@terminal3/t3n-sdk 3.3.0 → 3.4.1

package/dist/src/config/index.d.ts

@@ -1,82 +0,0 @@
-/**
- * Configuration entry point for T3n SDK
- *
- * The SDK no longer bundles ML-KEM root public keys. Instead, the active node
- * URL is derived from the current environment (or an explicit override / the
- * client's `baseUrl`), and the ML-KEM public key is fetched lazily from
- * `${nodeUrl}/status` (`encaps_key` field) and cached per-URL.
- */
-import type { SdkConfig, Environment } from "./types";
-/**
- * Default node URLs per environment. Override at runtime via `setNodeUrl()`
- * or by passing `baseUrl` to `T3nClient`.
- */
-export declare const NODE_URLS: Record<Environment, string>;
-/** DKG attestation bundle from the cluster. */
-export interface DkgAttestation {
-    /** Sorted base58 peer IDs that participated in DKG. */
-    peer_ids: string[];
-    /** Per-node TDX quotes keyed by base58 peer ID (base64-encoded). */
-    quotes: Record<string, string>;
-    /**
-     * Base64-encoded raw attestation message: `encaps_key || sorted_peer_ids`.
-     * Each quote's `report_data` is `keccak512(attestation_msg)`.
-     */
-    attestation_msg: string;
-}
-/**
- * Set the active environment. Clears any previous URL override and the key
- * cache so the next fetch uses the new environment's default URL.
- */
-export declare function setEnvironment(env: Environment): void;
-export declare function getEnvironment(): Environment;
-export declare function getEnvironmentName(): string;
-/**
- * Override the node URL for the current process. Pass `null` to clear and
- * fall back to the environment default.
- *
- * Always clears the per-URL key cache, including the `setNodeUrl(sameUrl)`
- * case — that's the explicit "force a refresh after a node-side ML-KEM
- * rotation" entry point. Keeping a no-op-call optimization here would
- * silently defeat that contract; an extra fetch on a no-op call is cheap.
- */
-export declare function setNodeUrl(url: string | null): void;
-/** Resolve the active node URL: explicit `baseUrl` > override > env default. */
-export declare function getNodeUrl(baseUrl?: string): string;
-/**
- * Fetch the ML-KEM root public key from `${nodeUrl}/status`. Cached
- * per URL because the key is stable for the cluster's lifetime (a
- * new DKG means a full redeploy; callers clear the cache via
- * `clearKeyCache()` or `setNodeUrl()` in that case).
- *
- * Returns only the base64-encoded key. For the DKG attestation
- * bundle (which changes over time as peer quotes replicate via
- * Raft), call `fetchDkgAttestation()` \u2014 that path is
- * intentionally uncached.
- */
-export declare function fetchMlKemPublicKey(baseUrl?: string): Promise<string>;
-/**
- * Fetch the DKG attestation bundle from `${nodeUrl}/status`. Never
- * cached \u2014 peer quotes are written to consensus KV asynchronously
- * during cluster bootstrap, so early reads may see a subset of the
- * expected quotes. Caching would pin an incomplete bundle and cause
- * spurious `valid_count < expected_count` failures in
- * `verifyDkgAttestation()` for the whole process lifetime.
- *
- * Returns `undefined` when the node has not yet published an
- * attestation (e.g. still bootstrapping, or running with a mock
- * signer where attestation is skipped by design).
- */
-export declare function fetchDkgAttestation(baseUrl?: string): Promise<DkgAttestation | undefined>;
-/** Clear the cached ML-KEM public keys. Useful in tests. */
-export declare function clearKeyCache(): void;
-/**
- * Return the resolved SDK configuration for the current environment.
- * Note: this no longer includes the ML-KEM key — fetch it via
- * `fetchMlKemPublicKey()`.
- */
-export declare function loadConfig(baseUrl?: string): SdkConfig;
-export { verifyTdxQuote, verifyDkgAttestation } from "../wasm/quote-verifier-loader";
-export type { QuoteVerifyResult, DkgVerifyResult, PeerQuoteResult, } from "../wasm/quote-verifier-loader";
-export type { SdkConfig, Environment, ConfigValidationResult } from "./types";
-export { validateConfig } from "./loader";

