npm - @proofchain/sdk - Versions diffs - 2.23.0 → 3.1.0 - Mend

@proofchain/sdk 2.23.0 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -1,11 +1,39 @@
 /**
  * HTTP Client for ProofChain API
  */
+/**
+ * Returns the per-tenant Cloudflare edge API URL for `slug`.
+ *
+ * Cloudflare can cache responses from per-tenant hosts
+ * (`https://{slug}.proofchain.co.za/api`) because the full URL is the cache
+ * key. The shared `api.proofchain.co.za` host is keyed on the `X-Tenant-ID`
+ * header and cannot be cached safely at the CDN layer.
+ *
+ * @example
+ * ```typescript
+ * import { tenantApiUrl, ProofChain } from '@proofchain/sdk';
+ *
+ * const client = new ProofChain({
+ *   apiKey: 'atst_…',
+ *   baseUrl: tenantApiUrl('acme'), // https://acme.proofchain.co.za/api
+ * });
+ * ```
+ */
+declare function tenantApiUrl(slug: string): string;
 interface HttpClientOptions {
     apiKey?: string;
     userToken?: string;
     tenantId?: string;
+    /**
+     * Explicit base URL — highest precedence.
+     * Covers custom domains (e.g. `https://fanpass.onefootball.com/api`).
+     */
     baseUrl?: string;
+    /**
+     * Tenant slug used to derive the per-tenant edge URL when no explicit
+     * `baseUrl` is provided.  Precedence: baseUrl > tenant > default.
+     */
+    tenant?: string;
     timeout?: number;
     maxRetries?: number;
 }
@@ -16,6 +44,7 @@ declare class HttpClient {
     private baseUrl;
     private timeout;
     private maxRetries;
+    private readonly inflight;
     constructor(options: HttpClientOptions);
     private getHeaders;
     private handleResponse;
@@ -384,9 +413,51 @@ interface ProofChainOptions {
     apiKey?: string;
     /** End-user JWT for JWKS auth (alternative to apiKey). For PWA clients. */
     userToken?: string;
-    /** Tenant slug or client_id. Required when using userToken. */
+    /**
+     * Tenant slug or client_id. Required when using userToken.
+     *
+     * When used as the sole host hint (no explicit `baseUrl`), the SDK also
+     * derives the base URL as `https://{tenantId}.proofchain.co.za/api` so
+     * requests hit the per-tenant Cloudflare edge host — enabling response
+     * caching that the shared `api.proofchain.co.za` origin cannot provide
+     * (the shared host is keyed on headers, not URL, and is therefore
+     * uncacheable at the CDN layer).
+     */
     tenantId?: string;
+    /**
+     * Override the API base URL (highest precedence).
+     *
+     * Use this for custom domains (e.g. `https://fanpass-portal.onefootball.com/api`)
+     * or self-hosted deployments. When omitted and `tenantId` is set, the SDK
+     * automatically uses `https://{tenantId}.proofchain.co.za/api`.
+     *
+     * Precedence: `baseUrl` > `tenantId`-derived URL > shared default.
+     */
     baseUrl?: string;
+    /**
+     * Tenant slug used to derive the per-tenant Cloudflare edge URL
+     * (`https://{tenant}.proofchain.co.za/api`) when no explicit `baseUrl` is
+     * supplied.
+     *
+     * Edge caching requires the per-tenant host: the shared `api.proofchain.co.za`
+     * host is keyed on the `X-Tenant-ID` header and cannot be safely cached by
+     * Cloudflare. Providing this option is the easiest way for integrators to opt
+     * into cached responses without managing a custom domain.
+     *
+     * @example
+     * ```typescript
+     * // Requests go to https://acme.proofchain.co.za/api — edge cached.
+     * const client = new ProofChain({ apiKey: 'atst_…', tenant: 'acme' });
+     *
+     * // Custom domain takes precedence; tenant is ignored for URL derivation.
+     * const client = new ProofChain({
+     *   apiKey: 'atst_…',
+     *   tenant: 'acme',
+     *   baseUrl: 'https://fanpass.onefootball.com/api',
+     * });
+     * ```
+     */
+    tenant?: string;
     timeout?: number;
     maxRetries?: number;
 }
@@ -2238,7 +2309,7 @@ interface QuestStep {
     name: string;
     description?: string;
     order: number;
-    step_type: 'event' | 'manual' | 'external' | 'compound';
+    step_type: 'event_count' | 'event_match' | 'unique_values' | 'cumulative' | 'streak' | 'manual' | 'threshold' | 'recency' | 'time_windowed_count' | 'wallet_holds' | 'milestone';
     event_type?: string;
     event_types?: string[];
     criteria?: Record<string, any>;
@@ -2354,7 +2425,7 @@ interface CreateQuestStepRequest {
     name: string;
     description?: string;
     order?: number;
-    step_type?: 'event' | 'manual' | 'external' | 'compound';
+    step_type?: 'event_count' | 'event_match' | 'unique_values' | 'cumulative' | 'streak' | 'manual' | 'threshold' | 'recency' | 'time_windowed_count' | 'wallet_holds' | 'milestone';
     event_type?: string;
     event_types?: string[];
     criteria?: Record<string, any>;
@@ -2394,9 +2465,10 @@ declare class QuestsClient {
         category?: string;
     }): Promise<QuestWithProgress[]>;
     /**
-     * Get a quest by slug
+     * REMOVED: getBySlug() — the server never implemented GET /quests/slug/{slug}.
+     * There is no slug-based lookup route in the API. Use list() with a status/category
+     * filter and find the quest client-side, or use get() with the quest ID.
      */
-    getBySlug(slug: string): Promise<Quest>;
     /**
      * Create a quest
      */
@@ -2422,9 +2494,9 @@ declare class QuestsClient {
      */
     pause(questId: string): Promise<Quest>;
     /**
-     * Archive a quest
+     * REMOVED: archive() — the server never implemented POST /quests/{id}/archive.
+     * To archive a quest, use update(questId, { status: 'archived' }) via PUT /quests/{id}.
      */
-    archive(questId: string): Promise<Quest>;
     /**
      * Get quest with user progress
      * Fetches the quest and user's progress separately and combines them
@@ -2469,19 +2541,37 @@ declare class QuestsClient {
      */
     claimReward(questId: string, userId: string): Promise<ClaimRewardResult>;
     /**
-     * Add a step to a quest
+     * Add a step to a quest.
+     *
+     * The server has no dedicated step-create endpoint — steps are managed via the
+     * full-replace PUT /quests/{id}. This method fetches the quest, appends the new
+     * step, and issues a full update. The returned QuestStep is synthesised from the
+     * updated quest's steps array (matched by order or last position).
      */
     addStep(questId: string, step: CreateQuestStepRequest): Promise<QuestStep>;
     /**
-     * Update a step
+     * Update a step by step ID.
+     *
+     * The server has no dedicated step-update endpoint — steps are managed via the
+     * full-replace PUT /quests/{id}. This method fetches the quest, replaces the
+     * matching step, and issues a full update.
      */
     updateStep(questId: string, stepId: string, data: Partial<CreateQuestStepRequest>): Promise<QuestStep>;
     /**
-     * Delete a step
+     * Delete a step by step ID.
+     *
+     * The server has no dedicated step-delete endpoint — steps are managed via the
+     * full-replace PUT /quests/{id}. This method fetches the quest, filters out the
+     * target step, and issues a full update.
      */
     deleteStep(questId: string, stepId: string): Promise<void>;
     /**
-     * Reorder steps
+     * Reorder steps by providing step IDs in the desired order.
