@nokinc-flur/sdk 2.4.0 → 2.5.0

package/dist/index.js

@@ -2955,76 +2955,142 @@ function createAccountsClient(opts) {
 }
 
 // src/me-offline/client.ts
+import { z as z14 } from "zod";
+
+// src/me-offline/revocation.ts
 import { z as z13 } from "zod";
-var Sha256Hex = z13.string().regex(/^[0-9a-f]{64}$/);
 var Base64Std3 = z13.string().regex(/^[A-Za-z0-9+/]+={0,2}$/);
-var ClaimNonce = z13.string().min(8).max(128).refine((value) => !value.includes("|"), {
+var CONSUMER_REVOCATION_DOMAIN = "flur:consumer-offline:v1:revocation";
+var REVOCATION_LIST_MAX_ENTRIES = 1e5;
+var RevocationListSchema = z13.object({
+  issuerId: z13.string().min(1).max(64),
+  /**
+   * Monotonic snapshot counter. A device MUST NOT replace a pinned list with
+   * one carrying a lower sequence — this defeats a downgrade/rollback attack
+   * that replays an older list to resurrect a revoked credential.
+   */
+  sequence: z13.number().int().nonnegative(),
+  issuedAtMs: z13.number().int().nonnegative(),
+  /**
+   * Freshness bound. After this instant the list is considered stale and the
+   * verifier treats it as untrustworthy (fail-closed), forcing a re-pin.
+   * Optional so the issuer may publish a list without a hard expiry.
+   */
+  notAfterMs: z13.number().int().positive().optional(),
+  /** OAC ids that are revoked AND not yet past their own validity window. */
+  revokedOacIds: z13.array(z13.string().uuid()).max(REVOCATION_LIST_MAX_ENTRIES)
+});
+var SignedRevocationListSchema = z13.object({
+  list: RevocationListSchema,
+  /** ASN.1 DER ECDSA P-256 issuer signature over the signing payload, base64. */
+  issuerSig: Base64Std3.min(16).max(2048),
+  /** Issuer's P-256 public key as SubjectPublicKeyInfo DER, base64. */
+  issuerPublicKeySpkiB64: Base64Std3.min(64).max(4096)
+});
+function revocationListSigningPayload(list) {
+  const payload = {
+    domain: CONSUMER_REVOCATION_DOMAIN,
+    issuerId: list.issuerId,
+    sequence: list.sequence,
+    issuedAtMs: list.issuedAtMs,
+    revokedOacIds: list.revokedOacIds
+  };
+  if (list.notAfterMs !== void 0) payload.notAfterMs = list.notAfterMs;
+  return payload;
+}
+function verifyRevocationList(signed, trustedKeys, options = {}) {
+  const parsed = SignedRevocationListSchema.safeParse(signed);
+  if (!parsed.success) return { ok: false, reason: "malformed" };
+  const list = parsed.data.list;
+  const nowMs = options.nowMs ?? Date.now();
+  const pinned = trustedKeys.filter(
+    (k) => k.issuerId === list.issuerId && (k.notBeforeMs === void 0 || nowMs >= k.notBeforeMs) && (k.notAfterMs === void 0 || nowMs <= k.notAfterMs)
+  );
+  if (pinned.length === 0) return { ok: false, reason: "untrusted_issuer" };
+  const signingBytes = canonicalJSONBytes(revocationListSigningPayload(list));
+  const signatureOk = pinned.some(
+    (k) => verifyIssuerP256(signingBytes, parsed.data.issuerSig, k.publicKeySpkiB64)
+  );
+  if (!signatureOk) return { ok: false, reason: "signature_invalid" };
+  if (list.notAfterMs !== void 0 && nowMs > list.notAfterMs) {
+    return { ok: false, reason: "stale" };
+  }
+  return { ok: true, list, revokedOacIds: new Set(list.revokedOacIds) };
+}
+function isOacRevoked(oacId, revokedOacIds) {
+  return revokedOacIds.has(oacId);
+}
+
+// src/me-offline/client.ts
+var Sha256Hex = z14.string().regex(/^[0-9a-f]{64}$/);
+var Base64Std4 = z14.string().regex(/^[A-Za-z0-9+/]+={0,2}$/);
+var ClaimNonce = z14.string().min(8).max(128).refine((value) => !value.includes("|"), {
   message: "nonce must not contain |"
 });
 var ACCOUNT_FUNDED_OAC_MAX_TTL_MS = 1e3 * 60 * 60 * 24;
-var IssuerTrustKeySchema = z13.object({
-  issuerId: z13.string().min(1).max(128),
-  alg: z13.literal("p256"),
-  publicKeySpkiB64: Base64Std3.min(64).max(4096),
-  notBeforeMs: z13.number().int().nonnegative().optional(),
-  notAfterMs: z13.number().int().positive().optional()
+var IssuerTrustKeySchema = z14.object({
+  issuerId: z14.string().min(1).max(128),
+  alg: z14.literal("p256"),
+  publicKeySpkiB64: Base64Std4.min(64).max(4096),
+  notBeforeMs: z14.number().int().nonnegative().optional(),
+  notAfterMs: z14.number().int().positive().optional()
 });
-var IssuerTrustBundleSchema = z13.object({
-  keys: z13.array(IssuerTrustKeySchema).min(1)
+var IssuerTrustBundleSchema = z14.object({
+  keys: z14.array(IssuerTrustKeySchema).min(1)
 });
 var CONSUMER_OFFLINE_CLAIM_SUBMIT_GRACE_MS = 1e3 * 60 * 60 * 24;
-var AttestationSecurityLevelSchema = z13.enum([
+var AttestationSecurityLevelSchema = z14.enum([
   "STRONGBOX",
   "TEE",
   "SECURE_ENCLAVE",
   "SOFTWARE"
 ]);
-var DeviceKeyAlgSchema = z13.literal("p256");
