optropic 2.3.0 → 3.0.0

package/dist/index.cjs

@@ -34,17 +34,21 @@ __export(index_exports, {
   AuditResource: () => AuditResource,
   AuthenticationError: () => AuthenticationError,
   BatchNotFoundError: () => BatchNotFoundError,
+  BatchesResource: () => BatchesResource,
   CodeNotFoundError: () => CodeNotFoundError,
   ComplianceResource: () => ComplianceResource,
+  DPPAccessLevel: () => DPPAccessLevel,
   DocumentsResource: () => DocumentsResource,
   InvalidCodeError: () => InvalidCodeError,
   InvalidGTINError: () => InvalidGTINError,
   InvalidSerialError: () => InvalidSerialError,
   KeysResource: () => KeysResource,
   KeysetsResource: () => KeysetsResource,
+  M2MResource: () => M2MResource,
   NetworkError: () => NetworkError,
   OptropicClient: () => OptropicClient,
   OptropicError: () => OptropicError,
+  Permission: () => Permission,
   ProvenanceResource: () => ProvenanceResource,
   QuotaExceededError: () => QuotaExceededError,
   RateLimitedError: () => RateLimitedError,
@@ -53,13 +57,87 @@ __export(index_exports, {
   SchemasResource: () => SchemasResource,
   ServiceUnavailableError: () => ServiceUnavailableError,
   StaleFilterError: () => StaleFilterError,
+  TenantsResource: () => TenantsResource,
   TimeoutError: () => TimeoutError,
+  appendRecord: () => appendRecord,
+  buildBatteryPassportQR: () => buildBatteryPassportQR,
   buildDPPConfig: () => buildDPPConfig,
+  buildDefenceMetadata: () => buildDefenceMetadata,
+  buildEPCISDocument: () => buildEPCISDocument,
+  buildGS1DigitalLink: () => buildGS1DigitalLink,
+  calculateReadiness: () => calculateReadiness,
+  calibrateThreshold: () => calibrateThreshold,
+  computeDistance: () => computeDistance,
+  computeSimilarity: () => computeSimilarity,
+  createAuditChain: () => createAuditChain,
   createClient: () => createClient,
+  createConsensusResultMessage: () => createConsensusResultMessage,
+  createDescriptorExchange: () => createDescriptorExchange,
   createErrorFromResponse: () => createErrorFromResponse,
+  createHandshakeAccept: () => createHandshakeAccept,
+  createHandshakeInit: () => createHandshakeInit,
+  createOrganization: () => createOrganization,
+  createRLSPolicy: () => createRLSPolicy,
+  createTemplate: () => createTemplate,
+  decodeNATOUID: () => decodeNATOUID,
+  deleteRLSPolicy: () => deleteRLSPolicy,
+  deprecateTemplate: () => deprecateTemplate,
+  deserializeMessage: () => deserializeMessage,
+  encodeNATOUID: () => encodeNATOUID,
+  evaluateConsensus: () => evaluateConsensus,
+  exportChain: () => exportChain,
+  filterDPPByAccess: () => filterDPPByAccess,
+  generatePartnerApiKey: () => generatePartnerApiKey,
+  generateQRCodePayload: () => generateQRCodePayload,
+  getAILabel: () => getAILabel,
+  getDPPAccessPolicy: () => getDPPAccessPolicy,
+  getEPCISMappingTable: () => getEPCISMappingTable,
+  getOrganization: () => getOrganization,
+  getPartner: () => getPartner,
+  getPartnerAnalytics: () => getPartnerAnalytics,
+  getRolePermissions: () => getRolePermissions,
+  getSupportedAIs: () => getSupportedAIs,
+  getTemplate: () => getTemplate,
+  getUsageQuota: () => getUsageQuota,
+  importChain: () => importChain,
+  installTemplate: () => installTemplate,
+  inviteMember: () => inviteMember,
+  isValidAI: () => isValidAI,
+  listMembers: () => listMembers,
+  listPartners: () => listPartners,
+  listRLSPolicies: () => listRLSPolicies,
+  listTemplates: () => listTemplates,
+  mapMovementToProvenance: () => mapMovementToProvenance,
+  mapNATOUIDToOptropic: () => mapNATOUIDToOptropic,
+  mapOptropicToNATOUID: () => mapOptropicToNATOUID,
+  mapToEPCIS: () => mapToEPCIS,
+  mapToOptropicAsset: () => mapToOptropicAsset,
   parseFilterHeader: () => parseFilterHeader,
+  parseGS1DigitalLink: () => parseGS1DigitalLink,
   parseSaltsHeader: () => parseSaltsHeader,
+  provenanceChainToEPCIS: () => provenanceChainToEPCIS,
+  publishTemplate: () => publishTemplate,
+  rateTemplate: () => rateTemplate,
+  registerPartner: () => registerPartner,
+  removeMember: () => removeMember,
+  searchTemplates: () => searchTemplates,
+  serializeMessage: () => serializeMessage,
+  toEPCISEvent: () => toEPCISEvent,
+  uninstallTemplate: () => uninstallTemplate,
+  updateMemberRole: () => updateMemberRole,
+  updateOrganization: () => updateOrganization,
+  updatePartner: () => updatePartner,
+  updateTemplate: () => updateTemplate,
+  updateUsageQuota: () => updateUsageQuota,
+  validateAgainstTemplate: () => validateAgainstTemplate,
+  validateBatteryPassport: () => validateBatteryPassport,
   validateDPPMetadata: () => validateDPPMetadata,
+  validateDefenceMetadata: () => validateDefenceMetadata,
+  validateGTIN: () => validateGTIN,
+  validateLogisticsMovement: () => validateLogisticsMovement,
+  validateMessage: () => validateMessage,
+  validateNATOUID: () => validateNATOUID,
+  verifyChain: () => verifyChain,
   verifyOffline: () => verifyOffline,
   verifyWebhookSignature: () => verifyWebhookSignature
 });
@@ -453,6 +531,8 @@ var AssetsResource = class {
     this.request = request;
     this.client = client;
   }
+  request;
+  client;
   async create(params) {
     return this.request({ method: "POST", path: "/v1/assets", body: params });
   }
@@ -512,6 +592,20 @@ var AssetsResource = class {
   async batchCreate(params) {
     return this.request({ method: "POST", path: "/v1/assets/batch", body: params });
   }
+  async batchVerify(assetIds) {
+    return this.request({
+      method: "POST",
+      path: "/v1/assets/batch-verify",
+      body: { asset_ids: assetIds }
+    });
+  }
+  async batchRevoke(assetIds, reason) {
+    return this.request({
+      method: "POST",
+      path: "/v1/assets/batch-revoke",
+      body: { asset_ids: assetIds, reason }
+    });
+  }
   buildQuery(params) {
     const entries = Object.entries(params).filter(([, v]) => v !== void 0);
     if (entries.length === 0) return "";
@@ -524,6 +618,7 @@ var AuditResource = class {
   constructor(request) {
     this.request = request;
   }
+  request;
   /**
    * List audit events with optional filtering and pagination.
    */
@@ -562,11 +657,101 @@ var AuditResource = class {
   }
 };
 
+// src/resources/batches.ts
+var BatchesResource = class {
+  constructor(request) {
+    this.request = request;
+  }
+  request;
+  /**
+   * Create a new batch job with the given operation and items.
+   */
+  async create(params) {
+    return this.request({ method: "POST", path: "/v1/batches", body: params });
+  }
+  /**
+   * Get the status and details of a specific batch job.
+   */
+  async get(batchId) {
+    return this.request({
+      method: "GET",
+      path: `/v1/batches/${encodeURIComponent(batchId)}`
+    });
+  }
+  /**
+   * List batch jobs with optional limiting.
+   */
+  async list(params) {
+    const query = params ? this.buildQuery(params) : "";
+    const result = await this.request({
+      method: "GET",
+      path: `/v1/batches${query}`
+    });
+    return result.data;
+  }
+  /**
+   * Wait for a batch job to complete, polling at regular intervals.
+   *
+   * @param batchId - The ID of the batch to wait for
+   * @param opts - Polling configuration (pollInterval in ms, timeout in ms)
+   * @returns The final batch result once completed
+   * @throws TimeoutError if the operation exceeds the timeout
+   */
+  async wait(batchId, opts) {
+    const pollInterval = opts?.pollInterval ?? 1e3;
+    const timeout = opts?.timeout ?? 3e5;
+    const startTime = Date.now();
+    while (true) {
+      const batch = await this.get(batchId);
+      if (batch.status === "completed" || batch.status === "failed" || batch.status === "cancelled") {
+        return {
+          batchId: batch.batchId,
+          operation: batch.operation,
+          status: batch.status,
+          totalItems: batch.totalItems,
+          processedItems: batch.processedItems,
+          failedItems: batch.failedItems,
+          completedAt: batch.completedAt ?? (/* @__PURE__ */ new Date()).toISOString()
+        };
+      }
+      const elapsed = Date.now() - startTime;
+      if (elapsed > timeout) {
+        throw new Error(`Batch ${batchId} did not complete within ${timeout}ms`);
+      }
+      await this.sleep(pollInterval);
+    }
+  }
+  /**
+   * Cancel a batch job that is still pending or processing.
+   */
+  async cancel(batchId) {
+    return this.request({
+      method: "POST",
+      path: `/v1/batches/${encodeURIComponent(batchId)}/cancel`
+    });
+  }
+  // ─────────────────────────────────────────────────────────────────────────
+  // PRIVATE HELPERS
+  // ─────────────────────────────────────────────────────────────────────────
+  buildQuery(params) {
+    const entries = Object.entries(params).filter(([, v]) => v !== void 0);
+    if (entries.length === 0) return "";
+    const qs = new URLSearchParams(
+      entries.map(([k, v]) => [k, String(v)])
+    );
+    return `?${qs.toString()}`;
+  }
+  sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+};
+
 // src/resources/compliance.ts
 var ComplianceResource = class {
   constructor(request) {
     this.request = request;
   }
+  request;
   /**
    * Verify the integrity of the full audit chain.
    */
@@ -635,6 +820,7 @@ var DocumentsResource = class {
   constructor(request) {
     this.request = request;
   }
+  request;
   /**
    * Enroll a new document (substrate fingerprint) linked to an asset.
