@cubist-labs/cubesigner-sdk 0.1.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. package/LICENSE-APACHE +177 -0
  2. package/LICENSE-MIT +25 -0
  3. package/NOTICE +13 -0
  4. package/README.md +470 -0
  5. package/dist/examples/ethers.d.ts +1 -0
  6. package/dist/examples/ethers.js +142 -0
  7. package/dist/spec/env/beta.json +9 -0
  8. package/dist/spec/env/gamma.json +9 -0
  9. package/dist/spec/env/prod.json +9 -0
  10. package/dist/src/client.d.ts +10 -0
  11. package/dist/src/client.js +21 -0
  12. package/dist/src/env.d.ts +15 -0
  13. package/dist/src/env.js +35 -0
  14. package/dist/src/ethers/index.d.ts +50 -0
  15. package/dist/src/ethers/index.js +122 -0
  16. package/dist/src/index.d.ts +114 -0
  17. package/dist/src/index.js +205 -0
  18. package/dist/src/key.d.ts +114 -0
  19. package/dist/src/key.js +201 -0
  20. package/dist/src/mfa.d.ts +23 -0
  21. package/dist/src/mfa.js +63 -0
  22. package/dist/src/org.d.ts +161 -0
  23. package/dist/src/org.js +264 -0
  24. package/dist/src/role.d.ts +224 -0
  25. package/dist/src/role.js +256 -0
  26. package/dist/src/schema.d.ts +3049 -0
  27. package/dist/src/schema.js +7 -0
  28. package/dist/src/session/generic.d.ts +47 -0
  29. package/dist/src/session/generic.js +3 -0
  30. package/dist/src/session/management_session_manager.d.ts +59 -0
  31. package/dist/src/session/management_session_manager.js +111 -0
  32. package/dist/src/session/oidc_session_manager.d.ts +78 -0
  33. package/dist/src/session/oidc_session_manager.js +142 -0
  34. package/dist/src/session/session_manager.d.ts +74 -0
  35. package/dist/src/session/session_manager.js +79 -0
  36. package/dist/src/session/session_storage.d.ts +47 -0
  37. package/dist/src/session/session_storage.js +76 -0
  38. package/dist/src/session/signer_session_manager.d.ts +88 -0
  39. package/dist/src/session/signer_session_manager.js +159 -0
  40. package/dist/src/sign.d.ts +114 -0
  41. package/dist/src/sign.js +248 -0
  42. package/dist/src/signer_session.d.ts +180 -0
  43. package/dist/src/signer_session.js +369 -0
  44. package/dist/src/util.d.ts +35 -0
  45. package/dist/src/util.js +75 -0
  46. package/dist/test/sessions.d.ts +35 -0
  47. package/dist/test/sessions.js +56 -0
  48. package/package.json +61 -0
  49. package/src/client.ts +12 -0
  50. package/src/env.ts +25 -0
  51. package/src/ethers/index.ts +131 -0
  52. package/src/index.ts +220 -0
  53. package/src/key.ts +249 -0
  54. package/src/org.ts +333 -0
  55. package/src/role.ts +385 -0
  56. package/src/schema.ts +3054 -0
  57. package/src/session/management_session_manager.ts +136 -0
  58. package/src/session/oidc_session_manager.ts +193 -0
  59. package/src/session/session_manager.ts +114 -0
  60. package/src/session/session_storage.ts +73 -0
  61. package/src/session/signer_session_manager.ts +211 -0
  62. package/src/signer_session.ts +464 -0
  63. package/src/util.ts +58 -0
  64. package/tsconfig.json +32 -0
package/dist/src/schema.d.ts ADDED
@@ -0,0 +1,3049 @@
1
+ /**
2
+ * This file was auto-generated by openapi-typescript.
3
+ * Do not make direct changes to the file.
4
+ */
5
+ /** OneOf type helpers */
6
+ type Without<T, U> = {
7
+ [P in Exclude<keyof T, keyof U>]?: never;
8
+ };
9
+ type XOR<T, U> = (T | U) extends object ? (Without<T, U> & U) | (Without<U, T> & T) : T | U;
10
+ type OneOf<T extends any[]> = T extends [infer Only] ? Only : T extends [infer A, infer B, ...infer Rest] ? OneOf<[XOR<A, B>, ...Rest]> : never;
11
+ export interface paths {
12
+ "/v0/about_me": {
13
+ /**
14
+ * User Info
15
+ * @description User Info
16
+ *
17
+ * Retrieves information about the current user.
18
+ */
19
+ get: operations["aboutMe"];
20
+ };
21
+ "/v0/org/{org_id}": {
22
+ /**
23
+ * Get Org
24
+ * @description Get Org
25
+ *
26
+ * Retrieves information about an organization.
27
+ */
28
+ get: operations["getOrg"];
29
+ /**
30
+ * Update Org
31
+ * @description Update Org
32
+ *
33
+ * Update organization attributes (enabled flag, name, and policies).
34
+ */
35
+ patch: operations["updateOrg"];
36
+ };
37
+ "/v0/org/{org_id}/btc/sign/{pubkey}": {
38
+ /**
39
+ * Sign Bitcoin Transaction
40
+ * @description Sign Bitcoin Transaction
41
+ *
42
+ * Signs a Bitcoin transaction with a given key.
43
+ * This is a pre-release feature.
44
+ */
45
+ post: operations["btcSign"];
46
+ };
47
+ "/v0/org/{org_id}/import_key": {
48
+ /**
49
+ * Create Key-Import Key
50
+ * @description Create Key-Import Key
51
+ *
52
+ * Generate an ephemeral key that a client can use for key-import encryption.
53
+ */
54
+ get: operations["createKeyImportKey"];
55
+ /**
56
+ * Import Key
57
+ * @description Import Key
58
+ *
59
+ * Securely imports an existing key using a previously generated key-import key.
60
+ */
61
+ put: operations["importKey"];
62
+ };
63
+ "/v0/org/{org_id}/invite": {
64
+ /**
65
+ * Invite User
66
+ * @description Invite User
67
+ *
68
+ * Creates a new user in an existing org and sends that user an invite email.
69
+ */
70
+ post: operations["invite"];
71
+ };
72
+ "/v0/org/{org_id}/keys": {
73
+ /**
74
+ * List Keys
75
+ * @description List Keys
76
+ *
77
+ * Gets the list of owned keys in a given org.
78
+ */
79
+ get: operations["listKeysInOrg"];
80
+ /**
81
+ * Import Key (Deprecated)
82
+ * @description Import Key (Deprecated)
83
+ *
84
+ * Securely imports an existing key. This API is deprecated; please use the new version.
85
+ */
86
+ put: operations["importKeyLegacy"];
87
+ /**
88
+ * Create Key
89
+ * @description Create Key
90
+ *
91
+ * Creates one or more new keys of the specified type (BLS or Secp).
92
+ */
93
+ post: operations["createKey"];
94
+ };
95
+ "/v0/org/{org_id}/keys/get_keys": {
96
+ /**
97
+ * Legacy List Keys
98
+ * @deprecated
99
+ * @description Legacy List Keys
100
+ *
101
+ * This route is deprecated. Use `GET /v0/org/<org_id>/keys?<key_type>`
102
+ */
103
+ post: operations["listKeysLegacy"];
104
+ };
105
+ "/v0/org/{org_id}/keys/{key_id}": {
106
+ /**
107
+ * Get Key
108
+ * @description Get Key
109
+ *
110
+ * Returns the properties of a key.
111
+ */
112
+ get: operations["getKeyInOrg"];
113
+ /**
114
+ * Update Key
115
+ * @description Update Key
116
+ *
117
+ * Enable or disable a key. The user must be the owner of the key or organization to perform this action.
118
+ */
119
+ patch: operations["updateKey"];
120
+ };
121
+ "/v0/org/{org_id}/mfa/{mfa_id}": {
122
+ /**
123
+ * Gets a Pending MFA Request
124
+ * @description Gets a Pending MFA Request
125
+ *
126
+ * Retrieves and returns a pending MFA request by its id.
127
+ */
128
+ get: operations["mfaGet"];
129
+ /**
130
+ * Approve a Pending MFA Request
131
+ * @description Approve a Pending MFA Request
132
+ *
133
+ * Adds the current user as an approver of a pending MFA request of the [Status::RequiredApprovers] kind.
134
+ * If the required number of approvers is reached, the MFA request is approved;
135
+ * the confirmation receipt can be used to resume the original HTTP request.
136
+ */
137
+ patch: operations["mfaApproveCs"];
138
+ };
139
+ "/v0/org/{org_id}/mfa/{mfa_id}/totp": {
140
+ /**
141
+ * Approve a TOTP MFA Request
142
+ * @description Approve a TOTP MFA Request
143
+ *
144
+ * Adds an approver to a pending TOTP MFA request.
145
+ *
146
+ * If the required number of approvers is reached, the MFA request is approved;
147
+ * the confirmation receipt can be used to resume the original HTTP request.
148
+ */
149
+ patch: operations["mfaApproveTotp"];
150
+ };
151
+ "/v0/org/{org_id}/oidc": {
152
+ /**
153
+ * Login with OIDC
154
+ * @description Login with OIDC
155
+ *
156
+ * Exchange an OIDC ID token (passed via the `Authorization` header) for a signer session
157
+ */
158
+ post: operations["oidcAuth"];
159
+ };
160
+ "/v0/org/{org_id}/roles": {
161
+ /**
162
+ * List Roles
163
+ * @description List Roles
164
+ *
165
+ * Retrieves all roles in an organization that the current user is allowed to access.
166
+ */
167
+ get: operations["listRoles"];
168
+ /**
169
+ * Create Role
170
+ * @description Create Role
171
+ *
172
+ * Creates a new role in an organization. Unless the logged-in user
173
+ * is the owner, they are automatically added to the newly created role.
174
+ */
175
+ post: operations["createRole"];
176
+ };
177
+ "/v0/org/{org_id}/roles/{role_id}": {
178
+ /**
179
+ * Get Role
180
+ * @description Get Role
181
+ *
182
+ * Retrieves information about a role in an organization
183
+ */
184
+ get: operations["getRole"];
185
+ /**
186
+ * Delete Role
187
+ * @description Delete Role
188
+ *
189
+ * Deletes a role in an organization.
190
+ * Only organization owners can perform this action.
191
+ */
192
+ delete: operations["deleteRole"];
193
+ /**
194
+ * Update Role
195
+ * @description Update Role
196
+ *
197
+ * Enables or disables a role.
198
+ * The user must be in the role or an owner of the organization.
199
+ */
200
+ patch: operations["updateRole"];
201
+ };
202
+ "/v0/org/{org_id}/roles/{role_id}/add_keys": {
203
+ /**
204
+ * Add Keys
205
+ * @description Add Keys
206
+ *
207
+ * Adds a list of existing keys to an existing role.
208
+ */
209
+ put: operations["addKeysToRole"];
210
+ };
211
+ "/v0/org/{org_id}/roles/{role_id}/add_user/{user_id}": {
212
+ /**
213
+ * Add User
214
+ * @description Add User
215
+ *
216
+ * Adds an existing user to an existing role.
217
+ * Only users in the role or owners can add users to a role.
218
+ */
219
+ put: operations["addUserToRole"];
220
+ };
221
+ "/v0/org/{org_id}/roles/{role_id}/keys/{key_id}": {
222
+ /**
223
+ * Remove Key
224
+ * @description Remove Key
225
+ *
226
+ * Removes a given key from a role
227
+ */
228
+ delete: operations["removeKeyFromRole"];
229
+ };
230
+ "/v0/org/{org_id}/roles/{role_id}/tokens": {
231
+ /**
232
+ * List Tokens
233
+ * @description List Tokens
234
+ *
235
+ * Returns all access tokens for a given role.
236
+ * Only users in the role or owners can create a token for it.
237
+ */
238
+ get: operations["listRoleTokens"];
239
+ /**
240
+ * Create Token
241
+ * @description Create Token
242
+ *
243
+ * Creates a new access token for a given role (to be used as "API Key" for all signing actions).
244
+ * Only users in the role or owners can create a token for it.
245
+ */
246
+ post: operations["createRoleToken"];
247
+ /**
248
+ * Revoke All Tokens
249
+ * @description Revoke All Tokens
250
+ *
251
+ * Revokes all access tokens associated with a role.
252
+ * Only users in the role or owners can perform this action.
253
+ */
254
+ delete: operations["revokeAllRoleTokens"];
255
+ };
256
+ "/v0/org/{org_id}/roles/{role_id}/tokens/{session_id}": {
257
+ /**
258
+ * Revoke Token
259
+ * @description Revoke Token
260
+ *
261
+ * Revokes an access token associated with a role.
262
+ * Only users in the role or owners can perform this action.
263
+ */
264
+ delete: operations["revokeRoleToken"];
265
+ };
266
+ "/v0/org/{org_id}/token/keys": {
267
+ /**
268
+ * Get Token-Accessible Keys
269
+ * @description Get Token-Accessible Keys
270
+ *
271
+ * Retrieves the keys that the role token can access.
272
+ */
273
+ get: operations["listTokenKeys"];
274
+ };
275
+ "/v0/org/{org_id}/users": {
276
+ /**
277
+ * List users in organization
278
+ * @description List users in organization
279
+ */
280
+ get: operations["listUsersInOrg"];
281
+ /**
282
+ * Adds a third-party user to the org
283
+ * @description Adds a third-party user to the org
284
+ */
285
+ post: operations["createOidcUser"];
286
+ };
287
+ "/v0/totp": {
288
+ /**
289
+ * Reset TOTP
290
+ * @description Reset TOTP
291
+ *
292
+ * Creates and sets a new TOTP configuration for the current user,
293
+ * overriding the existing one (if any).
294
+ */
295
+ patch: operations["userResetTotp"];
296
+ };
297
+ "/v0/totp/verify/{code}": {
298
+ /**
299
+ * Verify TOTP
300
+ * @description Verify TOTP
301
+ *
302
+ * Checks if a given code matches the current TOTP code for the current user.
303
+ * Errors with 403 if the current user has not set up TOTP or the code fails verification.
