npm - optropic - Versions diffs - 2.4.0 → 3.0.0 - Mend

optropic 2.4.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.js CHANGED Viewed

@@ -386,6 +386,8 @@ var AssetsResource = class {
     this.request = request;
     this.client = client;
   }
+  request;
+  client;
   async create(params) {
     return this.request({ method: "POST", path: "/v1/assets", body: params });
   }
@@ -471,6 +473,7 @@ var AuditResource = class {
   constructor(request) {
     this.request = request;
   }
+  request;
   /**
    * List audit events with optional filtering and pagination.
    */
@@ -509,11 +512,101 @@ var AuditResource = class {
   }
 };
+// src/resources/batches.ts
+var BatchesResource = class {
+  constructor(request) {
+    this.request = request;
+  }
+  request;
+  /**
+   * Create a new batch job with the given operation and items.
+   */
+  async create(params) {
+    return this.request({ method: "POST", path: "/v1/batches", body: params });
+  }
+  /**
+   * Get the status and details of a specific batch job.
+   */
+  async get(batchId) {
+    return this.request({
+      method: "GET",
+      path: `/v1/batches/${encodeURIComponent(batchId)}`
+    });
+  }
+  /**
+   * List batch jobs with optional limiting.
+   */
+  async list(params) {
+    const query = params ? this.buildQuery(params) : "";
+    const result = await this.request({
+      method: "GET",
+      path: `/v1/batches${query}`
+    });
+    return result.data;
+  }
+  /**
+   * Wait for a batch job to complete, polling at regular intervals.
+   *
+   * @param batchId - The ID of the batch to wait for
+   * @param opts - Polling configuration (pollInterval in ms, timeout in ms)
+   * @returns The final batch result once completed
+   * @throws TimeoutError if the operation exceeds the timeout
+   */
+  async wait(batchId, opts) {
+    const pollInterval = opts?.pollInterval ?? 1e3;
+    const timeout = opts?.timeout ?? 3e5;
+    const startTime = Date.now();
+    while (true) {
+      const batch = await this.get(batchId);
+      if (batch.status === "completed" || batch.status === "failed" || batch.status === "cancelled") {
+        return {
+          batchId: batch.batchId,
+          operation: batch.operation,
+          status: batch.status,
+          totalItems: batch.totalItems,
+          processedItems: batch.processedItems,
+          failedItems: batch.failedItems,
+          completedAt: batch.completedAt ?? (/* @__PURE__ */ new Date()).toISOString()
+        };
+      }
+      const elapsed = Date.now() - startTime;
+      if (elapsed > timeout) {
+        throw new Error(`Batch ${batchId} did not complete within ${timeout}ms`);
+      }
+      await this.sleep(pollInterval);
+    }
+  }
+  /**
+   * Cancel a batch job that is still pending or processing.
+   */
+  async cancel(batchId) {
+    return this.request({
+      method: "POST",
+      path: `/v1/batches/${encodeURIComponent(batchId)}/cancel`
+    });
+  }
+  // ─────────────────────────────────────────────────────────────────────────
+  // PRIVATE HELPERS
+  // ─────────────────────────────────────────────────────────────────────────
+  buildQuery(params) {
+    const entries = Object.entries(params).filter(([, v]) => v !== void 0);
+    if (entries.length === 0) return "";
+    const qs = new URLSearchParams(
+      entries.map(([k, v]) => [k, String(v)])
+    );
+    return `?${qs.toString()}`;
+  }
+  sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+};
 // src/resources/compliance.ts
 var ComplianceResource = class {
   constructor(request) {
     this.request = request;
   }
+  request;
   /**
    * Verify the integrity of the full audit chain.
    */
@@ -582,6 +675,7 @@ var DocumentsResource = class {
   constructor(request) {
     this.request = request;
   }
+  request;
   /**
    * Enroll a new document (substrate fingerprint) linked to an asset.
    *
@@ -674,6 +768,7 @@ var KeysResource = class {
   constructor(request) {
     this.request = request;
   }
+  request;
   async create(params) {
     return this.request({ method: "POST", path: "/v1/keys", body: params });
   }
@@ -684,6 +779,26 @@ var KeysResource = class {
   async revoke(keyId) {
     await this.request({ method: "DELETE", path: `/v1/keys/${encodeURIComponent(keyId)}` });
   }
+  /**
+   * Get information about the current API key being used.
+   */
+  async current() {
+    return this.request({ method: "GET", path: "/v1/keys/current" });
+  }
+  /**
+   * Rotate the specified API key to a new one.
+   *
+   * @param keyId - The ID of the key to rotate
+   * @param opts - Optional rotation parameters (gracePeriodHours)
+   * @returns New key information and the new key string
+   */
+  async rotate(keyId, opts) {
+    return this.request({
+      method: "POST",
+      path: `/v1/keys/${encodeURIComponent(keyId)}/rotate`,
+      body: opts
+    });
+  }
 };
 // src/resources/keysets.ts
@@ -691,6 +806,7 @@ var KeysetsResource = class {
   constructor(request) {
     this.request = request;
   }
+  request;
   async create(params) {
     return this.request({ method: "POST", path: "/v1/keysets", body: params });
   }
@@ -705,11 +821,539 @@ var KeysetsResource = class {
   }
 };
+// src/m2m/consensus.ts
+function computeDistance(a, b) {
+  if (a.length !== b.length) {
+    throw new Error("Vectors must have the same length");
+  }
+  let sum = 0;
+  for (let i = 0; i < a.length; i++) {
+    const diff = a[i] - b[i];
+    sum += diff * diff;
+  }
+  return Math.sqrt(sum);
+}
+function computeSimilarity(a, b) {
+  const distance = computeDistance(a, b);
+  return 1 / (1 + distance);
+}
+function calibrateThreshold(knownMatches) {
+  if (knownMatches.length === 0) {
+    return 0.85;
+  }
+  const similarities = knownMatches.map((pair) => ({
+    similarity: computeSimilarity(pair.a.dimensions, pair.b.dimensions),
+    isMatch: pair.isMatch
+  }));
+  similarities.sort((a, b) => a.similarity - b.similarity);
+  let bestThreshold = 0.85;
+  let bestAccuracy = 0;
+  for (const item of similarities) {
+    const threshold = item.similarity;
+    let correct = 0;
+    for (const pair of similarities) {
+      const predicted = pair.similarity >= threshold;
+      if (predicted === pair.isMatch) {
+        correct++;
+      }
+    }
+    const accuracy = correct / similarities.length;
+    if (accuracy > bestAccuracy) {
+      bestAccuracy = accuracy;
+      bestThreshold = threshold;
+    }
+  }
+  return bestThreshold;
+}
+function evaluateConsensus(descriptorA, descriptorB, config) {
+  const cfg = {
+    threshold: config?.threshold ?? 0.85,
+    minDimensions: config?.minDimensions ?? 3,
+    maxTimeDeltaMs: config?.maxTimeDeltaMs ?? 3e4,
+    requireAllDimensions: config?.requireAllDimensions ?? true
+  };
+  const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+  const matchDetails = [];
+  let trustEstablished = false;
+  let confidence = 0;
+  let distance = 0;
+  const dimCountA = descriptorA.dimensions.length;
+  const dimCountB = descriptorB.dimensions.length;
+  const descriptorDimensions = Math.min(dimCountA, dimCountB);
+  if (descriptorDimensions < cfg.minDimensions) {
+    return {
+      trustEstablished: false,
+      confidence: 0,
+      distance: Infinity,
+      threshold: cfg.threshold,
+      descriptorDimensions,
+      matchDetails: [],
+      auditToken: generateAuditToken({ descriptorA, descriptorB, error: "insufficient_dimensions" }),
+      timestamp
+    };
+  }
+  if (cfg.requireAllDimensions && dimCountA !== dimCountB) {
+    return {
+      trustEstablished: false,
+      confidence: 0,
+      distance: Infinity,
+      threshold: cfg.threshold,
+      descriptorDimensions,
+      matchDetails: [],
+      auditToken: generateAuditToken({ descriptorA, descriptorB, error: "dimension_mismatch" }),
+      timestamp
+    };
+  }
+  const timeA = new Date(descriptorA.timestamp).getTime();
+  const timeB = new Date(descriptorB.timestamp).getTime();
+  const timeDelta = Math.abs(timeA - timeB);
+  if (timeDelta > cfg.maxTimeDeltaMs) {
+    return {
+      trustEstablished: false,
+      confidence: 0,
+      distance: Infinity,
+      threshold: cfg.threshold,
+      descriptorDimensions,
+      matchDetails: [],
+      auditToken: generateAuditToken({ descriptorA, descriptorB, error: "time_delta_exceeded" }),
+      timestamp
+    };
+  }
+  for (let i = 0; i < descriptorDimensions; i++) {
+    const delta = Math.abs(descriptorA.dimensions[i] - descriptorB.dimensions[i]);
+    const withinTolerance = delta < cfg.threshold;
+    matchDetails.push({
+      dimension: i,
+      delta,
+      withinTolerance
+    });
+  }
+  const truncatedA = descriptorA.dimensions.slice(0, descriptorDimensions);
+  const truncatedB = descriptorB.dimensions.slice(0, descriptorDimensions);
+  distance = computeDistance(truncatedA, truncatedB);
+  confidence = computeSimilarity(truncatedA, truncatedB);
+  trustEstablished = confidence >= cfg.threshold;
+  return {
+    trustEstablished,
+    confidence,
+    distance,
+    threshold: cfg.threshold,
+    descriptorDimensions,
+    matchDetails,
+    auditToken: generateAuditToken({
+      descriptorA,
+      descriptorB,
+      trustEstablished,
+      confidence,
+      distance
+    }),
+    timestamp
+  };
+}
+function generateAuditToken(data) {
+  const input = JSON.stringify(data);
+  let hash = 0;
+  for (let i = 0; i < input.length; i++) {
+    const char = input.charCodeAt(i);
+    hash = (hash << 5) - hash + char;
+    hash = hash & hash;
+  }
+  return Math.abs(hash).toString(16).padStart(8, "0");
+}
+// src/m2m/p2p-protocol.ts
+function generateNonce() {