    *
@@ -727,6 +913,7 @@ var KeysResource = class {
   constructor(request) {
     this.request = request;
   }
+  request;
   async create(params) {
     return this.request({ method: "POST", path: "/v1/keys", body: params });
   }
@@ -737,6 +924,26 @@ var KeysResource = class {
   async revoke(keyId) {
     await this.request({ method: "DELETE", path: `/v1/keys/${encodeURIComponent(keyId)}` });
   }
+  /**
+   * Get information about the current API key being used.
+   */
+  async current() {
+    return this.request({ method: "GET", path: "/v1/keys/current" });
+  }
+  /**
+   * Rotate the specified API key to a new one.
+   *
+   * @param keyId - The ID of the key to rotate
+   * @param opts - Optional rotation parameters (gracePeriodHours)
+   * @returns New key information and the new key string
+   */
+  async rotate(keyId, opts) {
+    return this.request({
+      method: "POST",
+      path: `/v1/keys/${encodeURIComponent(keyId)}/rotate`,
+      body: opts
+    });
+  }
 };
 
 // src/resources/keysets.ts
@@ -744,6 +951,7 @@ var KeysetsResource = class {
   constructor(request) {
     this.request = request;
   }
+  request;
   async create(params) {
     return this.request({ method: "POST", path: "/v1/keysets", body: params });
   }
@@ -758,11 +966,539 @@ var KeysetsResource = class {
   }
 };
 
+// src/m2m/consensus.ts
+function computeDistance(a, b) {
+  if (a.length !== b.length) {
+    throw new Error("Vectors must have the same length");
+  }
+  let sum = 0;
+  for (let i = 0; i < a.length; i++) {
+    const diff = a[i] - b[i];
+    sum += diff * diff;
+  }
+  return Math.sqrt(sum);
+}
+function computeSimilarity(a, b) {
+  const distance = computeDistance(a, b);
+  return 1 / (1 + distance);
+}
+function calibrateThreshold(knownMatches) {
+  if (knownMatches.length === 0) {
+    return 0.85;
+  }
+  const similarities = knownMatches.map((pair) => ({
+    similarity: computeSimilarity(pair.a.dimensions, pair.b.dimensions),
+    isMatch: pair.isMatch
+  }));
+  similarities.sort((a, b) => a.similarity - b.similarity);
+  let bestThreshold = 0.85;
+  let bestAccuracy = 0;
+  for (const item of similarities) {
+    const threshold = item.similarity;
+    let correct = 0;
+    for (const pair of similarities) {
+      const predicted = pair.similarity >= threshold;
+      if (predicted === pair.isMatch) {
+        correct++;
+      }
+    }
+    const accuracy = correct / similarities.length;
+    if (accuracy > bestAccuracy) {
+      bestAccuracy = accuracy;
+      bestThreshold = threshold;
+    }
+  }
+  return bestThreshold;
+}
+function evaluateConsensus(descriptorA, descriptorB, config) {
+  const cfg = {
+    threshold: config?.threshold ?? 0.85,
+    minDimensions: config?.minDimensions ?? 3,
+    maxTimeDeltaMs: config?.maxTimeDeltaMs ?? 3e4,
+    requireAllDimensions: config?.requireAllDimensions ?? true
+  };
+  const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+  const matchDetails = [];
+  let trustEstablished = false;
+  let confidence = 0;
+  let distance = 0;
+  const dimCountA = descriptorA.dimensions.length;
+  const dimCountB = descriptorB.dimensions.length;
+  const descriptorDimensions = Math.min(dimCountA, dimCountB);
+  if (descriptorDimensions < cfg.minDimensions) {
+    return {
+      trustEstablished: false,
+      confidence: 0,
+      distance: Infinity,
+      threshold: cfg.threshold,
+      descriptorDimensions,
+      matchDetails: [],
+      auditToken: generateAuditToken({ descriptorA, descriptorB, error: "insufficient_dimensions" }),
+      timestamp
+    };
+  }
+  if (cfg.requireAllDimensions && dimCountA !== dimCountB) {
+    return {
+      trustEstablished: false,
+      confidence: 0,
+      distance: Infinity,
+      threshold: cfg.threshold,
+      descriptorDimensions,
+      matchDetails: [],
+      auditToken: generateAuditToken({ descriptorA, descriptorB, error: "dimension_mismatch" }),
+      timestamp
+    };
+  }
+  const timeA = new Date(descriptorA.timestamp).getTime();
+  const timeB = new Date(descriptorB.timestamp).getTime();
+  const timeDelta = Math.abs(timeA - timeB);
+  if (timeDelta > cfg.maxTimeDeltaMs) {
+    return {
+      trustEstablished: false,
+      confidence: 0,
+      distance: Infinity,
+      threshold: cfg.threshold,
+      descriptorDimensions,
+      matchDetails: [],
+      auditToken: generateAuditToken({ descriptorA, descriptorB, error: "time_delta_exceeded" }),
+      timestamp
+    };
+  }
+  for (let i = 0; i < descriptorDimensions; i++) {
+    const delta = Math.abs(descriptorA.dimensions[i] - descriptorB.dimensions[i]);
+    const withinTolerance = delta < cfg.threshold;
+    matchDetails.push({
+      dimension: i,
+      delta,
+      withinTolerance
+    });
+  }
+  const truncatedA = descriptorA.dimensions.slice(0, descriptorDimensions);
+  const truncatedB = descriptorB.dimensions.slice(0, descriptorDimensions);
+  distance = computeDistance(truncatedA, truncatedB);
+  confidence = computeSimilarity(truncatedA, truncatedB);
+  trustEstablished = confidence >= cfg.threshold;
+  return {
+    trustEstablished,
+    confidence,
+    distance,
+    threshold: cfg.threshold,
+    descriptorDimensions,
+    matchDetails,
+    auditToken: generateAuditToken({
+      descriptorA,
+      descriptorB,
+      trustEstablished,
+      confidence,
+      distance
+    }),
+    timestamp
+  };
+}
+function generateAuditToken(data) {
+  const input = JSON.stringify(data);
+  let hash = 0;
+  for (let i = 0; i < input.length; i++) {
+    const char = input.charCodeAt(i);
+    hash = (hash << 5) - hash + char;
+    hash = hash & hash;
+  }
+  return Math.abs(hash).toString(16).padStart(8, "0");
+}
+
+// src/m2m/p2p-protocol.ts
+function generateNonce() {
+  return Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15);
+}
+function createHandshakeInit(deviceId, publicKey, assetId, supportedAlgorithms = ["ed25519"]) {
+  const payload = {
+    deviceId,
+    publicKey,
+    supportedAlgorithms,
+    assetId
+  };
+  return {
+    type: "handshake_init",
+    version: "1.0",
+    senderId: deviceId,
+    payload,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    nonce: generateNonce()
+  };
+}
+function createHandshakeAccept(initMessage, deviceId, publicKey, selectedAlgorithm = "ed25519") {
+  const initPayload = initMessage.payload;
+  const payload = {
+    deviceId,
+    publicKey,
+    selectedAlgorithm,
+    assetId: initPayload.assetId
+  };
+  return {
+    type: "handshake_accept",
+    version: "1.0",
+    senderId: deviceId,
+    recipientId: initMessage.senderId,
+    payload,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    nonce: generateNonce()
+  };
+}
+function createDescriptorExchange(deviceId, descriptor, assetId, captureId, recipientId) {
+  const payload = {
+    descriptor,
+    assetId,
+    captureId: captureId || generateNonce()
+  };
+  return {
+    type: "descriptor_exchange",
+    version: "1.0",
+    senderId: deviceId,
+    recipientId,
+    payload,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    nonce: generateNonce()
+  };
+}
+function createConsensusResultMessage(deviceId, result, agreedByBoth = true, recipientId) {
+  const payload = {
+    consensusResult: result,
+    agreedByBoth
+  };
+  return {
+    type: "consensus_result",
+    version: "1.0",
+    senderId: deviceId,
+    recipientId,
+    payload,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    nonce: generateNonce()
+  };
+}
+function validateMessage(message) {
+  const errors = [];
+  if (!message.type) {
+    errors.push({ field: "type", error: "Message type is required" });
+  } else if (!["handshake_init", "handshake_accept", "descriptor_exchange", "consensus_result", "error"].includes(message.type)) {
+    errors.push({ field: "type", error: "Invalid message type" });
+  }
+  if (message.version !== "1.0") {
+    errors.push({ field: "version", error: "Unsupported protocol version" });
+  }
+  if (!message.senderId) {
+    errors.push({ field: "senderId", error: "Sender ID is required" });
+  }
+  if (!message.payload) {
+    errors.push({ field: "payload", error: "Payload is required" });
+  }
+  if (!message.timestamp) {
+    errors.push({ field: "timestamp", error: "Timestamp is required" });
+  } else {
+    const date = new Date(message.timestamp);
+    if (isNaN(date.getTime())) {
+      errors.push({ field: "timestamp", error: "Invalid timestamp format" });
+    }
+  }
+  if (!message.nonce) {
+    errors.push({ field: "nonce", error: "Nonce is required" });
+  }
+  if (message.type === "handshake_init") {
+    const payload = message.payload;
+    if (!payload.deviceId) errors.push({ field: "payload.deviceId", error: "Device ID is required" });
+    if (!payload.publicKey) errors.push({ field: "payload.publicKey", error: "Public key is required" });
+    if (!Array.isArray(payload.supportedAlgorithms)) {
+      errors.push({ field: "payload.supportedAlgorithms", error: "Supported algorithms must be an array" });
+    }
+    if (!payload.assetId) errors.push({ field: "payload.assetId", error: "Asset ID is required" });
+  } else if (message.type === "handshake_accept") {
+    const payload = message.payload;
+    if (!payload.deviceId) errors.push({ field: "payload.deviceId", error: "Device ID is required" });
