@nokinc-flur/sdk 2.0.0 → 2.1.0

package/dist/index.cjs

@@ -1,7 +1,9 @@
 "use strict";
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -15,6 +17,14 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/index.ts
@@ -35,6 +45,9 @@ __export(index_exports, {
   COLLECTION_INTENT_STATUSES: () => COLLECTION_INTENT_STATUSES,
   COLLECTION_PAYMENT_STATUSES: () => COLLECTION_PAYMENT_STATUSES,
   CONSUMER_OFFLINE_CLAIM_SUBMIT_GRACE_MS: () => CONSUMER_OFFLINE_CLAIM_SUBMIT_GRACE_MS,
+  CONSUMER_PAYMENT_REQUEST_DOMAIN: () => CONSUMER_PAYMENT_REQUEST_DOMAIN,
+  CONSUMER_SETTLEMENT_DOMAIN: () => CONSUMER_SETTLEMENT_DOMAIN,
+  CONSUMER_SETTLEMENT_RECEIPT_QR_PREFIX: () => CONSUMER_SETTLEMENT_RECEIPT_QR_PREFIX,
   CUSTODIAL_MODES: () => CUSTODIAL_MODES,
   CollectionIntentSchema: () => CollectionIntentSchema,
   CollectionPaymentResultSchema: () => CollectionPaymentResultSchema,
@@ -44,6 +57,7 @@ __export(index_exports, {
   ConsumerOACRecordSchema: () => OACRecordSchema,
   ConsumerOACSchema: () => ConsumerOACSchema,
   ConsumerPaymentClaimSchema: () => ConsumerPaymentClaimSchema,
+  ConsumerPaymentRequestEnvelopeSchema: () => ConsumerPaymentRequestEnvelopeSchema,
   ConsumerSettleResultSchema: () => ConsumerSettleResultSchema,
   ConsumerSettlementSchema: () => ConsumerSettlementSchema,
   CreateCollectionIntentInputSchema: () => CreateCollectionIntentInputSchema,
@@ -85,6 +99,12 @@ __export(index_exports, {
   OAC_DEFAULT_PER_TX_KOBO: () => OAC_DEFAULT_PER_TX_KOBO,
   OAC_DEFAULT_VALIDITY_MS: () => OAC_DEFAULT_VALIDITY_MS,
   OFFLINE_CLAIM_SMS_PREFIX: () => OFFLINE_CLAIM_SMS_PREFIX,
+  OFFLINE_SMS_SETTLE_DOMAIN: () => OFFLINE_SMS_SETTLE_DOMAIN,
+  OFFLINE_SMS_SETTLE_HEADER_BYTES: () => OFFLINE_SMS_SETTLE_HEADER_BYTES,
+  OFFLINE_SMS_SETTLE_PREFIX: () => OFFLINE_SMS_SETTLE_PREFIX,
+  OFFLINE_SMS_SETTLE_SIGNATURE_BYTES: () => OFFLINE_SMS_SETTLE_SIGNATURE_BYTES,
+  OFFLINE_SMS_SETTLE_TOKEN_BYTES: () => OFFLINE_SMS_SETTLE_TOKEN_BYTES,
+  OFFLINE_SMS_SETTLE_VERSION: () => OFFLINE_SMS_SETTLE_VERSION,
   OfflineClaimArtifactSchema: () => OfflineClaimArtifactSchema,
   OfflinePaymentAuthorizationArtifactSchema: () => OfflinePaymentAuthorizationArtifactSchema,
   OfflinePaymentAuthorizationSchema: () => OfflinePaymentAuthorizationSchema,
@@ -144,18 +164,25 @@ __export(index_exports, {
   bodySha256Hex: () => bodySha256Hex,
   buildArtifactBody: () => buildArtifactBody,
   buildAuthorization: () => buildAuthorization,
+  buildConsumerPaymentRequest: () => buildConsumerPaymentRequest,
   buildOAC: () => buildOAC,
   buildPass: () => buildPass,
   buildPaymentRequest: () => buildPaymentRequest,
   buildReceipt: () => buildReceipt,
   buildRedemption: () => buildRedemption,
+  buildSmsSettleHeader: () => buildSmsSettleHeader,
+  buildSmsSettleSignedBytes: () => domainTag,
   canonicalClaimSigningBytes: () => canonicalClaimSigningBytes,
   canonicalClaimSigningPayload: () => canonicalClaimSigningPayload,
   canonicalJSONBytes: () => canonicalJSONBytes,
   canonicalJSONStringify: () => canonicalJSONStringify,
   canonicalRequestString: () => canonicalRequestString,
+  computeConsumerClaimEncounterId: () => computeConsumerClaimEncounterId,
   computeEncounterId: () => computeEncounterId,
   constantTimeEqual: () => constantTimeEqual,
+  consumerPaymentRequestSigningBytes: () => consumerPaymentRequestSigningBytes,
+  consumerPaymentRequestSigningPayload: () => consumerPaymentRequestSigningPayload,
+  consumerSettlementSigningPayload: () => consumerSettlementSigningPayload,
   crc16ccitt: () => crc16ccitt,
   crc16ccittHex: () => crc16ccittHex,
   createAccountsClient: () => createAccountsClient,
@@ -179,19 +206,27 @@ __export(index_exports, {
   decodeArtifactUri: () => decodeArtifactUri,
   decodeAuthorizationQR: () => decodeAuthorizationQR,
   decodeBase45: () => decodeBase45,
+  decodeConsumerSettlementReceiptQR: () => decodeConsumerSettlementReceiptQR,
   decodeOfflineClaimSmsMessage: () => decodeOfflineClaimSmsMessage,
+  decodeOfflineSmsSettleToken: () => decodeOfflineSmsSettleToken,
   decodePaymentRequestQR: () => decodePaymentRequestQR,
+  decodeUnverifiedConsumerSettlementReceiptQR: () => decodeUnverifiedConsumerSettlementReceiptQR,
+  derToRawP256Signature: () => derToRawP256Signature,
   encodeArtifactUri: () => encodeArtifactUri,
   encodeAuthorizationQR: () => encodeAuthorizationQR,
   encodeBase45: () => encodeBase45,
+  encodeConsumerSettlementReceiptQR: () => encodeConsumerSettlementReceiptQR,
   encodeNQR: () => encodeNQR,
   encodeOfflineClaimSmsMessage: () => encodeOfflineClaimSmsMessage,
+  encodeOfflineSmsSettleToken: () => encodeOfflineSmsSettleToken,
   encodePaymentRequestQR: () => encodePaymentRequestQR,
   extractOfflineClaimSmsToken: () => extractOfflineClaimSmsToken,
+  extractOfflineSmsSettleToken: () => extractOfflineSmsSettleToken,
   formatAmount: () => formatAmount,
   generateDynamicQR: () => generateDynamicQR,
   generateStaticQR: () => generateStaticQR,
   init: () => init,
+  isConsumerPaymentRequestExpired: () => isConsumerPaymentRequestExpired,
   isHardenedArtifactType: () => isHardenedArtifactType,
   isKnownArtifactType: () => isKnownArtifactType,
   isPassWithinValidity: () => isPassWithinValidity,
@@ -204,6 +239,7 @@ __export(index_exports, {
   routingHint: () => routingHint,
   signArtifact: () => signArtifact,
   signAuthorization: () => signAuthorization,
+  signConsumerPaymentRequest: () => signConsumerPaymentRequest,
   signOAC: () => signOAC,
   signPartnerRequest: () => signPartnerRequest,
   signPass: () => signPass,
@@ -215,7 +251,11 @@ __export(index_exports, {
   verifyArtifactUri: () => verifyArtifactUri,
   verifyAuthorization: () => verifyAuthorization,
   verifyClaimSignature: () => verifyClaimSignature,
+  verifyConsumerPaymentRequest: () => verifyConsumerPaymentRequest,
+  verifyConsumerSettlement: () => verifyConsumerSettlement,
+  verifyConsumerSettlementReceiptQR: () => verifyConsumerSettlementReceiptQR,
   verifyOAC: () => verifyOAC,
+  verifyOfflineSmsSettleToken: () => verifyOfflineSmsSettleToken,
   verifyPass: () => verifyPass,
   verifyPaymentRequest: () => verifyPaymentRequest,
   verifyReceipt: () => verifyReceipt,
@@ -3185,6 +3225,9 @@ function createAccountsClient(opts) {
 var import_zod13 = require("zod");
 var Sha256Hex = import_zod13.z.string().regex(/^[0-9a-f]{64}$/);
 var Base64Std3 = import_zod13.z.string().regex(/^[A-Za-z0-9+/]+={0,2}$/);
+var ClaimNonce = import_zod13.z.string().min(8).max(128).refine((value) => !value.includes("|"), {
+  message: "nonce must not contain |"
+});
 var ACCOUNT_FUNDED_OAC_MAX_TTL_MS = 1e3 * 60 * 60 * 24 * 7;
