lane-sdk 0.1.0

package/dist/index.d.cts

@@ -0,0 +1,1985 @@
+import { EventEmitter } from 'node:events';
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+
+/** Configuration accepted by the Lane constructor. */
+interface LaneConfig {
+    /** SDK API key (`lane_sk_...` or `lane_sk_test_...`). */
+    apiKey?: string;
+    /** Override the Lane API base URL. */
+    baseUrl?: string;
+    /** Force test mode regardless of key prefix. */
+    testMode?: boolean;
+    /** Request timeout in milliseconds (default 30 000). */
+    timeout?: number;
+    /** Max automatic retries on transient failures (default 2). */
+    maxRetries?: number;
+    /** Circuit breaker configuration. */
+    circuitBreaker?: {
+        /** Number of consecutive failures before opening the circuit (default 3). */
+        failureThreshold?: number;
+        /** Time in ms before attempting to close the circuit (default 30000). */
+        resetTimeoutMs?: number;
+    };
+    /** Custom token store implementation. */
+    tokenStore?: TokenStore;
+}
+/** Resolved, immutable configuration used internally. */
+interface ResolvedConfig {
+    readonly apiKey: string;
+    readonly baseUrl: string;
+    readonly testMode: boolean;
+    readonly timeout: number;
+    readonly maxRetries: number;
+    readonly circuitBreaker?: {
+        readonly failureThreshold: number;
+        readonly resetTimeoutMs: number;
+    };
+}
+interface Credentials {
+    apiKey: string;
+    refreshToken?: string;
+    expiresAt?: string;
+    developerId?: string;
+    environment?: 'live' | 'test';
+}
+interface DeveloperProfile {
+    id: string;
+    email: string;
+    plan: string;
+    memberSince: string;
+}
+interface RotateKeyResult {
+    apiKey: string;
+    expiresOldKeyAt: string;
+}
+interface Wallet {
+    id: string;
+    developerId: string;
+    userId?: string;
+    createdAt: string;
+}
+interface CreateWalletParams {
+    userId?: string;
+    idempotencyKey?: string;
+}
+interface Card {
+    id: string;
+    last4: string;
+    brand: string;
+    status: 'active' | 'inactive';
+    isDefault: boolean;
+    createdAt: string;
+}
+interface AgenticToken {
+    id: string;
+    walletId: string;
+    amount: number;
+    currency: string;
+    merchant: string;
+    permissions: string[];
+    status: 'active' | 'used' | 'expired' | 'revoked';
+    expiresAt: string;
+    createdAt: string;
+}
+interface CreateTokenParams {
+    walletId: string;
+    amount: number;
+    currency?: string;
+    merchant?: string;
+    expiresIn?: string;
+    permissions?: string[];
+    idempotencyKey?: string;
+}
+interface ExecutePaymentParams {
+    tokenId?: string;
+    recipient: string;
+    amount: number;
+    currency?: string;
+    description?: string;
+    idempotencyKey?: string;
+}
+interface Transaction {
+    id: string;
+    amount: number;
+    currency: string;
+    recipient: string;
+    description?: string;
+    status: 'success' | 'denied' | 'pending' | 'refunded';
+    receiptUrl?: string;
+    testMode: boolean;
+    createdAt: string;
+}
+interface RefundParams {
+    transactionId: string;
+    amount?: number;
+    reason?: string;
+    idempotencyKey?: string;
+}
+interface Refund {
+    id: string;
+    transactionId: string;
+    amount: number;
+    reason?: string;
+    status: 'initiated' | 'under_review' | 'resolved';
+    createdAt: string;
+}
+interface Product {
+    id: string;
+    name: string;
+    description?: string;
+    type: 'skill' | 'api' | 'saas' | 'opensource';
+    pricing: PricingConfig;
+    sellerId: string;
+    rating?: number;
+    createdAt: string;
+}
+interface PricingConfig {
+    model: 'fixed' | 'subscription' | 'consumption';
+    price?: number;
+    monthlyPrice?: number;
+    pricePerCall?: number;
+    currency: string;
+}
+interface ProductSearchParams {
+    query: string;
+    type?: Product['type'];
+    limit?: number;
+    offset?: number;
+}
+interface CheckoutSession {
+    id: string;
+    productId: string;
+    walletId: string;
+    quantity: number;
+    status: 'pending' | 'completed' | 'cancelled';
+    orderId?: string;
+    createdAt: string;
+}
+interface CreateCheckoutParams {
+    productId: string;
+    walletId: string;
+    quantity?: number;
+    idempotencyKey?: string;
+}
+interface Order {
+    id: string;
+    checkoutSessionId: string;
+    productId: string;
+    amount: number;
+    currency: string;
+    status: 'completed' | 'refunded';
+    apiKey?: string;
+    endpoint?: string;
+    createdAt: string;
+}
+interface CreateProductParams {
+    name: string;
+    type: Product['type'];
+    endpoint?: string;
+    mcpEndpoint?: string;
+    pricing: PricingConfig;
+    description?: string;
+    auth?: {
+        type: 'api_key' | 'oauth' | 'none';
+    };
+    idempotencyKey?: string;
+}
+interface ProductAnalytics {
+    revenue: number;
+    transactions: number;
+    uniqueAgents: number;
+    topBuyers: {
+        agentId: string;
+        spent: number;
+    }[];
+    avgCallsPerDay: number;
+}
+interface AnalyticsParams {
+    productId: string;
+    period: string;
+}
+interface BudgetConfig {
+    dailyLimit?: number;
+    weeklyLimit?: number;
+    monthlyLimit?: number;
+    perTaskLimit?: number;
+    confirmationThreshold?: number;
+    merchantAllowlist?: string[];
+    merchantBlocklist?: string[];
+}
+interface SpendingSummary {
+    total: number;
+    currency: string;
+    teams?: TeamSpending[];
+    topMerchants: string[];
+    alerts: string[];
+}
+interface TeamSpending {
+    name: string;
+    spent: number;
+    budget: number;
+    status: 'ok' | 'warning' | 'over';
+}
+interface TeamMember {
+    id: string;
+    email: string;
+    role: 'admin' | 'developer' | 'viewer';
+    teamId?: string;
+    createdAt: string;
+}
+type WebhookEvent = 'transaction.completed' | 'transaction.denied' | 'transaction.refunded' | 'transaction.pending_approval' | 'budget.exceeded' | 'budget.warning' | 'card.added' | 'card.removed' | 'agent.connected' | 'agent.disconnected' | 'key.rotated' | 'product.purchased' | 'payout.sent';
+interface WebhookConfig {
+    id?: string;
+    url: string;
+    events: (WebhookEvent | `${string}.*`)[];
+    secret?: string;
+}
+interface WebhookPayload {
+    id: string;
+    event: WebhookEvent;
+    data: Record<string, unknown>;
+    createdAt: string;
+    testMode: boolean;
+}
+interface RequestOptions {
+    method: 'GET' | 'POST' | 'PUT' | 'DELETE';
+    path: string;
+    body?: Record<string, unknown>;
+    query?: Record<string, string | number | boolean | undefined>;
+    idempotencyKey?: string;
+    timeout?: number;
+}
+interface APIResponse<T> {
+    data: T;
+    requestId: string;
+    testMode: boolean;
+    rateLimitRemaining?: number;
+    rateLimitLimit?: number;
+    rateLimitReset?: number;
+}
+interface PaginatedResponse<T> {
+    data: T[];
+    total: number;
+    limit: number;
+    offset: number;
+    requestId: string;
+}
+interface TokenStore {
+    read(): Promise<Credentials | null>;
+    write(credentials: Credentials): Promise<void>;
+    clear(): Promise<void>;
+}
+interface Merchant {
+    id: string;
+    name: string;
+    slug: string;
+    description?: string;
+    categories: string[];
+    supportedPaymentMethods: string[];
+}
+/** Visa network token — issued by VIC, used for merchant-agnostic payments. */
+interface VICToken {
+    id: string;
+    walletId: string;
+    networkTokenId: string;
+    last4: string;
+    brand: 'visa';
+    status: 'active' | 'suspended' | 'expired' | 'revoked';
+    expiresAt: string;
+    createdAt: string;
+}
+/** Parameters to issue a VIC agentic token. */
+interface VICIssuanceParams {
+    walletId: string;
+    cardId: string;
+    /** Max single-transaction amount in cents. */
+    maxTransactionAmount?: number;
+    /** Merchant category codes (MCCs) the token is restricted to. */
+    allowedMCCs?: string[];
+    /** Expiry duration (e.g., '24h', '7d'). */
+    expiresIn?: string;
+    idempotencyKey?: string;
+}
+/** A Visa network token with associated cryptogram for a single transaction. */
+interface NetworkTokenPayload {
+    /** Visa-provisioned token number (DPAN). */
+    tokenNumber: string;
+    /** Transaction-specific cryptogram. */
+    cryptogram: string;
+    /** Electronic Commerce Indicator. */
+    eci: string;
+    expMonth: number;
+    expYear: number;
+}
+/** Payment route used by the routing engine. */
+type PaymentRoute = 'billing_api' | 'acp' | 'vic' | 'fallback';
+/** Result from the payment routing engine. */
+interface RoutingDecision {
+    route: PaymentRoute;
+    merchantId: string;