package/dist/src/config/loader.d.ts

@@ -1,8 +0,0 @@
-/**
- * Configuration validation for T3n SDK
- */
-import type { ConfigValidationResult } from "./types";
-/**
- * Validate SDK configuration
- */
-export declare function validateConfig(config: unknown): ConfigValidationResult;

package/dist/src/config/types.d.ts

@@ -1,25 +0,0 @@
-/**
- * Configuration types for T3n SDK
- */
-/**
- * Environment type for SDK configuration
- */
-export type Environment = "local" | "staging" | "testnet" | "production" | "test";
-/**
- * SDK configuration structure
- */
-export interface SdkConfig {
-    /** Environment identifier */
-    environment: Environment;
-    /** Resolved node URL (used both for RPC and for fetching the ML-KEM key) */
-    nodeUrl: string;
-    /** Configuration version */
-    version: string;
-}
-/**
- * Configuration validation result
- */
-export interface ConfigValidationResult {
-    valid: boolean;
-    errors: string[];
-}

package/dist/src/index.d.ts

@@ -1,39 +0,0 @@
-/**
- * T3n TypeScript SDK
- *
- * A minimal TypeScript SDK that mirrors the server's RPC handler approach,
- * keeping all state machine logic hidden in WASM and providing a clean,
- * agnostic wrapper that doesn't expose authentication methods or internal states.
- */
-export { T3nClient } from "./client";
-export type { T3nClientConfig } from "./client";
-export type { HandshakeResult } from "./types";
-export { parseContractResponse, ContractResponseError, } from "./client";
-export type { ContractResponseSchema, } from "./client";
-export type { Logger } from "./utils/logger";
-export { LogLevel, createLogger, getLogger, setGlobalLogLevel, getGlobalLogLevel, } from "./utils/logger";
-export type { Transport, JsonRpcRequest, JsonRpcResponse } from "./client";
-export { HttpTransport, MockTransport } from "./client";
-export type { SessionId, Did, OidcCredentials, AuthInput, EthAuthInput, OidcAuthInput, GuestToHostHandler, GuestToHostHandlers, } from "./types";
-export { SessionStatus, AuthMethod, createEthAuthInput, createOidcAuthInput, } from "./types";
-export type { KycStatus, KycStatusKind, KycPollOptions, KycPollCadence, } from "./types/kyc";
-export { DEFAULT_KYC_POLL_CADENCE, TERMINAL_KYC_STATUSES, KycStatusTimeoutError, } from "./types/kyc";
-export type { OtpChannel, OtpRequestInput, OtpRequestResult, OtpVerifyInput, OtpVerifyResult, OtpMergeSuggestion, UserInputProfile, SubmitUserInputArgs, SubmitUserInputResult, TenantAdmitProjection, TenantAdmitStatus, UserUpsertErrorKind, } from "./types/user";
-export { UserUpsertError } from "./types/user";
-export type { UsagePage, UsageEntry, GetUsageOptions, BalanceRow, TokenTxKind, Direction, ChargeReason, } from "./types/token";
-export { OrgDataClient, SessionOrgDataClient, createOrgDataClientFromSession, } from "./client/org-data";
-export type { OrgDataClientOptions, CreatePolicyInput, UpdateMetaInput, SetWritersInput, SetGrantsInput, DeleteGrantsInput, WriteDataInput, DeleteDataInput, DeleteScopeInput, PolicyGetInput, WritersGetInput, GrantsGetInput, DataListInput, DataGetInput, ExecuteOrgDataActionOptions, } from "./client/org-data";
-export type { OrgDataActionWire, OrgPolicyMeta, OrgWriters, OrgContractGrants, UserGrant, EmployeeRecord, EmploymentStatus, ResidencyCategory, AgeBand, ExpenseClaim, MutationResponse, DataListResponse, DataGetResponse, } from "./types/org-data";
-export { DelegationCustodialClient } from "./client/delegation";
-export type { DelegationCustodialClientOpts, SignCustodialResult, } from "./client/delegation";
-export { DELEGATION_CREDENTIAL_DOMAIN, DELEGATION_INVOCATION_DOMAIN, VC_ID_LEN, NONCE_LEN, REQUEST_HASH_LEN, AGENT_PUBKEY_LEN, ETH_SIG_LEN, MAX_FUNCTIONS_PER_CREDENTIAL, PAYROLL_FUNCTIONS_V1, DEFAULT_INDIVIDUAL_THRESHOLD_CENTS, buildDelegationCredential, validateCredentialBody, canonicaliseCredential, canonicaliseRequest, requestHash, buildInvocationPreimage, eip191Digest, signCredential, ethRecoverEip191, signAgentInvocation, buildPayrollInvocation, buildPayrollDirectInvocation, revokeDelegation, compactDidFromBytes, b64uEncodeBytes, b64uDecodeStrict, _b64uEncode, } from "./client/delegation";
-export type { DelegationCredential, DelegationEnvelope, PayrollRunRequest, PayrollInvocationDelegated, PayrollInvocationDirect, PayrollInvocation, SignDelegationResponse, BuildDelegationCredentialOpts, BuildPayrollInvocationOpts, BuildPayrollDirectInvocationOpts, RevokeDelegationOpts, RevokeDelegationResult, } from "./client/delegation";
-export { metamask_sign, metamask_get_address, eth_get_address, createDefaultHandlers, createMlKemPublicKeyHandler, createRandomHandler, } from "./client/handlers";
-export type { WasmComponent, ClientHandshake, ClientAuth, SessionCrypto, WasmNextResult, } from "./wasm";
-export { loadWasmComponent } from "./wasm";
-export { generateRandomString, generateUUID, getScriptVersion, stringToBytes, bytesToString, redactSecrets, redactSecretsFromJson, } from "./utils";
-export { T3nError, SessionStateError, AuthenticationError, HandshakeError, RpcError, SessionExpiredError, WasmError, decodeWasmErrorMessage, extractWasmError, } from "./utils/errors";
-export { assertShape, isObject } from "./utils/shape";
-export { isMutationResponse, isOrgPolicyMeta, isOrgWriters, isOrgContractGrants, isDataListResponse, isDataGetResponse, } from "./types/org-data";
-export type { SdkConfig, Environment, ConfigValidationResult, DkgAttestation, QuoteVerifyResult, DkgVerifyResult, PeerQuoteResult, } from "./config";
-export { loadConfig, fetchMlKemPublicKey, fetchDkgAttestation, verifyTdxQuote, verifyDkgAttestation, clearKeyCache, getEnvironmentName, getEnvironment, setEnvironment, setNodeUrl, getNodeUrl, NODE_URLS, validateConfig, } from "./config";

