@cubist-labs/cubesigner-sdk 0.4.236 → 0.4.237

package/dist/src/schema.d.ts

@@ -1031,6 +1031,31 @@ export interface paths {
          */
         post: operations["invokePolicy"];
     };
+    "/v0/org/{org_id}/policy/buckets": {
+        /**
+         * List Buckets
+         * @description List Buckets
+         *
+         * List available meta information about all policy KV store buckets in the org.
+         */
+        get: operations["listPolicyBuckets"];
+    };
+    "/v0/org/{org_id}/policy/buckets/{bucket_name}": {
+        /**
+         * Get Bucket
+         * @description Get Bucket
+         *
+         * Returns the meta information of a policy KV store bucket.
+         */
+        get: operations["getPolicyBucket"];
+        /**
+         * Update Bucket
+         * @description Update Bucket
+         *
+         * Updates meta information for an existing policy KV store bucket.
+         */
+        patch: operations["updatePolicyBucket"];
+    };
     "/v0/org/{org_id}/policy/import_key": {
         /**
          * Create Policy Import Key
@@ -1046,7 +1071,7 @@ export interface paths {
          * Get the org-wide policy secrets.
          * @description Get the org-wide policy secrets.
          *
-         * Note that this only returns the keys for the secrets, omiting the values.
+         * Note that this only returns the keys for the secrets, omitting the values.
          * The values are secret and are not accessible outside Wasm policy execution.
          */
         get: operations["getPolicySecrets"];
@@ -1853,8 +1878,7 @@ export interface components {
          */
         Aud: string | string[];
         AuditLogEntry: {
-            /** @description The name of the event */
-            event: string;
+            event: components["schemas"]["OrgEventDiscriminants"];
             /** @description UUID of the event. Unique across all events. */
             event_id: string;
             org_id: components["schemas"]["Id"];
@@ -2693,7 +2717,7 @@ export interface components {
          * @description Billing event types.
          * @enum {string}
          */
-        BillingEvent: "Mmi" | "MmiMessageGet" | "MmiMessageList" | "MmiMessageSign" | "MmiMessageReject" | "MmiMessageDelete" | "AboutMe" | "UserResetEmailInit" | "UserResetEmailComplete" | "UserDeleteTotp" | "UserResetTotpInit" | "UserResetTotpComplete" | "UserVerifyTotp" | "UserRegisterFidoInit" | "UserRegisterFidoComplete" | "UserDeleteFido" | "CreateProofOidc" | "CreateProofCubeSigner" | "VerifyProof" | "AddOidcIdentity" | "RemoveOidcIdentity" | "ListOidcIdentities" | "GetOrg" | "UpdateOrg" | "GetOrgExport" | "CreateOrg" | "ListKeys" | "AttestKey" | "GetKey" | "GetKeyByMaterialId" | "ListKeyRoles" | "UpdateKey" | "ListHistoricalKeyTx" | "Invite" | "CancelInvitation" | "ListInvitations" | "ListUsers" | "GetUser" | "GetUserByEmail" | "GetUserByOidc" | "UpdateMembership" | "ResetMemberMfa" | "CompleteResetMemberMfa" | "CreateRole" | "AttestRole" | "GetRole" | "ListTokenKeys" | "ListRoles" | "GetRoleKey" | "ListRoleKeys" | "ListRoleUsers" | "UpdateRole" | "DeleteRole" | "ConfigureEmail" | "GetEmailConfig" | "DeleteEmailConfig" | "ListHistoricalRoleTx" | "CreatePolicy" | "GetPolicy" | "ListPolicies" | "DeletePolicy" | "UpdatePolicy" | "InvokePolicy" | "GetPolicyLogs" | "UploadWasmPolicy" | "GetPolicySecrets" | "UpdatePolicySecrets" | "SetPolicySecret" | "DeletePolicySecret" | "CreatePolicyImportKey" | "UserExportDelete" | "UserExportList" | "UserExportInit" | "UserExportComplete" | "AddUserToRole" | "RemoveUserFromRole" | "MfaApproveCs" | "MfaRejectCs" | "MfaGet" | "MfaList" | "AddKeysToRole" | "RemoveKeyFromRole" | "CreateToken" | "CreateSession" | "RevokeSession" | "RevokeCurrentSession" | "RevokeSessions" | "ListSessions" | "GetSession" | "SignerSessionRefresh" | "MfaApproveTotp" | "MfaRejectTotp" | "MfaFidoInit" | "MfaApproveFidoComplete" | "MfaRejectFidoComplete" | "MfaEmailInit" | "MfaEmailComplete" | "Cube3signerHeartbeat" | "CreateContact" | "GetContact" | "ListContacts" | "DeleteContact" | "UpdateContact" | "LookupContactsByAddress" | "QueryMetrics" | "QueryAuditLog" | "Counts" | "CreateKey" | "ImportKey" | "CreateKeyImportKey" | "DeriveKey" | "DeleteKey" | "AvaSign" | "AvaSerializedTxSign" | "BabylonRegistration" | "BabylonStaking" | "BabylonCovSign" | "BlobSign" | "BtcMessageSign" | "BtcSign" | "DiffieHellmanExchange" | "PsbtSign" | "PsbtLegacyInputSign" | "PsbtSegwitInputSign" | "PsbtTaprootInputSign" | "TaprootSign" | "Eip712Sign" | "Eip191Sign" | "Eth1Sign" | "Eth2Sign" | "SolanaSign" | "SuiSign" | "TendermintSign" | "Stake" | "Unstake" | "PasskeyAuthInit" | "PasskeyAuthComplete" | "OidcAuth" | "Oauth2Twitter" | "OAuth2TokenRefresh" | "EmailOtpAuth" | "SiweInit" | "SiweComplete" | "TelegramAuth" | "CreateOidcUser" | "DeleteOidcUser" | "DeleteUser" | "CreateEotsNonces" | "EotsSign" | "AuthMigrationIdentityAdd" | "AuthMigrationIdentityRemove" | "AuthMigrationUserUpdate" | "KeyCreated" | "KeyImported" | "InvitationAccept" | "IdpAuthenticate" | "IdpPasswordResetRequest" | "IdpPasswordResetConfirm" | "RpcApi" | "RpcCreateTransaction" | "RpcGetTransaction" | "RpcListTransactions" | "CustomChainRpcCall" | "EsploraApiCall" | "SentryApiCall" | "SentryApiCallPublic" | "MmiJwkSet" | "AttestationJwkSet" | "UserOrgs" | "PublicOrgInfo" | "EmailMyOrgs";
+        BillingEvent: "Mmi" | "MmiMessageGet" | "MmiMessageList" | "MmiMessageSign" | "MmiMessageReject" | "MmiMessageDelete" | "AboutMe" | "UserResetEmailInit" | "UserResetEmailComplete" | "UserDeleteTotp" | "UserResetTotpInit" | "UserResetTotpComplete" | "UserVerifyTotp" | "UserRegisterFidoInit" | "UserRegisterFidoComplete" | "UserDeleteFido" | "CreateProofOidc" | "CreateProofCubeSigner" | "VerifyProof" | "AddOidcIdentity" | "RemoveOidcIdentity" | "ListOidcIdentities" | "GetOrg" | "UpdateOrg" | "GetOrgExport" | "CreateOrg" | "ListKeys" | "AttestKey" | "GetKey" | "GetKeyByMaterialId" | "ListKeyRoles" | "UpdateKey" | "ListHistoricalKeyTx" | "Invite" | "CancelInvitation" | "ListInvitations" | "ListUsers" | "GetUser" | "GetUserByEmail" | "GetUserByOidc" | "UpdateMembership" | "ResetMemberMfa" | "CompleteResetMemberMfa" | "CreateRole" | "AttestRole" | "GetRole" | "ListTokenKeys" | "ListRoles" | "GetRoleKey" | "ListRoleKeys" | "ListRoleUsers" | "UpdateRole" | "DeleteRole" | "ConfigureEmail" | "GetEmailConfig" | "DeleteEmailConfig" | "ListHistoricalRoleTx" | "CreatePolicy" | "GetPolicy" | "ListPolicies" | "DeletePolicy" | "UpdatePolicy" | "InvokePolicy" | "GetPolicyLogs" | "UploadWasmPolicy" | "GetPolicySecrets" | "UpdatePolicySecrets" | "SetPolicySecret" | "DeletePolicySecret" | "CreatePolicyImportKey" | "GetPolicyBucket" | "ListPolicyBuckets