@nokinc-flur/sdk 1.1.5 → 2.1.0

package/dist/index.js

@@ -1,11 +1,201 @@
 // src/client.ts
-import { z as z5 } from "zod";
+import { z as z4 } from "zod";
 
 // src/contracts.ts
-import { z as z2 } from "zod";
-
-// src/me-offline/client.ts
 import { z } from "zod";
+var E164Regex = /^\+[1-9]\d{7,14}$/;
+var UuidSchema = z.string().uuid();
+var IsoDateSchema = z.string().datetime({ offset: true });
+var CurrencySchema = z.string().trim().length(3).transform((value) => value.toUpperCase());
+var HealthResponseSchema = z.object({
+  ok: z.boolean()
+});
+var WelcomeResponseSchema = z.object({
+  message: z.string()
+});
+var OnboardingStartRequestSchema = z.object({
+  phoneE164: z.string().regex(E164Regex),
+  appInstanceId: z.string().min(3),
+  platform: z.enum(["android", "ios", "web"]),
+  turnstileToken: z.string().min(20).optional(),
+  appAttestation: z.object({
+    provider: z.enum(["android", "ios", "web"]),
+    token: z.string().min(24)
+  }).optional(),
+  firstName: z.string().trim().min(1).max(80).optional(),
+  lastName: z.string().trim().min(1).max(80).optional()
+});
+var OnboardingStartResponseSchema = z.object({
+  requestId: z.string().min(1),
+  checkUrl: z.string().url().optional(),
+  expiresInSec: z.number().int().positive(),
+  fallback: z.enum(["SILENT_AUTH", "OTP"])
+});
+var OnboardingCompleteRequestSchema = z.object({
+  requestId: z.string().min(1),
+  code: z.string().min(1).max(32),
+  appInstanceId: z.string().min(3),
+  fingerprintHash: z.string().min(3).optional()
+});
+var OnboardingCompleteResponseSchema = z.object({
+  sessionToken: z.string().min(1),
+  userId: UuidSchema,
+  restricted: z.boolean(),
+  risk_reasons: z.array(
+    z.enum(["SIM_SWAP_RECENT", "ROAMING", "CARRIER_CHANGED"])
+  ),
+  stepUpRequired: z.boolean().optional(),
+  riskStatus: z.enum(["ok", "unavailable"]).optional()
+});
+var RegisterDeviceRequestSchema = z.object({
+  userId: UuidSchema,
+  appInstanceId: z.string().min(3),
+  platform: z.string().min(2),
+  model: z.string().optional(),
+  networkSignals: z.object({
+    ip: z.string().min(3),
+    asn: z.number().int().optional(),
+    country: z.string().min(2).optional(),
+    carrier: z.string().optional()
+  })
+});
+var RegisterDeviceResponseSchema = z.object({
+  deviceId: z.string().min(1),
+  fingerprintHash: z.string().min(1),
+  driftScore: z.number(),
+  trustState: z.enum(["TRUSTED_PRIMARY", "TRUSTED_SECONDARY", "UNVERIFIED"]),
+  stepUpRequired: z.boolean()
+});
+var AuthRefreshRequestSchema = z.object({
+  userId: UuidSchema,
+  refreshToken: z.string().min(8),
+  appInstanceId: z.string().min(3),
+  fingerprintHash: z.string().min(3)
+});
+var AuthRefreshResponseSchema = z.object({
+  refreshToken: z.string().min(8),
+  stepUpRequired: z.boolean()
+});
+var AuthLogoutRequestSchema = z.object({
+  userId: UuidSchema,
+  refreshToken: z.string().min(8)
+});
+var PinSetRequestSchema = z.object({
+  userId: UuidSchema,
+  pin: z.string().regex(/^\d{6}$/)
+});
+var PinVerifyRequestSchema = z.object({
+  userId: UuidSchema,
+  pin: z.string().regex(/^\d{6}$/)
+});
+var OkResponseSchema = z.object({
+  ok: z.boolean()
+});
+var RegisterSendDeviceKeyRequestSchema = z.object({
+  userId: UuidSchema,
+  deviceId: z.string().min(3),
+  publicKey: z.string().min(32)
+});
+var SEND_AUTH_PURPOSES = ["send_money", "offline_revoke"];
+var SendChallengeRequestSchema = z.object({
+  userId: UuidSchema,
+  deviceId: z.string().min(3),
+  purpose: z.enum(SEND_AUTH_PURPOSES).optional()
+});
+var SendChallengeResponseSchema = z.object({
+  challengeId: UuidSchema,
+  nonce: z.string().min(1),
+  expiresAt: IsoDateSchema
+});
+var SendVerifyRequestSchema = z.object({
+  userId: UuidSchema,
+  deviceId: z.string().min(3),
+  challengeId: UuidSchema,
+  signature: z.string().min(16)
+});
+var SendVerifyResponseSchema = z.object({
+  sendAuthToken: z.string().min(16)
+});
+var ResolveRecipientRequestSchema = z.object({
+  identifier: z.string().min(3)
+});
+var ResolveRecipientResponseSchema = z.object({
+  recipientUserId: UuidSchema,
+  displayName: z.string().min(1),
+  normalizedIdentifier: z.string().regex(E164Regex),
+  isActive: z.boolean()
+});
+var CreateTransferRequestSchema = z.object({
+  recipientIdentifier: z.string().min(3),
+  amountMinor: z.number().int().positive(),
+  currency: CurrencySchema,
+  sendAuthToken: z.string().min(16)
+});
+var TransferStatusSchema = z.enum(["SETTLED", "PENDING_REVIEW", "DECLINED"]);
+var TransferResponseSchema = z.object({
+  transactionId: z.string().min(1),
+  status: TransferStatusSchema,
+  userStatus: TransferStatusSchema,
+  recipientName: z.string().min(1),
+  timestamp: IsoDateSchema
+});
+var DirectionSchema = z.enum(["OUTGOING", "INCOMING"]);
+var AccountActivityItemSchema = z.object({
+  id: z.string().min(1),
+  type: z.string().min(1),
+  direction: DirectionSchema,
+  name: z.string().min(1),
+  identifier: z.string().min(1),
+  amountMinor: z.number().int(),
+  currency: CurrencySchema,
+  status: z.string().min(1),
+  timestamp: IsoDateSchema
+});
+var AccountSummaryResponseSchema = z.object({
+  /** Authenticated user's stable internal id. */
+  userId: UuidSchema,
+  /**
+   * 10-digit Nigeria Uniform Bank Account Number (NUBAN) allocated by the
+   * bank partner. `null` when the user has no partner-allocated account yet.
+   */
+  nuban: z.string().regex(/^[0-9]{10}$/).nullable(),
+  balance: z.number().int(),
+  currency: CurrencySchema,
+  dailySendLimit: z.number().int().nonnegative(),
+  dailySendRemaining: z.number().int().nonnegative(),
+  kycTier: z.string().min(1),
+  kycStatus: z.string().min(1),
+  recentActivity: z.array(AccountActivityItemSchema)
+});
+var TransactionsListResponseSchema = z.object({
+  items: z.array(AccountActivityItemSchema),
+  nextCursor: z.string().nullable()
+});
+var TransactionDetailResponseSchema = z.object({
+  transactionId: z.string().min(1),
+  type: z.string().min(1),
+  direction: DirectionSchema,
+  counterpartyName: z.string().min(1),
+  counterpartyIdentifier: z.string().min(1),
+  amountMinor: z.number().int(),
+  currency: CurrencySchema,
+  status: z.string().min(1),
+  timestamp: IsoDateSchema
+});
+var PushRegisterRequestSchema = z.object({
+  deviceId: z.string().min(3),
+  platform: z.enum(["ios", "android", "web"]),
+  token: z.string().min(16)
+});
+var CreatePayLinkResponseSchema = z.object({
+  token: z.string().min(1)
+});
+var ResolvePayLinkResponseSchema = z.object({
+  recipientUserId: UuidSchema,
+  displayName: z.string().min(1),
+  normalizedIdentifier: z.string().regex(E164Regex),
+  isActive: z.boolean()
+});
 
 // src/errors.ts
 var backendErrorCodeSet = /* @__PURE__ */ new Set([
@@ -109,556 +299,9 @@ async function mapToFlurError(res) {
   });
 }
 
