@cubist-labs/cubesigner-sdk 0.1.50 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/README.md +66 -13
  2. package/dist/src/client.d.ts +434 -7
  3. package/dist/src/client.js +1022 -18
  4. package/dist/src/ethers/index.d.ts +2 -4
  5. package/dist/src/ethers/index.js +11 -9
  6. package/dist/src/fido.d.ts +76 -0
  7. package/dist/src/fido.js +148 -0
  8. package/dist/src/index.d.ts +102 -30
  9. package/dist/src/index.js +126 -72
  10. package/dist/src/key.d.ts +15 -45
  11. package/dist/src/key.js +31 -93
  12. package/dist/src/mfa.d.ts +85 -14
  13. package/dist/src/mfa.js +158 -40
  14. package/dist/src/org.d.ts +237 -123
  15. package/dist/src/org.js +108 -213
  16. package/dist/src/paginator.d.ts +76 -0
  17. package/dist/src/paginator.js +99 -0
  18. package/dist/src/role.d.ts +76 -74
  19. package/dist/src/role.js +79 -136
  20. package/dist/src/schema.d.ts +1672 -520
  21. package/dist/src/schema.js +1 -1
  22. package/dist/src/schema_types.d.ts +103 -0
  23. package/dist/src/schema_types.js +3 -0
  24. package/dist/src/session/session_manager.js +2 -2
  25. package/dist/src/session/session_storage.js +1 -1
  26. package/dist/src/session/signer_session_manager.d.ts +16 -29
  27. package/dist/src/session/signer_session_manager.js +27 -78
  28. package/dist/src/signer_session.d.ts +232 -125
  29. package/dist/src/signer_session.js +149 -250
  30. package/dist/src/util.d.ts +20 -0
  31. package/dist/src/util.js +31 -2
  32. package/package.json +13 -11
  33. package/src/client.ts +1217 -7
  34. package/src/ethers/index.ts +11 -18
  35. package/src/index.ts +149 -101
  36. package/src/key.ts +28 -121
  37. package/src/mfa.ts +202 -0
  38. package/src/org.ts +126 -275
  39. package/src/paginator.ts +122 -0
  40. package/src/role.ts +108 -181
  41. package/src/schema.ts +1673 -520
  42. package/src/schema_types.ts +103 -0
  43. package/src/session/session_manager.ts +2 -2
  44. package/src/session/session_storage.ts +1 -1
  45. package/src/session/signer_session_manager.ts +38 -108
  46. package/src/signer_session.ts +164 -323
  47. package/src/util.ts +41 -0
package/dist/src/schema.d.ts CHANGED
@@ -10,7 +10,7 @@ export interface paths {
10
10
  *
11
11
  * Retrieves information about the current user.
12
12
  */
13
- get: operations["aboutMe"];
13
+ get: operations["aboutMeLegacy"];
14
14
  };
15
15
  "/v0/org/{org_id}": {
16
16
  /**
@@ -28,6 +28,16 @@ export interface paths {
28
28
  */
29
29
  patch: operations["updateOrg"];
30
30
  };
31
+ "/v0/org/{org_id}/ava/sign/{pubkey}": {
32
+ /**
33
+ * Sign Avalanche X- or P-Chain Message
34
+ * @description Sign Avalanche X- or P-Chain Message
35
+ *
36
+ * Signs an Avalanche message with a given SecpAva key.
37
+ * This is a pre-release feature.
38
+ */
39
+ post: operations["avaSign"];
40
+ };
31
41
  "/v0/org/{org_id}/btc/sign/{pubkey}": {
32
42
  /**
33
43
  * Sign Bitcoin Transaction
@@ -48,6 +58,56 @@ export interface paths {
48
58
  */
49
59
  put: operations["deriveKey"];
50
60
  };
61
+ "/v0/org/{org_id}/evm/eip712/sign/{pubkey}": {
62
+ /**
63
+ * Sign EIP-712 Typed Data
64
+ * @description Sign EIP-712 Typed Data
65
+ *
66
+ * Signs typed data according to EIP-712 with a given Secp256k1 key.
67
+ */
68
+ post: operations["eip712Sign"];
69
+ };
70
+ "/v0/org/{org_id}/identity/prove": {
71
+ /**
72
+ * Create [IdentityProof] from CubeSigner user session
73
+ * @description Create [IdentityProof] from CubeSigner user session
74
+ *
75
+ * This route can be used to prove to another party that a user has a
76
+ * valid CubeSigner session.
77
+ *
78
+ * Clients are intended to call this route and pass the returned evidence
79
+ * to another service which will verify it by making a request to `/v0/org/<org_id>/identity/verify`.
80
+ */
81
+ post: operations["createProofCubeSigner"];
82
+ };
83
+ "/v0/org/{org_id}/identity/prove/oidc": {
84
+ /**
85
+ * Create [IdentityProof] from OIDC token
86
+ * @description Create [IdentityProof] from OIDC token
87
+ *
88
+ * Exchange an OIDC ID token (passed via the `Authorization` header) for a proof of authentication.
89
+ *
90
+ * This route can be used to prove to another party that a user has met the
91
+ * authentication requirements (allowed issuers & audiences) for CubeSigner
92
+ * without leaking their credentials.
93
+ *
94
+ * Clients are intended to call this route and pass the returned evidence to another service
95
+ * which will verify it by making a request to `/v0/org/<org_id>/identity/verify`.
96
+ */
97
+ post: operations["createProofOidc"];
98
+ };
99
+ "/v0/org/{org_id}/identity/verify": {
100
+ /**
101
+ * Verify identity proof
102
+ * @description Verify identity proof
103
+ *
104
+ * Allows a third-party to validate proof of authentication.
105
+ *
106
+ * When a third-party is provided an [IdentityProof] object, they must check its
107
+ * veracity by calling this endpoint
108
+ */
109
+ post: operations["verifyProof"];
110
+ };
51
111
  "/v0/org/{org_id}/import_key": {
52
112
  /**
53
113
  * Create Key-Import Key
@@ -81,32 +141,14 @@ export interface paths {
81
141
  * Gets the list of owned keys in a given org.
82
142
  */
83
143
  get: operations["listKeysInOrg"];
84
- /**
85
- * Legacy Import Key
86
- * @deprecated
87
- * @description Legacy Import Key
88
- *
89
- * Securely imports an existing key. This API is deprecated; please use the new version.
90
- */
91
- put: operations["importKeyLegacy"];
92
144
  /**
93
145
  * Create Key
94
146
  * @description Create Key
95
147
  *
96
- * Creates one or more new keys of the specified type (BLS or Secp).
148
+ * Creates one or more new keys of the specified type.
97
149
  */
98
150
  post: operations["createKey"];
99
151
  };
100
- "/v0/org/{org_id}/keys/get_keys": {
101
- /**
102
- * Legacy List Keys
103
- * @deprecated
104
- * @description Legacy List Keys
105
- *
106
- * This route is deprecated. Use `GET /v0/org/<org_id>/keys?<key_type>`
107
- */
108
- post: operations["listKeysLegacy"];
109
- };
110
152
  "/v0/org/{org_id}/keys/{key_id}": {
111
153
  /**
112
154
  * Get Key
@@ -115,6 +157,14 @@ export interface paths {
115
157
  * Returns the properties of a key.
116
158
  */
117
159
  get: operations["getKeyInOrg"];
160
+ /**
161
+ * Delete Key
162
+ * @description Delete Key
163
+ *
164
+ * Deletes a key specified by its ID.
165
+ * Only the key owner and org owners are allowed to delete keys.
166
+ */
167
+ delete: operations["deleteKey"];
118
168
  /**
119
169
  * Update Key
120
170
  * @description Update Key
@@ -123,10 +173,20 @@ export interface paths {
123
173
  */
124
174
  patch: operations["updateKey"];
125
175
  };
176
+ "/v0/org/{org_id}/mfa": {
177
+ /**
178
+ * List Pending MFA Requests
179
+ * @description List Pending MFA Requests
180
+ *
181
+ * Retrieves and returns all pending MFA requests that are accessible to the current user,
182
+ * i.e., those in which the current user is listed as an approver
183
+ */
184
+ get: operations["mfaList"];
185
+ };
126
186
  "/v0/org/{org_id}/mfa/{mfa_id}": {
127
187
  /**
128
- * Gets a Pending MFA Request
129
- * @description Gets a Pending MFA Request
188
+ * Get Pending MFA Request
189
+ * @description Get Pending MFA Request
130
190
  *
131
191
  * Retrieves and returns a pending MFA request by its id.
132
192
  */
@@ -182,34 +242,6 @@ export interface paths {
182
242
  */
183
243
  post: operations["oidcAuth"];
184
244
  };
185
- "/v0/org/{org_id}/oidc/prove": {
186
- /**
187
- * Create OIDCProof
188
- * @description Create OIDCProof
189
- *
190
- * Exchange an OIDC ID token (passed via the `Authorization` header) for a proof of authentication.
191
- *
192
- * This route can be used to prove to another party that a user has met the
193
- * authentication requirements (allowed issuers & audiences) for CubeSigner
194
- * without leaking their credentials.
195
- *
196
- * Clients are intended to call this route and pass the returned evidence to another service
197
- * which will verify it.
198
- */
199
- post: operations["createOidcProof"];
200
- };
201
- "/v0/org/{org_id}/oidc/verify": {
202
- /**
203
- * Verify OIDC Proof
204
- * @description Verify OIDC Proof
205
- *
206
- * Allows a third-party to validate proof of OIDC authentication.
207
- *
208
- * When a third-party is provided an OidcProof object, they must check its
209
- * veracity by calling this endpoint
210
- */
211
- post: operations["verifyOidcProof"];
212
- };
213
245
  "/v0/org/{org_id}/roles": {
214
246
  /**
215
247
  * List Roles
@@ -271,6 +303,15 @@ export interface paths {
271
303
  */
272
304
  put: operations["addUserToRole"];
273
305
  };
306
+ "/v0/org/{org_id}/roles/{role_id}/keys": {
307
+ /**
308
+ * List Role Keys
309
+ * @description List Role Keys
310
+ *
311
+ * Returns an array of all keys in a role.
312
+ */
313
+ get: operations["listRoleKeys"];
314
+ };
274
315
  "/v0/org/{org_id}/roles/{role_id}/keys/{key_id}": {
275
316
  /**
276
317
  * Remove Key
@@ -282,9 +323,9 @@ export interface paths {
282
323
  };
283
324
  "/v0/org/{org_id}/roles/{role_id}/tokens": {
284
325
  /**
285
- * List Tokens (Deprecated)
326
+ * List a single page of Tokens (Deprecated)
286
327
  * @deprecated
287
- * @description List Tokens (Deprecated)
328
+ * @description List a single page of Tokens (Deprecated)
288
329
  *
289
330
  * **Deprecated**: Use `GET /org/{org_id}/session?role=`
290
331
  *
@@ -325,6 +366,15 @@ export interface paths {
325
366
  */
326
367
  delete: operations["revokeRoleToken"];
327
368
  };
369
+ "/v0/org/{org_id}/roles/{role_id}/users": {
370
+ /**
371
+ * List Role Users.
372
+ * @description List Role Users.
373
+ *
374
+ * Returns an array of all users who have access to a role.
375
+ */
376
+ get: operations["listRoleUsers"];
377
+ };
328
378
  "/v0/org/{org_id}/session": {
329
379
  /**
330
380
  * List sessions
@@ -342,6 +392,15 @@ export interface paths {
342
392
  */
343
393
  delete: operations["revokeSessions"];
344
394
  };
395
+ "/v0/org/{org_id}/session/self": {
396
+ /**
397
+ * Revoke current session
398
+ * @description Revoke current session
399
+ *
400
+ * Immediately revokes the current session, preventing it from being used or refreshed
401
+ */
402
+ delete: operations["revokeCurrentSession"];
403
+ };
345
404
  "/v0/org/{org_id}/session/{session_id}": {
346
405
  /**
347
406
  * Get session information
@@ -356,6 +415,16 @@ export interface paths {
356
415
  */
357
416
  delete: operations["revokeSession"];
358
417
  };
418
+ "/v0/org/{org_id}/solana/sign/{pubkey}": {
419
+ /**
420
+ * Sign Solana Message
421
+ * @description Sign Solana Message
422
+ *
423
+ * Signs a Solana message with a given key.
424
+ * This is a pre-release feature.
425
+ */
426
+ post: operations["solanaSign"];
427
+ };
359
428
  "/v0/org/{org_id}/token/keys": {
360
429
  /**
361
430
  * Get Token-Accessible Keys
@@ -365,44 +434,55 @@ export interface paths {
365
434
  */
366
435
  get: operations["listTokenKeys"];
367
436
  };
368
- "/v0/org/{org_id}/users": {
437
+ "/v0/org/{org_id}/user/me": {
369
438
  /**
370
- * List users in organization
371
- * @description List users in organization
439
+ * User Info
440
+ * @description User Info
441
+ *
442
+ * Retrieves information about the current user.
372
443
  */
373
- get: operations["listUsersInOrg"];
444
+ get: operations["aboutMe"];
445
+ };
446
+ "/v0/org/{org_id}/user/me/fido": {
374
447
  /**
375
- * Add a third-party user to the org
376
- * @description Add a third-party user to the org
448
+ * Initiate registration of a FIDO key
449
+ * @description Initiate registration of a FIDO key
450
+ *
451
+ * Generates a challenge that must be answered to prove ownership of a key
377
452
  */
378
- post: operations["createOidcUser"];
379
- };
380
- "/v0/org/{org_id}/users/oidc": {
453
+ post: operations["userRegisterFidoInit"];
381
454
  /**
382
- * Remove a third-party user from the org
383
- * @description Remove a third-party user from the org
455
+ * Finalize registration of a FIDO key
456
+ * @description Finalize registration of a FIDO key
457
+ *
458
+ * Accepts the response to the challenge generated by the POST to this endpoint.
384
459
  */
385
- delete: operations["deleteOidcUser"];
460
+ patch: operations["userRegisterFidoComplete"];
386
461
  };
387
- "/v0/totp": {
462
+ "/v0/org/{org_id}/user/me/totp": {
388
463
  /**
389
- * Initialize TOTP
390
- * @description Initialize TOTP
464
+ * Initialize TOTP Reset
465
+ * @description Initialize TOTP Reset
466
+ *
467
+ * Creates a new TOTP challenge that must be answered to prove that the new TOTP
468
+ * was successfully imported into an authenticator app.
391
469
  *
392
- * Creates and sets a new TOTP configuration for the current user,
393
- * if and only if no TOTP configuration is already set.
470
+ * This operation is allowed if EITHER
471
+ * - the user account is not yet initialized and no TOTP is already set, OR
472
+ * - the user has not configured any auth factors;
473
+ * otherwise, MFA is required.
394
474
  */
395
- put: operations["userInitTotp"];
475
+ post: operations["userResetTotpInit"];
396
476
  /**
397
- * Reset TOTP
398
- * @description Reset TOTP
477
+ * Finalize resetting TOTP
478
+ * @description Finalize resetting TOTP
399
479
  *
400
- * Creates and sets a new TOTP configuration for the current user,
401
- * overriding the existing one (if any).
480
+ * Checks if the response contains the correct TOTP code corresponding to the
481
+ * challenge generated by the POST method of this endpoint.
402
482
  */
403
- patch: operations["userResetTotp"];
483
+ patch: operations["userResetTotpComplete"];
404
484
  };
405
- "/v0/totp/verify/{code}": {
485
+ "/v0/org/{org_id}/user/me/totp/verify": {
406
486
  /**
407
487
  * Verify TOTP
408
488
  * @description Verify TOTP
@@ -410,23 +490,80 @@ export interface paths {
410
490
  * Checks if a given code matches the current TOTP code for the current user.
411
491
  * Errors with 403 if the current user has not set up TOTP or the code fails verification.
412
492
  */
413
- get: operations["userVerifyTotp"];
493
+ post: operations["userVerifyTotp"];
494
+ };
495
+ "/v0/org/{org_id}/users": {
496
+ /**
497
+ * List users in organization
498
+ * @description List users in organization
499
+ */
500
+ get: operations["listUsersInOrg"];
501
+ /**
502
+ * Add a third-party user to the org
503
+ * @description Add a third-party user to the org
504
+ */
505
+ post: operations["createOidcUser"];
506
+ };
507
+ "/v0/org/{org_id}/users/oidc": {
508
+ /**
509
+ * Remove a third-party user from the org
510
+ * @description Remove a third-party user from the org
511
+ */
512
+ delete: operations["deleteOidcUser"];
414
513
  };
415
514
  "/v0/user/me/fido": {
416
515
  /**
417
516
  * Initiate registration of a FIDO key
517
+ * @deprecated
418
518
  * @description Initiate registration of a FIDO key
419
519
  *
420
520
  * Generates a challenge that must be answered to prove ownership of a key
421
521
  */
422
- post: operations["userRegisterFido"];
522
+ post: operations["registerFidoInitLegacy"];
423
523
  /**
424
524
  * Finalize registration of a FIDO key
525
+ * @deprecated
425
526
  * @description Finalize registration of a FIDO key
426
527
  *
427
528
  * Accepts the response to the challenge generated by the POST to this endpoint.
