optropic 2.3.0 → 3.0.0

package/dist/index.d.cts

@@ -77,6 +77,157 @@ interface RetryConfig {
  * Use these for programmatic error handling.
  */
 type ErrorCode = 'INVALID_API_KEY' | 'EXPIRED_API_KEY' | 'INSUFFICIENT_PERMISSIONS' | 'INVALID_GTIN' | 'INVALID_SERIAL' | 'INVALID_CODE_FORMAT' | 'INVALID_BATCH_CONFIG' | 'CODE_NOT_FOUND' | 'BATCH_NOT_FOUND' | 'PRODUCT_NOT_FOUND' | 'CODE_REVOKED' | 'CODE_EXPIRED' | 'BATCH_ALREADY_EXISTS' | 'RATE_LIMITED' | 'QUOTA_EXCEEDED' | 'NETWORK_ERROR' | 'TIMEOUT' | 'SERVICE_UNAVAILABLE' | 'INTERNAL_ERROR' | 'UNKNOWN_ERROR';
+/**
+ * Type-safe permission constants for API key creation.
+ *
+ * @example
+ * ```typescript
+ * import { Permission } from 'optropic';
+ *
+ * const key = await client.keys.create({
+ *   environment: 'live',
+ *   label: 'Read-only integration',
+ *   permissions: [Permission.ASSETS_READ, Permission.ASSETS_VERIFY],
+ * });
+ * ```
+ */
+declare const Permission: {
+    readonly ASSETS_READ: "assets:read";
+    readonly ASSETS_WRITE: "assets:write";
+    readonly ASSETS_VERIFY: "assets:verify";
+    readonly AUDIT_READ: "audit:read";
+    readonly COMPLIANCE_READ: "compliance:read";
+    readonly KEYS_MANAGE: "keys:manage";
+    readonly SCHEMAS_MANAGE: "schemas:manage";
+    readonly DOCUMENTS_ENROLL: "documents:enroll";
+    readonly DOCUMENTS_VERIFY: "documents:verify";
+    readonly PROVENANCE_READ: "provenance:read";
+    readonly PROVENANCE_WRITE: "provenance:write";
+    readonly WEBHOOKS_MANAGE: "webhooks:manage";
+    /** All read permissions. */
+    readonly ALL_READ: readonly ["assets:read", "audit:read", "compliance:read", "provenance:read"];
+    /** All write permissions. */
+    readonly ALL_WRITE: readonly ["assets:write", "assets:verify", "documents:enroll", "documents:verify", "provenance:write", "webhooks:manage", "keys:manage", "schemas:manage"];
+    /** All permissions combined. */
+    readonly all: () => string[];
+};
+type PermissionValue = typeof Permission[keyof Omit<typeof Permission, 'ALL_READ' | 'ALL_WRITE' | 'all'>];
+/**
+ * Rate limit status parsed from response headers.
+ * Updated automatically after every API call.
+ */
+interface RateLimitInfo {
+    /** Maximum requests allowed per period. */
+    readonly limit: number;
+    /** Remaining requests in current period. */
+    readonly remaining: number;
+    /** ISO 8601 timestamp when the limit resets. */
+    readonly reset?: string;
+}
+/**
+ * Current tenant information.
+ */
+interface Tenant {
+    readonly id: string;
+    readonly name: string;
+    readonly plan: string;
+    readonly status: 'active' | 'suspended' | 'cancelled';
+    readonly createdAt: string;
+}
+/**
+ * Tenant resource limits based on plan.
+ */
+interface TenantLimits {
+    readonly maxAssets: number;
+    readonly maxApiCallsPerMonth: number;
+    readonly maxKeys: number;
+    readonly maxWebhooks: number;
+    readonly maxBatchSize: number;
+}
+/**
+ * Usage metrics for a given period.
+ */
+interface UsageReport {
+    readonly apiCalls: number;
+    readonly assetsCreated: number;
+    readonly verifications: number;
+    readonly documentsEnrolled: number;
+    readonly bandwidthMb: number;
+    readonly periodStart: string;
+    readonly periodEnd: string;
+}
+/**
+ * Endpoint-level usage breakdown.
+ */
+interface EndpointUsage {
+    readonly endpoint: string;
+    readonly calls: number;
+    readonly errors: number;
+    readonly avgLatencyMs: number;
+    readonly bandwidthMb: number;
+}
+/**
+ * Quota information for the current API key.
+ */
+interface QuotaInfo {
+    readonly limit: number;
+    readonly remaining: number;
+    readonly reset?: string;
+    readonly resetAt?: string;
+}
+/**
+ * Batch job information.
+ */
+interface BatchJob {
+    readonly batchId: string;
+    readonly operation: string;
+    readonly status: 'pending' | 'processing' | 'completed' | 'failed' | 'cancelled';
+    readonly progress: number;
+    readonly createdAt: string;
+    readonly completedAt?: string;
+    readonly totalItems: number;
+    readonly processedItems: number;
+    readonly failedItems: number;
+}
+/**
+ * Result of a completed batch operation.
+ */
+interface BatchResult {
+    readonly batchId: string;
+    readonly operation: string;
+    readonly status: 'completed' | 'failed' | 'cancelled';
+    readonly totalItems: number;
+    readonly processedItems: number;
+    readonly failedItems: number;
+    readonly completedAt: string;
+    readonly results?: unknown[];
+    readonly errors?: Array<{
+        readonly index: number;
+        readonly error: string;
+    }>;
+}
+/**
+ * Information about a specific API key.
+ */
+interface KeyInfo {
+    readonly keyId: string;
+    readonly name: string;
+    readonly permissions: string[];
+    readonly rateLimit: number;
+    readonly expiresAt?: string;
+    readonly lastUsedAt?: string;
+    readonly allowedIps?: string[];
+}
+/**
+ * Result of rotating an API key.
+ */
+interface RotateKeyResult {
+    readonly oldKeyId: string;
+    readonly newKeyId: string;
+    readonly newKey: string;
+    readonly newPrefix: string;
+    readonly gracePeriodUntil?: string;
+}
 
 /**
  * Assets Resource
@@ -152,6 +303,31 @@ interface BatchCreateResult {
     readonly requested: number;
     readonly assets: Asset[];
 }
+interface BatchVerifyResult {
+    readonly verified: number;
+    readonly requested: number;
+    readonly results: Array<{
+        readonly assetId: string;
+        readonly signatureValid: boolean;
+        readonly revocationStatus: string;
+    }>;
+    readonly errors?: Array<{
+        readonly assetId: string;
+        readonly error: string;
+    }>;
+}
+interface BatchRevokeResult {
+    readonly revoked: number;
+    readonly requested: number;
+    readonly results: Array<{
+        readonly assetId: string;
+        readonly status: string;
+    }>;
+    readonly errors?: Array<{
+        readonly assetId: string;
+        readonly error: string;
+    }>;
+}
 declare class AssetsResource {
     private readonly request;
     private readonly client;
@@ -181,6 +357,8 @@ declare class AssetsResource {
     verify(assetId: string): Promise<VerifyResult>;
     revoke(assetId: string, reason?: string): Promise<Asset>;
     batchCreate(params: BatchCreateParams): Promise<BatchCreateResult>;
+    batchVerify(assetIds: string[]): Promise<BatchVerifyResult>;
+    batchRevoke(assetIds: string[], reason: string): Promise<BatchRevokeResult>;
     private buildQuery;
 }
 
@@ -244,6 +422,55 @@ declare class AuditResource {
     private buildQuery;
 }
 
+/**
+ * Batches Resource
+ *
+ * Batch job operations for bulk processing.
+ */
+
+interface CreateBatchParams {
+    readonly operation: string;
+    readonly items: unknown[];
+}
+interface ListBatchesParams {
+    readonly limit?: number;
+}
+interface WaitOptions {
+    readonly pollInterval?: number;
+    readonly timeout?: number;
+}
+declare class BatchesResource {
+    private readonly request;
+    constructor(request: RequestFn);
+    /**
+     * Create a new batch job with the given operation and items.
+     */
+    create(params: CreateBatchParams): Promise<BatchJob>;
+    /**
+     * Get the status and details of a specific batch job.
+     */
+    get(batchId: string): Promise<BatchJob>;
+    /**
+     * List batch jobs with optional limiting.
+     */
+    list(params?: ListBatchesParams): Promise<BatchJob[]>;
+    /**
+     * Wait for a batch job to complete, polling at regular intervals.
+     *
+     * @param batchId - The ID of the batch to wait for
+     * @param opts - Polling configuration (pollInterval in ms, timeout in ms)
+     * @returns The final batch result once completed
+     * @throws TimeoutError if the operation exceeds the timeout
+     */
+    wait(batchId: string, opts?: WaitOptions): Promise<BatchResult>;
+    /**
+     * Cancel a batch job that is still pending or processing.
+     */
+    cancel(batchId: string): Promise<BatchJob>;
+    private buildQuery;
+    private sleep;
+}
+
 /**
  * Compliance Resource
  *
@@ -448,6 +675,9 @@ interface ApiKey {
 interface CreateKeyParams {
     readonly label?: string;
     readonly environment?: 'live' | 'test';
+    readonly expiresInDays?: number;
+    readonly rateLimitPerMinute?: number;
+    readonly allowedIps?: string[];
 }
 interface CreateKeyResult {
     readonly key: string;
@@ -457,12 +687,27 @@ interface CreateKeyResult {
     readonly environment: string;
     readonly created_at: string;
 }
+interface RotateKeyParams {
+    readonly gracePeriodHours?: number;
+}
 declare class KeysResource {
     private readonly request;
     constructor(request: RequestFn);
     create(params?: CreateKeyParams): Promise<CreateKeyResult>;
     list(): Promise<ApiKey[]>;
     revoke(keyId: string): Promise<void>;
+    /**
+     * Get information about the current API key being used.
+     */
+    current(): Promise<KeyInfo>;
+    /**
+     * Rotate the specified API key to a new one.
+     *
+     * @param keyId - The ID of the key to rotate
+     * @param opts - Optional rotation parameters (gracePeriodHours)
+     * @returns New key information and the new key string
+     */
+    rotate(keyId: string, opts?: RotateKeyParams): Promise<RotateKeyResult>;
 }
 
 /**
@@ -503,6 +748,311 @@ declare class KeysetsResource {
     private buildQuery;
 }
 
+/**
+ * M2M Ed25519 Audit Trail
+ *
+ * Append-only signed audit records for M2M verification events.
+ */
+type AuditRecordType = 'challenge_issued' | 'challenge_responded' | 'consensus_established' | 'consensus_denied' | 'device_registered' | 'device_revoked';
+interface AuditRecord {
+    id: string;
+    type: AuditRecordType;
+    assetId: string;
+    deviceIds: string[];
+    timestamp: string;
+    previousHash: string;
+    data: Record<string, unknown>;
+    hash: string;
+    signature?: string;
+}
+interface AuditChain {
+    records: AuditRecord[];
+    chainId: string;
+    createdAt: string;
+    lastHash: string;
+}
+/**
+ * Create a new audit chain
+ */
+declare function createAuditChain(chainId?: string): AuditChain;
+/**
+ * Append a record to an audit chain
+ */
+declare function appendRecord(chain: AuditChain, type: AuditRecordType, assetId: string, deviceIds: string[], data: Record<string, unknown>): Promise<AuditRecord>;
+/**
+ * Verify the integrity of an audit chain
+ */
+declare function verifyChain(chain: AuditChain): Promise<{
+    valid: boolean;
+    brokenAt?: number;
+    error?: string;
+}>;
+/**
+ * Export audit chain to JSON string
+ */
+declare function exportChain(chain: AuditChain): string;
+/**
+ * Import audit chain from JSON string
+ */
+declare function importChain(data: string): Promise<AuditChain>;
+
+/**
+ * M2M Consensus Engine
+ *
+ * Core of Optropic's "Sovereign Physical Handshake".
+ * Two independent devices scan the same physical object and derive descriptors.
+ * The consensus engine determines if they match.
+ */
+interface CaptureConditions {
+    lightLevel?: 'low' | 'medium' | 'high';
+    distance?: number;
+    angle?: number;
+}
+interface PhysicalDescriptor {
+    dimensions: number[];
+    deviceId: string;
+    timestamp: string;
+    captureConditions?: CaptureConditions;
+}
+interface DimensionMatch {
+    dimension: number;
+    delta: number;
+    withinTolerance: boolean;
+}
+interface ConsensusResult {
+    trustEstablished: boolean;
+    confidence: number;
+    distance: number;
+    threshold: number;
+    descriptorDimensions: number;
+    matchDetails: DimensionMatch[];
+    auditToken: string;
+    timestamp: string;
+}
+interface ConsensusConfig {
+    threshold?: number;
+    minDimensions?: number;
+    maxTimeDeltaMs?: number;
+    requireAllDimensions?: boolean;
+}
+/**
+ * Compute Euclidean distance between two vectors
+ */
+declare function computeDistance(a: number[], b: number[]): number;
+/**
+ * Compute similarity score (1 / (1 + distance))
+ */
+declare function computeSimilarity(a: number[], b: number[]): number;
+/**
+ * Calibrate threshold using ROC analysis on labeled pairs
+ *
+ * @param knownMatches - Array of {a, b, isMatch} pairs
+ * @returns Optimal threshold value
+ */
+declare function calibrateThreshold(knownMatches: Array<{
+    a: PhysicalDescriptor;
+    b: PhysicalDescriptor;
+    isMatch: boolean;
+}>): number;
+/**
+ * Evaluate consensus between two descriptors
+ *
+ * @param descriptorA - First physical descriptor
+ * @param descriptorB - Second physical descriptor
+ * @param config - Configuration options
+ * @returns Consensus evaluation result
+ */
+declare function evaluateConsensus(descriptorA: PhysicalDescriptor, descriptorB: PhysicalDescriptor, config?: ConsensusConfig): ConsensusResult;
+
+/**
+ * M2M P2P Descriptor Exchange Protocol
+ *
+ * Protocol for exchanging descriptors between two devices without internet.