-// src/me-offline/client.ts
-var Hex64 = z.string().regex(/^[0-9a-f]{64}$/i);
-var Sha256Hex = z.string().regex(/^[0-9a-f]{64}$/i);
-var Base64Std = z.string().regex(/^[A-Za-z0-9+/]+={0,2}$/);
-var RegisterDeviceKeyInputSchema = z.object({
-  deviceId: z.string().min(1).max(128),
-  publicKeyHex: Hex64
-});
-var AttestationSecurityLevelSchema = z.enum([
-  "STRONGBOX",
-  "TEE",
-  "SECURE_ENCLAVE",
-  "SOFTWARE"
-]);
-var DeviceKeyAlgSchema = z.literal("p256");
-var RegisterDeviceKeyP256InputSchema = z.object({
-  deviceId: z.string().min(1).max(128),
-  /** P-256 SubjectPublicKeyInfo DER, base64. */
-  publicKeySpkiB64: Base64Std.min(64).max(4096),
-  /** Base64 of the server-issued enrollment challenge string. */
-  challengeB64: Base64Std.min(8).max(1024),
-  /** iOS App Attest payload or Android X.509 Key Attestation chain. */
-  attestationChainB64: z.array(Base64Std.min(16).max(16384)).min(1).max(16),
-  securityLevel: AttestationSecurityLevelSchema
-});
-var P256EnrollmentChallengeInputSchema = z.object({
-  deviceId: z.string().min(1).max(128)
-});
-var P256EnrollmentChallengeResultSchema = z.object({
-  challenge: z.string().min(16),
-  expiresAtMs: z.number().int().positive()
-});
-var DeviceKeyRecordSchema = z.object({
-  id: z.string().uuid(),
-  userId: z.string().uuid(),
-  deviceId: z.string(),
-  /** Always 'p256' on the consumer offline rail. Field retained for forward-compat. */
-  alg: DeviceKeyAlgSchema.default("p256"),
-  /** Legacy ed25519 hex key. Always null on new records (kept for back-compat reads). */
-  publicKeyHex: Hex64.nullable().default(null),
-  /** P-256 SubjectPublicKeyInfo DER, base64. Required for new records. */
-  publicKeySpkiB64: Base64Std.nullable().default(null),
-  securityLevel: AttestationSecurityLevelSchema.nullable().default(null),
-  hardwareBacked: z.boolean().default(false),
-  attestedAtMs: z.number().int().nonnegative().nullable().default(null),
-  createdAtMs: z.number().int().nonnegative(),
-  revokedAtMs: z.number().int().nonnegative().nullable()
-});
-var ConsumerOACSchema = z.object({
-  oacId: z.string().uuid(),
-  issuerId: z.string().min(1).max(64),
-  userId: z.string().uuid(),
-  deviceId: z.string().min(1).max(128),
-  /**
-   * Always 'p256'. Required on the wire (backend always emits it).
-   * Kept as a literal so input/output infer identically and the schema
-   * can be nested inside other response shapes without Zod input/output
-   * divergence under tsup DTS bundling.
-   */
-  alg: z.literal("p256"),
-  /** P-256 SubjectPublicKeyInfo DER, base64. */
-  devicePubkeySpkiB64: Base64Std.min(64).max(4096),
-  perTxCapKobo: z.number().int().positive(),
-  cumulativeCapKobo: z.number().int().positive(),
-  currency: z.string().length(3),
-  validFromMs: z.number().int().nonnegative(),
-  validUntilMs: z.number().int().nonnegative(),
-  counterSeed: z.number().int().nonnegative(),
-  issuedAtMs: z.number().int().nonnegative()
-});
-var SignedConsumerOACSchema = z.object({
-  oac: ConsumerOACSchema,
-  /** ASN.1 DER ECDSA P-256 issuer signature, base64. */
-  issuerSig: Base64Std.min(16).max(2048),
-  /** Issuer's P-256 public key as SubjectPublicKeyInfo DER, base64. */
-  issuerPublicKeySpkiB64: Base64Std.min(64).max(4096)
-});
-var OACRecordSchema = SignedConsumerOACSchema.extend({
-  currentOfflineSpentKobo: z.number().int().nonnegative(),
-  status: z.enum([
-    "active",
-    "superseded",
-    "expired",
-    "revoked",
-    "disabling",
-    "draining",
-    "closed"
-  ]),
-  supersededAtMs: z.number().int().nonnegative().nullable(),
-  revokedAtMs: z.number().int().nonnegative().nullable(),
-  holdId: z.string().uuid().nullable().optional()
-});
-var IssueOACInputSchema = z.object({
-  deviceId: z.string().min(1).max(128),
-  perTxCapKobo: z.number().int().positive().optional(),
-  cumulativeCapKobo: z.number().int().positive().optional(),
-  ttlMs: z.number().int().min(6e4).max(1e3 * 60 * 60 * 24 * 7).optional(),
-  spendableOnlineKobo: z.number().int().nonnegative().optional()
-});
-var IssueAccountOacInputSchema = z.object({
-  deviceId: z.string().min(1).max(128),
-  perTxCapKobo: z.number().int().positive().optional(),
-  cumulativeCapKobo: z.number().int().positive().optional(),
-  ttlMs: z.number().int().min(6e4).max(1e3 * 60 * 60 * 24 * 7).optional()
-});
-var EnableOfflineInputSchema = z.object({
-  deviceId: z.string().min(1).max(128),
-  amountKobo: z.number().int().positive(),
-  perTxCapKobo: z.number().int().positive().optional(),
-  ttlMs: z.number().int().min(6e4).max(1e3 * 60 * 60 * 24 * 7).optional(),
-  installId: z.string().min(1).max(128),
-  partnerId: z.string().min(1).max(64).optional()
-});
-var ProvisionOfflineAllowanceInputSchema = EnableOfflineInputSchema;
-var DisableOfflineInputSchema = z.object({
-  deviceId: z.string().min(1).max(128),
-  installId: z.string().min(1).max(128).optional(),
-  claims: z.array(z.unknown()).max(256).optional()
-});
-var OfflineHoldRecordSchema = z.object({
-  holdId: z.string().uuid(),
-  userId: z.string().uuid(),
-  deviceId: z.string(),
-  partnerId: z.string(),
-  adapterKind: z.string(),
-  externalHoldRef: z.string().nullable(),
-  amountKobo: z.number().int().nonnegative(),
-  capturedKobo: z.number().int().nonnegative(),
-  releasedKobo: z.number().int().nonnegative(),
-  remainingKobo: z.number().int().nonnegative(),
-  currency: z.string().length(3),
-  status: z.enum([
-    "placing",
-    "active",
-    "disabling",
-    "draining",
-    "closed",
-    "revoked",
-    "failed"
-  ]),
-  installId: z.string().nullable(),
-  drainDeadlineMs: z.number().int().nonnegative(),
-  disableRequestedAtMs: z.number().int().nonnegative().nullable(),
-  createdAtMs: z.number().int().nonnegative(),
-  closedAtMs: z.number().int().nonnegative().nullable(),
-  isTrusted: z.boolean().optional()
-});
-var EnableOfflineResultSchema = z.object({
-  hold: OfflineHoldRecordSchema,
-  oac: OACRecordSchema
-});
-var ProvisionOfflineAllowanceResultSchema = EnableOfflineResultSchema;
-var DisableOfflineResultSchema = z.object({
-  hold: OfflineHoldRecordSchema,
-  trusted: z.boolean(),
-  settledClaims: z.number().int().nonnegative()
-});
-var OfflineStatusResultSchema = z.object({
-  hold: OfflineHoldRecordSchema.nullable(),
-  active: OACRecordSchema.nullable()
-});
-var OfflineStateResultSchema = z.object({
-  active: OACRecordSchema.nullable()
-});
-var ConsumerPaymentClaimSchema = z.object({
-  /** Always 'p256'. Retained for forward-compat and as an explicit domain marker. */
-  alg: z.literal("p256").default("p256"),
-  oacId: z.string().uuid(),
-  encounterId: Sha256Hex.optional(),
-  payerUserId: z.string().uuid(),
-  payeeUserId: z.string().uuid(),
-  payerDeviceId: z.string().min(1).max(128),
-  payerNonce: z.string().min(8).max(128),
-  payeeNonce: z.string().min(8).max(128),
-  amountKobo: z.number().int().positive(),
-  currency: z.string().length(3).default("NGN"),
-  occurredAtMs: z.number().int().nonnegative(),
-  completedAtMs: z.number().int().nonnegative().optional(),
-  contextId: z.string().max(128).optional(),
-  payerPubkeySpkiB64: Base64Std.min(64).max(4096),
-  payerSignatureDerB64: Base64Std.min(16).max(2048),
-  payeePubkeySpkiB64: Base64Std.min(64).max(4096).optional(),
-  payeeSignatureDerB64: Base64Std.min(16).max(2048).optional()
-});
-var ConsumerSettlementSchema = z.object({
-  settlementId: z.string().uuid(),
-  settlementKey: Sha256Hex,
-  encounterId: Sha256Hex,
-  oacId: z.string().uuid(),
-  payerUserId: z.string().uuid(),
-  payeeUserId: z.string().uuid(),
-  amountKobo: z.number().int().positive(),
-  currency: z.string().length(3),
-  status: z.enum(["SETTLED", "REVIEW"]),
-  reviewReason: z.string().nullable(),
-  ledgerRef: z.string().nullable(),
-  /** ASN.1 DER ECDSA P-256 issuer signature, base64. */
-  issuerSig: Base64Std.min(16).max(2048),
-  createdAtMs: z.number().int().nonnegative()
-});
-var ConsumerSettleResultSchema = z.object({
-  settlement: ConsumerSettlementSchema,
-  encounterId: Sha256Hex,
-  replayed: z.boolean()
-});
-var RevokeDeviceKeyInputSchema = z.object({
-  deviceId: z.string().min(1).max(128),
-  /** Step-up token from /api/v1/auth/send/verify with purpose='offline_revoke'. */
-  sendAuthToken: z.string().min(16)
-});
-function createMeOfflineClient(opts) {
-  const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
-  if (!fetchImpl) {
-    throw new Error("createMeOfflineClient: no fetch implementation available");
-  }
-  const baseUrl = opts.baseUrl.replace(/\/$/, "");
-  async function call(method, path, body, parser) {
-    const init2 = {
-      method,
-      headers: {
-        "content-type": "application/json",
-        accept: "application/json"
-      }
-    };
-    if (body !== void 0) init2.body = JSON.stringify(body);
-    const resp = await fetchImpl(`${baseUrl}${path}`, init2);
-    const text = await resp.text();
-    let raw = void 0;
-    if (text) {
-      try {
-        raw = JSON.parse(text);
-      } catch {
-      }
-    }
-    if (!resp.ok) {
-      const code = raw && typeof raw === "object" && "code" in raw && typeof raw.code === "string" ? raw.code : `http_${resp.status}`;
-      const message = raw && typeof raw === "object" && "message" in raw && typeof raw.message === "string" ? raw.message : `request failed with status ${resp.status}`;
-      throw new FlurApiError(resp.status, code, message, raw);
-    }
-    return parser(raw);
-  }
-  const deviceKeyItems = z.object({ items: z.array(DeviceKeyRecordSchema) });
-  return {
-    registerDeviceKey: (input) => call(
-      "POST",
-      "/v1/me/offline/keys",
-      RegisterDeviceKeyInputSchema.parse(input),
-      (raw) => DeviceKeyRecordSchema.parse(raw)
-    ),
-    issueP256EnrollmentChallenge: (input) => call(
-      "POST",
-      "/v1/me/offline/keys/p256/challenge",
-      P256EnrollmentChallengeInputSchema.parse(input),
-      (raw) => P256EnrollmentChallengeResultSchema.parse(raw)
-    ),
-    registerDeviceKeyP256: (input) => call(
-      "POST",
-      "/v1/me/offline/keys/p256",
-      RegisterDeviceKeyP256InputSchema.parse(input),
-      (raw) => DeviceKeyRecordSchema.parse(raw)
-    ),
-    listDeviceKeys: () => call(
-      "GET",
-      "/v1/me/offline/keys",
-      void 0,
-      (raw) => deviceKeyItems.parse(raw)
-    ),
-    revokeDeviceKey: (input) => call(
-      "POST",
-      "/v1/me/offline/keys/revoke",
-      RevokeDeviceKeyInputSchema.parse(input),
-      () => void 0
-    ),
-    issueAccountOac: (input) => call(
-      "POST",
-      "/v1/me/offline/oac",
-      IssueAccountOacInputSchema.parse(input),
-      (raw) => OACRecordSchema.parse(raw)
-    ),
-    provisionAllowance: (input) => call(
-      "POST",
-      "/v1/me/offline/allowance",
-      ProvisionOfflineAllowanceInputSchema.parse(input),
-      (raw) => ProvisionOfflineAllowanceResultSchema.parse(raw)
-    ),
-    enable: (input) => call(
-      "POST",
-      "/v1/me/offline/enable",
-      EnableOfflineInputSchema.parse(input),
-      (raw) => EnableOfflineResultSchema.parse(raw)
-    ),
-    refresh: (input) => call(
-      "POST",
-      "/v1/me/offline/refresh",
-      IssueOACInputSchema.parse(input),
-      (raw) => OACRecordSchema.parse(raw)
-    ),
-    disable: (input) => call(
-      "POST",
-      "/v1/me/offline/disable",
-      DisableOfflineInputSchema.parse(input),
-      (raw) => DisableOfflineResultSchema.parse(raw)
-    ),
-    getStatus: (deviceId) => {
-      const qs = deviceId ? `?deviceId=${encodeURIComponent(deviceId)}` : "";
-      return call(
-        "GET",
-        `/v1/me/offline/status${qs}`,
-        void 0,
-        (raw) => OfflineStatusResultSchema.parse(raw)
-      );
-    },
-    getState: (deviceId) => {
-      const qs = deviceId ? `?deviceId=${encodeURIComponent(deviceId)}` : "";
-      return call(
-        "GET",
-        `/v1/me/offline/state${qs}`,
-        void 0,
-        (raw) => OfflineStateResultSchema.parse(raw)
-      );
-    },
-    submitClaim: (claim) => call(
-      "POST",
-      "/v1/me/offline/claims",
-      ConsumerPaymentClaimSchema.parse(claim),
-      (raw) => ConsumerSettleResultSchema.parse(raw)
-    )
-  };
-}
-
-// src/contracts.ts
-var E164Regex = /^\+[1-9]\d{7,14}$/;
-var UuidSchema = z2.string().uuid();
-var IsoDateSchema = z2.string().datetime({ offset: true });
-var CurrencySchema = z2.string().trim().length(3).transform((value) => value.toUpperCase());
-var HealthResponseSchema = z2.object({
-  ok: z2.boolean()
-});
-var WelcomeResponseSchema = z2.object({
-  message: z2.string()
-});
-var OnboardingStartRequestSchema = z2.object({
-  phoneE164: z2.string().regex(E164Regex),
-  appInstanceId: z2.string().min(3),
-  platform: z2.enum(["android", "ios", "web"]),
-  turnstileToken: z2.string().min(20).optional(),
-  appAttestation: z2.object({
-    provider: z2.enum(["android", "ios", "web"]),
-    token: z2.string().min(24)
-  }).optional(),
-  firstName: z2.string().trim().min(1).max(80).optional(),
-  lastName: z2.string().trim().min(1).max(80).optional()
-});
-var OnboardingStartResponseSchema = z2.object({
-  requestId: z2.string().min(1),
-  checkUrl: z2.string().url().optional(),
-  expiresInSec: z2.number().int().positive(),
-  fallback: z2.enum(["SILENT_AUTH", "OTP"])
-});
-var OnboardingCompleteRequestSchema = z2.object({
-  requestId: z2.string().min(1),
-  code: z2.string().min(1).max(32),
-  appInstanceId: z2.string().min(3),
-  fingerprintHash: z2.string().min(3).optional()
-});
-var OnboardingCompleteResponseSchema = z2.object({
-  sessionToken: z2.string().min(1),
-  userId: UuidSchema,
-  restricted: z2.boolean(),
-  risk_reasons: z2.array(
-    z2.enum(["SIM_SWAP_RECENT", "ROAMING", "CARRIER_CHANGED"])
-  ),
-  stepUpRequired: z2.boolean().optional(),
-  riskStatus: z2.enum(["ok", "unavailable"]).optional()
-});
-var RegisterDeviceRequestSchema = z2.object({
-  userId: UuidSchema,
-  appInstanceId: z2.string().min(3),
-  platform: z2.string().min(2),
-  model: z2.string().optional(),
-  networkSignals: z2.object({
-    ip: z2.string().min(3),
-    asn: z2.number().int().optional(),
-    country: z2.string().min(2).optional(),
-    carrier: z2.string().optional()
-  })
-});
-var RegisterDeviceResponseSchema = z2.object({
-  deviceId: z2.string().min(1),
-  fingerprintHash: z2.string().min(1),
-  driftScore: z2.number(),
-  trustState: z2.enum(["TRUSTED_PRIMARY", "TRUSTED_SECONDARY", "UNVERIFIED"]),
-  stepUpRequired: z2.boolean()
-});
-var AuthRefreshRequestSchema = z2.object({
-  userId: UuidSchema,
-  refreshToken: z2.string().min(8),
-  appInstanceId: z2.string().min(3),
-  fingerprintHash: z2.string().min(3)
-});
-var AuthRefreshResponseSchema = z2.object({
-  refreshToken: z2.string().min(8),
-  stepUpRequired: z2.boolean()
-});
-var AuthLogoutRequestSchema = z2.object({
-  userId: UuidSchema,
-  refreshToken: z2.string().min(8)
-});
-var PinSetRequestSchema = z2.object({
-  userId: UuidSchema,
-  pin: z2.string().regex(/^\d{6}$/)
-});
-var PinVerifyRequestSchema = z2.object({
-  userId: UuidSchema,
-  pin: z2.string().regex(/^\d{6}$/)
-});
-var OkResponseSchema = z2.object({
-  ok: z2.boolean()
-});
-var RegisterSendDeviceKeyRequestSchema = z2.object({
-  userId: UuidSchema,
-  deviceId: z2.string().min(3),
-  publicKey: z2.string().min(32)
-});
-var SEND_AUTH_PURPOSES = ["send_money", "offline_revoke"];
-var SendChallengeRequestSchema = z2.object({
-  userId: UuidSchema,
-  deviceId: z2.string().min(3),
-  purpose: z2.enum(SEND_AUTH_PURPOSES).optional()
-});
-var SendChallengeResponseSchema = z2.object({
-  challengeId: UuidSchema,
-  nonce: z2.string().min(1),
-  expiresAt: IsoDateSchema
-});
-var SendVerifyRequestSchema = z2.object({
-  userId: UuidSchema,
-  deviceId: z2.string().min(3),
-  challengeId: UuidSchema,
-  signature: z2.string().min(16)
-});
-var SendVerifyResponseSchema = z2.object({
-  sendAuthToken: z2.string().min(16)
-});
-var ResolveRecipientRequestSchema = z2.object({
-  identifier: z2.string().min(3)
-});
-var ResolveRecipientResponseSchema = z2.object({
-  recipientUserId: UuidSchema,
-  displayName: z2.string().min(1),
-  normalizedIdentifier: z2.string().regex(E164Regex),
-  isActive: z2.boolean()
-});
-var CreateTransferRequestSchema = z2.object({
-  recipientIdentifier: z2.string().min(3),
-  amountMinor: z2.number().int().positive(),
-  currency: CurrencySchema,
-  sendAuthToken: z2.string().min(16)
-});
-var TransferStatusSchema = z2.enum(["SETTLED", "PENDING_REVIEW", "DECLINED"]);
-var TransferResponseSchema = z2.object({
-  transactionId: z2.string().min(1),
-  status: TransferStatusSchema,
-  userStatus: TransferStatusSchema,
-  recipientName: z2.string().min(1),
-  timestamp: IsoDateSchema,
-  /**
-   * Fresh issuer-signed OACs returned by the backend's post-commit
-   * rotation hook on `SETTLED` transfers.
-   *
-   * In the current backend implementation this hook rotates LEGACY
-   * hold-backed OACs only. Account-funded (no-hold) OACs introduced by
-   * the unified-pay-rails refactor are NOT rotated here — their
-   * cumulative spend counter and main-balance check are enforced at
-   * claim submission time via `createTransfer` under the per-sender
-   * advisory lock, so a stale no-hold OAC cannot authorise overspending
-   * (it can only resolve to REVIEW on submission).
-   *
-   * Optional: omitted when the sender has no registered hold-backed
-   * devices, when the refresh failed (best-effort), or on retry replays
-   * that pre-date the refresh. When present, the entries supersede any
-   * locally cached OACs for the listed devices; when absent, clients
-   * should fall back to `/v1/me/offline/refresh`.
-   *
-   * Each entry is validated against the canonical `OACRecordSchema`,
-   * so consumers can trust the runtime shape matches the static type.
-   */
-  offlineOacs: OACRecordSchema.array().optional()
-});
-var DirectionSchema = z2.enum(["OUTGOING", "INCOMING"]);
-var AccountActivityItemSchema = z2.object({
-  id: z2.string().min(1),
-  type: z2.string().min(1),
-  direction: DirectionSchema,
-  name: z2.string().min(1),
-  identifier: z2.string().min(1),
-  amountMinor: z2.number().int(),
-  currency: CurrencySchema,
-  status: z2.string().min(1),
-  timestamp: IsoDateSchema
-});
-var AccountSummaryResponseSchema = z2.object({
-  /** Authenticated user's stable internal id. */
-  userId: UuidSchema,
-  /**
-   * 10-digit Nigeria Uniform Bank Account Number (NUBAN) allocated by the
-   * bank partner. `null` when the user has no partner-allocated account yet.
-   */
-  nuban: z2.string().regex(/^[0-9]{10}$/).nullable(),
-  balance: z2.number().int(),
-  currency: CurrencySchema,
-  dailySendLimit: z2.number().int().nonnegative(),
-  dailySendRemaining: z2.number().int().nonnegative(),
-  kycTier: z2.string().min(1),
-  kycStatus: z2.string().min(1),
-  recentActivity: z2.array(AccountActivityItemSchema)
-});
-var TransactionsListResponseSchema = z2.object({
-  items: z2.array(AccountActivityItemSchema),
-  nextCursor: z2.string().nullable()
-});
-var TransactionDetailResponseSchema = z2.object({
-  transactionId: z2.string().min(1),
-  type: z2.string().min(1),
-  direction: DirectionSchema,
-  counterpartyName: z2.string().min(1),
-  counterpartyIdentifier: z2.string().min(1),
-  amountMinor: z2.number().int(),
-  currency: CurrencySchema,
-  status: z2.string().min(1),
-  timestamp: IsoDateSchema
-});
-var PushRegisterRequestSchema = z2.object({
-  deviceId: z2.string().min(3),
-  platform: z2.enum(["ios", "android", "web"]),
-  token: z2.string().min(16)
-});
-var CreatePayLinkResponseSchema = z2.object({
-  token: z2.string().min(1)
-});
-var ResolvePayLinkResponseSchema = z2.object({
-  recipientUserId: UuidSchema,
-  displayName: z2.string().min(1),
-  normalizedIdentifier: z2.string().regex(E164Regex),
-  isActive: z2.boolean()
-});
-
 // src/primitives.ts
-import { z as z3 } from "zod";
-var CurrencyCodeSchema = z3.string().trim().length(3).transform((value) => value.toUpperCase());
+import { z as z2 } from "zod";
+var CurrencyCodeSchema = z2.string().trim().length(3).transform((value) => value.toUpperCase());
 var currencyFractionDigits = {
   NGN: 2,
   USD: 2,
@@ -752,7 +395,7 @@ function moneyMinorToNumber(amountMinor) {
 }
 