+    if (!payload.publicKey) errors.push({ field: "payload.publicKey", error: "Public key is required" });
+    if (!payload.selectedAlgorithm) errors.push({ field: "payload.selectedAlgorithm", error: "Selected algorithm is required" });
+    if (!payload.assetId) errors.push({ field: "payload.assetId", error: "Asset ID is required" });
+  } else if (message.type === "descriptor_exchange") {
+    const payload = message.payload;
+    if (!payload.descriptor) errors.push({ field: "payload.descriptor", error: "Descriptor is required" });
+    if (!payload.assetId) errors.push({ field: "payload.assetId", error: "Asset ID is required" });
+    if (!payload.captureId) errors.push({ field: "payload.captureId", error: "Capture ID is required" });
+  } else if (message.type === "consensus_result") {
+    const payload = message.payload;
+    if (!payload.consensusResult) errors.push({ field: "payload.consensusResult", error: "Consensus result is required" });
+  } else if (message.type === "error") {
+    const payload = message.payload;
+    if (!payload.code) errors.push({ field: "payload.code", error: "Error code is required" });
+    if (!payload.message) errors.push({ field: "payload.message", error: "Error message is required" });
+  }
+  return {
+    valid: errors.length === 0,
+    errors
+  };
+}
+function serializeMessage(message) {
+  const json = JSON.stringify(message);
+  try {
+    return btoa(json);
+  } catch {
+    if (typeof globalThis.Buffer !== "undefined") {
+      return globalThis.Buffer.from(json).toString("base64");
+    }
+    throw new Error("No base64 encoder available");
+  }
+}
+function deserializeMessage(data) {
+  let json;
+  try {
+    try {
+      json = atob(data);
+    } catch {
+      if (typeof globalThis.Buffer !== "undefined") {
+        json = globalThis.Buffer.from(data, "base64").toString("utf-8");
+      } else {
+        throw new Error("Failed to decode base64 message");
+      }
+    }
+  } catch {
+    throw new Error("Failed to decode base64 message");
+  }
+  try {
+    return JSON.parse(json);
+  } catch {
+    throw new Error("Failed to parse message JSON");
+  }
+}
+
+// src/m2m/audit-trail.ts
+function simpleHash(data) {
+  let hash = 0;
+  for (let i = 0; i < data.length; i++) {
+    const char = data.charCodeAt(i);
+    hash = (hash << 5) - hash + char;
+    hash = hash & hash;
+  }
+  return Math.abs(hash).toString(16).padStart(16, "0");
+}
+function generateRecordId() {
+  return `rec_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
+}
+async function computeRecordHash(record) {
+  const data = JSON.stringify({
+    id: record.id,
+    type: record.type,
+    assetId: record.assetId,
+    deviceIds: record.deviceIds,
+    timestamp: record.timestamp,
+    previousHash: record.previousHash,
+    data: record.data
+  });
+  if (typeof globalThis !== "undefined" && globalThis.crypto?.subtle) {
+    try {
+      const encoder = new TextEncoder();
+      const hashBuffer = await globalThis.crypto.subtle.digest("SHA-256", encoder.encode(data));
+      const hashArray = Array.from(new Uint8Array(hashBuffer));
+      return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
+    } catch {
+      return simpleHash(data);
+    }
+  }
+  return simpleHash(data);
+}
+function createAuditChain(chainId) {
+  return {
+    records: [],
+    chainId: chainId || `chain_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    lastHash: "0"
+  };
+}
+async function appendRecord(chain, type, assetId, deviceIds, data) {
+  const record = {
+    id: generateRecordId(),
+    type,
+    assetId,
+    deviceIds,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    previousHash: chain.lastHash,
+    data
+  };
+  const hash = await computeRecordHash(record);
+  const auditRecord = {
+    ...record,
+    hash
+  };
+  chain.records.push(auditRecord);
+  chain.lastHash = hash;
+  return auditRecord;
+}
+async function verifyChain(chain) {
+  if (chain.records.length === 0) {
+    return { valid: true };
+  }
+  let previousHash = "0";
+  for (let i = 0; i < chain.records.length; i++) {
+    const record = chain.records[i];
+    if (record.previousHash !== previousHash) {
+      return {
+        valid: false,
+        brokenAt: i,
+        error: `Chain broken at record ${i}: previousHash mismatch`
+      };
+    }
+    const recordData = {
+      id: record.id,
+      type: record.type,
+      assetId: record.assetId,
+      deviceIds: record.deviceIds,
+      timestamp: record.timestamp,
+      previousHash: record.previousHash,
+      data: record.data
+    };
+    const computedHash = await computeRecordHash(recordData);
+    if (record.hash !== computedHash) {
+      return {
+        valid: false,
+        brokenAt: i,
+        error: `Chain broken at record ${i}: hash mismatch`
+      };
+    }
+    previousHash = record.hash;
+  }
+  if (previousHash !== chain.lastHash) {
+    return {
+      valid: false,
+      error: "Final record hash does not match chain lastHash"
+    };
+  }
+  return { valid: true };
+}
+function exportChain(chain) {
+  return JSON.stringify(chain, null, 2);
+}
+async function importChain(data) {
+  try {
+    const chain = JSON.parse(data);
+    if (!chain.chainId) {
+      throw new Error("Invalid chain: missing chainId");
+    }
+    if (!Array.isArray(chain.records)) {
+      throw new Error("Invalid chain: records is not an array");
+    }
+    if (!chain.createdAt) {
+      throw new Error("Invalid chain: missing createdAt");
+    }
+    if (!chain.lastHash) {
+      throw new Error("Invalid chain: missing lastHash");
+    }
+    const verification = await verifyChain(chain);
+    if (!verification.valid) {
+      throw new Error(`Invalid chain: ${verification.error}`);
+    }
+    return chain;
+  } catch (error) {
+    if (error instanceof SyntaxError) {
+      throw new Error("Failed to parse chain JSON");
+    }
+    throw error;
+  }
+}
+
+// src/resources/m2m.ts
+var M2MResource = class {
+  constructor(request) {
+    this.request = request;
+  }
+  request;
+  /**
+   * Initiate an M2M challenge for an asset.
+   */
+  async initiateChallenge(params) {
+    return this.request({
+      method: "POST",
+      path: "/v1/m2m/challenge",
+      body: {
+        asset_id: params.assetId,
+        algorithm: params.algorithm ?? "ed25519",
+        ttl_seconds: params.ttlSeconds ?? 60
+      }
+    });
+  }
+  /**
+   * Verify an M2M challenge response.
+   */
+  async verify(params) {
+    return this.request({
+      method: "POST",
+      path: "/v1/m2m/verify",
+      body: {
+        challenge_id: params.challengeId,
+        response: params.response,
+        device_id: params.deviceId
+      }
+    });
+  }
+  /**
+   * Register a verifier device.
+   */
+  async registerDevice(params) {
+    return this.request({
+      method: "POST",
+      path: "/v1/m2m/devices",
+      body: params
+    });
+  }
+  /**
+   * Get a verifier device by ID.
+   */
+  async getDevice(deviceId) {
+    return this.request({
+      method: "GET",
+      path: `/v1/m2m/devices/${encodeURIComponent(deviceId)}`
+    });
+  }
+  /**
+   * List all registered verifier devices.
+   */
+  async listDevices() {
+    const response = await this.request({
+      method: "GET",
+      path: "/v1/m2m/devices"
+    });
+    return response.data;
+  }
+  /**
+   * Revoke a verifier device.
+   */
+  async revokeDevice(deviceId) {
+    return this.request({
+      method: "DELETE",
+      path: `/v1/m2m/devices/${encodeURIComponent(deviceId)}`
+    });
+  }
+  /**
+   * Evaluate consensus between two physical descriptors (local operation, no API call)
+   */
+  consensus(descriptorA, descriptorB, config) {
+    return evaluateConsensus(descriptorA, descriptorB, config);
+  }
+  /**
+   * Create a new local audit trail (no API call)
+   */
+  createAuditTrail(chainId) {
+    return createAuditChain(chainId);
+  }
+  /**
+   * Verify audit trail integrity (local operation, no API call)
+   */
+  async verifyAuditTrail(chain) {
+    return verifyChain(chain);
+  }
+};
+
 // src/resources/provenance.ts
 var ProvenanceResource = class {
   constructor(request) {
     this.request = request;
   }
+  request;
   /**
    * Record a new provenance event in the chain.
    *
@@ -868,6 +1604,7 @@ var SchemasResource = class {
   constructor(request) {
     this.request = request;
   }
+  request;
   /**
    * Register or update a vertical config schema.
    * If a schema already exists for the verticalId, it will be updated.
@@ -970,10 +1707,59 @@ var SchemasResource = class {
   }
 };
 
+// src/resources/tenants.ts
+var TenantsResource = class {
+  constructor(request) {
+    this.request = request;
+  }
+  request;
+  /**
+   * Get information about the current tenant.
+   */
+  async getCurrent() {
+    return this.request({ method: "GET", path: "/v1/tenant" });
+  }
+  /**
+   * Get resource limits for the current tenant based on their plan.
+   */
+  async getLimits() {
+    return this.request({ method: "GET", path: "/v1/tenant/limits" });
+  }
+  /**
+   * Get usage metrics for a specified period.
+   */
+  async getUsage(params) {
+    const query = params ? this.buildQuery(params) : "";
+    return this.request({ method: "GET", path: `/v1/tenant/usage${query}` });
+  }
+  /**
+   * Get usage metrics broken down by endpoint, key, or resource.
