npm - @nokinc-flur/sdk - Versions diffs - 2.3.0 → 2.5.0 - Mend

@nokinc-flur/sdk 2.3.0 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -2878,6 +2878,331 @@ type AccountsClient = {
 };
 declare function createAccountsClient(opts: AccountsClientOptions): AccountsClient;
+/**
+ * Offline verification of the unified Offline Authorization Certificate (OAC).
+ *
+ * The OAC is issuer-signed and folds identity (phoneE164, displayName, bound
+ * device key) into the same credential that carries offline spend authority.
+ * This lets two users who meet for the first time recognise and pay each
+ * other WITHOUT a network round-trip: the verifier checks the issuer
+ * signature against a *pinned* trusted issuer key (a Trust Bundle refreshed
+ * whenever the device is online), never the key embedded in the credential.
+ *
+ * Trust model:
+ *   - Provisional offline authorization, authoritative online settlement.
+ *     A successful offline verify proves the credential was issued by Flur
+ *     and is within its validity window; the backend still re-checks
+ *     revocation, balance, and caps at settlement. Short OAC TTL is the
+ *     revocation-propagation mechanism — a revoked user cannot refresh and
+ *     their OAC expires within the issuance TTL.
+ *
+ * Wire format mirrors `flur-backend/src/offline-consumer/service.ts`
+ * (`oacSigningPayload`): the issuer signs `canonicalJSONBytes({ domain, ...oac })`
+ * with its P-256 key. Adding fields to `ConsumerOAC` automatically includes
+ * them in the signed bytes, so identity is covered without a new domain.
+ */
+/**
+ * Domain tag bound into the OAC issuer signature. MUST match
+ * `OAC_DOMAIN` in `flur-backend/src/offline-consumer/service.ts`.
+ */
+declare const CONSUMER_OAC_DOMAIN: "flur:consumer-offline:v1:oac";
+/**
+ * A pinned issuer key the device trusts for offline OAC verification.
+ * Sourced from the backend Trust Bundle (`GET /v1/issuer/keys`) and cached
+ * on-device. `notBeforeMs` / `notAfterMs` bound the key's own validity so a
+ * rotated-out key cannot be used to verify a freshly minted credential.
+ */
+interface TrustedIssuerKey {
+    issuerId: string;
+    /** Issuer P-256 public key as SubjectPublicKeyInfo DER, base64. */
+    publicKeySpkiB64: string;
+    notBeforeMs?: number;
+    notAfterMs?: number;
+}
+/** Identity surfaced to the caller after a successful offline verify. */
+interface OacOfflineIdentity {
+    oacId: string;
+    issuerId: string;
+    userId: string;
+    phoneE164: string;
+    displayName: string;
+    /** Holder's bound device key; lets the caller verify receipts offline. */
+    devicePubkeySpkiB64: string;
+}
+type VerifyOacOfflineResult = {
+    ok: true;
+    oac: ConsumerOAC;
+    identity: OacOfflineIdentity;
+} | {
+    ok: false;
+    reason: 'malformed' | 'untrusted_issuer' | 'signature_invalid' | 'window_too_long' | 'not_yet_valid' | 'expired' | 'revoked';
+};
+interface VerifyOacOfflineOptions {
+    /** Override the wall clock; defaults to `Date.now()`. */
+    nowMs?: number;
+    /**
+     * Verified revoked-OAC id set from a pinned revocation status-list (see
+     * `verifyRevocationList`). When supplied, an otherwise-valid OAC whose
+     * `oacId` is present is rejected with reason `'revoked'`. Omitting this
+     * preserves the TTL-only revocation baseline.
+     */
+    revokedOacIds?: ReadonlySet<string>;
+}
+/** Canonical OAC payload (domain-bound) the backend issuer signs. */
+declare function consumerOacSigningPayload(oac: ConsumerOAC): {
+    phoneE164: string;
+    userId: string;
+    deviceId: string;
+    displayName: string;
+    currency: string;
+    perTxCapKobo: number;
+    cumulativeCapKobo: number;
+    validFromMs: number;
+    validUntilMs: number;
+    counterSeed: number;
+    issuedAtMs: number;
+    issuerId: string;
+    oacId: string;
+    alg: "p256";
+    devicePubkeySpkiB64: string;
+    domain: "flur:consumer-offline:v1:oac";
+};
+/**
+ * Verify a signed OAC offline against a pinned set of trusted issuer keys.
+ *
+ * Security invariants:
+ *   - The signature is checked against the PINNED key for `oac.issuerId`,
+ *     never the credential-embedded `issuerPublicKeySpkiB64`. An attacker who
+ *     forges an OAC with their own key (and a matching embedded key) fails
+ *     because their key is not pinned.
+ *   - The pinned key's own validity window is enforced.
+ *   - The OAC validity window is enforced (`validFromMs <= now < validUntilMs`).
+ */
+declare function verifyOacOffline(signed: SignedConsumerOAC, trustedKeys: readonly TrustedIssuerKey[], options?: VerifyOacOfflineOptions): VerifyOacOfflineResult;
+/**
+ * QR prefix for a presented unified OAC. A holder shows this QR to be paid
+ * and/or identified offline; the scanner decodes it and calls
+ * `verifyOacOffline` against its pinned trust bundle. Distinct from the
+ * settlement-receipt (`FLURSR1.`) and pay-card prefixes so the scanner can
+ * dispatch by prefix without ambiguity.
+ */
+declare const CONSUMER_OAC_QR_PREFIX: "FLUROAC1.";
+/** True iff `value` looks like a presented OAC QR payload. */
+declare function isConsumerOacQR(value: string): boolean;
+/**
+ * Advisory "pay me" request a holder may attach to a presented OAC pay code:
+ * an amount, a purpose/intent, and a free-text reference. This rides as an
+ * UNSIGNED suffix on the QR (see {@link encodeConsumerOacQR}) — it is never
+ * part of the issuer-signed credential and carries no authority. The payer's
+ * app treats it purely as a prefill hint and always confirms the amount,
+ * exactly as with a NIBSS dynamic QR.
+ */
+declare const OacPresentmentRequestSchema: z.ZodObject<{
+    /** Requested amount in minor units (kobo). */
+    amountMinor: z.ZodOptional<z.ZodNumber>;
+    /** Purpose/intent code (mirrors the NIBSS intent vocabulary). */
+    intent: z.ZodOptional<z.ZodString>;
+    /** Free-text reference / note. */
+    reference: z.ZodOptional<z.ZodString>;
+}, "strict", z.ZodTypeAny, {
+    amountMinor?: number | undefined;
+    reference?: string | undefined;
+    intent?: string | undefined;
+}, {
+    amountMinor?: number | undefined;
+    reference?: string | undefined;
+    intent?: string | undefined;
+}>;
+type OacPresentmentRequest = z.infer<typeof OacPresentmentRequestSchema>;
+/**
+ * Encode a signed OAC as a scannable QR payload. The envelope is validated
+ * before encoding so a malformed credential can never be presented.
+ *
+ * An optional advisory {@link OacPresentmentRequest} is appended as a
+ * dot-separated, base64url-encoded suffix:
+ *   `FLUROAC1.<base64url(signed)>.<base64url(request)>`
+ * The signed segment is byte-identical with or without the suffix, so the
+ * credential's verifiability is unaffected. An empty request adds no suffix.
+ */
+declare function encodeConsumerOacQR(signed: SignedConsumerOAC, request?: OacPresentmentRequest): string;
+/**
+ * Decode (WITHOUT verifying) a presented OAC QR back into a signed envelope.
+ * Any advisory request suffix is ignored here — use
+ * {@link decodeConsumerOacRequest} to read it. The caller MUST pass the result
+ * to `verifyOacOffline` against pinned keys before trusting any field —
+ * decoding proves nothing about authenticity.
+ */
+declare function decodeUnverifiedConsumerOacQR(value: string): SignedConsumerOAC;
+/**
+ * Read the advisory {@link OacPresentmentRequest} from a presented OAC QR, or
+ * `null` if absent/malformed. This is purely a prefill hint and is NEVER
+ * authoritative — a malformed suffix is treated as "no request" and never
+ * throws, so a bad suffix can never block a verifiable credential.
+ */
+declare function decodeConsumerOacRequest(value: string): OacPresentmentRequest | null;
+/**
+ * OAC revocation status-list — offline verification.
