@cubist-labs/cubesigner-sdk 0.3.13 → 0.3.23

package/dist/esm/src/schema_types.d.ts

@@ -3,6 +3,7 @@ import { components } from "./schema";
 import { JsonMap } from "./util";
 type schemas = components["schemas"];
 export type UserInfo = schemas["UserInfo"];
+export type UserInOrgMembership = schemas["UserInOrgMembership"];
 export type ConfiguredMfa = schemas["ConfiguredMfa"];
 export type RatchetConfig = schemas["RatchetConfig"];
 export type IdentityProof = schemas["IdentityProof"];
@@ -18,14 +19,18 @@ export type AuthenticatorSelectionCriteria = schemas["AuthenticatorSelectionCrit
 export type PublicKeyCredentialUserEntity = schemas["PublicKeyCredentialUserEntity"];
 export type PublicKeyCredential = schemas["PublicKeyCredential"];
 export type OrgInfo = schemas["OrgInfo"];
-export type UserIdInfo = schemas["UserIdInfo"];
+export type UserInOrgInfo = schemas["UserInOrgInfo"];
 export type UpdateOrgRequest = schemas["UpdateOrgRequest"];
 export type UpdateOrgResponse = schemas["UpdateOrgResponse"];
+export type NotificationEndpointConfiguration = schemas["NotificationEndpointConfiguration"];
+export type OrgEvents = schemas["OrgEventDiscriminants"];
 export type OidcIdentity = schemas["OIDCIdentity"];
 export type MemberRole = schemas["MemberRole"];
 export type SchemaKeyType = schemas["KeyType"];
 export type ListKeysResponse = schemas["PaginatedListKeysResponse"];
 export type UpdateKeyRequest = schemas["UpdateKeyRequest"];
+export type UpdateKeyProperties = schemas["UpdateKeyProperties"];
+export type CreateKeyRequest = schemas["CreateKeyRequest"];
 export type KeyInfoApi = schemas["KeyInfo"];
 export type KeyInRoleInfo = schemas["KeyInRoleInfo"];
 export type UserInRoleInfo = schemas["UserInRoleInfo"];