+     *
+     * The server has no dedicated reorder endpoint — steps are managed via the
+     * full-replace PUT /quests/{id}. This method fetches the quest, reassigns
+     * the `order` field according to the given stepIds sequence, and issues a
+     * full update.
      */
     reorderSteps(questId: string, stepIds: string[]): Promise<Quest>;
 }
@@ -4186,4 +4276,4 @@ declare class TimeoutError extends ProofChainError {
     constructor(message?: string);
 }
-export { type Achievement, type ActivitySummaryView, type AddNFTRequest, type AnchorResult, type ApiKey, type AttestRequest, type AttestationConfig, type AttestationMode, type Attestation as AttestationRecord, type AttestationResult, type AttestationSchema, AttestationsClient, AuthenticationError, AuthorizationError, type AvailableView, type Badge, type BatchIngestRequest, type BatchIngestResponse, type BatchVerifyResult, type BlockchainProof, type BlockchainStats, type Certificate, type CertificateVerifyResult, CertificatesResource, type Channel, type ChannelState, type ChannelStatus, ChannelsResource, type ClaimNFTResult, type ClaimRewardResult, type CohortDefinition, type CohortGroupStats, CohortLeaderboardClient, type CohortLeaderboardEntry, type CohortLeaderboardOptions, type CohortLeaderboardResponse, type ComprehensiveWalletInfo, type CreateAchievementRequest, type CreateApiKeyRequest, type CreateAttestationRequest, type CreateBadgeRequest, type CreateChannelRequest, type CreateCredentialTypeRequest, type CreateDataViewRequest, type CreateDualWalletsRequest, type CreateEndUserRequest, type CreateEventRequest, type CreatePassportDefinitionRequest, type CreatePassportRequest, type CreateQuestRequest, type CreateQuestStepRequest, type CreateRewardDefinitionRequest, type CreateSchemaRequest, type CreateTemplateFieldRequest, type CreateTemplateRequest, type CreateWalletRequest as CreateUserWalletRequest, type CreateWalletRequest$1 as CreateWalletRequest, type CreateWebhookRequest, type CredentialType, type CredentialVerifyResult, CredentialsClient, type DataViewColumn, type DataViewComputation, type DataViewDetail, type DataViewExecuteResult, type DataViewInfo, type DataViewListResponse, type DataViewPreviewRequest, type DataViewPreviewResult, type DataViewSummary, DataViewsClient, type DistributeResult, DocumentsResource, type DualWallets, type EarnedReward, type EndUser, EndUserIngestionClient, type EndUserIngestionClientOptions, type EndUserListResponse, EndUsersClient, type Event, type EventBatchProof, type EventMetadata, type EventStatus, EventsResource, type ExecuteSwapRequest, type Facet, type FacetsResponse, type FanProfileView, type FanpassGroupStats, FanpassLeaderboardClient, type FanpassLeaderboardEntry, type FanpassLeaderboardOptions, type FanpassLeaderboardResponse, type FanpassUserComparisonResponse, type FieldValue, type GDPRDeletionRequest, type GDPRDeletionResponse, type GDPRPreviewResponse, type IngestEventRequest, type IngestEventResponse, IngestionClient, type IngestionClientOptions, type IssueCertificateRequest, type IssueCredentialRequest, type IssuedCredential, type LeaderboardUserProfile$1 as LeaderboardUserProfile, type LinkWalletRequest, type ListAttestationsOptions, type ListCertificatesRequest, type ListCohortsOptions, type ListEndUsersOptions, type ListEventsRequest, type ListIssuedCredentialsOptions, type ListMintsOptions, type ListMintsResponse, type ListQuestsOptions, type ListRewardsOptions, type ListSchemasOptions, type ListWalletCredentialsOptions, type ManualRewardRequest, type MergeUsersRequest, type Milestone, type MintNFTRequest, type NFT, type NFTMint, NetworkError, NftClient, NotFoundError, type NotificationCallback, type NotificationEvent, type NotificationEventType, NotificationsClient, type OTTConfigResponse, type OTTConfigUpdate, type OTTGenerateRequest, type OTTGenerateResponse, type OTTRedeemResponse, type OTTRequestResponse, PartnerKeysClient, type Passport, PassportClient, type PassportDefinition, type PassportFieldValue, type PassportHistory, type PassportTemplate, type PassportV2Data, type PassportWithFields, ProofChain, ProofChainError, type ProofChainOptions, type ProofVerifyResult, type PushSubscriptionJSON, type Quest, type QuestStep, type QuestWithProgress, QuestsClient, RateLimitError, type RegisterWalletRequest, type RevokeResult, type RewardAsset, type RewardAttestationResult, type RewardDefinition, type RewardEarned, type VerifyResult as RewardVerifyResult, RewardsClient, type Schema, type SchemaDetail, type SchemaField, type SchemaListResponse, type ValidationError$1 as SchemaValidationError, SchemasClient, type SearchFilters, type SearchQueryRequest, type SearchRequest, SearchResource, type SearchResponse, type SearchResult, type SearchStats, ServerError, type SetProfileRequest, type Settlement, type StepCompletionResult, type StepProgress, type StepStartResult, type StreamAck, type StreamEventRequest, type SubscribeOptions, type SwapQuote, type SwapQuoteRequest, type SwapResult, type TemplateField, type TenantInfo, TenantResource, type TierDefinition, TimeoutError, type TokenBalance, type TransferRequest, type TransferResult, type Unsubscribe, type UpdateConfigRequest as UpdateAttestationConfigRequest, type UpdateDataViewRequest, type UpdateEndUserRequest, type UpdatePassportRequest, type UpdateWebhookRequest, type UsageStats, type UserAchievement, type UserActivity, type UserActivityResponse, type UserBadge, type UserBreakdownResponse, type UserCohortBreakdownEntry, type UserCredentialsSummary, type UserQuestProgress, type UserReward$1 as UserReward, type UserRewardsResponse, type UserWalletSummary, type UserWithWallets, type UsersWithWalletsResponse, type ValidateDataRequest, ValidationError, type ValidationErrorDetail, type ValidationResult, type VaultFile, type VaultFolder, type VaultListResponse, VaultResource, type VaultStats, type VaultUploadRequest, type VerificationResult, VerifyResource, type ViewColumn, type ViewTemplate, type Wallet, type WalletBalance, WalletClient, type WalletCreationResult, type WalletCredential, type WalletCredentialVerifySummary, type WalletStats, type Webhook, WebhooksResource };
