@cubist-labs/cubesigner-sdk 0.1.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. package/LICENSE-APACHE +177 -0
  2. package/LICENSE-MIT +25 -0
  3. package/NOTICE +13 -0
  4. package/README.md +470 -0
  5. package/dist/examples/ethers.d.ts +1 -0
  6. package/dist/examples/ethers.js +142 -0
  7. package/dist/spec/env/beta.json +9 -0
  8. package/dist/spec/env/gamma.json +9 -0
  9. package/dist/spec/env/prod.json +9 -0
  10. package/dist/src/client.d.ts +10 -0
  11. package/dist/src/client.js +21 -0
  12. package/dist/src/env.d.ts +15 -0
  13. package/dist/src/env.js +35 -0
  14. package/dist/src/ethers/index.d.ts +50 -0
  15. package/dist/src/ethers/index.js +122 -0
  16. package/dist/src/index.d.ts +114 -0
  17. package/dist/src/index.js +205 -0
  18. package/dist/src/key.d.ts +114 -0
  19. package/dist/src/key.js +201 -0
  20. package/dist/src/mfa.d.ts +23 -0
  21. package/dist/src/mfa.js +63 -0
  22. package/dist/src/org.d.ts +161 -0
  23. package/dist/src/org.js +264 -0
  24. package/dist/src/role.d.ts +224 -0
  25. package/dist/src/role.js +256 -0
  26. package/dist/src/schema.d.ts +3049 -0
  27. package/dist/src/schema.js +7 -0
  28. package/dist/src/session/generic.d.ts +47 -0
  29. package/dist/src/session/generic.js +3 -0
  30. package/dist/src/session/management_session_manager.d.ts +59 -0
  31. package/dist/src/session/management_session_manager.js +111 -0
  32. package/dist/src/session/oidc_session_manager.d.ts +78 -0
  33. package/dist/src/session/oidc_session_manager.js +142 -0
  34. package/dist/src/session/session_manager.d.ts +74 -0
  35. package/dist/src/session/session_manager.js +79 -0
  36. package/dist/src/session/session_storage.d.ts +47 -0
  37. package/dist/src/session/session_storage.js +76 -0
  38. package/dist/src/session/signer_session_manager.d.ts +88 -0
  39. package/dist/src/session/signer_session_manager.js +159 -0
  40. package/dist/src/sign.d.ts +114 -0
  41. package/dist/src/sign.js +248 -0
  42. package/dist/src/signer_session.d.ts +180 -0
  43. package/dist/src/signer_session.js +369 -0
  44. package/dist/src/util.d.ts +35 -0
  45. package/dist/src/util.js +75 -0
  46. package/dist/test/sessions.d.ts +35 -0
  47. package/dist/test/sessions.js +56 -0
  48. package/package.json +61 -0
  49. package/src/client.ts +12 -0
  50. package/src/env.ts +25 -0
  51. package/src/ethers/index.ts +131 -0
  52. package/src/index.ts +220 -0
  53. package/src/key.ts +249 -0
  54. package/src/org.ts +333 -0
  55. package/src/role.ts +385 -0
  56. package/src/schema.ts +3054 -0
  57. package/src/session/management_session_manager.ts +136 -0
  58. package/src/session/oidc_session_manager.ts +193 -0
  59. package/src/session/session_manager.ts +114 -0
  60. package/src/session/session_storage.ts +73 -0
  61. package/src/session/signer_session_manager.ts +211 -0
  62. package/src/signer_session.ts +464 -0
  63. package/src/util.ts +58 -0
  64. package/tsconfig.json +32 -0
package/src/schema.ts ADDED
@@ -0,0 +1,3054 @@
1
+ /**
2
+ * This file was auto-generated by openapi-typescript.
3
+ * Do not make direct changes to the file.
4
+ */
5
+
6
+
7
+ /** OneOf type helpers */
8
+ type Without<T, U> = { [P in Exclude<keyof T, keyof U>]?: never };
9
+ type XOR<T, U> = (T | U) extends object ? (Without<T, U> & U) | (Without<U, T> & T) : T | U;
10
+ type OneOf<T extends any[]> = T extends [infer Only] ? Only : T extends [infer A, infer B, ...infer Rest] ? OneOf<[XOR<A, B>, ...Rest]> : never;
11
+
12
+ export interface paths {
13
+ "/v0/about_me": {
14
+ /**
15
+ * User Info
16
+ * @description User Info
17
+ *
18
+ * Retrieves information about the current user.
19
+ */
20
+ get: operations["aboutMe"];
21
+ };
22
+ "/v0/org/{org_id}": {
23
+ /**
24
+ * Get Org
25
+ * @description Get Org
26
+ *
27
+ * Retrieves information about an organization.
28
+ */
29
+ get: operations["getOrg"];
30
+ /**
31
+ * Update Org
32
+ * @description Update Org
33
+ *
34
+ * Update organization attributes (enabled flag, name, and policies).
35
+ */
36
+ patch: operations["updateOrg"];
37
+ };
38
+ "/v0/org/{org_id}/btc/sign/{pubkey}": {
39
+ /**
40
+ * Sign Bitcoin Transaction
41
+ * @description Sign Bitcoin Transaction
42
+ *
43
+ * Signs a Bitcoin transaction with a given key.
44
+ * This is a pre-release feature.
45
+ */
46
+ post: operations["btcSign"];
47
+ };
48
+ "/v0/org/{org_id}/import_key": {
49
+ /**
50
+ * Create Key-Import Key
51
+ * @description Create Key-Import Key
52
+ *
53
+ * Generate an ephemeral key that a client can use for key-import encryption.
54
+ */
55
+ get: operations["createKeyImportKey"];
56
+ /**
57
+ * Import Key
58
+ * @description Import Key
59
+ *
60
+ * Securely imports an existing key using a previously generated key-import key.
61
+ */
62
+ put: operations["importKey"];
63
+ };
64
+ "/v0/org/{org_id}/invite": {
65
+ /**
66
+ * Invite User
67
+ * @description Invite User
68
+ *
69
+ * Creates a new user in an existing org and sends that user an invite email.
70
+ */
71
+ post: operations["invite"];
72
+ };
73
+ "/v0/org/{org_id}/keys": {
74
+ /**
75
+ * List Keys
76
+ * @description List Keys
77
+ *
78
+ * Gets the list of owned keys in a given org.
79
+ */
80
+ get: operations["listKeysInOrg"];
81
+ /**
82
+ * Import Key (Deprecated)
83
+ * @description Import Key (Deprecated)
84
+ *
85
+ * Securely imports an existing key. This API is deprecated; please use the new version.
86
+ */
87
+ put: operations["importKeyLegacy"];
88
+ /**
89
+ * Create Key
90
+ * @description Create Key
91
+ *
92
+ * Creates one or more new keys of the specified type (BLS or Secp).
93
+ */
94
+ post: operations["createKey"];
95
+ };
96
+ "/v0/org/{org_id}/keys/get_keys": {
97
+ /**
98
+ * Legacy List Keys
99
+ * @deprecated
100
+ * @description Legacy List Keys
101
+ *
102
+ * This route is deprecated. Use `GET /v0/org/<org_id>/keys?<key_type>`
103
+ */
104
+ post: operations["listKeysLegacy"];
105
+ };
106
+ "/v0/org/{org_id}/keys/{key_id}": {
107
+ /**
108
+ * Get Key
109
+ * @description Get Key
110
+ *
111
+ * Returns the properties of a key.
112
+ */
113
+ get: operations["getKeyInOrg"];
114
+ /**
115
+ * Update Key
116
+ * @description Update Key
117
+ *
118
+ * Enable or disable a key. The user must be the owner of the key or organization to perform this action.
119
+ */
120
+ patch: operations["updateKey"];
121
+ };
122
+ "/v0/org/{org_id}/mfa/{mfa_id}": {
123
+ /**
124
+ * Gets a Pending MFA Request
125
+ * @description Gets a Pending MFA Request
126
+ *
127
+ * Retrieves and returns a pending MFA request by its id.
128
+ */
129
+ get: operations["mfaGet"];
130
+ /**
131
+ * Approve a Pending MFA Request
132
+ * @description Approve a Pending MFA Request
133
+ *
134
+ * Adds the current user as an approver of a pending MFA request of the [Status::RequiredApprovers] kind.
135
+ * If the required number of approvers is reached, the MFA request is approved;
136
+ * the confirmation receipt can be used to resume the original HTTP request.
137
+ */
138
+ patch: operations["mfaApproveCs"];
139
+ };
140
+ "/v0/org/{org_id}/mfa/{mfa_id}/totp": {
141
+ /**
142
+ * Approve a TOTP MFA Request
143
+ * @description Approve a TOTP MFA Request
144
+ *
145
+ * Adds an approver to a pending TOTP MFA request.
146
+ *
147
+ * If the required number of approvers is reached, the MFA request is approved;
148
+ * the confirmation receipt can be used to resume the original HTTP request.
149
+ */
150
+ patch: operations["mfaApproveTotp"];
151
+ };
152
+ "/v0/org/{org_id}/oidc": {
153
+ /**
154
+ * Login with OIDC
155
+ * @description Login with OIDC
156
+ *
157
+ * Exchange an OIDC ID token (passed via the `Authorization` header) for a signer session
158
+ */
159
+ post: operations["oidcAuth"];
160
+ };
161
+ "/v0/org/{org_id}/roles": {
162
+ /**
163
+ * List Roles
164
+ * @description List Roles
165
+ *
166
+ * Retrieves all roles in an organization that the current user is allowed to access.
167
+ */
168
+ get: operations["listRoles"];
169
+ /**
170
+ * Create Role
171
+ * @description Create Role
172
+ *
173
+ * Creates a new role in an organization. Unless the logged-in user
174
+ * is the owner, they are automatically added to the newly created role.
175
+ */
176
+ post: operations["createRole"];
177
+ };
178
+ "/v0/org/{org_id}/roles/{role_id}": {
179
+ /**
180
+ * Get Role
181
+ * @description Get Role
182
+ *
183
+ * Retrieves information about a role in an organization
184
+ */
185
+ get: operations["getRole"];
186
+ /**
187
+ * Delete Role
188
+ * @description Delete Role
189
+ *
190
+ * Deletes a role in an organization.
191
+ * Only organization owners can perform this action.
192
+ */
193
+ delete: operations["deleteRole"];
194
+ /**
195
+ * Update Role
196
+ * @description Update Role
197
+ *
198
+ * Enables or disables a role.
199
+ * The user must be in the role or an owner of the organization.
200
+ */
201
+ patch: operations["updateRole"];
202
+ };
203
+ "/v0/org/{org_id}/roles/{role_id}/add_keys": {
204
+ /**
205
+ * Add Keys
206
+ * @description Add Keys
207
+ *
208
+ * Adds a list of existing keys to an existing role.
209
+ */
210
+ put: operations["addKeysToRole"];
211
+ };
212
+ "/v0/org/{org_id}/roles/{role_id}/add_user/{user_id}": {
213
+ /**
214
+ * Add User
215
+ * @description Add User
216
+ *
217
+ * Adds an existing user to an existing role.
218
+ * Only users in the role or owners can add users to a role.
219
+ */
220
+ put: operations["addUserToRole"];
221
+ };
222
+ "/v0/org/{org_id}/roles/{role_id}/keys/{key_id}": {
223
+ /**
224
+ * Remove Key
225
+ * @description Remove Key
226
+ *
227
+ * Removes a given key from a role
228
+ */
229
+ delete: operations["removeKeyFromRole"];
230
+ };
231
+ "/v0/org/{org_id}/roles/{role_id}/tokens": {
232
+ /**
233
+ * List Tokens
234
+ * @description List Tokens
235
+ *
236
+ * Returns all access tokens for a given role.
237
+ * Only users in the role or owners can create a token for it.
238
+ */
239
+ get: operations["listRoleTokens"];
240
+ /**
241
+ * Create Token
242
+ * @description Create Token
243
+ *
244
+ * Creates a new access token for a given role (to be used as "API Key" for all signing actions).
245
+ * Only users in the role or owners can create a token for it.
246
+ */
247
+ post: operations["createRoleToken"];
248
+ /**
249
+ * Revoke All Tokens
250
+ * @description Revoke All Tokens
251
+ *
252
+ * Revokes all access tokens associated with a role.
253
+ * Only users in the role or owners can perform this action.
254
+ */
255
+ delete: operations["revokeAllRoleTokens"];
256
+ };
257
+ "/v0/org/{org_id}/roles/{role_id}/tokens/{session_id}": {
258
+ /**
259
+ * Revoke Token
260
+ * @description Revoke Token
261
+ *
262
+ * Revokes an access token associated with a role.
263
+ * Only users in the role or owners can perform this action.
264
+ */
265
+ delete: operations["revokeRoleToken"];
266
+ };
267
+ "/v0/org/{org_id}/token/keys": {
268
+ /**
269
+ * Get Token-Accessible Keys
270
+ * @description Get Token-Accessible Keys
271
+ *
272
+ * Retrieves the keys that the role token can access.
273
+ */
274
+ get: operations["listTokenKeys"];
275
+ };
276
+ "/v0/org/{org_id}/users": {
277
+ /**
278
+ * List users in organization
279
+ * @description List users in organization
280
+ */
281
+ get: operations["listUsersInOrg"];
282
+ /**
283
+ * Adds a third-party user to the org
284
+ * @description Adds a third-party user to the org
285
+ */
286
+ post: operations["createOidcUser"];
287
+ };
288
+ "/v0/totp": {
289
+ /**
290
+ * Reset TOTP
291
+ * @description Reset TOTP
292
+ *
293
+ * Creates and sets a new TOTP configuration for the current user,
294
+ * overriding the existing one (if any).
295
+ */
296
+ patch: operations["userResetTotp"];
297
+ };
298
+ "/v0/totp/verify/{code}": {
299
+ /**
300
+ * Verify TOTP
301
+ * @description Verify TOTP
302
+ *
303
+ * Checks if a given code matches the current TOTP code for the current user.
304
+ * Errors with 403 if the current user has not set up TOTP or the code fails verification.