+  return Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15);
+}
+function createHandshakeInit(deviceId, publicKey, assetId, supportedAlgorithms = ["ed25519"]) {
+  const payload = {
+    deviceId,
+    publicKey,
+    supportedAlgorithms,
+    assetId
+  };
+  return {
+    type: "handshake_init",
+    version: "1.0",
+    senderId: deviceId,
+    payload,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    nonce: generateNonce()
+  };
+}
+function createHandshakeAccept(initMessage, deviceId, publicKey, selectedAlgorithm = "ed25519") {
+  const initPayload = initMessage.payload;
+  const payload = {
+    deviceId,
+    publicKey,
+    selectedAlgorithm,
+    assetId: initPayload.assetId
+  };
+  return {
+    type: "handshake_accept",
+    version: "1.0",
+    senderId: deviceId,
+    recipientId: initMessage.senderId,
+    payload,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    nonce: generateNonce()
+  };
+}
+function createDescriptorExchange(deviceId, descriptor, assetId, captureId, recipientId) {
+  const payload = {
+    descriptor,
+    assetId,
+    captureId: captureId || generateNonce()
+  };
+  return {
+    type: "descriptor_exchange",
+    version: "1.0",
+    senderId: deviceId,
+    recipientId,
+    payload,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    nonce: generateNonce()
+  };
+}
+function createConsensusResultMessage(deviceId, result, agreedByBoth = true, recipientId) {
+  const payload = {
+    consensusResult: result,
+    agreedByBoth
+  };
+  return {
+    type: "consensus_result",
+    version: "1.0",
+    senderId: deviceId,
+    recipientId,
+    payload,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    nonce: generateNonce()
+  };
+}
+function validateMessage(message) {
+  const errors = [];
+  if (!message.type) {
+    errors.push({ field: "type", error: "Message type is required" });
+  } else if (!["handshake_init", "handshake_accept", "descriptor_exchange", "consensus_result", "error"].includes(message.type)) {
+    errors.push({ field: "type", error: "Invalid message type" });
+  }
+  if (message.version !== "1.0") {
+    errors.push({ field: "version", error: "Unsupported protocol version" });
+  }
+  if (!message.senderId) {
+    errors.push({ field: "senderId", error: "Sender ID is required" });
+  }
+  if (!message.payload) {
+    errors.push({ field: "payload", error: "Payload is required" });
+  }
+  if (!message.timestamp) {
+    errors.push({ field: "timestamp", error: "Timestamp is required" });
+  } else {
+    const date = new Date(message.timestamp);
+    if (isNaN(date.getTime())) {
+      errors.push({ field: "timestamp", error: "Invalid timestamp format" });
+    }
+  }
+  if (!message.nonce) {
+    errors.push({ field: "nonce", error: "Nonce is required" });
+  }
+  if (message.type === "handshake_init") {
+    const payload = message.payload;
+    if (!payload.deviceId) errors.push({ field: "payload.deviceId", error: "Device ID is required" });
+    if (!payload.publicKey) errors.push({ field: "payload.publicKey", error: "Public key is required" });
+    if (!Array.isArray(payload.supportedAlgorithms)) {
+      errors.push({ field: "payload.supportedAlgorithms", error: "Supported algorithms must be an array" });
+    }
+    if (!payload.assetId) errors.push({ field: "payload.assetId", error: "Asset ID is required" });
+  } else if (message.type === "handshake_accept") {
+    const payload = message.payload;
+    if (!payload.deviceId) errors.push({ field: "payload.deviceId", error: "Device ID is required" });
+    if (!payload.publicKey) errors.push({ field: "payload.publicKey", error: "Public key is required" });
+    if (!payload.selectedAlgorithm) errors.push({ field: "payload.selectedAlgorithm", error: "Selected algorithm is required" });
+    if (!payload.assetId) errors.push({ field: "payload.assetId", error: "Asset ID is required" });
+  } else if (message.type === "descriptor_exchange") {
+    const payload = message.payload;
+    if (!payload.descriptor) errors.push({ field: "payload.descriptor", error: "Descriptor is required" });
+    if (!payload.assetId) errors.push({ field: "payload.assetId", error: "Asset ID is required" });
+    if (!payload.captureId) errors.push({ field: "payload.captureId", error: "Capture ID is required" });
+  } else if (message.type === "consensus_result") {
+    const payload = message.payload;
+    if (!payload.consensusResult) errors.push({ field: "payload.consensusResult", error: "Consensus result is required" });
+  } else if (message.type === "error") {
+    const payload = message.payload;
+    if (!payload.code) errors.push({ field: "payload.code", error: "Error code is required" });
+    if (!payload.message) errors.push({ field: "payload.message", error: "Error message is required" });
+  }
+  return {
+    valid: errors.length === 0,
+    errors
+  };
+}
+function serializeMessage(message) {
+  const json = JSON.stringify(message);
+  try {
+    return btoa(json);
+  } catch {
+    if (typeof globalThis.Buffer !== "undefined") {
+      return globalThis.Buffer.from(json).toString("base64");
+    }
+    throw new Error("No base64 encoder available");
+  }
+}
+function deserializeMessage(data) {
+  let json;
+  try {
+    try {
+      json = atob(data);
+    } catch {
+      if (typeof globalThis.Buffer !== "undefined") {
+        json = globalThis.Buffer.from(data, "base64").toString("utf-8");
+      } else {
+        throw new Error("Failed to decode base64 message");
+      }
+    }
+  } catch {
+    throw new Error("Failed to decode base64 message");
+  }
+  try {
+    return JSON.parse(json);
+  } catch {
+    throw new Error("Failed to parse message JSON");
+  }
+}
+// src/m2m/audit-trail.ts
+function simpleHash(data) {
+  let hash = 0;
+  for (let i = 0; i < data.length; i++) {
+    const char = data.charCodeAt(i);
+    hash = (hash << 5) - hash + char;
+    hash = hash & hash;
+  }
+  return Math.abs(hash).toString(16).padStart(16, "0");
+}
+function generateRecordId() {
+  return `rec_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
+}
+async function computeRecordHash(record) {
+  const data = JSON.stringify({
+    id: record.id,
+    type: record.type,
+    assetId: record.assetId,
+    deviceIds: record.deviceIds,
+    timestamp: record.timestamp,
+    previousHash: record.previousHash,
+    data: record.data
+  });
+  if (typeof globalThis !== "undefined" && globalThis.crypto?.subtle) {
+    try {
+      const encoder = new TextEncoder();
+      const hashBuffer = await globalThis.crypto.subtle.digest("SHA-256", encoder.encode(data));
+      const hashArray = Array.from(new Uint8Array(hashBuffer));
+      return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
+    } catch {
+      return simpleHash(data);
+    }
+  }
+  return simpleHash(data);
+}
+function createAuditChain(chainId) {
+  return {
+    records: [],
+    chainId: chainId || `chain_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    lastHash: "0"
+  };
+}
+async function appendRecord(chain, type, assetId, deviceIds, data) {
+  const record = {
+    id: generateRecordId(),
+    type,
+    assetId,
+    deviceIds,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    previousHash: chain.lastHash,
+    data
+  };
+  const hash = await computeRecordHash(record);
+  const auditRecord = {
+    ...record,
+    hash
+  };
+  chain.records.push(auditRecord);
+  chain.lastHash = hash;
+  return auditRecord;
+}
+async function verifyChain(chain) {
+  if (chain.records.length === 0) {
+    return { valid: true };
+  }
+  let previousHash = "0";
+  for (let i = 0; i < chain.records.length; i++) {
+    const record = chain.records[i];
+    if (record.previousHash !== previousHash) {
+      return {
+        valid: false,
+        brokenAt: i,
+        error: `Chain broken at record ${i}: previousHash mismatch`
+      };
+    }
+    const recordData = {
+      id: record.id,
+      type: record.type,
+      assetId: record.assetId,
+      deviceIds: record.deviceIds,
+      timestamp: record.timestamp,
+      previousHash: record.previousHash,
+      data: record.data
+    };
+    const computedHash = await computeRecordHash(recordData);
+    if (record.hash !== computedHash) {
+      return {
+        valid: false,
+        brokenAt: i,
+        error: `Chain broken at record ${i}: hash mismatch`
+      };
+    }
+    previousHash = record.hash;
+  }
+  if (previousHash !== chain.lastHash) {
+    return {
+      valid: false,
+      error: "Final record hash does not match chain lastHash"
+    };
+  }
+  return { valid: true };
+}
+function exportChain(chain) {
+  return JSON.stringify(chain, null, 2);
+}
+async function importChain(data) {
+  try {
+    const chain = JSON.parse(data);
+    if (!chain.chainId) {
+      throw new Error("Invalid chain: missing chainId");
+    }
+    if (!Array.isArray(chain.records)) {
+      throw new Error("Invalid chain: records is not an array");
+    }
+    if (!chain.createdAt) {
+      throw new Error("Invalid chain: missing createdAt");
+    }
+    if (!chain.lastHash) {
+      throw new Error("Invalid chain: missing lastHash");
+    }
+    const verification = await verifyChain(chain);
+    if (!verification.valid) {
+      throw new Error(`Invalid chain: ${verification.error}`);
+    }
+    return chain;
+  } catch (error) {
+    if (error instanceof SyntaxError) {
+      throw new Error("Failed to parse chain JSON");
+    }
+    throw error;
+  }
+}
+// src/resources/m2m.ts
+var M2MResource = class {
+  constructor(request) {
+    this.request = request;
+  }
+  request;
+  /**
+   * Initiate an M2M challenge for an asset.
+   */
+  async initiateChallenge(params) {
+    return this.request({
+      method: "POST",
+      path: "/v1/m2m/challenge",
+      body: {
+        asset_id: params.assetId,
+        algorithm: params.algorithm ?? "ed25519",
+        ttl_seconds: params.ttlSeconds ?? 60
+      }
+    });
+  }
+  /**
+   * Verify an M2M challenge response.
+   */
+  async verify(params) {
+    return this.request({
+      method: "POST",
+      path: "/v1/m2m/verify",
+      body: {
+        challenge_id: params.challengeId,
+        response: params.response,
+        device_id: params.deviceId
+      }
+    });
+  }
+  /**
+   * Register a verifier device.
+   */
+  async registerDevice(params) {
+    return this.request({
+      method: "POST",
+      path: "/v1/m2m/devices",
+      body: params
+    });
+  }
+  /**
+   * Get a verifier device by ID.
+   */
+  async getDevice(deviceId) {
+    return this.request({
+      method: "GET",
+      path: `/v1/m2m/devices/${encodeURIComponent(deviceId)}`
+    });
+  }
+  /**
+   * List all registered verifier devices.
+   */
+  async listDevices() {
+    const response = await this.request({
+      method: "GET",
+      path: "/v1/m2m/devices"
+    });
+    return response.data;
+  }
+  /**
+   * Revoke a verifier device.
+   */
+  async revokeDevice(deviceId) {
+    return this.request({
+      method: "DELETE",
+      path: `/v1/m2m/devices/${encodeURIComponent(deviceId)}`
+    });
+  }
+  /**
+   * Evaluate consensus between two physical descriptors (local operation, no API call)
+   */
+  consensus(descriptorA, descriptorB, config) {
+    return evaluateConsensus(descriptorA, descriptorB, config);
+  }
+  /**
+   * Create a new local audit trail (no API call)
+   */
+  createAuditTrail(chainId) {
+    return createAuditChain(chainId);
+  }
+  /**
+   * Verify audit trail integrity (local operation, no API call)
+   */
+  async verifyAuditTrail(chain) {
+    return verifyChain(chain);
+  }
+};
 // src/resources/provenance.ts
 var ProvenanceResource = class {
   constructor(request) {
     this.request = request;
   }
+  request;
   /**
    * Record a new provenance event in the chain.
    *
@@ -815,6 +1459,7 @@ var SchemasResource = class {
   constructor(request) {
     this.request = request;
   }
+  request;
   /**
    * Register or update a vertical config schema.
    * If a schema already exists for the verticalId, it will be updated.
@@ -917,10 +1562,59 @@ var SchemasResource = class {
   }
 };
+// src/resources/tenants.ts
+var TenantsResource = class {
+  constructor(request) {
+    this.request = request;
+  }
+  request;
+  /**
+   * Get information about the current tenant.
+   */
+  async getCurrent() {
+    return this.request({ method: "GET", path: "/v1/tenant" });
+  }
+  /**
+   * Get resource limits for the current tenant based on their plan.
+   */
+  async getLimits() {
+    return this.request({ method: "GET", path: "/v1/tenant/limits" });
+  }
+  /**
+   * Get usage metrics for a specified period.
+   */
+  async getUsage(params) {
+    const query = params ? this.buildQuery(params) : "";
+    return this.request({ method: "GET", path: `/v1/tenant/usage${query}` });
+  }
+  /**
+   * Get usage metrics broken down by endpoint, key, or resource.
+   */
+  async getUsageBreakdown(params) {
+    const query = params ? this.buildQuery(params) : "";
+    const result = await this.request({
+      method: "GET",
+      path: `/v1/tenant/usage/breakdown${query}`
+    });
+    return result.data;
+  }
+  // ─────────────────────────────────────────────────────────────────────────
+  // PRIVATE HELPERS
+  // ─────────────────────────────────────────────────────────────────────────
+  buildQuery(params) {
+    const entries = Object.entries(params).filter(([, v]) => v !== void 0);
+    if (entries.length === 0) return "";
+    const qs = new URLSearchParams(
+      entries.map(([k, v]) => [k, String(v)])
+    );
+    return `?${qs.toString()}`;
+  }
+};
 // src/client.ts
 var DEFAULT_BASE_URL = "https://api.optropic.com";
 var DEFAULT_TIMEOUT = 3e4;
-var SDK_VERSION = "2.4.0";
+var SDK_VERSION = "2.5.0";
 var SANDBOX_PREFIXES = ["optr_test_"];
 var DEFAULT_RETRY_CONFIG = {
   maxRetries: 3,
@@ -937,12 +1631,15 @@ var OptropicClient = class {
   _rateLimit = null;
   assets;
   audit;
+  batches;
   compliance;
   documents;
   keys;
   keysets;
+  m2m;
   provenance;
   schemas;
+  tenants;
   constructor(config) {
     if (!config.apiKey || !this.isValidApiKey(config.apiKey)) {
       throw new AuthenticationError(
@@ -971,12 +1668,15 @@ var OptropicClient = class {
     const boundRequest = this.request.bind(this);
     this.assets = new AssetsResource(boundRequest, this);
     this.audit = new AuditResource(boundRequest);
+    this.batches = new BatchesResource(boundRequest);
     this.compliance = new ComplianceResource(boundRequest);
     this.documents = new DocumentsResource(boundRequest);
     this.keys = new KeysResource(boundRequest);
     this.keysets = new KeysetsResource(boundRequest);
+    this.m2m = new M2MResource(boundRequest);
     this.provenance = new ProvenanceResource(boundRequest);
     this.schemas = new SchemasResource(boundRequest);
+    this.tenants = new TenantsResource(boundRequest);
   }
   // ─────────────────────────────────────────────────────────────────────────
   // ENVIRONMENT DETECTION
@@ -997,6 +1697,18 @@ var OptropicClient = class {
   get rateLimit() {
     return this._rateLimit;
   }
+  /**
+   * Get quota information for the current API key.
+   * Based on the last known rate limit from previous API calls.