+    /** Why this route was chosen. */
+    reason: string;
+    /** Fallback routes if primary fails. */
+    fallbacks: PaymentRoute[];
+}
+interface UsageRecord {
+    id: string;
+    productId: string;
+    buyerId: string;
+    /** Number of units consumed (API calls, tokens, etc.). */
+    quantity: number;
+    /** Unit type for billing. */
+    unit: string;
+    timestamp: string;
+}
+interface MeteringConfig {
+    /** Billing period: 'hourly' | 'daily' | 'monthly'. */
+    period: 'hourly' | 'daily' | 'monthly';
+    /** Price per unit in cents. */
+    pricePerUnit: number;
+    /** Currency code. */
+    currency: string;
+    /** Free tier units per period. */
+    freeUnits?: number;
+    /** Hard cap on units per period. */
+    maxUnits?: number;
+}
+interface UsageReport {
+    productId: string;
+    period: string;
+    totalUnits: number;
+    totalRevenue: number;
+    uniqueBuyers: number;
+    breakdown: {
+        date: string;
+        units: number;
+        revenue: number;
+    }[];
+}
+interface PayoutConfig {
+    id: string;
+    sellerId: string;
+    destination: 'bank_account' | 'stripe_connect';
+    destinationId: string;
+    schedule: 'daily' | 'weekly' | 'monthly';
+    currency: string;
+    minimumPayout: number;
+}
+interface Payout {
+    id: string;
+    sellerId: string;
+    amount: number;
+    currency: string;
+    status: 'pending' | 'processing' | 'completed' | 'failed';
+    periodStart: string;
+    periodEnd: string;
+    createdAt: string;
+}
+/** Organization-level entity that owns teams and developers. */
+interface Organization {
+    id: string;
+    name: string;
+    plan: 'free' | 'pro' | 'team' | 'enterprise';
+    createdAt: string;
+}
+/** Team within an organization. */
+interface Team {
+    id: string;
+    orgId: string;
+    name: string;
+    budget?: BudgetConfig;
+    memberCount: number;
+    createdAt: string;
+}
+interface CreateTeamParams {
+    name: string;
+    budget?: BudgetConfig;
+}
+/** Registered agent in a fleet. */
+interface AgentRecord {
+    id: string;
+    developerId: string;
+    name: string;
+    type: string;
+    status: 'active' | 'suspended' | 'revoked';
+    walletId?: string;
+    policy?: AgentPolicy;
+    lastSeenAt?: string;
+    createdAt: string;
+}
+/** Policy governing what an agent can do. */
+interface AgentPolicy {
+    /** Budget limits specific to this agent. */
+    budget?: BudgetConfig;
+    /** Allowed merchant categories. */
+    allowedMCCs?: string[];
+    /** Max single transaction amount in cents. */
+    maxTransactionAmount?: number;
+    /** Whether the agent can initiate refunds. */
+    canRefund?: boolean;
+    /** Whether the agent can discover new products. */
+    canDiscover?: boolean;
+    /** Require human approval above this amount in cents. */
+    approvalThreshold?: number;
+}
+interface RegisterAgentParams {
+    name: string;
+    type: string;
+    walletId?: string;
+    policy?: AgentPolicy;
+}
+/** Hierarchical budget that cascades: Org > Team > Developer > Agent. */
+interface HierarchicalBudget {
+    orgBudget?: BudgetConfig;
+    teamBudget?: BudgetConfig;
+    developerBudget?: BudgetConfig;
+    agentBudget?: BudgetConfig;
+    /** The effective limit is the minimum across all levels. */
+    effectiveLimits: BudgetConfig;
+}
+/** Audit log entry. */
+interface AuditEntry {
+    id: string;
+    timestamp: string;
+    action: string;
+    actorType: 'developer' | 'agent' | 'system';
+    actorId: string;
+    resource: string;
+    resourceId: string;
+    details: Record<string, unknown>;
+    requestId: string;
+    ipAddress?: string;
+}
+interface AuditQueryParams {
+    startDate?: string;
+    endDate?: string;
+    actorType?: AuditEntry['actorType'];
+    actorId?: string;
+    action?: string;
+    resource?: string;
+    limit?: number;
+    offset?: number;
+}
+/** Lane-issued agent identity credential. */
+interface AgentIdentity {
+    id: string;
+    agentId: string;
+    developerId: string;
+    /** Verified identity chain. */
+    kycChain: KYCChain;
+    /** Lane-issued attestation. */
+    attestation: IdentityAttestation;
+    status: 'pending' | 'verified' | 'suspended' | 'revoked';
+    createdAt: string;
+    verifiedAt?: string;
+}
+/** KYC verification chain: Human -> Lane -> Agent -> Transaction. */
+interface KYCChain {
+    /** Developer identity verification status. */
+    humanVerified: boolean;
+    /** Lane platform verification. */
+    laneVerified: boolean;
+    /** Agent registration and policy binding. */
+    agentBound: boolean;
+    /** Transaction-level verification via cryptographic attestation. */
+    transactionSigned: boolean;
+}
+/** Cryptographic attestation issued by Lane for an agent. */
+interface IdentityAttestation {
+    /** Base64-encoded attestation document. */
+    document: string;
+    /** Signature over the attestation. */
+    signature: string;
+    /** Public key fingerprint of the signing key. */
+    keyFingerprint: string;
+    /** ISO 8601 expiry. */
+    expiresAt: string;
+}
+interface RegisterIdentityParams {
+    agentId: string;
+    /** Agent capabilities declaration. */
+    capabilities?: string[];
+    /** Agent's intended use description. */
+    purpose?: string;
+}
+interface VerifyIdentityParams {
+    identityId: string;
+    /** Developer verification code (from email/SMS). */
+    verificationCode: string;
+}
+interface SCPManifest {
+    scp_version: string;
+    product: SCPProduct;
+    plans: SCPPlan[];
+    provisioning: SCPProvisioning;
+    selection_parameters?: SCPSelectionParameters;
+}
+interface SCPProduct {
+    id: string;
+    name: string;
+    vendor: string;
+    type: 'api' | 'saas' | 'skill' | 'oss_tool';
+    description: string;
+    documentation_url?: string;
+    category: string[];
+}
+interface SCPPlan {
+    id: string;
+    name: string;
+    pricing: SCPPricing;
+    limits?: Record<string, string | number>;
+    features: string[];
+}
+interface SCPPricing {
+    model: 'fixed' | 'subscription' | 'consumption';
+    amount?: number;
+    monthly?: number;
+    yearly?: number;
+    per_unit?: number;
+    unit_name?: string;
+    currency: string;
+}
+interface SCPProvisioning {
+    method: 'instant' | 'webhook' | 'proxied';
+    credentials_type?: 'api_key' | 'oauth' | 'bearer_token';
+    env_var_name?: string;
+    sdk_package?: string;
+    sdk_install?: string;
+    quickstart_code?: string;
+}
+interface SCPSelectionParameters {
+    required: string[];
+    optional?: SCPParameter[];
+}
+interface SCPParameter {
+    name: string;
+    type: string;
+    description: string;
+}
+interface Subscription {
+    id: string;
+    walletId: string;
+    productId: string;
+    plan: string;
+    status: 'active' | 'paused' | 'canceled' | 'past_due' | 'trialing';
+    accessToken?: string;
+    currentPeriodStart: string;
+    currentPeriodEnd: string;
+    canceledAt?: string;
+    createdAt: string;
+}
+interface CreateSubscriptionParams {
+    productId: string;
+    plan: string;
+    parameters?: Record<string, string>;
+    paymentSource: 'wallet';
+}
+interface UpdateSubscriptionParams {
+    plan?: string;
+    parameters?: Record<string, string>;
+}
+interface CredentialInjection {
+    type: 'api_key' | 'oauth' | 'bearer_token';
+    value: string;
+    envVar: string;
+    expiresAt?: string;
+}
+interface SDKInfo {
+    package: string;
+    install: string;
+    quickstart: string;
+}
+interface SoftwareCheckoutParams extends CreateCheckoutParams {
+    plan?: string;
+    parameters?: Record<string, string>;
+}
+interface SoftwareOrder extends Order {
+    credentials?: CredentialInjection;
+    sdk?: SDKInfo;
+    subscription?: {
+        plan: string;
+        billingPeriod: 'monthly' | 'yearly';
+        nextCharge: string;
+        amount: number;
+    };
+}
+interface SoftwareProductSearchParams extends Omit<ProductSearchParams, 'type'> {
+    type?: 'ecommerce' | 'software' | 'skill' | 'oss';
+    pricingModel?: 'fixed' | 'subscription' | 'consumption';
+}
+interface DepositParams {
+    amount: number;
+    idempotencyKey?: string;
+}
+interface DepositResult {
+    walletId: string;
+    amount: number;
+    newBalance: number;
+    transactionId: string;
+    currency: string;
+}
+interface AutoReloadConfig {
+    enabled: boolean;
+    threshold: number;
+    amount: number;
+}
+interface CardAttributes {
+    last4: string;
+    brand: string;
+    type: 'credit' | 'debit' | 'prepaid';
+    country: string;
+    isVirtual: boolean;
+}
+interface WalletBalance {
+    balance: number;
+    currency: string;