305
+ */
306
+ get: operations["userVerifyTotp"];
307
+ };
308
+ "/v1/org/{org_id}/blob/sign/{key_id}": {
309
+ /**
310
+ * Sign Raw Blob
311
+ * @description Sign Raw Blob
312
+ *
313
+ * Signs an arbitrary blob with a given key.
314
+ * This is a pre-release feature.
315
+ */
316
+ post: operations["blobSign"];
317
+ };
318
+ "/v1/org/{org_id}/cube3signer/heartbeat": {
319
+ /**
320
+ * Record heartbeat
321
+ * @description Record heartbeat
322
+ *
323
+ * This endpoint is called by the cube3signer proxy to record various metrics to CloudWatch.
324
+ */
325
+ post: operations["cube3signerHeartbeat"];
326
+ };
327
+ "/v1/org/{org_id}/eth1/sign/{pubkey}": {
328
+ /**
329
+ * Sign EVM Transaction
330
+ * @description Sign EVM Transaction
331
+ *
332
+ * Signs an Ethereum (and other EVM) transaction with a given Secp256k1 key.
333
+ *
334
+ * The key must be associated with the role and organization on whose behalf this action is called.
335
+ */
336
+ post: operations["eth1Sign"];
337
+ };
338
+ "/v1/org/{org_id}/eth2/sign/{pubkey}": {
339
+ /**
340
+ * Sign Validator Request
341
+ * @description Sign Validator Request
342
+ *
343
+ * Signs an eth2 validator request with a given BLS key.
344
+ *
345
+ * The key must be associated with the role and organization on whose behalf this action is called.
346
+ */
347
+ post: operations["eth2Sign"];
348
+ };
349
+ "/v1/org/{org_id}/eth2/stake": {
350
+ /**
351
+ * Sign Stake Deposit
352
+ * @description Sign Stake Deposit
353
+ *
354
+ * Signs a deposit transaction with a `validator_key`. If `validator_key` is set to a pregenerated key, we use the
355
+ * provided validator key. Otherwise, we generate a new BLS key.
356
+ *
357
+ * When using a pregenerated key, the key must be associated with the role and organization on whose
358
+ * behalf this action is called.
359
+ */
360
+ post: operations["stake"];
361
+ };
362
+ "/v1/org/{org_id}/eth2/unstake/{pubkey}": {
363
+ /**
364
+ * Sign Unstake Request
365
+ * @description Sign Unstake Request
366
+ *
367
+ * Handle unstaking request, producing a signed voluntary exit message
368
+ * that can be posted directly to the Beacon chain.
369
+ *
370
+ * The key must be associated with the role and organization on whose behalf this action is called.
371
+ */
372
+ post: operations["unstake"];
373
+ };
374
+ "/v1/org/{org_id}/solana/sign/{pubkey}": {
375
+ /**
376
+ * Sign Solana Message
377
+ * @description Sign Solana Message
378
+ *
379
+ * Signs a Solana message with a given key.
380
+ * This is a pre-release feature.
381
+ */
382
+ post: operations["solanaSign"];
383
+ };
384
+ "/v1/org/{org_id}/token/refresh": {
385
+ /**
386
+ * Refresh Signer Session
387
+ * @description Refresh Signer Session
388
+ */
389
+ patch: operations["signerSessionRefresh"];
390
+ };
391
+ }
392
+
393
+ export type webhooks = Record<string, never>;
394
+
395
+ export interface components {
396
+ schemas: {
397
+ AcceptedResponse: components["schemas"]["ErrorResponse"] & Record<string, never>;
398
+ /**
399
+ * @description Different responses we return for status code "202 Accepted".
400
+ *
401
+ * Even though "202 Accepted" is a successful response, we represent
402
+ * it as a Rust error because that makes it easy to have route handlers
403
+ * return `Result<T, SignerError>` where `T` is the type of the
404
+ * response for the status code "200 Ok".
405
+ */
406
+ AcceptedValue: {
407
+ MfaRequired: {
408
+ id: string;
409
+ };
410
+ };
411
+ AddKeysToRoleRequest: {
412
+ /**
413
+ * @description A list of keys to add to a role
414
+ * @example [
415
+ * "Key#63023a27-1e70-430a-b293-ffbc9d6c4484"
416
+ * ]
417
+ */
418
+ key_ids: string[];
419
+ /**
420
+ * @description Optional policies to apply for each key
421
+ * @example [
422
+ * {
423
+ * "TxReceiver": "0x8c594691c0e592ffa21f153a16ae41db5befcaaa"
424
+ * },
425
+ * {
426
+ * "TxDeposit": {
427
+ * "kind": "Canonical"
428
+ * }
429
+ * },
430
+ * {
431
+ * "RequireMfa": {
432
+ * "kind": {
433
+ * "RequiredApprovers": {
434
+ * "count": 1
435
+ * }
436
+ * },
437
+ * "restricted_operations": [
438
+ * "Eth1Sign",
439
+ * "BlobSign"
440
+ * ]
441
+ * }
442
+ * }
443
+ * ]
444
+ */
445
+ policy: Record<string, never>[] | null;
446
+ };
447
+ AddThirdPartyUserRequest: {
448
+ identity: components["schemas"]["OIDCIdentity"];
449
+ role: components["schemas"]["MemberRole"];
450
+ };
451
+ ApprovalInfo: {
452
+ timestamp: components["schemas"]["EpochDateTime"];
453
+ };
454
+ /** @description Data required for both `authenticate` and `refresh`. */
455
+ AuthData: {
456
+ /** Format: int32 */
457
+ epoch_num: number;
458
+ epoch_token: components["schemas"]["B32"];
459
+ other_token: string;
460
+ };
461
+ /** @description Wrapper around a zeroizing 32-byte fixed-size array */
462
+ B32: string;
463
+ /**
464
+ * @example {
465
+ * "message_base64": "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTYK"
466
+ * }
467
+ */
468
+ BlobSignRequest: {
469
+ /**
470
+ * @description The blob to sign, encoded as a base64 string.
471
+ *
472
+ * Note that certain signing keys impose additional requirements on the contents of
473
+ * the message. For example, Secp256k1 keys require that the message is 32 bytes long.
474
+ */
475
+ message_base64: string;
476
+ };
477
+ /** @enum {string} */
478
+ BtcSighashType: "All" | "None" | "Single" | "AllPlusAnyoneCanPay" | "NonePlusAnyoneCanPay" | "SinglePlusAnyoneCanPay";
479
+ BtcSignRequest: {
480
+ sig_kind: components["schemas"]["BtcSignatureKind"];
481
+ /** @description The bitcoin transaction to sign */
482
+ tx: Record<string, never>;
483
+ };
484
+ BtcSignatureKind: {
485
+ /** @description Segregated Witness */
486
+ Segwit: {
487
+ /**
488
+ * @description Transaction input index
489
+ * @example 0
490
+ */
491
+ input_index: number;
492
+ /**
493
+ * @description Script
494
+ * @example 0x76a91479091972186c449eb1ded22b78e40d009bdf008988ac
495
+ */
496
+ script_code: string;
497
+ sighash_type: components["schemas"]["BtcSighashType"];
498
+ /**
499
+ * Format: int64
500
+ * @description Amount in satoshis
501
+ * @example 1000000
502
+ */
503
+ value: number;
504
+ };
505
+ };
506
+ /**
507
+ * @description Session information sent to the client.
508
+ * This struct works in tandem with its server-side counterpart [`SessionData`].
509
+ */
510
+ ClientSessionInfo: {
511
+ /** @description Token to use for authorization. */
512
+ auth_token: string;
513
+ auth_token_exp: components["schemas"]["EpochDateTime"];
514
+ /**
515
+ * Format: int32
516
+ * @description Epoch at which the token was last refreshed
517
+ */
518
+ epoch: number;
519
+ epoch_token: components["schemas"]["B32"];
520
+ /** @description Token to use for refreshing the `(auth, refresh)` token pair */
521
+ refresh_token: string;
522
+ refresh_token_exp: components["schemas"]["EpochDateTime"];
523
+ /** @description Session ID */
524
+ session_id: string;
525
+ };
526
+ ConfiguredMfa: OneOf<["Totp", {
527
+ /** @description Named FIDO device (multiple can be configured per user, but the names must be different) */
528
+ Fido: string;
529
+ }]>;
530
+ CreateKeyRequest: {
531
+ /**
532
+ * Format: int64
533
+ * @description Chain id for which the key is allowed to sign messages
534
+ * @example 5
535
+ */
536
+ chain_id: number | null;
537
+ /**
538
+ * Format: int32
539
+ * @description Number of keys to create
540
+ * @example 1
541
+ */
542
+ count: number;
543
+ key_type: components["schemas"]["KeyType"];
544
+ /**
545
+ * @description Allows users to specify a user other than themselves to receive the key
546
+ * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
547
+ */
548
+ owner: string | null;
549
+ };
550
+ /** @description Optional create role request body */
551
+ CreateRoleRequest: {
552
+ /**
553
+ * @description A human-readable name for the role.
554
+ * @example my_role
555
+ */
556
+ name: string;
557
+ };
558
+ CreateTokenRequest: components["schemas"]["RatchetConfig"] & {
559
+ /**
560
+ * @description A human readable description of the purpose of the key
561
+ * @example Validator Signing
562
+ */
563
+ purpose: string;
564
+ };
565
+ /**
566
+ * @description Information produced by a successful deposit
567
+ * @example {
568
+ * "chain_id": 5,
569
+ * "deposit_txn": {
570
+ * "data": "0x...",
571
+ * "to": "0xff50ed3d0ec03ac01d4c79aad74928bff48a7b2b",
572
+ * "value": "0x1bc16d674ec800000"
573
+ * },
574
+ * "new_validator_pk": "9700fbb8c906942442c2a5b3ad7498f27aedda253786a6fbaa8fef47fb7af234e50cf2cce815a553087992ae565d48da"
575
+ * }
576
+ */
577
+ DepositTxn: {
578
+ /**
579
+ * Format: int64
580
+ * @description Chain ID for which the deposit transaction was created
581
+ */
582
+ chain_id: number;
583
+ /** @description The deposit transaction. Includes only `to`, `value`, and `data` fields. */
584
+ deposit_txn: Record<string, never>;
585
+ /** @description The hex-encoded compressed form of the new validator BLS public key */
586
+ new_validator_pk: string;
587
+ };
588
+ /**
589
+ * @description The type of deposit to perform
590
+ * @enum {string}
591
+ */
592
+ DepositType: "Canonical" | "Wrapper";
593
+ /**
594
+ * @description Epoch is a quoted `uint64`.
595
+ * @example 256
596
+ */
597
+ Epoch: string;
598
+ /**
599
+ * Format: int64
600
+ * @description DateTime measured in seconds since unix epoch.
601
+ * A wrapper type for serialization that encodes a [`SystemTime`] as a [`u64`]
602
+ * representing the number of seconds since [`SystemTime::UNIX_EPOCH`].
603
+ */
604
+ EpochDateTime: number;
605
+ /** @description The structure of ErrorResponse must match the response template that AWS uses */
606
+ ErrorResponse: {
607
+ accepted?: components["schemas"]["AcceptedValue"] | null;
608
+ /** @description Error message */
609
+ message: string;
610
+ };
611
+ /**
612
+ * @example {
613
+ * "chain_id": 43113,
614
+ * "tx": {
615
+ * "chain_id": "0xa869",
616
+ * "gas": "0x61a80",
617
+ * "maxFeePerGas": "0x9502F900",
618
+ * "maxPriorityFeePerGas": "0x50",
619
+ * "nonce": "0xb",
620
+ * "to": "0xf00ba12f00000000b4121200000f00c0ffeef00d",
621
+ * "type": "0x02",
622
+ * "value": "0x10000000000"
623
+ * }
624
+ * }
625
+ */
626
+ Eth1SignRequest: {
627
+ /**
628
+ * Format: int64
629
+ * @description The chain id to set in the given transaction.
630
+ */
631
+ chain_id: number;
632
+ /**
633
+ * @description EIP-2718 typed transaction (see the [ethers-rs
634
+ * interface](https://docs.rs/ethers/latest/ethers/types/struct.Eip1559TransactionRequest.html)) types, including EIP-1559 transactions (`{ "type": "0x02" ... }`), and legacy
635
+ * transactions (`{ "type": "0x00" ... }`). All values in the transaction are expected
636
+ * to be (0x-prefixed or not) hex strings or byte arrays.
637
+ */
638
+ tx: Record<string, never>;
639
+ };
640
+ /**
641
+ * @example {
642
+ * "eth2_sign_request": {
643
+ * "aggregation_slot": {
644
+ * "slot": "36"
645
+ * },
646
+ * "fork_info": {
647
+ * "fork": {
648
+ * "current_version": "0x42424242",
649
+ * "epoch": "0",
650
+ * "previous_version": "0x42424242"
651
+ * },
652
+ * "genesis_validators_root": "0x9d13d61212c067e02ce8e608a7007e2c3b02571e9e6f27ff45dfa91bf27c870b"
653
+ * },
654
+ * "signingRoot": "0x9c57e77c4965727542b9337df6756f948464bca3859bea6ed3c0ec6600d8982a",
655
+ * "type": "AGGREGATION_SLOT"
656
+ * },
657
+ * "network": "mainnet"
658
+ * }
659
+ */
660
+ Eth2SignRequest: {
661
+ /**
662
+ * @description Subset of the Web3Signer Eth2 BLS signing request whose schema is defined
663
+ * [here](https://consensys.github.io/web3signer/web3signer-eth2.html#tag/Signing/operation/ETH2_SIGN).
664
+ * We handle deposits and voluntary exits separately.
665
+ */
666
+ eth2_sign_request: Record<string, never>;
667
+ network: components["schemas"]["Network"];
668
+ };
669
+ /**
670
+ * @description Specifies a fork of the `BeaconChain`, to prevent replay attacks.
671
+ * The schema of `Fork` is defined in the [Beacon chain
672
+ * spec](https://github.com/ethereum/consensus-specs/blob/v1.0.1/specs/phase0/beacon-chain.md#fork).