-var RegisterDeviceKeyP256InputSchema = z13.object({
-  deviceId: z13.string().min(1).max(128),
+var DeviceKeyAlgSchema = z14.literal("p256");
+var RegisterDeviceKeyP256InputSchema = z14.object({
+  deviceId: z14.string().min(1).max(128),
   /** P-256 SubjectPublicKeyInfo DER, base64. */
-  publicKeySpkiB64: Base64Std3.min(64).max(4096),
+  publicKeySpkiB64: Base64Std4.min(64).max(4096),
   /** Base64 of the server-issued enrollment challenge string. */
-  challengeB64: Base64Std3.min(8).max(1024),
+  challengeB64: Base64Std4.min(8).max(1024),
   /** iOS App Attest payload or Android X.509 Key Attestation chain. */
-  attestationChainB64: z13.array(Base64Std3.min(16).max(16384)).min(1).max(16),
+  attestationChainB64: z14.array(Base64Std4.min(16).max(16384)).min(1).max(16),
   securityLevel: AttestationSecurityLevelSchema
 });
-var P256EnrollmentChallengeInputSchema = z13.object({
-  deviceId: z13.string().min(1).max(128)
+var P256EnrollmentChallengeInputSchema = z14.object({
+  deviceId: z14.string().min(1).max(128)
 });
-var P256EnrollmentChallengeResultSchema = z13.object({
-  challenge: z13.string().min(16),
-  expiresAtMs: z13.number().int().positive()
+var P256EnrollmentChallengeResultSchema = z14.object({
+  challenge: z14.string().min(16),
+  expiresAtMs: z14.number().int().positive()
 });
-var DeviceKeyRecordSchema = z13.object({
-  id: z13.string().uuid(),
-  userId: z13.string().uuid(),
-  deviceId: z13.string(),
+var DeviceKeyRecordSchema = z14.object({
+  id: z14.string().uuid(),
+  userId: z14.string().uuid(),
+  deviceId: z14.string(),
   /** Always 'p256' on the consumer offline rail. Field retained for forward-compat. */
   alg: DeviceKeyAlgSchema.default("p256"),
   /** P-256 SubjectPublicKeyInfo DER, base64. */
-  publicKeySpkiB64: Base64Std3.nullable().default(null),
+  publicKeySpkiB64: Base64Std4.nullable().default(null),
   securityLevel: AttestationSecurityLevelSchema.nullable().default(null),
-  hardwareBacked: z13.boolean().default(false),
-  attestedAtMs: z13.number().int().nonnegative().nullable().default(null),
-  createdAtMs: z13.number().int().nonnegative(),
-  revokedAtMs: z13.number().int().nonnegative().nullable()
+  hardwareBacked: z14.boolean().default(false),
+  attestedAtMs: z14.number().int().nonnegative().nullable().default(null),
+  createdAtMs: z14.number().int().nonnegative(),
+  revokedAtMs: z14.number().int().nonnegative().nullable()
 });
-var ConsumerOACSchema = z13.object({
-  oacId: z13.string().uuid(),
-  issuerId: z13.string().min(1).max(64),
-  userId: z13.string().uuid(),
-  deviceId: z13.string().min(1).max(128),
+var ConsumerOACSchema = z14.object({
+  oacId: z14.string().uuid(),
+  issuerId: z14.string().min(1).max(64),
+  userId: z14.string().uuid(),
+  deviceId: z14.string().min(1).max(128),
   /**
    * Always 'p256'. Required on the wire (backend always emits it).
    * Kept as a literal so input/output infer identically and the schema
    * can be nested inside other response shapes without Zod input/output
    * divergence under tsup DTS bundling.
    */
-  alg: z13.literal("p256"),
+  alg: z14.literal("p256"),
   /** P-256 SubjectPublicKeyInfo DER, base64. */
-  devicePubkeySpkiB64: Base64Std3.min(64).max(4096),
+  devicePubkeySpkiB64: Base64Std4.min(64).max(4096),
   /**
    * Per-transaction / cumulative offline spend ceilings. Zero is valid and
    * denotes an identity-only OAC: the credential proves who the holder is and
@@ -3032,104 +3098,104 @@ var ConsumerOACSchema = z13.object({
    * no offline spend authority (every claim against it routes to REVIEW).
    * Issued to zero-balance wallets so they can still be paid offline.
    */
-  perTxCapKobo: z13.number().int().nonnegative(),
-  cumulativeCapKobo: z13.number().int().nonnegative(),
-  currency: z13.string().length(3),
-  validFromMs: z13.number().int().nonnegative(),
-  validUntilMs: z13.number().int().nonnegative(),
-  counterSeed: z13.number().int().nonnegative(),
-  issuedAtMs: z13.number().int().nonnegative(),
+  perTxCapKobo: z14.number().int().nonnegative(),
+  cumulativeCapKobo: z14.number().int().nonnegative(),
+  currency: z14.string().length(3),
+  validFromMs: z14.number().int().nonnegative(),
+  validUntilMs: z14.number().int().nonnegative(),
+  counterSeed: z14.number().int().nonnegative(),
+  issuedAtMs: z14.number().int().nonnegative(),
   /**
    * Issuer-attested identity folded into the OAC so a single signed
    * credential serves both Tier B offline-verifiable identity and offline
    * spend authority. Verified offline against a pinned issuer key; the
    * backend remains authoritative at settlement.