+   */
+  getQuota() {
+    return {
+      limit: this._rateLimit?.limit ?? 0,
+      remaining: this._rateLimit?.remaining ?? 0,
+      reset: this._rateLimit?.reset,
+      resetAt: this._rateLimit?.reset
+    };
+  }
   // ─────────────────────────────────────────────────────────────────────────
   // DEBUG LOGGING
   // ─────────────────────────────────────────────────────────────────────────
@@ -1416,6 +2128,594 @@ function validateDPPMetadata(metadata) {
   }
   return { valid: errors.length === 0, errors };
 }
+function validateBatteryPassport(data) {
+  const errors = [];
+  const warnings = [];
+  if (!data.manufacturerIdentification) {
+    errors.push("manufacturerIdentification is required (Annex XIII)");
+  }
+  if (!data.manufacturingDate) {
+    errors.push("manufacturingDate is required (Annex XIII)");
+  } else if (!/^\d{4}-\d{2}-\d{2}/.test(data.manufacturingDate)) {
+    errors.push("manufacturingDate must be in ISO 8601 format (YYYY-MM-DD)");
+  }
+  if (!data.manufacturingPlace) {
+    errors.push("manufacturingPlace is required (Annex XIII)");
+  }
+  if (data.batteryWeight === void 0 || data.batteryWeight <= 0) {
+    errors.push("batteryWeight must be a positive number (Annex XIII)");
+  }
+  if (!data.batteryStatus) {
+    errors.push("batteryStatus is required (Annex XIII)");
+  } else if (!["original", "repurposed", "remanufactured", "waste"].includes(data.batteryStatus)) {
+    errors.push(
+      "batteryStatus must be one of: original, repurposed, remanufactured, waste (Annex XIII)"
+    );
+  }
+  if (data.ratedCapacityAh === void 0 || data.ratedCapacityAh <= 0) {
+    errors.push("ratedCapacityAh must be a positive number (Annex XIII)");
+  }
+  if (data.voltageMinV === void 0 || data.voltageMinV < 0) {
+    errors.push("voltageMinV must be a non-negative number (Annex XIII)");
+  }
+  if (data.voltageMaxV === void 0 || data.voltageMaxV < 0) {
+    errors.push("voltageMaxV must be a non-negative number (Annex XIII)");
+  }
+  if (data.voltageNominalV === void 0 || data.voltageNominalV < 0) {
+    errors.push("voltageNominalV must be a non-negative number (Annex XIII)");
+  }
+  if (data.voltageMinV !== void 0 && data.voltageMaxV !== void 0 && data.voltageMinV > data.voltageMaxV) {
+    errors.push("voltageMinV must be less than or equal to voltageMaxV");
+  }
+  if (data.temperatureRangeMinC === void 0) {
+    errors.push("temperatureRangeMinC is required (Annex XIII)");
+  }
+  if (data.temperatureRangeMaxC === void 0) {
+    errors.push("temperatureRangeMaxC is required (Annex XIII)");
+  }
+  if (data.temperatureRangeMinC !== void 0 && data.temperatureRangeMaxC !== void 0 && data.temperatureRangeMinC > data.temperatureRangeMaxC) {
+    errors.push("temperatureRangeMinC must be less than or equal to temperatureRangeMaxC");
+  }
+  if (data.originalPowerCapabilityW === void 0 || data.originalPowerCapabilityW < 0) {
+    errors.push("originalPowerCapabilityW must be a non-negative number (Annex XIII)");
+  }
+  if (data.roundTripEfficiency === void 0 || data.roundTripEfficiency < 0 || data.roundTripEfficiency > 100) {
+    errors.push("roundTripEfficiency must be between 0 and 100 (Annex XIII)");
+  }
+  if (data.internalResistanceOhm === void 0 || data.internalResistanceOhm < 0) {
+    errors.push("internalResistanceOhm must be a non-negative number (Annex XIII)");
+  }
+  if (!data.cellChemistryDetail) {
+    errors.push("cellChemistryDetail is required (Annex XIII)");
+  }
+  if (!data.hazardousSubstances || !Array.isArray(data.hazardousSubstances)) {
+    errors.push("hazardousSubstances must be an array (Annex XIII)");
+  }
+  if (data.carbonFootprintPerKwh === void 0 || data.carbonFootprintPerKwh < 0) {
+    errors.push("carbonFootprintPerKwh must be a non-negative number (Annex XIII)");
+  }
+  if (!data.carbonFootprintStudyUrl) {
+    errors.push("carbonFootprintStudyUrl is required (Annex XIII)");
+  } else if (!isValidUrl(data.carbonFootprintStudyUrl)) {
+    warnings.push("carbonFootprintStudyUrl appears to be invalid");
+  }
+  if (!data.supplyChainDueDiligencePolicy) {
+    errors.push("supplyChainDueDiligencePolicy is required (Annex XIII)");
+  } else if (!isValidUrl(data.supplyChainDueDiligencePolicy)) {
+    warnings.push("supplyChainDueDiligencePolicy appears to be invalid");
+  }
+  if (!data.thirdPartyVerifierId) {
+    errors.push("thirdPartyVerifierId is required (Annex XIII)");
+  }
+  if (!data.dismantlingInstructions) {
+    errors.push("dismantlingInstructions is required (Annex XIII)");
+  } else if (!isValidUrl(data.dismantlingInstructions)) {
+    warnings.push("dismantlingInstructions appears to be invalid");
+  }
+  if (!data.safetyInstructions) {
+    errors.push("safetyInstructions is required (Annex XIII)");
+  } else if (!isValidUrl(data.safetyInstructions)) {
+    warnings.push("safetyInstructions appears to be invalid");
+  }
+  if (!data.extinguishingAgent) {
+    errors.push("extinguishingAgent is required (Annex XIII)");
+  }
+  if (data.chemistry && !data.cellChemistryDetail) {
+    warnings.push("cellChemistryDetail should provide more detail than chemistry type");
+  }
+  if (data.hazardousSubstances && data.hazardousSubstances.length === 0) {
+    warnings.push("hazardousSubstances array is empty; all batteries contain some hazardous materials");
+  }
+  return {
+    valid: errors.length === 0,
+    errors,
+    warnings
+  };
+}
+function buildBatteryPassportQR(metadata) {
+  if (!metadata.productId) {
+    throw new Error("productId is required to build battery passport QR");
+  }
+  let serialNumber;
+  if (metadata.sectorData && "type" in metadata.sectorData && metadata.sectorData.type === "battery") {
+  }
+  let uri = `https://id.gs1.org/01/${metadata.productId}`;
+  if (serialNumber) {
+    uri += `/21/${serialNumber}`;
+  }
+  return uri;
+}
+function isValidUrl(urlString) {
+  try {
+    new URL(urlString);
+    return true;
+  } catch {
+    return false;
+  }
+}
+// src/gs1-resolver.ts
+var DEFAULT_GS1_DOMAIN = "https://id.gs1.org";
+var AI_LABELS = {
+  "01": "GTIN",
+  "21": "Serial Number",
+  "10": "Batch/Lot Number",
+  "11": "Production Date",
+  "17": "Expiry Date",
+  "3103": "Net Weight (kg)",
+  "3922": "Price",
+  "8200": "URL",
+  "254": "Extension",
+  "414": "Global Location Number"
+};
+function validateGTIN(gtin) {
+  const cleaned = gtin.replace(/\D/g, "");
+  if (![8, 12, 13, 14].includes(cleaned.length)) {
+    return {
+      valid: false,
+      checkDigit: -1,
+      message: `Invalid GTIN length: ${cleaned.length}. Must be 8, 12, 13, or 14 digits.`
+    };
+  }
+  const digits = cleaned.split("").map(Number);
+  const checkDigitProvided = digits[digits.length - 1];
+  const contentDigits = digits.slice(0, -1);
+  let sum = 0;
+  let multiplier = 3;
+  for (let i = contentDigits.length - 1; i >= 0; i--) {
+    sum += contentDigits[i] * multiplier;
+    multiplier = multiplier === 3 ? 1 : 3;
+  }
+  const checkDigitCalculated = (10 - sum % 10) % 10;
+  const valid = checkDigitCalculated === checkDigitProvided;
+  return {
+    valid,
+    checkDigit: checkDigitCalculated,
+    message: valid ? `Valid GTIN check digit: ${checkDigitCalculated}` : `Invalid check digit. Expected ${checkDigitCalculated}, got ${checkDigitProvided}`
+  };
+}
+function parseGS1DigitalLink(uri) {
+  const url = new URL(uri);
+  const domain = `${url.protocol}//${url.hostname}`;
+  const pathname = url.pathname;
+  const allComponents = [];
+  let gtin;
+  let serialNumber;
+  let batchLot;
+  let productionDate;
+  let expiryDate;
+  let netWeightKg;
+  let price;
+  let urlValue;
+  let gln;
+  let extension;
+  let queryParams;
+  const pathParts = pathname.split("/").filter((p) => p);
+  let i = 0;
+  while (i < pathParts.length - 1) {
+    const ai = pathParts[i];
+    const value = pathParts[i + 1];
+    const label = AI_LABELS[ai] || `AI ${ai}`;
+    allComponents.push({ ai, value, label });
+    switch (ai) {
+      case "01":
+        gtin = value;
+        break;
+      case "21":
+        serialNumber = value;
+        break;
+      case "10":
+        batchLot = value;
+        break;
+      case "11":
+        productionDate = parseGS1Date(value);
+        break;
+      case "17":
+        expiryDate = parseGS1Date(value);
+        break;
+      case "3103":
+        netWeightKg = parseFloat(value);
+        break;
+      case "3922":
+        price = value;
+        break;
+      case "8200":
+        urlValue = value;
+        break;
+      case "414":
+        gln = value;
+        break;
+      case "254":
+        extension = value;
+        break;
+    }
+    i += 2;
+  }
+  const params = {};
+  url.searchParams.forEach((value, key) => {
+    params[key] = value;
+  });
+  if (Object.keys(params).length > 0) {
+    queryParams = params;
+  }
+  const result = {
+    domain,
+    gtin,
+    serialNumber,
+    batchLot,
+    productionDate,
+    expiryDate,
+    netWeightKg,
+    price,
+    url: urlValue,
+    gln,
+    extension,
+    allComponents,
