@zi2/relay-sdk 1.0.0

package/dist/index.d.ts

@@ -0,0 +1,592 @@
+import { E as EncryptionAdapter, B as BroadcastAdapter, L as LoggerAdapter, A as AuditAdapter, a as AuditEntry, D as DatabaseAdapter, S as SmsProviderAdapter, b as SmsSendResponse, F as FallbackConfig, C as ConnectionBroker, P as PhoneRelayRecord, c as CreateRelayInput, d as PhoneRelayPairingRecord, e as CreatePairingInput, R as RelayMessageRecord, f as CreateMessageInput, g as RelaySDKConfig, h as RelaySDK } from './types-CPJUrmcy.js';
+export { M as MessageList, i as PairingCompleteResult, j as PairingResult, k as RelayDetail, l as RelayListItem, m as SendResult } from './types-CPJUrmcy.js';
+import { z } from 'zod';
+import { WebSocket } from 'ws';
+
+declare const RELAY_MESSAGE_TYPES: {
+    readonly AUTH: "auth";
+    readonly SEND_SMS: "send_sms";
+    readonly SMS_ACK: "sms_ack";
+    readonly DELIVERY_RECEIPT: "delivery_receipt";
+    readonly PONG: "pong";
+    readonly STATUS: "status";
+    readonly REKEY: "rekey";
+    readonly REKEY_ACK: "rekey_ack";
+};
+declare const RELAY_STATUS: {
+    readonly ACTIVE: "active";
+    readonly INACTIVE: "inactive";
+    readonly REVOKED: "revoked";
+    readonly DEGRADED: "degraded";
+};
+declare const RELAY_MESSAGE_STATUS: {
+    readonly PENDING: "pending";
+    readonly SENT_TO_DEVICE: "sent_to_device";
+    readonly DELIVERED: "delivered";
+    readonly FAILED: "failed";
+    readonly EXPIRED: "expired";
+};
+declare const RELAY_DELIVERY_STATUS: {
+    readonly SENT: "sent";
+    readonly DELIVERED: "delivered";
+    readonly FAILED: "failed";
+};
+declare const RELAY_PAIRING_STATUS: {
+    readonly PENDING: "pending";
+    readonly COMPLETED: "completed";
+    readonly EXPIRED: "expired";
+};
+declare const RELAY_LIMITS: {
+    readonly AUTH_TIMEOUT_MS: 5000;
+    readonly HEARTBEAT_INTERVAL_MS: 30000;
+    readonly PAIRING_EXPIRY_MINUTES: 5;
+    readonly MESSAGE_EXPIRY_HOURS: 24;
+    readonly QUEUE_DRAIN_DELAY_MS: 3000;
+    readonly DEFAULT_SMS_TIMEOUT_MS: 30000;
+    readonly MAX_SMS_PER_MINUTE: 20;
+    readonly MAX_SMS_PER_HOUR: 200;
+    readonly MAX_SMS_PER_DAY: 1000;
+    readonly DEGRADED_THRESHOLD_MS: number;
+};
+declare const RELAY_PLATFORMS: {
+    readonly ANDROID: "android";
+    readonly IOS: "ios";
+};
+type RelayMessageType = (typeof RELAY_MESSAGE_TYPES)[keyof typeof RELAY_MESSAGE_TYPES];
+type RelayStatus = (typeof RELAY_STATUS)[keyof typeof RELAY_STATUS];
+type RelayMessageStatus = (typeof RELAY_MESSAGE_STATUS)[keyof typeof RELAY_MESSAGE_STATUS];
+type RelayPlatform = (typeof RELAY_PLATFORMS)[keyof typeof RELAY_PLATFORMS];
+
+declare const completePairingSchema: z.ZodObject<{
+    pairingId: z.ZodString;
+    pairingToken: z.ZodString;
+    devicePublicKey: z.ZodString;
+    deviceName: z.ZodString;
+    platform: z.ZodEnum<["android", "ios"]>;
+    phoneNumber: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    deviceName: string;
+    platform: "android" | "ios";
+    devicePublicKey: string;
+    pairingToken: string;
+    pairingId: string;
+    phoneNumber?: string | undefined;
+}, {
+    deviceName: string;
+    platform: "android" | "ios";
+    devicePublicKey: string;
+    pairingToken: string;
+    pairingId: string;
+    phoneNumber?: string | undefined;
+}>;
+declare const updatePhoneRelaySchema: z.ZodObject<{
+    deviceName: z.ZodOptional<z.ZodString>;
+    maxSmsPerMinute: z.ZodOptional<z.ZodNumber>;
