-    sign(canonicalJSONBytes(unsigned), issuerPrivateKey)
-  );
-  return { ...unsigned, issuerSig };
+async function hmacSha256Hex(keyHex, message) {
+  return bytesToHex4(hmac2(sha2563, enc.encode(keyHex), enc.encode(message)));
 }
-function verifyPass(pass, issuerPublicKey) {
-  try {
-    const parsed = PassSchema.parse(pass);
-    const { issuerSig, ...unsigned } = parsed;
-    return verify(
-      canonicalJSONBytes(unsigned),
-      hexToBytes(issuerSig),
-      issuerPublicKey
-    );
-  } catch {
-    return false;
-  }
+function defaultNonce2() {
+  const c = globalThis.crypto;
+  if (c?.randomUUID) return c.randomUUID();
+  return `${Date.now().toString(16)}-${Math.random().toString(16).slice(2)}`;
 }
-function isPassWithinValidity(pass, nowMs) {
-  return nowMs >= pass.validFromMs && nowMs < pass.validUntilMs;
+function canonical(params) {
+  return [
+    params.method.toUpperCase(),
+    params.path,
+    params.ts,
+    params.nonce,
+    params.bodyHash
+  ].join("\n");
 }
-
+async function signPartnerRequest(params) {
+  const ts = String(Math.floor((params.nowMs ?? Date.now()) / 1e3));
+  const nonce = params.nonce ?? defaultNonce2();
+  const bodyData = typeof params.body === "string" ? enc.encode(params.body) : params.body ?? new Uint8Array();
+  const bodyHash = await sha256Hex2(bodyData);
+  const message = canonical({
+    method: params.method,
+    path: params.path,
+    ts,
+    nonce,
+    bodyHash
+  });
+  const signingKey = await sha256Hex2(params.secret);
+  const sig = await hmacSha256Hex(signingKey, message);
+  return {
+    authorization: `Flur-Hmac key=${params.keyId}, ts=${ts}, nonce=${nonce}, sig=${sig}`,
+    ts,
+    nonce,
+    bodyHash
+  };
+}
+function createFlurPartnerClient(opts) {
+  const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
+  if (!fetchImpl) {
+    throw new Error(
+      "createFlurPartnerClient: no fetch implementation available"
+    );
+  }
+  const baseUrl = opts.baseUrl.replace(/\/$/, "");
+  const scopeHeader = normalizeScopeHeader(opts.scope);
+  async function makeSignedInit(method, path, body) {
+    const sig = await signPartnerRequest({
+      keyId: opts.keyId,
+      secret: opts.secret,
+      method,
+      path,
+      body: body ?? "",
+      nowMs: opts.nowMs?.(),
+      nonce: opts.nonce?.()
+    });
+    const headers = {
+      authorization: sig.authorization,
+      accept: "application/json"
+    };
+    if (scopeHeader) headers["x-flur-scope"] = scopeHeader;
+    if (body !== void 0) headers["content-type"] = "application/json";
+    const init2 = { method, headers };
+    if (body !== void 0) init2.body = body;
+    return init2;
+  }
+  async function request(opts2) {
+    const bodyStr = opts2.body === void 0 ? void 0 : JSON.stringify(opts2.body);
+    const init2 = await makeSignedInit(opts2.method, opts2.path, bodyStr);
+    const resp = await fetchImpl(`${baseUrl}${opts2.path}`, init2);
+    const text = await resp.text();
+    let raw;
+    if (text) {
+      try {
+        raw = JSON.parse(text);
+      } catch {
+      }
+    }
+    if (!resp.ok) {
+      const code = raw && typeof raw === "object" && "code" in raw && typeof raw.code === "string" ? raw.code : `http_${resp.status}`;
+      const message = raw && typeof raw === "object" && "message" in raw && typeof raw.message === "string" ? raw.message : `request failed with status ${resp.status}`;
+      throw new FlurApiError(resp.status, code, message, raw);
+    }
+    return raw;
+  }
+  const fetchLike = async (input, init2) => {
+    const url = typeof input === "string" ? input : input.toString();
+    const u = new URL(url, baseUrl);
+    const path = `${u.pathname}${u.search}`;
+    const method = (init2?.method ?? "GET").toUpperCase();
+    let bodyStr;
+    if (init2?.body) {
+      bodyStr = typeof init2.body === "string" ? init2.body : init2.body.toString();
+    }
+    const signed = await makeSignedInit(method, path, bodyStr);
+    return fetchImpl(`${baseUrl}${path}`, {
+      ...init2,
+      ...signed,
+      headers: {
+        ...init2?.headers,
+        ...signed.headers
+      }
+    });
+  };
+  return { request, fetch: fetchLike };
+}
+function normalizeScopeHeader(scope) {
+  if (!scope || scope.length === 0) return void 0;
+  const unique = Array.from(new Set(scope));
+  for (const item of unique) {
+    if (!PARTNER_SCOPES.includes(item)) {
+      throw new Error(`unsupported partner scope: ${item}`);
+    }
+  }
+  return unique.join(" ");
+}
+function createApiCredentialsAdminClient(opts) {
+  const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
+  if (!fetchImpl) {
+    throw new Error(
+      "createApiCredentialsAdminClient: no fetch implementation available"
+    );
+  }
+  const baseUrl = opts.baseUrl.replace(/\/$/, "");
+  async function call(method, path, body, parser) {
+    const init2 = {
+      method,
+      headers: {
+        "content-type": "application/json",
+        accept: "application/json"
+      }
+    };
+    if (body !== void 0) init2.body = JSON.stringify(body);
+    const resp = await fetchImpl(`${baseUrl}${path}`, init2);
+    const text = await resp.text();
+    let raw;
+    if (text) {
+      try {
+        raw = JSON.parse(text);
+      } catch {
+      }
+    }
+    if (!resp.ok) {
+      const code = raw && typeof raw === "object" && "code" in raw && typeof raw.code === "string" ? raw.code : `http_${resp.status}`;