package/dist/esm/src/schema_types.js

@@ -1,2 +1,2 @@
 export {};
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2NoZW1hX3R5cGVzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3NjaGVtYV90eXBlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgTWZhUG9saWN5IH0gZnJvbSBcIi4vcm9sZVwiO1xuaW1wb3J0IHsgY29tcG9uZW50cyB9IGZyb20gXCIuL3NjaGVtYVwiO1xuaW1wb3J0IHsgSnNvbk1hcCB9IGZyb20gXCIuL3V0aWxcIjtcblxudHlwZSBzY2hlbWFzID0gY29tcG9uZW50c1tcInNjaGVtYXNcIl07XG5cbmV4cG9ydCB0eXBlIFVzZXJJbmZvID0gc2NoZW1hc1tcIlVzZXJJbmZvXCJdO1xuZXhwb3J0IHR5cGUgQ29uZmlndXJlZE1mYSA9IHNjaGVtYXNbXCJDb25maWd1cmVkTWZhXCJdO1xuZXhwb3J0IHR5cGUgUmF0Y2hldENvbmZpZyA9IHNjaGVtYXNbXCJSYXRjaGV0Q29uZmlnXCJdO1xuZXhwb3J0IHR5cGUgSWRlbnRpdHlQcm9vZiA9IHNjaGVtYXNbXCJJZGVudGl0eVByb29mXCJdO1xuZXhwb3J0IHR5cGUgVG90cEluZm8gPSBzY2hlbWFzW1wiVG90cEluZm9cIl07XG5cbmV4cG9ydCB0eXBlIE9pZGNBdXRoUmVzcG9uc2UgPSBzY2hlbWFzW1wiTmV3U2Vzc2lvblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgQXBpQWRkRmlkb0NoYWxsZW5nZSA9IHNjaGVtYXNbXCJGaWRvQ3JlYXRlQ2hhbGxlbmdlUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBBcGlNZmFGaWRvQ2hhbGxlbmdlID0gc2NoZW1hc1tcIkZpZG9Bc3NlcnRDaGFsbGVuZ2VcIl07XG5cbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxDcmVhdGlvbk9wdGlvbnMgPSBzY2hlbWFzW1wiUHVibGljS2V5Q3JlZGVudGlhbENyZWF0aW9uT3B0aW9uc1wiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxSZXF1ZXN0T3B0aW9ucyA9IHNjaGVtYXNbXCJQdWJsaWNLZXlDcmVkZW50aWFsUmVxdWVzdE9wdGlvbnNcIl07XG5leHBvcnQgdHlwZSBQdWJsaWNLZXlDcmVkZW50aWFsUGFyYW1ldGVycyA9IHNjaGVtYXNbXCJQdWJsaWNLZXlDcmVkZW50aWFsUGFyYW1ldGVyc1wiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxEZXNjcmlwdG9yID0gc2NoZW1hc1tcIlB1YmxpY0tleUNyZWRlbnRpYWxEZXNjcmlwdG9yXCJdO1xuZXhwb3J0IHR5cGUgQXV0aGVudGljYXRvclNlbGVjdGlvbkNyaXRlcmlhID0gc2NoZW1hc1tcIkF1dGhlbnRpY2F0b3JTZWxlY3Rpb25Dcml0ZXJpYVwiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxVc2VyRW50aXR5ID0gc2NoZW1hc1tcIlB1YmxpY0tleUNyZWRlbnRpYWxVc2VyRW50aXR5XCJdO1xuZXhwb3J0IHR5cGUgUHVibGljS2V5Q3JlZGVudGlhbCA9IHNjaGVtYXNbXCJQdWJsaWNLZXlDcmVkZW50aWFsXCJdO1xuXG5leHBvcnQgdHlwZSBPcmdJbmZvID0gc2NoZW1hc1tcIk9yZ0luZm9cIl07XG5leHBvcnQgdHlwZSBVc2VySWRJbmZvID0gc2NoZW1hc1tcIlVzZXJJZEluZm9cIl07XG5leHBvcnQgdHlwZSBVcGRhdGVPcmdSZXF1ZXN0ID0gc2NoZW1hc1tcIlVwZGF0ZU9yZ1JlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBVcGRhdGVPcmdSZXNwb25zZSA9IHNjaGVtYXNbXCJVcGRhdGVPcmdSZXNwb25zZVwiXTtcblxuZXhwb3J0IHR5cGUgT2lkY0lkZW50aXR5ID0gc2NoZW1hc1tcIk9JRENJZGVudGl0eVwiXTtcbmV4cG9ydCB0eXBlIE1lbWJlclJvbGUgPSBzY2hlbWFzW1wiTWVtYmVyUm9sZVwiXTtcblxuZXhwb3J0IHR5cGUgU2NoZW1hS2V5VHlwZSA9IHNjaGVtYXNbXCJLZXlUeXBlXCJdO1xuXG5leHBvcnQgdHlwZSBMaXN0S2V5c1Jlc3BvbnNlID0gc2NoZW1hc1tcIlBhZ2luYXRlZExpc3RLZXlzUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBVcGRhdGVLZXlSZXF1ZXN0ID0gc2NoZW1hc1tcIlVwZGF0ZUtleVJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBLZXlJbmZvQXBpID0gc2NoZW1hc1tcIktleUluZm9cIl07XG5leHBvcnQgdHlwZSBLZXlJblJvbGVJbmZvID0gc2NoZW1hc1tcIktleUluUm9sZUluZm9cIl07XG5leHBvcnQgdHlwZSBVc2VySW5Sb2xlSW5mbyA9IHNjaGVtYXNbXCJVc2VySW5Sb2xlSW5mb1wiXTtcbmV4cG9ydCB0eXBlIEtleVR5cGVBcGkgPSBzY2hlbWFzW1wiS2V5VHlwZVwiXTtcblxuZXhwb3J0IHR5cGUgTGlzdEtleVJvbGVzUmVzcG9uc2UgPSBzY2hlbWFzW1wiUGFnaW5hdGVkTGlzdEtleVJvbGVzUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBMaXN0Um9sZXNSZXNwb25zZSA9IHNjaGVtYXNbXCJQYWdpbmF0ZWRMaXN0Um9sZXNSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIExpc3RSb2xlS2V5c1Jlc3BvbnNlID0gc2NoZW1hc1tcIlBhZ2luYXRlZExpc3RSb2xlS2V5c1Jlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgTGlzdFJvbGVVc2Vyc1Jlc3BvbnNlID0gc2NoZW1hc1tcIlBhZ2luYXRlZExpc3RSb2xlVXNlcnNSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIFVwZGF0ZVJvbGVSZXF1ZXN0ID0gc2NoZW1hc1tcIlVwZGF0ZVJvbGVSZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgS2V5V2l0aFBvbGljaWVzSW5mbyA9IHNjaGVtYXNbXCJLZXlJblJvbGVJbmZvXCJdO1xuZXhwb3J0IHR5cGUgUm9sZUluZm8gPSBzY2hlbWFzW1wiUm9sZUluZm9cIl07XG5cbmV4cG9ydCB0eXBlIFNlc3Npb25JbmZvID0gc2NoZW1hc1tcIlNlc3Npb25JbmZvXCJdO1xuZXhwb3J0IHR5cGUgQ2xpZW50U2Vzc2lvbkluZm8gPSBzY2hlbWFzW1wiQ2xpZW50U2Vzc2lvbkluZm9cIl07XG5leHBvcnQgdHlwZSBOZXdTZXNzaW9uUmVzcG9uc2UgPSBzY2hlbWFzW1wiTmV3U2Vzc2lvblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgU2Vzc2lvbnNSZXNwb25zZSA9IHNjaGVtYXNbXCJQYWdpbmF0ZWRTZXNzaW9uc1Jlc3BvbnNlXCJdO1xuXG5leHBvcnQgdHlwZSBDcmVhdGVTaWduZXJTZXNzaW9uUmVxdWVzdCA9IHNjaGVtYXNbXCJDcmVhdGVUb2tlblJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBSZWZyZXNoU2lnbmVyU2Vzc2lvblJlcXVlc3QgPSBzY2hlbWFzW1wiQXV0aERhdGFcIl07XG5cbmV4cG9ydCB0eXBlIEV2bVNpZ25SZXF1ZXN0ID0gc2NoZW1hc1tcIkV0aDFTaWduUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIEV2bVNpZ25SZXNwb25zZSA9IHNjaGVtYXNbXCJFdGgxU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgRWlwMTkxU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiRWlwMTkxU2lnblJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBFaXA3MTJTaWduUmVxdWVzdCA9IHNjaGVtYXNbXCJFaXA3MTJTaWduUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIEVpcDE5MU9yNzEyU2lnblJlc3BvbnNlID0gc2NoZW1hc1tcIkVpcDE5MU9yNzEyU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgRXRoMlNpZ25SZXF1ZXN0ID0gc2NoZW1hc1tcIkV0aDJTaWduUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIEV0aDJTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiRXRoMlNpZ25SZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIEV0aDJTdGFrZVJlcXVlc3QgPSBzY2hlbWFzW1wiU3Rha2VSZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRXRoMlN0YWtlUmVzcG9uc2UgPSBzY2hlbWFzW1wiU3Rha2VSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIEV0aDJVbnN0YWtlUmVxdWVzdCA9IHNjaGVtYXNbXCJVbnN0YWtlUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIEV0aDJVbnN0YWtlUmVzcG9uc2UgPSBzY2hlbWFzW1wiVW5zdGFrZVJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgQmxvYlNpZ25SZXF1ZXN0ID0gc2NoZW1hc1tcIkJsb2JTaWduUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIEJsb2JTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiQmxvYlNpZ25SZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIEJ0Y1NpZ25SZXF1ZXN0ID0gc2NoZW1hc1tcIkJ0Y1NpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgQnRjU2lnblJlc3BvbnNlID0gc2NoZW1hc1tcIkJ0Y1NpZ25SZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIFNvbGFuYVNpZ25SZXF1ZXN0ID0gc2NoZW1hc1tcIlNvbGFuYVNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgU29sYW5hU2lnblJlc3BvbnNlID0gc2NoZW1hc1tcIlNvbGFuYVNpZ25SZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIEF2YVNpZ25SZXF1ZXN0ID0gc2NoZW1hc1tcIkF2YVNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgQXZhU2lnblJlc3BvbnNlID0gc2NoZW1hc1tcIkF2YVNpZ25SZXNwb25zZVwiXTtcblxuZXhwb3J0IHR5cGUgQWNjZXB0ZWRSZXNwb25zZSA9IHNjaGVtYXNbXCJBY2NlcHRlZFJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgRXJyb3JSZXNwb25zZSA9IHNjaGVtYXNbXCJFcnJvclJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgQnRjU2lnbmF0dXJlS2luZCA9IHNjaGVtYXNbXCJCdGNTaWduYXR1cmVLaW5kXCJdO1xuZXhwb3J0IHR5cGUgQ3NFcnJDb2RlID0gc2NoZW1hc1tcIlNpZ25lckVycm9yQ29kZVwiXTtcblxuZXhwb3J0IHR5cGUgTWZhVHlwZSA9IHNjaGVtYXNbXCJNZmFUeXBlXCJdO1xuZXhwb3J0IHR5cGUgTWZhVm90ZSA9IHNjaGVtYXNbXCJNZmFWb3RlXCJdO1xuZXhwb3J0IHR5cGUgTWZhUmVxdWVzdEluZm8gPSBzY2hlbWFzW1wiTWZhUmVxdWVzdEluZm9cIl07XG5cbmV4cG9ydCB0eXBlIFVzZXJFeHBvcnRJbml0UmVxdWVzdCA9IHNjaGVtYXNbXCJVc2VyRXhwb3J0SW5pdFJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBVc2VyRXhwb3J0SW5pdFJlc3BvbnNlID0gc2NoZW1hc1tcIlVzZXJFeHBvcnRJbml0UmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBVc2VyRXhwb3J0Q29tcGxldGVSZXF1ZXN0ID0gc2NoZW1hc1tcIlVzZXJFeHBvcnRDb21wbGV0ZVJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBVc2VyRXhwb3J0Q29tcGxldGVSZXNwb25zZSA9IHNjaGVtYXNbXCJVc2VyRXhwb3J0Q29tcGxldGVSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIFVzZXJFeHBvcnRMaXN0UmVzcG9uc2UgPSBzY2hlbWFzW1wiUGFnaW5hdGVkVXNlckV4cG9ydExpc3RSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIFVzZXJFeHBvcnRLZXlNYXRlcmlhbCA9IHNjaGVtYXNbXCJKc29uS2V5UGFja2FnZVwiXTtcblxuZXhwb3J0IHR5cGUgRW1wdHkgPSBzY2hlbWFzW1wiRW1wdHlJbXBsXCJdO1xuXG4vKiogT3B0aW9ucyBmb3IgYSBuZXcgT0lEQyB1c2VyICovXG5leHBvcnQgaW50ZXJmYWNlIENyZWF0ZU9pZGNVc2VyT3B0aW9ucyB7XG4gIC8qKiBUaGUgcm9sZSBvZiBhbiBPSURDIHVzZXIsIGRlZmF1bHQgaXMgXCJBbGllblwiICovXG4gIG1lbWJlclJvbGU/OiBNZW1iZXJSb2xlO1xuICAvKiogT3B0aW9uYWwgTUZBIHBvbGljeSB0byBhc3NvY2lhdGUgd2l0aCB0aGUgdXNlciBhY2NvdW50ICovXG4gIG1mYVBvbGljeT86IE1mYVBvbGljeTtcbn1cblxuLyoqIEF2YSBQLSBvciBYLWNoYWluIHRyYW5zYWN0aW9uICovXG5leHBvcnQgdHlwZSBBdmFUeCA9IHsgUDogQXZhUENoYWluVHggfSB8IHsgWDogQXZhWENoYWluVHggfTtcblxuLyoqIEF2YSBQLWNoYWluIHRyYW5zYWN0aW9uICovXG5leHBvcnQgdHlwZSBBdmFQQ2hhaW5UeCA9XG4gIHwgeyBBZGRQZXJtaXNzaW9ubGVzc1ZhbGlkYXRvcjogSnNvbk1hcCB9XG4gIHwgeyBBZGRTdWJuZXRWYWxpZGF0b3I6IEpzb25NYXAgfVxuICB8IHsgQWRkVmFsaWRhdG9yOiBKc29uTWFwIH1cbiAgfCB7IENyZWF0ZUNoYWluOiBKc29uTWFwIH1cbiAgfCB7IENyZWF0ZVN1Ym5ldDogSnNvbk1hcCB9XG4gIHwgeyBFeHBvcnQ6IEpzb25NYXAgfVxuICB8IHsgSW1wb3J0OiBKc29uTWFwIH07XG5cbi8qKiBBdmEgWC1jaGFpbiB0cmFuc2FjdGlvbiAqL1xuZXhwb3J0IHR5cGUgQXZhWENoYWluVHggPSB7IEJhc2U6IEpzb25NYXAgfSB8IHsgRXhwb3J0OiBKc29uTWFwIH0gfCB7IEltcG9ydDogSnNvbk1hcCB9O1xuIl19
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2NoZW1hX3R5cGVzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3NjaGVtYV90eXBlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgTWZhUG9saWN5IH0gZnJvbSBcIi4vcm9sZVwiO1xuaW1wb3J0IHsgY29tcG9uZW50cyB9IGZyb20gXCIuL3NjaGVtYVwiO1xuaW1wb3J0IHsgSnNvbk1hcCB9IGZyb20gXCIuL3V0aWxcIjtcblxudHlwZSBzY2hlbWFzID0gY29tcG9uZW50c1tcInNjaGVtYXNcIl07XG5cbmV4cG9ydCB0eXBlIFVzZXJJbmZvID0gc2NoZW1hc1tcIlVzZXJJbmZvXCJdO1xuZXhwb3J0IHR5cGUgVXNlckluT3JnTWVtYmVyc2hpcCA9IHNjaGVtYXNbXCJVc2VySW5PcmdNZW1iZXJzaGlwXCJdO1xuZXhwb3J0IHR5cGUgQ29uZmlndXJlZE1mYSA9IHNjaGVtYXNbXCJDb25maWd1cmVkTWZhXCJdO1xuZXhwb3J0IHR5cGUgUmF0Y2hldENvbmZpZyA9IHNjaGVtYXNbXCJSYXRjaGV0Q29uZmlnXCJdO1xuZXhwb3J0IHR5cGUgSWRlbnRpdHlQcm9vZiA9IHNjaGVtYXNbXCJJZGVudGl0eVByb29mXCJdO1xuZXhwb3J0IHR5cGUgVG90cEluZm8gPSBzY2hlbWFzW1wiVG90cEluZm9cIl07XG5cbmV4cG9ydCB0eXBlIE9pZGNBdXRoUmVzcG9uc2UgPSBzY2hlbWFzW1wiTmV3U2Vzc2lvblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgQXBpQWRkRmlkb0NoYWxsZW5nZSA9IHNjaGVtYXNbXCJGaWRvQ3JlYXRlQ2hhbGxlbmdlUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBBcGlNZmFGaWRvQ2hhbGxlbmdlID0gc2NoZW1hc1tcIkZpZG9Bc3NlcnRDaGFsbGVuZ2VcIl07XG5cbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxDcmVhdGlvbk9wdGlvbnMgPSBzY2hlbWFzW1wiUHVibGljS2V5Q3JlZGVudGlhbENyZWF0aW9uT3B0aW9uc1wiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxSZXF1ZXN0T3B0aW9ucyA9IHNjaGVtYXNbXCJQdWJsaWNLZXlDcmVkZW50aWFsUmVxdWVzdE9wdGlvbnNcIl07XG5leHBvcnQgdHlwZSBQdWJsaWNLZXlDcmVkZW50aWFsUGFyYW1ldGVycyA9IHNjaGVtYXNbXCJQdWJsaWNLZXlDcmVkZW50aWFsUGFyYW1ldGVyc1wiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxEZXNjcmlwdG9yID0gc2NoZW1hc1tcIlB1YmxpY0tleUNyZWRlbnRpYWxEZXNjcmlwdG9yXCJdO1xuZXhwb3J0IHR5cGUgQXV0aGVudGljYXRvclNlbGVjdGlvbkNyaXRlcmlhID0gc2NoZW1hc1tcIkF1dGhlbnRpY2F0b3JTZWxlY3Rpb25Dcml0ZXJpYVwiXTtcbmV4cG9ydCB0eXBlIFB1YmxpY0tleUNyZWRlbnRpYWxVc2VyRW50aXR5ID0gc2NoZW1hc1tcIlB1YmxpY0tleUNyZWRlbnRpYWxVc2VyRW50aXR5XCJdO1xuZXhwb3J0IHR5cGUgUHVibGljS2V5Q3JlZGVudGlhbCA9IHNjaGVtYXNbXCJQdWJsaWNLZXlDcmVkZW50aWFsXCJdO1xuXG5leHBvcnQgdHlwZSBPcmdJbmZvID0gc2NoZW1hc1tcIk9yZ0luZm9cIl07XG5leHBvcnQgdHlwZSBVc2VySW5PcmdJbmZvID0gc2NoZW1hc1tcIlVzZXJJbk9yZ0luZm9cIl07XG5leHBvcnQgdHlwZSBVcGRhdGVPcmdSZXF1ZXN0ID0gc2NoZW1hc1tcIlVwZGF0ZU9yZ1JlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBVcGRhdGVPcmdSZXNwb25zZSA9IHNjaGVtYXNbXCJVcGRhdGVPcmdSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIE5vdGlmaWNhdGlvbkVuZHBvaW50Q29uZmlndXJhdGlvbiA9IHNjaGVtYXNbXCJOb3RpZmljYXRpb25FbmRwb2ludENvbmZpZ3VyYXRpb25cIl07XG5leHBvcnQgdHlwZSBPcmdFdmVudHMgPSBzY2hlbWFzW1wiT3JnRXZlbnREaXNjcmltaW5hbnRzXCJdO1xuXG5leHBvcnQgdHlwZSBPaWRjSWRlbnRpdHkgPSBzY2hlbWFzW1wiT0lEQ0lkZW50aXR5XCJdO1xuZXhwb3J0IHR5cGUgTWVtYmVyUm9sZSA9IHNjaGVtYXNbXCJNZW1iZXJSb2xlXCJdO1xuXG5leHBvcnQgdHlwZSBTY2hlbWFLZXlUeXBlID0gc2NoZW1hc1tcIktleVR5cGVcIl07XG5cbmV4cG9ydCB0eXBlIExpc3RLZXlzUmVzcG9uc2UgPSBzY2hlbWFzW1wiUGFnaW5hdGVkTGlzdEtleXNSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIFVwZGF0ZUtleVJlcXVlc3QgPSBzY2hlbWFzW1wiVXBkYXRlS2V5UmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIFVwZGF0ZUtleVByb3BlcnRpZXMgPSBzY2hlbWFzW1wiVXBkYXRlS2V5UHJvcGVydGllc1wiXTtcbmV4cG9ydCB0eXBlIENyZWF0ZUtleVJlcXVlc3QgPSBzY2hlbWFzW1wiQ3JlYXRlS2V5UmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIEtleUluZm9BcGkgPSBzY2hlbWFzW1wiS2V5SW5mb1wiXTtcbmV4cG9ydCB0eXBlIEtleUluUm9sZUluZm8gPSBzY2hlbWFzW1wiS2V5SW5Sb2xlSW5mb1wiXTtcbmV4cG9ydCB0eXBlIFVzZXJJblJvbGVJbmZvID0gc2NoZW1hc1tcIlVzZXJJblJvbGVJbmZvXCJdO1xuZXhwb3J0IHR5cGUgS2V5VHlwZUFwaSA9IHNjaGVtYXNbXCJLZXlUeXBlXCJdO1xuXG5leHBvcnQgdHlwZSBMaXN0S2V5Um9sZXNSZXNwb25zZSA9IHNjaGVtYXNbXCJQYWdpbmF0ZWRMaXN0S2V5Um9sZXNSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIExpc3RSb2xlc1Jlc3BvbnNlID0gc2NoZW1hc1tcIlBhZ2luYXRlZExpc3RSb2xlc1Jlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgTGlzdFJvbGVLZXlzUmVzcG9uc2UgPSBzY2hlbWFzW1wiUGFnaW5hdGVkTGlzdFJvbGVLZXlzUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBMaXN0Um9sZVVzZXJzUmVzcG9uc2UgPSBzY2hlbWFzW1wiUGFnaW5hdGVkTGlzdFJvbGVVc2Vyc1Jlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgVXBkYXRlUm9sZVJlcXVlc3QgPSBzY2hlbWFzW1wiVXBkYXRlUm9sZVJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBLZXlXaXRoUG9saWNpZXNJbmZvID0gc2NoZW1hc1tcIktleUluUm9sZUluZm9cIl07XG5leHBvcnQgdHlwZSBSb2xlSW5mbyA9IHNjaGVtYXNbXCJSb2xlSW5mb1wiXTtcblxuZXhwb3J0IHR5cGUgU2Vzc2lvbkluZm8gPSBzY2hlbWFzW1wiU2Vzc2lvbkluZm9cIl07XG5leHBvcnQgdHlwZSBDbGllbnRTZXNzaW9uSW5mbyA9IHNjaGVtYXNbXCJDbGllbnRTZXNzaW9uSW5mb1wiXTtcbmV4cG9ydCB0eXBlIE5ld1Nlc3Npb25SZXNwb25zZSA9IHNjaGVtYXNbXCJOZXdTZXNzaW9uUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBTZXNzaW9uc1Jlc3BvbnNlID0gc2NoZW1hc1tcIlBhZ2luYXRlZFNlc3Npb25zUmVzcG9uc2VcIl07XG5cbmV4cG9ydCB0eXBlIENyZWF0ZVNpZ25lclNlc3Npb25SZXF1ZXN0ID0gc2NoZW1hc1tcIkNyZWF0ZVRva2VuUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIFJlZnJlc2hTaWduZXJTZXNzaW9uUmVxdWVzdCA9IHNjaGVtYXNbXCJBdXRoRGF0YVwiXTtcblxuZXhwb3J0IHR5cGUgRXZtU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiRXRoMVNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRXZtU2lnblJlc3BvbnNlID0gc2NoZW1hc1tcIkV0aDFTaWduUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBFaXAxOTFTaWduUmVxdWVzdCA9IHNjaGVtYXNbXCJFaXAxOTFTaWduUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIEVpcDcxMlNpZ25SZXF1ZXN0ID0gc2NoZW1hc1tcIkVpcDcxMlNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRWlwMTkxT3I3MTJTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiRWlwMTkxT3I3MTJTaWduUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBFdGgyU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiRXRoMlNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRXRoMlNpZ25SZXNwb25zZSA9IHNjaGVtYXNbXCJFdGgyU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgRXRoMlN0YWtlUmVxdWVzdCA9IHNjaGVtYXNbXCJTdGFrZVJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBFdGgyU3Rha2VSZXNwb25zZSA9IHNjaGVtYXNbXCJTdGFrZVJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgRXRoMlVuc3Rha2VSZXF1ZXN0ID0gc2NoZW1hc1tcIlVuc3Rha2VSZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgRXRoMlVuc3Rha2VSZXNwb25zZSA9IHNjaGVtYXNbXCJVbnN0YWtlUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBCbG9iU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiQmxvYlNpZ25SZXF1ZXN0XCJdO1xuZXhwb3J0IHR5cGUgQmxvYlNpZ25SZXNwb25zZSA9IHNjaGVtYXNbXCJCbG9iU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgQnRjU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiQnRjU2lnblJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBCdGNTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiQnRjU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgU29sYW5hU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiU29sYW5hU2lnblJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBTb2xhbmFTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiU29sYW5hU2lnblJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgQXZhU2lnblJlcXVlc3QgPSBzY2hlbWFzW1wiQXZhU2lnblJlcXVlc3RcIl07XG5leHBvcnQgdHlwZSBBdmFTaWduUmVzcG9uc2UgPSBzY2hlbWFzW1wiQXZhU2lnblJlc3BvbnNlXCJdO1xuXG5leHBvcnQgdHlwZSBBY2NlcHRlZFJlc3BvbnNlID0gc2NoZW1hc1tcIkFjY2VwdGVkUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBFcnJvclJlc3BvbnNlID0gc2NoZW1hc1tcIkVycm9yUmVzcG9uc2VcIl07XG5leHBvcnQgdHlwZSBCdGNTaWduYXR1cmVLaW5kID0gc2NoZW1hc1tcIkJ0Y1NpZ25hdHVyZUtpbmRcIl07XG5leHBvcnQgdHlwZSBDc0VyckNvZGUgPSBzY2hlbWFzW1wiU2lnbmVyRXJyb3JDb2RlXCJdO1xuXG5leHBvcnQgdHlwZSBNZmFUeXBlID0gc2NoZW1hc1tcIk1mYVR5cGVcIl07XG5leHBvcnQgdHlwZSBNZmFWb3RlID0gc2NoZW1hc1tcIk1mYVZvdGVcIl07XG5leHBvcnQgdHlwZSBNZmFSZXF1ZXN0SW5mbyA9IHNjaGVtYXNbXCJNZmFSZXF1ZXN0SW5mb1wiXTtcblxuZXhwb3J0IHR5cGUgVXNlckV4cG9ydEluaXRSZXF1ZXN0ID0gc2NoZW1hc1tcIlVzZXJFeHBvcnRJbml0UmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIFVzZXJFeHBvcnRJbml0UmVzcG9uc2UgPSBzY2hlbWFzW1wiVXNlckV4cG9ydEluaXRSZXNwb25zZVwiXTtcbmV4cG9ydCB0eXBlIFVzZXJFeHBvcnRDb21wbGV0ZVJlcXVlc3QgPSBzY2hlbWFzW1wiVXNlckV4cG9ydENvbXBsZXRlUmVxdWVzdFwiXTtcbmV4cG9ydCB0eXBlIFVzZXJFeHBvcnRDb21wbGV0ZVJlc3BvbnNlID0gc2NoZW1hc1tcIlVzZXJFeHBvcnRDb21wbGV0ZVJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgVXNlckV4cG9ydExpc3RSZXNwb25zZSA9IHNjaGVtYXNbXCJQYWdpbmF0ZWRVc2VyRXhwb3J0TGlzdFJlc3BvbnNlXCJdO1xuZXhwb3J0IHR5cGUgVXNlckV4cG9ydEtleU1hdGVyaWFsID0gc2NoZW1hc1tcIkpzb25LZXlQYWNrYWdlXCJdO1xuXG5leHBvcnQgdHlwZSBFbXB0eSA9IHNjaGVtYXNbXCJFbXB0eUltcGxcIl07XG5cbi8qKiBPcHRpb25zIGZvciBhIG5ldyBPSURDIHVzZXIgKi9cbmV4cG9ydCBpbnRlcmZhY2UgQ3JlYXRlT2lkY1VzZXJPcHRpb25zIHtcbiAgLyoqIFRoZSByb2xlIG9mIGFuIE9JREMgdXNlciwgZGVmYXVsdCBpcyBcIkFsaWVuXCIgKi9cbiAgbWVtYmVyUm9sZT86IE1lbWJlclJvbGU7XG4gIC8qKiBPcHRpb25hbCBNRkEgcG9saWN5IHRvIGFzc29jaWF0ZSB3aXRoIHRoZSB1c2VyIGFjY291bnQgKi9cbiAgbWZhUG9saWN5PzogTWZhUG9saWN5O1xufVxuXG4vKiogQXZhIFAtIG9yIFgtY2hhaW4gdHJhbnNhY3Rpb24gKi9cbmV4cG9ydCB0eXBlIEF2YVR4ID0geyBQOiBBdmFQQ2hhaW5UeCB9IHwgeyBYOiBBdmFYQ2hhaW5UeCB9O1xuXG4vKiogQXZhIFAtY2hhaW4gdHJhbnNhY3Rpb24gKi9cbmV4cG9ydCB0eXBlIEF2YVBDaGFpblR4ID1cbiAgfCB7IEFkZFBlcm1pc3Npb25sZXNzVmFsaWRhdG9yOiBKc29uTWFwIH1cbiAgfCB7IEFkZFN1Ym5ldFZhbGlkYXRvcjogSnNvbk1hcCB9XG4gIHwgeyBBZGRWYWxpZGF0b3I6IEpzb25NYXAgfVxuICB8IHsgQ3JlYXRlQ2hhaW46IEpzb25NYXAgfVxuICB8IHsgQ3JlYXRlU3VibmV0OiBKc29uTWFwIH1cbiAgfCB7IEV4cG9ydDogSnNvbk1hcCB9XG4gIHwgeyBJbXBvcnQ6IEpzb25NYXAgfTtcblxuLyoqIEF2YSBYLWNoYWluIHRyYW5zYWN0aW9uICovXG5leHBvcnQgdHlwZSBBdmFYQ2hhaW5UeCA9IHsgQmFzZTogSnNvbk1hcCB9IHwgeyBFeHBvcnQ6IEpzb25NYXAgfSB8IHsgSW1wb3J0OiBKc29uTWFwIH07XG4iXX0=