+export { type Achievement, type ActivitySummaryView, type AddNFTRequest, type AnchorResult, type ApiKey, type AttestRequest, type AttestationConfig, type AttestationMode, type Attestation as AttestationRecord, type AttestationResult, type AttestationSchema, AttestationsClient, AuthenticationError, AuthorizationError, type AvailableView, type Badge, type BatchIngestRequest, type BatchIngestResponse, type BatchVerifyResult, type BlockchainProof, type BlockchainStats, type Certificate, type CertificateVerifyResult, CertificatesResource, type Channel, type ChannelState, type ChannelStatus, ChannelsResource, type ClaimNFTResult, type ClaimRewardResult, type CohortDefinition, type CohortGroupStats, CohortLeaderboardClient, type CohortLeaderboardEntry, type CohortLeaderboardOptions, type CohortLeaderboardResponse, type ComprehensiveWalletInfo, type CreateAchievementRequest, type CreateApiKeyRequest, type CreateAttestationRequest, type CreateBadgeRequest, type CreateChannelRequest, type CreateCredentialTypeRequest, type CreateDataViewRequest, type CreateDualWalletsRequest, type CreateEndUserRequest, type CreateEventRequest, type CreatePassportDefinitionRequest, type CreatePassportRequest, type CreateQuestRequest, type CreateQuestStepRequest, type CreateRewardDefinitionRequest, type CreateSchemaRequest, type CreateTemplateFieldRequest, type CreateTemplateRequest, type CreateWalletRequest as CreateUserWalletRequest, type CreateWalletRequest$1 as CreateWalletRequest, type CreateWebhookRequest, type CredentialType, type CredentialVerifyResult, CredentialsClient, type DataViewColumn, type DataViewComputation, type DataViewDetail, type DataViewExecuteResult, type DataViewInfo, type DataViewListResponse, type DataViewPreviewRequest, type DataViewPreviewResult, type DataViewSummary, DataViewsClient, type DistributeResult, DocumentsResource, type DualWallets, type EarnedReward, type EndUser, EndUserIngestionClient, type EndUserIngestionClientOptions, type EndUserListResponse, EndUsersClient, type Event, type EventBatchProof, type EventMetadata, type EventStatus, EventsResource, type ExecuteSwapRequest, type Facet, type FacetsResponse, type FanProfileView, type FanpassGroupStats, FanpassLeaderboardClient, type FanpassLeaderboardEntry, type FanpassLeaderboardOptions, type FanpassLeaderboardResponse, type FanpassUserComparisonResponse, type FieldValue, type GDPRDeletionRequest, type GDPRDeletionResponse, type GDPRPreviewResponse, type IngestEventRequest, type IngestEventResponse, IngestionClient, type IngestionClientOptions, type IssueCertificateRequest, type IssueCredentialRequest, type IssuedCredential, type LeaderboardUserProfile$1 as LeaderboardUserProfile, type LinkWalletRequest, type ListAttestationsOptions, type ListCertificatesRequest, type ListCohortsOptions, type ListEndUsersOptions, type ListEventsRequest, type ListIssuedCredentialsOptions, type ListMintsOptions, type ListMintsResponse, type ListQuestsOptions, type ListRewardsOptions, type ListSchemasOptions, type ListWalletCredentialsOptions, type ManualRewardRequest, type MergeUsersRequest, type Milestone, type MintNFTRequest, type NFT, type NFTMint, NetworkError, NftClient, NotFoundError, type NotificationCallback, type NotificationEvent, type NotificationEventType, NotificationsClient, type OTTConfigResponse, type OTTConfigUpdate, type OTTGenerateRequest, type OTTGenerateResponse, type OTTRedeemResponse, type OTTRequestResponse, PartnerKeysClient, type Passport, PassportClient, type PassportDefinition, type PassportFieldValue, type PassportHistory, type PassportTemplate, type PassportV2Data, type PassportWithFields, ProofChain, ProofChainError, type ProofChainOptions, type ProofVerifyResult, type PushSubscriptionJSON, type Quest, type QuestStep, type QuestWithProgress, QuestsClient, RateLimitError, type RegisterWalletRequest, type RevokeResult, type RewardAsset, type RewardAttestationResult, type RewardDefinition, type RewardEarned, type VerifyResult as RewardVerifyResult, RewardsClient, type Schema, type SchemaDetail, type SchemaField, type SchemaListResponse, type ValidationError$1 as SchemaValidationError, SchemasClient, type SearchFilters, type SearchQueryRequest, type SearchRequest, SearchResource, type SearchResponse, type SearchResult, type SearchStats, ServerError, type SetProfileRequest, type Settlement, type StepCompletionResult, type StepProgress, type StepStartResult, type StreamAck, type StreamEventRequest, type SubscribeOptions, type SwapQuote, type SwapQuoteRequest, type SwapResult, type TemplateField, type TenantInfo, TenantResource, type TierDefinition, TimeoutError, type TokenBalance, type TransferRequest, type TransferResult, type Unsubscribe, type UpdateConfigRequest as UpdateAttestationConfigRequest, type UpdateDataViewRequest, type UpdateEndUserRequest, type UpdatePassportRequest, type UpdateWebhookRequest, type UsageStats, type UserAchievement, type UserActivity, type UserActivityResponse, type UserBadge, type UserBreakdownResponse, type UserCohortBreakdownEntry, type UserCredentialsSummary, type UserQuestProgress, type UserReward$1 as UserReward, type UserRewardsResponse, type UserWalletSummary, type UserWithWallets, type UsersWithWalletsResponse, type ValidateDataRequest, ValidationError, type ValidationErrorDetail, type ValidationResult, type VaultFile, type VaultFolder, type VaultListResponse, VaultResource, type VaultStats, type VaultUploadRequest, type VerificationResult, VerifyResource, type ViewColumn, type ViewTemplate, type Wallet, type WalletBalance, WalletClient, type WalletCreationResult, type WalletCredential, type WalletCredentialVerifySummary, type WalletStats, type Webhook, WebhooksResource, tenantApiUrl };

package/dist/index.d.ts CHANGED Viewed

@@ -1,11 +1,39 @@
 /**
  * HTTP Client for ProofChain API
  */
+/**
+ * Returns the per-tenant Cloudflare edge API URL for `slug`.
+ *
+ * Cloudflare can cache responses from per-tenant hosts
+ * (`https://{slug}.proofchain.co.za/api`) because the full URL is the cache
+ * key. The shared `api.proofchain.co.za` host is keyed on the `X-Tenant-ID`
+ * header and cannot be cached safely at the CDN layer.
+ *
+ * @example
+ * ```typescript
+ * import { tenantApiUrl, ProofChain } from '@proofchain/sdk';
+ *
+ * const client = new ProofChain({
+ *   apiKey: 'atst_…',
+ *   baseUrl: tenantApiUrl('acme'), // https://acme.proofchain.co.za/api
+ * });
+ * ```
+ */
+declare function tenantApiUrl(slug: string): string;
 interface HttpClientOptions {
     apiKey?: string;
     userToken?: string;
     tenantId?: string;
+    /**
+     * Explicit base URL — highest precedence.
+     * Covers custom domains (e.g. `https://fanpass.onefootball.com/api`).
+     */
     baseUrl?: string;
+    /**
+     * Tenant slug used to derive the per-tenant edge URL when no explicit
+     * `baseUrl` is provided.  Precedence: baseUrl > tenant > default.
+     */
+    tenant?: string;
     timeout?: number;
     maxRetries?: number;
 }
@@ -16,6 +44,7 @@ declare class HttpClient {
     private baseUrl;
     private timeout;
     private maxRetries;
+    private readonly inflight;
     constructor(options: HttpClientOptions);
     private getHeaders;
     private handleResponse;
@@ -384,9 +413,51 @@ interface ProofChainOptions {
     apiKey?: string;
     /** End-user JWT for JWKS auth (alternative to apiKey). For PWA clients. */
     userToken?: string;
-    /** Tenant slug or client_id. Required when using userToken. */
+    /**
+     * Tenant slug or client_id. Required when using userToken.
+     *
+     * When used as the sole host hint (no explicit `baseUrl`), the SDK also
+     * derives the base URL as `https://{tenantId}.proofchain.co.za/api` so
+     * requests hit the per-tenant Cloudflare edge host — enabling response
+     * caching that the shared `api.proofchain.co.za` origin cannot provide
+     * (the shared host is keyed on headers, not URL, and is therefore
+     * uncacheable at the CDN layer).
+     */
     tenantId?: string;
+    /**
+     * Override the API base URL (highest precedence).