+ *
+ * Short OAC TTL (24h, rolling) is the BASELINE revocation-propagation
+ * mechanism: a revoked user cannot refresh, so their credential lapses within
+ * the issuance window. The revocation status-list shrinks that window from
+ * "up to 24h" to "time since the device last pinned a fresh list": the issuer
+ * publishes a signed list of OAC IDs that are revoked AND not yet expired, and
+ * the offline verifier rejects any scanned OAC whose id appears in it.
+ *
+ * The list is naturally bounded: an OAC that lapses on its own TTL drops off
+ * the list (expiry already covers it), so the published set only ever carries
+ * revocations from roughly the last 24h.
+ *
+ * Trust model mirrors the OAC itself: the list is issuer-signed and verified
+ * OFFLINE against the SAME pinned issuer trust bundle (`GET /v1/issuer/keys`),
+ * never the key embedded in the payload. A `sequence` makes the list
+ * monotonic so a device never accepts an older snapshot over a newer one.
+ */
+/**
+ * Domain tag bound into the revocation-list issuer signature. MUST match
+ * `REVOCATION_DOMAIN` in `flur-backend/src/offline-consumer/service.ts`.
+ */
+declare const CONSUMER_REVOCATION_DOMAIN: "flur:consumer-offline:v1:revocation";
+/**
+ * Hard cap on the number of revoked ids in a single list. Because the list
+ * only carries unexpired revocations (~24h window), this bounds the payload
+ * while comfortably exceeding any realistic revocation rate.
+ */
+declare const REVOCATION_LIST_MAX_ENTRIES = 100000;
+declare const RevocationListSchema: z.ZodObject<{
+    issuerId: z.ZodString;
+    /**
+     * Monotonic snapshot counter. A device MUST NOT replace a pinned list with
+     * one carrying a lower sequence — this defeats a downgrade/rollback attack
+     * that replays an older list to resurrect a revoked credential.
+     */
+    sequence: z.ZodNumber;
+    issuedAtMs: z.ZodNumber;
+    /**
+     * Freshness bound. After this instant the list is considered stale and the
+     * verifier treats it as untrustworthy (fail-closed), forcing a re-pin.
+     * Optional so the issuer may publish a list without a hard expiry.
+     */
+    notAfterMs: z.ZodOptional<z.ZodNumber>;
+    /** OAC ids that are revoked AND not yet past their own validity window. */
+    revokedOacIds: z.ZodArray<z.ZodString, "many">;
+}, "strip", z.ZodTypeAny, {
+    issuedAtMs: number;
+    issuerId: string;
+    sequence: number;
+    revokedOacIds: string[];
+    notAfterMs?: number | undefined;
+}, {
+    issuedAtMs: number;
+    issuerId: string;
+    sequence: number;
+    revokedOacIds: string[];
+    notAfterMs?: number | undefined;
+}>;
+type RevocationList = z.infer<typeof RevocationListSchema>;
+declare const SignedRevocationListSchema: z.ZodObject<{
+    list: z.ZodObject<{
+        issuerId: z.ZodString;
+        /**
+         * Monotonic snapshot counter. A device MUST NOT replace a pinned list with
+         * one carrying a lower sequence — this defeats a downgrade/rollback attack
+         * that replays an older list to resurrect a revoked credential.
+         */
+        sequence: z.ZodNumber;
+        issuedAtMs: z.ZodNumber;
+        /**
+         * Freshness bound. After this instant the list is considered stale and the
+         * verifier treats it as untrustworthy (fail-closed), forcing a re-pin.
+         * Optional so the issuer may publish a list without a hard expiry.
+         */
+        notAfterMs: z.ZodOptional<z.ZodNumber>;
+        /** OAC ids that are revoked AND not yet past their own validity window. */
+        revokedOacIds: z.ZodArray<z.ZodString, "many">;
+    }, "strip", z.ZodTypeAny, {
+        issuedAtMs: number;
+        issuerId: string;
+        sequence: number;
+        revokedOacIds: string[];
+        notAfterMs?: number | undefined;
+    }, {
+        issuedAtMs: number;
+        issuerId: string;
+        sequence: number;
+        revokedOacIds: string[];
+        notAfterMs?: number | undefined;
+    }>;
+    /** ASN.1 DER ECDSA P-256 issuer signature over the signing payload, base64. */
+    issuerSig: z.ZodString;
+    /** Issuer's P-256 public key as SubjectPublicKeyInfo DER, base64. */
+    issuerPublicKeySpkiB64: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    issuerSig: string;
+    issuerPublicKeySpkiB64: string;
+    list: {
+        issuedAtMs: number;
+        issuerId: string;
+        sequence: number;
+        revokedOacIds: string[];
+        notAfterMs?: number | undefined;
+    };
+}, {
+    issuerSig: string;
+    issuerPublicKeySpkiB64: string;
+    list: {
+        issuedAtMs: number;
+        issuerId: string;
+        sequence: number;
+        revokedOacIds: string[];
+        notAfterMs?: number | undefined;
+    };
+}>;
+type SignedRevocationList = z.infer<typeof SignedRevocationListSchema>;
+type VerifyRevocationListResult = {
+    ok: true;
+    list: RevocationList;
+    revokedOacIds: ReadonlySet<string>;
+} | {
+    ok: false;
+    reason: 'malformed' | 'untrusted_issuer' | 'signature_invalid' | 'stale';
+};
+interface VerifyRevocationListOptions {
+    /** Override the wall clock; defaults to `Date.now()`. */
+    nowMs?: number;
+}
+/**
+ * Canonical revocation-list payload (domain-bound) the issuer signs.
+ *
+ * Cross-implementation contract (MUST match the backend signer byte-for-byte):
+ * optional fields with no value are OMITTED from the signed object, never
+ * emitted as `null` or `undefined`. `canonicalJSONBytes` rejects `undefined`
+ * object values outright, so building the payload explicitly (rather than
+ * spreading a `list` that may carry an explicit `notAfterMs: undefined`) keeps
+ * verification total — it can never throw on a well-typed list — and keeps the
+ * signed bytes identical whether `notAfterMs` was absent or explicitly unset.
+ */
+declare function revocationListSigningPayload(list: RevocationList): Record<string, unknown>;
+/**
+ * Verify a signed revocation list offline against pinned issuer keys.
+ *
+ * Security invariants (identical to `verifyOacOffline`):
+ *   - The signature is checked against the PINNED key for `list.issuerId`,
+ *     never the payload-embedded key.
+ *   - The pinned key's own validity window is enforced.
+ *   - A list past `notAfterMs` fails closed (`stale`) so a long-offline device
+ *     cannot keep trusting a frozen snapshot forever.
+ *
+ * Note: rollback protection via `sequence` is intentionally NOT enforced here
+ * (verification is stateless). The caller persisting the pinned list MUST
+ * reject any replacement whose `sequence` is lower than the pinned one.
+ */
+declare function verifyRevocationList(signed: SignedRevocationList, trustedKeys: readonly TrustedIssuerKey[], options?: VerifyRevocationListOptions): VerifyRevocationListResult;
+/** True iff `oacId` appears in a verified revocation set. */
+declare function isOacRevoked(oacId: string, revokedOacIds: ReadonlySet<string>): boolean;
 /**
  * Consumer-side Offline Collect SDK client.