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cubist-labs/cubesigner-sdk",
-  "version": "0.3.13",
+  "version": "0.3.23",
   "description": "CubeSigner TypeScript SDK",
   "license": "MIT OR Apache-2.0",
   "author": "Cubist, Inc.",
@@ -30,7 +30,7 @@
     "openapi-fetch": "0.6.1"
   },
   "optionalDependencies": {
-    "@hpke/core": "^1.2.5"
+    "@hpke/core": "^1.2.7"
   },
   "engines": {
     "node": ">=18.0.0"

package/src/api.ts

@@ -29,7 +29,7 @@ import {
   UpdateOrgRequest,
   UpdateOrgResponse,
   UpdateRoleRequest,
-  UserIdInfo,
+  UserInOrgInfo,
   UserInRoleInfo,
   UserInfo,
   SessionInfo,
@@ -64,7 +64,7 @@ import {
   Empty,
   ErrorResponse,
 } from "./schema_types";
-import { encodeToBase64 } from "./util";
+import { delay, encodeToBase64 } from "./util";
 import { AddFidoChallenge, MfaFidoChallenge, MfaReceipt, TotpChallenge } from "./mfa";
 import { CubeSignerResponse, mapResponse } from "./response";
 import { ErrResponse } from "./error";
@@ -74,7 +74,7 @@ import { KeyPolicy } from "./role";
 import { EnvInterface } from "./env";
 import { loadSubtleCrypto } from "./user_export";
 import { EventEmitter } from "./events";
-import { NAME, VERSION } from "./index";
+import { NAME, UpdateKeyProperties, VERSION } from "./index";
 
 /** @internal */
 export type Client = ReturnType<typeof createClient<paths>>;
@@ -117,6 +117,24 @@ export type FetchClient<Op extends keyof operations> = ReturnType<typeof createC
  */
 export type FetchResponseSuccessData<T> = Required<FetchResponse<T>>["data"];
 
+/**
+ * Internal type for a function that returns a promise of a fetch response.
+ */
+type ReqFn<T> = () => Promise<FetchResponse<T>>;
+
+/**
+ * Retry settings.
+ *
+ * By default, {@link OpClient} retries on 5xx codes with delays of
+ * 100ms, 200ms, and 400ms between retries.
+ */
+export interface RetrySettings {
+  /** HTTP status codes on which to retry */
+  codes: number[];
+  /** Delays in milliseconds between retries */
+  delaysMs: number[];
+}
+
 /**
  * Wrapper around an open-fetch client restricted to a single operation.
  * The restriction applies only when type checking, the actual
@@ -127,16 +145,28 @@ export class OpClient<Op extends keyof operations> {
   readonly #op: Op;
   readonly #client: FetchClient<Op>;
   readonly #eventEmitter: EventEmitter;
+  readonly #retry: RetrySettings;
 