+      const message = raw && typeof raw === "object" && "message" in raw && typeof raw.message === "string" ? raw.message : `request failed with status ${resp.status}`;
+      throw new FlurApiError(resp.status, code, message, raw);
+    }
+    return parser(raw);
+  }
+  const listSchema = z8.object({
+    items: z8.array(ApiCredentialPublicSchema)
+  });
+  return {
+    list: (accountId) => call(
+      "GET",
+      `/v1/accounts/${accountId}/api-credentials`,
+      void 0,
+      (raw) => listSchema.parse(raw)
+    ),
+    mint: (accountId, input) => call(
+      "POST",
+      `/v1/accounts/${accountId}/api-credentials`,
+      input,
+      (raw) => MintedApiCredentialSchema.parse(raw)
+    ),
+    revoke: (accountId, credentialId) => call(
+      "DELETE",
+      `/v1/accounts/${accountId}/api-credentials/${credentialId}`,
+      void 0,
+      (raw) => ApiCredentialPublicSchema.parse(raw)
+    )
+  };
+}
+
+// src/passes/pass.ts
+import { z as z9 } from "zod";
+var PASS_KINDS = [
+  "ride-ticket",
+  "transit-pass",
+  "event-ticket",
+  "voucher",
+  "loyalty",
+  "receipt-link"
+];
+var PASS_STATES = [
+  "issued",
+  "active",
+  "redeemed",
+  "expired",
+  "revoked"
+];
+var HexString2 = (length) => z9.string().regex(
+  new RegExp(`^[0-9a-fA-F]{${length * 2}}$`),
+  `expected ${length}-byte hex string`
+);
+var PassMetadataSchema = z9.record(
+  z9.union([z9.string(), z9.number(), z9.boolean(), z9.null()])
+);
+var PassSchema = z9.object({
+  passId: z9.string().min(1),
+  /** Optional client/template grouping id (server may omit). */
+  templateId: z9.string().min(1).optional(),
+  /** Optional human-facing holder identity (server may omit). The cryptographic binding
+   *  is `holderDevicePubkey` below. */
+  holderUserId: z9.string().min(1).optional(),
+  kind: z9.enum(PASS_KINDS),
+  issuerId: z9.string().min(1),
+  issuedAtMs: z9.number().int().nonnegative(),
+  validFromMs: z9.number().int().nonnegative(),
+  validUntilMs: z9.number().int().positive(),
+  state: z9.enum(PASS_STATES),
+  metadata: PassMetadataSchema,
+  nonce: z9.string().min(1),
+  /** Device id this pass is bound to (FK to backend `device_keys`). */
+  holderDeviceId: z9.string().min(1),
+  /** 32-byte hex Ed25519 public key of the bound device. The redemption signature
+   *  is verified against this key — it is the security-critical binding. */
+  holderDevicePubkey: HexString2(32),
+  /** Optional fixed amount for monetary passes (vouchers, gift cards) in kobo. */
+  amountKobo: z9.number().int().nonnegative().optional(),
+  /** ISO-4217-ish currency code; required on the wire. SDK builders default to NGN. */
+  currency: z9.string().min(3).max(8),
+  /** Monotonic redemption counter floor. Redemption.counter MUST be > counterSeed. */
+  counterSeed: z9.number().int().nonnegative(),
+  /** Optional cumulative spend cap in kobo across all redemptions of this pass. */
+  cumulativeCapKobo: z9.number().int().nonnegative().optional(),
+  issuerSig: HexString2(64)
+}).refine((v) => v.validUntilMs > v.validFromMs, {
+  message: "validUntilMs must be greater than validFromMs"
+});
+function buildPass(input) {
+  if (input.validUntilMs <= input.validFromMs) {
+    throw new Error("validUntilMs must be greater than validFromMs");
+  }
+  const out = {
+    passId: input.passId,
+    kind: input.kind,
+    issuerId: input.issuerId,
+    issuedAtMs: input.issuedAtMs,
+    validFromMs: input.validFromMs,
+    validUntilMs: input.validUntilMs,
+    state: input.state,
+    metadata: input.metadata,
+    nonce: input.nonce,
+    holderDeviceId: input.holderDeviceId,
+    holderDevicePubkey: input.holderDevicePubkey,
+    currency: input.currency ?? "NGN",
+    counterSeed: input.counterSeed
+  };
+  if (typeof input.templateId === "string") out.templateId = input.templateId;
+  if (typeof input.holderUserId === "string")
+    out.holderUserId = input.holderUserId;
+  if (typeof input.amountKobo === "number") out.amountKobo = input.amountKobo;
+  if (typeof input.cumulativeCapKobo === "number") {
+    out.cumulativeCapKobo = input.cumulativeCapKobo;
+  }
+  return out;
+}
+function signPass(unsigned, issuerPrivateKey) {
+  const issuerSig = bytesToHex(
+    sign(canonicalJSONBytes(unsigned), issuerPrivateKey)
+  );
+  return { ...unsigned, issuerSig };
+}
+function verifyPass(pass, issuerPublicKey) {
+  try {
+    const parsed = PassSchema.parse(pass);
+    const { issuerSig, ...unsigned } = parsed;
+    return verify(
+      canonicalJSONBytes(unsigned),
+      hexToBytes(issuerSig),
+      issuerPublicKey
+    );
+  } catch {
+    return false;
+  }
+}
+function isPassWithinValidity(pass, nowMs) {
+  return nowMs >= pass.validFromMs && nowMs < pass.validUntilMs;
+}
+
 // src/passes/redemption.ts
-import { z as z8 } from "zod";
-var HexSig2 = z8.string().regex(/^[0-9a-fA-F]{128}$/, "expected 64-byte hex signature");
-var RedemptionSchema = z8.object({
+import { z as z10 } from "zod";
+var HexSig2 = z10.string().regex(/^[0-9a-fA-F]{128}$/, "expected 64-byte hex signature");
+var RedemptionSchema = z10.object({
   pass: PassSchema,
-  redeemerId: z8.string().min(1),
-  redeemedAtMs: z8.number().int().nonnegative(),
+  redeemerId: z10.string().min(1),
+  redeemedAtMs: z10.number().int().nonnegative(),
   /** Strictly monotonic counter scoped to a single pass. Must be > pass.counterSeed
    *  and > the redeemer's lastSeenCounter for this pass. */
