@cubist-labs/cubesigner-sdk 0.4.231 → 0.4.237

package/src/schema.ts

@@ -403,7 +403,23 @@ export interface paths {
     post: operations["diffieHellmanExchange"];
   };
   "/v0/org/{org_id}/emails/{purpose}": {
+    /**
+     * Get Email Template
+     * @description Get Email Template
+     *
+     * Returns the email template for a given purpose.
+     */
+    get: operations["getEmailConfig"];
+    /**
+     * Configure Email Template
+     * @description Configure Email Template
+     */
     put: operations["configureEmail"];
+    /**
+     * Delete Email Template
+     * @description Delete Email Template
+     */
+    delete: operations["deleteEmailConfig"];
   };
   "/v0/org/{org_id}/evm/eip191/sign/{pubkey}": {
     /**
@@ -581,6 +597,23 @@ export interface paths {
      */
     post: operations["invitationAccept"];
   };
+  "/v0/org/{org_id}/invitations": {
+    /**
+     * List pending invitations
+     * @description List pending invitations
+     *
+     * Returns all pending (not yet accepted) invitations for the organization.
+     */
+    get: operations["listInvitations"];
+    /**
+     * Cancel a pending invitation
+     * @description Cancel a pending invitation
+     *
+     * Removes a pending invitation from the organization. If no pending invitation
+     * exists for the given email address, a not-found error is returned.
+     */
+    delete: operations["cancelInvitation"];
+  };
   "/v0/org/{org_id}/invite": {
     /**
      * Invite User
@@ -1002,6 +1035,31 @@ export interface paths {
      */
     post: operations["invokePolicy"];
   };
+  "/v0/org/{org_id}/policy/buckets": {
+    /**
+     * List Buckets
+     * @description List Buckets
+     *
+     * List available meta information about all policy KV store buckets in the org.
+     */
+    get: operations["listPolicyBuckets"];
+  };
+  "/v0/org/{org_id}/policy/buckets/{bucket_name}": {
+    /**
+     * Get Bucket
+     * @description Get Bucket
+     *
+     * Returns the meta information of a policy KV store bucket.
+     */
+    get: operations["getPolicyBucket"];
+    /**
+     * Update Bucket
+     * @description Update Bucket
+     *
+     * Updates meta information for an existing policy KV store bucket.
+     */
+    patch: operations["updatePolicyBucket"];
+  };
   "/v0/org/{org_id}/policy/import_key": {
     /**
      * Create Policy Import Key
@@ -1017,7 +1075,7 @@ export interface paths {
      * Get the org-wide policy secrets.
      * @description Get the org-wide policy secrets.
      *
-     * Note that this only returns the keys for the secrets, omiting the values.
+     * Note that this only returns the keys for the secrets, omitting the values.
      * The values are secret and are not accessible outside Wasm policy execution.
      */
     get: operations["getPolicySecrets"];
@@ -1027,18 +1085,22 @@ export interface paths {
      *
      * The provided secrets will replace any existing org-level secrets.
      * It fails if the secrets weren't previously created.
+     *
+     * Must be permitted by the policy secret's edit policy if set, and the org's edit policy otherwise.
      */
     patch: operations["updatePolicySecrets"];
   };
   "/v0/org/{org_id}/policy/secrets/{secret_name}": {
     /**
-     * Create or overwrite an org-level policy secret
-     * @description Create or overwrite an org-level policy secret
+     * Create or overwrite an org-level policy secret.
+     * @description Create or overwrite an org-level policy secret.
+     * Must be permitted by the policy secret's edit policy if set, and the org's edit policy otherwise.
      */
     put: operations["setPolicySecret"];
     /**
-     * Delete an org-level policy secret
-     * @description Delete an org-level policy secret
+     * Delete an org-level policy secret.
+     * @description Delete an org-level policy secret.
+     * Must be permitted by the policy secret's edit policy if set, and the org's edit policy otherwise.
      */
     delete: operations["deletePolicySecret"];
   };
@@ -1209,6 +1271,13 @@ export interface paths {
      */
     delete: operations["removeUserFromRole"];
   };
+  "/v0/org/{org_id}/rpc": {
+    /**
+     * High-level RPC endpoint.
+     * @description High-level RPC endpoint.
+     */
+    post: operations["rpcApi"];
+  };
   "/v0/org/{org_id}/session": {
     /**
      * List sessions
@@ -1524,14 +1593,6 @@ export interface paths {
      */
     patch: operations["passkeyAuthComplete"];
   };
-  "/v0/private/policy-execute/{policy_name}": {
-    /**
-     * The policy_execute API endpoint is intended to demonstrate that the signer
-     * @description The policy_execute API endpoint is intended to demonstrate that the signer
-     * can use the policy engine, by way of the PolicyEngineClient.
-     */
-    post: operations["policy-execute"];
-  };
   "/v0/user/me/fido": {
     /**
      * Initiate registration of a FIDO key
@@ -1823,8 +1884,7 @@ export interface components {
      */
     Aud: string | string[];
     AuditLogEntry: {
-      /** @description The name of the event */
-      event: string;
+      event: components["schemas"]["OrgEventDiscriminants"];
       /** @description UUID of the event. Unique across all events. */
       event_id: string;
       org_id: components["schemas"]["Id"];
@@ -2872,7 +2932,8 @@ export interface components {
       | "UserProfileMigrationTooManyItems"
       | "InputTooShort"
       | "InvalidTweakLength"
-      | "InvalidCustomChains";
+      | "InvalidCustomChains"
+      | "InvalidRpcRequest";
     BillingArgs: {
       billing_org: components["schemas"]["Id"];
       event_type: components["schemas"]["BillingEvent"];
@@ -2924,6 +2985,8 @@ export interface components {
       | "UpdateKey"
       | "ListHistoricalKeyTx"
       | "Invite"
+      | "CancelInvitation"
+      | "ListInvitations"
       | "ListUsers"
       | "GetUser"
       | "GetUserByEmail"
@@ -2942,6 +3005,8 @@ export interface components {
       | "UpdateRole"
       | "DeleteRole"
       | "ConfigureEmail"
+      | "GetEmailConfig"
+      | "DeleteEmailConfig"
       | "ListHistoricalRoleTx"
       | "CreatePolicy"
       | "GetPolicy"
@@ -2956,6 +3021,9 @@ export interface components {
       | "SetPolicySecret"
       | "DeletePolicySecret"
       | "CreatePolicyImportKey"
+      | "GetPolicyBucket"
+      | "ListPolicyBuckets"
+      | "UpdatePolicyBucket"
       | "UserExportDelete"
       | "UserExportList"
       | "UserExportInit"
@@ -3044,9 +3112,12 @@ export interface components {
       | "IdpAuthenticate"
       | "IdpPasswordResetRequest"
       | "IdpPasswordResetConfirm"
+      | "RpcApi"
+      | "RpcCreateTransaction"
+      | "RpcGetTransaction"
+      | "RpcListTransactions"
       | "CustomChainRpcCall"
       | "EsploraApiCall"
-      | "ExecutePolicy"
       | "SentryApiCall"
       | "SentryApiCallPublic"
       | "MmiJwkSet"
@@ -3284,6 +3355,60 @@ export interface components {
        */
       value: number;
     };
+    /**
+     * @description The access-controlled actions that can be performed on a bucket
+     * @enum {string}
+     */
+    BucketAction:
+      | "read:key:value"
+      | "read:key:exists"
+      | "update:key:value"
+      | "delete:key:value"
+      | "scan:keys"
+      | "update:bucket:owner"
+      | "update:bucket:acl"
+      | "update:bucket:metadata";
+    /** @description Information about a policy KV store bucket. */
+    BucketInfo: ({
+      created?: components["schemas"]["EpochDateTime"] | null;
+      last_modified?: components["schemas"]["EpochDateTime"] | null;
+      /**
+       * Format: int64
+       * @description Version of this object
+       */
+      version?: number;
+    } & {
+      /** @description The access-control entries for the bucket. */
+      acl?: unknown[] | null;
+      /** @description Arbitrary user-defined metadata. */
+      metadata?: unknown;
+      owner: components["schemas"]["Id"];
+    }) & {
+      /** @description The name of the bucket. */
+      name: string;
+    };
+    /**
+     * @description Sub-entity of org where per-bucket metadata (like ACL) is stored.
+     * The [Id] of a [BucketMeta] must be the bucket name.