 // src/collections/client.ts
-import { z as z4 } from "zod";
+import { z as z3 } from "zod";
 var MERCHANT_PROFILE_STATUSES = [
   "pending",
   "active",
@@ -782,172 +425,172 @@ var MERCHANT_PAYOUT_STATUSES = [
   "failed",
   "cancelled"
 ];
-var MoneyKoboSchema = z4.number().int().positive().max(Number.MAX_SAFE_INTEGER);
-var MetadataSchema = z4.record(
-  z4.union([z4.string(), z4.number(), z4.boolean(), z4.null()])
+var MoneyKoboSchema = z3.number().int().positive().max(Number.MAX_SAFE_INTEGER);
+var MetadataSchema = z3.record(
+  z3.union([z3.string(), z3.number(), z3.boolean(), z3.null()])
 );
-var CurrencySchema2 = z4.string().trim().length(3).transform((value) => value.toUpperCase());
-var ReferenceSchema = z4.string().trim().min(6).max(128).regex(/^[A-Za-z0-9._:-]+$/);
-var MerchantProfileSchema = z4.object({
-  accountId: z4.string().uuid(),
-  legalName: z4.string(),
-  tradingName: z4.string(),
-  merchantCategoryCode: z4.string().regex(/^\d{4}$/),
-  nqrMerchantId: z4.string(),
-  settlementBankCode: z4.string(),
-  settlementAccountNumber: z4.string(),
-  settlementAccountName: z4.string(),
-  settlementSchedule: z4.enum(SETTLEMENT_SCHEDULES),
-  status: z4.enum(MERCHANT_PROFILE_STATUSES),
-  offlineEnabled: z4.boolean(),
+var CurrencySchema2 = z3.string().trim().length(3).transform((value) => value.toUpperCase());
+var ReferenceSchema = z3.string().trim().min(6).max(128).regex(/^[A-Za-z0-9._:-]+$/);
+var MerchantProfileSchema = z3.object({
+  accountId: z3.string().uuid(),
+  legalName: z3.string(),
+  tradingName: z3.string(),
+  merchantCategoryCode: z3.string().regex(/^\d{4}$/),
+  nqrMerchantId: z3.string(),
+  settlementBankCode: z3.string(),
+  settlementAccountNumber: z3.string(),
+  settlementAccountName: z3.string(),
+  settlementSchedule: z3.enum(SETTLEMENT_SCHEDULES),
+  status: z3.enum(MERCHANT_PROFILE_STATUSES),
+  offlineEnabled: z3.boolean(),
   perTxLimitKobo: MoneyKoboSchema,
   dailyLimitKobo: MoneyKoboSchema,
   metadata: MetadataSchema,
-  createdAtMs: z4.number().int().nonnegative(),
-  updatedAtMs: z4.number().int().nonnegative()
+  createdAtMs: z3.number().int().nonnegative(),
+  updatedAtMs: z3.number().int().nonnegative()
 });
-var UpsertMerchantProfileInputSchema = z4.object({
-  legalName: z4.string().trim().min(1).max(200),
-  tradingName: z4.string().trim().min(1).max(25),
-  merchantCategoryCode: z4.string().trim().regex(/^\d{4}$/),
-  nqrMerchantId: z4.string().trim().min(3).max(64),
-  settlementBankCode: z4.string().trim().min(2).max(16),
-  settlementAccountNumber: z4.string().trim().min(5).max(32),
-  settlementAccountName: z4.string().trim().min(1).max(200),
-  settlementSchedule: z4.enum(SETTLEMENT_SCHEDULES).optional(),
-  status: z4.enum(MERCHANT_PROFILE_STATUSES).optional(),
-  offlineEnabled: z4.boolean().optional(),
+var UpsertMerchantProfileInputSchema = z3.object({
+  legalName: z3.string().trim().min(1).max(200),
+  tradingName: z3.string().trim().min(1).max(25),
+  merchantCategoryCode: z3.string().trim().regex(/^\d{4}$/),
+  nqrMerchantId: z3.string().trim().min(3).max(64),
+  settlementBankCode: z3.string().trim().min(2).max(16),
+  settlementAccountNumber: z3.string().trim().min(5).max(32),
+  settlementAccountName: z3.string().trim().min(1).max(200),
+  settlementSchedule: z3.enum(SETTLEMENT_SCHEDULES).optional(),
+  status: z3.enum(MERCHANT_PROFILE_STATUSES).optional(),
+  offlineEnabled: z3.boolean().optional(),
   perTxLimitKobo: MoneyKoboSchema.optional(),
   dailyLimitKobo: MoneyKoboSchema.optional(),
   metadata: MetadataSchema.optional()
 });
-var CollectionIntentSchema = z4.object({
-  intentId: z4.string().uuid(),
-  accountId: z4.string().uuid(),
-  terminalId: z4.string().uuid().nullable(),
-  reference: z4.string(),
-  amountKobo: z4.number().int().positive().nullable(),
-  currency: z4.string().length(3),
-  status: z4.enum(COLLECTION_INTENT_STATUSES),
-  description: z4.string().nullable(),
-  nqrPayload: z4.string(),
-  provider: z4.string(),
-  providerReference: z4.string().nullable(),
+var CollectionIntentSchema = z3.object({
+  intentId: z3.string().uuid(),
+  accountId: z3.string().uuid(),
+  terminalId: z3.string().uuid().nullable(),
+  reference: z3.string(),
+  amountKobo: z3.number().int().positive().nullable(),
+  currency: z3.string().length(3),
+  status: z3.enum(COLLECTION_INTENT_STATUSES),
+  description: z3.string().nullable(),
+  nqrPayload: z3.string(),
+  provider: z3.string(),
+  providerReference: z3.string().nullable(),
   metadata: MetadataSchema,
-  expiresAtMs: z4.number().int().nonnegative().nullable(),
-  paidAtMs: z4.number().int().nonnegative().nullable(),
-  createdAtMs: z4.number().int().nonnegative(),
-  updatedAtMs: z4.number().int().nonnegative()
+  expiresAtMs: z3.number().int().nonnegative().nullable(),
+  paidAtMs: z3.number().int().nonnegative().nullable(),
+  createdAtMs: z3.number().int().nonnegative(),
+  updatedAtMs: z3.number().int().nonnegative()
 });
-var CreateCollectionIntentInputSchema = z4.object({
+var CreateCollectionIntentInputSchema = z3.object({
   reference: ReferenceSchema.optional(),
   amountKobo: MoneyKoboSchema.optional(),
   currency: CurrencySchema2.optional(),
-  terminalId: z4.string().uuid().optional(),
-  terminalLabel: z4.string().trim().min(1).max(25).optional(),
-  merchantCity: z4.string().trim().min(1).max(15).optional(),
-  description: z4.string().trim().min(1).max(280).optional(),
-  expiresAtMs: z4.number().int().positive().optional(),
-  provider: z4.string().trim().min(1).max(40).optional(),
+  terminalId: z3.string().uuid().optional(),
+  terminalLabel: z3.string().trim().min(1).max(25).optional(),
+  merchantCity: z3.string().trim().min(1).max(15).optional(),
+  description: z3.string().trim().min(1).max(280).optional(),
+  expiresAtMs: z3.number().int().positive().optional(),
+  provider: z3.string().trim().min(1).max(40).optional(),
   metadata: MetadataSchema.optional()
 });
-var PublicCollectionIntentSchema = z4.object({
-  intentId: z4.string().uuid(),
-  reference: z4.string(),
-  amountKobo: z4.number().int().positive().nullable(),
-  currency: z4.string().length(3),
-  status: z4.enum(COLLECTION_INTENT_STATUSES),
-  merchantAccountId: z4.string().uuid(),
-  merchantName: z4.string(),
-  merchantCategoryCode: z4.string(),
-  description: z4.string().nullable(),
-  expiresAtMs: z4.number().int().nonnegative().nullable()
+var PublicCollectionIntentSchema = z3.object({
+  intentId: z3.string().uuid(),
+  reference: z3.string(),
+  amountKobo: z3.number().int().positive().nullable(),
+  currency: z3.string().length(3),
+  status: z3.enum(COLLECTION_INTENT_STATUSES),
+  merchantAccountId: z3.string().uuid(),
+  merchantName: z3.string(),
+  merchantCategoryCode: z3.string(),
+  description: z3.string().nullable(),
+  expiresAtMs: z3.number().int().nonnegative().nullable()
 });
-var PayCollectionInputSchema = z4.object({
+var PayCollectionInputSchema = z3.object({
   reference: ReferenceSchema,
   amountKobo: MoneyKoboSchema.optional(),
   currency: CurrencySchema2.optional(),
-  idempotencyKey: z4.string().trim().min(8).max(160).optional()
+  idempotencyKey: z3.string().trim().min(8).max(160).optional()
 });
-var CollectionPaymentSchema = z4.object({
-  paymentId: z4.string().uuid(),
-  intentId: z4.string().uuid(),
-  accountId: z4.string().uuid(),
-  payerUserId: z4.string().uuid().nullable(),
-  merchantOwnerUserId: z4.string().uuid(),
+var CollectionPaymentSchema = z3.object({
+  paymentId: z3.string().uuid(),
+  intentId: z3.string().uuid(),
+  accountId: z3.string().uuid(),
+  payerUserId: z3.string().uuid().nullable(),
+  merchantOwnerUserId: z3.string().uuid(),
   amountKobo: MoneyKoboSchema,
-  currency: z4.string().length(3),
-  status: z4.enum(COLLECTION_PAYMENT_STATUSES),
-  provider: z4.string(),
-  providerReference: z4.string().nullable(),
-  idempotencyKey: z4.string().nullable(),
-  ledgerRef: z4.string(),
-  failureCode: z4.string().nullable(),
-  failureMessage: z4.string().nullable(),
-  paidAtMs: z4.number().int().nonnegative().nullable(),
-  createdAtMs: z4.number().int().nonnegative(),
-  updatedAtMs: z4.number().int().nonnegative()
+  currency: z3.string().length(3),
+  status: z3.enum(COLLECTION_PAYMENT_STATUSES),
+  provider: z3.string(),
+  providerReference: z3.string().nullable(),
+  idempotencyKey: z3.string().nullable(),
+  ledgerRef: z3.string(),
+  failureCode: z3.string().nullable(),
+  failureMessage: z3.string().nullable(),
+  paidAtMs: z3.number().int().nonnegative().nullable(),
+  createdAtMs: z3.number().int().nonnegative(),
+  updatedAtMs: z3.number().int().nonnegative()
 });
-var CollectionPaymentResultSchema = z4.object({
+var CollectionPaymentResultSchema = z3.object({
   payment: CollectionPaymentSchema,
   intent: CollectionIntentSchema,
-  receipt: z4.unknown().optional(),
-  replayed: z4.boolean()
+  receipt: z3.unknown().optional(),
+  replayed: z3.boolean()
 });
-var CollectionReportSummarySchema = z4.object({
-  accountId: z4.string().uuid(),
-  fromMs: z4.number().int().nonnegative(),
-  toMs: z4.number().int().nonnegative(),
-  currency: z4.string().length(3),
-  paidCount: z4.number().int().nonnegative(),
-  paidAmountKobo: z4.number().int().nonnegative(),
-  pendingCount: z4.number().int().nonnegative(),
-  failedCount: z4.number().int().nonnegative(),
-  reversedCount: z4.number().int().nonnegative(),
-  availableBalanceKobo: z4.number().int().nonnegative()
+var CollectionReportSummarySchema = z3.object({
+  accountId: z3.string().uuid(),
+  fromMs: z3.number().int().nonnegative(),
+  toMs: z3.number().int().nonnegative(),
+  currency: z3.string().length(3),
+  paidCount: z3.number().int().nonnegative(),
+  paidAmountKobo: z3.number().int().nonnegative(),
+  pendingCount: z3.number().int().nonnegative(),
+  failedCount: z3.number().int().nonnegative(),
+  reversedCount: z3.number().int().nonnegative(),
+  availableBalanceKobo: z3.number().int().nonnegative()
 });
-var CollectionStatementSchema = z4.object({
-  accountId: z4.string().uuid(),
-  year: z4.number().int(),
-  month: z4.number().int().min(1).max(12),
-  currency: z4.string().length(3),
-  totalPaidKobo: z4.number().int().nonnegative(),
-  items: z4.array(CollectionPaymentSchema)
+var CollectionStatementSchema = z3.object({
+  accountId: z3.string().uuid(),
+  year: z3.number().int(),
+  month: z3.number().int().min(1).max(12),
+  currency: z3.string().length(3),
+  totalPaidKobo: z3.number().int().nonnegative(),
+  items: z3.array(CollectionPaymentSchema)
 });
-var CreatePayoutInputSchema = z4.object({
+var CreatePayoutInputSchema = z3.object({
   amountKobo: MoneyKoboSchema,
   currency: CurrencySchema2.optional(),
-  idempotencyKey: z4.string().trim().min(8).max(160)
+  idempotencyKey: z3.string().trim().min(8).max(160)
 });
-var MerchantPayoutSchema = z4.object({
-  payoutId: z4.string().uuid(),
-  accountId: z4.string().uuid(),
+var MerchantPayoutSchema = z3.object({
+  payoutId: z3.string().uuid(),
+  accountId: z3.string().uuid(),
   amountKobo: MoneyKoboSchema,
-  currency: z4.string().length(3),
-  status: z4.enum(MERCHANT_PAYOUT_STATUSES),
-  idempotencyKey: z4.string().nullable(),
-  ledgerRef: z4.string(),
-  providerReference: z4.string().nullable(),
-  requestedByUserId: z4.string().uuid().nullable(),
-  failureCode: z4.string().nullable(),
-  failureMessage: z4.string().nullable(),
-  createdAtMs: z4.number().int().nonnegative(),
-  updatedAtMs: z4.number().int().nonnegative()
+  currency: z3.string().length(3),
+  status: z3.enum(MERCHANT_PAYOUT_STATUSES),
+  idempotencyKey: z3.string().nullable(),
+  ledgerRef: z3.string(),
+  providerReference: z3.string().nullable(),
+  requestedByUserId: z3.string().uuid().nullable(),
+  failureCode: z3.string().nullable(),
+  failureMessage: z3.string().nullable(),
+  createdAtMs: z3.number().int().nonnegative(),
+  updatedAtMs: z3.number().int().nonnegative()
 });
-var ProviderEventInputSchema = z4.object({
-  provider: z4.string().trim().min(1).max(80),
-  eventId: z4.string().trim().min(1).max(160),
-  eventType: z4.string().trim().min(1).max(120),
-  payload: z4.record(z4.unknown()).optional()
+var ProviderEventInputSchema = z3.object({
+  provider: z3.string().trim().min(1).max(80),
+  eventId: z3.string().trim().min(1).max(160),
+  eventType: z3.string().trim().min(1).max(120),
+  payload: z3.record(z3.unknown()).optional()
 });
-var ProviderEventRecordSchema = z4.object({
-  id: z4.string().uuid(),
-  provider: z4.string(),
-  eventId: z4.string(),
-  eventType: z4.string(),
-  signatureVerified: z4.boolean(),
-  receivedAtMs: z4.number().int().nonnegative(),
-  processedAtMs: z4.number().int().nonnegative().nullable()
+var ProviderEventRecordSchema = z3.object({
+  id: z3.string().uuid(),
+  provider: z3.string(),
+  eventId: z3.string(),
+  eventType: z3.string(),
+  signatureVerified: z3.boolean(),
+  receivedAtMs: z3.number().int().nonnegative(),
+  processedAtMs: z3.number().int().nonnegative().nullable()
 });
 function createCollectionsClient(opts) {
   const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
@@ -1462,7 +1105,7 @@ var FlurClient = class {
     try {
       body = requestSchema ? JSON.stringify(requestSchema.parse(input)) : init2.body;
     } catch (err) {
-      if (err instanceof z5.ZodError) {
+      if (err instanceof z4.ZodError) {
         throw new FlurError("Invalid request payload", "INVALID_REQUEST", {
           details: err.flatten()
         });
@@ -1490,7 +1133,7 @@ var FlurClient = class {
       try {
         return responseSchema.parse(payload);
       } catch (err) {
-        if (err instanceof z5.ZodError) {
+        if (err instanceof z4.ZodError) {
           throw new FlurError(
             "SDK contract validation failed",
             "INVALID_REQUEST",
@@ -1921,7 +1564,7 @@ function constantTimeEqual(a, b) {
 }
 
 // src/offline/oac.ts
-import { z as z6 } from "zod";
+import { z as z5 } from "zod";
 
 // src/crypto/p256-issuer.ts
 import { p256 } from "@noble/curves/nist";
@@ -2003,20 +1646,20 @@ function verifyIssuerP256(bytes, signatureB64, issuerPublicKeySpkiB64) {
 var OAC_DEFAULT_PER_TX_KOBO = 5e5;
 var OAC_DEFAULT_CUMULATIVE_KOBO = 2e6;
 var OAC_DEFAULT_VALIDITY_MS = 24 * 60 * 60 * 1e3;
-var Base64Std2 = z6.string().min(16).max(4096).regex(/^[A-Za-z0-9+/]+={0,2}$/, "expected base64 (standard) string");
-var OACSchema = z6.object({
-  userId: z6.string().min(1),
-  deviceId: z6.string().min(1),
+var Base64Std = z5.string().min(16).max(4096).regex(/^[A-Za-z0-9+/]+={0,2}$/, "expected base64 (standard) string");
+var OACSchema = z5.object({
+  userId: z5.string().min(1),
+  deviceId: z5.string().min(1),
   /** SubjectPublicKeyInfo DER, base64 (P-256). */
-  devicePublicKey: Base64Std2,
-  perTxCapKobo: z6.number().int().nonnegative(),
-  cumulativeCapKobo: z6.number().int().nonnegative(),
-  validFromMs: z6.number().int().nonnegative(),
-  validUntilMs: z6.number().int().positive(),
-  counterSeed: z6.number().int().nonnegative(),
-  nonce: z6.string().min(1),
+  devicePublicKey: Base64Std,
+  perTxCapKobo: z5.number().int().nonnegative(),
+  cumulativeCapKobo: z5.number().int().nonnegative(),
+  validFromMs: z5.number().int().nonnegative(),
+  validUntilMs: z5.number().int().positive(),
+  counterSeed: z5.number().int().nonnegative(),
+  nonce: z5.string().min(1),
   /** ASN.1 DER ECDSA(SHA-256) signature, base64. */
-  issuerSig: Base64Std2
+  issuerSig: Base64Std
 }).refine((v) => v.validUntilMs > v.validFromMs, {
   message: "validUntilMs must be greater than validFromMs"
 }).refine((v) => v.perTxCapKobo <= v.cumulativeCapKobo, {
@@ -2110,19 +1753,19 @@ function decodeBase45(s) {
 }
 