+    maxSmsPerHour: z.ZodOptional<z.ZodNumber>;
+    maxSmsPerDay: z.ZodOptional<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    deviceName?: string | undefined;
+    maxSmsPerMinute?: number | undefined;
+    maxSmsPerHour?: number | undefined;
+    maxSmsPerDay?: number | undefined;
+}, {
+    deviceName?: string | undefined;
+    maxSmsPerMinute?: number | undefined;
+    maxSmsPerHour?: number | undefined;
+    maxSmsPerDay?: number | undefined;
+}>;
+declare const testRelaySmsSchema: z.ZodObject<{
+    to: z.ZodString;
+    body: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    to: string;
+    body?: string | undefined;
+}, {
+    to: string;
+    body?: string | undefined;
+}>;
+declare const relayMessagesQuerySchema: z.ZodObject<{
+    limit: z.ZodDefault<z.ZodNumber>;
+    offset: z.ZodDefault<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    limit: number;
+    offset: number;
+}, {
+    limit?: number | undefined;
+    offset?: number | undefined;
+}>;
+type CompletePairingInput = z.infer<typeof completePairingSchema>;
+type UpdatePhoneRelayInput = z.infer<typeof updatePhoneRelaySchema>;
+type TestRelaySmsInput = z.infer<typeof testRelaySmsSchema>;
+
+/**
+ * Structured error class for the Relay SDK.
+ *
+ * PCI DSS v4 Req 6.2.4: Error messages must NOT expose internal system details,
+ * stack traces, database info, or cryptographic implementation details.
+ * All messages are generic and safe for client display.
+ *
+ * SOC 2 CC7.2: Errors are coded for audit trail correlation.
+ */
+declare class RelayError extends Error {
+    code: string;
+    statusCode: number;
+    i18nKey?: string | undefined;
+    constructor(code: string, statusCode: number, message: string, i18nKey?: string | undefined);
+    /** Safe serialization that never leaks stack traces to clients */
+    toJSON(): {
+        error: {
+            code: string;
+            message: string;
+            i18nKey: string | undefined;
+        };
+    };
+}
+declare const RELAY_ERRORS: {
+    readonly RELAY_NOT_FOUND: {
+        readonly code: "RELAY_NOT_FOUND";
+        readonly status: 404;
+        readonly message: "Relay device not found";
+        readonly i18nKey: "errors.relayNotFound";
+    };
+    readonly RELAY_INACTIVE: {
+        readonly code: "RELAY_INACTIVE";
+        readonly status: 409;
+        readonly message: "Relay is not active";
+        readonly i18nKey: "errors.relayInactive";
+    };
+    readonly RELAY_OFFLINE: {
+        readonly code: "RELAY_OFFLINE";
+        readonly status: 503;
+        readonly message: "Relay device is offline";
+        readonly i18nKey: "errors.relayOffline";
+    };
+    readonly PAIRING_NOT_FOUND: {
+        readonly code: "PAIRING_NOT_FOUND";
+        readonly status: 404;
+        readonly message: "Pairing session not found";
+        readonly i18nKey: "errors.pairingNotFound";
+    };
+    readonly PAIRING_EXPIRED: {
+        readonly code: "PAIRING_EXPIRED";
+        readonly status: 410;
+        readonly message: "Pairing session has expired";
+        readonly i18nKey: "errors.pairingExpired";
+    };
+    readonly PAIRING_INVALID_TOKEN: {
+        readonly code: "PAIRING_INVALID_TOKEN";
+        readonly status: 403;
+        readonly message: "Invalid pairing token";
+        readonly i18nKey: "errors.pairingInvalidToken";
+    };
+    readonly AUTH_TIMEOUT: {
+        readonly code: "AUTH_TIMEOUT";