  *
@@ -2915,14 +3240,14 @@ declare const IssuerTrustKeySchema: z.ZodObject<{
     issuerId: string;
     alg: "p256";
     publicKeySpkiB64: string;
-    notBeforeMs?: number | undefined;
     notAfterMs?: number | undefined;
+    notBeforeMs?: number | undefined;
 }, {
     issuerId: string;
     alg: "p256";
     publicKeySpkiB64: string;
-    notBeforeMs?: number | undefined;
     notAfterMs?: number | undefined;
+    notBeforeMs?: number | undefined;
 }>;
 type IssuerTrustKey = z.infer<typeof IssuerTrustKeySchema>;
 declare const IssuerTrustBundleSchema: z.ZodObject<{
@@ -2936,30 +3261,30 @@ declare const IssuerTrustBundleSchema: z.ZodObject<{
         issuerId: string;
         alg: "p256";
         publicKeySpkiB64: string;
-        notBeforeMs?: number | undefined;
         notAfterMs?: number | undefined;
+        notBeforeMs?: number | undefined;
     }, {
         issuerId: string;
         alg: "p256";
         publicKeySpkiB64: string;
-        notBeforeMs?: number | undefined;
         notAfterMs?: number | undefined;
+        notBeforeMs?: number | undefined;
     }>, "many">;
 }, "strip", z.ZodTypeAny, {
     keys: {
         issuerId: string;
         alg: "p256";
         publicKeySpkiB64: string;
-        notBeforeMs?: number | undefined;
         notAfterMs?: number | undefined;
+        notBeforeMs?: number | undefined;
     }[];
 }, {
     keys: {
         issuerId: string;
         alg: "p256";
         publicKeySpkiB64: string;
-        notBeforeMs?: number | undefined;
         notAfterMs?: number | undefined;
+        notBeforeMs?: number | undefined;
     }[];
 }>;
 type IssuerTrustBundle = z.infer<typeof IssuerTrustBundleSchema>;
@@ -3107,8 +3432,8 @@ declare const ConsumerOACSchema: z.ZodObject<{
     counterSeed: number;
     issuedAtMs: number;
     issuerId: string;
-    alg: "p256";
     oacId: string;
+    alg: "p256";
     devicePubkeySpkiB64: string;
 }, {
     phoneE164: string;
@@ -3123,8 +3448,8 @@ declare const ConsumerOACSchema: z.ZodObject<{
     counterSeed: number;
     issuedAtMs: number;
     issuerId: string;
-    alg: "p256";
     oacId: string;
+    alg: "p256";
     devicePubkeySpkiB64: string;
 }>;
 type ConsumerOAC = z.infer<typeof ConsumerOACSchema>;
@@ -3178,8 +3503,8 @@ declare const SignedConsumerOACSchema: z.ZodObject<{
         counterSeed: number;
         issuedAtMs: number;
         issuerId: string;
-        alg: "p256";
         oacId: string;
+        alg: "p256";
         devicePubkeySpkiB64: string;
     }, {
         phoneE164: string;
@@ -3194,8 +3519,8 @@ declare const SignedConsumerOACSchema: z.ZodObject<{
         counterSeed: number;
         issuedAtMs: number;
         issuerId: string;
-        alg: "p256";
         oacId: string;
+        alg: "p256";
         devicePubkeySpkiB64: string;
     }>;
     /** ASN.1 DER ECDSA P-256 issuer signature, base64. */
@@ -3217,8 +3542,8 @@ declare const SignedConsumerOACSchema: z.ZodObject<{
         counterSeed: number;
         issuedAtMs: number;
         issuerId: string;
-        alg: "p256";
         oacId: string;
+        alg: "p256";
         devicePubkeySpkiB64: string;
     };
     issuerPublicKeySpkiB64: string;
@@ -3237,8 +3562,8 @@ declare const SignedConsumerOACSchema: z.ZodObject<{
         counterSeed: number;
         issuedAtMs: number;
         issuerId: string;
-        alg: "p256";
         oacId: string;
+        alg: "p256";
         devicePubkeySpkiB64: string;
     };
     issuerPublicKeySpkiB64: string;
@@ -3294,8 +3619,8 @@ declare const OACRecordSchema: z.ZodObject<{
         counterSeed: number;
         issuedAtMs: number;
         issuerId: string;
-        alg: "p256";
         oacId: string;
+        alg: "p256";
         devicePubkeySpkiB64: string;
     }, {
         phoneE164: string;
@@ -3310,8 +3635,8 @@ declare const OACRecordSchema: z.ZodObject<{
         counterSeed: number;
         issuedAtMs: number;
         issuerId: string;
-        alg: "p256";
         oacId: string;
+        alg: "p256";
         devicePubkeySpkiB64: string;
     }>;
     /** ASN.1 DER ECDSA P-256 issuer signature, base64. */
@@ -3340,8 +3665,8 @@ declare const OACRecordSchema: z.ZodObject<{
         counterSeed: number;
         issuedAtMs: number;
         issuerId: string;
-        alg: "p256";
         oacId: string;
+        alg: "p256";
         devicePubkeySpkiB64: string;
     };
     issuerPublicKeySpkiB64: string;
@@ -3364,8 +3689,8 @@ declare const OACRecordSchema: z.ZodObject<{
         counterSeed: number;
         issuedAtMs: number;
         issuerId: string;
-        alg: "p256";
         oacId: string;
+        alg: "p256";
         devicePubkeySpkiB64: string;
     };
     issuerPublicKeySpkiB64: string;
@@ -3450,8 +3775,8 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
             counterSeed: number;
             issuedAtMs: number;
             issuerId: string;
-            alg: "p256";
             oacId: string;
+            alg: "p256";
             devicePubkeySpkiB64: string;
         }, {
             phoneE164: string;
@@ -3466,8 +3791,8 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
             counterSeed: number;
             issuedAtMs: number;
             issuerId: string;
-            alg: "p256";
             oacId: string;
+            alg: "p256";
             devicePubkeySpkiB64: string;
         }>;
         /** ASN.1 DER ECDSA P-256 issuer signature, base64. */
@@ -3496,8 +3821,8 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
             counterSeed: number;
             issuedAtMs: number;
             issuerId: string;
-            alg: "p256";
             oacId: string;
+            alg: "p256";
             devicePubkeySpkiB64: string;
         };
         issuerPublicKeySpkiB64: string;
@@ -3520,8 +3845,8 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
             counterSeed: number;
             issuedAtMs: number;
             issuerId: string;
-            alg: "p256";
             oacId: string;
+            alg: "p256";
             devicePubkeySpkiB64: string;
         };
         issuerPublicKeySpkiB64: string;
@@ -3546,8 +3871,8 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
             counterSeed: number;
             issuedAtMs: number;
             issuerId: string;
-            alg: "p256";
             oacId: string;
+            alg: "p256";
             devicePubkeySpkiB64: string;
         };
         issuerPublicKeySpkiB64: string;
@@ -3572,8 +3897,8 @@ declare const OfflineStatusResultSchema: z.ZodObject<{
             counterSeed: number;
             issuedAtMs: number;
             issuerId: string;
-            alg: "p256";
             oacId: string;
+            alg: "p256";
             devicePubkeySpkiB64: string;
         };
         issuerPublicKeySpkiB64: string;
@@ -3621,8 +3946,8 @@ declare const ConsumerPaymentClaimSchema: z.ZodObject<{
     payerNonce: string;
     payeeNonce: string;
     occurredAtMs: number;
-    alg: "p256";
     oacId: string;
+    alg: "p256";
     payerDeviceId: string;
     payerPubkeySpkiB64: string;
     payerSignatureDerB64: string;
@@ -3848,6 +4173,12 @@ type MeOfflineClient = {
     getSettlement: (idOrKey: string) => Promise<ConsumerSettlement>;
     /** Fetch the public pinned issuer trust bundle (`GET /v1/issuer/keys`). */
     getIssuerKeys: () => Promise<IssuerTrustBundle>;
+    /**
+     * Fetch the issuer-signed OAC revocation status-list
+     * (`GET /v1/issuer/revocations`). Pinned and checked offline alongside the
+     * issuer trust bundle to bound the revocation window below the OAC TTL.
+     */
+    getRevocations: () => Promise<SignedRevocationList>;
 };
 declare function createMeOfflineClient(opts: MeOfflineClientOptions): MeOfflineClient;
@@ -4104,99 +4435,6 @@ declare function verifyConsumerSettlementReceiptQR(value: string, issuerPublicKe
 declare function decodeConsumerSettlementReceiptQR(value: string): ConsumerSettlement;
 declare function decodeConsumerSettlementReceiptQR(value: string, issuerPublicKeySpkiB64: string): ConsumerSettlement;
-/**
- * Domain tag bound into the OAC issuer signature. MUST match
- * `OAC_DOMAIN` in `flur-backend/src/offline-consumer/service.ts`.
- */
-declare const CONSUMER_OAC_DOMAIN: "flur:consumer-offline:v1:oac";
-/**
- * A pinned issuer key the device trusts for offline OAC verification.
- * Sourced from the backend Trust Bundle (`GET /v1/issuer/keys`) and cached
- * on-device. `notBeforeMs` / `notAfterMs` bound the key's own validity so a
- * rotated-out key cannot be used to verify a freshly minted credential.