673
+ * @example {
674
+ * "current_version": "0x00001020",
675
+ * "epoch": "0",
676
+ * "previous_version": "0x00001020"
677
+ * }
678
+ */
679
+ Fork: {
680
+ /**
681
+ * @description Current fork version.
682
+ * @example 0x43434343
683
+ */
684
+ current_version: string;
685
+ epoch: components["schemas"]["Epoch"];
686
+ /**
687
+ * @description Previous fork version.
688
+ * @example 0x42424242
689
+ */
690
+ previous_version: string;
691
+ };
692
+ /**
693
+ * @description Genesis data as defined in the [Beacon API
694
+ * spec](https://ethereum.github.io/beacon-APIs/#/Beacon/getGenesis).
695
+ * You can get the genesis data from the Beacon node's `/eth/v1/beacon/genesis` end-point.
696
+ * This struct definition is originally from lighthouse's eth2.
697
+ */
698
+ GenesisData: {
699
+ /**
700
+ * @description Genesis fork version.
701
+ * @example 0x42424242
702
+ */
703
+ genesis_fork_version: string;
704
+ /**
705
+ * @description Genesis time
706
+ * @example 1679326449
707
+ */
708
+ genesis_time: string;
709
+ /**
710
+ * @description Genesis validators root.
711
+ * @example 0x270d43e74ce340de4bca2b1936beca0f4f5408d9e78aec4850920baf659d5b69
712
+ */
713
+ genesis_validators_root: string;
714
+ };
715
+ GetKeysInOrgRequest: {
716
+ key_type: components["schemas"]["KeyType"] | null;
717
+ };
718
+ /** @description Stats pertaining the the sender `cube3signer` instance */
719
+ HeartbeatRequest: {
720
+ /**
721
+ * Format: int64
722
+ * @description Number of requests currently active (received but not necessarily being processed yet)
723
+ */
724
+ current_num_requests_active: number;
725
+ /**
726
+ * Format: int64
727
+ * @description Number of requests currently being processed by cube3signer
728
+ */
729
+ current_num_requests_processing: number;
730
+ /**
731
+ * Format: int64
732
+ * @description Number of new requests during this heartbeat period
733
+ */
734
+ num_requests: number;
735
+ /**
736
+ * Format: int64
737
+ * @description Number of requests that failed during this heartbeat period
738
+ */
739
+ num_requests_failed: number;
740
+ /**
741
+ * Format: int64
742
+ * @description Number of requests were retried during this heartbeat period
743
+ */
744
+ num_requests_retried: number;
745
+ /**
746
+ * Format: int64
747
+ * @description Number of retries during this heartbeat period
748
+ */
749
+ num_retries: number;
750
+ /**
751
+ * Format: int64
752
+ * @description Number of times auth token was refreshed during this heartbeat period
753
+ */
754
+ num_token_refreshes?: number;
755
+ /**
756
+ * Format: int64
757
+ * @description Number of times auth token refresh failed during this heartbeat period
758
+ */
759
+ num_token_refreshes_failed?: number;
760
+ /**
761
+ * @description Version of the proxy sending the heart beat request
762
+ *
763
+ * TODO: Make non-optional once we do not support proxies without version information
764
+ */
765
+ proxy_version: string | null;
766
+ };
767
+ /**
768
+ * @description Information about the request.
769
+ *
770
+ * Captures all the relevant info (including the request body) about requests that require MFA.
771
+ * We use this to verify that when a request is resumed (after obtaining necessary MFA approvals)
772
+ * it is exactly the same as it originally was.
773
+ */
774
+ HttpRequest: {
775
+ /** @description HTTP request body */
776
+ body: Record<string, unknown> | null;
777
+ /** @description HTTP method of the request */
778
+ method: string;
779
+ /** @description HTTP path of the request (including host or not?) */
780
+ path: string;
781
+ };
782
+ ImportKeyLegacyRequest: {
783
+ /**
784
+ * Format: int64
785
+ * @description The chain ID of the chain that the key will be used for
786
+ * @example 5
787
+ */
788
+ chain_id: number | null;
789
+ /** @description The key to import encrypted with the public key of the organization */
790
+ key_material: components["schemas"]["RsaOaepXChaChaMaterial"][];
791
+ key_type: components["schemas"]["KeyType"];
792
+ };
793
+ ImportKeyRequest: components["schemas"]["KeyImportKey"] & {
794
+ /** @description A set of encrypted keys to be imported */
795
+ key_material: components["schemas"]["ImportKeyRequestMaterial"][];
796
+ key_type: components["schemas"]["KeyType"];
797
+ };
798
+ ImportKeyRequestMaterial: {
799
+ /**
800
+ * @description The client's ephemeral public key used to derive a shared key.
801
+ * This is a base64-encoded, SEC1-encoded P384 public key.
802
+ */
803
+ client_public_key: string;
804
+ /**
805
+ * @description The encrypted keying material to be imported.
806
+ * This is a base64-encoded ciphertext.
807
+ */
808
+ ikm_enc: string;
809
+ /**
810
+ * @description A salt value used to derive a shared key.
811
+ * This is a base64-encoded byte string.
812
+ */
813
+ salt: string;
814
+ };
815
+ InviteRequest: {
816
+ /**
817
+ * @description The user's email address
818
+ * @example alice@acme.com
819
+ */
820
+ email: string;
821
+ /**
822
+ * @description The user's full name
823
+ * @example Alice Wonderland
824
+ */
825
+ name: string;
826
+ /**
827
+ * @description Skip sending an invitation email to this user if true.
828
+ *
829
+ * NOTE: this field is for internal testing use ONLY. If you do not
830
+ * send an invitation email, the user will never be able to log in.
831
+ * @example false
832
+ */
833
+ skip_email: boolean;
834
+ };
835
+ /** @description A wrapped key-import key */
836
+ KeyImportKey: {
837
+ /** @description Base64-encoded, encrypted data key. */
838
+ dk_enc: string;
839
+ /**
840
+ * Format: int64
841
+ * @description Expiration timestamp expressed as seconds since the UNIX epoch.
842
+ */
843
+ expires: number;
844
+ /**
845
+ * @description The ephemeral public key to which an imported key should be encrypted.
846
+ * This is a P384 public key in base64-encoded uncompressed SECG format.
847
+ */
848
+ public_key: string;
849
+ /** @description Base64-encoded, encrypted secret key. */
850
+ sk_enc: string;
851
+ };
852
+ KeyInfo: {
853
+ /** @description Whether the key is enabled (only enabled keys may be used for signing) */
854
+ enabled: boolean;
855
+ /**
856
+ * @description The id of the key: "Key#" followed by a unique identifier specific to
857
+ * the type of key (such as a public key for BLS or an ethereum address for Secp)
858
+ * @example Key#0x8e3484687e66cdd26cf04c3647633ab4f3570148
859
+ */
860
+ key_id: string;
861
+ key_type: components["schemas"]["KeyType"];
862
+ /**
863
+ * @description A unique identifier specific to the type of key, such as a public key or an ethereum address
864
+ * @example 0x8e3484687e66cdd26cf04c3647633ab4f3570148
865
+ */
866
+ material_id: string;
867
+ /**
868
+ * @description Owner of the key
869
+ * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
870
+ */
871
+ owner: string;
872
+ /**
873
+ * @description Key policy
874
+ * @example []
875
+ */
876
+ policy: Record<string, never>[];
877
+ /**
878
+ * @description Hex-encoded, serialized public key. The format used depends on the key type:
879
+ * - secp256k1 keys use 65-byte uncompressed SECG format;
880
+ * - BLS keys use 48-byte compressed BLS12-381 (ZCash) format;
881
+ * - ed25519 keys use the canonical 64-byte encoding specified in RFC 8032.
882
+ * @example 0x04d2688b6bc2ce7f9879b9e745f3c4dc177908c5cef0c1b64cff19ae7ff27dee623c64fe9d9c325c7fbbc748bbd5f607ce14dd83e28ebbbb7d3e7f2ffb70a79431
883
+ */
884
+ public_key: string;
885
+ /**
886
+ * @description The purpose for which the key can be used (e.g., chain id for which the key is allowed to sign messages)
887
+ * @example Eth2Validator(1)
888
+ */
889
+ purpose: string;
890
+ };
891
+ /** @enum {string} */
892
+ KeyType: "SecpEthAddr" | "SecpBtc" | "SecpBtcTest" | "BlsPub" | "BlsInactive" | "Ed25519SolanaAddr" | "Ed25519SuiAddr" | "Ed25519AptosAddr";
893
+ KeyWithPolicies: {
894
+ /**
895
+ * @description Key ID
896
+ * @example Key#0x8e3484687e66cdd26cf04c3647633ab4f3570148
897
+ */
898
+ key_id: string;
899
+ /**
900
+ * @description Policies that are checked before this key is used on behalf of this role
901
+ * @example [
902
+ * {
903
+ * "TxReceiver": "0x8c594691c0e592ffa21f153a16ae41db5befcaaa"
904
+ * },
905
+ * {
906
+ * "TxDeposit": {
907
+ * "kind": "Canonical"
908
+ * }
909
+ * }
910
+ * ]
911
+ */
912
+ policy?: Record<string, never>[];
913
+ };
914
+ /**
915
+ * @description Describes whether a user in an org is an Owner or just a regular member
916
+ * @enum {string}
917
+ */
918
+ MemberRole: "Owner" | "Member" | "Alien";
919
+ /** @enum {string} */
920
+ MfaType: "CubeSigner" | "Totp";
921
+ /**
922
+ * @description Network name ('mainnet', 'prater', 'goerli')
923
+ * @example goerli
924
+ * @enum {string}
925
+ */
926
+ Network: "mainnet" | "prater" | "goerli";
927
+ /**
928
+ * @description Represents a globally unique OIDC-authorized user by expressing the full "path" to a user. That is:
929
+ *
930
+ * (iss) (sub)
931
+ * Issuer -> Subresource
932
+ *
933
+ * We include a non-standard third-tier `disambiguator` which allows us to map
934
+ * a single OIDC user to multiple `User`s in CubeSigner
935
+ */
936
+ OIDCIdentity: {
937
+ /**
938
+ * @description Free-form additional user info.
939
+ * @example null
940
+ */
941
+ disambiguator?: string | null;
942
+ /**
943
+ * @description The root-level issuer who administrates this user. Frome the OIDC spec:
944
+ * Issuer Identifier for the Issuer of the response. The iss
945
+ * value is a case sensitive URL using the https scheme that contains
946
+ * scheme, host, and optionally, port number and path components and
947
+ * no query or fragment components.
948
+ * @example https://accounts.google.com
949
+ */
950
+ iss: string;
951
+ /**
952
+ * @description From the OIDC spec:
953
+ *
954
+ * A locally unique and never reassigned identifier within the Issuer for
955
+ * the End-User, which is intended to be consumed by the Client, e.g.,
956
+ * 24400320 or AItOawmwtWwcT0k51BayewNvutrJUqsvl6qs7A4. It MUST NOT exceed
957
+ * 255 ASCII characters in length. The sub value is a case sensitive
958
+ * string.
959
+ * @example 10769150350006150715113082367
960
+ */
961
+ sub: string;
962
+ };
963
+ OidcLoginRequest: {
964
+ /**
965
+ * @description Controls what capabilities this session will have.
966
+ * @example [
967
+ * "sign:*"
968
+ * ]
969
+ */
970
+ scopes: string[];
971
+ };
972
+ OidcLoginResponse: {
973
+ /**
974
+ * @description Token to be used for signing auth. Requests to signing endpoints
975
+ * should include this value in the `Authorization` header
976
+ */
977
+ token: string;
978
+ };
979
+ OrgInfo: {
980
+ /** @description When false, all cryptographic operations involving keys in this org are disabled. */
981
+ enabled: boolean;
982
+ /**
983
+ * @description The RSA public key to use when importing keys into this organization. This string is the
984
+ * hex encoding of the DER representation of the key.
985
+ * @example 30820222300d06092a864886f70d01010105000382020f003082020a0282020100c89765b8f347caafbec09fcb17740e032d854ec99f2d9c16167be335339b4fdeba18a7f13d8e8b7ae7d689cab63d8ecdf548f4746eacaf95b61fef76ade9f81b3c038891c52542fd352697b618afbea6103723c28f2db450e9d852be16a4dc2cbc9442da9a6610044009e056ba90728f0b9888d9b036e493aaed168ccf930fa2f730b17eb3ad6f455a792b762c47f3d3c6b7a7c458556a592e688791599a576bf2149d8e9614db775e7a48602d237a347d5399c681f7f7d9c81f6a64e7cfd356bba545d45e5023ca1f09a66a1d4550f61cf2c4367e14997b5d749bb0326a44d058119e8caf7fd79d517eb2d11dddb2db329f350698f0f978d5e150bb402c8bc4c5ec36d6f38db3f3a204813cda9f52dbcee809204f8e35a455c0e110e10eec41f734f2d55a058a7a21fa90602f94da6de2378ff61e7b3550b77e53d75d7b3d3b39ccab0e5101b916dab01da096f7627175d5b68a1a6464ce5be3e95e7c464d69eb0b675057705c11bc79c3543313b0d9c703c50dc1a16dd9b55e5599e3b02e527b85938e7b81c65e56960bcd7c7a266b07dc05107fd0d7d3c208a878eb0fc74b0d007f421d0c5b28cf78eb441aa0166dceeeac255d68622492f9b526ae13c93754ea8eda96f3b764ba931f8d49c7de8b00ac53d993ab9b08fd2892d8e82cc1a9746f0b426b19256d13d780445e150ce81da0b3c96e32559cb47cb5cb93f805650203010001
986
+ */
987
+ key_import_key: string;
988
+ /**
989
+ * @description The organization's universally unique key-wrapping-key identifier.
990
+ * This value is required when setting up key export.
991
+ * @example mrk-fce09525e81587d23520f11e07e2e9d9
992
+ */
993
+ kwk_id: string;
994
+ /**
995
+ * @description Date/time (in UTC) when last 'unstake' was performed. Unix epoch if none.