+     *
+     * Use this for custom domains (e.g. `https://fanpass-portal.onefootball.com/api`)
+     * or self-hosted deployments. When omitted and `tenantId` is set, the SDK
+     * automatically uses `https://{tenantId}.proofchain.co.za/api`.
+     *
+     * Precedence: `baseUrl` > `tenantId`-derived URL > shared default.
+     */
     baseUrl?: string;
+    /**
+     * Tenant slug used to derive the per-tenant Cloudflare edge URL
+     * (`https://{tenant}.proofchain.co.za/api`) when no explicit `baseUrl` is
+     * supplied.
+     *
+     * Edge caching requires the per-tenant host: the shared `api.proofchain.co.za`
+     * host is keyed on the `X-Tenant-ID` header and cannot be safely cached by
+     * Cloudflare. Providing this option is the easiest way for integrators to opt
+     * into cached responses without managing a custom domain.
+     *
+     * @example
+     * ```typescript
+     * // Requests go to https://acme.proofchain.co.za/api — edge cached.
+     * const client = new ProofChain({ apiKey: 'atst_…', tenant: 'acme' });
+     *
+     * // Custom domain takes precedence; tenant is ignored for URL derivation.
+     * const client = new ProofChain({
+     *   apiKey: 'atst_…',
+     *   tenant: 'acme',
+     *   baseUrl: 'https://fanpass.onefootball.com/api',
+     * });
+     * ```
+     */
+    tenant?: string;
     timeout?: number;
     maxRetries?: number;
 }
@@ -2238,7 +2309,7 @@ interface QuestStep {
     name: string;
     description?: string;
     order: number;
-    step_type: 'event' | 'manual' | 'external' | 'compound';
+    step_type: 'event_count' | 'event_match' | 'unique_values' | 'cumulative' | 'streak' | 'manual' | 'threshold' | 'recency' | 'time_windowed_count' | 'wallet_holds' | 'milestone';
     event_type?: string;
     event_types?: string[];
     criteria?: Record<string, any>;
@@ -2354,7 +2425,7 @@ interface CreateQuestStepRequest {
     name: string;
     description?: string;
     order?: number;
-    step_type?: 'event' | 'manual' | 'external' | 'compound';
+    step_type?: 'event_count' | 'event_match' | 'unique_values' | 'cumulative' | 'streak' | 'manual' | 'threshold' | 'recency' | 'time_windowed_count' | 'wallet_holds' | 'milestone';
     event_type?: string;
     event_types?: string[];
     criteria?: Record<string, any>;
@@ -2394,9 +2465,10 @@ declare class QuestsClient {
         category?: string;
     }): Promise<QuestWithProgress[]>;
     /**
-     * Get a quest by slug
+     * REMOVED: getBySlug() — the server never implemented GET /quests/slug/{slug}.
+     * There is no slug-based lookup route in the API. Use list() with a status/category
+     * filter and find the quest client-side, or use get() with the quest ID.
      */
-    getBySlug(slug: string): Promise<Quest>;
     /**
      * Create a quest
      */
@@ -2422,9 +2494,9 @@ declare class QuestsClient {
      */
     pause(questId: string): Promise<Quest>;
     /**
-     * Archive a quest
+     * REMOVED: archive() — the server never implemented POST /quests/{id}/archive.
+     * To archive a quest, use update(questId, { status: 'archived' }) via PUT /quests/{id}.
      */
-    archive(questId: string): Promise<Quest>;
     /**
      * Get quest with user progress
      * Fetches the quest and user's progress separately and combines them
@@ -2469,19 +2541,37 @@ declare class QuestsClient {
      */
     claimReward(questId: string, userId: string): Promise<ClaimRewardResult>;
     /**
-     * Add a step to a quest
+     * Add a step to a quest.
+     *
+     * The server has no dedicated step-create endpoint — steps are managed via the
+     * full-replace PUT /quests/{id}. This method fetches the quest, appends the new
+     * step, and issues a full update. The returned QuestStep is synthesised from the
+     * updated quest's steps array (matched by order or last position).
      */
     addStep(questId: string, step: CreateQuestStepRequest): Promise<QuestStep>;
     /**
-     * Update a step
+     * Update a step by step ID.
+     *
+     * The server has no dedicated step-update endpoint — steps are managed via the
+     * full-replace PUT /quests/{id}. This method fetches the quest, replaces the
+     * matching step, and issues a full update.
      */
     updateStep(questId: string, stepId: string, data: Partial<CreateQuestStepRequest>): Promise<QuestStep>;
     /**
-     * Delete a step
+     * Delete a step by step ID.
+     *
+     * The server has no dedicated step-delete endpoint — steps are managed via the
+     * full-replace PUT /quests/{id}. This method fetches the quest, filters out the
+     * target step, and issues a full update.
      */
     deleteStep(questId: string, stepId: string): Promise<void>;
     /**
-     * Reorder steps
+     * Reorder steps by providing step IDs in the desired order.
+     *
+     * The server has no dedicated reorder endpoint — steps are managed via the
+     * full-replace PUT /quests/{id}. This method fetches the quest, reassigns
+     * the `order` field according to the given stepIds sequence, and issues a
+     * full update.
      */
     reorderSteps(questId: string, stepIds: string[]): Promise<Quest>;
 }
@@ -4186,4 +4276,4 @@ declare class TimeoutError extends ProofChainError {
     constructor(message?: string);
 }
-export { type Achievement, type ActivitySummaryView, type AddNFTRequest, type AnchorResult, type ApiKey, type AttestRequest, type AttestationConfig, type AttestationMode, type Attestation as AttestationRecord, type AttestationResult, type AttestationSchema, AttestationsClient, AuthenticationError, AuthorizationError, type AvailableView, type Badge, type BatchIngestRequest, type BatchIngestResponse, type BatchVerifyResult, type BlockchainProof, type BlockchainStats, type Certificate, type CertificateVerifyResult, CertificatesResource, type Channel, type ChannelState, type ChannelStatus, ChannelsResource, type ClaimNFTResult, type ClaimRewardResult, type CohortDefinition, type CohortGroupStats, CohortLeaderboardClient, type CohortLeaderboardEntry, type CohortLeaderboardOptions, type CohortLeaderboardResponse, type ComprehensiveWalletInfo, type CreateAchievementRequest, type CreateApiKeyRequest, type CreateAttestationRequest, type CreateBadgeRequest, type CreateChannelRequest, type CreateCredentialTypeRequest, type CreateDataViewRequest, type CreateDualWalletsRequest, type CreateEndUserRequest, type CreateEventRequest, type CreatePassportDefinitionRequest, type CreatePassportRequest, type CreateQuestRequest, type CreateQuestStepRequest, type CreateRewardDefinitionRequest, type CreateSchemaRequest, type CreateTemplateFieldRequest, type CreateTemplateRequest, type CreateWalletRequest as CreateUserWalletRequest, type CreateWalletRequest$1 as CreateWalletRequest, type CreateWebhookRequest, type CredentialType, type CredentialVerifyResult, CredentialsClient, type DataViewColumn, type DataViewComputation, type DataViewDetail, type DataViewExecuteResult, type DataViewInfo, type DataViewListResponse, type DataViewPreviewRequest, type DataViewPreviewResult, type DataViewSummary, DataViewsClient, type DistributeResult, DocumentsResource, type