+     */
+    BucketMeta: {
+      created?: components["schemas"]["EpochDateTime"] | null;
+      last_modified?: components["schemas"]["EpochDateTime"] | null;
+      /**
+       * Format: int64
+       * @description Version of this object
+       */
+      version?: number;
+    } & {
+      /** @description The access-control entries for the bucket. */
+      acl?: unknown[] | null;
+      /** @description Arbitrary user-defined metadata. */
+      metadata?: unknown;
+      owner: components["schemas"]["Id"];
+    };
+    CancelInvitationRequest: {
+      email: components["schemas"]["Email"];
+    };
     /**
      * @description Supported Canton environments.
      * @enum {string}
@@ -3544,6 +3669,37 @@ export interface components {
        */
       name: string;
     };
+    /** @description Parameters for creating an EVM transaction. */
+    CreateEvmTransactionRequest: components["schemas"]["CreateEvmTransferRequest"] & {
+      /** @enum {string} */
+      type: "Transfer";
+    };
+    /** @description Parameters for creating an EVM transfer. */
+    CreateEvmTransferRequest: {
+      token: "CreateEvmTransferRequest";
+    } & Omit<components["schemas"]["EvmToken"], "token"> &
+      components["schemas"]["EvmTxCustomization"] & {
+        /**
+         * Format: int64
+         * @description The EVM chain id this transaction is for.
+         */
+        chain_id: number;
+        /**
+         * @description The address that the amount will be transferred from.
+         *
+         * Must match the material id of a key the session can access.
+         */
+        from: string;
+        /** @description The address that the amount will be transferred to. */
+        to: string;
+        /**
+         * @description The amount being transferred, as a hex value.
+         *
+         * This value should be in WEI for native transfers, and in the token's denomination
+         * for ERC-20 transfers.
+         */
+        value: string;
+      };
     CreateKeyImportKeyResponse: components["schemas"]["KeyImportKey"] & {
       /**
        * @description An attestation document from a secure enclave, including an
@@ -3704,6 +3860,13 @@ export interface components {
          */
         scopes?: components["schemas"]["Scope"][] | null;
       };
+    /** @description Parameters for the [`cs_createTransaction`](RpcMethod::CreateTransaction) method. */
+    CreateTransactionRequest: {
+      type: "CreateTransactionRequest";
+    } & Omit<components["schemas"]["CreateEvmTransactionRequest"], "type"> & {
+        /** @enum {string} */
+        chain: "Evm";
+      };
     /**
      * @description An extended form of `PublicKeyCredentialCreationOptions` that allows clients to derive the WebAuthn challenge
      * from a structured preimage.
@@ -4451,6 +4614,35 @@ export interface components {
        */
       rpc_url: string;
     };
+    /** @description An EVM token. */
+    EvmToken:
+      | {
+          /** @enum {string} */
+          token: "Native";
+        }
+      | {
+          /** @enum {string} */
+          token: "Erc20";
+          /** @description The ERC-20 token address. */
+          token_address: string;
+        };
+    /** @description EVM-specific transaction details. */
+    EvmTransactionDetails: {
+      /**
+       * @description The transaction hash, as submitted to the chain.
+       *
+       * Can be undefined if the transaction hasn't been signed or submitted yet.
+       */
+      hash?: string;
+      /**
+       * @description The signature for the transaction.
+       *
+       * Can be undefined if the transaction hasn't been signed yet, or failed to be signed.
+       */
+      signature?: string;
+      /** @description The transaction itself. */
+      tx: unknown;
+    };
     EvmTxCmp: {
       /**
        * Format: int64
@@ -4476,6 +4668,34 @@ export interface components {
       /** @description Whether the 'nonce' property of the EVM transaction is allowed to be different. */
       ignore_nonce?: boolean;
     };
+    /** @description Optional fields used to customize EVM transactions. */
+    EvmTxCustomization: {
+      /**
+       * @description Optional gas limit.
+       *
+       * If not specified, estimated gas is used.
+       */
+      gas_limit?: string | null;
+      /**
+       * @description Optional max fee for the transaction.
+       *
+       * If not specified, estimated fees are used.
+       */
+      max_fee_per_gas?: string | null;
+      /**
+       * @description Optional max priority fee for the transaction.
+       *
+       * If not specified, estimated fees are used.
+       */
+      max_priority_fee_per_gas?: string | null;
+      /**
+       * @description Optional nonce.
+       *
+       * If not specified, the sender's transaction count from the latest block is
+       * used.
+       */
+      nonce?: string | null;
+    };
     /** @enum {string} */
     EvmTxDepositErrorCode:
       | "EvmTxDepositReceiverMismatch"
@@ -4547,7 +4767,10 @@ export interface components {
       | "sign:mmi"
       | "manage:*"
       | "manage:readonly"
-      | "manage:email"
+      | "manage:email:*"
+      | "manage:email:get"
+      | "manage:email:update"
+      | "manage:email:delete"
       | "manage:mfa:*"
       | "manage:mfa:readonly"
       | "manage:mfa:list"
@@ -4578,6 +4801,7 @@ export interface components {
       | "manage:key:update:owner"
       | "manage:key:update:policy"
       | "manage:key:update:enabled"
+      | "manage:key:update:region"
       | "manage:key:update:metadata"
       | "manage:key:update:editPolicy"
       | "manage:key:delete"
@@ -4603,6 +4827,13 @@ export interface components {
       | "manage:policy:secrets:update:values"
       | "manage:policy:secrets:update:acl"
       | "manage:policy:secrets:update:editPolicy"
+      | "manage:policy:buckets:*"
+      | "manage:policy:buckets:get"
+      | "manage:policy:buckets:list"
+      | "manage:policy:buckets:update:*"
+      | "manage:policy:buckets:update:owner"
+      | "manage:policy:buckets:update:acl"
+      | "manage:policy:buckets:update:metadata"
       | "manage:contact:*"
       | "manage:contact:readonly"
       | "manage:contact:create"
@@ -4634,6 +4865,7 @@ export interface components {
       | "manage:role:update:enabled"
       | "manage:role:update:policy"
       | "manage:role:update:editPolicy"
+      | "manage:role:update:actions"
       | "manage:role:update:key:*"
       | "manage:role:update:key:add"
       | "manage:role:update:key:remove"
@@ -4655,11 +4887,34 @@ export interface components {
       | "manage:org:addUser"
       | "manage:org:inviteUser"
       | "manage:org:inviteAlien"
+      | "manage:org:invitation:list"
+      | "manage:org:invitation:cancel"
       | "manage:org:updateMembership"
       | "manage:org:listUsers"
       | "manage:org:user:get"
       | "manage:org:deleteUser"
       | "manage:org:get"
+      | "manage:org:update:*"
+      | "manage:org:update:enabled"
+      | "manage:org:update:policy"
+      | "manage:org:update:signPolicy"
+      | "manage:org:update:export"
+      | "manage:org:update:totpFailureLimit"
+      | "manage:org:update:notificationEndpoints"
+      | "manage:org:update:defaultInviteKind"
+      | "manage:org:update:idpConfiguration"
+      | "manage:org:update:passkeyConfiguration"
+      | "manage:org:update:emailPreferences"
+      | "manage:org:update:historicalData"
+      | "manage:org:update:requireScopeCeiling"
+      | "manage:org:update:alienLoginRequirement"
+      | "manage:org:update:memberLoginRequirement"
+      | "manage:org:update:keyExportRequirement"
+      | "manage:org:update:allowedMfaTypes"
+      | "manage:org:update:policyEngineConf"
+      | "manage:org:update:customChains"
+      | "manage:org:update:extProps"
+      | "manage:org:update:editPolicy"
       | "manage:org:user:resetMfa"
       | "manage:session:*"
       | "manage:session:readonly"
@@ -4691,7 +4946,12 @@ export interface components {
       | "export:user:complete"
       | "mmi:*"
       | "orgAccess:*"
-      | "orgAccess:child:*";
+      | "orgAccess:child:*"
+      | "rpc:*"
+      | "rpc:createTransaction:*"
+      | "rpc:createTransaction:evm"
+      | "rpc:getTransaction"
+      | "rpc:listTransactions";
     /**
      * @description This type specifies the interpretation of the `fee` field in Babylon
      * staking requests. If `sats`, the field is intpreted as a fixed value
@@ -4832,6 +5092,7 @@ export interface components {
       | "AutoAddBlsKeyToProtectedRole"
       | "UserNotPolicyOwner"
       | "UserNotContactOwner"
+      | "UserNotBucketOwner"
       | "LegacySessionCannotHaveScopeCeiling"
       | "RoleInParentOrgNotAllowed"
       | "RemoveKeyFromRoleUserNotAllowed"
@@ -4885,9 +5146,24 @@ export interface components {
        */
       genesis_validators_root: string;
     };
+    /** @description The email sender configuration (without sensitive auth details) */
+    GetEmailConfigResponse: {
+      /** @description The email address that emails are sent from */
