@cubist-labs/cubesigner-sdk 0.3.13 → 0.3.19

package/src/schema.ts

@@ -287,7 +287,12 @@ export interface paths {
      * Login with OIDC
      * @description Login with OIDC
      *
-     * Exchange an OIDC ID token (passed via the `Authorization` header) for a signer session
+     * Exchange an OIDC ID token (passed via the `Authorization` header) for a signer session.
+     *
+     * MFA is required when:
+     * - an MFA policy is explicitly attached to the user logging in
+     * (e.g., an org owner can do that at user creation time to require certain kind of MFA)
+     * - the user has at least 1 MFA factor configured
      */
     post: operations["oidcAuth"];
   };
@@ -1088,7 +1093,10 @@ export interface components {
       | "ExportWindowTooLong"
       | "InvalidTotpFailureLimit"
       | "InvalidEip191SignRequest"
-      | "CannotResendUserInvitation";
+      | "CannotResendUserInvitation"
+      | "InvalidNotificationEndpointCount"
+      | "InvalidNotificationUrlProtocol"
+      | "EmptyOneOfOrgEventFilter";
     /**
      * @example {
      *   "message_base64": "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTYK"
@@ -1717,7 +1725,7 @@ export interface components {
     };
     GetUsersInOrgResponse: {
       /** @description The list of users in the org */
-      users: components["schemas"]["UserIdInfo"][];
+      users: components["schemas"]["UserInOrgInfo"][];
     };
     /** @description Stats pertaining the the sender `cube3signer` instance */
     HeartbeatRequest: {
@@ -1888,7 +1896,10 @@ export interface components {
       | "AvaSignSignatureMissing"
       | "ExpectedRoleSession"
       | "InvalidThirdPartyIdentity"
-      | "CognitoGetUser";
+      | "CognitoGetUser"
+      | "SnsSubscribeError"
+      | "SnsUnsubscribeError"
+      | "SnsPublishBatchError";
     InviteRequest: {
       /**
        * @description The user's email address
@@ -2204,6 +2215,12 @@ export interface components {
       | "TotpChallengeNotFound"
       | "UserExportRequestNotFound"
       | "UserExportCiphertextNotFound";
+    /** @description The configuration for an org event endpoint */
+    NotificationEndpointConfiguration: {
+      filter?: components["schemas"]["OrgEventFilter"];
+      /** @description URL of the endpoint */
+      url: string;
+    };
     /**
      * @description Represents a globally unique OIDC-authorized user by expressing the full "path" to a user. That is:
      *
@@ -2244,6 +2261,30 @@ export interface components {
       scopes: string[];
       tokens?: components["schemas"]["RatchetConfig"];
     };
+    /**
+     * @description Auto-generated discriminant enum variants
+     * @enum {string}
+     */
+    OrgEventDiscriminants:
+      | "OidcAuth"
+      | "Eth2ConcurrentAttestationSigning"
+      | "Eth2ConcurrentBlockSigning"
+      | "Eth2InvalidBlockProposerSlotTooLow"
+      | "Eth2InvalidAttestationSourceEpochTooLow"
+      | "Eth2InvalidAttestationTargetEpochTooLow"
+      | "Eth2Unstake"
+      | "Eth2ExceededMaxUnstake"
+      | "MfaRejected";
+    /** @description Filter for org events */
+    OrgEventFilter: OneOf<
+      [
+        "All",
+        {
+          /** @description Only accepts org events that are one of the listed events */
+          OneOf: components["schemas"]["OrgEventDiscriminants"][];
+        },
+      ]
+    >;
     OrgInfo: {
       /** @description When false, all cryptographic operations involving keys in this org are disabled. */
       enabled: boolean;
@@ -2270,6 +2311,17 @@ export interface components {
        * @example my_org_name
        */
       name?: string | null;
+      /**
+       * @description The organization's notification endpoints, which are HTTPS URLs are notified about a
+       * configurable set of events in an organization. For each event, CubeSigner sends a POST
+       * request with a JSON-formatted body that contains the event details.
+       * @example [
+       *   {
+       *     "url": "https://example.com/endpoint"
+       *   }
+       * ]
+       */
+      notification_endpoints?: Record<string, never>[];
       /**
        * @description The ID of the organization
        * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
@@ -3129,6 +3181,44 @@ export interface components {
        * @example my_org
        */
       name?: string | null;
+      /**
+       * @description If set, update this org's notification endpoints. Notification endpoints are expected to be
+       * HTTPS URLs, which accept POST requests. The body of the requests sent to these endpoints are
+       * are formatted in JSON and have the following format:
+       *
+       * ```json
+       * {
+       * "org": "...",
+       * "utc_timestamp": "...",
+       * "org_event": "...",
+       * ...
+       * }
+       * ```
+       *
+       * `org` is the org id, `utc_timestamp` is the UTC timestamp of the event in milliseconds, and
+       * `org_event` is a string identifying the type of event that has occurred. The rest of the
+       * fields provide additional information related to the type of the event.
+       *
+       * Endpoints can optionally include filters to customize the org events that they are notified
+       * about. Currently, the only supported filter type is `OneOf`, which expects a list of org
+       * event types to send to the endpoint. If no filter is configured, the system sends all org
+       * events to the endpoint.
+       * @example [
+       *   {
+       *     "url:": "https://example.com/endpoint1"
+       *   },
+       *   {
+       *     "filter": {
+       *       "OneOf": [
+       *         "Eth2ConcurrentAttestationSigning",
+       *         "Eth2ConcurrentBlockSigning"
+       *       ]
+       *     },
+       *     "url:": "https://example.com/endpoint2"
+       *   }
+       * ]
+       */
+      notification_endpoints?: Record<string, never>[] | null;
       /**
        * @description If set, update this org's policies (old policies will be overwritten!).
        * @example [
@@ -3181,6 +3271,15 @@ export interface components {
        * @example my_org_name
        */
       name?: string | null;
+      /**
+       * @description The new notification endpoint configurations
+       * @example [
+       *   {
+       *     "url": "https://example.com/endpoint"
+       *   }
+       * ]
+       */
+      notification_endpoints?: Record<string, never>[];
       /**
        * @description The ID of the organization
        * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
@@ -3328,7 +3427,7 @@ export interface components {
       public_key_hash?: string | null;
       valid_epoch: components["schemas"]["EpochDateTime"];
     };
-    UserIdInfo: {
+    UserInOrgInfo: {
       /**
        * @description The user's email
        * @example alice@example.com
@@ -3339,6 +3438,9 @@ export interface components {
        * @example User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f
        */
       id: string;
+      membership: components["schemas"]["MemberRole"];
+      /** @description Optional user name. */
+      name?: string | null;
     };
     UserInRoleInfo: {
       user_id: string;
@@ -3540,7 +3642,7 @@ export interface components {
       content: {
         "application/json": {
           /** @description The list of users in the org */
-          users: components["schemas"]["UserIdInfo"][];
+          users: components["schemas"]["UserInOrgInfo"][];
         };
       };
     };
@@ -3748,6 +3850,17 @@ export interface components {
            * @example my_org_name
            */
           name?: string | null;
+          /**
+           * @description The organization's notification endpoints, which are HTTPS URLs are notified about a
+           * configurable set of events in an organization. For each event, CubeSigner sends a POST
+           * request with a JSON-formatted body that contains the event details.
+           * @example [
+           *   {
+           *     "url": "https://example.com/endpoint"
+           *   }
+           * ]
+           */
+          notification_endpoints?: Record<string, never>[];
           /**
            * @description The ID of the organization
            * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
@@ -4067,6 +4180,15 @@ export interface components {
            * @example my_org_name
            */
           name?: string | null;
+          /**
+           * @description The new notification endpoint configurations
+           * @example [
+           *   {
+           *     "url": "https://example.com/endpoint"
+           *   }
+           * ]
+           */
+          notification_endpoints?: Record<string, never>[];
           /**
            * @description The ID of the organization
            * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
@@ -5084,7 +5206,12 @@ export interface operations {
    * Login with OIDC
    * @description Login with OIDC
    *
-   * Exchange an OIDC ID token (passed via the `Authorization` header) for a signer session
+   * Exchange an OIDC ID token (passed via the `Authorization` header) for a signer session.
+   *
+   * MFA is required when:
+   * - an MFA policy is explicitly attached to the user logging in
+   * (e.g., an org owner can do that at user creation time to require certain kind of MFA)
+   * - the user has at least 1 MFA factor configured
    */
   oidcAuth: {
     parameters: {