DualWallets, type EarnedReward, type EndUser, EndUserIngestionClient, type EndUserIngestionClientOptions, type EndUserListResponse, EndUsersClient, type Event, type EventBatchProof, type EventMetadata, type EventStatus, EventsResource, type ExecuteSwapRequest, type Facet, type FacetsResponse, type FanProfileView, type FanpassGroupStats, FanpassLeaderboardClient, type FanpassLeaderboardEntry, type FanpassLeaderboardOptions, type FanpassLeaderboardResponse, type FanpassUserComparisonResponse, type FieldValue, type GDPRDeletionRequest, type GDPRDeletionResponse, type GDPRPreviewResponse, type IngestEventRequest, type IngestEventResponse, IngestionClient, type IngestionClientOptions, type IssueCertificateRequest, type IssueCredentialRequest, type IssuedCredential, type LeaderboardUserProfile$1 as LeaderboardUserProfile, type LinkWalletRequest, type ListAttestationsOptions, type ListCertificatesRequest, type ListCohortsOptions, type ListEndUsersOptions, type ListEventsRequest, type ListIssuedCredentialsOptions, type ListMintsOptions, type ListMintsResponse, type ListQuestsOptions, type ListRewardsOptions, type ListSchemasOptions, type ListWalletCredentialsOptions, type ManualRewardRequest, type MergeUsersRequest, type Milestone, type MintNFTRequest, type NFT, type NFTMint, NetworkError, NftClient, NotFoundError, type NotificationCallback, type NotificationEvent, type NotificationEventType, NotificationsClient, type OTTConfigResponse, type OTTConfigUpdate, type OTTGenerateRequest, type OTTGenerateResponse, type OTTRedeemResponse, type OTTRequestResponse, PartnerKeysClient, type Passport, PassportClient, type PassportDefinition, type PassportFieldValue, type PassportHistory, type PassportTemplate, type PassportV2Data, type PassportWithFields, ProofChain, ProofChainError, type ProofChainOptions, type ProofVerifyResult, type PushSubscriptionJSON, type Quest, type QuestStep, type QuestWithProgress, QuestsClient, RateLimitError, type RegisterWalletRequest, type RevokeResult, type RewardAsset, type RewardAttestationResult, type RewardDefinition, type RewardEarned, type VerifyResult as RewardVerifyResult, RewardsClient, type Schema, type SchemaDetail, type SchemaField, type SchemaListResponse, type ValidationError$1 as SchemaValidationError, SchemasClient, type SearchFilters, type SearchQueryRequest, type SearchRequest, SearchResource, type SearchResponse, type SearchResult, type SearchStats, ServerError, type SetProfileRequest, type Settlement, type StepCompletionResult, type StepProgress, type StepStartResult, type StreamAck, type StreamEventRequest, type SubscribeOptions, type SwapQuote, type SwapQuoteRequest, type SwapResult, type TemplateField, type TenantInfo, TenantResource, type TierDefinition, TimeoutError, type TokenBalance, type TransferRequest, type TransferResult, type Unsubscribe, type UpdateConfigRequest as UpdateAttestationConfigRequest, type UpdateDataViewRequest, type UpdateEndUserRequest, type UpdatePassportRequest, type UpdateWebhookRequest, type UsageStats, type UserAchievement, type UserActivity, type UserActivityResponse, type UserBadge, type UserBreakdownResponse, type UserCohortBreakdownEntry, type UserCredentialsSummary, type UserQuestProgress, type UserReward$1 as UserReward, type UserRewardsResponse, type UserWalletSummary, type UserWithWallets, type UsersWithWalletsResponse, type ValidateDataRequest, ValidationError, type ValidationErrorDetail, type ValidationResult, type VaultFile, type VaultFolder, type VaultListResponse, VaultResource, type VaultStats, type VaultUploadRequest, type VerificationResult, VerifyResource, type ViewColumn, type ViewTemplate, type Wallet, type WalletBalance, WalletClient, type WalletCreationResult, type WalletCredential, type WalletCredentialVerifySummary, type WalletStats, type Webhook, WebhooksResource };
+export { type Achievement, type ActivitySummaryView, type AddNFTRequest, type AnchorResult, type ApiKey, type AttestRequest, type AttestationConfig, type AttestationMode, type Attestation as AttestationRecord, type AttestationResult, type AttestationSchema, AttestationsClient, AuthenticationError, AuthorizationError, type AvailableView, type Badge, type BatchIngestRequest, type BatchIngestResponse, type BatchVerifyResult, type BlockchainProof, type BlockchainStats, type Certificate, type CertificateVerifyResult, CertificatesResource, type Channel, type ChannelState, type ChannelStatus, ChannelsResource, type ClaimNFTResult, type ClaimRewardResult, type CohortDefinition, type CohortGroupStats, CohortLeaderboardClient, type CohortLeaderboardEntry, type CohortLeaderboardOptions, type CohortLeaderboardResponse, type ComprehensiveWalletInfo, type CreateAchievementRequest, type CreateApiKeyRequest, type CreateAttestationRequest, type CreateBadgeRequest, type CreateChannelRequest, type CreateCredentialTypeRequest, type CreateDataViewRequest, type CreateDualWalletsRequest, type CreateEndUserRequest, type CreateEventRequest, type CreatePassportDefinitionRequest, type CreatePassportRequest, type CreateQuestRequest, type CreateQuestStepRequest, type CreateRewardDefinitionRequest, type CreateSchemaRequest, type CreateTemplateFieldRequest, type CreateTemplateRequest, type CreateWalletRequest as CreateUserWalletRequest, type CreateWalletRequest$1 as CreateWalletRequest, type CreateWebhookRequest, type CredentialType, type CredentialVerifyResult, CredentialsClient, type DataViewColumn, type DataViewComputation, type DataViewDetail, type DataViewExecuteResult, type DataViewInfo, type DataViewListResponse, type DataViewPreviewRequest, type DataViewPreviewResult, type DataViewSummary, DataViewsClient, type DistributeResult, DocumentsResource, type DualWallets, type EarnedReward, type EndUser, EndUserIngestionClient, type EndUserIngestionClientOptions, type EndUserListResponse, EndUsersClient, type Event, type EventBatchProof, type EventMetadata, type EventStatus, EventsResource, type ExecuteSwapRequest, type Facet, type FacetsResponse, type FanProfileView, type FanpassGroupStats, FanpassLeaderboardClient, type FanpassLeaderboardEntry, type FanpassLeaderboardOptions, type FanpassLeaderboardResponse, type FanpassUserComparisonResponse, type FieldValue, type GDPRDeletionRequest, type GDPRDeletionResponse, type GDPRPreviewResponse, type IngestEventRequest, type IngestEventResponse, IngestionClient, type IngestionClientOptions, type IssueCertificateRequest, type IssueCredentialRequest, type IssuedCredential, type LeaderboardUserProfile$1 as LeaderboardUserProfile, type LinkWalletRequest, type ListAttestationsOptions, type ListCertificatesRequest, type ListCohortsOptions, type ListEndUsersOptions, type ListEventsRequest, type ListIssuedCredentialsOptions, type ListMintsOptions, type ListMintsResponse, type ListQuestsOptions, type ListRewardsOptions, type ListSchemasOptions, type ListWalletCredentialsOptions, type ManualRewardRequest, type MergeUsersRequest, type Milestone, type MintNFTRequest, type NFT, type NFTMint, NetworkError, NftClient, NotFoundError, type NotificationCallback, type NotificationEvent, type NotificationEventType, NotificationsClient, type OTTConfigResponse, type