+    queryParams
+  };
+  return result;
+}
+function buildGS1DigitalLink(input) {
+  const domain = input.domain || DEFAULT_GS1_DOMAIN;
+  const parts = [];
+  if (!input.gtin) {
+    throw new Error("GTIN is required to build a GS1 Digital Link URI");
+  }
+  const validation = validateGTIN(input.gtin);
+  if (!validation.valid) {
+    throw new Error(`Invalid GTIN: ${validation.message}`);
+  }
+  parts.push("01", input.gtin);
+  if (input.serialNumber) {
+    parts.push("21", input.serialNumber);
+  }
+  if (input.batchLot) {
+    parts.push("10", input.batchLot);
+  }
+  if (input.productionDate) {
+    parts.push("11", formatGS1Date(input.productionDate));
+  }
+  if (input.expiryDate) {
+    parts.push("17", formatGS1Date(input.expiryDate));
+  }
+  if (input.netWeightKg !== void 0) {
+    parts.push("3103", input.netWeightKg.toString());
+  }
+  if (input.price) {
+    parts.push("3922", input.price);
+  }
+  if (input.url) {
+    parts.push("8200", input.url);
+  }
+  if (input.gln) {
+    parts.push("414", input.gln);
+  }
+  if (input.extension) {
+    parts.push("254", input.extension);
+  }
+  let uri = `${domain}/${parts.join("/")}`;
+  if (input.queryParams && Object.keys(input.queryParams).length > 0) {
+    const params = new URLSearchParams(input.queryParams);
+    uri += `?${params.toString()}`;
+  }
+  return uri;
+}
+function mapToOptropicAsset(parsed) {
+  if (!parsed.gtin) {
+    throw new Error("GTIN is required for Optropic asset mapping");
+  }
+  let lookupQuery = `gtin:"${parsed.gtin}"`;
+  if (parsed.serialNumber) {
+    lookupQuery += ` AND serial:"${parsed.serialNumber}"`;
+  }
+  if (parsed.batchLot) {
+    lookupQuery += ` AND batch:"${parsed.batchLot}"`;
+  }
+  const lookup = {
+    productId: parsed.gtin,
+    serialNumber: parsed.serialNumber,
+    batchId: parsed.batchLot,
+    lookupQuery
+  };
+  return lookup;
+}
+function generateQRCodePayload(input) {
+  const uri = buildGS1DigitalLink(input);
+  return {
+    type: "gs1-digital-link",
+    data: uri,
+    encodingMode: "url"
+  };
+}
+function isValidAI(ai) {
+  return Object.prototype.hasOwnProperty.call(AI_LABELS, ai);
+}
+function getAILabel(ai) {
+  return AI_LABELS[ai];
+}
+function getSupportedAIs() {
+  return Object.keys(AI_LABELS);
+}
+function parseGS1Date(gs1Date) {
+  if (gs1Date.length !== 6) {
+    return gs1Date;
+  }
+  const yy = parseInt(gs1Date.substring(0, 2), 10);
+  const mm = gs1Date.substring(2, 4);
+  const dd = gs1Date.substring(4, 6);
+  const yyyy = 2e3 + yy;
+  return `${yyyy}-${mm}-${dd}`;
+}
+function formatGS1Date(isoDate) {
+  let cleaned = isoDate.replace(/-/g, "");
+  if (cleaned.length !== 8) {
+    return isoDate;
+  }
+  const yyyy = cleaned.substring(0, 4);
+  const mm = cleaned.substring(4, 6);
+  const dd = cleaned.substring(6, 8);
+  const yy = (parseInt(yyyy, 10) % 100).toString().padStart(2, "0");
+  return `${yy}${mm}${dd}`;
+}
+// src/dpp-access.ts
+var DPPAccessLevel = {
+  /** Consumer-facing public data. */
+  PUBLIC: "public",
+  /** Verified supply chain partner. */
+  AUTHENTICATED: "authenticated",
+  /** Market surveillance authority. */
+  REGULATORY: "regulatory",
+  /** Economic operator (data owner). */
+  OWNER: "owner",
+  /**
+   * Check if a level has at least the privilege of another.
+   * Useful for authorization checks.
+   *
+   * @example
+   * ```typescript
+   * DPPAccessLevel.isAtLeast('regulatory', 'authenticated'); // true
+   * DPPAccessLevel.isAtLeast('public', 'regulatory');        // false
+   * ```
+   */
+  isAtLeast(level, required) {
+    return LEVEL_RANK[level] >= LEVEL_RANK[required];
+  }
+};
+var LEVEL_RANK = {
+  public: 0,
+  authenticated: 1,
+  regulatory: 2,
+  owner: 3
+};
+var DEFAULT_FIELD_VISIBILITY = [
+  // ── Public fields ─────────────────────────────────────────────────────
+  { field: "productId", minLevel: "public" },
+  { field: "productName", minLevel: "public" },
+  { field: "manufacturer", minLevel: "public" },
+  { field: "countryOfOrigin", minLevel: "public" },
+  { field: "category", minLevel: "public" },
+  { field: "carbonFootprint", minLevel: "public" },
+  { field: "recycledContent", minLevel: "public" },
+  { field: "durabilityYears", minLevel: "public" },
+  { field: "repairabilityScore", minLevel: "public" },
+  { field: "dppRegistryId", minLevel: "public" },
+  // ── Authenticated fields ──────────────────────────────────────────────
+  {
+    field: "substancesOfConcern",
+    minLevel: "authenticated",
+    // Battery regulation requires public disclosure of substances
+    categoryOverride: { battery: "public" }
+  },
+  { field: "conformityDeclarations", minLevel: "authenticated" },
+  {
+    field: "sectorData",
+    minLevel: "authenticated",
+    // Battery basic data (chemistry, capacity) is public per Battery Regulation Art. 13
+    categoryOverride: { battery: "public" }
+  },
+  // ── Regulatory fields ─────────────────────────────────────────────────
+  // (These map to DPPMetadata extensions that may be added; included for future-proofing)
+  { field: "internalBatchId", minLevel: "regulatory" },
+  { field: "auditTrailRef", minLevel: "regulatory" },
+  { field: "manufacturingDate", minLevel: "regulatory" },
+  { field: "facilityId", minLevel: "regulatory" },
+  // ── Owner-only fields ─────────────────────────────────────────────────
+  { field: "costData", minLevel: "owner" },
+  { field: "supplierContracts", minLevel: "owner" },
+  { field: "internalNotes", minLevel: "owner" }
+];
+function getDPPAccessPolicy(overrides) {
+  const fields = overrides ?? DEFAULT_FIELD_VISIBILITY;
+  return {
+    defaultLevel: "public",
+    fields,
+    redactionMode: "omit"
+  };
+}
+function filterDPPByAccess(metadata, context, policy) {
+  const effectivePolicy = policy ?? getDPPAccessPolicy();
+  const result = {};
+  const showRedacted = context.showRedacted ?? effectivePolicy.redactionMode === "placeholder";
+  for (const [key, value] of Object.entries(metadata)) {
+    const rule = effectivePolicy.fields.find((f) => f.field === key);
+    if (!rule) {
+      if (DPPAccessLevel.isAtLeast(context.level, "owner")) {
+        result[key] = value;
+      } else if (showRedacted) {
+        result[key] = "[REDACTED]";
+      }
+      continue;
+    }
+    let effectiveMinLevel = rule.minLevel;
+    if (context.category && rule.categoryOverride?.[context.category]) {
+      effectiveMinLevel = rule.categoryOverride[context.category];
+    }
+    if (DPPAccessLevel.isAtLeast(context.level, effectiveMinLevel)) {
+      result[key] = value;
+    } else if (showRedacted) {
+      result[key] = "[REDACTED]";
+    }
+  }
+  return result;
+}
+// src/epcis.ts
+var MAPPING_TABLE = {
+  manufactured: {
+    eventType: "TransformationEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:commissioning",
+    disposition: "urn:epcglobal:cbv:disp:active",
+    exact: true,
+    note: "Raw materials transformed into finished product; new EPC commissioned."
+  },
+  labeled: {
+    eventType: "ObjectEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:encoding",
+    disposition: "urn:epcglobal:cbv:disp:encoded",
+    exact: true,
+    note: "Physical label or tag applied/encoded on the product."
+  },
+  enrolled: {
+    eventType: "ObjectEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:commissioning",
+    disposition: "urn:epcglobal:cbv:disp:active",
+    exact: false,
+    note: "Optropic-specific: substrate fingerprint captured. Mapped to commissioning as closest EPCIS equivalent."
+  },
+  shipped: {
+    eventType: "ObjectEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:shipping",
+    disposition: "urn:epcglobal:cbv:disp:in_transit",
+    exact: true,
+    note: "Product shipped from origin; enters transit."
+  },
+  received: {
+    eventType: "ObjectEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:receiving",
+    disposition: "urn:epcglobal:cbv:disp:active",
+    exact: true,
+    note: "Product received at destination."
+  },
+  transferred: {
+    eventType: "TransactionEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:holding",
+    disposition: "urn:epcglobal:cbv:disp:active",
+    exact: false,
+    note: "Ownership transfer. TransactionEvent captures business transaction linkage; disposition remains active."
+  },
+  verified: {
+    eventType: "ObjectEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:inspecting",
+    disposition: "urn:epcglobal:cbv:disp:active",
+    exact: true,
+    note: "Product authenticity or integrity verified."
+  },
+  recalled: {
+    eventType: "ObjectEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:holding",
+    disposition: "urn:epcglobal:cbv:disp:recalled",
+    exact: true,
+    note: "Product recalled; removed from distribution."
+  },
+  destroyed: {
+    eventType: "ObjectEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:decommissioning",
+    disposition: "urn:epcglobal:cbv:disp:destroyed",
+    exact: true,
+    note: "Product destroyed; EPC decommissioned."