304
+ */
305
+ get: operations["userVerifyTotp"];
306
+ };
307
+ "/v1/org/{org_id}/blob/sign/{key_id}": {
308
+ /**
309
+ * Sign Raw Blob
310
+ * @description Sign Raw Blob
311
+ *
312
+ * Signs an arbitrary blob with a given key.
313
+ * This is a pre-release feature.
314
+ */
315
+ post: operations["blobSign"];
316
+ };
317
+ "/v1/org/{org_id}/cube3signer/heartbeat": {
318
+ /**
319
+ * Record heartbeat
320
+ * @description Record heartbeat
321
+ *
322
+ * This endpoint is called by the cube3signer proxy to record various metrics to CloudWatch.
323
+ */
324
+ post: operations["cube3signerHeartbeat"];
325
+ };
326
+ "/v1/org/{org_id}/eth1/sign/{pubkey}": {
327
+ /**
328
+ * Sign EVM Transaction
329
+ * @description Sign EVM Transaction
330
+ *
331
+ * Signs an Ethereum (and other EVM) transaction with a given Secp256k1 key.
332
+ *
333
+ * The key must be associated with the role and organization on whose behalf this action is called.
334
+ */
335
+ post: operations["eth1Sign"];
336
+ };
337
+ "/v1/org/{org_id}/eth2/sign/{pubkey}": {
338
+ /**
339
+ * Sign Validator Request
340
+ * @description Sign Validator Request
341
+ *
342
+ * Signs an eth2 validator request with a given BLS key.
343
+ *
344
+ * The key must be associated with the role and organization on whose behalf this action is called.
345
+ */
346
+ post: operations["eth2Sign"];
347
+ };
348
+ "/v1/org/{org_id}/eth2/stake": {
349
+ /**
350
+ * Sign Stake Deposit
351
+ * @description Sign Stake Deposit
352
+ *
353
+ * Signs a deposit transaction with a `validator_key`. If `validator_key` is set to a pregenerated key, we use the
354
+ * provided validator key. Otherwise, we generate a new BLS key.
355
+ *
356
+ * When using a pregenerated key, the key must be associated with the role and organization on whose
357
+ * behalf this action is called.
358
+ */
359
+ post: operations["stake"];
360
+ };
361
+ "/v1/org/{org_id}/eth2/unstake/{pubkey}": {
362
+ /**
363
+ * Sign Unstake Request
364
+ * @description Sign Unstake Request
365
+ *
366
+ * Handle unstaking request, producing a signed voluntary exit message
367
+ * that can be posted directly to the Beacon chain.
368
+ *
369
+ * The key must be associated with the role and organization on whose behalf this action is called.
370
+ */
371
+ post: operations["unstake"];
372
+ };
373
+ "/v1/org/{org_id}/solana/sign/{pubkey}": {
374
+ /**
375
+ * Sign Solana Message
376
+ * @description Sign Solana Message
377
+ *
378
+ * Signs a Solana message with a given key.
379
+ * This is a pre-release feature.
380
+ */
381
+ post: operations["solanaSign"];
382
+ };
383
+ "/v1/org/{org_id}/token/refresh": {
384
+ /**
385
+ * Refresh Signer Session
386
+ * @description Refresh Signer Session
387
+ */
388
+ patch: operations["signerSessionRefresh"];
389
+ };
390
+ }
391
+ export type webhooks = Record<string, never>;
392
+ export interface components {
393
+ schemas: {
394
+ AcceptedResponse: components["schemas"]["ErrorResponse"] & Record<string, never>;
395
+ /**
396
+ * @description Different responses we return for status code "202 Accepted".
397
+ *
398
+ * Even though "202 Accepted" is a successful response, we represent
399
+ * it as a Rust error because that makes it easy to have route handlers
400
+ * return `Result<T, SignerError>` where `T` is the type of the
401
+ * response for the status code "200 Ok".
402
+ */
403
+ AcceptedValue: {
404
+ MfaRequired: {
405
+ id: string;
406
+ };
407
+ };
408
+ AddKeysToRoleRequest: {
409
+ /**
410
+ * @description A list of keys to add to a role
411
+ * @example [
412
+ * "Key#63023a27-1e70-430a-b293-ffbc9d6c4484"
413
+ * ]
414
+ */
415
+ key_ids: string[];
416
+ /**
417
+ * @description Optional policies to apply for each key
418
+ * @example [
419
+ * {
420
+ * "TxReceiver": "0x8c594691c0e592ffa21f153a16ae41db5befcaaa"
421
+ * },
422
+ * {
423
+ * "TxDeposit": {
424
+ * "kind": "Canonical"
425
+ * }
426
+ * },
427
+ * {
428
+ * "RequireMfa": {
429
+ * "kind": {
430
+ * "RequiredApprovers": {
431
+ * "count": 1
432
+ * }
433
+ * },
434
+ * "restricted_operations": [
435
+ * "Eth1Sign",
436
+ * "BlobSign"
437
+ * ]
438
+ * }
439
+ * }
440
+ * ]
441
+ */
442
+ policy: Record<string, never>[] | null;
443
+ };
444
+ AddThirdPartyUserRequest: {
445
+ identity: components["schemas"]["OIDCIdentity"];
446
+ role: components["schemas"]["MemberRole"];
447
+ };
448
+ ApprovalInfo: {
449
+ timestamp: components["schemas"]["EpochDateTime"];
450
+ };
451
+ /** @description Data required for both `authenticate` and `refresh`. */
452
+ AuthData: {
453
+ /** Format: int32 */
454
+ epoch_num: number;
455
+ epoch_token: components["schemas"]["B32"];
456
+ other_token: string;
457
+ };
458
+ /** @description Wrapper around a zeroizing 32-byte fixed-size array */
459
+ B32: string;
460
+ /**
461
+ * @example {
462
+ * "message_base64": "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTYK"
463
+ * }
464
+ */
465
+ BlobSignRequest: {
466
+ /**
467
+ * @description The blob to sign, encoded as a base64 string.
468
+ *
469
+ * Note that certain signing keys impose additional requirements on the contents of
470
+ * the message. For example, Secp256k1 keys require that the message is 32 bytes long.
471
+ */
472
+ message_base64: string;
473
+ };
474
+ /** @enum {string} */
475
+ BtcSighashType: "All" | "None" | "Single" | "AllPlusAnyoneCanPay" | "NonePlusAnyoneCanPay" | "SinglePlusAnyoneCanPay";
476
+ BtcSignRequest: {
477
+ sig_kind: components["schemas"]["BtcSignatureKind"];
478
+ /** @description The bitcoin transaction to sign */
479
+ tx: Record<string, never>;
480
+ };
481
+ BtcSignatureKind: {
482
+ /** @description Segregated Witness */
483
+ Segwit: {
484
+ /**
485
+ * @description Transaction input index
486
+ * @example 0
487
+ */
488
+ input_index: number;
489
+ /**
490
+ * @description Script
491
+ * @example 0x76a91479091972186c449eb1ded22b78e40d009bdf008988ac
492
+ */
493
+ script_code: string;
494
+ sighash_type: components["schemas"]["BtcSighashType"];
495
+ /**
496
+ * Format: int64
497
+ * @description Amount in satoshis
498
+ * @example 1000000
499
+ */
500
+ value: number;
501
+ };
502
+ };
503
+ /**
504
+ * @description Session information sent to the client.
505
+ * This struct works in tandem with its server-side counterpart [`SessionData`].
506
+ */
507
+ ClientSessionInfo: {
508
+ /** @description Token to use for authorization. */
509
+ auth_token: string;
510
+ auth_token_exp: components["schemas"]["EpochDateTime"];
511
+ /**
512
+ * Format: int32
513
+ * @description Epoch at which the token was last refreshed
514
+ */
515
+ epoch: number;
516
+ epoch_token: components["schemas"]["B32"];
517
+ /** @description Token to use for refreshing the `(auth, refresh)` token pair */
518
+ refresh_token: string;
519
+ refresh_token_exp: components["schemas"]["EpochDateTime"];
520
+ /** @description Session ID */
521
+ session_id: string;
522
+ };
523
+ ConfiguredMfa: OneOf<[
524
+ "Totp",
525
+ {
526
+ /** @description Named FIDO device (multiple can be configured per user, but the names must be different) */
527
+ Fido: string;
528
+ }
529
+ ]>;
530
+ CreateKeyRequest: {
531
+ /**
532
+ * Format: int64
533
+ * @description Chain id for which the key is allowed to sign messages
534
+ * @example 5
535
+ */
536
+ chain_id: number | null;
537
+ /**
538
+ * Format: int32
539
+ * @description Number of keys to create
540
+ * @example 1
541
+ */
542
+ count: number;
543
+ key_type: components["schemas"]["KeyType"];
544
+ /**
545
+ * @description Allows users to specify a user other than themselves to receive the key
546
+ * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
547
+ */
548
+ owner: string | null;
549
+ };
550
+ /** @description Optional create role request body */
551
+ CreateRoleRequest: {
552
+ /**
553
+ * @description A human-readable name for the role.
554
+ * @example my_role
555
+ */
556
+ name: string;
557
+ };
558
+ CreateTokenRequest: components["schemas"]["RatchetConfig"] & {
559
+ /**
560
+ * @description A human readable description of the purpose of the key
561
+ * @example Validator Signing
562
+ */
563
+ purpose: string;
564
+ };
565
+ /**
566
+ * @description Information produced by a successful deposit
567
+ * @example {
568
+ * "chain_id": 5,
569
+ * "deposit_txn": {
570
+ * "data": "0x...",
571
+ * "to": "0xff50ed3d0ec03ac01d4c79aad74928bff48a7b2b",
572
+ * "value": "0x1bc16d674ec800000"
573
+ * },
574
+ * "new_validator_pk": "9700fbb8c906942442c2a5b3ad7498f27aedda253786a6fbaa8fef47fb7af234e50cf2cce815a553087992ae565d48da"
575
+ * }
576
+ */
577
+ DepositTxn: {
578
+ /**
579
+ * Format: int64
580
+ * @description Chain ID for which the deposit transaction was created
581
+ */
582
+ chain_id: number;
583
+ /** @description The deposit transaction. Includes only `to`, `value`, and `data` fields. */
584
+ deposit_txn: Record<string, never>;
585
+ /** @description The hex-encoded compressed form of the new validator BLS public key */
586
+ new_validator_pk: string;
587
+ };
588
+ /**
589
+ * @description The type of deposit to perform
590
+ * @enum {string}
591
+ */
592
+ DepositType: "Canonical" | "Wrapper";
593
+ /**
594
+ * @description Epoch is a quoted `uint64`.
595
+ * @example 256
596
+ */
597
+ Epoch: string;
598
+ /**
599
+ * Format: int64
600
+ * @description DateTime measured in seconds since unix epoch.
601
+ * A wrapper type for serialization that encodes a [`SystemTime`] as a [`u64`]
602
+ * representing the number of seconds since [`SystemTime::UNIX_EPOCH`].
603
+ */
604
+ EpochDateTime: number;
605
+ /** @description The structure of ErrorResponse must match the response template that AWS uses */
606
+ ErrorResponse: {
607
+ accepted?: components["schemas"]["AcceptedValue"] | null;
608
+ /** @description Error message */
609
+ message: string;
610
+ };
611
+ /**
612
+ * @example {
613
+ * "chain_id": 43113,
614
+ * "tx": {
615
+ * "chain_id": "0xa869",
616
+ * "gas": "0x61a80",
617
+ * "maxFeePerGas": "0x9502F900",
618
+ * "maxPriorityFeePerGas": "0x50",
619
+ * "nonce": "0xb",
620
+ * "to": "0xf00ba12f00000000b4121200000f00c0ffeef00d",
621
+ * "type": "0x02",
622
+ * "value": "0x10000000000"
623
+ * }
624
+ * }
625
+ */
626
+ Eth1SignRequest: {
627
+ /**
628
+ * Format: int64
629
+ * @description The chain id to set in the given transaction.
630
+ */
631
+ chain_id: number;
632
+ /**
633
+ * @description EIP-2718 typed transaction (see the [ethers-rs
634
+ * interface](https://docs.rs/ethers/latest/ethers/types/struct.Eip1559TransactionRequest.html)) types, including EIP-1559 transactions (`{ "type": "0x02" ... }`), and legacy
635
+ * transactions (`{ "type": "0x00" ... }`). All values in the transaction are expected
636
+ * to be (0x-prefixed or not) hex strings or byte arrays.
637
+ */
638
+ tx: Record<string, never>;
639
+ };
640
+ /**
641
+ * @example {
642
+ * "eth2_sign_request": {
643
+ * "aggregation_slot": {
644
+ * "slot": "36"
645
+ * },
646
+ * "fork_info": {
647
+ * "fork": {
648
+ * "current_version": "0x42424242",
649
+ * "epoch": "0",
650
+ * "previous_version": "0x42424242"
651
+ * },
652
+ * "genesis_validators_root": "0x9d13d61212c067e02ce8e608a7007e2c3b02571e9e6f27ff45dfa91bf27c870b"
653
+ * },
654
+ * "signingRoot": "0x9c57e77c4965727542b9337df6756f948464bca3859bea6ed3c0ec6600d8982a",
655
+ * "type": "AGGREGATION_SLOT"
656
+ * },
657
+ * "network": "mainnet"
658
+ * }
659
+ */
660
+ Eth2SignRequest: {
661
+ /**
662
+ * @description Subset of the Web3Signer Eth2 BLS signing request whose schema is defined
663
+ * [here](https://consensys.github.io/web3signer/web3signer-eth2.html#tag/Signing/operation/ETH2_SIGN).
664
+ * We handle deposits and voluntary exits separately.
665
+ */
666
+ eth2_sign_request: Record<string, never>;
667
+ network: components["schemas"]["Network"];
668
+ };
669
+ /**
670
+ * @description Specifies a fork of the `BeaconChain`, to prevent replay attacks.
671
+ * The schema of `Fork` is defined in the [Beacon chain
672
+ * spec](https://github.com/ethereum/consensus-specs/blob/v1.0.1/specs/phase0/beacon-chain.md#fork).