 var CONSUMER_OFFLINE_CLAIM_SUBMIT_GRACE_MS = 1e3 * 60 * 60 * 24;
 var AttestationSecurityLevelSchema = import_zod13.z.enum([
@@ -3277,13 +3320,25 @@ var ConsumerPaymentClaimSchema = import_zod13.z.object({
   payerUserId: import_zod13.z.string().uuid(),
   payeeUserId: import_zod13.z.string().uuid(),
   payerDeviceId: import_zod13.z.string().min(1).max(128),
-  payerNonce: import_zod13.z.string().min(8).max(128),
-  payeeNonce: import_zod13.z.string().min(8).max(128),
+  payerNonce: ClaimNonce,
+  payeeNonce: ClaimNonce,
   amountKobo: import_zod13.z.number().int().positive(),
   currency: import_zod13.z.string().length(3).default("NGN"),
   occurredAtMs: import_zod13.z.number().int().nonnegative(),
   completedAtMs: import_zod13.z.number().int().nonnegative().optional(),
   contextId: import_zod13.z.string().max(128).optional(),
+  requestId: import_zod13.z.string().uuid().optional(),
+  requestMode: import_zod13.z.enum(["fixed", "editable"]).optional(),
+  requestTakerUserId: import_zod13.z.string().uuid().optional(),
+  requestAmountKobo: import_zod13.z.number().int().positive().optional(),
+  requestCurrency: import_zod13.z.string().length(3).optional(),
+  requestReference: import_zod13.z.string().max(128).nullable().optional(),
+  requestCreatedAtMs: import_zod13.z.number().int().nonnegative().optional(),
+  requestExpiresAtMs: import_zod13.z.number().int().positive().optional(),
+  requestNonce: import_zod13.z.string().min(8).max(128).optional(),
+  requestTakerDeviceId: import_zod13.z.string().min(1).max(128).nullable().optional(),
+  requestTakerPubkeySpkiB64: Base64Std3.min(64).max(4096).optional(),
+  requestTakerSignatureDerB64: Base64Std3.min(16).max(2048).optional(),
   payerPubkeySpkiB64: Base64Std3.min(64).max(4096),
   payerSignatureDerB64: Base64Std3.min(16).max(2048),
   payeePubkeySpkiB64: Base64Std3.min(64).max(4096).optional(),
@@ -3303,7 +3358,10 @@ var ConsumerSettlementSchema = import_zod13.z.object({
   ledgerRef: import_zod13.z.string().nullable(),
   /** ASN.1 DER ECDSA P-256 issuer signature, base64. */
   issuerSig: Base64Std3.min(16).max(2048),
-  createdAtMs: import_zod13.z.number().int().nonnegative()
+  /** Canonical millisecond timestamp signed into the settlement receipt. */
+  issuedAtMs: import_zod13.z.number().int().nonnegative(),
+  /** Compatibility alias for API consumers that predate issuedAtMs. */
+  createdAtMs: import_zod13.z.number().int().nonnegative().optional()
 });
 var ConsumerSettleResultSchema = import_zod13.z.object({
   settlement: ConsumerSettlementSchema,
@@ -3392,13 +3450,21 @@ function createMeOfflineClient(opts) {
       "/v1/me/offline/claims",
       ConsumerPaymentClaimSchema.parse(claim),
       (raw) => ConsumerSettleResultSchema.parse(raw)
+    ),
+    getSettlement: (idOrKey) => call(
+      "GET",
+      `/v1/me/offline/settlements/${encodeURIComponent(idOrKey)}`,
+      void 0,
+      (raw) => ConsumerSettlementSchema.parse(raw)
     )
   };
 }
 
 // src/me-offline/signer.ts
 var import_nist2 = require("@noble/curves/nist");
+var import_sha2 = require("@noble/hashes/sha2");
 var CLAIM_DOMAIN_V2 = "flur:consumer-offline:v2:claim";
+var ENCOUNTER_DOMAIN2 = "flur:consumer-offline:v1:encounter";
 function canonicalClaimSigningPayload(claim) {
   return {
     domain: CLAIM_DOMAIN_V2,
@@ -3419,6 +3485,27 @@ function canonicalClaimSigningPayload(claim) {
 function canonicalClaimSigningBytes(claim) {
   return canonicalJSONBytes(canonicalClaimSigningPayload(claim));
 }
+function computeConsumerClaimEncounterId(input) {
+  const material = `${ENCOUNTER_DOMAIN2}|${[
+    assertEncounterPart("oacId", input.oacId),
+    assertEncounterPart("payerUserId", input.payerUserId),
+    assertEncounterPart("payeeUserId", input.payeeUserId),
+    assertEncounterPart("payerNonce", input.payerNonce),
+    assertEncounterPart("payeeNonce", input.payeeNonce)
+  ].join("|")}`;
+  return bytesToHex5((0, import_sha2.sha256)(new TextEncoder().encode(material)));
+}
+function assertEncounterPart(field, value) {
+  if (value.includes("|")) {
+    throw new Error(`consumer encounter id ${field} must not contain |`);
+  }
+  return value;
+}
+function bytesToHex5(bytes) {
+  let out = "";
+  for (const byte of bytes) out += byte.toString(16).padStart(2, "0");
+  return out;
+}
 function bytesToBase642(bytes) {
   if (typeof Buffer !== "undefined") {
     return Buffer.from(bytes).toString("base64");
@@ -3514,38 +3601,192 @@ function verifyClaimSignature(input) {
   }
 }
 
-// src/me-offline/sms.ts
-var OFFLINE_CLAIM_SMS_PREFIX = "FLURC1.";
-var TOKEN_RE = /(?:^|\s)(FLURC1\.[A-Za-z0-9_-]+={0,2})(?:\s|$)/;
-function encodeOfflineClaimSmsMessage(claim) {
-  const parsed = ConsumerPaymentClaimSchema.parse(claim);
-  const json = JSON.stringify(parsed);
-  return `${OFFLINE_CLAIM_SMS_PREFIX}${base64UrlEncodeUtf8(json)}`;
+// src/me-offline/request.ts
+var import_zod14 = require("zod");
+var Base64Std4 = import_zod14.z.string().regex(/^[A-Za-z0-9+/]+={0,2}$/);
+var CONSUMER_PAYMENT_REQUEST_DOMAIN = "flur:consumer-offline:v1:request";
+var ConsumerPaymentRequestEnvelopeSchema = import_zod14.z.object({
+  requestId: import_zod14.z.string().uuid(),
+  mode: import_zod14.z.enum(["fixed", "editable"]),
+  takerUserId: import_zod14.z.string().uuid(),
+  amountKobo: import_zod14.z.number().int().positive(),
+  currency: import_zod14.z.string().length(3).default("NGN"),
+  reference: import_zod14.z.string().max(128).nullable().default(null),
+  createdAtMs: import_zod14.z.number().int().nonnegative(),
+  expiresAtMs: import_zod14.z.number().int().positive(),
+  nonce: import_zod14.z.string().min(8).max(128),
+  takerDeviceId: import_zod14.z.string().min(1).max(128).nullable().default(null),
+  takerPubkeySpkiB64: Base64Std4.min(64).max(4096).optional(),
+  takerSignatureDerB64: Base64Std4.min(16).max(2048).optional()
+}).superRefine((value, ctx) => {
+  if (value.expiresAtMs <= value.createdAtMs) {
+    ctx.addIssue({
+      code: import_zod14.z.ZodIssueCode.custom,
+      path: ["expiresAtMs"],
+      message: "expiresAtMs must be greater than createdAtMs"
+    });
+  }
+  const hasSignature = Boolean(
+    value.takerPubkeySpkiB64 || value.takerSignatureDerB64
+  );
+  if (value.mode === "fixed" || hasSignature) {
+    if (!value.takerDeviceId) {
+      ctx.addIssue({
+        code: import_zod14.z.ZodIssueCode.custom,
+        path: ["takerDeviceId"],
+        message: "signed requests require takerDeviceId"
+      });
+    }
+    if (!value.takerPubkeySpkiB64) {
+      ctx.addIssue({
+        code: import_zod14.z.ZodIssueCode.custom,