 // src/offline/messages.ts
-import { z as z7 } from "zod";
-var Base64Sig = z7.string().min(16).max(4096).regex(/^[A-Za-z0-9+/]+={0,2}$/, "expected base64 (standard) signature");
-var OfflinePaymentRequestSchema = z7.object({
-  reference: z7.string().min(1),
-  amountKobo: z7.number().int().positive(),
+import { z as z6 } from "zod";
+var Base64Sig = z6.string().min(16).max(4096).regex(/^[A-Za-z0-9+/]+={0,2}$/, "expected base64 (standard) signature");
+var OfflinePaymentRequestSchema = z6.object({
+  reference: z6.string().min(1),
+  amountKobo: z6.number().int().positive(),
   merchantOAC: OACSchema,
-  expiresAtMs: z7.number().int().positive(),
+  expiresAtMs: z6.number().int().positive(),
   merchantSig: Base64Sig
 });
-var OfflinePaymentAuthorizationSchema = z7.object({
+var OfflinePaymentAuthorizationSchema = z6.object({
   request: OfflinePaymentRequestSchema,
   payerOAC: OACSchema,
-  payerCounter: z7.number().int().positive(),
+  payerCounter: z6.number().int().positive(),
   payerSig: Base64Sig
 });
 function buildPaymentRequest(input) {
@@ -2234,60 +1877,60 @@ function decodeAuthorizationQR(s) {
 }
 
 // src/offline/settlements.ts
-import { z as z8 } from "zod";
+import { z as z7 } from "zod";
 import { sha256 } from "@noble/hashes/sha256";
 import { bytesToHex } from "@noble/hashes/utils";
-var OfflineTokenSchema = z8.object({
-  tokenId: z8.string().uuid(),
-  tokenSerial: z8.string(),
-  issuerAccountId: z8.string().uuid(),
-  payerUserId: z8.string().uuid(),
-  maxAmountKobo: z8.number().int().positive(),
-  currency: z8.string().length(3),
-  issuedAtMs: z8.number().int().nonnegative(),
-  expiresAtMs: z8.number().int().nonnegative(),
-  issuerSig: z8.string()
+var OfflineTokenSchema = z7.object({
+  tokenId: z7.string().uuid(),
+  tokenSerial: z7.string(),
+  issuerAccountId: z7.string().uuid(),
+  payerUserId: z7.string().uuid(),
+  maxAmountKobo: z7.number().int().positive(),
+  currency: z7.string().length(3),
+  issuedAtMs: z7.number().int().nonnegative(),
+  expiresAtMs: z7.number().int().nonnegative(),
+  issuerSig: z7.string()
 });
-var PaymentClaimSchema = z8.object({
-  encounterId: z8.string().regex(/^[0-9a-f]{64}$/i).optional(),
-  tokenSerial: z8.string(),
-  payerUserId: z8.string().uuid(),
-  payeeUserId: z8.string().uuid(),
-  payerNonce: z8.string(),
-  payeeNonce: z8.string(),
-  amountKobo: z8.number().int().positive(),
-  currency: z8.string().length(3).default("NGN"),
-  occurredAtMs: z8.number().int().nonnegative(),
-  completedAtMs: z8.number().int().nonnegative().optional(),
-  contextId: z8.string().optional(),
+var PaymentClaimSchema = z7.object({
+  encounterId: z7.string().regex(/^[0-9a-f]{64}$/i).optional(),
+  tokenSerial: z7.string(),
+  payerUserId: z7.string().uuid(),
+  payeeUserId: z7.string().uuid(),
+  payerNonce: z7.string(),
+  payeeNonce: z7.string(),
+  amountKobo: z7.number().int().positive(),
+  currency: z7.string().length(3).default("NGN"),
+  occurredAtMs: z7.number().int().nonnegative(),
+  completedAtMs: z7.number().int().nonnegative().optional(),
+  contextId: z7.string().optional(),
   // Stage 2c: P-256 device keys are now SubjectPublicKeyInfo DER, base64.
   // Signatures are ASN.1 DER ECDSA(SHA-256), base64. Backwards-incompatible
   // wire change; the backend has the matching widening in offline-settlements
   // service + zod schema.
-  payerPubkey: z8.string().min(16).max(4096).regex(/^[A-Za-z0-9+/]+={0,2}$/),
-  payerSignature: z8.string().min(16).max(4096).regex(/^[A-Za-z0-9+/]+={0,2}$/),
-  payeePubkey: z8.string().min(16).max(4096).regex(/^[A-Za-z0-9+/]+={0,2}$/).optional(),
-  payeeSignature: z8.string().min(16).max(4096).regex(/^[A-Za-z0-9+/]+={0,2}$/).optional()
+  payerPubkey: z7.string().min(16).max(4096).regex(/^[A-Za-z0-9+/]+={0,2}$/),
+  payerSignature: z7.string().min(16).max(4096).regex(/^[A-Za-z0-9+/]+={0,2}$/),
+  payeePubkey: z7.string().min(16).max(4096).regex(/^[A-Za-z0-9+/]+={0,2}$/).optional(),
+  payeeSignature: z7.string().min(16).max(4096).regex(/^[A-Za-z0-9+/]+={0,2}$/).optional()
 });
-var SettlementSchema = z8.object({
-  settlementId: z8.string().uuid(),
-  settlementKey: z8.string().regex(/^[0-9a-f]{64}$/i),
-  encounterId: z8.string().regex(/^[0-9a-f]{64}$/i),
-  issuerAccountId: z8.string().uuid(),
-  tokenSerial: z8.string(),
-  payerUserId: z8.string().uuid(),
-  payeeUserId: z8.string().uuid(),
-  amountKobo: z8.number().int().nonnegative(),
-  currency: z8.string().length(3),
-  receiptId: z8.string().nullable(),
-  status: z8.enum(["SETTLED", "REVIEW", "REJECTED"]),
-  issuerSig: z8.string(),
-  createdAtMs: z8.number().int().nonnegative()
+var SettlementSchema = z7.object({
+  settlementId: z7.string().uuid(),
+  settlementKey: z7.string().regex(/^[0-9a-f]{64}$/i),
+  encounterId: z7.string().regex(/^[0-9a-f]{64}$/i),
+  issuerAccountId: z7.string().uuid(),
+  tokenSerial: z7.string(),
+  payerUserId: z7.string().uuid(),
+  payeeUserId: z7.string().uuid(),
+  amountKobo: z7.number().int().nonnegative(),
+  currency: z7.string().length(3),
+  receiptId: z7.string().nullable(),
+  status: z7.enum(["SETTLED", "REVIEW", "REJECTED"]),
+  issuerSig: z7.string(),
+  createdAtMs: z7.number().int().nonnegative()
 });
-var SettleResponseSchema = z8.object({
+var SettleResponseSchema = z7.object({
   settlement: SettlementSchema,
-  encounterId: z8.string().regex(/^[0-9a-f]{64}$/i),
-  replayed: z8.boolean()
+  encounterId: z7.string().regex(/^[0-9a-f]{64}$/i),
+  replayed: z7.boolean()
 });
 var ENCOUNTER_DOMAIN = "offline:v1:encounter";
 async function sha256Hex(input) {
@@ -2461,7 +2104,7 @@ function createHmacFetch(opts) {
 }
 
 // src/partner/client.ts
-import { z as z9 } from "zod";
+import { z as z8 } from "zod";
 import { sha256 as sha2563 } from "@noble/hashes/sha256";
 import { hmac as hmac2 } from "@noble/hashes/hmac";
 import { bytesToHex as bytesToHex4 } from "@noble/hashes/utils";
@@ -2485,18 +2128,18 @@ var PARTNER_SCOPES = [
   "partner:payout:write",
   "partner:reconciliation:read"
 ];
-var ApiCredentialPublicSchema = z9.object({
-  id: z9.string().uuid(),
-  accountId: z9.string().uuid(),
-  keyId: z9.string(),
-  scopes: z9.array(z9.enum(PARTNER_SCOPES)),
-  label: z9.string().nullable(),
-  createdAtMs: z9.number().int().nonnegative(),
-  lastUsedAtMs: z9.number().int().nonnegative().nullable(),
-  revokedAtMs: z9.number().int().nonnegative().nullable()
+var ApiCredentialPublicSchema = z8.object({
+  id: z8.string().uuid(),
+  accountId: z8.string().uuid(),
+  keyId: z8.string(),
+  scopes: z8.array(z8.enum(PARTNER_SCOPES)),
+  label: z8.string().nullable(),
+  createdAtMs: z8.number().int().nonnegative(),
+  lastUsedAtMs: z8.number().int().nonnegative().nullable(),
+  revokedAtMs: z8.number().int().nonnegative().nullable()
 });
 var MintedApiCredentialSchema = ApiCredentialPublicSchema.extend({
-  secret: z9.string().min(1)
+  secret: z8.string().min(1)
 });
 var enc = new TextEncoder();
 async function sha256Hex2(input) {
@@ -2653,8 +2296,8 @@ function createApiCredentialsAdminClient(opts) {
     }
     return parser(raw);
   }
-  const listSchema = z9.object({
-    items: z9.array(ApiCredentialPublicSchema)
+  const listSchema = z8.object({
+    items: z8.array(ApiCredentialPublicSchema)
   });
   return {
     list: (accountId) => call(
@@ -2679,7 +2322,7 @@ function createApiCredentialsAdminClient(opts) {
 }
 
 // src/passes/pass.ts
-import { z as z10 } from "zod";
+import { z as z9 } from "zod";
 var PASS_KINDS = [
   "ride-ticket",
   "transit-pass",
@@ -2695,39 +2338,39 @@ var PASS_STATES = [
   "expired",
   "revoked"
 ];
-var PassMetadataSchema = z10.record(
-  z10.union([z10.string(), z10.number(), z10.boolean(), z10.null()])
+var PassMetadataSchema = z9.record(
+  z9.union([z9.string(), z9.number(), z9.boolean(), z9.null()])
 );
-var PassSchema = z10.object({
-  passId: z10.string().min(1),
+var PassSchema = z9.object({
+  passId: z9.string().min(1),
   /** Optional client/template grouping id (server may omit). */
-  templateId: z10.string().min(1).optional(),
+  templateId: z9.string().min(1).optional(),
   /** Optional human-facing holder identity (server may omit). The cryptographic binding
    *  is `holderDevicePubkey` below. */
-  holderUserId: z10.string().min(1).optional(),
-  kind: z10.enum(PASS_KINDS),
-  issuerId: z10.string().min(1),
-  issuedAtMs: z10.number().int().nonnegative(),
-  validFromMs: z10.number().int().nonnegative(),
-  validUntilMs: z10.number().int().positive(),
-  state: z10.enum(PASS_STATES),
+  holderUserId: z9.string().min(1).optional(),
+  kind: z9.enum(PASS_KINDS),
+  issuerId: z9.string().min(1),
+  issuedAtMs: z9.number().int().nonnegative(),
+  validFromMs: z9.number().int().nonnegative(),
+  validUntilMs: z9.number().int().positive(),
+  state: z9.enum(PASS_STATES),
   metadata: PassMetadataSchema,
-  nonce: z10.string().min(1),
+  nonce: z9.string().min(1),
   /** Device id this pass is bound to (FK to backend `device_keys`). */
-  holderDeviceId: z10.string().min(1),
+  holderDeviceId: z9.string().min(1),
   /** SubjectPublicKeyInfo DER (P-256) of the bound device, base64. The redemption
    *  signature is verified against this key — it is the security-critical binding. */
-  holderDevicePubkey: z10.string().min(64).max(4096).regex(/^[A-Za-z0-9+/]+={0,2}$/),
+  holderDevicePubkey: z9.string().min(64).max(4096).regex(/^[A-Za-z0-9+/]+={0,2}$/),
   /** Optional fixed amount for monetary passes (vouchers, gift cards) in kobo. */
-  amountKobo: z10.number().int().nonnegative().optional(),
+  amountKobo: z9.number().int().nonnegative().optional(),
   /** ISO-4217-ish currency code; required on the wire. SDK builders default to NGN. */
-  currency: z10.string().min(3).max(8),
+  currency: z9.string().min(3).max(8),
   /** Monotonic redemption counter floor. Redemption.counter MUST be > counterSeed. */
-  counterSeed: z10.number().int().nonnegative(),
+  counterSeed: z9.number().int().nonnegative(),
   /** Optional cumulative spend cap in kobo across all redemptions of this pass. */
-  cumulativeCapKobo: z10.number().int().nonnegative().optional(),
+  cumulativeCapKobo: z9.number().int().nonnegative().optional(),
   /** ASN.1 DER ECDSA P-256 signature, base64. */
-  issuerSig: z10.string().min(64).max(2048).regex(/^[A-Za-z0-9+/]+={0,2}$/)
+  issuerSig: z9.string().min(64).max(2048).regex(/^[A-Za-z0-9+/]+={0,2}$/)
 }).refine((v) => v.validUntilMs > v.validFromMs, {
   message: "validUntilMs must be greater than validFromMs"
 });
@@ -2784,20 +2427,20 @@ function isPassWithinValidity(pass, nowMs) {
 }
 
 // src/passes/redemption.ts
-import { z as z11 } from "zod";
-var Base64Std3 = z11.string().min(16).max(2048).regex(/^[A-Za-z0-9+/]+={0,2}$/, "expected base64 (std)");
-var RedemptionSchema = z11.object({
+import { z as z10 } from "zod";
+var Base64Std2 = z10.string().min(16).max(2048).regex(/^[A-Za-z0-9+/]+={0,2}$/, "expected base64 (std)");
+var RedemptionSchema = z10.object({
   pass: PassSchema,
-  redeemerId: z11.string().min(1),
-  redeemedAtMs: z11.number().int().nonnegative(),
+  redeemerId: z10.string().min(1),
+  redeemedAtMs: z10.number().int().nonnegative(),
   /** Strictly monotonic counter scoped to a single pass. Must be > pass.counterSeed
    *  and > the redeemer's lastSeenCounter for this pass. */
-  counter: z11.number().int().positive(),
+  counter: z10.number().int().positive(),
   /** Amount being redeemed in kobo (0 for non-monetary passes like ride tickets). */
-  amountKobo: z11.number().int().nonnegative(),
-  nonce: z11.string().min(1),
+  amountKobo: z10.number().int().nonnegative(),
+  nonce: z10.string().min(1),
   /** ASN.1 DER ECDSA P-256 signature over canonicalJSONBytes(unsigned), base64. */
-  holderSig: Base64Std3
+  holderSig: Base64Std2
 });
 var REDEEMABLE_STATES = /* @__PURE__ */ new Set(["issued", "active"]);
 function buildRedemption(input) {
@@ -2879,40 +2522,40 @@ function verifyRedemption(r, issuerPublicKeySpkiB64) {
 }
 
 // src/receipts/receipt.ts
-import { z as z12 } from "zod";
+import { z as z11 } from "zod";
 var RECEIPT_CHANNELS = ["cash", "pass"];
 var RECEIPT_KINDS = RECEIPT_CHANNELS;
-var ReceiptPayloadSchema = z12.record(
-  z12.union([z12.string(), z12.number(), z12.boolean(), z12.null()])
+var ReceiptPayloadSchema = z11.record(
+  z11.union([z11.string(), z11.number(), z11.boolean(), z11.null()])
 );
-var ReceiptSchema = z12.object({
-  receiptId: z12.string().min(1),
-  channel: z12.enum(RECEIPT_CHANNELS),
+var ReceiptSchema = z11.object({
+  receiptId: z11.string().min(1),
+  channel: z11.enum(RECEIPT_CHANNELS),
   /** Cash-channel: send_intents.id. Required when channel === 'cash'. */
-  intentId: z12.string().min(1).optional(),
+  intentId: z11.string().min(1).optional(),
   /** Pass-channel: pass_redemptions.id. Required when channel === 'pass'. */
-  passRedemptionId: z12.string().min(1).optional(),
-  payerUserId: z12.string().min(1),
-  payeeUserId: z12.string().min(1),
-  amountKobo: z12.number().int().nonnegative(),
-  currency: z12.string().min(3).max(8),
-  issuedAtMs: z12.number().int().nonnegative(),
-  issuerId: z12.string().min(1),
+  passRedemptionId: z11.string().min(1).optional(),
+  payerUserId: z11.string().min(1),
+  payeeUserId: z11.string().min(1),
+  amountKobo: z11.number().int().nonnegative(),
+  currency: z11.string().min(3).max(8),
+  issuedAtMs: z11.number().int().nonnegative(),
+  issuerId: z11.string().min(1),
   payload: ReceiptPayloadSchema,
   /** ASN.1 DER ECDSA P-256 signature, base64. */
-  issuerSig: z12.string().min(64).max(2048).regex(/^[A-Za-z0-9+/]+={0,2}$/)
+  issuerSig: z11.string().min(64).max(2048).regex(/^[A-Za-z0-9+/]+={0,2}$/)
 }).superRefine((v, ctx) => {
   if (v.channel === "cash") {
     if (!v.intentId) {
       ctx.addIssue({
-        code: z12.ZodIssueCode.custom,
+        code: z11.ZodIssueCode.custom,
         message: "cash receipts require intentId",
         path: ["intentId"]
       });
     }
     if (v.passRedemptionId) {
       ctx.addIssue({
-        code: z12.ZodIssueCode.custom,
+        code: z11.ZodIssueCode.custom,
         message: "cash receipts must not carry passRedemptionId",
         path: ["passRedemptionId"]
       });
@@ -2920,14 +2563,14 @@ var ReceiptSchema = z12.object({
   } else if (v.channel === "pass") {
     if (!v.passRedemptionId) {
       ctx.addIssue({
-        code: z12.ZodIssueCode.custom,
+        code: z11.ZodIssueCode.custom,
         message: "pass receipts require passRedemptionId",
         path: ["passRedemptionId"]
       });
     }
     if (v.intentId) {
       ctx.addIssue({
-        code: z12.ZodIssueCode.custom,
+        code: z11.ZodIssueCode.custom,
         message: "pass receipts must not carry intentId",
         path: ["intentId"]
       });
@@ -3229,28 +2872,244 @@ function init(opts) {
 }
 
