@terminal3/t3n-sdk 3.10.1 → 3.12.0

package/dist/index.d.ts

@@ -749,9 +749,9 @@ declare class UserUpsertError extends T3nError {
 interface UserGrant {
     /** The user this grant applies to (`did:t3n:<40-hex>`). */
     user_did: string;
-    /** WIT function names the user may invoke (e.g. `"run-payroll"`). */
+    /** WIT function names the user may invoke (e.g. `"set-records"`). */
     functions: string[];
-    /** Data scope paths the user may access (e.g. `"payroll/employees"`). */
+    /** Data scope paths the user may access (e.g. `"example/records"`). */
     scopes: string[];
     /**
      * Optional key-value constraints that must match the request metadata
@@ -775,44 +775,38 @@ interface OrgPolicyMeta {
     created_at_secs: number;
     /** Unix timestamp (secs) of the most recent policy update. */
     updated_at_secs: number;
+    /**
+     * Per-org ceiling on delegation-credential validity (seconds).
+     *
+     * Absent when no org-level cap is set — the contract omits the field
+     * (never serialises null) and the cluster-wide
+     * `delegation.max_credential_validity_secs` governs instead. When set,
+     * the effective cap is `min(max_credential_validity_secs, cluster_ceiling)`.
+     */
+    max_credential_validity_secs?: number;
 }
 /** Shallow runtime guard for {@link OrgPolicyMeta}. */
 declare function isOrgPolicyMeta(value: unknown): value is OrgPolicyMeta;
-type EmploymentStatus = "Active" | "Terminated";
-/** Singapore CPF residency categories. */
-type ResidencyCategory = "Citizen" | "Pr1" | "Pr2" | "PrThreePlus" | "Foreigner";
-type AgeBand = "Under35" | "Age35To45" | "Age45To50" | "Age50To55" | "Age55To60" | "Age60To65" | "Over65";
-interface ExpenseClaim {
-    claim_id: string;
-    amount_cents: number;
-    category: string;
-    description: string;
-    per_diem_days?: number;
-}
-/**
- * Employee data row stored under `OrgData[org || "payroll/employees" || entry_id]`.
- *
- * Mirrors the payroll `EmployeeRecord` wire shape.
- */
-interface EmployeeRecord {
-    employee_id: string;
-    employment_status: EmploymentStatus;
-    is_on_probation: boolean;
-    hire_date: string;
-    termination_date?: string;
-    /** Monthly gross base salary in integer cents SGD. */
-    base_salary_cents: number;
-    unpaid_leave_days: number;
-    working_days_in_period: number;
-    overtime_hours: number;
-    hourly_rate_cents: number;
-    residency: ResidencyCategory;
-    age_band: AgeBand;
-    expense_claims: ExpenseClaim[];
-    /** Opaque reference used by the service layer for disbursement. */
-    bank_account_ref: string;
-    bank_account_changed_recently: boolean;
+/**
+ * Effective org policy view returned by `org-policy-view`.
+ *
+ * Readable by any authenticated session (non-sensitive metadata).
+ * Returns the **effective** credential validity cap:
+ * `min(org.max_credential_validity_secs, cluster_ceiling)`, equal to the
+ * cluster ceiling when the org has not set a per-org cap. The contract
+ * always returns a value (or errors) — the field is never null.
+ */
+interface OrgPolicyView {
+    /**
+     * Effective delegation-credential validity cap in seconds:
+     * `min(org value, cluster ceiling)`, equal to the cluster ceiling when the
+     * org has not set a per-org cap. Always present — mirrors the contract's
+     * `PolicyViewResponse.effective_validity_secs` (org-data `org-policy-view`).
+     */
+    effective_validity_secs: number;
 }
+/** Shallow runtime guard for {@link OrgPolicyView}. */
+declare function isOrgPolicyView(value: unknown): value is OrgPolicyView;
 /**
  * Standard response returned by all policy write and data mutation operations.