+        path: ["takerPubkeySpkiB64"],
+        message: "signed requests require takerPubkeySpkiB64"
+      });
+    }
+    if (!value.takerSignatureDerB64) {
+      ctx.addIssue({
+        code: import_zod14.z.ZodIssueCode.custom,
+        path: ["takerSignatureDerB64"],
+        message: "signed requests require takerSignatureDerB64"
+      });
+    }
+  }
+});
+function buildConsumerPaymentRequest(input) {
+  const unsigned = {
+    requestId: input.requestId,
+    mode: input.mode,
+    takerUserId: input.takerUserId,
+    amountKobo: input.amountKobo,
+    currency: input.currency ?? "NGN",
+    reference: input.reference ?? null,
+    createdAtMs: input.createdAtMs,
+    expiresAtMs: input.expiresAtMs,
+    nonce: input.nonce,
+    takerDeviceId: input.takerDeviceId ?? null
+  };
+  if (unsigned.mode === "fixed" && !unsigned.takerDeviceId) {
+    throw new Error("fixed requests require takerDeviceId");
+  }
+  if (unsigned.expiresAtMs <= unsigned.createdAtMs) {
+    throw new Error("expiresAtMs must be greater than createdAtMs");
+  }
+  return unsigned;
 }
-function decodeOfflineClaimSmsMessage(message) {
-  const token = extractOfflineClaimSmsToken(message);
-  if (!token) {
-    throw new Error("offline claim SMS token not found");
+function consumerPaymentRequestSigningPayload(request) {
+  return {
+    domain: CONSUMER_PAYMENT_REQUEST_DOMAIN,
+    version: 1,
+    requestId: request.requestId,
+    mode: request.mode,
+    takerUserId: request.takerUserId,
+    amountKobo: request.amountKobo,
+    currency: request.currency,
+    reference: request.reference ?? null,
+    createdAtMs: request.createdAtMs,
+    expiresAtMs: request.expiresAtMs,
+    nonce: request.nonce,
+    takerDeviceId: request.takerDeviceId ?? null
+  };
+}
+function consumerPaymentRequestSigningBytes(request) {
+  return canonicalJSONBytes(consumerPaymentRequestSigningPayload(request));
+}
+async function signConsumerPaymentRequest(unsigned, signer) {
+  if (signer.alg !== "p256") {
+    throw new Error("consumer payment requests require p256 signer");
   }
-  const encoded = token.slice(OFFLINE_CLAIM_SMS_PREFIX.length);
+  const publicKey = await signer.getPublicKey();
+  if (publicKey.alg !== "p256") {
+    throw new Error("consumer payment requests require p256 public key");
+  }
+  const signature = await signer.sign(
+    consumerPaymentRequestSigningBytes(unsigned)
+  );
+  return ConsumerPaymentRequestEnvelopeSchema.parse({
+    ...unsigned,
+    takerPubkeySpkiB64: publicKey.publicKey,
+    takerSignatureDerB64: signature.signature
+  });
+}
+function verifyConsumerPaymentRequest(request) {
+  const parsed = ConsumerPaymentRequestEnvelopeSchema.safeParse(request);
+  if (!parsed.success) return false;
+  const value = parsed.data;
+  if (!value.takerPubkeySpkiB64 || !value.takerSignatureDerB64) return false;
+  return verifyClaimSignature({
+    alg: "p256",
+    bytes: consumerPaymentRequestSigningBytes(value),
+    signature: value.takerSignatureDerB64,
+    publicKey: value.takerPubkeySpkiB64
+  });
+}
+function isConsumerPaymentRequestExpired(request, nowMs = Date.now()) {
+  const parsed = ConsumerPaymentRequestEnvelopeSchema.parse(request);
+  return parsed.expiresAtMs <= nowMs;
+}
+
+// src/me-offline/settlement.ts
+var CONSUMER_SETTLEMENT_DOMAIN = "flur:consumer-offline:v1:settlement";
+var CONSUMER_SETTLEMENT_RECEIPT_QR_PREFIX = "FLURSR1.";
+function consumerSettlementSigningPayload(settlement) {
+  return {
+    domain: CONSUMER_SETTLEMENT_DOMAIN,
+    settlementId: settlement.settlementId,
+    settlementKey: settlement.settlementKey,
+    encounterId: settlement.encounterId,
+    oacId: settlement.oacId,
+    payerUserId: settlement.payerUserId,
+    payeeUserId: settlement.payeeUserId,
+    amountKobo: settlement.amountKobo,
+    currency: settlement.currency,
+    status: settlement.status,
+    reviewReason: settlement.reviewReason,
+    ledgerRef: settlement.ledgerRef,
+    issuedAtMs: settlement.issuedAtMs
+  };
+}
+function verifyConsumerSettlement(settlement, issuerPublicKeySpkiB64) {
+  const parsed = ConsumerSettlementSchema.safeParse(settlement);
+  if (!parsed.success) return false;
+  return verifyIssuerP256(
+    canonicalJSONBytes(consumerSettlementSigningPayload(parsed.data)),
+    parsed.data.issuerSig,
+    issuerPublicKeySpkiB64
+  );
+}
+function encodeConsumerSettlementReceiptQR(settlement) {
+  const parsed = ConsumerSettlementSchema.parse(settlement);
+  return `${CONSUMER_SETTLEMENT_RECEIPT_QR_PREFIX}${base64UrlEncodeUtf8(
+    JSON.stringify(parsed)
+  )}`;
+}
+function decodeUnverifiedConsumerSettlementReceiptQR(value) {
+  if (!value.startsWith(CONSUMER_SETTLEMENT_RECEIPT_QR_PREFIX)) {
+    throw new Error("not a Flur consumer settlement receipt QR");
+  }
+  const encoded = value.slice(CONSUMER_SETTLEMENT_RECEIPT_QR_PREFIX.length);
   let raw;
   try {
     raw = JSON.parse(base64UrlDecodeUtf8(encoded));
   } catch {
-    throw new Error("offline claim SMS token is malformed");
+    throw new Error("consumer settlement receipt QR is malformed");
   }
-  const parsed = ConsumerPaymentClaimSchema.safeParse(raw);
-  if (!parsed.success) {
-    throw new Error("offline claim SMS token is invalid");
+  return ConsumerSettlementSchema.parse(raw);
+}
+function verifyConsumerSettlementReceiptQR(value, issuerPublicKeySpkiB64) {
+  const settlement = decodeUnverifiedConsumerSettlementReceiptQR(value);
+  if (!verifyConsumerSettlement(settlement, issuerPublicKeySpkiB64)) {
+    throw new Error("consumer settlement receipt QR signature invalid");
   }
-  return parsed.data;
+  return settlement;
 }
-function extractOfflineClaimSmsToken(message) {
-  const trimmed = message.trim();
-  if (trimmed.startsWith(OFFLINE_CLAIM_SMS_PREFIX)) {
-    return trimmed.split(/\s+/, 1)[0] ?? null;
+function decodeConsumerSettlementReceiptQR(value, issuerPublicKeySpkiB64) {
+  if (!issuerPublicKeySpkiB64) {
+    return decodeUnverifiedConsumerSettlementReceiptQR(value);
   }
-  return TOKEN_RE.exec(message)?.[1] ?? null;
+  return verifyConsumerSettlementReceiptQR(value, issuerPublicKeySpkiB64);
 }
 function base64UrlEncodeUtf8(input) {
   const bytes = new TextEncoder().encode(input);
@@ -3575,15 +3816,281 @@ function base64UrlDecodeUtf8(input) {
   throw new Error("base64 decoder unavailable");
 }
 
+// src/me-offline/sms.ts
+var import_nist3 = require("@noble/curves/nist");
+var OFFLINE_CLAIM_SMS_PREFIX = "FLURC1.";
+var CLAIM_TOKEN_RE = /(?:^|\s)(FLURC1\.[A-Za-z0-9_-]+={0,2})(?:\s|$)/;
+function encodeOfflineClaimSmsMessage(claim) {