OTTConfigUpdate, type OTTGenerateRequest, type OTTGenerateResponse, type OTTRedeemResponse, type OTTRequestResponse, PartnerKeysClient, type Passport, PassportClient, type PassportDefinition, type PassportFieldValue, type PassportHistory, type PassportTemplate, type PassportV2Data, type PassportWithFields, ProofChain, ProofChainError, type ProofChainOptions, type ProofVerifyResult, type PushSubscriptionJSON, type Quest, type QuestStep, type QuestWithProgress, QuestsClient, RateLimitError, type RegisterWalletRequest, type RevokeResult, type RewardAsset, type RewardAttestationResult, type RewardDefinition, type RewardEarned, type VerifyResult as RewardVerifyResult, RewardsClient, type Schema, type SchemaDetail, type SchemaField, type SchemaListResponse, type ValidationError$1 as SchemaValidationError, SchemasClient, type SearchFilters, type SearchQueryRequest, type SearchRequest, SearchResource, type SearchResponse, type SearchResult, type SearchStats, ServerError, type SetProfileRequest, type Settlement, type StepCompletionResult, type StepProgress, type StepStartResult, type StreamAck, type StreamEventRequest, type SubscribeOptions, type SwapQuote, type SwapQuoteRequest, type SwapResult, type TemplateField, type TenantInfo, TenantResource, type TierDefinition, TimeoutError, type TokenBalance, type TransferRequest, type TransferResult, type Unsubscribe, type UpdateConfigRequest as UpdateAttestationConfigRequest, type UpdateDataViewRequest, type UpdateEndUserRequest, type UpdatePassportRequest, type UpdateWebhookRequest, type UsageStats, type UserAchievement, type UserActivity, type UserActivityResponse, type UserBadge, type UserBreakdownResponse, type UserCohortBreakdownEntry, type UserCredentialsSummary, type UserQuestProgress, type UserReward$1 as UserReward, type UserRewardsResponse, type UserWalletSummary, type UserWithWallets, type UsersWithWalletsResponse, type ValidateDataRequest, ValidationError, type ValidationErrorDetail, type ValidationResult, type VaultFile, type VaultFolder, type VaultListResponse, VaultResource, type VaultStats, type VaultUploadRequest, type VerificationResult, VerifyResource, type ViewColumn, type ViewTemplate, type Wallet, type WalletBalance, WalletClient, type WalletCreationResult, type WalletCredential, type WalletCredentialVerifySummary, type WalletStats, type Webhook, WebhooksResource, tenantApiUrl };

package/dist/index.js CHANGED Viewed

@@ -54,7 +54,8 @@ __export(index_exports, {
   VaultResource: () => VaultResource,
   VerifyResource: () => VerifyResource,
   WalletClient: () => WalletClient,
-  WebhooksResource: () => WebhooksResource
+  WebhooksResource: () => WebhooksResource,
+  tenantApiUrl: () => tenantApiUrl
 });
 module.exports = __toCommonJS(index_exports);
@@ -123,12 +124,19 @@ var TimeoutError = class extends ProofChainError {
 var DEFAULT_BASE_URL = "https://api.proofchain.co.za";
 var DEFAULT_TIMEOUT = 3e4;
 var USER_AGENT = "proofchain-js/0.1.0";
+function tenantApiUrl(slug) {
+  return `https://${slug}.proofchain.co.za/api`;
+}
 var HttpClient = class {
   constructor(options) {
+    // In-flight GET de-duplication: concurrent identical GETs share one network
+    // request (and its response), cutting origin load for chatty UIs/pollers.
+    this.inflight = /* @__PURE__ */ new Map();
     this.apiKey = options.apiKey || "";
     this.userToken = options.userToken || "";
     this.tenantId = options.tenantId || "";
-    this.baseUrl = (options.baseUrl || DEFAULT_BASE_URL).replace(/\/$/, "");
+    const resolvedBase = options.baseUrl || (options.tenant ? tenantApiUrl(options.tenant) : DEFAULT_BASE_URL);
+    this.baseUrl = resolvedBase.replace(/\/$/, "");
     this.timeout = options.timeout || DEFAULT_TIMEOUT;
     this.maxRetries = options.maxRetries ?? 3;
   }
@@ -193,7 +201,8 @@ var HttpClient = class {
       clearTimeout(timeoutId);
       if (error instanceof ProofChainError) {
         if (error instanceof RateLimitError && retries < this.maxRetries) {
-          const delay = Math.min((error.retryAfter || 1) * 1e3, 6e4);
+          const base = Math.min((error.retryAfter || 1) * 1e3, 6e4);
+          const delay = base + Math.floor(Math.random() * 1e3);
           await new Promise((resolve) => setTimeout(resolve, delay));
           return this.fetchWithRetry(url, options, retries + 1);
         }
@@ -204,7 +213,9 @@ var HttpClient = class {
           throw new TimeoutError();
         }
         if (retries < this.maxRetries) {
-          await new Promise((resolve) => setTimeout(resolve, 1e3 * (retries + 1)));
+          const base = 1e3 * (retries + 1);
+          const delay = base + Math.floor(Math.random() * 500);
+          await new Promise((resolve) => setTimeout(resolve, delay));
           return this.fetchWithRetry(url, options, retries + 1);
         }
         throw new NetworkError(error.message, error);
@@ -233,6 +244,17 @@ var HttpClient = class {
     if (options.body) {
       fetchOptions.body = JSON.stringify(options.body);
     }
+    if (method === "GET") {
+      const existing = this.inflight.get(url);
+      if (existing) {
+        return existing;
+      }
+      const pending = this.fetchWithRetry(url, fetchOptions).finally(() => {
+        this.inflight.delete(url);
+      });
+      this.inflight.set(url, pending);
+      return pending;
+    }
     return this.fetchWithRetry(url, fetchOptions);
   }
   async requestMultipart(path, formData) {
@@ -1726,11 +1748,10 @@ var QuestsClient = class {
     return this.http.get(`/quests/available?${params.toString()}`);
   }
   /**
-   * Get a quest by slug
+   * REMOVED: getBySlug() — the server never implemented GET /quests/slug/{slug}.
+   * There is no slug-based lookup route in the API. Use list() with a status/category
+   * filter and find the quest client-side, or use get() with the quest ID.
    */
-  async getBySlug(slug) {
-    return this.http.get(`/quests/slug/${encodeURIComponent(slug)}`);
-  }
   /**
    * Create a quest
    */
@@ -1771,11 +1792,9 @@ var QuestsClient = class {
     return this.http.post(`/quests/${questId}/pause`, {});
   }
   /**
-   * Archive a quest
+   * REMOVED: archive() — the server never implemented POST /quests/{id}/archive.
+   * To archive a quest, use update(questId, { status: 'archived' }) via PUT /quests/{id}.
    */
-  async archive(questId) {
-    return this.http.post(`/quests/${questId}/archive`, {});
-  }
   // ---------------------------------------------------------------------------
   // User Progress
   // ---------------------------------------------------------------------------
@@ -1855,28 +1874,144 @@ var QuestsClient = class {
   // Quest Steps
   // ---------------------------------------------------------------------------
   /**
-   * Add a step to a quest
+   * Add a step to a quest.
+   *
+   * The server has no dedicated step-create endpoint — steps are managed via the
+   * full-replace PUT /quests/{id}. This method fetches the quest, appends the new
+   * step, and issues a full update. The returned QuestStep is synthesised from the
+   * updated quest's steps array (matched by order or last position).