-  counter: z8.number().int().positive(),
+  counter: z10.number().int().positive(),
   /** Amount being redeemed in kobo (0 for non-monetary passes like ride tickets). */
-  amountKobo: z8.number().int().nonnegative(),
-  nonce: z8.string().min(1),
+  amountKobo: z10.number().int().nonnegative(),
+  nonce: z10.string().min(1),
   holderSig: HexSig2
 });
 var REDEEMABLE_STATES = /* @__PURE__ */ new Set(["issued", "active"]);
@@ -1854,43 +2474,43 @@ function verifyRedemption(r, issuerPublicKey) {
 }
 
 // src/receipts/receipt.ts
-import { z as z9 } from "zod";
+import { z as z11 } from "zod";
 var RECEIPT_CHANNELS = ["cash", "pass"];
 var RECEIPT_KINDS = RECEIPT_CHANNELS;
-var HexString3 = (length) => z9.string().regex(
+var HexString3 = (length) => z11.string().regex(
   new RegExp(`^[0-9a-fA-F]{${length * 2}}$`),
   `expected ${length}-byte hex string`
 );
-var ReceiptPayloadSchema = z9.record(
-  z9.union([z9.string(), z9.number(), z9.boolean(), z9.null()])
+var ReceiptPayloadSchema = z11.record(
+  z11.union([z11.string(), z11.number(), z11.boolean(), z11.null()])
 );
-var ReceiptSchema = z9.object({
-  receiptId: z9.string().min(1),
-  channel: z9.enum(RECEIPT_CHANNELS),
+var ReceiptSchema = z11.object({
+  receiptId: z11.string().min(1),
+  channel: z11.enum(RECEIPT_CHANNELS),
   /** Cash-channel: send_intents.id. Required when channel === 'cash'. */
-  intentId: z9.string().min(1).optional(),
+  intentId: z11.string().min(1).optional(),
   /** Pass-channel: pass_redemptions.id. Required when channel === 'pass'. */
-  passRedemptionId: z9.string().min(1).optional(),
-  payerUserId: z9.string().min(1),
-  payeeUserId: z9.string().min(1),
-  amountKobo: z9.number().int().nonnegative(),
-  currency: z9.string().min(3).max(8),
-  issuedAtMs: z9.number().int().nonnegative(),
-  issuerId: z9.string().min(1),
+  passRedemptionId: z11.string().min(1).optional(),
+  payerUserId: z11.string().min(1),
+  payeeUserId: z11.string().min(1),
+  amountKobo: z11.number().int().nonnegative(),
+  currency: z11.string().min(3).max(8),
+  issuedAtMs: z11.number().int().nonnegative(),
+  issuerId: z11.string().min(1),
   payload: ReceiptPayloadSchema,
   issuerSig: HexString3(64)
 }).superRefine((v, ctx) => {
   if (v.channel === "cash") {
     if (!v.intentId) {
       ctx.addIssue({
-        code: z9.ZodIssueCode.custom,
+        code: z11.ZodIssueCode.custom,
         message: "cash receipts require intentId",
         path: ["intentId"]
       });
     }
     if (v.passRedemptionId) {
       ctx.addIssue({
-        code: z9.ZodIssueCode.custom,
+        code: z11.ZodIssueCode.custom,
         message: "cash receipts must not carry passRedemptionId",
         path: ["passRedemptionId"]
       });
@@ -1898,14 +2518,14 @@ var ReceiptSchema = z9.object({
   } else if (v.channel === "pass") {
     if (!v.passRedemptionId) {
       ctx.addIssue({
-        code: z9.ZodIssueCode.custom,
+        code: z11.ZodIssueCode.custom,
         message: "pass receipts require passRedemptionId",
         path: ["passRedemptionId"]
       });
     }
     if (v.intentId) {
       ctx.addIssue({
-        code: z9.ZodIssueCode.custom,
+        code: z11.ZodIssueCode.custom,
         message: "pass receipts must not carry intentId",
         path: ["intentId"]
       });
@@ -2156,55 +2776,27 @@ function parseQR(payload) {
   return parseNQR(payload);
 }
 function init(opts) {
-  const signedFetch = createHmacFetch({
-    apiKey: opts.apiKey,
-    apiSecret: opts.apiSecret,
+  const partner = createFlurPartnerClient({
+    baseUrl: opts.baseUrl,
+    keyId: opts.apiKey,
+    secret: opts.apiSecret,
     fetchImpl: opts.fetchImpl,
     scope: opts.scope
   });
+  const signedFetch = partner.fetch;
   const baseUrl = opts.baseUrl.replace(/\/$/, "");
   function subscribeToPayments(s) {
-    const controller = new AbortController();
     let cancelled = false;
-    (async () => {
-      try {
-        const url = `${baseUrl}/v1/payments/subscribe?reference=${encodeURIComponent(s.reference)}`;
-        const resp = await signedFetch(url, {
-          method: "GET",
-          headers: { accept: "text/event-stream" },
-          signal: controller.signal
-        });
-        if (!resp.body) return;
-        const reader = resp.body.getReader();
-        const decoder = new TextDecoder();
-        let buffer = "";
-        while (!cancelled) {
-          const { value, done } = await reader.read();
-          if (done) return;
-          buffer += decoder.decode(value, { stream: true });
-          let idx;
-          while ((idx = buffer.indexOf("\n\n")) >= 0) {
-            const chunk = buffer.slice(0, idx);
-            buffer = buffer.slice(idx + 2);
-            for (const line of chunk.split("\n")) {
-              if (!line.startsWith("data:")) continue;
-              const json = line.slice(5).trim();
-              if (!json) continue;
-              try {
-                s.onEvent(JSON.parse(json));
-              } catch (err) {
-                s.onError?.(err);
-              }
-            }
-          }
-        }
-      } catch (err) {
-        if (!cancelled) s.onError?.(err);
-      }
-    })();
+    queueMicrotask(() => {
+      if (cancelled) return;
+      s.onError?.(
+        new Error(
+          "cash.subscribeToPayments is not available on this backend release; use collections reports or provider webhooks for payment status."