+        readonly status: 408;
+        readonly message: "WebSocket authentication timeout";
+        readonly i18nKey: "errors.authTimeout";
+    };
+    readonly AUTH_FAILED: {
+        readonly code: "AUTH_FAILED";
+        readonly status: 401;
+        readonly message: "Invalid relay credentials";
+        readonly i18nKey: "errors.authFailed";
+    };
+    readonly RATE_LIMITED: {
+        readonly code: "RATE_LIMITED";
+        readonly status: 429;
+        readonly message: "Rate limit exceeded";
+        readonly i18nKey: "errors.rateLimited";
+    };
+    readonly ENCRYPTION_FAILED: {
+        readonly code: "ENCRYPTION_FAILED";
+        readonly status: 500;
+        readonly message: "Encryption operation failed";
+        readonly i18nKey: "errors.encryptionFailed";
+    };
+    readonly REKEY_FAILED: {
+        readonly code: "REKEY_FAILED";
+        readonly status: 500;
+        readonly message: "Key rotation failed";
+        readonly i18nKey: "errors.rekeyFailed";
+    };
+    readonly SMS_SEND_FAILED: {
+        readonly code: "SMS_SEND_FAILED";
+        readonly status: 502;
+        readonly message: "SMS delivery failed";
+        readonly i18nKey: "errors.smsSendFailed";
+    };
+    readonly SMS_TIMEOUT: {
+        readonly code: "SMS_TIMEOUT";
+        readonly status: 504;
+        readonly message: "SMS acknowledgement timeout";
+        readonly i18nKey: "errors.smsTimeout";
+    };
+};
+declare const RELAY_ERRORS_EXTENDED: {
+    readonly AUTH_LOCKED: {
+        readonly code: "AUTH_LOCKED";
+        readonly status: 423;
+        readonly message: "Too many failed attempts. Try again later.";
+        readonly i18nKey: "errors.authLocked";
+    };
+    readonly TLS_REQUIRED: {
+        readonly code: "TLS_REQUIRED";
+        readonly status: 426;
+        readonly message: "TLS/SSL connection required";
+        readonly i18nKey: "errors.tlsRequired";
+    };
+    readonly ORG_MISMATCH: {
+        readonly code: "ORG_MISMATCH";
+        readonly status: 403;
+        readonly message: "Organization access denied";
+        readonly i18nKey: "errors.orgMismatch";
+    };
+    readonly RELAY_NOT_FOUND: {
+        readonly code: "RELAY_NOT_FOUND";
+        readonly status: 404;
+        readonly message: "Relay device not found";
+        readonly i18nKey: "errors.relayNotFound";
+    };
+    readonly RELAY_INACTIVE: {
+        readonly code: "RELAY_INACTIVE";
+        readonly status: 409;
+        readonly message: "Relay is not active";
+        readonly i18nKey: "errors.relayInactive";
+    };
+    readonly RELAY_OFFLINE: {
+        readonly code: "RELAY_OFFLINE";
+        readonly status: 503;
+        readonly message: "Relay device is offline";
+        readonly i18nKey: "errors.relayOffline";
+    };
+    readonly PAIRING_NOT_FOUND: {
+        readonly code: "PAIRING_NOT_FOUND";
+        readonly status: 404;
+        readonly message: "Pairing session not found";
+        readonly i18nKey: "errors.pairingNotFound";
+    };
+    readonly PAIRING_EXPIRED: {
+        readonly code: "PAIRING_EXPIRED";
+        readonly status: 410;
+        readonly message: "Pairing session has expired";
+        readonly i18nKey: "errors.pairingExpired";
+    };
+    readonly PAIRING_INVALID_TOKEN: {
+        readonly code: "PAIRING_INVALID_TOKEN";
+        readonly status: 403;
+        readonly message: "Invalid pairing token";