+ * Transport-agnostic (works over BLE, WiFi Direct, NFC, or TCP).
+ */
+
+interface P2PMessage {
+    type: 'handshake_init' | 'handshake_accept' | 'descriptor_exchange' | 'consensus_result' | 'error';
+    version: '1.0';
+    senderId: string;
+    recipientId?: string;
+    payload: unknown;
+    signature?: string;
+    timestamp: string;
+    nonce: string;
+}
+interface HandshakeInitPayload {
+    deviceId: string;
+    publicKey: string;
+    supportedAlgorithms: string[];
+    assetId: string;
+}
+interface HandshakeAcceptPayload {
+    deviceId: string;
+    publicKey: string;
+    selectedAlgorithm: string;
+    assetId: string;
+}
+interface DescriptorExchangePayload {
+    descriptor: PhysicalDescriptor;
+    assetId: string;
+    captureId: string;
+}
+interface ConsensusResultPayload {
+    consensusResult: ConsensusResult;
+    agreedByBoth: boolean;
+}
+interface ErrorPayload {
+    code: string;
+    message: string;
+    details?: Record<string, unknown>;
+}
+interface ValidationError {
+    field: string;
+    error: string;
+}
+interface ValidationResult$1 {
+    valid: boolean;
+    errors: ValidationError[];
+}
+/**
+ * Create a handshake initialization message
+ */
+declare function createHandshakeInit(deviceId: string, publicKey: string, assetId: string, supportedAlgorithms?: string[]): P2PMessage;
+/**
+ * Create a handshake acceptance message
+ */
+declare function createHandshakeAccept(initMessage: P2PMessage, deviceId: string, publicKey: string, selectedAlgorithm?: string): P2PMessage;
+/**
+ * Create a descriptor exchange message
+ */
+declare function createDescriptorExchange(deviceId: string, descriptor: PhysicalDescriptor, assetId: string, captureId?: string, recipientId?: string): P2PMessage;
+/**
+ * Create a consensus result message
+ */
+declare function createConsensusResultMessage(deviceId: string, result: ConsensusResult, agreedByBoth?: boolean, recipientId?: string): P2PMessage;
+/**
+ * Validate a P2P message
+ */
+declare function validateMessage(message: P2PMessage): ValidationResult$1;
+/**
+ * Serialize a P2P message to JSON + base64
+ */
+declare function serializeMessage(message: P2PMessage): string;
+/**
+ * Deserialize a P2P message from JSON + base64
+ */
+declare function deserializeMessage(data: string): P2PMessage;
+
+interface M2MChallenge {
+    readonly id: string;
+    readonly assetId: string;
+    readonly nonce: string;
+    readonly algorithm: 'ed25519';
+    readonly expiresAt: string;
+    readonly createdAt: string;
+}
+interface M2MVerifyRequest {
+    readonly challengeId: string;
+    readonly response: string;
+    readonly deviceId?: string;
+}
+interface M2MVerifyResult {
+    readonly valid: boolean;
+    readonly assetId: string;
+    readonly challengeId: string;
+    readonly verifiedAt: string;
+    readonly deviceId?: string;
+    readonly reason?: 'expired' | 'bad_signature' | 'revoked';
+}
+interface M2MDevice {
+    readonly deviceId: string;
+    readonly label: string;
+    readonly publicKey: string;
+    readonly status: 'active' | 'revoked';
+    readonly lastSeenAt?: string;
+    readonly createdAt: string;
+    readonly metadata?: Record<string, unknown>;
+}
+interface InitiateChallengeParams {
+    readonly assetId: string;
+    readonly algorithm?: 'ed25519';
+    readonly ttlSeconds?: number;
+}
+interface RegisterDeviceParams {
+    readonly label: string;
+    readonly publicKey: string;
+    readonly metadata?: Record<string, unknown>;
+}
+/**
+ * Machine-to-Machine physical authentication protocol.
+ *
+ * Enables challenge-response verification between devices and assets.
+ *
+ * @remarks
+ * M2M endpoints are in preview and require enterprise access.
+ *
+ * @example
+ * ```typescript
+ * // 1. Initiate a challenge
+ * const challenge = await client.m2m.initiateChallenge({ assetId: 'ast_abc' });
+ *
+ * // 2. Device signs the nonce (application-specific)
+ * const responseSig = device.sign(challenge.nonce);
+ *
+ * // 3. Verify the response
+ * const result = await client.m2m.verify({
+ *   challengeId: challenge.id,
+ *   response: responseSig,
+ * });
+ * console.log(result.valid); // true or false
+ * ```
+ */
+declare class M2MResource {
+    private readonly request;
+    constructor(request: RequestFn);
+    /**
+     * Initiate an M2M challenge for an asset.
+     */
+    initiateChallenge(params: InitiateChallengeParams): Promise<M2MChallenge>;
+    /**
+     * Verify an M2M challenge response.
+     */
+    verify(params: M2MVerifyRequest): Promise<M2MVerifyResult>;
+    /**
+     * Register a verifier device.
+     */
+    registerDevice(params: RegisterDeviceParams): Promise<M2MDevice>;
+    /**
+     * Get a verifier device by ID.
+     */
+    getDevice(deviceId: string): Promise<M2MDevice>;
+    /**
+     * List all registered verifier devices.
+     */
+    listDevices(): Promise<M2MDevice[]>;
+    /**
+     * Revoke a verifier device.
+     */
+    revokeDevice(deviceId: string): Promise<void>;
+    /**
+     * Evaluate consensus between two physical descriptors (local operation, no API call)
+     */
+    consensus(descriptorA: PhysicalDescriptor, descriptorB: PhysicalDescriptor, config?: ConsensusConfig): ConsensusResult;
+    /**
+     * Create a new local audit trail (no API call)
+     */
+    createAuditTrail(chainId?: string): AuditChain;
+    /**
+     * Verify audit trail integrity (local operation, no API call)
+     */
+    verifyAuditTrail(chain: AuditChain): Promise<{
+        valid: boolean;
+        brokenAt?: number;
+        error?: string;
+    }>;
+}
+
 /**
  * Provenance Resource
  *
@@ -711,6 +1261,41 @@ declare class SchemasResource {
     private stripUndefined;
 }
 
+/**
+ * Tenants Resource
+ *
+ * Tenant management and quota operations.
+ */
+
+interface GetUsageParams {
+    readonly period?: 'day' | 'week' | 'month' | 'billing_cycle';
+}
+interface GetUsageBreakdownParams {
+    readonly period?: string;
+    readonly groupBy?: 'endpoint' | 'key' | 'resource';
+}
+declare class TenantsResource {
+    private readonly request;
+    constructor(request: RequestFn);
+    /**
+     * Get information about the current tenant.
+     */
+    getCurrent(): Promise<Tenant>;
+    /**
+     * Get resource limits for the current tenant based on their plan.
+     */
+    getLimits(): Promise<TenantLimits>;
+    /**
+     * Get usage metrics for a specified period.
+     */
+    getUsage(params?: GetUsageParams): Promise<UsageReport>;
+    /**
+     * Get usage metrics broken down by endpoint, key, or resource.
+     */
+    getUsageBreakdown(params?: GetUsageBreakdownParams): Promise<EndpointUsage[]>;
+    private buildQuery;
+}
+
 /**
  * optropic - OptropicClient
  *
@@ -758,14 +1343,18 @@ declare class OptropicClient {
     private readonly retryConfig;
     private readonly _sandbox;
     private readonly _debug;
+    private _rateLimit;
     readonly assets: AssetsResource;
     readonly audit: AuditResource;
+    readonly batches: BatchesResource;
     readonly compliance: ComplianceResource;
     readonly documents: DocumentsResource;
     readonly keys: KeysResource;
     readonly keysets: KeysetsResource;
+    readonly m2m: M2MResource;
     readonly provenance: ProvenanceResource;
     readonly schemas: SchemasResource;
+    readonly tenants: TenantsResource;
     constructor(config: OptropicConfig);
     /** True when the client is in sandbox mode (test API key or explicit override). */
     get isSandbox(): boolean;
@@ -773,6 +1362,13 @@ declare class OptropicClient {
     get isLive(): boolean;
     /** Returns 'sandbox' or 'live'. */
     get environment(): 'sandbox' | 'live';
+    /** Last known rate limit status, updated after every API call. Returns null until the first request. */
+    get rateLimit(): RateLimitInfo | null;
+    /**
+     * Get quota information for the current API key.
+     * Based on the last known rate limit from previous API calls.
+     */
+    getQuota(): QuotaInfo;
     private redact;
     private logRequest;
     private logResponse;
@@ -938,6 +1534,12 @@ interface ConformityDeclaration {
     readonly issuedBy?: string;
     readonly validUntil?: string;
 }
+interface HazardousSubstanceEntry {
+    readonly name: string;
+    readonly casNumber?: string;
+    readonly concentration?: number;
+    readonly unit?: string;
+}
 interface BatteryPassportData {
     readonly type: 'battery';
     /** Battery chemistry (e.g., "NMC", "LFP", "NCA"). */
@@ -954,10 +1556,64 @@ interface BatteryPassportData {
     readonly lithiumContent?: number;
     /** Recycled cobalt percentage. */
     readonly recycledCobaltPercent?: number;
+    /** Recycled lithium percentage. */
+    readonly recycledLithiumPercent?: number;
+    /** Recycled nickel percentage. */
+    readonly recycledNickelPercent?: number;
+    /** Recycled lead percentage. */
+    readonly recycledLeadPercent?: number;
     /** Carbon footprint class (A-G). */
     readonly carbonClass?: string;
     /** Expected lifetime in charge cycles. */
     readonly expectedLifetimeCycles?: number;
+    /** URL to supply chain due diligence report. */
+    readonly dueDiligenceUrl?: string;
+    /** EU economic operator ID (mandatory Annex XIII). */
+    readonly manufacturerIdentification: string;
+    /** Manufacturing date in ISO 8601 format (mandatory Annex XIII). */
+    readonly manufacturingDate: string;
+    /** Facility location where battery was manufactured (mandatory Annex XIII). */
+    readonly manufacturingPlace: string;
+    /** Battery weight in kilograms (mandatory Annex XIII). */
+    readonly batteryWeight: number;
+    /** Battery status/lifecycle stage (mandatory Annex XIII). */
+    readonly batteryStatus: 'original' | 'repurposed' | 'remanufactured' | 'waste';
+    /** Rated capacity in Amp-hours (mandatory Annex XIII). */
+    readonly ratedCapacityAh: number;
+    /** Minimum voltage in Volts (mandatory Annex XIII). */
+    readonly voltageMinV: number;
+    /** Maximum voltage in Volts (mandatory Annex XIII). */
+    readonly voltageMaxV: number;
+    /** Nominal voltage in Volts (mandatory Annex XIII). */
+    readonly voltageNominalV: number;
+    /** Minimum operating temperature in Celsius (mandatory Annex XIII). */
+    readonly temperatureRangeMinC: number;
+    /** Maximum operating temperature in Celsius (mandatory Annex XIII). */
+    readonly temperatureRangeMaxC: number;
+    /** Original power capability in Watts (mandatory Annex XIII). */
+    readonly originalPowerCapabilityW: number;
+    /** Round-trip efficiency as percentage 0-100 (mandatory Annex XIII). */
+    readonly roundTripEfficiency: number;
+    /** Internal resistance in Ohms (mandatory Annex XIII). */
+    readonly internalResistanceOhm: number;
+    /** Detailed cell chemistry information (mandatory Annex XIII). */
+    readonly cellChemistryDetail: string;
+    /** List of hazardous substances contained in the battery (mandatory Annex XIII). */
+    readonly hazardousSubstances: HazardousSubstanceEntry[];
+    /** Carbon footprint value in kg CO2e per kWh (mandatory Annex XIII). */
+    readonly carbonFootprintPerKwh: number;
+    /** URL to carbon footprint study/report (mandatory Annex XIII). */
+    readonly carbonFootprintStudyUrl: string;
+    /** URL to supply chain due diligence policy (mandatory Annex XIII). */
+    readonly supplyChainDueDiligencePolicy: string;
+    /** Third-party verifier ID (e.g., notified body number) (mandatory Annex XIII). */
+    readonly thirdPartyVerifierId: string;
+    /** URL to battery dismantling/disassembly instructions (mandatory Annex XIII). */
+    readonly dismantlingInstructions: string;
+    /** URL to battery safety instructions/warnings (mandatory Annex XIII). */
+    readonly safetyInstructions: string;
+    /** Type of extinguishing agent suitable for battery fires (mandatory Annex XIII). */
+    readonly extinguishingAgent: string;
 }
 interface TextilePassportData {
     readonly type: 'textile';
@@ -1011,21 +1667,489 @@ declare function validateDPPMetadata(metadata: DPPMetadata): {
     valid: boolean;
     errors: string[];
 };
-
 /**
- * Webhook Signature Verification
- *
- * Verifies that incoming webhook payloads were signed by Optropic.