+  },
+  custom: {
+    eventType: "ObjectEvent",
+    bizStep: "urn:epcglobal:cbv:bizstep:holding",
+    disposition: "urn:epcglobal:cbv:disp:active",
+    exact: false,
+    note: "Custom event with no direct EPCIS equivalent; mapped to generic observation."
+  }
+};
+function mapToEPCIS(eventType) {
+  return MAPPING_TABLE[eventType] ?? MAPPING_TABLE.custom;
+}
+function getEPCISMappingTable() {
+  return MAPPING_TABLE;
+}
+function toEPCISEvent(event, options) {
+  const mapping = mapToEPCIS(event.eventType);
+  const timezoneOffset = options?.timezoneOffset ?? "+00:00";
+  const epcisEvent = {
+    type: mapping.eventType,
+    eventTime: event.timestamp,
+    eventTimeZoneOffset: timezoneOffset,
+    bizStep: mapping.bizStep,
+    disposition: mapping.disposition,
+    epcList: [assetIdToEPC(event.assetId, options?.gs1CompanyPrefix)],
+    ...event.location?.facility && {
+      readPoint: {
+        id: buildLocationUri(event.location, "readPoint", options?.gs1CompanyPrefix)
+      }
+    },
+    ...event.location?.facility && {
+      bizLocation: {
+        id: buildLocationUri(event.location, "bizLocation", options?.gs1CompanyPrefix)
+      }
+    },
+    "optropic:provenanceEventId": event.id,
+    "optropic:chainSequence": event.chainSequence,
+    "optropic:eventHash": event.eventHash
+  };
+  return epcisEvent;
+}
+function buildEPCISDocument(events) {
+  return {
+    "@context": [
+      "https://ref.gs1.org/standards/epcis/2.0.0/epcis-context.jsonld",
+      { optropic: "https://api.optropic.com/ns/epcis/" }
+    ],
+    type: "EPCISDocument",
+    schemaVersion: "2.0",
+    creationDate: (/* @__PURE__ */ new Date()).toISOString(),
+    epcisBody: {
+      eventList: events
+    }
+  };
+}
+function provenanceChainToEPCIS(events, options) {
+  const epcisEvents = events.map((e) => toEPCISEvent(e, options));
+  return buildEPCISDocument(epcisEvents);
+}
+function assetIdToEPC(assetId, gs1CompanyPrefix) {
+  if (gs1CompanyPrefix && /^\d{8,14}$/.test(assetId)) {
+    return `urn:epc:id:sgtin:${gs1CompanyPrefix}.${assetId}`;
+  }
+  return `urn:optropic:asset:${assetId}`;
+}
+function buildLocationUri(location, _type, gs1CompanyPrefix) {
+  if (gs1CompanyPrefix && location.facility) {
+    return `urn:epc:id:sgln:${gs1CompanyPrefix}.${encodeURIComponent(location.facility)}`;
+  }
+  const parts = [location.country, location.region, location.facility].filter(Boolean);
+  return `urn:optropic:location:${parts.join(":")}`;
+}
 // src/webhooks.ts
 async function computeHmacSha256(secret, message) {
@@ -1462,21 +2762,610 @@ async function verifyWebhookSignature(options) {
   return { valid: true };
 }
+// src/stanag/uid.ts
+function encodeNATOUID(data) {
+  if (!isValidCAGE(data.cage_ncage)) {
+    throw new Error(`Invalid CAGE/NCAGE code: ${data.cage_ncage}`);
+  }
+  const parts = [
+    `25S${data.cage_ncage}`,
+    data.partNumber,
+    data.serialNumber
+  ];
+  if (data.batchLot) {
+    parts.push(`LOT:${data.batchLot}`);
+  }
+  if (data.enterpriseId) {
+    parts.push(`ENT:${data.enterpriseId}`);
+  }
+  if (data.encoding && data.encoding !== "IUID") {
+    parts.push(`ENC:${data.encoding}`);
+  }
+  return parts.join("|");
+}
+function decodeNATOUID(encoded) {
+  const parts = encoded.split("|");
+  if (!parts[0]?.startsWith("25S")) {
+    throw new Error('Invalid NATO UID format: must start with DI "25S"');
+  }
+  const firstPart = parts[0].substring(3);
+  const cage_ncage = firstPart.substring(0, 5);
+  if (parts.length < 3) {
+    throw new Error("Invalid NATO UID: insufficient components");
+  }
+  const partNumber = parts[1];
+  const serialNumber = parts[2];
+  let batchLot;
+  let enterpriseId;
+  let encoding = "IUID";
+  for (let i = 3; i < parts.length; i++) {
+    const part = parts[i];
+    if (part?.startsWith("LOT:")) {
+      batchLot = part.substring(4);
+    } else if (part?.startsWith("ENT:")) {
+      enterpriseId = part.substring(4);
+    } else if (part?.startsWith("ENC:")) {
+      encoding = part.substring(4);
+    }
+  }
+  if (!isValidCAGE(cage_ncage)) {
+    throw new Error(`Invalid CAGE/NCAGE in decoded UID: ${cage_ncage}`);
+  }
+  return {
+    cage_ncage,
+    partNumber,
+    serialNumber,
+    batchLot,
+    enterpriseId,
+    encoding
+  };
+}
+function validateNATOUID(uid) {
+  const errors = [];
+  if (!uid) {
+    return { valid: false, errors: ["UID cannot be empty"] };
+  }
+  if (!uid.startsWith("25S")) {
+    errors.push('UID must start with DI "25S"');
+  }
+  const parts = uid.split("|");
+  if (parts.length < 3) {
+    errors.push("UID must contain at least CAGE, part number, and serial");
+  }
+  if (parts[0]) {
+    const cage = parts[0].substring(3);
+    if (!isValidCAGE(cage)) {
+      errors.push(`Invalid CAGE/NCAGE code: ${cage}`);
+    }
+  }
+  return {
+    valid: errors.length === 0,
+    errors
+  };
+}
+function isValidCAGE(code) {
+  return /^[A-Z0-9]{5}$/.test(code);
+}
+function mapNATOUIDToOptropic(uid) {
+  const assetId = encodeNATOUID(uid);
+  return {
+    assetId,
+    metadata: {
+      type: "nato_uid",
+      cage_ncage: uid.cage_ncage,
+      partNumber: uid.partNumber,
+      serialNumber: uid.serialNumber,
+      batchLot: uid.batchLot,
+      enterpriseId: uid.enterpriseId,
+      encoding: uid.encoding,
+      standard: "STANAG_2290"
+    }
+  };
+}
+function mapOptropicToNATOUID(_assetId, metadata) {
+  const cage_ncage = metadata.cage_ncage;
+  const partNumber = metadata.partNumber;
+  const serialNumber = metadata.serialNumber;
+  const encoding = metadata.encoding || "IUID";
+  if (!cage_ncage || !partNumber || !serialNumber) {
+    throw new Error("Missing required NATO UID fields in metadata");
+  }
+  return {
+    cage_ncage,
+    partNumber,
+    serialNumber,
+    batchLot: metadata.batchLot,
+    enterpriseId: metadata.enterpriseId,
+    encoding
+  };
+}
+function buildDefenceMetadata(classification, caveats, shelfLife) {
+  return {
+    classification,
+    handlingCaveats: caveats || [],
+    releasableTo: getNATOReleasability(classification),
+    shelfLife
+  };
+}
+function getNATOReleasability(classification) {
+  switch (classification) {
+    case "UNCLASSIFIED":
+      return ["NATO", "PUBLIC"];
+    case "RESTRICTED":
+      return ["NATO", "EU"];
+    case "CONFIDENTIAL":
+      return ["NATO"];
+    case "SECRET":
+      return ["NATO"];
+    case "NATO_SECRET":
+      return ["NATO"];
+    case "COSMIC_TOP_SECRET":
+      return ["NATO"];
+    default:
+      return [];
+  }
+}
+function validateDefenceMetadata(metadata) {
+  const errors = [];
+  if (!metadata.classification) {
+    errors.push("Classification level is required");
+  }
+  if (!Array.isArray(metadata.handlingCaveats)) {
+    errors.push("Handling caveats must be an array");
+  }
+  if (!Array.isArray(metadata.releasableTo)) {
+    errors.push("Releasable to must be an array");
+  }
+  if (metadata.shelfLife) {
+    const mfg = new Date(metadata.shelfLife.manufacturedDate);
+    const exp = new Date(metadata.shelfLife.expiryDate);
+    if (mfg >= exp) {
+      errors.push("Expiry date must be after manufactured date");
+    }
+    if (!["TYPE_I", "TYPE_II", "TYPE_III"].includes(metadata.shelfLife.type)) {
+      errors.push("Invalid shelf life type");
+    }
+  }
+  if (metadata.nsn && !/^\d{13}$/.test(metadata.nsn)) {
+    errors.push("NSN must be 13 digits");
+  }
+  return {
+    valid: errors.length === 0,
+    errors
+  };
+}
+// src/stanag/logistics.ts
+function mapMovementToProvenance(movement) {
+  const typeMap = {
+    manufacture: "MANUFACTURE",
+    receipt: "RECEIPT",
+    inspection: "INSPECTION",
+    storage: "STORAGE",
+    issue: "ISSUED",
+    transport: "TRANSPORT",
+    delivery: "DELIVERY",
+    maintenance: "MAINTENANCE",
+    repair: "REPAIR",
+    disposal: "DISPOSAL",
+    destruction: "DESTRUCTION",
+    transfer: "TRANSFER",
+    inventory: "INVENTORY"
+  };
+  return {
+    eventType: typeMap[movement.movementType] ?? "UNKNOWN",
+    timestamp: movement.timestamp,
+    actor: movement.custodian,
+    location: {
+      facility: movement.location.facility,
+      coordinates: movement.location.coordinates ? {
+        lat: movement.location.coordinates.lat,
+        lng: movement.location.coordinates.lon
+      } : void 0
+    },
+    metadata: {
+      movementId: movement.movementId,