    */
-  phoneE164: z13.string().regex(/^\+[1-9]\d{7,14}$/),
-  displayName: z13.string().min(1).max(64)
+  phoneE164: z14.string().regex(/^\+[1-9]\d{7,14}$/),
+  displayName: z14.string().min(1).max(64)
 });
-var SignedConsumerOACSchema = z13.object({
+var SignedConsumerOACSchema = z14.object({
   oac: ConsumerOACSchema,
   /** ASN.1 DER ECDSA P-256 issuer signature, base64. */
-  issuerSig: Base64Std3.min(16).max(2048),
+  issuerSig: Base64Std4.min(16).max(2048),
   /** Issuer's P-256 public key as SubjectPublicKeyInfo DER, base64. */
-  issuerPublicKeySpkiB64: Base64Std3.min(64).max(4096)
+  issuerPublicKeySpkiB64: Base64Std4.min(64).max(4096)
 });
 var OACRecordSchema = SignedConsumerOACSchema.extend({
-  currentOfflineSpentKobo: z13.number().int().nonnegative(),
-  status: z13.enum(["active", "superseded", "expired", "revoked"]),
-  supersededAtMs: z13.number().int().nonnegative().nullable(),
-  revokedAtMs: z13.number().int().nonnegative().nullable()
+  currentOfflineSpentKobo: z14.number().int().nonnegative(),
+  status: z14.enum(["active", "superseded", "expired", "revoked"]),
+  supersededAtMs: z14.number().int().nonnegative().nullable(),
+  revokedAtMs: z14.number().int().nonnegative().nullable()
 });
-var IssueAccountOacInputSchema = z13.object({
-  deviceId: z13.string().min(1).max(128),
-  perTxCapKobo: z13.number().int().positive().optional(),
-  cumulativeCapKobo: z13.number().int().positive().optional(),
-  ttlMs: z13.number().int().min(6e4).max(ACCOUNT_FUNDED_OAC_MAX_TTL_MS).optional()
+var IssueAccountOacInputSchema = z14.object({
+  deviceId: z14.string().min(1).max(128),
+  perTxCapKobo: z14.number().int().positive().optional(),
+  cumulativeCapKobo: z14.number().int().positive().optional(),
+  ttlMs: z14.number().int().min(6e4).max(ACCOUNT_FUNDED_OAC_MAX_TTL_MS).optional()
 });
-var OfflineStatusResultSchema = z13.object({
+var OfflineStatusResultSchema = z14.object({
   active: OACRecordSchema.nullable()
 });
-var ConsumerPaymentClaimSchema = z13.object({
+var ConsumerPaymentClaimSchema = z14.object({
   /** Always 'p256'. Retained for forward-compat and as an explicit domain marker. */
-  alg: z13.literal("p256").default("p256"),
-  oacId: z13.string().uuid(),
+  alg: z14.literal("p256").default("p256"),
+  oacId: z14.string().uuid(),
   encounterId: Sha256Hex.optional(),
-  payerUserId: z13.string().uuid(),
-  payeeUserId: z13.string().uuid(),
-  payerDeviceId: z13.string().min(1).max(128),
+  payerUserId: z14.string().uuid(),
+  payeeUserId: z14.string().uuid(),
+  payerDeviceId: z14.string().min(1).max(128),
   payerNonce: ClaimNonce,
   payeeNonce: ClaimNonce,
-  amountKobo: z13.number().int().positive(),
-  currency: z13.string().length(3).default("NGN"),
-  occurredAtMs: z13.number().int().nonnegative(),
-  completedAtMs: z13.number().int().nonnegative().optional(),
-  contextId: z13.string().max(128).optional(),
-  requestId: z13.string().uuid().optional(),
-  requestMode: z13.enum(["fixed", "editable"]).optional(),
-  requestTakerUserId: z13.string().uuid().optional(),
-  requestAmountKobo: z13.number().int().positive().optional(),
-  requestCurrency: z13.string().length(3).optional(),
-  requestReference: z13.string().max(128).nullable().optional(),
-  requestCreatedAtMs: z13.number().int().nonnegative().optional(),
-  requestExpiresAtMs: z13.number().int().positive().optional(),
-  requestNonce: z13.string().min(8).max(128).optional(),
-  requestTakerDeviceId: z13.string().min(1).max(128).nullable().optional(),
-  requestTakerPubkeySpkiB64: Base64Std3.min(64).max(4096).optional(),
-  requestTakerSignatureDerB64: Base64Std3.min(16).max(2048).optional(),
-  payerPubkeySpkiB64: Base64Std3.min(64).max(4096),
-  payerSignatureDerB64: Base64Std3.min(16).max(2048),
-  payeePubkeySpkiB64: Base64Std3.min(64).max(4096).optional(),
-  payeeSignatureDerB64: Base64Std3.min(16).max(2048).optional()
+  amountKobo: z14.number().int().positive(),
+  currency: z14.string().length(3).default("NGN"),
+  occurredAtMs: z14.number().int().nonnegative(),
+  completedAtMs: z14.number().int().nonnegative().optional(),
+  contextId: z14.string().max(128).optional(),
+  requestId: z14.string().uuid().optional(),
+  requestMode: z14.enum(["fixed", "editable"]).optional(),
+  requestTakerUserId: z14.string().uuid().optional(),
+  requestAmountKobo: z14.number().int().positive().optional(),
+  requestCurrency: z14.string().length(3).optional(),
+  requestReference: z14.string().max(128).nullable().optional(),
+  requestCreatedAtMs: z14.number().int().nonnegative().optional(),
+  requestExpiresAtMs: z14.number().int().positive().optional(),
+  requestNonce: z14.string().min(8).max(128).optional(),
+  requestTakerDeviceId: z14.string().min(1).max(128).nullable().optional(),
+  requestTakerPubkeySpkiB64: Base64Std4.min(64).max(4096).optional(),
+  requestTakerSignatureDerB64: Base64Std4.min(16).max(2048).optional(),
+  payerPubkeySpkiB64: Base64Std4.min(64).max(4096),
+  payerSignatureDerB64: Base64Std4.min(16).max(2048),
+  payeePubkeySpkiB64: Base64Std4.min(64).max(4096).optional(),
+  payeeSignatureDerB64: Base64Std4.min(16).max(2048).optional()
 });