package/dist/src/types/auth.d.ts

@@ -1,66 +0,0 @@
-/**
- * Authentication-related types for T3n SDK
- */
-/**
- * Authentication method enum
- */
-export declare enum AuthMethod {
-    Ethereum = "eth",
-    OIDC = "oidc"
-}
-/**
- * Ethereum signer interface - only what user provides to start auth
- */
-export interface EthereumSigner {
-    getPublicKey(): string;
-    signMessage(message: Uint8Array): Promise<Uint8Array>;
-}
-/**
- * OIDC credentials interface.
- *
- * The TEE generates a session-binding nonce that must be included in
- * the Google authorization URL (`&nonce=…`). The `getIdToken` callback
- * receives this nonce and must return the `id_token` JWT obtained
- * from the OIDC provider with the nonce baked into its claims.
- */
-export interface OidcCredentials {
-    provider: string;
-    getIdToken: (nonce: string) => Promise<string>;
-}
-/**
- * Base authentication input with method discriminator
- */
-interface BaseAuthInput {
-    method: AuthMethod;
-}
-/**
- * Ethereum authentication options
- */
-export interface EthAuthOptions {
-    ethDerived?: boolean;
-}
-/**
- * Ethereum authentication input
- */
-export interface EthAuthInput extends BaseAuthInput {
-    method: AuthMethod.Ethereum;
-    address: string;
-    ethDerived?: boolean;
-}
-/**
- * OIDC authentication input
- */
-export interface OidcAuthInput extends BaseAuthInput {
-    method: AuthMethod.OIDC;
-    credentials: OidcCredentials;
-}
-/**
- * Union type for all supported authentication inputs
- */
-export type AuthInput = EthAuthInput | OidcAuthInput;
-/**
- * Helper functions to create auth inputs
- */
-export declare function createEthAuthInput(address: string, options?: EthAuthOptions): EthAuthInput;
-export declare function createOidcAuthInput(credentials: OidcCredentials): OidcAuthInput;
-export {};