428
529
  */
429
- patch: operations["userRegisterFidoComplete"];
530
+ patch: operations["registerFidoCompleteLegacy"];
531
+ };
532
+ "/v0/user/me/totp": {
533
+ /**
534
+ * Initialize TOTP Reset
535
+ * @deprecated
536
+ * @description Initialize TOTP Reset
537
+ *
538
+ * Creates a new TOTP challenge that must be answered to prove that the new TOTP
539
+ * was successfully imported into an authenticator app.
540
+ *
541
+ * This operation is allowed if EITHER
542
+ * - the user account is not yet initialized and no TOTP is already set, OR
543
+ * - the user has not configured any auth factors;
544
+ * otherwise, MFA is required.
545
+ */
546
+ post: operations["resetTotpInitLegacy"];
547
+ /**
548
+ * Finalize resetting TOTP
549
+ * @deprecated
550
+ * @description Finalize resetting TOTP
551
+ *
552
+ * Checks if the response contains the correct TOTP code corresponding to the
553
+ * challenge generated by the POST method of this endpoint.
554
+ */
555
+ patch: operations["resetTotpCompleteLegacy"];
556
+ };
557
+ "/v0/user/me/totp/verify": {
558
+ /**
559
+ * Verify TOTP
560
+ * @deprecated
561
+ * @description Verify TOTP
562
+ *
563
+ * Checks if a given code matches the current TOTP code for the current user.
564
+ * Errors with 403 if the current user has not set up TOTP or the code fails verification.
565
+ */
566
+ post: operations["verifyTotpLegacy"];
430
567
  };
431
568
  "/v1/org/{org_id}/blob/sign/{key_id}": {
432
569
  /**
@@ -435,6 +572,13 @@ export interface paths {
435
572
  *
436
573
  * Signs an arbitrary blob with a given key.
437
574
  * This is a pre-release feature.
575
+ *
576
+ * - ECDSA signatures are serialized as big-endian r and s plus recovery-id
577
+ * byte v, which can in general take any of the values 0, 1, 2, or 3.
578
+ *
579
+ * - EdDSA signatures are serialized in the standard format.
580
+ *
581
+ * - BLS signatures are not supported on the blob-sign endpoint.
438
582
  */
439
583
  post: operations["blobSign"];
440
584
  };
@@ -453,6 +597,7 @@ export interface paths {
453
597
  * @description Sign EVM Transaction
454
598
  *
455
599
  * Signs an Ethereum (and other EVM) transaction with a given Secp256k1 key.
600
+ * Returns an RLP-encoded transaction with EIP-155 signature.
456
601
  *
457
602
  * The key must be associated with the role and organization on whose behalf this action is called.
458
603
  */
@@ -494,16 +639,6 @@ export interface paths {
494
639
  */
495
640
  post: operations["unstake"];
496
641
  };
497
- "/v1/org/{org_id}/solana/sign/{pubkey}": {
498
- /**
499
- * Sign Solana Message
500
- * @description Sign Solana Message
501
- *
502
- * Signs a Solana message with a given key.
503
- * This is a pre-release feature.
504
- */
505
- post: operations["solanaSign"];
506
- };
507
642
  "/v1/org/{org_id}/token/refresh": {
508
643
  /**
509
644
  * Refresh Signer Session
@@ -526,7 +661,10 @@ export interface components {
526
661
  */
527
662
  AcceptedValue: {
528
663
  MfaRequired: {
664
+ /** @description MFA request id */
529
665
  id: string;
666
+ /** @description Organization id */
667
+ org_id: string;
530
668
  session?: components["schemas"]["NewSessionResponse"] | null;
531
669
  };
532
670
  };
@@ -564,7 +702,7 @@ export interface components {
564
702
  * }
565
703
  * ]
566
704
  */
567
- policy: Record<string, never>[] | null;
705
+ policy?: Record<string, never>[] | null;
568
706
  };
569
707
  AddThirdPartyUserRequest: {
570
708
  /**
@@ -577,6 +715,10 @@ export interface components {
577
715
  mfa_policy?: Record<string, unknown> | null;
578
716
  role: components["schemas"]["MemberRole"];
579
717
  };
718
+ AddThirdPartyUserResponse: {
719
+ /** @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f */
720
+ user_id: string;
721
+ };
580
722
  ApprovalInfo: {
581
723
  timestamp: components["schemas"]["EpochDateTime"];
582
724
  };
@@ -627,7 +769,7 @@ export interface components {
627
769
  * @description Allows the authenticator to optionally declare the credential identifier they used.
628
770
  * https://www.w3.org/TR/webauthn-2/#dom-authenticatorassertionresponse-userhandle
629
771
  */
630
- userHandle: string | null;
772
+ userHandle?: string | null;
631
773
  };
632
774
  /**
633
775
  * @description This enumeration’s values describe authenticators' attachment modalities.
@@ -681,7 +823,7 @@ export interface components {
681
823
  * https://www.w3.org/TR/webauthn-2/#dictdef-authenticatorselectioncriteria
682
824
  */
683
825
  AuthenticatorSelectionCriteria: {
684
- authenticator_attachment: components["schemas"]["AuthenticatorAttachment"] | null;
826
+ authenticator_attachment?: components["schemas"]["AuthenticatorAttachment"] | null;
685
827
  /**
686
828
  * @description This member is retained for backwards compatibility with WebAuthn Level
687
829
  * 1 and, for historical reasons, its naming retains the deprecated
@@ -691,7 +833,7 @@ export interface components {
691
833
  * https://www.w3.org/TR/webauthn-2/#dom-authenticatorselectioncriteria-requireresidentkey
692
834
  */
693
835
  require_resident_key?: boolean;
694
- resident_key: components["schemas"]["ResidentKeyRequirement"] | null;
836
+ resident_key?: components["schemas"]["ResidentKeyRequirement"] | null;
695
837
  user_verification?: components["schemas"]["UserVerificationRequirement"];
696
838
  };
697
839
  /**
@@ -707,6 +849,29 @@ export interface components {
707
849
  * @enum {string}
708
850
  */
709
851
  AuthenticatorTransport: "usb" | "nfc" | "ble" | "internal";
852
+ /** @description Request to sign an Avalanche transactions */
853
+ AvaSignRequest: {
854
+ /**
855
+ * @description Transaction to sign.
856
+ *
857
+ * Examples:
858
+ * - {"P": { "AddPermissionlessValidator": [TxJson](https://github.com/ava-labs/avalanche-rs/blob/avalanche-types-v0.1.3/crates/avalanche-types/src/platformvm/txs/add_permissionless_validator.rs#L14) }}
859
+ * - {"P": { "AddSubnetValidator": [TxJson](https://github.com/ava-labs/avalanche-rs/blob/avalanche-types-v0.1.3/crates/avalanche-types/src/platformvm/txs/add_subnet_validator.rs#L29) }}
860
+ * - {"P": { "AddValidator": [TxJson](https://github.com/ava-labs/avalanche-rs/blob/avalanche-types-v0.1.3/crates/avalanche-types/src/platformvm/txs/add_validator.rs#L12) }}
861
+ * - {"P": { "CreateChain": [TxJson](https://github.com/ava-labs/avalanche-rs/blob/avalanche-types-v0.1.3/crates/avalanche-types/src/platformvm/txs/create_chain.rs#L8) }}
862
+ * - {"P": { "CreateSubnet": [TxJson](https://github.com/ava-labs/avalanche-rs/blob/avalanche-types-v0.1.3/crates/avalanche-types/src/platformvm/txs/create_subnet.rs#L8) }}
863
+ * - {"P": { "Export": [TxJson](https://github.com/ava-labs/avalanche-rs/blob/avalanche-types-v0.1.3/crates/avalanche-types/src/platformvm/txs/export.rs#L12) }}
864
+ * - {"P": { "Import": [TxJson](https://github.com/ava-labs/avalanche-rs/blob/avalanche-types-v0.1.3/crates/avalanche-types/src/platformvm/txs/import.rs#L12) }}
865
+ * - {"X": { "Base": [TxJson](https://github.com/ava-labs/avalanche-rs/blob/avalanche-types-v0.1.3/crates/avalanche-types/src/avm/txs/mod.rs#L21) }}
866
+ * - {"X": { "Export": [TxJson](https://github.com/ava-labs/avalanche-rs/blob/avalanche-types-v0.1.3/crates/avalanche-types/src/avm/txs/export.rs#L16) }}
867
+ * - {"X": { "Import": [TxJson](https://github.com/ava-labs/avalanche-rs/blob/avalanche-types-v0.1.3/crates/avalanche-types/src/avm/txs/import.rs#L14) }}
868
+ */
869
+ tx: Record<string, never>;
870
+ };
871
+ AvaSignResponse: {
872
+ /** @description The hex-encoded signature. */
873
+ signature: string;
874
+ };
710
875
  /** @description Wrapper around a zeroizing 32-byte fixed-size array */
711
876
  B32: string;
712
877
  /**
@@ -723,6 +888,10 @@ export interface components {
723
888
  */
724
889
  message_base64: string;
725
890
  };
891
+ BlobSignResponse: {
892
+ /** @description The hex-encoded signature. */
893
+ signature: string;
894
+ };
726
895
  /** @enum {string} */
727
896
  BtcSighashType: "All" | "None" | "Single" | "AllPlusAnyoneCanPay" | "NonePlusAnyoneCanPay" | "SinglePlusAnyoneCanPay";
728
897
  BtcSignRequest: {
@@ -730,6 +899,13 @@ export interface components {
730
899
  /** @description The bitcoin transaction to sign */
731
900
  tx: Record<string, never>;
732
901
  };
902
+ BtcSignResponse: {
903
+ /**
904
+ * @description The hex-encoded signature in compact format.
905
+ * @example 0x454aef27c21df7dd8f537dc869f4cd65286ce239a52d36470f4d85be85a891b02789e5ffd8560b32a98110e5d0096802e4c14145cf6c44f10a768c87755eaa4800
906
+ */
907
+ signature: string;
908
+ };
733
909
  BtcSignatureKind: {
734
910
  /** @description Segregated Witness */
735
911
  Segwit: {
@@ -783,13 +959,25 @@ export interface components {
783
959
  /** @enum {string} */
784
960
  type: "fido";
785
961
  };
962
+ CreateKeyImportKeyResponse: components["schemas"]["KeyImportKey"] & {
963
+ /**
964
+ * @description An attestation document from a secure enclave, including an
965
+ * RSA signing key used to sign the contents of this message.
966
+ */
967
+ enclave_attestation: string;
968
+ /**
969
+ * @description An RSA-PSS-SHA256 signature on the public key and encrypted
970
+ * secrets attesting to their generation inside a secure enclave.
971
+ */
972
+ enclave_signature: string;
973
+ };
786
974
  CreateKeyRequest: {
787
975
  /**
788
976
  * Format: int64
789
977
  * @description Chain id for which the key is allowed to sign messages
790
978
  * @example 5
791
979
  */
792
- chain_id: number | null;
980
+ chain_id?: number | null;
793
981
  /**
794
982
  * Format: int32
795
983
  * @description Number of keys to create
@@ -801,7 +989,11 @@ export interface components {
801
989
  * @description Allows users to specify a user other than themselves to receive the key
802
990
  * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
803
991
  */
804
- owner: string | null;
992
+ owner?: string | null;
993
+ };
994
+ CreateKeyResponse: {
995
+ /** @description The info about the created keys */
996
+ keys: components["schemas"]["KeyInfo"][];
805
997
  };
806
998
  /** @description Optional create role request body */
807
999
  CreateRoleRequest: {
@@ -811,12 +1003,41 @@ export interface components {
811
1003
  */
812
1004
  name: string;
813
1005
  };
814
- CreateTokenRequest: components["schemas"]["RatchetConfig"] & {
1006
+ /** @description The newly created role information */
1007
+ CreateRoleResponse: {
1008
+ /**
1009
+ * @description A human-readable name for the role.
1010
+ * @example my_role
1011
+ */
1012
+ name?: string | null;
1013
+ /**
1014
+ * @description The id of the newly created role
1015
+ * @example Role#bfe3eccb-731e-430d-b1e5-ac1363e6b06b
1016
+ */
1017
+ role_id: string;
1018
+ };
1019
+ CreateTokenRequest: components["schemas"]["RatchetConfig"] & ({
815
1020
  /**
816
1021
  * @description A human readable description of the purpose of the key
817
1022
  * @example Validator Signing
818
1023
  */
819
1024
  purpose: string;
1025
+ /**
1026
+ * @description Controls what capabilities this session will have. By default, it has all
1027
+ * signing capabilities, i.e., just the 'sign:*' scope.
1028
+ * @example [
1029
+ * "sign:*"
1030
+ * ]
1031
+ */
1032
+ scopes?: string[] | null;
1033
+ });
1034
+ CubeSignerUserInfo: {
1035
+ /** @description All multi-factor authentication methods configured for this user */
1036
+ configured_mfa: components["schemas"]["ConfiguredMfa"][];
1037
+ /** @description Set once the user successfully logs into CubeSigner */
1038
+ initialized: boolean;
1039
+ /** @description CubeSigner's user identifier */
1040
+ user_id: string;
820
1041
  };
821
1042
  /**
822
1043
  * @description Information produced by a successful deposit
@@ -861,11 +1082,115 @@ export interface components {
861
1082
  * @example 0x9f07be82d934fcb5d0f75dd24c2dfea8a85a4d0c289d58828b3537fae24d32b8
862
1083
  */
863
1084
  mnemonic_id: string;
1085
+ };
1086
+ /**
1087
+ * @example {
1088
+ * "chain_id": 1337,
1089
+ * "typed_data": {
1090
+ * "domain": {
1091
+ * "chainId": 1337,
1092
+ * "name": "Ether Mail",
1093
+ * "verifyingContract": "0xCcCCccccCCCCcCCCCCCcCcCccCcCCCcCcccccccC",
1094
+ * "version": "1"
1095
+ * },
1096
+ * "message": {
1097
+ * "contents": "Hello, Bob!",
1098
+ * "from": {
1099
+ * "name": "Cow",
1100
+ * "wallets": [
1101
+ * "0xCD2a3d9F938E13CD947Ec05AbC7FE734Df8DD826",
1102
+ * "0xDeaDbeefdEAdbeefdEadbEEFdeadbeEFdEaDbeeF"
1103
+ * ]
1104
+ * },
1105
+ * "to": {
1106
+ * "name": "Bob",
1107
+ * "wallets": [
1108
+ * "0xbBbBBBBbbBBBbbbBbbBbbbbBBbBbbbbBbBbbBBbB",
1109
+ * "0xB0BdaBea57B0BDABeA57b0bdABEA57b0BDabEa57",
1110
+ * "0xB0B0b0b0b0b0B000000000000000000000000000"
1111
+ * ]
1112
+ * }
1113
+ * },
1114
+ * "primaryType": "Mail",
1115
+ * "types": {
1116
+ * "EIP712Domain": [
1117
+ * {
1118
+ * "name": "name",
1119
+ * "type": "string"
1120
+ * },
1121
+ * {
1122
+ * "name": "version",
1123
+ * "type": "string"
1124
+ * },
1125
+ * {
1126
+ * "name": "chainId",
1127
+ * "type": "uint256"
1128
+ * },
1129
+ * {
1130
+ * "name": "verifyingContract",
1131
+ * "type": "address"
1132
+ * }
1133
+ * ],
1134
+ * "Group": [
1135
+ * {
1136
+ * "name": "name",
1137
+ * "type": "string"
1138
+ * },
1139
+ * {
1140
+ * "name": "members",
1141
+ * "type": "Person[]"
1142
+ * }
1143
+ * ],
1144
+ * "Mail": [
1145
+ * {
1146
+ * "name": "from",
1147
+ * "type": "Person"
1148
+ * },
1149
+ * {
1150
+ * "name": "to",
1151
+ * "type": "Person"
1152
+ * },
1153
+ * {
1154
+ * "name": "contents",
1155
+ * "type": "string"
1156
+ * }
1157
+ * ],
1158
+ * "Person": [
1159
+ * {
1160
+ * "name": "name",
1161
+ * "type": "string"
1162
+ * },
1163
+ * {
1164
+ * "name": "wallets",
1165
+ * "type": "address[]"
1166
+ * }
1167
+ * ]
1168
+ * }
1169
+ * }
1170
+ * }
1171
+ */
1172
+ Eip712SignRequest: {
864
1173
  /**
865
- * @description Allows users to specify a user other than themselves to receive the key
866
- * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
1174
+ * Format: int64
1175
+ * @description The chain-id to which this typed data will be sent
1176
+ */
1177
+ chain_id: number;
1178
+ /** @description EIP-712 typed data. Refer to the JSON schema defined in EIP-712. */
1179
+ typed_data: Record<string, never>;
1180
+ };
1181
+ Eip712SignResponse: {
1182
+ /**
1183
+ * @description Hex-encoded signature comprising 65 bytes in the format required
1184
+ * by ecrecover: 32-byte r, 32-byte s, and one-byte recovery-id v
1185
+ * which is either 27 or 28.
1186
+ * @example 0x4355c47d63924e8a72e509b65029052eb6c299d53a04e167c5775fd466751c9d07299936d304c153f6443dfa05f40ff007d72911b6f72307f996231605b915621c
867
1187
  */
868
- owner: string | null;
1188
+ signature: string;
1189
+ };
1190
+ /** @default null */
1191
+ Empty: Record<string, unknown> | null;
1192
+ EmptyImpl: {
1193
+ status: string;
869
1194
  };
870
1195
  /**
871
1196
  * @description Epoch is a quoted `uint64`.