+    card?: CardAttributes;
+    autoReload?: AutoReloadConfig;
+}
+type MerchantType = 'ecommerce' | 'software' | 'api' | 'saas' | 'skill' | 'service';
+interface DirectoryMerchant {
+    id: string;
+    name: string;
+    slug: string;
+    domain: string;
+    description?: string;
+    logoUrl?: string;
+    website?: string;
+    tier: 'lane_onboarded' | 'protocol';
+    merchantType: MerchantType;
+    vertical: string;
+    subcategories: string[];
+    supportedPaymentMethods: string[];
+    protocols: string[];
+    productAttributes?: Record<string, unknown>;
+    capabilities: {
+        hasBillingAPI: boolean;
+        supportsACP: boolean;
+        supportsUCP: boolean;
+        supportsVIC: boolean;
+        acceptsVisa: boolean;
+        acceptsMastercard: boolean;
+    };
+    productCount?: number;
+    lastSyncedAt?: string;
+}
+interface MerchantSearchParams {
+    query?: string;
+    tier?: 'lane_onboarded' | 'protocol';
+    merchantType?: MerchantType;
+    vertical?: string;
+    subcategory?: string;
+    protocol?: string;
+    limit?: number;
+    offset?: number;
+}
+interface ProtocolDiscoveryResult {
+    merchant: DirectoryMerchant;
+    protocols: string[];
+    manifestUrl: string;
+}
+interface MerchantVerticalSummary {
+    vertical: string;
+    merchantType: string;
+    subcategories: string[];
+    count: number;
+}
+interface CheckoutProfile {
+    id: string;
+    walletId: string;
+    email: string;
+    phone?: string;
+    fullName: string;
+    billingLine1: string;
+    billingLine2?: string;
+    billingCity: string;
+    billingState: string;
+    billingPostalCode: string;
+    billingCountry: string;
+    shippingLine1?: string;
+    shippingLine2?: string;
+    shippingCity?: string;
+    shippingState?: string;
+    shippingPostalCode?: string;
+    shippingCountry?: string;
+    shippingSameAsBilling: boolean;
+    createdAt: string;
+    updatedAt: string;
+}
+interface SetCheckoutProfileParams {
+    email: string;
+    phone?: string;
+    fullName: string;
+    billingLine1: string;
+    billingLine2?: string;
+    billingCity: string;
+    billingState: string;
+    billingPostalCode: string;
+    billingCountry?: string;
+    shippingLine1?: string;
+    shippingLine2?: string;
+    shippingCity?: string;
+    shippingState?: string;
+    shippingPostalCode?: string;
+    shippingCountry?: string;
+    shippingSameAsBilling?: boolean;
+}
+interface MerchantAccount {
+    id: string;
+    walletId: string;
+    merchantDomain: string;
+    merchantName?: string;
+    accountEmail?: string;
+    accountUsername?: string;
+    authType: 'password' | 'api_key' | 'oauth' | 'sso';
+    status: 'active' | 'expired' | 'revoked';
+    lastUsedAt?: string;
+    createdAt: string;
+}
+interface SaveMerchantAccountParams {
+    merchantDomain: string;
+    merchantName?: string;
+    accountEmail?: string;
+    accountUsername?: string;
+    passwordAlias?: string;
+    authType?: 'password' | 'api_key' | 'oauth' | 'sso';
+    apiKeyAlias?: string;
+    oauthTokenAlias?: string;
+}
+
+interface LaneErrorOptions {
+    code: string;
+    statusCode: number;
+    requestId?: string;
+    retryable?: boolean;
+    suggestedAction?: string;
+}
+/**
+ * Base error class for all Lane SDK errors.
+ *
+ * Carries structured metadata so agents can make programmatic decisions
+ * without parsing human-readable messages.
+ */
+declare class LaneError extends Error {
+    /** Machine-readable error code (e.g. 'budget_exceeded'). */
+    readonly code: string;
+    /** HTTP status code from the API (or synthetic for client-side errors). */
+    readonly statusCode: number;
+    /** Request ID for support and audit trail correlation. */
+    readonly requestId: string;
+    /** Whether the caller should retry this request. */
+    readonly retryable: boolean;
+    /** Human-readable suggestion for what the agent should do next. */
+    readonly suggestedAction?: string;
+    /** Executable suggestion for agents (e.g. "lane.wallet.deposit(2000)"). */
+    fix?: string;
+    /** Current state context for agent decision-making. */
+    currentState?: Record<string, unknown>;
+    constructor(message: string, options: LaneErrorOptions);
+    /** Serialize to a plain object for structured logging / JSON responses. */
+    toJSON(): Record<string, unknown>;
+}
+declare class LaneAuthError extends LaneError {
+    constructor(message: string, options: Omit<LaneErrorOptions, 'statusCode'> & {
+        statusCode?: number;
+    });
+    static invalidApiKey(requestId?: string): LaneAuthError;
+    static expiredToken(requestId?: string): LaneAuthError;
+    static insufficientScope(requiredScope: string, requestId?: string): LaneAuthError;
+}
+declare class LanePaymentError extends LaneError {
+    constructor(message: string, options: LaneErrorOptions);
+    static declined(requestId?: string): LanePaymentError;
+    static insufficientFunds(currentBalance?: number, required?: number, requestId?: string): LanePaymentError;
+    static merchantUnavailable(merchant: string, requestId?: string): LanePaymentError;
+    static serviceError(requestId?: string): LanePaymentError;
+}
+declare class LaneBudgetError extends LaneError {
+    /** The budget limit that was exceeded. */
+    readonly limit: number;
+    /** The amount that was requested. */
+    readonly requested: number;
+    constructor(message: string, options: LaneErrorOptions & {
+        limit: number;
+        requested: number;
+    });
+    static dailyExceeded(limit: number, requested: number, requestId?: string): LaneBudgetError;
+    static taskExceeded(limit: number, requested: number, requestId?: string): LaneBudgetError;
+    static monthlyExceeded(limit: number, requested: number, requestId?: string): LaneBudgetError;
+    static merchantNotAllowed(merchant: string, requestId?: string): LaneBudgetError;
+    toJSON(): Record<string, unknown>;
+}
+declare class LaneNotFoundError extends LaneError {
+    constructor(resource: string, id: string, requestId?: string);
+}
+declare class LaneRateLimitError extends LaneError {
+    /** Seconds until the rate limit resets. */
+    readonly retryAfter: number;
+    constructor(retryAfter: number, requestId?: string);
+    toJSON(): Record<string, unknown>;
+}
+interface FieldError {
+    field: string;
+    message: string;
+}
+declare class LaneValidationError extends LaneError {
+    readonly fields: FieldError[];
+    constructor(fields: FieldError[], requestId?: string);
+    toJSON(): Record<string, unknown>;
+}
+interface APIErrorBody {
+    error: {
+        code: string;
+        message: string;
+        statusCode: number;
+        retryable?: boolean;
+        suggestedAction?: string;
+        retryAfter?: number;
+        limit?: number;
+        requested?: number;
+        fields?: FieldError[];
+    };
+    requestId: string;
+}
+/** Parse an API error response into the appropriate typed LaneError subclass. */
+declare function createErrorFromResponse(body: APIErrorBody): LaneError;
+
+interface LaneClientEvents {
+    request: [{
+        method: string;
+        path: string;
+        requestId: string;
+    }];
+    response: [{
+        statusCode: number;
+        requestId: string;
+        durationMs: number;
+    }];
+    error: [{
+        error: LaneError;
+        requestId: string;
+    }];
+    retry: [{
+        attempt: number;
+        maxRetries: number;
+        requestId: string;
+    }];
+}
+/**
+ * Low-level HTTP client for the Lane API.
+ *
+ * Handles authentication, signing, retries, circuit breaking, and error
+ * parsing. All Resource classes delegate HTTP calls through this client.
+ */
+declare class LaneClient extends EventEmitter<LaneClientEvents> {
+    private readonly config;
+    private readonly signer;
+    private readonly circuitBreaker;
+    constructor(config: ResolvedConfig);
+    /** Whether this client is operating in test mode. */
+    get testMode(): boolean;
+    /** The resolved base URL. */
+    get baseUrl(): string;
+    get<T>(path: string, query?: RequestOptions['query']): Promise<APIResponse<T>>;
+    post<T>(path: string, body?: Record<string, unknown>, idempotencyKey?: string): Promise<APIResponse<T>>;
+    put<T>(path: string, body?: Record<string, unknown>): Promise<APIResponse<T>>;
+    delete<T>(path: string): Promise<APIResponse<T>>;
+    request<T>(options: RequestOptions): Promise<APIResponse<T>>;
+    private executeRequest;
+    private buildUrl;
+    private parseErrorBody;
+    private isRetryable;
+    private backoff;
+}
+
+/**
+ * Abstract base class for all Lane API resources.