- */
-interface TrustedIssuerKey {
-    issuerId: string;
-    /** Issuer P-256 public key as SubjectPublicKeyInfo DER, base64. */
-    publicKeySpkiB64: string;
-    notBeforeMs?: number;
-    notAfterMs?: number;
-}
-/** Identity surfaced to the caller after a successful offline verify. */
-interface OacOfflineIdentity {
-    oacId: string;
-    issuerId: string;
-    userId: string;
-    phoneE164: string;
-    displayName: string;
-    /** Holder's bound device key; lets the caller verify receipts offline. */
-    devicePubkeySpkiB64: string;
-}
-type VerifyOacOfflineResult = {
-    ok: true;
-    oac: ConsumerOAC;
-    identity: OacOfflineIdentity;
-} | {
-    ok: false;
-    reason: 'malformed' | 'untrusted_issuer' | 'signature_invalid' | 'window_too_long' | 'not_yet_valid' | 'expired';
-};
-interface VerifyOacOfflineOptions {
-    /** Override the wall clock; defaults to `Date.now()`. */
-    nowMs?: number;
-}
-/** Canonical OAC payload (domain-bound) the backend issuer signs. */
-declare function consumerOacSigningPayload(oac: ConsumerOAC): {
-    phoneE164: string;
-    userId: string;
-    deviceId: string;
-    displayName: string;
-    currency: string;
-    perTxCapKobo: number;
-    cumulativeCapKobo: number;
-    validFromMs: number;
-    validUntilMs: number;
-    counterSeed: number;
-    issuedAtMs: number;
-    issuerId: string;
-    alg: "p256";
-    oacId: string;
-    devicePubkeySpkiB64: string;
-    domain: "flur:consumer-offline:v1:oac";
-};
-/**
- * Verify a signed OAC offline against a pinned set of trusted issuer keys.
- *
- * Security invariants:
- *   - The signature is checked against the PINNED key for `oac.issuerId`,
- *     never the credential-embedded `issuerPublicKeySpkiB64`. An attacker who
- *     forges an OAC with their own key (and a matching embedded key) fails
- *     because their key is not pinned.
- *   - The pinned key's own validity window is enforced.
- *   - The OAC validity window is enforced (`validFromMs <= now < validUntilMs`).
- */
-declare function verifyOacOffline(signed: SignedConsumerOAC, trustedKeys: readonly TrustedIssuerKey[], options?: VerifyOacOfflineOptions): VerifyOacOfflineResult;
-/**
- * QR prefix for a presented unified OAC. A holder shows this QR to be paid
- * and/or identified offline; the scanner decodes it and calls
- * `verifyOacOffline` against its pinned trust bundle. Distinct from the
- * settlement-receipt (`FLURSR1.`) and pay-card prefixes so the scanner can
- * dispatch by prefix without ambiguity.
- */
-declare const CONSUMER_OAC_QR_PREFIX: "FLUROAC1.";
-/** True iff `value` looks like a presented OAC QR payload. */
-declare function isConsumerOacQR(value: string): boolean;
-/**
- * Encode a signed OAC as a scannable QR payload. The envelope is validated
- * before encoding so a malformed credential can never be presented.
- */
-declare function encodeConsumerOacQR(signed: SignedConsumerOAC): string;
-/**
- * Decode (WITHOUT verifying) a presented OAC QR back into a signed envelope.
- * The caller MUST pass the result to `verifyOacOffline` against pinned keys
- * before trusting any field — decoding proves nothing about authenticity.
- */
-declare function decodeUnverifiedConsumerOacQR(value: string): SignedConsumerOAC;
 /**
  * FLURA1 — single-SMS consumer-offline settle token.
  *
@@ -5206,7 +5444,6 @@ declare const ARTIFACT_TYPES: {
     readonly STATEMENT: "statement";
     readonly PASS: "pass";
     readonly IDENTITY: "identity";
-    readonly PAY_CARD: "pay_card";
 };
 type ArtifactType = (typeof ARTIFACT_TYPES)[keyof typeof ARTIFACT_TYPES];
 declare const OfflinePaymentAuthorizationArtifactSchema: z.ZodObject<{
@@ -5850,23 +6087,6 @@ declare const IdentityArtifactSchema: z.ZodObject<{
     claimType: "phone_verified" | "email_verified" | "bvn_verified" | "kyc_tier" | "age_band";
     claimValueHash: string;
 }>;
-declare const PayCardArtifactSchema: z.ZodObject<{
-    userId: z.ZodString;
-    phoneE164: z.ZodString;
-    displayName: z.ZodString;
-    devicePubKeySpkiB64: z.ZodString;
-}, "strip", z.ZodTypeAny, {
-    phoneE164: string;
-    userId: string;
-    displayName: string;
-    devicePubKeySpkiB64: string;
-}, {
-    phoneE164: string;
-    userId: string;
-    displayName: string;
-    devicePubKeySpkiB64: string;
-}>;
-type PayCardArtifact = z.infer<typeof PayCardArtifactSchema>;
 declare const ARTIFACT_BODY_SCHEMAS: {
     readonly offline_payment_authorization: z.ZodObject<{
         authorization: z.ZodObject<{
@@ -6507,22 +6727,6 @@ declare const ARTIFACT_BODY_SCHEMAS: {
         claimType: "phone_verified" | "email_verified" | "bvn_verified" | "kyc_tier" | "age_band";
         claimValueHash: string;
     }>;
-    readonly pay_card: z.ZodObject<{
-        userId: z.ZodString;
-        phoneE164: z.ZodString;
-        displayName: z.ZodString;
-        devicePubKeySpkiB64: z.ZodString;
-    }, "strip", z.ZodTypeAny, {
-        phoneE164: string;
-        userId: string;
-        displayName: string;
-        devicePubKeySpkiB64: string;
-    }, {
-        phoneE164: string;
-        userId: string;
-        displayName: string;
-        devicePubKeySpkiB64: string;
-    }>;
 };
 /** Artifact types whose body schema is fully specified and safe to dispatch. */
 declare const HARDENED_ARTIFACT_TYPES: Set<ArtifactType>;
@@ -6641,154 +6845,4 @@ declare function createOfflinePaymentAuthorizationArtifactUri(input: {
     }>;
 };
-/**
- * Pay Card — Tier B of the Flur recipient-trust ladder.
- *
- * A Pay Card is a holder-signed, expiring identity attestation rendered as a
- * QR. When a payer scans a Pay Card and verifies its signature against the
- * holder's registered device-key, they obtain a trusted (userId, phoneE164,
- * displayName, devicePubKey) tuple they can cache locally and reuse to pay
- * the holder fully offline thereafter.
- *
- * Transport: the standard Flur v1 signed-artifact envelope
- *   `flur://v1/pay_card/<base64url(canonical-json(body))>.<base64url(sig)>`
- *
- * Trust model:
- *   - Card is signed by the holder's device key (P-256, ECDSA-SHA256, DER).
- *   - Verifier resolves (issuer=userId, kid) to a SubjectPublicKeyInfo via
- *     Flur's device-key registry — typically online at scan time.
- *   - On successful verify, the scanner upserts the card into its local
- *     verified-contact cache (Tier A) so future pays are offline.
- *
- * This module is the canonical implementation. The backend and mobile MUST
- * use it for build, verify, and freshness checks — no parallel implementations.
- *
- * Industry-standard defaults (configurable per call):
- *   - TTL:                90 days from issue.
- *   - Refresh threshold:  30 days remaining triggers a 'refresh_recommended'
- *                         freshness state.
- *
- * Field policy (enforced by {@link PayCardArtifactSchema}):
- *   - displayName \u2264 64 chars
- *   - phoneE164 must match /^\+[1-9]\d{7,14}$/
- *   - devicePubKeySpkiB64 must be standard base64 (no url-safe variants),
- *     64..256 chars (covers P-256 SPKI = 91 chars plus forward-compat).
- */
-/** Default Pay Card lifetime (ms): 90 days. */
-declare const PAY_CARD_DEFAULT_TTL_MS: number;
-/**
- * When the remaining lifetime drops below this threshold (ms),
- * {@link inspectPayCardFreshness} returns `'refresh_recommended'`.
- *
- * Holders should refresh in the background well before hard-expiry so
- * a stale-card scan never blocks a payment.