  *
@@ -1708,6 +1702,28 @@ declare class T3nClient {
      * @throws {ContractResponseError} when the response is not valid JSON
      */
     executeAndDecode<T = unknown>(payload: unknown, schema?: ContractResponseSchema<T>): Promise<T>;
+    /**
+     * Create a new organisation owned by the authenticated caller.
+     *
+     * Dispatches `organisation-create-self` on `tee:organisation/contracts`
+     * over the standard authenticated `action.execute` path. The node
+     * injects the caller's DID into the contract call context, and the
+     * contract forces the new organisation's sole initial admin to that
+     * caller — the caller cannot nominate a different admin, and the
+     * organisation is always created as a root. The caller must already be
+     * a registered user, and the call is metered against the caller's own
+     * credits.
+     *
+     * The returned DID is the org identifier the org-data and payroll
+     * surfaces expect (e.g. `OrgDataClient.setGrants({ orgDid, … })`).
+     *
+     * @param name - human-readable organisation name (1..=128 bytes)
+     * @returns the new organisation's DID (`did:t3n:<40-hex>`)
+     * @throws if the session is not authenticated, or if the contract
+     *   refuses (e.g. the caller is not a registered user, or the name is
+     *   empty / too long)
+     */
+    createOrganisation(name: string): Promise<Did>;
     /**
      * Build the canonical `ExecuteActionRequest` shape the server
      * expects (`script_name`, `script_version`, `function_name`, `input`,
@@ -2248,11 +2264,20 @@ declare const AGENT_PUBKEY_LEN = 33;
 declare const ETH_SIG_LEN = 65;
 declare const MAX_FUNCTIONS_PER_CREDENTIAL = 16;
 /**
- * Canonical sorted list of the payroll v2 function surface. One source
- * of truth for callers building a full-cycle credential — pass this
- * (or a sorted subset) as `functions` to {@link buildDelegationCredential}.
+ * Canonical sorted run-pipeline function surface for the z-payroll contract
+ * (`z:<org-tid>:payroll`). Sorted ascending as required by the credential
+ * validator. Mirrors `Z_PAYROLL_RUN_FUNCTIONS` in the Trinity harness.
+ *
+ * Pass this (or a sorted subset) as `functions` to
+ * {@link buildDelegationCredential} for z-payroll credentials.
+ */
+declare const Z_PAYROLL_RUN_FUNCTIONS: readonly ["compute-payroll", "execute-disbursement", "finalize-audit", "submit-escalations", "validate-credentials"];
+/**
+ * Canonical sorted audit-read function surface for the z-payroll contract.
+ * These functions authorise history reads via `list-audit-cycles` /
+ * `get-audit-entry`.
  */
-declare const PAYROLL_FUNCTIONS_V1: readonly ["compute-payroll", "execute-disbursement", "finalize-audit", "submit-escalations", "validate-credentials"];
+declare const Z_PAYROLL_AUDIT_READ_FUNCTIONS: readonly ["get-audit-entry", "list-audit-cycles"];
 /** User-to-agent delegation credential body. */
 interface DelegationCredential {
     /** Domain tag, must equal {@link DELEGATION_CREDENTIAL_DOMAIN}. */
@@ -2263,7 +2288,7 @@ interface DelegationCredential {
     agent_pubkey: Uint8Array;
     /** `did:t3n:<40-hex>` org DID. */
     org_did: string;
-    /** Contract id, e.g. `"tee:payroll"`. */
+    /** Contract id, e.g. `"tee:z-payroll"`. */
     contract: string;
     /**
      * Functions this credential authorises. Sorted ascending, deduped,
@@ -2325,7 +2350,7 @@ interface PayrollInvocationDelegated {
  * Direct invocation: the agent acts on its own behalf. No delegation
  * envelope is included. The principal DID is resolved by the service layer
  * from `DynamicContext.authenticated_did`; authorisation falls through to
- * `OrgContractGrants[org || "tee:payroll"]` for the agent's own DID.