+  const parsed = ConsumerPaymentClaimSchema.parse(claim);
+  return `${OFFLINE_CLAIM_SMS_PREFIX}${base64UrlEncodeUtf82(
+    JSON.stringify(parsed)
+  )}`;
+}
+function decodeOfflineClaimSmsMessage(message) {
+  const token = extractOfflineClaimSmsToken(message);
+  if (!token) throw new Error("offline claim QR token not found");
+  const encoded = token.slice(OFFLINE_CLAIM_SMS_PREFIX.length);
+  let raw;
+  try {
+    raw = JSON.parse(base64UrlDecodeUtf82(encoded));
+  } catch {
+    throw new Error("offline claim QR token is malformed");
+  }
+  const parsed = ConsumerPaymentClaimSchema.safeParse(raw);
+  if (!parsed.success) throw new Error("offline claim QR token is invalid");
+  return parsed.data;
+}
+function extractOfflineClaimSmsToken(message) {
+  const trimmed = message.trim();
+  if (trimmed.startsWith(OFFLINE_CLAIM_SMS_PREFIX)) {
+    return trimmed.split(/\s+/, 1)[0] ?? null;
+  }
+  return CLAIM_TOKEN_RE.exec(message)?.[1] ?? null;
+}
+var OFFLINE_SMS_SETTLE_PREFIX = "FLURA1.";
+var OFFLINE_SMS_SETTLE_DOMAIN = "flur:consumer-offline:v1:attest";
+var OFFLINE_SMS_SETTLE_TOKEN_BYTES = 112;
+var OFFLINE_SMS_SETTLE_HEADER_BYTES = 48;
+var OFFLINE_SMS_SETTLE_SIGNATURE_BYTES = 64;
+var OFFLINE_SMS_SETTLE_VERSION = 1;
+var TOKEN_RE = /(?:^|[\s,;:()<>"'])(FLURA1\.[A-Za-z0-9_-]{150})/;
+async function encodeOfflineSmsSettleToken(input, signer) {
+  const header = await buildSmsSettleHeader(input);
+  const sig = await signer.signRaw(domainTag(header));
+  if (sig.length !== OFFLINE_SMS_SETTLE_SIGNATURE_BYTES) {
+    throw new Error(
+      `FLURA1: signer returned ${sig.length}-byte sig; expected ${OFFLINE_SMS_SETTLE_SIGNATURE_BYTES}`
+    );
+  }
+  const out = new Uint8Array(OFFLINE_SMS_SETTLE_TOKEN_BYTES);
+  out.set(header, 0);
+  out.set(sig, OFFLINE_SMS_SETTLE_HEADER_BYTES);
+  return `${OFFLINE_SMS_SETTLE_PREFIX}${bytesToBase64Url(out)}`;
+}
+async function buildSmsSettleHeader(input) {
+  assertSafeUint64(input.amountKobo, "amountKobo");
+  if (input.amountKobo <= 0) {
+    throw new Error("FLURA1: amountKobo must be greater than zero");
+  }
+  assertSafeUint48(input.occurredAtMs, "occurredAtMs");
+  const encounterPrefix = (await sha2565(utf8(input.encounterId))).slice(0, 16);
+  const payerPrefix = uuidToBytes(input.payerUserId).slice(0, 8);
+  const payeePrefix = uuidToBytes(input.payeeUserId).slice(0, 8);
+  const header = new Uint8Array(OFFLINE_SMS_SETTLE_HEADER_BYTES);
+  const dv = new DataView(header.buffer);
+  header[0] = OFFLINE_SMS_SETTLE_VERSION;
+  header[1] = 0;
+  header.set(encounterPrefix, 2);
+  header.set(payerPrefix, 18);
+  header.set(payeePrefix, 26);
+  writeUint64BE(dv, 34, input.amountKobo);
+  writeUint48BE(dv, 42, input.occurredAtMs);
+  return header;
+}
+function domainTag(header) {
+  if (header.length !== OFFLINE_SMS_SETTLE_HEADER_BYTES) {
+    throw new Error(
+      `FLURA1: header must be ${OFFLINE_SMS_SETTLE_HEADER_BYTES} bytes`
+    );
+  }
+  const domain = utf8(OFFLINE_SMS_SETTLE_DOMAIN);
+  const out = new Uint8Array(domain.length + header.length);
+  out.set(domain, 0);
+  out.set(header, domain.length);
+  return out;
+}
+function decodeOfflineSmsSettleToken(message) {
+  const token = extractOfflineSmsSettleToken(message);
+  if (!token) throw new Error("FLURA1: token not found");
+  const encoded = token.slice(OFFLINE_SMS_SETTLE_PREFIX.length);
+  let bytes;
+  try {
+    bytes = base64UrlToBytes(encoded);
+  } catch {
+    throw new Error("FLURA1: token base64url is malformed");
+  }
+  if (bytesToBase64Url(bytes) !== encoded) {
+    throw new Error("FLURA1: token base64url is malformed");
+  }
+  if (bytes.length !== OFFLINE_SMS_SETTLE_TOKEN_BYTES) {
+    throw new Error(
+      `FLURA1: expected ${OFFLINE_SMS_SETTLE_TOKEN_BYTES} bytes, got ${bytes.length}`
+    );
+  }
+  const version = bytes[0];
+  const flags = bytes[1];
+  if (version !== OFFLINE_SMS_SETTLE_VERSION) {
+    throw new Error(`FLURA1: unsupported version ${version}`);
+  }
+  if (flags !== 0) {
+    throw new Error(`FLURA1: reserved flags must be 0, got ${flags}`);
+  }
+  const header = bytes.slice(0, OFFLINE_SMS_SETTLE_HEADER_BYTES);
+  const signature = bytes.slice(OFFLINE_SMS_SETTLE_HEADER_BYTES);
+  const dv = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
+  const amountKobo = readUint64BE(dv, 34);
+  if (amountKobo <= 0) {
+    throw new Error("FLURA1: amountKobo must be greater than zero");
+  }
+  return {
+    version,
+    flags,
+    encounterIdPrefixHex: bytesToHex6(bytes.slice(2, 18)),
+    payerUserIdPrefixHex: bytesToHex6(bytes.slice(18, 26)),
+    payeeUserIdPrefixHex: bytesToHex6(bytes.slice(26, 34)),
+    amountKobo,
+    occurredAtMs: readUint48BE(dv, 42),
+    signature,
+    header,
+    signedBytes: domainTag(header)
+  };
+}
+function extractOfflineSmsSettleToken(message) {
+  const trimmed = message.trim();
+  if (trimmed.startsWith(OFFLINE_SMS_SETTLE_PREFIX)) {
+    return trimmed.split(/\s+/, 1)[0] ?? null;
+  }
+  return TOKEN_RE.exec(message)?.[1] ?? null;
+}
+function verifyOfflineSmsSettleToken(decoded, payerPubkeySpkiB64) {
+  try {
+    const pubRaw = p256SpkiB64ToRaw(payerPubkeySpkiB64);
+    return import_nist3.p256.verify(decoded.signature, decoded.signedBytes, pubRaw, {
+      prehash: true,
+      format: "compact"
+    });
+  } catch {
+    return false;
+  }
+}
+function derToRawP256Signature(derBytes) {
+  const sig = import_nist3.p256.Signature.fromBytes(derBytes, "der");
+  const raw = sig.toBytes("compact");
+  if (raw.length !== OFFLINE_SMS_SETTLE_SIGNATURE_BYTES) {
+    throw new Error(
+      `FLURA1: DER\u2192raw produced ${raw.length} bytes; expected ${OFFLINE_SMS_SETTLE_SIGNATURE_BYTES}`
+    );
+  }
+  return raw;
+}
+function utf8(s) {
+  return new TextEncoder().encode(s);
+}
+async function sha2565(bytes) {
+  const subtle = typeof globalThis !== "undefined" && globalThis.crypto?.subtle || void 0;
+  if (subtle) {
+    const digest = await subtle.digest("SHA-256", bytes);
+    return new Uint8Array(digest);
+  }
+  const { sha256: nobleSha256 } = await import("@noble/hashes/sha2");
+  return nobleSha256(bytes);
+}
+function uuidToBytes(uuid) {
+  const hex = uuid.replace(/-/g, "").toLowerCase();
+  if (hex.length !== 32 || !/^[0-9a-f]{32}$/.test(hex)) {
+    throw new Error(`FLURA1: invalid UUID: ${uuid}`);
+  }
+  const out = new Uint8Array(16);
+  for (let i = 0; i < 16; i++) {
+    out[i] = parseInt(hex.substring(i * 2, i * 2 + 2), 16);
+  }
+  return out;
+}
+function assertSafeUint64(value, field) {
+  if (!Number.isInteger(value) || value < 0) {
+    throw new Error(`FLURA1: ${field} must be a non-negative integer`);