+ *
+ * Subclasses focus on domain logic; the base class handles HTTP delegation,
+ * pagination helpers, and idempotency key forwarding.
+ */
+declare abstract class Resource {
+    protected readonly client: LaneClient;
+    constructor(client: LaneClient);
+    /** The API path prefix for this resource (e.g. '/api/sdk/wallets'). */
+    protected abstract get basePath(): string;
+    protected _get<T>(subpath?: string, query?: Record<string, string | number | boolean | undefined>): Promise<APIResponse<T>>;
+    protected _post<T>(subpath?: string, body?: Record<string, unknown>, idempotencyKey?: string): Promise<APIResponse<T>>;
+    protected _put<T>(subpath?: string, body?: Record<string, unknown>): Promise<APIResponse<T>>;
+    protected _delete<T>(subpath?: string): Promise<APIResponse<T>>;
+    /**
+     * Helper for paginated list endpoints.
+     */
+    protected _list<T>(subpath?: string, params?: {
+        limit?: number;
+        offset?: number;
+    } & Record<string, unknown>): Promise<PaginatedResponse<T>>;
+}
+
+declare class Auth extends Resource {
+    protected get basePath(): string;
+    /** Get the authenticated developer's profile. */
+    whoami(): Promise<DeveloperProfile>;
+    /**
+     * Start a login session. Returns a URL the developer opens in their browser.
+     */
+    login(): Promise<{
+        sessionId: string;
+        authUrl: string;
+        port: number;
+    }>;
+    /**
+     * Exchange a one-time code (from browser callback) for an API key.
+     */
+    exchangeCode(code: string, sessionId: string): Promise<{
+        apiKey: string;
+        developerId: string;
+    }>;
+    /**
+     * Rotate the API key. Old key remains valid for 15 minutes.
+     */
+    rotateKey(): Promise<RotateKeyResult>;
+}
+
+declare class Wallets extends Resource {
+    protected get basePath(): string;
+    /** Create a new wallet, optionally scoped to an end user. */
+    create(params?: CreateWalletParams): Promise<Wallet>;
+    /** Get a wallet by ID. */
+    get(walletId: string): Promise<Wallet>;
+    /** List all wallets for the authenticated developer. */
+    list(params?: {
+        limit?: number;
+        offset?: number;
+    }): Promise<PaginatedResponse<Wallet>>;
+    /** List cards in a wallet. Returns last4/brand only — never full PAN. */
+    listCards(walletId: string): Promise<Card[]>;
+    /**
+     * Get a secure link for the end user to add a card via VGS Collect.
+     * PAN goes directly to VGS vault — Lane never sees it.
+     */
+    getAddCardLink(walletId: string): Promise<{
+        url: string;
+        expiresAt: string;
+    }>;
+    /** Revoke a wallet. All linked tokens are immediately invalidated. */
+    revoke(walletId: string): Promise<void>;
+    /** Remove a specific card from a wallet. */
+    removeCard(walletId: string, cardId: string): Promise<void>;
+    /** Deposit funds into a wallet. */
+    deposit(walletId: string, params: DepositParams): Promise<DepositResult>;
+    /** Get wallet balance and metadata. */
+    balance(walletId?: string): Promise<WalletBalance>;
+    /** Configure auto-reload for a wallet. */
+    setAutoReload(walletId: string, config: AutoReloadConfig): Promise<AutoReloadConfig>;
+    /** Get card attributes for a wallet. */
+    getAttributes(walletId: string): Promise<CardAttributes>;
+    /** Set the checkout profile for a wallet (billing, shipping, email). */
+    setProfile(walletId: string, profile: SetCheckoutProfileParams): Promise<CheckoutProfile>;
+    /** Get the checkout profile. Addresses and email are visible; no sensitive data. */
+    getProfile(walletId: string): Promise<CheckoutProfile>;
+    /** Update the checkout profile (partial). */
+    updateProfile(walletId: string, updates: Partial<SetCheckoutProfileParams>): Promise<CheckoutProfile>;
+    /** Save a merchant account (for sites without guest checkout). */
+    saveMerchantAccount(walletId: string, params: SaveMerchantAccountParams): Promise<MerchantAccount>;
+    /** List saved merchant accounts (domain + email only). */
+    listMerchantAccounts(walletId: string): Promise<MerchantAccount[]>;
+    /** Remove a saved merchant account. */
+    removeMerchantAccount(walletId: string, accountId: string): Promise<void>;
+}
+
+declare class Pay extends Resource {
+    protected get basePath(): string;
+    /**
+     * Create a scoped agentic token — amount-limited, merchant-locked,
+     * time-bounded. The token can be used to execute a single payment.
+     */
+    createToken(params: CreateTokenParams): Promise<AgenticToken>;
+    /**
+     * Execute a payment. Routed via the best available path:
+     *   1. Billing API (for services like OpenAI, Replicate, Vercel)
+     *   2. ACP-enabled merchant checkout
+     *   3. VIC agentic token (when available)
+     *
+     * Idempotency key is strongly recommended to prevent double charges.
+     */
+    execute(params: ExecutePaymentParams): Promise<Transaction>;
+    private generateIdempotencyKey;
+    /** Get a transaction by ID. */
+    getTransaction(transactionId: string): Promise<Transaction>;
+    /** List transactions with optional filters. */
+    listTransactions(params?: {
+        limit?: number;
+        offset?: number;
+        cardId?: string;
+        status?: Transaction['status'];
+    }): Promise<PaginatedResponse<Transaction>>;
+    /**
+     * Initiate a refund. Full or partial.
+     *
+     * Refund routing mirrors payment routing:
+     *   - Billing API merchants: calls their refund API
+     *   - ACP merchants: initiates refund through PSP
+     *   - VIC transactions: standard Visa dispute flow
+     */
+    refund(params: RefundParams): Promise<Refund>;
+    /** Get a refund by ID. */
+    getRefund(refundId: string): Promise<Refund>;
+}
+
+declare class Products extends Resource {
+    protected get basePath(): string;
+    /** Search the Lane product catalog. */
+    search(params: ProductSearchParams | SoftwareProductSearchParams): Promise<PaginatedResponse<Product>>;
+    /** Get a product by ID. */
+    get(productId: string): Promise<Product>;
+    /** List available merchants. */
+    listMerchants(params?: {
+        limit?: number;
+        offset?: number;
+        query?: string;
+    }): Promise<PaginatedResponse<Merchant>>;
+    /** Get a merchant by ID or slug. */
+    getMerchant(merchantIdOrSlug: string): Promise<Merchant>;
+}
+
+declare class Checkout extends Resource {
+    protected get basePath(): string;
+    /** Create a new checkout session for a product. */
+    create(params: CreateCheckoutParams | SoftwareCheckoutParams): Promise<CheckoutSession>;
+    /** Complete a checkout session — processes payment and returns the order. */
+    complete(sessionId: string): Promise<Order | SoftwareOrder>;
+    /** Get the status of a checkout session. */
+    get(sessionId: string): Promise<CheckoutSession>;
+    /** Cancel a pending checkout session. */
+    cancel(sessionId: string): Promise<CheckoutSession>;
+}
+
+declare class Sell extends Resource {
+    protected get basePath(): string;
+    /**
+     * List a product for sale on the Lane marketplace.
+     *
+     * Lane will:
+     *   1. List the product in the Product API (discoverable by any agent)
+     *   2. Create a proxy endpoint (handles auth + metering)
+     *   3. Generate API keys for buyers automatically
+     *   4. Meter usage and bill buyer wallets
+     *   5. Pay out to seller (minus Lane fee)
+     */
+    create(params: CreateProductParams): Promise<Product>;
+    /** Update an existing product listing. */
+    update(productId: string, params: Partial<CreateProductParams>): Promise<Product>;
+    /** Deactivate a product listing (soft delete). */
+    deactivate(productId: string): Promise<void>;
+    /** Get a product you've listed. */
+    get(productId: string): Promise<Product>;
+    /** List all products you've listed for sale. */
+    list(params?: {
+        limit?: number;
+        offset?: number;
+    }): Promise<PaginatedResponse<Product>>;
+    /** Get analytics for a product you've listed. */
+    analytics(params: AnalyticsParams): Promise<ProductAnalytics>;
+    /** List a software product using an SCP manifest. */
+    createSoftwareProduct(manifest: SCPManifest): Promise<Product>;
+}
+
+declare class Admin extends Resource {
+    protected get basePath(): string;
+    /** Get spending summary with optional grouping by team/developer/agent. */
+    spending(params: {
+        period: string;
+        groupBy?: 'team' | 'developer' | 'agent';
+    }): Promise<SpendingSummary>;
+    /** Get current budget configuration. */
+    getBudget(scope?: {
+        teamId?: string;
+        developerId?: string;
+    }): Promise<BudgetConfig>;
+    /** Update budget limits. */
+    setBudget(config: BudgetConfig & {
+        teamId?: string;
+        developerId?: string;
+    }): Promise<BudgetConfig>;
+    /** List team members. */
+    listMembers(params?: {
+        limit?: number;
+        offset?: number;
+        teamId?: string;
+    }): Promise<PaginatedResponse<TeamMember>>;
+    /** Invite a team member. */
+    inviteMember(params: {
+        email: string;
+        role: TeamMember['role'];
+        teamId?: string;
+    }): Promise<TeamMember>;
+    /** Update a team member's role. */
+    updateMember(memberId: string, params: {
+        role: TeamMember['role'];
+    }): Promise<TeamMember>;
+    /** Remove a team member. */
+    removeMember(memberId: string): Promise<void>;
+    /**
+     * Export all developer data as JSON (GDPR data portability).