+      itemUID: movement.itemUID,
+      supplyClass: movement.supplyClass,
+      priority: movement.priority,
+      condition: movement.condition,
+      authorizedBy: movement.authorizedBy,
+      transportMethod: movement.transportMethod,
+      receivingParty: movement.receivingParty,
+      remarks: movement.remarks
+    }
+  };
+}
+function calculateReadiness(movements, thresholds = {}) {
+  if (movements.length === 0) {
+    return {
+      overall: 0,
+      serviceablePercent: 0,
+      maintenanceCompliance: 0,
+      daysSinceInspection: 0,
+      transportEfficiency: 0,
+      recommendations: ["No movement data available for readiness assessment"],
+      assessmentAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+  }
+  const maxInventoryAge = thresholds.maxInventoryAgeDays ?? 365;
+  void thresholds.maxUnserviceablePercent;
+  const requiredMaintenance = thresholds.requiredMaintenancePercent ?? 95;
+  const conditions = movements.map((m) => m.condition);
+  const serviceableCount = conditions.filter((c) => c === "serviceable").length;
+  const serviceablePercent = serviceableCount / conditions.length * 100;
+  const maintenances = movements.filter((m) => m.movementType === "maintenance" || m.movementType === "repair");
+  const maintenancePercent = maintenances.length / Math.max(movements.length, 1) * 100;
+  const inspections = movements.filter((m) => m.movementType === "inspection");
+  const now = /* @__PURE__ */ new Date();
+  let daysSinceInspection = 0;
+  if (inspections.length > 0) {
+    const lastInspection = new Date(inspections[inspections.length - 1].timestamp);
+    daysSinceInspection = Math.floor((now.getTime() - lastInspection.getTime()) / (1e3 * 60 * 60 * 24));
+  } else {
+    daysSinceInspection = maxInventoryAge;
+  }
+  const transports = movements.filter((m) => m.movementType === "transport");
+  let transportEfficiency = 100;
+  if (transports.length > 0) {
+    const avgDelay = transports.reduce((sum, m) => {
+      const timestamp = new Date(m.timestamp);
+      const delay = Math.floor((now.getTime() - timestamp.getTime()) / (1e3 * 60 * 60));
+      return sum + delay;
+    }, 0) / transports.length;
+    transportEfficiency = Math.max(0, 100 - avgDelay / (thresholds.maxTransportHours ?? 48) * 100);
+  }
+  const weightedScore = serviceablePercent * 0.4 + Math.min(maintenancePercent, requiredMaintenance) * 0.3 + (100 - Math.min(daysSinceInspection, maxInventoryAge) / maxInventoryAge * 100) * 0.2 + transportEfficiency * 0.1;
+  const overall = Math.round(Math.max(0, Math.min(100, weightedScore)));
+  const recommendations = [];
+  if (serviceablePercent < 85) {
+    recommendations.push(`Low serviceable percentage (${Math.round(serviceablePercent)}%). Increase maintenance activities.`);
+  }
+  if (maintenancePercent < requiredMaintenance) {
+    recommendations.push(`Maintenance compliance below threshold (${Math.round(maintenancePercent)}% vs ${requiredMaintenance}% required).`);
+  }
+  if (daysSinceInspection > maxInventoryAge * 0.8) {
+    recommendations.push(`Items overdue for inspection. Last inspection ${daysSinceInspection} days ago.`);
+  }
+  if (transportEfficiency < 70) {
+    recommendations.push("Transport efficiency is degraded. Review logistics network.");
+  }
+  if (recommendations.length === 0) {
+    recommendations.push("Readiness levels are optimal. Continue routine maintenance.");
+  }
+  return {
+    overall,
+    serviceablePercent: Math.round(serviceablePercent * 10) / 10,
+    maintenanceCompliance: Math.round(maintenancePercent * 10) / 10,
+    daysSinceInspection,
+    transportEfficiency: Math.round(transportEfficiency * 10) / 10,
+    recommendations,
+    assessmentAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function validateLogisticsMovement(movement) {
+  const errors = [];
+  if (!movement.movementId) {
+    errors.push("Movement ID is required");
+  }
+  if (!movement.itemUID) {
+    errors.push("Item UID is required");
+  }
+  if (!["I", "II", "III", "IV", "V", "VI", "VII", "VIII", "IX", "X"].includes(movement.supplyClass)) {
+    errors.push("Invalid supply class");
+  }
+  if (!movement.timestamp) {
+    errors.push("Timestamp is required");
+  } else {
+    const d = new Date(movement.timestamp);
+    if (isNaN(d.getTime())) {
+      errors.push("Invalid timestamp format");
+    }
+  }
+  if (!movement.custodian) {
+    errors.push("Custodian is required");
+  }
+  return {
+    valid: errors.length === 0,
+    errors
+  };
+}
+// src/multi-tenant/platform.ts
+async function createOrganization(params) {
+  if (!params.name || !params.slug) {
+    throw new Error("Name and slug are required");
+  }
+  if (!/^[a-z0-9-]+$/.test(params.slug)) {
+    throw new Error("Slug must contain only lowercase letters, numbers, and hyphens");
+  }
+  return {
+    id: `org_${generateId()}`,
+    name: params.name,
+    slug: params.slug,
+    plan: params.plan,
+    status: "active",
+    settings: params.settings,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+async function getOrganization(orgId) {
+  if (!orgId) {
+    throw new Error("Organization ID is required");
+  }
+  throw new Error("getOrganization requires API integration");
+}
+async function updateOrganization(orgId, updates) {
+  if (!orgId) {
+    throw new Error("Organization ID is required");
+  }
+  if (updates.plan && !["starter", "professional", "enterprise", "sovereign"].includes(updates.plan)) {
+    throw new Error("Invalid plan tier");
+  }
+  if (updates.status && !["active", "suspended", "pending"].includes(updates.status)) {
+    throw new Error("Invalid organization status");
+  }
+  throw new Error("updateOrganization requires API integration");
+}
+async function listMembers(orgId) {
+  if (!orgId) {
+    throw new Error("Organization ID is required");
+  }
+  throw new Error("listMembers requires API integration");
+}
+async function inviteMember(orgId, email, role) {
+  if (!orgId || !email || !role) {
+    throw new Error("Organization ID, email, and role are required");
+  }
+  if (!isValidEmail(email)) {
+    throw new Error("Invalid email address");
+  }
+  if (!["owner", "admin", "member", "viewer", "auditor"].includes(role)) {
+    throw new Error("Invalid role");
+  }
+  return {
+    id: `invite_${generateId()}`,
+    email,
+    role,
+    invitedBy: "current_user",
+    expiresAt: new Date(Date.now() + 30 * 24 * 60 * 60 * 1e3).toISOString(),
+    // 30 days
+    status: "pending"
+  };
+}
+async function removeMember(orgId, userId) {
+  if (!orgId || !userId) {
+    throw new Error("Organization ID and user ID are required");
+  }
+  throw new Error("removeMember requires API integration");
+}
+async function updateMemberRole(orgId, userId, newRole) {
+  if (!orgId || !userId || !newRole) {
+    throw new Error("Organization ID, user ID, and new role are required");
+  }
+  if (!["owner", "admin", "member", "viewer", "auditor"].includes(newRole)) {
+    throw new Error("Invalid role");
+  }
+  throw new Error("updateMemberRole requires API integration");
+}
+async function createRLSPolicy(params) {
+  if (!params.tenantId || !params.resourceType || !params.action || !params.condition) {
+    throw new Error("All policy parameters are required");
+  }
+  validateRLSCondition(params.condition);
+  return {
+    id: `policy_${generateId()}`,
+    tenantId: params.tenantId,
+    resourceType: params.resourceType,
+    action: params.action,
+    condition: params.condition,
+    priority: params.priority ?? 100,
+    enabled: true
+  };
+}
+async function listRLSPolicies(tenantId) {
+  if (!tenantId) {
+    throw new Error("Tenant ID is required");
+  }
+  throw new Error("listRLSPolicies requires API integration");
+}
+async function deleteRLSPolicy(policyId) {
+  if (!policyId) {
+    throw new Error("Policy ID is required");
+  }
+  throw new Error("deleteRLSPolicy requires API integration");
+}
+function validateRLSCondition(condition) {
+  if (!condition.field || !condition.operator || condition.value === void 0) {
+    throw new Error("RLS condition must have field, operator, and value");
+  }
+  const validOperators = ["eq", "neq", "in", "not_in", "contains", "starts_with", "gt", "lt"];
+  if (!validOperators.includes(condition.operator)) {
+    throw new Error(`Invalid RLS operator: ${condition.operator}`);
+  }