+  }
+  if (value > Number.MAX_SAFE_INTEGER) {
+    throw new Error(`FLURA1: ${field} exceeds Number.MAX_SAFE_INTEGER`);
+  }
+}
+function assertSafeUint48(value, field) {
+  assertSafeUint64(value, field);
+  if (value > 281474976710655) {
+    throw new Error(`FLURA1: ${field} exceeds uint48 range`);
+  }
+}
+function writeUint64BE(dv, offset, value) {
+  const high = Math.floor(value / 4294967296);
+  const low = value >>> 0;
+  dv.setUint32(offset, high, false);
+  dv.setUint32(offset + 4, low, false);
+}
+function readUint64BE(dv, offset) {
+  const high = dv.getUint32(offset, false);
+  const low = dv.getUint32(offset + 4, false);
+  if (high > 2097151) {
+    throw new Error("FLURA1: amountKobo exceeds Number.MAX_SAFE_INTEGER");
+  }
+  return high * 4294967296 + low;
+}
+function writeUint48BE(dv, offset, value) {
+  const high = Math.floor(value / 65536);
+  const low = value & 65535;
+  dv.setUint32(offset, high, false);
+  dv.setUint16(offset + 4, low, false);
+}
+function readUint48BE(dv, offset) {
+  const high = dv.getUint32(offset, false);
+  const low = dv.getUint16(offset + 4, false);
+  return high * 65536 + low;
+}
+function bytesToHex6(bytes) {
+  let out = "";
+  for (let i = 0; i < bytes.length; i++) {
+    out += bytes[i].toString(16).padStart(2, "0");
+  }
+  return out;
+}
+function bytesToBase64Url(bytes) {
+  let base64;
+  if (typeof Buffer !== "undefined") {
+    base64 = Buffer.from(bytes).toString("base64");
+  } else {
+    let binary = "";
+    for (let i = 0; i < bytes.length; i++) {
+      binary += String.fromCharCode(bytes[i]);
+    }
+    if (typeof btoa !== "function") {
+      throw new Error("FLURA1: base64 encoder unavailable");
+    }
+    base64 = btoa(binary);
+  }
+  return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/g, "");
+}
+function base64UrlEncodeUtf82(input) {
+  return bytesToBase64Url(utf8(input));
+}
+function base64UrlDecodeUtf82(input) {
+  return new TextDecoder().decode(base64UrlToBytes(input));
+}
+function base64UrlToBytes(input) {
+  const base64 = input.replace(/-/g, "+").replace(/_/g, "/");
+  const padded = base64.padEnd(
+    base64.length + (4 - base64.length % 4) % 4,
+    "="
+  );
+  if (typeof Buffer !== "undefined") {
+    return new Uint8Array(Buffer.from(padded, "base64"));
+  }
+  if (typeof atob !== "function") {
+    throw new Error("FLURA1: base64 decoder unavailable");
+  }
+  const binary = atob(padded);
+  const out = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) out[i] = binary.charCodeAt(i);
+  return out;
+}
+
 // src/partner-funding/client.ts
-var import_zod14 = require("zod");
-var MinorString = import_zod14.z.string().regex(/^-?\d+$/);
-var PositiveMinor = import_zod14.z.union([
-  import_zod14.z.number().int().positive(),
-  import_zod14.z.string().regex(/^[1-9]\d{0,18}$/)
+var import_zod15 = require("zod");
+var MinorString = import_zod15.z.string().regex(/^-?\d+$/);
+var PositiveMinor = import_zod15.z.union([
+  import_zod15.z.number().int().positive(),
+  import_zod15.z.string().regex(/^[1-9]\d{0,18}$/)
 ]);
-var Currency = import_zod14.z.string().trim().length(3).transform((v) => v.toUpperCase());
-var Metadata = import_zod14.z.record(import_zod14.z.unknown());
+var Currency = import_zod15.z.string().trim().length(3).transform((v) => v.toUpperCase());
+var Metadata = import_zod15.z.record(import_zod15.z.unknown());
 var PARTNER_KINDS = ["bank", "merchant"];
 var CUSTODIAL_MODES = ["agent_of_bank", "flur_virtual_pool"];
 var PARTNER_PROFILE_STATUSES = [
@@ -3610,126 +4117,126 @@ var WITHDRAWAL_STATES = [
   "failed",
   "reversed"
 ];
-var PartnerProfileSchema = import_zod14.z.object({
-  partnerAccountId: import_zod14.z.string().uuid(),
-  kind: import_zod14.z.enum(PARTNER_KINDS),
-  custodialMode: import_zod14.z.enum(CUSTODIAL_MODES),
-  displayName: import_zod14.z.string(),
-  bankCode: import_zod14.z.string().nullable(),
-  poolAccountNumber: import_zod14.z.string().nullable(),
-  status: import_zod14.z.enum(PARTNER_PROFILE_STATUSES),
+var PartnerProfileSchema = import_zod15.z.object({
+  partnerAccountId: import_zod15.z.string().uuid(),
+  kind: import_zod15.z.enum(PARTNER_KINDS),
+  custodialMode: import_zod15.z.enum(CUSTODIAL_MODES),
+  displayName: import_zod15.z.string(),
+  bankCode: import_zod15.z.string().nullable(),
+  poolAccountNumber: import_zod15.z.string().nullable(),
+  status: import_zod15.z.enum(PARTNER_PROFILE_STATUSES),
   metadata: Metadata,
-  createdAtMs: import_zod14.z.number().int().nonnegative(),
-  updatedAtMs: import_zod14.z.number().int().nonnegative()
+  createdAtMs: import_zod15.z.number().int().nonnegative(),
+  updatedAtMs: import_zod15.z.number().int().nonnegative()
 });
-var UpsertPartnerProfileInputSchema = import_zod14.z.object({
-  kind: import_zod14.z.enum(PARTNER_KINDS),
-  custodialMode: import_zod14.z.enum(CUSTODIAL_MODES),
-  displayName: import_zod14.z.string().trim().min(1).max(200),
-  bankCode: import_zod14.z.string().trim().min(1).max(64).optional(),
-  poolAccountNumber: import_zod14.z.string().trim().min(1).max(64).optional(),
+var UpsertPartnerProfileInputSchema = import_zod15.z.object({
+  kind: import_zod15.z.enum(PARTNER_KINDS),
+  custodialMode: import_zod15.z.enum(CUSTODIAL_MODES),
+  displayName: import_zod15.z.string().trim().min(1).max(200),
+  bankCode: import_zod15.z.string().trim().min(1).max(64).optional(),
+  poolAccountNumber: import_zod15.z.string().trim().min(1).max(64).optional(),
   metadata: Metadata.optional()
 });
-var PartnerFundingEventInputSchema = import_zod14.z.object({
-  externalRef: import_zod14.z.string().trim().min(8).max(128),
-  direction: import_zod14.z.enum(PARTNER_FUNDING_DIRECTIONS).optional(),
-  userId: import_zod14.z.string().uuid().optional(),
-  accountId: import_zod14.z.string().uuid().optional(),
+var PartnerFundingEventInputSchema = import_zod15.z.object({
+  externalRef: import_zod15.z.string().trim().min(8).max(128),
+  direction: import_zod15.z.enum(PARTNER_FUNDING_DIRECTIONS).optional(),
+  userId: import_zod15.z.string().uuid().optional(),
+  accountId: import_zod15.z.string().uuid().optional(),
   amountMinor: PositiveMinor,
   currency: Currency,
-  fundingSource: import_zod14.z.string().trim().min(1).max(64).optional(),
+  fundingSource: import_zod15.z.string().trim().min(1).max(64).optional(),
   providerMetadata: Metadata.optional()
 });
-var PartnerFundingSchema = import_zod14.z.object({
-  fundingId: import_zod14.z.string().uuid(),
-  partnerId: import_zod14.z.string().uuid(),
-  accountId: import_zod14.z.string().uuid(),