+        )
+      );
+    });
     return () => {
       cancelled = true;
-      controller.abort();
     };
   }
   const cash = {
@@ -2215,6 +2807,10 @@ function init(opts) {
   };
   const passes = createPassesClient({ baseUrl, fetchImpl: signedFetch });
   const receipts = createReceiptsClient({ baseUrl, fetchImpl: signedFetch });
+  const collections = createPartnerCollectionsClient({
+    baseUrl,
+    fetchImpl: signedFetch
+  });
   return {
     // top-level back-compat surface
     generateStaticQR,
@@ -2223,29 +2819,30 @@ function init(opts) {
     subscribeToPayments,
     // namespaces
     cash,
+    collections,
     passes,
     receipts
   };
 }
 
 // src/accounts/client.ts
-import { z as z10 } from "zod";
+import { z as z12 } from "zod";
 var ACCOUNT_TYPES = ["personal", "business", "partner"];
 var ACCOUNT_STATUSES = ["active", "suspended", "closed"];
 var MEMBERSHIP_ROLES = ["owner", "admin", "driver", "staff"];
-var AccountSchema = z10.object({
-  accountId: z10.string().uuid(),
-  type: z10.enum(ACCOUNT_TYPES),
-  displayName: z10.string().min(1),
-  status: z10.enum(ACCOUNT_STATUSES),
-  ownerUserId: z10.string().uuid().nullable(),
-  createdAtMs: z10.number().int().nonnegative()
-});
-var AccountMembershipSchema = z10.object({
-  accountId: z10.string().uuid(),
-  userId: z10.string().uuid(),
-  role: z10.enum(MEMBERSHIP_ROLES),
-  createdAtMs: z10.number().int().nonnegative()
+var AccountSchema = z12.object({
+  accountId: z12.string().uuid(),
+  type: z12.enum(ACCOUNT_TYPES),
+  displayName: z12.string().min(1),
+  status: z12.enum(ACCOUNT_STATUSES),
+  ownerUserId: z12.string().uuid().nullable(),
+  createdAtMs: z12.number().int().nonnegative()
+});
+var AccountMembershipSchema = z12.object({
+  accountId: z12.string().uuid(),
+  userId: z12.string().uuid(),
+  role: z12.enum(MEMBERSHIP_ROLES),
+  createdAtMs: z12.number().int().nonnegative()
 });
 function createAccountsClient(opts) {
   const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
@@ -2278,9 +2875,9 @@ function createAccountsClient(opts) {
     }
     return parser(raw);
   }
-  const itemsSchema = z10.object({ items: z10.array(AccountSchema) });
-  const memberItemsSchema = z10.object({
-    items: z10.array(AccountMembershipSchema)
+  const itemsSchema = z12.object({ items: z12.array(AccountSchema) });
+  const memberItemsSchema = z12.object({
+    items: z12.array(AccountMembershipSchema)
   });
   return {
     listMyAccounts: () => call(
@@ -2311,110 +2908,182 @@ function createAccountsClient(opts) {
   };
 }
 
-// src/partner/client.ts
-import { z as z11 } from "zod";
-import { sha256 as sha2563 } from "@noble/hashes/sha256";
-import { hmac as hmac2 } from "@noble/hashes/hmac";
-import { bytesToHex as bytesToHex4 } from "@noble/hashes/utils";
-var PARTNER_SCOPES = [
-  "passes:write",
-  "passes:read",
-  "passes:redeem",
-  "receipts:write",
-  "receipts:read",
-  "offline:issue",
-  "offline:settle",
-  "offline:read"
-];
-var ApiCredentialPublicSchema = z11.object({
-  id: z11.string().uuid(),
-  accountId: z11.string().uuid(),
-  keyId: z11.string(),
-  scopes: z11.array(z11.enum(PARTNER_SCOPES)),
-  label: z11.string().nullable(),
-  createdAtMs: z11.number().int().nonnegative(),
-  lastUsedAtMs: z11.number().int().nonnegative().nullable(),
-  revokedAtMs: z11.number().int().nonnegative().nullable()
+// src/me-offline/client.ts
+import { z as z13 } from "zod";
+var Hex64 = z13.string().regex(/^[0-9a-f]{64}$/i);
+var HexAny = z13.string().regex(/^[0-9a-f]+$/i);
+var Sha256Hex = z13.string().regex(/^[0-9a-f]{64}$/i);
+var RegisterDeviceKeyInputSchema = z13.object({
+  deviceId: z13.string().min(1).max(128),
+  publicKeyHex: Hex64
 });
-var MintedApiCredentialSchema = ApiCredentialPublicSchema.extend({
-  secret: z11.string().min(1)
+var DeviceKeyRecordSchema = z13.object({
+  id: z13.string().uuid(),
+  userId: z13.string().uuid(),
+  deviceId: z13.string(),
+  publicKeyHex: Hex64,
+  createdAtMs: z13.number().int().nonnegative(),
+  revokedAtMs: z13.number().int().nonnegative().nullable()
 });
-var enc = new TextEncoder();
-async function sha256Hex2(input) {
-  const data = typeof input === "string" ? enc.encode(input) : input;
-  return bytesToHex4(sha2563(data));
-}
-async function hmacSha256Hex(keyHex, message) {
-  return bytesToHex4(hmac2(sha2563, enc.encode(keyHex), enc.encode(message)));
-}
-function defaultNonce2() {
-  const c = globalThis.crypto;
-  if (c?.randomUUID) return c.randomUUID();
-  return `${Date.now().toString(16)}-${Math.random().toString(16).slice(2)}`;
-}
-function canonical(params) {
-  return [
-    params.method.toUpperCase(),
-    params.path,
-    params.ts,
-    params.nonce,
-    params.bodyHash
-  ].join("\n");
-}
-async function signPartnerRequest(params) {
-  const ts = String(Math.floor((params.nowMs ?? Date.now()) / 1e3));
-  const nonce = params.nonce ?? defaultNonce2();
-  const bodyData = typeof params.body === "string" ? enc.encode(params.body) : params.body ?? new Uint8Array();
-  const bodyHash = await sha256Hex2(bodyData);
-  const message = canonical({
-    method: params.method,
-    path: params.path,
-    ts,
-    nonce,
-    bodyHash
-  });
-  const signingKey = await sha256Hex2(params.secret);
-  const sig = await hmacSha256Hex(signingKey, message);
-  return {
-    authorization: `Flur-Hmac key=${params.keyId}, ts=${ts}, nonce=${nonce}, sig=${sig}`,
-    ts,
-    nonce,
-    bodyHash
-  };
-}
-function createFlurPartnerClient(opts) {
+var ConsumerOACSchema = z13.object({
+  oacId: z13.string().uuid(),
+  issuerId: z13.string().min(1).max(64),
+  userId: z13.string().uuid(),
+  deviceId: z13.string().min(1).max(128),
+  devicePubkeyHex: Hex64,
+  perTxCapKobo: z13.number().int().positive(),
+  cumulativeCapKobo: z13.number().int().positive(),
+  currency: z13.string().length(3),
+  validFromMs: z13.number().int().nonnegative(),
+  validUntilMs: z13.number().int().nonnegative(),