- * Uses the endpoint secret provided when the webhook was registered.
+ * Validate a battery passport against Annex XIII requirements.
+ * Returns validation result with all errors and warnings.
  *
- * @module optropic/webhooks
+ * @example
+ * ```typescript
+ * const result = validateBatteryPassport(batteryData);
+ * if (!result.valid) {
+ *   console.error('Validation errors:', result.errors);
+ *   console.warn('Warnings:', result.warnings);
+ * }
+ * ```
  */
-interface WebhookVerifyOptions {
-    /** Raw request body (string). Must not be parsed JSON. */
-    readonly payload: string;
-    /** Value of the `X-Optropic-Signature` header. Format: `sha256=<hex>` */
-    readonly signature: string;
-    /** Value of the `X-Optropic-Timestamp` header (unix seconds). */
+declare function validateBatteryPassport(data: BatteryPassportData): {
+    valid: boolean;
+    errors: string[];
+    warnings: string[];
+};
+/**
+ * Build a GS1 Digital Link URI for a battery passport.
+ * Creates a URL containing the battery's GTIN and serial number for QR encoding.
+ *
+ * @example
+ * ```typescript
+ * const uri = buildBatteryPassportQR({
+ *   productId: '04012345000010',
+ *   sectorData: { type: 'battery', ... }
+ * });
+ * // Returns: 'https://id.gs1.org/01/04012345000010/21/SN123'
+ * ```
+ */
+declare function buildBatteryPassportQR(metadata: DPPMetadata): string;
+
+/**
+ * GS1 Digital Link URI Parser & Resolver
+ *
+ * Supports parsing and building GS1 Digital Link URIs according to the
+ * GS1 Digital Link specification, with validation of GTIN check digits
+ * and mapping to Optropic asset lookups.
+ *
+ * @module optropic/gs1-resolver
+ */
+/**
+ * Supported GS1 Application Identifiers (AI).
+ * Maps AI numeric codes to human-readable names.
+ */
+type GS1ApplicationIdentifier = '01' | '21' | '10' | '11' | '17' | '3103' | '3922' | '8200' | '254' | '414';
+/**
+ * Parsed GS1 Digital Link URI component.
+ */
+interface GS1ParsedComponent {
+    readonly ai: GS1ApplicationIdentifier;
+    readonly value: string;
+    readonly label: string;
+}
+/**
+ * Fully parsed GS1 Digital Link URI.
+ */
+interface GS1ParsedURI {
+    readonly domain: string;
+    readonly gtin?: string;
+    readonly serialNumber?: string;
+    readonly batchLot?: string;
+    readonly productionDate?: string;
+    readonly expiryDate?: string;
+    readonly netWeightKg?: number;
+    readonly price?: string;
+    readonly url?: string;
+    readonly gln?: string;
+    readonly extension?: string;
+    readonly allComponents: GS1ParsedComponent[];
+    readonly queryParams?: Record<string, string>;
+}
+/**
+ * GS1 Digital Link URI builder input.
+ */
+interface GS1BuilderInput {
+    readonly domain?: string;
+    readonly gtin: string;
+    readonly serialNumber?: string;
+    readonly batchLot?: string;
+    readonly productionDate?: string;
+    readonly expiryDate?: string;
+    readonly netWeightKg?: number;
+    readonly price?: string;
+    readonly url?: string;
+    readonly gln?: string;
+    readonly extension?: string;
+    readonly queryParams?: Record<string, string>;
+}
+/**
+ * GTIN validation result.
+ */
+interface GTINValidationResult {
+    readonly valid: boolean;
+    readonly checkDigit: number;
+    readonly message: string;
+}
+/**
+ * GS1 Digital Link to Optropic mapping.
+ */
+interface OptropicAssetLookup {
+    readonly productId: string;
+    readonly serialNumber?: string;
+    readonly batchId?: string;
+    readonly lookupQuery: string;
+}
+/**
+ * QR code data payload configuration.
+ */
+interface QRCodePayload {
+    readonly type: 'gs1-digital-link' | 'url' | 'ean13';
+    readonly data: string;
+    readonly encodingMode: 'url' | 'raw';
+}
+/**
+ * Validate GTIN check digit using mod-10 algorithm.
+ * Works for GTIN-8, GTIN-12, GTIN-13, and GTIN-14.
+ *
+ * @example
+ * ```typescript
+ * const result = validateGTIN('04012345000010');
+ * console.log(result.valid); // true if check digit is correct
+ * ```
+ */
+declare function validateGTIN(gtin: string): GTINValidationResult;
+/**
+ * Parse a GS1 Digital Link URI into structured components.
+ *
+ * @example
+ * ```typescript
+ * const parsed = parseGS1DigitalLink(
+ *   'https://id.gs1.org/01/04012345000010/21/SN001'
+ * );
+ * console.log(parsed.gtin); // '04012345000010'
+ * console.log(parsed.serialNumber); // 'SN001'
+ * ```
+ */
+declare function parseGS1DigitalLink(uri: string): GS1ParsedURI;
+/**
+ * Build a GS1 Digital Link URI from components.
+ *
+ * @example
+ * ```typescript
+ * const uri = buildGS1DigitalLink({
+ *   gtin: '04012345000010',
+ *   serialNumber: 'SN001',
+ *   domain: 'https://id.optropic.com',
+ * });
+ * // Returns: 'https://id.optropic.com/01/04012345000010/21/SN001'
+ * ```
+ */
+declare function buildGS1DigitalLink(input: GS1BuilderInput): string;
+/**
+ * Map a parsed GS1 Digital Link to an Optropic asset lookup query.
+ *
+ * @example
+ * ```typescript
+ * const parsed = parseGS1DigitalLink('https://id.gs1.org/01/04012345000010/21/SN001');
+ * const lookup = mapToOptropicAsset(parsed);
+ * // Returns: { productId: '04012345000010', serialNumber: 'SN001', ... }
+ * ```
+ */
+declare function mapToOptropicAsset(parsed: GS1ParsedURI): OptropicAssetLookup;
+/**
+ * Generate a QR code payload suitable for GS1 Digital Link encoding.
+ *
+ * @example
+ * ```typescript
+ * const payload = generateQRCodePayload({
+ *   gtin: '04012345000010',
+ *   serialNumber: 'SN001',
+ * });
+ * // Returns: { type: 'gs1-digital-link', data: 'https://id.gs1.org/01/...', ... }
+ * ```
+ */
+declare function generateQRCodePayload(input: GS1BuilderInput): QRCodePayload;
+/**
+ * Check if a value is a valid GS1 Application Identifier.
+ */
+declare function isValidAI(ai: string): ai is GS1ApplicationIdentifier;
+/**
+ * Get human-readable label for a GS1 Application Identifier.
+ */
+declare function getAILabel(ai: GS1ApplicationIdentifier): string;
+/**
+ * Get all supported GS1 Application Identifiers.
+ */
+declare function getSupportedAIs(): GS1ApplicationIdentifier[];
+
+/**
+ * DPP Access Control Levels
+ *
+ * Implements tiered access control for EU Digital Product Passport data.
+ * Required before the EU DPP Registry launch (19 July 2026).
+ *
+ * The ESPR regulation mandates that DPP data is available at different
+ * levels depending on the requester's role:
+ *
+ * - **public**: Consumer-facing data (product name, manufacturer,
+ *   carbon footprint, recycled content, repairability score).
+ * - **authenticated**: Data available to verified supply chain partners
+ *   (substances of concern, sector-specific data, conformity declarations).
+ * - **regulatory**: Full dataset available to market surveillance
+ *   authorities (all fields + audit trail).
+ * - **owner**: Complete data including internal metadata, accessible
+ *   only to the economic operator who created the passport.
+ *
+ * @module optropic/dpp-access
+ */
+
+/**
+ * DPP access levels, ordered from least to most privileged.
+ */
+declare const DPPAccessLevel: {
+    /** Consumer-facing public data. */
+    readonly PUBLIC: "public";
+    /** Verified supply chain partner. */
+    readonly AUTHENTICATED: "authenticated";
+    /** Market surveillance authority. */
+    readonly REGULATORY: "regulatory";
+    /** Economic operator (data owner). */
+    readonly OWNER: "owner";
+    /**
+     * Check if a level has at least the privilege of another.
+     * Useful for authorization checks.
+     *
+     * @example
+     * ```typescript
+     * DPPAccessLevel.isAtLeast('regulatory', 'authenticated'); // true
+     * DPPAccessLevel.isAtLeast('public', 'regulatory');        // false
+     * ```
+     */
+    readonly isAtLeast: (level: DPPAccessLevelValue, required: DPPAccessLevelValue) => boolean;
+};
+type DPPAccessLevelValue = 'public' | 'authenticated' | 'regulatory' | 'owner';
+/**
+ * Defines which DPP fields are visible at each access level.
+ */
+interface DPPFieldVisibility {
+    /** Field name (matches DPPMetadata property). */
+    readonly field: string;
+    /** Minimum access level required to view this field. */
+    readonly minLevel: DPPAccessLevelValue;
+    /** Optional: override per DPP category. */
+    readonly categoryOverride?: Partial<Record<DPPCategory, DPPAccessLevelValue>>;
+}
+/**
+ * Complete access policy for a DPP dataset.
+ */
+interface DPPAccessPolicy {
+    /** Default access level applied when none is specified. */
+    readonly defaultLevel: DPPAccessLevelValue;
+    /** Per-field visibility rules. */
+    readonly fields: DPPFieldVisibility[];
+    /** Whether redacted fields show "[REDACTED]" or are omitted entirely. */
+    readonly redactionMode: 'omit' | 'placeholder';
+}
+/**
+ * Context for an access control decision.
+ */
+interface DPPAccessContext {
+    /** The requester's access level. */
+    readonly level: DPPAccessLevelValue;
+    /** Optional: the specific DPP category (for category-specific overrides). */
+    readonly category?: DPPCategory;
+    /** Optional: if true, include redaction markers instead of omitting fields. */
+    readonly showRedacted?: boolean;
+}
+/**
+ * Get the default DPP access policy.
+ *
+ * Returns the policy that aligns with ESPR and EU Battery Regulation
+ * requirements. Can be customized per tenant via the API's compliance
+ * configuration.
+ *
+ * @param overrides - Optional field visibility overrides.
+ * @returns The access policy.
+ */
+declare function getDPPAccessPolicy(overrides?: DPPFieldVisibility[]): DPPAccessPolicy;
+/**
+ * Filter DPP metadata based on the requester's access level.
+ *
+ * Returns a new object containing only the fields the requester
+ * is authorized to see. Fields below the access threshold are
+ * either omitted or replaced with "[REDACTED]" placeholders.
+ *
+ * @param metadata - Full DPP metadata object (all fields).
+ * @param context - Access context (level, category, redaction preference).
+ * @param policy - Optional custom access policy; uses default if omitted.
+ * @returns Filtered metadata object.
+ *
+ * @example
+ * ```typescript
+ * import { filterDPPByAccess, DPPAccessLevel } from 'optropic';
+ *
+ * // Consumer view — only public fields
+ * const publicView = filterDPPByAccess(fullMetadata, {
+ *   level: DPPAccessLevel.PUBLIC,
+ *   category: 'battery',
+ * });
+ *
+ * // Regulatory view — full access
+ * const regulatoryView = filterDPPByAccess(fullMetadata, {
+ *   level: DPPAccessLevel.REGULATORY,
+ *   category: 'battery',
+ *   showRedacted: true,
+ * });
+ * ```
+ */
+declare function filterDPPByAccess(metadata: Record<string, unknown>, context: DPPAccessContext, policy?: DPPAccessPolicy): Record<string, unknown>;
+
+/**
+ * EPCIS 2.0 Event Type Mapping
+ *
+ * Maps Optropic provenance events to GS1 EPCIS 2.0 event types and
+ * vocabularies. Enables interoperability with supply chain systems that
+ * speak EPCIS (SAP, Oracle, TraceLink, etc.) and aligns with
+ * DIN SPEC 91406 product identification.
+ *
+ * EPCIS 2.0 spec: GS1 General Specification §7 + EPCIS/CBV 2.0
+ * @see https://www.gs1.org/standards/epcis
+ *
+ * @module optropic/epcis
+ */
+
+/**
+ * GS1 EPCIS 2.0 top-level event types.
+ *
+ * - ObjectEvent: observation of one or more objects
+ * - AggregationEvent: parent-child containment (packing, unpacking)
+ * - TransactionEvent: link to business transaction
+ * - TransformationEvent: input→output manufacturing step
+ * - AssociationEvent: non-containment relationship (sensor association)
+ */
+type EPCISEventType = 'ObjectEvent' | 'AggregationEvent' | 'TransactionEvent' | 'TransformationEvent' | 'AssociationEvent';
+/**
+ * GS1 Core Business Vocabulary (CBV) 2.0 — Business Step values.
+ * Subset most relevant for DPP / provenance chains.