-  userId: import_zod14.z.string().uuid().nullable(),
-  direction: import_zod14.z.enum(PARTNER_FUNDING_DIRECTIONS),
-  currency: import_zod14.z.string(),
+var PartnerFundingSchema = import_zod15.z.object({
+  fundingId: import_zod15.z.string().uuid(),
+  partnerId: import_zod15.z.string().uuid(),
+  accountId: import_zod15.z.string().uuid(),
+  userId: import_zod15.z.string().uuid().nullable(),
+  direction: import_zod15.z.enum(PARTNER_FUNDING_DIRECTIONS),
+  currency: import_zod15.z.string(),
   amountMinor: MinorString,
-  externalRef: import_zod14.z.string(),
-  status: import_zod14.z.enum(PARTNER_FUNDING_STATUSES),
-  fundingSource: import_zod14.z.string(),
-  ledgerRef: import_zod14.z.string(),
+  externalRef: import_zod15.z.string(),
+  status: import_zod15.z.enum(PARTNER_FUNDING_STATUSES),
+  fundingSource: import_zod15.z.string(),
+  ledgerRef: import_zod15.z.string(),
   providerMetadata: Metadata,
-  createdAtMs: import_zod14.z.number().int().nonnegative(),
-  updatedAtMs: import_zod14.z.number().int().nonnegative()
+  createdAtMs: import_zod15.z.number().int().nonnegative(),
+  updatedAtMs: import_zod15.z.number().int().nonnegative()
 });
-var IngestFundingResultSchema = import_zod14.z.object({
+var IngestFundingResultSchema = import_zod15.z.object({
   funding: PartnerFundingSchema,
-  replayed: import_zod14.z.boolean()
+  replayed: import_zod15.z.boolean()
 });
-var PayoutDestinationSchema = import_zod14.z.object({
-  destinationId: import_zod14.z.string().uuid(),
-  accountId: import_zod14.z.string().uuid(),
-  partnerId: import_zod14.z.string().uuid(),
-  bankCode: import_zod14.z.string(),
-  accountNumber: import_zod14.z.string(),
-  accountName: import_zod14.z.string(),
-  status: import_zod14.z.enum(PAYOUT_DESTINATION_STATUSES),
-  verifiedAtMs: import_zod14.z.number().int().nonnegative().nullable(),
+var PayoutDestinationSchema = import_zod15.z.object({
+  destinationId: import_zod15.z.string().uuid(),
+  accountId: import_zod15.z.string().uuid(),
+  partnerId: import_zod15.z.string().uuid(),
+  bankCode: import_zod15.z.string(),
+  accountNumber: import_zod15.z.string(),
+  accountName: import_zod15.z.string(),
+  status: import_zod15.z.enum(PAYOUT_DESTINATION_STATUSES),
+  verifiedAtMs: import_zod15.z.number().int().nonnegative().nullable(),
   metadata: Metadata,
-  createdAtMs: import_zod14.z.number().int().nonnegative(),
-  updatedAtMs: import_zod14.z.number().int().nonnegative()
+  createdAtMs: import_zod15.z.number().int().nonnegative(),
+  updatedAtMs: import_zod15.z.number().int().nonnegative()
 });
-var CreatePayoutDestinationInputSchema = import_zod14.z.object({
-  partnerId: import_zod14.z.string().uuid(),
-  bankCode: import_zod14.z.string().trim().min(1).max(32),
-  accountNumber: import_zod14.z.string().trim().min(4).max(64),
-  accountName: import_zod14.z.string().trim().min(1).max(200),
+var CreatePayoutDestinationInputSchema = import_zod15.z.object({
+  partnerId: import_zod15.z.string().uuid(),
+  bankCode: import_zod15.z.string().trim().min(1).max(32),
+  accountNumber: import_zod15.z.string().trim().min(4).max(64),
+  accountName: import_zod15.z.string().trim().min(1).max(200),
   metadata: Metadata.optional()
 });
-var ListPayoutDestinationsResultSchema = import_zod14.z.object({
-  items: import_zod14.z.array(PayoutDestinationSchema)
+var ListPayoutDestinationsResultSchema = import_zod15.z.object({
+  items: import_zod15.z.array(PayoutDestinationSchema)
 });
-var WithdrawalSchema = import_zod14.z.object({
-  withdrawalId: import_zod14.z.string().uuid(),
-  accountId: import_zod14.z.string().uuid(),
-  userId: import_zod14.z.string().uuid(),
-  partnerId: import_zod14.z.string().uuid(),
-  destinationId: import_zod14.z.string().uuid(),
-  currency: import_zod14.z.string(),
+var WithdrawalSchema = import_zod15.z.object({
+  withdrawalId: import_zod15.z.string().uuid(),
+  accountId: import_zod15.z.string().uuid(),
+  userId: import_zod15.z.string().uuid(),
+  partnerId: import_zod15.z.string().uuid(),
+  destinationId: import_zod15.z.string().uuid(),
+  currency: import_zod15.z.string(),
   amountMinor: MinorString,
-  state: import_zod14.z.enum(WITHDRAWAL_STATES),
-  idempotencyKey: import_zod14.z.string(),
-  providerRef: import_zod14.z.string().nullable(),
-  lastError: import_zod14.z.string().nullable(),
-  ledgerRef: import_zod14.z.string(),
-  reverseLedgerRef: import_zod14.z.string().nullable(),
+  state: import_zod15.z.enum(WITHDRAWAL_STATES),
+  idempotencyKey: import_zod15.z.string(),
+  providerRef: import_zod15.z.string().nullable(),
+  lastError: import_zod15.z.string().nullable(),
+  ledgerRef: import_zod15.z.string(),
+  reverseLedgerRef: import_zod15.z.string().nullable(),
   metadata: Metadata,
-  createdAtMs: import_zod14.z.number().int().nonnegative(),
-  updatedAtMs: import_zod14.z.number().int().nonnegative()
+  createdAtMs: import_zod15.z.number().int().nonnegative(),
+  updatedAtMs: import_zod15.z.number().int().nonnegative()
 });
-var CreateWithdrawalInputSchema = import_zod14.z.object({
-  destinationId: import_zod14.z.string().uuid(),
+var CreateWithdrawalInputSchema = import_zod15.z.object({
+  destinationId: import_zod15.z.string().uuid(),
   amountMinor: PositiveMinor,
   currency: Currency,
-  idempotencyKey: import_zod14.z.string().trim().min(8).max(128),
+  idempotencyKey: import_zod15.z.string().trim().min(8).max(128),
   metadata: Metadata.optional()
 });
-var CreateWithdrawalResultSchema = import_zod14.z.object({
+var CreateWithdrawalResultSchema = import_zod15.z.object({
   withdrawal: WithdrawalSchema,
-  replayed: import_zod14.z.boolean()
+  replayed: import_zod15.z.boolean()
 });
-var PayoutEventInputSchema = import_zod14.z.object({
-  externalRef: import_zod14.z.string().trim().min(8).max(128),
-  withdrawalId: import_zod14.z.string().uuid().optional(),
-  state: import_zod14.z.enum(["submitted", "processing", "paid", "failed"]),
-  providerRef: import_zod14.z.string().trim().min(1).max(128).optional(),
-  failureCode: import_zod14.z.string().trim().max(64).optional(),
-  failureMessage: import_zod14.z.string().trim().max(512).optional(),
+var PayoutEventInputSchema = import_zod15.z.object({
+  externalRef: import_zod15.z.string().trim().min(8).max(128),
+  withdrawalId: import_zod15.z.string().uuid().optional(),
+  state: import_zod15.z.enum(["submitted", "processing", "paid", "failed"]),
+  providerRef: import_zod15.z.string().trim().min(1).max(128).optional(),
+  failureCode: import_zod15.z.string().trim().max(64).optional(),
+  failureMessage: import_zod15.z.string().trim().max(512).optional(),
   providerMetadata: Metadata.optional()