    */
   async addStep(questId, step) {
-    return this.http.post(`/quests/${questId}/steps`, step);
-  }
-  /**
-   * Update a step
+    const quest = await this.get(questId);
+    const newOrder = step.order ?? (quest.steps.length > 0 ? Math.max(...quest.steps.map((s) => s.order)) + 1 : 0);
+    const stepsPayload = [
+      ...quest.steps.map((s) => ({
+        name: s.name,
+        description: s.description,
+        order: s.order,
+        step_type: s.step_type,
+        event_type: s.event_type,
+        event_types: s.event_types,
+        criteria: s.criteria,
+        required_data_fields: s.required_data_fields,
+        step_points: s.step_points,
+        cta_text: s.cta_text,
+        cta_url: s.cta_url,
+        icon_url: s.icon_url,
+        is_optional: s.is_optional
+      })),
+      { ...step, order: newOrder }
+    ];
+    const updated = await this.update(questId, { steps: stepsPayload });
+    const added = updated.steps.find((s) => s.order === newOrder) ?? updated.steps[updated.steps.length - 1];
+    return added;
+  }
+  /**
+   * Update a step by step ID.
+   *
+   * The server has no dedicated step-update endpoint — steps are managed via the
+   * full-replace PUT /quests/{id}. This method fetches the quest, replaces the
+   * matching step, and issues a full update.
    */
   async updateStep(questId, stepId, data) {
-    return this.http.put(`/quests/${questId}/steps/${stepId}`, data);
+    const quest = await this.get(questId);
+    const stepsPayload = quest.steps.map((s) => {
+      if (s.id !== stepId) {
+        return {
+          name: s.name,
+          description: s.description,
+          order: s.order,
+          step_type: s.step_type,
+          event_type: s.event_type,
+          event_types: s.event_types,
+          criteria: s.criteria,
+          required_data_fields: s.required_data_fields,
+          step_points: s.step_points,
+          cta_text: s.cta_text,
+          cta_url: s.cta_url,
+          icon_url: s.icon_url,
+          is_optional: s.is_optional
+        };
+      }
+      return {
+        name: s.name,
+        description: s.description,
+        order: s.order,
+        step_type: s.step_type,
+        event_type: s.event_type,
+        event_types: s.event_types,
+        criteria: s.criteria,
+        required_data_fields: s.required_data_fields,
+        step_points: s.step_points,
+        cta_text: s.cta_text,
+        cta_url: s.cta_url,
+        icon_url: s.icon_url,
+        is_optional: s.is_optional,
+        ...data
+      };
+    });
+    const updated = await this.update(questId, { steps: stepsPayload });
+    const found = updated.steps.find((s) => s.id === stepId);
+    if (!found) throw new Error(`Step ${stepId} not found after update`);
+    return found;
   }
   /**
-   * Delete a step
+   * Delete a step by step ID.
+   *
+   * The server has no dedicated step-delete endpoint — steps are managed via the
+   * full-replace PUT /quests/{id}. This method fetches the quest, filters out the
+   * target step, and issues a full update.
    */
   async deleteStep(questId, stepId) {
-    await this.http.delete(`/quests/${questId}/steps/${stepId}`);
-  }
-  /**
-   * Reorder steps
+    const quest = await this.get(questId);
+    const stepsPayload = quest.steps.filter((s) => s.id !== stepId).map((s) => ({
+      name: s.name,
+      description: s.description,
+      order: s.order,
+      step_type: s.step_type,
+      event_type: s.event_type,
+      event_types: s.event_types,
+      criteria: s.criteria,
+      required_data_fields: s.required_data_fields,
+      step_points: s.step_points,
+      cta_text: s.cta_text,
+      cta_url: s.cta_url,
+      icon_url: s.icon_url,
+      is_optional: s.is_optional
+    }));
+    await this.update(questId, { steps: stepsPayload });
+  }
+  /**
+   * Reorder steps by providing step IDs in the desired order.
+   *
+   * The server has no dedicated reorder endpoint — steps are managed via the
+   * full-replace PUT /quests/{id}. This method fetches the quest, reassigns
+   * the `order` field according to the given stepIds sequence, and issues a
+   * full update.
    */
   async reorderSteps(questId, stepIds) {
-    return this.http.post(`/quests/${questId}/steps/reorder`, { step_ids: stepIds });
+    const quest = await this.get(questId);
+    const stepMap = new Map(quest.steps.map((s) => [s.id, s]));
+    const stepsPayload = stepIds.map((id, index) => {
+      const s = stepMap.get(id);
+      if (!s) throw new Error(`Step ${id} not found in quest ${questId}`);
+      return {
+        name: s.name,
+        description: s.description,
+        order: index,
+        step_type: s.step_type,
+        event_type: s.event_type,
+        event_types: s.event_types,
+        criteria: s.criteria,
+        required_data_fields: s.required_data_fields,
+        step_points: s.step_points,
+        cta_text: s.cta_text,
+        cta_url: s.cta_url,
+        icon_url: s.icon_url,
+        is_optional: s.is_optional
+      };
+    });
+    return this.update(questId, { steps: stepsPayload });
   }
 };
@@ -3563,5 +3698,6 @@ var EndUserIngestionClient = class {
   VaultResource,
   VerifyResource,
   WalletClient,
-  WebhooksResource
+  WebhooksResource,
+  tenantApiUrl
 });

package/dist/index.mjs CHANGED Viewed

@@ -63,12 +63,19 @@ var TimeoutError = class extends ProofChainError {
 var DEFAULT_BASE_URL = "https://api.proofchain.co.za";
 var DEFAULT_TIMEOUT = 3e4;
 var USER_AGENT = "proofchain-js/0.1.0";
+function tenantApiUrl(slug) {
+  return `https://${slug}.proofchain.co.za/api`;
+}
 var HttpClient = class {
   constructor(options) {
+    // In-flight GET de-duplication: concurrent identical GETs share one network
+    // request (and its response), cutting origin load for chatty UIs/pollers.
+    this.inflight = /* @__PURE__ */ new Map();
     this.apiKey = options.apiKey || "";
     this.userToken = options.userToken || "";
     this.tenantId = options.tenantId || "";
-    this.baseUrl = (options.baseUrl || DEFAULT_BASE_URL).replace(/\/$/, "");
+    const resolvedBase = options.baseUrl || (options.tenant ? tenantApiUrl(options.tenant) : DEFAULT_BASE_URL);
+    this.baseUrl = resolvedBase.replace(/\/$/, "");
     this.timeout = options.timeout || DEFAULT_TIMEOUT;
     this.maxRetries = options.maxRetries ?? 3;
   }
@@ -133,7 +140,8 @@ var HttpClient = class {
       clearTimeout(timeoutId);
       if (error instanceof ProofChainError) {
         if (error instanceof RateLimitError && retries < this.maxRetries) {
-          const delay = Math.min((error.retryAfter || 1) * 1e3, 6e4);
+          const base = Math.min((error.retryAfter || 1) * 1e3, 6e4);
+          const delay = base + Math.floor(Math.random() * 1e3);
           await new Promise((resolve) => setTimeout(resolve, delay));
           return this.fetchWithRetry(url, options, retries + 1);
         }
@@ -144,7 +152,9 @@ var HttpClient = class {
           throw new TimeoutError();
         }
         if (retries < this.maxRetries) {
-          await new Promise((resolve) => setTimeout(resolve, 1e3 * (retries + 1)));
+          const base = 1e3 * (retries + 1);
+          const delay = base + Math.floor(Math.random() * 500);
+          await new Promise((resolve) => setTimeout(resolve, delay));
           return this.fetchWithRetry(url, options, retries + 1);
         }
         throw new NetworkError(error.message, error);
@@ -173,6 +183,17 @@ var HttpClient = class {
     if (options.body) {
       fetchOptions.body = JSON.stringify(options.body);
     }
+    if (method === "GET") {
+      const existing = this.inflight.get(url);
+      if (existing) {
+        return existing;
+      }
+      const pending = this.fetchWithRetry(url, fetchOptions).finally(() => {
+        this.inflight.delete(url);
+      });
+      this.inflight.set(url, pending);
+      return pending;
+    }
     return this.fetchWithRetry(url, fetchOptions);
   }
   async requestMultipart(path, formData) {
@@ -1666,11 +1687,10 @@ var QuestsClient = class {
     return this.http.get(`/quests/available?${params.toString()}`);
   }
   /**
-   * Get a quest by slug
+   * REMOVED: getBySlug() — the server never implemented GET /quests/slug/{slug}.