" | "UpdatePolicyBucket" | "UserExportDelete" | "UserExportList" | "UserExportInit" | "UserExportComplete" | "AddUserToRole" | "RemoveUserFromRole" | "MfaApproveCs" | "MfaRejectCs" | "MfaGet" | "MfaList" | "AddKeysToRole" | "RemoveKeyFromRole" | "CreateToken" | "CreateSession" | "RevokeSession" | "RevokeCurrentSession" | "RevokeSessions" | "ListSessions" | "GetSession" | "SignerSessionRefresh" | "MfaApproveTotp" | "MfaRejectTotp" | "MfaFidoInit" | "MfaApproveFidoComplete" | "MfaRejectFidoComplete" | "MfaEmailInit" | "MfaEmailComplete" | "Cube3signerHeartbeat" | "CreateContact" | "GetContact" | "ListContacts" | "DeleteContact" | "UpdateContact" | "LookupContactsByAddress" | "QueryMetrics" | "QueryAuditLog" | "Counts" | "CreateKey" | "ImportKey" | "CreateKeyImportKey" | "DeriveKey" | "DeleteKey" | "AvaSign" | "AvaSerializedTxSign" | "BabylonRegistration" | "BabylonStaking" | "BabylonCovSign" | "BlobSign" | "BtcMessageSign" | "BtcSign" | "DiffieHellmanExchange" | "PsbtSign" | "PsbtLegacyInputSign" | "PsbtSegwitInputSign" | "PsbtTaprootInputSign" | "TaprootSign" | "Eip712Sign" | "Eip191Sign" | "Eth1Sign" | "Eth2Sign" | "SolanaSign" | "SuiSign" | "TendermintSign" | "Stake" | "Unstake" | "PasskeyAuthInit" | "PasskeyAuthComplete" | "OidcAuth" | "Oauth2Twitter" | "OAuth2TokenRefresh" | "EmailOtpAuth" | "SiweInit" | "SiweComplete" | "TelegramAuth" | "CreateOidcUser" | "DeleteOidcUser" | "DeleteUser" | "CreateEotsNonces" | "EotsSign" | "AuthMigrationIdentityAdd" | "AuthMigrationIdentityRemove" | "AuthMigrationUserUpdate" | "KeyCreated" | "KeyImported" | "InvitationAccept" | "IdpAuthenticate" | "IdpPasswordResetRequest" | "IdpPasswordResetConfirm" | "RpcApi" | "RpcCreateTransaction" | "RpcGetTransaction" | "RpcListTransactions" | "CustomChainRpcCall" | "EsploraApiCall" | "SentryApiCall" | "SentryApiCallPublic" | "MmiJwkSet" | "AttestationJwkSet" | "UserOrgs" | "PublicOrgInfo" | "EmailMyOrgs";
         /** @description A bitcoin address and its network. */
         BitcoinAddressInfo: {
             /**
@@ -2918,6 +2942,49 @@ export interface components {
              */
             value: number;
         };
+        /**
+         * @description The access-controlled actions that can be performed on a bucket
+         * @enum {string}
+         */
+        BucketAction: "read:key:value" | "read:key:exists" | "update:key:value" | "delete:key:value" | "scan:keys" | "update:bucket:owner" | "update:bucket:acl" | "update:bucket:metadata";
+        /** @description Information about a policy KV store bucket. */
+        BucketInfo: ({
+            created?: components["schemas"]["EpochDateTime"] | null;
+            last_modified?: components["schemas"]["EpochDateTime"] | null;
+            /**
+             * Format: int64
+             * @description Version of this object
+             */
+            version?: number;
+        } & {
+            /** @description The access-control entries for the bucket. */
+            acl?: unknown[] | null;
+            /** @description Arbitrary user-defined metadata. */
+            metadata?: unknown;
+            owner: components["schemas"]["Id"];
+        }) & {
+            /** @description The name of the bucket. */
+            name: string;
+        };
+        /**
+         * @description Sub-entity of org where per-bucket metadata (like ACL) is stored.