 });
-var RecordPayoutEventResultSchema = import_zod14.z.object({
+var RecordPayoutEventResultSchema = import_zod15.z.object({
   withdrawal: WithdrawalSchema,
-  replayed: import_zod14.z.boolean()
+  replayed: import_zod15.z.boolean()
 });
-var ReconciliationReportSchema = import_zod14.z.object({
-  partnerId: import_zod14.z.string().uuid(),
-  currency: import_zod14.z.string(),
-  fromMs: import_zod14.z.number().int().nonnegative(),
-  toMs: import_zod14.z.number().int().nonnegative(),
+var ReconciliationReportSchema = import_zod15.z.object({
+  partnerId: import_zod15.z.string().uuid(),
+  currency: import_zod15.z.string(),
+  fromMs: import_zod15.z.number().int().nonnegative(),
+  toMs: import_zod15.z.number().int().nonnegative(),
   fundingsCreditMinor: MinorString,
   fundingsDebitMinor: MinorString,
   withdrawalsPaidMinor: MinorString,
@@ -3738,7 +4245,7 @@ var ReconciliationReportSchema = import_zod14.z.object({
   expectedReserveBalanceMinor: MinorString,
   actualReserveBalanceMinor: MinorString,
   imbalanceMinor: MinorString,
-  generatedAtMs: import_zod14.z.number().int().nonnegative()
+  generatedAtMs: import_zod15.z.number().int().nonnegative()
 });
 function createPartnerFundingClient(partner) {
   return {
@@ -3890,19 +4397,19 @@ function createPartnerProfileAdminClient(opts) {
 }
 
 // src/artifacts/envelope.ts
-var import_zod15 = require("zod");
+var import_zod16 = require("zod");
 var FLUR_ARTIFACT_URI_SCHEME = "flur";
 var FLUR_ARTIFACT_VERSION = 1;
 var FLUR_ARTIFACT_URI_PREFIX = `${FLUR_ARTIFACT_URI_SCHEME}://v${FLUR_ARTIFACT_VERSION}/`;
 var ArtifactTypeRe = /^[a-z][a-z0-9_]{1,63}$/;
-var ArtifactHeaderSchema = import_zod15.z.object({
-  v: import_zod15.z.literal(FLUR_ARTIFACT_VERSION),
-  t: import_zod15.z.string().regex(ArtifactTypeRe, "invalid artifact type"),
-  iss: import_zod15.z.string().min(1).max(128),
-  kid: import_zod15.z.string().min(1).max(128),
-  iat: import_zod15.z.number().int().nonnegative(),
-  exp: import_zod15.z.number().int().positive().optional(),
-  nonce: import_zod15.z.string().min(8).max(64).regex(/^[A-Za-z0-9_-]+$/, "nonce must be url-safe")
+var ArtifactHeaderSchema = import_zod16.z.object({
+  v: import_zod16.z.literal(FLUR_ARTIFACT_VERSION),
+  t: import_zod16.z.string().regex(ArtifactTypeRe, "invalid artifact type"),
+  iss: import_zod16.z.string().min(1).max(128),
+  kid: import_zod16.z.string().min(1).max(128),
+  iat: import_zod16.z.number().int().nonnegative(),
+  exp: import_zod16.z.number().int().positive().optional(),
+  nonce: import_zod16.z.string().min(8).max(64).regex(/^[A-Za-z0-9_-]+$/, "nonce must be url-safe")
 });
 var FlurArtifactError = class extends Error {
   constructor(message, code) {
@@ -4041,7 +4548,7 @@ function verifyArtifactSignature(decoded, publicKeySpkiB64, options = {}) {
 }
 
 // src/artifacts/types.ts
-var import_zod16 = require("zod");
+var import_zod17 = require("zod");
 var ARTIFACT_TYPES = {
   OFFLINE_PAYMENT_AUTHORIZATION: "offline_payment_authorization",
   RECEIPT: "receipt",
@@ -4056,32 +4563,32 @@ var ARTIFACT_TYPES = {
   PASS: "pass",
   IDENTITY: "identity"
 };
-var HexString = (length) => import_zod16.z.string().regex(
+var HexString = (length) => import_zod17.z.string().regex(
   new RegExp(`^[0-9a-fA-F]{${length * 2}}$`),
   `expected ${length}-byte hex string`
 );
-var OfflinePaymentAuthorizationArtifactSchema = import_zod16.z.object({
+var OfflinePaymentAuthorizationArtifactSchema = import_zod17.z.object({
   authorization: OfflinePaymentAuthorizationSchema
 });
-var ReceiptArtifactSchema = import_zod16.z.object({
-  receiptId: import_zod16.z.string().min(1).max(64),
-  paymentReference: import_zod16.z.string().min(1).max(64),
-  payerUserId: import_zod16.z.string().min(1).max(64).optional(),
-  payeeUserId: import_zod16.z.string().min(1).max(64),
-  amountKobo: import_zod16.z.number().int().positive(),
-  currency: import_zod16.z.literal("NGN"),
-  channel: import_zod16.z.enum(["online", "offline_reconciled", "pay_link", "nqr"]),
-  settledAtMs: import_zod16.z.number().int().positive(),
-  ledgerTxnId: import_zod16.z.string().min(1).max(64).optional(),
-  memo: import_zod16.z.string().max(140).optional(),
+var ReceiptArtifactSchema = import_zod17.z.object({
+  receiptId: import_zod17.z.string().min(1).max(64),
+  paymentReference: import_zod17.z.string().min(1).max(64),
+  payerUserId: import_zod17.z.string().min(1).max(64).optional(),
+  payeeUserId: import_zod17.z.string().min(1).max(64),
+  amountKobo: import_zod17.z.number().int().positive(),
+  currency: import_zod17.z.literal("NGN"),
+  channel: import_zod17.z.enum(["online", "offline_reconciled", "pay_link", "nqr"]),
+  settledAtMs: import_zod17.z.number().int().positive(),
+  ledgerTxnId: import_zod17.z.string().min(1).max(64).optional(),
+  memo: import_zod17.z.string().max(140).optional(),
   hashChainPrev: HexString(32).optional()
 });
-var ShortId = import_zod16.z.string().min(1).max(64);
-var PositiveInt = import_zod16.z.number().int().positive();
-var NonNegativeInt = import_zod16.z.number().int().nonnegative();
-var Currency2 = import_zod16.z.literal("NGN");
-var Memo = import_zod16.z.string().max(140);
-var NqrPaymentRequestArtifactSchema = import_zod16.z.object({
+var ShortId = import_zod17.z.string().min(1).max(64);
+var PositiveInt = import_zod17.z.number().int().positive();
+var NonNegativeInt = import_zod17.z.number().int().nonnegative();
+var Currency2 = import_zod17.z.literal("NGN");
+var Memo = import_zod17.z.string().max(140);
+var NqrPaymentRequestArtifactSchema = import_zod17.z.object({
   requestId: ShortId,
   payeeUserId: ShortId,
   amountKobo: PositiveInt.optional(),
@@ -4089,7 +4596,7 @@ var NqrPaymentRequestArtifactSchema = import_zod16.z.object({
   memo: Memo.optional(),
   expiresAtMs: PositiveInt.optional()
 });
-var PaymentIntentArtifactSchema = import_zod16.z.object({
+var PaymentIntentArtifactSchema = import_zod17.z.object({
   intentId: ShortId,
   payerUserId: ShortId,
   payeeUserId: ShortId,
@@ -4098,7 +4605,7 @@ var PaymentIntentArtifactSchema = import_zod16.z.object({
   idempotencyKey: ShortId,
   createdAtMs: PositiveInt
 });
-var OfflineClaimArtifactSchema = import_zod16.z.object({
+var OfflineClaimArtifactSchema = import_zod17.z.object({
   claimId: ShortId,
   authorizationId: ShortId,
   payeeUserId: ShortId,
@@ -4107,10 +4614,10 @@ var OfflineClaimArtifactSchema = import_zod16.z.object({
   claimedAtMs: PositiveInt,
   paymentReference: ShortId.optional()
 });
-var SettlementRecordArtifactSchema = import_zod16.z.object({