-var ConsumerSettlementSchema = z13.object({
-  settlementId: z13.string().uuid(),
+var ConsumerSettlementSchema = z14.object({
+  settlementId: z14.string().uuid(),
   settlementKey: Sha256Hex,
   encounterId: Sha256Hex,
-  oacId: z13.string().uuid(),
-  payerUserId: z13.string().uuid(),
-  payeeUserId: z13.string().uuid(),
-  amountKobo: z13.number().int().positive(),
-  currency: z13.string().length(3),
-  status: z13.enum(["SETTLED", "REVIEW"]),
-  reviewReason: z13.string().nullable(),
-  ledgerRef: z13.string().nullable(),
+  oacId: z14.string().uuid(),
+  payerUserId: z14.string().uuid(),
+  payeeUserId: z14.string().uuid(),
+  amountKobo: z14.number().int().positive(),
+  currency: z14.string().length(3),
+  status: z14.enum(["SETTLED", "REVIEW"]),
+  reviewReason: z14.string().nullable(),
+  ledgerRef: z14.string().nullable(),
   /** ASN.1 DER ECDSA P-256 issuer signature, base64. */
-  issuerSig: Base64Std3.min(16).max(2048),
+  issuerSig: Base64Std4.min(16).max(2048),
   /** Canonical millisecond timestamp signed into the settlement receipt. */
-  issuedAtMs: z13.number().int().nonnegative(),
+  issuedAtMs: z14.number().int().nonnegative(),
   /** Compatibility alias for API consumers that predate issuedAtMs. */
-  createdAtMs: z13.number().int().nonnegative().optional()
+  createdAtMs: z14.number().int().nonnegative().optional()
 });
-var ConsumerSettleResultSchema = z13.object({
+var ConsumerSettleResultSchema = z14.object({
   settlement: ConsumerSettlementSchema,
   encounterId: Sha256Hex,
-  replayed: z13.boolean()
+  replayed: z14.boolean()
 });
-var RevokeDeviceKeyInputSchema = z13.object({
-  deviceId: z13.string().min(1).max(128),
+var RevokeDeviceKeyInputSchema = z14.object({
+  deviceId: z14.string().min(1).max(128),
   /** Step-up token from /api/v1/auth/send/verify with purpose='offline_revoke'. */
-  sendAuthToken: z13.string().min(16)
+  sendAuthToken: z14.string().min(16)
 });
 function createMeOfflineClient(opts) {
   const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
@@ -3162,7 +3228,7 @@ function createMeOfflineClient(opts) {
     }
     return parser(raw);
   }
-  const deviceKeyItems = z13.object({ items: z13.array(DeviceKeyRecordSchema) });
+  const deviceKeyItems = z14.object({ items: z14.array(DeviceKeyRecordSchema) });
   return {
     issueP256EnrollmentChallenge: (input) => call(
       "POST",
@@ -3220,6 +3286,12 @@ function createMeOfflineClient(opts) {
       "/v1/issuer/keys",
       void 0,
       (raw) => IssuerTrustBundleSchema.parse(raw)
+    ),
+    getRevocations: () => call(
+      "GET",
+      "/v1/issuer/revocations",
+      void 0,
+      (raw) => SignedRevocationListSchema.parse(raw)
     )
   };
 }
@@ -3366,26 +3438,26 @@ function verifyClaimSignature(input) {
 }
 
 // src/me-offline/request.ts
-import { z as z14 } from "zod";
-var Base64Std4 = z14.string().regex(/^[A-Za-z0-9+/]+={0,2}$/);
+import { z as z15 } from "zod";
+var Base64Std5 = z15.string().regex(/^[A-Za-z0-9+/]+={0,2}$/);
 var CONSUMER_PAYMENT_REQUEST_DOMAIN = "flur:consumer-offline:v1:request";
-var ConsumerPaymentRequestEnvelopeSchema = z14.object({
-  requestId: z14.string().uuid(),
-  mode: z14.enum(["fixed", "editable"]),
-  takerUserId: z14.string().uuid(),
-  amountKobo: z14.number().int().positive(),
-  currency: z14.string().length(3).default("NGN"),
-  reference: z14.string().max(128).nullable().default(null),
-  createdAtMs: z14.number().int().nonnegative(),
-  expiresAtMs: z14.number().int().positive(),
-  nonce: z14.string().min(8).max(128),
-  takerDeviceId: z14.string().min(1).max(128).nullable().default(null),
-  takerPubkeySpkiB64: Base64Std4.min(64).max(4096).optional(),
-  takerSignatureDerB64: Base64Std4.min(16).max(2048).optional()
+var ConsumerPaymentRequestEnvelopeSchema = z15.object({
+  requestId: z15.string().uuid(),
+  mode: z15.enum(["fixed", "editable"]),
+  takerUserId: z15.string().uuid(),
+  amountKobo: z15.number().int().positive(),
+  currency: z15.string().length(3).default("NGN"),
+  reference: z15.string().max(128).nullable().default(null),
+  createdAtMs: z15.number().int().nonnegative(),
+  expiresAtMs: z15.number().int().positive(),
+  nonce: z15.string().min(8).max(128),
+  takerDeviceId: z15.string().min(1).max(128).nullable().default(null),
+  takerPubkeySpkiB64: Base64Std5.min(64).max(4096).optional(),
+  takerSignatureDerB64: Base64Std5.min(16).max(2048).optional()
 }).superRefine((value, ctx) => {
   if (value.expiresAtMs <= value.createdAtMs) {
     ctx.addIssue({
-      code: z14.ZodIssueCode.custom,
+      code: z15.ZodIssueCode.custom,
       path: ["expiresAtMs"],
       message: "expiresAtMs must be greater than createdAtMs"
     });
@@ -3396,21 +3468,21 @@ var ConsumerPaymentRequestEnvelopeSchema = z14.object({
   if (value.mode === "fixed" || hasSignature) {
     if (!value.takerDeviceId) {
       ctx.addIssue({
-        code: z14.ZodIssueCode.custom,
+        code: z15.ZodIssueCode.custom,
         path: ["takerDeviceId"],
         message: "signed requests require takerDeviceId"
       });
     }
     if (!value.takerPubkeySpkiB64) {
       ctx.addIssue({
-        code: z14.ZodIssueCode.custom,
+        code: z15.ZodIssueCode.custom,