- */
-declare const PAY_CARD_REFRESH_THRESHOLD_MS: number;
-/** URI prefix for Pay Card artifacts. */
-declare const PAY_CARD_URI_PREFIX: string;
-/**
- * Inputs for {@link createPayCardArtifactUri}. Mirrors the artifact codec
- * inputs but pins type to `pay_card`, validates the data shape, and applies
- * the default TTL when `expiresAtSeconds` is omitted.
- */
-interface CreatePayCardArtifactInput {
-    /** Holder Flur userId (also used as the envelope issuer). */
-    issuer: string;
-    /** Holder device key id. */
-    keyId: string;
-    /** Holder device private key (raw 32-byte P-256 scalar). */
-    privateKey: Uint8Array;
-    /** Pay Card business payload. */
-    data: PayCardArtifact;
-    /** URL-safe nonce, 8..64 chars. Required for envelope uniqueness. */
-    nonce: string;
-    /** Override the issued-at (seconds). Defaults to now. */
-    issuedAtSeconds?: number;
-    /**
-     * Override the expiry (seconds). Defaults to `issuedAt + 90 days`.
-     *
-     * SECURITY: a Pay Card is a holder-signed identity attestation, so a
-     * hard expiry is mandatory at the protocol level — there is no opt-out.
-     * Callers may shorten the TTL but cannot remove it; backend verifiers
-     * additionally reject envelopes without `exp` (`PAY_CARD_NO_EXPIRY`).
-     */
-    expiresAtSeconds?: number;
-}
-/**
- * Build, sign, and encode a Pay Card as a `flur://v1/pay_card/...` URI.
- *
- * Defaults the envelope's `exp` to `iat + 90 days` so callers do not need
- * to compute lifetimes. Refuses to emit a card whose `userId` payload
- * field disagrees with the envelope `issuer` \u2014 the holder must sign their
- * own card.
- */
-declare function createPayCardArtifactUri(input: CreatePayCardArtifactInput): {
-    uri: string;
-    signed: SignedArtifact<PayCardArtifact>;
-};
-/** True when the URI is shaped as a Pay Card artifact (prefix check only). */
-declare function isPayCardArtifactUri(uri: string): boolean;
-interface DecodedPayCard {
-    /** Validated Pay Card body (data + envelope header). */
-    body: ArtifactBody<PayCardArtifact>;
-    /** ASN.1 DER ECDSA P-256 signature, base64 (standard). */
-    sig: string;
-    /** Raw decoded envelope \u2014 useful when re-emitting or relaying. */
-    decoded: DecodedArtifactUri;
-}
-/**
- * Decode a Pay Card URI without verifying its signature. Validates the URI
- * shape, the envelope header, and the data schema. Use when the caller wants
- * to inspect the card before deciding whether/how to verify it.
- */
-declare function decodePayCardArtifact(uri: string): DecodedPayCard;
-/**
- * Verify a Pay Card URI fully:
- *   1. URI + envelope + data schema (via {@link decodePayCardArtifact}).
- *   2. Envelope expiry (unless `options.enforceExpiry === false`).
- *   3. ECDSA P-256 signature against the supplied holder SPKI public key.
- *
- * The caller is responsible for resolving `(issuer, kid)` to the holder's
- * registered SPKI public key (typically via the backend device-key registry).
- */
-declare function verifyPayCardArtifact(uri: string, publicKeySpkiB64: string, options?: VerifyArtifactOptions): DecodedPayCard;
-type PayCardFreshness = 'fresh' | 'refresh_recommended' | 'expired' | 'no_expiry';
-/**
- * Classify a Pay Card by remaining lifetime. Used by holders to decide when
- * to re-fetch a freshly-signed card from the backend, and by scanners to
- * decide whether to prompt the holder to refresh.
- *
- *   - `'expired'`              : envelope.exp \u2264 now
- *   - `'refresh_recommended'`  : 0 < remaining \u2264 PAY_CARD_REFRESH_THRESHOLD_MS
- *   - `'fresh'`                : remaining > PAY_CARD_REFRESH_THRESHOLD_MS
- *   - `'no_expiry'`            : envelope omits `exp` (non-production cards only)
- */
-declare function inspectPayCardFreshness(decoded: DecodedPayCard, nowMs?: number): PayCardFreshness;
-/**
- * Compute the canonical body bytes a backend must sign when issuing a
- * Pay Card on behalf of the holder via a *server-side* signing path.
- *
- * This export exists so a backend (which holds neither the holder's private
- * key nor a parallel envelope implementation) can call into the SDK to
- * obtain the exact bytes to sign with a hardware-backed device key abstraction.
- * Mobile clients that sign locally should use {@link createPayCardArtifactUri}
- * instead.
- *
- * Returned bytes are the same input passed to ECDSA P-256(SHA-256). Callers
- * MUST keep this contract \u2014 changing the signing input is a protocol break.
- */
-declare function buildPayCardSigningInput(input: {
-    issuer: string;
-    keyId: string;
-    data: PayCardArtifact;
-    nonce: string;
-    issuedAtSeconds?: number;
-    /** See {@link CreatePayCardArtifactInput.expiresAtSeconds}. */
-    expiresAtSeconds?: number;
-}): {
-    body: ArtifactBody<PayCardArtifact>;
-    bodyBytes: Uint8Array;
-};
-export { ACCOUNT_FUNDED_OAC_MAX_TTL_MS, ACCOUNT_STATUSES, ACCOUNT_TYPES, ADDITIONAL_DATA_SUBFIELD, ARTIFACT_BODY_SCHEMAS, ARTIFACT_TYPES, type Account, type AccountActivityItem, type AccountMembership, AccountMembershipSchema, AccountSchema, type AccountStatus, type AccountSummaryResponse, type AccountType, type AccountsClient, type AccountsClientOptions, type AddMemberInput, type AdditionalData, type ApiCredentialPublic, ApiCredentialPublicSchema, type ApiCredentialsAdminClient, type ArtifactBody, type ArtifactHeader, ArtifactHeaderSchema, type ArtifactType, type AtomicRedeemReceiptInput, type AtomicRedeemResponse, type AttestationSecurityLevel, AttestationSecurityLevelSchema, type AuthLogoutInput, type AuthRefreshInput, type AuthRefreshResponse, type AuthorizeSendWithBiometricInput, type AuthorizedOptions, type BiometricSigner, type BuildPassInput, type BuildReceiptInput, type BuildRedemptionInput, CLAIM_DOMAIN_V2, COLLECTION_INTENT_STATUSES, COLLECTION_PAYMENT_STATUSES, CONSUMER_OAC_DOMAIN, CONSUMER_OAC_QR_PREFIX, CONSUMER_OFFLINE_CLAIM_SUBMIT_GRACE_MS, CONSUMER_PAYMENT_REQUEST_DOMAIN, CONSUMER_SETTLEMENT_DOMAIN, CONSUMER_SETTLEMENT_RECEIPT_QR_PREFIX, CUSTODIAL_MODES, type CanonicalClaimInput, type CashNamespace, type ClaimSignature, type CollectionIntent, CollectionIntentSchema, type CollectionPayment, type CollectionPaymentResult, CollectionPaymentResultSchema, CollectionPaymentSchema, type CollectionReportSummary, CollectionReportSummarySchema, type CollectionStatement, CollectionStatementSchema, type CollectionsClient, type CollectionsClientOptions, type ConsumerCollectionsClient, type ConsumerOAC, type OACRecord as ConsumerOACRecord, OACRecordSchema as ConsumerOACRecordSchema, ConsumerOACSchema, type ConsumerPaymentClaim, ConsumerPaymentClaimSchema, type ConsumerPaymentRequestEnvelope, ConsumerPaymentRequestEnvelopeSchema, type ConsumerSettleResult, ConsumerSettleResultSchema, type ConsumerSettlement, ConsumerSettlementSchema, type