+ * `OrgContractGrants[org || "tee:z-payroll"]` for the agent's own DID.
  *
  * Wire shape is `{ request }` — no `envelope` field and no
  * `authenticated_did` field. The contract's entry-point handler injects
@@ -2511,6 +2536,9 @@ interface RevokeDelegationOpts {
      * enforces, and each entry must already appear in the credential's
      * `functions` list (a revocation can only narrow the set, never grow
      * it).
+     *
+     * Ignored when routing to a z-space contract (`revoke-credential` drops
+     * per-function granularity — whole-credential only).
      */
     revokedFunctions?: string[];
     /** Authenticated {@link T3nClient} for the credential's `user_did`. */
@@ -2519,6 +2547,9 @@ interface RevokeDelegationOpts {
      * Override the resolved delegation contract version. Defaults to
      * whatever `GET /api/contracts/current?name=tee:delegation/contracts`
      * returns at call time.
+     *
+     * For z-space credentials this field is REQUIRED — `GET /api/contracts/current`
+     * 404s for z: names, so there is no dynamic resolution path.
      */
     scriptVersion?: string;
     /** Override the node base URL used for `"latest"` resolution. */
@@ -2533,19 +2564,27 @@ interface RevokeDelegationResult {
      * whole-credential, a sorted array means per-function. The contract
      * may return a larger set than `opts.revokedFunctions` when an
      * earlier per-function revocation existed for the same credential.
+     *
+     * Always `null` for z-space credentials (whole-credential granularity only).
      */
     revokedFunctions: string[] | null;
 }
 /**
- * Wraps the `tee:delegation/contracts::revoke` entrypoint. Only the
- * credential's `user_did` may call this — the contract reads the
- * authenticated DID from session context and rejects any other caller
- * with `NotCredentialHolder`.
+ * Revoke a delegation credential, routing automatically to the correct
+ * revocation endpoint based on the credential's `contract` field:
+ *
+ * - **`tee:` credentials** — calls `tee:delegation/contracts::revoke`.
+ *   Only the credential's `user_did` may call this; the contract reads the
+ *   authenticated DID from session context and rejects other callers with
+ *   `NotCredentialHolder`. Per-function granularity via `revokedFunctions`
+ *   is supported. Merge semantics are handled server-side.
  *
- * Merge semantics are handled server-side: whole-credential revocations
- * are sticky, and per-function revocations accumulate as a sorted +
- * deduped union across calls. The returned `revokedFunctions` reflects
- * the persisted state after merging, not just this call's input.
+ * - **`z:` credentials** — routes to `<z-contract>::revoke-credential`.
+ *   The tenant owns its own revocation list; the global
+ *   `tee:delegation.revoke` rejects z-space credential names with a typed
+ *   `TenantScopedCredential` error. `revokedFunctions` is ignored (z-payroll
+ *   revokes whole credentials only). `scriptVersion` is REQUIRED for z:
+ *   contracts — `GET /api/contracts/current` 404s for them.
  */
 declare function revokeDelegation(opts: RevokeDelegationOpts): Promise<RevokeDelegationResult>;
 /** Options for {@link buildPayrollInvocation}. */
@@ -2581,7 +2620,7 @@ interface BuildPayrollDirectInvocationOpts {
  * `DynamicContext.authenticated_did` at runtime.
  *
  * Callers in direct mode must hold a grant in
- * `OrgContractGrants[org || "tee:payroll"]` under their own DID.
+ * `OrgContractGrants[org || "tee:z-payroll"]` under their own DID.
  *
  * When `request.individual_disbursement_threshold_cents` is undefined this
  * function fills in {@link DEFAULT_INDIVIDUAL_THRESHOLD_CENTS} so the wire
@@ -2615,6 +2654,17 @@ interface UpdateMetaInput {
     orgDid: string;
     admins: string[];
     maxAdmins?: number;
+    /**
+     * Per-org ceiling on delegation-credential validity (seconds).