   /**
    * @param {Op} op The operation this client should be restricted to
    * @param {FetchClient<Op> | Client} client open-fetch client (either restricted to {@link Op} or not)
    * @param {EventEmitter} eventEmitter The client-local event dispatcher.
-   */
-  constructor(op: Op, client: FetchClient<Op> | Client, eventEmitter: EventEmitter) {
+   * @param {number[]} retrySettings Retry settings. By default, retries 3 times, sleeping 100ms
+   *  after the first failed attempt, 200ms after the second, and finally 400ms after the third,
+   */
+  constructor(
+    op: Op,
+    client: FetchClient<Op> | Client,
+    eventEmitter: EventEmitter,
+    retrySettings?: RetrySettings,
+  ) {
     this.#op = op;
     this.#client = client as FetchClient<Op>; // either works
     this.#eventEmitter = eventEmitter;
+    this.#retry = retrySettings ?? {
+      codes: [...Array(100).keys()].map((i) => 500 + i),
+      delaysMs: [100, 200, 400],
+    };
   }
 
   /** The operation this client is restricted to */
@@ -156,6 +186,7 @@ export class OpClient<Op extends keyof operations> {
       const errResp = resp.error as unknown as ErrorResponse | undefined;
       const error = new ErrResponse({
         operation: this.op,
+        requestId: errResp?.request_id,
         message: errResp?.message,
         statusText: resp.response?.statusText,
         status: resp.response?.status,
@@ -171,6 +202,49 @@ export class OpClient<Op extends keyof operations> {
     return resp.data;
   }
 
+  /**
+   * @param {number[]} delaysMs Delays in milliseconds between retries.
+   * @return {OpClient<Op>} Returns the same client as this except with different retry delays.
+   */
+  withRetries(delaysMs: number[]): OpClient<Op> {
+    return this.withRetrySettings({
+      codes: this.#retry.codes,
+      delaysMs,
+    });
+  }
+
+  /**
+   * @param {RetrySettings} retrySettings New retry settings
+   * @return {OpClient<Op>} Returns the same client as this except with different retry settings.
+   */
+  withRetrySettings(retrySettings: RetrySettings): OpClient<Op> {
+    return new OpClient(this.op, this.#client, this.#eventEmitter, retrySettings);
+  }
+
+  // not private only so that the test can call it
+  /**
+   * Internal.
+   *
+   * Executes a given request, potentially retrying on 5xx errors. The
+   * retry configuration can be set via the constructor.
+   * On all other errors, throws {@link ErrResponse} (as well as after exhausting all retries).
+   * On success, returns the response body.
+   *
+   * @param {ReqFn<T>} req The request to execute and then retry on 5xx errors
+   * @return {Promise<FetchResponseSuccessData<T>>}
+   * @internal
+   */
+  async execute<T>(req: ReqFn<T>): Promise<FetchResponseSuccessData<T>> {
+    let resp = await req();
+    let i = 0;
+    while (this.#retry.codes.includes(resp.response?.status) && i < this.#retry.delaysMs.length) {
+      await delay(this.#retry.delaysMs[i]);
+      resp = await req();
+      i++;
+    }
+    return await this.assertOk(resp);
+  }
+
   /* eslint-disable valid-jsdoc */
 
   /**
@@ -180,8 +254,7 @@ export class OpClient<Op extends keyof operations> {
     url: PathsWith<Paths<Op>, "get">,
     init: FetchOptions<FilterKeys<Paths<Op>[PathsWith<Paths<Op>, "get">], "get">>,
   ) {
-    const resp = await this.#client.get(url, init);
-    return await this.assertOk(resp);
+    return await this.execute(() => this.#client.get(url, init));
   }
 
   /** Invoke HTTP POST */
@@ -189,8 +262,7 @@ export class OpClient<Op extends keyof operations> {
     url: PathsWith<Paths<Op>, "post">,
     init: FetchOptions<FilterKeys<Paths<Op>[PathsWith<Paths<Op>, "post">], "post">>,
   ) {
-    const resp = await this.#client.post(url, init);
-    return await this.assertOk(resp);
+    return await this.execute(() => this.#client.post(url, init));
   }
 
   /** Invoke HTTP PATCH */
@@ -198,8 +270,7 @@ export class OpClient<Op extends keyof operations> {
     url: PathsWith<Paths<Op>, "patch">,
     init: FetchOptions<FilterKeys<Paths<Op>[PathsWith<Paths<Op>, "patch">], "patch">>,
   ) {
-    const resp = await this.#client.patch(url, init);
-    return await this.assertOk(resp);
+    return await this.execute(() => this.#client.patch(url, init));
   }
 
   /** Invoke HTTP DELETE */
@@ -207,8 +278,7 @@ export class OpClient<Op extends keyof operations> {
     url: PathsWith<Paths<Op>, "delete">,
     init: FetchOptions<FilterKeys<Paths<Op>[PathsWith<Paths<Op>, "delete">], "delete">>,
   ) {
-    const resp = await this.#client.del(url, init);
-    return await this.assertOk(resp);
+    return await this.execute(() => this.#client.del(url, init));
   }
 
   /** Invoke HTTP PUT */
@@ -216,8 +286,7 @@ export class OpClient<Op extends keyof operations> {
     url: PathsWith<Paths<Op>, "put">,
     init: FetchOptions<FilterKeys<Paths<Op>[PathsWith<Paths<Op>, "put">], "put">>,
   ) {
-    const resp = await this.#client.put(url, init);
-    return await this.assertOk(resp);
+    return await this.execute(() => this.#client.put(url, init));
   }
 
   /* eslint-enable valid-jsdoc */
@@ -250,6 +319,7 @@ export class CubeSignerApi {
   readonly #orgId: string;
   readonly #sessionMgr: SignerSessionManager;
   readonly #eventEmitter: EventEmitter;
+  readonly #retrySettings?: RetrySettings;
 
   /** Underlying session manager */
   get sessionMgr(): SignerSessionManager {
@@ -265,11 +335,14 @@ export class CubeSignerApi {
    * Constructor.
    * @param {SignerSessionManager} sessionMgr The session manager to use
    * @param {string?} orgId Optional organization ID; if omitted, uses the org ID from the session manager.
+   * @param {RetrySettings} retrySettings Retry settings. By default, retries 3 times, sleeping 100ms
+   *   after the first failed attempt, 200ms after the second, and finally 400ms after the third,
    */
-  constructor(sessionMgr: SignerSessionManager, orgId?: string) {
+  constructor(sessionMgr: SignerSessionManager, orgId?: string, retrySettings?: RetrySettings) {
     this.#sessionMgr = sessionMgr;
     this.#eventEmitter = new EventEmitter([sessionMgr.events]);
     this.#orgId = orgId ?? sessionMgr.orgId;
+    this.#retrySettings = retrySettings;
   }
 