996
+ * @example TODO
997
+ */
998
+ last_unstake: string;
999
+ /**
1000
+ * Format: int32
1001
+ * @description How many 'unstake' calls happened on the day when `last_unstake` was performed.
1002
+ */
1003
+ last_unstake_day_count: number;
1004
+ /**
1005
+ * @description The human-readable name for the org
1006
+ * @example my_org_name
1007
+ */
1008
+ name?: string | null;
1009
+ /**
1010
+ * @description The ID of the organization
1011
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1012
+ */
1013
+ org_id: string;
1014
+ /**
1015
+ * @description Org-wide policies that are checked before a key is used for signing
1016
+ * @example [
1017
+ * {
1018
+ * "MaxDailyUnstake": 5
1019
+ * }
1020
+ * ]
1021
+ */
1022
+ policy?: Record<string, never>[];
1023
+ };
1024
+ RatchetConfig: {
1025
+ auth_lifetime?: components["schemas"]["Seconds"];
1026
+ refresh_lifetime?: components["schemas"]["Seconds"];
1027
+ session_lifetime?: components["schemas"]["Seconds"];
1028
+ };
1029
+ /** @description Receipt that an MFA request was approved. */
1030
+ Receipt: {
1031
+ /**
1032
+ * @description Confirmation code the user needs to present when resuming the original request.
1033
+ * @example ba1d75dd-d999-4c1b-944d-25c25440c8af
1034
+ */
1035
+ confirmation: string;
1036
+ /** @description The ID of the logged-in user whose action created this approval. */
1037
+ final_approver: string;
1038
+ timestamp: components["schemas"]["EpochDateTime"];
1039
+ };
1040
+ RoleInfo: {
1041
+ /**
1042
+ * @description Whether the role is enabled
1043
+ * @example true
1044
+ */
1045
+ enabled: boolean;
1046
+ /** @description The CubeSigner IDs of the keys */
1047
+ keys: components["schemas"]["KeyWithPolicies"][];
1048
+ /**
1049
+ * @description The human-readable name for the role (must be alphanumeric)
1050
+ * @example my_role
1051
+ */
1052
+ name?: string | null;
1053
+ /**
1054
+ * @description The ID of the role
1055
+ * @example Role#bfe3eccb-731e-430d-b1e5-ac1363e6b06b
1056
+ */
1057
+ role_id: string;
1058
+ /**
1059
+ * @description The list of users with access to the role
1060
+ * @example [
1061
+ * "User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f",
1062
+ * "User#5593c25b-52e2-4fb5-b39b-96d41d681d82"
1063
+ * ]
1064
+ */
1065
+ users: string[];
1066
+ };
1067
+ /**
1068
+ * @description Encrypted key material for import using hybrid encryption.
1069
+ *
1070
+ * The imported keying material is encrypted using [XChaCha20Poly1305], which
1071
+ * we choose for its speed and side channel resistance, its ability to encrypt
1072
+ * very long messages, and its safety when using random nonces even for a large
1073
+ * number of messages. The latter should not happen in this case, but the cost
1074
+ * is negligible and the benefit is that we know it's safe to use random nonces.
1075
+ *
1076
+ * The XChaCha key is encrypted using [RSAES-OAEP-SHA256], which we choose because
1077
+ * it's the best of the [available options for asymmetric encryption][kmsopts]
1078
+ * in AWS KMS.
1079
+ *
1080
+ * [XChaCha20Poly1305]: https://doc.libsodium.org/secret-key_cryptography/aead/chacha20-poly1305/xchacha20-poly1305_construction
1081
+ * [RSAES-OAEP-SHA256]: https://www.rfc-editor.org/rfc/rfc8017#section-7.1
1082
+ * [kmsopts]: https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html
1083
+ */
1084
+ RsaOaepXChaChaMaterial: {
1085
+ /**
1086
+ * @description The keying material to be imported, encrypted with
1087
+ * [XChaCha20Poly1305](https://doc.libsodium.org/secret-key_cryptography/aead/chacha20-poly1305/xchacha20-poly1305_construction).
1088
+ */
1089
+ ikm_enc: number[];
1090
+ /**
1091
+ * @description The key-wrapping key used to encrypt `ikm_enc`, encrypted with
1092
+ * [RSAES-OAEP-SHA256](https://www.rfc-editor.org/rfc/rfc8017#section-7.1).
1093
+ */
1094
+ kwk_enc: number[];
1095
+ /** @description The nonce used to generate `ikm_enc`. */
1096
+ nonce: number[];
1097
+ };
1098
+ /**
1099
+ * Format: int64
1100
+ * @description Duration measured in seconds
1101
+ * A wrapper type for serialization that encodes a `Duration` as a `u64` representing the number of seconds.
1102
+ */
1103
+ Seconds: number;
1104
+ SignRequest: {
1105
+ message: Record<string, never>;
1106
+ };
1107
+ SolanaSignRequest: components["schemas"]["SignRequest"] & Record<string, never>;
1108
+ StakeRequest: {
1109
+ /**
1110
+ * Format: int64
1111
+ * @description The chain on which we will deposit
1112
+ * @example 5
1113
+ */
1114
+ chain_id: number;
1115
+ deposit_type: components["schemas"]["DepositType"];
1116
+ unsafe_conf: components["schemas"]["UnsafeConf"] | null;
1117
+ /**
1118
+ * @description The validator BLS public key to use, or `None` to generate a fresh one.
1119
+ * @example 0xa99a76ed7796f7be22d5b7e85deeb7c5677e88e511e0b337618f8c4eb61349b4bf2d153f649f7b53359fe8b94a38e44c
1120
+ */
1121
+ validator_key: string | null;
1122
+ /**
1123
+ * @description The ethereum address to which withdrawn funds go
1124
+ * @example 0x8e3484687e66cdd26cf04c3647633ab4f3570148
1125
+ */
1126
+ withdrawal_addr: string;
1127
+ };
1128
+ Status: {
1129
+ /** @description Users who are allowed to approve. Must be non-empty. */
1130
+ allowed_approvers: string[];
1131
+ /** @description Allowed approval types. When omitted, defaults to any. */
1132
+ allowed_mfa_types?: components["schemas"]["MfaType"][] | null;
1133
+ /** @description Users who have already approved */
1134
+ approved_by: {
1135
+ [key: string]: ({
1136
+ [key: string]: components["schemas"]["ApprovalInfo"] | undefined;
1137
+ }) | undefined;
1138
+ };
1139
+ /**
1140
+ * Format: int32
1141
+ * @description How many users must approve
1142
+ */
1143
+ count: number;
1144
+ /**
1145
+ * Format: int32
1146
+ * @description How many auth factors to require per user
1147
+ */
1148
+ num_auth_factors: number;
1149
+ };
1150
+ TokenInfo: {
1151
+ /** @description Session ID. Use it to revoke a session. Cannot be used for auth. */
1152
+ hash: string;
1153
+ /** @description Tokens purpose */
1154
+ purpose: string;
1155
+ };
1156
+ TotpApproveRequest: {
1157
+ /** @description TOTP verification code */
1158
+ code: string;
1159
+ };
1160
+ /** @description Options that should be set only for local devnet testing. */
1161
+ UnsafeConf: {
1162
+ /**
1163
+ * @description The hex-encoded address of the deposit contract. If omitted, inferred from `chain_id`
1164
+ * @example 0xff50ed3d0ec03ac01d4c79aad74928bff48a7b2b
1165
+ */
1166
+ deposit_contract_addr: string | null;
1167
+ /**
1168
+ * @description The hex-encoded 4-byte fork version
1169
+ * @example 0x00001020
1170
+ */
1171
+ genesis_fork_version: string | null;
1172
+ };
1173
+ /**
1174
+ * @description Unstake message request.
1175
+ * @example {
1176
+ * "epoch": "256",
1177
+ * "fork": {
1178
+ * "current_version": "0x00001020",
1179
+ * "epoch": "0",
1180
+ * "previous_version": "0x00001020"
1181
+ * },
1182
+ * "genesis_data": {
1183
+ * "genesis_fork_version": "0x00001020",
1184
+ * "genesis_time": "1679541642",
1185
+ * "genesis_validators_root": "0x270d43e74ce340de4bca2b1936beca0f4f5408d9e78aec4850920baf659d5b69"
1186
+ * },
1187
+ * "network": "goerli",
1188
+ * "validator_index": "0"
1189
+ * }
1190
+ */
1191
+ UnstakeRequest: {
1192
+ epoch: components["schemas"]["Epoch"] | null;
1193
+ fork: components["schemas"]["Fork"];
1194
+ genesis_data: components["schemas"]["GenesisData"];
1195
+ network: components["schemas"]["Network"];
1196
+ /**
1197
+ * @description Validator index (`uint64`) to exit. You can get the validator index from the Beacon node's
1198
+ * `/eth/v1/beacon/states/head/validators/{pubkey}` end-point. This end point returns an
1199
+ * object that contains information about the validator (whose public key is `{pubkey}`),
1200
+ * including the validator index. The schema of this end-point is defined
1201
+ * [here](https://ethereum.github.io/beacon-APIs/#/Beacon/getStateValidator).
1202
+ * @example 31337
1203
+ */
1204
+ validator_index: string;
1205
+ };
1206
+ UpdateKeyRequest: {
1207
+ /**
1208
+ * @description If set, updates the keys's `enabled` property to this value.
1209
+ * Once disabled, a key cannot be used for signing.
1210
+ */
1211
+ enabled?: boolean | null;
1212
+ /**
1213
+ * @description If set, updates key's owner to this value.
1214
+ * The new owner must be an existing user who is a member of the same org.
1215
+ * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
1216
+ */
1217
+ owner?: string | null;
1218
+ /**
1219
+ * @description If set, update this key's policies (old policies will be overwritten!).
1220
+ * @example []
1221
+ */
1222
+ policy?: Record<string, never>[] | null;
1223
+ };
1224
+ UpdateOrgRequest: {
1225
+ /** @description If set, update this org's `enabled` field to this value. */
1226
+ enabled?: boolean | null;
1227
+ /**
1228
+ * @description If set, update this org's alias. Org aliases are globally unique.
1229
+ * @example my_org
1230
+ */
1231
+ name?: string | null;
1232
+ /**
1233
+ * @description If set, update this org's policies (old policies will be overwritten!).
1234
+ * @example [
1235
+ * {
1236
+ * "MaxDailyUnstake": 5
1237
+ * },
1238
+ * {
1239
+ * "OriginAllowlist": [
1240
+ * "https://example.com"
1241
+ * ]
1242
+ * },
1243
+ * {
1244
+ * "SourceIpAllowlist": [
1245
+ * "10.1.2.3/8",
1246
+ * "169.254.17.1/16"
1247
+ * ]
1248
+ * }
1249
+ * ]
1250
+ */
1251
+ policy?: Record<string, never>[] | null;
1252
+ };
1253
+ UpdateRoleRequest: {
1254
+ /**
1255
+ * @description If set, updates the role's `enabled` property to this value.
1256
+ * Once disabled, a role cannot be used; and it's tokens cannot be used for signing.
1257
+ */
1258
+ enabled?: boolean | null;
1259
+ };
1260
+ UserIdInfo: {
1261
+ /**
1262
+ * @description The user's email
1263
+ * @example alice@example.com
1264
+ */
1265
+ email: string;
1266
+ /**
1267
+ * @description The id of the user
1268
+ * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
1269
+ */
1270
+ id: string;
1271
+ };
1272
+ UserInfo: {
1273
+ /** @example alice@example.com */
1274
+ email: string;
1275
+ /** @description All multi-factor authentication methods configured for this user */
1276
+ mfa: components["schemas"]["ConfiguredMfa"][];
1277
+ /**
1278
+ * @description All organizations the user belongs to
1279
+ * @example [
1280
+ * "Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a"
1281
+ * ]
1282
+ */
1283
+ org_ids: string[];
1284
+ /**
1285
+ * @description The id of the currently logged in user
1286
+ * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
1287
+ */
1288
+ user_id: string;
1289
+ };
1290
+ /**
1291
+ * @description An exit voluntarily submitted a validator who wishes to withdraw.
1292
+ * The schema for this message is defined
1293
+ * [here](https://github.com/ethereum/consensus-specs/blob/v1.0.1/specs/phase0/beacon-chain.md#signedvoluntaryexit).
1294
+ */
1295
+ VoluntaryExit: {
1296
+ epoch: components["schemas"]["Epoch"];
1297
+ /**
1298
+ * @description Index of the exiting validator.
1299
+ * @example 256
1300
+ */
1301
+ validator_index: string;
1302
+ };
1303
+ };
1304
+ responses: {
1305
+ AddThirdPartyUserResponse: {
1306
+ content: {
1307
+ "application/json": {
1308
+ /** @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f */
1309
+ user_id: string;
1310
+ };
1311
+ };
1312
+ };
1313
+ BlobSignResponse: {
1314
+ content: {
1315
+ "application/json": {
1316
+ /** @description The hex-encoded signature. */
1317
+ signature: string;
1318
+ };
1319
+ };
1320
+ };
1321
+ BtcSignResponse: {
1322
+ content: {
1323
+ "application/json": {
1324
+ /**
1325
+ * @description The hex-encoded signature in DER format.
1326
+ * @example 0x3045022100e12be3904f665f755e106741680548fefc9febf4cff31c5c0ee4627b3c1b35fe022066fde9a0b17e4cd38da983fb0d604294f00d0bd47fcb649c5216f3a2e8b7ad2d01
1327
+ */
1328
+ signature: string;
1329
+ };
1330
+ };
1331
+ };
1332
+ CreateKeyImportKeyResponse: {
1333
+ content: {
1334
+ "application/json": components["schemas"]["KeyImportKey"] & {
1335
+ /**
1336
+ * @description An attestation document from a secure enclave, including an
1337
+ * RSA signing key used to sign the contents of this message.
1338
+ */
1339
+ enclave_attestation: string;
1340
+ /**
1341
+ * @description An RSA-PSS-SHA256 signature on the public key and encrypted
1342
+ * secrets attesting to their generation inside a secure enclave.