+ */
+type EPCISBizStep = 'urn:epcglobal:cbv:bizstep:commissioning' | 'urn:epcglobal:cbv:bizstep:shipping' | 'urn:epcglobal:cbv:bizstep:receiving' | 'urn:epcglobal:cbv:bizstep:inspecting' | 'urn:epcglobal:cbv:bizstep:destroying' | 'urn:epcglobal:cbv:bizstep:encoding' | 'urn:epcglobal:cbv:bizstep:packing' | 'urn:epcglobal:cbv:bizstep:unpacking' | 'urn:epcglobal:cbv:bizstep:transforming' | 'urn:epcglobal:cbv:bizstep:holding' | 'urn:epcglobal:cbv:bizstep:transporting' | 'urn:epcglobal:cbv:bizstep:repairing' | 'urn:epcglobal:cbv:bizstep:cycle_counting' | 'urn:epcglobal:cbv:bizstep:decommissioning' | 'urn:epcglobal:cbv:bizstep:retail_selling' | 'urn:epcglobal:cbv:bizstep:void_shipping' | string;
+/**
+ * GS1 CBV 2.0 — Disposition values.
+ */
+type EPCISDisposition = 'urn:epcglobal:cbv:disp:active' | 'urn:epcglobal:cbv:disp:in_transit' | 'urn:epcglobal:cbv:disp:recalled' | 'urn:epcglobal:cbv:disp:destroyed' | 'urn:epcglobal:cbv:disp:in_progress' | 'urn:epcglobal:cbv:disp:encoded' | 'urn:epcglobal:cbv:disp:inactive' | 'urn:epcglobal:cbv:disp:needs_replacement' | 'urn:epcglobal:cbv:disp:returned' | string;
+/**
+ * Result of mapping an Optropic provenance event to EPCIS 2.0.
+ */
+interface EPCISMapping {
+    /** The EPCIS event type. */
+    readonly eventType: EPCISEventType;
+    /** CBV business step URN. */
+    readonly bizStep: EPCISBizStep;
+    /** CBV disposition URN (state of the object after the event). */
+    readonly disposition: EPCISDisposition;
+    /** Whether this is a one-to-one mapping (true) or a best-effort approximation. */
+    readonly exact: boolean;
+    /** Human-readable description of the mapping rationale. */
+    readonly note: string;
+}
+/**
+ * Full EPCIS 2.0 event document, ready for JSON-LD serialization.
+ * Conforms to the EPCIS 2.0 JSON/JSON-LD binding.
+ */
+interface EPCISEventDocument {
+    /** JSON-LD context. */
+    readonly '@context': (string | Record<string, string>)[];
+    /** EPCIS document type. */
+    readonly type: 'EPCISDocument';
+    /** Schema version. */
+    readonly schemaVersion: '2.0';
+    /** Creation date. */
+    readonly creationDate: string;
+    /** The EPCIS event body. */
+    readonly epcisBody: {
+        readonly eventList: EPCISEvent[];
+    };
+}
+/**
+ * A single EPCIS 2.0 event in the JSON-LD representation.
+ */
+interface EPCISEvent {
+    readonly type: EPCISEventType;
+    readonly eventTime: string;
+    readonly eventTimeZoneOffset: string;
+    readonly bizStep: EPCISBizStep;
+    readonly disposition: EPCISDisposition;
+    /** EPC list (mapped from Optropic asset IDs). */
+    readonly epcList?: string[];
+    /** Read point (location where event occurred). */
+    readonly readPoint?: {
+        readonly id: string;
+    };
+    /** Business location. */
+    readonly bizLocation?: {
+        readonly id: string;
+    };
+    /** Optropic-specific extension fields. */
+    readonly 'optropic:provenanceEventId'?: string;
+    readonly 'optropic:chainSequence'?: number;
+    readonly 'optropic:eventHash'?: string;
+}
+/**
+ * Get the EPCIS 2.0 mapping for an Optropic provenance event type.
+ *
+ * @example
+ * ```typescript
+ * import { mapToEPCIS } from 'optropic';
+ *
+ * const mapping = mapToEPCIS('manufactured');
+ * console.log(mapping.eventType);  // 'TransformationEvent'
+ * console.log(mapping.bizStep);    // 'urn:epcglobal:cbv:bizstep:commissioning'
+ * ```
+ */
+declare function mapToEPCIS(eventType: ProvenanceEventType): EPCISMapping;
+/**
+ * Get the full mapping table (useful for documentation / UI display).
+ */
+declare function getEPCISMappingTable(): Readonly<Record<ProvenanceEventType, EPCISMapping>>;
+/**
+ * Convert an Optropic ProvenanceEvent into an EPCIS 2.0 JSON-LD event.
+ *
+ * This produces a single EPCIS event object suitable for inclusion
+ * in an EPCISDocument's eventList. The output follows the EPCIS 2.0
+ * JSON/JSON-LD binding specification.
+ *
+ * @param event - Optropic provenance event from the API.
+ * @param options - Optional conversion settings.
+ * @returns EPCIS 2.0 event object.
+ *
+ * @example
+ * ```typescript
+ * const provenanceEvent = await client.provenance.get('evt-123');
+ * const epcisEvent = toEPCISEvent(provenanceEvent);
+ * ```
+ */
+declare function toEPCISEvent(event: ProvenanceEvent, options?: ToEPCISEventOptions): EPCISEvent;
+/**
+ * Wrap one or more EPCIS events in a full EPCISDocument (JSON-LD).
+ *
+ * @param events - Array of EPCIS events.
+ * @returns Complete EPCIS 2.0 document, ready for JSON serialization.
+ *
+ * @example
+ * ```typescript
+ * const chain = await client.provenance.getChain('asset-123');
+ * const events = chain.events.map(e => toEPCISEvent(e));
+ * const doc = buildEPCISDocument(events);
+ * // doc is ready for JSON.stringify() or system ingestion
+ * ```
+ */
+declare function buildEPCISDocument(events: EPCISEvent[]): EPCISEventDocument;
+/**
+ * Convert a full Optropic provenance chain to an EPCIS 2.0 document.
+ *
+ * Convenience method that combines toEPCISEvent + buildEPCISDocument.
+ *
+ * @param events - Array of Optropic provenance events.
+ * @param options - Optional conversion settings.
+ * @returns Complete EPCIS 2.0 JSON-LD document.
+ */
+declare function provenanceChainToEPCIS(events: ProvenanceEvent[], options?: ToEPCISEventOptions): EPCISEventDocument;
+interface ToEPCISEventOptions {
+    /** Timezone offset for eventTime (default: '+00:00'). */
+    readonly timezoneOffset?: string;
+    /** GS1 company prefix for EPC URI generation. */
+    readonly gs1CompanyPrefix?: string;
+}
+
+/**
+ * Webhook Signature Verification
+ *
+ * Verifies that incoming webhook payloads were signed by Optropic.
+ * Uses the endpoint secret provided when the webhook was registered.
+ *
+ * @module optropic/webhooks
+ */
+interface WebhookVerifyOptions {
+    /** Raw request body (string). Must not be parsed JSON. */
+    readonly payload: string;
+    /** Value of the `X-Optropic-Signature` header. Format: `sha256=<hex>` */
+    readonly signature: string;
+    /** Value of the `X-Optropic-Timestamp` header (unix seconds). */
     readonly timestamp: string;
     /** The endpoint secret from webhook registration. */
     readonly secret: string;
@@ -1324,6 +2448,1692 @@ declare function createErrorFromResponse(statusCode: number, body: {
     requestId?: string;
 }): OptropicError;
 
-declare const SDK_VERSION = "2.3.0";
+/**
+ * STANAG 2290 Defence Module - NATO Unique Identification (UID)
+ *
+ * Implements NATO standard for Unique Identification of items per STANAG 2290.
+ * Supports CAGE/NCAGE codes, MIL-STD-130 Data Matrix encoding, and NATO classification.
+ *
+ * @module stanag/uid
+ */
+/**
+ * NATO Classification levels per STANAG 2290
+ */
+type StanagClassification = 'UNCLASSIFIED' | 'RESTRICTED' | 'CONFIDENTIAL' | 'SECRET' | 'NATO_SECRET' | 'COSMIC_TOP_SECRET';
+/**
+ * Handling caveats for NATO classified material
+ */
+type HandlingCaveat = 'NOFORN' | 'REL_NATO' | 'REL_FVEY' | 'ORCON' | 'PROPIN' | 'RELIDO';
+/**
+ * UID encoding standards
+ */
+type UIDEncoding = 'IUID' | 'UID2' | 'DMRL';
+/**
+ * NATO UID data structure per STANAG 2290
+ *
+ * @example
+ * ```typescript
+ * const uid: NATOUIDData = {
+ *   cage_ncage: '12345',
+ *   partNumber: 'LM-9876-C',
+ *   serialNumber: 'SN-2024-001',
+ *   encoding: 'IUID',
+ * };
+ * ```
+ */
+interface NATOUIDData {
+    /**
+     * CAGE (Commercial and Government Entity) or NCAGE code (5 characters)
+     * Required for all NATO UIDs
+     */
+    cage_ncage: string;
+    /**
+     * Part/model identifier
+     * Unique within the CAGE/NCAGE
+     */
+    partNumber: string;
+    /**
+     * Unique serial number for this instance
+     */
+    serialNumber: string;
+    /**
+     * Optional batch or lot identifier
+     */
+    batchLot?: string;
+    /**
+     * Enterprise ID (DUNS or equivalent)
+     */
+    enterpriseId?: string;
+    /**
+     * UID encoding standard
+     */
+    encoding: UIDEncoding;
+}
+/**
+ * Batch of NATO UIDs
+ */
+interface UIDBatch {
+    /**
+     * Unique batch identifier
+     */
+    batchId: string;
+    /**
+     * UIDs in this batch
+     */
+    items: NATOUIDData[];
+    /**
+     * Batch creation timestamp
+     */
+    createdAt: string;
+    /**
+     * Batch status
+     */
+    status: 'pending' | 'verified' | 'enrolled' | 'revoked';
+}
+/**
+ * Shelf life information per MIL-HDBK-145
+ */
+interface ShelfLife {
+    /**
+     * Manufacturing date (ISO 8601)
+     */
+    manufacturedDate: string;
+    /**
+     * Expiration/shelf life end date (ISO 8601)
+     */
+    expiryDate: string;
+    /**
+     * Shelf life type per MIL-HDBK-145
+     * TYPE_I: Stable at room temperature
+     * TYPE_II: Requires controlled temperature
+     * TYPE_III: Requires special storage conditions
+     */
+    type: 'TYPE_I' | 'TYPE_II' | 'TYPE_III';
+    /**
+     * Inspection interval in days
+     */
+    inspectionIntervalDays?: number;
+}
+/**
+ * Defence-specific metadata for NATO assets
+ */
+interface DefenceMetadata {
+    /**
+     * NATO classification level
+     */
+    classification: StanagClassification;
+    /**
+     * Handling caveats
+     */
+    handlingCaveats: HandlingCaveat[];
+    /**
+     * Organizations/coalitions this is releasable to
+     * e.g., ["NATO", "FVEY", "EU"]
+     */
+    releasableTo: string[];
+    /**
+     * Shelf life information
+     */
+    shelfLife?: ShelfLife;
+    /**
+     * Maintenance interval in days
+     */
+    maintenanceInterval?: number;
+    /**
+     * NATO Stock Number (NSN) - 13 digits
+     */
+    nsn?: string;
+    /**
+     * Defence Material Reference List reference
+     */
+    dmrl?: string;
+}
+/**
+ * Encodes NATO UID data into MIL-STD-130 Data Matrix format.
+ *
+ * Format: DI "25S" + CAGE/NCAGE + part number + serial number
+ *
+ * @param data - NATO UID data to encode
+ * @returns Encoded NATO UID string
+ *
+ * @example
+ * ```typescript
+ * const encoded = encodeNATOUID({
+ *   cage_ncage: '12345',
+ *   partNumber: 'LM-9876',
+ *   serialNumber: 'SN-2024-001',
+ *   encoding: 'IUID',
+ * });
+ * // Returns: "25S12345LM-9876SN-2024-001"
+ * ```
+ */
+declare function encodeNATOUID(data: NATOUIDData): string;
+/**
+ * Decodes a MIL-STD-130 encoded NATO UID back to NATOUIDData.
+ *
+ * @param encoded - Encoded NATO UID string
+ * @returns Decoded NATO UID data
+ * @throws {Error} If the encoded string is invalid
+ *
+ * @example
+ * ```typescript
+ * const decoded = decodeNATOUID("25S12345LM-9876SN-2024-001");
+ * // Returns: {
+ * //   cage_ncage: '12345',
+ * //   partNumber: 'LM-9876',
+ * //   serialNumber: 'SN-2024-001',
+ * //   encoding: 'IUID'
+ * // }
+ * ```
+ */
+declare function decodeNATOUID(encoded: string): NATOUIDData;
+/**
+ * Validates a NATO UID string format.
+ *
+ * @param uid - NATO UID string to validate
+ * @returns Validation result with errors if invalid
+ *
+ * @example
+ * ```typescript
+ * const result = validateNATOUID("25S12345LM-9876SN-2024-001");
+ * if (result.valid) {
+ *   console.log('Valid NATO UID');
+ * }
+ * ```
+ */
+declare function validateNATOUID(uid: string): {
+    valid: boolean;
+    errors: string[];
+};
+/**
+ * Maps a NATO UID to Optropic asset creation parameters.