         path: ["takerPubkeySpkiB64"],
         message: "signed requests require takerPubkeySpkiB64"
       });
     }
     if (!value.takerSignatureDerB64) {
       ctx.addIssue({
-        code: z14.ZodIssueCode.custom,
+        code: z15.ZodIssueCode.custom,
         path: ["takerSignatureDerB64"],
         message: "signed requests require takerSignatureDerB64"
       });
@@ -3581,7 +3653,7 @@ function base64UrlDecodeUtf8(input) {
 }
 
 // src/me-offline/oac.ts
-import { z as z15 } from "zod";
+import { z as z16 } from "zod";
 var CONSUMER_OAC_DOMAIN = "flur:consumer-offline:v1:oac";
 function consumerOacSigningPayload(oac) {
   return { domain: CONSUMER_OAC_DOMAIN, ...oac };
@@ -3607,6 +3679,9 @@ function verifyOacOffline(signed, trustedKeys, options = {}) {
   }
   if (nowMs < oac.validFromMs) return { ok: false, reason: "not_yet_valid" };
   if (nowMs >= oac.validUntilMs) return { ok: false, reason: "expired" };
+  if (options.revokedOacIds?.has(oac.oacId)) {
+    return { ok: false, reason: "revoked" };
+  }
   return {
     ok: true,
     oac,
@@ -3624,13 +3699,13 @@ var CONSUMER_OAC_QR_PREFIX = "FLUROAC1.";
 function isConsumerOacQR(value) {
   return value.startsWith(CONSUMER_OAC_QR_PREFIX);
 }
-var OacPresentmentRequestSchema = z15.object({
+var OacPresentmentRequestSchema = z16.object({
   /** Requested amount in minor units (kobo). */
-  amountMinor: z15.number().int().positive().max(1e12).optional(),
+  amountMinor: z16.number().int().positive().max(1e12).optional(),
   /** Purpose/intent code (mirrors the NIBSS intent vocabulary). */
-  intent: z15.string().min(1).max(32).optional(),
+  intent: z16.string().min(1).max(32).optional(),
   /** Free-text reference / note. */
-  reference: z15.string().min(1).max(64).optional()
+  reference: z16.string().min(1).max(64).optional()
 }).strict();
 function encodeConsumerOacQR(signed, request) {
   const parsed = SignedConsumerOACSchema.parse(signed);
@@ -3964,14 +4039,14 @@ function base64UrlToBytes(input) {
 }
 
 // src/partner-funding/client.ts
-import { z as z16 } from "zod";
-var MinorString = z16.string().regex(/^-?\d+$/);
-var PositiveMinor = z16.union([
-  z16.number().int().positive(),
-  z16.string().regex(/^[1-9]\d{0,18}$/)
+import { z as z17 } from "zod";
+var MinorString = z17.string().regex(/^-?\d+$/);
+var PositiveMinor = z17.union([
+  z17.number().int().positive(),
+  z17.string().regex(/^[1-9]\d{0,18}$/)
 ]);
-var Currency = z16.string().trim().length(3).transform((v) => v.toUpperCase());
-var Metadata = z16.record(z16.unknown());
+var Currency = z17.string().trim().length(3).transform((v) => v.toUpperCase());
+var Metadata = z17.record(z17.unknown());
 var PARTNER_KINDS = ["bank", "merchant"];
 var CUSTODIAL_MODES = ["agent_of_bank", "flur_virtual_pool"];
 var PARTNER_PROFILE_STATUSES = [
@@ -3998,126 +4073,126 @@ var WITHDRAWAL_STATES = [
   "failed",
   "reversed"
 ];
-var PartnerProfileSchema = z16.object({
-  partnerAccountId: z16.string().uuid(),
-  kind: z16.enum(PARTNER_KINDS),
-  custodialMode: z16.enum(CUSTODIAL_MODES),
-  displayName: z16.string(),
-  bankCode: z16.string().nullable(),
-  poolAccountNumber: z16.string().nullable(),
-  status: z16.enum(PARTNER_PROFILE_STATUSES),
+var PartnerProfileSchema = z17.object({
+  partnerAccountId: z17.string().uuid(),
+  kind: z17.enum(PARTNER_KINDS),
+  custodialMode: z17.enum(CUSTODIAL_MODES),
+  displayName: z17.string(),
+  bankCode: z17.string().nullable(),
+  poolAccountNumber: z17.string().nullable(),
+  status: z17.enum(PARTNER_PROFILE_STATUSES),
   metadata: Metadata,
-  createdAtMs: z16.number().int().nonnegative(),
-  updatedAtMs: z16.number().int().nonnegative()
+  createdAtMs: z17.number().int().nonnegative(),
+  updatedAtMs: z17.number().int().nonnegative()
 });
-var UpsertPartnerProfileInputSchema = z16.object({
-  kind: z16.enum(PARTNER_KINDS),
-  custodialMode: z16.enum(CUSTODIAL_MODES),
-  displayName: z16.string().trim().min(1).max(200),
-  bankCode: z16.string().trim().min(1).max(64).optional(),
-  poolAccountNumber: z16.string().trim().min(1).max(64).optional(),
+var UpsertPartnerProfileInputSchema = z17.object({
+  kind: z17.enum(PARTNER_KINDS),
+  custodialMode: z17.enum(CUSTODIAL_MODES),
+  displayName: z17.string().trim().min(1).max(200),
+  bankCode: z17.string().trim().min(1).max(64).optional(),
+  poolAccountNumber: z17.string().trim().min(1).max(64).optional(),
   metadata: Metadata.optional()
 });
-var PartnerFundingEventInputSchema = z16.object({
-  externalRef: z16.string().trim().min(8).max(128),
-  direction: z16.enum(PARTNER_FUNDING_DIRECTIONS).optional(),
-  userId: z16.string().uuid().optional(),
-  accountId: z16.string().uuid().optional(),
+var PartnerFundingEventInputSchema = z17.object({
+  externalRef: z17.string().trim().min(8).max(128),
+  direction: z17.enum(PARTNER_FUNDING_DIRECTIONS).optional(),
+  userId: z17.string().uuid().optional(),
+  accountId: z17.string().uuid().optional(),
   amountMinor: PositiveMinor,
   currency: Currency,
-  fundingSource: z16.string().trim().min(1).max(64).optional(),
+  fundingSource: z17.string().trim().min(1).max(64).optional(),