@@ -884,6 +1209,8 @@ export interface components {
884
1209
  accepted?: components["schemas"]["AcceptedValue"] | null;
885
1210
  /** @description Error message */
886
1211
  message: string;
1212
+ /** @description Optional request identifier */
1213
+ request_id?: string;
887
1214
  };
888
1215
  /**
889
1216
  * @example {
@@ -914,6 +1241,13 @@ export interface components {
914
1241
  */
915
1242
  tx: Record<string, never>;
916
1243
  };
1244
+ Eth1SignResponse: {
1245
+ /**
1246
+ * @description Hex-encoded RLP encoding of the transaction and its signature
1247
+ * @example 0x22895118000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000e000000000000000000000000000000000000000000000000000000000000001201d58656b0e22aaa68fdc692db41979098c3886ed33015d7467de9211609cdac000000000000000000000000000000000000000000000000000000000000000308b0c2900324d3ff9adfba7fdfe5af3f9b2cdbeef7b280437bbf1b1c59a093d615afe3e5dfed9622b540cdd9b49b3c5ad00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002001000000000000000000000049011adbcc3bc9c0307bb07f37dda1a1a9c69d2e0000000000000000000000000000000000000000000000000000000000000060903db8525674b8e7904f9b7d7d9ec55a0a42d33cf58be25469b0c21bbb6d06172bc5bb5fd1aed8e4f35936968958116b0619553c2cb1c52e7323074c6f8eb3d5a7074fc6580148df907837fa3b164ad7fbc2288dad1e8a5b021095b57c8a36d4
1248
+ */
1249
+ rlp_signed_tx: string;
1250
+ };
917
1251
  /**
918
1252
  * @example {
919
1253
  * "eth2_sign_request": {
@@ -943,18 +1277,39 @@ export interface components {
943
1277
  eth2_sign_request: Record<string, never>;
944
1278
  network: components["schemas"]["Network"];
945
1279
  };
1280
+ Eth2SignResponse: {
1281
+ /**
1282
+ * @description Hex encoded signature prefixed with 0x e.g. "0x0000..."
1283
+ * @example 0xb4f2ef9d12a54e1f569596c07c97d6d730535b6ffc0d287761dc78103a86326782471a04c75ce7a6faea08ca9a4a0830031cdcb893da8711d54aa22619f1a7e71b8185ddf4c6bfd9babbd735960e35e56bd6eeb89625b04850e7a9ef8846e549
1284
+ */
1285
+ signature: string;
1286
+ };
946
1287
  /** @description Sent from the client to the server to answer a fido challenge */
947
1288
  FidoAssertAnswer: {
948
1289
  /** @description The ID of the challenge that was returned from the POST endpoint */
949
1290
  challenge_id: string;
950
1291
  credential: components["schemas"]["PublicKeyCredential"];
951
1292
  };
1293
+ FidoAssertChallenge: {
1294
+ /** @description The id of the challenge. Must be supplied when answering the challenge. */
1295
+ challenge_id: string;
1296
+ options: components["schemas"]["PublicKeyCredentialRequestOptions"];
1297
+ };
952
1298
  /** @description Sent from the client to the server to answer a fido challenge */
953
1299
  FidoCreateChallengeAnswer: {
954
1300
  /** @description The ID of the challenge that was returned from the POST endpoint */
955
1301
  challenge_id: string;
956
1302
  credential: components["schemas"]["PublicKeyCredential"];
957
1303
  };
1304
+ /**
1305
+ * @description Sent by the server to the client. Contains the challenge data that must be
1306
+ * used to generate a new credential
1307
+ */
1308
+ FidoCreateChallengeResponse: {
1309
+ /** @description The id of the challenge. Must be supplied when answering the challenge. */
1310
+ challenge_id: string;
1311
+ options: components["schemas"]["PublicKeyCredentialCreationOptions"];
1312
+ };
958
1313
  /** @description Declares intent to register a new FIDO key */
959
1314
  FidoCreateRequest: {
960
1315
  /**
@@ -1010,7 +1365,11 @@ export interface components {
1010
1365
  genesis_validators_root: string;
1011
1366
  };
1012
1367
  GetKeysInOrgRequest: {
1013
- key_type: components["schemas"]["KeyType"] | null;
1368
+ key_type?: components["schemas"]["KeyType"] | null;
1369
+ };
1370
+ GetUsersInOrgResponse: {
1371
+ /** @description The list of users in the org */
1372
+ users: components["schemas"]["UserIdInfo"][];
1014
1373
  };
1015
1374
  /** @description Stats pertaining the the sender `cube3signer` instance */
1016
1375
  HeartbeatRequest: {
@@ -1059,7 +1418,7 @@ export interface components {
1059
1418
  *
1060
1419
  * TODO: Make non-optional once we do not support proxies without version information
1061
1420
  */
1062
- proxy_version: string | null;
1421
+ proxy_version?: string | null;
1063
1422
  };
1064
1423
  /**
1065
1424
  * @description Information about the request.
@@ -1070,22 +1429,34 @@ export interface components {
1070
1429
  */
1071
1430
  HttpRequest: {
1072
1431
  /** @description HTTP request body */
1073
- body: Record<string, unknown> | null;
1432
+ body?: Record<string, unknown> | null;
1074
1433
  /** @description HTTP method of the request */
1075
1434
  method: string;
1076
1435
  /** @description HTTP path of the request (including host or not?) */
1077
1436
  path: string;
1078
1437
  };
1079
- ImportKeyLegacyRequest: {
1438
+ /**
1439
+ * @description Proof that an end-user provided CubeSigner with a valid auth token
1440
+ * (either an OIDC token or a CubeSigner session token)
1441
+ */
1442
+ IdentityProof: ({
1080
1443
  /**
1081
- * Format: int64
1082
- * @description The chain ID of the chain that the key will be used for
1083
- * @example 5
1444
+ * @description OIDC audience; set only if the proof was obtained by using OIDC token.
1445
+ *
1446
+ * In other words, presence of this field testifies that authorization was obtained via OIDC.
1084
1447
  */
1085
- chain_id: number | null;
1086
- /** @description The key to import encrypted with the public key of the organization */
1087
- key_material: components["schemas"]["RsaOaepXChaChaMaterial"][];
1088
- key_type: components["schemas"]["KeyType"];
1448
+ aud?: string | null;
1449
+ /**
1450
+ * @description The email associated with the user
1451
+ * @example user@email.com
1452
+ */
1453
+ email: string;
1454
+ exp_epoch: components["schemas"]["EpochDateTime"];
1455
+ identity?: components["schemas"]["OIDCIdentity"] | null;
1456
+ user_info?: components["schemas"]["CubeSignerUserInfo"] | null;
1457
+ }) & {
1458
+ /** @description An opaque identifier for the proof */
1459
+ id: string;
1089
1460
  };
1090
1461
  ImportKeyRequest: components["schemas"]["KeyImportKey"] & {
1091
1462
  /** @description A set of encrypted keys to be imported */
@@ -1122,6 +1493,7 @@ export interface components {
1122
1493
  * @example Alice Wonderland
1123
1494
  */
1124
1495
  name: string;
1496
+ role?: components["schemas"]["MemberRole"] | null;
1125
1497
  /**
1126
1498
  * @description Skip sending an invitation email to this user if true.
1127
1499
  *
@@ -1155,6 +1527,27 @@ export interface components {
1155
1527
  /** @description Base64-encoded, encrypted secret key. */
1156
1528
  sk_enc: string;
1157
1529
  };
1530
+ KeyInRoleInfo: {
1531
+ /**
1532
+ * @description Key ID
1533
+ * @example Key#0x8e3484687e66cdd26cf04c3647633ab4f3570148
1534
+ */
1535
+ key_id: string;
1536
+ /**
1537
+ * @description Policies that are checked before this key is used on behalf of this role
1538
+ * @example [
1539
+ * {
1540
+ * "TxReceiver": "0x8c594691c0e592ffa21f153a16ae41db5befcaaa"
1541
+ * },
1542
+ * {
1543
+ * "TxDeposit": {
1544
+ * "kind": "Canonical"
1545
+ * }
1546
+ * }
1547
+ * ]
1548
+ */
1549
+ policy?: Record<string, never>[];
1550
+ };
1158
1551
  KeyInfo: {
1159
1552
  derivation_info?: components["schemas"]["KeyDerivationInfo"] | null;
1160
1553
  /** @description Whether the key is enabled (only enabled keys may be used for signing) */
@@ -1203,34 +1596,39 @@ export interface components {
1203
1596
  */
1204
1597
  purpose: string;
1205
1598
  };
1599
+ KeyInfos: {
1600
+ keys: components["schemas"]["KeyInfo"][];
1601
+ };
1206
1602
  /** @enum {string} */
1207
- KeyType: "SecpEthAddr" | "SecpBtc" | "SecpBtcTest" | "SecpAvaAddr" | "SecpAvaTestAddr" | "BlsPub" | "BlsInactive" | "Ed25519SolanaAddr" | "Ed25519SuiAddr" | "Ed25519AptosAddr" | "Ed25519CardanoAddrVk" | "Mnemonic" | "Stark";
1208
- KeyWithPolicies: {
1209
- /**
1210
- * @description Key ID
1211
- * @example Key#0x8e3484687e66cdd26cf04c3647633ab4f3570148
1212
- */
1213
- key_id: string;
1214
- /**
1215
- * @description Policies that are checked before this key is used on behalf of this role
1216
- * @example [
1217
- * {
1218
- * "TxReceiver": "0x8c594691c0e592ffa21f153a16ae41db5befcaaa"
1219
- * },
1220
- * {
1221
- * "TxDeposit": {
1222
- * "kind": "Canonical"
1223
- * }
1224
- * }
1225
- * ]
1226
- */
1227
- policy?: Record<string, never>[];
1603
+ KeyType: "SecpEthAddr" | "SecpBtc" | "SecpBtcTest" | "SecpAvaAddr" | "SecpAvaTestAddr" | "BlsPub" | "BlsInactive" | "Ed25519SolanaAddr" | "Ed25519SuiAddr" | "Ed25519AptosAddr" | "Ed25519CardanoAddrVk" | "Ed25519StellarAddr" | "Mnemonic" | "Stark";
1604
+ /**
1605
+ * @description Wrapper around encrypted [UnencryptedLastEvalKey] bytes.
1606
+ *
1607
+ * We serialize this into a base64url-encoded string and return to the user
1608
+ * so that they can pass this back to us as a url query parameter.
1609
+ */
1610
+ LastEvalKey: string;
1611
+ ListMfaResponse: {
1612
+ /** @description All pending MFA requests */
1613
+ mfa_requests: components["schemas"]["MfaRequestInfo"][];
1614
+ };
1615
+ ListTokensResponse: {
1616
+ tokens: components["schemas"]["TokenInfo"][];
1228
1617
  };
1229
1618
  /**
1230
1619
  * @description Describes whether a user in an org is an Owner or just a regular member
1231
1620
  * @enum {string}
1232
1621
  */
1233
- MemberRole: "Owner" | "Member" | "Alien";
1622
+ MemberRole: "Alien" | "Member" | "Owner";
1623
+ /** @description Returned as a response from multiple routes (e.g., 'get mfa', 'approve mfa', 'approve totp'). */
1624
+ MfaRequestInfo: {
1625
+ expires_at: components["schemas"]["EpochDateTime"];
1626
+ /** @description Approval request ID. */
1627
+ id: string;
1628
+ receipt?: components["schemas"]["Receipt"] | null;
1629
+ request: components["schemas"]["HttpRequest"];
1630
+ status: components["schemas"]["Status"];
1631
+ };
1234
1632
  /** @enum {string} */
1235
1633
  MfaType: "CubeSigner" | "Totp" | "Fido";
1236
1634
  /**
@@ -1258,11 +1656,6 @@ export interface components {
1258
1656
  * a single OIDC user to multiple `User`s in CubeSigner
1259
1657
  */
1260
1658
  OIDCIdentity: {
1261
- /**
1262
- * @description Free-form additional user info.
1263
- * @example null
1264
- */
1265
- disambiguator?: string | null;
1266
1659
  /**
1267
1660
  * @description The root-level issuer who administrates this user. Frome the OIDC spec:
1268
1661
  * Issuer Identifier for the Issuer of the response. The iss
@@ -1294,35 +1687,11 @@ export interface components {
1294
1687
  scopes: string[];
1295
1688
  tokens?: components["schemas"]["RatchetConfig"];
1296
1689
  };
1297
- /** @description Proof that an end-user provided CubeSigner with a valid OIDC token */
1298
- OidcProof: ((components["schemas"]["OIDCIdentity"] & {
1299
- /**
1300
- * @description The "audience" (oauth client) through which the user authenticated with the issuer.
1301
- * This string is opaque according to the OIDC spec, but for example Google
1302
- * audiences look like `1234987819200.apps.googleusercontent.com`
1303
- * @example 1234987819200.apps.googleusercontent.com
1304
- */
1305
- aud: string;
1306
- /**
1307
- * @description The email associated with the user
1308
- * @example user@email.com
1309
- */
1310
- email: string;
1311
- }) & {
1312
- exp_epoch: components["schemas"]["EpochDateTime"];
1313
- }) & {
1314
- /** @description An opaque identifier for the proof */
1315
- id: string;
1316
- };
1317
1690
  OrgInfo: {
1318
1691
  /** @description When false, all cryptographic operations involving keys in this org are disabled. */
1319
1692
  enabled: boolean;
1320
- /**
1321
- * @description The RSA public key to use when importing keys into this organization. This string is the
1322
- * hex encoding of the DER representation of the key.
1323
- * @example 30820222300d06092a864886f70d01010105000382020f003082020a0282020100c89765b8f347caafbec09fcb17740e032d854ec99f2d9c16167be335339b4fdeba18a7f13d8e8b7ae7d689cab63d8ecdf548f4746eacaf95b61fef76ade9f81b3c038891c52542fd352697b618afbea6103723c28f2db450e9d852be16a4dc2cbc9442da9a6610044009e056ba90728f0b9888d9b036e493aaed168ccf930fa2f730b17eb3ad6f455a792b762c47f3d3c6b7a7c458556a592e688791599a576bf2149d8e9614db775e7a48602d237a347d5399c681f7f7d9c81f6a64e7cfd356bba545d45e5023ca1f09a66a1d4550f61cf2c4367e14997b5d749bb0326a44d058119e8caf7fd79d517eb2d11dddb2db329f350698f0f978d5e150bb402c8bc4c5ec36d6f38db3f3a204813cda9f52dbcee809204f8e35a455c0e110e10eec41f734f2d55a058a7a21fa90602f94da6de2378ff61e7b3550b77e53d75d7b3d3b39ccab0e5101b916dab01da096f7627175d5b68a1a6464ce5be3e95e7c464d69eb0b675057705c11bc79c3543313b0d9c703c50dc1a16dd9b55e5599e3b02e527b85938e7b81c65e56960bcd7c7a266b07dc05107fd0d7d3c208a878eb0fc74b0d007f421d0c5b28cf78eb441aa0166dceeeac255d68622492f9b526ae13c93754ea8eda96f3b764ba931f8d49c7de8b00ac53d993ab9b08fd2892d8e82cc1a9746f0b426b19256d13d780445e150ce81da0b3c96e32559cb47cb5cb93f805650203010001
1324
- */
1325
- key_import_key: string;
1693
+ /** @description Deprecated: this field should be ignored. */
1694
+ key_import_key?: string | null;
1326
1695
  /**
1327
1696
  * @description The organization's universally unique key-wrapping-key identifier.
1328
1697
  * This value is required when setting up key export.
@@ -1359,6 +1728,101 @@ export interface components {
1359
1728
  */
1360
1729
  policy?: Record<string, never>[];
1361
1730
  };
1731
+ /**
1732
+ * @description The rocket query parameter representing the page from which to start a paginated query.
1733
+ *
1734
+ * MUST be named `<page>` in rocket url spec so that 'serde(rename = "page.*")' below continues to work
1735
+ */
1736
+ Page: {
1737
+ /**
1738
+ * Format: int32
1739
+ * @description Max number of items to return per page.
1740
+ *
1741
+ * If the actual number of returned items may be less that this, even if there exist more
1742
+ * data in the result set. To reliably determine if more data is left in the result set,
1743
+ * inspect the [UnencryptedLastEvalKey] value in the response object.
1744
+ */
1745
+ "page.size"?: number;
1746
+ /**
1747
+ * @description The start of the page. Omit to start from the beginning; otherwise, only specify a
1748
+ * the exact value previously returned as 'last_evaluated_key' from the same endpoint.
1749
+ */
1750
+ "page.start"?: string | null;
1751
+ };
1752
+ /**
1753
+ * @description Response type that wraps another type and adds base64url-encoded encrypted `last_evaluated_key`
1754
+ * value (which can the user pass back to use as a url query parameter to continue pagination).
1755
+ */
1756
+ PaginatedListKeysResponse: {
1757
+ keys: components["schemas"]["KeyInfo"][];
1758
+ } & ({
1759
+ /**
1760
+ * @description If set, the content of `response` does not contain the entire result set.
