npm - @proofchain/sdk - Versions diffs - 2.22.0 → 3.0.0 - Mend

@proofchain/sdk 2.22.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -16,6 +16,7 @@ declare class HttpClient {
     private baseUrl;
     private timeout;
     private maxRetries;
+    private readonly inflight;
     constructor(options: HttpClientOptions);
     private getHeaders;
     private handleResponse;
@@ -2238,7 +2239,7 @@ interface QuestStep {
     name: string;
     description?: string;
     order: number;
-    step_type: 'event' | 'manual' | 'external' | 'compound';
+    step_type: 'event_count' | 'event_match' | 'unique_values' | 'cumulative' | 'streak' | 'manual' | 'threshold' | 'recency' | 'time_windowed_count' | 'wallet_holds' | 'milestone';
     event_type?: string;
     event_types?: string[];
     criteria?: Record<string, any>;
@@ -2354,7 +2355,7 @@ interface CreateQuestStepRequest {
     name: string;
     description?: string;
     order?: number;
-    step_type?: 'event' | 'manual' | 'external' | 'compound';
+    step_type?: 'event_count' | 'event_match' | 'unique_values' | 'cumulative' | 'streak' | 'manual' | 'threshold' | 'recency' | 'time_windowed_count' | 'wallet_holds' | 'milestone';
     event_type?: string;
     event_types?: string[];
     criteria?: Record<string, any>;
@@ -2394,9 +2395,10 @@ declare class QuestsClient {
         category?: string;
     }): Promise<QuestWithProgress[]>;
     /**
-     * Get a quest by slug
+     * REMOVED: getBySlug() — the server never implemented GET /quests/slug/{slug}.
+     * There is no slug-based lookup route in the API. Use list() with a status/category
+     * filter and find the quest client-side, or use get() with the quest ID.
      */
-    getBySlug(slug: string): Promise<Quest>;
     /**
      * Create a quest
      */
@@ -2422,9 +2424,9 @@ declare class QuestsClient {
      */
     pause(questId: string): Promise<Quest>;
     /**
-     * Archive a quest
+     * REMOVED: archive() — the server never implemented POST /quests/{id}/archive.
+     * To archive a quest, use update(questId, { status: 'archived' }) via PUT /quests/{id}.
      */
-    archive(questId: string): Promise<Quest>;
     /**
      * Get quest with user progress
      * Fetches the quest and user's progress separately and combines them
@@ -2469,19 +2471,37 @@ declare class QuestsClient {
      */
     claimReward(questId: string, userId: string): Promise<ClaimRewardResult>;
     /**
-     * Add a step to a quest
+     * Add a step to a quest.
+     *
+     * The server has no dedicated step-create endpoint — steps are managed via the
+     * full-replace PUT /quests/{id}. This method fetches the quest, appends the new
+     * step, and issues a full update. The returned QuestStep is synthesised from the
+     * updated quest's steps array (matched by order or last position).
      */
     addStep(questId: string, step: CreateQuestStepRequest): Promise<QuestStep>;
     /**
-     * Update a step
+     * Update a step by step ID.
+     *
+     * The server has no dedicated step-update endpoint — steps are managed via the
+     * full-replace PUT /quests/{id}. This method fetches the quest, replaces the
+     * matching step, and issues a full update.
      */
     updateStep(questId: string, stepId: string, data: Partial<CreateQuestStepRequest>): Promise<QuestStep>;
     /**
-     * Delete a step
+     * Delete a step by step ID.
+     *
+     * The server has no dedicated step-delete endpoint — steps are managed via the
+     * full-replace PUT /quests/{id}. This method fetches the quest, filters out the
+     * target step, and issues a full update.
      */
     deleteStep(questId: string, stepId: string): Promise<void>;
     /**
-     * Reorder steps
+     * Reorder steps by providing step IDs in the desired order.
+     *
+     * The server has no dedicated reorder endpoint — steps are managed via the
+     * full-replace PUT /quests/{id}. This method fetches the quest, reassigns
+     * the `order` field according to the given stepIds sequence, and issues a
+     * full update.
      */
     reorderSteps(questId: string, stepIds: string[]): Promise<Quest>;
 }
@@ -3520,12 +3540,29 @@ declare class NftClient {
 /**
  * Partner Keys Resource - OTT (One-Time Token) auth for partner integrations
+ *
+ * Flow:
+ *   1. Mobile app generates OTT: POST /partner-keys/generate (tenant API key + user JWT)
+ *   2. OTT is passed to partner webview via URL param
+ *   3. Partner backend redeems OTT: POST /partner-keys/redeem (integrator API key)
  */
-interface OTTRequestResponse {
+interface OTTGenerateRequest {
+    ttl?: number;
+    session_data_keys?: string[];
+}
+interface OTTGenerateResponse {
     ott: string;
     expires_in: number;
 }
+interface OTTRedeemResponse {
+    user_id: string;
+    tenant_id: string;
+    tenant_name: string | null;
+    session_data: Record<string, unknown>;
+    issued_at: string;
+    expires_at: string;
+}
 interface OTTConfigUpdate {
     ott_enabled?: boolean;
     ott_ttl_seconds?: number;
@@ -3542,21 +3579,40 @@ interface OTTConfigResponse {
     ott_jwt_ttl_seconds: number;
     ott_session_data_keys?: string[];
 }
+/** @deprecated Use OTTGenerateResponse */
+type OTTRequestResponse = OTTGenerateResponse;
 declare class PartnerKeysClient {
     private http;
     constructor(http: HttpClient);
     /**
-     * Request a one-time token for a partner key (end-user JWKS auth).
+     * Generate a one-time token for the authenticated end-user.
+     *
+     * Requires: tenant API key (X-API-Key) + end-user JWT (Authorization: Bearer).
+     * The SDK must be initialised with both `apiKey` and `userToken`.
+     *
+     * @param options.ttl - Token lifetime in seconds (30–3600, default 300)
+     * @param options.session_data_keys - Whitelist of JWT claims to include
+     */
+    generate(options?: OTTGenerateRequest): Promise<OTTGenerateResponse>;
+    /**
+     * Redeem a one-time token to get the user's identity.
+     *
+     * Requires: integrator API key (X-API-Key). The token is single-use
+     * and deleted on successful redemption.
+     *
+     * @param ott - The opaque one-time token
      */
-    requestOTT(keyId: string): Promise<OTTRequestResponse>;
+    redeem(ott: string): Promise<OTTRedeemResponse>;
     /**
-     * Update OTT configuration for a partner key.
+     * Update OTT configuration for a partner key (tenant admin).
      */
     updateOTTConfig(keyId: string, config: OTTConfigUpdate): Promise<OTTConfigResponse>;
     /**
-     * Get OTT configuration for a partner key.
+     * Get OTT configuration for a partner key (tenant admin).