+        readonly i18nKey: "errors.pairingInvalidToken";
+    };
+    readonly AUTH_TIMEOUT: {
+        readonly code: "AUTH_TIMEOUT";
+        readonly status: 408;
+        readonly message: "WebSocket authentication timeout";
+        readonly i18nKey: "errors.authTimeout";
+    };
+    readonly AUTH_FAILED: {
+        readonly code: "AUTH_FAILED";
+        readonly status: 401;
+        readonly message: "Invalid relay credentials";
+        readonly i18nKey: "errors.authFailed";
+    };
+    readonly RATE_LIMITED: {
+        readonly code: "RATE_LIMITED";
+        readonly status: 429;
+        readonly message: "Rate limit exceeded";
+        readonly i18nKey: "errors.rateLimited";
+    };
+    readonly ENCRYPTION_FAILED: {
+        readonly code: "ENCRYPTION_FAILED";
+        readonly status: 500;
+        readonly message: "Encryption operation failed";
+        readonly i18nKey: "errors.encryptionFailed";
+    };
+    readonly REKEY_FAILED: {
+        readonly code: "REKEY_FAILED";
+        readonly status: 500;
+        readonly message: "Key rotation failed";
+        readonly i18nKey: "errors.rekeyFailed";
+    };
+    readonly SMS_SEND_FAILED: {
+        readonly code: "SMS_SEND_FAILED";
+        readonly status: 502;
+        readonly message: "SMS delivery failed";
+        readonly i18nKey: "errors.smsSendFailed";
+    };
+    readonly SMS_TIMEOUT: {
+        readonly code: "SMS_TIMEOUT";
+        readonly status: 504;
+        readonly message: "SMS acknowledgement timeout";
+        readonly i18nKey: "errors.smsTimeout";
+    };
+};
+declare function createRelayError(key: keyof typeof RELAY_ERRORS): RelayError;
+
+/**
+ * AES-256-GCM encryption adapter.
+ *
+ * PCI DSS v4 compliance:
+ * - Req 3.5.1: Key material validated at construction
+ * - Req 3.4.1: No plaintext fallback in strict mode (default)
+ * - Req 3.7.1: Key must be 256-bit (32 bytes / 64 hex chars)
+ *
+ * SOC 2 CC6.1: Authenticated encryption prevents tampering
+ */
+declare class AesGcmEncryption implements EncryptionAdapter {
+    private keyBuffer;
+    private allowPlaintextFallback;
+    /**
+     * @param key 64-char hex string OR 32-byte Buffer for AES-256
+     * @param options.allowPlaintextFallback Allow decrypting legacy unencrypted values.
+     *   Set to false (default) for PCI DSS v4 compliance. Set to true only during migration.
+     */
+    constructor(key: string | Buffer, options?: {
+        allowPlaintextFallback?: boolean;
+    });
+    encrypt(plaintext: string): string;
+    decrypt(ciphertext: string): string;
+    /**
+     * Securely destroy the key material (PCI DSS v4 Req 3.5.1).
+     * Call when the SDK instance is being shut down.
+     */
+    destroy(): void;
+}
+
+declare class NoopBroadcast implements BroadcastAdapter {
+    broadcast(_orgId: string, _message: Record<string, unknown>): void;
+}
+
+declare class ConsoleLogger implements LoggerAdapter {
+    debug(msg: string, data?: Record<string, unknown>): void;
+    info(msg: string, data?: Record<string, unknown>): void;
+    warn(msg: string, data?: Record<string, unknown>): void;
+    error(msg: string, data?: Record<string, unknown>): void;
+}
+/** Utility for SDK consumers to wrap their own logger with redaction */
+declare function withRedaction(logger: LoggerAdapter): LoggerAdapter;
+
+/**
+ * No-op audit adapter. Replace with a real implementation for
+ * PCI DSS v4 Req 10 / SOC 2 CC7.2 compliance.