+   */
+  async getUsageBreakdown(params) {
+    const query = params ? this.buildQuery(params) : "";
+    const result = await this.request({
+      method: "GET",
+      path: `/v1/tenant/usage/breakdown${query}`
+    });
+    return result.data;
+  }
+  // ─────────────────────────────────────────────────────────────────────────
+  // PRIVATE HELPERS
+  // ─────────────────────────────────────────────────────────────────────────
+  buildQuery(params) {
+    const entries = Object.entries(params).filter(([, v]) => v !== void 0);
+    if (entries.length === 0) return "";
+    const qs = new URLSearchParams(
+      entries.map(([k, v]) => [k, String(v)])
+    );
+    return `?${qs.toString()}`;
+  }
+};
+
 // src/client.ts
 var DEFAULT_BASE_URL = "https://api.optropic.com";
 var DEFAULT_TIMEOUT = 3e4;
-var SDK_VERSION = "2.3.0";
+var SDK_VERSION = "2.5.0";
 var SANDBOX_PREFIXES = ["optr_test_"];
 var DEFAULT_RETRY_CONFIG = {
   maxRetries: 3,
@@ -987,14 +1773,18 @@ var OptropicClient = class {
   retryConfig;
   _sandbox;
   _debug;
+  _rateLimit = null;
   assets;
   audit;
+  batches;
   compliance;
   documents;
   keys;
   keysets;
+  m2m;
   provenance;
   schemas;
+  tenants;
   constructor(config) {
     if (!config.apiKey || !this.isValidApiKey(config.apiKey)) {
       throw new AuthenticationError(
@@ -1023,12 +1813,15 @@ var OptropicClient = class {
     const boundRequest = this.request.bind(this);
     this.assets = new AssetsResource(boundRequest, this);
     this.audit = new AuditResource(boundRequest);
+    this.batches = new BatchesResource(boundRequest);
     this.compliance = new ComplianceResource(boundRequest);
     this.documents = new DocumentsResource(boundRequest);
     this.keys = new KeysResource(boundRequest);
     this.keysets = new KeysetsResource(boundRequest);
+    this.m2m = new M2MResource(boundRequest);
     this.provenance = new ProvenanceResource(boundRequest);
     this.schemas = new SchemasResource(boundRequest);
+    this.tenants = new TenantsResource(boundRequest);
   }
   // ─────────────────────────────────────────────────────────────────────────
   // ENVIRONMENT DETECTION
@@ -1045,6 +1838,22 @@ var OptropicClient = class {
   get environment() {
     return this._sandbox ? "sandbox" : "live";
   }
+  /** Last known rate limit status, updated after every API call. Returns null until the first request. */
+  get rateLimit() {
+    return this._rateLimit;
+  }
+  /**
+   * Get quota information for the current API key.
+   * Based on the last known rate limit from previous API calls.
+   */
+  getQuota() {
+    return {
+      limit: this._rateLimit?.limit ?? 0,
+      remaining: this._rateLimit?.remaining ?? 0,
+      reset: this._rateLimit?.reset,
+      resetAt: this._rateLimit?.reset
+    };
+  }
   // ─────────────────────────────────────────────────────────────────────────
   // DEBUG LOGGING
   // ─────────────────────────────────────────────────────────────────────────
@@ -1157,6 +1966,15 @@ var OptropicClient = class {
       const durationMs = performance.now() - t0;
       const serverRequestId = response.headers.get("x-request-id") ?? "";
       this.logResponse(method, path, response.status, durationMs, requestId, serverRequestId, attempt);
+      const rlLimit = response.headers.get("x-ratelimit-limit");
+      const rlRemaining = response.headers.get("x-ratelimit-remaining");
+      if (rlLimit !== null || rlRemaining !== null) {
+        this._rateLimit = {
+          limit: rlLimit ? parseInt(rlLimit, 10) : 0,
+          remaining: rlRemaining ? parseInt(rlRemaining, 10) : 0,
+          reset: response.headers.get("x-ratelimit-reset") ?? void 0
+        };
+      }
       if (!response.ok) {
         let errorBody;
         try {
@@ -1226,6 +2044,39 @@ function createClient(config) {
   return new OptropicClient(config);
 }
 
+// src/types.ts
+var Permission = {
+  ASSETS_READ: "assets:read",
+  ASSETS_WRITE: "assets:write",
+  ASSETS_VERIFY: "assets:verify",
+  AUDIT_READ: "audit:read",
+  COMPLIANCE_READ: "compliance:read",
+  KEYS_MANAGE: "keys:manage",
+  SCHEMAS_MANAGE: "schemas:manage",
+  DOCUMENTS_ENROLL: "documents:enroll",
+  DOCUMENTS_VERIFY: "documents:verify",
+  PROVENANCE_READ: "provenance:read",
+  PROVENANCE_WRITE: "provenance:write",
+  WEBHOOKS_MANAGE: "webhooks:manage",
+  /** All read permissions. */
+  ALL_READ: ["assets:read", "audit:read", "compliance:read", "provenance:read"],
+  /** All write permissions. */
+  ALL_WRITE: [
+    "assets:write",
+    "assets:verify",
+    "documents:enroll",
+    "documents:verify",
+    "provenance:write",
+    "webhooks:manage",
+    "keys:manage",
+    "schemas:manage"
+  ],
+  /** All permissions combined. */
+  all() {
+    return [...this.ALL_READ, ...this.ALL_WRITE];
+  }
+};
+
 // src/filter-verify.ts
 var HEADER_SIZE = 19;
 var SIGNATURE_SIZE = 64;
@@ -1422,6 +2273,594 @@ function validateDPPMetadata(metadata) {
   }
   return { valid: errors.length === 0, errors };
 }
+function validateBatteryPassport(data) {
+  const errors = [];
+  const warnings = [];
+  if (!data.manufacturerIdentification) {
+    errors.push("manufacturerIdentification is required (Annex XIII)");
+  }
+  if (!data.manufacturingDate) {
+    errors.push("manufacturingDate is required (Annex XIII)");
+  } else if (!/^\d{4}-\d{2}-\d{2}/.test(data.manufacturingDate)) {
+    errors.push("manufacturingDate must be in ISO 8601 format (YYYY-MM-DD)");
+  }
+  if (!data.manufacturingPlace) {
+    errors.push("manufacturingPlace is required (Annex XIII)");
+  }
+  if (data.batteryWeight === void 0 || data.batteryWeight <= 0) {
+    errors.push("batteryWeight must be a positive number (Annex XIII)");
+  }
+  if (!data.batteryStatus) {
+    errors.push("batteryStatus is required (Annex XIII)");
+  } else if (!["original", "repurposed", "remanufactured", "waste"].includes(data.batteryStatus)) {
+    errors.push(
+      "batteryStatus must be one of: original, repurposed, remanufactured, waste (Annex XIII)"
+    );
+  }
+  if (data.ratedCapacityAh === void 0 || data.ratedCapacityAh <= 0) {
+    errors.push("ratedCapacityAh must be a positive number (Annex XIII)");
+  }
+  if (data.voltageMinV === void 0 || data.voltageMinV < 0) {
+    errors.push("voltageMinV must be a non-negative number (Annex XIII)");
+  }
+  if (data.voltageMaxV === void 0 || data.voltageMaxV < 0) {
+    errors.push("voltageMaxV must be a non-negative number (Annex XIII)");
+  }
+  if (data.voltageNominalV === void 0 || data.voltageNominalV < 0) {
+    errors.push("voltageNominalV must be a non-negative number (Annex XIII)");
+  }
+  if (data.voltageMinV !== void 0 && data.voltageMaxV !== void 0 && data.voltageMinV > data.voltageMaxV) {
+    errors.push("voltageMinV must be less than or equal to voltageMaxV");
+  }
+  if (data.temperatureRangeMinC === void 0) {
+    errors.push("temperatureRangeMinC is required (Annex XIII)");
+  }
+  if (data.temperatureRangeMaxC === void 0) {
+    errors.push("temperatureRangeMaxC is required (Annex XIII)");
+  }
+  if (data.temperatureRangeMinC !== void 0 && data.temperatureRangeMaxC !== void 0 && data.temperatureRangeMinC > data.temperatureRangeMaxC) {
+    errors.push("temperatureRangeMinC must be less than or equal to temperatureRangeMaxC");
+  }
+  if (data.originalPowerCapabilityW === void 0 || data.originalPowerCapabilityW < 0) {
+    errors.push("originalPowerCapabilityW must be a non-negative number (Annex XIII)");
+  }
+  if (data.roundTripEfficiency === void 0 || data.roundTripEfficiency < 0 || data.roundTripEfficiency > 100) {
+    errors.push("roundTripEfficiency must be between 0 and 100 (Annex XIII)");
+  }
+  if (data.internalResistanceOhm === void 0 || data.internalResistanceOhm < 0) {
+    errors.push("internalResistanceOhm must be a non-negative number (Annex XIII)");
+  }
+  if (!data.cellChemistryDetail) {
+    errors.push("cellChemistryDetail is required (Annex XIII)");
+  }
+  if (!data.hazardousSubstances || !Array.isArray(data.hazardousSubstances)) {
+    errors.push("hazardousSubstances must be an array (Annex XIII)");
+  }
+  if (data.carbonFootprintPerKwh === void 0 || data.carbonFootprintPerKwh < 0) {
+    errors.push("carbonFootprintPerKwh must be a non-negative number (Annex XIII)");
+  }
+  if (!data.carbonFootprintStudyUrl) {
+    errors.push("carbonFootprintStudyUrl is required (Annex XIII)");
+  } else if (!isValidUrl(data.carbonFootprintStudyUrl)) {
+    warnings.push("carbonFootprintStudyUrl appears to be invalid");
+  }
+  if (!data.supplyChainDueDiligencePolicy) {
+    errors.push("supplyChainDueDiligencePolicy is required (Annex XIII)");
+  } else if (!isValidUrl(data.supplyChainDueDiligencePolicy)) {
+    warnings.push("supplyChainDueDiligencePolicy appears to be invalid");
+  }
+  if (!data.thirdPartyVerifierId) {
+    errors.push("thirdPartyVerifierId is required (Annex XIII)");
+  }
+  if (!data.dismantlingInstructions) {
+    errors.push("dismantlingInstructions is required (Annex XIII)");
+  } else if (!isValidUrl(data.dismantlingInstructions)) {
+    warnings.push("dismantlingInstructions appears to be invalid");
+  }
+  if (!data.safetyInstructions) {
+    errors.push("safetyInstructions is required (Annex XIII)");
+  } else if (!isValidUrl(data.safetyInstructions)) {
+    warnings.push("safetyInstructions appears to be invalid");
+  }
+  if (!data.extinguishingAgent) {
+    errors.push("extinguishingAgent is required (Annex XIII)");
+  }
+  if (data.chemistry && !data.cellChemistryDetail) {
+    warnings.push("cellChemistryDetail should provide more detail than chemistry type");
+  }
+  if (data.hazardousSubstances && data.hazardousSubstances.length === 0) {
+    warnings.push("hazardousSubstances array is empty; all batteries contain some hazardous materials");
+  }
+  return {
+    valid: errors.length === 0,
+    errors,
+    warnings
+  };
+}
+function buildBatteryPassportQR(metadata) {
+  if (!metadata.productId) {
+    throw new Error("productId is required to build battery passport QR");
+  }
+  let serialNumber;
+  if (metadata.sectorData && "type" in metadata.sectorData && metadata.sectorData.type === "battery") {
+  }
+  let uri = `https://id.gs1.org/01/${metadata.productId}`;
+  if (serialNumber) {