+ *
+ * @param uid - NATO UID data
+ * @returns Object with assetId and metadata for Optropic asset creation
+ *
+ * @example
+ * ```typescript
+ * const mapped = mapNATOUIDToOptropic({
+ *   cage_ncage: '12345',
+ *   partNumber: 'LM-9876',
+ *   serialNumber: 'SN-2024-001',
+ *   encoding: 'IUID',
+ * });
+ * ```
+ */
+declare function mapNATOUIDToOptropic(uid: NATOUIDData): {
+    assetId: string;
+    metadata: Record<string, unknown>;
+};
+/**
+ * Maps Optropic asset data back to NATO UID format.
+ *
+ * @param assetId - The Optropic asset ID
+ * @param metadata - Asset metadata
+ * @returns NATO UID data
+ * @throws {Error} If metadata is missing required fields
+ */
+declare function mapOptropicToNATOUID(_assetId: string, metadata: Record<string, unknown>): NATOUIDData;
+/**
+ * Builds defence metadata for a NATO asset.
+ *
+ * @param classification - NATO classification level
+ * @param caveats - Optional handling caveats
+ * @param shelfLife - Optional shelf life information
+ * @returns Complete defence metadata
+ *
+ * @example
+ * ```typescript
+ * const metadata = buildDefenceMetadata('CONFIDENTIAL', ['NOFORN'], {
+ *   manufacturedDate: '2024-01-01T00:00:00Z',
+ *   expiryDate: '2026-01-01T00:00:00Z',
+ *   type: 'TYPE_I',
+ * });
+ * ```
+ */
+declare function buildDefenceMetadata(classification: StanagClassification, caveats?: HandlingCaveat[], shelfLife?: ShelfLife): DefenceMetadata;
+/**
+ * Validates that a metadata/classification combination is consistent
+ *
+ * @param metadata - Defence metadata to validate
+ * @returns Validation result
+ */
+declare function validateDefenceMetadata(metadata: DefenceMetadata): {
+    valid: boolean;
+    errors: string[];
+};
+
+/**
+ * STANAG 2106 Supply Chain & Logistics Module
+ *
+ * Implements NATO supply chain tracking and logistics movement mapping
+ * per STANAG 2106 and related standards.
+ *
+ * @module stanag/logistics
+ */
+/**
+ * NATO Supply Classification (I-X)
+ */
+type SupplyClass = 'I' | 'II' | 'III' | 'IV' | 'V' | 'VI' | 'VII' | 'VIII' | 'IX' | 'X';
+/**
+ * Priority designator for logistics movements
+ */
+type PriorityDesignator = 'IMMEDIATE' | 'PRIORITY' | 'ROUTINE' | 'DEFERRED';
+/**
+ * Logistics movement type
+ */
+type LogisticsMovementType = 'manufacture' | 'receipt' | 'inspection' | 'storage' | 'issue' | 'transport' | 'delivery' | 'maintenance' | 'repair' | 'disposal' | 'destruction' | 'transfer' | 'inventory';
+/**
+ * Condition status of equipment
+ */
+type ConditionStatus = 'serviceable' | 'unserviceable' | 'condemned' | 'obsolete' | 'pending_inspection' | 'under_maintenance' | 'reparable';
+/**
+ * NATO Logistics Movement Record per STANAG 2106
+ *
+ * @example
+ * ```typescript
+ * const movement: LogisticsMovement = {
+ *   movementId: 'LM-2024-001',
+ *   itemUID: '25S12345LM-9876SN-001',
+ *   movementType: 'receipt',
+ *   supplyClass: 'VII',
+ *   priority: 'PRIORITY',
+ *   location: {
+ *     facility: 'NATO Base Bydgoszcz',
+ *     coordinates: { lat: 52.1613, lon: 23.1360 },
+ *   },
+ *   timestamp: '2024-03-31T14:30:00Z',
+ *   condition: 'serviceable',
+ *   custodian: 'Polish Armed Forces',
+ * };
+ * ```
+ */
+interface LogisticsMovement {
+    /**
+     * Unique movement identifier
+     */
+    movementId: string;
+    /**
+     * NATO UID of the item
+     */
+    itemUID: string;
+    /**
+     * Type of movement
+     */
+    movementType: LogisticsMovementType;
+    /**
+     * NATO supply class (I-X)
+     */
+    supplyClass: SupplyClass;
+    /**
+     * Priority of this movement
+     */
+    priority: PriorityDesignator;
+    /**
+     * Location information
+     */
+    location: {
+        facility?: string;
+        coordinates?: {
+            lat: number;
+            lon: number;
+        };
+        militaryGrid?: string;
+    };
+    /**
+     * Timestamp of movement (ISO 8601)
+     */
+    timestamp: string;
+    /**
+     * Equipment condition status
+     */
+    condition: ConditionStatus;
+    /**
+     * Custodian/responsible party
+     */
+    custodian: string;
+    /**
+     * Optional remarks
+     */
+    remarks?: string;
+    /**
+     * Authorized by (person/unit)
+     */
+    authorizedBy?: string;
+    /**
+     * Transport method if applicable
+     */
+    transportMethod?: 'air' | 'sea' | 'rail' | 'road' | 'pipeline' | 'other';
+    /**
+     * Receiving party (if applicable)
+     */
+    receivingParty?: string;
+}
+/**
+ * Readiness thresholds for evaluating supply chain status
+ */
+interface ReadinessThresholds {
+    /**
+     * Maximum age of inventory without inspection (days)
+     */
+    maxInventoryAgeDays?: number;
+    /**
+     * Maximum allowed unserviceable percentage
+     */
+    maxUnserviceablePercent?: number;
+    /**
+     * Required maintenance compliance percentage
+     */
+    requiredMaintenancePercent?: number;
+    /**
+     * Maximum transport time (hours)
+     */
+    maxTransportHours?: number;
+}
+/**
+ * Readiness score from logistics analysis
+ */
+interface ReadinessScore {
+    /**
+     * Overall readiness percentage (0-100)
+     */
+    overall: number;
+    /**
+     * Serviceable inventory percentage
+     */
+    serviceablePercent: number;
+    /**
+     * Maintenance compliance percentage
+     */
+    maintenanceCompliance: number;
+    /**
+     * Days since last inspection (all items)
+     */
+    daysSinceInspection: number;
+    /**
+     * Transport efficiency score
+     */
+    transportEfficiency: number;
+    /**
+     * Recommendations for readiness improvement
+     */
+    recommendations: string[];
+    /**
+     * Assessment timestamp
+     */
+    assessmentAt: string;
+}
+/**
+ * Maps a NATO logistics movement to an Optropic ProvenanceEvent.
+ *
+ * Creates a provenance event from a logistics movement record for
+ * integration with Optropic's provenance tracking system.
+ *
+ * @param movement - NATO logistics movement
+ * @returns Optropic provenance event
+ *
+ * @example
+ * ```typescript
+ * const movement: LogisticsMovement = {
+ *   movementId: 'LM-2024-001',
+ *   itemUID: '25S12345LM-9876SN-001',
+ *   movementType: 'receipt',
+ *   supplyClass: 'VII',
+ *   priority: 'PRIORITY',
+ *   location: { facility: 'NATO Base' },
+ *   timestamp: '2024-03-31T14:30:00Z',
+ *   condition: 'serviceable',
+ *   custodian: 'Polish Armed Forces',
+ * };
+ *
+ * const event = mapMovementToProvenance(movement);
+ * ```
+ */
+interface ProvenanceMappingResult {
+    eventType: string;
+    timestamp: string;
+    actor: string;
+    location?: {
+        facility?: string;
+        coordinates?: {
+            lat: number;
+            lng: number;
+        };
+    };
+    metadata: Record<string, unknown>;
+}
+declare function mapMovementToProvenance(movement: LogisticsMovement): ProvenanceMappingResult;
+/**
+ * Calculates readiness score from a series of logistics movements.
+ *
+ * Evaluates supply chain health and operational readiness based on:
+ * - Equipment condition status
+ * - Inspection frequency
+ * - Maintenance compliance
+ * - Transport efficiency
+ *
+ * @param movements - Array of logistics movements
+ * @param thresholds - Optional readiness thresholds
+ * @returns Readiness score and recommendations
+ *
+ * @example
+ * ```typescript
+ * const movements: LogisticsMovement[] = [...];
+ * const score = calculateReadiness(movements, {
+ *   maxInventoryAgeDays: 365,
+ *   maxUnserviceablePercent: 10,
+ *   requiredMaintenancePercent: 95,
+ * });
+ * console.log(`Readiness: ${score.overall}%`);
+ * ```
+ */
+declare function calculateReadiness(movements: LogisticsMovement[], thresholds?: ReadinessThresholds): ReadinessScore;
+/**
+ * Validates a logistics movement record
+ *
+ * @param movement - Logistics movement to validate
+ * @returns Validation result
+ */
+declare function validateLogisticsMovement(movement: LogisticsMovement): {
+    valid: boolean;
+    errors: string[];
+};
+
+/**
+ * Multi-Tenant Platform Module
+ *
+ * Provides complete multi-tenant organization management, RLS (Row-Level Security),
+ * member management, and admin APIs for enterprise Optropic deployments.
+ *
+ * @module multi-tenant/platform
+ */
+/**
+ * Organization plan tier
+ */
+type OrgPlanTier = 'starter' | 'professional' | 'enterprise' | 'sovereign';
+/**
+ * Organization status
+ */
+type OrgStatus = 'active' | 'suspended' | 'pending';
+/**
+ * Tenant role with associated permission levels
+ */
+type TenantRole = 'owner' | 'admin' | 'member' | 'viewer' | 'auditor';
+/**
+ * Member status in tenant
+ */
+type MemberStatus = 'active' | 'invited' | 'suspended';
+/**
+ * Invite status
+ */
+type InviteStatus = 'pending' | 'accepted' | 'expired' | 'revoked';
+/**
+ * Data residency requirement per compliance framework
+ */
+type DataResidency = 'eu' | 'eu-sovereign' | 'de-only';
+/**
+ * RLS resource type
+ */
+type RLSResourceType = 'assets' | 'documents' | 'keys' | 'audit' | 'provenance';
+/**
+ * RLS action
+ */
+type RLSAction = 'read' | 'write' | 'delete' | 'admin';
+/**
+ * RLS condition operator
+ */
+type RLSOperator = 'eq' | 'neq' | 'in' | 'not_in' | 'contains' | 'starts_with' | 'gt' | 'lt';
+/**
+ * Organization settings with compliance and security controls
+ *
+ * @example
+ * ```typescript
+ * const settings: OrganizationSettings = {
+ *   defaultClassification: 'CONFIDENTIAL',
+ *   dataResidency: 'eu-sovereign',
+ *   retentionDays: 2555,
+ *   mfaRequired: true,
+ *   ipAllowList: ['10.0.0.0/8'],
+ *   webhookSigningAlgorithm: 'ed25519',
+ * };
+ * ```
+ */
+interface OrganizationSettings {
+    /**
+     * Default classification level for new assets
+     */
+    defaultClassification: string;
+    /**
+     * Required data residency location
+     */
+    dataResidency: DataResidency;
+    /**
+     * Data retention period in days
+     */
+    retentionDays: number;
+    /**
+     * Require MFA for all users
+     */
+    mfaRequired: boolean;
+    /**
+     * Allowed IP ranges (CIDR notation)
+     */
+    ipAllowList?: string[];
+    /**
+     * Webhook signing algorithm
+     */
+    webhookSigningAlgorithm: 'hmac-sha256' | 'ed25519';
+    /**
+     * Custom metadata
+     */
+    customMetadata?: Record<string, unknown>;
+}
+/**
+ * Organization entity representing a tenant
+ *
+ * @example
+ * ```typescript
+ * const org: Organization = {
+ *   id: 'org_12345',
+ *   name: 'ACME Corp',
+ *   slug: 'acme-corp',
+ *   plan: 'enterprise',
+ *   status: 'active',
+ *   settings: { ... },
+ *   createdAt: '2024-01-01T00:00:00Z',
+ *   updatedAt: '2024-03-31T00:00:00Z',
+ * };
+ * ```
+ */
+interface Organization {
+    /**
+     * Unique organization ID
+     */
+    id: string;
+    /**
+     * Organization display name
+     */
+    name: string;
+    /**
+     * URL-safe slug for the organization
+     */
+    slug: string;
+    /**
+     * Service plan tier
+     */
+    plan: OrgPlanTier;
+    /**
+     * Current status
+     */
+    status: OrgStatus;
+    /**
+     * Organization settings
+     */
+    settings: OrganizationSettings;
+    /**
+     * Creation timestamp
+     */
+    createdAt: string;
+    /**
+     * Last update timestamp
+     */
+    updatedAt: string;
+}
+/**
+ * Tenant member with role and permissions
+ *
+ * @example
+ * ```typescript
+ * const member: TenantMember = {
+ *   userId: 'user_abc123',
+ *   email: 'alice@example.com',
+ *   role: 'admin',
+ *   status: 'active',
+ *   joinedAt: '2024-01-15T00:00:00Z',
+ *   permissions: ['assets:read', 'assets:write', 'audit:read'],
+ * };
+ * ```
+ */
+interface TenantMember {
+    /**
+     * Unique user ID
+     */
+    userId: string;
+    /**
+     * User email address
+     */
+    email: string;
+    /**
+     * Role in the tenant
+     */
+    role: TenantRole;
+    /**
+     * Current membership status
+     */
+    status: MemberStatus;
+    /**
+     * When user joined
+     */