+      sender: string;
+      template?: {
+        /** @description An HTML template to use for the body. */
+        body_template: string;
+        /** @description The subject line template */
+        subject_template: string;
+      } | null;
+    };
     GetKeysInOrgRequest: {
       key_type?: components["schemas"]["KeyType"] | null;
     };
+    /** @description Parameters for the [`cs_getTransaction`](RpcMethod::GetTransaction) method. */
+    GetTransactionRequest: {
+      id: components["schemas"]["Id"];
+    };
     GetUserByEmailResponse: {
       /**
        * @description Typically, this array is either empty (if no user with a given email was found)
@@ -5174,12 +5450,26 @@ export interface components {
       | "InvalidAlias"
       | "EmptyUpdateModifiedObject"
       | "EmptyUpdateModifiedActions"
-      | "DbContactAddressesInvalid";
+      | "DbContactAddressesInvalid"
+      | "InvalidEvmSigedRlp"
+      | "InvalidErc20Data"
+      | "InvalidRpcUrl";
     InvitationAcceptRequest: {
       auth: components["schemas"]["AuthSource"];
       /** @description Invitation token */
       token: string;
     };
+    /** @description Information about a pending invitation */
+    InvitationInfo: {
+      created: components["schemas"]["EpochDateTime"];
+      /** @description The email address the invitation was sent to */
+      email: string;
+      expiration: components["schemas"]["EpochDateTime"];
+      inviter?: components["schemas"]["Id"] | null;
+      /** @description The invited user's name */
+      name: string;
+      role: components["schemas"]["MemberRole"];
+    };
     /**
      * @description Indicates the auth sources allowed to an invited user
      * @enum {string}
@@ -5327,6 +5617,29 @@ export interface components {
       /** @description The type of key this package represents */
       key_type: string;
     };
+    /** @description The top-level JSON-RPC request type. */
+    JsonRpcRequest: {
+      method: "JsonRpcRequest";
+    } & Omit<components["schemas"]["RpcMethod"], "method"> & {
+        /** @description Request ID */
+        id?: string;
+        /** @description JSON-RPC version. */
+        jsonrpc: string;
+      };
+    /** @description The RPC API's response. */
+    JsonRpcResponse: {
+      error?: components["schemas"]["ErrorObj"] | null;
+      /** @description ID from the corresponding request. */
+      id?: unknown;
+      /** @description Constant "2.0". */
+      jsonrpc: string;
+      /** @description Result, if success. */
+      result?: Record<string, unknown> | null;
+    };
+    /** @description Valid `result` from the JSON-RPC API. */
+    JsonRpcResult:
+      | components["schemas"]["TransactionInfo"]
+      | components["schemas"]["ListTransactionsPaginatedResponse"];
     JwkSetResponse: {
       /** @description The keys included in this set */
       keys: Record<string, never>[];
@@ -5530,6 +5843,11 @@ export interface components {
     ListIdentitiesResponse: {
       identities: components["schemas"]["IdentityInfo"][];
     };
+    /** @description List of pending invitations */
+    ListInvitationsResponse: {
+      /** @description Pending invitations */
+      invitations: components["schemas"]["InvitationInfo"][];
+    };
     ListMfaResponse: {
       /** @description All pending MFA requests */
       mfa_requests: components["schemas"]["MfaRequestInfo"][];
@@ -5539,6 +5857,35 @@ export interface components {
       /** @description All pending messages for a user. */
       pending_messages: components["schemas"]["PendingMessageInfo"][];
     };
+    /**
+     * @description Response type that wraps another type and adds base64url-encoded encrypted `last_evaluated_key`
+     * value (which can the user pass back to use as a url query parameter to continue pagination).
+     */
+    ListTransactionsPaginatedResponse: {
+      /** @description A list of transaction infos. */
+      transactions: components["schemas"]["TransactionInfo"][];
+    } & {
+      /**
+       * @description If set, the content of `response` does not contain the entire result set.
+       * To fetch the next page of the result set, call the same endpoint
+       * but specify this value as the 'page.start' query parameter.
+       */
+      last_evaluated_key?: string | null;
+    };
+    /** @description Parameters for the [`cs_listTransactions`](RpcMethod::ListTransactions) method. */
+    ListTransactionsRequest: components["schemas"]["Page"] & {
+      /**
+       * @description Optional user or role id.
+       *
+       * If defined, the response is filtered to transactions created by the given id.
+       */
+      owner?: string | null;
+    };
+    /** @description The response to [`cs_listTransactions`](super::request::RpcMethod::ListTransactions) */
+    ListTransactionsResponse: {
+      /** @description A list of transaction infos. */
+      transactions: components["schemas"]["TransactionInfo"][];
+    };
     LoginRequest: components["schemas"]["OidcLoginRequest"];
     /**
      * @description Describes whether a user in an org is an Owner or just a regular member
@@ -5611,7 +5958,7 @@ export interface components {
        * @description MFA policy provenance
        * @enum {string}
        */
-      provenance: "Key" | "KeyInRole" | "Role" | "User" | "EditPolicy";
+      provenance: "Org" | "Key" | "KeyInRole" | "Role" | "User" | "EditPolicy";
       receipt?: components["schemas"]["Receipt"] | null;
       /** @description The region this MFA request was created in.  It can only be redeemed from the same region. */
       region?: string;
@@ -5799,8 +6146,12 @@ export interface components {
       | "OrgExportCiphertextNotFound"
       | "UploadObjectNotFound"
       | "PolicySecretNotFound"
+      | "BucketMetaNotFound"
       | "TimestreamDisabled"
-      | "CustomChainNotFound";
+      | "CustomChainNotFound"
+      | "InvitationNotFound"
+      | "TransactionNotFound"
+      | "EmailConfigNotFound";
     /** @description The configuration and status of a notification endpoint */
     NotificationEndpoint: components["schemas"]["NotificationEndpointSubscription"] & {
       status: components["schemas"]["SubscriptionStatus"];
@@ -6136,6 +6487,19 @@ export interface components {
           /** @enum {string} */
           org_event: "TendermintConcurrentSigning";
         }
+      | {
+          /** @description The email address of the invited user */
+          email: string;
+          /** @enum {string} */
+          org_event: "InvitationCreated";
+          role: components["schemas"]["MemberRole"];
+        }
+      | {
+          /** @description The email address whose invitation was canceled */
+          email: string;
+          /** @enum {string} */
+          org_event: "InvitationCanceled";
+        }
       | {
           key_id: components["schemas"]["Id"];
           /** @enum {string} */
@@ -6196,6 +6560,8 @@ export interface components {
       | "MfaRejected"
       | "PolicyChanged"
       | "TendermintConcurrentSigning"
+      | "InvitationCreated"
+      | "InvitationCanceled"
       | "UserExportInit"
       | "UserExportComplete"
       | "WasmPolicyExecuted";
@@ -6218,169 +6584,179 @@ export interface components {
       /** @description A base64-encoded export ciphertext. */
       ciphertext: string;
     };
-    OrgInfo: components["schemas"]["MfaRequirements"] & {
-      access_model: components["schemas"]["AccessModel"];
-      custom_chains?: components["schemas"]["CustomChainsData"] | null;
-      default_invite_kind?: components["schemas"]["InviteKind"];
-      email_preferences?: components["schemas"]["EmailPreferences"];
-      /** @description When false, all cryptographic operations involving keys in this org are disabled. */
-      enabled: boolean;
-      ext_data?:
-        | ({
-            /**
-             * Format: int32
-             * @description Per alien user key count threshold, which, once exceeded, disallows further key creation by alien users.
-             *
-             * This setting is checked only when an alien user requests to create or import a new key.
-             * In other words, org admins can still assign unlimited number of keys to their alien users.
-             */
-            alien_key_count_threshold?: number | null;
-          } & {
-            created?: components["schemas"]["EpochDateTime"] | null;
-            last_modified?: components["schemas"]["EpochDateTime"] | null;
-            /**
-             * Format: int64
-             * @description Version of this object
-             */
-            version?: number;
-          } & Record<string, never>)
-        | null;
-      historical_data_configuration?: components["schemas"]["HistoricalDataConfiguration"];
-      idp_configuration?: components["schemas"]["IdpConfig"];
-      /** @description Deprecated: this field should be ignored. */
-      key_import_key?: string | null;
-      /**
-       * @description The organization's universally unique key-wrapping-key identifier.