+  counterSeed: z13.number().int().nonnegative(),
+  issuedAtMs: z13.number().int().nonnegative()
+});
+var SignedConsumerOACSchema = z13.object({
+  oac: ConsumerOACSchema,
+  issuerSig: HexAny,
+  issuerPublicKeyHex: Hex64
+});
+var OACRecordSchema = SignedConsumerOACSchema.extend({
+  currentOfflineSpentKobo: z13.number().int().nonnegative(),
+  status: z13.enum([
+    "active",
+    "superseded",
+    "expired",
+    "revoked",
+    "disabling",
+    "draining",
+    "closed"
+  ]),
+  supersededAtMs: z13.number().int().nonnegative().nullable(),
+  revokedAtMs: z13.number().int().nonnegative().nullable(),
+  holdId: z13.string().uuid().nullable().optional()
+});
+var IssueOACInputSchema = z13.object({
+  deviceId: z13.string().min(1).max(128),
+  perTxCapKobo: z13.number().int().positive().optional(),
+  cumulativeCapKobo: z13.number().int().positive().optional(),
+  ttlMs: z13.number().int().min(6e4).max(1e3 * 60 * 60 * 24 * 7).optional(),
+  spendableOnlineKobo: z13.number().int().nonnegative().optional()
+});
+var EnableOfflineInputSchema = z13.object({
+  deviceId: z13.string().min(1).max(128),
+  amountKobo: z13.number().int().positive(),
+  perTxCapKobo: z13.number().int().positive().optional(),
+  ttlMs: z13.number().int().min(6e4).max(1e3 * 60 * 60 * 24 * 7).optional(),
+  installId: z13.string().min(1).max(128),
+  partnerId: z13.string().min(1).max(64).optional()
+});
+var DisableOfflineInputSchema = z13.object({
+  deviceId: z13.string().min(1).max(128),
+  installId: z13.string().min(1).max(128).optional(),
+  claims: z13.array(z13.unknown()).max(256).optional()
+});
+var OfflineHoldRecordSchema = z13.object({
+  holdId: z13.string().uuid(),
+  userId: z13.string().uuid(),
+  deviceId: z13.string(),
+  partnerId: z13.string(),
+  adapterKind: z13.string(),
+  externalHoldRef: z13.string().nullable(),
+  amountKobo: z13.number().int().nonnegative(),
+  capturedKobo: z13.number().int().nonnegative(),
+  releasedKobo: z13.number().int().nonnegative(),
+  remainingKobo: z13.number().int().nonnegative(),
+  currency: z13.string().length(3),
+  status: z13.enum([
+    "placing",
+    "active",
+    "disabling",
+    "draining",
+    "closed",
+    "revoked",
+    "failed"
+  ]),
+  installId: z13.string().nullable(),
+  drainDeadlineMs: z13.number().int().nonnegative(),
+  disableRequestedAtMs: z13.number().int().nonnegative().nullable(),
+  createdAtMs: z13.number().int().nonnegative(),
+  closedAtMs: z13.number().int().nonnegative().nullable(),
+  isTrusted: z13.boolean().optional()
+});
+var EnableOfflineResultSchema = z13.object({
+  hold: OfflineHoldRecordSchema,
+  oac: OACRecordSchema
+});
+var DisableOfflineResultSchema = z13.object({
+  hold: OfflineHoldRecordSchema,
+  trusted: z13.boolean(),
+  settledClaims: z13.number().int().nonnegative()
+});
+var OfflineStatusResultSchema = z13.object({
+  hold: OfflineHoldRecordSchema.nullable(),
+  active: OACRecordSchema.nullable()
+});
+var OfflineStateResultSchema = z13.object({
+  active: OACRecordSchema.nullable()
+});
+var ConsumerPaymentClaimSchema = z13.object({
+  oacId: z13.string().uuid(),
+  encounterId: Sha256Hex.optional(),
+  payerUserId: z13.string().uuid(),
+  payeeUserId: z13.string().uuid(),
+  payerDeviceId: z13.string().min(1).max(128),
+  payerNonce: z13.string().min(8).max(128),
+  payeeNonce: z13.string().min(8).max(128),
+  amountKobo: z13.number().int().positive(),
+  currency: z13.string().length(3).default("NGN"),
+  occurredAtMs: z13.number().int().nonnegative(),
+  completedAtMs: z13.number().int().nonnegative().optional(),
+  contextId: z13.string().max(128).optional(),
+  payerPubkeyHex: Hex64,
+  payerSignature: HexAny,
+  payeePubkeyHex: Hex64.optional(),
+  payeeSignature: HexAny.optional()
+});
+var ConsumerSettlementSchema = z13.object({
+  settlementId: z13.string().uuid(),
+  settlementKey: Sha256Hex,
+  encounterId: Sha256Hex,
+  oacId: z13.string().uuid(),
+  payerUserId: z13.string().uuid(),
+  payeeUserId: z13.string().uuid(),
+  amountKobo: z13.number().int().positive(),
+  currency: z13.string().length(3),
+  status: z13.enum(["SETTLED", "REVIEW"]),
+  reviewReason: z13.string().nullable(),
+  ledgerRef: z13.string().nullable(),
+  issuerSig: HexAny,
+  createdAtMs: z13.number().int().nonnegative()
+});
+var ConsumerSettleResultSchema = z13.object({
+  settlement: ConsumerSettlementSchema,
+  encounterId: Sha256Hex,
+  replayed: z13.boolean()
+});
+var RevokeDeviceKeyInputSchema = z13.object({
+  deviceId: z13.string().min(1).max(128),
+  /** Step-up token from /api/v1/auth/send/verify with purpose='offline_revoke'. */
+  sendAuthToken: z13.string().min(16)
+});
+function createMeOfflineClient(opts) {
   const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
   if (!fetchImpl) {
-    throw new Error(
-      "createFlurPartnerClient: no fetch implementation available"
-    );
+    throw new Error("createMeOfflineClient: no fetch implementation available");
   }
   const baseUrl = opts.baseUrl.replace(/\/$/, "");
-  async function makeSignedInit(method, path, body) {
-    const sig = await signPartnerRequest({
-      keyId: opts.keyId,
-      secret: opts.secret,
+  async function call(method, path, body, parser) {
+    const init2 = {
       method,
-      path,
-      body: body ?? "",
-      nowMs: opts.nowMs?.(),
-      nonce: opts.nonce?.()
-    });
-    const headers = {
-      authorization: sig.authorization,
-      accept: "application/json"
+      headers: {
+        "content-type": "application/json",
+        accept: "application/json"
+      }
     };
-    if (body !== void 0) headers["content-type"] = "application/json";
-    const init2 = { method, headers };
-    if (body !== void 0) init2.body = body;
-    return init2;
-  }
-  async function request(opts2) {
-    const bodyStr = opts2.body === void 0 ? void 0 : JSON.stringify(opts2.body);
-    const init2 = await makeSignedInit(opts2.method, opts2.path, bodyStr);