673
+ * @example {
674
+ * "current_version": "0x00001020",
675
+ * "epoch": "0",
676
+ * "previous_version": "0x00001020"
677
+ * }
678
+ */
679
+ Fork: {
680
+ /**
681
+ * @description Current fork version.
682
+ * @example 0x43434343
683
+ */
684
+ current_version: string;
685
+ epoch: components["schemas"]["Epoch"];
686
+ /**
687
+ * @description Previous fork version.
688
+ * @example 0x42424242
689
+ */
690
+ previous_version: string;
691
+ };
692
+ /**
693
+ * @description Genesis data as defined in the [Beacon API
694
+ * spec](https://ethereum.github.io/beacon-APIs/#/Beacon/getGenesis).
695
+ * You can get the genesis data from the Beacon node's `/eth/v1/beacon/genesis` end-point.
696
+ * This struct definition is originally from lighthouse's eth2.
697
+ */
698
+ GenesisData: {
699
+ /**
700
+ * @description Genesis fork version.
701
+ * @example 0x42424242
702
+ */
703
+ genesis_fork_version: string;
704
+ /**
705
+ * @description Genesis time
706
+ * @example 1679326449
707
+ */
708
+ genesis_time: string;
709
+ /**
710
+ * @description Genesis validators root.
711
+ * @example 0x270d43e74ce340de4bca2b1936beca0f4f5408d9e78aec4850920baf659d5b69
712
+ */
713
+ genesis_validators_root: string;
714
+ };
715
+ GetKeysInOrgRequest: {
716
+ key_type: components["schemas"]["KeyType"] | null;
717
+ };
718
+ /** @description Stats pertaining the the sender `cube3signer` instance */
719
+ HeartbeatRequest: {
720
+ /**
721
+ * Format: int64
722
+ * @description Number of requests currently active (received but not necessarily being processed yet)
723
+ */
724
+ current_num_requests_active: number;
725
+ /**
726
+ * Format: int64
727
+ * @description Number of requests currently being processed by cube3signer
728
+ */
729
+ current_num_requests_processing: number;
730
+ /**
731
+ * Format: int64
732
+ * @description Number of new requests during this heartbeat period
733
+ */
734
+ num_requests: number;
735
+ /**
736
+ * Format: int64
737
+ * @description Number of requests that failed during this heartbeat period
738
+ */
739
+ num_requests_failed: number;
740
+ /**
741
+ * Format: int64
742
+ * @description Number of requests were retried during this heartbeat period
743
+ */
744
+ num_requests_retried: number;
745
+ /**
746
+ * Format: int64
747
+ * @description Number of retries during this heartbeat period
748
+ */
749
+ num_retries: number;
750
+ /**
751
+ * Format: int64
752
+ * @description Number of times auth token was refreshed during this heartbeat period
753
+ */
754
+ num_token_refreshes?: number;
755
+ /**
756
+ * Format: int64
757
+ * @description Number of times auth token refresh failed during this heartbeat period
758
+ */
759
+ num_token_refreshes_failed?: number;
760
+ /**
761
+ * @description Version of the proxy sending the heart beat request
762
+ *
763
+ * TODO: Make non-optional once we do not support proxies without version information
764
+ */
765
+ proxy_version: string | null;
766
+ };
767
+ /**
768
+ * @description Information about the request.
769
+ *
770
+ * Captures all the relevant info (including the request body) about requests that require MFA.
771
+ * We use this to verify that when a request is resumed (after obtaining necessary MFA approvals)
772
+ * it is exactly the same as it originally was.
773
+ */
774
+ HttpRequest: {
775
+ /** @description HTTP request body */
776
+ body: Record<string, unknown> | null;
777
+ /** @description HTTP method of the request */
778
+ method: string;
779
+ /** @description HTTP path of the request (including host or not?) */
780
+ path: string;
781
+ };
782
+ ImportKeyLegacyRequest: {
783
+ /**
784
+ * Format: int64
785
+ * @description The chain ID of the chain that the key will be used for
786
+ * @example 5
787
+ */
788
+ chain_id: number | null;
789
+ /** @description The key to import encrypted with the public key of the organization */
790
+ key_material: components["schemas"]["RsaOaepXChaChaMaterial"][];
791
+ key_type: components["schemas"]["KeyType"];
792
+ };
793
+ ImportKeyRequest: components["schemas"]["KeyImportKey"] & {
794
+ /** @description A set of encrypted keys to be imported */
795
+ key_material: components["schemas"]["ImportKeyRequestMaterial"][];
796
+ key_type: components["schemas"]["KeyType"];
797
+ };
798
+ ImportKeyRequestMaterial: {
799
+ /**
800
+ * @description The client's ephemeral public key used to derive a shared key.
801
+ * This is a base64-encoded, SEC1-encoded P384 public key.
802
+ */
803
+ client_public_key: string;
804
+ /**
805
+ * @description The encrypted keying material to be imported.
806
+ * This is a base64-encoded ciphertext.
807
+ */
808
+ ikm_enc: string;
809
+ /**
810
+ * @description A salt value used to derive a shared key.
811
+ * This is a base64-encoded byte string.
812
+ */
813
+ salt: string;
814
+ };
815
+ InviteRequest: {
816
+ /**
817
+ * @description The user's email address
818
+ * @example alice@acme.com
819
+ */
820
+ email: string;
821
+ /**
822
+ * @description The user's full name
823
+ * @example Alice Wonderland
824
+ */
825
+ name: string;
826
+ /**
827
+ * @description Skip sending an invitation email to this user if true.
828
+ *
829
+ * NOTE: this field is for internal testing use ONLY. If you do not
830
+ * send an invitation email, the user will never be able to log in.
831
+ * @example false
832
+ */
833
+ skip_email: boolean;
834
+ };
835
+ /** @description A wrapped key-import key */
836
+ KeyImportKey: {
837
+ /** @description Base64-encoded, encrypted data key. */
838
+ dk_enc: string;
839
+ /**
840
+ * Format: int64
841
+ * @description Expiration timestamp expressed as seconds since the UNIX epoch.
842
+ */
843
+ expires: number;
844
+ /**
845
+ * @description The ephemeral public key to which an imported key should be encrypted.
846
+ * This is a P384 public key in base64-encoded uncompressed SECG format.
847
+ */
848
+ public_key: string;
849
+ /** @description Base64-encoded, encrypted secret key. */
850
+ sk_enc: string;
851
+ };
852
+ KeyInfo: {
853
+ /** @description Whether the key is enabled (only enabled keys may be used for signing) */
854
+ enabled: boolean;
855
+ /**
856
+ * @description The id of the key: "Key#" followed by a unique identifier specific to
857
+ * the type of key (such as a public key for BLS or an ethereum address for Secp)
858
+ * @example Key#0x8e3484687e66cdd26cf04c3647633ab4f3570148
859
+ */
860
+ key_id: string;
861
+ key_type: components["schemas"]["KeyType"];
862
+ /**
863
+ * @description A unique identifier specific to the type of key, such as a public key or an ethereum address
864
+ * @example 0x8e3484687e66cdd26cf04c3647633ab4f3570148
865
+ */
866
+ material_id: string;
867
+ /**
868
+ * @description Owner of the key
869
+ * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
870
+ */
871
+ owner: string;
872
+ /**
873
+ * @description Key policy
874
+ * @example []
875
+ */
876
+ policy: Record<string, never>[];
877
+ /**
878
+ * @description Hex-encoded, serialized public key. The format used depends on the key type:
879
+ * - secp256k1 keys use 65-byte uncompressed SECG format;
880
+ * - BLS keys use 48-byte compressed BLS12-381 (ZCash) format;
881
+ * - ed25519 keys use the canonical 64-byte encoding specified in RFC 8032.
882
+ * @example 0x04d2688b6bc2ce7f9879b9e745f3c4dc177908c5cef0c1b64cff19ae7ff27dee623c64fe9d9c325c7fbbc748bbd5f607ce14dd83e28ebbbb7d3e7f2ffb70a79431
883
+ */
884
+ public_key: string;
885
+ /**
886
+ * @description The purpose for which the key can be used (e.g., chain id for which the key is allowed to sign messages)
887
+ * @example Eth2Validator(1)
888
+ */
889
+ purpose: string;
890
+ };
891
+ /** @enum {string} */
892
+ KeyType: "SecpEthAddr" | "SecpBtc" | "SecpBtcTest" | "BlsPub" | "BlsInactive" | "Ed25519SolanaAddr" | "Ed25519SuiAddr" | "Ed25519AptosAddr";
893
+ KeyWithPolicies: {
894
+ /**
895
+ * @description Key ID
896
+ * @example Key#0x8e3484687e66cdd26cf04c3647633ab4f3570148
897
+ */
898
+ key_id: string;
899
+ /**
900
+ * @description Policies that are checked before this key is used on behalf of this role
901
+ * @example [
902
+ * {
903
+ * "TxReceiver": "0x8c594691c0e592ffa21f153a16ae41db5befcaaa"
904
+ * },
905
+ * {
906
+ * "TxDeposit": {
907
+ * "kind": "Canonical"
908
+ * }
909
+ * }
910
+ * ]
911
+ */
912
+ policy?: Record<string, never>[];
913
+ };
914
+ /**
915
+ * @description Describes whether a user in an org is an Owner or just a regular member
916
+ * @enum {string}
917
+ */
918
+ MemberRole: "Owner" | "Member" | "Alien";
919
+ /** @enum {string} */
920
+ MfaType: "CubeSigner" | "Totp";
921
+ /**
922
+ * @description Network name ('mainnet', 'prater', 'goerli')
923
+ * @example goerli
924
+ * @enum {string}
925
+ */
926
+ Network: "mainnet" | "prater" | "goerli";
927
+ /**
928
+ * @description Represents a globally unique OIDC-authorized user by expressing the full "path" to a user. That is:
929
+ *
930
+ * (iss) (sub)
931
+ * Issuer -> Subresource
932
+ *
933
+ * We include a non-standard third-tier `disambiguator` which allows us to map
934
+ * a single OIDC user to multiple `User`s in CubeSigner
935
+ */
936
+ OIDCIdentity: {
937
+ /**
938
+ * @description Free-form additional user info.
939
+ * @example null
940
+ */
941
+ disambiguator?: string | null;
942
+ /**
943
+ * @description The root-level issuer who administrates this user. Frome the OIDC spec:
944
+ * Issuer Identifier for the Issuer of the response. The iss
945
+ * value is a case sensitive URL using the https scheme that contains
946
+ * scheme, host, and optionally, port number and path components and
947
+ * no query or fragment components.
948
+ * @example https://accounts.google.com
949
+ */
950
+ iss: string;
951
+ /**
952
+ * @description From the OIDC spec:
953
+ *
954
+ * A locally unique and never reassigned identifier within the Issuer for
955
+ * the End-User, which is intended to be consumed by the Client, e.g.,
956
+ * 24400320 or AItOawmwtWwcT0k51BayewNvutrJUqsvl6qs7A4. It MUST NOT exceed
957
+ * 255 ASCII characters in length. The sub value is a case sensitive
958
+ * string.
959
+ * @example 10769150350006150715113082367
960
+ */
961
+ sub: string;
962
+ };
963
+ OidcLoginRequest: {
964
+ /**
965
+ * @description Controls what capabilities this session will have.
966
+ * @example [
967
+ * "sign:*"
968
+ * ]
969
+ */
970
+ scopes: string[];
971
+ };
972
+ OidcLoginResponse: {
973
+ /**
974
+ * @description Token to be used for signing auth. Requests to signing endpoints
975
+ * should include this value in the `Authorization` header
976
+ */
977
+ token: string;
978
+ };
979
+ OrgInfo: {
980
+ /** @description When false, all cryptographic operations involving keys in this org are disabled. */
981
+ enabled: boolean;
982
+ /**
983
+ * @description The RSA public key to use when importing keys into this organization. This string is the
984
+ * hex encoding of the DER representation of the key.
985
+ * @example 30820222300d06092a864886f70d01010105000382020f003082020a0282020100c89765b8f347caafbec09fcb17740e032d854ec99f2d9c16167be335339b4fdeba18a7f13d8e8b7ae7d689cab63d8ecdf548f4746eacaf95b61fef76ade9f81b3c038891c52542fd352697b618afbea6103723c28f2db450e9d852be16a4dc2cbc9442da9a6610044009e056ba90728f0b9888d9b036e493aaed168ccf930fa2f730b17eb3ad6f455a792b762c47f3d3c6b7a7c458556a592e688791599a576bf2149d8e9614db775e7a48602d237a347d5399c681f7f7d9c81f6a64e7cfd356bba545d45e5023ca1f09a66a1d4550f61cf2c4367e14997b5d749bb0326a44d058119e8caf7fd79d517eb2d11dddb2db329f350698f0f978d5e150bb402c8bc4c5ec36d6f38db3f3a204813cda9f52dbcee809204f8e35a455c0e110e10eec41f734f2d55a058a7a21fa90602f94da6de2378ff61e7b3550b77e53d75d7b3d3b39ccab0e5101b916dab01da096f7627175d5b68a1a6464ce5be3e95e7c464d69eb0b675057705c11bc79c3543313b0d9c703c50dc1a16dd9b55e5599e3b02e527b85938e7b81c65e56960bcd7c7a266b07dc05107fd0d7d3c208a878eb0fc74b0d007f421d0c5b28cf78eb441aa0166dceeeac255d68622492f9b526ae13c93754ea8eda96f3b764ba931f8d49c7de8b00ac53d993ab9b08fd2892d8e82cc1a9746f0b426b19256d13d780445e150ce81da0b3c96e32559cb47cb5cb93f805650203010001
986
+ */
987
+ key_import_key: string;
988
+ /**
989
+ * @description The organization's universally unique key-wrapping-key identifier.
990
+ * This value is required when setting up key export.
991
+ * @example mrk-fce09525e81587d23520f11e07e2e9d9
992
+ */
993
+ kwk_id: string;
994
+ /**
995
+ * @description Date/time (in UTC) when last 'unstake' was performed. Unix epoch if none.
996
+ * @example TODO
997
+ */
998
+ last_unstake: string;
999
+ /**
1000
+ * Format: int32
1001
+ * @description How many 'unstake' calls happened on the day when `last_unstake` was performed.
1002
+ */
1003
+ last_unstake_day_count: number;
1004
+ /**
1005
+ * @description The human-readable name for the org
1006
+ * @example my_org_name
1007
+ */
1008
+ name?: string | null;
1009
+ /**
1010
+ * @description The ID of the organization
1011
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1012
+ */
1013
+ org_id: string;
1014
+ /**
1015
+ * @description Org-wide policies that are checked before a key is used for signing
1016
+ * @example [
1017
+ * {
1018
+ * "MaxDailyUnstake": 5
1019
+ * }
1020
+ * ]
1021
+ */
1022
+ policy?: Record<string, never>[];
1023
+ };
1024
+ RatchetConfig: {
1025
+ auth_lifetime?: components["schemas"]["Seconds"];
1026
+ refresh_lifetime?: components["schemas"]["Seconds"];
1027
+ session_lifetime?: components["schemas"]["Seconds"];
1028
+ };
1029
+ /** @description Receipt that an MFA request was approved. */
1030
+ Receipt: {
1031
+ /**
1032
+ * @description Confirmation code the user needs to present when resuming the original request.
1033
+ * @example ba1d75dd-d999-4c1b-944d-25c25440c8af
1034
+ */
1035
+ confirmation: string;
1036
+ /** @description The ID of the logged-in user whose action created this approval. */
1037
+ final_approver: string;
1038
+ timestamp: components["schemas"]["EpochDateTime"];
1039
+ };
1040
+ RoleInfo: {
1041
+ /**
1042
+ * @description Whether the role is enabled
1043
+ * @example true
1044
+ */
1045
+ enabled: boolean;
1046
+ /** @description The CubeSigner IDs of the keys */
1047
+ keys: components["schemas"]["KeyWithPolicies"][];
1048
+ /**
1049
+ * @description The human-readable name for the role (must be alphanumeric)
1050
+ * @example my_role
1051
+ */
1052
+ name?: string | null;
1053
+ /**
1054
+ * @description The ID of the role
1055
+ * @example Role#bfe3eccb-731e-430d-b1e5-ac1363e6b06b
1056
+ */
1057
+ role_id: string;
1058
+ /**
1059
+ * @description The list of users with access to the role
1060
+ * @example [
1061
+ * "User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f",
1062
+ * "User#5593c25b-52e2-4fb5-b39b-96d41d681d82"
1063
+ * ]
1064
+ */
1065
+ users: string[];
1066
+ };
1067
+ /**
1068
+ * @description Encrypted key material for import using hybrid encryption.
1069
+ *
1070
+ * The imported keying material is encrypted using [XChaCha20Poly1305], which
1071
+ * we choose for its speed and side channel resistance, its ability to encrypt
1072
+ * very long messages, and its safety when using random nonces even for a large
1073
+ * number of messages. The latter should not happen in this case, but the cost
1074
+ * is negligible and the benefit is that we know it's safe to use random nonces.
1075
+ *
1076
+ * The XChaCha key is encrypted using [RSAES-OAEP-SHA256], which we choose because
1077
+ * it's the best of the [available options for asymmetric encryption][kmsopts]
1078
+ * in AWS KMS.
1079
+ *
1080
+ * [XChaCha20Poly1305]: https://doc.libsodium.org/secret-key_cryptography/aead/chacha20-poly1305/xchacha20-poly1305_construction
1081
+ * [RSAES-OAEP-SHA256]: https://www.rfc-editor.org/rfc/rfc8017#section-7.1
1082
+ * [kmsopts]: https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html
1083
+ */
1084
+ RsaOaepXChaChaMaterial: {
1085
+ /**
1086
+ * @description The keying material to be imported, encrypted with
1087
+ * [XChaCha20Poly1305](https://doc.libsodium.org/secret-key_cryptography/aead/chacha20-poly1305/xchacha20-poly1305_construction).
1088
+ */
1089
+ ikm_enc: number[];
1090
+ /**
1091
+ * @description The key-wrapping key used to encrypt `ikm_enc`, encrypted with
1092
+ * [RSAES-OAEP-SHA256](https://www.rfc-editor.org/rfc/rfc8017#section-7.1).
1093
+ */
1094
+ kwk_enc: number[];
1095
+ /** @description The nonce used to generate `ikm_enc`. */
1096
+ nonce: number[];
1097
+ };
1098
+ /**
1099
+ * Format: int64
1100
+ * @description Duration measured in seconds
1101
+ * A wrapper type for serialization that encodes a `Duration` as a `u64` representing the number of seconds.
1102
+ */
1103
+ Seconds: number;
1104
+ SignRequest: {
1105
+ message: Record<string, never>;
1106
+ };
1107
+ SolanaSignRequest: components["schemas"]["SignRequest"] & Record<string, never>;
1108
+ StakeRequest: {
1109
+ /**
1110
+ * Format: int64
1111
+ * @description The chain on which we will deposit
1112
+ * @example 5
1113
+ */
1114
+ chain_id: number;
1115
+ deposit_type: components["schemas"]["DepositType"];
1116
+ unsafe_conf: components["schemas"]["UnsafeConf"] | null;
1117
+ /**
1118
+ * @description The validator BLS public key to use, or `None` to generate a fresh one.
1119
+ * @example 0xa99a76ed7796f7be22d5b7e85deeb7c5677e88e511e0b337618f8c4eb61349b4bf2d153f649f7b53359fe8b94a38e44c
1120
+ */
1121
+ validator_key: string | null;
1122
+ /**
1123
+ * @description The ethereum address to which withdrawn funds go
1124
+ * @example 0x8e3484687e66cdd26cf04c3647633ab4f3570148
1125
+ */
1126
+ withdrawal_addr: string;
1127
+ };
1128
+ Status: {
1129
+ /** @description Users who are allowed to approve. Must be non-empty. */
1130
+ allowed_approvers: string[];
1131
+ /** @description Allowed approval types. When omitted, defaults to any. */
1132
+ allowed_mfa_types?: components["schemas"]["MfaType"][] | null;
1133
+ /** @description Users who have already approved */
1134
+ approved_by: {
1135
+ [key: string]: ({
1136
+ [key: string]: components["schemas"]["ApprovalInfo"] | undefined;
1137
+ }) | undefined;
1138
+ };
1139
+ /**
1140
+ * Format: int32
1141
+ * @description How many users must approve
1142
+ */
1143
+ count: number;
1144
+ /**
1145
+ * Format: int32
1146
+ * @description How many auth factors to require per user
1147
+ */
1148
+ num_auth_factors: number;
1149
+ };
1150
+ TokenInfo: {
1151
+ /** @description Session ID. Use it to revoke a session. Cannot be used for auth. */
1152
+ hash: string;
1153
+ /** @description Tokens purpose */
1154
+ purpose: string;
1155
+ };
1156
+ TotpApproveRequest: {
1157
+ /** @description TOTP verification code */
1158
+ code: string;
1159
+ };
1160
+ /** @description Options that should be set only for local devnet testing. */
1161
+ UnsafeConf: {
1162
+ /**
1163
+ * @description The hex-encoded address of the deposit contract. If omitted, inferred from `chain_id`
1164
+ * @example 0xff50ed3d0ec03ac01d4c79aad74928bff48a7b2b
1165
+ */
1166
+ deposit_contract_addr: string | null;
1167
+ /**
1168
+ * @description The hex-encoded 4-byte fork version
1169
+ * @example 0x00001020
1170
+ */
1171
+ genesis_fork_version: string | null;
1172
+ };
1173
+ /**
1174
+ * @description Unstake message request.
1175
+ * @example {
1176
+ * "epoch": "256",
1177
+ * "fork": {
1178
+ * "current_version": "0x00001020",
1179
+ * "epoch": "0",
1180
+ * "previous_version": "0x00001020"
1181
+ * },
1182
+ * "genesis_data": {
1183
+ * "genesis_fork_version": "0x00001020",
1184
+ * "genesis_time": "1679541642",
1185
+ * "genesis_validators_root": "0x270d43e74ce340de4bca2b1936beca0f4f5408d9e78aec4850920baf659d5b69"
1186
+ * },
1187
+ * "network": "goerli",
1188
+ * "validator_index": "0"
1189
+ * }
1190
+ */
1191
+ UnstakeRequest: {
1192
+ epoch: components["schemas"]["Epoch"] | null;
1193
+ fork: components["schemas"]["Fork"];
1194
+ genesis_data: components["schemas"]["GenesisData"];
1195
+ network: components["schemas"]["Network"];
1196
+ /**
1197
+ * @description Validator index (`uint64`) to exit. You can get the validator index from the Beacon node's
1198
+ * `/eth/v1/beacon/states/head/validators/{pubkey}` end-point. This end point returns an
1199
+ * object that contains information about the validator (whose public key is `{pubkey}`),
1200
+ * including the validator index. The schema of this end-point is defined
1201
+ * [here](https://ethereum.github.io/beacon-APIs/#/Beacon/getStateValidator).
1202
+ * @example 31337
1203
+ */
1204
+ validator_index: string;
1205
+ };
1206
+ UpdateKeyRequest: {
1207
+ /**
1208
+ * @description If set, updates the keys's `enabled` property to this value.
1209
+ * Once disabled, a key cannot be used for signing.
1210
+ */
1211
+ enabled?: boolean | null;
1212
+ /**
1213
+ * @description If set, updates key's owner to this value.
1214
+ * The new owner must be an existing user who is a member of the same org.
1215
+ * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
1216
+ */
1217
+ owner?: string | null;
1218
+ /**
1219
+ * @description If set, update this key's policies (old policies will be overwritten!).
1220
+ * @example []
1221
+ */
1222
+ policy?: Record<string, never>[] | null;
1223
+ };
1224
+ UpdateOrgRequest: {
1225
+ /** @description If set, update this org's `enabled` field to this value. */
1226
+ enabled?: boolean | null;
1227
+ /**
1228
+ * @description If set, update this org's alias. Org aliases are globally unique.
1229
+ * @example my_org
1230
+ */
1231
+ name?: string | null;
1232
+ /**
1233
+ * @description If set, update this org's policies (old policies will be overwritten!).
1234
+ * @example [
1235
+ * {
1236
+ * "MaxDailyUnstake": 5
1237
+ * },
1238
+ * {
1239
+ * "OriginAllowlist": [
1240
+ * "https://example.com"
1241
+ * ]
1242
+ * },
1243
+ * {
1244
+ * "SourceIpAllowlist": [
1245
+ * "10.1.2.3/8",
1246
+ * "169.254.17.1/16"
1247
+ * ]
1248
+ * }
1249
+ * ]
1250
+ */
1251
+ policy?: Record<string, never>[] | null;
1252
+ };
1253
+ UpdateRoleRequest: {
1254
+ /**
1255
+ * @description If set, updates the role's `enabled` property to this value.
1256
+ * Once disabled, a role cannot be used; and it's tokens cannot be used for signing.
1257
+ */
1258
+ enabled?: boolean | null;
1259
+ };
1260
+ UserIdInfo: {
1261
+ /**
1262
+ * @description The user's email
1263
+ * @example alice@example.com
1264
+ */
1265
+ email: string;
1266
+ /**
1267
+ * @description The id of the user
1268
+ * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
1269
+ */
1270
+ id: string;
1271
+ };
1272
+ UserInfo: {
1273
+ /** @example alice@example.com */
1274
+ email: string;
1275
+ /** @description All multi-factor authentication methods configured for this user */
1276
+ mfa: components["schemas"]["ConfiguredMfa"][];
1277
+ /**
1278
+ * @description All organizations the user belongs to
1279
+ * @example [
1280
+ * "Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a"
1281
+ * ]
1282
+ */
1283
+ org_ids: string[];
1284
+ /**
1285
+ * @description The id of the currently logged in user
1286
+ * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
1287
+ */
1288
+ user_id: string;
1289
+ };
1290
+ /**
1291
+ * @description An exit voluntarily submitted a validator who wishes to withdraw.
1292
+ * The schema for this message is defined
1293
+ * [here](https://github.com/ethereum/consensus-specs/blob/v1.0.1/specs/phase0/beacon-chain.md#signedvoluntaryexit).
1294
+ */
1295
+ VoluntaryExit: {
1296
+ epoch: components["schemas"]["Epoch"];
1297
+ /**
1298
+ * @description Index of the exiting validator.
1299
+ * @example 256
1300
+ */
1301
+ validator_index: string;
1302
+ };
1303
+ };
1304
+ responses: {
1305
+ AddThirdPartyUserResponse: {
1306
+ content: {
1307
+ "application/json": {
1308
+ /** @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f */
1309
+ user_id: string;
1310
+ };
1311
+ };
1312
+ };
1313
+ BlobSignResponse: {
1314
+ content: {
1315
+ "application/json": {
1316
+ /** @description The hex-encoded signature. */
1317
+ signature: string;
1318
+ };
1319
+ };
1320
+ };
1321
+ BtcSignResponse: {
1322
+ content: {
1323
+ "application/json": {
1324
+ /**
1325
+ * @description The hex-encoded signature in DER format.
1326
+ * @example 0x3045022100e12be3904f665f755e106741680548fefc9febf4cff31c5c0ee4627b3c1b35fe022066fde9a0b17e4cd38da983fb0d604294f00d0bd47fcb649c5216f3a2e8b7ad2d01
1327
+ */
1328
+ signature: string;
1329
+ };
1330
+ };
1331
+ };
1332
+ CreateKeyImportKeyResponse: {
1333
+ content: {
1334
+ "application/json": components["schemas"]["KeyImportKey"] & {
1335
+ /**
1336
+ * @description An attestation document from a secure enclave, including an
1337
+ * RSA signing key used to sign the contents of this message.
1338
+ */
1339
+ enclave_attestation: string;
1340
+ /**
1341
+ * @description An RSA-PSS-SHA256 signature on the public key and encrypted
1342
+ * secrets attesting to their generation inside a secure enclave.