-       * This value is required when setting up key export.
-       * @example mrk-fce09525e81587d23520f11e07e2e9d9
-       */
-      kwk_id: string;
-      /**
-       * @description Date/time (in UTC) when last 'unstake' was performed. Unix epoch if none.
-       * @example TODO
-       */
-      last_unstake: string;
-      /**
-       * Format: int32
-       * @description How many 'unstake' calls happened on the day when `last_unstake` was performed.
-       */
-      last_unstake_day_count: number;
-      /** @description Whether metrics are collected for this org */
-      metrics_enabled?: boolean;
-      /**
-       * @description The human-readable name for the org
-       * @example my_org_name
-       */
-      name?: string | null;
-      /**
-       * @description The organization's notification endpoints, which are HTTPS URLs are notified about a
-       * configurable set of events in an organization. For each event, CubeSigner sends a POST
-       * request with a JSON-formatted body that contains the event details.
-       * @example [
-       *   {
-       *     "arn": "arn:aws:sns:us-east-1:012345678901:OrgEventsTopic:12345678-0000-0000-0000-000000000001",
-       *     "config": {
-       *       "url": "https://example.com/endpoint1"
-       *     },
-       *     "status": "Confirmed"
-       *   },
-       *   {
-       *     "arn": "arn:aws:sns:us-east-1:012345678901:OrgEventsTopic:12345678-0000-0000-0000-000000000002",
-       *     "config": {
-       *       "filter": {
-       *         "OneOf": [
-       *           "Eth2ConcurrentAttestationSigning",
-       *           "Eth2ConcurrentBlockSigning"
-       *         ]
-       *       },
-       *       "url": "https://example.com/endpoint2"
-       *     },
-       *     "status": "Pending"
-       *   }
-       * ]
-       */
-      notification_endpoints?: components["schemas"]["NotificationEndpoint"][];
-      /**
-       * @description The ID of the organization
-       * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
-       */
-      org_id: string;
-      passkey_configuration?: components["schemas"]["PasskeyConfig"];
-      /**
-       * @description Org-wide policies that are checked before a key is used for signing
-       * @example [
-       *   {
-       *     "MaxDailyUnstake": 5
-       *   }
-       * ]
-       */
-      policy?: Record<string, never>[];
-      policy_engine_configuration?: components["schemas"]["PolicyEngineConfiguration"];
-      /**
-       * Format: int32
-       * @description The organization's currently configured TOTP failure limit, i.e., the number
-       * of times a user can provide an incorrect TOTP code before being rate limited.
-       * This value can be between 1 and 5 (inclusive).
-       */
-      totp_failure_limit: number;
-      /**
-       * Format: int64
-       * @description The organization's currently configured user-export delay, i.e., the minimum
-       * amount of time (in seconds) between when a user-export is initiated and when
-       * it may be completed. (This value is meaningless for organizations that use
-       * org-wide export.)
-       */
-      user_export_delay: number;
-      /** @description Whether user export is disabled */
-      user_export_disabled?: boolean;
-      /**
-       * Format: int64
-       * @description The organization's currently configured user-export window, i.e., the amount
-       * of time (in seconds) between when the user-export delay is completed and when
-       * the user export request has expired and can no longer be completed. (This value
-       * is meaningless for organizations that use org-wide export.)
-       */
-      user_export_window: number;
-      /** @description If set, the official webapp origin is automatically allowed */
-      webapp_enabled?: boolean;
-    };
-    /** @description Supported org metrics. */
-    OrgMetric: OneOf<
-      [
-        {
-          BillingEvent: components["schemas"]["BillingDimensions"];
-        },
-        {
-          OidcLoginEvent: components["schemas"]["OidcLoginDimensions"];
-        },
-        {
-          SignEvent: components["schemas"]["SignDimensions"];
-        },
-        {
-          UserCount: components["schemas"]["UserCountDimensions"];
-        },
-        {
-          KeyCount: components["schemas"]["KeyCountDimensions"];
-        },
-      ]
-    >;
-    OrgMetricData: {
-      /** @description The data points, one for each time period (time periods for which the value is 0 are omitted). */
-      data: {
-        [key: string]: number;
-      };
-      /** @description The metric dimensions. */
-      dimensions: {
-        [key: string]: string;
-      };
-    };
-    /**
-     * @description Auto-generated discriminant enum variants
-     * @enum {string}
-     */
-    OrgMetricDiscriminants:
-      | "BillingEvent"
-      | "OidcLoginEvent"
+    OrgInfo: components["schemas"]["MfaRequirements"] &
+      components["schemas"]["CommonFields"] & {
+        access_model: components["schemas"]["AccessModel"];
+        custom_chains?: components["schemas"]["CustomChainsData"] | null;
+        default_invite_kind?: components["schemas"]["InviteKind"];
+        email_preferences?: components["schemas"]["EmailPreferences"];
+        /** @description When false, all cryptographic operations involving keys in this org are disabled. */
+        enabled: boolean;
+        ext_data?:
+          | ({
+              /**
+               * Format: int32
+               * @description Per alien user key count threshold, which, once exceeded, disallows further key creation by alien users.
+               *
+               * This setting is checked only when an alien user requests to create or import a new key.
+               * In other words, org admins can still assign unlimited number of keys to their alien users.
+               */
+              alien_key_count_threshold?: number | null;
+            } & {
+              created?: components["schemas"]["EpochDateTime"] | null;
+              last_modified?: components["schemas"]["EpochDateTime"] | null;
+              /**
+               * Format: int64
+               * @description Version of this object
+               */
+              version?: number;
+            } & Record<string, never>)
+          | null;
+        historical_data_configuration?: components["schemas"]["HistoricalDataConfiguration"];
+        idp_configuration?: components["schemas"]["IdpConfig"];
+        /** @description Deprecated: this field should be ignored. */
+        key_import_key?: string | null;
+        /**
+         * @description The organization's universally unique key-wrapping-key identifier.
+         * This value is required when setting up key export.
+         * @example mrk-fce09525e81587d23520f11e07e2e9d9
+         */
+        kwk_id: string;
+        /**
+         * @description Date/time (in UTC) when last 'unstake' was performed. Unix epoch if none.
+         * @example TODO
+         */
+        last_unstake: string;
+        /**
+         * Format: int32
+         * @description How many 'unstake' calls happened on the day when `last_unstake` was performed.
+         */
+        last_unstake_day_count: number;
+        /** @description Whether metrics are collected for this org */
+        metrics_enabled?: boolean;
+        /**
+         * @description The human-readable name for the org
+         * @example my_org_name
+         */
+        name?: string | null;
+        /**
+         * @description The organization's notification endpoints, which are HTTPS URLs are notified about a
+         * configurable set of events in an organization. For each event, CubeSigner sends a POST
+         * request with a JSON-formatted body that contains the event details.
+         * @example [
+         *   {
+         *     "arn": "arn:aws:sns:us-east-1:012345678901:OrgEventsTopic:12345678-0000-0000-0000-000000000001",
+         *     "config": {
+         *       "url": "https://example.com/endpoint1"
+         *     },
+         *     "status": "Confirmed"
+         *   },
+         *   {
+         *     "arn": "arn:aws:sns:us-east-1:012345678901:OrgEventsTopic:12345678-0000-0000-0000-000000000002",
+         *     "config": {
+         *       "filter": {
+         *         "OneOf": [
+         *           "Eth2ConcurrentAttestationSigning",
+         *           "Eth2ConcurrentBlockSigning"
+         *         ]
+         *       },
+         *       "url": "https://example.com/endpoint2"
+         *     },
+         *     "status": "Pending"
+         *   }
+         * ]
+         */
+        notification_endpoints?: components["schemas"]["NotificationEndpoint"][];
+        /**
+         * @description The ID of the organization
+         * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        org_id: string;
+        passkey_configuration?: components["schemas"]["PasskeyConfig"];
+        /**
+         * @description Org-wide policies that are checked before a key is used for signing
+         * @example [
+         *   {
+         *     "MaxDailyUnstake": 5
+         *   }
+         * ]
+         */
+        policy?: Record<string, never>[];
+        policy_engine_configuration?: components["schemas"]["PolicyEngineConfiguration"];
+        /**
+         * @description Global sign policy that applies to every sign operation (every key, every role) in the org
+         * @example [
+         *   {
+         *     "TxReceiver": "0x0000000000000000000000000000000000000000"
+         *   }
+         * ]
+         */
+        sign_policy?: Record<string, never>[];
+        /**
+         * Format: int32
+         * @description The organization's currently configured TOTP failure limit, i.e., the number
+         * of times a user can provide an incorrect TOTP code before being rate limited.