-    const resp = await fetchImpl(`${baseUrl}${opts2.path}`, init2);
+    if (body !== void 0) init2.body = JSON.stringify(body);
+    const resp = await fetchImpl(`${baseUrl}${path}`, init2);
     const text = await resp.text();
-    let raw;
+    let raw = void 0;
     if (text) {
       try {
         raw = JSON.parse(text);
@@ -2426,46 +3095,290 @@ function createFlurPartnerClient(opts) {
       const message = raw && typeof raw === "object" && "message" in raw && typeof raw.message === "string" ? raw.message : `request failed with status ${resp.status}`;
       throw new FlurApiError(resp.status, code, message, raw);
     }
-    return raw;
+    return parser(raw);
   }
-  const fetchLike = async (input, init2) => {
-    const url = typeof input === "string" ? input : input.toString();
-    const u = new URL(url, baseUrl);
-    const path = `${u.pathname}${u.search}`;
-    const method = (init2?.method ?? "GET").toUpperCase();
-    let bodyStr;
-    if (init2?.body) {
-      bodyStr = typeof init2.body === "string" ? init2.body : init2.body.toString();
+  const deviceKeyItems = z13.object({ items: z13.array(DeviceKeyRecordSchema) });
+  return {
+    registerDeviceKey: (input) => call(
+      "POST",
+      "/v1/me/offline/keys",
+      RegisterDeviceKeyInputSchema.parse(input),
+      (raw) => DeviceKeyRecordSchema.parse(raw)
+    ),
+    listDeviceKeys: () => call(
+      "GET",
+      "/v1/me/offline/keys",
+      void 0,
+      (raw) => deviceKeyItems.parse(raw)
+    ),
+    revokeDeviceKey: (input) => call(
+      "POST",
+      "/v1/me/offline/keys/revoke",
+      RevokeDeviceKeyInputSchema.parse(input),
+      () => void 0
+    ),
+    enable: (input) => call(
+      "POST",
+      "/v1/me/offline/enable",
+      EnableOfflineInputSchema.parse(input),
+      (raw) => EnableOfflineResultSchema.parse(raw)
+    ),
+    refresh: (input) => call(
+      "POST",
+      "/v1/me/offline/refresh",
+      IssueOACInputSchema.parse(input),
+      (raw) => OACRecordSchema.parse(raw)
+    ),
+    disable: (input) => call(
+      "POST",
+      "/v1/me/offline/disable",
+      DisableOfflineInputSchema.parse(input),
+      (raw) => DisableOfflineResultSchema.parse(raw)
+    ),
+    getStatus: (deviceId) => {
+      const qs = deviceId ? `?deviceId=${encodeURIComponent(deviceId)}` : "";
+      return call(
+        "GET",
+        `/v1/me/offline/status${qs}`,
+        void 0,
+        (raw) => OfflineStatusResultSchema.parse(raw)
+      );
+    },
+    getState: (deviceId) => {
+      const qs = deviceId ? `?deviceId=${encodeURIComponent(deviceId)}` : "";
+      return call(
+        "GET",
+        `/v1/me/offline/state${qs}`,
+        void 0,
+        (raw) => OfflineStateResultSchema.parse(raw)
+      );
+    },
+    submitClaim: (claim) => call(
+      "POST",
+      "/v1/me/offline/claims",
+      ConsumerPaymentClaimSchema.parse(claim),
+      (raw) => ConsumerSettleResultSchema.parse(raw)
+    )
+  };
+}
+
+// src/partner-funding/client.ts
+import { z as z14 } from "zod";
+var MinorString = z14.string().regex(/^-?\d+$/);
+var PositiveMinor = z14.union([
+  z14.number().int().positive(),
+  z14.string().regex(/^[1-9]\d{0,18}$/)
+]);
+var Currency = z14.string().trim().length(3).transform((v) => v.toUpperCase());
+var Metadata = z14.record(z14.unknown());
+var PARTNER_KINDS = ["bank", "merchant"];
+var CUSTODIAL_MODES = ["agent_of_bank", "flur_virtual_pool"];
+var PARTNER_PROFILE_STATUSES = [
+  "active",
+  "suspended",
+  "closed"
+];
+var PARTNER_FUNDING_DIRECTIONS = ["credit", "debit"];
+var PARTNER_FUNDING_STATUSES = [
+  "pending",
+  "posted",
+  "failed"
+];
+var PAYOUT_DESTINATION_STATUSES = [
+  "pending",
+  "verified",
+  "disabled"
+];
+var WITHDRAWAL_STATES = [
+  "requested",
+  "submitted",
+  "processing",
+  "paid",
+  "failed",
+  "reversed"
+];
+var PartnerProfileSchema = z14.object({
+  partnerAccountId: z14.string().uuid(),
+  kind: z14.enum(PARTNER_KINDS),
+  custodialMode: z14.enum(CUSTODIAL_MODES),
+  displayName: z14.string(),
+  bankCode: z14.string().nullable(),
+  poolAccountNumber: z14.string().nullable(),
+  status: z14.enum(PARTNER_PROFILE_STATUSES),
+  metadata: Metadata,
+  createdAtMs: z14.number().int().nonnegative(),
+  updatedAtMs: z14.number().int().nonnegative()
+});
+var UpsertPartnerProfileInputSchema = z14.object({
+  kind: z14.enum(PARTNER_KINDS),
+  custodialMode: z14.enum(CUSTODIAL_MODES),
+  displayName: z14.string().trim().min(1).max(200),
+  bankCode: z14.string().trim().min(1).max(64).optional(),
+  poolAccountNumber: z14.string().trim().min(1).max(64).optional(),
+  metadata: Metadata.optional()
+});
+var PartnerFundingEventInputSchema = z14.object({
+  externalRef: z14.string().trim().min(8).max(128),
+  direction: z14.enum(PARTNER_FUNDING_DIRECTIONS).optional(),
+  userId: z14.string().uuid().optional(),
+  accountId: z14.string().uuid().optional(),
+  amountMinor: PositiveMinor,
+  currency: Currency,
+  fundingSource: z14.string().trim().min(1).max(64).optional(),
+  providerMetadata: Metadata.optional()
+});
+var PartnerFundingSchema = z14.object({
+  fundingId: z14.string().uuid(),
+  partnerId: z14.string().uuid(),
+  accountId: z14.string().uuid(),
+  userId: z14.string().uuid().nullable(),
+  direction: z14.enum(PARTNER_FUNDING_DIRECTIONS),
+  currency: z14.string(),
+  amountMinor: MinorString,
+  externalRef: z14.string(),
+  status: z14.enum(PARTNER_FUNDING_STATUSES),
+  fundingSource: z14.string(),
+  ledgerRef: z14.string(),
+  providerMetadata: Metadata,
+  createdAtMs: z14.number().int().nonnegative(),
+  updatedAtMs: z14.number().int().nonnegative()
+});
+var IngestFundingResultSchema = z14.object({
+  funding: PartnerFundingSchema,
+  replayed: z14.boolean()
+});
+var PayoutDestinationSchema = z14.object({
+  destinationId: z14.string().uuid(),
+  accountId: z14.string().uuid(),
+  partnerId: z14.string().uuid(),
+  bankCode: z14.string(),
+  accountNumber: z14.string(),