   providerMetadata: Metadata.optional()
 });
-var PartnerFundingSchema = z16.object({
-  fundingId: z16.string().uuid(),
-  partnerId: z16.string().uuid(),
-  accountId: z16.string().uuid(),
-  userId: z16.string().uuid().nullable(),
-  direction: z16.enum(PARTNER_FUNDING_DIRECTIONS),
-  currency: z16.string(),
+var PartnerFundingSchema = z17.object({
+  fundingId: z17.string().uuid(),
+  partnerId: z17.string().uuid(),
+  accountId: z17.string().uuid(),
+  userId: z17.string().uuid().nullable(),
+  direction: z17.enum(PARTNER_FUNDING_DIRECTIONS),
+  currency: z17.string(),
   amountMinor: MinorString,
-  externalRef: z16.string(),
-  status: z16.enum(PARTNER_FUNDING_STATUSES),
-  fundingSource: z16.string(),
-  ledgerRef: z16.string(),
+  externalRef: z17.string(),
+  status: z17.enum(PARTNER_FUNDING_STATUSES),
+  fundingSource: z17.string(),
+  ledgerRef: z17.string(),
   providerMetadata: Metadata,
-  createdAtMs: z16.number().int().nonnegative(),
-  updatedAtMs: z16.number().int().nonnegative()
+  createdAtMs: z17.number().int().nonnegative(),
+  updatedAtMs: z17.number().int().nonnegative()
 });
-var IngestFundingResultSchema = z16.object({
+var IngestFundingResultSchema = z17.object({
   funding: PartnerFundingSchema,
-  replayed: z16.boolean()
+  replayed: z17.boolean()
 });
-var PayoutDestinationSchema = z16.object({
-  destinationId: z16.string().uuid(),
-  accountId: z16.string().uuid(),
-  partnerId: z16.string().uuid(),
-  bankCode: z16.string(),
-  accountNumber: z16.string(),
-  accountName: z16.string(),
-  status: z16.enum(PAYOUT_DESTINATION_STATUSES),
-  verifiedAtMs: z16.number().int().nonnegative().nullable(),
+var PayoutDestinationSchema = z17.object({
+  destinationId: z17.string().uuid(),
+  accountId: z17.string().uuid(),
+  partnerId: z17.string().uuid(),
+  bankCode: z17.string(),
+  accountNumber: z17.string(),
+  accountName: z17.string(),
+  status: z17.enum(PAYOUT_DESTINATION_STATUSES),
+  verifiedAtMs: z17.number().int().nonnegative().nullable(),
   metadata: Metadata,
-  createdAtMs: z16.number().int().nonnegative(),
-  updatedAtMs: z16.number().int().nonnegative()
+  createdAtMs: z17.number().int().nonnegative(),
+  updatedAtMs: z17.number().int().nonnegative()
 });
-var CreatePayoutDestinationInputSchema = z16.object({
-  partnerId: z16.string().uuid(),
-  bankCode: z16.string().trim().min(1).max(32),
-  accountNumber: z16.string().trim().min(4).max(64),
-  accountName: z16.string().trim().min(1).max(200),
+var CreatePayoutDestinationInputSchema = z17.object({
+  partnerId: z17.string().uuid(),
+  bankCode: z17.string().trim().min(1).max(32),
+  accountNumber: z17.string().trim().min(4).max(64),
+  accountName: z17.string().trim().min(1).max(200),
   metadata: Metadata.optional()
 });
-var ListPayoutDestinationsResultSchema = z16.object({
-  items: z16.array(PayoutDestinationSchema)
+var ListPayoutDestinationsResultSchema = z17.object({
+  items: z17.array(PayoutDestinationSchema)
 });
-var WithdrawalSchema = z16.object({
-  withdrawalId: z16.string().uuid(),
-  accountId: z16.string().uuid(),
-  userId: z16.string().uuid(),
-  partnerId: z16.string().uuid(),
-  destinationId: z16.string().uuid(),
-  currency: z16.string(),
+var WithdrawalSchema = z17.object({
+  withdrawalId: z17.string().uuid(),
+  accountId: z17.string().uuid(),
+  userId: z17.string().uuid(),
+  partnerId: z17.string().uuid(),
+  destinationId: z17.string().uuid(),
+  currency: z17.string(),
   amountMinor: MinorString,
-  state: z16.enum(WITHDRAWAL_STATES),
-  idempotencyKey: z16.string(),
-  providerRef: z16.string().nullable(),
-  lastError: z16.string().nullable(),
-  ledgerRef: z16.string(),
-  reverseLedgerRef: z16.string().nullable(),
+  state: z17.enum(WITHDRAWAL_STATES),
+  idempotencyKey: z17.string(),
+  providerRef: z17.string().nullable(),
+  lastError: z17.string().nullable(),
+  ledgerRef: z17.string(),
+  reverseLedgerRef: z17.string().nullable(),
   metadata: Metadata,
-  createdAtMs: z16.number().int().nonnegative(),
-  updatedAtMs: z16.number().int().nonnegative()
+  createdAtMs: z17.number().int().nonnegative(),
+  updatedAtMs: z17.number().int().nonnegative()
 });
-var CreateWithdrawalInputSchema = z16.object({
-  destinationId: z16.string().uuid(),
+var CreateWithdrawalInputSchema = z17.object({
+  destinationId: z17.string().uuid(),
   amountMinor: PositiveMinor,
   currency: Currency,
-  idempotencyKey: z16.string().trim().min(8).max(128),
+  idempotencyKey: z17.string().trim().min(8).max(128),
   metadata: Metadata.optional()
 });
-var CreateWithdrawalResultSchema = z16.object({
+var CreateWithdrawalResultSchema = z17.object({
   withdrawal: WithdrawalSchema,
-  replayed: z16.boolean()
+  replayed: z17.boolean()
 });
-var PayoutEventInputSchema = z16.object({
-  externalRef: z16.string().trim().min(8).max(128),
-  withdrawalId: z16.string().uuid().optional(),
-  state: z16.enum(["submitted", "processing", "paid", "failed"]),
-  providerRef: z16.string().trim().min(1).max(128).optional(),
-  failureCode: z16.string().trim().max(64).optional(),
-  failureMessage: z16.string().trim().max(512).optional(),
+var PayoutEventInputSchema = z17.object({