+     *
+     * Omit to preserve the org's existing cap — the contract merges an
+     * absent field with the stored value, so there is no way to clear the
+     * cap through this call (the contract does not accept an explicit
+     * null). To effectively disable the org cap, set a value at or above
+     * the cluster ceiling — the effective cap is always
+     * `min(org value, cluster ceiling)`.
+     */
+    maxCredentialValiditySecs?: number;
 }
 interface SetWritersInput {
     orgDid: string;
@@ -2730,7 +2780,10 @@ declare class OrgDataClient {
      */
     createPolicy(input: CreatePolicyInput): Promise<MutationResponse>;
     /**
-     * Replace the admin list and/or `max_admins` cap on an existing policy.
+     * Replace the admin list and/or `max_admins` cap on an existing policy,
+     * and optionally set the per-org credential validity cap
+     * (`maxCredentialValiditySecs`; omitted fields preserve stored values —
+     * see {@link UpdateMetaInput}).
      *
      * The calling user cannot remove themselves when they are the sole
      * remaining admin; another admin must be added first.
@@ -2771,6 +2824,16 @@ declare class OrgDataClient {
     deleteScope(input: DeleteScopeInput): Promise<MutationResponse>;
     /** Read the policy metadata for an org (admin-only). */
     policyGet(input: PolicyGetInput): Promise<OrgPolicyMeta>;
+    /**
+     * Read the effective org policy view (any authenticated session).
+     *
+     * Returns the **effective** credential validity cap:
+     * `min(org.max_credential_validity_secs, cluster_ceiling)`.
+     * Unlike `policyGet`, this function is not admin-gated — any session
+     * may call it so minting clients can default the requested validity
+     * without needing admin access.
+     */
+    policyView(input: PolicyGetInput): Promise<OrgPolicyView>;
     /** Read the writer list for a scope (admin-only). */
     writersGet(input: WritersGetInput): Promise<OrgWriters>;
     /** Read the grant list for a contract (admin-only). */
@@ -2844,6 +2907,8 @@ declare class SessionOrgDataClient {
     deleteScope(input: DeleteScopeInput): Promise<MutationResponse>;
     /** Mirrors {@link OrgDataClient.policyGet}. */
     policyGet(input: PolicyGetInput): Promise<OrgPolicyMeta>;
+    /** Mirrors {@link OrgDataClient.policyView}. */
+    policyView(input: PolicyGetInput): Promise<OrgPolicyView>;
     /** Mirrors {@link OrgDataClient.writersGet}. */
     writersGet(input: WritersGetInput): Promise<OrgWriters>;
     /** Mirrors {@link OrgDataClient.grantsGet}. */
@@ -3274,6 +3339,46 @@ type TenantMapCreateInput = MapCreateInput;
 type TenantMapUpdatePatch = MapUpdateInput;
 type TenantContractPublishInput = ContractPublishInput;
 type TenantContractExecuteInput = ContractExecuteInput;
+/**
+ * Options shared by the `tee:tenant` management calls that accept an optional
+ * `tenant` target argument.
+ *
+ * When omitted the server resolves the target from the authenticated session
+ * DID — the original individual-tenant wire-compatible behaviour. When
+ * supplied it must be a 40-hex tid (or `did:t3n:<tid>`):
+ *   - individual tenant: must equal the authenticated DID (no new power);
+ *   - org-owned tenant: authenticated DID must be in the org's admin set.
+ */
+interface TenantTargetOptions {
+    /**
+     * Optional 40-hex tenant id (bare or `did:t3n:` prefixed) of the tenant
+     * being managed. Omit for individual self-management (wire-compatible with
+     * the original individual-tenant calls).
+     */
+    tenantTarget?: string;
+}
+/**
+ * Options for {@link TenantClient.admitForOrg}.