      */
     getOTTConfig(keyId: string): Promise<OTTConfigResponse>;
+    /** @deprecated Use generate() */
+    requestOTT(_keyId: string): Promise<OTTGenerateResponse>;
 }
 /**
@@ -4150,4 +4206,4 @@ declare class TimeoutError extends ProofChainError {
     constructor(message?: string);
 }
-export { type Achievement, type ActivitySummaryView, type AddNFTRequest, type AnchorResult, type ApiKey, type AttestRequest, type AttestationConfig, type AttestationMode, type Attestation as AttestationRecord, type AttestationResult, type AttestationSchema, AttestationsClient, AuthenticationError, AuthorizationError, type AvailableView, type Badge, type BatchIngestRequest, type BatchIngestResponse, type BatchVerifyResult, type BlockchainProof, type BlockchainStats, type Certificate, type CertificateVerifyResult, CertificatesResource, type Channel, type ChannelState, type ChannelStatus, ChannelsResource, type ClaimNFTResult, type ClaimRewardResult, type CohortDefinition, type CohortGroupStats, CohortLeaderboardClient, type CohortLeaderboardEntry, type CohortLeaderboardOptions, type CohortLeaderboardResponse, type ComprehensiveWalletInfo, type CreateAchievementRequest, type CreateApiKeyRequest, type CreateAttestationRequest, type CreateBadgeRequest, type CreateChannelRequest, type CreateCredentialTypeRequest, type CreateDataViewRequest, type CreateDualWalletsRequest, type CreateEndUserRequest, type CreateEventRequest, type CreatePassportDefinitionRequest, type CreatePassportRequest, type CreateQuestRequest, type CreateQuestStepRequest, type CreateRewardDefinitionRequest, type CreateSchemaRequest, type CreateTemplateFieldRequest, type CreateTemplateRequest, type CreateWalletRequest as CreateUserWalletRequest, type CreateWalletRequest$1 as CreateWalletRequest, type CreateWebhookRequest, type CredentialType, type CredentialVerifyResult, CredentialsClient, type DataViewColumn, type DataViewComputation, type DataViewDetail, type DataViewExecuteResult, type DataViewInfo, type DataViewListResponse, type DataViewPreviewRequest, type DataViewPreviewResult, type DataViewSummary, DataViewsClient, type DistributeResult, DocumentsResource, type DualWallets, type EarnedReward, type EndUser, EndUserIngestionClient, type EndUserIngestionClientOptions, type EndUserListResponse, EndUsersClient, type Event, type EventBatchProof, type EventMetadata, type EventStatus, EventsResource, type ExecuteSwapRequest, type Facet, type FacetsResponse, type FanProfileView, type FanpassGroupStats, FanpassLeaderboardClient, type FanpassLeaderboardEntry, type FanpassLeaderboardOptions, type FanpassLeaderboardResponse, type FanpassUserComparisonResponse, type FieldValue, type GDPRDeletionRequest, type GDPRDeletionResponse, type GDPRPreviewResponse, type IngestEventRequest, type IngestEventResponse, IngestionClient, type IngestionClientOptions, type IssueCertificateRequest, type IssueCredentialRequest, type IssuedCredential, type LeaderboardUserProfile$1 as LeaderboardUserProfile, type LinkWalletRequest, type ListAttestationsOptions, type ListCertificatesRequest, type ListCohortsOptions, type ListEndUsersOptions, type ListEventsRequest, type ListIssuedCredentialsOptions, type ListMintsOptions, type ListMintsResponse, type ListQuestsOptions, type ListRewardsOptions, type ListSchemasOptions, type ListWalletCredentialsOptions, type ManualRewardRequest, type MergeUsersRequest, type Milestone, type MintNFTRequest, type NFT, type NFTMint, NetworkError, NftClient, NotFoundError, type NotificationCallback, type NotificationEvent, type NotificationEventType, NotificationsClient, type OTTConfigResponse, type OTTConfigUpdate, type OTTRequestResponse, PartnerKeysClient, type Passport, PassportClient, type PassportDefinition, type PassportFieldValue, type PassportHistory, type PassportTemplate, type PassportV2Data, type PassportWithFields, ProofChain, ProofChainError, type ProofChainOptions, type ProofVerifyResult, type PushSubscriptionJSON, type Quest, type QuestStep, type QuestWithProgress, QuestsClient, RateLimitError, type RegisterWalletRequest, type RevokeResult, type RewardAsset, type RewardAttestationResult, type RewardDefinition, type RewardEarned, type VerifyResult as RewardVerifyResult, RewardsClient, type Schema, type SchemaDetail, type SchemaField, type SchemaListResponse, type ValidationError$1 as SchemaValidationError, SchemasClient, type SearchFilters, type SearchQueryRequest, type SearchRequest, SearchResource, type SearchResponse, type SearchResult, type SearchStats, ServerError, type SetProfileRequest, type Settlement, type StepCompletionResult, type StepProgress, type StepStartResult, type StreamAck, type StreamEventRequest, type SubscribeOptions, type SwapQuote, type SwapQuoteRequest, type SwapResult, type TemplateField, type TenantInfo, TenantResource, type TierDefinition, TimeoutError, type TokenBalance, type TransferRequest, type TransferResult, type Unsubscribe, type UpdateConfigRequest as UpdateAttestationConfigRequest, type UpdateDataViewRequest, type UpdateEndUserRequest, type UpdatePassportRequest, type UpdateWebhookRequest, type UsageStats, type UserAchievement, type UserActivity, type UserActivityResponse, type UserBadge, type UserBreakdownResponse, type UserCohortBreakdownEntry, type UserCredentialsSummary, type UserQuestProgress, type UserReward$1 as UserReward, type UserRewardsResponse, type UserWalletSummary, type UserWithWallets, type UsersWithWalletsResponse, type ValidateDataRequest, ValidationError, type ValidationErrorDetail, type ValidationResult, type VaultFile, type VaultFolder, type VaultListResponse, VaultResource, type VaultStats, type VaultUploadRequest, type VerificationResult, VerifyResource, type ViewColumn, type ViewTemplate, type Wallet, type WalletBalance, WalletClient, type WalletCreationResult, type WalletCredential, type WalletCredentialVerifySummary, type WalletStats, type Webhook, WebhooksResource };
+export { type Achievement, type ActivitySummaryView, type AddNFTRequest, type AnchorResult, type ApiKey, type AttestRequest, type AttestationConfig, type AttestationMode, type Attestation as AttestationRecord, type AttestationResult, type AttestationSchema, AttestationsClient, AuthenticationError, AuthorizationError, type AvailableView, type Badge, type BatchIngestRequest, type BatchIngestResponse, type BatchVerifyResult, type BlockchainProof, type BlockchainStats, type Certificate, type CertificateVerifyResult, CertificatesResource, type Channel, type ChannelState, type ChannelStatus, ChannelsResource, type ClaimNFTResult, type ClaimRewardResult, type CohortDefinition, type CohortGroupStats, CohortLeaderboardClient, type CohortLeaderboardEntry, type CohortLeaderboardOptions, type CohortLeaderboardResponse, type ComprehensiveWalletInfo, type CreateAchievementRequest, type CreateApiKeyRequest, type CreateAttestationRequest, type CreateBadgeRequest, type CreateChannelRequest, type CreateCredentialTypeRequest, type CreateDataViewRequest, type CreateDualWalletsRequest, type CreateEndUserRequest, type CreateEventRequest, type CreatePassportDefinitionRequest, type CreatePassportRequest, type CreateQuestRequest, type CreateQuestStepRequest, type CreateRewardDefinitionRequest, type CreateSchemaRequest, type CreateTemplateFieldRequest, type CreateTemplateRequest, type CreateWalletRequest as CreateUserWalletRequest, type CreateWalletRequest$1 as CreateWalletRequest, type CreateWebhookRequest, type CredentialType, type CredentialVerifyResult, CredentialsClient, type DataViewColumn, type DataViewComputation, type DataViewDetail, type DataViewExecuteResult, type DataViewInfo, type DataViewListResponse, type DataViewPreviewRequest, type DataViewPreviewResult, type DataViewSummary, DataViewsClient, type DistributeResult, DocumentsResource, type DualWallets, type