+  accountName: z14.string(),
+  status: z14.enum(PAYOUT_DESTINATION_STATUSES),
+  verifiedAtMs: z14.number().int().nonnegative().nullable(),
+  metadata: Metadata,
+  createdAtMs: z14.number().int().nonnegative(),
+  updatedAtMs: z14.number().int().nonnegative()
+});
+var CreatePayoutDestinationInputSchema = z14.object({
+  partnerId: z14.string().uuid(),
+  bankCode: z14.string().trim().min(1).max(32),
+  accountNumber: z14.string().trim().min(4).max(64),
+  accountName: z14.string().trim().min(1).max(200),
+  metadata: Metadata.optional()
+});
+var ListPayoutDestinationsResultSchema = z14.object({
+  items: z14.array(PayoutDestinationSchema)
+});
+var WithdrawalSchema = z14.object({
+  withdrawalId: z14.string().uuid(),
+  accountId: z14.string().uuid(),
+  userId: z14.string().uuid(),
+  partnerId: z14.string().uuid(),
+  destinationId: z14.string().uuid(),
+  currency: z14.string(),
+  amountMinor: MinorString,
+  state: z14.enum(WITHDRAWAL_STATES),
+  idempotencyKey: z14.string(),
+  providerRef: z14.string().nullable(),
+  lastError: z14.string().nullable(),
+  ledgerRef: z14.string(),
+  reverseLedgerRef: z14.string().nullable(),
+  metadata: Metadata,
+  createdAtMs: z14.number().int().nonnegative(),
+  updatedAtMs: z14.number().int().nonnegative()
+});
+var CreateWithdrawalInputSchema = z14.object({
+  destinationId: z14.string().uuid(),
+  amountMinor: PositiveMinor,
+  currency: Currency,
+  idempotencyKey: z14.string().trim().min(8).max(128),
+  metadata: Metadata.optional()
+});
+var CreateWithdrawalResultSchema = z14.object({
+  withdrawal: WithdrawalSchema,
+  replayed: z14.boolean()
+});
+var PayoutEventInputSchema = z14.object({
+  externalRef: z14.string().trim().min(8).max(128),
+  withdrawalId: z14.string().uuid().optional(),
+  state: z14.enum(["submitted", "processing", "paid", "failed"]),
+  providerRef: z14.string().trim().min(1).max(128).optional(),
+  failureCode: z14.string().trim().max(64).optional(),
+  failureMessage: z14.string().trim().max(512).optional(),
+  providerMetadata: Metadata.optional()
+});
+var RecordPayoutEventResultSchema = z14.object({
+  withdrawal: WithdrawalSchema,
+  replayed: z14.boolean()
+});
+var ReconciliationReportSchema = z14.object({
+  partnerId: z14.string().uuid(),
+  currency: z14.string(),
+  fromMs: z14.number().int().nonnegative(),
+  toMs: z14.number().int().nonnegative(),
+  fundingsCreditMinor: MinorString,
+  fundingsDebitMinor: MinorString,
+  withdrawalsPaidMinor: MinorString,
+  withdrawalsReversedMinor: MinorString,
+  withdrawalsInFlightMinor: MinorString,
+  expectedReserveBalanceMinor: MinorString,
+  actualReserveBalanceMinor: MinorString,
+  imbalanceMinor: MinorString,
+  generatedAtMs: z14.number().int().nonnegative()
+});
+function createPartnerFundingClient(partner) {
+  return {
+    ingestFunding: async (input) => {
+      const body = PartnerFundingEventInputSchema.parse(input);
+      const raw = await partner.request({
+        method: "POST",
+        path: "/v1/partners/fundings",
+        body
+      });
+      return IngestFundingResultSchema.parse(raw);
+    },
+    recordPayoutEvent: async (input) => {
+      const body = PayoutEventInputSchema.parse(input);
+      const raw = await partner.request({
+        method: "POST",
+        path: "/v1/partners/payouts/events",
+        body
+      });
+      return RecordPayoutEventResultSchema.parse(raw);
+    },
+    reconciliation: async (input) => {
+      const qs = new URLSearchParams({
+        currency: input.currency
+      });
+      if (typeof input.fromMs === "number")
+        qs.set("fromMs", String(input.fromMs));
+      if (typeof input.toMs === "number") qs.set("toMs", String(input.toMs));
+      const raw = await partner.request({
+        method: "GET",
+        path: `/v1/partners/reconciliation/daily?${qs.toString()}`
+      });
+      return ReconciliationReportSchema.parse(raw);
     }
-    const signed = await makeSignedInit(method, path, bodyStr);
-    return fetchImpl(`${baseUrl}${path}`, {
-      ...init2,
-      ...signed,
-      headers: {
-        ...init2?.headers,
-        ...signed.headers
-      }
-    });
   };
-  return { request, fetch: fetchLike };
 }
-function createApiCredentialsAdminClient(opts) {
+function createConsumerWithdrawalsClient(opts) {
   const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
   if (!fetchImpl) {
     throw new Error(
-      "createApiCredentialsAdminClient: no fetch implementation available"
+      "createConsumerWithdrawalsClient: no fetch implementation available"
     );
   }
   const baseUrl = opts.baseUrl.replace(/\/$/, "");
   async function call(method, path, body, parser) {
     const init2 = {
       method,
-      headers: {
-        "content-type": "application/json",
-        accept: "application/json"
-      }
+      headers: { accept: "application/json" }
     };
-    if (body !== void 0) init2.body = JSON.stringify(body);
+    if (body !== void 0) {
+      init2.body = JSON.stringify(body);
+      init2.headers = { ...init2.headers, "content-type": "application/json" };
+    }
     const resp = await fetchImpl(`${baseUrl}${path}`, init2);
     const text = await resp.text();
     let raw;
@@ -2473,6 +3386,7 @@ function createApiCredentialsAdminClient(opts) {
       try {
         raw = JSON.parse(text);
       } catch {
+        raw = text;
       }
     }
     if (!resp.ok) {
@@ -2482,30 +3396,85 @@ function createApiCredentialsAdminClient(opts) {
     }
     return parser(raw);
   }
-  const listSchema = z11.object({
-    items: z11.array(ApiCredentialPublicSchema)
-  });
   return {
-    list: (accountId) => call(
+    listDestinations: () => call(
       "GET",
-      `/v1/accounts/${accountId}/api-credentials`,
+      "/v1/me/payout-destinations",
       void 0,
-      (raw) => listSchema.parse(raw)
+      (raw) => ListPayoutDestinationsResultSchema.parse(raw)
     ),
-    mint: (accountId, input) => call(