+         * This value can be between 1 and 5 (inclusive).
+         */
+        totp_failure_limit: number;
+        /**
+         * Format: int64
+         * @description The organization's currently configured user-export delay, i.e., the minimum
+         * amount of time (in seconds) between when a user-export is initiated and when
+         * it may be completed. (This value is meaningless for organizations that use
+         * org-wide export.)
+         */
+        user_export_delay: number;
+        /** @description Whether user export is disabled */
+        user_export_disabled?: boolean;
+        /**
+         * Format: int64
+         * @description The organization's currently configured user-export window, i.e., the amount
+         * of time (in seconds) between when the user-export delay is completed and when
+         * the user export request has expired and can no longer be completed. (This value
+         * is meaningless for organizations that use org-wide export.)
+         */
+        user_export_window: number;
+        /** @description If set, the official webapp origin is automatically allowed */
+        webapp_enabled?: boolean;
+      };
+    /** @description Supported org metrics. */
+    OrgMetric: OneOf<
+      [
+        {
+          BillingEvent: components["schemas"]["BillingDimensions"];
+        },
+        {
+          OidcLoginEvent: components["schemas"]["OidcLoginDimensions"];
+        },
+        {
+          SignEvent: components["schemas"]["SignDimensions"];
+        },
+        {
+          UserCount: components["schemas"]["UserCountDimensions"];
+        },
+        {
+          KeyCount: components["schemas"]["KeyCountDimensions"];
+        },
+      ]
+    >;
+    OrgMetricData: {
+      /** @description The data points, one for each time period (time periods for which the value is 0 are omitted). */
+      data: {
+        [key: string]: number;
+      };
+      /** @description The metric dimensions. */
+      dimensions: {
+        [key: string]: string;
+      };
+    };
+    /**
+     * @description Auto-generated discriminant enum variants
+     * @enum {string}
+     */
+    OrgMetricDiscriminants:
+      | "BillingEvent"
+      | "OidcLoginEvent"
       | "SignEvent"
       | "UserCount"
       | "KeyCount";
@@ -6451,6 +6827,21 @@ export interface components {
        */
       last_evaluated_key?: string | null;
     };
+    /**
+     * @description Response type that wraps another type and adds base64url-encoded encrypted `last_evaluated_key`
+     * value (which can the user pass back to use as a url query parameter to continue pagination).
+     */
+    PaginatedListBucketsResponse: {
+      /** @description The buckets in the organization. */
+      buckets: components["schemas"]["BucketInfo"][];
+    } & {
+      /**
+       * @description If set, the content of `response` does not contain the entire result set.
+       * To fetch the next page of the result set, call the same endpoint
+       * but specify this value as the 'page.start' query parameter.
+       */
+      last_evaluated_key?: string | null;
+    };
     /**
      * @description Response type that wraps another type and adds base64url-encoded encrypted `last_evaluated_key`
      * value (which can the user pass back to use as a url query parameter to continue pagination).
@@ -6481,6 +6872,21 @@ export interface components {
        */
       last_evaluated_key?: string | null;
     };
+    /**
+     * @description Response type that wraps another type and adds base64url-encoded encrypted `last_evaluated_key`
+     * value (which can the user pass back to use as a url query parameter to continue pagination).
+     */
+    PaginatedListInvitationsResponse: {
+      /** @description Pending invitations */
+      invitations: components["schemas"]["InvitationInfo"][];
+    } & {
+      /**
+       * @description If set, the content of `response` does not contain the entire result set.
+       * To fetch the next page of the result set, call the same endpoint
+       * but specify this value as the 'page.start' query parameter.
+       */
+      last_evaluated_key?: string | null;
+    };
     /**
      * @description Response type that wraps another type and adds base64url-encoded encrypted `last_evaluated_key`
      * value (which can the user pass back to use as a url query parameter to continue pagination).
@@ -6756,16 +7162,16 @@ export interface components {
     }) &
       Record<string, never>;
     /**
-     * PolicyAction
      * @description The access-controlled actions that can be performed on a named policy.
-     * @example read:policy
      * @enum {string}
      */
     PolicyAction:
       | "read:*"
+      | "read"
       | "read:policy"
       | "read:logs"
       | "update:*"
+      | "update"
       | "update:name"
       | "update:rules"
       | "update:metadata"
@@ -6805,6 +7211,13 @@ export interface components {
            */
           role_id: string;
         },
+        {
+          /**
+           * @description The id of the org the policy should be attached to.
+           * @example Org#b0156abd-53bd-4043-8e55-57f7af9512d5
+           */
+          org_id: string;
+        },
       ]
     >;
     /** @description A struct containing Org-level configurations for the workings of the Policy Engine. */
@@ -7637,6 +8050,23 @@ export interface components {
       /** @description A JSON Web Token whose claims contain the `RoleInfo` structure. */
       jwt: string;
     };
+    /** @description The RPC API method and matching parameters. */
+    RpcMethod:
+      | {
+          /** @enum {string} */
+          method: "cs_createTransaction";
+          params: components["schemas"]["CreateTransactionRequest"];
+        }
+      | {
+          /** @enum {string} */
+          method: "cs_getTransaction";
+          params: components["schemas"]["GetTransactionRequest"];
+        }
+      | {
+          /** @enum {string} */
+          method: "cs_listTransactions";
+          params: components["schemas"]["ListTransactionsRequest"];
+        };
     /** @description All scopes for accessing CubeSigner APIs */
     Scope: components["schemas"]["ExplicitScope"] | string;
     /** @description A set of scopes. */
@@ -8220,6 +8650,16 @@ export interface components {
       signedRawTransaction?: string | null;
       status: components["schemas"]["MmiStatus"];
     };
+    /** @description Chain-specific transaction details. */
+    TransactionDetails: components["schemas"]["EvmTransactionDetails"] & {
+      /** @enum {string} */
+      chain: "Evm";
+    };
+    /** @description Information about an existing transaction created by the RPC API. */
+    TransactionInfo: components["schemas"]["Transaction"] & {
+      /** @description The transaction id. */
+      id: string;
+    };
     /**
      * @description Supported queries
      * @enum {string}
@@ -8453,6 +8893,23 @@ export interface components {
       /** @description Optional policy evaluation tree. */
       policy_eval_tree?: unknown;
     } & Record<string, never>;
+    /** @description The information needed to update a bucket. */
+    UpdateBucketRequest: {
+      /** @description Access-control entries defining how the bucket can be accessed. */
+      acl?: unknown;
+      /**
+       * Format: int64
+       * @description If set, updating only succeeds if the current version matches this value.
+       */
+      expected_version?: number | null;
+      /** @description Optional metadata. */
+      metadata?: unknown;
+      /**
+       * @description Update the owner of the bucket
+       * @example User#00000000-0000-0000-0000-000000000000
+       */
+      owner?: string | null;
+    };
     /** @description The information needed to update a Contact. */
     UpdateContactRequest: {
       addresses?: components["schemas"]["AddressMap"] | null;
@@ -8525,6 +8982,7 @@ export interface components {
       } | null;
       custom_chains?: components["schemas"]["CustomChainsData"] | null;
       default_invite_kind?: components["schemas"]["InviteKind"] | null;
+      edit_policy?: components["schemas"]["EditPolicy"] | null;
       email_preferences?: components["schemas"]["EmailPreferences"] | null;
       /** @description If set, update this org's `enabled` field to this value. */
       enabled?: boolean | null;
@@ -8619,6 +9077,18 @@ export interface components {
        * Owners of the org are exempt from this requirement.
        */
       require_scope_ceiling?: boolean | null;
+      /**
+       * @description If set, update this org's sign rule (old sign rules will be overwritten!).
+       * Only "deny"-style rules may be set.