+    joinedAt: string;
+    /**
+     * Last active timestamp
+     */
+    lastActiveAt?: string;
+    /**
+     * Explicit permissions (overrides role defaults)
+     */
+    permissions: string[];
+}
+/**
+ * Tenant invitation to join an organization
+ *
+ * @example
+ * ```typescript
+ * const invite: TenantInvite = {
+ *   id: 'invite_xyz789',
+ *   email: 'newuser@example.com',
+ *   role: 'member',
+ *   invitedBy: 'user_abc123',
+ *   expiresAt: '2024-04-30T00:00:00Z',
+ *   status: 'pending',
+ * };
+ * ```
+ */
+interface TenantInvite {
+    /**
+     * Unique invite ID
+     */
+    id: string;
+    /**
+     * Email address being invited
+     */
+    email: string;
+    /**
+     * Role to assign on acceptance
+     */
+    role: TenantRole;
+    /**
+     * User who issued the invite
+     */
+    invitedBy: string;
+    /**
+     * Invite expiration time
+     */
+    expiresAt: string;
+    /**
+     * Current invite status
+     */
+    status: InviteStatus;
+}
+/**
+ * RLS condition for access control
+ *
+ * @example
+ * ```typescript
+ * const condition: RLSCondition = {
+ *   field: 'tenantId',
+ *   operator: 'eq',
+ *   value: 'org_12345',
+ * };
+ * ```
+ */
+interface RLSCondition {
+    /**
+     * Field name to evaluate
+     */
+    field: string;
+    /**
+     * Comparison operator
+     */
+    operator: RLSOperator;
+    /**
+     * Value(s) to compare against
+     */
+    value: string | string[] | number;
+}
+/**
+ * Row-Level Security (RLS) Policy for fine-grained access control
+ *
+ * @example
+ * ```typescript
+ * const policy: RLSPolicy = {
+ *   id: 'policy_123',
+ *   tenantId: 'org_12345',
+ *   resourceType: 'assets',
+ *   action: 'read',
+ *   condition: { field: 'tenantId', operator: 'eq', value: 'org_12345' },
+ *   priority: 100,
+ *   enabled: true,
+ * };
+ * ```
+ */
+interface RLSPolicy {
+    /**
+     * Unique policy ID
+     */
+    id: string;
+    /**
+     * Tenant this policy applies to
+     */
+    tenantId: string;
+    /**
+     * Resource type being protected
+     */
+    resourceType: RLSResourceType;
+    /**
+     * Action being controlled
+     */
+    action: RLSAction;
+    /**
+     * Condition to enforce
+     */
+    condition: RLSCondition;
+    /**
+     * Policy priority (higher = evaluated first)
+     */
+    priority: number;
+    /**
+     * Whether this policy is active
+     */
+    enabled: boolean;
+}
+/**
+ * Usage quota and limit tracking per tenant
+ *
+ * @example
+ * ```typescript
+ * const quota: TenantUsageQuota = {
+ *   tenantId: 'org_12345',
+ *   period: 'monthly',
+ *   limits: { assets: 10000, verifications: 100000, apiCalls: 1000000, storage_mb: 1048576 },
+ *   current: { assets: 2500, verifications: 45000, apiCalls: 500000, storage_mb: 512000 },
+ *   resetAt: '2024-04-01T00:00:00Z',
+ * };
+ * ```
+ */
+interface TenantUsageQuota {
+    /**
+     * Tenant ID
+     */
+    tenantId: string;
+    /**
+     * Quota period
+     */
+    period: 'daily' | 'monthly';
+    /**
+     * Resource limits
+     */
+    limits: {
+        assets: number;
+        verifications: number;
+        apiCalls: number;
+        storage_mb: number;
+    };
+    /**
+     * Current usage
+     */
+    current: {
+        assets: number;
+        verifications: number;
+        apiCalls: number;
+        storage_mb: number;
+    };
+    /**
+     * When quota resets
+     */
+    resetAt: string;
+}
+/**
+ * Parameters for creating a new organization
+ */
+interface CreateOrganizationParams {
+    name: string;
+    slug: string;
+    plan: OrgPlanTier;
+    settings: OrganizationSettings;
+}
+/**
+ * Parameters for updating organization
+ */
+interface UpdateOrganizationParams {
+    name?: string;
+    plan?: OrgPlanTier;
+    status?: OrgStatus;
+    settings?: Partial<OrganizationSettings>;
+}
+/**
+ * Creates a new organization
+ *
+ * @param params - Organization creation parameters
+ * @returns Created organization
+ *
+ * @example
+ * ```typescript
+ * const org = await createOrganization({
+ *   name: 'ACME Corp',
+ *   slug: 'acme-corp',
+ *   plan: 'enterprise',
+ *   settings: {
+ *     defaultClassification: 'CONFIDENTIAL',
+ *     dataResidency: 'eu-sovereign',
+ *     retentionDays: 2555,
+ *     mfaRequired: true,
+ *     webhookSigningAlgorithm: 'ed25519',
+ *   },
+ * });
+ * ```
+ */
+declare function createOrganization(params: CreateOrganizationParams): Promise<Organization>;
+/**
+ * Retrieves an organization by ID
+ *
+ * @param orgId - Organization ID
+ * @returns Organization details
+ */
+declare function getOrganization(orgId: string): Promise<Organization>;
+/**
+ * Updates an organization's settings
+ *
+ * @param orgId - Organization ID
+ * @param updates - Fields to update
+ * @returns Updated organization
+ */
+declare function updateOrganization(orgId: string, updates: UpdateOrganizationParams): Promise<Organization>;
+/**
+ * Lists all members of an organization
+ *
+ * @param orgId - Organization ID
+ * @returns Array of tenant members
+ *
+ * @example
+ * ```typescript
+ * const members = await listMembers('org_12345');
+ * ```
+ */
+declare function listMembers(orgId: string): Promise<TenantMember[]>;
+/**
+ * Parameters for inviting a member
+ */
+interface InviteMemberParams {
+    orgId: string;
+    email: string;
+    role: TenantRole;
+}
+/**
+ * Invites a user to join an organization
+ *
+ * @param orgId - Organization ID
+ * @param email - Email to invite
+ * @param role - Role to assign
+ * @returns Created invite
+ *
+ * @example
+ * ```typescript
+ * const invite = await inviteMember('org_12345', 'alice@example.com', 'member');
+ * ```
+ */
+declare function inviteMember(orgId: string, email: string, role: TenantRole): Promise<TenantInvite>;
+/**
+ * Removes a member from an organization
+ *
+ * @param orgId - Organization ID
+ * @param userId - User ID to remove
+ */
+declare function removeMember(orgId: string, userId: string): Promise<void>;
+/**
+ * Updates a member's role
+ *
+ * @param orgId - Organization ID
+ * @param userId - User ID
+ * @param newRole - New role to assign
+ * @returns Updated member
+ */
+declare function updateMemberRole(orgId: string, userId: string, newRole: TenantRole): Promise<TenantMember>;
+/**
+ * Parameters for creating an RLS policy
+ */
+interface CreateRLSPolicyParams {
+    tenantId: string;
+    resourceType: RLSResourceType;
+    action: RLSAction;
+    condition: RLSCondition;
+    priority?: number;
+}
+/**
+ * Creates a new RLS policy for fine-grained access control
+ *
+ * @param params - Policy parameters
+ * @returns Created policy
+ *
+ * @example
+ * ```typescript
+ * const policy = await createRLSPolicy({
+ *   tenantId: 'org_12345',
+ *   resourceType: 'assets',
+ *   action: 'read',
+ *   condition: {
+ *     field: 'tenantId',
+ *     operator: 'eq',
+ *     value: 'org_12345',
+ *   },
+ *   priority: 100,
+ * });
+ * ```
+ */
+declare function createRLSPolicy(params: CreateRLSPolicyParams): Promise<RLSPolicy>;
+/**
+ * Lists all RLS policies for a tenant
+ *
+ * @param tenantId - Tenant ID
+ * @returns Array of RLS policies
+ */
+declare function listRLSPolicies(tenantId: string): Promise<RLSPolicy[]>;
+/**
+ * Deletes an RLS policy
+ *
+ * @param policyId - Policy ID
+ */
+declare function deleteRLSPolicy(policyId: string): Promise<void>;
+/**
+ * Retrieves usage quota for a tenant
+ *
+ * @param tenantId - Tenant ID
+ * @returns Current usage and limits
+ *
+ * @example
+ * ```typescript
+ * const quota = await getUsageQuota('org_12345');
+ * console.log(`Using ${quota.current.assets}/${quota.limits.assets} assets`);
+ * ```
+ */
+declare function getUsageQuota(tenantId: string): Promise<TenantUsageQuota>;
+/**
+ * Parameters for updating usage quota limits
+ */
+interface UpdateUsageQuotaParams {
+    assets?: number;
+    verifications?: number;
+    apiCalls?: number;
+    storage_mb?: number;
+}
+/**
+ * Updates usage quota limits (admin only)
+ *
+ * @param tenantId - Tenant ID
+ * @param limits - New limits
+ * @returns Updated quota
+ */
+declare function updateUsageQuota(tenantId: string, limits: UpdateUsageQuotaParams): Promise<TenantUsageQuota>;
+/**
+ * Determines role permissions
+ *
+ * @param role - Tenant role
+ * @returns Array of permission strings
+ */
+declare function getRolePermissions(role: TenantRole): string[];
+
+/**
+ * Partner management for the Optropic Marketplace.
+ * Enables partners to register, authenticate, and manage their marketplace presence.
+ *
+ * @module marketplace/partner
+ */
+/**
+ * Partner tier levels determining features and revenue share.
+ */
+type PartnerTier = 'bronze' | 'silver' | 'gold' | 'platinum';
+/**
+ * Partner account types and their capabilities.
+ */
+type PartnerType = 'integrator' | 'reseller' | 'oem' | 'consultant';
+/**
+ * Partner account status.
+ */
+type PartnerStatus = 'active' | 'pending' | 'suspended';
+/**
+ * API scopes that can be granted to a partner.
+ */
+type PartnerScope = 'templates:read' | 'templates:write' | 'templates:publish' | 'verify:white_label' | 'verify:co_branded' | 'analytics:own' | 'analytics:aggregate' | 'webhooks:manage' | 'keys:scoped';
+/**
+ * Complete partner profile with tier, status, and permissions.
+ */
+interface PartnerProfile {
+    /** Unique partner identifier */
+    id: string;
+    /** Display name */
+    name: string;
+    /** URL-safe slug for partner */
+    slug: string;
+    /** Partner type/business model */
+    type: PartnerType;
+    /** Current account status */
+    status: PartnerStatus;
+    /** Service tier level */
+    tier: PartnerTier;
+    /** Primary contact email */
+    contactEmail: string;
+    /** Company/product website */
+    website?: string;
+    /** Granted API scopes */
+    apiScopes: PartnerScope[];
+    /** Revenue share percentage (0-100) */
+    revenueShare: number;
+    /** Account creation timestamp (ISO 8601) */
+    createdAt: string;
+    /** Last update timestamp (ISO 8601) */
+    updatedAt: string;
+}
+/**
+ * Registration payload for new partners.
+ */
+interface PartnerRegistration {
+    /** Company/partner name */
+    name: string;
+    /** Business model type */
+    type: PartnerType;
+    /** Contact email for notifications */
+    contactEmail: string;
+    /** Optional website URL */
+    website?: string;
+    /** Requested API scopes */
+    requestedScopes: PartnerScope[];
+}
+/**
+ * Partner analytics for a specific period.
+ */
+interface PartnerAnalytics {
+    /** Partner ID */
+    partnerId: string;
+    /** Reporting period (ISO month format, e.g., "2026-04") */
+    period: string;
+    /** Number of template downloads in period */
+    templateDownloads: number;
+    /** Number of verifications performed using partner templates */
+    verificationsMade: number;
+    /** Total revenue generated in cents */
+    revenueGenerated: number;
+    /** Active installations of partner templates */
+    activeInstallations: number;
+}
+/**
+ * Request to update partner profile settings.
+ */
+interface UpdatePartnerParams {
+    /** Display name */
+    name?: string;
+    /** Contact email */
+    contactEmail?: string;
+    /** Website URL */
+    website?: string;
+    /** Tier upgrade request */
+    tier?: PartnerTier;
+}
+/**
+ * API key for partner authentication.
+ */
+interface PartnerApiKey {
+    /** Key identifier */
+    id: string;
+    /** Full API key (only shown at creation) */
+    key?: string;
+    /** Masked key for display */
+    maskedKey: string;
+    /** Associated partner ID */
+    partnerId: string;
+    /** Allowed scopes for this key */
+    scopes: PartnerScope[];
+    /** Key creation timestamp */
+    createdAt: string;
+    /** Key expiration timestamp (optional) */
+    expiresAt?: string;
+    /** Last usage timestamp */
+    lastUsedAt?: string;
+}
+/**
+ * Response from partner registration.