 // src/accounts/client.ts
-import { z as z13 } from "zod";
+import { z as z12 } from "zod";
 var ACCOUNT_TYPES = ["personal", "business", "partner"];
 var ACCOUNT_STATUSES = ["active", "suspended", "closed"];
 var MEMBERSHIP_ROLES = ["owner", "admin", "driver", "staff"];
-var AccountSchema = z13.object({
-  accountId: z13.string().uuid(),
-  type: z13.enum(ACCOUNT_TYPES),
-  displayName: z13.string().min(1),
-  status: z13.enum(ACCOUNT_STATUSES),
-  ownerUserId: z13.string().uuid().nullable(),
-  createdAtMs: z13.number().int().nonnegative()
+var AccountSchema = z12.object({
+  accountId: z12.string().uuid(),
+  type: z12.enum(ACCOUNT_TYPES),
+  displayName: z12.string().min(1),
+  status: z12.enum(ACCOUNT_STATUSES),
+  ownerUserId: z12.string().uuid().nullable(),
+  createdAtMs: z12.number().int().nonnegative()
+});
+var AccountMembershipSchema = z12.object({
+  accountId: z12.string().uuid(),
+  userId: z12.string().uuid(),
+  role: z12.enum(MEMBERSHIP_ROLES),
+  createdAtMs: z12.number().int().nonnegative()
+});
+function createAccountsClient(opts) {
+  const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
+  if (!fetchImpl) {
+    throw new Error("createAccountsClient: no fetch implementation available");
+  }
+  const baseUrl = opts.baseUrl.replace(/\/$/, "");
+  async function call(method, path, body, parser) {
+    const init2 = {
+      method,
+      headers: {
+        "content-type": "application/json",
+        accept: "application/json"
+      }
+    };
+    if (body !== void 0) init2.body = JSON.stringify(body);
+    const resp = await fetchImpl(`${baseUrl}${path}`, init2);
+    const text = await resp.text();
+    let raw = void 0;
+    if (text) {
+      try {
+        raw = JSON.parse(text);
+      } catch {
+      }
+    }
+    if (!resp.ok) {
+      const code = raw && typeof raw === "object" && "code" in raw && typeof raw.code === "string" ? raw.code : `http_${resp.status}`;
+      const message = raw && typeof raw === "object" && "message" in raw && typeof raw.message === "string" ? raw.message : `request failed with status ${resp.status}`;
+      throw new FlurApiError(resp.status, code, message, raw);
+    }
+    return parser(raw);
+  }
+  const itemsSchema = z12.object({ items: z12.array(AccountSchema) });
+  const memberItemsSchema = z12.object({
+    items: z12.array(AccountMembershipSchema)
+  });
+  return {
+    listMyAccounts: () => call(
+      "GET",
+      "/v1/accounts/me",
+      void 0,
+      (raw) => itemsSchema.parse(raw)
+    ),
+    getAccount: (accountId) => call(
+      "GET",
+      `/v1/accounts/${encodeURIComponent(accountId)}`,
+      void 0,
+      (raw) => AccountSchema.parse(raw)
+    ),
+    listMembers: (accountId) => call(
+      "GET",
+      `/v1/accounts/${encodeURIComponent(accountId)}/members`,
+      void 0,
+      (raw) => memberItemsSchema.parse(raw)
+    ),
+    createBusinessAccount: (input) => call("POST", "/v1/accounts", input, (raw) => AccountSchema.parse(raw)),
+    addMember: (accountId, input) => call(
+      "POST",
+      `/v1/accounts/${encodeURIComponent(accountId)}/members`,
+      input,
+      (raw) => AccountMembershipSchema.parse(raw)
+    )
+  };
+}
+
+// src/me-offline/client.ts
+import { z as z13 } from "zod";
+var Sha256Hex = z13.string().regex(/^[0-9a-f]{64}$/);
+var Base64Std3 = z13.string().regex(/^[A-Za-z0-9+/]+={0,2}$/);
+var ClaimNonce = z13.string().min(8).max(128).refine((value) => !value.includes("|"), {
+  message: "nonce must not contain |"
+});
+var ACCOUNT_FUNDED_OAC_MAX_TTL_MS = 1e3 * 60 * 60 * 24 * 7;
+var CONSUMER_OFFLINE_CLAIM_SUBMIT_GRACE_MS = 1e3 * 60 * 60 * 24;
+var AttestationSecurityLevelSchema = z13.enum([
+  "STRONGBOX",
+  "TEE",
+  "SECURE_ENCLAVE",
+  "SOFTWARE"
+]);
+var DeviceKeyAlgSchema = z13.literal("p256");
+var RegisterDeviceKeyP256InputSchema = z13.object({
+  deviceId: z13.string().min(1).max(128),
+  /** P-256 SubjectPublicKeyInfo DER, base64. */
+  publicKeySpkiB64: Base64Std3.min(64).max(4096),
+  /** Base64 of the server-issued enrollment challenge string. */
+  challengeB64: Base64Std3.min(8).max(1024),
+  /** iOS App Attest payload or Android X.509 Key Attestation chain. */
+  attestationChainB64: z13.array(Base64Std3.min(16).max(16384)).min(1).max(16),
+  securityLevel: AttestationSecurityLevelSchema
+});
+var P256EnrollmentChallengeInputSchema = z13.object({
+  deviceId: z13.string().min(1).max(128)
+});
+var P256EnrollmentChallengeResultSchema = z13.object({
+  challenge: z13.string().min(16),
+  expiresAtMs: z13.number().int().positive()
+});
+var DeviceKeyRecordSchema = z13.object({
+  id: z13.string().uuid(),
+  userId: z13.string().uuid(),
+  deviceId: z13.string(),
+  /** Always 'p256' on the consumer offline rail. Field retained for forward-compat. */
+  alg: DeviceKeyAlgSchema.default("p256"),
+  /** P-256 SubjectPublicKeyInfo DER, base64. */
+  publicKeySpkiB64: Base64Std3.nullable().default(null),
+  securityLevel: AttestationSecurityLevelSchema.nullable().default(null),
+  hardwareBacked: z13.boolean().default(false),
+  attestedAtMs: z13.number().int().nonnegative().nullable().default(null),
+  createdAtMs: z13.number().int().nonnegative(),
+  revokedAtMs: z13.number().int().nonnegative().nullable()
+});
+var ConsumerOACSchema = z13.object({
+  oacId: z13.string().uuid(),
+  issuerId: z13.string().min(1).max(64),
+  userId: z13.string().uuid(),
+  deviceId: z13.string().min(1).max(128),
+  /**
+   * Always 'p256'. Required on the wire (backend always emits it).
+   * Kept as a literal so input/output infer identically and the schema
+   * can be nested inside other response shapes without Zod input/output
+   * divergence under tsup DTS bundling.
+   */
+  alg: z13.literal("p256"),
+  /** P-256 SubjectPublicKeyInfo DER, base64. */
+  devicePubkeySpkiB64: Base64Std3.min(64).max(4096),
+  perTxCapKobo: z13.number().int().positive(),
+  cumulativeCapKobo: z13.number().int().positive(),
+  currency: z13.string().length(3),
+  validFromMs: z13.number().int().nonnegative(),
+  validUntilMs: z13.number().int().nonnegative(),
+  counterSeed: z13.number().int().nonnegative(),
+  issuedAtMs: z13.number().int().nonnegative()
+});
+var SignedConsumerOACSchema = z13.object({
+  oac: ConsumerOACSchema,
+  /** ASN.1 DER ECDSA P-256 issuer signature, base64. */
+  issuerSig: Base64Std3.min(16).max(2048),
+  /** Issuer's P-256 public key as SubjectPublicKeyInfo DER, base64. */
+  issuerPublicKeySpkiB64: Base64Std3.min(64).max(4096)
 });
-var AccountMembershipSchema = z13.object({
-  accountId: z13.string().uuid(),
-  userId: z13.string().uuid(),
-  role: z13.enum(MEMBERSHIP_ROLES),
-  createdAtMs: z13.number().int().nonnegative()
+var OACRecordSchema = SignedConsumerOACSchema.extend({
+  currentOfflineSpentKobo: z13.number().int().nonnegative(),
+  status: z13.enum(["active", "superseded", "expired", "revoked"]),
+  supersededAtMs: z13.number().int().nonnegative().nullable(),
+  revokedAtMs: z13.number().int().nonnegative().nullable()
 });
-function createAccountsClient(opts) {
+var IssueAccountOacInputSchema = z13.object({
+  deviceId: z13.string().min(1).max(128),
+  perTxCapKobo: z13.number().int().positive().optional(),
+  cumulativeCapKobo: z13.number().int().positive().optional(),
+  ttlMs: z13.number().int().min(6e4).max(ACCOUNT_FUNDED_OAC_MAX_TTL_MS).optional()
+});
+var OfflineStatusResultSchema = z13.object({
+  active: OACRecordSchema.nullable()
+});
+var ConsumerPaymentClaimSchema = z13.object({
+  /** Always 'p256'. Retained for forward-compat and as an explicit domain marker. */
+  alg: z13.literal("p256").default("p256"),
+  oacId: z13.string().uuid(),
+  encounterId: Sha256Hex.optional(),
+  payerUserId: z13.string().uuid(),
+  payeeUserId: z13.string().uuid(),
+  payerDeviceId: z13.string().min(1).max(128),
+  payerNonce: ClaimNonce,
+  payeeNonce: ClaimNonce,
+  amountKobo: z13.number().int().positive(),
+  currency: z13.string().length(3).default("NGN"),
+  occurredAtMs: z13.number().int().nonnegative(),
+  completedAtMs: z13.number().int().nonnegative().optional(),
+  contextId: z13.string().max(128).optional(),
+  requestId: z13.string().uuid().optional(),
+  requestMode: z13.enum(["fixed", "editable"]).optional(),
+  requestTakerUserId: z13.string().uuid().optional(),
+  requestAmountKobo: z13.number().int().positive().optional(),
+  requestCurrency: z13.string().length(3).optional(),
+  requestReference: z13.string().max(128).nullable().optional(),
+  requestCreatedAtMs: z13.number().int().nonnegative().optional(),
+  requestExpiresAtMs: z13.number().int().positive().optional(),
+  requestNonce: z13.string().min(8).max(128).optional(),
+  requestTakerDeviceId: z13.string().min(1).max(128).nullable().optional(),
+  requestTakerPubkeySpkiB64: Base64Std3.min(64).max(4096).optional(),
+  requestTakerSignatureDerB64: Base64Std3.min(16).max(2048).optional(),
+  payerPubkeySpkiB64: Base64Std3.min(64).max(4096),
+  payerSignatureDerB64: Base64Std3.min(16).max(2048),
+  payeePubkeySpkiB64: Base64Std3.min(64).max(4096).optional(),
+  payeeSignatureDerB64: Base64Std3.min(16).max(2048).optional()
+});
+var ConsumerSettlementSchema = z13.object({
+  settlementId: z13.string().uuid(),
+  settlementKey: Sha256Hex,
+  encounterId: Sha256Hex,
+  oacId: z13.string().uuid(),
+  payerUserId: z13.string().uuid(),
+  payeeUserId: z13.string().uuid(),
+  amountKobo: z13.number().int().positive(),
+  currency: z13.string().length(3),
+  status: z13.enum(["SETTLED", "REVIEW"]),
+  reviewReason: z13.string().nullable(),
+  ledgerRef: z13.string().nullable(),
+  /** ASN.1 DER ECDSA P-256 issuer signature, base64. */
+  issuerSig: Base64Std3.min(16).max(2048),
+  /** Canonical millisecond timestamp signed into the settlement receipt. */
+  issuedAtMs: z13.number().int().nonnegative(),
+  /** Compatibility alias for API consumers that predate issuedAtMs. */
+  createdAtMs: z13.number().int().nonnegative().optional()
+});
+var ConsumerSettleResultSchema = z13.object({
+  settlement: ConsumerSettlementSchema,
+  encounterId: Sha256Hex,
+  replayed: z13.boolean()
+});
+var RevokeDeviceKeyInputSchema = z13.object({
+  deviceId: z13.string().min(1).max(128),
+  /** Step-up token from /api/v1/auth/send/verify with purpose='offline_revoke'. */
+  sendAuthToken: z13.string().min(16)
+});
+function createMeOfflineClient(opts) {
   const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
   if (!fetchImpl) {
-    throw new Error("createAccountsClient: no fetch implementation available");
+    throw new Error("createMeOfflineClient: no fetch implementation available");
   }
   const baseUrl = opts.baseUrl.replace(/\/$/, "");
   async function call(method, path, body, parser) {
@@ -3278,42 +3137,67 @@ function createAccountsClient(opts) {
     }
     return parser(raw);
   }
-  const itemsSchema = z13.object({ items: z13.array(AccountSchema) });
-  const memberItemsSchema = z13.object({
-    items: z13.array(AccountMembershipSchema)
-  });
+  const deviceKeyItems = z13.object({ items: z13.array(DeviceKeyRecordSchema) });
   return {
-    listMyAccounts: () => call(
-      "GET",
-      "/v1/accounts/me",
-      void 0,
-      (raw) => itemsSchema.parse(raw)
+    issueP256EnrollmentChallenge: (input) => call(
+      "POST",
+      "/v1/me/offline/keys/p256/challenge",
+      P256EnrollmentChallengeInputSchema.parse(input),
+      (raw) => P256EnrollmentChallengeResultSchema.parse(raw)
     ),
-    getAccount: (accountId) => call(
-      "GET",
-      `/v1/accounts/${encodeURIComponent(accountId)}`,
-      void 0,
-      (raw) => AccountSchema.parse(raw)
+    registerDeviceKeyP256: (input) => call(
+      "POST",
+      "/v1/me/offline/keys/p256",
+      RegisterDeviceKeyP256InputSchema.parse(input),
+      (raw) => DeviceKeyRecordSchema.parse(raw)
     ),
-    listMembers: (accountId) => call(
+    listDeviceKeys: () => call(
       "GET",
-      `/v1/accounts/${encodeURIComponent(accountId)}/members`,
+      "/v1/me/offline/keys",
       void 0,
-      (raw) => memberItemsSchema.parse(raw)
+      (raw) => deviceKeyItems.parse(raw)
     ),
-    createBusinessAccount: (input) => call("POST", "/v1/accounts", input, (raw) => AccountSchema.parse(raw)),
-    addMember: (accountId, input) => call(
+    revokeDeviceKey: (input) => call(
       "POST",
-      `/v1/accounts/${encodeURIComponent(accountId)}/members`,
-      input,
-      (raw) => AccountMembershipSchema.parse(raw)
+      "/v1/me/offline/keys/revoke",
+      RevokeDeviceKeyInputSchema.parse(input),
+      () => void 0
+    ),
+    issueAccountOac: (input) => call(
+      "POST",
+      "/v1/me/offline/oac",
+      IssueAccountOacInputSchema.parse(input),
+      (raw) => OACRecordSchema.parse(raw)
+    ),
+    getStatus: (deviceId) => {
+      const qs = deviceId ? `?deviceId=${encodeURIComponent(deviceId)}` : "";
+      return call(
+        "GET",
+        `/v1/me/offline/status${qs}`,
+        void 0,
+        (raw) => OfflineStatusResultSchema.parse(raw)
+      );
+    },
+    submitClaim: (claim) => call(
+      "POST",
+      "/v1/me/offline/claims",
+      ConsumerPaymentClaimSchema.parse(claim),
+      (raw) => ConsumerSettleResultSchema.parse(raw)
+    ),
+    getSettlement: (idOrKey) => call(
+      "GET",
+      `/v1/me/offline/settlements/${encodeURIComponent(idOrKey)}`,
+      void 0,
+      (raw) => ConsumerSettlementSchema.parse(raw)
     )
   };
 }
 