+       * @example [
+       *   {
+       *     "TxReceiver": [
+       *       "0x0000000000000000000000000000000000000000"
+       *     ]
+       *   }
+       * ]
+       */
+      sign_policy?: unknown[] | null;
       /**
        * Format: int32
        * @description If set, update this org's TOTP failure limit. After this many failures,
@@ -8656,6 +9126,7 @@ export interface components {
       } | null;
       custom_chains?: components["schemas"]["CustomChainsData"] | null;
       default_invite_kind?: components["schemas"]["InviteKind"] | null;
+      edit_policy?: components["schemas"]["EditPolicy"] | null;
       email_preferences?: components["schemas"]["EmailPreferences"] | null;
       /** @description The new value of the 'enabled' property */
       enabled?: boolean | null;
@@ -8720,6 +9191,15 @@ export interface components {
       policy_engine_configuration?: components["schemas"]["PolicyEngineConfiguration"] | null;
       /** @description The new value of require_scope_ceiling */
       require_scope_ceiling?: boolean | null;
+      /**
+       * @description The new value of the org-wide sign rules
+       * @example [
+       *   {
+       *     "TxReceiver": "0x0000000000000000000000000000000000000000"
+       *   }
+       * ]
+       */
+      sign_policy?: Record<string, never>[] | null;
       /**
        * Format: int32
        * @description The new value of the TOTP failure limit
@@ -8737,6 +9217,11 @@ export interface components {
        * @description The new value of user-export window
        */
       user_export_window?: number | null;
+      /**
+       * Format: int64
+       * @description New org version
+       */
+      version: number;
     };
     /** @description Request body for updating a named policy. */
     UpdatePolicyRequest: {
@@ -9255,6 +9740,29 @@ export interface components {
         };
       };
     };
+    /** @description Information about a policy KV store bucket. */
+    BucketInfo: {
+      content: {
+        "application/json": ({
+          created?: components["schemas"]["EpochDateTime"] | null;
+          last_modified?: components["schemas"]["EpochDateTime"] | null;
+          /**
+           * Format: int64
+           * @description Version of this object
+           */
+          version?: number;
+        } & {
+          /** @description The access-control entries for the bucket. */
+          acl?: unknown[] | null;
+          /** @description Arbitrary user-defined metadata. */
+          metadata?: unknown;
+          owner: components["schemas"]["Id"];
+        }) & {
+          /** @description The name of the bucket. */
+          name: string;
+        };
+      };
+    };
     /** @description The number of users and keys in an org, organized by user role and key type */
     ComputeCountsResponse: {
       content: {
@@ -9475,6 +9983,21 @@ export interface components {
         };
       };
     };
+    /** @description The email sender configuration (without sensitive auth details) */
+    GetEmailConfigResponse: {
+      content: {
+        "application/json": {
+          /** @description The email address that emails are sent from */
+          sender: string;
+          template?: {
+            /** @description An HTML template to use for the body. */
+            body_template: string;
+            /** @description The subject line template */
+            subject_template: string;
+          } | null;
+        };
+      };
+    };
     GetUserByEmailResponse: {
       content: {
         "application/json": {
@@ -9543,6 +10066,20 @@ export interface components {
         "application/json": components["schemas"]["Response"] & Record<string, never>;
       };
     };
+    /** @description The RPC API's response. */
+    JsonRpcResponse: {
+      content: {
+        "application/json": {
+          error?: components["schemas"]["ErrorObj"] | null;
+          /** @description ID from the corresponding request. */
+          id?: unknown;
+          /** @description Constant "2.0". */
+          jsonrpc: string;
+          /** @description Result, if success. */
+          result?: Record<string, unknown> | null;
+        };
+      };
+    };
     /** @description A JSON Web Key set describing the key used to sign JSON Web Tokens */
     JwkSetResponse: {
       content: {
@@ -9727,7 +10264,7 @@ export interface components {
            * @description MFA policy provenance
            * @enum {string}
            */
-          provenance: "Key" | "KeyInRole" | "Role" | "User" | "EditPolicy";
+          provenance: "Org" | "Key" | "KeyInRole" | "Role" | "User" | "EditPolicy";
           receipt?: components["schemas"]["Receipt"] | null;
           /** @description The region this MFA request was created in.  It can only be redeemed from the same region. */
           region?: string;
@@ -9779,132 +10316,142 @@ export interface components {
     };
     OrgInfo: {
       content: {
-        "application/json": components["schemas"]["MfaRequirements"] & {
-          access_model: components["schemas"]["AccessModel"];
-          custom_chains?: components["schemas"]["CustomChainsData"] | null;
-          default_invite_kind?: components["schemas"]["InviteKind"];
-          email_preferences?: components["schemas"]["EmailPreferences"];
-          /** @description When false, all cryptographic operations involving keys in this org are disabled. */
-          enabled: boolean;
-          ext_data?:
-            | ({
-                /**
-                 * Format: int32
-                 * @description Per alien user key count threshold, which, once exceeded, disallows further key creation by alien users.
-                 *
-                 * This setting is checked only when an alien user requests to create or import a new key.
-                 * In other words, org admins can still assign unlimited number of keys to their alien users.
-                 */
-                alien_key_count_threshold?: number | null;
-              } & {
-                created?: components["schemas"]["EpochDateTime"] | null;
-                last_modified?: components["schemas"]["EpochDateTime"] | null;
-                /**
-                 * Format: int64
-                 * @description Version of this object
-                 */
-                version?: number;
-              } & Record<string, never>)
-            | null;
-          historical_data_configuration?: components["schemas"]["HistoricalDataConfiguration"];
-          idp_configuration?: components["schemas"]["IdpConfig"];
-          /** @description Deprecated: this field should be ignored. */
-          key_import_key?: string | null;
-          /**
-           * @description The organization's universally unique key-wrapping-key identifier.
-           * This value is required when setting up key export.
-           * @example mrk-fce09525e81587d23520f11e07e2e9d9
-           */
-          kwk_id: string;
-          /**
-           * @description Date/time (in UTC) when last 'unstake' was performed. Unix epoch if none.
-           * @example TODO
-           */
-          last_unstake: string;
-          /**
-           * Format: int32
-           * @description How many 'unstake' calls happened on the day when `last_unstake` was performed.
-           */
-          last_unstake_day_count: number;
-          /** @description Whether metrics are collected for this org */
-          metrics_enabled?: boolean;
-          /**
-           * @description The human-readable name for the org
-           * @example my_org_name
-           */
-          name?: string | null;
-          /**
-           * @description The organization's notification endpoints, which are HTTPS URLs are notified about a
-           * configurable set of events in an organization. For each event, CubeSigner sends a POST
-           * request with a JSON-formatted body that contains the event details.
-           * @example [
-           *   {
-           *     "arn": "arn:aws:sns:us-east-1:012345678901:OrgEventsTopic:12345678-0000-0000-0000-000000000001",
-           *     "config": {
-           *       "url": "https://example.com/endpoint1"
-           *     },
-           *     "status": "Confirmed"
-           *   },
-           *   {
-           *     "arn": "arn:aws:sns:us-east-1:012345678901:OrgEventsTopic:12345678-0000-0000-0000-000000000002",
-           *     "config": {
-           *       "filter": {
-           *         "OneOf": [
-           *           "Eth2ConcurrentAttestationSigning",
-           *           "Eth2ConcurrentBlockSigning"
-           *         ]
-           *       },
-           *       "url": "https://example.com/endpoint2"
-           *     },
-           *     "status": "Pending"
-           *   }
-           * ]
-           */
-          notification_endpoints?: components["schemas"]["NotificationEndpoint"][];
-          /**
-           * @description The ID of the organization
-           * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
-           */
-          org_id: string;
-          passkey_configuration?: components["schemas"]["PasskeyConfig"];
-          /**
-           * @description Org-wide policies that are checked before a key is used for signing
-           * @example [
-           *   {
-           *     "MaxDailyUnstake": 5
-           *   }
-           * ]
-           */
-          policy?: Record<string, never>[];
-          policy_engine_configuration?: components["schemas"]["PolicyEngineConfiguration"];
-          /**
-           * Format: int32
-           * @description The organization's currently configured TOTP failure limit, i.e., the number
-           * of times a user can provide an incorrect TOTP code before being rate limited.
-           * This value can be between 1 and 5 (inclusive).
-           */
-          totp_failure_limit: number;
-          /**
-           * Format: int64
-           * @description The organization's currently configured user-export delay, i.e., the minimum
-           * amount of time (in seconds) between when a user-export is initiated and when
-           * it may be completed. (This value is meaningless for organizations that use
-           * org-wide export.)
-           */
-          user_export_delay: number;
-          /** @description Whether user export is disabled */
-          user_export_disabled?: boolean;
-          /**
-           * Format: int64
-           * @description The organization's currently configured user-export window, i.e., the amount
-           * of time (in seconds) between when the user-export delay is completed and when
-           * the user export request has expired and can no longer be completed. (This value
-           * is meaningless for organizations that use org-wide export.)