1761
+ * To fetch the next page of the result set, call the same endpoint
1762
+ * but specify this value as the 'page.start' query parameter.
1763
+ */
1764
+ last_evaluated_key?: string | null;
1765
+ });
1766
+ /**
1767
+ * @description Response type that wraps another type and adds base64url-encoded encrypted `last_evaluated_key`
1768
+ * value (which can the user pass back to use as a url query parameter to continue pagination).
1769
+ */
1770
+ PaginatedListRoleKeysResponse: {
1771
+ /** @description All keys in a role */
1772
+ keys: components["schemas"]["KeyInRoleInfo"][];
1773
+ } & ({
1774
+ /**
1775
+ * @description If set, the content of `response` does not contain the entire result set.
1776
+ * To fetch the next page of the result set, call the same endpoint
1777
+ * but specify this value as the 'page.start' query parameter.
1778
+ */
1779
+ last_evaluated_key?: string | null;
1780
+ });
1781
+ /**
1782
+ * @description Response type that wraps another type and adds base64url-encoded encrypted `last_evaluated_key`
1783
+ * value (which can the user pass back to use as a url query parameter to continue pagination).
1784
+ */
1785
+ PaginatedListRoleUsersResponse: {
1786
+ /** @description All users in a role */
1787
+ users: components["schemas"]["UserInRoleInfo"][];
1788
+ } & ({
1789
+ /**
1790
+ * @description If set, the content of `response` does not contain the entire result set.
1791
+ * To fetch the next page of the result set, call the same endpoint
1792
+ * but specify this value as the 'page.start' query parameter.
1793
+ */
1794
+ last_evaluated_key?: string | null;
1795
+ });
1796
+ /**
1797
+ * @description Response type that wraps another type and adds base64url-encoded encrypted `last_evaluated_key`
1798
+ * value (which can the user pass back to use as a url query parameter to continue pagination).
1799
+ */
1800
+ PaginatedListRolesResponse: {
1801
+ /** @description All roles in an organization. */
1802
+ roles: components["schemas"]["RoleInfo"][];
1803
+ } & ({
1804
+ /**
1805
+ * @description If set, the content of `response` does not contain the entire result set.
1806
+ * To fetch the next page of the result set, call the same endpoint
1807
+ * but specify this value as the 'page.start' query parameter.
1808
+ */
1809
+ last_evaluated_key?: string | null;
1810
+ });
1811
+ /**
1812
+ * @description Response type that wraps another type and adds base64url-encoded encrypted `last_evaluated_key`
1813
+ * value (which can the user pass back to use as a url query parameter to continue pagination).
1814
+ */
1815
+ PaginatedSessionsResponse: {
1816
+ /** @description The list of sessions */
1817
+ sessions: components["schemas"]["SessionInfo"][];
1818
+ } & ({
1819
+ /**
1820
+ * @description If set, the content of `response` does not contain the entire result set.
1821
+ * To fetch the next page of the result set, call the same endpoint
1822
+ * but specify this value as the 'page.start' query parameter.
1823
+ */
1824
+ last_evaluated_key?: string | null;
1825
+ });
1362
1826
  /**
1363
1827
  * @description This type represents a wire-encodable form of the PublicKeyCredential interface
1364
1828
  * Clients may need to manually encode into this format to communicate with the server
@@ -1403,7 +1867,7 @@ export interface components {
1403
1867
  */
1404
1868
  PublicKeyCredentialCreationOptions: {
1405
1869
  attestation?: components["schemas"]["AttestationConveyancePreference"];
1406
- authenticator_selection: components["schemas"]["AuthenticatorSelectionCriteria"] | null;
1870
+ authenticator_selection?: components["schemas"]["AuthenticatorSelectionCriteria"] | null;
1407
1871
  /**
1408
1872
  * @description This member contains a challenge intended to be used for generating the
1409
1873
  * newly created credential’s attestation object. See the § 13.4.3
@@ -1434,7 +1898,7 @@ export interface components {
1434
1898
  *
1435
1899
  * https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialcreationoptions-extensions
1436
1900
  */
1437
- extensions: Record<string, unknown> | null;
1901
+ extensions?: Record<string, unknown> | null;
1438
1902
  /**
1439
1903
  * @description This member contains information about the desired properties of the
1440
1904
  * credential to be created. The sequence is ordered from most preferred to
@@ -1453,8 +1917,8 @@ export interface components {
1453
1917
  *
1454
1918
  * https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialcreationoptions-timeout
1455
1919
  */
1456
- timeout: number | null;
1457
- user: components["schemas"]["PublicKeyCredentialUserEntity"] | null;
1920
+ timeout?: number | null;
1921
+ user: components["schemas"]["PublicKeyCredentialUserEntity"];
1458
1922
  };
1459
1923
  /**
1460
1924
  * @description This dictionary contains the attributes that are specified by a caller when
@@ -1484,7 +1948,7 @@ export interface components {
1484
1948
  * SHOULD retrieve that stored value and set it as the value of the
1485
1949
  * transports member.
1486
1950
  */
1487
- transports: components["schemas"]["AuthenticatorTransport"][] | null;
1951
+ transports?: components["schemas"]["AuthenticatorTransport"][] | null;
1488
1952
  type: components["schemas"]["PublicKeyCredentialType"];
1489
1953
  };
1490
1954
  /**
@@ -1536,7 +2000,7 @@ export interface components {
1536
2000
  *
1537
2001
  * https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialrequestoptions-rpid
1538
2002
  */
1539
- rp_id: string | null;
2003
+ rp_id?: string | null;
1540
2004
  /**
1541
2005
  * Format: int32
1542
2006
  * @description This OPTIONAL member specifies a time, in milliseconds, that the caller
@@ -1545,7 +2009,7 @@ export interface components {
1545
2009
  *
1546
2010
  * https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialrequestoptions-timeout
1547
2011
  */
1548
- timeout: number | null;
2012
+ timeout?: number | null;
1549
2013
  user_verification?: components["schemas"]["UserVerificationRequirement"];
1550
2014
  };
1551
2015
  /**
@@ -1560,7 +2024,7 @@ export interface components {
1560
2024
  *
1561
2025
  * https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialrpentity-id
1562
2026
  */
1563
- id: string;
2027
+ id?: string | null;
1564
2028
  /**
1565
2029
  * @description A human-palatable name for the entity. Its function depends on what the
1566
2030
  * PublicKeyCredentialEntity represents: When inherited by
@@ -1675,8 +2139,13 @@ export interface components {
1675
2139
  name: string;
1676
2140
  };
1677
2141
  RatchetConfig: {
2142
+ /** @default 300 */
1678
2143
  auth_lifetime?: components["schemas"]["Seconds"];
2144
+ /** @default default_grace_lifetime */
2145
+ grace_lifetime?: components["schemas"]["Seconds"];
2146
+ /** @default 86400 */
1679
2147
  refresh_lifetime?: components["schemas"]["Seconds"];
2148
+ /** @default 31536000 */
1680
2149
  session_lifetime?: components["schemas"]["Seconds"];
1681
2150
  };
1682
2151
  /** @description Receipt that an MFA request was approved. */
@@ -1699,63 +2168,49 @@ export interface components {
1699
2168
  * @enum {string}
1700
2169
  */
1701
2170
  ResidentKeyRequirement: "discouraged" | "preferred" | "required";
2171
+ RevokeTokenResponse: {
2172
+ token?: components["schemas"]["TokenInfo"] | null;
2173
+ };
2174
+ RevokeTokensResponse: {
2175
+ /** @description Tokens that were revoked. */
2176
+ revoked: components["schemas"]["TokenInfo"][];
2177
+ };
1702
2178
  RoleInfo: {
1703
2179
  /**
1704
2180
  * @description Whether the role is enabled
1705
2181
  * @example true
1706
2182
  */
1707
2183
  enabled: boolean;
1708
- /** @description The CubeSigner IDs of the keys */
1709
- keys: components["schemas"]["KeyWithPolicies"][];
2184
+ /** @description Deprecated The CubeSigner IDs of at most 100 keys associated with this role */
2185
+ keys?: components["schemas"]["KeyInRoleInfo"][] | null;
1710
2186
  /**
1711
2187
  * @description The human-readable name for the role (must be alphanumeric)
1712
2188
  * @example my_role
1713
2189
  */
1714
2190
  name?: string | null;
1715
2191
  /**
1716
- * @description The ID of the role
1717
- * @example Role#bfe3eccb-731e-430d-b1e5-ac1363e6b06b
1718
- */
1719
- role_id: string;
1720
- /**
1721
- * @description The list of users with access to the role
2192
+ * @description Policy that is checked whenever a key is accessed for signing via this role.
1722
2193
  * @example [
1723
- * "User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f",
1724
- * "User#5593c25b-52e2-4fb5-b39b-96d41d681d82"
2194
+ * {
2195
+ * "SourceIpAllowlist": [
2196
+ * "123.456.78.9/16"
2197
+ * ]
2198
+ * },
2199
+ * {
2200
+ * "RequireMfa": {
2201
+ * "count": 1
2202
+ * }
2203
+ * }
1725
2204
  * ]
1726
2205
  */
1727
- users: string[];
1728
- };
1729
- /**
1730
- * @description Encrypted key material for import using hybrid encryption.
1731
- *
1732
- * The imported keying material is encrypted using [XChaCha20Poly1305], which
1733
- * we choose for its speed and side channel resistance, its ability to encrypt
1734
- * very long messages, and its safety when using random nonces even for a large
1735
- * number of messages. The latter should not happen in this case, but the cost
1736
- * is negligible and the benefit is that we know it's safe to use random nonces.
1737
- *
1738
- * The XChaCha key is encrypted using [RSAES-OAEP-SHA256], which we choose because
1739
- * it's the best of the [available options for asymmetric encryption][kmsopts]
1740
- * in AWS KMS.
1741
- *
1742
- * [XChaCha20Poly1305]: https://doc.libsodium.org/secret-key_cryptography/aead/chacha20-poly1305/xchacha20-poly1305_construction
1743
- * [RSAES-OAEP-SHA256]: https://www.rfc-editor.org/rfc/rfc8017#section-7.1
1744
- * [kmsopts]: https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html
1745
- */
1746
- RsaOaepXChaChaMaterial: {
1747
- /**
1748
- * @description The keying material to be imported, encrypted with
1749
- * [XChaCha20Poly1305](https://doc.libsodium.org/secret-key_cryptography/aead/chacha20-poly1305/xchacha20-poly1305_construction).
1750
- */
1751
- ikm_enc: number[];
2206
+ policy?: Record<string, never>[];
1752
2207
  /**
1753
- * @description The key-wrapping key used to encrypt `ikm_enc`, encrypted with
1754
- * [RSAES-OAEP-SHA256](https://www.rfc-editor.org/rfc/rfc8017#section-7.1).
2208
+ * @description The ID of the role
2209
+ * @example Role#bfe3eccb-731e-430d-b1e5-ac1363e6b06b
1755
2210
  */
1756
- kwk_enc: number[];
1757
- /** @description The nonce used to generate `ikm_enc`. */
1758
- nonce: number[];
2211
+ role_id: string;
2212
+ /** @description Deprecated. The list of at most 100 users with access to the role. */
2213
+ users?: string[] | null;
1759
2214
  };
1760
2215
  /**
1761
2216
  * Format: int64
@@ -1775,10 +2230,24 @@ export interface components {
1775
2230
  */
1776
2231
  session_id: string;
1777
2232
  };
1778
- SignRequest: {
1779
- message: Record<string, never>;
2233
+ /** @description The response from any operation operating on multiple sessions */
2234
+ SessionsResponse: {
2235
+ /** @description The list of sessions */
2236
+ sessions: components["schemas"]["SessionInfo"][];
2237
+ };
2238
+ /**
2239
+ * @example {
2240
+ * "message_base64": "AQABA8OKVzLEjststN4xXr39kLKHT8d58eQY1QEs6MeXwEFBrxTAlULX1troLbWxuAXQqgbQofGi6z8fJi7KAAIf7YMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJK0tn39k28s+X86W47EvbRRKnYBVQ8Q/l2m1EbfT7+vAQICAAEMAgAAAGQAAAAAAAAA"
2241
+ * }
2242
+ */
2243
+ SolanaSignRequest: {
2244
+ /** @description Solana base64-encoded serialized Message */
2245
+ message_base64: string;
2246
+ };
2247
+ SolanaSignResponse: {
2248
+ /** @description The hex-encoded signature. */
2249
+ signature: string;
1780
2250
  };
1781
- SolanaSignRequest: components["schemas"]["SignRequest"] & Record<string, never>;
1782
2251
  StakeRequest: {
1783
2252
  /**
1784
2253
  * Format: int64
@@ -1795,18 +2264,26 @@ export interface components {
1795
2264
  * Must not be different from the default value when 'deposit_type' is "Wrapper".
1796
2265
  */
1797
2266
  staking_amount_gwei?: number;
1798
- unsafe_conf: components["schemas"]["UnsafeConf"] | null;
2267
+ unsafe_conf?: components["schemas"]["UnsafeConf"] | null;
1799
2268
  /**
1800
2269
  * @description The validator BLS public key to use, or `None` to generate a fresh one.
1801
2270
  * @example 0xa99a76ed7796f7be22d5b7e85deeb7c5677e88e511e0b337618f8c4eb61349b4bf2d153f649f7b53359fe8b94a38e44c
1802
2271
  */
1803
- validator_key: string | null;
2272
+ validator_key?: string | null;
1804
2273
  /**
1805
2274
  * @description The ethereum address to which withdrawn funds go
1806
2275
  * @example 0x8e3484687e66cdd26cf04c3647633ab4f3570148
1807
2276
  */
1808
2277
  withdrawal_addr: string;
1809
2278
  };
2279
+ StakeResponse: {
2280
+ /**
2281
+ * @description The validator key id ("Key#...")
2282
+ * @example Key#db1731f8-3659-45c0-885b-e11e1f5b7be2
2283
+ */
2284
+ created_validator_key_id: string;
2285
+ deposit_tx: components["schemas"]["DepositTxn"];
2286
+ };
1810
2287
  Status: {
1811
2288
  /** @description Users who are allowed to approve. Must be non-empty. */
1812
2289
  allowed_approvers: string[];
@@ -1814,9 +2291,9 @@ export interface components {
1814
2291
  allowed_mfa_types?: components["schemas"]["MfaType"][] | null;
1815
2292
  /** @description Users who have already approved */
1816
2293
  approved_by: {
1817
- [key: string]: ({
1818
- [key: string]: components["schemas"]["ApprovalInfo"] | undefined;
1819
- }) | undefined;
2294
+ [key: string]: {
2295
+ [key: string]: components["schemas"]["ApprovalInfo"];
2296
+ };
1820
2297
  };
1821
2298
  /**
1822
2299
  * Format: int32
@@ -1839,18 +2316,37 @@ export interface components {
1839
2316
  /** @description TOTP verification code */
1840
2317
  code: string;
1841
2318
  };
2319
+ /** @description Sent from the client to the server to answer a TOTP challenge */
2320
+ TotpChallengeAnswer: {
2321
+ /** @description The current TOTP code */
2322
+ code: string;
2323
+ /** @description The ID of the challenge that was returned from the POST endpoint */
2324
+ totp_id: string;
2325
+ };
2326
+ TotpInfo: {
2327
+ /**
2328
+ * @description The ID of the TOTP challenge.
2329
+ * @example TotpChallenge#7892ebba-563e-485b-bb7d-e26267363286
2330
+ */
2331
+ totp_id: string;
2332
+ /**
2333
+ * @description Standard TOTP url which includes everything needed to initialize TOTP.
2334
+ * @example otpauth://totp/Cubist:alice-%40example.com?secret=DAHF7KCOTQWSOMK4XFEMNHXO4J433OD7&issuer=Cubist
2335
+ */
2336
+ totp_url: string;
2337
+ };
1842
2338
  /** @description Options that should be set only for local devnet testing. */
1843
2339
  UnsafeConf: {
1844
2340
  /**
1845
2341
  * @description The hex-encoded address of the deposit contract. If omitted, inferred from `chain_id`
1846
2342
  * @example 0xff50ed3d0ec03ac01d4c79aad74928bff48a7b2b
1847
2343
  */
1848
- deposit_contract_addr: string | null;
2344
+ deposit_contract_addr?: string | null;
1849
2345
  /**
1850
2346
  * @description The hex-encoded 4-byte fork version
1851
2347
  * @example 0x00001020
1852
2348
  */
1853
- genesis_fork_version: string | null;
2349
+ genesis_fork_version?: string | null;
1854
2350
  };
1855
2351
  /**
1856
2352
  * @description Unstake message request.
@@ -1871,7 +2367,7 @@ export interface components {
1871
2367
  * }
1872
2368
  */
1873
2369
  UnstakeRequest: {
1874
- epoch: components["schemas"]["Epoch"] | null;
2370
+ epoch?: components["schemas"]["Epoch"] | null;
1875
2371
  fork: components["schemas"]["Fork"];
1876
2372
  genesis_data: components["schemas"]["GenesisData"];
1877
2373
  network: components["schemas"]["Network"];
@@ -1885,6 +2381,22 @@ export interface components {
1885
2381
  */
1886
2382
  validator_index: string;
1887
2383
  };
2384
+ /**
2385
+ * @description Unstake responses are signed voluntary exit messages.