+  externalRef: z17.string().trim().min(8).max(128),
+  withdrawalId: z17.string().uuid().optional(),
+  state: z17.enum(["submitted", "processing", "paid", "failed"]),
+  providerRef: z17.string().trim().min(1).max(128).optional(),
+  failureCode: z17.string().trim().max(64).optional(),
+  failureMessage: z17.string().trim().max(512).optional(),
   providerMetadata: Metadata.optional()
 });
-var RecordPayoutEventResultSchema = z16.object({
+var RecordPayoutEventResultSchema = z17.object({
   withdrawal: WithdrawalSchema,
-  replayed: z16.boolean()
+  replayed: z17.boolean()
 });
-var ReconciliationReportSchema = z16.object({
-  partnerId: z16.string().uuid(),
-  currency: z16.string(),
-  fromMs: z16.number().int().nonnegative(),
-  toMs: z16.number().int().nonnegative(),
+var ReconciliationReportSchema = z17.object({
+  partnerId: z17.string().uuid(),
+  currency: z17.string(),
+  fromMs: z17.number().int().nonnegative(),
+  toMs: z17.number().int().nonnegative(),
   fundingsCreditMinor: MinorString,
   fundingsDebitMinor: MinorString,
   withdrawalsPaidMinor: MinorString,
@@ -4126,7 +4201,7 @@ var ReconciliationReportSchema = z16.object({
   expectedReserveBalanceMinor: MinorString,
   actualReserveBalanceMinor: MinorString,
   imbalanceMinor: MinorString,
-  generatedAtMs: z16.number().int().nonnegative()
+  generatedAtMs: z17.number().int().nonnegative()
 });
 function createPartnerFundingClient(partner) {
   return {
@@ -4278,19 +4353,19 @@ function createPartnerProfileAdminClient(opts) {
 }
 
 // src/artifacts/envelope.ts
-import { z as z17 } from "zod";
+import { z as z18 } from "zod";
 var FLUR_ARTIFACT_URI_SCHEME = "flur";
 var FLUR_ARTIFACT_VERSION = 1;
 var FLUR_ARTIFACT_URI_PREFIX = `${FLUR_ARTIFACT_URI_SCHEME}://v${FLUR_ARTIFACT_VERSION}/`;
 var ArtifactTypeRe = /^[a-z][a-z0-9_]{1,63}$/;
-var ArtifactHeaderSchema = z17.object({
-  v: z17.literal(FLUR_ARTIFACT_VERSION),
-  t: z17.string().regex(ArtifactTypeRe, "invalid artifact type"),
-  iss: z17.string().min(1).max(128),
-  kid: z17.string().min(1).max(128),
-  iat: z17.number().int().nonnegative(),
-  exp: z17.number().int().positive().optional(),
-  nonce: z17.string().min(8).max(64).regex(/^[A-Za-z0-9_-]+$/, "nonce must be url-safe")
+var ArtifactHeaderSchema = z18.object({
+  v: z18.literal(FLUR_ARTIFACT_VERSION),
+  t: z18.string().regex(ArtifactTypeRe, "invalid artifact type"),
+  iss: z18.string().min(1).max(128),
+  kid: z18.string().min(1).max(128),
+  iat: z18.number().int().nonnegative(),
+  exp: z18.number().int().positive().optional(),
+  nonce: z18.string().min(8).max(64).regex(/^[A-Za-z0-9_-]+$/, "nonce must be url-safe")
 });
 var FlurArtifactError = class extends Error {
   constructor(message, code) {
@@ -4429,7 +4504,7 @@ function verifyArtifactSignature(decoded, publicKeySpkiB64, options = {}) {
 }
 
 // src/artifacts/types.ts
-import { z as z18 } from "zod";
+import { z as z19 } from "zod";
 var ARTIFACT_TYPES = {
   OFFLINE_PAYMENT_AUTHORIZATION: "offline_payment_authorization",
   RECEIPT: "receipt",
@@ -4444,32 +4519,32 @@ var ARTIFACT_TYPES = {
   PASS: "pass",
   IDENTITY: "identity"
 };
-var HexString = (length) => z18.string().regex(
+var HexString = (length) => z19.string().regex(
   new RegExp(`^[0-9a-fA-F]{${length * 2}}$`),
   `expected ${length}-byte hex string`
 );
-var OfflinePaymentAuthorizationArtifactSchema = z18.object({
+var OfflinePaymentAuthorizationArtifactSchema = z19.object({
   authorization: OfflinePaymentAuthorizationSchema
 });
-var ReceiptArtifactSchema = z18.object({
-  receiptId: z18.string().min(1).max(64),
-  paymentReference: z18.string().min(1).max(64),
-  payerUserId: z18.string().min(1).max(64).optional(),
-  payeeUserId: z18.string().min(1).max(64),
-  amountKobo: z18.number().int().positive(),
-  currency: z18.literal("NGN"),
-  channel: z18.enum(["online", "offline_reconciled", "pay_link", "nqr"]),
-  settledAtMs: z18.number().int().positive(),
-  ledgerTxnId: z18.string().min(1).max(64).optional(),
-  memo: z18.string().max(140).optional(),
+var ReceiptArtifactSchema = z19.object({
+  receiptId: z19.string().min(1).max(64),
+  paymentReference: z19.string().min(1).max(64),
+  payerUserId: z19.string().min(1).max(64).optional(),
+  payeeUserId: z19.string().min(1).max(64),
+  amountKobo: z19.number().int().positive(),
+  currency: z19.literal("NGN"),
+  channel: z19.enum(["online", "offline_reconciled", "pay_link", "nqr"]),
+  settledAtMs: z19.number().int().positive(),
+  ledgerTxnId: z19.string().min(1).max(64).optional(),
+  memo: z19.string().max(140).optional(),
   hashChainPrev: HexString(32).optional()
 });
-var ShortId = z18.string().min(1).max(64);
-var PositiveInt = z18.number().int().positive();
-var NonNegativeInt = z18.number().int().nonnegative();
-var Currency2 = z18.literal("NGN");
-var Memo = z18.string().max(140);
-var NqrPaymentRequestArtifactSchema = z18.object({
+var ShortId = z19.string().min(1).max(64);
+var PositiveInt = z19.number().int().positive();
+var NonNegativeInt = z19.number().int().nonnegative();
+var Currency2 = z19.literal("NGN");
+var Memo = z19.string().max(140);
+var NqrPaymentRequestArtifactSchema = z19.object({
   requestId: ShortId,