 // src/me-offline/signer.ts
 import { p256 as p2562 } from "@noble/curves/nist";
+import { sha256 as sha2564 } from "@noble/hashes/sha2";
 var CLAIM_DOMAIN_V2 = "flur:consumer-offline:v2:claim";
+var ENCOUNTER_DOMAIN2 = "flur:consumer-offline:v1:encounter";
 function canonicalClaimSigningPayload(claim) {
   return {
     domain: CLAIM_DOMAIN_V2,
@@ -3334,6 +3218,27 @@ function canonicalClaimSigningPayload(claim) {
 function canonicalClaimSigningBytes(claim) {
   return canonicalJSONBytes(canonicalClaimSigningPayload(claim));
 }
+function computeConsumerClaimEncounterId(input) {
+  const material = `${ENCOUNTER_DOMAIN2}|${[
+    assertEncounterPart("oacId", input.oacId),
+    assertEncounterPart("payerUserId", input.payerUserId),
+    assertEncounterPart("payeeUserId", input.payeeUserId),
+    assertEncounterPart("payerNonce", input.payerNonce),
+    assertEncounterPart("payeeNonce", input.payeeNonce)
+  ].join("|")}`;
+  return bytesToHex5(sha2564(new TextEncoder().encode(material)));
+}
+function assertEncounterPart(field, value) {
+  if (value.includes("|")) {
+    throw new Error(`consumer encounter id ${field} must not contain |`);
+  }
+  return value;
+}
+function bytesToHex5(bytes) {
+  let out = "";
+  for (const byte of bytes) out += byte.toString(16).padStart(2, "0");
+  return out;
+}
 function bytesToBase642(bytes) {
   if (typeof Buffer !== "undefined") {
     return Buffer.from(bytes).toString("base64");
@@ -3429,38 +3334,192 @@ function verifyClaimSignature(input) {
   }
 }
 
-// src/me-offline/sms.ts
-var OFFLINE_CLAIM_SMS_PREFIX = "FLURC1.";
-var TOKEN_RE = /(?:^|\s)(FLURC1\.[A-Za-z0-9_-]+={0,2})(?:\s|$)/;
-function encodeOfflineClaimSmsMessage(claim) {
-  const parsed = ConsumerPaymentClaimSchema.parse(claim);
-  const json = JSON.stringify(parsed);
-  return `${OFFLINE_CLAIM_SMS_PREFIX}${base64UrlEncodeUtf8(json)}`;
+// src/me-offline/request.ts
+import { z as z14 } from "zod";
+var Base64Std4 = z14.string().regex(/^[A-Za-z0-9+/]+={0,2}$/);
+var CONSUMER_PAYMENT_REQUEST_DOMAIN = "flur:consumer-offline:v1:request";
+var ConsumerPaymentRequestEnvelopeSchema = z14.object({
+  requestId: z14.string().uuid(),
+  mode: z14.enum(["fixed", "editable"]),
+  takerUserId: z14.string().uuid(),
+  amountKobo: z14.number().int().positive(),
+  currency: z14.string().length(3).default("NGN"),
+  reference: z14.string().max(128).nullable().default(null),
+  createdAtMs: z14.number().int().nonnegative(),
+  expiresAtMs: z14.number().int().positive(),
+  nonce: z14.string().min(8).max(128),
+  takerDeviceId: z14.string().min(1).max(128).nullable().default(null),
+  takerPubkeySpkiB64: Base64Std4.min(64).max(4096).optional(),
+  takerSignatureDerB64: Base64Std4.min(16).max(2048).optional()
+}).superRefine((value, ctx) => {
+  if (value.expiresAtMs <= value.createdAtMs) {
+    ctx.addIssue({
+      code: z14.ZodIssueCode.custom,
+      path: ["expiresAtMs"],
+      message: "expiresAtMs must be greater than createdAtMs"
+    });
+  }
+  const hasSignature = Boolean(
+    value.takerPubkeySpkiB64 || value.takerSignatureDerB64
+  );
+  if (value.mode === "fixed" || hasSignature) {
+    if (!value.takerDeviceId) {
+      ctx.addIssue({
+        code: z14.ZodIssueCode.custom,
+        path: ["takerDeviceId"],
+        message: "signed requests require takerDeviceId"
+      });
+    }
+    if (!value.takerPubkeySpkiB64) {
+      ctx.addIssue({
+        code: z14.ZodIssueCode.custom,
+        path: ["takerPubkeySpkiB64"],
+        message: "signed requests require takerPubkeySpkiB64"
+      });
+    }
+    if (!value.takerSignatureDerB64) {
+      ctx.addIssue({
+        code: z14.ZodIssueCode.custom,
+        path: ["takerSignatureDerB64"],
+        message: "signed requests require takerSignatureDerB64"
+      });
+    }
+  }
+});
+function buildConsumerPaymentRequest(input) {
+  const unsigned = {
+    requestId: input.requestId,
+    mode: input.mode,
+    takerUserId: input.takerUserId,
+    amountKobo: input.amountKobo,
+    currency: input.currency ?? "NGN",
+    reference: input.reference ?? null,
+    createdAtMs: input.createdAtMs,
+    expiresAtMs: input.expiresAtMs,
+    nonce: input.nonce,
+    takerDeviceId: input.takerDeviceId ?? null
+  };
+  if (unsigned.mode === "fixed" && !unsigned.takerDeviceId) {
+    throw new Error("fixed requests require takerDeviceId");
+  }
+  if (unsigned.expiresAtMs <= unsigned.createdAtMs) {
+    throw new Error("expiresAtMs must be greater than createdAtMs");
+  }
+  return unsigned;
 }
-function decodeOfflineClaimSmsMessage(message) {
-  const token = extractOfflineClaimSmsToken(message);
-  if (!token) {
-    throw new Error("offline claim SMS token not found");
+function consumerPaymentRequestSigningPayload(request) {
+  return {
+    domain: CONSUMER_PAYMENT_REQUEST_DOMAIN,
+    version: 1,
+    requestId: request.requestId,
+    mode: request.mode,
+    takerUserId: request.takerUserId,
+    amountKobo: request.amountKobo,
+    currency: request.currency,
+    reference: request.reference ?? null,
+    createdAtMs: request.createdAtMs,
+    expiresAtMs: request.expiresAtMs,
+    nonce: request.nonce,
+    takerDeviceId: request.takerDeviceId ?? null
+  };
+}
+function consumerPaymentRequestSigningBytes(request) {
+  return canonicalJSONBytes(consumerPaymentRequestSigningPayload(request));
+}
+async function signConsumerPaymentRequest(unsigned, signer) {
+  if (signer.alg !== "p256") {
+    throw new Error("consumer payment requests require p256 signer");
   }
-  const encoded = token.slice(OFFLINE_CLAIM_SMS_PREFIX.length);
+  const publicKey = await signer.getPublicKey();
+  if (publicKey.alg !== "p256") {
+    throw new Error("consumer payment requests require p256 public key");
+  }
+  const signature = await signer.sign(
+    consumerPaymentRequestSigningBytes(unsigned)
+  );
+  return ConsumerPaymentRequestEnvelopeSchema.parse({
+    ...unsigned,
+    takerPubkeySpkiB64: publicKey.publicKey,
+    takerSignatureDerB64: signature.signature
+  });
+}
+function verifyConsumerPaymentRequest(request) {
+  const parsed = ConsumerPaymentRequestEnvelopeSchema.safeParse(request);
+  if (!parsed.success) return false;
+  const value = parsed.data;
+  if (!value.takerPubkeySpkiB64 || !value.takerSignatureDerB64) return false;
+  return verifyClaimSignature({
+    alg: "p256",
+    bytes: consumerPaymentRequestSigningBytes(value),
+    signature: value.takerSignatureDerB64,
+    publicKey: value.takerPubkeySpkiB64
+  });
+}
+function isConsumerPaymentRequestExpired(request, nowMs = Date.now()) {
+  const parsed = ConsumerPaymentRequestEnvelopeSchema.parse(request);
+  return parsed.expiresAtMs <= nowMs;
+}
+
+// src/me-offline/settlement.ts
+var CONSUMER_SETTLEMENT_DOMAIN = "flur:consumer-offline:v1:settlement";
+var CONSUMER_SETTLEMENT_RECEIPT_QR_PREFIX = "FLURSR1.";
+function consumerSettlementSigningPayload(settlement) {
+  return {
+    domain: CONSUMER_SETTLEMENT_DOMAIN,
+    settlementId: settlement.settlementId,
+    settlementKey: settlement.settlementKey,
+    encounterId: settlement.encounterId,
+    oacId: settlement.oacId,
+    payerUserId: settlement.payerUserId,
+    payeeUserId: settlement.payeeUserId,
+    amountKobo: settlement.amountKobo,
+    currency: settlement.currency,
+    status: settlement.status,
+    reviewReason: settlement.reviewReason,
+    ledgerRef: settlement.ledgerRef,
+    issuedAtMs: settlement.issuedAtMs
+  };
+}
+function verifyConsumerSettlement(settlement, issuerPublicKeySpkiB64) {
+  const parsed = ConsumerSettlementSchema.safeParse(settlement);
+  if (!parsed.success) return false;
+  return verifyIssuerP256(
+    canonicalJSONBytes(consumerSettlementSigningPayload(parsed.data)),
+    parsed.data.issuerSig,
+    issuerPublicKeySpkiB64
+  );
+}
+function encodeConsumerSettlementReceiptQR(settlement) {
+  const parsed = ConsumerSettlementSchema.parse(settlement);
+  return `${CONSUMER_SETTLEMENT_RECEIPT_QR_PREFIX}${base64UrlEncodeUtf8(
+    JSON.stringify(parsed)
+  )}`;
+}
+function decodeUnverifiedConsumerSettlementReceiptQR(value) {
+  if (!value.startsWith(CONSUMER_SETTLEMENT_RECEIPT_QR_PREFIX)) {
+    throw new Error("not a Flur consumer settlement receipt QR");
+  }
+  const encoded = value.slice(CONSUMER_SETTLEMENT_RECEIPT_QR_PREFIX.length);
   let raw;
   try {
     raw = JSON.parse(base64UrlDecodeUtf8(encoded));
   } catch {
-    throw new Error("offline claim SMS token is malformed");
+    throw new Error("consumer settlement receipt QR is malformed");
   }
-  const parsed = ConsumerPaymentClaimSchema.safeParse(raw);
-  if (!parsed.success) {
-    throw new Error("offline claim SMS token is invalid");
+  return ConsumerSettlementSchema.parse(raw);
+}
+function verifyConsumerSettlementReceiptQR(value, issuerPublicKeySpkiB64) {
+  const settlement = decodeUnverifiedConsumerSettlementReceiptQR(value);
+  if (!verifyConsumerSettlement(settlement, issuerPublicKeySpkiB64)) {
+    throw new Error("consumer settlement receipt QR signature invalid");
   }
-  return parsed.data;
+  return settlement;
 }
-function extractOfflineClaimSmsToken(message) {
-  const trimmed = message.trim();
-  if (trimmed.startsWith(OFFLINE_CLAIM_SMS_PREFIX)) {
-    return trimmed.split(/\s+/, 1)[0] ?? null;
+function decodeConsumerSettlementReceiptQR(value, issuerPublicKeySpkiB64) {
+  if (!issuerPublicKeySpkiB64) {
+    return decodeUnverifiedConsumerSettlementReceiptQR(value);
   }
-  return TOKEN_RE.exec(message)?.[1] ?? null;
+  return verifyConsumerSettlementReceiptQR(value, issuerPublicKeySpkiB64);
 }
 function base64UrlEncodeUtf8(input) {
   const bytes = new TextEncoder().encode(input);
@@ -3490,15 +3549,281 @@ function base64UrlDecodeUtf8(input) {
   throw new Error("base64 decoder unavailable");
 }
 