+ */
+interface AdmitForOrgOptions {
+    /** 40-hex or `did:t3n:` org DID to admit as an org-owned tenant. */
+    orgDid: string;
+    /** Human-readable label stored with the tenant record. */
+    tenantLabel: string;
+    /** Tenant quotas (same shape as individual tenant admission). */
+    quotas: Record<string, unknown>;
+    /** Storage location (same shape as individual tenant admission). */
+    storageLocation: Record<string, unknown>;
+    /**
+     * A sign function that takes the serialised request body (JSON string) and
+     * returns a hex-encoded Ethereum personal-sign signature. The signed body is
+     * sent to `POST /api/admin` as `x-admin-signature`. The signature format is
+     * identical to other admin operations (`token.transfer`, `tenant.admit`).
+     */
+    signAdminBody: (body: string) => Promise<string>;
+    /** Override the node base URL (defaults to `config.baseUrl`). */
+    baseUrl?: string;
+}
 declare class TenantNamespace {
     private readonly client;
     constructor(client: TenantClient);
@@ -3283,18 +3388,18 @@ declare class TenantNamespace {
 declare class TenantMapsNamespace {
     private readonly client;
     constructor(client: TenantClient);
-    create(input: MapCreateInput): Promise<unknown>;
-    update(tail: string, patch: MapUpdateInput): Promise<unknown>;
-    delete(tail: string): Promise<unknown>;
+    create(input: MapCreateInput, opts?: TenantTargetOptions): Promise<unknown>;
+    update(tail: string, patch: MapUpdateInput, opts?: TenantTargetOptions): Promise<unknown>;
+    delete(tail: string, opts?: TenantTargetOptions): Promise<unknown>;
 }
 declare class TenantContractsNamespace {
     private readonly client;
     constructor(client: TenantClient);
-    publish(input: ContractPublishInput): Promise<unknown>;
-    register(input: ContractPublishInput): Promise<unknown>;
-    disable(tail: string): Promise<unknown>;
-    enable(tail: string): Promise<unknown>;
-    unregister(tail: string): Promise<unknown>;
+    publish(input: ContractPublishInput, opts?: TenantTargetOptions): Promise<unknown>;
+    register(input: ContractPublishInput, opts?: TenantTargetOptions): Promise<unknown>;
+    disable(tail: string, opts?: TenantTargetOptions): Promise<unknown>;
+    enable(tail: string, opts?: TenantTargetOptions): Promise<unknown>;
+    unregister(tail: string, opts?: TenantTargetOptions): Promise<unknown>;
     /**
      * Read back debug log entries the tenant's own contract emitted via
      * `logging::info/debug/error`. Scans the per-(tenant, contract) ring written
@@ -3348,8 +3453,32 @@ declare class TenantClient {
     readonly contracts: TenantContractsNamespace;
     readonly token: TenantTokenNamespace;
     constructor(config: TenantClientConfig);
+    /**
+     * Admit an org-owned tenant via the cluster-admin `tenant.admit-for-org`
+     * action.
+     *
+     * This is a signed cluster-admin operation dispatched to `POST /api/admin`
+     * with an `x-admin-signature` header. The caller supplies a `signAdminBody`
+     * function that signs the serialised JSON body (Ethereum personal-sign style,
+     * identical to the `token.transfer` admin operation pattern).
+     *
+     * The org DID becomes the tenant DID (the org's `z:<org-did-hex>:` namespace).
+     * The call is rejected if an `idx:_tenants` row already exists for the org DID,
+     * if `OrgPolicyMeta` is absent, or if the admin set is empty.
+     */
+    admitForOrg(opts: AdmitForOrgOptions): Promise<unknown>;
     getEnvironment(): TenantClientConfig["environment"];
     canonicalName(tail: string): string;
+    /**
+     * Build a canonical `z:<tid>:<tail>` map/contract name for a tenant-targeted
+     * control call. When `tenantTarget` is supplied the name is rooted at that
+     * tenant's namespace, so the `tenant` arg and the resource name agree;
+     * otherwise it falls back to the configured `tenantDid`. Deriving the name
+     * from `config.tenantDid` while targeting a different tenant produces a
+     * `z:<configTid>:` name the server rejects (or, worse, mutates the caller's
+     * own namespace) — this keeps the two in lockstep.