package/dist/src/types/index.d.ts

@@ -1,45 +0,0 @@
-/**
- * Public types export for T3n SDK
- */
-/**
- * Guest-to-Host request handler function type
- *
- * Handles requests from WASM guest that need host (SDK) to perform side
- * effects. The exact shape of `requestData` depends on the specific
- * handler — see `GuestToHostHandlers` below for the per-handler shapes.
- * The wrapper layer in `T3nClient.handleGuestToHost` parses the JSON
- * envelope and calls the matching handler with the parsed data, so
- * each handler's implementation should narrow `requestData` to its
- * own expected shape.
- */
-export type GuestToHostHandler = (requestData: Record<string, unknown>) => Promise<Uint8Array>;
-/**
- * Map of guest-to-host request handlers
- * Keys match the guest_to_host tag values from the WASM
- */
-export interface GuestToHostHandlers {
-    /**
-     * Handle Ethereum signature requests
-     * requestData: { guest_to_host: "EthSign", challenge: string (base64) }
-     * Returns: JSON bytes of { host_to_guest: "EthSign", challenge: string, signature: string }
-     */
-    EthSign?: GuestToHostHandler;
-    /**
-     * Handle MlKem public key requests
-     * requestData: { guest_to_host: "MlKemPublicKey" }
-     * Returns: JSON bytes of { host_to_guest: "MlKemPublicKey", key: string }
-     */
-    MlKemPublicKey?: GuestToHostHandler;
-    /**
-     * Handle random bytes requests
-     * requestData: { guest_to_host: "Random", len?: number }
-     * Returns: JSON bytes of { host_to_guest: "Random", bytes: string (base64) }
-     */
-    Random?: GuestToHostHandler;
-    [key: string]: GuestToHostHandler | undefined;
-}
-export * from "./session";
-export * from "./auth";
-export * from "./user";
-export * from "./org-data";
-export * from "./token";