+var SettlementRecordArtifactSchema = import_zod17.z.object({
   settlementId: ShortId,
   ledgerTxnId: ShortId,
-  sourceRefType: import_zod16.z.enum([
+  sourceRefType: import_zod17.z.enum([
     "offline_authorization",
     "offline_claim",
     "transfer",
@@ -4121,12 +4628,12 @@ var SettlementRecordArtifactSchema = import_zod16.z.object({
   currency: Currency2,
   settledAtMs: PositiveInt
 });
-var ReversalRecordArtifactSchema = import_zod16.z.object({
+var ReversalRecordArtifactSchema = import_zod17.z.object({
   reversalId: ShortId,
   originalTxnId: ShortId,
   amountKobo: PositiveInt,
   currency: Currency2,
-  reason: import_zod16.z.enum([
+  reason: import_zod17.z.enum([
     "user_dispute",
     "fraud",
     "duplicate",
@@ -4136,7 +4643,7 @@ var ReversalRecordArtifactSchema = import_zod16.z.object({
   reversedAtMs: PositiveInt,
   memo: Memo.optional()
 });
-var LedgerJournalEntryArtifactSchema = import_zod16.z.object({
+var LedgerJournalEntryArtifactSchema = import_zod17.z.object({
   entryId: ShortId,
   journalId: ShortId,
   debitAccountId: ShortId,
@@ -4147,13 +4654,13 @@ var LedgerJournalEntryArtifactSchema = import_zod16.z.object({
   refType: ShortId.optional(),
   refId: ShortId.optional()
 });
-var StatementArtifactSchema = import_zod16.z.object({
+var StatementArtifactSchema = import_zod17.z.object({
   statementId: ShortId,
   userId: ShortId,
   periodStartMs: PositiveInt,
   periodEndMs: PositiveInt,
-  openingBalanceKobo: import_zod16.z.number().int(),
-  closingBalanceKobo: import_zod16.z.number().int(),
+  openingBalanceKobo: import_zod17.z.number().int(),
+  closingBalanceKobo: import_zod17.z.number().int(),
   transactionCount: NonNegativeInt,
   currency: Currency2,
   hashChainPrev: HexString(32).optional()
@@ -4161,16 +4668,16 @@ var StatementArtifactSchema = import_zod16.z.object({
   message: "periodEndMs must be greater than periodStartMs",
   path: ["periodEndMs"]
 });
-var PassArtifactSchema = import_zod16.z.object({
+var PassArtifactSchema = import_zod17.z.object({
   passId: ShortId,
   holderId: ShortId,
-  category: import_zod16.z.enum(["membership", "ticket", "loyalty", "access", "voucher"]),
-  title: import_zod16.z.string().min(1).max(120),
+  category: import_zod17.z.enum(["membership", "ticket", "loyalty", "access", "voucher"]),
+  title: import_zod17.z.string().min(1).max(120),
   validFromMs: PositiveInt,
   validUntilMs: PositiveInt.optional(),
-  metadata: import_zod16.z.record(
-    import_zod16.z.string().min(1).max(64),
-    import_zod16.z.union([import_zod16.z.string().max(280), import_zod16.z.number(), import_zod16.z.boolean()])
+  metadata: import_zod17.z.record(
+    import_zod17.z.string().min(1).max(64),
+    import_zod17.z.union([import_zod17.z.string().max(280), import_zod17.z.number(), import_zod17.z.boolean()])
   ).optional()
 }).refine(
   (v) => v.validUntilMs === void 0 || v.validUntilMs > v.validFromMs,
@@ -4179,10 +4686,10 @@ var PassArtifactSchema = import_zod16.z.object({
     path: ["validUntilMs"]
   }
 );
-var IdentityArtifactSchema = import_zod16.z.object({
+var IdentityArtifactSchema = import_zod17.z.object({
   attestationId: ShortId,
   subjectId: ShortId,
-  claimType: import_zod16.z.enum([
+  claimType: import_zod17.z.enum([
     "phone_verified",
     "email_verified",
     "bvn_verified",
@@ -4318,6 +4825,9 @@ function createOfflinePaymentAuthorizationArtifactUri(input) {
   COLLECTION_INTENT_STATUSES,
   COLLECTION_PAYMENT_STATUSES,
   CONSUMER_OFFLINE_CLAIM_SUBMIT_GRACE_MS,
+  CONSUMER_PAYMENT_REQUEST_DOMAIN,
+  CONSUMER_SETTLEMENT_DOMAIN,
+  CONSUMER_SETTLEMENT_RECEIPT_QR_PREFIX,
   CUSTODIAL_MODES,
   CollectionIntentSchema,
   CollectionPaymentResultSchema,
@@ -4327,6 +4837,7 @@ function createOfflinePaymentAuthorizationArtifactUri(input) {
   ConsumerOACRecordSchema,
   ConsumerOACSchema,
   ConsumerPaymentClaimSchema,
+  ConsumerPaymentRequestEnvelopeSchema,
   ConsumerSettleResultSchema,
   ConsumerSettlementSchema,
   CreateCollectionIntentInputSchema,
@@ -4368,6 +4879,12 @@ function createOfflinePaymentAuthorizationArtifactUri(input) {
   OAC_DEFAULT_PER_TX_KOBO,
   OAC_DEFAULT_VALIDITY_MS,
   OFFLINE_CLAIM_SMS_PREFIX,
+  OFFLINE_SMS_SETTLE_DOMAIN,
+  OFFLINE_SMS_SETTLE_HEADER_BYTES,
+  OFFLINE_SMS_SETTLE_PREFIX,
+  OFFLINE_SMS_SETTLE_SIGNATURE_BYTES,
+  OFFLINE_SMS_SETTLE_TOKEN_BYTES,
+  OFFLINE_SMS_SETTLE_VERSION,
   OfflineClaimArtifactSchema,
   OfflinePaymentAuthorizationArtifactSchema,
   OfflinePaymentAuthorizationSchema,
@@ -4427,18 +4944,25 @@ function createOfflinePaymentAuthorizationArtifactUri(input) {
   bodySha256Hex,
   buildArtifactBody,
   buildAuthorization,
+  buildConsumerPaymentRequest,
   buildOAC,
   buildPass,
   buildPaymentRequest,
   buildReceipt,
   buildRedemption,
+  buildSmsSettleHeader,
+  buildSmsSettleSignedBytes,
   canonicalClaimSigningBytes,
   canonicalClaimSigningPayload,
   canonicalJSONBytes,
   canonicalJSONStringify,
   canonicalRequestString,
+  computeConsumerClaimEncounterId,
   computeEncounterId,
   constantTimeEqual,
+  consumerPaymentRequestSigningBytes,
+  consumerPaymentRequestSigningPayload,
+  consumerSettlementSigningPayload,
   crc16ccitt,
   crc16ccittHex,
   createAccountsClient,
@@ -4462,19 +4986,27 @@ function createOfflinePaymentAuthorizationArtifactUri(input) {
   decodeArtifactUri,
   decodeAuthorizationQR,
   decodeBase45,
+  decodeConsumerSettlementReceiptQR,
   decodeOfflineClaimSmsMessage,
+  decodeOfflineSmsSettleToken,
   decodePaymentRequestQR,
+  decodeUnverifiedConsumerSettlementReceiptQR,
+  derToRawP256Signature,
   encodeArtifactUri,
   encodeAuthorizationQR,
   encodeBase45,
+  encodeConsumerSettlementReceiptQR,
   encodeNQR,
   encodeOfflineClaimSmsMessage,
+  encodeOfflineSmsSettleToken,
   encodePaymentRequestQR,
   extractOfflineClaimSmsToken,
+  extractOfflineSmsSettleToken,
   formatAmount,
   generateDynamicQR,
   generateStaticQR,
   init,
+  isConsumerPaymentRequestExpired,
   isHardenedArtifactType,
   isKnownArtifactType,
   isPassWithinValidity,
@@ -4487,6 +5019,7 @@ function createOfflinePaymentAuthorizationArtifactUri(input) {
   routingHint,
   signArtifact,
   signAuthorization,
+  signConsumerPaymentRequest,
   signOAC,
   signPartnerRequest,
   signPass,
@@ -4498,7 +5031,11 @@ function createOfflinePaymentAuthorizationArtifactUri(input) {
   verifyArtifactUri,
   verifyAuthorization,
   verifyClaimSignature,
+  verifyConsumerPaymentRequest,
+  verifyConsumerSettlement,
+  verifyConsumerSettlementReceiptQR,
   verifyOAC,
+  verifyOfflineSmsSettleToken,
   verifyPass,
   verifyPaymentRequest,
   verifyReceipt,