+         * The [Id] of a [BucketMeta] must be the bucket name.
+         */
+        BucketMeta: {
+            created?: components["schemas"]["EpochDateTime"] | null;
+            last_modified?: components["schemas"]["EpochDateTime"] | null;
+            /**
+             * Format: int64
+             * @description Version of this object
+             */
+            version?: number;
+        } & {
+            /** @description The access-control entries for the bucket. */
+            acl?: unknown[] | null;
+            /** @description Arbitrary user-defined metadata. */
+            metadata?: unknown;
+            owner: components["schemas"]["Id"];
+        };
         CancelInvitationRequest: {
             email: components["schemas"]["Email"];
         };
@@ -4203,7 +4270,7 @@ export interface components {
          * @description Explicitly named scopes for accessing CubeSigner APIs
          * @enum {string}
          */
-        ExplicitScope: "sign:*" | "sign:ava" | "sign:blob" | "sign:diffieHellman" | "sign:btc:*" | "sign:btc:segwit" | "sign:btc:taproot" | "sign:btc:psbt:*" | "sign:btc:psbt:doge" | "sign:btc:psbt:legacy" | "sign:btc:psbt:segwit" | "sign:btc:psbt:taproot" | "sign:btc:psbt:ltcSegwit" | "sign:btc:message:*" | "sign:btc:message:segwit" | "sign:btc:message:legacy" | "sign:babylon:*" | "sign:babylon:eots:*" | "sign:babylon:eots:nonces" | "sign:babylon:eots:sign" | "sign:babylon:staking:*" | "sign:babylon:staking:deposit" | "sign:babylon:staking:unbond" | "sign:babylon:staking:withdraw" | "sign:babylon:staking:slash" | "sign:babylon:registration" | "sign:babylon:covenant" | "sign:evm:*" | "sign:evm:tx" | "sign:evm:eip191" | "sign:evm:eip712" | "sign:eth2:*" | "sign:eth2:validate" | "sign:eth2:stake" | "sign:eth2:unstake" | "sign:solana" | "sign:sui" | "sign:tendermint" | "sign:mmi" | "manage:*" | "manage:readonly" | "manage:email:*" | "manage:email:get" | "manage:email:update" | "manage:email:delete" | "manage:mfa:*" | "manage:mfa:readonly" | "manage:mfa:list" | "manage:mfa:vote:*" | "manage:mfa:vote:cs" | "manage:mfa:vote:email" | "manage:mfa:vote:fido" | "manage:mfa:vote:totp" | "manage:mfa:register:*" | "manage:mfa:register:fido" | "manage:mfa:register:totp" | "manage:mfa:register:email" | "manage:mfa:unregister:*" | "manage:mfa:unregister:fido" | "manage:mfa:unregister:totp" | "manage:mfa:verify:*" | "manage:mfa:verify:totp" | "manage:key:*" | "manage:key:readonly" | "manage:key:get" | "manage:key:attest" | "manage:key:listRoles" | "manage:key:list" | "manage:key:history:tx:list" | "manage:key:create" | "manage:key:import" | "manage:key:update:*" | "manage:key:update:owner" | "manage:key:update:policy" | "manage:key:update:enabled" | "manage:key:update:region" | "manage:key:update:metadata" | "manage:key:update:editPolicy" | "manage:key:delete" | "manage:policy:*" | "manage:policy:readonly" | "manage:policy:create" | "manage:policy:get" | "manage:policy:list" | "manage:policy:delete" | "manage:policy:update:*" | "manage:policy:update:owner" | "manage:policy:update:name" | "manage:policy:update:acl" | "manage:policy:update:editPolicy" | "manage:policy:update:metadata" | "manage:policy:update:rule" | "manage:policy:invoke" | "manage:policy:wasm:*" | "manage:policy:wasm:upload" | "manage:policy:secrets:*" | "manage:policy:secrets:get" | "manage:policy:secrets