   /**
@@ -296,7 +369,7 @@ export class CubeSignerApi {
    */
   private async client<Op extends keyof operations>(op: Op): Promise<OpClient<Op>> {
     const fetchClient = await this.#sessionMgr.client(op);
-    return new OpClient(op, fetchClient, this.#eventEmitter);
+    return new OpClient(op, fetchClient, this.#eventEmitter, this.#retrySettings);
   }
 
   // #region USERS: userGet, userTotp(ResetInit|ResetComplete|Verify|Delete), userFido(RegisterInit|RegisterComplete|Delete)
@@ -520,7 +593,7 @@ export class CubeSignerApi {
    * List users.
    * @return {User[]} Org users.
    */
-  async orgUsersList(): Promise<UserIdInfo[]> {
+  async orgUsersList(): Promise<UserInOrgInfo[]> {
     const client = await this.client("listUsersInOrg");
     const resp = await client.get("/v0/org/{org_id}/users", {
       params: { path: { org_id: this.orgId } },
@@ -639,9 +712,15 @@ export class CubeSignerApi {
    * @param {KeyType} keyType The type of key to create.
    * @param {number} count The number of keys to create.
    * @param {string?} ownerId The owner of the keys. Defaults to the session's user.
+   * @param {UpdateKeyProperties?} props Additional key properties
    * @return {KeyInfoApi[]} The new keys.
    */
-  async keysCreate(keyType: KeyType, count: number, ownerId?: string): Promise<KeyInfoApi[]> {
+  async keysCreate(
+    keyType: KeyType,
+    count: number,
+    ownerId?: string,
+    props?: UpdateKeyProperties,
+  ): Promise<KeyInfoApi[]> {
     const chain_id = 0; // not used anymore
     const client = await this.client("createKey");
     const data = await client.post("/v0/org/{org_id}/keys", {
@@ -650,7 +729,8 @@ export class CubeSignerApi {
         count,
         chain_id,
         key_type: keyType,
-        owner: ownerId || null,
+        ...props,
+        owner: props?.owner ?? ownerId,
       },
     });
     return data.keys;
@@ -1593,16 +1673,20 @@ export class OidcClient {
   readonly #env: EnvInterface;
   readonly #orgId: string;
   readonly #client: Client;
+  readonly #retrySettings?: RetrySettings;
 
   /**
    * @param {EnvInterface} env CubeSigner deployment
    * @param {string} orgId Target organization ID
    * @param {string} oidcToken User's OIDC token
+   * @param {RetrySettings} retrySettings Retry settings. By default, retries 3 times, sleeping 100ms
+   *  after the first failed attempt, 200ms after the second, and finally 400ms after the third.
    */
-  constructor(env: EnvInterface, orgId: string, oidcToken: string) {
+  constructor(env: EnvInterface, orgId: string, oidcToken: string, retrySettings?: RetrySettings) {
     this.#orgId = orgId;
     this.#env = env;
     this.#client = createHttpClient(env.SignerApiRoot, oidcToken);
+    this.#retrySettings = retrySettings;
   }
 
   /**
@@ -1612,7 +1696,7 @@ export class OidcClient {
    * @return {OpClient<Op>} The client restricted to {@link op}
    */
   private client<Op extends keyof operations>(op: Op): OpClient<Op> {
-    return new OpClient(op, this.#client, new EventEmitter([]));
+    return new OpClient(op, this.#client, new EventEmitter([]), this.#retrySettings);
   }
 
   /**

package/src/client.ts

@@ -1,7 +1,13 @@
 import { SignerSessionManager, SignerSessionStorage } from "./session/signer_session_manager";
 import { CubeSignerApi, OidcClient } from "./api";
 import { KeyType, Key } from "./key";
-import { MfaRequestInfo, OrgInfo, PublicKeyCredential, RatchetConfig } from "./schema_types";
+import {
+  MfaRequestInfo,
+  OrgInfo,
+  PublicKeyCredential,
+  RatchetConfig,
+  UpdateKeyProperties,
+} from "./schema_types";
 import { MfaReceipt } from "./mfa";
 import { PageOpts } from "./paginator";
 import { Role } from "./role";
@@ -68,10 +74,12 @@ export class CubeSignerClient extends CubeSignerApi {
    * Create a new signing key.
    * @param {KeyType} type The type of key to create.
    * @param {string?} ownerId The owner of the key. Defaults to the session's user.
+   * @param {UpdateKeyProperties?} props Additional key properties
    * @return {Key[]} The new keys.
    */
-  async createKey(type: KeyType, ownerId?: string): Promise<Key> {
-    return (await this.createKeys(type, 1, ownerId))[0];
+  async createKey(type: KeyType, ownerId?: string, props?: UpdateKeyProperties): Promise<Key> {
+    const keys = await this.keysCreate(type, 1, ownerId, props);
+    return new Key(this, keys[0]);
   }
 
   /**

package/src/env.ts

@@ -16,6 +16,7 @@ export interface EnvInterface {
   Region: string;
   UserPoolId: string;
   SignerApiRoot: string;
+  OrgEventsTopicArn: string;
 }
 
 export const envs: Record<Environment, EnvInterface> = {

package/src/error.ts

@@ -20,7 +20,12 @@ const mfaErrorCodes: CsErrCode[] = [
 /**
  * Opcodes corresponding to all different MFA approve/reject requests
  */
-const mfaOpCodes: (keyof operations)[] = ["mfaVoteCs", "mfaVoteTotp", "mfaVoteFidoComplete"];
+const mfaOpCodes: (keyof operations)[] = [
+  "mfaVoteCs",
+  "userResetTotpComplete",
+  "mfaVoteTotp",
+  "mfaVoteFidoComplete",
+];
 
 /**
  * Error response type, thrown on non-successful responses.
@@ -36,6 +41,8 @@ export class ErrResponse extends Error {
   readonly url?: string;
   /** CubeSigner error code */
   readonly errorCode?: CsErrCode;
+  /** Request ID */
+  readonly requestId?: string;
 