+     */
+    canonicalNameForTarget(tail: string, tenantTarget?: string): string;
     controlPayload(functionName: string, input: unknown): Promise<JsonObject>;
     executeControl(functionName: string, input: unknown): Promise<unknown>;
     executeBusinessContract<T = unknown>(session: TenantExecutionSession, options: ExecuteBusinessContractOptions<T>): Promise<T>;
@@ -3366,5 +3495,5 @@ declare function tenantDidHex(tenantDid: string): string;
 declare function validateTail(tail: string): string;
 declare function canonicalTenantName(tenantDid: string, tail: string): string;
 
-export { AGENT_PUBKEY_LEN, AuthMethod, AuthenticationError, BASE_UNITS_PER_TOKEN, ContractResponseError, DEFAULT_INDIVIDUAL_THRESHOLD_CENTS, DEFAULT_KYC_POLL_CADENCE, DELEGATION_CREDENTIAL_DOMAIN, DELEGATION_INVOCATION_DOMAIN, DelegationCustodialClient, ETH_SIG_LEN, HandshakeError, HttpTransport, KycStatusTimeoutError, LogLevel, MAX_FUNCTIONS_PER_CREDENTIAL, MockTransport, NODE_URLS, NONCE_LEN, OrgDataClient, OtpRateLimitedError, PAYROLL_FUNCTIONS_V1, REQUEST_HASH_LEN, RpcError, SessionExpiredError, SessionOrgDataClient, SessionStateError, SessionStatus, T3nClient, T3nError, TERMINAL_KYC_STATUSES, TOKEN_DECIMALS, TenantClient, TenantContractsNamespace, TenantMapsNamespace, TenantNamespace, TenantSdkValidationError, TenantTokenNamespace, UnsupportedTenantSdkOperationError, UserUpsertError, VC_ID_LEN, WasmError, _b64uEncode, assertShape, b64uDecodeStrict, b64uEncodeBytes, buildDelegationCredential, buildInvocationPreimage, buildPayrollDirectInvocation, buildPayrollInvocation, bytesToString, canonicalTenantName, canonicaliseCredential, canonicaliseRequest, clearKeyCache, compactDidFromBytes, createDefaultHandlers, createEmailOtpAuthInput, createEthAuthInput, createLogger, createMlKemPublicKeyHandler, createOidcAuthInput, createOrgDataClientFromSession, createRandomHandler, decodeWasmErrorMessage, eip191Digest, ethRecoverEip191, eth_get_address, extractWasmError, fetchDkgAttestation, fetchMlKemPublicKey, formatTokens, generateRandomString, generateUUID, getEnvironment, getEnvironmentName, getGlobalLogLevel, getLogger, getNodeUrl, getScriptVersion, isDataGetResponse, isDataListResponse, isMutationResponse, isObject, isOrgContractGrants, isOrgPolicyMeta, isOrgWriters, loadConfig, loadWasmComponent, maskKeyMaterial, metamask_get_address, metamask_sign, parseContractResponse, redactSecrets, redactSecretsFromJson, requestHash, revokeDelegation, setEnvironment, setGlobalLogLevel, setNodeUrl, signAgentInvocation, signCredential, stringToBytes, tenantDidHex, toBaseUnits, validateConfig, validateCredentialBody, validateTail, verifyDkgAttestation, verifyTdxQuote };