+ *
+ * A compliant implementation must:
+ * - Write audit entries to tamper-evident storage (append-only log, WORM, or SIEM)
+ * - Retain entries for at least 12 months (PCI DSS v4 Req 10.7.1)
+ * - Include timestamp, user, action, resource, and outcome
+ * - Be protected from unauthorized modification (SOC 2 CC7.2)
+ */
+declare class NoopAudit implements AuditAdapter {
+    log(_entry: AuditEntry): Promise<void>;
+}
+/**
+ * Console audit adapter for development/testing.
+ * NOT suitable for production compliance — logs to stdout which is ephemeral.
+ */
+declare class ConsoleAudit implements AuditAdapter {
+    log(entry: AuditEntry): Promise<void>;
+}
+
+/**
+ * IP-based authentication failure rate limiter.
+ *
+ * PCI DSS v4 Req 8.3.4: Lock out after N failed attempts.
+ * SOC 2 CC6.1: Protect against brute-force attacks.
+ *
+ * Tracks failed auth attempts per IP with automatic expiry.
+ */
+declare class AuthLimiter {
+    private attempts;
+    private maxFailures;
+    private windowMs;
+    private lockoutMs;
+    private cleanupInterval;
+    /**
+     * @param maxFailures Max auth failures before lockout (default: 10)
+     * @param windowMs Time window for counting failures in ms (default: 15 min)
+     * @param lockoutMs Duration of lockout after max failures (default: 30 min)
+     */
+    constructor(maxFailures?: number, windowMs?: number, lockoutMs?: number);
+    /** Returns true if the IP is currently locked out */
+    isLocked(ip: string): boolean;
+    /** Record a failed auth attempt. Returns remaining attempts before lockout. */
+    recordFailure(ip: string): number;
+    /** Clear failure count for an IP after successful auth */
+    recordSuccess(ip: string): void;
+    /** Get remaining lockout time in seconds (0 if not locked) */
+    getLockoutRemaining(ip: string): number;
+    private cleanup;
+    destroy(): void;
+}
+
+interface RelayEvents {
+    'relay:online': (relayId: string, orgId: string) => void;
+    'relay:offline': (relayId: string, orgId: string) => void;
+    'message:delivered': (messageId: string, relayId: string) => void;
+    'message:failed': (messageId: string, relayId: string, error: string) => void;
+    'message:ack': (messageId: string, status: string) => void;
+}
+declare class RelayEventEmitter {
+    private emitter;
+    constructor();
+    on<K extends keyof RelayEvents>(event: K, listener: RelayEvents[K]): () => void;
+    once<K extends keyof RelayEvents>(event: K, listener: RelayEvents[K]): void;
+    emit<K extends keyof RelayEvents>(event: K, ...args: Parameters<RelayEvents[K]>): void;
+    removeAllListeners(event?: keyof RelayEvents): void;
+}
+
+interface QueueServiceDeps {
+    db: DatabaseAdapter;
+    encryption: EncryptionAdapter;
+    logger: LoggerAdapter;
+    events: RelayEventEmitter;
+    limits: typeof RELAY_LIMITS;
+}
+declare function createQueueService(deps: QueueServiceDeps): {
+    enqueueAndWait: (options: {
+        relayId: string;
+        orgId: string;
+        to: string;
+        body: string;
+        timeoutMs?: number;
+    }) => Promise<{
+        messageId: string;
+        status: string;
+    }>;
+    handleAck: (messageId: string, status: string, nativeMessageId?: string, errorMessage?: string) => Promise<void>;
+    handleDeliveryReceipt: (messageId: string, deliveryStatus: string) => Promise<void>;
+    drainQueue: (relayId: string) => Promise<void>;
+};
+type QueueService = ReturnType<typeof createQueueService>;
+
+declare class PhoneRelayProvider implements SmsProviderAdapter {
+    readonly name = "phone-relay";
+    private relayId;
+    private orgId;
+    private queue;
+    constructor(queue: QueueService);
+    initialize(credentials: Record<string, string>): void;
+    sendSms(to: string, body: string): Promise<SmsSendResponse>;
+    validateCredentials(credentials: Record<string, string>): Promise<boolean>;
+}
+
+declare class FallbackProvider implements SmsProviderAdapter {
+    readonly name = "relay-fallback";
+    private config;
+    constructor(config: FallbackConfig);
+    initialize(_credentials: Record<string, string>): void;
+    sendSms(to: string, body: string): Promise<SmsSendResponse>;
+    validateCredentials(_credentials: Record<string, string>): Promise<boolean>;
+}
+
+declare function getRelaySocket(relayId: string): WebSocket | undefined;
+declare function isRelayOnline(relayId: string): boolean;
+
+/**
+ * Redis-based ConnectionBroker for horizontal scaling.