+    uri += `/21/${serialNumber}`;
+  }
+  return uri;
+}
+function isValidUrl(urlString) {
+  try {
+    new URL(urlString);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+// src/gs1-resolver.ts
+var DEFAULT_GS1_DOMAIN = "https://id.gs1.org";
+var AI_LABELS = {
+  "01": "GTIN",
+  "21": "Serial Number",
+  "10": "Batch/Lot Number",
+  "11": "Production Date",
+  "17": "Expiry Date",
+  "3103": "Net Weight (kg)",
+  "3922": "Price",
+  "8200": "URL",
+  "254": "Extension",
+  "414": "Global Location Number"
+};
+function validateGTIN(gtin) {
+  const cleaned = gtin.replace(/\D/g, "");
+  if (![8, 12, 13, 14].includes(cleaned.length)) {
+    return {
+      valid: false,
+      checkDigit: -1,
+      message: `Invalid GTIN length: ${cleaned.length}. Must be 8, 12, 13, or 14 digits.`
+    };
+  }
+  const digits = cleaned.split("").map(Number);
+  const checkDigitProvided = digits[digits.length - 1];
+  const contentDigits = digits.slice(0, -1);
+  let sum = 0;
+  let multiplier = 3;
+  for (let i = contentDigits.length - 1; i >= 0; i--) {
+    sum += contentDigits[i] * multiplier;
+    multiplier = multiplier === 3 ? 1 : 3;
+  }
+  const checkDigitCalculated = (10 - sum % 10) % 10;
+  const valid = checkDigitCalculated === checkDigitProvided;
+  return {
+    valid,
+    checkDigit: checkDigitCalculated,
+    message: valid ? `Valid GTIN check digit: ${checkDigitCalculated}` : `Invalid check digit. Expected ${checkDigitCalculated}, got ${checkDigitProvided}`
+  };
+}
+function parseGS1DigitalLink(uri) {
+  const url = new URL(uri);
+  const domain = `${url.protocol}//${url.hostname}`;
+  const pathname = url.pathname;
+  const allComponents = [];
+  let gtin;
+  let serialNumber;
+  let batchLot;
+  let productionDate;
+  let expiryDate;
+  let netWeightKg;
+  let price;
+  let urlValue;
+  let gln;
+  let extension;
+  let queryParams;
+  const pathParts = pathname.split("/").filter((p) => p);
+  let i = 0;
+  while (i < pathParts.length - 1) {
+    const ai = pathParts[i];
+    const value = pathParts[i + 1];
+    const label = AI_LABELS[ai] || `AI ${ai}`;
+    allComponents.push({ ai, value, label });
+    switch (ai) {
+      case "01":
+        gtin = value;
+        break;
+      case "21":
+        serialNumber = value;
+        break;
+      case "10":
+        batchLot = value;
+        break;
+      case "11":
+        productionDate = parseGS1Date(value);
+        break;
+      case "17":
+        expiryDate = parseGS1Date(value);
+        break;
+      case "3103":
+        netWeightKg = parseFloat(value);
+        break;
+      case "3922":
+        price = value;
+        break;
+      case "8200":
+        urlValue = value;
+        break;
+      case "414":
+        gln = value;
+        break;
+      case "254":
+        extension = value;
+        break;
+    }
+    i += 2;
+  }
+  const params = {};
+  url.searchParams.forEach((value, key) => {
+    params[key] = value;
+  });
+  if (Object.keys(params).length > 0) {
+    queryParams = params;
+  }
+  const result = {
+    domain,
+    gtin,
+    serialNumber,
+    batchLot,
+    productionDate,
+    expiryDate,
+    netWeightKg,
+    price,
+    url: urlValue,
+    gln,
+    extension,
+    allComponents,
+    queryParams
+  };
+  return result;
+}
+function buildGS1DigitalLink(input) {
+  const domain = input.domain || DEFAULT_GS1_DOMAIN;
+  const parts = [];
+  if (!input.gtin) {
+    throw new Error("GTIN is required to build a GS1 Digital Link URI");
+  }
+  const validation = validateGTIN(input.gtin);
+  if (!validation.valid) {
+    throw new Error(`Invalid GTIN: ${validation.message}`);
+  }
+  parts.push("01", input.gtin);
+  if (input.serialNumber) {
+    parts.push("21", input.serialNumber);
+  }
+  if (input.batchLot) {
+    parts.push("10", input.batchLot);
+  }
+  if (input.productionDate) {
+    parts.push("11", formatGS1Date(input.productionDate));
+  }
+  if (input.expiryDate) {
+    parts.push("17", formatGS1Date(input.expiryDate));
+  }
+  if (input.netWeightKg !== void 0) {
+    parts.push("3103", input.netWeightKg.toString());
+  }
+  if (input.price) {
+    parts.push("3922", input.price);
+  }
+  if (input.url) {
+    parts.push("8200", input.url);
+  }
+  if (input.gln) {
+    parts.push("414", input.gln);
+  }
+  if (input.extension) {
+    parts.push("254", input.extension);
+  }
+  let uri = `${domain}/${parts.join("/")}`;
+  if (input.queryParams && Object.keys(input.queryParams).length > 0) {
+    const params = new URLSearchParams(input.queryParams);
+    uri += `?${params.toString()}`;
+  }
+  return uri;
+}
+function mapToOptropicAsset(parsed) {
+  if (!parsed.gtin) {
+    throw new Error("GTIN is required for Optropic asset mapping");
+  }
+  let lookupQuery = `gtin:"${parsed.gtin}"`;
+  if (parsed.serialNumber) {
+    lookupQuery += ` AND serial:"${parsed.serialNumber}"`;
+  }
+  if (parsed.batchLot) {
+    lookupQuery += ` AND batch:"${parsed.batchLot}"`;
+  }
+  const lookup = {
+    productId: parsed.gtin,
+    serialNumber: parsed.serialNumber,
+    batchId: parsed.batchLot,
+    lookupQuery
+  };
+  return lookup;
+}
+function generateQRCodePayload(input) {
+  const uri = buildGS1DigitalLink(input);
+  return {
+    type: "gs1-digital-link",
+    data: uri,
+    encodingMode: "url"
+  };
+}
+function isValidAI(ai) {
+  return Object.prototype.hasOwnProperty.call(AI_LABELS, ai);
+}
+function getAILabel(ai) {
+  return AI_LABELS[ai];
+}
+function getSupportedAIs() {
+  return Object.keys(AI_LABELS);
+}
+function parseGS1Date(gs1Date) {
+  if (gs1Date.length !== 6) {
+    return gs1Date;
+  }
+  const yy = parseInt(gs1Date.substring(0, 2), 10);
+  const mm = gs1Date.substring(2, 4);
+  const dd = gs1Date.substring(4, 6);
+  const yyyy = 2e3 + yy;
+  return `${yyyy}-${mm}-${dd}`;
+}
+function formatGS1Date(isoDate) {
+  let cleaned = isoDate.replace(/-/g, "");
+  if (cleaned.length !== 8) {
+    return isoDate;
+  }
+  const yyyy = cleaned.substring(0, 4);
+  const mm = cleaned.substring(4, 6);
+  const dd = cleaned.substring(6, 8);
+  const yy = (parseInt(yyyy, 10) % 100).toString().padStart(2, "0");
+  return `${yy}${mm}${dd}`;
+}
+
+// src/dpp-access.ts
+var DPPAccessLevel = {
+  /** Consumer-facing public data. */
+  PUBLIC: "public",
+  /** Verified supply chain partner. */
+  AUTHENTICATED: "authenticated",
+  /** Market surveillance authority. */
+  REGULATORY: "regulatory",
+  /** Economic operator (data owner). */
+  OWNER: "owner",
+  /**
+   * Check if a level has at least the privilege of another.
+   * Useful for authorization checks.
+   *
+   * @example
+   * ```typescript
+   * DPPAccessLevel.isAtLeast('regulatory', 'authenticated'); // true
+   * DPPAccessLevel.isAtLeast('public', 'regulatory');        // false
+   * ```
+   */
+  isAtLeast(level, required) {
+    return LEVEL_RANK[level] >= LEVEL_RANK[required];
+  }
+};
+var LEVEL_RANK = {
+  public: 0,
+  authenticated: 1,
+  regulatory: 2,
+  owner: 3
+};
+var DEFAULT_FIELD_VISIBILITY = [
+  // ── Public fields ─────────────────────────────────────────────────────
+  { field: "productId", minLevel: "public" },
+  { field: "productName", minLevel: "public" },
+  { field: "manufacturer", minLevel: "public" },
+  { field: "countryOfOrigin", minLevel: "public" },
+  { field: "category", minLevel: "public" },
+  { field: "carbonFootprint", minLevel: "public" },
+  { field: "recycledContent", minLevel: "public" },
+  { field: "durabilityYears", minLevel: "public" },
+  { field: "repairabilityScore", minLevel: "public" },
+  { field: "dppRegistryId", minLevel: "public" },
+  // ── Authenticated fields ──────────────────────────────────────────────
+  {
+    field: "substancesOfConcern",
+    minLevel: "authenticated",
+    // Battery regulation requires public disclosure of substances
+    categoryOverride: { battery: "public" }
+  },
+  { field: "conformityDeclarations", minLevel: "authenticated" },
+  {
+    field: "sectorData",
+    minLevel: "authenticated",
+    // Battery basic data (chemistry, capacity) is public per Battery Regulation Art. 13
+    categoryOverride: { battery: "public" }
+  },
+  // ── Regulatory fields ─────────────────────────────────────────────────
+  // (These map to DPPMetadata extensions that may be added; included for future-proofing)
+  { field: "internalBatchId", minLevel: "regulatory" },
+  { field: "auditTrailRef", minLevel: "regulatory" },
+  { field: "manufacturingDate", minLevel: "regulatory" },
+  { field: "facilityId", minLevel: "regulatory" },
+  // ── Owner-only fields ─────────────────────────────────────────────────
+  { field: "costData", minLevel: "owner" },
+  { field: "supplierContracts", minLevel: "owner" },
+  { field: "internalNotes", minLevel: "owner" }
+];
+function getDPPAccessPolicy(overrides) {
+  const fields = overrides ?? DEFAULT_FIELD_VISIBILITY;
+  return {
+    defaultLevel: "public",
+    fields,
+    redactionMode: "omit"
+  };
+}
+function filterDPPByAccess(metadata, context, policy) {
+  const effectivePolicy = policy ?? getDPPAccessPolicy();
+  const result = {};
+  const showRedacted = context.showRedacted ?? effectivePolicy.redactionMode === "placeholder";
+  for (const [key, value] of Object.entries(metadata)) {
+    const rule = effectivePolicy.fields.find((f) => f.field === key);
+    if (!rule) {
+      if (DPPAccessLevel.isAtLeast(context.level, "owner")) {
+        result[key] = value;
+      } else if (showRedacted) {
+        result[key] = "[REDACTED]";
+      }
+      continue;
+    }
+    let effectiveMinLevel = rule.minLevel;
+    if (context.category && rule.categoryOverride?.[context.category]) {
+      effectiveMinLevel = rule.categoryOverride[context.category];
+    }
+    if (DPPAccessLevel.isAtLeast(context.level, effectiveMinLevel)) {
+      result[key] = value;
+    } else if (showRedacted) {
+      result[key] = "[REDACTED]";
+    }
+  }
+  return result;
+}
+
+// src/epcis.ts
+var MAPPING_TABLE = {
+  manufactured: {
+    eventType: "TransformationEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:commissioning",
+    disposition: "urn:epcglobal:cbv:disp:active",
+    exact: true,
+    note: "Raw materials transformed into finished product; new EPC commissioned."