EarnedReward, type EndUser, EndUserIngestionClient, type EndUserIngestionClientOptions, type EndUserListResponse, EndUsersClient, type Event, type EventBatchProof, type EventMetadata, type EventStatus, EventsResource, type ExecuteSwapRequest, type Facet, type FacetsResponse, type FanProfileView, type FanpassGroupStats, FanpassLeaderboardClient, type FanpassLeaderboardEntry, type FanpassLeaderboardOptions, type FanpassLeaderboardResponse, type FanpassUserComparisonResponse, type FieldValue, type GDPRDeletionRequest, type GDPRDeletionResponse, type GDPRPreviewResponse, type IngestEventRequest, type IngestEventResponse, IngestionClient, type IngestionClientOptions, type IssueCertificateRequest, type IssueCredentialRequest, type IssuedCredential, type LeaderboardUserProfile$1 as LeaderboardUserProfile, type LinkWalletRequest, type ListAttestationsOptions, type ListCertificatesRequest, type ListCohortsOptions, type ListEndUsersOptions, type ListEventsRequest, type ListIssuedCredentialsOptions, type ListMintsOptions, type ListMintsResponse, type ListQuestsOptions, type ListRewardsOptions, type ListSchemasOptions, type ListWalletCredentialsOptions, type ManualRewardRequest, type MergeUsersRequest, type Milestone, type MintNFTRequest, type NFT, type NFTMint, NetworkError, NftClient, NotFoundError, type NotificationCallback, type NotificationEvent, type NotificationEventType, NotificationsClient, type OTTConfigResponse, type OTTConfigUpdate, type OTTGenerateRequest, type OTTGenerateResponse, type OTTRedeemResponse, type OTTRequestResponse, PartnerKeysClient, type Passport, PassportClient, type PassportDefinition, type PassportFieldValue, type PassportHistory, type PassportTemplate, type PassportV2Data, type PassportWithFields, ProofChain, ProofChainError, type ProofChainOptions, type ProofVerifyResult, type PushSubscriptionJSON, type Quest, type QuestStep, type QuestWithProgress, QuestsClient, RateLimitError, type RegisterWalletRequest, type RevokeResult, type RewardAsset, type RewardAttestationResult, type RewardDefinition, type RewardEarned, type VerifyResult as RewardVerifyResult, RewardsClient, type Schema, type SchemaDetail, type SchemaField, type SchemaListResponse, type ValidationError$1 as SchemaValidationError, SchemasClient, type SearchFilters, type SearchQueryRequest, type SearchRequest, SearchResource, type SearchResponse, type SearchResult, type SearchStats, ServerError, type SetProfileRequest, type Settlement, type StepCompletionResult, type StepProgress, type StepStartResult, type StreamAck, type StreamEventRequest, type SubscribeOptions, type SwapQuote, type SwapQuoteRequest, type SwapResult, type TemplateField, type TenantInfo, TenantResource, type TierDefinition, TimeoutError, type TokenBalance, type TransferRequest, type TransferResult, type Unsubscribe, type UpdateConfigRequest as UpdateAttestationConfigRequest, type UpdateDataViewRequest, type UpdateEndUserRequest, type UpdatePassportRequest, type UpdateWebhookRequest, type UsageStats, type UserAchievement, type UserActivity, type UserActivityResponse, type UserBadge, type UserBreakdownResponse, type UserCohortBreakdownEntry, type UserCredentialsSummary, type UserQuestProgress, type UserReward$1 as UserReward, type UserRewardsResponse, type UserWalletSummary, type UserWithWallets, type UsersWithWalletsResponse, type ValidateDataRequest, ValidationError, type ValidationErrorDetail, type ValidationResult, type VaultFile, type VaultFolder, type VaultListResponse, VaultResource, type VaultStats, type VaultUploadRequest, type VerificationResult, VerifyResource, type ViewColumn, type ViewTemplate, type Wallet, type WalletBalance, WalletClient, type WalletCreationResult, type WalletCredential, type WalletCredentialVerifySummary, type WalletStats, type Webhook, WebhooksResource };

package/dist/index.d.ts CHANGED Viewed

@@ -16,6 +16,7 @@ declare class HttpClient {
     private baseUrl;
     private timeout;
     private maxRetries;
+    private readonly inflight;
     constructor(options: HttpClientOptions);
     private getHeaders;
     private handleResponse;
@@ -2238,7 +2239,7 @@ interface QuestStep {
     name: string;
     description?: string;
     order: number;
-    step_type: 'event' | 'manual' | 'external' | 'compound';
+    step_type: 'event_count' | 'event_match' | 'unique_values' | 'cumulative' | 'streak' | 'manual' | 'threshold' | 'recency' | 'time_windowed_count' | 'wallet_holds' | 'milestone';
     event_type?: string;
     event_types?: string[];
     criteria?: Record<string, any>;
@@ -2354,7 +2355,7 @@ interface CreateQuestStepRequest {
     name: string;
     description?: string;
     order?: number;
-    step_type?: 'event' | 'manual' | 'external' | 'compound';
+    step_type?: 'event_count' | 'event_match' | 'unique_values' | 'cumulative' | 'streak' | 'manual' | 'threshold' | 'recency' | 'time_windowed_count' | 'wallet_holds' | 'milestone';
     event_type?: string;
     event_types?: string[];
     criteria?: Record<string, any>;
@@ -2394,9 +2395,10 @@ declare class QuestsClient {
         category?: string;
     }): Promise<QuestWithProgress[]>;
     /**
-     * Get a quest by slug
+     * REMOVED: getBySlug() — the server never implemented GET /quests/slug/{slug}.
+     * There is no slug-based lookup route in the API. Use list() with a status/category
+     * filter and find the quest client-side, or use get() with the quest ID.
      */
-    getBySlug(slug: string): Promise<Quest>;
     /**
      * Create a quest
      */
@@ -2422,9 +2424,9 @@ declare class QuestsClient {
      */
     pause(questId: string): Promise<Quest>;
     /**
-     * Archive a quest
+     * REMOVED: archive() — the server never implemented POST /quests/{id}/archive.
+     * To archive a quest, use update(questId, { status: 'archived' }) via PUT /quests/{id}.
      */
-    archive(questId: string): Promise<Quest>;
     /**
      * Get quest with user progress
      * Fetches the quest and user's progress separately and combines them
@@ -2469,19 +2471,37 @@ declare class QuestsClient {
      */
     claimReward(questId: string, userId: string): Promise<ClaimRewardResult>;
     /**
-     * Add a step to a quest
+     * Add a step to a quest.
+     *
+     * The server has no dedicated step-create endpoint — steps are managed via the
+     * full-replace PUT /quests/{id}. This method fetches the quest, appends the new
+     * step, and issues a full update. The returned QuestStep is synthesised from the
+     * updated quest's steps array (matched by order or last position).
      */
     addStep(questId: string, step: CreateQuestStepRequest): Promise<QuestStep>;
     /**
-     * Update a step
+     * Update a step by step ID.
+     *
+     * The server has no dedicated step-update endpoint — steps are managed via the
+     * full-replace PUT /quests/{id}. This method fetches the quest, replaces the
+     * matching step, and issues a full update.
      */
     updateStep(questId: string, stepId: string, data: Partial<CreateQuestStepRequest>): Promise<QuestStep>;
     /**
-     * Delete a step
+     * Delete a step by step ID.
+     *
+     * The server has no dedicated step-delete endpoint — steps are managed via the
+     * full-replace PUT /quests/{id}. This method fetches the quest, filters out the
+     * target step, and issues a full update.
      */
     deleteStep(questId: string, stepId: string): Promise<void>;
     /**
-     * Reorder steps
+     * Reorder steps by providing step IDs in the desired order.
+     *
+     * The server has no dedicated reorder endpoint — steps are managed via the
+     * full-replace PUT /quests/{id}. This method fetches the quest, reassigns
+     * the `order` field according to the given stepIds sequence, and issues a
+     * full update.