package/dist/src/types/kyc.d.ts

@@ -1,135 +0,0 @@
-/**
- * KYC types for the `tee:user/contracts::kyc-status` short-poll
- * function added in MAT-1202.
- *
- * The shape mirrors `tee_contracts/user/src/kyc_status.rs::KycStatusResponse`.
- * Keep the two in sync — the bytes go straight from the contract
- * through the JSON-RPC envelope into [[T3nClient.kycStatus]].
- */
-import { T3nError } from "../utils/errors";
-/**
- * Terminal status for a Level 2 KYC verification, plus `pending`.
- *
- * - `pending` — provider has not delivered a verdict yet, or the
- *   webhook arrived but the post-action VC issuance hasn't completed.
- * - `verified` — provider approved AND a VC has been issued. `vcIds`
- *   carries the issued credential ids.
- * - `rejected` — provider declined / required resubmission /
- *   expired / the user abandoned the flow. `error` may carry a
- *   provider-supplied reason.
- * - `orphan` — a Veriff webhook arrived with a `vendorData` that
- *   couldn't be matched to any user (T3-TS-024 §3.4). Should not
- *   happen in the MetaMask flow but the contract surfaces it for
- *   completeness.
- */
-export type KycStatusKind = "pending" | "verified" | "rejected" | "orphan";
-/**
- * Snapshot returned by `tee:user/contracts::kyc-status`.
- *
- * Field names use camelCase on the SDK boundary even though the
- * wire is snake_case — the wrapper rewrites keys at the client edge
- * so callers don't see the JSON shape leaking through.
- */
-export interface KycStatus {
-    /** Terminal status if reached, otherwise `pending`. */
-    status: KycStatusKind;
-    /**
-     * Provider being polled. Echoed back so callers that didn't
-     * supply one see the contract's default (`"veriff"` in phase one).
-     */
-    provider: string;
-    /**
-     * Unix-millis of the latest contract-visible event:
-     * VC issuance time, attestation arrival time, session-row
-     * `started_at_ms`, or orphan-record arrival time. Best-effort —
-     * `undefined` when no source carries a usable timestamp.
-     */
-    updatedAt?: number;
-    /**
-     * VC ids appended for this provider, in append order. Empty for
-     * `pending` / `rejected` / `orphan`.
-     */
-    vcIds: string[];
-    /**
-     * Provider-supplied reason for `rejected`, when available.
-     */
-    error?: string;
-}
-/**
- * Polling cadence for [[T3nClient.kycStatusPoll]]. Defaults match
- * T3-TS-026 §8.4: poll fast for the first 30 seconds, then back
- * off, and bail after 5 minutes.
- */
-export interface KycPollCadence {
-    /** Poll interval in ms while `elapsed < switchAtMs`. Default: 2000. */
-    fastMs: number;
-    /** Poll interval in ms once `elapsed >= switchAtMs`. Default: 5000. */
-    slowMs: number;
-    /** Elapsed-ms threshold to switch from fast to slow cadence. Default: 30_000. */
-    switchAtMs: number;
-    /**
-     * Maximum total time to spend polling before rejecting with
-     * [[KycStatusTimeoutError]]. Default: 300_000 (5 minutes).
-     */
-    timeoutMs: number;
-}
-/**
- * Optional knobs for [[T3nClient.kycStatusPoll]]. Most callers won't
- * touch any of these — the §8.4 defaults are baked in.
- */
-export interface KycPollOptions {
-    /**
-     * Cancellation signal. When aborted, the helper rejects with
-     * `signal.reason` (or a generic `AbortError` if the consumer
-     * didn't supply a reason). The currently-in-flight `kycStatus()`
-     * call also receives the signal so it can short-circuit.
-     */
-    signal?: AbortSignal;
-    /**
-     * Called with every snapshot the helper receives, including
-     * non-terminal `pending` ones. Useful for surfacing intermediate
-     * UI states (e.g. "still waiting on provider…"). Errors thrown
-     * from this callback are caught and ignored — they must not
-     * sink the poll loop.
-     */
-    onUpdate?: (status: KycStatus) => void;
-    /**
-     * Override one or more cadence fields. Anything not specified
-     * uses the §8.4 defaults from [[DEFAULT_KYC_POLL_CADENCE]].
-     */
-    cadence?: Partial<KycPollCadence>;
-    /**
-     * Provider id to poll. Defaults to the contract default
-     * (`"veriff"` in phase one). Mirrored on the wire as
-     * `input.provider_id`.
-     */
-    providerId?: string;
-}
-/**
- * Default cadence used by [[T3nClient.kycStatusPoll]] when the caller
- * doesn't override `cadence.*`. Matches T3-TS-026 §8.4 verbatim.
- */
-export declare const DEFAULT_KYC_POLL_CADENCE: KycPollCadence;
-/**
- * Subset of [[KycStatusKind]] that ends a poll. `pending` is the
- * only non-terminal value.
- */
-export declare const TERMINAL_KYC_STATUSES: ReadonlySet<KycStatusKind>;
-/**
- * Thrown by [[T3nClient.kycStatusPoll]] when the cadence's
- * `timeoutMs` elapses without a terminal status arriving. The
- * `lastStatus` field is the most recent (necessarily `pending`)
- * snapshot the helper saw, useful for surfacing "we tried for N
- * minutes but Veriff is still working" UX.
- */
-export declare class KycStatusTimeoutError extends T3nError {
-    /** The §8.4 timeout the helper exhausted. */
-    readonly timeoutMs: number;
-    /** The last `pending` snapshot before timeout, if any. */
-    readonly lastStatus?: KycStatus | undefined;
-    constructor(
-    /** The §8.4 timeout the helper exhausted. */
-    timeoutMs: number, 
-    /** The last `pending` snapshot before timeout, if any. */
-    lastStatus?: KycStatus | undefined);
-}