   payeeUserId: ShortId,
   amountKobo: PositiveInt.optional(),
@@ -4477,7 +4552,7 @@ var NqrPaymentRequestArtifactSchema = z18.object({
   memo: Memo.optional(),
   expiresAtMs: PositiveInt.optional()
 });
-var PaymentIntentArtifactSchema = z18.object({
+var PaymentIntentArtifactSchema = z19.object({
   intentId: ShortId,
   payerUserId: ShortId,
   payeeUserId: ShortId,
@@ -4486,7 +4561,7 @@ var PaymentIntentArtifactSchema = z18.object({
   idempotencyKey: ShortId,
   createdAtMs: PositiveInt
 });
-var OfflineClaimArtifactSchema = z18.object({
+var OfflineClaimArtifactSchema = z19.object({
   claimId: ShortId,
   authorizationId: ShortId,
   payeeUserId: ShortId,
@@ -4495,10 +4570,10 @@ var OfflineClaimArtifactSchema = z18.object({
   claimedAtMs: PositiveInt,
   paymentReference: ShortId.optional()
 });
-var SettlementRecordArtifactSchema = z18.object({
+var SettlementRecordArtifactSchema = z19.object({
   settlementId: ShortId,
   ledgerTxnId: ShortId,
-  sourceRefType: z18.enum([
+  sourceRefType: z19.enum([
     "offline_authorization",
     "offline_claim",
     "transfer",
@@ -4509,12 +4584,12 @@ var SettlementRecordArtifactSchema = z18.object({
   currency: Currency2,
   settledAtMs: PositiveInt
 });
-var ReversalRecordArtifactSchema = z18.object({
+var ReversalRecordArtifactSchema = z19.object({
   reversalId: ShortId,
   originalTxnId: ShortId,
   amountKobo: PositiveInt,
   currency: Currency2,
-  reason: z18.enum([
+  reason: z19.enum([
     "user_dispute",
     "fraud",
     "duplicate",
@@ -4524,7 +4599,7 @@ var ReversalRecordArtifactSchema = z18.object({
   reversedAtMs: PositiveInt,
   memo: Memo.optional()
 });
-var LedgerJournalEntryArtifactSchema = z18.object({
+var LedgerJournalEntryArtifactSchema = z19.object({
   entryId: ShortId,
   journalId: ShortId,
   debitAccountId: ShortId,
@@ -4535,13 +4610,13 @@ var LedgerJournalEntryArtifactSchema = z18.object({
   refType: ShortId.optional(),
   refId: ShortId.optional()
 });
-var StatementArtifactSchema = z18.object({
+var StatementArtifactSchema = z19.object({
   statementId: ShortId,
   userId: ShortId,
   periodStartMs: PositiveInt,
   periodEndMs: PositiveInt,
-  openingBalanceKobo: z18.number().int(),
-  closingBalanceKobo: z18.number().int(),
+  openingBalanceKobo: z19.number().int(),
+  closingBalanceKobo: z19.number().int(),
   transactionCount: NonNegativeInt,
   currency: Currency2,
   hashChainPrev: HexString(32).optional()
@@ -4549,16 +4624,16 @@ var StatementArtifactSchema = z18.object({
   message: "periodEndMs must be greater than periodStartMs",
   path: ["periodEndMs"]
 });
-var PassArtifactSchema = z18.object({
+var PassArtifactSchema = z19.object({
   passId: ShortId,
   holderId: ShortId,
-  category: z18.enum(["membership", "ticket", "loyalty", "access", "voucher"]),
-  title: z18.string().min(1).max(120),
+  category: z19.enum(["membership", "ticket", "loyalty", "access", "voucher"]),
+  title: z19.string().min(1).max(120),
   validFromMs: PositiveInt,
   validUntilMs: PositiveInt.optional(),
-  metadata: z18.record(
-    z18.string().min(1).max(64),
-    z18.union([z18.string().max(280), z18.number(), z18.boolean()])
+  metadata: z19.record(
+    z19.string().min(1).max(64),
+    z19.union([z19.string().max(280), z19.number(), z19.boolean()])
   ).optional()
 }).refine(
   (v) => v.validUntilMs === void 0 || v.validUntilMs > v.validFromMs,
@@ -4567,10 +4642,10 @@ var PassArtifactSchema = z18.object({
     path: ["validUntilMs"]
   }
 );
-var IdentityArtifactSchema = z18.object({
+var IdentityArtifactSchema = z19.object({
   attestationId: ShortId,
   subjectId: ShortId,
-  claimType: z18.enum([
+  claimType: z19.enum([
     "phone_verified",
     "email_verified",
     "bvn_verified",
@@ -4708,6 +4783,7 @@ export {
   CONSUMER_OAC_QR_PREFIX,
   CONSUMER_OFFLINE_CLAIM_SUBMIT_GRACE_MS,
   CONSUMER_PAYMENT_REQUEST_DOMAIN,
+  CONSUMER_REVOCATION_DOMAIN,
   CONSUMER_SETTLEMENT_DOMAIN,
   CONSUMER_SETTLEMENT_RECEIPT_QR_PREFIX,
   CUSTODIAL_MODES,
@@ -4805,6 +4881,7 @@ export {
   RECEIPT_CHANNELS,
   RECEIPT_KINDS,
   REPLAY_WINDOW_MS,
+  REVOCATION_LIST_MAX_ENTRIES,
   ReceiptArtifactSchema,
   ReceiptPayloadSchema,
   ReceiptSchema,
@@ -4813,12 +4890,14 @@ export {
   RedemptionSchema,
   RegisterDeviceKeyP256InputSchema,
   ReversalRecordArtifactSchema,
+  RevocationListSchema,
   RevokeDeviceKeyInputSchema,
   SETTLEMENT_SCHEDULES,
   SettleResponseSchema,
   SettlementRecordArtifactSchema,
   SettlementSchema,
   SignedConsumerOACSchema,
+  SignedRevocationListSchema,
   StatementArtifactSchema,
   UpsertMerchantProfileInputSchema,
   UpsertPartnerProfileInputSchema,
@@ -4899,6 +4978,7 @@ export {
   isConsumerPaymentRequestExpired,
   isHardenedArtifactType,
   isKnownArtifactType,
+  isOacRevoked,
   isPassWithinValidity,
   moneyMinorToNumber,
   normalizeE164,
@@ -4906,6 +4986,7 @@ export {
   parseNQR,
   parseQR,
   readTLV,
+  revocationListSigningPayload,
   routingHint,
   signArtifact,
   signAuthorization,
@@ -4932,6 +5013,7 @@ export {
   verifyReceipt,
   verifyRedemption,
   verifyRequestHMAC,
+  verifyRevocationList,
   writeTLV
 };
 //# sourceMappingURL=index.js.map