+  },
+  labeled: {
+    eventType: "ObjectEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:encoding",
+    disposition: "urn:epcglobal:cbv:disp:encoded",
+    exact: true,
+    note: "Physical label or tag applied/encoded on the product."
+  },
+  enrolled: {
+    eventType: "ObjectEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:commissioning",
+    disposition: "urn:epcglobal:cbv:disp:active",
+    exact: false,
+    note: "Optropic-specific: substrate fingerprint captured. Mapped to commissioning as closest EPCIS equivalent."
+  },
+  shipped: {
+    eventType: "ObjectEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:shipping",
+    disposition: "urn:epcglobal:cbv:disp:in_transit",
+    exact: true,
+    note: "Product shipped from origin; enters transit."
+  },
+  received: {
+    eventType: "ObjectEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:receiving",
+    disposition: "urn:epcglobal:cbv:disp:active",
+    exact: true,
+    note: "Product received at destination."
+  },
+  transferred: {
+    eventType: "TransactionEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:holding",
+    disposition: "urn:epcglobal:cbv:disp:active",
+    exact: false,
+    note: "Ownership transfer. TransactionEvent captures business transaction linkage; disposition remains active."
+  },
+  verified: {
+    eventType: "ObjectEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:inspecting",
+    disposition: "urn:epcglobal:cbv:disp:active",
+    exact: true,
+    note: "Product authenticity or integrity verified."
+  },
+  recalled: {
+    eventType: "ObjectEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:holding",
+    disposition: "urn:epcglobal:cbv:disp:recalled",
+    exact: true,
+    note: "Product recalled; removed from distribution."
+  },
+  destroyed: {
+    eventType: "ObjectEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:decommissioning",
+    disposition: "urn:epcglobal:cbv:disp:destroyed",
+    exact: true,
+    note: "Product destroyed; EPC decommissioned."
+  },
+  custom: {
+    eventType: "ObjectEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:holding",
+    disposition: "urn:epcglobal:cbv:disp:active",
+    exact: false,
+    note: "Custom event with no direct EPCIS equivalent; mapped to generic observation."
+  }
+};
+function mapToEPCIS(eventType) {
+  return MAPPING_TABLE[eventType] ?? MAPPING_TABLE.custom;
+}
+function getEPCISMappingTable() {
+  return MAPPING_TABLE;
+}
+function toEPCISEvent(event, options) {
+  const mapping = mapToEPCIS(event.eventType);
+  const timezoneOffset = options?.timezoneOffset ?? "+00:00";
+  const epcisEvent = {
+    type: mapping.eventType,
+    eventTime: event.timestamp,
+    eventTimeZoneOffset: timezoneOffset,
+    bizStep: mapping.bizStep,
+    disposition: mapping.disposition,
+    epcList: [assetIdToEPC(event.assetId, options?.gs1CompanyPrefix)],
+    ...event.location?.facility && {
+      readPoint: {
+        id: buildLocationUri(event.location, "readPoint", options?.gs1CompanyPrefix)
+      }
+    },
+    ...event.location?.facility && {
+      bizLocation: {
+        id: buildLocationUri(event.location, "bizLocation", options?.gs1CompanyPrefix)
+      }
+    },
+    "optropic:provenanceEventId": event.id,
+    "optropic:chainSequence": event.chainSequence,
+    "optropic:eventHash": event.eventHash
+  };
+  return epcisEvent;
+}
+function buildEPCISDocument(events) {
+  return {
+    "@context": [
+      "https://ref.gs1.org/standards/epcis/2.0.0/epcis-context.jsonld",
+      { optropic: "https://api.optropic.com/ns/epcis/" }
+    ],
+    type: "EPCISDocument",
+    schemaVersion: "2.0",
+    creationDate: (/* @__PURE__ */ new Date()).toISOString(),
+    epcisBody: {
+      eventList: events
+    }
+  };
+}
+function provenanceChainToEPCIS(events, options) {
+  const epcisEvents = events.map((e) => toEPCISEvent(e, options));
+  return buildEPCISDocument(epcisEvents);
+}
+function assetIdToEPC(assetId, gs1CompanyPrefix) {
+  if (gs1CompanyPrefix && /^\d{8,14}$/.test(assetId)) {
+    return `urn:epc:id:sgtin:${gs1CompanyPrefix}.${assetId}`;
+  }
+  return `urn:optropic:asset:${assetId}`;
+}
+function buildLocationUri(location, _type, gs1CompanyPrefix) {
+  if (gs1CompanyPrefix && location.facility) {
+    return `urn:epc:id:sgln:${gs1CompanyPrefix}.${encodeURIComponent(location.facility)}`;
+  }
+  const parts = [location.country, location.region, location.facility].filter(Boolean);
+  return `urn:optropic:location:${parts.join(":")}`;
+}
 
 // src/webhooks.ts
 async function computeHmacSha256(secret, message) {
@@ -1468,25 +2907,615 @@ async function verifyWebhookSignature(options) {
   return { valid: true };
 }
 
+// src/stanag/uid.ts
+function encodeNATOUID(data) {
+  if (!isValidCAGE(data.cage_ncage)) {
+    throw new Error(`Invalid CAGE/NCAGE code: ${data.cage_ncage}`);
+  }
+  const parts = [
+    `25S${data.cage_ncage}`,
+    data.partNumber,
+    data.serialNumber
+  ];
+  if (data.batchLot) {
+    parts.push(`LOT:${data.batchLot}`);
+  }
+  if (data.enterpriseId) {
+    parts.push(`ENT:${data.enterpriseId}`);
+  }
+  if (data.encoding && data.encoding !== "IUID") {
+    parts.push(`ENC:${data.encoding}`);
+  }
+  return parts.join("|");
+}
+function decodeNATOUID(encoded) {
+  const parts = encoded.split("|");
+  if (!parts[0]?.startsWith("25S")) {
+    throw new Error('Invalid NATO UID format: must start with DI "25S"');
+  }
+  const firstPart = parts[0].substring(3);
+  const cage_ncage = firstPart.substring(0, 5);
+  if (parts.length < 3) {
+    throw new Error("Invalid NATO UID: insufficient components");
+  }
+  const partNumber = parts[1];
+  const serialNumber = parts[2];
+  let batchLot;
+  let enterpriseId;
+  let encoding = "IUID";
+  for (let i = 3; i < parts.length; i++) {
+    const part = parts[i];
+    if (part?.startsWith("LOT:")) {
+      batchLot = part.substring(4);
+    } else if (part?.startsWith("ENT:")) {
+      enterpriseId = part.substring(4);
+    } else if (part?.startsWith("ENC:")) {
+      encoding = part.substring(4);
+    }
+  }
+  if (!isValidCAGE(cage_ncage)) {
+    throw new Error(`Invalid CAGE/NCAGE in decoded UID: ${cage_ncage}`);
+  }
+  return {
+    cage_ncage,
+    partNumber,
+    serialNumber,
+    batchLot,
+    enterpriseId,
+    encoding
+  };
+}
+function validateNATOUID(uid) {
+  const errors = [];
+  if (!uid) {
+    return { valid: false, errors: ["UID cannot be empty"] };
+  }
+  if (!uid.startsWith("25S")) {
+    errors.push('UID must start with DI "25S"');
+  }
+  const parts = uid.split("|");
+  if (parts.length < 3) {
+    errors.push("UID must contain at least CAGE, part number, and serial");
+  }
+  if (parts[0]) {
+    const cage = parts[0].substring(3);
+    if (!isValidCAGE(cage)) {
+      errors.push(`Invalid CAGE/NCAGE code: ${cage}`);
+    }
+  }
+  return {
+    valid: errors.length === 0,
+    errors
+  };
+}
+function isValidCAGE(code) {
+  return /^[A-Z0-9]{5}$/.test(code);
+}
+function mapNATOUIDToOptropic(uid) {
+  const assetId = encodeNATOUID(uid);
+  return {
+    assetId,
+    metadata: {
+      type: "nato_uid",
+      cage_ncage: uid.cage_ncage,
+      partNumber: uid.partNumber,
+      serialNumber: uid.serialNumber,
+      batchLot: uid.batchLot,
+      enterpriseId: uid.enterpriseId,
+      encoding: uid.encoding,
+      standard: "STANAG_2290"
+    }
+  };
+}
+function mapOptropicToNATOUID(_assetId, metadata) {
+  const cage_ncage = metadata.cage_ncage;
+  const partNumber = metadata.partNumber;
+  const serialNumber = metadata.serialNumber;
+  const encoding = metadata.encoding || "IUID";
+  if (!cage_ncage || !partNumber || !serialNumber) {
+    throw new Error("Missing required NATO UID fields in metadata");
+  }
+  return {
+    cage_ncage,
+    partNumber,
+    serialNumber,
+    batchLot: metadata.batchLot,
+    enterpriseId: metadata.enterpriseId,
+    encoding
+  };
+}
+function buildDefenceMetadata(classification, caveats, shelfLife) {
+  return {
+    classification,
+    handlingCaveats: caveats || [],
+    releasableTo: getNATOReleasability(classification),
+    shelfLife
+  };
+}
+function getNATOReleasability(classification) {
+  switch (classification) {
+    case "UNCLASSIFIED":
+      return ["NATO", "PUBLIC"];
+    case "RESTRICTED":
+      return ["NATO", "EU"];
+    case "CONFIDENTIAL":
+      return ["NATO"];
+    case "SECRET":
+      return ["NATO"];
+    case "NATO_SECRET":
+      return ["NATO"];
+    case "COSMIC_TOP_SECRET":
+      return ["NATO"];
+    default:
+      return [];
+  }
+}
+function validateDefenceMetadata(metadata) {
+  const errors = [];
+  if (!metadata.classification) {
+    errors.push("Classification level is required");
+  }
+  if (!Array.isArray(metadata.handlingCaveats)) {
+    errors.push("Handling caveats must be an array");
+  }
+  if (!Array.isArray(metadata.releasableTo)) {
+    errors.push("Releasable to must be an array");
+  }
+  if (metadata.shelfLife) {
+    const mfg = new Date(metadata.shelfLife.manufacturedDate);
+    const exp = new Date(metadata.shelfLife.expiryDate);