+     */
+    exportData(): Promise<Record<string, unknown>>;
+    /**
+     * Delete the developer account and purge all PII (GDPR right to erasure).
+     * Transaction records are anonymized (amount + merchant retained for regulatory).
+     */
+    deleteAccount(): Promise<{
+        status: string;
+        deletionCompletesAt: string;
+    }>;
+}
+
+declare class Webhooks extends Resource {
+    protected get basePath(): string;
+    /** Register a new webhook endpoint. */
+    create(params: Omit<WebhookConfig, 'id'>): Promise<WebhookConfig>;
+    /** List registered webhooks. */
+    list(): Promise<PaginatedResponse<WebhookConfig>>;
+    /** Get a webhook by ID. */
+    get(webhookId: string): Promise<WebhookConfig>;
+    /** Update a webhook configuration. */
+    update(webhookId: string, params: Partial<WebhookConfig>): Promise<WebhookConfig>;
+    /** Delete a webhook endpoint. */
+    delete(webhookId: string): Promise<void>;
+    /**
+     * Verify a webhook payload's signature.
+     *
+     * Use this in your webhook handler to confirm the payload was sent by Lane.
+     *
+     * @param payload   - Raw request body string
+     * @param signature - Value of X-Lane-Signature header
+     * @param secret    - Your webhook signing secret
+     * @param timestamp - Value of X-Lane-Timestamp header (unix seconds)
+     */
+    verify(payload: string, signature: string, secret: string, timestamp: number): boolean;
+    /**
+     * Parse and verify a webhook payload in one step.
+     * Throws if signature is invalid.
+     */
+    constructEvent(payload: string, signature: string, secret: string, timestamp: number): WebhookPayload;
+}
+
+declare class VIC extends Resource {
+    protected get basePath(): string;
+    /**
+     * Issue a VIC agentic token. This provisions a Visa network token (DPAN)
+     * scoped to the agent's constraints: amount limits, merchant restrictions,
+     * and time bounds.
+     *
+     * The token works at any Visa-accepting merchant — not just Lane catalog.
+     */
+    issue(params: VICIssuanceParams): Promise<VICToken>;
+    /**
+     * Get a transaction-specific cryptogram for a VIC token.
+     * Called just before payment execution — the cryptogram is single-use.
+     */
+    getCryptogram(tokenId: string, params: {
+        amount: number;
+        currency: string;
+        merchantId: string;
+    }): Promise<NetworkTokenPayload>;
+    /** Get a VIC token by ID. */
+    get(tokenId: string): Promise<VICToken>;
+    /** List VIC tokens for a wallet. */
+    list(params?: {
+        walletId?: string;
+        status?: VICToken['status'];
+        limit?: number;
+        offset?: number;
+    }): Promise<PaginatedResponse<VICToken>>;
+    /** Revoke a VIC token immediately. */
+    revoke(tokenId: string): Promise<VICToken>;
+    /** Suspend a VIC token (can be reactivated). */
+    suspend(tokenId: string): Promise<VICToken>;
+    /** Reactivate a suspended VIC token. */
+    reactivate(tokenId: string): Promise<VICToken>;
+}
+
+declare class Metering extends Resource {
+    protected get basePath(): string;
+    /**
+     * Record a usage event (API call, token consumption, etc.).
+     * Called by the seller's service when a buyer uses it.
+     */
+    record(params: {
+        productId: string;
+        buyerId: string;
+        quantity: number;
+        unit?: string;
+        idempotencyKey?: string;
+    }): Promise<UsageRecord>;
+    /**
+     * Record a batch of usage events efficiently.
+     */
+    recordBatch(records: {
+        productId: string;
+        buyerId: string;
+        quantity: number;
+        unit?: string;
+        timestamp?: string;
+    }[]): Promise<{
+        recorded: number;
+        failed: number;
+    }>;
+    /** Query usage for a product. */
+    query(params: {
+        productId: string;
+        buyerId?: string;
+        startDate?: string;
+        endDate?: string;
+        limit?: number;
+        offset?: number;
+    }): Promise<PaginatedResponse<UsageRecord>>;
+    /** Get an aggregated usage report. */
+    report(params: {
+        productId: string;
+        period: string;
+    }): Promise<UsageReport>;
+    /** Get or update metering config for a product. */
+    getConfig(productId: string): Promise<MeteringConfig>;
+    setConfig(productId: string, config: MeteringConfig): Promise<MeteringConfig>;
+}
+
+declare class Payouts extends Resource {
+    protected get basePath(): string;
+    /** Get payout configuration. */
+    getConfig(): Promise<PayoutConfig>;
+    /** Set up or update payout configuration. */
+    setConfig(config: {
+        destination: PayoutConfig['destination'];
+        destinationId: string;
+        schedule?: PayoutConfig['schedule'];
+        currency?: string;
+        minimumPayout?: number;
+    }): Promise<PayoutConfig>;
+    /** List payouts. */
+    list(params?: {
+        status?: Payout['status'];
+        limit?: number;
+        offset?: number;
+    }): Promise<PaginatedResponse<Payout>>;
+    /** Get a specific payout. */
+    get(payoutId: string): Promise<Payout>;
+}
+
+declare class Teams extends Resource {
+    protected get basePath(): string;
+    /** Create a new team. */
+    create(params: CreateTeamParams): Promise<Team>;
+    /** List teams. */
+    list(params?: {
+        limit?: number;
+        offset?: number;
+    }): Promise<PaginatedResponse<Team>>;
+    /** Get a team by ID. */
+    get(teamId: string): Promise<Team>;
+    /** Update a team. */
+    update(teamId: string, params: {
+        name?: string;
+        budget?: BudgetConfig;
+    }): Promise<Team>;
+    /** Delete a team. */
+    delete(teamId: string): Promise<void>;
+    /** Add a member to a team. */
+    addMember(teamId: string, params: {
+        email: string;
+        role: TeamMember['role'];
+    }): Promise<TeamMember>;
+    /** List team members. */
+    listMembers(teamId: string, params?: {
+        limit?: number;
+        offset?: number;
+    }): Promise<PaginatedResponse<TeamMember>>;
+    /** Remove a member from a team. */
+    removeMember(teamId: string, memberId: string): Promise<void>;
+    /** Get the hierarchical budget for a team (org > team > developer > agent). */
+    getHierarchicalBudget(teamId: string): Promise<HierarchicalBudget>;
+    /** Set the team-level budget. */
+    setBudget(teamId: string, budget: BudgetConfig): Promise<BudgetConfig>;
+}
+
+declare class Agents extends Resource {
+    protected get basePath(): string;
+    /** Register a new agent in the fleet. */
+    register(params: RegisterAgentParams): Promise<AgentRecord>;
+    /** Get an agent by ID. */
+    get(agentId: string): Promise<AgentRecord>;
+    /** List agents in the fleet. */
+    list(params?: {
+        status?: AgentRecord['status'];
+        limit?: number;
+        offset?: number;
+    }): Promise<PaginatedResponse<AgentRecord>>;
+    /** Update an agent's policy. */
+    setPolicy(agentId: string, policy: AgentPolicy): Promise<AgentRecord>;
+    /** Suspend an agent (temporary, can be reactivated). */
+    suspend(agentId: string): Promise<AgentRecord>;
+    /** Reactivate a suspended agent. */
+    reactivate(agentId: string): Promise<AgentRecord>;
+    /** Permanently revoke an agent. */
+    revoke(agentId: string): Promise<AgentRecord>;
+    /** Assign a wallet to an agent (per-agent wallet). */
+    assignWallet(agentId: string, walletId: string): Promise<AgentRecord>;
+}
+
+declare class Audit extends Resource {
+    protected get basePath(): string;
+    /** Query audit log entries. */
+    query(params?: AuditQueryParams): Promise<PaginatedResponse<AuditEntry>>;
+    /** Get a specific audit entry by ID. */
+    get(entryId: string): Promise<AuditEntry>;
+    /**
+     * Export audit logs for a date range (SOC 2 compliance).