+ *
+ * When running multiple API servers behind a load balancer, each server
+ * holds a subset of WebSocket connections. The Redis broker ensures SMS
+ * messages reach the correct server via pub/sub.
+ *
+ * Requires `ioredis` as a peer dependency (not bundled).
+ *
+ * @example
+ * ```typescript
+ * import Redis from 'ioredis';
+ * import { RedisBroker } from '@zi2/relay-sdk';
+ *
+ * const pub = new Redis(process.env.REDIS_URL);
+ * const sub = new Redis(process.env.REDIS_URL);
+ * const broker = new RedisBroker(pub, sub);
+ * ```
+ */
+
+declare class RedisBroker implements ConnectionBroker {
+    private pub;
+    private sub;
+    private handlers;
+    private prefix;
+    constructor(pubClient: any, subClient: any, options?: {
+        prefix?: string;
+    });
+    publish(channel: string, message: string): Promise<void>;
+    subscribe(channel: string, handler: (message: string) => void): Promise<void>;
+    unsubscribe(channel: string): Promise<void>;
+    destroy(): Promise<void>;
+}
+
+declare class MemoryAdapter implements DatabaseAdapter {
+    private relays;
+    private pairings;
+    private messages;
+    findRelay(id: string, orgId?: string): Promise<PhoneRelayRecord | null>;
+    findRelayByTokenHash(id: string, tokenHash: string, statuses: string[]): Promise<PhoneRelayRecord | null>;
+    findRelays(orgId: string, excludeStatus?: string): Promise<PhoneRelayRecord[]>;
+    createRelay(data: CreateRelayInput): Promise<PhoneRelayRecord>;
+    updateRelay(id: string, data: Partial<PhoneRelayRecord>): Promise<void>;
+    updateRelayByOrg(id: string, orgId: string, data: Partial<PhoneRelayRecord>): Promise<void>;
+    deleteRelay(id: string): Promise<void>;
+    incrementRelayStat(id: string, field: 'totalSmsSent' | 'totalSmsFailed' | 'dailySmsSent', amount?: number): Promise<void>;
+    countRelays(orgId: string): Promise<number>;
+    markDegradedRelays(threshold: Date): Promise<number>;
+    resetDailyCounters(): Promise<number>;
+    findPairing(id: string): Promise<PhoneRelayPairingRecord | null>;
+    createPairing(data: CreatePairingInput): Promise<PhoneRelayPairingRecord>;
+    updatePairingStatus(id: string, status: string): Promise<void>;
+    deleteExpiredPairings(): Promise<number>;
+    findMessage(id: string): Promise<RelayMessageRecord | null>;
+    createMessage(data: CreateMessageInput): Promise<RelayMessageRecord>;
+    updateMessage(id: string, data: Partial<RelayMessageRecord>): Promise<void>;
+    findPendingMessages(relayId: string, limit: number): Promise<RelayMessageRecord[]>;
+    findMessages(relayId: string, limit: number, offset: number): Promise<{
+        messages: RelayMessageRecord[];
+        total: number;
+    }>;
+    deleteMessagesByRelay(relayId: string): Promise<number>;
+    expireStaleMessages(): Promise<number>;