package/src/schema_types.ts

@@ -23,9 +23,11 @@ export type PublicKeyCredentialUserEntity = schemas["PublicKeyCredentialUserEnti
 export type PublicKeyCredential = schemas["PublicKeyCredential"];
 
 export type OrgInfo = schemas["OrgInfo"];
-export type UserIdInfo = schemas["UserIdInfo"];
+export type UserInOrgInfo = schemas["UserInOrgInfo"];
 export type UpdateOrgRequest = schemas["UpdateOrgRequest"];
 export type UpdateOrgResponse = schemas["UpdateOrgResponse"];
+export type NotificationEndpointConfiguration = schemas["NotificationEndpointConfiguration"];
+export type OrgEvents = schemas["OrgEventDiscriminants"];
 
 export type OidcIdentity = schemas["OIDCIdentity"];
 export type MemberRole = schemas["MemberRole"];

package/tsconfig.json

@@ -1,12 +1,12 @@
 {
   "extends": "../../tsconfig.json",
   "compilerOptions": {
-    "outDir": "./dist",
+    "outDir": "./dist"
   },
   "typedocOptions": {
     "out": "./docs",
-    "entryPoints": ["src/index.ts", "src/env.ts", "src/schema.ts"],
+    "entryPoints": ["src/index.ts", "src/env.ts", "src/schema.ts"]
   },
   "exclude": ["spec", "node_modules", "dist"],
-  "include": ["src/**/*.ts"],
+  "include": ["src/**/*.ts"]
 }