-           */
-          user_export_window: number;
-          /** @description If set, the official webapp origin is automatically allowed */
-          webapp_enabled?: boolean;
-        };
+        "application/json": components["schemas"]["MfaRequirements"] &
+          components["schemas"]["CommonFields"] & {
+            access_model: components["schemas"]["AccessModel"];
+            custom_chains?: components["schemas"]["CustomChainsData"] | null;
+            default_invite_kind?: components["schemas"]["InviteKind"];
+            email_preferences?: components["schemas"]["EmailPreferences"];
+            /** @description When false, all cryptographic operations involving keys in this org are disabled. */
+            enabled: boolean;
+            ext_data?:
+              | ({
+                  /**
+                   * Format: int32
+                   * @description Per alien user key count threshold, which, once exceeded, disallows further key creation by alien users.
+                   *
+                   * This setting is checked only when an alien user requests to create or import a new key.
+                   * In other words, org admins can still assign unlimited number of keys to their alien users.
+                   */
+                  alien_key_count_threshold?: number | null;
+                } & {
+                  created?: components["schemas"]["EpochDateTime"] | null;
+                  last_modified?: components["schemas"]["EpochDateTime"] | null;
+                  /**
+                   * Format: int64
+                   * @description Version of this object
+                   */
+                  version?: number;
+                } & Record<string, never>)
+              | null;
+            historical_data_configuration?: components["schemas"]["HistoricalDataConfiguration"];
+            idp_configuration?: components["schemas"]["IdpConfig"];
+            /** @description Deprecated: this field should be ignored. */
+            key_import_key?: string | null;
+            /**
+             * @description The organization's universally unique key-wrapping-key identifier.
+             * This value is required when setting up key export.
+             * @example mrk-fce09525e81587d23520f11e07e2e9d9
+             */
+            kwk_id: string;
+            /**
+             * @description Date/time (in UTC) when last 'unstake' was performed. Unix epoch if none.
+             * @example TODO
+             */
+            last_unstake: string;
+            /**
+             * Format: int32
+             * @description How many 'unstake' calls happened on the day when `last_unstake` was performed.
+             */
+            last_unstake_day_count: number;
+            /** @description Whether metrics are collected for this org */
+            metrics_enabled?: boolean;
+            /**
+             * @description The human-readable name for the org
+             * @example my_org_name
+             */
+            name?: string | null;
+            /**
+             * @description The organization's notification endpoints, which are HTTPS URLs are notified about a
+             * configurable set of events in an organization. For each event, CubeSigner sends a POST
+             * request with a JSON-formatted body that contains the event details.
+             * @example [
+             *   {
+             *     "arn": "arn:aws:sns:us-east-1:012345678901:OrgEventsTopic:12345678-0000-0000-0000-000000000001",
+             *     "config": {
+             *       "url": "https://example.com/endpoint1"
+             *     },
+             *     "status": "Confirmed"
+             *   },
+             *   {
+             *     "arn": "arn:aws:sns:us-east-1:012345678901:OrgEventsTopic:12345678-0000-0000-0000-000000000002",
+             *     "config": {
+             *       "filter": {
+             *         "OneOf": [
+             *           "Eth2ConcurrentAttestationSigning",
+             *           "Eth2ConcurrentBlockSigning"
+             *         ]
+             *       },
+             *       "url": "https://example.com/endpoint2"
+             *     },
+             *     "status": "Pending"
+             *   }
+             * ]
+             */
+            notification_endpoints?: components["schemas"]["NotificationEndpoint"][];
+            /**
+             * @description The ID of the organization
+             * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+             */
+            org_id: string;
+            passkey_configuration?: components["schemas"]["PasskeyConfig"];
+            /**
+             * @description Org-wide policies that are checked before a key is used for signing
+             * @example [
+             *   {
+             *     "MaxDailyUnstake": 5
+             *   }
+             * ]
+             */
+            policy?: Record<string, never>[];
+            policy_engine_configuration?: components["schemas"]["PolicyEngineConfiguration"];
+            /**
+             * @description Global sign policy that applies to every sign operation (every key, every role) in the org
+             * @example [
+             *   {
+             *     "TxReceiver": "0x0000000000000000000000000000000000000000"
+             *   }
+             * ]
+             */
+            sign_policy?: Record<string, never>[];
+            /**
+             * Format: int32
+             * @description The organization's currently configured TOTP failure limit, i.e., the number
+             * of times a user can provide an incorrect TOTP code before being rate limited.
+             * This value can be between 1 and 5 (inclusive).
+             */
+            totp_failure_limit: number;
+            /**
+             * Format: int64
+             * @description The organization's currently configured user-export delay, i.e., the minimum
+             * amount of time (in seconds) between when a user-export is initiated and when
+             * it may be completed. (This value is meaningless for organizations that use
+             * org-wide export.)
+             */
+            user_export_delay: number;
+            /** @description Whether user export is disabled */
+            user_export_disabled?: boolean;
+            /**
+             * Format: int64
+             * @description The organization's currently configured user-export window, i.e., the amount
+             * of time (in seconds) between when the user-export delay is completed and when
+             * the user export request has expired and can no longer be completed. (This value
+             * is meaningless for organizations that use org-wide export.)
+             */
+            user_export_window: number;
+            /** @description If set, the official webapp origin is automatically allowed */
+            webapp_enabled?: boolean;
+          };
       };
     };
     PaginatedAuditLogResponse: {
@@ -9937,6 +10484,21 @@ export interface components {
         };
       };
     };
+    PaginatedListBucketsResponse: {
+      content: {
+        "application/json": {
+          /** @description The buckets in the organization. */
+          buckets: components["schemas"]["BucketInfo"][];
+        } & {
+          /**
+           * @description If set, the content of `response` does not contain the entire result set.
+           * To fetch the next page of the result set, call the same endpoint
+           * but specify this value as the 'page.start' query parameter.
+           */
+          last_evaluated_key?: string | null;
+        };
+      };
+    };
     PaginatedListContactsResponse: {
       content: {
         "application/json": {
@@ -9967,6 +10529,21 @@ export interface components {
         };
       };
     };
+    PaginatedListInvitationsResponse: {
+      content: {
+        "application/json": {
+          /** @description Pending invitations */
+          invitations: components["schemas"]["InvitationInfo"][];
+        } & {
+          /**
+           * @description If set, the content of `response` does not contain the entire result set.
+           * To fetch the next page of the result set, call the same endpoint
+           * but specify this value as the 'page.start' query parameter.
+           */
+          last_evaluated_key?: string | null;
+        };
+      };
+    };
     PaginatedListKeyRolesResponse: {
       content: {
         "application/json": {
@@ -10589,6 +11166,7 @@ export interface components {
           } | null;
           custom_chains?: components["schemas"]["CustomChainsData"] | null;
           default_invite_kind?: components["schemas"]["InviteKind"] | null;
+          edit_policy?: components["schemas"]["EditPolicy"] | null;
           email_preferences?: components["schemas"]["EmailPreferences"] | null;
           /** @description The new value of the 'enabled' property */
           enabled?: boolean | null;
@@ -10657,6 +11235,15 @@ export interface components {
           policy_engine_configuration?: components["schemas"]["PolicyEngineConfiguration"] | null;
           /** @description The new value of require_scope_ceiling */
           require_scope_ceiling?: boolean | null;
+          /**
+           * @description The new value of the org-wide sign rules
+           * @example [
+           *   {
+           *     "TxReceiver": "0x0000000000000000000000000000000000000000"
+           *   }
+           * ]
+           */
+          sign_policy?: Record<string, never>[] | null;
           /**
            * Format: int32
            * @description The new value of the TOTP failure limit
@@ -10671,9 +11258,14 @@ export interface components {
           user_export_disabled?: boolean | null;
           /**
            * Format: int64
-           * @description The new value of user-export window
+           * @description The new value of user-export window
+           */
+          user_export_window?: number | null;
+          /**
+           * Format: int64
+           * @description New org version
            */
-          user_export_window?: number | null;
+          version: number;
         };
       };
     };
@@ -11981,6 +12573,45 @@ export interface operations {
       };
     };
   };
+  /**
+   * Get Email Template
+   * @description Get Email Template
+   *
+   * Returns the email template for a given purpose.