package/dist/src/types/org-data.d.ts

@@ -1,180 +0,0 @@
-/**
- * Org-data wire types mirroring the Rust contract shapes in
- * `tee-contract-org-data` and `org-data-types`.
- *
- * Plain TypeScript interfaces (no zod) — the SDK does not use a
- * validation library for domain types; see the existing `types/` files.
- *
- * Each response type below is paired with a shallow runtime predicate
- * (`isMutationResponse`, `isOrgPolicyMeta`, etc.) so the org-data client
- * can `assertShape` the decoded payload before returning to callers.
- * Predicates check the top-level structure only; nested elements
- * (e.g. each `UserGrant` inside `OrgContractGrants.grants`) are not
- * deeply validated — see `utils/shape.ts` for the rationale.
- *
- * Reference: `org-data-types/src/lib.rs` and
- * `tee-contract-org-data/src/org_data.rs`.
- */
-/**
- * Capability grant stored under `ORG_CONTRACT_GRANTS_MAP`.
- *
- * Mirrors `org_data_types::UserGrant`.
- */
-export interface UserGrant {
-    /** The user this grant applies to (`did:t3n:<40-hex>`). */
-    user_did: string;
-    /** WIT function names the user may invoke (e.g. `"run-payroll"`). */
-    functions: string[];
-    /** Data scope paths the user may access (e.g. `"payroll/employees"`). */
-    scopes: string[];
-    /**
-     * Optional key-value constraints that must match the request metadata
-     * exactly for every key present in this map.
-     */
-    constraints: Record<string, string>;
-    /** Unix timestamp (secs) after which this grant is expired. `null` means never expires. */
-    expires_at_secs: number | null;
-}
-/**
- * Policy record for an organisation's data tier.
- *
- * Mirrors `org_data_types::OrgPolicyMeta`.
- */
-export interface OrgPolicyMeta {
-    /** DIDs (`did:t3n:<40-hex>`) of users authorised to manage policy and read data. */
-    admins: string[];
-    /** Maximum number of admins allowed for this org. */
-    max_admins: number;
-    /** Unix timestamp (secs) when the policy was first created. */
-    created_at_secs: number;
-    /** Unix timestamp (secs) of the most recent policy update. */
-    updated_at_secs: number;
-}
-/** Shallow runtime guard for {@link OrgPolicyMeta}. */
-export declare function isOrgPolicyMeta(value: unknown): value is OrgPolicyMeta;
-export type EmploymentStatus = "Active" | "Terminated";
-/** Singapore CPF residency categories. */
-export type ResidencyCategory = "Citizen" | "Pr1" | "Pr2" | "PrThreePlus" | "Foreigner";
-export type AgeBand = "Under35" | "Age35To45" | "Age45To50" | "Age50To55" | "Age55To60" | "Age60To65" | "Over65";
-export interface ExpenseClaim {
-    claim_id: string;
-    amount_cents: number;
-    category: string;
-    description: string;
-    per_diem_days?: number;
-}
-/**
- * Employee data row stored under `OrgData[org || "payroll/employees" || entry_id]`.
- *
- * Mirrors `tee-contract-payroll::types::EmployeeRecord`.
- */
-export interface EmployeeRecord {
-    employee_id: string;
-    employment_status: EmploymentStatus;
-    is_on_probation: boolean;
-    hire_date: string;
-    termination_date?: string;
-    /** Monthly gross base salary in integer cents SGD. */
-    base_salary_cents: number;
-    unpaid_leave_days: number;
-    working_days_in_period: number;
-    overtime_hours: number;
-    hourly_rate_cents: number;
-    residency: ResidencyCategory;
-    age_band: AgeBand;
-    expense_claims: ExpenseClaim[];
-    /** Opaque reference used by the service layer for disbursement. */
-    bank_account_ref: string;
-    bank_account_changed_recently: boolean;
-}
-/**
- * Standard response returned by all policy write and data mutation operations.
- *
- * Mirrors `tee-contract-org-data::org_data::MutationResponse`.
- */
-export interface MutationResponse {
-    /** `"created"`, `"updated"`, or `"deleted"`. */