+     * Returns a download URL for the audit log archive.
+     */
+    export(params: {
+        startDate: string;
+        endDate: string;
+        format?: 'json' | 'csv';
+    }): Promise<{
+        downloadUrl: string;
+        expiresAt: string;
+    }>;
+    /** Get audit summary/statistics for a period. */
+    summary(params: {
+        period: string;
+        groupBy?: 'action' | 'actor' | 'resource';
+    }): Promise<{
+        totalEntries: number;
+        byAction: Record<string, number>;
+        byActorType: Record<string, number>;
+        topActors: {
+            id: string;
+            count: number;
+        }[];
+    }>;
+}
+
+declare class Identity extends Resource {
+    protected get basePath(): string;
+    /**
+     * Register an agent for identity verification.
+     * This starts the KYC chain: Human (developer) vouches for Agent.
+     */
+    register(params: RegisterIdentityParams): Promise<AgentIdentity>;
+    /**
+     * Complete identity verification using a developer-provided code.
+     * This establishes the Human -> Lane -> Agent chain.
+     */
+    verify(params: VerifyIdentityParams): Promise<AgentIdentity>;
+    /** Get an agent identity by ID. */
+    get(identityId: string): Promise<AgentIdentity>;
+    /** List agent identities. */
+    list(params?: {
+        agentId?: string;
+        status?: AgentIdentity['status'];
+        limit?: number;
+        offset?: number;
+    }): Promise<PaginatedResponse<AgentIdentity>>;
+    /**
+     * Get the current attestation for a verified identity.
+     * The attestation is a cryptographic proof that Lane has verified the
+     * Human -> Agent chain.
+     */
+    getAttestation(identityId: string): Promise<IdentityAttestation>;
+    /**
+     * Refresh the attestation (generates a new signed document).
+     * Useful when the previous attestation is nearing expiry.
+     */
+    refreshAttestation(identityId: string): Promise<IdentityAttestation>;
+    /** Suspend an agent identity. */
+    suspend(identityId: string): Promise<AgentIdentity>;
+    /** Revoke an agent identity permanently. */
+    revoke(identityId: string): Promise<AgentIdentity>;
+}
+
+declare class Subscriptions extends Resource {
+    protected get basePath(): string;
+    /** Create a new subscription. */
+    create(params: CreateSubscriptionParams): Promise<Subscription>;
+    /** List subscriptions, optionally filtered by status. */
+    list(params?: {
+        status?: string;
+        limit?: number;
+        offset?: number;
+    }): Promise<PaginatedResponse<Subscription>>;
+    /** Get a subscription by ID. */
+    get(subscriptionId: string): Promise<Subscription>;
+    /** Cancel a subscription. */
+    cancel(subscriptionId: string): Promise<Subscription>;
+    /** Upgrade a subscription to a higher plan. */
+    upgrade(subscriptionId: string, params: UpdateSubscriptionParams): Promise<Subscription>;
+    /** Downgrade a subscription to a lower plan. */
+    downgrade(subscriptionId: string, params: UpdateSubscriptionParams): Promise<Subscription>;
+    /** Pause a subscription. */
+    pause(subscriptionId: string): Promise<Subscription>;
+    /** Resume a paused subscription. */
+    resume(subscriptionId: string): Promise<Subscription>;
+}
+
+declare class Merchants extends Resource {
+    protected get basePath(): string;
+    /** List/search the merchant directory. */
+    list(params?: MerchantSearchParams): Promise<PaginatedResponse<DirectoryMerchant>>;
+    /** Get a merchant by ID, slug, or domain. */
+    get(idOrSlug: string): Promise<DirectoryMerchant>;
+    /** List merchants that support a specific protocol. */
+    listByProtocol(protocol: string, params?: Omit<MerchantSearchParams, 'protocol'>): Promise<PaginatedResponse<DirectoryMerchant>>;
+    /** List merchants in a specific vertical. */
+    listByVertical(vertical: string, params?: Omit<MerchantSearchParams, 'vertical'>): Promise<PaginatedResponse<DirectoryMerchant>>;
+    /** List only Lane-onboarded merchants. */
+    listOnboarded(params?: Omit<MerchantSearchParams, 'tier'>): Promise<PaginatedResponse<DirectoryMerchant>>;
+    /** List all verticals with subcategories and counts. */
+    verticals(): Promise<MerchantVerticalSummary[]>;
+    /** Discover a protocol-compatible merchant by domain. */
+    discover(domain: string): Promise<ProtocolDiscoveryResult>;
+}
+
+/**
+ * Lane SDK client.
+ *
+ * Provides access to all Lane API resources through a composable,
+ * object-oriented interface. Resources are lazily initialized on first access.
+ *
+ * @example
+ * ```typescript
+ * import Lane from 'lane'
+ *
+ * const lane = await Lane.create({ apiKey: process.env.LANE_KEY })
+ *
+ * const wallet = await lane.wallets.create({ userId: 'user_123' })
+ * const products = await lane.products.search({ query: 'API credits' })
+ * const txn = await lane.pay.execute({ recipient: 'replicate.com', amount: 20 })
+ * ```
+ */
+declare class Lane {
+    private readonly client;
+    private readonly _config;
+    private _auth?;
+    private _wallets?;
+    private _pay?;
+    private _products?;
+    private _checkout?;
+    private _sell?;
+    private _admin?;
+    private _webhooks?;
+    private _vic?;
+    private _metering?;
+    private _payouts?;
+    private _teams?;
+    private _agents?;
+    private _audit?;
+    private _identity?;
+    private _subscriptions?;
+    private _merchants?;
+    /**
+     * Private constructor — use `Lane.create()` for async config resolution,
+     * or `new Lane(resolvedConfig)` if you've already resolved config.
+     */
+    private constructor();
+    /**
+     * Create a new Lane SDK instance with async config resolution.
+     *
+     * Resolves API key from: constructor > env var > credentials file.
+     */
+    static create(options?: LaneConfig): Promise<Lane>;
+    /**
+     * Create a Lane SDK instance synchronously (requires explicit apiKey).
+     *
+     * Use this when you already have the API key and don't need file-based
+     * credential resolution.
+     */
+    static fromApiKey(apiKey: string, options?: Omit<LaneConfig, 'apiKey'>): Lane;
+    /** Authentication — login, whoami, key rotation. */
+    get auth(): Auth;
+    /** Wallets — create, list cards, add card, revoke. */
+    get wallets(): Wallets;
+    /** Pay — agentic tokens, payment execution, refunds. */
+    get pay(): Pay;
+    /** Products — search catalog, list merchants. */
+    get products(): Products;
+    /** Checkout — create and complete checkout sessions. */
+    get checkout(): Checkout;
+    /** Sell — list products for sale, analytics (Make-a-SaaS). */
+    get sell(): Sell;
+    /** Admin — spending, budgets, team management, GDPR. */
+    get admin(): Admin;
+    /** Webhooks — register, verify, manage webhook endpoints. */
+    get webhooks(): Webhooks;
+    /** VIC — Visa Intelligent Commerce agentic tokens (Phase 2). */
+    get vic(): VIC;
+    /** Metering — usage tracking for Make-a-SaaS sellers (Phase 4). */
+    get metering(): Metering;
+    /** Payouts — seller disbursements (Phase 4). */
+    get payouts(): Payouts;
+    /** Teams — team management with hierarchical budgets (Phase 5). */
+    get teams(): Teams;
+    /** Agents — fleet management with per-agent policies (Phase 5). */
+    get agents(): Agents;
+    /** Audit — immutable audit trail for SOC 2 compliance (Phase 5). */
+    get audit(): Audit;
+    /** Identity — agent identity and KYC chain (Phase 6). */
+    get identity(): Identity;
+    /** Subscriptions — manage software subscriptions (SCP). */
+    get subscriptions(): Subscriptions;
+    /** Merchants — discover and search the merchant directory. */
+    get merchants(): Merchants;
+    /** Subscribe to SDK events (request, response, error, retry). */
+    on(event: 'request' | 'response' | 'error' | 'retry', listener: (...args: any[]) => void): this;
+    /** Whether this instance is operating in test mode. */
+    get testMode(): boolean;
+    /** The resolved base URL. */
+    get baseUrl(): string;
+}
+
+interface SignatureComponents {
+    method: string;
+    path: string;
+    timestamp: number;
+    body?: string;
+}
+declare class HMACSignature {
+    private readonly secret;
+    constructor(secret: string);
+    /**
+     * Sign request components and return the hex-encoded HMAC-SHA256 signature.
+     */
+    sign(components: SignatureComponents): string;
+    /**
+     * Verify a signature against request components.
+     * Uses constant-time comparison to prevent timing attacks.
+     */
+    verify(signature: string, components: SignatureComponents, toleranceSeconds?: number): boolean;
+    /**
+     * Generate the signature headers for an outgoing request.
+     */
+    headers(components: SignatureComponents): Record<string, string>;
+}
+/**
+ * Verify a webhook payload signature.