      */
     reorderSteps(questId: string, stepIds: string[]): Promise<Quest>;
 }
@@ -3520,12 +3540,29 @@ declare class NftClient {
 /**
  * Partner Keys Resource - OTT (One-Time Token) auth for partner integrations
+ *
+ * Flow:
+ *   1. Mobile app generates OTT: POST /partner-keys/generate (tenant API key + user JWT)
+ *   2. OTT is passed to partner webview via URL param
+ *   3. Partner backend redeems OTT: POST /partner-keys/redeem (integrator API key)
  */
-interface OTTRequestResponse {
+interface OTTGenerateRequest {
+    ttl?: number;
+    session_data_keys?: string[];
+}
+interface OTTGenerateResponse {
     ott: string;
     expires_in: number;
 }
+interface OTTRedeemResponse {
+    user_id: string;
+    tenant_id: string;
+    tenant_name: string | null;
+    session_data: Record<string, unknown>;
+    issued_at: string;
+    expires_at: string;
+}
 interface OTTConfigUpdate {
     ott_enabled?: boolean;
     ott_ttl_seconds?: number;
@@ -3542,21 +3579,40 @@ interface OTTConfigResponse {
     ott_jwt_ttl_seconds: number;
     ott_session_data_keys?: string[];
 }
+/** @deprecated Use OTTGenerateResponse */
+type OTTRequestResponse = OTTGenerateResponse;
 declare class PartnerKeysClient {
     private http;
     constructor(http: HttpClient);
     /**
-     * Request a one-time token for a partner key (end-user JWKS auth).
+     * Generate a one-time token for the authenticated end-user.
+     *
+     * Requires: tenant API key (X-API-Key) + end-user JWT (Authorization: Bearer).
+     * The SDK must be initialised with both `apiKey` and `userToken`.
+     *
+     * @param options.ttl - Token lifetime in seconds (30–3600, default 300)
+     * @param options.session_data_keys - Whitelist of JWT claims to include
+     */
+    generate(options?: OTTGenerateRequest): Promise<OTTGenerateResponse>;
+    /**
+     * Redeem a one-time token to get the user's identity.
+     *
+     * Requires: integrator API key (X-API-Key). The token is single-use
+     * and deleted on successful redemption.
+     *
+     * @param ott - The opaque one-time token
      */
-    requestOTT(keyId: string): Promise<OTTRequestResponse>;
+    redeem(ott: string): Promise<OTTRedeemResponse>;
     /**
-     * Update OTT configuration for a partner key.
+     * Update OTT configuration for a partner key (tenant admin).
      */
     updateOTTConfig(keyId: string, config: OTTConfigUpdate): Promise<OTTConfigResponse>;
     /**
-     * Get OTT configuration for a partner key.
+     * Get OTT configuration for a partner key (tenant admin).
      */
     getOTTConfig(keyId: string): Promise<OTTConfigResponse>;
+    /** @deprecated Use generate() */
+    requestOTT(_keyId: string): Promise<OTTGenerateResponse>;
 }
 /**
@@ -4150,4 +4206,4 @@ declare class TimeoutError extends ProofChainError {
     constructor(message?: string);
 }
-export { type Achievement, type ActivitySummaryView, type AddNFTRequest, type AnchorResult, type ApiKey, type AttestRequest, type AttestationConfig, type AttestationMode, type Attestation as AttestationRecord, type AttestationResult, type AttestationSchema, AttestationsClient, AuthenticationError, AuthorizationError, type AvailableView, type Badge, type BatchIngestRequest, type BatchIngestResponse, type BatchVerifyResult, type BlockchainProof, type BlockchainStats, type Certificate, type CertificateVerifyResult, CertificatesResource, type Channel, type ChannelState, type ChannelStatus, ChannelsResource, type ClaimNFTResult, type ClaimRewardResult, type CohortDefinition, type CohortGroupStats, CohortLeaderboardClient, type CohortLeaderboardEntry, type CohortLeaderboardOptions, type CohortLeaderboardResponse, type ComprehensiveWalletInfo, type CreateAchievementRequest, type CreateApiKeyRequest, type CreateAttestationRequest, type CreateBadgeRequest, type CreateChannelRequest, type CreateCredentialTypeRequest, type CreateDataViewRequest, type CreateDualWalletsRequest, type CreateEndUserRequest, type CreateEventRequest, type CreatePassportDefinitionRequest, type CreatePassportRequest, type CreateQuestRequest, type CreateQuestStepRequest, type CreateRewardDefinitionRequest, type CreateSchemaRequest, type CreateTemplateFieldRequest, type CreateTemplateRequest, type CreateWalletRequest as CreateUserWalletRequest, type CreateWalletRequest$1 as CreateWalletRequest, type CreateWebhookRequest, type CredentialType, type CredentialVerifyResult, CredentialsClient, type DataViewColumn, type DataViewComputation, type DataViewDetail, type DataViewExecuteResult, type DataViewInfo, type DataViewListResponse, type DataViewPreviewRequest, type DataViewPreviewResult, type DataViewSummary, DataViewsClient, type DistributeResult, DocumentsResource, type DualWallets, type EarnedReward, type EndUser, EndUserIngestionClient, type EndUserIngestionClientOptions, type EndUserListResponse, EndUsersClient, type Event, type EventBatchProof, type EventMetadata, type EventStatus, EventsResource, type ExecuteSwapRequest, type Facet, type FacetsResponse, type FanProfileView, type FanpassGroupStats, FanpassLeaderboardClient, type FanpassLeaderboardEntry, type FanpassLeaderboardOptions, type FanpassLeaderboardResponse, type FanpassUserComparisonResponse, type FieldValue, type GDPRDeletionRequest, type GDPRDeletionResponse, type GDPRPreviewResponse, type IngestEventRequest, type IngestEventResponse, IngestionClient, type IngestionClientOptions, type IssueCertificateRequest, type IssueCredentialRequest, type IssuedCredential, type LeaderboardUserProfile$1 as LeaderboardUserProfile, type LinkWalletRequest, type ListAttestationsOptions, type ListCertificatesRequest, type ListCohortsOptions, type ListEndUsersOptions, type ListEventsRequest, type ListIssuedCredentialsOptions, type ListMintsOptions, type ListMintsResponse, type ListQuestsOptions, type ListRewardsOptions, type ListSchemasOptions, type ListWalletCredentialsOptions, type ManualRewardRequest, type MergeUsersRequest, type Milestone, type MintNFTRequest, type NFT, type NFTMint, NetworkError, NftClient, NotFoundError, type NotificationCallback, type NotificationEvent, type NotificationEventType, NotificationsClient, type OTTConfigResponse, type OTTConfigUpdate, type OTTRequestResponse, PartnerKeysClient, type Passport, PassportClient, type PassportDefinition, type PassportFieldValue, type PassportHistory, type PassportTemplate, type PassportV2Data, type PassportWithFields, ProofChain, ProofChainError, type ProofChainOptions, type ProofVerifyResult, type PushSubscriptionJSON, type Quest, type QuestStep, type QuestWithProgress, QuestsClient, RateLimitError, type RegisterWalletRequest, type RevokeResult, type RewardAsset, type RewardAttestationResult, type RewardDefinition, type RewardEarned, type VerifyResult as RewardVerifyResult, RewardsClient, type Schema, type SchemaDetail, type SchemaField, type SchemaListResponse, type ValidationError$1 as SchemaValidationError, SchemasClient, type SearchFilters, type SearchQueryRequest, type SearchRequest, SearchResource, type SearchResponse, type SearchResult, type SearchStats, ServerError, type SetProfileRequest, type Settlement, type StepCompletionResult, type StepProgress, type StepStartResult, type StreamAck, type StreamEventRequest, type SubscribeOptions, type