-    status: string;
-    /** Hex-encoded entry ID; present on data write/delete operations. */
-    entry_id?: string;
-    /** Whether the target key existed before deletion; present on single-entry deletes. */
-    deleted?: boolean;
-    /** Number of entries removed; present on `org-data-delete-scope`. */
-    deleted_entries?: number;
-    tx_hash: string | null;
-}
-/**
- * Shallow runtime guard for {@link MutationResponse}.
- *
- * Only the always-present fields are checked — `status` is mandatory on
- * every mutation; `tx_hash` is non-optional but nullable. The optional
- * fields (`entry_id`, `deleted`, `deleted_entries`) are not validated
- * because their presence depends on which mutation ran.
- */
-export declare function isMutationResponse(value: unknown): value is MutationResponse;
-/**
- * Response type alias for org-writers-get.
- *
- * The wire body is `{ writers: string[] }` where each entry is
- * `did:t3n:<40-hex>`.
- */
-export interface OrgWriters {
-    writers: string[];
-}
-/** Shallow runtime guard for {@link OrgWriters}. */
-export declare function isOrgWriters(value: unknown): value is OrgWriters;
-/**
- * Response type alias for org-grants-get.
- *
- * The wire body echoes the `contract_id` alongside the grant list.
- */
-export interface OrgContractGrants {
-    contract_id: string;
-    grants: UserGrant[];
-}
-/**
- * Shallow runtime guard for {@link OrgContractGrants}.
- *
- * Validates the immediate envelope (`contract_id: string`, `grants:
- * array`) without recursing into each `UserGrant`. The Rust contract
- * is the source of truth for grant element shape; widening the predicate
- * here would create maintenance churn against benign field additions.
- */
-export declare function isOrgContractGrants(value: unknown): value is OrgContractGrants;
-/** Response for `org-data-list`. */
-export interface DataListResponse {
-    /** Hex-encoded entry IDs for this page. */
-    entry_ids: string[];
-    /** Offset to pass for the next page. `null` when this is the last page. */
-    next_offset: number | null;
-    /** Total number of entries in the scope (across all pages). */
-    total: number;
-}
-/** Shallow runtime guard for {@link DataListResponse}. */
-export declare function isDataListResponse(value: unknown): value is DataListResponse;
-/** Response for `org-data-get`. */
-export interface DataGetResponse {
-    entry_id: string;
-    /** Hex-encoded raw payload bytes. */
-    payload_hex: string;
-}
-/** Shallow runtime guard for {@link DataGetResponse}. */
-export declare function isDataGetResponse(value: unknown): value is DataGetResponse;
-/**
- * Legacy direct-route org-data envelope shape retained for compatibility.
- *
- * This mirrors the removed `/api/user-contract/execute` body format from
- * the transitional transport. New callers should use `OrgDataClient`,
- * which now dispatches through authenticated `/api/rpc` +
- * `action.execute` instead.
- */
-export interface OrgDataActionWire {
-    nonce: string;
-    user_did: string;
-    authenticator_id: string;
-    contract_id: string;
-    function: string;
-    args_hash: string;
-    expires_at_secs: number;
-    signature: string;
-}

package/dist/src/types/session.d.ts

@@ -1,24 +0,0 @@
-/**
- * Session-related types for T3n SDK
- */
-export interface SessionId {
-    readonly value: string;
-}
-export interface Did {
-    readonly value: string;
-    toString(): string;
-}
-export interface HandshakeResult {
-    readonly sessionId: SessionId;
-    readonly expiry: number;
-    readonly authenticated: boolean;
-    readonly did?: Did;
-}
-/**
- * Simple status enum - mirrors server SessionStatus only
- */
-export declare enum SessionStatus {
-    Init = 0,
-    Encrypted = 1,
-    Authenticated = 2
-}