+ *
+ * @param payload   - Raw webhook body string
+ * @param signature - Value of X-Lane-Signature header
+ * @param secret    - Webhook signing secret
+ * @param timestamp - Value of X-Lane-Timestamp header
+ */
+declare function verifyWebhookSignature(payload: string, signature: string, secret: string, timestamp: number): boolean;
+
+/**
+ * File-system backed token store.
+ *
+ * Stores credentials at ~/.lane/credentials.json with strict permissions.
+ * Implements the TokenStore interface so it can be swapped for Redis,
+ * Keychain, etc.
+ */
+declare class FileTokenStore implements TokenStore {
+    private readonly dirPath;
+    private readonly filePath;
+    constructor(basePath?: string);
+    /**
+     * Read credentials from disk. Returns null if file doesn't exist.
+     * Warns to stderr if file permissions are too permissive.
+     */
+    read(): Promise<Credentials | null>;
+    /**
+     * Write credentials to disk with secure permissions.
+     */
+    write(credentials: Credentials): Promise<void>;
+    /**
+     * Remove the credentials file.
+     */
+    clear(): Promise<void>;
+    /** Return the path to the credentials file (for CLI display). */
+    get path(): string;
+    private ensureDirectory;
+    /**
+     * Check file permissions and warn if too open.
+     * SOC 2 control: credentials should only be readable by owner.
+     */
+    private validatePermissions;
+    private validateCredentials;
+}
+
+/**
+ * Resolve SDK configuration from multiple sources.
+ *
+ * Immutable after construction — no config drift during a session.
+ */
+declare function resolveConfig(options?: LaneConfig, tokenStore?: TokenStore): Promise<ResolvedConfig>;
+
+interface LaneMCPServerOptions {
+    /** Override the server name shown to clients. */
+    name?: string;
+    /** Override the server version shown to clients. */
+    version?: string;
+}
+/**
+ * LaneMCPServer wraps @modelcontextprotocol/sdk McpServer and registers
+ * all Lane agent tools. Connect it to any MCP transport (stdio, HTTP, etc.).
+ */
+declare class LaneMCPServer {
+    private readonly lane;
+    readonly mcp: McpServer;
+    private readonly tools;
+    constructor(lane: Lane, options?: LaneMCPServerOptions);
+    private registerTools;
+}
+
+interface VGSTokenConfig {
+    /** VGS vault ID (e.g., tntxxxxxxxx). */
+    vaultId: string;
+    /** VGS service account client ID. */
+    clientId: string;
+    /** VGS service account client secret. */
+    clientSecret: string;
+    /** VGS environment: 'sandbox' | 'live'. */
+    environment: 'sandbox' | 'live';
+}
+/**
+ * VGSTokenManager handles OAuth2 client_credentials flow for VGS vault access.
+ * Tokens are cached and auto-refreshed before expiry.
+ */
+declare class VGSTokenManager {
+    private readonly config;
+    private cached;
+    constructor(config: VGSTokenConfig);
+    /**
+     * Get a valid access token, refreshing if expired or near-expiry.
+     */
+    getAccessToken(): Promise<string>;
+    /**
+     * Force-refresh the token.
+     */
+    refresh(): Promise<string>;
+    /**
+     * Invalidate the cached token.
+     */
+    invalidate(): void;
+    private getTokenUrl;
+}
+
+interface VGSProxyConfig extends VGSTokenConfig {
+    /** Outbound route ID for PSP-bound requests. */
+    routeId: string;
+}
+interface ProxyRequest {
+    /** Target PSP endpoint URL. */
+    url: string;
+    /** HTTP method. */
+    method: 'POST' | 'PUT' | 'PATCH';
+    /** Request headers (Authorization, Content-Type, etc.). */
+    headers: Record<string, string>;
+    /** Request body containing VGS aliases that will be revealed by the proxy. */
+    body: unknown;
+}
+interface ProxyResponse {
+    status: number;
+    headers: Record<string, string>;
+    body: unknown;
+}
+/**
+ * VGSOutboundProxy routes requests through VGS so that aliased card data
+ * is revealed only to whitelisted PSP endpoints.
+ */
+declare class VGSOutboundProxy {
+    private readonly config;
+    private readonly tokenManager;
+    constructor(config: VGSProxyConfig);
+    /**
+     * Send a request through the VGS outbound proxy.
+     * VGS aliases in the body are de-tokenized and revealed to the target PSP.
+     */
+    forward(request: ProxyRequest): Promise<ProxyResponse>;
+    /**
+     * Invalidate the cached VGS access token.
+     */
+    invalidateToken(): void;
+    private getProxyUrl;
+}
+
+type CardBrand = 'visa' | 'mastercard' | 'amex' | 'discover' | 'diners' | 'jcb' | 'unionpay' | 'unknown';
+/**
+ * Detect card brand from a card number or VGS alias token.
+ * Only uses the BIN (first 6-8 digits) — safe to call with tokenized values
+ * as long as the BIN prefix is preserved (VGS format-preserving tokens).
+ */
+declare function detectCardBrand(cardNumber: string): CardBrand;
+/**
+ * Validate a card number using the Luhn algorithm.
+ * NOTE: Only works with real PANs — NOT VGS aliases.
+ * This is used only in test mode or client-side pre-validation.
+ */
+declare function luhnCheck(cardNumber: string): boolean;
+/**
+ * Mask a card number, showing only the last 4 digits.
+ * Works with both real PANs and VGS aliases.
+ */
+declare function maskCardNumber(cardNumber: string): string;
+
+interface VGSCollectConfig {
+    /** VGS vault ID. */
+    vaultId: string;
+    /** VGS environment. */
+    environment: 'sandbox' | 'live';
+    /** VGS route ID for inbound collection. */
+    routeId: string;
+    /** Callback URL after successful tokenization. */
+    callbackUrl: string;
+    /** Lane developer ID (for associating the card). */
+    developerId: string;
+}
+/**
+ * Generate the VGS Collect HTML page for secure card entry.
+ * The page:
+ *   1. Loads VGS Collect.js from VGS CDN
+ *   2. Creates secure iframe fields for card number, CVV, expiry
+ *   3. On submit, sends card data directly to VGS vault
+ *   4. VGS returns aliases (tok_xxx) — Lane stores only the alias
+ *   5. Redirects to callbackUrl with the alias + last4 + brand
+ */
+declare function generateCollectPage(config: VGSCollectConfig): string;
+
+type PSPName = 'stripe' | 'worldpay' | 'cybersource';
+interface PSPChargeParams {
+    /** Amount in cents. */
+    amount: number;
+    /** ISO 4217 currency code (e.g., 'USD'). */
+    currency: string;
+    /** VGS alias for the card PAN (de-tokenized by VGS outbound proxy). */
+    cardAlias: string;
+    /** VGS alias for the CVV. */
+    cvvAlias?: string;
+    /** Card expiry month (1-12). */
+    expMonth: number;
+    /** Card expiry year (4-digit). */
+    expYear: number;
+    /** Merchant descriptor. */
+    merchantDescriptor: string;
+    /** Idempotency key to prevent duplicate charges. */
+    idempotencyKey?: string;
+    /** Metadata attached to the charge. */
+    metadata?: Record<string, string>;
+}
+interface PSPChargeResult {
+    /** PSP's transaction/charge ID. */
+    pspTransactionId: string;
+    /** Charge status. */
+    status: 'succeeded' | 'pending' | 'failed';
+    /** Authorization code from the issuer. */
+    authorizationCode?: string;
+    /** Decline reason if failed. */
+    declineReason?: string;
+    /** Raw PSP response for audit logging. */
+    rawResponse: unknown;
+}
+interface PSPRefundParams {
+    /** Original PSP transaction ID. */
+    pspTransactionId: string;
+    /** Refund amount in cents. If omitted, full refund. */
+    amount?: number;
+    /** Reason for refund. */
+    reason?: string;
+    /** Idempotency key. */
+    idempotencyKey?: string;
+}
+interface PSPRefundResult {
+    /** PSP's refund ID. */
+    pspRefundId: string;
+    /** Refund status. */
+    status: 'succeeded' | 'pending' | 'failed';
+    /** Amount refunded in cents. */
+    amount: number;
+    /** Raw PSP response for audit logging. */
+    rawResponse: unknown;
+}
+/**
+ * PSP Adapter interface — strategy pattern.
+ *
+ * Each payment processor (Stripe, Worldpay, CyberSource) implements this
+ * interface. The payment engine calls charge/refund without knowing which
+ * PSP is handling the request.
+ */
+interface PSPAdapter {
+    /** PSP identifier. */
+    readonly name: PSPName;
+    /**
+     * Create a charge. The card data arrives as VGS aliases;
+     * the VGS outbound proxy reveals them to the PSP endpoint.
+     */
+    charge(params: PSPChargeParams): Promise<PSPChargeResult>;
+    /**
+     * Refund a previous charge (full or partial).
+     */
+    refund(params: PSPRefundParams): Promise<PSPRefundResult>;
+    /**
+     * Health check — verify PSP connectivity.