ConsumerWithdrawalsClient, type ConsumerWithdrawalsClientOptions, type CreateBusinessAccountInput, type CreateCollectionIntentInput, CreateCollectionIntentInputSchema, type CreatePayCardArtifactInput, type CreatePayLinkResponse, type CreatePayoutDestinationInput, CreatePayoutDestinationInputSchema, type CreatePayoutInput, CreatePayoutInputSchema, type CreateTransferOptions, type CreateWithdrawalInput, CreateWithdrawalInputSchema, type CreateWithdrawalResult, CreateWithdrawalResultSchema, type CustodialMode, type DecodedArtifactUri, type DecodedOfflineSmsSettleToken, type DecodedPayCard, type DeviceKeyAlg, DeviceKeyAlgSchema, type DeviceKeyRecord, DeviceKeyRecordSchema, type DeviceTrustState, FIELD, FLUR_ARTIFACT_URI_PREFIX, FLUR_ARTIFACT_URI_SCHEME, FLUR_ARTIFACT_VERSION, FlurApiError, FlurArtifactError, FlurCapExceededError, FlurClient, type FlurClientOptions, FlurError, type FlurErrorCode, FlurExpiredError, type FlurHandle, type FlurInitOptions, type FlurOfflineSettlementsClient, type FlurPartnerClient, type FlurPaymentEvent, FlurReplayError, HARDENED_ARTIFACT_TYPES, type HmacFetchOptions, IdentityArtifactSchema, type IngestFundingResult, IngestFundingResultSchema, type IssueAccountOacInput, IssueAccountOacInputSchema, type IssueOfflineTokenInput, type IssuePassInput, type IssueReceiptInput, type IssuerTrustBundle, IssuerTrustBundleSchema, type IssuerTrustKey, IssuerTrustKeySchema, LedgerJournalEntryArtifactSchema, type ListPassesInput, type ListPassesResponse, type ListPayoutDestinationsResult, ListPayoutDestinationsResultSchema, type ListReceiptsInput, type ListReceiptsResponse, type ListTransactionsOptions, MEMBERSHIP_ROLES, MERCHANT_PAYOUT_STATUSES, MERCHANT_PROFILE_STATUSES, type MeOfflineClient, type MeOfflineClientOptions, type MembershipRole, type MerchantAccountInfo, type MerchantPayout, MerchantPayoutSchema, type MerchantProfile, MerchantProfileSchema, type MintedApiCredential, MintedApiCredentialSchema, type Money, NGN_CURRENCY_CODE, NG_COUNTRY_CODE, NQRParseError, type NQRPayloadInput, NqrPaymentRequestArtifactSchema, type OAC, OACSchema, OAC_DEFAULT_CUMULATIVE_KOBO, OAC_DEFAULT_PER_TX_KOBO, OAC_DEFAULT_VALIDITY_MS, OFFLINE_CLAIM_SMS_PREFIX, OFFLINE_SMS_SETTLE_DOMAIN, OFFLINE_SMS_SETTLE_HEADER_BYTES, OFFLINE_SMS_SETTLE_PREFIX, OFFLINE_SMS_SETTLE_SIGNATURE_BYTES, OFFLINE_SMS_SETTLE_TOKEN_BYTES, OFFLINE_SMS_SETTLE_VERSION, type OacOfflineIdentity, type OfflineClaimAlgorithm, OfflineClaimArtifactSchema, type OfflineClaimSigner, type OfflinePaymentAuthorization, type OfflinePaymentAuthorizationArtifact, OfflinePaymentAuthorizationArtifactSchema, OfflinePaymentAuthorizationSchema, type OfflinePaymentRequest, OfflinePaymentRequestSchema, type OfflineSmsSettleInput, type OfflineSmsSettleSigner, type OfflineStatusResult, OfflineStatusResultSchema, type OfflineToken, OfflineTokenSchema, type OnboardingCompleteInput, type OnboardingCompleteResponse, type OnboardingFallback, type OnboardingRiskReason, type OnboardingStartInput, type OnboardingStartResponse, type P256EnrollmentChallengeInput, P256EnrollmentChallengeInputSchema, type P256EnrollmentChallengeResult, P256EnrollmentChallengeResultSchema, PARTNER_FUNDING_DIRECTIONS, PARTNER_FUNDING_STATUSES, PARTNER_KINDS, PARTNER_PROFILE_STATUSES, PARTNER_SCOPES, PASS_KINDS, PASS_STATES, PAYLOAD_FORMAT_INDICATOR_VALUE, PAYOUT_DESTINATION_STATUSES, PAY_CARD_DEFAULT_TTL_MS, PAY_CARD_REFRESH_THRESHOLD_MS, PAY_CARD_URI_PREFIX, POINT_OF_INITIATION, type ParsedNQR, type PartnerClientOptions, type PartnerCollectionsClient, type PartnerFunding, type PartnerFundingClient, type PartnerFundingDirection, type PartnerFundingEventInput, PartnerFundingEventInputSchema, PartnerFundingSchema, type PartnerFundingStatus, type PartnerKind, type PartnerProfile, type PartnerProfileAdminClient, type PartnerProfileAdminClientOptions, PartnerProfileSchema, type PartnerProfileStatus, type PartnerScope, type PartnerSignResult, type Pass, PassArtifactSchema, type PassKind, type PassMetadata, PassMetadataSchema, PassSchema, type PassState, type PassesClient, type PassesClientOptions, type PayCardArtifact, PayCardArtifactSchema, type PayCardFreshness, type PayCollectionInput, PayCollectionInputSchema, type PayCollectionOptions, type PayCollectionResponse, type PaymentClaim, PaymentClaimSchema, PaymentIntentArtifactSchema, type PayoutDestination, PayoutDestinationSchema, type PayoutDestinationStatus, type PayoutEventInput, PayoutEventInputSchema, type PinSetInput, type PinVerifyInput, type ProviderEventInput, ProviderEventInputSchema, type ProviderEventRecord, ProviderEventRecordSchema, type PublicCollectionIntent, PublicCollectionIntentSchema, type PushPlatform, type PushRegisterInput, RECEIPT_CHANNELS, RECEIPT_KINDS, REPLAY_WINDOW_MS, type Receipt, type ReceiptArtifact, ReceiptArtifactSchema, type ReceiptChannel, type ReceiptKind, type ReceiptPayload, ReceiptPayloadSchema, ReceiptSchema, type ReceiptsClient, type ReceiptsClientOptions, type RecipientResolveInput, type RecipientResolveResponse, type ReconciliationReport, ReconciliationReportSchema, type RecordPayoutEventResult, RecordPayoutEventResultSchema, type RedeemPassResponse, type Redemption, RedemptionSchema, type RegisterDeviceInput, type RegisterDeviceKeyP256Input, RegisterDeviceKeyP256InputSchema, type RegisterDeviceResponse, type RegisterSendDeviceKeyInput, type ResolveCollectionOptions, type ResolveCollectionResponse, type ResolvePayLinkResponse, ReversalRecordArtifactSchema, RevokeDeviceKeyInputSchema, type RevokePassInput, type RoutingHint, SETTLEMENT_SCHEDULES, type SendChallengeInput, type SendChallengeResponse, type SendMoneyInput, type SendMoneyOptions, type SendVerifyInput, type SendVerifyResponse, type SettleResponse, SettleResponseSchema, type Settlement, SettlementRecordArtifactSchema, SettlementSchema, type SignedArtifact, type SignedConsumerOAC, SignedConsumerOACSchema, type SignerPublicKey, StatementArtifactSchema, type SubscribeOptions, type TLVField, type TransactionDetailResponse, type TransactionDirection, type TransactionsListResponse, type TransferInput, type TransferResponse, type TransferStatus, type TrustedIssuerKey, type UnsignedConsumerPaymentRequest, type UnsignedOAC, type UnsignedOfflinePaymentAuthorization, type UnsignedOfflinePaymentRequest, type UnsignedPass, type UnsignedReceipt, type UnsignedRedemption, type UpsertMerchantProfileInput, UpsertMerchantProfileInputSchema, type UpsertPartnerProfileInput, UpsertPartnerProfileInputSchema, type VerifiedArtifact, type VerifyArtifactOptions, type VerifyClaimSignatureInput, type VerifyOacOfflineOptions, type VerifyOacOfflineResult, WITHDRAWAL_STATES, type Withdrawal, WithdrawalSchema, type WithdrawalState, base64UrlDecode, base64UrlEncode, bodySha256Hex, buildArtifactBody, buildAuthorization, buildConsumerPaymentRequest, buildOAC, buildPass, buildPayCardSigningInput, buildPaymentRequest, buildReceipt, buildRedemption, buildSmsSettleHeader, domainTag