1343
+ */
1344
+ enclave_signature: string;
1345
+ };
1346
+ };
1347
+ };
1348
+ CreateKeyResponse: {
1349
+ content: {
1350
+ "application/json": {
1351
+ /** @description The info about the created keys */
1352
+ keys: components["schemas"]["KeyInfo"][];
1353
+ };
1354
+ };
1355
+ };
1356
+ /** @description The newly created role information */
1357
+ CreateRoleResponse: {
1358
+ content: {
1359
+ "application/json": {
1360
+ /**
1361
+ * @description A human-readable name for the role.
1362
+ * @example my_role
1363
+ */
1364
+ name?: string | null;
1365
+ /**
1366
+ * @description The id of the newly created role
1367
+ * @example Role#bfe3eccb-731e-430d-b1e5-ac1363e6b06b
1368
+ */
1369
+ role_id: string;
1370
+ };
1371
+ };
1372
+ };
1373
+ CreateTokenResponse: {
1374
+ content: {
1375
+ "application/json": {
1376
+ session_info: components["schemas"]["ClientSessionInfo"];
1377
+ /**
1378
+ * @description Token to be used for signing auth. Requests to signing endpoints
1379
+ * should include this value in the `Authorization` header
1380
+ */
1381
+ token: string;
1382
+ };
1383
+ };
1384
+ };
1385
+ EmptyImpl: {
1386
+ content: {
1387
+ "application/json": {
1388
+ status: string;
1389
+ };
1390
+ };
1391
+ };
1392
+ Eth1SignResponse: {
1393
+ content: {
1394
+ "application/json": {
1395
+ /**
1396
+ * @description Hex-encoded RLP encoding of the transaction and its signature
1397
+ * @example 0x22895118000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000e000000000000000000000000000000000000000000000000000000000000001201d58656b0e22aaa68fdc692db41979098c3886ed33015d7467de9211609cdac000000000000000000000000000000000000000000000000000000000000000308b0c2900324d3ff9adfba7fdfe5af3f9b2cdbeef7b280437bbf1b1c59a093d615afe3e5dfed9622b540cdd9b49b3c5ad00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002001000000000000000000000049011adbcc3bc9c0307bb07f37dda1a1a9c69d2e0000000000000000000000000000000000000000000000000000000000000060903db8525674b8e7904f9b7d7d9ec55a0a42d33cf58be25469b0c21bbb6d06172bc5bb5fd1aed8e4f35936968958116b0619553c2cb1c52e7323074c6f8eb3d5a7074fc6580148df907837fa3b164ad7fbc2288dad1e8a5b021095b57c8a36d4
1398
+ */
1399
+ rlp_signed_tx: string;
1400
+ };
1401
+ };
1402
+ };
1403
+ Eth2SignResponse: {
1404
+ content: {
1405
+ "application/json": {
1406
+ /**
1407
+ * @description Hex encoded signature prefixed with 0x e.g. "0x0000..."
1408
+ * @example 0xb4f2ef9d12a54e1f569596c07c97d6d730535b6ffc0d287761dc78103a86326782471a04c75ce7a6faea08ca9a4a0830031cdcb893da8711d54aa22619f1a7e71b8185ddf4c6bfd9babbd735960e35e56bd6eeb89625b04850e7a9ef8846e549
1409
+ */
1410
+ signature: string;
1411
+ };
1412
+ };
1413
+ };
1414
+ GetKeysInOrgResponse: {
1415
+ content: {
1416
+ "application/json": {
1417
+ keys: components["schemas"]["KeyInfo"][];
1418
+ };
1419
+ };
1420
+ };
1421
+ GetUsersInOrgResponse: {
1422
+ content: {
1423
+ "application/json": {
1424
+ /** @description The list of users in the org */
1425
+ users: components["schemas"]["UserIdInfo"][];
1426
+ };
1427
+ };
1428
+ };
1429
+ /** @description A wrapped key-import key */
1430
+ KeyImportKey: {
1431
+ content: {
1432
+ "application/json": {
1433
+ /** @description Base64-encoded, encrypted data key. */
1434
+ dk_enc: string;
1435
+ /**
1436
+ * Format: int64
1437
+ * @description Expiration timestamp expressed as seconds since the UNIX epoch.
1438
+ */
1439
+ expires: number;
1440
+ /**
1441
+ * @description The ephemeral public key to which an imported key should be encrypted.
1442
+ * This is a P384 public key in base64-encoded uncompressed SECG format.
1443
+ */
1444
+ public_key: string;
1445
+ /** @description Base64-encoded, encrypted secret key. */
1446
+ sk_enc: string;
1447
+ };
1448
+ };
1449
+ };
1450
+ KeyInfo: {
1451
+ content: {
1452
+ "application/json": {
1453
+ /** @description Whether the key is enabled (only enabled keys may be used for signing) */
1454
+ enabled: boolean;
1455
+ /**
1456
+ * @description The id of the key: "Key#" followed by a unique identifier specific to
1457
+ * the type of key (such as a public key for BLS or an ethereum address for Secp)
1458
+ * @example Key#0x8e3484687e66cdd26cf04c3647633ab4f3570148
1459
+ */
1460
+ key_id: string;
1461
+ key_type: components["schemas"]["KeyType"];
1462
+ /**
1463
+ * @description A unique identifier specific to the type of key, such as a public key or an ethereum address
1464
+ * @example 0x8e3484687e66cdd26cf04c3647633ab4f3570148
1465
+ */
1466
+ material_id: string;
1467
+ /**
1468
+ * @description Owner of the key
1469
+ * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
1470
+ */
1471
+ owner: string;
1472
+ /**
1473
+ * @description Key policy
1474
+ * @example []
1475
+ */
1476
+ policy: Record<string, never>[];
1477
+ /**
1478
+ * @description Hex-encoded, serialized public key. The format used depends on the key type:
1479
+ * - secp256k1 keys use 65-byte uncompressed SECG format;
1480
+ * - BLS keys use 48-byte compressed BLS12-381 (ZCash) format;
1481
+ * - ed25519 keys use the canonical 64-byte encoding specified in RFC 8032.
1482
+ * @example 0x04d2688b6bc2ce7f9879b9e745f3c4dc177908c5cef0c1b64cff19ae7ff27dee623c64fe9d9c325c7fbbc748bbd5f607ce14dd83e28ebbbb7d3e7f2ffb70a79431
1483
+ */
1484
+ public_key: string;
1485
+ /**
1486
+ * @description The purpose for which the key can be used (e.g., chain id for which the key is allowed to sign messages)
1487
+ * @example Eth2Validator(1)
1488
+ */
1489
+ purpose: string;
1490
+ };
1491
+ };
1492
+ };
1493
+ KeyInfos: {
1494
+ content: {
1495
+ "application/json": {
1496
+ keys: components["schemas"]["KeyInfo"][];
1497
+ };
1498
+ };
1499
+ };
1500
+ ListRolesResponse: {
1501
+ content: {
1502
+ "application/json": {
1503
+ /** @description All roles in an organization. */
1504
+ roles: components["schemas"]["RoleInfo"][];
1505
+ };
1506
+ };
1507
+ };
1508
+ ListTokensResponse: {
1509
+ content: {
1510
+ "application/json": {
1511
+ tokens: components["schemas"]["TokenInfo"][];
1512
+ };
1513
+ };
1514
+ };
1515
+ /** @description Returned as a response from multiple routes (e.g., 'get mfa', 'approve mfa', 'approve totp'). */
1516
+ MfaRequestInfo: {
1517
+ content: {
1518
+ "application/json": {
1519
+ expires_at: components["schemas"]["EpochDateTime"];
1520
+ /** @description Approval request ID. */
1521
+ id: string;
1522
+ receipt: components["schemas"]["Receipt"] | null;
1523
+ request: components["schemas"]["HttpRequest"];
1524
+ status: components["schemas"]["Status"];
1525
+ };
1526
+ };
1527
+ };
1528
+ OidcLoginResponse: {
1529
+ content: {
1530
+ "application/json": {
1531
+ /**
1532
+ * @description Token to be used for signing auth. Requests to signing endpoints
1533
+ * should include this value in the `Authorization` header
1534
+ */
1535
+ token: string;
1536
+ };
1537
+ };
1538
+ };
1539
+ OrgInfo: {
1540
+ content: {
1541
+ "application/json": {
1542
+ /** @description When false, all cryptographic operations involving keys in this org are disabled. */
1543
+ enabled: boolean;
1544
+ /**
1545
+ * @description The RSA public key to use when importing keys into this organization. This string is the
1546
+ * hex encoding of the DER representation of the key.
1547
+ * @example 30820222300d06092a864886f70d01010105000382020f003082020a0282020100c89765b8f347caafbec09fcb17740e032d854ec99f2d9c16167be335339b4fdeba18a7f13d8e8b7ae7d689cab63d8ecdf548f4746eacaf95b61fef76ade9f81b3c038891c52542fd352697b618afbea6103723c28f2db450e9d852be16a4dc2cbc9442da9a6610044009e056ba90728f0b9888d9b036e493aaed168ccf930fa2f730b17eb3ad6f455a792b762c47f3d3c6b7a7c458556a592e688791599a576bf2149d8e9614db775e7a48602d237a347d5399c681f7f7d9c81f6a64e7cfd356bba545d45e5023ca1f09a66a1d4550f61cf2c4367e14997b5d749bb0326a44d058119e8caf7fd79d517eb2d11dddb2db329f350698f0f978d5e150bb402c8bc4c5ec36d6f38db3f3a204813cda9f52dbcee809204f8e35a455c0e110e10eec41f734f2d55a058a7a21fa90602f94da6de2378ff61e7b3550b77e53d75d7b3d3b39ccab0e5101b916dab01da096f7627175d5b68a1a6464ce5be3e95e7c464d69eb0b675057705c11bc79c3543313b0d9c703c50dc1a16dd9b55e5599e3b02e527b85938e7b81c65e56960bcd7c7a266b07dc05107fd0d7d3c208a878eb0fc74b0d007f421d0c5b28cf78eb441aa0166dceeeac255d68622492f9b526ae13c93754ea8eda96f3b764ba931f8d49c7de8b00ac53d993ab9b08fd2892d8e82cc1a9746f0b426b19256d13d780445e150ce81da0b3c96e32559cb47cb5cb93f805650203010001
1548
+ */
1549
+ key_import_key: string;
1550
+ /**
1551
+ * @description The organization's universally unique key-wrapping-key identifier.
1552
+ * This value is required when setting up key export.
1553
+ * @example mrk-fce09525e81587d23520f11e07e2e9d9
1554
+ */
1555
+ kwk_id: string;
1556
+ /**
1557
+ * @description Date/time (in UTC) when last 'unstake' was performed. Unix epoch if none.
1558
+ * @example TODO
1559
+ */
1560
+ last_unstake: string;
1561
+ /**
1562
+ * Format: int32
1563
+ * @description How many 'unstake' calls happened on the day when `last_unstake` was performed.
1564
+ */
1565
+ last_unstake_day_count: number;
1566
+ /**
1567
+ * @description The human-readable name for the org
1568
+ * @example my_org_name
1569
+ */
1570
+ name?: string | null;
1571
+ /**
1572
+ * @description The ID of the organization
1573
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1574
+ */
1575
+ org_id: string;
1576
+ /**
1577
+ * @description Org-wide policies that are checked before a key is used for signing
1578
+ * @example [
1579
+ * {
1580
+ * "MaxDailyUnstake": 5
1581
+ * }
1582
+ * ]
1583
+ */
1584
+ policy?: Record<string, never>[];
1585
+ };
1586
+ };
1587
+ };
1588
+ RefreshResponse: {
1589
+ content: {
1590
+ "application/json": {
1591
+ session_info: components["schemas"]["ClientSessionInfo"];
1592
+ /**
1593
+ * @description New token to be used for signing auth. Requests to signing endpoints
1594
+ * should include this value in the `Authorization` header
1595
+ */
1596
+ token: string;
1597
+ };
1598
+ };
1599
+ };
1600
+ RevokeTokenResponse: {
1601
+ content: {
1602
+ "application/json": {
1603
+ token?: components["schemas"]["TokenInfo"] | null;
1604
+ };
1605
+ };
1606
+ };
1607
+ RevokeTokensResponse: {
1608
+ content: {
1609
+ "application/json": {
1610
+ /** @description Tokens that were revoked. */
1611
+ revoked: components["schemas"]["TokenInfo"][];
1612
+ };
1613
+ };
1614
+ };
1615
+ RoleInfo: {
1616
+ content: {
1617
+ "application/json": {
1618
+ /**
1619
+ * @description Whether the role is enabled
1620
+ * @example true
1621
+ */
1622
+ enabled: boolean;
1623
+ /** @description The CubeSigner IDs of the keys */
1624
+ keys: components["schemas"]["KeyWithPolicies"][];
1625
+ /**
1626
+ * @description The human-readable name for the role (must be alphanumeric)
1627
+ * @example my_role
1628
+ */
1629
+ name?: string | null;
1630
+ /**
1631
+ * @description The ID of the role
1632
+ * @example Role#bfe3eccb-731e-430d-b1e5-ac1363e6b06b
1633
+ */
1634
+ role_id: string;
1635
+ /**
1636
+ * @description The list of users with access to the role
1637
+ * @example [
1638
+ * "User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f",
1639
+ * "User#5593c25b-52e2-4fb5-b39b-96d41d681d82"
1640
+ * ]
1641
+ */
1642
+ users: string[];
1643
+ };
1644
+ };
1645
+ };
1646
+ SolanaSignResponse: {
1647
+ content: {
1648
+ "application/json": {
1649
+ /** @description The hex-encoded signature. */
1650
+ signature: string;
1651
+ };
1652
+ };
1653
+ };
1654
+ StakeResponse: {
1655
+ content: {
1656
+ "application/json": {
1657
+ /**
1658
+ * @description The validator key id ("Key#...")