2386
+ * The schema for this message is defined
2387
+ * [here](https://github.com/ethereum/consensus-specs/blob/v1.0.1/specs/phase0/beacon-chain.md#signedvoluntaryexit).
2388
+ * This message can be directly POSTed to the Beacon node's
2389
+ * `/eth/v1/beacon/pool/voluntary_exits` end-point (see expected schema
2390
+ * [here](https://ethereum.github.io/beacon-APIs/#/Beacon/submitPoolVoluntaryExit)).
2391
+ */
2392
+ UnstakeResponse: {
2393
+ message: components["schemas"]["VoluntaryExit"];
2394
+ /**
2395
+ * @description BLS signature.
2396
+ * @example 0x910c7cd537ed91cc8c4a82f3cbd832e9be8c24a22e9c86df479f7ce42025ea6a09619b418b666a060e260d2aae31b8e50e9d05ca3442c7eed3b507e5207e14674275f68c2ba84c4bf6b8dd364a304acac8cfab3681e2514b4400f9242bc61164
2397
+ */
2398
+ signature: string;
2399
+ };
1888
2400
  UpdateKeyRequest: {
1889
2401
  /**
1890
2402
  * @description If set, updates the keys's `enabled` property to this value.
@@ -1939,12 +2451,52 @@ export interface components {
1939
2451
  */
1940
2452
  policy?: Record<string, never>[] | null;
1941
2453
  };
2454
+ UpdateOrgResponse: {
2455
+ /** @description The new value of the 'enabled' property */
2456
+ enabled?: boolean | null;
2457
+ /**
2458
+ * @description The new human-readable name for the org (must be alphanumeric)
2459
+ * @example my_org_name
2460
+ */
2461
+ name?: string | null;
2462
+ /**
2463
+ * @description The ID of the organization
2464
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2465
+ */
2466
+ org_id: string;
2467
+ /**
2468
+ * @description The new value of org-wide policies
2469
+ * @example [
2470
+ * {
2471
+ * "MaxDailyUnstake": 5
2472
+ * },
2473
+ * {
2474
+ * "OriginAllowlist": [
2475
+ * "https://example.com"
2476
+ * ]
2477
+ * }
2478
+ * ]
2479
+ */
2480
+ policy?: Record<string, never>[] | null;
2481
+ };
1942
2482
  UpdateRoleRequest: {
1943
2483
  /**
1944
2484
  * @description If set, updates the role's `enabled` property to this value.
1945
2485
  * Once disabled, a role cannot be used; and it's tokens cannot be used for signing.
1946
2486
  */
1947
2487
  enabled?: boolean | null;
2488
+ /**
2489
+ * @description If set, update this role's key policies (old policies will be overwritten!).
2490
+ * Only "deny" style policies may be set.
2491
+ * @example [
2492
+ * {
2493
+ * "SourceIpAllowlist": [
2494
+ * "123.456.78.9/16"
2495
+ * ]
2496
+ * }
2497
+ * ]
2498
+ */
2499
+ policy?: Record<string, never>[] | null;
1948
2500
  };
1949
2501
  UserIdInfo: {
1950
2502
  /**
@@ -1958,6 +2510,9 @@ export interface components {
1958
2510
  */
1959
2511
  id: string;
1960
2512
  };
2513
+ UserInRoleInfo: {
2514
+ user_id: string;
2515
+ };
1961
2516
  UserInfo: {
1962
2517
  /** @example alice@example.com */
1963
2518
  email: string;
@@ -2009,6 +2564,14 @@ export interface components {
2009
2564
  };
2010
2565
  };
2011
2566
  };
2567
+ AvaSignResponse: {
2568
+ content: {
2569
+ "application/json": {
2570
+ /** @description The hex-encoded signature. */
2571
+ signature: string;
2572
+ };
2573
+ };
2574
+ };
2012
2575
  BlobSignResponse: {
2013
2576
  content: {
2014
2577
  "application/json": {
@@ -2069,6 +2632,19 @@ export interface components {
2069
2632
  };
2070
2633
  };
2071
2634
  };
2635
+ Eip712SignResponse: {
2636
+ content: {
2637
+ "application/json": {
2638
+ /**
2639
+ * @description Hex-encoded signature comprising 65 bytes in the format required
2640
+ * by ecrecover: 32-byte r, 32-byte s, and one-byte recovery-id v
2641
+ * which is either 27 or 28.
2642
+ * @example 0x4355c47d63924e8a72e509b65029052eb6c299d53a04e167c5775fd466751c9d07299936d304c153f6443dfa05f40ff007d72911b6f72307f996231605b915621c
2643
+ */
2644
+ signature: string;
2645
+ };
2646
+ };
2647
+ };
2072
2648
  EmptyImpl: {
2073
2649
  content: {
2074
2650
  "application/json": {
@@ -2120,18 +2696,38 @@ export interface components {
2120
2696
  };
2121
2697
  };
2122
2698
  };
2123
- GetKeysInOrgResponse: {
2699
+ GetUsersInOrgResponse: {
2124
2700
  content: {
2125
2701
  "application/json": {
2126
- keys: components["schemas"]["KeyInfo"][];
2702
+ /** @description The list of users in the org */
2703
+ users: components["schemas"]["UserIdInfo"][];
2127
2704
  };
2128
2705
  };
2129
2706
  };
2130
- GetUsersInOrgResponse: {
2707
+ /**
2708
+ * @description Proof that an end-user provided CubeSigner with a valid auth token
2709
+ * (either an OIDC token or a CubeSigner session token)
2710
+ */
2711
+ IdentityProof: {
2131
2712
  content: {
2132
- "application/json": {
2133
- /** @description The list of users in the org */
2134
- users: components["schemas"]["UserIdInfo"][];
2713
+ "application/json": ({
2714
+ /**
2715
+ * @description OIDC audience; set only if the proof was obtained by using OIDC token.
2716
+ *
2717
+ * In other words, presence of this field testifies that authorization was obtained via OIDC.
2718
+ */
2719
+ aud?: string | null;
2720
+ /**
2721
+ * @description The email associated with the user
2722
+ * @example user@email.com
2723
+ */
2724
+ email: string;
2725
+ exp_epoch: components["schemas"]["EpochDateTime"];
2726
+ identity?: components["schemas"]["OIDCIdentity"] | null;
2727
+ user_info?: components["schemas"]["CubeSignerUserInfo"] | null;
2728
+ }) & {
2729
+ /** @description An opaque identifier for the proof */
2730
+ id: string;
2135
2731
  };
2136
2732
  };
2137
2733
  };
@@ -2226,11 +2822,11 @@ export interface components {
2226
2822
  };
2227
2823
  };
2228
2824
  };
2229
- ListRolesResponse: {
2825
+ ListMfaResponse: {
2230
2826
  content: {
2231
2827
  "application/json": {
2232
- /** @description All roles in an organization. */
2233
- roles: components["schemas"]["RoleInfo"][];
2828
+ /** @description All pending MFA requests */
2829
+ mfa_requests: components["schemas"]["MfaRequestInfo"][];
2234
2830
  };
2235
2831
  };
2236
2832
  };
@@ -2248,7 +2844,7 @@ export interface components {
2248
2844
  expires_at: components["schemas"]["EpochDateTime"];
2249
2845
  /** @description Approval request ID. */
2250
2846
  id: string;
2251
- receipt: components["schemas"]["Receipt"] | null;
2847
+ receipt?: components["schemas"]["Receipt"] | null;
2252
2848
  request: components["schemas"]["HttpRequest"];
2253
2849
  status: components["schemas"]["Status"];
2254
2850
  };
@@ -2267,41 +2863,13 @@ export interface components {
2267
2863
  };
2268
2864
  };
2269
2865
  };
2270
- /** @description Proof that an end-user provided CubeSigner with a valid OIDC token */
2271
- OidcProof: {
2272
- content: {
2273
- "application/json": ((components["schemas"]["OIDCIdentity"] & {
2274
- /**
2275
- * @description The "audience" (oauth client) through which the user authenticated with the issuer.
2276
- * This string is opaque according to the OIDC spec, but for example Google
2277
- * audiences look like `1234987819200.apps.googleusercontent.com`
2278
- * @example 1234987819200.apps.googleusercontent.com
2279
- */
2280
- aud: string;
2281
- /**
2282
- * @description The email associated with the user
2283
- * @example user@email.com
2284
- */
2285
- email: string;
2286
- }) & {
2287
- exp_epoch: components["schemas"]["EpochDateTime"];
2288
- }) & {
2289
- /** @description An opaque identifier for the proof */
2290
- id: string;
2291
- };
2292
- };
2293
- };
2294
- OrgInfo: {
2866
+ OrgInfo: {
2295
2867
  content: {
2296
2868
  "application/json": {
2297
2869
  /** @description When false, all cryptographic operations involving keys in this org are disabled. */
2298
2870
  enabled: boolean;
2299
- /**
2300
- * @description The RSA public key to use when importing keys into this organization. This string is the
2301
- * hex encoding of the DER representation of the key.
2302
- * @example 30820222300d06092a864886f70d01010105000382020f003082020a0282020100c89765b8f347caafbec09fcb17740e032d854ec99f2d9c16167be335339b4fdeba18a7f13d8e8b7ae7d689cab63d8ecdf548f4746eacaf95b61fef76ade9f81b3c038891c52542fd352697b618afbea6103723c28f2db450e9d852be16a4dc2cbc9442da9a6610044009e056ba90728f0b9888d9b036e493aaed168ccf930fa2f730b17eb3ad6f455a792b762c47f3d3c6b7a7c458556a592e688791599a576bf2149d8e9614db775e7a48602d237a347d5399c681f7f7d9c81f6a64e7cfd356bba545d45e5023ca1f09a66a1d4550f61cf2c4367e14997b5d749bb0326a44d058119e8caf7fd79d517eb2d11dddb2db329f350698f0f978d5e150bb402c8bc4c5ec36d6f38db3f3a204813cda9f52dbcee809204f8e35a455c0e110e10eec41f734f2d55a058a7a21fa90602f94da6de2378ff61e7b3550b77e53d75d7b3d3b39ccab0e5101b916dab01da096f7627175d5b68a1a6464ce5be3e95e7c464d69eb0b675057705c11bc79c3543313b0d9c703c50dc1a16dd9b55e5599e3b02e527b85938e7b81c65e56960bcd7c7a266b07dc05107fd0d7d3c208a878eb0fc74b0d007f421d0c5b28cf78eb441aa0166dceeeac255d68622492f9b526ae13c93754ea8eda96f3b764ba931f8d49c7de8b00ac53d993ab9b08fd2892d8e82cc1a9746f0b426b19256d13d780445e150ce81da0b3c96e32559cb47cb5cb93f805650203010001
2303
- */
2304
- key_import_key: string;
2871
+ /** @description Deprecated: this field should be ignored. */
2872
+ key_import_key?: string | null;
2305
2873
  /**
2306
2874
  * @description The organization's universally unique key-wrapping-key identifier.
2307
2875
  * This value is required when setting up key export.
@@ -2340,6 +2908,80 @@ export interface components {
2340
2908
  };
2341
2909
  };
2342
2910
  };
2911
+ PaginatedListKeysResponse: {
2912
+ content: {
2913
+ "application/json": {
2914
+ keys: components["schemas"]["KeyInfo"][];
2915
+ } & ({
2916
+ /**
2917
+ * @description If set, the content of `response` does not contain the entire result set.
2918
+ * To fetch the next page of the result set, call the same endpoint
2919
+ * but specify this value as the 'page.start' query parameter.
2920
+ */
2921
+ last_evaluated_key?: string | null;
2922
+ });
2923
+ };
2924
+ };
2925
+ PaginatedListRoleKeysResponse: {
2926
+ content: {
2927
+ "application/json": {
2928
+ /** @description All keys in a role */
2929
+ keys: components["schemas"]["KeyInRoleInfo"][];
2930
+ } & ({
2931
+ /**
2932
+ * @description If set, the content of `response` does not contain the entire result set.
2933
+ * To fetch the next page of the result set, call the same endpoint
2934
+ * but specify this value as the 'page.start' query parameter.
2935
+ */
2936
+ last_evaluated_key?: string | null;
2937
+ });
2938
+ };
2939
+ };
2940
+ PaginatedListRoleUsersResponse: {
2941
+ content: {
2942
+ "application/json": {
2943
+ /** @description All users in a role */
2944
+ users: components["schemas"]["UserInRoleInfo"][];
2945
+ } & ({
2946
+ /**
2947
+ * @description If set, the content of `response` does not contain the entire result set.
2948
+ * To fetch the next page of the result set, call the same endpoint
2949
+ * but specify this value as the 'page.start' query parameter.
2950
+ */
2951
+ last_evaluated_key?: string | null;
2952
+ });
2953
+ };
2954
+ };
2955
+ PaginatedListRolesResponse: {
2956
+ content: {
2957
+ "application/json": {
2958
+ /** @description All roles in an organization. */
2959
+ roles: components["schemas"]["RoleInfo"][];
2960
+ } & ({
2961
+ /**
2962
+ * @description If set, the content of `response` does not contain the entire result set.
2963
+ * To fetch the next page of the result set, call the same endpoint
2964
+ * but specify this value as the 'page.start' query parameter.
2965
+ */
2966
+ last_evaluated_key?: string | null;
2967
+ });
2968
+ };
2969
+ };
2970
+ PaginatedSessionsResponse: {
2971
+ content: {
2972
+ "application/json": {
2973
+ /** @description The list of sessions */
2974
+ sessions: components["schemas"]["SessionInfo"][];
2975
+ } & ({
2976
+ /**
2977
+ * @description If set, the content of `response` does not contain the entire result set.
2978
+ * To fetch the next page of the result set, call the same endpoint
2979
+ * but specify this value as the 'page.start' query parameter.
2980
+ */
2981
+ last_evaluated_key?: string | null;
2982
+ });
2983
+ };
2984
+ };
2343
2985
  RevokeTokenResponse: {
2344
2986
  content: {
2345
2987
  "application/json": {
@@ -2363,26 +3005,36 @@ export interface components {
2363
3005
  * @example true
2364
3006
  */
2365
3007
  enabled: boolean;
2366
- /** @description The CubeSigner IDs of the keys */
2367
- keys: components["schemas"]["KeyWithPolicies"][];
3008
+ /** @description Deprecated The CubeSigner IDs of at most 100 keys associated with this role */
3009
+ keys?: components["schemas"]["KeyInRoleInfo"][] | null;
2368
3010
  /**
2369
3011
  * @description The human-readable name for the role (must be alphanumeric)
2370
3012
  * @example my_role
2371
3013
  */
2372
3014
  name?: string | null;
3015
+ /**
3016
+ * @description Policy that is checked whenever a key is accessed for signing via this role.
3017
+ * @example [
3018
+ * {
3019
+ * "SourceIpAllowlist": [
3020
+ * "123.456.78.9/16"
3021
+ * ]
3022
+ * },
3023
+ * {
3024
+ * "RequireMfa": {
3025
+ * "count": 1
3026
+ * }
3027
+ * }
3028
+ * ]
3029
+ */
3030
+ policy?: Record<string, never>[];
2373
3031
  /**
2374
3032
  * @description The ID of the role
2375
3033
  * @example Role#bfe3eccb-731e-430d-b1e5-ac1363e6b06b
2376
3034
  */
2377
3035
  role_id: string;
2378
- /**
2379
- * @description The list of users with access to the role
2380
- * @example [
2381
- * "User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f",
2382
- * "User#5593c25b-52e2-4fb5-b39b-96d41d681d82"
2383
- * ]
2384
- */
2385
- users: string[];
3036
+ /** @description Deprecated. The list of at most 100 users with access to the role. */
3037
+ users?: string[] | null;
2386
3038
  };
2387
3039
  };
2388
3040
  };
@@ -2444,6 +3096,11 @@ export interface components {
2444
3096
  TotpInfo: {
2445
3097
  content: {
2446
3098
  "application/json": {
3099
+ /**
3100
+ * @description The ID of the TOTP challenge.
3101
+ * @example TotpChallenge#7892ebba-563e-485b-bb7d-e26267363286
3102
+ */
3103
+ totp_id: string;
2447
3104
  /**
2448
3105
  * @description Standard TOTP url which includes everything needed to initialize TOTP.
2449
3106
  * @example otpauth://totp/Cubist:alice-%40example.com?secret=DAHF7KCOTQWSOMK4XFEMNHXO4J433OD7&issuer=Cubist
@@ -2534,6 +3191,7 @@ export interface components {
2534
3191
  headers: never;
2535
3192
  pathItems: never;
2536
3193
  }
3194
+ export type $defs = Record<string, never>;
2537
3195
  export type external = Record<string, never>;
2538
3196
  export interface operations {
2539
3197
  /**
@@ -2542,7 +3200,7 @@ export interface operations {
2542
3200
  *
2543
3201
  * Retrieves information about the current user.