+    createMessages(batch: CreateMessageInput[]): Promise<RelayMessageRecord[]>;
+    updateMessages(ids: string[], data: Partial<RelayMessageRecord>): Promise<number>;
+    clear(): void;
+}
+
+declare function getTranslation(locale: string, key: string): string;
+declare function getSupportedLocales(): string[];
+declare function getRelayTranslations(locale: string): Record<string, string>;
+
+declare function generateX25519KeyPair(): {
+    publicKey: string;
+    privateKey: string;
+};
+declare function deriveSharedKey(privateKeyHex: string, publicKeyHex: string): Buffer;
+declare function encryptE2E(plaintext: string, sharedKey: Buffer): string;
+declare function decryptE2E(ciphertext: string, sharedKey: Buffer): string;
+
+declare function hashToken(token: string): string;
+declare function generateSecureToken(bytes?: number): string;
+declare function timingSafeCompare(a: string, b: string): boolean;
+
+/**
+ * @zi2/relay-sdk — Standalone SMS Relay SDK
+ *
+ * Enterprise-grade SMS relay system with E2E encryption, WebSocket device management,
+ * database adapter pattern, provider fallback, and i18n support.
+ *
+ * @example
+ * ```typescript
+ * import { createRelay, AesGcmEncryption } from '@zi2/relay-sdk';
+ * import { PrismaAdapter } from '@zi2/relay-sdk/adapters/prisma';
+ *
+ * const sdk = createRelay({
+ *   db: new PrismaAdapter(prisma),
+ *   encryption: new AesGcmEncryption(process.env.ENCRYPTION_KEY!),
+ *   apiUrl: 'https://api.example.com',
+ * });
+ *
+ * // Send SMS through a paired relay device
+ * const result = await sdk.sendSMS({ relayId, orgId, to: '+1234567890', body: 'Hello' });
+ * ```
+ */
+
+declare function createRelay(config: RelaySDKConfig): RelaySDK;
+
+export { AesGcmEncryption, AuditAdapter, AuditEntry, AuthLimiter, BroadcastAdapter, type CompletePairingInput, ConnectionBroker, ConsoleAudit, ConsoleLogger, CreateMessageInput, CreatePairingInput, CreateRelayInput, DatabaseAdapter, EncryptionAdapter, FallbackConfig, FallbackProvider, LoggerAdapter, MemoryAdapter, NoopAudit, NoopBroadcast, PhoneRelayPairingRecord, PhoneRelayProvider, PhoneRelayRecord, RELAY_DELIVERY_STATUS, RELAY_ERRORS, RELAY_ERRORS_EXTENDED, RELAY_LIMITS, RELAY_MESSAGE_STATUS, RELAY_MESSAGE_TYPES, RELAY_PAIRING_STATUS, RELAY_PLATFORMS, RELAY_STATUS, RedisBroker, RelayError, RelayMessageRecord, type RelayMessageStatus, type RelayMessageType, type RelayPlatform, RelaySDK, RelaySDKConfig, type RelayStatus, SmsProviderAdapter, SmsSendResponse, type TestRelaySmsInput, type UpdatePhoneRelayInput, completePairingSchema, createRelay, createRelayError, decryptE2E, deriveSharedKey, encryptE2E, generateSecureToken, generateX25519KeyPair, getRelaySocket, getRelayTranslations, getSupportedLocales, getTranslation, hashToken, isRelayOnline, relayMessagesQuerySchema, testRelaySmsSchema, timingSafeCompare, updatePhoneRelaySchema, withRedaction };