+  if (["in", "not_in"].includes(condition.operator) && !Array.isArray(condition.value)) {
+    throw new Error(`Operator ${condition.operator} requires an array value`);
+  }
+}
+async function getUsageQuota(tenantId) {
+  if (!tenantId) {
+    throw new Error("Tenant ID is required");
+  }
+  throw new Error("getUsageQuota requires API integration");
+}
+async function updateUsageQuota(tenantId, limits) {
+  if (!tenantId) {
+    throw new Error("Tenant ID is required");
+  }
+  if (limits.assets !== void 0 && limits.assets < 0) {
+    throw new Error("Asset limit cannot be negative");
+  }
+  if (limits.storage_mb !== void 0 && limits.storage_mb < 0) {
+    throw new Error("Storage limit cannot be negative");
+  }
+  throw new Error("updateUsageQuota requires API integration");
+}
+function generateId() {
+  return Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15);
+}
+function isValidEmail(email) {
+  return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email);
+}
+function getRolePermissions(role) {
+  const permissionMap = {
+    owner: [
+      "assets:read",
+      "assets:write",
+      "assets:delete",
+      "assets:admin",
+      "members:manage",
+      "policies:manage",
+      "quotas:manage",
+      "audit:read",
+      "org:manage"
+    ],
+    admin: [
+      "assets:read",
+      "assets:write",
+      "assets:delete",
+      "members:manage",
+      "policies:manage",
+      "audit:read"
+    ],
+    member: [
+      "assets:read",
+      "assets:write",
+      "audit:read"
+    ],
+    viewer: [
+      "assets:read"
+    ],
+    auditor: [
+      "assets:read",
+      "audit:read"
+    ]
+  };
+  return permissionMap[role] || [];
+}
+// src/marketplace/partner.ts
+async function registerPartner(registration, requestFn) {
+  const result = await requestFn("POST", "/marketplace/partners", registration);
+  return result;
+}
+async function getPartner(partnerId, requestFn) {
+  const result = await requestFn("GET", `/marketplace/partners/${partnerId}`);
+  return result;
+}
+async function updatePartner(partnerId, params, requestFn) {
+  const result = await requestFn("PATCH", `/marketplace/partners/${partnerId}`, params);
+  return result;
+}
+async function getPartnerAnalytics(partnerId, period, requestFn) {
+  const result = await requestFn(
+    "GET",
+    `/marketplace/partners/${partnerId}/analytics?period=${encodeURIComponent(period)}`
+  );
+  return result;
+}
+async function listPartners(params, requestFn) {
+  const queryParams = new URLSearchParams();
+  if (params?.tier) queryParams.append("tier", params.tier);
+  if (params?.status) queryParams.append("status", params.status);
+  if (params?.type) queryParams.append("type", params.type);
+  if (params?.limit) queryParams.append("limit", params.limit.toString());
+  if (params?.offset) queryParams.append("offset", params.offset.toString());
+  const query = queryParams.toString();
+  const path = query ? `/marketplace/partners?${query}` : "/marketplace/partners";
+  const result = await requestFn("GET", path);
+  return result;
+}
+async function generatePartnerApiKey(partnerId, scopes, expiresAt, requestFn) {
+  const body = { scopes, expiresAt };
+  const result = await requestFn("POST", `/marketplace/partners/${partnerId}/keys`, body);
+  return result;
+}
+// src/marketplace/templates.ts
+async function createTemplate(partnerId, params, requestFn) {
+  const body = { ...params, partnerId };
+  const result = await requestFn("POST", "/marketplace/templates", body);
+  return result;
+}
+async function getTemplate(templateId, requestFn) {
+  const result = await requestFn("GET", `/marketplace/templates/${templateId}`);
+  return result;
+}
+async function updateTemplate(templateId, params, requestFn) {
+  const result = await requestFn("PATCH", `/marketplace/templates/${templateId}`, params);
+  return result;
+}
+async function publishTemplate(templateId, params, requestFn) {
+  const result = await requestFn("POST", `/marketplace/templates/${templateId}/publish`, params);
+  return result;
+}
+async function deprecateTemplate(templateId, params, requestFn) {
+  const result = await requestFn("POST", `/marketplace/templates/${templateId}/deprecate`, params);
+  return result;
+}
+async function listTemplates(params, requestFn) {
+  const queryParams = new URLSearchParams();
+  if (params?.category) queryParams.append("category", params.category);
+  if (params?.status) queryParams.append("status", params.status);
+  if (params?.author) queryParams.append("author", params.author);
+  if (params?.limit) queryParams.append("limit", params.limit.toString());
+  if (params?.offset) queryParams.append("offset", params.offset.toString());
+  const query = queryParams.toString();
+  const path = query ? `/marketplace/templates?${query}` : "/marketplace/templates";
+  const result = await requestFn("GET", path);
+  return result;
+}
+async function searchTemplates(query, params, requestFn) {
+  const queryParams = new URLSearchParams({ q: query });
+  if (params?.category) queryParams.append("category", params.category);
+  if (params?.limit) queryParams.append("limit", params.limit.toString());
+  const result = await requestFn(
+    "GET",
+    `/marketplace/templates/search?${queryParams.toString()}`
+  );
+  return result;
+}
+async function installTemplate(templateId, requestFn) {
+  const result = await requestFn("POST", `/marketplace/templates/${templateId}/install`);
+  return result;
+}
+async function uninstallTemplate(templateId, requestFn) {
+  const result = await requestFn("POST", `/marketplace/templates/${templateId}/uninstall`);
+  return result;
+}
+async function rateTemplate(templateId, params, requestFn) {
+  const result = await requestFn("POST", `/marketplace/templates/${templateId}/rate`, params);
+  return result;
+}
+async function validateAgainstTemplate(templateId, data, requestFn) {
+  const result = await requestFn("POST", `/marketplace/templates/${templateId}/validate`, { data });
+  return result;
+}
 // src/index.ts
-var SDK_VERSION2 = "2.4.0";
+var SDK_VERSION2 = "3.0.0";
 export {
   AssetsResource,
   AuditResource,
   AuthenticationError,
   BatchNotFoundError,
+  BatchesResource,
   CodeNotFoundError,
   ComplianceResource,
+  DPPAccessLevel,
   DocumentsResource,
   InvalidCodeError,
   InvalidGTINError,
   InvalidSerialError,
   KeysResource,
   KeysetsResource,
+  M2MResource,
   NetworkError,
   OptropicClient,
   OptropicError,
@@ -1489,13 +3378,87 @@ export {
   SchemasResource,
   ServiceUnavailableError,
   StaleFilterError,
+  TenantsResource,
   TimeoutError,
+  appendRecord,
+  buildBatteryPassportQR,
   buildDPPConfig,
+  buildDefenceMetadata,
+  buildEPCISDocument,
+  buildGS1DigitalLink,
+  calculateReadiness,
+  calibrateThreshold,
+  computeDistance,
+  computeSimilarity,
+  createAuditChain,
   createClient,
+  createConsensusResultMessage,
+  createDescriptorExchange,
   createErrorFromResponse,
+  createHandshakeAccept,
+  createHandshakeInit,
+  createOrganization,
+  createRLSPolicy,
+  createTemplate,
+  decodeNATOUID,
+  deleteRLSPolicy,
+  deprecateTemplate,
+  deserializeMessage,
+  encodeNATOUID,
+  evaluateConsensus,
+  exportChain,
+  filterDPPByAccess,
+  generatePartnerApiKey,
+  generateQRCodePayload,
+  getAILabel,
+  getDPPAccessPolicy,
+  getEPCISMappingTable,
+  getOrganization,
+  getPartner,
+  getPartnerAnalytics,
+  getRolePermissions,
+  getSupportedAIs,
+  getTemplate,
+  getUsageQuota,
+  importChain,
+  installTemplate,
+  inviteMember,
+  isValidAI,
+  listMembers,
+  listPartners,
+  listRLSPolicies,
+  listTemplates,
+  mapMovementToProvenance,
+  mapNATOUIDToOptropic,
+  mapOptropicToNATOUID,
+  mapToEPCIS,
+  mapToOptropicAsset,
   parseFilterHeader,
+  parseGS1DigitalLink,
   parseSaltsHeader,
+  provenanceChainToEPCIS,
+  publishTemplate,
+  rateTemplate,
+  registerPartner,
+  removeMember,
+  searchTemplates,
+  serializeMessage,
+  toEPCISEvent,
+  uninstallTemplate,
+  updateMemberRole,
+  updateOrganization,
+  updatePartner,
+  updateTemplate,
+  updateUsageQuota,
+  validateAgainstTemplate,
+  validateBatteryPassport,
   validateDPPMetadata,
+  validateDefenceMetadata,
+  validateGTIN,
+  validateLogisticsMovement,
+  validateMessage,
+  validateNATOUID,
+  verifyChain,
   verifyOffline,
   verifyWebhookSignature
 };