1659
+ * @example Key#db1731f8-3659-45c0-885b-e11e1f5b7be2
1660
+ */
1661
+ created_validator_key_id: string;
1662
+ deposit_tx: components["schemas"]["DepositTxn"];
1663
+ };
1664
+ };
1665
+ };
1666
+ TotpInfo: {
1667
+ content: {
1668
+ "application/json": {
1669
+ /**
1670
+ * @description Standard TOTP url which includes everything needed to initialize TOTP.
1671
+ * @example otpauth://totp/Cubist:alice-%40example.com?secret=DAHF7KCOTQWSOMK4XFEMNHXO4J433OD7&issuer=Cubist
1672
+ */
1673
+ totp_url: string;
1674
+ };
1675
+ };
1676
+ };
1677
+ /**
1678
+ * @description Unstake responses are signed voluntary exit messages.
1679
+ * The schema for this message is defined
1680
+ * [here](https://github.com/ethereum/consensus-specs/blob/v1.0.1/specs/phase0/beacon-chain.md#signedvoluntaryexit).
1681
+ * This message can be directly POSTed to the Beacon node's
1682
+ * `/eth/v1/beacon/pool/voluntary_exits` end-point (see expected schema
1683
+ * [here](https://ethereum.github.io/beacon-APIs/#/Beacon/submitPoolVoluntaryExit)).
1684
+ */
1685
+ UnstakeResponse: {
1686
+ content: {
1687
+ "application/json": {
1688
+ message: components["schemas"]["VoluntaryExit"];
1689
+ /**
1690
+ * @description BLS signature.
1691
+ * @example 0x910c7cd537ed91cc8c4a82f3cbd832e9be8c24a22e9c86df479f7ce42025ea6a09619b418b666a060e260d2aae31b8e50e9d05ca3442c7eed3b507e5207e14674275f68c2ba84c4bf6b8dd364a304acac8cfab3681e2514b4400f9242bc61164
1692
+ */
1693
+ signature: string;
1694
+ };
1695
+ };
1696
+ };
1697
+ UpdateOrgResponse: {
1698
+ content: {
1699
+ "application/json": {
1700
+ /** @description The new value of the 'enabled' property */
1701
+ enabled?: boolean | null;
1702
+ /**
1703
+ * @description The new human-readable name for the org (must be alphanumeric)
1704
+ * @example my_org_name
1705
+ */
1706
+ name?: string | null;
1707
+ /**
1708
+ * @description The ID of the organization
1709
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1710
+ */
1711
+ org_id: string;
1712
+ /**
1713
+ * @description The new value of org-wide policies
1714
+ * @example [
1715
+ * {
1716
+ * "MaxDailyUnstake": 5
1717
+ * },
1718
+ * {
1719
+ * "OriginAllowlist": [
1720
+ * "https://example.com"
1721
+ * ]
1722
+ * }
1723
+ * ]
1724
+ */
1725
+ policy?: Record<string, never>[] | null;
1726
+ };
1727
+ };
1728
+ };
1729
+ UserInfo: {
1730
+ content: {
1731
+ "application/json": {
1732
+ /** @example alice@example.com */
1733
+ email: string;
1734
+ /** @description All multi-factor authentication methods configured for this user */
1735
+ mfa: components["schemas"]["ConfiguredMfa"][];
1736
+ /**
1737
+ * @description All organizations the user belongs to
1738
+ * @example [
1739
+ * "Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a"
1740
+ * ]
1741
+ */
1742
+ org_ids: string[];
1743
+ /**
1744
+ * @description The id of the currently logged in user
1745
+ * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
1746
+ */
1747
+ user_id: string;
1748
+ };
1749
+ };
1750
+ };
1751
+ };
1752
+ parameters: never;
1753
+ requestBodies: never;
1754
+ headers: never;
1755
+ pathItems: never;
1756
+ }
1757
+
1758
+ export type external = Record<string, never>;
1759
+
1760
+ export interface operations {
1761
+
1762
+ /**
1763
+ * User Info
1764
+ * @description User Info
1765
+ *
1766
+ * Retrieves information about the current user.
1767
+ */
1768
+ aboutMe: {
1769
+ responses: {
1770
+ 200: components["responses"]["UserInfo"];
1771
+ default: {
1772
+ content: {
1773
+ "application/json": components["schemas"]["ErrorResponse"];
1774
+ };
1775
+ };
1776
+ };
1777
+ };
1778
+ /**
1779
+ * Get Org
1780
+ * @description Get Org
1781
+ *
1782
+ * Retrieves information about an organization.
1783
+ */
1784
+ getOrg: {
1785
+ parameters: {
1786
+ path: {
1787
+ /**
1788
+ * @description Name or ID of the desired Org
1789
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1790
+ */
1791
+ org_id: string;
1792
+ };
1793
+ };
1794
+ responses: {
1795
+ 200: components["responses"]["OrgInfo"];
1796
+ default: {
1797
+ content: {
1798
+ "application/json": components["schemas"]["ErrorResponse"];
1799
+ };
1800
+ };
1801
+ };
1802
+ };
1803
+ /**
1804
+ * Update Org
1805
+ * @description Update Org
1806
+ *
1807
+ * Update organization attributes (enabled flag, name, and policies).
1808
+ */
1809
+ updateOrg: {
1810
+ parameters: {
1811
+ path: {
1812
+ /**
1813
+ * @description Name or ID of the desired Org
1814
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1815
+ */
1816
+ org_id: string;
1817
+ };
1818
+ };
1819
+ requestBody: {
1820
+ content: {
1821
+ "application/json": components["schemas"]["UpdateOrgRequest"];
1822
+ };
1823
+ };
1824
+ responses: {
1825
+ 200: components["responses"]["UpdateOrgResponse"];
1826
+ default: {
1827
+ content: {
1828
+ "application/json": components["schemas"]["ErrorResponse"];
1829
+ };
1830
+ };
1831
+ };
1832
+ };
1833
+ /**
1834
+ * Sign Bitcoin Transaction
1835
+ * @description Sign Bitcoin Transaction
1836
+ *
1837
+ * Signs a Bitcoin transaction with a given key.
1838
+ * This is a pre-release feature.
1839
+ */
1840
+ btcSign: {
1841
+ parameters: {
1842
+ path: {
1843
+ /**
1844
+ * @description Name or ID of the desired Org
1845
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1846
+ */
1847
+ org_id: string;
1848
+ /**
1849
+ * @description bech32 encoding of the public key
1850
+ * @example bc1q5p5qkae77ly80kr4pyfytdqm7rf08ddhdejl9g
1851
+ */
1852
+ pubkey: string;
1853
+ };
1854
+ };
1855
+ requestBody: {
1856
+ content: {
1857
+ "application/json": components["schemas"]["BtcSignRequest"];
1858
+ };
1859
+ };
1860
+ responses: {
1861
+ 200: components["responses"]["BtcSignResponse"];
1862
+ 202: {
1863
+ content: {
1864
+ "application/json": components["schemas"]["AcceptedResponse"];
1865
+ };
1866
+ };
1867
+ default: {
1868
+ content: {
1869
+ "application/json": components["schemas"]["ErrorResponse"];
1870
+ };
1871
+ };
1872
+ };
1873
+ };
1874
+ /**
1875
+ * Create Key-Import Key
1876
+ * @description Create Key-Import Key
1877
+ *
1878
+ * Generate an ephemeral key that a client can use for key-import encryption.
1879
+ */
1880
+ createKeyImportKey: {
1881
+ parameters: {
1882
+ path: {
1883
+ /**
1884
+ * @description Name or ID of the desired Org
1885
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1886
+ */
1887
+ org_id: string;
1888
+ };
1889
+ };
1890
+ responses: {
1891
+ 200: components["responses"]["CreateKeyImportKeyResponse"];
1892
+ default: {
1893
+ content: {
1894
+ "application/json": components["schemas"]["ErrorResponse"];
1895
+ };
1896
+ };
1897
+ };
1898
+ };
1899
+ /**
1900
+ * Import Key
1901
+ * @description Import Key
1902
+ *
1903
+ * Securely imports an existing key using a previously generated key-import key.
1904
+ */
1905
+ importKey: {
1906
+ parameters: {
1907
+ path: {
1908
+ /**
1909
+ * @description Name or ID of the desired Org
1910
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1911
+ */
1912
+ org_id: string;
1913
+ };
1914
+ };
1915
+ requestBody: {
1916
+ content: {
1917
+ "application/json": components["schemas"]["ImportKeyRequest"];
1918
+ };
1919
+ };
1920
+ responses: {
1921
+ 200: components["responses"]["CreateKeyResponse"];
1922
+ default: {
1923
+ content: {
1924
+ "application/json": components["schemas"]["ErrorResponse"];
1925
+ };
1926
+ };
1927
+ };
1928
+ };
1929
+ /**
1930
+ * Invite User
1931
+ * @description Invite User
1932
+ *
1933
+ * Creates a new user in an existing org and sends that user an invite email.
1934
+ */
1935
+ invite: {
1936
+ parameters: {
1937
+ path: {
1938
+ /**
1939
+ * @description Name or ID of the desired Org
1940
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1941
+ */
1942
+ org_id: string;
1943
+ };
1944
+ };
1945
+ requestBody: {
1946
+ content: {
1947
+ "application/json": components["schemas"]["InviteRequest"];
1948
+ };
1949
+ };
1950
+ responses: {
1951
+ 200: components["responses"]["EmptyImpl"];
1952
+ default: {
1953
+ content: {
1954
+ "application/json": components["schemas"]["ErrorResponse"];
1955
+ };
1956
+ };
1957
+ };
1958
+ };
1959
+ /**
1960
+ * List Keys
1961
+ * @description List Keys
1962
+ *
1963
+ * Gets the list of owned keys in a given org.
1964
+ */
1965
+ listKeysInOrg: {
1966
+ parameters: {
1967
+ query?: {
1968
+ /**
1969
+ * @description Filter by key type
1970
+ * @example SecpEthAddr
1971
+ */
1972
+ key_type?: components["schemas"]["KeyType"];
1973
+ };
1974
+ path: {
1975
+ /**
1976
+ * @description Name or ID of the desired Org
1977
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1978
+ */
1979
+ org_id: string;
1980
+ };
1981
+ };
1982
+ responses: {
1983
+ 200: components["responses"]["GetKeysInOrgResponse"];
1984
+ default: {
1985
+ content: {
1986
+ "application/json": components["schemas"]["ErrorResponse"];
1987
+ };
1988
+ };
1989
+ };
1990
+ };
1991
+ /**
1992
+ * Import Key (Deprecated)
1993
+ * @description Import Key (Deprecated)
1994
+ *
1995
+ * Securely imports an existing key. This API is deprecated; please use the new version.
1996
+ */
1997
+ importKeyLegacy: {
1998
+ parameters: {
1999
+ path: {
2000
+ /**
2001
+ * @description Name or ID of the desired Org
2002
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2003
+ */
2004
+ org_id: string;
2005
+ };
2006
+ };
2007
+ requestBody: {
2008
+ content: {
2009
+ "application/json": components["schemas"]["ImportKeyLegacyRequest"];
2010
+ };
2011
+ };
2012
+ responses: {
2013
+ 200: components["responses"]["CreateKeyResponse"];
2014
+ default: {
2015
+ content: {
2016
+ "application/json": components["schemas"]["ErrorResponse"];
2017
+ };
2018
+ };
2019
+ };
2020
+ };
2021
+ /**
2022
+ * Create Key
2023
+ * @description Create Key
2024
+ *
2025
+ * Creates one or more new keys of the specified type (BLS or Secp).
2026
+ */
2027
+ createKey: {
2028
+ parameters: {
2029
+ path: {
2030
+ /**
2031
+ * @description Name or ID of the desired Org
2032
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2033
+ */
2034
+ org_id: string;
2035
+ };
2036
+ };
2037
+ requestBody: {
2038
+ content: {
2039
+ "application/json": components["schemas"]["CreateKeyRequest"];
2040
+ };
2041
+ };
2042
+ responses: {
2043
+ 200: components["responses"]["CreateKeyResponse"];
2044
+ default: {
2045
+ content: {
2046
+ "application/json": components["schemas"]["ErrorResponse"];
2047
+ };
2048
+ };
2049
+ };
2050
+ };
2051
+ /**
2052
+ * Legacy List Keys
2053
+ * @deprecated
2054
+ * @description Legacy List Keys
2055
+ *
2056
+ * This route is deprecated. Use `GET /v0/org/<org_id>/keys?<key_type>`
2057
+ */
2058
+ listKeysLegacy: {
2059
+ parameters: {
2060
+ path: {
2061
+ /**
2062
+ * @description Name or ID of the desired Org
2063
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2064
+ */
2065
+ org_id: string;
2066
+ };
2067
+ };
2068
+ requestBody: {
2069
+ content: {
2070
+ "application/json": components["schemas"]["GetKeysInOrgRequest"];
2071
+ };
2072
+ };
2073
+ responses: {
2074
+ 200: components["responses"]["GetKeysInOrgResponse"];
2075
+ default: {
2076
+ content: {
2077
+ "application/json": components["schemas"]["ErrorResponse"];
2078
+ };
2079
+ };
2080
+ };
2081
+ };
2082
+ /**
2083
+ * Get Key
2084
+ * @description Get Key
2085
+ *
2086
+ * Returns the properties of a key.
2087
+ */
2088
+ getKeyInOrg: {
2089
+ parameters: {
2090
+ path: {
2091
+ /**
2092
+ * @description Name or ID of the desired Org
2093
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2094
+ */
2095
+ org_id: string;
2096
+ /**
2097
+ * @description ID of the key
2098
+ * @example Key#0x8e3484687e66cdd26cf04c3647633ab4f3570148
2099
+ */
2100
+ key_id: string;
2101
+ };
2102
+ };
2103
+ responses: {
2104
+ 200: components["responses"]["KeyInfo"];
2105
+ default: {
2106
+ content: {
2107
+ "application/json": components["schemas"]["ErrorResponse"];
2108
+ };
2109
+ };
2110
+ };
2111
+ };
2112
+ /**
2113
+ * Update Key
2114
+ * @description Update Key
2115
+ *
2116
+ * Enable or disable a key. The user must be the owner of the key or organization to perform this action.