+    if (mfg >= exp) {
+      errors.push("Expiry date must be after manufactured date");
+    }
+    if (!["TYPE_I", "TYPE_II", "TYPE_III"].includes(metadata.shelfLife.type)) {
+      errors.push("Invalid shelf life type");
+    }
+  }
+  if (metadata.nsn && !/^\d{13}$/.test(metadata.nsn)) {
+    errors.push("NSN must be 13 digits");
+  }
+  return {
+    valid: errors.length === 0,
+    errors
+  };
+}
+
+// src/stanag/logistics.ts
+function mapMovementToProvenance(movement) {
+  const typeMap = {
+    manufacture: "MANUFACTURE",
+    receipt: "RECEIPT",
+    inspection: "INSPECTION",
+    storage: "STORAGE",
+    issue: "ISSUED",
+    transport: "TRANSPORT",
+    delivery: "DELIVERY",
+    maintenance: "MAINTENANCE",
+    repair: "REPAIR",
+    disposal: "DISPOSAL",
+    destruction: "DESTRUCTION",
+    transfer: "TRANSFER",
+    inventory: "INVENTORY"
+  };
+  return {
+    eventType: typeMap[movement.movementType] ?? "UNKNOWN",
+    timestamp: movement.timestamp,
+    actor: movement.custodian,
+    location: {
+      facility: movement.location.facility,
+      coordinates: movement.location.coordinates ? {
+        lat: movement.location.coordinates.lat,
+        lng: movement.location.coordinates.lon
+      } : void 0
+    },
+    metadata: {
+      movementId: movement.movementId,
+      itemUID: movement.itemUID,
+      supplyClass: movement.supplyClass,
+      priority: movement.priority,
+      condition: movement.condition,
+      authorizedBy: movement.authorizedBy,
+      transportMethod: movement.transportMethod,
+      receivingParty: movement.receivingParty,
+      remarks: movement.remarks
+    }
+  };
+}
+function calculateReadiness(movements, thresholds = {}) {
+  if (movements.length === 0) {
+    return {
+      overall: 0,
+      serviceablePercent: 0,
+      maintenanceCompliance: 0,
+      daysSinceInspection: 0,
+      transportEfficiency: 0,
+      recommendations: ["No movement data available for readiness assessment"],
+      assessmentAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+  }
+  const maxInventoryAge = thresholds.maxInventoryAgeDays ?? 365;
+  void thresholds.maxUnserviceablePercent;
+  const requiredMaintenance = thresholds.requiredMaintenancePercent ?? 95;
+  const conditions = movements.map((m) => m.condition);
+  const serviceableCount = conditions.filter((c) => c === "serviceable").length;
+  const serviceablePercent = serviceableCount / conditions.length * 100;
+  const maintenances = movements.filter((m) => m.movementType === "maintenance" || m.movementType === "repair");
+  const maintenancePercent = maintenances.length / Math.max(movements.length, 1) * 100;
+  const inspections = movements.filter((m) => m.movementType === "inspection");
+  const now = /* @__PURE__ */ new Date();
+  let daysSinceInspection = 0;
+  if (inspections.length > 0) {
+    const lastInspection = new Date(inspections[inspections.length - 1].timestamp);
+    daysSinceInspection = Math.floor((now.getTime() - lastInspection.getTime()) / (1e3 * 60 * 60 * 24));
+  } else {
+    daysSinceInspection = maxInventoryAge;
+  }
+  const transports = movements.filter((m) => m.movementType === "transport");
+  let transportEfficiency = 100;
+  if (transports.length > 0) {
+    const avgDelay = transports.reduce((sum, m) => {
+      const timestamp = new Date(m.timestamp);
+      const delay = Math.floor((now.getTime() - timestamp.getTime()) / (1e3 * 60 * 60));
+      return sum + delay;
+    }, 0) / transports.length;
+    transportEfficiency = Math.max(0, 100 - avgDelay / (thresholds.maxTransportHours ?? 48) * 100);
+  }
+  const weightedScore = serviceablePercent * 0.4 + Math.min(maintenancePercent, requiredMaintenance) * 0.3 + (100 - Math.min(daysSinceInspection, maxInventoryAge) / maxInventoryAge * 100) * 0.2 + transportEfficiency * 0.1;
+  const overall = Math.round(Math.max(0, Math.min(100, weightedScore)));
+  const recommendations = [];
+  if (serviceablePercent < 85) {
+    recommendations.push(`Low serviceable percentage (${Math.round(serviceablePercent)}%). Increase maintenance activities.`);
+  }
+  if (maintenancePercent < requiredMaintenance) {
+    recommendations.push(`Maintenance compliance below threshold (${Math.round(maintenancePercent)}% vs ${requiredMaintenance}% required).`);
+  }
+  if (daysSinceInspection > maxInventoryAge * 0.8) {
+    recommendations.push(`Items overdue for inspection. Last inspection ${daysSinceInspection} days ago.`);
+  }
+  if (transportEfficiency < 70) {
+    recommendations.push("Transport efficiency is degraded. Review logistics network.");
+  }
+  if (recommendations.length === 0) {
+    recommendations.push("Readiness levels are optimal. Continue routine maintenance.");
+  }
+  return {
+    overall,
+    serviceablePercent: Math.round(serviceablePercent * 10) / 10,
+    maintenanceCompliance: Math.round(maintenancePercent * 10) / 10,
+    daysSinceInspection,
+    transportEfficiency: Math.round(transportEfficiency * 10) / 10,
+    recommendations,
+    assessmentAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function validateLogisticsMovement(movement) {
+  const errors = [];
+  if (!movement.movementId) {
+    errors.push("Movement ID is required");
+  }
+  if (!movement.itemUID) {
+    errors.push("Item UID is required");
+  }
+  if (!["I", "II", "III", "IV", "V", "VI", "VII", "VIII", "IX", "X"].includes(movement.supplyClass)) {
+    errors.push("Invalid supply class");
+  }
+  if (!movement.timestamp) {
+    errors.push("Timestamp is required");
+  } else {
+    const d = new Date(movement.timestamp);
+    if (isNaN(d.getTime())) {
+      errors.push("Invalid timestamp format");
+    }
+  }
+  if (!movement.custodian) {
+    errors.push("Custodian is required");
+  }
+  return {
+    valid: errors.length === 0,
+    errors
+  };
+}
+
+// src/multi-tenant/platform.ts
+async function createOrganization(params) {
+  if (!params.name || !params.slug) {
+    throw new Error("Name and slug are required");
+  }
+  if (!/^[a-z0-9-]+$/.test(params.slug)) {
+    throw new Error("Slug must contain only lowercase letters, numbers, and hyphens");
+  }
+  return {
+    id: `org_${generateId()}`,
+    name: params.name,
+    slug: params.slug,
+    plan: params.plan,
+    status: "active",
+    settings: params.settings,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+async function getOrganization(orgId) {
+  if (!orgId) {
+    throw new Error("Organization ID is required");
+  }
+  throw new Error("getOrganization requires API integration");
+}
+async function updateOrganization(orgId, updates) {
+  if (!orgId) {
+    throw new Error("Organization ID is required");
+  }
+  if (updates.plan && !["starter", "professional", "enterprise", "sovereign"].includes(updates.plan)) {
+    throw new Error("Invalid plan tier");
+  }
+  if (updates.status && !["active", "suspended", "pending"].includes(updates.status)) {
+    throw new Error("Invalid organization status");
+  }
+  throw new Error("updateOrganization requires API integration");
+}
+async function listMembers(orgId) {
+  if (!orgId) {
+    throw new Error("Organization ID is required");
+  }
+  throw new Error("listMembers requires API integration");
+}
+async function inviteMember(orgId, email, role) {
+  if (!orgId || !email || !role) {
+    throw new Error("Organization ID, email, and role are required");
+  }
+  if (!isValidEmail(email)) {
+    throw new Error("Invalid email address");
+  }
+  if (!["owner", "admin", "member", "viewer", "auditor"].includes(role)) {
+    throw new Error("Invalid role");
+  }
+  return {
+    id: `invite_${generateId()}`,
+    email,
+    role,
+    invitedBy: "current_user",
+    expiresAt: new Date(Date.now() + 30 * 24 * 60 * 60 * 1e3).toISOString(),
+    // 30 days
+    status: "pending"
+  };
+}
+async function removeMember(orgId, userId) {
+  if (!orgId || !userId) {
+    throw new Error("Organization ID and user ID are required");
+  }
+  throw new Error("removeMember requires API integration");
+}
+async function updateMemberRole(orgId, userId, newRole) {
+  if (!orgId || !userId || !newRole) {
+    throw new Error("Organization ID, user ID, and new role are required");
+  }
+  if (!["owner", "admin", "member", "viewer", "auditor"].includes(newRole)) {
+    throw new Error("Invalid role");
+  }
+  throw new Error("updateMemberRole requires API integration");
+}
+async function createRLSPolicy(params) {
+  if (!params.tenantId || !params.resourceType || !params.action || !params.condition) {
+    throw new Error("All policy parameters are required");
+  }
+  validateRLSCondition(params.condition);
+  return {
+    id: `policy_${generateId()}`,
+    tenantId: params.tenantId,
+    resourceType: params.resourceType,
+    action: params.action,
+    condition: params.condition,
+    priority: params.priority ?? 100,
+    enabled: true
+  };
+}
+async function listRLSPolicies(tenantId) {
+  if (!tenantId) {
+    throw new Error("Tenant ID is required");
+  }
+  throw new Error("listRLSPolicies requires API integration");
+}
+async function deleteRLSPolicy(policyId) {