2544
3202
  */
2545
- aboutMe: {
3203
+ aboutMeLegacy: {
2546
3204
  responses: {
2547
3205
  200: components["responses"]["UserInfo"];
2548
3206
  default: {
@@ -2607,6 +3265,47 @@ export interface operations {
2607
3265
  };
2608
3266
  };
2609
3267
  };
3268
+ /**
3269
+ * Sign Avalanche X- or P-Chain Message
3270
+ * @description Sign Avalanche X- or P-Chain Message
3271
+ *
3272
+ * Signs an Avalanche message with a given SecpAva key.
3273
+ * This is a pre-release feature.
3274
+ */
3275
+ avaSign: {
3276
+ parameters: {
3277
+ path: {
3278
+ /**
3279
+ * @description Name or ID of the desired Org
3280
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
3281
+ */
3282
+ org_id: string;
3283
+ /**
3284
+ * @description Avalanche bech32 address format without the chain prefix
3285
+ * @example avax1am4w6hfrvmh3akduzkjthrtgtqafalce6an8cr
3286
+ */
3287
+ pubkey: string;
3288
+ };
3289
+ };
3290
+ requestBody: {
3291
+ content: {
3292
+ "application/json": components["schemas"]["AvaSignRequest"];
3293
+ };
3294
+ };
3295
+ responses: {
3296
+ 200: components["responses"]["AvaSignResponse"];
3297
+ 202: {
3298
+ content: {
3299
+ "application/json": components["schemas"]["AcceptedResponse"];
3300
+ };
3301
+ };
3302
+ default: {
3303
+ content: {
3304
+ "application/json": components["schemas"]["ErrorResponse"];
3305
+ };
3306
+ };
3307
+ };
3308
+ };
2610
3309
  /**
2611
3310
  * Sign Bitcoin Transaction
2612
3311
  * @description Sign Bitcoin Transaction
@@ -2680,12 +3379,12 @@ export interface operations {
2680
3379
  };
2681
3380
  };
2682
3381
  /**
2683
- * Create Key-Import Key
2684
- * @description Create Key-Import Key
3382
+ * Sign EIP-712 Typed Data
3383
+ * @description Sign EIP-712 Typed Data
2685
3384
  *
2686
- * Generate an ephemeral key that a client can use for key-import encryption.
3385
+ * Signs typed data according to EIP-712 with a given Secp256k1 key.
2687
3386
  */
2688
- createKeyImportKey: {
3387
+ eip712Sign: {
2689
3388
  parameters: {
2690
3389
  path: {
2691
3390
  /**
@@ -2693,10 +3392,25 @@ export interface operations {
2693
3392
  * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2694
3393
  */
2695
3394
  org_id: string;
3395
+ /**
3396
+ * @description Hex-encoded ethereum address of the secp key
3397
+ * @example 0x49011adbCC3bC9c0307BB07F37Dda1a1a9c69d2E
3398
+ */
3399
+ pubkey: string;
3400
+ };
3401
+ };
3402
+ requestBody: {
3403
+ content: {
3404
+ "application/json": components["schemas"]["Eip712SignRequest"];
2696
3405
  };
2697
3406
  };
2698
3407
  responses: {
2699
- 200: components["responses"]["CreateKeyImportKeyResponse"];
3408
+ 200: components["responses"]["Eip712SignResponse"];
3409
+ 202: {
3410
+ content: {
3411
+ "application/json": components["schemas"]["AcceptedResponse"];
3412
+ };
3413
+ };
2700
3414
  default: {
2701
3415
  content: {
2702
3416
  "application/json": components["schemas"]["ErrorResponse"];
@@ -2705,12 +3419,16 @@ export interface operations {
2705
3419
  };
2706
3420
  };
2707
3421
  /**
2708
- * Import Key
2709
- * @description Import Key
3422
+ * Create [IdentityProof] from CubeSigner user session
3423
+ * @description Create [IdentityProof] from CubeSigner user session
2710
3424
  *
2711
- * Securely imports an existing key using a previously generated key-import key.
3425
+ * This route can be used to prove to another party that a user has a
3426
+ * valid CubeSigner session.
3427
+ *
3428
+ * Clients are intended to call this route and pass the returned evidence
3429
+ * to another service which will verify it by making a request to `/v0/org/<org_id>/identity/verify`.
2712
3430
  */
2713
- importKey: {
3431
+ createProofCubeSigner: {
2714
3432
  parameters: {
2715
3433
  path: {
2716
3434
  /**
@@ -2720,13 +3438,8 @@ export interface operations {
2720
3438
  org_id: string;
2721
3439
  };
2722
3440
  };
2723
- requestBody: {
2724
- content: {
2725
- "application/json": components["schemas"]["ImportKeyRequest"];
2726
- };
2727
- };
2728
3441
  responses: {
2729
- 200: components["responses"]["CreateKeyResponse"];
3442
+ 200: components["responses"]["IdentityProof"];
2730
3443
  default: {
2731
3444
  content: {
2732
3445
  "application/json": components["schemas"]["ErrorResponse"];
@@ -2735,12 +3448,19 @@ export interface operations {
2735
3448
  };
2736
3449
  };
2737
3450
  /**
2738
- * Invite User
2739
- * @description Invite User
3451
+ * Create [IdentityProof] from OIDC token
3452
+ * @description Create [IdentityProof] from OIDC token
2740
3453
  *
2741
- * Creates a new user in an existing org and sends that user an invite email.
3454
+ * Exchange an OIDC ID token (passed via the `Authorization` header) for a proof of authentication.
3455
+ *
3456
+ * This route can be used to prove to another party that a user has met the
3457
+ * authentication requirements (allowed issuers & audiences) for CubeSigner
3458
+ * without leaking their credentials.
3459
+ *
3460
+ * Clients are intended to call this route and pass the returned evidence to another service
3461
+ * which will verify it by making a request to `/v0/org/<org_id>/identity/verify`.
2742
3462
  */
2743
- invite: {
3463
+ createProofOidc: {
2744
3464
  parameters: {
2745
3465
  path: {
2746
3466
  /**
@@ -2750,13 +3470,8 @@ export interface operations {
2750
3470
  org_id: string;
2751
3471
  };
2752
3472
  };
2753
- requestBody: {
2754
- content: {
2755
- "application/json": components["schemas"]["InviteRequest"];
2756
- };
2757
- };
2758
3473
  responses: {
2759
- 200: components["responses"]["EmptyImpl"];
3474
+ 200: components["responses"]["IdentityProof"];
2760
3475
  default: {
2761
3476
  content: {
2762
3477
  "application/json": components["schemas"]["ErrorResponse"];
@@ -2765,20 +3480,16 @@ export interface operations {
2765
3480
  };
2766
3481
  };
2767
3482
  /**
2768
- * List Keys
2769
- * @description List Keys
3483
+ * Verify identity proof
3484
+ * @description Verify identity proof
2770
3485
  *
2771
- * Gets the list of owned keys in a given org.
3486
+ * Allows a third-party to validate proof of authentication.
3487
+ *
3488
+ * When a third-party is provided an [IdentityProof] object, they must check its
3489
+ * veracity by calling this endpoint
2772
3490
  */
2773
- listKeysInOrg: {
3491
+ verifyProof: {
2774
3492
  parameters: {
2775
- query?: {
2776
- /**
2777
- * @description Filter by key type
2778
- * @example SecpEthAddr
2779
- */
2780
- key_type?: components["schemas"]["KeyType"];
2781
- };
2782
3493
  path: {
2783
3494
  /**
2784
3495
  * @description Name or ID of the desired Org
@@ -2787,23 +3498,20 @@ export interface operations {
2787
3498
  org_id: string;
2788
3499
  };
2789
3500
  };
2790
- responses: {
2791
- 200: components["responses"]["GetKeysInOrgResponse"];
2792
- default: {
2793
- content: {
2794
- "application/json": components["schemas"]["ErrorResponse"];
2795
- };
3501
+ requestBody: {
3502
+ content: {
3503
+ "application/json": components["schemas"]["IdentityProof"];
2796
3504
  };
2797
3505
  };
3506
+ responses: {};
2798
3507
  };
2799
3508
  /**
2800
- * Legacy Import Key
2801
- * @deprecated
2802
- * @description Legacy Import Key
3509
+ * Create Key-Import Key
3510
+ * @description Create Key-Import Key
2803
3511
  *
2804
- * Securely imports an existing key. This API is deprecated; please use the new version.
3512
+ * Generate an ephemeral key that a client can use for key-import encryption.
2805
3513
  */
2806
- importKeyLegacy: {
3514
+ createKeyImportKey: {
2807
3515
  parameters: {
2808
3516
  path: {
2809
3517
  /**
@@ -2813,13 +3521,8 @@ export interface operations {
2813
3521
  org_id: string;
2814
3522
  };
2815
3523
  };
2816
- requestBody: {
2817
- content: {
2818
- "application/json": components["schemas"]["ImportKeyLegacyRequest"];
2819
- };
2820
- };
2821
3524
  responses: {
2822
- 200: components["responses"]["CreateKeyResponse"];
3525
+ 200: components["responses"]["CreateKeyImportKeyResponse"];
2823
3526
  default: {
2824
3527
  content: {
2825
3528
  "application/json": components["schemas"]["ErrorResponse"];
@@ -2828,12 +3531,12 @@ export interface operations {
2828
3531
  };
2829
3532
  };
2830
3533
  /**
2831
- * Create Key
2832
- * @description Create Key
3534
+ * Import Key
3535
+ * @description Import Key
2833
3536
  *
2834
- * Creates one or more new keys of the specified type (BLS or Secp).
3537
+ * Securely imports an existing key using a previously generated key-import key.
2835
3538
  */
2836
- createKey: {
3539
+ importKey: {
2837
3540
  parameters: {
2838
3541
  path: {
2839
3542
  /**
@@ -2845,7 +3548,7 @@ export interface operations {
2845
3548
  };
2846
3549
  requestBody: {
2847
3550
  content: {
2848
- "application/json": components["schemas"]["CreateKeyRequest"];
3551
+ "application/json": components["schemas"]["ImportKeyRequest"];
2849
3552
  };
2850
3553
  };
2851
3554
  responses: {
@@ -2858,13 +3561,12 @@ export interface operations {
2858
3561
  };
2859
3562
  };
2860
3563
  /**
2861
- * Legacy List Keys
2862
- * @deprecated
2863
- * @description Legacy List Keys
3564
+ * Invite User
3565
+ * @description Invite User
2864
3566
  *
2865
- * This route is deprecated. Use `GET /v0/org/<org_id>/keys?<key_type>`
3567
+ * Creates a new user in an existing org and sends that user an invite email.
2866
3568
  */
2867
- listKeysLegacy: {
3569
+ invite: {
2868
3570
  parameters: {
2869
3571
  path: {
2870
3572
  /**
@@ -2876,11 +3578,11 @@ export interface operations {
2876
3578
  };
2877
3579
  requestBody: {
2878
3580
  content: {
2879
- "application/json": components["schemas"]["GetKeysInOrgRequest"];
3581
+ "application/json": components["schemas"]["InviteRequest"];
2880
3582
  };
2881
3583
  };
2882
3584
  responses: {
2883
- 200: components["responses"]["GetKeysInOrgResponse"];
3585
+ 200: components["responses"]["EmptyImpl"];
2884
3586
  default: {
2885
3587
  content: {
2886
3588
  "application/json": components["schemas"]["ErrorResponse"];
@@ -2889,28 +3591,43 @@ export interface operations {
2889
3591
  };
2890
3592
  };
2891
3593
  /**
2892
- * Get Key
2893
- * @description Get Key
3594
+ * List Keys
3595
+ * @description List Keys
2894
3596
  *
2895
- * Returns the properties of a key.
3597
+ * Gets the list of owned keys in a given org.
2896
3598
  */
2897
- getKeyInOrg: {
3599
+ listKeysInOrg: {
2898
3600
  parameters: {
3601
+ query?: {
3602
+ /**
3603
+ * @description Max number of items to return per page.
3604
+ *
3605
+ * If the actual number of returned items may be less that this, even if there exist more
3606
+ * data in the result set. To reliably determine if more data is left in the result set,
3607
+ * inspect the [UnencryptedLastEvalKey] value in the response object.
3608
+ */
3609
+ "page.size"?: number;
3610
+ /**
3611
+ * @description The start of the page. Omit to start from the beginning; otherwise, only specify a
3612
+ * the exact value previously returned as 'last_evaluated_key' from the same endpoint.
3613
+ */
3614
+ "page.start"?: components["schemas"]["LastEvalKey"] | null;
3615
+ /**
3616
+ * @description Filter by key type
3617
+ * @example SecpEthAddr
3618
+ */
3619
+ key_type?: components["schemas"]["KeyType"] | null;
3620
+ };
2899
3621
  path: {
2900
3622
  /**
2901
3623
  * @description Name or ID of the desired Org
2902
3624
  * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2903
3625
  */
2904
3626
  org_id: string;
2905
- /**
2906
- * @description ID of the key
2907
- * @example Key#0x8e3484687e66cdd26cf04c3647633ab4f3570148
2908
- */
2909
- key_id: string;
2910
3627
  };
2911
3628
  };
2912
3629
  responses: {
2913
- 200: components["responses"]["KeyInfo"];
3630
+ 200: components["responses"]["PaginatedListKeysResponse"];
2914
3631
  default: {
2915
3632
  content: {
2916
3633
  "application/json": components["schemas"]["ErrorResponse"];
@@ -2919,12 +3636,12 @@ export interface operations {
2919
3636
  };
2920
3637
  };
2921
3638
  /**
2922
- * Update Key
2923
- * @description Update Key
3639
+ * Create Key
3640
+ * @description Create Key
2924
3641
  *
2925
- * Enable or disable a key. The user must be the owner of the key or organization to perform this action.
3642
+ * Creates one or more new keys of the specified type.
2926
3643
  */
2927
- updateKey: {
3644
+ createKey: {
2928
3645
  parameters: {
2929
3646
  path: {
2930
3647
  /**
@@ -2932,20 +3649,15 @@ export interface operations {
2932
3649
  * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2933
3650
  */
2934
3651
  org_id: string;
2935
- /**
2936
- * @description ID of the key
2937
- * @example Key#0x8e3484687e66cdd26cf04c3647633ab4f3570148
2938
- */
2939
- key_id: string;
2940
3652
  };
2941
3653
  };
2942
3654
  requestBody: {
2943
3655
  content: {
2944
- "application/json": components["schemas"]["UpdateKeyRequest"];
3656
+ "application/json": components["schemas"]["CreateKeyRequest"];
2945
3657
  };
2946
3658
  };
2947
3659
  responses: {
2948
- 200: components["responses"]["KeyInfo"];
3660
+ 200: components["responses"]["CreateKeyResponse"];
2949
3661
  default: {
2950
3662
  content: {
2951
3663
  "application/json": components["schemas"]["ErrorResponse"];
@@ -2954,12 +3666,12 @@ export interface operations {
2954
3666
  };
2955
3667
  };
2956
3668
  /**
2957
- * Gets a Pending MFA Request
2958
- * @description Gets a Pending MFA Request
3669
+ * Get Key
3670
+ * @description Get Key
2959
3671
  *
2960
- * Retrieves and returns a pending MFA request by its id.
3672
+ * Returns the properties of a key.
2961
3673
  */
2962
- mfaGet: {
3674
+ getKeyInOrg: {
2963
3675
  parameters: {
2964
3676
  path: {
2965
3677
  /**
@@ -2968,14 +3680,14 @@ export interface operations {
2968
3680
  */
2969
3681
  org_id: string;
2970
3682
  /**
2971
- * @description ID of the approval
2972
- * @example ...
3683
+ * @description ID of the desired Key
3684
+ * @example Key#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
2973
3685
  */
2974
- mfa_id: string;
3686
+ key_id: string;
2975
3687
  };
2976
3688
  };
2977
3689
  responses: {
2978
- 200: components["responses"]["MfaRequestInfo"];
3690
+ 200: components["responses"]["KeyInfo"];
2979
3691
  default: {
2980
3692
  content: {
2981
3693
  "application/json": components["schemas"]["ErrorResponse"];
@@ -2984,15 +3696,13 @@ export interface operations {
2984
3696
  };
2985
3697
  };
2986
3698
  /**
2987
- * Approve MFA Request
2988
- * @description Approve MFA Request
3699
+ * Delete Key
3700
+ * @description Delete Key
2989
3701
  *
2990
- * Approve request after logging in with CubeSigner. Adds the currently-logged user as an approver
2991
- * of a pending MFA request of the [Status::RequiredApprovers] kind. If the required number of
2992
- * approvers is reached, the MFA request is approved; the confirmation receipt can be used to
2993
- * resume the original HTTP request.
3702
+ * Deletes a key specified by its ID.
3703
+ * Only the key owner and org owners are allowed to delete keys.
2994
3704
  */
2995
- mfaApproveCs: {
3705
+ deleteKey: {
2996
3706
  parameters: {
2997
3707
  path: {
2998
3708
  /**
@@ -3001,9 +3711,133 @@ export interface operations {
3001
3711
  */
3002
3712
  org_id: string;
3003
3713
  /**
3004
- * @description ID of the MFA approval request
3005
- * @example MfaRequest#6de79de4-662c-4203-9235-b6ace5cb432b
3006
- */
3714
+ * @description ID of the desired Key
3715
+ * @example Key#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
3716
+ */
3717
+ key_id: string;
3718
+ };
3719
+ };
3720
+ responses: {
3721
+ 200: components["responses"]["EmptyImpl"];
3722
+ default: {
3723
+ content: {
3724
+ "application/json": components["schemas"]["ErrorResponse"];
3725
+ };
3726
+ };
3727
+ };
3728
+ };
3729
+ /**
3730
+ * Update Key
3731
+ * @description Update Key
3732
+ *
3733
+ * Enable or disable a key. The user must be the owner of the key or organization to perform this action.