2117
+ */
2118
+ updateKey: {
2119
+ parameters: {
2120
+ path: {
2121
+ /**
2122
+ * @description Name or ID of the desired Org
2123
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2124
+ */
2125
+ org_id: string;
2126
+ /**
2127
+ * @description ID of the key
2128
+ * @example Key#0x8e3484687e66cdd26cf04c3647633ab4f3570148
2129
+ */
2130
+ key_id: string;
2131
+ };
2132
+ };
2133
+ requestBody: {
2134
+ content: {
2135
+ "application/json": components["schemas"]["UpdateKeyRequest"];
2136
+ };
2137
+ };
2138
+ responses: {
2139
+ 200: components["responses"]["KeyInfo"];
2140
+ default: {
2141
+ content: {
2142
+ "application/json": components["schemas"]["ErrorResponse"];
2143
+ };
2144
+ };
2145
+ };
2146
+ };
2147
+ /**
2148
+ * Gets a Pending MFA Request
2149
+ * @description Gets a Pending MFA Request
2150
+ *
2151
+ * Retrieves and returns a pending MFA request by its id.
2152
+ */
2153
+ mfaGet: {
2154
+ parameters: {
2155
+ path: {
2156
+ /**
2157
+ * @description Name or ID of the desired Org
2158
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2159
+ */
2160
+ org_id: string;
2161
+ /**
2162
+ * @description ID of the approval
2163
+ * @example ...
2164
+ */
2165
+ mfa_id: string;
2166
+ };
2167
+ };
2168
+ responses: {
2169
+ 200: components["responses"]["MfaRequestInfo"];
2170
+ default: {
2171
+ content: {
2172
+ "application/json": components["schemas"]["ErrorResponse"];
2173
+ };
2174
+ };
2175
+ };
2176
+ };
2177
+ /**
2178
+ * Approve a Pending MFA Request
2179
+ * @description Approve a Pending MFA Request
2180
+ *
2181
+ * Adds the current user as an approver of a pending MFA request of the [Status::RequiredApprovers] kind.
2182
+ * If the required number of approvers is reached, the MFA request is approved;
2183
+ * the confirmation receipt can be used to resume the original HTTP request.
2184
+ */
2185
+ mfaApproveCs: {
2186
+ parameters: {
2187
+ path: {
2188
+ /**
2189
+ * @description Name or ID of the desired Org
2190
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2191
+ */
2192
+ org_id: string;
2193
+ /**
2194
+ * @description ID of the MFA approval request
2195
+ * @example MfaRequest#6de79de4-662c-4203-9235-b6ace5cb432b
2196
+ */
2197
+ mfa_id: string;
2198
+ };
2199
+ };
2200
+ responses: {
2201
+ 200: components["responses"]["MfaRequestInfo"];
2202
+ default: {
2203
+ content: {
2204
+ "application/json": components["schemas"]["ErrorResponse"];
2205
+ };
2206
+ };
2207
+ };
2208
+ };
2209
+ /**
2210
+ * Approve a TOTP MFA Request
2211
+ * @description Approve a TOTP MFA Request
2212
+ *
2213
+ * Adds an approver to a pending TOTP MFA request.
2214
+ *
2215
+ * If the required number of approvers is reached, the MFA request is approved;
2216
+ * the confirmation receipt can be used to resume the original HTTP request.
2217
+ */
2218
+ mfaApproveTotp: {
2219
+ parameters: {
2220
+ path: {
2221
+ /**
2222
+ * @description Name or ID of the desired Org
2223
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2224
+ */
2225
+ org_id: string;
2226
+ /**
2227
+ * @description ID of the MFA approval request
2228
+ * @example MfaRequest#6de79de4-662c-4203-9235-b6ace5cb432b
2229
+ */
2230
+ mfa_id: string;
2231
+ };
2232
+ };
2233
+ requestBody: {
2234
+ content: {
2235
+ "application/json": components["schemas"]["TotpApproveRequest"];
2236
+ };
2237
+ };
2238
+ responses: {
2239
+ 200: components["responses"]["MfaRequestInfo"];
2240
+ default: {
2241
+ content: {
2242
+ "application/json": components["schemas"]["ErrorResponse"];
2243
+ };
2244
+ };
2245
+ };
2246
+ };
2247
+ /**
2248
+ * Login with OIDC
2249
+ * @description Login with OIDC
2250
+ *
2251
+ * Exchange an OIDC ID token (passed via the `Authorization` header) for a signer session
2252
+ */
2253
+ oidcAuth: {
2254
+ parameters: {
2255
+ path: {
2256
+ /**
2257
+ * @description Name or ID of the desired Org
2258
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2259
+ */
2260
+ org_id: string;
2261
+ };
2262
+ };
2263
+ requestBody: {
2264
+ content: {
2265
+ "application/json": components["schemas"]["OidcLoginRequest"];
2266
+ };
2267
+ };
2268
+ responses: {
2269
+ 200: components["responses"]["OidcLoginResponse"];
2270
+ 202: {
2271
+ content: {
2272
+ "application/json": components["schemas"]["AcceptedResponse"];
2273
+ };
2274
+ };
2275
+ default: {
2276
+ content: {
2277
+ "application/json": components["schemas"]["ErrorResponse"];
2278
+ };
2279
+ };
2280
+ };
2281
+ };
2282
+ /**
2283
+ * List Roles
2284
+ * @description List Roles
2285
+ *
2286
+ * Retrieves all roles in an organization that the current user is allowed to access.
2287
+ */
2288
+ listRoles: {
2289
+ parameters: {
2290
+ path: {
2291
+ /**
2292
+ * @description Name or ID of the desired Org
2293
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2294
+ */
2295
+ org_id: string;
2296
+ };
2297
+ };
2298
+ responses: {
2299
+ 200: components["responses"]["ListRolesResponse"];
2300
+ default: {
2301
+ content: {
2302
+ "application/json": components["schemas"]["ErrorResponse"];
2303
+ };
2304
+ };
2305
+ };
2306
+ };
2307
+ /**
2308
+ * Create Role
2309
+ * @description Create Role
2310
+ *
2311
+ * Creates a new role in an organization. Unless the logged-in user
2312
+ * is the owner, they are automatically added to the newly created role.
2313
+ */
2314
+ createRole: {
2315
+ parameters: {
2316
+ path: {
2317
+ /**
2318
+ * @description Name or ID of the desired Org
2319
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2320
+ */
2321
+ org_id: string;
2322
+ };
2323
+ };
2324
+ /** @description Optional request body to set the role name */
2325
+ requestBody?: {
2326
+ content: {
2327
+ "application/json": components["schemas"]["CreateRoleRequest"];
2328
+ };
2329
+ };
2330
+ responses: {
2331
+ 200: components["responses"]["CreateRoleResponse"];
2332
+ default: {
2333
+ content: {
2334
+ "application/json": components["schemas"]["ErrorResponse"];
2335
+ };
2336
+ };
2337
+ };
2338
+ };
2339
+ /**
2340
+ * Get Role
2341
+ * @description Get Role
2342
+ *
2343
+ * Retrieves information about a role in an organization
2344
+ */
2345
+ getRole: {
2346
+ parameters: {
2347
+ path: {
2348
+ /**
2349
+ * @description Name or ID of the desired Org
2350
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2351
+ */
2352
+ org_id: string;
2353
+ /**
2354
+ * @description Name or ID of the desired Role
2355
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2356
+ */
2357
+ role_id: string;
2358
+ };
2359
+ };
2360
+ responses: {
2361
+ 200: components["responses"]["RoleInfo"];
2362
+ default: {
2363
+ content: {
2364
+ "application/json": components["schemas"]["ErrorResponse"];
2365
+ };
2366
+ };
2367
+ };
2368
+ };
2369
+ /**
2370
+ * Delete Role
2371
+ * @description Delete Role
2372
+ *
2373
+ * Deletes a role in an organization.
2374
+ * Only organization owners can perform this action.
2375
+ */
2376
+ deleteRole: {
2377
+ parameters: {
2378
+ path: {
2379
+ /**
2380
+ * @description Name or ID of the desired Org
2381
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2382
+ */
2383
+ org_id: string;
2384
+ /**
2385
+ * @description Name or ID of the desired Role
2386
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2387
+ */
2388
+ role_id: string;
2389
+ };
2390
+ };
2391
+ responses: {
2392
+ 200: components["responses"]["EmptyImpl"];
2393
+ default: {
2394
+ content: {
2395
+ "application/json": components["schemas"]["ErrorResponse"];
2396
+ };
2397
+ };
2398
+ };
2399
+ };
2400
+ /**
2401
+ * Update Role
2402
+ * @description Update Role
2403
+ *
2404
+ * Enables or disables a role.
2405
+ * The user must be in the role or an owner of the organization.
2406
+ */
2407
+ updateRole: {
2408
+ parameters: {
2409
+ path: {
2410
+ /**
2411
+ * @description Name or ID of the desired Org
2412
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2413
+ */
2414
+ org_id: string;
2415
+ /**
2416
+ * @description Name or ID of the desired Role
2417
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2418
+ */
2419
+ role_id: string;
2420
+ };
2421
+ };
2422
+ requestBody: {
2423
+ content: {
2424
+ "application/json": components["schemas"]["UpdateRoleRequest"];
2425
+ };
2426
+ };
2427
+ responses: {
2428
+ 200: components["responses"]["EmptyImpl"];
2429
+ default: {
2430
+ content: {
2431
+ "application/json": components["schemas"]["ErrorResponse"];
2432
+ };
2433
+ };
2434
+ };
2435
+ };
2436
+ /**
2437
+ * Add Keys
2438
+ * @description Add Keys
2439
+ *
2440
+ * Adds a list of existing keys to an existing role.
2441
+ */
2442
+ addKeysToRole: {
2443
+ parameters: {
2444
+ path: {
2445
+ /**
2446
+ * @description Name or ID of the desired Org
2447
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2448
+ */
2449
+ org_id: string;
2450
+ /**
2451
+ * @description Name or ID of the desired Role
2452
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2453
+ */
2454
+ role_id: string;
2455
+ };
2456
+ };
2457
+ requestBody: {
2458
+ content: {
2459
+ "application/json": components["schemas"]["AddKeysToRoleRequest"];
2460
+ };
2461
+ };
2462
+ responses: {
2463
+ };
2464
+ };
2465
+ /**
2466
+ * Add User
2467
+ * @description Add User
2468
+ *
2469
+ * Adds an existing user to an existing role.
2470
+ * Only users in the role or owners can add users to a role.
2471
+ */
2472
+ addUserToRole: {
2473
+ parameters: {
2474
+ path: {
2475
+ /**
2476
+ * @description Name or ID of the desired Org
2477
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2478
+ */
2479
+ org_id: string;
2480
+ /**
2481
+ * @description Name or ID of the desired Role
2482
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2483
+ */
2484
+ role_id: string;
2485
+ /**
2486
+ * @description ID of the user to add to role
2487
+ * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
2488
+ */
2489
+ user_id: string;
2490
+ };
2491
+ };
2492
+ responses: {
2493
+ };
2494
+ };
2495
+ /**
2496
+ * Remove Key
2497
+ * @description Remove Key
2498
+ *
2499
+ * Removes a given key from a role
2500
+ */
2501
+ removeKeyFromRole: {
2502
+ parameters: {
2503
+ path: {
2504
+ /**
2505
+ * @description Name or ID of the desired Org
2506
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2507
+ */
2508
+ org_id: string;
2509
+ /**
2510
+ * @description Name or ID of the desired Role
2511
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2512
+ */
2513
+ role_id: string;
2514
+ /**
2515
+ * @description ID of the desired Key
2516
+ * @example Key#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2517
+ */
2518
+ key_id: string;
2519
+ };
2520
+ };
2521
+ responses: {
2522
+ };
2523
+ };
2524
+ /**
2525
+ * List Tokens
2526
+ * @description List Tokens
2527
+ *
2528
+ * Returns all access tokens for a given role.
2529
+ * Only users in the role or owners can create a token for it.
2530
+ */
2531
+ listRoleTokens: {
2532
+ parameters: {
2533
+ path: {
2534
+ /**
2535
+ * @description Name or ID of the desired Org
2536
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2537
+ */
2538
+ org_id: string;
2539
+ /**
2540
+ * @description Name or ID of the desired Role
2541
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2542
+ */
2543
+ role_id: string;
2544
+ };
2545
+ };
2546
+ responses: {
2547
+ 200: components["responses"]["ListTokensResponse"];
2548
+ default: {
2549
+ content: {
2550
+ "application/json": components["schemas"]["ErrorResponse"];
2551
+ };
2552
+ };
2553
+ };
2554
+ };
2555
+ /**
2556
+ * Create Token
2557
+ * @description Create Token
2558
+ *
2559
+ * Creates a new access token for a given role (to be used as "API Key" for all signing actions).
2560
+ * Only users in the role or owners can create a token for it.
2561
+ */
2562
+ createRoleToken: {
2563
+ parameters: {
2564
+ path: {
2565
+ /**
2566
+ * @description Name or ID of the desired Org
2567
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2568
+ */
2569
+ org_id: string;
2570
+ /**
2571
+ * @description Name or ID of the desired Role
2572
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2573
+ */
2574
+ role_id: string;
2575
+ };
2576
+ };
2577
+ requestBody: {
2578
+ content: {
2579
+ "application/json": components["schemas"]["CreateTokenRequest"];
2580
+ };
2581
+ };
2582
+ responses: {
2583
+ 200: components["responses"]["CreateTokenResponse"];
2584
+ default: {
2585
+ content: {
2586
+ "application/json": components["schemas"]["ErrorResponse"];
2587
+ };
2588
+ };
2589
+ };
2590
+ };
2591
+ /**
2592
+ * Revoke All Tokens
2593
+ * @description Revoke All Tokens
2594
+ *
2595
+ * Revokes all access tokens associated with a role.
2596
+ * Only users in the role or owners can perform this action.