1343
+ */
1344
+ enclave_signature: string;
1345
+ };
1346
+ };
1347
+ };
1348
+ CreateKeyResponse: {
1349
+ content: {
1350
+ "application/json": {
1351
+ /** @description The info about the created keys */
1352
+ keys: components["schemas"]["KeyInfo"][];
1353
+ };
1354
+ };
1355
+ };
1356
+ /** @description The newly created role information */
1357
+ CreateRoleResponse: {
1358
+ content: {
1359
+ "application/json": {
1360
+ /**
1361
+ * @description A human-readable name for the role.
1362
+ * @example my_role
1363
+ */
1364
+ name?: string | null;
1365
+ /**
1366
+ * @description The id of the newly created role
1367
+ * @example Role#bfe3eccb-731e-430d-b1e5-ac1363e6b06b
1368
+ */
1369
+ role_id: string;
1370
+ };
1371
+ };
1372
+ };
1373
+ CreateTokenResponse: {
1374
+ content: {
1375
+ "application/json": {
1376
+ session_info: components["schemas"]["ClientSessionInfo"];
1377
+ /**
1378
+ * @description Token to be used for signing auth. Requests to signing endpoints
1379
+ * should include this value in the `Authorization` header
1380
+ */
1381
+ token: string;
1382
+ };
1383
+ };
1384
+ };
1385
+ EmptyImpl: {
1386
+ content: {
1387
+ "application/json": {
1388
+ status: string;
1389
+ };
1390
+ };
1391
+ };
1392
+ Eth1SignResponse: {
1393
+ content: {
1394
+ "application/json": {
1395
+ /**
1396
+ * @description Hex-encoded RLP encoding of the transaction and its signature
1397
+ * @example 0x22895118000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000e000000000000000000000000000000000000000000000000000000000000001201d58656b0e22aaa68fdc692db41979098c3886ed33015d7467de9211609cdac000000000000000000000000000000000000000000000000000000000000000308b0c2900324d3ff9adfba7fdfe5af3f9b2cdbeef7b280437bbf1b1c59a093d615afe3e5dfed9622b540cdd9b49b3c5ad00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002001000000000000000000000049011adbcc3bc9c0307bb07f37dda1a1a9c69d2e0000000000000000000000000000000000000000000000000000000000000060903db8525674b8e7904f9b7d7d9ec55a0a42d33cf58be25469b0c21bbb6d06172bc5bb5fd1aed8e4f35936968958116b0619553c2cb1c52e7323074c6f8eb3d5a7074fc6580148df907837fa3b164ad7fbc2288dad1e8a5b021095b57c8a36d4
1398
+ */
1399
+ rlp_signed_tx: string;
1400
+ };
1401
+ };
1402
+ };
1403
+ Eth2SignResponse: {
1404
+ content: {
1405
+ "application/json": {
1406
+ /**
1407
+ * @description Hex encoded signature prefixed with 0x e.g. "0x0000..."
1408
+ * @example 0xb4f2ef9d12a54e1f569596c07c97d6d730535b6ffc0d287761dc78103a86326782471a04c75ce7a6faea08ca9a4a0830031cdcb893da8711d54aa22619f1a7e71b8185ddf4c6bfd9babbd735960e35e56bd6eeb89625b04850e7a9ef8846e549
1409
+ */
1410
+ signature: string;
1411
+ };
1412
+ };
1413
+ };
1414
+ GetKeysInOrgResponse: {
1415
+ content: {
1416
+ "application/json": {
1417
+ keys: components["schemas"]["KeyInfo"][];
1418
+ };
1419
+ };
1420
+ };
1421
+ GetUsersInOrgResponse: {
1422
+ content: {
1423
+ "application/json": {
1424
+ /** @description The list of users in the org */
1425
+ users: components["schemas"]["UserIdInfo"][];
1426
+ };
1427
+ };
1428
+ };
1429
+ /** @description A wrapped key-import key */
1430
+ KeyImportKey: {
1431
+ content: {
1432
+ "application/json": {
1433
+ /** @description Base64-encoded, encrypted data key. */
1434
+ dk_enc: string;
1435
+ /**
1436
+ * Format: int64
1437
+ * @description Expiration timestamp expressed as seconds since the UNIX epoch.
1438
+ */
1439
+ expires: number;
1440
+ /**
1441
+ * @description The ephemeral public key to which an imported key should be encrypted.
1442
+ * This is a P384 public key in base64-encoded uncompressed SECG format.
1443
+ */
1444
+ public_key: string;
1445
+ /** @description Base64-encoded, encrypted secret key. */
1446
+ sk_enc: string;
1447
+ };
1448
+ };
1449
+ };
1450
+ KeyInfo: {
1451
+ content: {
1452
+ "application/json": {
1453
+ /** @description Whether the key is enabled (only enabled keys may be used for signing) */
1454
+ enabled: boolean;
1455
+ /**
1456
+ * @description The id of the key: "Key#" followed by a unique identifier specific to
1457
+ * the type of key (such as a public key for BLS or an ethereum address for Secp)
1458
+ * @example Key#0x8e3484687e66cdd26cf04c3647633ab4f3570148
1459
+ */
1460
+ key_id: string;
1461
+ key_type: components["schemas"]["KeyType"];
1462
+ /**
1463
+ * @description A unique identifier specific to the type of key, such as a public key or an ethereum address
1464
+ * @example 0x8e3484687e66cdd26cf04c3647633ab4f3570148
1465
+ */
1466
+ material_id: string;
1467
+ /**
1468
+ * @description Owner of the key
1469
+ * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
1470
+ */
1471
+ owner: string;
1472
+ /**
1473
+ * @description Key policy
1474
+ * @example []
1475
+ */
1476
+ policy: Record<string, never>[];
1477
+ /**
1478
+ * @description Hex-encoded, serialized public key. The format used depends on the key type:
1479
+ * - secp256k1 keys use 65-byte uncompressed SECG format;
1480
+ * - BLS keys use 48-byte compressed BLS12-381 (ZCash) format;
1481
+ * - ed25519 keys use the canonical 64-byte encoding specified in RFC 8032.
1482
+ * @example 0x04d2688b6bc2ce7f9879b9e745f3c4dc177908c5cef0c1b64cff19ae7ff27dee623c64fe9d9c325c7fbbc748bbd5f607ce14dd83e28ebbbb7d3e7f2ffb70a79431
1483
+ */
1484
+ public_key: string;
1485
+ /**
1486
+ * @description The purpose for which the key can be used (e.g., chain id for which the key is allowed to sign messages)
1487
+ * @example Eth2Validator(1)
1488
+ */
1489
+ purpose: string;
1490
+ };
1491
+ };
1492
+ };
1493
+ KeyInfos: {
1494
+ content: {
1495
+ "application/json": {
1496
+ keys: components["schemas"]["KeyInfo"][];
1497
+ };
1498
+ };
1499
+ };
1500
+ ListRolesResponse: {
1501
+ content: {
1502
+ "application/json": {
1503
+ /** @description All roles in an organization. */
1504
+ roles: components["schemas"]["RoleInfo"][];
1505
+ };
1506
+ };
1507
+ };
1508
+ ListTokensResponse: {
1509
+ content: {
1510
+ "application/json": {
1511
+ tokens: components["schemas"]["TokenInfo"][];
1512
+ };
1513
+ };
1514
+ };
1515
+ /** @description Returned as a response from multiple routes (e.g., 'get mfa', 'approve mfa', 'approve totp'). */
1516
+ MfaRequestInfo: {
1517
+ content: {
1518
+ "application/json": {
1519
+ expires_at: components["schemas"]["EpochDateTime"];
1520
+ /** @description Approval request ID. */
1521
+ id: string;
1522
+ receipt: components["schemas"]["Receipt"] | null;
1523
+ request: components["schemas"]["HttpRequest"];
1524
+ status: components["schemas"]["Status"];
1525
+ };
1526
+ };
1527
+ };
1528
+ OidcLoginResponse: {
1529
+ content: {
1530
+ "application/json": {
1531
+ /**
1532
+ * @description Token to be used for signing auth. Requests to signing endpoints
1533
+ * should include this value in the `Authorization` header
1534
+ */
1535
+ token: string;
1536
+ };
1537
+ };
1538
+ };
1539
+ OrgInfo: {
1540
+ content: {
1541
+ "application/json": {
1542
+ /** @description When false, all cryptographic operations involving keys in this org are disabled. */
1543
+ enabled: boolean;
1544
+ /**
1545
+ * @description The RSA public key to use when importing keys into this organization. This string is the
1546
+ * hex encoding of the DER representation of the key.
1547
+ * @example 30820222300d06092a864886f70d01010105000382020f003082020a0282020100c89765b8f347caafbec09fcb17740e032d854ec99f2d9c16167be335339b4fdeba18a7f13d8e8b7ae7d689cab63d8ecdf548f4746eacaf95b61fef76ade9f81b3c038891c52542fd352697b618afbea6103723c28f2db450e9d852be16a4dc2cbc9442da9a6610044009e056ba90728f0b9888d9b036e493aaed168ccf930fa2f730b17eb3ad6f455a792b762c47f3d3c6b7a7c458556a592e688791599a576bf2149d8e9614db775e7a48602d237a347d5399c681f7f7d9c81f6a64e7cfd356bba545d45e5023ca1f09a66a1d4550f61cf2c4367e14997b5d749bb0326a44d058119e8caf7fd79d517eb2d11dddb2db329f350698f0f978d5e150bb402c8bc4c5ec36d6f38db3f3a204813cda9f52dbcee809204f8e35a455c0e110e10eec41f734f2d55a058a7a21fa90602f94da6de2378ff61e7b3550b77e53d75d7b3d3b39ccab0e5101b916dab01da096f7627175d5b68a1a6464ce5be3e95e7c464d69eb0b675057705c11bc79c3543313b0d9c703c50dc1a16dd9b55e5599e3b02e527b85938e7b81c65e56960bcd7c7a266b07dc05107fd0d7d3c208a878eb0fc74b0d007f421d0c5b28cf78eb441aa0166dceeeac255d68622492f9b526ae13c93754ea8eda96f3b764ba931f8d49c7de8b00ac53d993ab9b08fd2892d8e82cc1a9746f0b426b19256d13d780445e150ce81da0b3c96e32559cb47cb5cb93f805650203010001
1548
+ */
1549
+ key_import_key: string;
1550
+ /**
1551
+ * @description The organization's universally unique key-wrapping-key identifier.
1552
+ * This value is required when setting up key export.
1553
+ * @example mrk-fce09525e81587d23520f11e07e2e9d9
1554
+ */
1555
+ kwk_id: string;
1556
+ /**
1557
+ * @description Date/time (in UTC) when last 'unstake' was performed. Unix epoch if none.
1558
+ * @example TODO
1559
+ */
1560
+ last_unstake: string;
1561
+ /**
1562
+ * Format: int32
1563
+ * @description How many 'unstake' calls happened on the day when `last_unstake` was performed.
1564
+ */
1565
+ last_unstake_day_count: number;
1566
+ /**
1567
+ * @description The human-readable name for the org
1568
+ * @example my_org_name
1569
+ */
1570
+ name?: string | null;
1571
+ /**
1572
+ * @description The ID of the organization
1573
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1574
+ */
1575
+ org_id: string;
1576
+ /**
1577
+ * @description Org-wide policies that are checked before a key is used for signing
1578
+ * @example [
1579
+ * {
1580
+ * "MaxDailyUnstake": 5
1581
+ * }
1582
+ * ]
1583
+ */
1584
+ policy?: Record<string, never>[];
1585
+ };
1586
+ };
1587
+ };
1588
+ RefreshResponse: {
1589
+ content: {
1590
+ "application/json": {
1591
+ session_info: components["schemas"]["ClientSessionInfo"];
1592
+ /**
1593
+ * @description New token to be used for signing auth. Requests to signing endpoints
1594
+ * should include this value in the `Authorization` header
1595
+ */
1596
+ token: string;
1597
+ };
1598
+ };
1599
+ };
1600
+ RevokeTokenResponse: {
1601
+ content: {
1602
+ "application/json": {
1603
+ token?: components["schemas"]["TokenInfo"] | null;
1604
+ };
1605
+ };
1606
+ };
1607
+ RevokeTokensResponse: {
1608
+ content: {
1609
+ "application/json": {
1610
+ /** @description Tokens that were revoked. */
1611
+ revoked: components["schemas"]["TokenInfo"][];
1612
+ };
1613
+ };
1614
+ };
1615
+ RoleInfo: {
1616
+ content: {
1617
+ "application/json": {
1618
+ /**
1619
+ * @description Whether the role is enabled
1620
+ * @example true
1621
+ */
1622
+ enabled: boolean;
1623
+ /** @description The CubeSigner IDs of the keys */
1624
+ keys: components["schemas"]["KeyWithPolicies"][];
1625
+ /**
1626
+ * @description The human-readable name for the role (must be alphanumeric)
1627
+ * @example my_role
1628
+ */
1629
+ name?: string | null;
1630
+ /**
1631
+ * @description The ID of the role
1632
+ * @example Role#bfe3eccb-731e-430d-b1e5-ac1363e6b06b
1633
+ */
1634
+ role_id: string;
1635
+ /**
1636
+ * @description The list of users with access to the role
1637
+ * @example [
1638
+ * "User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f",
1639
+ * "User#5593c25b-52e2-4fb5-b39b-96d41d681d82"
1640
+ * ]
1641
+ */
1642
+ users: string[];
1643
+ };
1644
+ };
1645
+ };
1646
+ SolanaSignResponse: {
1647
+ content: {
1648
+ "application/json": {
1649
+ /** @description The hex-encoded signature. */
1650
+ signature: string;
1651
+ };
1652
+ };
1653
+ };
1654
+ StakeResponse: {
1655
+ content: {
1656
+ "application/json": {
1657
+ /**
1658
+ * @description The validator key id ("Key#...")