+// src/me-offline/sms.ts
+import { p256 as p2563 } from "@noble/curves/nist";
+var OFFLINE_CLAIM_SMS_PREFIX = "FLURC1.";
+var CLAIM_TOKEN_RE = /(?:^|\s)(FLURC1\.[A-Za-z0-9_-]+={0,2})(?:\s|$)/;
+function encodeOfflineClaimSmsMessage(claim) {
+  const parsed = ConsumerPaymentClaimSchema.parse(claim);
+  return `${OFFLINE_CLAIM_SMS_PREFIX}${base64UrlEncodeUtf82(
+    JSON.stringify(parsed)
+  )}`;
+}
+function decodeOfflineClaimSmsMessage(message) {
+  const token = extractOfflineClaimSmsToken(message);
+  if (!token) throw new Error("offline claim QR token not found");
+  const encoded = token.slice(OFFLINE_CLAIM_SMS_PREFIX.length);
+  let raw;
+  try {
+    raw = JSON.parse(base64UrlDecodeUtf82(encoded));
+  } catch {
+    throw new Error("offline claim QR token is malformed");
+  }
+  const parsed = ConsumerPaymentClaimSchema.safeParse(raw);
+  if (!parsed.success) throw new Error("offline claim QR token is invalid");
+  return parsed.data;
+}
+function extractOfflineClaimSmsToken(message) {
+  const trimmed = message.trim();
+  if (trimmed.startsWith(OFFLINE_CLAIM_SMS_PREFIX)) {
+    return trimmed.split(/\s+/, 1)[0] ?? null;
+  }
+  return CLAIM_TOKEN_RE.exec(message)?.[1] ?? null;
+}
+var OFFLINE_SMS_SETTLE_PREFIX = "FLURA1.";
+var OFFLINE_SMS_SETTLE_DOMAIN = "flur:consumer-offline:v1:attest";
+var OFFLINE_SMS_SETTLE_TOKEN_BYTES = 112;
+var OFFLINE_SMS_SETTLE_HEADER_BYTES = 48;
+var OFFLINE_SMS_SETTLE_SIGNATURE_BYTES = 64;
+var OFFLINE_SMS_SETTLE_VERSION = 1;
+var TOKEN_RE = /(?:^|[\s,;:()<>"'])(FLURA1\.[A-Za-z0-9_-]{150})/;
+async function encodeOfflineSmsSettleToken(input, signer) {
+  const header = await buildSmsSettleHeader(input);
+  const sig = await signer.signRaw(domainTag(header));
+  if (sig.length !== OFFLINE_SMS_SETTLE_SIGNATURE_BYTES) {
+    throw new Error(
+      `FLURA1: signer returned ${sig.length}-byte sig; expected ${OFFLINE_SMS_SETTLE_SIGNATURE_BYTES}`
+    );
+  }
+  const out = new Uint8Array(OFFLINE_SMS_SETTLE_TOKEN_BYTES);
+  out.set(header, 0);
+  out.set(sig, OFFLINE_SMS_SETTLE_HEADER_BYTES);
+  return `${OFFLINE_SMS_SETTLE_PREFIX}${bytesToBase64Url(out)}`;
+}
+async function buildSmsSettleHeader(input) {
+  assertSafeUint64(input.amountKobo, "amountKobo");
+  if (input.amountKobo <= 0) {
+    throw new Error("FLURA1: amountKobo must be greater than zero");
+  }
+  assertSafeUint48(input.occurredAtMs, "occurredAtMs");
+  const encounterPrefix = (await sha2565(utf8(input.encounterId))).slice(0, 16);
+  const payerPrefix = uuidToBytes(input.payerUserId).slice(0, 8);
+  const payeePrefix = uuidToBytes(input.payeeUserId).slice(0, 8);
+  const header = new Uint8Array(OFFLINE_SMS_SETTLE_HEADER_BYTES);
+  const dv = new DataView(header.buffer);
+  header[0] = OFFLINE_SMS_SETTLE_VERSION;
+  header[1] = 0;
+  header.set(encounterPrefix, 2);
+  header.set(payerPrefix, 18);
+  header.set(payeePrefix, 26);
+  writeUint64BE(dv, 34, input.amountKobo);
+  writeUint48BE(dv, 42, input.occurredAtMs);
+  return header;
+}
+function domainTag(header) {
+  if (header.length !== OFFLINE_SMS_SETTLE_HEADER_BYTES) {
+    throw new Error(
+      `FLURA1: header must be ${OFFLINE_SMS_SETTLE_HEADER_BYTES} bytes`
+    );
+  }
+  const domain = utf8(OFFLINE_SMS_SETTLE_DOMAIN);
+  const out = new Uint8Array(domain.length + header.length);
+  out.set(domain, 0);
+  out.set(header, domain.length);
+  return out;
+}
+function decodeOfflineSmsSettleToken(message) {
+  const token = extractOfflineSmsSettleToken(message);
+  if (!token) throw new Error("FLURA1: token not found");
+  const encoded = token.slice(OFFLINE_SMS_SETTLE_PREFIX.length);
+  let bytes;
+  try {
+    bytes = base64UrlToBytes(encoded);
+  } catch {
+    throw new Error("FLURA1: token base64url is malformed");
+  }
+  if (bytesToBase64Url(bytes) !== encoded) {
+    throw new Error("FLURA1: token base64url is malformed");
+  }
+  if (bytes.length !== OFFLINE_SMS_SETTLE_TOKEN_BYTES) {
+    throw new Error(
+      `FLURA1: expected ${OFFLINE_SMS_SETTLE_TOKEN_BYTES} bytes, got ${bytes.length}`
+    );
+  }
+  const version = bytes[0];
+  const flags = bytes[1];
+  if (version !== OFFLINE_SMS_SETTLE_VERSION) {
+    throw new Error(`FLURA1: unsupported version ${version}`);
+  }
+  if (flags !== 0) {
+    throw new Error(`FLURA1: reserved flags must be 0, got ${flags}`);
+  }
+  const header = bytes.slice(0, OFFLINE_SMS_SETTLE_HEADER_BYTES);
+  const signature = bytes.slice(OFFLINE_SMS_SETTLE_HEADER_BYTES);
+  const dv = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
+  const amountKobo = readUint64BE(dv, 34);
+  if (amountKobo <= 0) {
+    throw new Error("FLURA1: amountKobo must be greater than zero");
+  }
+  return {
+    version,
+    flags,
+    encounterIdPrefixHex: bytesToHex6(bytes.slice(2, 18)),
+    payerUserIdPrefixHex: bytesToHex6(bytes.slice(18, 26)),
+    payeeUserIdPrefixHex: bytesToHex6(bytes.slice(26, 34)),
+    amountKobo,
+    occurredAtMs: readUint48BE(dv, 42),
+    signature,
+    header,
+    signedBytes: domainTag(header)
+  };
+}
+function extractOfflineSmsSettleToken(message) {
+  const trimmed = message.trim();
+  if (trimmed.startsWith(OFFLINE_SMS_SETTLE_PREFIX)) {
+    return trimmed.split(/\s+/, 1)[0] ?? null;
+  }
+  return TOKEN_RE.exec(message)?.[1] ?? null;
+}
+function verifyOfflineSmsSettleToken(decoded, payerPubkeySpkiB64) {
+  try {
+    const pubRaw = p256SpkiB64ToRaw(payerPubkeySpkiB64);
+    return p2563.verify(decoded.signature, decoded.signedBytes, pubRaw, {
+      prehash: true,
+      format: "compact"
+    });
+  } catch {
+    return false;
+  }
+}
+function derToRawP256Signature(derBytes) {
+  const sig = p2563.Signature.fromBytes(derBytes, "der");
+  const raw = sig.toBytes("compact");
+  if (raw.length !== OFFLINE_SMS_SETTLE_SIGNATURE_BYTES) {
+    throw new Error(
+      `FLURA1: DER\u2192raw produced ${raw.length} bytes; expected ${OFFLINE_SMS_SETTLE_SIGNATURE_BYTES}`
+    );
+  }
+  return raw;
+}
+function utf8(s) {
+  return new TextEncoder().encode(s);
+}
+async function sha2565(bytes) {
+  const subtle = typeof globalThis !== "undefined" && globalThis.crypto?.subtle || void 0;
+  if (subtle) {
+    const digest = await subtle.digest("SHA-256", bytes);
+    return new Uint8Array(digest);
+  }
+  const { sha256: nobleSha256 } = await import("@noble/hashes/sha2");
+  return nobleSha256(bytes);
+}
+function uuidToBytes(uuid) {
+  const hex = uuid.replace(/-/g, "").toLowerCase();
+  if (hex.length !== 32 || !/^[0-9a-f]{32}$/.test(hex)) {
+    throw new Error(`FLURA1: invalid UUID: ${uuid}`);
+  }
+  const out = new Uint8Array(16);
+  for (let i = 0; i < 16; i++) {
+    out[i] = parseInt(hex.substring(i * 2, i * 2 + 2), 16);
+  }
+  return out;
+}
+function assertSafeUint64(value, field) {
+  if (!Number.isInteger(value) || value < 0) {
+    throw new Error(`FLURA1: ${field} must be a non-negative integer`);
+  }
+  if (value > Number.MAX_SAFE_INTEGER) {
+    throw new Error(`FLURA1: ${field} exceeds Number.MAX_SAFE_INTEGER`);
+  }
+}
+function assertSafeUint48(value, field) {
+  assertSafeUint64(value, field);
+  if (value > 281474976710655) {
+    throw new Error(`FLURA1: ${field} exceeds uint48 range`);
+  }
+}
+function writeUint64BE(dv, offset, value) {
+  const high = Math.floor(value / 4294967296);
+  const low = value >>> 0;
+  dv.setUint32(offset, high, false);
+  dv.setUint32(offset + 4, low, false);
+}
+function readUint64BE(dv, offset) {
+  const high = dv.getUint32(offset, false);
+  const low = dv.getUint32(offset + 4, false);
+  if (high > 2097151) {
+    throw new Error("FLURA1: amountKobo exceeds Number.MAX_SAFE_INTEGER");
+  }
+  return high * 4294967296 + low;
+}
+function writeUint48BE(dv, offset, value) {
+  const high = Math.floor(value / 65536);
+  const low = value & 65535;
+  dv.setUint32(offset, high, false);
+  dv.setUint16(offset + 4, low, false);
+}
+function readUint48BE(dv, offset) {
+  const high = dv.getUint32(offset, false);
+  const low = dv.getUint16(offset + 4, false);
+  return high * 65536 + low;
+}
+function bytesToHex6(bytes) {
+  let out = "";
+  for (let i = 0; i < bytes.length; i++) {
+    out += bytes[i].toString(16).padStart(2, "0");
+  }
+  return out;
+}
+function bytesToBase64Url(bytes) {
+  let base64;
+  if (typeof Buffer !== "undefined") {
+    base64 = Buffer.from(bytes).toString("base64");
+  } else {
+    let binary = "";
+    for (let i = 0; i < bytes.length; i++) {
+      binary += String.fromCharCode(bytes[i]);
+    }
+    if (typeof btoa !== "function") {
+      throw new Error("FLURA1: base64 encoder unavailable");
+    }
+    base64 = btoa(binary);
+  }
+  return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
+}
+function base64UrlEncodeUtf82(input) {
+  return bytesToBase64Url(utf8(input));
+}
+function base64UrlDecodeUtf82(input) {
+  return new TextDecoder().decode(base64UrlToBytes(input));
+}
+function base64UrlToBytes(input) {
+  const base64 = input.replace(/-/g, "+").replace(/_/g, "/");
+  const padded = base64.padEnd(
+    base64.length + (4 - base64.length % 4) % 4,
+    "="
+  );
+  if (typeof Buffer !== "undefined") {
+    return new Uint8Array(Buffer.from(padded, "base64"));
+  }
+  if (typeof atob !== "function") {
+    throw new Error("FLURA1: base64 decoder unavailable");
+  }
+  const binary = atob(padded);
+  const out = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) out[i] = binary.charCodeAt(i);
+  return out;
+}
+
 // src/partner-funding/client.ts
-import { z as z14 } from "zod";
-var MinorString = z14.string().regex(/^-?\d+$/);
-var PositiveMinor = z14.union([
-  z14.number().int().positive(),
-  z14.string().regex(/^[1-9]\d{0,18}$/)
+import { z as z15 } from "zod";
+var MinorString = z15.string().regex(/^-?\d+$/);
+var PositiveMinor = z15.union([
+  z15.number().int().positive(),
+  z15.string().regex(/^[1-9]\d{0,18}$/)
 ]);
-var Currency = z14.string().trim().length(3).transform((v) => v.toUpperCase());
-var Metadata = z14.record(z14.unknown());
+var Currency = z15.string().trim().length(3).transform((v) => v.toUpperCase());
+var Metadata = z15.record(z15.unknown());
 var PARTNER_KINDS = ["bank", "merchant"];
 var CUSTODIAL_MODES = ["agent_of_bank", "flur_virtual_pool"];
 var PARTNER_PROFILE_STATUSES = [
@@ -3525,126 +3850,126 @@ var WITHDRAWAL_STATES = [
   "failed",
   "reversed"
 ];
-var PartnerProfileSchema = z14.object({
-  partnerAccountId: z14.string().uuid(),
-  kind: z14.enum(PARTNER_KINDS),
-  custodialMode: z14.enum(CUSTODIAL_MODES),
-  displayName: z14.string(),
-  bankCode: z14.string().nullable(),
-  poolAccountNumber: z14.string().nullable(),
-  status: z14.enum(PARTNER_PROFILE_STATUSES),
+var PartnerProfileSchema = z15.object({
+  partnerAccountId: z15.string().uuid(),
+  kind: z15.enum(PARTNER_KINDS),
+  custodialMode: z15.enum(CUSTODIAL_MODES),
+  displayName: z15.string(),
+  bankCode: z15.string().nullable(),
+  poolAccountNumber: z15.string().nullable(),
+  status: z15.enum(PARTNER_PROFILE_STATUSES),
   metadata: Metadata,
-  createdAtMs: z14.number().int().nonnegative(),
-  updatedAtMs: z14.number().int().nonnegative()
+  createdAtMs: z15.number().int().nonnegative(),
+  updatedAtMs: z15.number().int().nonnegative()
 });
-var UpsertPartnerProfileInputSchema = z14.object({
-  kind: z14.enum(PARTNER_KINDS),
-  custodialMode: z14.enum(CUSTODIAL_MODES),
-  displayName: z14.string().trim().min(1).max(200),
-  bankCode: z14.string().trim().min(1).max(64).optional(),
-  poolAccountNumber: z14.string().trim().min(1).max(64).optional(),
+var UpsertPartnerProfileInputSchema = z15.object({
+  kind: z15.enum(PARTNER_KINDS),
+  custodialMode: z15.enum(CUSTODIAL_MODES),
+  displayName: z15.string().trim().min(1).max(200),
+  bankCode: z15.string().trim().min(1).max(64).optional(),
+  poolAccountNumber: z15.string().trim().min(1).max(64).optional(),
   metadata: Metadata.optional()
 });
-var PartnerFundingEventInputSchema = z14.object({
-  externalRef: z14.string().trim().min(8).max(128),
-  direction: z14.enum(PARTNER_FUNDING_DIRECTIONS).optional(),
-  userId: z14.string().uuid().optional(),
-  accountId: z14.string().uuid().optional(),
+var PartnerFundingEventInputSchema = z15.object({
+  externalRef: z15.string().trim().min(8).max(128),
+  direction: z15.enum(PARTNER_FUNDING_DIRECTIONS).optional(),
+  userId: z15.string().uuid().optional(),
+  accountId: z15.string().uuid().optional(),
   amountMinor: PositiveMinor,
   currency: Currency,
-  fundingSource: z14.string().trim().min(1).max(64).optional(),
+  fundingSource: z15.string().trim().min(1).max(64).optional(),
   providerMetadata: Metadata.optional()
 });
-var PartnerFundingSchema = z14.object({
-  fundingId: z14.string().uuid(),
-  partnerId: z14.string().uuid(),
-  accountId: z14.string().uuid(),
-  userId: z14.string().uuid().nullable(),
-  direction: z14.enum(PARTNER_FUNDING_DIRECTIONS),
-  currency: z14.string(),
+var PartnerFundingSchema = z15.object({
+  fundingId: z15.string().uuid(),
+  partnerId: z15.string().uuid(),
+  accountId: z15.string().uuid(),
+  userId: z15.string().uuid().nullable(),
+  direction: z15.enum(PARTNER_FUNDING_DIRECTIONS),
+  currency: z15.string(),
   amountMinor: MinorString,
-  externalRef: z14.string(),
-  status: z14.enum(PARTNER_FUNDING_STATUSES),
-  fundingSource: z14.string(),
-  ledgerRef: z14.string(),
+  externalRef: z15.string(),
+  status: z15.enum(PARTNER_FUNDING_STATUSES),
+  fundingSource: z15.string(),
+  ledgerRef: z15.string(),
   providerMetadata: Metadata,
-  createdAtMs: z14.number().int().nonnegative(),
-  updatedAtMs: z14.number().int().nonnegative()
+  createdAtMs: z15.number().int().nonnegative(),
+  updatedAtMs: z15.number().int().nonnegative()
 });
-var IngestFundingResultSchema = z14.object({
+var IngestFundingResultSchema = z15.object({
   funding: PartnerFundingSchema,
-  replayed: z14.boolean()
+  replayed: z15.boolean()
 });
-var PayoutDestinationSchema = z14.object({
-  destinationId: z14.string().uuid(),
-  accountId: z14.string().uuid(),
-  partnerId: z14.string().uuid(),
-  bankCode: z14.string(),
-  accountNumber: z14.string(),
-  accountName: z14.string(),
-  status: z14.enum(PAYOUT_DESTINATION_STATUSES),
-  verifiedAtMs: z14.number().int().nonnegative().nullable(),
+var PayoutDestinationSchema = z15.object({
+  destinationId: z15.string().uuid(),
+  accountId: z15.string().uuid(),
+  partnerId: z15.string().uuid(),
+  bankCode: z15.string(),
+  accountNumber: z15.string(),
+  accountName: z15.string(),
+  status: z15.enum(PAYOUT_DESTINATION_STATUSES),
+  verifiedAtMs: z15.number().int().nonnegative().nullable(),
   metadata: Metadata,
-  createdAtMs: z14.number().int().nonnegative(),
-  updatedAtMs: z14.number().int().nonnegative()
+  createdAtMs: z15.number().int().nonnegative(),
+  updatedAtMs: z15.number().int().nonnegative()
 });
-var CreatePayoutDestinationInputSchema = z14.object({
-  partnerId: z14.string().uuid(),
-  bankCode: z14.string().trim().min(1).max(32),
-  accountNumber: z14.string().trim().min(4).max(64),
-  accountName: z14.string().trim().min(1).max(200),
+var CreatePayoutDestinationInputSchema = z15.object({
+  partnerId: z15.string().uuid(),
+  bankCode: z15.string().trim().min(1).max(32),
+  accountNumber: z15.string().trim().min(4).max(64),
+  accountName: z15.string().trim().min(1).max(200),
   metadata: Metadata.optional()
 });
-var ListPayoutDestinationsResultSchema = z14.object({
-  items: z14.array(PayoutDestinationSchema)
+var ListPayoutDestinationsResultSchema = z15.object({
+  items: z15.array(PayoutDestinationSchema)
 });
-var WithdrawalSchema = z14.object({
-  withdrawalId: z14.string().uuid(),
-  accountId: z14.string().uuid(),
-  userId: z14.string().uuid(),
-  partnerId: z14.string().uuid(),
-  destinationId: z14.string().uuid(),
-  currency: z14.string(),
+var WithdrawalSchema = z15.object({
+  withdrawalId: z15.string().uuid(),
+  accountId: z15.string().uuid(),
+  userId: z15.string().uuid(),
+  partnerId: z15.string().uuid(),
+  destinationId: z15.string().uuid(),
+  currency: z15.string(),
   amountMinor: MinorString,
-  state: z14.enum(WITHDRAWAL_STATES),
-  idempotencyKey: z14.string(),
-  providerRef: z14.string().nullable(),
-  lastError: z14.string().nullable(),
-  ledgerRef: z14.string(),
-  reverseLedgerRef: z14.string().nullable(),
+  state: z15.enum(WITHDRAWAL_STATES),
+  idempotencyKey: z15.string(),
+  providerRef: z15.string().nullable(),
+  lastError: z15.string().nullable(),
+  ledgerRef: z15.string(),
+  reverseLedgerRef: z15.string().nullable(),
   metadata: Metadata,
-  createdAtMs: z14.number().int().nonnegative(),
-  updatedAtMs: z14.number().int().nonnegative()
+  createdAtMs: z15.number().int().nonnegative(),
+  updatedAtMs: z15.number().int().nonnegative()
 });
-var CreateWithdrawalInputSchema = z14.object({
-  destinationId: z14.string().uuid(),
+var CreateWithdrawalInputSchema = z15.object({
+  destinationId: z15.string().uuid(),
   amountMinor: PositiveMinor,
   currency: Currency,
-  idempotencyKey: z14.string().trim().min(8).max(128),
+  idempotencyKey: z15.string().trim().min(8).max(128),
   metadata: Metadata.optional()
 });
-var CreateWithdrawalResultSchema = z14.object({
+var CreateWithdrawalResultSchema = z15.object({
   withdrawal: WithdrawalSchema,
-  replayed: z14.boolean()
+  replayed: z15.boolean()
 });
-var PayoutEventInputSchema = z14.object({
-  externalRef: z14.string().trim().min(8).max(128),
-  withdrawalId: z14.string().uuid().optional(),
-  state: z14.enum(["submitted", "processing", "paid", "failed"]),
-  providerRef: z14.string().trim().min(1).max(128).optional(),
-  failureCode: z14.string().trim().max(64).optional(),
-  failureMessage: z14.string().trim().max(512).optional(),
+var PayoutEventInputSchema = z15.object({
+  externalRef: z15.string().trim().min(8).max(128),
+  withdrawalId: z15.string().uuid().optional(),
+  state: z15.enum(["submitted", "processing", "paid", "failed"]),
+  providerRef: z15.string().trim().min(1).max(128).optional(),
+  failureCode: z15.string().trim().max(64).optional(),
+  failureMessage: z15.string().trim().max(512).optional(),
   providerMetadata: Metadata.optional()
 });
-var RecordPayoutEventResultSchema = z14.object({
+var RecordPayoutEventResultSchema = z15.object({
   withdrawal: WithdrawalSchema,
-  replayed: z14.boolean()
+  replayed: z15.boolean()
 });
-var ReconciliationReportSchema = z14.object({
-  partnerId: z14.string().uuid(),
-  currency: z14.string(),
-  fromMs: z14.number().int().nonnegative(),
-  toMs: z14.number().int().nonnegative(),
+var ReconciliationReportSchema = z15.object({
+  partnerId: z15.string().uuid(),
+  currency: z15.string(),
+  fromMs: z15.number().int().nonnegative(),
+  toMs: z15.number().int().nonnegative(),
   fundingsCreditMinor: MinorString,
   fundingsDebitMinor: MinorString,
   withdrawalsPaidMinor: MinorString,
@@ -3653,7 +3978,7 @@ var ReconciliationReportSchema = z14.object({
   expectedReserveBalanceMinor: MinorString,
   actualReserveBalanceMinor: MinorString,
   imbalanceMinor: MinorString,
-  generatedAtMs: z14.number().int().nonnegative()
+  generatedAtMs: z15.number().int().nonnegative()
 });
 function createPartnerFundingClient(partner) {
   return {
@@ -3805,19 +4130,19 @@ function createPartnerProfileAdminClient(opts) {
 }
 