2597
+ */
2598
+ revokeAllRoleTokens: {
2599
+ parameters: {
2600
+ path: {
2601
+ /**
2602
+ * @description Name or ID of the desired Org
2603
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2604
+ */
2605
+ org_id: string;
2606
+ /**
2607
+ * @description Name or ID of the desired Role
2608
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2609
+ */
2610
+ role_id: string;
2611
+ };
2612
+ };
2613
+ responses: {
2614
+ 200: components["responses"]["RevokeTokensResponse"];
2615
+ default: {
2616
+ content: {
2617
+ "application/json": components["schemas"]["ErrorResponse"];
2618
+ };
2619
+ };
2620
+ };
2621
+ };
2622
+ /**
2623
+ * Revoke Token
2624
+ * @description Revoke Token
2625
+ *
2626
+ * Revokes an access token associated with a role.
2627
+ * Only users in the role or owners can perform this action.
2628
+ */
2629
+ revokeRoleToken: {
2630
+ parameters: {
2631
+ path: {
2632
+ /**
2633
+ * @description Name or ID of the desired Org
2634
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2635
+ */
2636
+ org_id: string;
2637
+ /**
2638
+ * @description Name or ID of the desired Role
2639
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2640
+ */
2641
+ role_id: string;
2642
+ /**
2643
+ * @description The ID of the session to revoke
2644
+ * @example 77aad2100c361f497635dd005c4d15781e2e5df4b9f45d8e74f37425cbc30b9e
2645
+ */
2646
+ session_id: string;
2647
+ };
2648
+ };
2649
+ responses: {
2650
+ 200: components["responses"]["RevokeTokenResponse"];
2651
+ default: {
2652
+ content: {
2653
+ "application/json": components["schemas"]["ErrorResponse"];
2654
+ };
2655
+ };
2656
+ };
2657
+ };
2658
+ /**
2659
+ * Get Token-Accessible Keys
2660
+ * @description Get Token-Accessible Keys
2661
+ *
2662
+ * Retrieves the keys that the role token can access.
2663
+ */
2664
+ listTokenKeys: {
2665
+ parameters: {
2666
+ path: {
2667
+ /**
2668
+ * @description Name or ID of the desired Org
2669
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2670
+ */
2671
+ org_id: string;
2672
+ };
2673
+ };
2674
+ responses: {
2675
+ 200: components["responses"]["KeyInfos"];
2676
+ default: {
2677
+ content: {
2678
+ "application/json": components["schemas"]["ErrorResponse"];
2679
+ };
2680
+ };
2681
+ };
2682
+ };
2683
+ /**
2684
+ * List users in organization
2685
+ * @description List users in organization
2686
+ */
2687
+ listUsersInOrg: {
2688
+ parameters: {
2689
+ path: {
2690
+ /**
2691
+ * @description Name or ID of the desired Org
2692
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2693
+ */
2694
+ org_id: string;
2695
+ };
2696
+ };
2697
+ responses: {
2698
+ 200: components["responses"]["GetUsersInOrgResponse"];
2699
+ default: {
2700
+ content: {
2701
+ "application/json": components["schemas"]["ErrorResponse"];
2702
+ };
2703
+ };
2704
+ };
2705
+ };
2706
+ /**
2707
+ * Adds a third-party user to the org
2708
+ * @description Adds a third-party user to the org
2709
+ */
2710
+ createOidcUser: {
2711
+ parameters: {
2712
+ path: {
2713
+ /**
2714
+ * @description Name or ID of the desired Org
2715
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2716
+ */
2717
+ org_id: string;
2718
+ };
2719
+ };
2720
+ requestBody: {
2721
+ content: {
2722
+ "application/json": components["schemas"]["AddThirdPartyUserRequest"];
2723
+ };
2724
+ };
2725
+ responses: {
2726
+ 200: components["responses"]["AddThirdPartyUserResponse"];
2727
+ default: {
2728
+ content: {
2729
+ "application/json": components["schemas"]["ErrorResponse"];
2730
+ };
2731
+ };
2732
+ };
2733
+ };
2734
+ /**
2735
+ * Reset TOTP
2736
+ * @description Reset TOTP
2737
+ *
2738
+ * Creates and sets a new TOTP configuration for the current user,
2739
+ * overriding the existing one (if any).
2740
+ */
2741
+ userResetTotp: {
2742
+ responses: {
2743
+ 200: components["responses"]["TotpInfo"];
2744
+ default: {
2745
+ content: {
2746
+ "application/json": components["schemas"]["ErrorResponse"];
2747
+ };
2748
+ };
2749
+ };
2750
+ };
2751
+ /**
2752
+ * Verify TOTP
2753
+ * @description Verify TOTP
2754
+ *
2755
+ * Checks if a given code matches the current TOTP code for the current user.
2756
+ * Errors with 403 if the current user has not set up TOTP or the code fails verification.
2757
+ */
2758
+ userVerifyTotp: {
2759
+ parameters: {
2760
+ path: {
2761
+ code: string;
2762
+ };
2763
+ };
2764
+ responses: {
2765
+ 200: components["responses"]["EmptyImpl"];
2766
+ default: {
2767
+ content: {
2768
+ "application/json": components["schemas"]["ErrorResponse"];
2769
+ };
2770
+ };
2771
+ };
2772
+ };
2773
+ /**
2774
+ * Sign Raw Blob
2775
+ * @description Sign Raw Blob
2776
+ *
2777
+ * Signs an arbitrary blob with a given key.
2778
+ * This is a pre-release feature.
2779
+ */
2780
+ blobSign: {
2781
+ parameters: {
2782
+ path: {
2783
+ /**
2784
+ * @description Name or ID of the desired Org
2785
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2786
+ */
2787
+ org_id: string;
2788
+ /**
2789
+ * @description The ID of the key
2790
+ * @example Key#0x49011adbCC3bC9c0307BB07F37Dda1a1a9c69d2E
2791
+ */
2792
+ key_id: string;
2793
+ };
2794
+ };
2795
+ requestBody: {
2796
+ content: {
2797
+ "application/json": components["schemas"]["BlobSignRequest"];
2798
+ };
2799
+ };
2800
+ responses: {
2801
+ 200: components["responses"]["BlobSignResponse"];
2802
+ 202: {
2803
+ content: {
2804
+ "application/json": components["schemas"]["AcceptedResponse"];
2805
+ };
2806
+ };
2807
+ default: {
2808
+ content: {
2809
+ "application/json": components["schemas"]["ErrorResponse"];
2810
+ };
2811
+ };
2812
+ };
2813
+ };
2814
+ /**
2815
+ * Record heartbeat
2816
+ * @description Record heartbeat
2817
+ *
2818
+ * This endpoint is called by the cube3signer proxy to record various metrics to CloudWatch.
2819
+ */
2820
+ cube3signerHeartbeat: {
2821
+ parameters: {
2822
+ path: {
2823
+ /**
2824
+ * @description Name or ID of the organization owning the key
2825
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2826
+ */
2827
+ org_id: string;
2828
+ };
2829
+ };
2830
+ requestBody: {
2831
+ content: {
2832
+ "application/json": components["schemas"]["HeartbeatRequest"];
2833
+ };
2834
+ };
2835
+ responses: {
2836
+ 200: components["responses"]["EmptyImpl"];
2837
+ default: {
2838
+ content: {
2839
+ "application/json": components["schemas"]["ErrorResponse"];
2840
+ };
2841
+ };
2842
+ };
2843
+ };
2844
+ /**
2845
+ * Sign EVM Transaction
2846
+ * @description Sign EVM Transaction
2847
+ *
2848
+ * Signs an Ethereum (and other EVM) transaction with a given Secp256k1 key.
2849
+ *
2850
+ * The key must be associated with the role and organization on whose behalf this action is called.
2851
+ */
2852
+ eth1Sign: {
2853
+ parameters: {
2854
+ path: {
2855
+ /**
2856
+ * @description Name or ID of the desired Org
2857
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2858
+ */
2859
+ org_id: string;
2860
+ /**
2861
+ * @description Hex-encoded ethereum address of the secp key
2862
+ * @example 0x49011adbCC3bC9c0307BB07F37Dda1a1a9c69d2E
2863
+ */
2864
+ pubkey: string;
2865
+ };
2866
+ };
2867
+ requestBody: {
2868
+ content: {
2869
+ "application/json": components["schemas"]["Eth1SignRequest"];
2870
+ };
2871
+ };
2872
+ responses: {
2873
+ 200: components["responses"]["Eth1SignResponse"];
2874
+ default: {
2875
+ content: {
2876
+ "application/json": components["schemas"]["ErrorResponse"];
2877
+ };
2878
+ };
2879
+ };
2880
+ };
2881
+ /**
2882
+ * Sign Validator Request
2883
+ * @description Sign Validator Request
2884
+ *
2885
+ * Signs an eth2 validator request with a given BLS key.
2886
+ *
2887
+ * The key must be associated with the role and organization on whose behalf this action is called.
2888
+ */
2889
+ eth2Sign: {
2890
+ parameters: {
2891
+ path: {
2892
+ /**
2893
+ * @description Name or ID of the desired Org
2894
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2895
+ */
2896
+ org_id: string;
2897
+ /**
2898
+ * @description Hex-encoded validator (BLS) public key with 0x prefix
2899
+ * @example 0x9700fbb8c906942442c2a5b3ad7498f27aedda253786a6fbaa8fef47fb7af234e50cf2cce815a553087992ae565d48da
2900
+ */
2901
+ pubkey: string;
2902
+ };
2903
+ };
2904
+ requestBody: {
2905
+ content: {
2906
+ "application/json": components["schemas"]["Eth2SignRequest"];
2907
+ };
2908
+ };
2909
+ responses: {
2910
+ 200: components["responses"]["Eth2SignResponse"];
2911
+ default: {
2912
+ content: {
2913
+ "application/json": components["schemas"]["ErrorResponse"];
2914
+ };
2915
+ };
2916
+ };
2917
+ };
2918
+ /**
2919
+ * Sign Stake Deposit
2920
+ * @description Sign Stake Deposit
2921
+ *
2922
+ * Signs a deposit transaction with a `validator_key`. If `validator_key` is set to a pregenerated key, we use the
2923
+ * provided validator key. Otherwise, we generate a new BLS key.
2924
+ *
2925
+ * When using a pregenerated key, the key must be associated with the role and organization on whose
2926
+ * behalf this action is called.
2927
+ */
2928
+ stake: {
2929
+ parameters: {
2930
+ path: {
2931
+ /**
2932
+ * @description Name or ID of the desired Org
2933
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2934
+ */
2935
+ org_id: string;
2936
+ };
2937
+ };
2938
+ requestBody: {
2939
+ content: {
2940
+ "application/json": components["schemas"]["StakeRequest"];
2941
+ };
2942
+ };
2943
+ responses: {
2944
+ 200: components["responses"]["StakeResponse"];
2945
+ default: {
2946
+ content: {
2947
+ "application/json": components["schemas"]["ErrorResponse"];
2948
+ };
2949
+ };
2950
+ };
2951
+ };
2952
+ /**
2953
+ * Sign Unstake Request
2954
+ * @description Sign Unstake Request
2955
+ *
2956
+ * Handle unstaking request, producing a signed voluntary exit message
2957
+ * that can be posted directly to the Beacon chain.
2958
+ *
2959
+ * The key must be associated with the role and organization on whose behalf this action is called.
2960
+ */
2961
+ unstake: {
2962
+ parameters: {
2963
+ path: {
2964
+ /**
2965
+ * @description Name or ID of the desired Org
2966
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2967
+ */
2968
+ org_id: string;
2969
+ /**
2970
+ * @description Hex-encoded validator (BLS) public key
2971
+ * @example 0xa99a76ed7796f7be22d5b7e85deeb7c5677e88e511e0b337618f8c4eb61349b4bf2d153f649f7b53359fe8b94a38e44c
2972
+ */
2973
+ pubkey: string;
2974
+ };
2975
+ };
2976
+ requestBody: {
2977
+ content: {
2978
+ "application/json": components["schemas"]["UnstakeRequest"];
2979
+ };
2980
+ };
2981
+ responses: {
2982
+ 200: components["responses"]["UnstakeResponse"];
2983
+ default: {
2984
+ content: {
2985
+ "application/json": components["schemas"]["ErrorResponse"];
2986
+ };
2987
+ };
2988
+ };
2989
+ };
2990
+ /**
2991
+ * Sign Solana Message
2992
+ * @description Sign Solana Message
2993
+ *
2994
+ * Signs a Solana message with a given key.
2995
+ * This is a pre-release feature.
2996
+ */
2997
+ solanaSign: {
2998
+ parameters: {
2999
+ path: {
3000
+ /**
3001
+ * @description Name or ID of the desired Org
3002
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
3003
+ */
3004
+ org_id: string;
3005
+ /**
3006
+ * @description The base58-encoded public key
3007
+ * @example 86ZRPszBp5EoPj7wR3bHn7wnAZ5iYfpasRc7DKFPTUaZ
3008
+ */
3009
+ pubkey: string;
3010
+ };
3011
+ };
3012
+ requestBody: {
3013
+ content: {
3014
+ "application/json": components["schemas"]["SolanaSignRequest"];
3015
+ };
3016
+ };
3017
+ responses: {
3018
+ 200: components["responses"]["SolanaSignResponse"];
3019
+ default: {
3020
+ content: {
3021
+ "application/json": components["schemas"]["ErrorResponse"];
3022
+ };
3023
+ };
3024
+ };
3025
+ };
3026
+ /**
3027
+ * Refresh Signer Session
3028
+ * @description Refresh Signer Session
3029
+ */
3030
+ signerSessionRefresh: {
3031
+ parameters: {
3032
+ path: {
3033
+ /**
3034
+ * @description ID of the organization owning the key
3035
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
3036
+ */
3037
+ org_id: string;
3038
+ };
3039
+ };
3040
+ requestBody: {
3041
+ content: {
3042
+ "application/json": components["schemas"]["AuthData"];
3043
+ };
3044
+ };
3045
+ responses: {
3046
+ 200: components["responses"]["RefreshResponse"];
3047
+ default: {
3048
+ content: {
3049
+ "application/json": components["schemas"]["ErrorResponse"];
3050
+ };
3051
+ };
3052
+ };
3053
+ };
3054
+ }