+   */
+  getEmailConfig: {
+    parameters: {
+      path: {
+        /**
+         * @description Name or ID of the desired Org
+         * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        org_id: string;
+        /** @description Which email configuration to get */
+        purpose:
+          | "otp"
+          | "mfa_reset"
+          | "otp_mfa"
+          | "alien_password_reset"
+          | "member_password_reset"
+          | "alien_invite"
+          | "member_invite"
+          | "welcome";
+      };
+    };
+    responses: {
+      200: components["responses"]["GetEmailConfigResponse"];
+      default: {
+        content: {
+          "application/json": components["schemas"]["ErrorResponse"];
+        };
+      };
+    };
+  };
+  /**
+   * Configure Email Template
+   * @description Configure Email Template
+   */
   configureEmail: {
     parameters: {
       path: {
@@ -12015,6 +12646,44 @@ export interface operations {
       };
     };
   };
+  /**
+   * Delete Email Template
+   * @description Delete Email Template
+   */
+  deleteEmailConfig: {
+    parameters: {
+      path: {
+        /**
+         * @description Name or ID of the desired Org
+         * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        org_id: string;
+        /** @description Which email configuration to delete */
+        purpose:
+          | "otp"
+          | "mfa_reset"
+          | "otp_mfa"
+          | "alien_password_reset"
+          | "member_password_reset"
+          | "alien_invite"
+          | "member_invite"
+          | "welcome";
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["Empty"];
+      };
+    };
+    responses: {
+      200: components["responses"]["EmptyImpl"];
+      default: {
+        content: {
+          "application/json": components["schemas"]["ErrorResponse"];
+        };
+      };
+    };
+  };
   /**
    * Sign EIP-191 Data
    * @description Sign EIP-191 Data
@@ -12584,6 +13253,77 @@ export interface operations {
     };
     responses: {};
   };
+  /**
+   * List pending invitations
+   * @description List pending invitations
+   *
+   * Returns all pending (not yet accepted) invitations for the organization.
+   */
+  listInvitations: {
+    parameters: {
+      query?: {
+        /**
+         * @description Max number of items to return per page.
+         *
+         * If the actual number of returned items may be less that this, even if there exist more
+         * data in the result set. To reliably determine if more data is left in the result set,
+         * inspect the [UnencryptedLastEvalKey] value in the response object.
+         */
+        "page.size"?: number;
+        /**
+         * @description The start of the page.  Omit to start from the beginning; otherwise, only specify a
+         * the exact value previously returned as 'last_evaluated_key' from the same endpoint.
+         */
+        "page.start"?: string | null;
+      };
+      path: {
+        /**
+         * @description Name or ID of the desired Org
+         * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        org_id: string;
+      };
+    };
+    responses: {
+      200: components["responses"]["PaginatedListInvitationsResponse"];
+      default: {
+        content: {
+          "application/json": components["schemas"]["ErrorResponse"];
+        };
+      };
+    };
+  };
+  /**
+   * Cancel a pending invitation
+   * @description Cancel a pending invitation
+   *
+   * Removes a pending invitation from the organization. If no pending invitation
+   * exists for the given email address, a not-found error is returned.
+   */
+  cancelInvitation: {
+    parameters: {
+      path: {
+        /**
+         * @description Name or ID of the desired Org
+         * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        org_id: string;
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["CancelInvitationRequest"];
+      };
+    };
+    responses: {
+      200: components["responses"]["EmptyImpl"];
+      default: {
+        content: {
+          "application/json": components["schemas"]["ErrorResponse"];
+        };
+      };
+    };
+  };
   /**
    * Invite User
    * @description Invite User
@@ -14019,6 +14759,108 @@ export interface operations {
       };
     };
   };
+  /**
+   * List Buckets
+   * @description List Buckets
+   *
+   * List available meta information about all policy KV store buckets in the org.
+   */
+  listPolicyBuckets: {
+    parameters: {
+      query?: {
+        /**
+         * @description Max number of items to return per page.
+         *
+         * If the actual number of returned items may be less that this, even if there exist more
+         * data in the result set. To reliably determine if more data is left in the result set,
+         * inspect the [UnencryptedLastEvalKey] value in the response object.
+         */
+        "page.size"?: number;
+        /**
+         * @description The start of the page.  Omit to start from the beginning; otherwise, only specify a
+         * the exact value previously returned as 'last_evaluated_key' from the same endpoint.
+         */
+        "page.start"?: string | null;
+      };
+      path: {
+        /**
+         * @description Name or ID of the desired Org
+         * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        org_id: string;
+      };
+    };
+    responses: {
+      200: components["responses"]["PaginatedListBucketsResponse"];
+      default: {
+        content: {
+          "application/json": components["schemas"]["ErrorResponse"];
+        };
+      };
+    };
+  };
+  /**
+   * Get Bucket
+   * @description Get Bucket
+   *
+   * Returns the meta information of a policy KV store bucket.
+   */
+  getPolicyBucket: {
+    parameters: {
+      path: {
+        /**
+         * @description Name or ID of the desired Org
+         * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        org_id: string;
+        bucket_name: string;
+      };
+    };
+    responses: {
+      200: components["responses"]["BucketInfo"];
+      default: {
+        content: {
+          "application/json": components["schemas"]["ErrorResponse"];
+        };
+      };
+    };
+  };
+  /**
+   * Update Bucket
+   * @description Update Bucket
+   *
+   * Updates meta information for an existing policy KV store bucket.
+   */
+  updatePolicyBucket: {
+    parameters: {
+      path: {
+        /**
+         * @description Name or ID of the desired Org
+         * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        org_id: string;
+        bucket_name: string;
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["UpdateBucketRequest"];
+      };
+    };
+    responses: {
+      200: components["responses"]["BucketInfo"];
+      202: {
+        content: {
+          "application/json": components["schemas"]["AcceptedResponse"];
+        };
+      };
+      default: {
+        content: {
+          "application/json": components["schemas"]["ErrorResponse"];
+        };
+      };
+    };
+  };
   /**
    * Create Policy Import Key
    * @description Create Policy Import Key
@@ -14049,7 +14891,7 @@ export interface operations {
    * Get the org-wide policy secrets.
    * @description Get the org-wide policy secrets.
    *
-   * Note that this only returns the keys for the secrets, omiting the values.
+   * Note that this only returns the keys for the secrets, omitting the values.
    * The values are secret and are not accessible outside Wasm policy execution.
    */
   getPolicySecrets: {
@@ -14077,6 +14919,8 @@ export interface operations {
    *
    * The provided secrets will replace any existing org-level secrets.
    * It fails if the secrets weren't previously created.
+   *
+   * Must be permitted by the policy secret's edit policy if set, and the org's edit policy otherwise.
    */
   updatePolicySecrets: {
     parameters: {
@@ -14108,8 +14952,9 @@ export interface operations {
     };
   };
   /**
-   * Create or overwrite an org-level policy secret
-   * @description Create or overwrite an org-level policy secret
+   * Create or overwrite an org-level policy secret.
+   * @description Create or overwrite an org-level policy secret.
+   * Must be permitted by the policy secret's edit policy if set, and the org's edit policy otherwise.
    */
   setPolicySecret: {
     parameters: {
@@ -14142,8 +14987,9 @@ export interface operations {
     };
   };
   /**
-   * Delete an org-level policy secret
-   * @description Delete an org-level policy secret
+   * Delete an org-level policy secret.
+   * @description Delete an org-level policy secret.
+   * Must be permitted by the policy secret's edit policy if set, and the org's edit policy otherwise.
    */
   deletePolicySecret: {
     parameters: {
@@ -14851,6 +15697,34 @@ export interface operations {
       };
     };
   };
+  /**
+   * High-level RPC endpoint.
+   * @description High-level RPC endpoint.
+   */
+  rpcApi: {
+    parameters: {
+      path: {
+        /**
+         * @description Name or ID of the desired Org
+         * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        org_id: string;
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["JsonRpcRequest"];
+      };
+    };
+    responses: {
+      200: components["responses"]["JsonRpcResponse"];
+      default: {
+        content: {
+          "application/json": components["schemas"]["ErrorResponse"];
+        };
+      };
+    };
+  };
   /**
    * List sessions
    * @description List sessions
@@ -16050,35 +16924,6 @@ export interface operations {
       };
     };
   };
-  /**
-   * The policy_execute API endpoint is intended to demonstrate that the signer
-   * @description The policy_execute API endpoint is intended to demonstrate that the signer
-   * can use the policy engine, by way of the PolicyEngineClient.
-   */
-  "policy-execute": {
-    parameters: {
-      path: {
-        /**
-         * @description Base64Url-nopad of the sha256 digest of the policy binary
-         * @example 123456
-         */
-        policy_name: string;
-      };
-    };
-    requestBody: {
-      content: {
-        "application/json": Record<string, never>;
-      };
-    };
-    responses: {
-      200: components["responses"]["PolicyResultResponse"];
-      default: {
-        content: {
-          "application/json": components["schemas"]["ErrorResponse"];
-        };
-      };
-    };
-  };
   /**
    * Initiate registration of a FIDO key
    * @deprecated