 // src/artifacts/envelope.ts
-import { z as z15 } from "zod";
+import { z as z16 } from "zod";
 var FLUR_ARTIFACT_URI_SCHEME = "flur";
 var FLUR_ARTIFACT_VERSION = 1;
 var FLUR_ARTIFACT_URI_PREFIX = `${FLUR_ARTIFACT_URI_SCHEME}://v${FLUR_ARTIFACT_VERSION}/`;
 var ArtifactTypeRe = /^[a-z][a-z0-9_]{1,63}$/;
-var ArtifactHeaderSchema = z15.object({
-  v: z15.literal(FLUR_ARTIFACT_VERSION),
-  t: z15.string().regex(ArtifactTypeRe, "invalid artifact type"),
-  iss: z15.string().min(1).max(128),
-  kid: z15.string().min(1).max(128),
-  iat: z15.number().int().nonnegative(),
-  exp: z15.number().int().positive().optional(),
-  nonce: z15.string().min(8).max(64).regex(/^[A-Za-z0-9_-]+$/, "nonce must be url-safe")
+var ArtifactHeaderSchema = z16.object({
+  v: z16.literal(FLUR_ARTIFACT_VERSION),
+  t: z16.string().regex(ArtifactTypeRe, "invalid artifact type"),
+  iss: z16.string().min(1).max(128),
+  kid: z16.string().min(1).max(128),
+  iat: z16.number().int().nonnegative(),
+  exp: z16.number().int().positive().optional(),
+  nonce: z16.string().min(8).max(64).regex(/^[A-Za-z0-9_-]+$/, "nonce must be url-safe")
 });
 var FlurArtifactError = class extends Error {
   constructor(message, code) {
@@ -3956,7 +4281,7 @@ function verifyArtifactSignature(decoded, publicKeySpkiB64, options = {}) {
 }
 
 // src/artifacts/types.ts
-import { z as z16 } from "zod";
+import { z as z17 } from "zod";
 var ARTIFACT_TYPES = {
   OFFLINE_PAYMENT_AUTHORIZATION: "offline_payment_authorization",
   RECEIPT: "receipt",
@@ -3971,32 +4296,32 @@ var ARTIFACT_TYPES = {
   PASS: "pass",
   IDENTITY: "identity"
 };
-var HexString = (length) => z16.string().regex(
+var HexString = (length) => z17.string().regex(
   new RegExp(`^[0-9a-fA-F]{${length * 2}}$`),
   `expected ${length}-byte hex string`
 );
-var OfflinePaymentAuthorizationArtifactSchema = z16.object({
+var OfflinePaymentAuthorizationArtifactSchema = z17.object({
   authorization: OfflinePaymentAuthorizationSchema
 });
-var ReceiptArtifactSchema = z16.object({
-  receiptId: z16.string().min(1).max(64),
-  paymentReference: z16.string().min(1).max(64),
-  payerUserId: z16.string().min(1).max(64).optional(),
-  payeeUserId: z16.string().min(1).max(64),
-  amountKobo: z16.number().int().positive(),
-  currency: z16.literal("NGN"),
-  channel: z16.enum(["online", "offline_reconciled", "pay_link", "nqr"]),
-  settledAtMs: z16.number().int().positive(),
-  ledgerTxnId: z16.string().min(1).max(64).optional(),
-  memo: z16.string().max(140).optional(),
+var ReceiptArtifactSchema = z17.object({
+  receiptId: z17.string().min(1).max(64),
+  paymentReference: z17.string().min(1).max(64),
+  payerUserId: z17.string().min(1).max(64).optional(),
+  payeeUserId: z17.string().min(1).max(64),
+  amountKobo: z17.number().int().positive(),
+  currency: z17.literal("NGN"),
+  channel: z17.enum(["online", "offline_reconciled", "pay_link", "nqr"]),
+  settledAtMs: z17.number().int().positive(),
+  ledgerTxnId: z17.string().min(1).max(64).optional(),
+  memo: z17.string().max(140).optional(),
   hashChainPrev: HexString(32).optional()
 });
-var ShortId = z16.string().min(1).max(64);
-var PositiveInt = z16.number().int().positive();
-var NonNegativeInt = z16.number().int().nonnegative();
-var Currency2 = z16.literal("NGN");
-var Memo = z16.string().max(140);
-var NqrPaymentRequestArtifactSchema = z16.object({
+var ShortId = z17.string().min(1).max(64);
+var PositiveInt = z17.number().int().positive();
+var NonNegativeInt = z17.number().int().nonnegative();
+var Currency2 = z17.literal("NGN");
+var Memo = z17.string().max(140);
+var NqrPaymentRequestArtifactSchema = z17.object({
   requestId: ShortId,
   payeeUserId: ShortId,
   amountKobo: PositiveInt.optional(),
@@ -4004,7 +4329,7 @@ var NqrPaymentRequestArtifactSchema = z16.object({
   memo: Memo.optional(),
   expiresAtMs: PositiveInt.optional()
 });
-var PaymentIntentArtifactSchema = z16.object({
+var PaymentIntentArtifactSchema = z17.object({
   intentId: ShortId,
   payerUserId: ShortId,
   payeeUserId: ShortId,
@@ -4013,7 +4338,7 @@ var PaymentIntentArtifactSchema = z16.object({
   idempotencyKey: ShortId,
   createdAtMs: PositiveInt
 });
-var OfflineClaimArtifactSchema = z16.object({
+var OfflineClaimArtifactSchema = z17.object({
   claimId: ShortId,
   authorizationId: ShortId,
   payeeUserId: ShortId,
@@ -4022,10 +4347,10 @@ var OfflineClaimArtifactSchema = z16.object({
   claimedAtMs: PositiveInt,
   paymentReference: ShortId.optional()
 });
-var SettlementRecordArtifactSchema = z16.object({
+var SettlementRecordArtifactSchema = z17.object({
   settlementId: ShortId,
   ledgerTxnId: ShortId,
-  sourceRefType: z16.enum([
+  sourceRefType: z17.enum([
     "offline_authorization",
     "offline_claim",
     "transfer",
@@ -4036,12 +4361,12 @@ var SettlementRecordArtifactSchema = z16.object({
   currency: Currency2,
   settledAtMs: PositiveInt
 });
-var ReversalRecordArtifactSchema = z16.object({
+var ReversalRecordArtifactSchema = z17.object({
   reversalId: ShortId,
   originalTxnId: ShortId,
   amountKobo: PositiveInt,
   currency: Currency2,
-  reason: z16.enum([
+  reason: z17.enum([
     "user_dispute",
     "fraud",
     "duplicate",
@@ -4051,7 +4376,7 @@ var ReversalRecordArtifactSchema = z16.object({
   reversedAtMs: PositiveInt,
   memo: Memo.optional()
 });
-var LedgerJournalEntryArtifactSchema = z16.object({
+var LedgerJournalEntryArtifactSchema = z17.object({
   entryId: ShortId,
   journalId: ShortId,
   debitAccountId: ShortId,
@@ -4062,13 +4387,13 @@ var LedgerJournalEntryArtifactSchema = z16.object({
   refType: ShortId.optional(),
   refId: ShortId.optional()
 });
-var StatementArtifactSchema = z16.object({
+var StatementArtifactSchema = z17.object({
   statementId: ShortId,
   userId: ShortId,
   periodStartMs: PositiveInt,
   periodEndMs: PositiveInt,
-  openingBalanceKobo: z16.number().int(),
-  closingBalanceKobo: z16.number().int(),
+  openingBalanceKobo: z17.number().int(),
+  closingBalanceKobo: z17.number().int(),
   transactionCount: NonNegativeInt,
   currency: Currency2,
   hashChainPrev: HexString(32).optional()
@@ -4076,16 +4401,16 @@ var StatementArtifactSchema = z16.object({
   message: "periodEndMs must be greater than periodStartMs",
   path: ["periodEndMs"]
 });
-var PassArtifactSchema = z16.object({
+var PassArtifactSchema = z17.object({
   passId: ShortId,
   holderId: ShortId,
-  category: z16.enum(["membership", "ticket", "loyalty", "access", "voucher"]),
-  title: z16.string().min(1).max(120),
+  category: z17.enum(["membership", "ticket", "loyalty", "access", "voucher"]),
+  title: z17.string().min(1).max(120),
   validFromMs: PositiveInt,
   validUntilMs: PositiveInt.optional(),
-  metadata: z16.record(
-    z16.string().min(1).max(64),
-    z16.union([z16.string().max(280), z16.number(), z16.boolean()])
+  metadata: z17.record(
+    z17.string().min(1).max(64),
+    z17.union([z17.string().max(280), z17.number(), z17.boolean()])
   ).optional()
 }).refine(
   (v) => v.validUntilMs === void 0 || v.validUntilMs > v.validFromMs,
@@ -4094,10 +4419,10 @@ var PassArtifactSchema = z16.object({
     path: ["validUntilMs"]
   }
 );
-var IdentityArtifactSchema = z16.object({
+var IdentityArtifactSchema = z17.object({
   attestationId: ShortId,
   subjectId: ShortId,
-  claimType: z16.enum([
+  claimType: z17.enum([
     "phone_verified",
     "email_verified",
     "bvn_verified",
@@ -4217,6 +4542,7 @@ function createOfflinePaymentAuthorizationArtifactUri(input) {
   });
 }
 export {
+  ACCOUNT_FUNDED_OAC_MAX_TTL_MS,
   ACCOUNT_STATUSES,
   ACCOUNT_TYPES,
   ADDITIONAL_DATA_SUBFIELD,
@@ -4230,6 +4556,10 @@ export {
   CLAIM_DOMAIN_V2,
   COLLECTION_INTENT_STATUSES,
   COLLECTION_PAYMENT_STATUSES,
+  CONSUMER_OFFLINE_CLAIM_SUBMIT_GRACE_MS,
+  CONSUMER_PAYMENT_REQUEST_DOMAIN,
+  CONSUMER_SETTLEMENT_DOMAIN,
+  CONSUMER_SETTLEMENT_RECEIPT_QR_PREFIX,
   CUSTODIAL_MODES,
   CollectionIntentSchema,
   CollectionPaymentResultSchema,
@@ -4239,6 +4569,7 @@ export {
   OACRecordSchema as ConsumerOACRecordSchema,
   ConsumerOACSchema,
   ConsumerPaymentClaimSchema,
+  ConsumerPaymentRequestEnvelopeSchema,
   ConsumerSettleResultSchema,
   ConsumerSettlementSchema,
   CreateCollectionIntentInputSchema,
@@ -4248,10 +4579,6 @@ export {
   CreateWithdrawalResultSchema,
   DeviceKeyAlgSchema,
   DeviceKeyRecordSchema,
-  DisableOfflineInputSchema,
-  DisableOfflineResultSchema,
-  EnableOfflineInputSchema,
-  EnableOfflineResultSchema,
   FIELD,
   FLUR_ARTIFACT_URI_PREFIX,
   FLUR_ARTIFACT_URI_SCHEME,
@@ -4267,7 +4594,6 @@ export {
   IdentityArtifactSchema,
   IngestFundingResultSchema,
   IssueAccountOacInputSchema,
-  IssueOACInputSchema,
   LedgerJournalEntryArtifactSchema,
   ListPayoutDestinationsResultSchema,
   MEMBERSHIP_ROLES,
@@ -4285,12 +4611,16 @@ export {
   OAC_DEFAULT_PER_TX_KOBO,
   OAC_DEFAULT_VALIDITY_MS,
   OFFLINE_CLAIM_SMS_PREFIX,
+  OFFLINE_SMS_SETTLE_DOMAIN,
+  OFFLINE_SMS_SETTLE_HEADER_BYTES,
+  OFFLINE_SMS_SETTLE_PREFIX,
+  OFFLINE_SMS_SETTLE_SIGNATURE_BYTES,
+  OFFLINE_SMS_SETTLE_TOKEN_BYTES,
+  OFFLINE_SMS_SETTLE_VERSION,
   OfflineClaimArtifactSchema,
-  OfflineHoldRecordSchema,
   OfflinePaymentAuthorizationArtifactSchema,
   OfflinePaymentAuthorizationSchema,
   OfflinePaymentRequestSchema,
-  OfflineStateResultSchema,
   OfflineStatusResultSchema,
   OfflineTokenSchema,
   P256EnrollmentChallengeInputSchema,
@@ -4318,8 +4648,6 @@ export {
   PayoutEventInputSchema,
   ProviderEventInputSchema,
   ProviderEventRecordSchema,
-  ProvisionOfflineAllowanceInputSchema,
-  ProvisionOfflineAllowanceResultSchema,
   PublicCollectionIntentSchema,
   RECEIPT_CHANNELS,
   RECEIPT_KINDS,
@@ -4330,7 +4658,6 @@ export {
   ReconciliationReportSchema,
   RecordPayoutEventResultSchema,
   RedemptionSchema,
-  RegisterDeviceKeyInputSchema,
   RegisterDeviceKeyP256InputSchema,
   ReversalRecordArtifactSchema,
   RevokeDeviceKeyInputSchema,
@@ -4349,18 +4676,25 @@ export {
   bodySha256Hex,
   buildArtifactBody,
   buildAuthorization,
+  buildConsumerPaymentRequest,
   buildOAC,
   buildPass,
   buildPaymentRequest,
   buildReceipt,
   buildRedemption,
+  buildSmsSettleHeader,
+  domainTag as buildSmsSettleSignedBytes,
   canonicalClaimSigningBytes,
   canonicalClaimSigningPayload,
   canonicalJSONBytes,
   canonicalJSONStringify,
   canonicalRequestString,
+  computeConsumerClaimEncounterId,
   computeEncounterId,
   constantTimeEqual,
+  consumerPaymentRequestSigningBytes,
+  consumerPaymentRequestSigningPayload,
+  consumerSettlementSigningPayload,
   crc16ccitt,
   crc16ccittHex,
   createAccountsClient,
@@ -4384,19 +4718,27 @@ export {
   decodeArtifactUri,
   decodeAuthorizationQR,
   decodeBase45,
+  decodeConsumerSettlementReceiptQR,
   decodeOfflineClaimSmsMessage,
+  decodeOfflineSmsSettleToken,
   decodePaymentRequestQR,
+  decodeUnverifiedConsumerSettlementReceiptQR,
+  derToRawP256Signature,
   encodeArtifactUri,
   encodeAuthorizationQR,
   encodeBase45,
+  encodeConsumerSettlementReceiptQR,
   encodeNQR,
   encodeOfflineClaimSmsMessage,
+  encodeOfflineSmsSettleToken,
   encodePaymentRequestQR,
   extractOfflineClaimSmsToken,
+  extractOfflineSmsSettleToken,
   formatAmount,
   generateDynamicQR,
   generateStaticQR,
   init,
+  isConsumerPaymentRequestExpired,
   isHardenedArtifactType,
   isKnownArtifactType,
   isPassWithinValidity,
@@ -4409,6 +4751,7 @@ export {
   routingHint,
   signArtifact,
   signAuthorization,
+  signConsumerPaymentRequest,
   signOAC,
   signPartnerRequest,
   signPass,
@@ -4420,7 +4763,11 @@ export {
   verifyArtifactUri,
   verifyAuthorization,
   verifyClaimSignature,
+  verifyConsumerPaymentRequest,
+  verifyConsumerSettlement,
+  verifyConsumerSettlementReceiptQR,
   verifyOAC,
+  verifyOfflineSmsSettleToken,
   verifyPass,
   verifyPaymentRequest,
   verifyReceipt,