+ */
+interface PartnerRegistrationResult {
+    /** Created partner profile */
+    partner: PartnerProfile;
+    /** Initial API key for immediate use */
+    apiKey: PartnerApiKey;
+}
+/**
+ * Register a new partner in the marketplace.
+ *
+ * @param registration Partner registration details
+ * @param requestFn HTTP request function
+ * @returns Created partner profile and initial API key
+ *
+ * @example
+ * ```typescript
+ * const result = await registerPartner({
+ *   name: 'TechIntegrations Inc',
+ *   type: 'integrator',
+ *   contactEmail: 'partners@techint.com',
+ *   website: 'https://techint.com',
+ *   requestedScopes: ['templates:read', 'templates:write', 'analytics:own'],
+ * }, requestFn);
+ * ```
+ */
+declare function registerPartner(registration: PartnerRegistration, requestFn: (method: string, path: string, body?: unknown) => Promise<unknown>): Promise<PartnerRegistrationResult>;
+/**
+ * Retrieve partner profile by ID.
+ *
+ * @param partnerId Partner identifier
+ * @param requestFn HTTP request function
+ * @returns Partner profile
+ *
+ * @example
+ * ```typescript
+ * const partner = await getPartner('partner_xyz789', requestFn);
+ * console.log(`Partner: ${partner.name}, Tier: ${partner.tier}`);
+ * ```
+ */
+declare function getPartner(partnerId: string, requestFn: (method: string, path: string, body?: unknown) => Promise<unknown>): Promise<PartnerProfile>;
+/**
+ * Update partner profile settings.
+ *
+ * @param partnerId Partner identifier
+ * @param params Update parameters
+ * @param requestFn HTTP request function
+ * @returns Updated partner profile
+ *
+ * @example
+ * ```typescript
+ * const updated = await updatePartner(
+ *   'partner_xyz789',
+ *   { tier: 'silver', website: 'https://newsite.com' },
+ *   requestFn
+ * );
+ * ```
+ */
+declare function updatePartner(partnerId: string, params: UpdatePartnerParams, requestFn: (method: string, path: string, body?: unknown) => Promise<unknown>): Promise<PartnerProfile>;
+/**
+ * Retrieve analytics for a partner in a specific period.
+ *
+ * @param partnerId Partner identifier
+ * @param period ISO month format (e.g., "2026-04")
+ * @param requestFn HTTP request function
+ * @returns Partner analytics data
+ *
+ * @example
+ * ```typescript
+ * const analytics = await getPartnerAnalytics('partner_xyz789', '2026-04', requestFn);
+ * console.log(`Downloads: ${analytics.templateDownloads}`);
+ * console.log(`Revenue: $${(analytics.revenueGenerated / 100).toFixed(2)}`);
+ * ```
+ */
+declare function getPartnerAnalytics(partnerId: string, period: string, requestFn: (method: string, path: string, body?: unknown) => Promise<unknown>): Promise<PartnerAnalytics>;
+/**
+ * List all partners with optional filtering.
+ *
+ * @param params Filter parameters
+ * @param requestFn HTTP request function
+ * @returns Array of partner profiles
+ *
+ * @example
+ * ```typescript
+ * const goldPartners = await listPartners({ tier: 'gold', status: 'active' }, requestFn);
+ * ```
+ */
+declare function listPartners(params?: {
+    tier?: PartnerTier;
+    status?: PartnerStatus;
+    type?: PartnerType;
+    limit?: number;
+    offset?: number;
+}, requestFn?: (method: string, path: string, body?: unknown) => Promise<unknown>): Promise<PartnerProfile[]>;
+/**
+ * Generate a scoped API key for partner authentication.
+ *
+ * @param partnerId Partner identifier
+ * @param scopes API scopes to grant
+ * @param expiresAt Optional expiration timestamp
+ * @param requestFn HTTP request function
+ * @returns Generated API key
+ *
+ * @example
+ * ```typescript
+ * const apiKey = await generatePartnerApiKey(
+ *   'partner_xyz789',
+ *   ['templates:read', 'verify:white_label'],
+ *   undefined,
+ *   requestFn
+ * );
+ * console.log(`Use key: ${apiKey.key}`);
+ * ```
+ */
+declare function generatePartnerApiKey(partnerId: string, scopes: PartnerScope[], expiresAt?: string, requestFn?: (method: string, path: string, body?: unknown) => Promise<unknown>): Promise<PartnerApiKey>;
+
+/**
+ * Verification template management for the Optropic Marketplace.
+ * Templates are pre-built schemas for specific industries and products.
+ *
+ * @module marketplace/templates
+ */
+/**
+ * Industry/product categories for templates.
+ */
+type TemplateCategory = 'pharma' | 'automotive' | 'battery' | 'luxury' | 'aerospace' | 'electronics' | 'food' | 'medical_device' | 'defence' | 'general';
+/**
+ * Template lifecycle status.
+ */
+type TemplateStatus = 'draft' | 'in_review' | 'published' | 'deprecated';
+/**
+ * Field data type constraints.
+ */
+type TemplateFieldType = 'string' | 'number' | 'boolean' | 'date' | 'enum' | 'array';
+/**
+ * Validation rule types.
+ */
+type ValidationRuleType = 'required' | 'format' | 'range' | 'dependency' | 'unique';
+/**
+ * Pricing model for template usage.
+ */
+type TemplatePricingModel = 'free' | 'per_verification' | 'monthly' | 'one_time';
+/**
+ * A field definition in a template schema.
+ */
+interface TemplateField {
+    /** Unique field identifier */
+    name: string;
+    /** Data type constraint */
+    type: TemplateFieldType;
+    /** Human-readable label */
+    label: string;
+    /** Detailed field description */
+    description: string;
+    /** Enum values if type is 'enum' */
+    enumValues?: string[];
+    /** Regex pattern for validation */
+    pattern?: string;
+    /** Minimum value (numbers) or length (strings) */
+    min?: number;
+    /** Maximum value (numbers) or length (strings) */
+    max?: number;
+}
+/**
+ * A validation rule applied to template fields.
+ */
+interface ValidationRule {
+    /** Target field name */
+    field: string;
+    /** Type of validation */
+    rule: ValidationRuleType;
+    /** Rule-specific parameters */
+    params?: Record<string, unknown>;
+    /** Error message if validation fails */
+    message: string;
+}
+/**
+ * Complete schema definition for a verification template.
+ */
+interface TemplateSchema {
+    /** Schema version identifier */
+    version: '1.0';
+    /** Required fields that must be present */
+    requiredFields: TemplateField[];
+    /** Optional fields that enhance data richness */
+    optionalFields: TemplateField[];
+    /** Validation rules applied to field values */
+    validationRules: ValidationRule[];
+    /** Maps template fields to EU DPP fields (optional) */
+    dppMapping?: Record<string, string>;
+}
+/**
+ * Pricing configuration for template usage.
+ */
+interface TemplatePricing {
+    /** Pricing model */
+    model: TemplatePricingModel;
+    /** Price in cents (for paid models) */
+    amount?: number;
+    /** Currency code (ISO 4217) */
+    currency?: string;
+    /** Free verification quota for trials */
+    trialVerifications?: number;
+}
+/**
+ * Usage statistics for a template.
+ */
+interface TemplateStats {
+    /** Total downloads across all users */
+    downloads: number;
+    /** Currently active installations */
+    activeInstallations: number;
+    /** Total verifications performed */
+    totalVerifications: number;
+    /** Average rating (0-5) */
+    averageRating: number;
+    /** Number of reviews received */
+    reviewCount: number;
+}
+/**
+ * Author information for templates.
+ */
+interface TemplateAuthor {
+    /** Partner ID who created the template */
+    partnerId: string;
+    /** Display name of partner */
+    name: string;
+}
+/**
+ * Complete verification template definition.
+ */
+interface VerificationTemplate {
+    /** Unique template identifier */
+    id: string;
+    /** Human-readable template name */
+    name: string;
+    /** URL-safe slug for the template */
+    slug: string;
+    /** Semantic version (e.g., "1.0.0") */
+    version: string;
+    /** Industry/product category */
+    category: TemplateCategory;
+    /** Detailed description of the template */
+    description: string;
+    /** Template creator information */
+    author: TemplateAuthor;
+    /** Field and validation schema */
+    schema: TemplateSchema;
+    /** Pricing configuration */
+    pricing: TemplatePricing;
+    /** Usage statistics */
+    stats: TemplateStats;
+    /** Current lifecycle status */
+    status: TemplateStatus;
+    /** Creation timestamp (ISO 8601) */
+    createdAt: string;
+    /** Last update timestamp (ISO 8601) */
+    updatedAt: string;
+}
+/**
+ * Request parameters for creating a template.
+ */
+interface CreateTemplateParams {
+    /** Template name */
+    name: string;
+    /** Category classification */
+    category: TemplateCategory;
+    /** Detailed description */
+    description: string;
+    /** Field and validation schema */
+    schema: TemplateSchema;
+    /** Pricing configuration */
+    pricing: TemplatePricing;
+    /** Optional DPP field mappings */
+    dppMapping?: Record<string, string>;
+}
+/**
+ * Request parameters for updating a template.
+ */
+interface UpdateTemplateParams {
+    /** Updated name */
+    name?: string;
+    /** Updated description */
+    description?: string;
+    /** Updated schema */
+    schema?: TemplateSchema;
+    /** Updated pricing */
+    pricing?: TemplatePricing;
+    /** Updated DPP mappings */
+    dppMapping?: Record<string, string>;
+}
+/**
+ * Template publication request.
+ */
+interface PublishTemplateParams {
+    /** Changelog entry for this version */
+    changelog?: string;
+    /** Major/minor version bump flag */
+    bumpVersion?: 'major' | 'minor' | 'patch';
+}
+/**
+ * Template deprecation request.
+ */
+interface DeprecateTemplateParams {
+    /** Reason for deprecation */
+    reason: string;
+    /** Recommended replacement template ID */
+    replacementId?: string;
+    /** Grace period in days before removal */
+    gracePeriodDays?: number;
+}
+/**
+ * Template rating submission.
+ */
+interface RateTemplateParams {
+    /** Rating from 1-5 stars */
+    rating: number;
+    /** Optional review text */
+    review?: string;
+}
+/**
+ * Validation result from schema conformance check.
+ */
+interface ValidationResult {
+    /** Whether validation passed */
+    valid: boolean;
+    /** Validation errors if any */
+    errors?: Array<{
+        field: string;
+        message: string;
+    }>;
+}
+/**
+ * Response from template search/list operations.
+ */
+interface ListTemplatesResponse {
+    /** Array of templates */
+    templates: VerificationTemplate[];
+    /** Total count matching filter */
+    total: number;
+    /** Current offset */
+    offset: number;
+    /** Current limit */
+    limit: number;
+}
+/**
+ * Create a new verification template.
+ *
+ * @param partnerId Partner creating the template
+ * @param params Template creation parameters
+ * @param requestFn HTTP request function
+ * @returns Created template (initially in draft status)
+ *
+ * @example
+ * ```typescript
+ * const template = await createTemplate(
+ *   'partner_xyz789',
+ *   {
+ *     name: 'Pharma Serialization',
+ *     category: 'pharma',
+ *     description: 'EU Pharma Serialization Template',
+ *     schema: {...schemaObject},
+ *     pricing: { model: 'per_verification', amount: 50 },
+ *   },
+ *   requestFn
+ * );
+ * ```
+ */
+declare function createTemplate(partnerId: string, params: CreateTemplateParams, requestFn: (method: string, path: string, body?: unknown) => Promise<unknown>): Promise<VerificationTemplate>;
+/**
+ * Retrieve a template by ID.
+ *
+ * @param templateId Template identifier
+ * @param requestFn HTTP request function
+ * @returns Template definition
+ *
+ * @example
+ * ```typescript
+ * const template = await getTemplate('tmpl_pharma_001', requestFn);
+ * ```
+ */
+declare function getTemplate(templateId: string, requestFn: (method: string, path: string, body?: unknown) => Promise<unknown>): Promise<VerificationTemplate>;
+/**
+ * Update a template (draft or published with minor changes).
+ *
+ * @param templateId Template identifier
+ * @param params Update parameters
+ * @param requestFn HTTP request function
+ * @returns Updated template
+ *
+ * @example
+ * ```typescript
+ * const updated = await updateTemplate(
+ *   'tmpl_pharma_001',
+ *   { description: 'Updated description' },
+ *   requestFn
+ * );
+ * ```
+ */
+declare function updateTemplate(templateId: string, params: UpdateTemplateParams, requestFn: (method: string, path: string, body?: unknown) => Promise<unknown>): Promise<VerificationTemplate>;
+/**
+ * Publish a template to the marketplace (moves from draft → published).
+ *
+ * @param templateId Template identifier
+ * @param params Publication parameters
+ * @param requestFn HTTP request function
+ * @returns Published template
+ *
+ * @example
+ * ```typescript
+ * const published = await publishTemplate(
+ *   'tmpl_pharma_001',
+ *   { changelog: 'Initial release' },
+ *   requestFn
+ * );
+ * ```
+ */
+declare function publishTemplate(templateId: string, params?: PublishTemplateParams, requestFn?: (method: string, path: string, body?: unknown) => Promise<unknown>): Promise<VerificationTemplate>;
+/**
+ * Deprecate a template (no longer recommended for new use).