as buildSmsSettleSignedBytes, canonicalClaimSigningBytes, canonicalClaimSigningPayload, canonicalJSONBytes, canonicalJSONStringify, canonicalRequestString, computeConsumerClaimEncounterId, computeEncounterId, constantTimeEqual, consumerOacSigningPayload, consumerPaymentRequestSigningBytes, consumerPaymentRequestSigningPayload, consumerSettlementSigningPayload, crc16ccitt, crc16ccittHex, createAccountsClient, createApiCredentialsAdminClient, createArtifactUri, createCollectionsClient, createConsumerCollectionsClient, createConsumerWithdrawalsClient, createFlurPartnerClient, createHmacFetch, createMeOfflineClient, createOfflinePaymentAuthorizationArtifactUri, createOfflineSettlementsClient, createPartnerCollectionsClient, createPartnerFundingClient, createPartnerProfileAdminClient, createPassesClient, createPayCardArtifactUri, createReceiptArtifactUri, createReceiptsClient, createSoftwareP256Signer, decodeArtifactUri, decodeAuthorizationQR, decodeBase45, decodeConsumerSettlementReceiptQR, decodeOfflineClaimSmsMessage, decodeOfflineSmsSettleToken, decodePayCardArtifact, decodePaymentRequestQR, decodeUnverifiedConsumerOacQR, decodeUnverifiedConsumerSettlementReceiptQR, derToRawP256Signature, encodeArtifactUri, encodeAuthorizationQR, encodeBase45, encodeConsumerOacQR, encodeConsumerSettlementReceiptQR, encodeNQR, encodeOfflineClaimSmsMessage, encodeOfflineSmsSettleToken, encodePaymentRequestQR, extractOfflineClaimSmsToken, extractOfflineSmsSettleToken, formatAmount, generateDynamicQR, generateStaticQR, init, inspectPayCardFreshness, isConsumerOacQR, isConsumerPaymentRequestExpired, isHardenedArtifactType, isKnownArtifactType, isPassWithinValidity, isPayCardArtifactUri, moneyMinorToNumber, normalizeE164, parseAmountInput, parseNQR, parseQR, readTLV, routingHint, signArtifact, signAuthorization, signConsumerPaymentRequest, signOAC, signPartnerRequest, signPass, signPaymentRequest, signReceipt, signRedemption, signRequestHMAC, verifyArtifactSignature, verifyArtifactUri, verifyAuthorization, verifyClaimSignature, verifyConsumerPaymentRequest, verifyConsumerSettlement, verifyConsumerSettlementReceiptQR, verifyOAC, verifyOacOffline, verifyOfflineSmsSettleToken, verifyPass, verifyPayCardArtifact, verifyPaymentRequest, verifyReceipt, verifyRedemption, verifyRequestHMAC, writeTLV };
+export { ACCOUNT_FUNDED_OAC_MAX_TTL_MS, ACCOUNT_STATUSES, ACCOUNT_TYPES, ADDITIONAL_DATA_SUBFIELD, ARTIFACT_BODY_SCHEMAS, ARTIFACT_TYPES, type Account, type AccountActivityItem, type AccountMembership, AccountMembershipSchema, AccountSchema, type AccountStatus, type AccountSummaryResponse, type AccountType, type AccountsClient, type AccountsClientOptions, type AddMemberInput, type AdditionalData, type ApiCredentialPublic, ApiCredentialPublicSchema, type ApiCredentialsAdminClient, type ArtifactBody, type ArtifactHeader, ArtifactHeaderSchema, type ArtifactType, type AtomicRedeemReceiptInput, type AtomicRedeemResponse, type AttestationSecurityLevel, AttestationSecurityLevelSchema, type AuthLogoutInput, type AuthRefreshInput, type AuthRefreshResponse, type AuthorizeSendWithBiometricInput, type AuthorizedOptions, type BiometricSigner, type BuildPassInput, type BuildReceiptInput, type BuildRedemptionInput, CLAIM_DOMAIN_V2, COLLECTION_INTENT_STATUSES, COLLECTION_PAYMENT_STATUSES, CONSUMER_OAC_DOMAIN, CONSUMER_OAC_QR_PREFIX, CONSUMER_OFFLINE_CLAIM_SUBMIT_GRACE_MS, CONSUMER_PAYMENT_REQUEST_DOMAIN, CONSUMER_REVOCATION_DOMAIN, CONSUMER_SETTLEMENT_DOMAIN, CONSUMER_SETTLEMENT_RECEIPT_QR_PREFIX, CUSTODIAL_MODES, type CanonicalClaimInput, type CashNamespace, type ClaimSignature, type CollectionIntent, CollectionIntentSchema, type CollectionPayment, type CollectionPaymentResult, CollectionPaymentResultSchema, CollectionPaymentSchema, type CollectionReportSummary, CollectionReportSummarySchema, type CollectionStatement, CollectionStatementSchema, type CollectionsClient, type CollectionsClientOptions, type ConsumerCollectionsClient, type ConsumerOAC, type OACRecord as ConsumerOACRecord, OACRecordSchema as ConsumerOACRecordSchema, ConsumerOACSchema, type ConsumerPaymentClaim, ConsumerPaymentClaimSchema, type ConsumerPaymentRequestEnvelope, ConsumerPaymentRequestEnvelopeSchema, type ConsumerSettleResult, ConsumerSettleResultSchema, type ConsumerSettlement, ConsumerSettlementSchema, type ConsumerWithdrawalsClient, type ConsumerWithdrawalsClientOptions, type CreateBusinessAccountInput, type CreateCollectionIntentInput, CreateCollectionIntentInputSchema, type CreatePayLinkResponse, type CreatePayoutDestinationInput, CreatePayoutDestinationInputSchema, type CreatePayoutInput, CreatePayoutInputSchema, type CreateTransferOptions, type CreateWithdrawalInput, CreateWithdrawalInputSchema, type CreateWithdrawalResult, CreateWithdrawalResultSchema, type CustodialMode, type DecodedArtifactUri, type DecodedOfflineSmsSettleToken, type DeviceKeyAlg, DeviceKeyAlgSchema, type DeviceKeyRecord, DeviceKeyRecordSchema, type DeviceTrustState, FIELD, FLUR_ARTIFACT_URI_PREFIX, FLUR_ARTIFACT_URI_SCHEME, FLUR_ARTIFACT_VERSION, FlurApiError, FlurArtifactError, FlurCapExceededError, FlurClient, type FlurClientOptions, FlurError, type FlurErrorCode, FlurExpiredError, type FlurHandle, type FlurInitOptions, type FlurOfflineSettlementsClient, type FlurPartnerClient, type FlurPaymentEvent, FlurReplayError, HARDENED_ARTIFACT_TYPES, type HmacFetchOptions, IdentityArtifactSchema, type IngestFundingResult, IngestFundingResultSchema, type IssueAccountOacInput, IssueAccountOacInputSchema, type IssueOfflineTokenInput, type IssuePassInput, type IssueReceiptInput, type IssuerTrustBundle, IssuerTrustBundleSchema, type IssuerTrustKey, IssuerTrustKeySchema, LedgerJournalEntryArtifactSchema, type ListPassesInput, type ListPassesResponse, type ListPayoutDestinationsResult, ListPayoutDestinationsResultSchema, type ListReceiptsInput, type ListReceiptsResponse, type ListTransactionsOptions, MEMBERSHIP_ROLES, MERCHANT_PAYOUT_STATUSES, MERCHANT_PROFILE_STATUSES, type MeOfflineClient, type MeOfflineClientOptions, type MembershipRole, type MerchantAccountInfo, type MerchantPayout, MerchantPayoutSchema, type MerchantProfile, MerchantProfileSchema, type MintedApiCredential, MintedApiCredentialSchema, type Money, NGN_CURRENCY_CODE, NG_COUNTRY_CODE, NQRParseError, type NQRPayloadInput, NqrPaymentRequestArtifactSchema, type OAC, OACSchema, OAC_DEFAULT_CUMULATIVE_KOBO, OAC_DEFAULT_PER_TX_KOBO, OAC_DEFAULT_VALIDITY_MS, OFFLINE_CLAIM_SMS_PREFIX, OFFLINE_SMS_SETTLE_DOMAIN, OFFLINE_SMS_SETTLE_HEADER_BYTES, OFFLINE_SMS_SETTLE_PREFIX, OFFLINE_SMS_SETTLE_SIGNATURE_BYTES, OFFLINE_SMS_SETTLE_TOKEN_BYTES, OFFLINE_SMS_SETTLE_VERSION, type OacOfflineIdentity, type OacPresentmentRequest, OacPresentmentRequestSchema, type