:update:*" | "manage:policy:secrets:update:values" | "manage:policy:secrets:update:acl" | "manage:policy:secrets:update:editPolicy" | "manage:contact:*" | "manage:contact:readonly" | "manage:contact:create" | "manage:contact:get" | "manage:contact:list" | "manage:contact:delete" | "manage:contact:update:*" | "manage:contact:update:name" | "manage:contact:update:addresses" | "manage:contact:update:owner" | "manage:contact:update:labels" | "manage:contact:update:metadata" | "manage:contact:update:editPolicy" | "manage:contact:lookup:*" | "manage:contact:lookup:address" | "manage:policy:createImportKey" | "manage:role:*" | "manage:role:readonly" | "manage:role:create" | "manage:role:delete" | "manage:role:get:*" | "manage:role:attest" | "manage:role:get:keys" | "manage:role:get:keys:list" | "manage:role:get:keys:get" | "manage:role:get:users" | "manage:role:list" | "manage:role:update:*" | "manage:role:update:enabled" | "manage:role:update:policy" | "manage:role:update:editPolicy" | "manage:role:update:actions" | "manage:role:update:key:*" | "manage:role:update:key:add" | "manage:role:update:key:remove" | "manage:role:update:user:*" | "manage:role:update:user:add" | "manage:role:update:user:remove" | "manage:role:history:tx:list" | "manage:identity:*" | "manage:identity:readonly" | "manage:identity:verify" | "manage:identity:add" | "manage:identity:remove" | "manage:identity:list" | "manage:org:*" | "manage:org:create" | "manage:org:metrics:query" | "manage:org:audit:query" | "manage:org:readonly" | "manage:org:addUser" | "manage:org:inviteUser" | "manage:org:inviteAlien" | "manage:org:invitation:list" | "manage:org:invitation:cancel" | "manage:org:updateMembership" | "manage:org:listUsers" | "manage:org:user:get" | "manage:org:deleteUser" | "manage:org:get" | "manage:org:update:*" | "manage:org:update:enabled" | "manage:org:update:policy" | "manage:org:update:signPolicy" | "manage:org:update:export" | "manage:org:update:totpFailureLimit" | "manage:org:update:notificationEndpoints" | "manage:org:update:defaultInviteKind" | "manage:org:update:idpConfiguration" | "manage:org:update:passkeyConfiguration" | "manage:org:update:emailPreferences" | "manage:org:update:historicalData" | "manage:org:update:requireScopeCeiling" | "manage:org:update:alienLoginRequirement" | "manage:org:update:memberLoginRequirement" | "manage:org:update:keyExportRequirement" | "manage:org:update:allowedMfaTypes" | "manage:org:update:policyEngineConf" | "manage:org:update:customChains" | "manage:org:update:extProps" | "manage:org:update:editPolicy" | "manage:org:user:resetMfa" | "manage:session:*" | "manage:session:readonly" | "manage:session:get" | "manage:session:list" | "manage:session:create" | "manage:session:extend" | "manage:session:revoke" | "manage:export:*" | "manage:export:readonly" | "manage:export:org:*" | "manage:export:org:get" | "manage:export:user:*" | "manage:export:user:delete" | "manage:export:user:list" | "manage:authMigration:*" | "manage:authMigration:identity:add" | "manage:authMigration:identity:remove" | "manage:authMigration:user:update" | "manage:mmi:*" | "manage:mmi:readonly" | "manage:mmi:get" | "manage:mmi:list" | "manage:mmi:reject" | "manage:mmi:delete" | "export:*" | "export:user:*" | "export:user:init" | "export:user:complete" | "mmi:*" | "orgAccess:*" | "orgAccess:child:*" | "rpc:*" | "rpc:createTransaction:*" | "rpc:createTransaction:evm" | "rpc:getTransaction" | "rpc:listTransactions";