1659
+ * @example Key#db1731f8-3659-45c0-885b-e11e1f5b7be2
1660
+ */
1661
+ created_validator_key_id: string;
1662
+ deposit_tx: components["schemas"]["DepositTxn"];
1663
+ };
1664
+ };
1665
+ };
1666
+ TotpInfo: {
1667
+ content: {
1668
+ "application/json": {
1669
+ /**
1670
+ * @description Standard TOTP url which includes everything needed to initialize TOTP.
1671
+ * @example otpauth://totp/Cubist:alice-%40example.com?secret=DAHF7KCOTQWSOMK4XFEMNHXO4J433OD7&issuer=Cubist
1672
+ */
1673
+ totp_url: string;
1674
+ };
1675
+ };
1676
+ };
1677
+ /**
1678
+ * @description Unstake responses are signed voluntary exit messages.
1679
+ * The schema for this message is defined
1680
+ * [here](https://github.com/ethereum/consensus-specs/blob/v1.0.1/specs/phase0/beacon-chain.md#signedvoluntaryexit).
1681
+ * This message can be directly POSTed to the Beacon node's
1682
+ * `/eth/v1/beacon/pool/voluntary_exits` end-point (see expected schema
1683
+ * [here](https://ethereum.github.io/beacon-APIs/#/Beacon/submitPoolVoluntaryExit)).
1684
+ */
1685
+ UnstakeResponse: {
1686
+ content: {
1687
+ "application/json": {
1688
+ message: components["schemas"]["VoluntaryExit"];
1689
+ /**
1690
+ * @description BLS signature.
1691
+ * @example 0x910c7cd537ed91cc8c4a82f3cbd832e9be8c24a22e9c86df479f7ce42025ea6a09619b418b666a060e260d2aae31b8e50e9d05ca3442c7eed3b507e5207e14674275f68c2ba84c4bf6b8dd364a304acac8cfab3681e2514b4400f9242bc61164
1692
+ */
1693
+ signature: string;
1694
+ };
1695
+ };
1696
+ };
1697
+ UpdateOrgResponse: {
1698
+ content: {
1699
+ "application/json": {
1700
+ /** @description The new value of the 'enabled' property */
1701
+ enabled?: boolean | null;
1702
+ /**
1703
+ * @description The new human-readable name for the org (must be alphanumeric)
1704
+ * @example my_org_name
1705
+ */
1706
+ name?: string | null;
1707
+ /**
1708
+ * @description The ID of the organization
1709
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1710
+ */
1711
+ org_id: string;
1712
+ /**
1713
+ * @description The new value of org-wide policies
1714
+ * @example [
1715
+ * {
1716
+ * "MaxDailyUnstake": 5
1717
+ * },
1718
+ * {
1719
+ * "OriginAllowlist": [
1720
+ * "https://example.com"
1721
+ * ]
1722
+ * }
1723
+ * ]
1724
+ */
1725
+ policy?: Record<string, never>[] | null;
1726
+ };
1727
+ };
1728
+ };
1729
+ UserInfo: {
1730
+ content: {
1731
+ "application/json": {
1732
+ /** @example alice@example.com */
1733
+ email: string;
1734
+ /** @description All multi-factor authentication methods configured for this user */
1735
+ mfa: components["schemas"]["ConfiguredMfa"][];
1736
+ /**
1737
+ * @description All organizations the user belongs to
1738
+ * @example [
1739
+ * "Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a"
1740
+ * ]
1741
+ */
1742
+ org_ids: string[];
1743
+ /**
1744
+ * @description The id of the currently logged in user
1745
+ * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
1746
+ */
1747
+ user_id: string;
1748
+ };
1749
+ };
1750
+ };
1751
+ };
1752
+ parameters: never;
1753
+ requestBodies: never;
1754
+ headers: never;
1755
+ pathItems: never;
1756
+ }
1757
+ export type external = Record<string, never>;
1758
+ export interface operations {
1759
+ /**
1760
+ * User Info
1761
+ * @description User Info
1762
+ *
1763
+ * Retrieves information about the current user.
1764
+ */
1765
+ aboutMe: {
1766
+ responses: {
1767
+ 200: components["responses"]["UserInfo"];
1768
+ default: {
1769
+ content: {
1770
+ "application/json": components["schemas"]["ErrorResponse"];
1771
+ };
1772
+ };
1773
+ };
1774
+ };
1775
+ /**
1776
+ * Get Org
1777
+ * @description Get Org
1778
+ *
1779
+ * Retrieves information about an organization.
1780
+ */
1781
+ getOrg: {
1782
+ parameters: {
1783
+ path: {
1784
+ /**
1785
+ * @description Name or ID of the desired Org
1786
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1787
+ */
1788
+ org_id: string;
1789
+ };
1790
+ };
1791
+ responses: {
1792
+ 200: components["responses"]["OrgInfo"];
1793
+ default: {
1794
+ content: {
1795
+ "application/json": components["schemas"]["ErrorResponse"];
1796
+ };
1797
+ };
1798
+ };
1799
+ };
1800
+ /**
1801
+ * Update Org
1802
+ * @description Update Org
1803
+ *
1804
+ * Update organization attributes (enabled flag, name, and policies).
1805
+ */
1806
+ updateOrg: {
1807
+ parameters: {
1808
+ path: {
1809
+ /**
1810
+ * @description Name or ID of the desired Org
1811
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1812
+ */
1813
+ org_id: string;
1814
+ };
1815
+ };
1816
+ requestBody: {
1817
+ content: {
1818
+ "application/json": components["schemas"]["UpdateOrgRequest"];
1819
+ };
1820
+ };
1821
+ responses: {
1822
+ 200: components["responses"]["UpdateOrgResponse"];
1823
+ default: {
1824
+ content: {
1825
+ "application/json": components["schemas"]["ErrorResponse"];
1826
+ };
1827
+ };
1828
+ };
1829
+ };
1830
+ /**
1831
+ * Sign Bitcoin Transaction
1832
+ * @description Sign Bitcoin Transaction
1833
+ *
1834
+ * Signs a Bitcoin transaction with a given key.
1835
+ * This is a pre-release feature.
1836
+ */
1837
+ btcSign: {
1838
+ parameters: {
1839
+ path: {
1840
+ /**
1841
+ * @description Name or ID of the desired Org
1842
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1843
+ */
1844
+ org_id: string;
1845
+ /**
1846
+ * @description bech32 encoding of the public key
1847
+ * @example bc1q5p5qkae77ly80kr4pyfytdqm7rf08ddhdejl9g
1848
+ */
1849
+ pubkey: string;
1850
+ };
1851
+ };
1852
+ requestBody: {
1853
+ content: {
1854
+ "application/json": components["schemas"]["BtcSignRequest"];
1855
+ };
1856
+ };
1857
+ responses: {
1858
+ 200: components["responses"]["BtcSignResponse"];
1859
+ 202: {
1860
+ content: {
1861
+ "application/json": components["schemas"]["AcceptedResponse"];
1862
+ };
1863
+ };
1864
+ default: {
1865
+ content: {
1866
+ "application/json": components["schemas"]["ErrorResponse"];
1867
+ };
1868
+ };
1869
+ };
1870
+ };
1871
+ /**
1872
+ * Create Key-Import Key
1873
+ * @description Create Key-Import Key
1874
+ *
1875
+ * Generate an ephemeral key that a client can use for key-import encryption.
1876
+ */
1877
+ createKeyImportKey: {
1878
+ parameters: {
1879
+ path: {
1880
+ /**
1881
+ * @description Name or ID of the desired Org
1882
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1883
+ */
1884
+ org_id: string;
1885
+ };
1886
+ };
1887
+ responses: {
1888
+ 200: components["responses"]["CreateKeyImportKeyResponse"];
1889
+ default: {
1890
+ content: {
1891
+ "application/json": components["schemas"]["ErrorResponse"];
1892
+ };
1893
+ };
1894
+ };
1895
+ };
1896
+ /**
1897
+ * Import Key
1898
+ * @description Import Key
1899
+ *
1900
+ * Securely imports an existing key using a previously generated key-import key.
1901
+ */
1902
+ importKey: {
1903
+ parameters: {
1904
+ path: {
1905
+ /**
1906
+ * @description Name or ID of the desired Org
1907
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1908
+ */
1909
+ org_id: string;
1910
+ };
1911
+ };
1912
+ requestBody: {
1913
+ content: {
1914
+ "application/json": components["schemas"]["ImportKeyRequest"];
1915
+ };
1916
+ };
1917
+ responses: {
1918
+ 200: components["responses"]["CreateKeyResponse"];
1919
+ default: {
1920
+ content: {
1921
+ "application/json": components["schemas"]["ErrorResponse"];
1922
+ };
1923
+ };
1924
+ };
1925
+ };
1926
+ /**
1927
+ * Invite User
1928
+ * @description Invite User
1929
+ *
1930
+ * Creates a new user in an existing org and sends that user an invite email.
1931
+ */
1932
+ invite: {
1933
+ parameters: {
1934
+ path: {
1935
+ /**
1936
+ * @description Name or ID of the desired Org
1937
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1938
+ */
1939
+ org_id: string;
1940
+ };
1941
+ };
1942
+ requestBody: {
1943
+ content: {
1944
+ "application/json": components["schemas"]["InviteRequest"];
1945
+ };
1946
+ };
1947
+ responses: {
1948
+ 200: components["responses"]["EmptyImpl"];
1949
+ default: {
1950
+ content: {
1951
+ "application/json": components["schemas"]["ErrorResponse"];
1952
+ };
1953
+ };
1954
+ };
1955
+ };
1956
+ /**
1957
+ * List Keys
1958
+ * @description List Keys
1959
+ *
1960
+ * Gets the list of owned keys in a given org.
1961
+ */
1962
+ listKeysInOrg: {
1963
+ parameters: {
1964
+ query?: {
1965
+ /**
1966
+ * @description Filter by key type
1967
+ * @example SecpEthAddr
1968
+ */
1969
+ key_type?: components["schemas"]["KeyType"];
1970
+ };
1971
+ path: {
1972
+ /**
1973
+ * @description Name or ID of the desired Org
1974
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
1975
+ */
1976
+ org_id: string;
1977
+ };
1978
+ };
1979
+ responses: {
1980
+ 200: components["responses"]["GetKeysInOrgResponse"];
1981
+ default: {
1982
+ content: {
1983
+ "application/json": components["schemas"]["ErrorResponse"];
1984
+ };
1985
+ };
1986
+ };
1987
+ };
1988
+ /**
1989
+ * Import Key (Deprecated)
1990
+ * @description Import Key (Deprecated)
1991
+ *
1992
+ * Securely imports an existing key. This API is deprecated; please use the new version.
1993
+ */
1994
+ importKeyLegacy: {
1995
+ parameters: {
1996
+ path: {
1997
+ /**
1998
+ * @description Name or ID of the desired Org
1999
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2000
+ */
2001
+ org_id: string;
2002
+ };
2003
+ };
2004
+ requestBody: {
2005
+ content: {
2006
+ "application/json": components["schemas"]["ImportKeyLegacyRequest"];
2007
+ };
2008
+ };
2009
+ responses: {
2010
+ 200: components["responses"]["CreateKeyResponse"];
2011
+ default: {
2012
+ content: {
2013
+ "application/json": components["schemas"]["ErrorResponse"];
2014
+ };
2015
+ };
2016
+ };
2017
+ };
2018
+ /**
2019
+ * Create Key
2020
+ * @description Create Key
2021
+ *
2022
+ * Creates one or more new keys of the specified type (BLS or Secp).
2023
+ */
2024
+ createKey: {
2025
+ parameters: {
2026
+ path: {
2027
+ /**
2028
+ * @description Name or ID of the desired Org
2029
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2030
+ */
2031
+ org_id: string;
2032
+ };
2033
+ };
2034
+ requestBody: {
2035
+ content: {
2036
+ "application/json": components["schemas"]["CreateKeyRequest"];
2037
+ };
2038
+ };
2039
+ responses: {
2040
+ 200: components["responses"]["CreateKeyResponse"];
2041
+ default: {
2042
+ content: {
2043
+ "application/json": components["schemas"]["ErrorResponse"];
2044
+ };
2045
+ };
2046
+ };
2047
+ };
2048
+ /**
2049
+ * Legacy List Keys
2050
+ * @deprecated
2051
+ * @description Legacy List Keys
2052
+ *
2053
+ * This route is deprecated. Use `GET /v0/org/<org_id>/keys?<key_type>`
2054
+ */
2055
+ listKeysLegacy: {
2056
+ parameters: {
2057
+ path: {
2058
+ /**
2059
+ * @description Name or ID of the desired Org
2060
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2061
+ */
2062
+ org_id: string;
2063
+ };
2064
+ };
2065
+ requestBody: {
2066
+ content: {
2067
+ "application/json": components["schemas"]["GetKeysInOrgRequest"];
2068
+ };
2069
+ };
2070
+ responses: {
2071
+ 200: components["responses"]["GetKeysInOrgResponse"];
2072
+ default: {
2073
+ content: {
2074
+ "application/json": components["schemas"]["ErrorResponse"];
2075
+ };
2076
+ };
2077
+ };
2078
+ };
2079
+ /**
2080
+ * Get Key
2081
+ * @description Get Key
2082
+ *
2083
+ * Returns the properties of a key.
2084
+ */
2085
+ getKeyInOrg: {
2086
+ parameters: {
2087
+ path: {
2088
+ /**
2089
+ * @description Name or ID of the desired Org
2090
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2091
+ */
2092
+ org_id: string;
2093
+ /**
2094
+ * @description ID of the key
2095
+ * @example Key#0x8e3484687e66cdd26cf04c3647633ab4f3570148
2096
+ */
2097
+ key_id: string;
2098
+ };
2099
+ };
2100
+ responses: {
2101
+ 200: components["responses"]["KeyInfo"];
2102
+ default: {
2103
+ content: {
2104
+ "application/json": components["schemas"]["ErrorResponse"];
2105
+ };
2106
+ };
2107
+ };
2108
+ };
2109
+ /**
2110
+ * Update Key
2111
+ * @description Update Key
2112
+ *
2113
+ * Enable or disable a key. The user must be the owner of the key or organization to perform this action.