OfflineClaimAlgorithm, OfflineClaimArtifactSchema, type OfflineClaimSigner, type OfflinePaymentAuthorization, type OfflinePaymentAuthorizationArtifact, OfflinePaymentAuthorizationArtifactSchema, OfflinePaymentAuthorizationSchema, type OfflinePaymentRequest, OfflinePaymentRequestSchema, type OfflineSmsSettleInput, type OfflineSmsSettleSigner, type OfflineStatusResult, OfflineStatusResultSchema, type OfflineToken, OfflineTokenSchema, type OnboardingCompleteInput, type OnboardingCompleteResponse, type OnboardingFallback, type OnboardingRiskReason, type OnboardingStartInput, type OnboardingStartResponse, type P256EnrollmentChallengeInput, P256EnrollmentChallengeInputSchema, type P256EnrollmentChallengeResult, P256EnrollmentChallengeResultSchema, PARTNER_FUNDING_DIRECTIONS, PARTNER_FUNDING_STATUSES, PARTNER_KINDS, PARTNER_PROFILE_STATUSES, PARTNER_SCOPES, PASS_KINDS, PASS_STATES, PAYLOAD_FORMAT_INDICATOR_VALUE, PAYOUT_DESTINATION_STATUSES, POINT_OF_INITIATION, type ParsedNQR, type PartnerClientOptions, type PartnerCollectionsClient, type PartnerFunding, type PartnerFundingClient, type PartnerFundingDirection, type PartnerFundingEventInput, PartnerFundingEventInputSchema, PartnerFundingSchema, type PartnerFundingStatus, type PartnerKind, type PartnerProfile, type PartnerProfileAdminClient, type PartnerProfileAdminClientOptions, PartnerProfileSchema, type PartnerProfileStatus, type PartnerScope, type PartnerSignResult, type Pass, PassArtifactSchema, type PassKind, type PassMetadata, PassMetadataSchema, PassSchema, type PassState, type PassesClient, type PassesClientOptions, type PayCollectionInput, PayCollectionInputSchema, type PayCollectionOptions, type PayCollectionResponse, type PaymentClaim, PaymentClaimSchema, PaymentIntentArtifactSchema, type PayoutDestination, PayoutDestinationSchema, type PayoutDestinationStatus, type PayoutEventInput, PayoutEventInputSchema, type PinSetInput, type PinVerifyInput, type ProviderEventInput, ProviderEventInputSchema, type ProviderEventRecord, ProviderEventRecordSchema, type PublicCollectionIntent, PublicCollectionIntentSchema, type PushPlatform, type PushRegisterInput, RECEIPT_CHANNELS, RECEIPT_KINDS, REPLAY_WINDOW_MS, REVOCATION_LIST_MAX_ENTRIES, type Receipt, type ReceiptArtifact, ReceiptArtifactSchema, type ReceiptChannel, type ReceiptKind, type ReceiptPayload, ReceiptPayloadSchema, ReceiptSchema, type ReceiptsClient, type ReceiptsClientOptions, type RecipientResolveInput, type RecipientResolveResponse, type ReconciliationReport, ReconciliationReportSchema, type RecordPayoutEventResult, RecordPayoutEventResultSchema, type RedeemPassResponse, type Redemption, RedemptionSchema, type RegisterDeviceInput, type RegisterDeviceKeyP256Input, RegisterDeviceKeyP256InputSchema, type RegisterDeviceResponse, type RegisterSendDeviceKeyInput, type ResolveCollectionOptions, type ResolveCollectionResponse, type ResolvePayLinkResponse, ReversalRecordArtifactSchema, type RevocationList, RevocationListSchema, RevokeDeviceKeyInputSchema, type RevokePassInput, type RoutingHint, SETTLEMENT_SCHEDULES, type SendChallengeInput, type SendChallengeResponse, type SendMoneyInput, type SendMoneyOptions, type SendVerifyInput, type SendVerifyResponse, type SettleResponse, SettleResponseSchema, type Settlement, SettlementRecordArtifactSchema, SettlementSchema, type SignedArtifact, type SignedConsumerOAC, SignedConsumerOACSchema, type SignedRevocationList, SignedRevocationListSchema, type SignerPublicKey, StatementArtifactSchema, type SubscribeOptions, type TLVField, type TransactionDetailResponse, type TransactionDirection, type TransactionsListResponse, type TransferInput, type TransferResponse, type TransferStatus, type TrustedIssuerKey, type UnsignedConsumerPaymentRequest, type UnsignedOAC, type UnsignedOfflinePaymentAuthorization, type UnsignedOfflinePaymentRequest, type UnsignedPass, type UnsignedReceipt, type UnsignedRedemption, type UpsertMerchantProfileInput, UpsertMerchantProfileInputSchema, type UpsertPartnerProfileInput, UpsertPartnerProfileInputSchema, type VerifiedArtifact, type VerifyArtifactOptions, type VerifyClaimSignatureInput, type VerifyOacOfflineOptions, type VerifyOacOfflineResult, type VerifyRevocationListOptions, type VerifyRevocationListResult, WITHDRAWAL_STATES, type Withdrawal, WithdrawalSchema, type WithdrawalState, base64UrlDecode, base64UrlEncode, bodySha256Hex, buildArtifactBody, buildAuthorization, buildConsumerPaymentRequest, buildOAC, buildPass, buildPaymentRequest, buildReceipt, buildRedemption, buildSmsSettleHeader, domainTag as buildSmsSettleSignedBytes, canonicalClaimSigningBytes, canonicalClaimSigningPayload, canonicalJSONBytes, canonicalJSONStringify, canonicalRequestString, computeConsumerClaimEncounterId, computeEncounterId, constantTimeEqual, consumerOacSigningPayload, consumerPaymentRequestSigningBytes, consumerPaymentRequestSigningPayload, consumerSettlementSigningPayload, crc16ccitt, crc16ccittHex, createAccountsClient, createApiCredentialsAdminClient, createArtifactUri, createCollectionsClient, createConsumerCollectionsClient, createConsumerWithdrawalsClient, createFlurPartnerClient, createHmacFetch, createMeOfflineClient, createOfflinePaymentAuthorizationArtifactUri, createOfflineSettlementsClient, createPartnerCollectionsClient, createPartnerFundingClient, createPartnerProfileAdminClient, createPassesClient, createReceiptArtifactUri, createReceiptsClient, createSoftwareP256Signer, decodeArtifactUri, decodeAuthorizationQR, decodeBase45, decodeConsumerOacRequest, decodeConsumerSettlementReceiptQR, decodeOfflineClaimSmsMessage, decodeOfflineSmsSettleToken, decodePaymentRequestQR, decodeUnverifiedConsumerOacQR, decodeUnverifiedConsumerSettlementReceiptQR, derToRawP256Signature, encodeArtifactUri, encodeAuthorizationQR, encodeBase45, encodeConsumerOacQR, encodeConsumerSettlementReceiptQR, encodeNQR, encodeOfflineClaimSmsMessage, encodeOfflineSmsSettleToken, encodePaymentRequestQR, extractOfflineClaimSmsToken, extractOfflineSmsSettleToken, formatAmount, generateDynamicQR, generateStaticQR, init, isConsumerOacQR, isConsumerPaymentRequestExpired, isHardenedArtifactType, isKnownArtifactType, isOacRevoked, isPassWithinValidity, moneyMinorToNumber, normalizeE164, parseAmountInput, parseNQR, parseQR, readTLV, revocationListSigningPayload, routingHint, signArtifact, signAuthorization, signConsumerPaymentRequest, signOAC, signPartnerRequest, signPass, signPaymentRequest, signReceipt, signRedemption, signRequestHMAC, verifyArtifactSignature, verifyArtifactUri, verifyAuthorization, verifyClaimSignature, verifyConsumerPaymentRequest, verifyConsumerSettlement, verifyConsumerSettlementReceiptQR, verifyOAC, verifyOacOffline, verifyOfflineSmsSettleToken, verifyPass, verifyPaymentRequest, verifyReceipt, verifyRedemption, verifyRequestHMAC, verifyRevocationList, writeTLV };