   /**
    * @param {Partial<ErrResponse>} init Initializer

package/src/evm/index.ts

@@ -0,0 +1,192 @@
+import {
+  CubeSignerResponse,
+  KeyInfo,
+  Eip191SignRequest,
+  Eip712SignRequest,
+  EvmSignRequest,
+  MfaRequestInfo,
+  SignerSession,
+  EvmSignResponse,
+} from "../index";
+
+/** Options for the signer */
+export interface EvmSignerOptions {
+  /**
+   * The function to call when MFA information is retrieved. If this callback
+   * throws, no transaction is broadcast.
+   */
+  onMfaPoll?: (arg0: MfaRequestInfo) => void;
+  /**
+   * The amount of time (in milliseconds) to wait between checks for MFA
+   * updates. Default is 1000ms
+   */
+  mfaPollIntervalMs?: number;
+}
+
+/**
+ * Signer using CubeSigner, with basic MFA handling.
+ * @internal
+ */
+export class EvmSigner {
+  /** The address of the account */
+  readonly #address: string;
+
+  /** The key to use for signing */
+  #key?: KeyInfo;
+
+  /** The underlying session */
+  readonly #signerSession: SignerSession;
+
+  /** Options */
+  readonly #options: EvmSignerOptions;
+
+  /** Returns the key address (NOT checksummed) */
+  get address() {
+    return this.#address;
+  }
+
+  /** Returns the underlying signer session */
+  get signerSession() {
+    return this.#signerSession;
+  }
+
+  /** Options */
+  get options() {
+    return this.#options;
+  }
+
+  /**
+   * Create new Signer instance
+   * @param {KeyInfo | string} address The key or the eth address of the account to use.
+   * @param {SignerSession} signerSession The underlying Signer session.
+   * @param {EvmSignerOptions} options The options to use for the Signer instance
+   */
+  constructor(address: KeyInfo | string, signerSession: SignerSession, options?: EvmSignerOptions) {
+    if (typeof address === "string") {
+      this.#address = address;
+    } else {
+      this.#address = address.materialId;
+      this.#key = address;
+    }
+    this.#signerSession = signerSession;
+    this.#options = <EvmSignerOptions>{
+      onMfaPoll: options?.onMfaPoll,
+      mfaPollIntervalMs: options?.mfaPollIntervalMs ?? 1000,
+    };
+  }
+
+  /**
+   * Sign a transaction. This method will block if the key requires MFA approval.
+   * @param {EvmSignRequest} req The sign request.
+   * @return {Promise<string>} Hex-encoded RLP encoding of the transaction and its signature.
+   */
+  async signTransaction(req: EvmSignRequest): Promise<string> {
+    const res = await this.signEvm(req);
+    const data = await this.#handleMfa(res);
+    return data.rlp_signed_tx;
+  }
+
+  /**
+   * Sign a transaction. This method does not block if the key requires MFA approval, i.e.,
+   * the returned {@link CubeSignerResponse} object either contains a signature or indicates
+   * that MFA is required.
+   *
+   * @param {EvmSignRequest} req The transaction to sign.
+   * @return {CubeSignerResponse<EvmSignResponse>} The response from the CubeSigner remote end.
+   */
+  async signEvm(req: EvmSignRequest): Promise<CubeSignerResponse<EvmSignResponse>> {
+    return await this.#signerSession.signEvm(this.#address, req);
+  }
+
+  /**
+   * Signs EIP-712 typed data. This uses CubeSigner's EIP-712 signing endpoint.
+   * The key (for this session) must have the `"AllowRawBlobSigning"` or
+   * `"AllowEip712Signing"` policy attached.
+   * @param {Eip712SignRequest} req The EIP712 sign request.
+   * @return {Promise<string>} The signature.
+   */
+  async signEip712(req: Eip712SignRequest): Promise<string> {
+    const res = await this.#signerSession.signEip712(this.#address, req);
+    const data = await this.#handleMfa(res);
+    return data.signature;
+  }
+
+  /**
+   * Signs arbitrary messages. This uses CubeSigner's EIP-191 signing endpoint.
+   * The key (for this session) must have the `"AllowRawBlobSigning"` or
+   * `"AllowEip191Signing"` policy attached.
+   * @param {Eip191SignRequest} req The request to sign.
+   * @return {Promise<string>} The signature.
+   */
+  async signEip191(req: Eip191SignRequest): Promise<string> {
+    const res = await this.#signerSession.signEip191(this.#address, req);
+    const data = await this.#handleMfa(res);
+    return data.signature;
+  }
+
+  /** @return {KeyInfo} The key corresponding to this address */
+  async key(): Promise<KeyInfo> {
+    if (this.#key === undefined) {
+      const key = (await this.#signerSession.keys()).find((k) => k.material_id === this.#address);
+      if (key === undefined) {
+        throw new Error(`Cannot access key '${this.#address}'`);
+      }
+      this.#key = key;
+    }
+    return this.#key;
+  }
+
+  /**
+   * Sign a transaction from an approved MFA request. The MFA request contains
+   * information about the approved signing request, which this method will execute.
+   * @param {MfaRequestInfo} mfaInfo The approved MFA request.
+   * @return {Promise<string>} Hex-encoded RLP encoding of the transaction and its signature.
+   */
+  async signTransactionMfaApproved(mfaInfo: MfaRequestInfo): Promise<string> {
+    if (!mfaInfo.request.path.includes("/eth1/sign/")) {
+      throw new Error(`Expected EVM transaction signing request, got ${mfaInfo.request.path}`);
+    }
+    if (!mfaInfo.request.path.includes(this.#address)) {
+      throw new Error(
+        `Expected signing request for ${this.#address} but got ${mfaInfo.request.path}`,
+      );
+    }
+    if (!mfaInfo.receipt) {
+      throw new Error("MFA request is not approved yet");
+    }
+
+    const resp = await this.#signerSession.signEvm(
+      this.#address,
+      mfaInfo.request.body as EvmSignRequest,
+      {
+        mfaId: mfaInfo.id,
+        mfaOrgId: this.#signerSession.orgId,
+        mfaConf: mfaInfo.receipt!.confirmation,
+      },
+    );
+    return resp.data().rlp_signed_tx;
+  }
+
+  /**
+   * If the sign request requires MFA, this method waits for approvals
+   * @param {CubeSignerResponse<U>} res The response of a sign request
+   * @return {Promise<U>} The sign data after MFA approvals
+   */
+  async #handleMfa<U>(res: CubeSignerResponse<U>): Promise<U> {
+    while (res.requiresMfa()) {
+      await new Promise((resolve) => setTimeout(resolve, this.#options.mfaPollIntervalMs));
+
+      const mfaId = res.mfaId();
+      const mfaInfo = await this.#signerSession.getMfaInfo(mfaId);
+      this.#options.onMfaPoll?.(mfaInfo);
+      if (mfaInfo.receipt) {
+        res = await res.signWithMfaApproval({
+          mfaId,
+          mfaOrgId: this.#signerSession.orgId,
+          mfaConf: mfaInfo.receipt.confirmation,
+        });
+      }
+    }
+    return res.data();
+  }
+}

package/src/index.ts

@@ -298,6 +298,8 @@ export * from "./role";
 export * from "./env";
 /** Fido */
 export * from "./mfa";
+/** Utils for processing org events */
+export * from "./org_event_processor";
 /** Pagination */
 export * from "./paginator";
 /** Response */
@@ -314,6 +316,8 @@ export * from "./session/signer_session_manager";
 export * from "./util";
 /** User-export decryption helper */
 export { userExportDecrypt, userExportKeygen } from "./user_export";
+/** Ethers.js helpers */
+export * from "./evm";
 
 /** CubeSigner SDK package name */
 export const NAME: string = name;

package/src/org.ts

@@ -1,5 +1,10 @@
 import { CubeSignerClient } from "./client";
-import { OrgInfo, SignerSessionManager, SignerSessionStorage } from ".";
+import {
+  NotificationEndpointConfiguration,
+  OrgInfo,
+  SignerSessionManager,
+  SignerSessionStorage,
+} from ".";
 
 /** Organization id */
 export type OrgId = string;
@@ -120,6 +125,17 @@ export class Org extends CubeSignerClient {
     await this.orgUpdate({ policy: p });
   }
 
+  /**
+   * Set the notification endpoints for the org.
+   *
+   * @param {NotificationEndpointConfiguration[]} notification_endpoints Endpoints.
+   */
+  async setNotificationEndpoints(notification_endpoints: NotificationEndpointConfiguration[]) {
+    await this.orgUpdate({
+      notification_endpoints,
+    });
+  }
+
   /**
    * Retrieve the org associated with a session.
    * @param {SessionStorage} storage The session