+  if (!policyId) {
+    throw new Error("Policy ID is required");
+  }
+  throw new Error("deleteRLSPolicy requires API integration");
+}
+function validateRLSCondition(condition) {
+  if (!condition.field || !condition.operator || condition.value === void 0) {
+    throw new Error("RLS condition must have field, operator, and value");
+  }
+  const validOperators = ["eq", "neq", "in", "not_in", "contains", "starts_with", "gt", "lt"];
+  if (!validOperators.includes(condition.operator)) {
+    throw new Error(`Invalid RLS operator: ${condition.operator}`);
+  }
+  if (["in", "not_in"].includes(condition.operator) && !Array.isArray(condition.value)) {
+    throw new Error(`Operator ${condition.operator} requires an array value`);
+  }
+}
+async function getUsageQuota(tenantId) {
+  if (!tenantId) {
+    throw new Error("Tenant ID is required");
+  }
+  throw new Error("getUsageQuota requires API integration");
+}
+async function updateUsageQuota(tenantId, limits) {
+  if (!tenantId) {
+    throw new Error("Tenant ID is required");
+  }
+  if (limits.assets !== void 0 && limits.assets < 0) {
+    throw new Error("Asset limit cannot be negative");
+  }
+  if (limits.storage_mb !== void 0 && limits.storage_mb < 0) {
+    throw new Error("Storage limit cannot be negative");
+  }
+  throw new Error("updateUsageQuota requires API integration");
+}
+function generateId() {
+  return Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15);
+}
+function isValidEmail(email) {
+  return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email);
+}
+function getRolePermissions(role) {
+  const permissionMap = {
+    owner: [
+      "assets:read",
+      "assets:write",
+      "assets:delete",
+      "assets:admin",
+      "members:manage",
+      "policies:manage",
+      "quotas:manage",
+      "audit:read",
+      "org:manage"
+    ],
+    admin: [
+      "assets:read",
+      "assets:write",
+      "assets:delete",
+      "members:manage",
+      "policies:manage",
+      "audit:read"
+    ],
+    member: [
+      "assets:read",
+      "assets:write",
+      "audit:read"
+    ],
+    viewer: [
+      "assets:read"
+    ],
+    auditor: [
+      "assets:read",
+      "audit:read"
+    ]
+  };
+  return permissionMap[role] || [];
+}
+
+// src/marketplace/partner.ts
+async function registerPartner(registration, requestFn) {
+  const result = await requestFn("POST", "/marketplace/partners", registration);
+  return result;
+}
+async function getPartner(partnerId, requestFn) {
+  const result = await requestFn("GET", `/marketplace/partners/${partnerId}`);
+  return result;
+}
+async function updatePartner(partnerId, params, requestFn) {
+  const result = await requestFn("PATCH", `/marketplace/partners/${partnerId}`, params);
+  return result;
+}
+async function getPartnerAnalytics(partnerId, period, requestFn) {
+  const result = await requestFn(
+    "GET",
+    `/marketplace/partners/${partnerId}/analytics?period=${encodeURIComponent(period)}`
+  );
+  return result;
+}
+async function listPartners(params, requestFn) {
+  const queryParams = new URLSearchParams();
+  if (params?.tier) queryParams.append("tier", params.tier);
+  if (params?.status) queryParams.append("status", params.status);
+  if (params?.type) queryParams.append("type", params.type);
+  if (params?.limit) queryParams.append("limit", params.limit.toString());
+  if (params?.offset) queryParams.append("offset", params.offset.toString());
+  const query = queryParams.toString();
+  const path = query ? `/marketplace/partners?${query}` : "/marketplace/partners";
+  const result = await requestFn("GET", path);
+  return result;
+}
+async function generatePartnerApiKey(partnerId, scopes, expiresAt, requestFn) {
+  const body = { scopes, expiresAt };
+  const result = await requestFn("POST", `/marketplace/partners/${partnerId}/keys`, body);
+  return result;
+}
+
+// src/marketplace/templates.ts
+async function createTemplate(partnerId, params, requestFn) {
+  const body = { ...params, partnerId };
+  const result = await requestFn("POST", "/marketplace/templates", body);
+  return result;
+}
+async function getTemplate(templateId, requestFn) {
+  const result = await requestFn("GET", `/marketplace/templates/${templateId}`);
+  return result;
+}
+async function updateTemplate(templateId, params, requestFn) {
+  const result = await requestFn("PATCH", `/marketplace/templates/${templateId}`, params);
+  return result;
+}
+async function publishTemplate(templateId, params, requestFn) {
+  const result = await requestFn("POST", `/marketplace/templates/${templateId}/publish`, params);
+  return result;
+}
+async function deprecateTemplate(templateId, params, requestFn) {
+  const result = await requestFn("POST", `/marketplace/templates/${templateId}/deprecate`, params);
+  return result;
+}
+async function listTemplates(params, requestFn) {
+  const queryParams = new URLSearchParams();
+  if (params?.category) queryParams.append("category", params.category);
+  if (params?.status) queryParams.append("status", params.status);
+  if (params?.author) queryParams.append("author", params.author);
+  if (params?.limit) queryParams.append("limit", params.limit.toString());
+  if (params?.offset) queryParams.append("offset", params.offset.toString());
+  const query = queryParams.toString();
+  const path = query ? `/marketplace/templates?${query}` : "/marketplace/templates";
+  const result = await requestFn("GET", path);
+  return result;
+}
+async function searchTemplates(query, params, requestFn) {
+  const queryParams = new URLSearchParams({ q: query });
+  if (params?.category) queryParams.append("category", params.category);
+  if (params?.limit) queryParams.append("limit", params.limit.toString());
+  const result = await requestFn(
+    "GET",
+    `/marketplace/templates/search?${queryParams.toString()}`
+  );
+  return result;
+}
+async function installTemplate(templateId, requestFn) {
+  const result = await requestFn("POST", `/marketplace/templates/${templateId}/install`);
+  return result;
+}
+async function uninstallTemplate(templateId, requestFn) {
+  const result = await requestFn("POST", `/marketplace/templates/${templateId}/uninstall`);
+  return result;
+}
+async function rateTemplate(templateId, params, requestFn) {
+  const result = await requestFn("POST", `/marketplace/templates/${templateId}/rate`, params);
+  return result;
+}
+async function validateAgainstTemplate(templateId, data, requestFn) {
+  const result = await requestFn("POST", `/marketplace/templates/${templateId}/validate`, { data });
+  return result;
+}
+
 // src/index.ts
-var SDK_VERSION2 = "2.3.0";
+var SDK_VERSION2 = "3.0.0";
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   AssetsResource,
   AuditResource,
   AuthenticationError,
   BatchNotFoundError,
+  BatchesResource,
   CodeNotFoundError,
   ComplianceResource,
+  DPPAccessLevel,
   DocumentsResource,
   InvalidCodeError,
   InvalidGTINError,
   InvalidSerialError,
   KeysResource,
   KeysetsResource,
+  M2MResource,
   NetworkError,
   OptropicClient,
   OptropicError,
+  Permission,
   ProvenanceResource,
   QuotaExceededError,
   RateLimitedError,
@@ -1495,13 +3524,87 @@ var SDK_VERSION2 = "2.3.0";
   SchemasResource,
   ServiceUnavailableError,
   StaleFilterError,
+  TenantsResource,
   TimeoutError,
+  appendRecord,
+  buildBatteryPassportQR,
   buildDPPConfig,
+  buildDefenceMetadata,
+  buildEPCISDocument,
+  buildGS1DigitalLink,
+  calculateReadiness,
+  calibrateThreshold,
+  computeDistance,
+  computeSimilarity,
+  createAuditChain,
   createClient,
+  createConsensusResultMessage,
+  createDescriptorExchange,
   createErrorFromResponse,
+  createHandshakeAccept,
+  createHandshakeInit,
+  createOrganization,
+  createRLSPolicy,
+  createTemplate,
+  decodeNATOUID,
+  deleteRLSPolicy,
+  deprecateTemplate,
+  deserializeMessage,
+  encodeNATOUID,
+  evaluateConsensus,
+  exportChain,
+  filterDPPByAccess,
+  generatePartnerApiKey,
+  generateQRCodePayload,
+  getAILabel,
+  getDPPAccessPolicy,
+  getEPCISMappingTable,
+  getOrganization,
+  getPartner,
+  getPartnerAnalytics,
+  getRolePermissions,
+  getSupportedAIs,
+  getTemplate,
+  getUsageQuota,
+  importChain,
+  installTemplate,
+  inviteMember,
+  isValidAI,
+  listMembers,
+  listPartners,
+  listRLSPolicies,
+  listTemplates,
+  mapMovementToProvenance,
+  mapNATOUIDToOptropic,
+  mapOptropicToNATOUID,
+  mapToEPCIS,
+  mapToOptropicAsset,
   parseFilterHeader,
+  parseGS1DigitalLink,
   parseSaltsHeader,
+  provenanceChainToEPCIS,
+  publishTemplate,
+  rateTemplate,
+  registerPartner,
+  removeMember,
+  searchTemplates,
+  serializeMessage,
+  toEPCISEvent,
+  uninstallTemplate,
+  updateMemberRole,
+  updateOrganization,
+  updatePartner,
+  updateTemplate,
+  updateUsageQuota,
+  validateAgainstTemplate,
+  validateBatteryPassport,
   validateDPPMetadata,
+  validateDefenceMetadata,
+  validateGTIN,
+  validateLogisticsMovement,
+  validateMessage,
+  validateNATOUID,
+  verifyChain,
   verifyOffline,
   verifyWebhookSignature
 });