SwapQuote, type SwapQuoteRequest, type SwapResult, type TemplateField, type TenantInfo, TenantResource, type TierDefinition, TimeoutError, type TokenBalance, type TransferRequest, type TransferResult, type Unsubscribe, type UpdateConfigRequest as UpdateAttestationConfigRequest, type UpdateDataViewRequest, type UpdateEndUserRequest, type UpdatePassportRequest, type UpdateWebhookRequest, type UsageStats, type UserAchievement, type UserActivity, type UserActivityResponse, type UserBadge, type UserBreakdownResponse, type UserCohortBreakdownEntry, type UserCredentialsSummary, type UserQuestProgress, type UserReward$1 as UserReward, type UserRewardsResponse, type UserWalletSummary, type UserWithWallets, type UsersWithWalletsResponse, type ValidateDataRequest, ValidationError, type ValidationErrorDetail, type ValidationResult, type VaultFile, type VaultFolder, type VaultListResponse, VaultResource, type VaultStats, type VaultUploadRequest, type VerificationResult, VerifyResource, type ViewColumn, type ViewTemplate, type Wallet, type WalletBalance, WalletClient, type WalletCreationResult, type WalletCredential, type WalletCredentialVerifySummary, type WalletStats, type Webhook, WebhooksResource };
+export { type Achievement, type ActivitySummaryView, type AddNFTRequest, type AnchorResult, type ApiKey, type AttestRequest, type AttestationConfig, type AttestationMode, type Attestation as AttestationRecord, type AttestationResult, type AttestationSchema, AttestationsClient, AuthenticationError, AuthorizationError, type AvailableView, type Badge, type BatchIngestRequest, type BatchIngestResponse, type BatchVerifyResult, type BlockchainProof, type BlockchainStats, type Certificate, type CertificateVerifyResult, CertificatesResource, type Channel, type ChannelState, type ChannelStatus, ChannelsResource, type ClaimNFTResult, type ClaimRewardResult, type CohortDefinition, type CohortGroupStats, CohortLeaderboardClient, type CohortLeaderboardEntry, type CohortLeaderboardOptions, type CohortLeaderboardResponse, type ComprehensiveWalletInfo, type CreateAchievementRequest, type CreateApiKeyRequest, type CreateAttestationRequest, type CreateBadgeRequest, type CreateChannelRequest, type CreateCredentialTypeRequest, type CreateDataViewRequest, type CreateDualWalletsRequest, type CreateEndUserRequest, type CreateEventRequest, type CreatePassportDefinitionRequest, type CreatePassportRequest, type CreateQuestRequest, type CreateQuestStepRequest, type CreateRewardDefinitionRequest, type CreateSchemaRequest, type CreateTemplateFieldRequest, type CreateTemplateRequest, type CreateWalletRequest as CreateUserWalletRequest, type CreateWalletRequest$1 as CreateWalletRequest, type CreateWebhookRequest, type CredentialType, type CredentialVerifyResult, CredentialsClient, type DataViewColumn, type DataViewComputation, type DataViewDetail, type DataViewExecuteResult, type DataViewInfo, type DataViewListResponse, type DataViewPreviewRequest, type DataViewPreviewResult, type DataViewSummary, DataViewsClient, type DistributeResult, DocumentsResource, type DualWallets, type EarnedReward, type EndUser, EndUserIngestionClient, type EndUserIngestionClientOptions, type EndUserListResponse, EndUsersClient, type Event, type EventBatchProof, type EventMetadata, type EventStatus, EventsResource, type ExecuteSwapRequest, type Facet, type FacetsResponse, type FanProfileView, type FanpassGroupStats, FanpassLeaderboardClient, type FanpassLeaderboardEntry, type FanpassLeaderboardOptions, type FanpassLeaderboardResponse, type FanpassUserComparisonResponse, type FieldValue, type GDPRDeletionRequest, type GDPRDeletionResponse, type GDPRPreviewResponse, type IngestEventRequest, type IngestEventResponse, IngestionClient, type IngestionClientOptions, type IssueCertificateRequest, type IssueCredentialRequest, type IssuedCredential, type LeaderboardUserProfile$1 as LeaderboardUserProfile, type LinkWalletRequest, type ListAttestationsOptions, type ListCertificatesRequest, type ListCohortsOptions, type ListEndUsersOptions, type ListEventsRequest, type ListIssuedCredentialsOptions, type ListMintsOptions, type ListMintsResponse, type ListQuestsOptions, type ListRewardsOptions, type ListSchemasOptions, type ListWalletCredentialsOptions, type ManualRewardRequest, type MergeUsersRequest, type Milestone, type MintNFTRequest, type NFT, type NFTMint, NetworkError, NftClient, NotFoundError, type NotificationCallback, type NotificationEvent, type NotificationEventType, NotificationsClient, type OTTConfigResponse, type OTTConfigUpdate, type OTTGenerateRequest, type OTTGenerateResponse, type OTTRedeemResponse, type OTTRequestResponse, PartnerKeysClient, type Passport, PassportClient, type PassportDefinition, type PassportFieldValue, type PassportHistory, type PassportTemplate, type PassportV2Data, type PassportWithFields, ProofChain, ProofChainError, type ProofChainOptions, type ProofVerifyResult, type PushSubscriptionJSON, type Quest, type QuestStep, type QuestWithProgress, QuestsClient, RateLimitError, type RegisterWalletRequest, type RevokeResult, type RewardAsset, type RewardAttestationResult, type RewardDefinition, type RewardEarned, type VerifyResult as RewardVerifyResult, RewardsClient, type Schema, type SchemaDetail, type SchemaField, type SchemaListResponse, type ValidationError$1 as SchemaValidationError, SchemasClient, type SearchFilters, type SearchQueryRequest, type SearchRequest, SearchResource, type SearchResponse, type SearchResult, type SearchStats, ServerError, type SetProfileRequest, type Settlement, type StepCompletionResult, type StepProgress, type StepStartResult, type StreamAck, type StreamEventRequest, type SubscribeOptions, type SwapQuote, type SwapQuoteRequest, type SwapResult, type TemplateField, type TenantInfo, TenantResource, type TierDefinition, TimeoutError, type TokenBalance, type TransferRequest, type TransferResult, type Unsubscribe, type UpdateConfigRequest as UpdateAttestationConfigRequest, type UpdateDataViewRequest, type UpdateEndUserRequest, type UpdatePassportRequest, type UpdateWebhookRequest, type UsageStats, type UserAchievement, type UserActivity, type UserActivityResponse, type UserBadge, type UserBreakdownResponse, type UserCohortBreakdownEntry, type UserCredentialsSummary, type UserQuestProgress, type UserReward$1 as UserReward, type UserRewardsResponse, type UserWalletSummary, type UserWithWallets, type UsersWithWalletsResponse, type ValidateDataRequest, ValidationError, type ValidationErrorDetail, type ValidationResult, type VaultFile, type VaultFolder, type VaultListResponse, VaultResource, type VaultStats, type VaultUploadRequest, type VerificationResult, VerifyResource, type ViewColumn, type ViewTemplate, type Wallet, type WalletBalance, WalletClient, type WalletCreationResult, type WalletCredential, type WalletCredentialVerifySummary, type WalletStats, type Webhook, WebhooksResource };

package/dist/index.js CHANGED Viewed

@@ -125,6 +125,9 @@ var DEFAULT_TIMEOUT = 3e4;
 var USER_AGENT = "proofchain-js/0.1.0";
 var HttpClient = class {
   constructor(options) {
+    // In-flight GET de-duplication: concurrent identical GETs share one network
+    // request (and its response), cutting origin load for chatty UIs/pollers.