+ *
+ * @param templateId Template identifier
+ * @param params Deprecation parameters
+ * @param requestFn HTTP request function
+ * @returns Deprecated template
+ *
+ * @example
+ * ```typescript
+ * const deprecated = await deprecateTemplate(
+ *   'tmpl_pharma_old',
+ *   {
+ *     reason: 'Superseded by v2.0 with EU DPP compliance',
+ *     replacementId: 'tmpl_pharma_002',
+ *   },
+ *   requestFn
+ * );
+ * ```
+ */
+declare function deprecateTemplate(templateId: string, params: DeprecateTemplateParams, requestFn?: (method: string, path: string, body?: unknown) => Promise<unknown>): Promise<VerificationTemplate>;
+/**
+ * List templates with filtering and pagination.
+ *
+ * @param params Filter and pagination parameters
+ * @param requestFn HTTP request function
+ * @returns Paginated template list
+ *
+ * @example
+ * ```typescript
+ * const result = await listTemplates(
+ *   { category: 'battery', status: 'published', limit: 20 },
+ *   requestFn
+ * );
+ * ```
+ */
+declare function listTemplates(params?: {
+    category?: TemplateCategory;
+    status?: TemplateStatus;
+    author?: string;
+    limit?: number;
+    offset?: number;
+}, requestFn?: (method: string, path: string, body?: unknown) => Promise<unknown>): Promise<ListTemplatesResponse>;
+/**
+ * Search templates by keyword.
+ *
+ * @param query Search query string
+ * @param params Optional filter parameters
+ * @param requestFn HTTP request function
+ * @returns Search results
+ *
+ * @example
+ * ```typescript
+ * const results = await searchTemplates('battery passport', { limit: 10 }, requestFn);
+ * ```
+ */
+declare function searchTemplates(query: string, params?: {
+    category?: TemplateCategory;
+    limit?: number;
+}, requestFn?: (method: string, path: string, body?: unknown) => Promise<unknown>): Promise<ListTemplatesResponse>;
+/**
+ * Install/activate a template in a tenant's account.
+ *
+ * @param templateId Template identifier
+ * @param requestFn HTTP request function
+ * @returns Installed template reference
+ *
+ * @example
+ * ```typescript
+ * await installTemplate('tmpl_pharma_001', requestFn);
+ * ```
+ */
+declare function installTemplate(templateId: string, requestFn?: (method: string, path: string, body?: unknown) => Promise<unknown>): Promise<VerificationTemplate>;
+/**
+ * Uninstall/deactivate a template from a tenant's account.
+ *
+ * @param templateId Template identifier
+ * @param requestFn HTTP request function
+ * @returns Uninstalled template reference
+ *
+ * @example
+ * ```typescript
+ * await uninstallTemplate('tmpl_pharma_001', requestFn);
+ * ```
+ */
+declare function uninstallTemplate(templateId: string, requestFn?: (method: string, path: string, body?: unknown) => Promise<unknown>): Promise<VerificationTemplate>;
+/**
+ * Rate and review a template.
+ *
+ * @param templateId Template identifier
+ * @param params Rating and review parameters
+ * @param requestFn HTTP request function
+ * @returns Updated template stats
+ *
+ * @example
+ * ```typescript
+ * await rateTemplate(
+ *   'tmpl_pharma_001',
+ *   { rating: 5, review: 'Excellent template, saved us months of work' },
+ *   requestFn
+ * );
+ * ```
+ */
+declare function rateTemplate(templateId: string, params: RateTemplateParams, requestFn?: (method: string, path: string, body?: unknown) => Promise<unknown>): Promise<TemplateStats>;
+/**
+ * Validate data against a template schema.
+ *
+ * @param templateId Template identifier
+ * @param data Data to validate
+ * @param requestFn HTTP request function
+ * @returns Validation result with errors if any
+ *
+ * @example
+ * ```typescript
+ * const result = await validateAgainstTemplate(
+ *   'tmpl_pharma_001',
+ *   { ndc: '0069-1234-56', lotNumber: 'ABC123' },
+ *   requestFn
+ * );
+ * if (!result.valid) {
+ *   console.log('Validation errors:', result.errors);
+ * }
+ * ```
+ */
+declare function validateAgainstTemplate(templateId: string, data: unknown, requestFn?: (method: string, path: string, body?: unknown) => Promise<unknown>): Promise<ValidationResult>;
+
+declare const SDK_VERSION = "3.0.0";
 
-export { type ApiKey, type Asset, AssetsResource, type AuditEvent, AuditResource, AuthenticationError, type BatchCreateParams, type BatchCreateResult, BatchNotFoundError, type BatteryPassportData, type ChainVerifyResult, CodeNotFoundError, type ComplianceConfig, ComplianceResource, type ConformityDeclaration, type CreateAssetParams, type CreateAuditEventParams, type CreateKeyParams, type CreateKeyResult, type CreateKeysetParams, type CreateSchemaParams, type DPPCategory, type DPPMetadata, type Document, type DocumentVerifyResult, DocumentsResource, type EnrollDocumentParams, type ErrorCode, type ExportParams, type ExportResult, type FiberEntry, type FilterHeader, type FilterSyncResult, InvalidCodeError, InvalidGTINError, InvalidSerialError, KeysResource, type Keyset, KeysetsResource, type ListAssetsParams, type ListAssetsResponse, type ListAuditParams, type ListAuditResponse, type ListDocumentsParams, type ListDocumentsResponse, type ListKeysetsParams, type ListKeysetsResponse, type ListProvenanceParams, type ListProvenanceResponse, type ListSchemasParams, type ListSchemasResponse, type MerkleProof, type MerkleRoot, NetworkError, type OfflineVerifyOptions, type OfflineVerifyResult, OptropicClient, type OptropicConfig, OptropicError, type ProvenanceChain, type ProvenanceEvent, type ProvenanceEventType, type ProvenanceLocation, ProvenanceResource, QuotaExceededError, RateLimitedError, type RecordProvenanceParams, type RequestFn, type RetryConfig, RevokedCodeError, SDK_VERSION, type SchemaValidationResult, SchemasResource, ServiceUnavailableError, StaleFilterError, type SubstanceEntry, type TextilePassportData, TimeoutError, type UpdateSchemaParams, type VerifyDocumentParams, type VerifyProvenanceResult, type VerifyResult, type VerticalSchema, type WebhookVerifyOptions, type WebhookVerifyResult, buildDPPConfig, createClient, createErrorFromResponse, parseFilterHeader, parseSaltsHeader, validateDPPMetadata, verifyOffline, verifyWebhookSignature };
+export { type ApiKey, type Asset, AssetsResource, type AuditChain, type AuditEvent, type AuditRecord, type AuditRecordType, AuditResource, AuthenticationError, type BatchCreateParams, type BatchCreateResult, type BatchJob, BatchNotFoundError, type BatchResult, type BatchRevokeResult, type BatchVerifyResult, BatchesResource, type BatteryPassportData, type CaptureConditions, type ChainVerifyResult, CodeNotFoundError, type ComplianceConfig, ComplianceResource, type ConditionStatus, type ConformityDeclaration, type ConsensusConfig, type ConsensusResult, type ConsensusResultPayload, type CreateAssetParams, type CreateAuditEventParams, type CreateBatchParams, type CreateKeyParams, type CreateKeyResult, type CreateKeysetParams, type CreateOrganizationParams, type CreateRLSPolicyParams, type CreateSchemaParams, type CreateTemplateParams, type DPPAccessContext, DPPAccessLevel, type DPPAccessPolicy, type DPPCategory, type DPPFieldVisibility, type DPPMetadata, type DataResidency, type DefenceMetadata, type DeprecateTemplateParams, type DescriptorExchangePayload, type DimensionMatch, type Document, type DocumentVerifyResult, DocumentsResource, type EPCISBizStep, type EPCISDisposition, type EPCISEvent, type EPCISEventDocument, type EPCISEventType, type EPCISMapping, type EndpointUsage, type EnrollDocumentParams, type ErrorCode, type ErrorPayload, type ExportParams, type ExportResult, type FiberEntry, type FilterHeader, type FilterSyncResult, type GS1ApplicationIdentifier, type GS1BuilderInput, type GS1ParsedComponent, type GS1ParsedURI, type GTINValidationResult, type GetUsageBreakdownParams, type GetUsageParams, type HandlingCaveat, type HandshakeAcceptPayload, type HandshakeInitPayload, type HazardousSubstanceEntry, type InitiateChallengeParams, InvalidCodeError, InvalidGTINError, InvalidSerialError, type InviteMemberParams, type InviteStatus, type KeyInfo, KeysResource, type Keyset, KeysetsResource, type ListAssetsParams, type ListAssetsResponse, type ListAuditParams, type ListAuditResponse, type ListBatchesParams, type ListDocumentsParams, type ListDocumentsResponse, type ListKeysetsParams, type ListKeysetsResponse, type ListProvenanceParams, type ListProvenanceResponse, type ListSchemasParams, type ListSchemasResponse, type ListTemplatesResponse, type LogisticsMovement, type LogisticsMovementType, type M2MChallenge, type M2MDevice, M2MResource, type M2MVerifyRequest, type M2MVerifyResult, type MemberStatus, type MerkleProof, type MerkleRoot, type NATOUIDData, NetworkError, type OfflineVerifyOptions, type OfflineVerifyResult, type OptropicAssetLookup, OptropicClient, type OptropicConfig, OptropicError, type OrgPlanTier, type OrgStatus, type Organization, type OrganizationSettings, type P2PMessage, type PartnerAnalytics, type PartnerApiKey, type PartnerProfile, type PartnerRegistration, type PartnerRegistrationResult, type PartnerScope, type PartnerStatus, type PartnerTier, type PartnerType, Permission, type PermissionValue, type PhysicalDescriptor, type PriorityDesignator, type ProvenanceChain, type ProvenanceEvent, type ProvenanceEventType, type ProvenanceLocation, ProvenanceResource, type PublishTemplateParams, type QRCodePayload, QuotaExceededError, type QuotaInfo, type RLSAction, type RLSCondition, type RLSOperator, type RLSPolicy, type RLSResourceType, type RateLimitInfo, RateLimitedError, type RateTemplateParams, type ReadinessScore, type ReadinessThresholds, type RecordProvenanceParams, type RegisterDeviceParams, type RequestFn, type RetryConfig, RevokedCodeError, type RotateKeyParams, type RotateKeyResult, SDK_VERSION, type SchemaValidationResult, SchemasResource, ServiceUnavailableError, type ShelfLife, StaleFilterError, type StanagClassification, type SubstanceEntry, type SupplyClass, type TemplateAuthor, type TemplateCategory, type TemplateField, type TemplateFieldType, type TemplatePricing, type TemplatePricingModel, type TemplateSchema, type TemplateStats, type TemplateStatus, type ValidationResult as TemplateValidationResult, type Tenant, type TenantInvite, type TenantLimits, type TenantMember, type TenantRole, type TenantUsageQuota, TenantsResource, type TextilePassportData, TimeoutError, type ToEPCISEventOptions, type UIDBatch, type UIDEncoding, type UpdateOrganizationParams, type UpdatePartnerParams, type UpdateSchemaParams, type UpdateTemplateParams, type UpdateUsageQuotaParams, type UsageReport, type ValidationResult$1 as ValidationResult, type ValidationRule, type ValidationRuleType, type VerificationTemplate, type VerifyDocumentParams, type VerifyProvenanceResult, type VerifyResult, type VerticalSchema, type WaitOptions, type WebhookVerifyOptions, type WebhookVerifyResult, appendRecord, buildBatteryPassportQR, buildDPPConfig, buildDefenceMetadata, buildEPCISDocument, buildGS1DigitalLink, calculateReadiness, calibrateThreshold, computeDistance, computeSimilarity, createAuditChain, createClient, createConsensusResultMessage, createDescriptorExchange, createErrorFromResponse, createHandshakeAccept, createHandshakeInit, createOrganization, createRLSPolicy, createTemplate, decodeNATOUID, deleteRLSPolicy, deprecateTemplate, deserializeMessage, encodeNATOUID, evaluateConsensus, exportChain, filterDPPByAccess, generatePartnerApiKey, generateQRCodePayload, getAILabel, getDPPAccessPolicy, getEPCISMappingTable, getOrganization, getPartner, getPartnerAnalytics, getRolePermissions, getSupportedAIs, getTemplate, getUsageQuota, importChain, installTemplate, inviteMember, isValidAI, listMembers, listPartners, listRLSPolicies, listTemplates, mapMovementToProvenance, mapNATOUIDToOptropic, mapOptropicToNATOUID, mapToEPCIS, mapToOptropicAsset, parseFilterHeader, parseGS1DigitalLink, parseSaltsHeader, provenanceChainToEPCIS, publishTemplate, rateTemplate, registerPartner, removeMember, searchTemplates, serializeMessage, toEPCISEvent, uninstallTemplate, updateMemberRole, updateOrganization, updatePartner, updateTemplate, updateUsageQuota, validateAgainstTemplate, validateBatteryPassport, validateDPPMetadata, validateDefenceMetadata, validateGTIN, validateLogisticsMovement, validateMessage, validateNATOUID, verifyChain, verifyOffline, verifyWebhookSignature };