2114
+ */
2115
+ updateKey: {
2116
+ parameters: {
2117
+ path: {
2118
+ /**
2119
+ * @description Name or ID of the desired Org
2120
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2121
+ */
2122
+ org_id: string;
2123
+ /**
2124
+ * @description ID of the key
2125
+ * @example Key#0x8e3484687e66cdd26cf04c3647633ab4f3570148
2126
+ */
2127
+ key_id: string;
2128
+ };
2129
+ };
2130
+ requestBody: {
2131
+ content: {
2132
+ "application/json": components["schemas"]["UpdateKeyRequest"];
2133
+ };
2134
+ };
2135
+ responses: {
2136
+ 200: components["responses"]["KeyInfo"];
2137
+ default: {
2138
+ content: {
2139
+ "application/json": components["schemas"]["ErrorResponse"];
2140
+ };
2141
+ };
2142
+ };
2143
+ };
2144
+ /**
2145
+ * Gets a Pending MFA Request
2146
+ * @description Gets a Pending MFA Request
2147
+ *
2148
+ * Retrieves and returns a pending MFA request by its id.
2149
+ */
2150
+ mfaGet: {
2151
+ parameters: {
2152
+ path: {
2153
+ /**
2154
+ * @description Name or ID of the desired Org
2155
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2156
+ */
2157
+ org_id: string;
2158
+ /**
2159
+ * @description ID of the approval
2160
+ * @example ...
2161
+ */
2162
+ mfa_id: string;
2163
+ };
2164
+ };
2165
+ responses: {
2166
+ 200: components["responses"]["MfaRequestInfo"];
2167
+ default: {
2168
+ content: {
2169
+ "application/json": components["schemas"]["ErrorResponse"];
2170
+ };
2171
+ };
2172
+ };
2173
+ };
2174
+ /**
2175
+ * Approve a Pending MFA Request
2176
+ * @description Approve a Pending MFA Request
2177
+ *
2178
+ * Adds the current user as an approver of a pending MFA request of the [Status::RequiredApprovers] kind.
2179
+ * If the required number of approvers is reached, the MFA request is approved;
2180
+ * the confirmation receipt can be used to resume the original HTTP request.
2181
+ */
2182
+ mfaApproveCs: {
2183
+ parameters: {
2184
+ path: {
2185
+ /**
2186
+ * @description Name or ID of the desired Org
2187
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2188
+ */
2189
+ org_id: string;
2190
+ /**
2191
+ * @description ID of the MFA approval request
2192
+ * @example MfaRequest#6de79de4-662c-4203-9235-b6ace5cb432b
2193
+ */
2194
+ mfa_id: string;
2195
+ };
2196
+ };
2197
+ responses: {
2198
+ 200: components["responses"]["MfaRequestInfo"];
2199
+ default: {
2200
+ content: {
2201
+ "application/json": components["schemas"]["ErrorResponse"];
2202
+ };
2203
+ };
2204
+ };
2205
+ };
2206
+ /**
2207
+ * Approve a TOTP MFA Request
2208
+ * @description Approve a TOTP MFA Request
2209
+ *
2210
+ * Adds an approver to a pending TOTP MFA request.
2211
+ *
2212
+ * If the required number of approvers is reached, the MFA request is approved;
2213
+ * the confirmation receipt can be used to resume the original HTTP request.
2214
+ */
2215
+ mfaApproveTotp: {
2216
+ parameters: {
2217
+ path: {
2218
+ /**
2219
+ * @description Name or ID of the desired Org
2220
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2221
+ */
2222
+ org_id: string;
2223
+ /**
2224
+ * @description ID of the MFA approval request
2225
+ * @example MfaRequest#6de79de4-662c-4203-9235-b6ace5cb432b
2226
+ */
2227
+ mfa_id: string;
2228
+ };
2229
+ };
2230
+ requestBody: {
2231
+ content: {
2232
+ "application/json": components["schemas"]["TotpApproveRequest"];
2233
+ };
2234
+ };
2235
+ responses: {
2236
+ 200: components["responses"]["MfaRequestInfo"];
2237
+ default: {
2238
+ content: {
2239
+ "application/json": components["schemas"]["ErrorResponse"];
2240
+ };
2241
+ };
2242
+ };
2243
+ };
2244
+ /**
2245
+ * Login with OIDC
2246
+ * @description Login with OIDC
2247
+ *
2248
+ * Exchange an OIDC ID token (passed via the `Authorization` header) for a signer session
2249
+ */
2250
+ oidcAuth: {
2251
+ parameters: {
2252
+ path: {
2253
+ /**
2254
+ * @description Name or ID of the desired Org
2255
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2256
+ */
2257
+ org_id: string;
2258
+ };
2259
+ };
2260
+ requestBody: {
2261
+ content: {
2262
+ "application/json": components["schemas"]["OidcLoginRequest"];
2263
+ };
2264
+ };
2265
+ responses: {
2266
+ 200: components["responses"]["OidcLoginResponse"];
2267
+ 202: {
2268
+ content: {
2269
+ "application/json": components["schemas"]["AcceptedResponse"];
2270
+ };
2271
+ };
2272
+ default: {
2273
+ content: {
2274
+ "application/json": components["schemas"]["ErrorResponse"];
2275
+ };
2276
+ };
2277
+ };
2278
+ };
2279
+ /**
2280
+ * List Roles
2281
+ * @description List Roles
2282
+ *
2283
+ * Retrieves all roles in an organization that the current user is allowed to access.
2284
+ */
2285
+ listRoles: {
2286
+ parameters: {
2287
+ path: {
2288
+ /**
2289
+ * @description Name or ID of the desired Org
2290
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2291
+ */
2292
+ org_id: string;
2293
+ };
2294
+ };
2295
+ responses: {
2296
+ 200: components["responses"]["ListRolesResponse"];
2297
+ default: {
2298
+ content: {
2299
+ "application/json": components["schemas"]["ErrorResponse"];
2300
+ };
2301
+ };
2302
+ };
2303
+ };
2304
+ /**
2305
+ * Create Role
2306
+ * @description Create Role
2307
+ *
2308
+ * Creates a new role in an organization. Unless the logged-in user
2309
+ * is the owner, they are automatically added to the newly created role.
2310
+ */
2311
+ createRole: {
2312
+ parameters: {
2313
+ path: {
2314
+ /**
2315
+ * @description Name or ID of the desired Org
2316
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2317
+ */
2318
+ org_id: string;
2319
+ };
2320
+ };
2321
+ /** @description Optional request body to set the role name */
2322
+ requestBody?: {
2323
+ content: {
2324
+ "application/json": components["schemas"]["CreateRoleRequest"];
2325
+ };
2326
+ };
2327
+ responses: {
2328
+ 200: components["responses"]["CreateRoleResponse"];
2329
+ default: {
2330
+ content: {
2331
+ "application/json": components["schemas"]["ErrorResponse"];
2332
+ };
2333
+ };
2334
+ };
2335
+ };
2336
+ /**
2337
+ * Get Role
2338
+ * @description Get Role
2339
+ *
2340
+ * Retrieves information about a role in an organization
2341
+ */
2342
+ getRole: {
2343
+ parameters: {
2344
+ path: {
2345
+ /**
2346
+ * @description Name or ID of the desired Org
2347
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2348
+ */
2349
+ org_id: string;
2350
+ /**
2351
+ * @description Name or ID of the desired Role
2352
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2353
+ */
2354
+ role_id: string;
2355
+ };
2356
+ };
2357
+ responses: {
2358
+ 200: components["responses"]["RoleInfo"];
2359
+ default: {
2360
+ content: {
2361
+ "application/json": components["schemas"]["ErrorResponse"];
2362
+ };
2363
+ };
2364
+ };
2365
+ };
2366
+ /**
2367
+ * Delete Role
2368
+ * @description Delete Role
2369
+ *
2370
+ * Deletes a role in an organization.
2371
+ * Only organization owners can perform this action.
2372
+ */
2373
+ deleteRole: {
2374
+ parameters: {
2375
+ path: {
2376
+ /**
2377
+ * @description Name or ID of the desired Org
2378
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2379
+ */
2380
+ org_id: string;
2381
+ /**
2382
+ * @description Name or ID of the desired Role
2383
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2384
+ */
2385
+ role_id: string;
2386
+ };
2387
+ };
2388
+ responses: {
2389
+ 200: components["responses"]["EmptyImpl"];
2390
+ default: {
2391
+ content: {
2392
+ "application/json": components["schemas"]["ErrorResponse"];
2393
+ };
2394
+ };
2395
+ };
2396
+ };
2397
+ /**
2398
+ * Update Role
2399
+ * @description Update Role
2400
+ *
2401
+ * Enables or disables a role.
2402
+ * The user must be in the role or an owner of the organization.
2403
+ */
2404
+ updateRole: {
2405
+ parameters: {
2406
+ path: {
2407
+ /**
2408
+ * @description Name or ID of the desired Org
2409
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2410
+ */
2411
+ org_id: string;
2412
+ /**
2413
+ * @description Name or ID of the desired Role
2414
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2415
+ */
2416
+ role_id: string;
2417
+ };
2418
+ };
2419
+ requestBody: {
2420
+ content: {
2421
+ "application/json": components["schemas"]["UpdateRoleRequest"];
2422
+ };
2423
+ };
2424
+ responses: {
2425
+ 200: components["responses"]["EmptyImpl"];
2426
+ default: {
2427
+ content: {
2428
+ "application/json": components["schemas"]["ErrorResponse"];
2429
+ };
2430
+ };
2431
+ };
2432
+ };
2433
+ /**
2434
+ * Add Keys
2435
+ * @description Add Keys
2436
+ *
2437
+ * Adds a list of existing keys to an existing role.
2438
+ */
2439
+ addKeysToRole: {
2440
+ parameters: {
2441
+ path: {
2442
+ /**
2443
+ * @description Name or ID of the desired Org
2444
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2445
+ */
2446
+ org_id: string;
2447
+ /**
2448
+ * @description Name or ID of the desired Role
2449
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2450
+ */
2451
+ role_id: string;
2452
+ };
2453
+ };
2454
+ requestBody: {
2455
+ content: {
2456
+ "application/json": components["schemas"]["AddKeysToRoleRequest"];
2457
+ };
2458
+ };
2459
+ responses: {};
2460
+ };
2461
+ /**
2462
+ * Add User
2463
+ * @description Add User
2464
+ *
2465
+ * Adds an existing user to an existing role.
2466
+ * Only users in the role or owners can add users to a role.
2467
+ */
2468
+ addUserToRole: {
2469
+ parameters: {
2470
+ path: {
2471
+ /**
2472
+ * @description Name or ID of the desired Org
2473
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2474
+ */
2475
+ org_id: string;
2476
+ /**
2477
+ * @description Name or ID of the desired Role
2478
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2479
+ */
2480
+ role_id: string;
2481
+ /**
2482
+ * @description ID of the user to add to role
2483
+ * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
2484
+ */
2485
+ user_id: string;
2486
+ };
2487
+ };
2488
+ responses: {};
2489
+ };
2490
+ /**
2491
+ * Remove Key
2492
+ * @description Remove Key
2493
+ *
2494
+ * Removes a given key from a role
2495
+ */
2496
+ removeKeyFromRole: {
2497
+ parameters: {
2498
+ path: {
2499
+ /**
2500
+ * @description Name or ID of the desired Org
2501
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2502
+ */
2503
+ org_id: string;
2504
+ /**
2505
+ * @description Name or ID of the desired Role
2506
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2507
+ */
2508
+ role_id: string;
2509
+ /**
2510
+ * @description ID of the desired Key
2511
+ * @example Key#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2512
+ */
2513
+ key_id: string;
2514
+ };
2515
+ };
2516
+ responses: {};
2517
+ };
2518
+ /**
2519
+ * List Tokens
2520
+ * @description List Tokens
2521
+ *
2522
+ * Returns all access tokens for a given role.
2523
+ * Only users in the role or owners can create a token for it.
2524
+ */
2525
+ listRoleTokens: {
2526
+ parameters: {
2527
+ path: {
2528
+ /**
2529
+ * @description Name or ID of the desired Org
2530
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2531
+ */
2532
+ org_id: string;
2533
+ /**
2534
+ * @description Name or ID of the desired Role
2535
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2536
+ */
2537
+ role_id: string;
2538
+ };
2539
+ };
2540
+ responses: {
2541
+ 200: components["responses"]["ListTokensResponse"];
2542
+ default: {
2543
+ content: {
2544
+ "application/json": components["schemas"]["ErrorResponse"];
2545
+ };
2546
+ };
2547
+ };
2548
+ };
2549
+ /**
2550
+ * Create Token
2551
+ * @description Create Token
2552
+ *
2553
+ * Creates a new access token for a given role (to be used as "API Key" for all signing actions).
2554
+ * Only users in the role or owners can create a token for it.
2555
+ */
2556
+ createRoleToken: {
2557
+ parameters: {
2558
+ path: {
2559
+ /**
2560
+ * @description Name or ID of the desired Org
2561
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2562
+ */
2563
+ org_id: string;
2564
+ /**
2565
+ * @description Name or ID of the desired Role
2566
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2567
+ */
2568
+ role_id: string;
2569
+ };
2570
+ };
2571
+ requestBody: {
2572
+ content: {
2573
+ "application/json": components["schemas"]["CreateTokenRequest"];
2574
+ };
2575
+ };
2576
+ responses: {
2577
+ 200: components["responses"]["CreateTokenResponse"];
2578
+ default: {
2579
+ content: {
2580
+ "application/json": components["schemas"]["ErrorResponse"];
2581
+ };
2582
+ };
2583
+ };
2584
+ };
2585
+ /**
2586
+ * Revoke All Tokens
2587
+ * @description Revoke All Tokens
2588
+ *
2589
+ * Revokes all access tokens associated with a role.
2590
+ * Only users in the role or owners can perform this action.