+    this.inflight = /* @__PURE__ */ new Map();
     this.apiKey = options.apiKey || "";
     this.userToken = options.userToken || "";
     this.tenantId = options.tenantId || "";
@@ -137,13 +140,14 @@ var HttpClient = class {
       "Content-Type": "application/json",
       "User-Agent": USER_AGENT
     };
+    if (this.apiKey) {
+      headers["X-API-Key"] = this.apiKey;
+    }
     if (this.userToken) {
       headers["Authorization"] = `Bearer ${this.userToken}`;
       if (this.tenantId) {
         headers["X-Tenant-ID"] = this.tenantId;
       }
-    } else if (this.apiKey) {
-      headers["X-API-Key"] = this.apiKey;
     }
     return headers;
   }
@@ -192,7 +196,8 @@ var HttpClient = class {
       clearTimeout(timeoutId);
       if (error instanceof ProofChainError) {
         if (error instanceof RateLimitError && retries < this.maxRetries) {
-          const delay = Math.min((error.retryAfter || 1) * 1e3, 6e4);
+          const base = Math.min((error.retryAfter || 1) * 1e3, 6e4);
+          const delay = base + Math.floor(Math.random() * 1e3);
           await new Promise((resolve) => setTimeout(resolve, delay));
           return this.fetchWithRetry(url, options, retries + 1);
         }
@@ -203,7 +208,9 @@ var HttpClient = class {
           throw new TimeoutError();
         }
         if (retries < this.maxRetries) {
-          await new Promise((resolve) => setTimeout(resolve, 1e3 * (retries + 1)));
+          const base = 1e3 * (retries + 1);
+          const delay = base + Math.floor(Math.random() * 500);
+          await new Promise((resolve) => setTimeout(resolve, delay));
           return this.fetchWithRetry(url, options, retries + 1);
         }
         throw new NetworkError(error.message, error);
@@ -232,6 +239,17 @@ var HttpClient = class {
     if (options.body) {
       fetchOptions.body = JSON.stringify(options.body);
     }
+    if (method === "GET") {
+      const existing = this.inflight.get(url);
+      if (existing) {
+        return existing;
+      }
+      const pending = this.fetchWithRetry(url, fetchOptions).finally(() => {
+        this.inflight.delete(url);
+      });
+      this.inflight.set(url, pending);
+      return pending;
+    }
     return this.fetchWithRetry(url, fetchOptions);
   }
   async requestMultipart(path, formData) {
@@ -239,13 +257,14 @@ var HttpClient = class {
     const headers = {
       "User-Agent": USER_AGENT
     };
+    if (this.apiKey) {
+      headers["X-API-Key"] = this.apiKey;
+    }
     if (this.userToken) {
       headers["Authorization"] = `Bearer ${this.userToken}`;
       if (this.tenantId) {
         headers["X-Tenant-ID"] = this.tenantId;
       }
-    } else if (this.apiKey) {
-      headers["X-API-Key"] = this.apiKey;
     }
     return this.fetchWithRetry(url, {
       method: "POST",
@@ -1724,11 +1743,10 @@ var QuestsClient = class {
     return this.http.get(`/quests/available?${params.toString()}`);
   }
   /**
-   * Get a quest by slug
+   * REMOVED: getBySlug() — the server never implemented GET /quests/slug/{slug}.
+   * There is no slug-based lookup route in the API. Use list() with a status/category
+   * filter and find the quest client-side, or use get() with the quest ID.
    */
-  async getBySlug(slug) {
-    return this.http.get(`/quests/slug/${encodeURIComponent(slug)}`);
-  }
   /**
    * Create a quest
    */
@@ -1769,11 +1787,9 @@ var QuestsClient = class {
     return this.http.post(`/quests/${questId}/pause`, {});
   }
   /**
-   * Archive a quest
+   * REMOVED: archive() — the server never implemented POST /quests/{id}/archive.
+   * To archive a quest, use update(questId, { status: 'archived' }) via PUT /quests/{id}.
    */
-  async archive(questId) {
-    return this.http.post(`/quests/${questId}/archive`, {});
-  }
   // ---------------------------------------------------------------------------
   // User Progress
   // ---------------------------------------------------------------------------
@@ -1853,28 +1869,144 @@ var QuestsClient = class {
   // Quest Steps
   // ---------------------------------------------------------------------------
   /**
-   * Add a step to a quest
+   * Add a step to a quest.
+   *
+   * The server has no dedicated step-create endpoint — steps are managed via the
+   * full-replace PUT /quests/{id}. This method fetches the quest, appends the new
+   * step, and issues a full update. The returned QuestStep is synthesised from the
+   * updated quest's steps array (matched by order or last position).
    */
   async addStep(questId, step) {
-    return this.http.post(`/quests/${questId}/steps`, step);
-  }
-  /**
-   * Update a step
+    const quest = await this.get(questId);
+    const newOrder = step.order ?? (quest.steps.length > 0 ? Math.max(...quest.steps.map((s) => s.order)) + 1 : 0);
+    const stepsPayload = [
+      ...quest.steps.map((s) => ({
+        name: s.name,
+        description: s.description,
+        order: s.order,
+        step_type: s.step_type,
+        event_type: s.event_type,
+        event_types: s.event_types,
+        criteria: s.criteria,
+        required_data_fields: s.required_data_fields,
+        step_points: s.step_points,
+        cta_text: s.cta_text,
+        cta_url: s.cta_url,
+        icon_url: s.icon_url,
+        is_optional: s.is_optional
+      })),
+      { ...step, order: newOrder }
+    ];
+    const updated = await this.update(questId, { steps: stepsPayload });
+    const added = updated.steps.find((s) => s.order === newOrder) ?? updated.steps[updated.steps.length - 1];
+    return added;
+  }
+  /**
+   * Update a step by step ID.
+   *
+   * The server has no dedicated step-update endpoint — steps are managed via the
+   * full-replace PUT /quests/{id}. This method fetches the quest, replaces the
+   * matching step, and issues a full update.
    */
   async updateStep(questId, stepId, data) {
-    return this.http.put(`/quests/${questId}/steps/${stepId}`, data);
+    const quest = await this.get(questId);
+    const stepsPayload = quest.steps.map((s) => {
+      if (s.id !== stepId) {
+        return {
+          name: s.name,
+          description: s.description,
+          order: s.order,
+          step_type: s.step_type,
+          event_type: s.event_type,
+          event_types: s.event_types,
+          criteria: s.criteria,
+          required_data_fields: s.required_data_fields,
+          step_points: s.step_points,
+          cta_text: s.cta_text,
+          cta_url: s.cta_url,
+          icon_url: s.icon_url,
+          is_optional: s.is_optional
+        };
+      }
+      return {
+        name: s.name,
+        description: s.description,
+        order: s.order,
+        step_type: s.step_type,
+        event_type: s.event_type,
+        event_types: s.event_types,
+        criteria: s.criteria,
+        required_data_fields: s.required_data_fields,
+        step_points: s.step_points,
+        cta_text: s.cta_text,
+        cta_url: s.cta_url,
+        icon_url: s.icon_url,
+        is_optional: s.is_optional,
+        ...data
+      };
+    });
+    const updated = await this.update(questId, { steps: stepsPayload });
+    const found = updated.steps.find((s) => s.id === stepId);
+    if (!found) throw new Error(`Step ${stepId} not found after update`);
+    return found;
   }
   /**
-   * Delete a step
+   * Delete a step by step ID.
+   *
+   * The server has no dedicated step-delete endpoint — steps are managed via the
+   * full-replace PUT /quests/{id}. This method fetches the quest, filters out the
+   * target step, and issues a full update.
    */
   async deleteStep(questId, stepId) {
-    await this.http.delete(`/quests/${questId}/steps/${stepId}`);
-  }
-  /**
-   * Reorder steps
+    const quest = await this.get(questId);
+    const stepsPayload = quest.steps.filter((s) => s.id !== stepId).map((s) => ({
+      name: s.name,
+      description: s.description,
+      order: s.order,
+      step_type: s.step_type,
+      event_type: s.event_type,
+      event_types: s.event_types,
+      criteria: s.criteria,
+      required_data_fields: s.required_data_fields,
+      step_points: s.step_points,
+      cta_text: s.cta_text,
+      cta_url: s.cta_url,
+      icon_url: s.icon_url,
+      is_optional: s.is_optional
+    }));
+    await this.update(questId, { steps: stepsPayload });
+  }
+  /**
+   * Reorder steps by providing step IDs in the desired order.