+   * There is no slug-based lookup route in the API. Use list() with a status/category
+   * filter and find the quest client-side, or use get() with the quest ID.
    */
-  async getBySlug(slug) {
-    return this.http.get(`/quests/slug/${encodeURIComponent(slug)}`);
-  }
   /**
    * Create a quest
    */
@@ -1711,11 +1731,9 @@ var QuestsClient = class {
     return this.http.post(`/quests/${questId}/pause`, {});
   }
   /**
-   * Archive a quest
+   * REMOVED: archive() — the server never implemented POST /quests/{id}/archive.
+   * To archive a quest, use update(questId, { status: 'archived' }) via PUT /quests/{id}.
    */
-  async archive(questId) {
-    return this.http.post(`/quests/${questId}/archive`, {});
-  }
   // ---------------------------------------------------------------------------
   // User Progress
   // ---------------------------------------------------------------------------
@@ -1795,28 +1813,144 @@ var QuestsClient = class {
   // Quest Steps
   // ---------------------------------------------------------------------------
   /**
-   * Add a step to a quest
+   * Add a step to a quest.
+   *
+   * The server has no dedicated step-create endpoint — steps are managed via the
+   * full-replace PUT /quests/{id}. This method fetches the quest, appends the new
+   * step, and issues a full update. The returned QuestStep is synthesised from the
+   * updated quest's steps array (matched by order or last position).
    */
   async addStep(questId, step) {
-    return this.http.post(`/quests/${questId}/steps`, step);
-  }
-  /**
-   * Update a step
+    const quest = await this.get(questId);
+    const newOrder = step.order ?? (quest.steps.length > 0 ? Math.max(...quest.steps.map((s) => s.order)) + 1 : 0);
+    const stepsPayload = [
+      ...quest.steps.map((s) => ({
+        name: s.name,
+        description: s.description,
+        order: s.order,
+        step_type: s.step_type,
+        event_type: s.event_type,
+        event_types: s.event_types,
+        criteria: s.criteria,
+        required_data_fields: s.required_data_fields,
+        step_points: s.step_points,
+        cta_text: s.cta_text,
+        cta_url: s.cta_url,
+        icon_url: s.icon_url,
+        is_optional: s.is_optional
+      })),
+      { ...step, order: newOrder }
+    ];
+    const updated = await this.update(questId, { steps: stepsPayload });
+    const added = updated.steps.find((s) => s.order === newOrder) ?? updated.steps[updated.steps.length - 1];
+    return added;
+  }
+  /**
+   * Update a step by step ID.
+   *
+   * The server has no dedicated step-update endpoint — steps are managed via the
+   * full-replace PUT /quests/{id}. This method fetches the quest, replaces the
+   * matching step, and issues a full update.
    */
   async updateStep(questId, stepId, data) {
-    return this.http.put(`/quests/${questId}/steps/${stepId}`, data);
+    const quest = await this.get(questId);
+    const stepsPayload = quest.steps.map((s) => {
+      if (s.id !== stepId) {
+        return {
+          name: s.name,
+          description: s.description,
+          order: s.order,
+          step_type: s.step_type,
+          event_type: s.event_type,
+          event_types: s.event_types,
+          criteria: s.criteria,
+          required_data_fields: s.required_data_fields,
+          step_points: s.step_points,
+          cta_text: s.cta_text,
+          cta_url: s.cta_url,
+          icon_url: s.icon_url,
+          is_optional: s.is_optional
+        };
+      }
+      return {
+        name: s.name,
+        description: s.description,
+        order: s.order,
+        step_type: s.step_type,
+        event_type: s.event_type,
+        event_types: s.event_types,
+        criteria: s.criteria,
+        required_data_fields: s.required_data_fields,
+        step_points: s.step_points,
+        cta_text: s.cta_text,
+        cta_url: s.cta_url,
+        icon_url: s.icon_url,
+        is_optional: s.is_optional,
+        ...data
+      };
+    });
+    const updated = await this.update(questId, { steps: stepsPayload });
+    const found = updated.steps.find((s) => s.id === stepId);
+    if (!found) throw new Error(`Step ${stepId} not found after update`);
+    return found;
   }
   /**
-   * Delete a step
+   * Delete a step by step ID.
+   *
+   * The server has no dedicated step-delete endpoint — steps are managed via the
+   * full-replace PUT /quests/{id}. This method fetches the quest, filters out the
+   * target step, and issues a full update.
    */
   async deleteStep(questId, stepId) {
-    await this.http.delete(`/quests/${questId}/steps/${stepId}`);
-  }
-  /**
-   * Reorder steps
+    const quest = await this.get(questId);
+    const stepsPayload = quest.steps.filter((s) => s.id !== stepId).map((s) => ({
+      name: s.name,
+      description: s.description,
+      order: s.order,
+      step_type: s.step_type,
+      event_type: s.event_type,
+      event_types: s.event_types,
+      criteria: s.criteria,
+      required_data_fields: s.required_data_fields,
+      step_points: s.step_points,
+      cta_text: s.cta_text,
+      cta_url: s.cta_url,
+      icon_url: s.icon_url,
+      is_optional: s.is_optional
+    }));
+    await this.update(questId, { steps: stepsPayload });
+  }
+  /**
+   * Reorder steps by providing step IDs in the desired order.
+   *
+   * The server has no dedicated reorder endpoint — steps are managed via the
+   * full-replace PUT /quests/{id}. This method fetches the quest, reassigns
+   * the `order` field according to the given stepIds sequence, and issues a
+   * full update.
    */
   async reorderSteps(questId, stepIds) {
-    return this.http.post(`/quests/${questId}/steps/reorder`, { step_ids: stepIds });
+    const quest = await this.get(questId);
+    const stepMap = new Map(quest.steps.map((s) => [s.id, s]));
+    const stepsPayload = stepIds.map((id, index) => {
+      const s = stepMap.get(id);
+      if (!s) throw new Error(`Step ${id} not found in quest ${questId}`);
+      return {
+        name: s.name,
+        description: s.description,
+        order: index,
+        step_type: s.step_type,
+        event_type: s.event_type,
+        event_types: s.event_types,
+        criteria: s.criteria,
+        required_data_fields: s.required_data_fields,
+        step_points: s.step_points,
+        cta_text: s.cta_text,
+        cta_url: s.cta_url,
+        icon_url: s.icon_url,
+        is_optional: s.is_optional
+      };
+    });
+    return this.update(questId, { steps: stepsPayload });
   }
 };
@@ -3502,5 +3636,6 @@ export {
   VaultResource,
   VerifyResource,
   WalletClient,
-  WebhooksResource
+  WebhooksResource,
+  tenantApiUrl
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@proofchain/sdk",
-  "version": "2.23.0",
+  "version": "3.1.0",
   "description": "Official JavaScript/TypeScript SDK for ProofChain - blockchain-anchored document attestation",
   "main": "dist/index.js",
   "module": "dist/index.mjs",