-export type { AgeBand, AuthInput, BalanceRow, BuildDelegationCredentialOpts, BuildPayrollDirectInvocationOpts, BuildPayrollInvocationOpts, ChargeReason, ClientAuth, ClientHandshake, ConfigValidationResult, ContractExecuteInput, ContractPublishInput, ContractResponseSchema, CreatePolicyInput, DataGetInput, DataGetResponse, DataListInput, DataListResponse, DelegationCredential, DelegationCustodialClientOpts, DelegationEnvelope, DeleteDataInput, DeleteGrantsInput, DeleteScopeInput, Did, Direction, DkgAttestation, DkgVerifyResult, EmailOtpAuthInput, EmailOtpCredentials, EmployeeRecord, EmploymentStatus, Environment, EthAuthInput, ExecuteBusinessContractOptions, ExecuteOrgDataActionOptions, ExpenseClaim, GetUsageOptions, GrantsGetInput, GuestToHostHandler, GuestToHostHandlers, HandshakeResult, JsonRpcRequest, JsonRpcResponse, KycPollCadence, KycPollOptions, KycStatus, KycStatusKind, Logger, MapCreateInput, MapResponse, MapUpdateInput, MapVisibility, MutationResponse, OidcAuthInput, OidcCredentials, OrgContractGrants, OrgDataActionWire, OrgDataClientOptions, OrgPolicyMeta, OrgWriters, OtpChannel, OtpMergeSuggestion, OtpRequestInput, OtpRequestResult, OtpVerifyInput, OtpVerifyResult, PayrollInvocation, PayrollInvocationDelegated, PayrollInvocationDirect, PayrollRunRequest, PeerQuoteResult, PolicyGetInput, QuoteVerifyResult, ReaderSet, ResidencyCategory, RevokeDelegationOpts, RevokeDelegationResult, SdkConfig, SessionCrypto, SessionId, SetGrantsInput, SetWritersInput, SignCustodialResult, SignDelegationResponse, SubmitUserInputArgs, SubmitUserInputResult, T3nClientConfig, TenantAdmitProjection, TenantAdmitStatus, TenantBaseClient, TenantClientConfig, TenantContractExecuteInput, TenantContractPublishInput, TenantExecutionSession, TenantMapCreateInput, TenantMapUpdatePatch, TenantMeResponse, TenantSdkEnvironment, TenantSelfAdmitResult, TenantStatus, TokenTxKind, Transport, UpdateMetaInput, UsageEntry, UsagePage, UserGrant, UserInputProfile, UserUpsertErrorKind, WasmComponent, WasmNextResult, WriteDataInput, WriterSet, WritersGetInput };
+export { AGENT_PUBKEY_LEN, AuthMethod, AuthenticationError, BASE_UNITS_PER_TOKEN, ContractResponseError, DEFAULT_INDIVIDUAL_THRESHOLD_CENTS, DEFAULT_KYC_POLL_CADENCE, DELEGATION_CREDENTIAL_DOMAIN, DELEGATION_INVOCATION_DOMAIN, DelegationCustodialClient, ETH_SIG_LEN, HandshakeError, HttpTransport, KycStatusTimeoutError, LogLevel, MAX_FUNCTIONS_PER_CREDENTIAL, MockTransport, NODE_URLS, NONCE_LEN, OrgDataClient, OtpRateLimitedError, REQUEST_HASH_LEN, RpcError, SessionExpiredError, SessionOrgDataClient, SessionStateError, SessionStatus, T3nClient, T3nError, TERMINAL_KYC_STATUSES, TOKEN_DECIMALS, TenantClient, TenantContractsNamespace, TenantMapsNamespace, TenantNamespace, TenantSdkValidationError, TenantTokenNamespace, UnsupportedTenantSdkOperationError, UserUpsertError, VC_ID_LEN, WasmError, Z_PAYROLL_AUDIT_READ_FUNCTIONS, Z_PAYROLL_RUN_FUNCTIONS, _b64uEncode, assertShape, b64uDecodeStrict, b64uEncodeBytes, buildDelegationCredential, buildInvocationPreimage, buildPayrollDirectInvocation, buildPayrollInvocation, bytesToString, canonicalTenantName, canonicaliseCredential, canonicaliseRequest, clearKeyCache, compactDidFromBytes, createDefaultHandlers, createEmailOtpAuthInput, createEthAuthInput, createLogger, createMlKemPublicKeyHandler, createOidcAuthInput, createOrgDataClientFromSession, createRandomHandler, decodeWasmErrorMessage, eip191Digest, ethRecoverEip191, eth_get_address, extractWasmError, fetchDkgAttestation, fetchMlKemPublicKey, formatTokens, generateRandomString, generateUUID, getEnvironment, getEnvironmentName, getGlobalLogLevel, getLogger, getNodeUrl, getScriptVersion, isDataGetResponse, isDataListResponse, isMutationResponse, isObject, isOrgContractGrants, isOrgPolicyMeta, isOrgPolicyView, isOrgWriters, loadConfig, loadWasmComponent, maskKeyMaterial, metamask_get_address, metamask_sign, parseContractResponse, redactSecrets, redactSecretsFromJson, requestHash, revokeDelegation, setEnvironment, setGlobalLogLevel, setNodeUrl, signAgentInvocation, signCredential, stringToBytes, tenantDidHex, toBaseUnits, validateConfig, validateCredentialBody, validateTail, verifyDkgAttestation, verifyTdxQuote };
+export type { AdmitForOrgOptions, AuthInput, BalanceRow, BuildDelegationCredentialOpts, BuildPayrollDirectInvocationOpts, BuildPayrollInvocationOpts, ChargeReason, ClientAuth, ClientHandshake, ConfigValidationResult, ContractExecuteInput, ContractPublishInput, ContractResponseSchema, CreatePolicyInput, DataGetInput, DataGetResponse, DataListInput, DataListResponse, DelegationCredential, DelegationCustodialClientOpts, DelegationEnvelope, DeleteDataInput, DeleteGrantsInput, DeleteScopeInput, Did, Direction, DkgAttestation, DkgVerifyResult, EmailOtpAuthInput, EmailOtpCredentials, Environment, EthAuthInput, ExecuteBusinessContractOptions, ExecuteOrgDataActionOptions, GetUsageOptions, GrantsGetInput, GuestToHostHandler, GuestToHostHandlers, HandshakeResult, JsonRpcRequest, JsonRpcResponse, KycPollCadence, KycPollOptions, KycStatus, KycStatusKind, Logger, MapCreateInput, MapResponse, MapUpdateInput, MapVisibility, MutationResponse, OidcAuthInput, OidcCredentials, OrgContractGrants, OrgDataActionWire, OrgDataClientOptions, OrgPolicyMeta, OrgPolicyView, OrgWriters, OtpChannel, OtpMergeSuggestion, OtpRequestInput, OtpRequestResult, OtpVerifyInput, OtpVerifyResult, PayrollInvocation, PayrollInvocationDelegated, PayrollInvocationDirect, PayrollRunRequest, PeerQuoteResult, PolicyGetInput, QuoteVerifyResult, ReaderSet, RevokeDelegationOpts, RevokeDelegationResult, SdkConfig, SessionCrypto, SessionId, SetGrantsInput, SetWritersInput, SignCustodialResult, SignDelegationResponse, SubmitUserInputArgs, SubmitUserInputResult, T3nClientConfig, TenantAdmitProjection, TenantAdmitStatus, TenantBaseClient, TenantClientConfig, TenantContractExecuteInput, TenantContractPublishInput, TenantExecutionSession, TenantMapCreateInput, TenantMapUpdatePatch, TenantMeResponse, TenantSdkEnvironment, TenantSelfAdmitResult, TenantStatus, TenantTargetOptions, TokenTxKind, Transport, UpdateMetaInput, UsageEntry, UsagePage, UserGrant, UserInputProfile, UserUpsertErrorKind, WasmComponent, WasmNextResult, WriteDataInput, WriterSet, WritersGetInput };