+   *
+   * The server has no dedicated reorder endpoint — steps are managed via the
+   * full-replace PUT /quests/{id}. This method fetches the quest, reassigns
+   * the `order` field according to the given stepIds sequence, and issues a
+   * full update.
    */
   async reorderSteps(questId, stepIds) {
-    return this.http.post(`/quests/${questId}/steps/reorder`, { step_ids: stepIds });
+    const quest = await this.get(questId);
+    const stepMap = new Map(quest.steps.map((s) => [s.id, s]));
+    const stepsPayload = stepIds.map((id, index) => {
+      const s = stepMap.get(id);
+      if (!s) throw new Error(`Step ${id} not found in quest ${questId}`);
+      return {
+        name: s.name,
+        description: s.description,
+        order: index,
+        step_type: s.step_type,
+        event_type: s.event_type,
+        event_types: s.event_types,
+        criteria: s.criteria,
+        required_data_fields: s.required_data_fields,
+        step_points: s.step_points,
+        cta_text: s.cta_text,
+        cta_url: s.cta_url,
+        icon_url: s.icon_url,
+        is_optional: s.is_optional
+      };
+    });
+    return this.update(questId, { steps: stepsPayload });
   }
 };
@@ -2711,23 +2843,44 @@ var PartnerKeysClient = class {
     this.http = http;
   }
   /**
-   * Request a one-time token for a partner key (end-user JWKS auth).
+   * Generate a one-time token for the authenticated end-user.
+   *
+   * Requires: tenant API key (X-API-Key) + end-user JWT (Authorization: Bearer).
+   * The SDK must be initialised with both `apiKey` and `userToken`.
+   *
+   * @param options.ttl - Token lifetime in seconds (30–3600, default 300)
+   * @param options.session_data_keys - Whitelist of JWT claims to include
    */
-  async requestOTT(keyId) {
-    return this.http.post(`/partner-keys/${keyId}/ott/request`);
+  async generate(options) {
+    return this.http.post("/partner-keys/generate", options ?? {});
   }
   /**
-   * Update OTT configuration for a partner key.
+   * Redeem a one-time token to get the user's identity.
+   *
+   * Requires: integrator API key (X-API-Key). The token is single-use
+   * and deleted on successful redemption.
+   *
+   * @param ott - The opaque one-time token
+   */
+  async redeem(ott) {
+    return this.http.post("/partner-keys/redeem", { ott });
+  }
+  /**
+   * Update OTT configuration for a partner key (tenant admin).
    */
   async updateOTTConfig(keyId, config) {
     return this.http.patch(`/partner-keys/${keyId}/ott-config`, config);
   }
   /**
-   * Get OTT configuration for a partner key.
+   * Get OTT configuration for a partner key (tenant admin).
    */
   async getOTTConfig(keyId) {
     return this.http.get(`/partner-keys/${keyId}/ott-config`);
   }
+  /** @deprecated Use generate() */
+  async requestOTT(_keyId) {
+    return this.generate();
+  }
 };
 // src/attestations.ts

package/dist/index.mjs CHANGED Viewed

@@ -65,6 +65,9 @@ var DEFAULT_TIMEOUT = 3e4;
 var USER_AGENT = "proofchain-js/0.1.0";
 var HttpClient = class {
   constructor(options) {
+    // In-flight GET de-duplication: concurrent identical GETs share one network
+    // request (and its response), cutting origin load for chatty UIs/pollers.
+    this.inflight = /* @__PURE__ */ new Map();
     this.apiKey = options.apiKey || "";
     this.userToken = options.userToken || "";
     this.tenantId = options.tenantId || "";
@@ -77,13 +80,14 @@ var HttpClient = class {
       "Content-Type": "application/json",
       "User-Agent": USER_AGENT
     };
+    if (this.apiKey) {
+      headers["X-API-Key"] = this.apiKey;
+    }
     if (this.userToken) {
       headers["Authorization"] = `Bearer ${this.userToken}`;
       if (this.tenantId) {
         headers["X-Tenant-ID"] = this.tenantId;
       }
-    } else if (this.apiKey) {
-      headers["X-API-Key"] = this.apiKey;
     }
     return headers;
   }
@@ -132,7 +136,8 @@ var HttpClient = class {
       clearTimeout(timeoutId);
       if (error instanceof ProofChainError) {
         if (error instanceof RateLimitError && retries < this.maxRetries) {
-          const delay = Math.min((error.retryAfter || 1) * 1e3, 6e4);
+          const base = Math.min((error.retryAfter || 1) * 1e3, 6e4);
+          const delay = base + Math.floor(Math.random() * 1e3);
           await new Promise((resolve) => setTimeout(resolve, delay));
           return this.fetchWithRetry(url, options, retries + 1);
         }
@@ -143,7 +148,9 @@ var HttpClient = class {
           throw new TimeoutError();
         }
         if (retries < this.maxRetries) {
-          await new Promise((resolve) => setTimeout(resolve, 1e3 * (retries + 1)));
+          const base = 1e3 * (retries + 1);
+          const delay = base + Math.floor(Math.random() * 500);
+          await new Promise((resolve) => setTimeout(resolve, delay));
           return this.fetchWithRetry(url, options, retries + 1);
         }
         throw new NetworkError(error.message, error);
@@ -172,6 +179,17 @@ var HttpClient = class {
     if (options.body) {
       fetchOptions.body = JSON.stringify(options.body);
     }
+    if (method === "GET") {
+      const existing = this.inflight.get(url);
+      if (existing) {
+        return existing;
+      }
+      const pending = this.fetchWithRetry(url, fetchOptions).finally(() => {
+        this.inflight.delete(url);
+      });
+      this.inflight.set(url, pending);
+      return pending;
+    }
     return this.fetchWithRetry(url, fetchOptions);
   }
   async requestMultipart(path, formData) {
@@ -179,13 +197,14 @@ var HttpClient = class {
     const headers = {
       "User-Agent": USER_AGENT
     };
+    if (this.apiKey) {
+      headers["X-API-Key"] = this.apiKey;
+    }
     if (this.userToken) {
       headers["Authorization"] = `Bearer ${this.userToken}`;
       if (this.tenantId) {
         headers["X-Tenant-ID"] = this.tenantId;
       }
-    } else if (this.apiKey) {
-      headers["X-API-Key"] = this.apiKey;
     }
     return this.fetchWithRetry(url, {
       method: "POST",
@@ -1664,11 +1683,10 @@ var QuestsClient = class {
     return this.http.get(`/quests/available?${params.toString()}`);
   }
   /**
-   * Get a quest by slug
+   * REMOVED: getBySlug() — the server never implemented GET /quests/slug/{slug}.
+   * There is no slug-based lookup route in the API. Use list() with a status/category
+   * filter and find the quest client-side, or use get() with the quest ID.
    */
-  async getBySlug(slug) {
-    return this.http.get(`/quests/slug/${encodeURIComponent(slug)}`);
-  }
   /**
    * Create a quest
    */
@@ -1709,11 +1727,9 @@ var QuestsClient = class {
     return this.http.post(`/quests/${questId}/pause`, {});
   }
   /**
-   * Archive a quest
+   * REMOVED: archive() — the server never implemented POST /quests/{id}/archive.
+   * To archive a quest, use update(questId, { status: 'archived' }) via PUT /quests/{id}.