3734
+ */
3735
+ updateKey: {
3736
+ parameters: {
3737
+ path: {
3738
+ /**
3739
+ * @description Name or ID of the desired Org
3740
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
3741
+ */
3742
+ org_id: string;
3743
+ /**
3744
+ * @description ID of the desired Key
3745
+ * @example Key#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
3746
+ */
3747
+ key_id: string;
3748
+ };
3749
+ };
3750
+ requestBody: {
3751
+ content: {
3752
+ "application/json": components["schemas"]["UpdateKeyRequest"];
3753
+ };
3754
+ };
3755
+ responses: {
3756
+ 200: components["responses"]["KeyInfo"];
3757
+ default: {
3758
+ content: {
3759
+ "application/json": components["schemas"]["ErrorResponse"];
3760
+ };
3761
+ };
3762
+ };
3763
+ };
3764
+ /**
3765
+ * List Pending MFA Requests
3766
+ * @description List Pending MFA Requests
3767
+ *
3768
+ * Retrieves and returns all pending MFA requests that are accessible to the current user,
3769
+ * i.e., those in which the current user is listed as an approver
3770
+ */
3771
+ mfaList: {
3772
+ parameters: {
3773
+ path: {
3774
+ /**
3775
+ * @description Name or ID of the desired Org
3776
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
3777
+ */
3778
+ org_id: string;
3779
+ };
3780
+ };
3781
+ responses: {
3782
+ 200: components["responses"]["ListMfaResponse"];
3783
+ default: {
3784
+ content: {
3785
+ "application/json": components["schemas"]["ErrorResponse"];
3786
+ };
3787
+ };
3788
+ };
3789
+ };
3790
+ /**
3791
+ * Get Pending MFA Request
3792
+ * @description Get Pending MFA Request
3793
+ *
3794
+ * Retrieves and returns a pending MFA request by its id.
3795
+ */
3796
+ mfaGet: {
3797
+ parameters: {
3798
+ path: {
3799
+ /**
3800
+ * @description Name or ID of the desired Org
3801
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
3802
+ */
3803
+ org_id: string;
3804
+ /**
3805
+ * @description Name or ID of the desired MfaRequest
3806
+ * @example MfaRequest#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
3807
+ */
3808
+ mfa_id: string;
3809
+ };
3810
+ };
3811
+ responses: {
3812
+ 200: components["responses"]["MfaRequestInfo"];
3813
+ default: {
3814
+ content: {
3815
+ "application/json": components["schemas"]["ErrorResponse"];
3816
+ };
3817
+ };
3818
+ };
3819
+ };
3820
+ /**
3821
+ * Approve MFA Request
3822
+ * @description Approve MFA Request
3823
+ *
3824
+ * Approve request after logging in with CubeSigner. Adds the currently-logged user as an approver
3825
+ * of a pending MFA request of the [Status::RequiredApprovers] kind. If the required number of
3826
+ * approvers is reached, the MFA request is approved; the confirmation receipt can be used to
3827
+ * resume the original HTTP request.
3828
+ */
3829
+ mfaApproveCs: {
3830
+ parameters: {
3831
+ path: {
3832
+ /**
3833
+ * @description Name or ID of the desired Org
3834
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
3835
+ */
3836
+ org_id: string;
3837
+ /**
3838
+ * @description Name or ID of the desired MfaRequest
3839
+ * @example MfaRequest#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
3840
+ */
3007
3841
  mfa_id: string;
3008
3842
  };
3009
3843
  };
@@ -3031,8 +3865,8 @@ export interface operations {
3031
3865
  */
3032
3866
  org_id: string;
3033
3867
  /**
3034
- * @description ID of the MFA approval request
3035
- * @example MfaRequest#6de79de4-662c-4203-9235-b6ace5cb432b
3868
+ * @description Name or ID of the desired MfaRequest
3869
+ * @example MfaRequest#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
3036
3870
  */
3037
3871
  mfa_id: string;
3038
3872
  };
@@ -3064,8 +3898,8 @@ export interface operations {
3064
3898
  */
3065
3899
  org_id: string;
3066
3900
  /**
3067
- * @description ID of the MFA approval request
3068
- * @example MfaRequest#6de79de4-662c-4203-9235-b6ace5cb432b
3901
+ * @description Name or ID of the desired MfaRequest
3902
+ * @example MfaRequest#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
3069
3903
  */
3070
3904
  mfa_id: string;
3071
3905
  };
@@ -3102,8 +3936,8 @@ export interface operations {
3102
3936
  */
3103
3937
  org_id: string;
3104
3938
  /**
3105
- * @description ID of the MFA approval request
3106
- * @example MfaRequest#6de79de4-662c-4203-9235-b6ace5cb432b
3939
+ * @description Name or ID of the desired MfaRequest
3940
+ * @example MfaRequest#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
3107
3941
  */
3108
3942
  mfa_id: string;
3109
3943
  };
@@ -3158,71 +3992,30 @@ export interface operations {
3158
3992
  };
3159
3993
  };
3160
3994
  /**
3161
- * Create OIDCProof
3162
- * @description Create OIDCProof
3163
- *
3164
- * Exchange an OIDC ID token (passed via the `Authorization` header) for a proof of authentication.
3165
- *
3166
- * This route can be used to prove to another party that a user has met the
3167
- * authentication requirements (allowed issuers & audiences) for CubeSigner
3168
- * without leaking their credentials.
3995
+ * List Roles
3996
+ * @description List Roles
3169
3997
  *
3170
- * Clients are intended to call this route and pass the returned evidence to another service
3171
- * which will verify it.
3998
+ * Retrieves all roles in an organization that the current user is allowed to access.
3172
3999
  */
3173
- createOidcProof: {
4000
+ listRoles: {
3174
4001
  parameters: {
3175
- path: {
4002
+ query?: {
3176
4003
  /**
3177
- * @description Name or ID of the desired Org
3178
- * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
4004
+ * @description Max number of items to return per page.
4005
+ *
4006
+ * If the actual number of returned items may be less that this, even if there exist more
4007
+ * data in the result set. To reliably determine if more data is left in the result set,
4008
+ * inspect the [UnencryptedLastEvalKey] value in the response object.
3179
4009
  */
3180
- org_id: string;
3181
- };
3182
- };
3183
- responses: {
3184
- 200: components["responses"]["OidcProof"];
3185
- default: {
3186
- content: {
3187
- "application/json": components["schemas"]["ErrorResponse"];
3188
- };
3189
- };
3190
- };
3191
- };
3192
- /**
3193
- * Verify OIDC Proof
3194
- * @description Verify OIDC Proof
3195
- *
3196
- * Allows a third-party to validate proof of OIDC authentication.
3197
- *
3198
- * When a third-party is provided an OidcProof object, they must check its
3199
- * veracity by calling this endpoint
3200
- */
3201
- verifyOidcProof: {
3202
- parameters: {
3203
- path: {
4010
+ "page.size"?: number;
3204
4011
  /**
3205
- * @description Name or ID of the desired Org
3206
- * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
4012
+ * @description The start of the page. Omit to start from the beginning; otherwise, only specify a
4013
+ * the exact value previously returned as 'last_evaluated_key' from the same endpoint.
3207
4014
  */
3208
- org_id: string;
3209
- };
3210
- };
3211
- requestBody: {
3212
- content: {
3213
- "application/json": components["schemas"]["OidcProof"];
4015
+ "page.start"?: components["schemas"]["LastEvalKey"] | null;
4016
+ /** @description Don't include keys and users for each role */
4017
+ summarize?: boolean | null;
3214
4018
  };
3215
- };
3216
- responses: {};
3217
- };
3218
- /**
3219
- * List Roles
3220
- * @description List Roles
3221
- *
3222
- * Retrieves all roles in an organization that the current user is allowed to access.
3223
- */
3224
- listRoles: {
3225
- parameters: {
3226
4019
  path: {
3227
4020
  /**
3228
4021
  * @description Name or ID of the desired Org
@@ -3232,7 +4025,7 @@ export interface operations {
3232
4025
  };
3233
4026
  };
3234
4027
  responses: {
3235
- 200: components["responses"]["ListRolesResponse"];
4028
+ 200: components["responses"]["PaginatedListRolesResponse"];
3236
4029
  default: {
3237
4030
  content: {
3238
4031
  "application/json": components["schemas"]["ErrorResponse"];
@@ -3260,7 +4053,7 @@ export interface operations {
3260
4053
  /** @description Optional request body to set the role name */
3261
4054
  requestBody?: {
3262
4055
  content: {
3263
- "application/json": components["schemas"]["CreateRoleRequest"];
4056
+ "application/json": components["schemas"]["CreateRoleRequest"] | null;
3264
4057
  };
3265
4058
  };
3266
4059
  responses: {
@@ -3361,7 +4154,7 @@ export interface operations {
3361
4154
  };
3362
4155
  };
3363
4156
  responses: {
3364
- 200: components["responses"]["EmptyImpl"];
4157
+ 200: components["responses"]["RoleInfo"];
3365
4158
  default: {
3366
4159
  content: {
3367
4160
  "application/json": components["schemas"]["ErrorResponse"];
@@ -3426,6 +4219,51 @@ export interface operations {
3426
4219
  };
3427
4220
  responses: {};
3428
4221
  };
4222
+ /**
4223
+ * List Role Keys
4224
+ * @description List Role Keys
4225
+ *
4226
+ * Returns an array of all keys in a role.
4227
+ */
4228
+ listRoleKeys: {
4229
+ parameters: {
4230
+ query?: {
4231
+ /**
4232
+ * @description Max number of items to return per page.
4233
+ *
4234
+ * If the actual number of returned items may be less that this, even if there exist more
4235
+ * data in the result set. To reliably determine if more data is left in the result set,
4236
+ * inspect the [UnencryptedLastEvalKey] value in the response object.
4237
+ */
4238
+ "page.size"?: number;
4239
+ /**
4240
+ * @description The start of the page. Omit to start from the beginning; otherwise, only specify a
4241
+ * the exact value previously returned as 'last_evaluated_key' from the same endpoint.
4242
+ */
4243
+ "page.start"?: components["schemas"]["LastEvalKey"] | null;
4244
+ };
4245
+ path: {
4246
+ /**
4247
+ * @description Name or ID of the desired Org
4248
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
4249
+ */
4250
+ org_id: string;
4251
+ /**
4252
+ * @description Name or ID of the desired Role
4253
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
4254
+ */
4255
+ role_id: string;
4256
+ };
4257
+ };
4258
+ responses: {
4259
+ 200: components["responses"]["PaginatedListRoleKeysResponse"];
4260
+ default: {
4261
+ content: {
4262
+ "application/json": components["schemas"]["ErrorResponse"];
4263
+ };
4264
+ };
4265
+ };
4266
+ };
3429
4267
  /**
3430
4268
  * Remove Key
3431
4269
  * @description Remove Key
@@ -3455,9 +4293,9 @@ export interface operations {
3455
4293
  responses: {};
3456
4294
  };
3457
4295
  /**
3458
- * List Tokens (Deprecated)
4296
+ * List a single page of Tokens (Deprecated)
3459
4297
  * @deprecated
3460
- * @description List Tokens (Deprecated)
4298
+ * @description List a single page of Tokens (Deprecated)
3461
4299
  *
3462
4300
  * **Deprecated**: Use `GET /org/{org_id}/session?role=`
3463
4301
  *
@@ -3597,6 +4435,51 @@ export interface operations {
3597
4435
  };
3598
4436
  };
3599
4437
  };
4438
+ /**
4439
+ * List Role Users.
4440
+ * @description List Role Users.
4441
+ *
4442
+ * Returns an array of all users who have access to a role.
4443
+ */
4444
+ listRoleUsers: {
4445
+ parameters: {
4446
+ query?: {
4447
+ /**
4448
+ * @description Max number of items to return per page.
4449
+ *
4450
+ * If the actual number of returned items may be less that this, even if there exist more
4451
+ * data in the result set. To reliably determine if more data is left in the result set,
4452
+ * inspect the [UnencryptedLastEvalKey] value in the response object.
4453
+ */
4454
+ "page.size"?: number;
4455
+ /**
4456
+ * @description The start of the page. Omit to start from the beginning; otherwise, only specify a
4457
+ * the exact value previously returned as 'last_evaluated_key' from the same endpoint.
4458
+ */
4459
+ "page.start"?: components["schemas"]["LastEvalKey"] | null;
4460
+ };
4461
+ path: {
4462
+ /**
4463
+ * @description Name or ID of the desired Org
4464
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
4465
+ */
4466
+ org_id: string;
4467
+ /**
4468
+ * @description Name or ID of the desired Role
4469
+ * @example Role#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
4470
+ */
4471
+ role_id: string;
4472
+ };
4473
+ };
4474
+ responses: {
4475
+ 200: components["responses"]["PaginatedListRoleUsersResponse"];
4476
+ default: {
4477
+ content: {
4478
+ "application/json": components["schemas"]["ErrorResponse"];
4479
+ };
4480
+ };
4481
+ };
4482
+ };
3600
4483
  /**
3601
4484
  * List sessions
3602
4485
  * @description List sessions
@@ -3606,11 +4489,24 @@ export interface operations {
3606
4489
  listSessions: {
3607
4490
  parameters: {
3608
4491
  query?: {
4492
+ /**
4493
+ * @description Max number of items to return per page.
4494
+ *
4495
+ * If the actual number of returned items may be less that this, even if there exist more
4496
+ * data in the result set. To reliably determine if more data is left in the result set,
4497
+ * inspect the [UnencryptedLastEvalKey] value in the response object.
4498
+ */
4499
+ "page.size"?: number;
4500
+ /**
4501
+ * @description The start of the page. Omit to start from the beginning; otherwise, only specify a
4502
+ * the exact value previously returned as 'last_evaluated_key' from the same endpoint.
4503
+ */
4504
+ "page.start"?: components["schemas"]["LastEvalKey"] | null;
3609
4505
  /**
3610
4506
  * @description If provided, the name or ID of a role to operate on
3611
4507
  * @example my-role
3612
4508
  */
3613
- role?: string;
4509
+ role?: string | null;
3614
4510
  };
3615
4511
  path: {
3616
4512
  /**
@@ -3621,7 +4517,7 @@ export interface operations {
3621
4517
  };
3622
4518
  };
3623
4519
  responses: {
3624
- 200: components["responses"]["SessionsResponse"];
4520
+ 200: components["responses"]["PaginatedSessionsResponse"];
3625
4521
  default: {
3626
4522
  content: {
3627
4523
  "application/json": components["schemas"]["ErrorResponse"];
@@ -3643,7 +4539,7 @@ export interface operations {
3643
4539
  * @description If provided, the name or ID of a role to operate on
3644
4540
  * @example my-role
3645
4541
  */
3646
- role?: string;
4542
+ role?: string | null;
3647
4543
  };
3648
4544
  path: {
3649
4545
  /**
@@ -3662,6 +4558,31 @@ export interface operations {
3662
4558
  };
3663
4559
  };
3664
4560
  };
4561
+ /**
4562
+ * Revoke current session
4563
+ * @description Revoke current session
4564
+ *
4565
+ * Immediately revokes the current session, preventing it from being used or refreshed
4566
+ */
4567
+ revokeCurrentSession: {
4568
+ parameters: {
4569
+ path: {
4570
+ /**
4571
+ * @description Name or ID of the desired Org
4572
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
4573
+ */
4574
+ org_id: string;
4575
+ };
4576
+ };
4577
+ responses: {
4578
+ 200: components["responses"]["EmptyImpl"];
4579
+ default: {
4580
+ content: {
4581
+ "application/json": components["schemas"]["ErrorResponse"];
4582
+ };
4583
+ };
4584
+ };
4585
+ };
3665
4586
  /**
3666
4587
  * Get session information
3667
4588
  * @description Get session information
@@ -3720,6 +4641,47 @@ export interface operations {
3720
4641
  };
3721
4642
  };
3722
4643
  };
4644
+ /**
4645
+ * Sign Solana Message
4646
+ * @description Sign Solana Message
4647
+ *
4648
+ * Signs a Solana message with a given key.
4649
+ * This is a pre-release feature.