+     */
+    healthCheck(): Promise<boolean>;
+}
+
+/**
+ * PSPRegistry manages available payment processor adapters.
+ *
+ * The payment engine queries the registry to find the best adapter
+ * for a given transaction based on priority, card brand support,
+ * and availability.
+ */
+declare class PSPRegistry {
+    private adapters;
+    /**
+     * Register an adapter with a priority (lower = higher priority).
+     */
+    register(adapter: PSPAdapter, priority?: number): void;
+    /**
+     * Remove an adapter from the registry.
+     */
+    unregister(name: PSPName): void;
+    /**
+     * Get a specific adapter by name.
+     */
+    get(name: PSPName): PSPAdapter | undefined;
+    /**
+     * Get the highest-priority adapter (lowest priority number).
+     * Optionally exclude specific adapters (e.g., after a failure).
+     */
+    getPrimary(exclude?: Set<PSPName>): PSPAdapter | undefined;
+    /**
+     * Get all registered adapters sorted by priority.
+     */
+    getAll(): PSPAdapter[];
+    /**
+     * Run health checks on all adapters. Returns names of healthy adapters.
+     */
+    healthCheckAll(): Promise<PSPName[]>;
+}
+
+interface StripeAdapterConfig {
+    /** Stripe secret key (sk_live_... or sk_test_...). */
+    secretKey: string;
+    /** VGS outbound proxy instance. */
+    proxy: VGSOutboundProxy;
+    /** Stripe API version. */
+    apiVersion?: string;
+}
+declare class StripeAdapter implements PSPAdapter {
+    readonly name: "stripe";
+    private readonly config;
+    constructor(config: StripeAdapterConfig);
+    charge(params: PSPChargeParams): Promise<PSPChargeResult>;
+    refund(params: PSPRefundParams): Promise<PSPRefundResult>;
+    healthCheck(): Promise<boolean>;
+}
+
+interface WorldpayAdapterConfig {
+    /** Worldpay merchant ID. */
+    merchantId: string;
+    /** Worldpay API key. */
+    apiKey: string;
+    /** Worldpay API endpoint. */
+    baseUrl: string;
+    /** VGS outbound proxy instance. */
+    proxy: VGSOutboundProxy;
+}
+declare class WorldpayAdapter implements PSPAdapter {
+    readonly name: "worldpay";
+    private readonly config;
+    constructor(config: WorldpayAdapterConfig);
+    charge(params: PSPChargeParams): Promise<PSPChargeResult>;
+    refund(params: PSPRefundParams): Promise<PSPRefundResult>;
+    healthCheck(): Promise<boolean>;
+}
+
+interface CyberSourceAdapterConfig {
+    /** CyberSource merchant ID. */
+    merchantId: string;
+    /** CyberSource API key ID. */
+    apiKeyId: string;
+    /** CyberSource shared secret. */
+    sharedSecret: string;
+    /** API endpoint. */
+    baseUrl: string;
+    /** VGS outbound proxy instance. */
+    proxy: VGSOutboundProxy;
+}
+interface CyberSourceChargeParams extends PSPChargeParams {
+    /** VIC network token cryptogram (for token-based payments). */
+    cryptogram?: string;
+    /** ECI value for network token transactions. */
+    eci?: string;
+    /** Whether this is a network token (DPAN) or regular PAN. */
+    isNetworkToken?: boolean;
+}
+declare class CyberSourceAdapter implements PSPAdapter {
+    readonly name: "cybersource";
+    private readonly config;
+    constructor(config: CyberSourceAdapterConfig);
+    charge(params: PSPChargeParams): Promise<PSPChargeResult>;
+    refund(params: PSPRefundParams): Promise<PSPRefundResult>;
+    healthCheck(): Promise<boolean>;
+}
+
+/** Merchant capability data used for routing decisions. */
+interface MerchantCapabilities {
+    merchantId: string;
+    hasBillingAPI: boolean;
+    supportsACP: boolean;
+    supportsVIC: boolean;
+    acceptsVisa: boolean;
+    acceptsMastercard: boolean;
+    mccs: string[];
+}
+/** Context for a routing decision. */
+interface RoutingContext {
+    /** Amount in cents. */
+    amount: number;
+    currency: string;
+    merchantId: string;
+    /** Card brand being used. */
+    cardBrand: string;
+    /** Whether a VIC token is available. */
+    hasVICToken: boolean;
+    /** Current effective budget. */
+    budget?: BudgetConfig;
+    /** Current spend for the period. */
+    currentSpend?: number;
+}
+/** Registry of merchant capabilities (populated from Lane backend). */
+declare class MerchantRegistry {
+    private merchants;
+    register(capabilities: MerchantCapabilities): void;
+    get(merchantId: string): MerchantCapabilities | undefined;
+    registerBatch(merchants: MerchantCapabilities[]): void;
+    /** Create a registry pre-populated from directory capabilities. */
+    static fromDirectory(capabilities: MerchantCapabilities[]): MerchantRegistry;
+    /** Clear and repopulate with new capabilities. */
+    reload(capabilities: MerchantCapabilities[]): void;
+    /** Number of registered merchants. */
+    get size(): number;
+    /** List all registered merchant IDs. */
+    listIds(): string[];
+}
+/**
+ * PaymentRouter determines the optimal payment path for a transaction.
+ *
+ * Priority order:
+ *   1. Billing API — direct merchant API integration (cheapest, fastest)
+ *   2. ACP — Agent Commerce Protocol checkout (Stripe-compatible)
+ *   3. VIC — Visa Intelligent Commerce token (works at any Visa merchant)
+ *   4. Fallback — standard card payment via PSP
+ */
+declare class PaymentRouter {
+    private readonly registry;
+    constructor(registry: MerchantRegistry);
+    /**
+     * Decide the payment route for a transaction.
+     */
+    route(context: RoutingContext): RoutingDecision;
+    private filterFallbacks;
+}
+
+export { type APIResponse, Admin, type AgentIdentity, type AgentPolicy, type AgentRecord, type AgenticToken, Agents, type AnalyticsParams, Audit, type AuditEntry, type AuditQueryParams, Auth, type AutoReloadConfig, type BudgetConfig, type Card, type CardAttributes, type CardBrand, Checkout, type CheckoutSession, type CreateCheckoutParams, type CreateProductParams, type CreateSubscriptionParams, type CreateTeamParams, type CreateTokenParams, type CreateWalletParams, type CredentialInjection, type Credentials, CyberSourceAdapter, type CyberSourceAdapterConfig, type CyberSourceChargeParams, type DepositParams, type DepositResult, type DeveloperProfile, type DirectoryMerchant, type ExecutePaymentParams, FileTokenStore, HMACSignature, type HierarchicalBudget, Identity, type IdentityAttestation, type KYCChain, Lane, LaneAuthError, LaneBudgetError, LaneClient, type LaneConfig, LaneError, LaneMCPServer, type LaneMCPServerOptions, LaneNotFoundError, LanePaymentError, LaneRateLimitError, LaneValidationError, type Merchant, type MerchantCapabilities, MerchantRegistry, type MerchantSearchParams, type MerchantType, type MerchantVerticalSummary, Merchants, Metering, type MeteringConfig, type NetworkTokenPayload, type Order, type Organization, type PSPAdapter, type PSPChargeParams, type PSPChargeResult, type PSPName, type PSPRefundParams, type PSPRefundResult, PSPRegistry, type PaginatedResponse, Pay, type PaymentRoute, PaymentRouter, type Payout, type PayoutConfig, Payouts, type PricingConfig, type Product, type ProductAnalytics, type ProductSearchParams, Products, type ProtocolDiscoveryResult, type ProxyRequest, type ProxyResponse, type Refund, type RefundParams, type RegisterAgentParams, type RegisterIdentityParams, type RequestOptions, type ResolvedConfig, Resource, type RotateKeyResult, type RoutingContext, type RoutingDecision, type SCPManifest, type SCPParameter, type SCPPlan, type SCPPricing, type SCPProduct, type SCPProvisioning, type SCPSelectionParameters, type SDKInfo, Sell, type SoftwareCheckoutParams, type SoftwareOrder, type SoftwareProductSearchParams, type SpendingSummary, StripeAdapter, type StripeAdapterConfig, type Subscription, Subscriptions, type Team, type TeamMember, type TeamSpending, Teams, type TokenStore, type Transaction, type UpdateSubscriptionParams, type UsageRecord, type UsageReport, type VGSCollectConfig, VGSOutboundProxy, type VGSProxyConfig, type VGSTokenConfig, VGSTokenManager, VIC, type VICIssuanceParams, type VICToken, type VerifyIdentityParams, type Wallet, type WalletBalance, Wallets, type WebhookConfig, type WebhookEvent, type WebhookPayload, Webhooks, WorldpayAdapter, type WorldpayAdapterConfig, createErrorFromResponse, Lane as default, detectCardBrand, generateCollectPage, luhnCheck, maskCardNumber, resolveConfig, verifyWebhookSignature };