    */
-  async archive(questId) {
-    return this.http.post(`/quests/${questId}/archive`, {});
-  }
   // ---------------------------------------------------------------------------
   // User Progress
   // ---------------------------------------------------------------------------
@@ -1793,28 +1809,144 @@ var QuestsClient = class {
   // Quest Steps
   // ---------------------------------------------------------------------------
   /**
-   * Add a step to a quest
+   * Add a step to a quest.
+   *
+   * The server has no dedicated step-create endpoint — steps are managed via the
+   * full-replace PUT /quests/{id}. This method fetches the quest, appends the new
+   * step, and issues a full update. The returned QuestStep is synthesised from the
+   * updated quest's steps array (matched by order or last position).
    */
   async addStep(questId, step) {
-    return this.http.post(`/quests/${questId}/steps`, step);
-  }
-  /**
-   * Update a step
+    const quest = await this.get(questId);
+    const newOrder = step.order ?? (quest.steps.length > 0 ? Math.max(...quest.steps.map((s) => s.order)) + 1 : 0);
+    const stepsPayload = [
+      ...quest.steps.map((s) => ({
+        name: s.name,
+        description: s.description,
+        order: s.order,
+        step_type: s.step_type,
+        event_type: s.event_type,
+        event_types: s.event_types,
+        criteria: s.criteria,
+        required_data_fields: s.required_data_fields,
+        step_points: s.step_points,
+        cta_text: s.cta_text,
+        cta_url: s.cta_url,
+        icon_url: s.icon_url,
+        is_optional: s.is_optional
+      })),
+      { ...step, order: newOrder }
+    ];
+    const updated = await this.update(questId, { steps: stepsPayload });
+    const added = updated.steps.find((s) => s.order === newOrder) ?? updated.steps[updated.steps.length - 1];
+    return added;
+  }
+  /**
+   * Update a step by step ID.
+   *
+   * The server has no dedicated step-update endpoint — steps are managed via the
+   * full-replace PUT /quests/{id}. This method fetches the quest, replaces the
+   * matching step, and issues a full update.
    */
   async updateStep(questId, stepId, data) {
-    return this.http.put(`/quests/${questId}/steps/${stepId}`, data);
+    const quest = await this.get(questId);
+    const stepsPayload = quest.steps.map((s) => {
+      if (s.id !== stepId) {
+        return {
+          name: s.name,
+          description: s.description,
+          order: s.order,
+          step_type: s.step_type,
+          event_type: s.event_type,
+          event_types: s.event_types,
+          criteria: s.criteria,
+          required_data_fields: s.required_data_fields,
+          step_points: s.step_points,
+          cta_text: s.cta_text,
+          cta_url: s.cta_url,
+          icon_url: s.icon_url,
+          is_optional: s.is_optional
+        };
+      }
+      return {
+        name: s.name,
+        description: s.description,
+        order: s.order,
+        step_type: s.step_type,
+        event_type: s.event_type,
+        event_types: s.event_types,
+        criteria: s.criteria,
+        required_data_fields: s.required_data_fields,
+        step_points: s.step_points,
+        cta_text: s.cta_text,
+        cta_url: s.cta_url,
+        icon_url: s.icon_url,
+        is_optional: s.is_optional,
+        ...data
+      };
+    });
+    const updated = await this.update(questId, { steps: stepsPayload });
+    const found = updated.steps.find((s) => s.id === stepId);
+    if (!found) throw new Error(`Step ${stepId} not found after update`);
+    return found;
   }
   /**
-   * Delete a step
+   * Delete a step by step ID.
+   *
+   * The server has no dedicated step-delete endpoint — steps are managed via the
+   * full-replace PUT /quests/{id}. This method fetches the quest, filters out the
+   * target step, and issues a full update.
    */
   async deleteStep(questId, stepId) {
-    await this.http.delete(`/quests/${questId}/steps/${stepId}`);
-  }
-  /**
-   * Reorder steps
+    const quest = await this.get(questId);
+    const stepsPayload = quest.steps.filter((s) => s.id !== stepId).map((s) => ({
+      name: s.name,
+      description: s.description,
+      order: s.order,
+      step_type: s.step_type,
+      event_type: s.event_type,
+      event_types: s.event_types,
+      criteria: s.criteria,
+      required_data_fields: s.required_data_fields,
+      step_points: s.step_points,
+      cta_text: s.cta_text,
+      cta_url: s.cta_url,
+      icon_url: s.icon_url,
+      is_optional: s.is_optional
+    }));
+    await this.update(questId, { steps: stepsPayload });
+  }
+  /**
+   * Reorder steps by providing step IDs in the desired order.
+   *
+   * The server has no dedicated reorder endpoint — steps are managed via the
+   * full-replace PUT /quests/{id}. This method fetches the quest, reassigns
+   * the `order` field according to the given stepIds sequence, and issues a
+   * full update.
    */
   async reorderSteps(questId, stepIds) {
-    return this.http.post(`/quests/${questId}/steps/reorder`, { step_ids: stepIds });
+    const quest = await this.get(questId);
+    const stepMap = new Map(quest.steps.map((s) => [s.id, s]));
+    const stepsPayload = stepIds.map((id, index) => {
+      const s = stepMap.get(id);
+      if (!s) throw new Error(`Step ${id} not found in quest ${questId}`);
+      return {
+        name: s.name,
+        description: s.description,
+        order: index,
+        step_type: s.step_type,
+        event_type: s.event_type,
+        event_types: s.event_types,
+        criteria: s.criteria,
+        required_data_fields: s.required_data_fields,
+        step_points: s.step_points,
+        cta_text: s.cta_text,
+        cta_url: s.cta_url,
+        icon_url: s.icon_url,
+        is_optional: s.is_optional
+      };
+    });
+    return this.update(questId, { steps: stepsPayload });
   }
 };
@@ -2651,23 +2783,44 @@ var PartnerKeysClient = class {
     this.http = http;
   }
   /**
-   * Request a one-time token for a partner key (end-user JWKS auth).
+   * Generate a one-time token for the authenticated end-user.
+   *
+   * Requires: tenant API key (X-API-Key) + end-user JWT (Authorization: Bearer).
+   * The SDK must be initialised with both `apiKey` and `userToken`.
+   *
+   * @param options.ttl - Token lifetime in seconds (30–3600, default 300)
+   * @param options.session_data_keys - Whitelist of JWT claims to include
    */
-  async requestOTT(keyId) {
-    return this.http.post(`/partner-keys/${keyId}/ott/request`);
+  async generate(options) {
+    return this.http.post("/partner-keys/generate", options ?? {});
   }
   /**
-   * Update OTT configuration for a partner key.
+   * Redeem a one-time token to get the user's identity.
+   *
+   * Requires: integrator API key (X-API-Key). The token is single-use
+   * and deleted on successful redemption.
+   *
+   * @param ott - The opaque one-time token
+   */
+  async redeem(ott) {
+    return this.http.post("/partner-keys/redeem", { ott });
+  }
+  /**
+   * Update OTT configuration for a partner key (tenant admin).
    */
   async updateOTTConfig(keyId, config) {
     return this.http.patch(`/partner-keys/${keyId}/ott-config`, config);
   }
   /**
-   * Get OTT configuration for a partner key.
+   * Get OTT configuration for a partner key (tenant admin).
    */
   async getOTTConfig(keyId) {
     return this.http.get(`/partner-keys/${keyId}/ott-config`);
   }
+  /** @deprecated Use generate() */
+  async requestOTT(_keyId) {
+    return this.generate();
+  }
 };
 // src/attestations.ts

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@proofchain/sdk",
-  "version": "2.22.0",
+  "version": "3.0.0",
   "description": "Official JavaScript/TypeScript SDK for ProofChain - blockchain-anchored document attestation",
   "main": "dist/index.js",
   "module": "dist/index.mjs",