+    createDestination: (input) => call(
       "POST",
-      `/v1/accounts/${accountId}/api-credentials`,
-      input,
-      (raw) => MintedApiCredentialSchema.parse(raw)
+      "/v1/me/payout-destinations",
+      CreatePayoutDestinationInputSchema.parse(input),
+      (raw) => PayoutDestinationSchema.parse(raw)
     ),
-    revoke: (accountId, credentialId) => call(
-      "DELETE",
-      `/v1/accounts/${accountId}/api-credentials/${credentialId}`,
+    verifyDestination: (destinationId) => call(
+      "POST",
+      `/v1/me/payout-destinations/${encodeURIComponent(destinationId)}/verify`,
+      {},
+      (raw) => PayoutDestinationSchema.parse(raw)
+    ),
+    disableDestination: (destinationId) => call(
+      "POST",
+      `/v1/me/payout-destinations/${encodeURIComponent(destinationId)}/disable`,
+      {},
+      (raw) => PayoutDestinationSchema.parse(raw)
+    ),
+    createWithdrawal: (input) => call(
+      "POST",
+      "/v1/me/withdrawals",
+      CreateWithdrawalInputSchema.parse(input),
+      (raw) => CreateWithdrawalResultSchema.parse(raw)
+    ),
+    getWithdrawal: (withdrawalId) => call(
+      "GET",
+      `/v1/me/withdrawals/${encodeURIComponent(withdrawalId)}`,
       void 0,
-      (raw) => ApiCredentialPublicSchema.parse(raw)
+      (raw) => WithdrawalSchema.parse(raw)
     )
   };
 }
+function createPartnerProfileAdminClient(opts) {
+  const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
+  if (!fetchImpl) {
+    throw new Error(
+      "createPartnerProfileAdminClient: no fetch implementation available"
+    );
+  }
+  const baseUrl = opts.baseUrl.replace(/\/$/, "");
+  return {
+    upsertProfile: async (partnerAccountId, input) => {
+      const body = {
+        partnerAccountId,
+        ...UpsertPartnerProfileInputSchema.parse(input)
+      };
+      const resp = await fetchImpl(`${baseUrl}/v1/partners/profile`, {
+        method: "POST",
+        headers: {
+          "content-type": "application/json",
+          accept: "application/json"
+        },
+        body: JSON.stringify(body)
+      });
+      const text = await resp.text();
+      let raw;
+      if (text) {
+        try {
+          raw = JSON.parse(text);
+        } catch {
+          raw = text;
+        }
+      }
+      if (!resp.ok) {
+        const code = raw && typeof raw === "object" && "code" in raw && typeof raw.code === "string" ? raw.code : `http_${resp.status}`;
+        const message = raw && typeof raw === "object" && "message" in raw && typeof raw.message === "string" ? raw.message : `request failed with status ${resp.status}`;
+        throw new FlurApiError(resp.status, code, message, raw);
+      }
+      return PartnerProfileSchema.parse(raw);
+    }
+  };
+}
 export {
   ACCOUNT_STATUSES,
   ACCOUNT_TYPES,
@@ -2513,6 +3482,29 @@ export {
   AccountMembershipSchema,
   AccountSchema,
   ApiCredentialPublicSchema,
+  COLLECTION_INTENT_STATUSES,
+  COLLECTION_PAYMENT_STATUSES,
+  CUSTODIAL_MODES,
+  CollectionIntentSchema,
+  CollectionPaymentResultSchema,
+  CollectionPaymentSchema,
+  CollectionReportSummarySchema,
+  CollectionStatementSchema,
+  OACRecordSchema as ConsumerOACRecordSchema,
+  ConsumerOACSchema,
+  ConsumerPaymentClaimSchema,
+  ConsumerSettleResultSchema,
+  ConsumerSettlementSchema,
+  CreateCollectionIntentInputSchema,
+  CreatePayoutDestinationInputSchema,
+  CreatePayoutInputSchema,
+  CreateWithdrawalInputSchema,
+  CreateWithdrawalResultSchema,
+  DeviceKeyRecordSchema,
+  DisableOfflineInputSchema,
+  DisableOfflineResultSchema,
+  EnableOfflineInputSchema,
+  EnableOfflineResultSchema,
   FIELD,
   FlurApiError,
   FlurCapExceededError,
@@ -2520,7 +3512,14 @@ export {
   FlurError,
   FlurExpiredError,
   FlurReplayError,
+  IngestFundingResultSchema,
+  IssueOACInputSchema,
+  ListPayoutDestinationsResultSchema,
   MEMBERSHIP_ROLES,
+  MERCHANT_PAYOUT_STATUSES,
+  MERCHANT_PROFILE_STATUSES,
+  MerchantPayoutSchema,
+  MerchantProfileSchema,
   MintedApiCredentialSchema,
   NGN_CURRENCY_CODE,
   NG_COUNTRY_CODE,
@@ -2529,25 +3528,52 @@ export {
   OAC_DEFAULT_CUMULATIVE_KOBO,
   OAC_DEFAULT_PER_TX_KOBO,
   OAC_DEFAULT_VALIDITY_MS,
+  OfflineHoldRecordSchema,
   OfflinePaymentAuthorizationSchema,
   OfflinePaymentRequestSchema,
+  OfflineStateResultSchema,
+  OfflineStatusResultSchema,
   OfflineTokenSchema,
+  PARTNER_FUNDING_DIRECTIONS,
+  PARTNER_FUNDING_STATUSES,
+  PARTNER_KINDS,
+  PARTNER_PROFILE_STATUSES,
   PARTNER_SCOPES,
   PASS_KINDS,
   PASS_STATES,
   PAYLOAD_FORMAT_INDICATOR_VALUE,
+  PAYOUT_DESTINATION_STATUSES,
   POINT_OF_INITIATION,
+  PartnerFundingEventInputSchema,
+  PartnerFundingSchema,
+  PartnerProfileSchema,
   PassMetadataSchema,
   PassSchema,
+  PayCollectionInputSchema,
   PaymentClaimSchema,
+  PayoutDestinationSchema,
+  PayoutEventInputSchema,
+  ProviderEventInputSchema,
+  ProviderEventRecordSchema,
+  PublicCollectionIntentSchema,
   RECEIPT_CHANNELS,
   RECEIPT_KINDS,
   REPLAY_WINDOW_MS,
   ReceiptPayloadSchema,
   ReceiptSchema,
+  ReconciliationReportSchema,
+  RecordPayoutEventResultSchema,
   RedemptionSchema,
+  RegisterDeviceKeyInputSchema,
+  RevokeDeviceKeyInputSchema,
+  SETTLEMENT_SCHEDULES,
   SettleResponseSchema,
   SettlementSchema,
+  SignedConsumerOACSchema,
+  UpsertMerchantProfileInputSchema,
+  UpsertPartnerProfileInputSchema,
+  WITHDRAWAL_STATES,
+  WithdrawalSchema,
   bodySha256Hex,
   buildAuthorization,
   buildOAC,
@@ -2564,9 +3590,16 @@ export {
   crc16ccittHex,
   createAccountsClient,
   createApiCredentialsAdminClient,
+  createCollectionsClient,
+  createConsumerCollectionsClient,
+  createConsumerWithdrawalsClient,
   createFlurPartnerClient,
   createHmacFetch,
+  createMeOfflineClient,
   createOfflineSettlementsClient,
+  createPartnerCollectionsClient,
+  createPartnerFundingClient,
+  createPartnerProfileAdminClient,
   createPassesClient,
   createReceiptsClient,
   decodeAuthorizationQR,