4650
+ */
4651
+ solanaSign: {
4652
+ parameters: {
4653
+ path: {
4654
+ /**
4655
+ * @description Name or ID of the desired Org
4656
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
4657
+ */
4658
+ org_id: string;
4659
+ /**
4660
+ * @description The base58-encoded public key
4661
+ * @example 86ZRPszBp5EoPj7wR3bHn7wnAZ5iYfpasRc7DKFPTUaZ
4662
+ */
4663
+ pubkey: string;
4664
+ };
4665
+ };
4666
+ requestBody: {
4667
+ content: {
4668
+ "application/json": components["schemas"]["SolanaSignRequest"];
4669
+ };
4670
+ };
4671
+ responses: {
4672
+ 200: components["responses"]["SolanaSignResponse"];
4673
+ 202: {
4674
+ content: {
4675
+ "application/json": components["schemas"]["AcceptedResponse"];
4676
+ };
4677
+ };
4678
+ default: {
4679
+ content: {
4680
+ "application/json": components["schemas"]["ErrorResponse"];
4681
+ };
4682
+ };
4683
+ };
4684
+ };
3723
4685
  /**
3724
4686
  * Get Token-Accessible Keys
3725
4687
  * @description Get Token-Accessible Keys
@@ -3746,10 +4708,12 @@ export interface operations {
3746
4708
  };
3747
4709
  };
3748
4710
  /**
3749
- * List users in organization
3750
- * @description List users in organization
4711
+ * User Info
4712
+ * @description User Info
4713
+ *
4714
+ * Retrieves information about the current user.
3751
4715
  */
3752
- listUsersInOrg: {
4716
+ aboutMe: {
3753
4717
  parameters: {
3754
4718
  path: {
3755
4719
  /**
@@ -3760,7 +4724,7 @@ export interface operations {
3760
4724
  };
3761
4725
  };
3762
4726
  responses: {
3763
- 200: components["responses"]["GetUsersInOrgResponse"];
4727
+ 200: components["responses"]["UserInfo"];
3764
4728
  default: {
3765
4729
  content: {
3766
4730
  "application/json": components["schemas"]["ErrorResponse"];
@@ -3769,10 +4733,12 @@ export interface operations {
3769
4733
  };
3770
4734
  };
3771
4735
  /**
3772
- * Add a third-party user to the org
3773
- * @description Add a third-party user to the org
4736
+ * Initiate registration of a FIDO key
4737
+ * @description Initiate registration of a FIDO key
4738
+ *
4739
+ * Generates a challenge that must be answered to prove ownership of a key
3774
4740
  */
3775
- createOidcUser: {
4741
+ userRegisterFidoInit: {
3776
4742
  parameters: {
3777
4743
  path: {
3778
4744
  /**
@@ -3784,11 +4750,16 @@ export interface operations {
3784
4750
  };
3785
4751
  requestBody: {
3786
4752
  content: {
3787
- "application/json": components["schemas"]["AddThirdPartyUserRequest"];
4753
+ "application/json": components["schemas"]["FidoCreateRequest"];
3788
4754
  };
3789
4755
  };
3790
4756
  responses: {
3791
- 200: components["responses"]["AddThirdPartyUserResponse"];
4757
+ 200: components["responses"]["FidoCreateChallengeResponse"];
4758
+ 202: {
4759
+ content: {
4760
+ "application/json": components["schemas"]["AcceptedResponse"];
4761
+ };
4762
+ };
3792
4763
  default: {
3793
4764
  content: {
3794
4765
  "application/json": components["schemas"]["ErrorResponse"];
@@ -3797,10 +4768,12 @@ export interface operations {
3797
4768
  };
3798
4769
  };
3799
4770
  /**
3800
- * Remove a third-party user from the org
3801
- * @description Remove a third-party user from the org
4771
+ * Finalize registration of a FIDO key
4772
+ * @description Finalize registration of a FIDO key
4773
+ *
4774
+ * Accepts the response to the challenge generated by the POST to this endpoint.
3802
4775
  */
3803
- deleteOidcUser: {
4776
+ userRegisterFidoComplete: {
3804
4777
  parameters: {
3805
4778
  path: {
3806
4779
  /**
@@ -3812,7 +4785,7 @@ export interface operations {
3812
4785
  };
3813
4786
  requestBody: {
3814
4787
  content: {
3815
- "application/json": components["schemas"]["OIDCIdentity"];
4788
+ "application/json": components["schemas"]["FidoCreateChallengeAnswer"];
3816
4789
  };
3817
4790
  };
3818
4791
  responses: {
@@ -3825,15 +4798,39 @@ export interface operations {
3825
4798
  };
3826
4799
  };
3827
4800
  /**
3828
- * Initialize TOTP
3829
- * @description Initialize TOTP
4801
+ * Initialize TOTP Reset
4802
+ * @description Initialize TOTP Reset
4803
+ *
4804
+ * Creates a new TOTP challenge that must be answered to prove that the new TOTP
4805
+ * was successfully imported into an authenticator app.
3830
4806
  *
3831
- * Creates and sets a new TOTP configuration for the current user,
3832
- * if and only if no TOTP configuration is already set.
4807
+ * This operation is allowed if EITHER
4808
+ * - the user account is not yet initialized and no TOTP is already set, OR
4809
+ * - the user has not configured any auth factors;
4810
+ * otherwise, MFA is required.
3833
4811
  */
3834
- userInitTotp: {
4812
+ userResetTotpInit: {
4813
+ parameters: {
4814
+ path: {
4815
+ /**
4816
+ * @description Name or ID of the desired Org
4817
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
4818
+ */
4819
+ org_id: string;
4820
+ };
4821
+ };
4822
+ requestBody: {
4823
+ content: {
4824
+ "application/json": components["schemas"]["Empty"];
4825
+ };
4826
+ };
3835
4827
  responses: {
3836
4828
  200: components["responses"]["TotpInfo"];
4829
+ 202: {
4830
+ content: {
4831
+ "application/json": components["schemas"]["AcceptedResponse"];
4832
+ };
4833
+ };
3837
4834
  default: {
3838
4835
  content: {
3839
4836
  "application/json": components["schemas"]["ErrorResponse"];
@@ -3842,15 +4839,29 @@ export interface operations {
3842
4839
  };
3843
4840
  };
3844
4841
  /**
3845
- * Reset TOTP
3846
- * @description Reset TOTP
4842
+ * Finalize resetting TOTP
4843
+ * @description Finalize resetting TOTP
3847
4844
  *
3848
- * Creates and sets a new TOTP configuration for the current user,
3849
- * overriding the existing one (if any).
4845
+ * Checks if the response contains the correct TOTP code corresponding to the
4846
+ * challenge generated by the POST method of this endpoint.
3850
4847
  */
3851
- userResetTotp: {
4848
+ userResetTotpComplete: {
4849
+ parameters: {
4850
+ path: {
4851
+ /**
4852
+ * @description Name or ID of the desired Org
4853
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
4854
+ */
4855
+ org_id: string;
4856
+ };
4857
+ };
4858
+ requestBody: {
4859
+ content: {
4860
+ "application/json": components["schemas"]["TotpChallengeAnswer"];
4861
+ };
4862
+ };
3852
4863
  responses: {
3853
- 200: components["responses"]["TotpInfo"];
4864
+ 200: components["responses"]["EmptyImpl"];
3854
4865
  default: {
3855
4866
  content: {
3856
4867
  "application/json": components["schemas"]["ErrorResponse"];
@@ -3868,7 +4879,95 @@ export interface operations {
3868
4879
  userVerifyTotp: {
3869
4880
  parameters: {
3870
4881
  path: {
3871
- code: string;
4882
+ /**
4883
+ * @description Name or ID of the desired Org
4884
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
4885
+ */
4886
+ org_id: string;
4887
+ };
4888
+ };
4889
+ requestBody: {
4890
+ content: {
4891
+ "application/json": components["schemas"]["TotpApproveRequest"];
4892
+ };
4893
+ };
4894
+ responses: {
4895
+ 200: components["responses"]["EmptyImpl"];
4896
+ default: {
4897
+ content: {
4898
+ "application/json": components["schemas"]["ErrorResponse"];
4899
+ };
4900
+ };
4901
+ };
4902
+ };
4903
+ /**
4904
+ * List users in organization
4905
+ * @description List users in organization
4906
+ */
4907
+ listUsersInOrg: {
4908
+ parameters: {
4909
+ path: {
4910
+ /**
4911
+ * @description Name or ID of the desired Org
4912
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
4913
+ */
4914
+ org_id: string;
4915
+ };
4916
+ };
4917
+ responses: {
4918
+ 200: components["responses"]["GetUsersInOrgResponse"];
4919
+ default: {
4920
+ content: {
4921
+ "application/json": components["schemas"]["ErrorResponse"];
4922
+ };
4923
+ };
4924
+ };
4925
+ };
4926
+ /**
4927
+ * Add a third-party user to the org
4928
+ * @description Add a third-party user to the org
4929
+ */
4930
+ createOidcUser: {
4931
+ parameters: {
4932
+ path: {
4933
+ /**
4934
+ * @description Name or ID of the desired Org
4935
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
4936
+ */
4937
+ org_id: string;
4938
+ };
4939
+ };
4940
+ requestBody: {
4941
+ content: {
4942
+ "application/json": components["schemas"]["AddThirdPartyUserRequest"];
4943
+ };
4944
+ };
4945
+ responses: {
4946
+ 200: components["responses"]["AddThirdPartyUserResponse"];
4947
+ default: {
4948
+ content: {
4949
+ "application/json": components["schemas"]["ErrorResponse"];
4950
+ };
4951
+ };
4952
+ };
4953
+ };
4954
+ /**
4955
+ * Remove a third-party user from the org
4956
+ * @description Remove a third-party user from the org
4957
+ */
4958
+ deleteOidcUser: {
4959
+ parameters: {
4960
+ path: {
4961
+ /**
4962
+ * @description Name or ID of the desired Org
4963
+ * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
4964
+ */
4965
+ org_id: string;
4966
+ };
4967
+ };
4968
+ requestBody: {
4969
+ content: {
4970
+ "application/json": components["schemas"]["OIDCIdentity"];
3872
4971
  };
3873
4972
  };
3874
4973
  responses: {
@@ -3882,11 +4981,12 @@ export interface operations {
3882
4981
  };
3883
4982
  /**
3884
4983
  * Initiate registration of a FIDO key
4984
+ * @deprecated
3885
4985
  * @description Initiate registration of a FIDO key
3886
4986
  *
3887
4987
  * Generates a challenge that must be answered to prove ownership of a key
3888
4988
  */
3889
- userRegisterFido: {
4989
+ registerFidoInitLegacy: {
3890
4990
  requestBody: {
3891
4991
  content: {
3892
4992
  "application/json": components["schemas"]["FidoCreateRequest"];
@@ -3894,6 +4994,11 @@ export interface operations {
3894
4994
  };
3895
4995
  responses: {
3896
4996
  200: components["responses"]["FidoCreateChallengeResponse"];
4997
+ 202: {
4998
+ content: {
4999
+ "application/json": components["schemas"]["AcceptedResponse"];
5000
+ };
5001
+ };
3897
5002
  default: {
3898
5003
  content: {
3899
5004
  "application/json": components["schemas"]["ErrorResponse"];
@@ -3903,11 +5008,12 @@ export interface operations {
3903
5008
  };
3904
5009
  /**
3905
5010
  * Finalize registration of a FIDO key
5011
+ * @deprecated
3906
5012
  * @description Finalize registration of a FIDO key
3907
5013
  *
3908
5014
  * Accepts the response to the challenge generated by the POST to this endpoint.
3909
5015
  */
3910
- userRegisterFidoComplete: {
5016
+ registerFidoCompleteLegacy: {
3911
5017
  requestBody: {
3912
5018
  content: {
3913
5019
  "application/json": components["schemas"]["FidoCreateChallengeAnswer"];
@@ -3922,12 +5028,98 @@ export interface operations {
3922
5028
  };
3923
5029
  };
3924
5030
  };
5031
+ /**
5032
+ * Initialize TOTP Reset
5033
+ * @deprecated
5034
+ * @description Initialize TOTP Reset
5035
+ *
5036
+ * Creates a new TOTP challenge that must be answered to prove that the new TOTP
5037
+ * was successfully imported into an authenticator app.
5038
+ *
5039
+ * This operation is allowed if EITHER
5040
+ * - the user account is not yet initialized and no TOTP is already set, OR
5041
+ * - the user has not configured any auth factors;
5042
+ * otherwise, MFA is required.
5043
+ */
5044
+ resetTotpInitLegacy: {
5045
+ requestBody: {
5046
+ content: {
5047
+ "application/json": components["schemas"]["Empty"];
5048
+ };
5049
+ };
5050
+ responses: {
5051
+ 200: components["responses"]["TotpInfo"];
5052
+ 202: {
5053
+ content: {
5054
+ "application/json": components["schemas"]["AcceptedResponse"];
5055
+ };
5056
+ };
5057
+ default: {
5058
+ content: {
5059
+ "application/json": components["schemas"]["ErrorResponse"];
5060
+ };
5061
+ };
5062
+ };
5063
+ };
5064
+ /**
5065
+ * Finalize resetting TOTP
5066
+ * @deprecated
5067
+ * @description Finalize resetting TOTP
5068
+ *
5069
+ * Checks if the response contains the correct TOTP code corresponding to the
5070
+ * challenge generated by the POST method of this endpoint.
5071
+ */
5072
+ resetTotpCompleteLegacy: {
5073
+ requestBody: {
5074
+ content: {
5075
+ "application/json": components["schemas"]["TotpChallengeAnswer"];
5076
+ };
5077
+ };
5078
+ responses: {
5079
+ 200: components["responses"]["EmptyImpl"];
5080
+ default: {
5081
+ content: {
5082
+ "application/json": components["schemas"]["ErrorResponse"];
5083
+ };
5084
+ };
5085
+ };
5086
+ };
5087
+ /**
5088
+ * Verify TOTP
5089
+ * @deprecated
5090
+ * @description Verify TOTP
5091
+ *
5092
+ * Checks if a given code matches the current TOTP code for the current user.
5093
+ * Errors with 403 if the current user has not set up TOTP or the code fails verification.
5094
+ */
5095
+ verifyTotpLegacy: {
5096
+ requestBody: {
5097
+ content: {
5098
+ "application/json": components["schemas"]["TotpApproveRequest"];
5099
+ };
5100
+ };
5101
+ responses: {
5102
+ 200: components["responses"]["EmptyImpl"];
5103
+ default: {
5104
+ content: {
5105
+ "application/json": components["schemas"]["ErrorResponse"];
5106
+ };
5107
+ };
5108
+ };
5109
+ };
3925
5110
  /**
3926
5111
  * Sign Raw Blob
3927
5112
  * @description Sign Raw Blob
3928
5113
  *
3929
5114
  * Signs an arbitrary blob with a given key.
3930
5115
  * This is a pre-release feature.
5116
+ *
5117
+ * - ECDSA signatures are serialized as big-endian r and s plus recovery-id
5118
+ * byte v, which can in general take any of the values 0, 1, 2, or 3.
5119
+ *
5120
+ * - EdDSA signatures are serialized in the standard format.
5121
+ *
5122
+ * - BLS signatures are not supported on the blob-sign endpoint.
3931
5123
  */
3932
5124
  blobSign: {
3933
5125
  parameters: {
@@ -3938,8 +5130,8 @@ export interface operations {
3938
5130
  */
3939
5131
  org_id: string;
3940
5132
  /**
3941
- * @description The ID of the key
3942
- * @example Key#0x49011adbCC3bC9c0307BB07F37Dda1a1a9c69d2E
5133
+ * @description ID of the desired Key
5134
+ * @example Key#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
3943
5135
  */
3944
5136
  key_id: string;
3945
5137
  };
@@ -3973,7 +5165,7 @@ export interface operations {
3973
5165
  parameters: {
3974
5166
  path: {
3975
5167
  /**
3976
- * @description Name or ID of the organization owning the key
5168
+ * @description Name or ID of the desired Org
3977
5169
  * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
3978
5170
  */
3979
5171
  org_id: string;
@@ -3998,6 +5190,7 @@ export interface operations {
3998
5190
  * @description Sign EVM Transaction
3999
5191
  *
4000
5192
  * Signs an Ethereum (and other EVM) transaction with a given Secp256k1 key.
5193
+ * Returns an RLP-encoded transaction with EIP-155 signature.
4001
5194
  *
4002
5195
  * The key must be associated with the role and organization on whose behalf this action is called.
4003
5196
  */
@@ -4159,47 +5352,6 @@ export interface operations {
4159
5352
  };
4160
5353
  };
4161
5354
  };
4162
- /**
4163
- * Sign Solana Message
4164
- * @description Sign Solana Message
4165
- *
4166
- * Signs a Solana message with a given key.
4167
- * This is a pre-release feature.
4168
- */
4169
- solanaSign: {
4170
- parameters: {
4171
- path: {
4172
- /**
4173
- * @description Name or ID of the desired Org
4174
- * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
4175
- */
4176
- org_id: string;
4177
- /**
4178
- * @description The base58-encoded public key
4179
- * @example 86ZRPszBp5EoPj7wR3bHn7wnAZ5iYfpasRc7DKFPTUaZ
4180
- */
4181
- pubkey: string;
4182
- };
4183
- };
4184
- requestBody: {
4185
- content: {
4186
- "application/json": components["schemas"]["SolanaSignRequest"];
4187
- };
4188
- };
4189
- responses: {
4190
- 200: components["responses"]["SolanaSignResponse"];
4191
- 202: {
4192
- content: {
4193
- "application/json": components["schemas"]["AcceptedResponse"];
4194
- };
4195
- };
4196
- default: {
4197
- content: {
4198
- "application/json": components["schemas"]["ErrorResponse"];
4199
- };
4200
- };
4201
- };
4202
- };
4203
5355
  /**
4204
5356
  * Refresh Signer Session
4205
5357
  * @description Refresh Signer Session