2591
+ */
2592
+ revokeAllRoleTokens: {
2593
+ parameters: {
2594
+ path: {
2595
+ /**
2596
+ * @description Name or ID of the desired Org
2597
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2598
+ */
2599
+ org_id: string;
2600
+ /**
2601
+ * @description Name or ID of the desired Role
2602
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2603
+ */
2604
+ role_id: string;
2605
+ };
2606
+ };
2607
+ responses: {
2608
+ 200: components["responses"]["RevokeTokensResponse"];
2609
+ default: {
2610
+ content: {
2611
+ "application/json": components["schemas"]["ErrorResponse"];
2612
+ };
2613
+ };
2614
+ };
2615
+ };
2616
+ /**
2617
+ * Revoke Token
2618
+ * @description Revoke Token
2619
+ *
2620
+ * Revokes an access token associated with a role.
2621
+ * Only users in the role or owners can perform this action.
2622
+ */
2623
+ revokeRoleToken: {
2624
+ parameters: {
2625
+ path: {
2626
+ /**
2627
+ * @description Name or ID of the desired Org
2628
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2629
+ */
2630
+ org_id: string;
2631
+ /**
2632
+ * @description Name or ID of the desired Role
2633
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2634
+ */
2635
+ role_id: string;
2636
+ /**
2637
+ * @description The ID of the session to revoke
2638
+ * @example 77aad2100c361f497635dd005c4d15781e2e5df4b9f45d8e74f37425cbc30b9e
2639
+ */
2640
+ session_id: string;
2641
+ };
2642
+ };
2643
+ responses: {
2644
+ 200: components["responses"]["RevokeTokenResponse"];
2645
+ default: {
2646
+ content: {
2647
+ "application/json": components["schemas"]["ErrorResponse"];
2648
+ };
2649
+ };
2650
+ };
2651
+ };
2652
+ /**
2653
+ * Get Token-Accessible Keys
2654
+ * @description Get Token-Accessible Keys
2655
+ *
2656
+ * Retrieves the keys that the role token can access.
2657
+ */
2658
+ listTokenKeys: {
2659
+ parameters: {
2660
+ path: {
2661
+ /**
2662
+ * @description Name or ID of the desired Org
2663
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2664
+ */
2665
+ org_id: string;
2666
+ };
2667
+ };
2668
+ responses: {
2669
+ 200: components["responses"]["KeyInfos"];
2670
+ default: {
2671
+ content: {
2672
+ "application/json": components["schemas"]["ErrorResponse"];
2673
+ };
2674
+ };
2675
+ };
2676
+ };
2677
+ /**
2678
+ * List users in organization
2679
+ * @description List users in organization
2680
+ */
2681
+ listUsersInOrg: {
2682
+ parameters: {
2683
+ path: {
2684
+ /**
2685
+ * @description Name or ID of the desired Org
2686
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2687
+ */
2688
+ org_id: string;
2689
+ };
2690
+ };
2691
+ responses: {
2692
+ 200: components["responses"]["GetUsersInOrgResponse"];
2693
+ default: {
2694
+ content: {
2695
+ "application/json": components["schemas"]["ErrorResponse"];
2696
+ };
2697
+ };
2698
+ };
2699
+ };
2700
+ /**
2701
+ * Adds a third-party user to the org
2702
+ * @description Adds a third-party user to the org
2703
+ */
2704
+ createOidcUser: {
2705
+ parameters: {
2706
+ path: {
2707
+ /**
2708
+ * @description Name or ID of the desired Org
2709
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2710
+ */
2711
+ org_id: string;
2712
+ };
2713
+ };
2714
+ requestBody: {
2715
+ content: {
2716
+ "application/json": components["schemas"]["AddThirdPartyUserRequest"];
2717
+ };
2718
+ };
2719
+ responses: {
2720
+ 200: components["responses"]["AddThirdPartyUserResponse"];
2721
+ default: {
2722
+ content: {
2723
+ "application/json": components["schemas"]["ErrorResponse"];
2724
+ };
2725
+ };
2726
+ };
2727
+ };
2728
+ /**
2729
+ * Reset TOTP
2730
+ * @description Reset TOTP
2731
+ *
2732
+ * Creates and sets a new TOTP configuration for the current user,
2733
+ * overriding the existing one (if any).
2734
+ */
2735
+ userResetTotp: {
2736
+ responses: {
2737
+ 200: components["responses"]["TotpInfo"];
2738
+ default: {
2739
+ content: {
2740
+ "application/json": components["schemas"]["ErrorResponse"];
2741
+ };
2742
+ };
2743
+ };
2744
+ };
2745
+ /**
2746
+ * Verify TOTP
2747
+ * @description Verify TOTP
2748
+ *
2749
+ * Checks if a given code matches the current TOTP code for the current user.
2750
+ * Errors with 403 if the current user has not set up TOTP or the code fails verification.
2751
+ */
2752
+ userVerifyTotp: {
2753
+ parameters: {
2754
+ path: {
2755
+ code: string;
2756
+ };
2757
+ };
2758
+ responses: {
2759
+ 200: components["responses"]["EmptyImpl"];
2760
+ default: {
2761
+ content: {
2762
+ "application/json": components["schemas"]["ErrorResponse"];
2763
+ };
2764
+ };
2765
+ };
2766
+ };
2767
+ /**
2768
+ * Sign Raw Blob
2769
+ * @description Sign Raw Blob
2770
+ *
2771
+ * Signs an arbitrary blob with a given key.
2772
+ * This is a pre-release feature.
2773
+ */
2774
+ blobSign: {
2775
+ parameters: {
2776
+ path: {
2777
+ /**
2778
+ * @description Name or ID of the desired Org
2779
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2780
+ */
2781
+ org_id: string;
2782
+ /**
2783
+ * @description The ID of the key
2784
+ * @example Key#0x49011adbCC3bC9c0307BB07F37Dda1a1a9c69d2E
2785
+ */
2786
+ key_id: string;
2787
+ };
2788
+ };
2789
+ requestBody: {
2790
+ content: {
2791
+ "application/json": components["schemas"]["BlobSignRequest"];
2792
+ };
2793
+ };
2794
+ responses: {
2795
+ 200: components["responses"]["BlobSignResponse"];
2796
+ 202: {
2797
+ content: {
2798
+ "application/json": components["schemas"]["AcceptedResponse"];
2799
+ };
2800
+ };
2801
+ default: {
2802
+ content: {
2803
+ "application/json": components["schemas"]["ErrorResponse"];
2804
+ };
2805
+ };
2806
+ };
2807
+ };
2808
+ /**
2809
+ * Record heartbeat
2810
+ * @description Record heartbeat
2811
+ *
2812
+ * This endpoint is called by the cube3signer proxy to record various metrics to CloudWatch.
2813
+ */
2814
+ cube3signerHeartbeat: {
2815
+ parameters: {
2816
+ path: {
2817
+ /**
2818
+ * @description Name or ID of the organization owning the key
2819
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2820
+ */
2821
+ org_id: string;
2822
+ };
2823
+ };
2824
+ requestBody: {
2825
+ content: {
2826
+ "application/json": components["schemas"]["HeartbeatRequest"];
2827
+ };
2828
+ };
2829
+ responses: {
2830
+ 200: components["responses"]["EmptyImpl"];
2831
+ default: {
2832
+ content: {
2833
+ "application/json": components["schemas"]["ErrorResponse"];
2834
+ };
2835
+ };
2836
+ };
2837
+ };
2838
+ /**
2839
+ * Sign EVM Transaction
2840
+ * @description Sign EVM Transaction
2841
+ *
2842
+ * Signs an Ethereum (and other EVM) transaction with a given Secp256k1 key.
2843
+ *
2844
+ * The key must be associated with the role and organization on whose behalf this action is called.
2845
+ */
2846
+ eth1Sign: {
2847
+ parameters: {
2848
+ path: {
2849
+ /**
2850
+ * @description Name or ID of the desired Org
2851
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2852
+ */
2853
+ org_id: string;
2854
+ /**
2855
+ * @description Hex-encoded ethereum address of the secp key
2856
+ * @example 0x49011adbCC3bC9c0307BB07F37Dda1a1a9c69d2E
2857
+ */
2858
+ pubkey: string;
2859
+ };
2860
+ };
2861
+ requestBody: {
2862
+ content: {
2863
+ "application/json": components["schemas"]["Eth1SignRequest"];
2864
+ };
2865
+ };
2866
+ responses: {
2867
+ 200: components["responses"]["Eth1SignResponse"];
2868
+ default: {
2869
+ content: {
2870
+ "application/json": components["schemas"]["ErrorResponse"];
2871
+ };
2872
+ };
2873
+ };
2874
+ };
2875
+ /**
2876
+ * Sign Validator Request
2877
+ * @description Sign Validator Request
2878
+ *
2879
+ * Signs an eth2 validator request with a given BLS key.
2880
+ *
2881
+ * The key must be associated with the role and organization on whose behalf this action is called.
2882
+ */
2883
+ eth2Sign: {
2884
+ parameters: {
2885
+ path: {
2886
+ /**
2887
+ * @description Name or ID of the desired Org
2888
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2889
+ */
2890
+ org_id: string;
2891
+ /**
2892
+ * @description Hex-encoded validator (BLS) public key with 0x prefix
2893
+ * @example 0x9700fbb8c906942442c2a5b3ad7498f27aedda253786a6fbaa8fef47fb7af234e50cf2cce815a553087992ae565d48da
2894
+ */
2895
+ pubkey: string;
2896
+ };
2897
+ };
2898
+ requestBody: {
2899
+ content: {
2900
+ "application/json": components["schemas"]["Eth2SignRequest"];
2901
+ };
2902
+ };
2903
+ responses: {
2904
+ 200: components["responses"]["Eth2SignResponse"];
2905
+ default: {
2906
+ content: {
2907
+ "application/json": components["schemas"]["ErrorResponse"];
2908
+ };
2909
+ };
2910
+ };
2911
+ };
2912
+ /**
2913
+ * Sign Stake Deposit
2914
+ * @description Sign Stake Deposit
2915
+ *
2916
+ * Signs a deposit transaction with a `validator_key`. If `validator_key` is set to a pregenerated key, we use the
2917
+ * provided validator key. Otherwise, we generate a new BLS key.
2918
+ *
2919
+ * When using a pregenerated key, the key must be associated with the role and organization on whose
2920
+ * behalf this action is called.
2921
+ */
2922
+ stake: {
2923
+ parameters: {
2924
+ path: {
2925
+ /**
2926
+ * @description Name or ID of the desired Org
2927
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2928
+ */
2929
+ org_id: string;
2930
+ };
2931
+ };
2932
+ requestBody: {
2933
+ content: {
2934
+ "application/json": components["schemas"]["StakeRequest"];
2935
+ };
2936
+ };
2937
+ responses: {
2938
+ 200: components["responses"]["StakeResponse"];
2939
+ default: {
2940
+ content: {
2941
+ "application/json": components["schemas"]["ErrorResponse"];
2942
+ };
2943
+ };
2944
+ };
2945
+ };
2946
+ /**
2947
+ * Sign Unstake Request
2948
+ * @description Sign Unstake Request
2949
+ *
2950
+ * Handle unstaking request, producing a signed voluntary exit message
2951
+ * that can be posted directly to the Beacon chain.
2952
+ *
2953
+ * The key must be associated with the role and organization on whose behalf this action is called.
2954
+ */
2955
+ unstake: {
2956
+ parameters: {
2957
+ path: {
2958
+ /**
2959
+ * @description Name or ID of the desired Org
2960
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2961
+ */
2962
+ org_id: string;
2963
+ /**
2964
+ * @description Hex-encoded validator (BLS) public key
2965
+ * @example 0xa99a76ed7796f7be22d5b7e85deeb7c5677e88e511e0b337618f8c4eb61349b4bf2d153f649f7b53359fe8b94a38e44c
2966
+ */
2967
+ pubkey: string;
2968
+ };
2969
+ };
2970
+ requestBody: {
2971
+ content: {
2972
+ "application/json": components["schemas"]["UnstakeRequest"];
2973
+ };
2974
+ };
2975
+ responses: {
2976
+ 200: components["responses"]["UnstakeResponse"];
2977
+ default: {
2978
+ content: {
2979
+ "application/json": components["schemas"]["ErrorResponse"];
2980
+ };
2981
+ };
2982
+ };
2983
+ };
2984
+ /**
2985
+ * Sign Solana Message
2986
+ * @description Sign Solana Message
2987
+ *
2988
+ * Signs a Solana message with a given key.
2989
+ * This is a pre-release feature.
2990
+ */
2991
+ solanaSign: {
2992
+ parameters: {
2993
+ path: {
2994
+ /**
2995
+ * @description Name or ID of the desired Org
2996
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2997
+ */
2998
+ org_id: string;
2999
+ /**
3000
+ * @description The base58-encoded public key
3001
+ * @example 86ZRPszBp5EoPj7wR3bHn7wnAZ5iYfpasRc7DKFPTUaZ
3002
+ */
3003
+ pubkey: string;
3004
+ };
3005
+ };
3006
+ requestBody: {
3007
+ content: {
3008
+ "application/json": components["schemas"]["SolanaSignRequest"];
3009
+ };
3010
+ };
3011
+ responses: {
3012
+ 200: components["responses"]["SolanaSignResponse"];
3013
+ default: {
3014
+ content: {
3015
+ "application/json": components["schemas"]["ErrorResponse"];
3016
+ };
3017
+ };
3018
+ };
3019
+ };
3020
+ /**
3021
+ * Refresh Signer Session
3022
+ * @description Refresh Signer Session
3023
+ */
3024
+ signerSessionRefresh: {
3025
+ parameters: {
3026
+ path: {
3027
+ /**
3028
+ * @description ID of the organization owning the key
3029
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
3030
+ */
3031
+ org_id: string;
3032
+ };
3033
+ };
3034
+ requestBody: {
3035
+ content: {
3036
+ "application/json": components["schemas"]["AuthData"];
3037
+ };
3038
+ };
3039
+ responses: {
3040
+ 200: components["responses"]["RefreshResponse"];
3041
+ default: {
3042
+ content: {
3043
+ "application/json": components["schemas"]["ErrorResponse"];
3044
+ };
3045
+ };
3046
+ };
3047
+ };
3048
+ }
3049
+ export {};