+        ExplicitScope: "sign:*" | "sign:ava" | "sign:blob" | "sign:diffieHellman" | "sign:btc:*" | "sign:btc:segwit" | "sign:btc:taproot" | "sign:btc:psbt:*" | "sign:btc:psbt:doge" | "sign:btc:psbt:legacy" | "sign:btc:psbt:segwit" | "sign:btc:psbt:taproot" | "sign:btc:psbt:ltcSegwit" | "sign:btc:message:*" | "sign:btc:message:segwit" | "sign:btc:message:legacy" | "sign:babylon:*" | "sign:babylon:eots:*" | "sign:babylon:eots:nonces" | "sign:babylon:eots:sign" | "sign:babylon:staking:*" | "sign:babylon:staking:deposit" | "sign:babylon:staking:unbond" | "sign:babylon:staking:withdraw" | "sign:babylon:staking:slash" | "sign:babylon:registration" | "sign:babylon:covenant" | "sign:evm:*" | "sign:evm:tx" | "sign:evm:eip191" | "sign:evm:eip712" | "sign:eth2:*" | "sign:eth2:validate" | "sign:eth2:stake" | "sign:eth2:unstake" | "sign:solana" | "sign:sui" | "sign:tendermint" | "sign:mmi" | "manage:*" | "manage:readonly" | "manage:email:*" | "manage:email:get" | "manage:email:update" | "manage:email:delete" | "manage:mfa:*" | "manage:mfa:readonly" | "manage:mfa:list" | "manage:mfa:vote:*" | "manage:mfa:vote:cs" | "manage:mfa:vote:email" | "manage:mfa:vote:fido" | "manage:mfa:vote:totp" | "manage:mfa:register:*" | "manage:mfa:register:fido" | "manage:mfa:register:totp" | "manage:mfa:register:email" | "manage:mfa:unregister:*" | "manage:mfa:unregister:fido" | "manage:mfa:unregister:totp" | "manage:mfa:verify:*" | "manage:mfa:verify:totp" | "manage:key:*" | "manage:key:readonly" | "manage:key:get" | "manage:key:attest" | "manage:key:listRoles" | "manage:key:list" | "manage:key:history:tx:list" | "manage:key:create" | "manage:key:import" | "manage:key:update:*" | "manage:key:update:owner" | "manage:key:update:policy" | "manage:key:update:enabled" | "manage:key:update:region" | "manage:key:update:metadata" | "manage:key:update:editPolicy" | "manage:key:delete" | "manage:policy:*" | "manage:policy:readonly" | "manage:policy:create" | "manage:policy:get" | "manage:policy:list" | "manage:policy:delete" | "manage:policy:update:*" | "manage:policy:update:owner" | "manage:policy:update:name" | "manage:policy:update:acl" | "manage:policy:update:editPolicy" | "manage:policy:update:metadata" | "manage:policy:update:rule" | "manage:policy:invoke" | "manage:policy:wasm:*" | "manage:policy:wasm:upload" | "manage:policy:secrets:*" | "manage:policy:secrets:get" | "manage:policy:secrets:update:*" | "manage:policy:secrets:update:values" | "manage:policy:secrets:update:acl" | "manage:policy:secrets:update:editPolicy" | "manage:policy:buckets:*" | "manage:policy:buckets:get" | "manage:policy:buckets:list" | "manage:policy:buckets:update:*" | "manage:policy:buckets:update:owner" | "manage:policy:buckets:update:acl" | "manage:policy:buckets:update:metadata" | "manage:contact:*" | "manage:contact:readonly" | "manage:contact:create" | "manage:contact:get" | "manage:contact:list" | "manage:contact:delete" | "manage:contact:update:*" | "manage:contact:update:name" | "manage:contact:update:addresses" | "manage:contact:update:owner" | "manage:contact:update:labels" | "manage:contact:update:metadata" | "manage:contact:update:editPolicy" | "manage:contact:lookup:*" | "manage:contact:lookup:address" | "manage:policy:createImportKey" | "manage:role:*" | "manage:role:readonly" | "manage:role:create" | "manage:role:delete" | "manage:role:get:*" | "manage:role:attest" | "manage:role:get:keys" | "manage:role:get:keys:list" | "manage:role:get:keys:get" | "manage:role:get:users" | "manage:role:list" | "manage:role:update:*" | "manage:role:update:enabled" | "manage:role:update:policy" | "manage:role:update:editPolicy" | "manage:role:update:actions" | "manage:role:update:key:*" | "manage:role:update:key:add" | "manage:role:update:key:remove" | "manage:role:update:user:*" | "manage:role:update:user:add" | "manage:role:update:user:remove" | "manage:role:history:tx:list" | "manage:identity:*" | "manage:identity:readonly" | "manage:identity:verify" | "manage:identity:add" | "manage:identity:remove" | "manage:identity:list" | "manage:org:*" | "manage:org:create" | "manage:org:metrics:query" | "manage:org:audit:query" | "manage:org:readonly" | "manage:org:addUser" | "manage:org:inviteUser" | "manage:org:inviteAlien" | "manage:org:invitation:list" | "manage:org:invitation:cancel" | "manage:org:updateMembership" | "manage:org:listUsers" | "manage:org:user:get" | "manage:org:deleteUser" | "manage:org:get" | "manage:org:update:*" | "manage:org:update:enabled" | "manage:org:update:policy" | "manage:org:update:signPolicy" | "manage:org:update:export" | "manage:org:update:totpFailureLimit" | "manage:org:update:notificationEndpoints" | "manage:org:update:defaultInviteKind" | "manage:org:update:idpConfiguration" | "manage:org:update:passkeyConfiguration" | "manage:org:update:emailPreferences" | "manage:org:update:historicalData" | "manage:org:update:requireScopeCeiling" | "manage:org:update:alienLoginRequirement" | "manage:org:update:memberLoginRequirement" | "manage:org:update:keyExportRequirement" | "manage:org:update:allowedMfaTypes" | "manage:org:update:policyEngineConf" | "manage:org:update:customChains" | "manage:org:update:extProps" | "manage:org:update:editPolicy" | "manage:org:user:resetMfa" | "manage:session:*" | "manage:session:readonly" | "manage:session:get" | "manage:session:list" | "manage:session:create" | "manage:session:extend" | "manage:session:revoke" | "manage:export:*" | "manage:export:readonly" | "manage:export:org:*" | "manage:export:org:get" | "manage:export:user:*" | "manage:export:user:delete" | "manage:export:user:list" | "manage:authMigration:*" | "manage:authMigration:identity:add" | "manage:authMigration:identity:remove" | "manage:authMigration:user:update" | "manage:mmi:*" | "manage:mmi:readonly" | "manage:mmi:get" | "manage:mmi:list" | "manage:mmi:reject" | "manage:mmi:delete" | "export:*" | "export:user:*" | "export:user:init" | "export:user:complete" | "mmi:*" | "orgAccess:*" | "orgAccess:child:*" | "rpc:*" | "rpc:createTransaction:*" | "rpc:createTransaction:evm" | "rpc:getTransaction" | "rpc:listTransactions";
         /**
          * @description This type specifies the interpretation of the `fee` field in Babylon
          * staking requests. If `sats`, the field is intpreted as a fixed value
@@ -4259,7 +4326,7 @@ export interface components {
             request_device_identifier?: boolean;
         };
         /** @enum {string} */
-        ForbiddenErrorCode: "AlienKeyCreate" | "CannotAssumeIdentity" | "SentryDisallowed" | "PasskeyLoginDisabled" | "PasskeyNotRegistered" | "CannotCreateOrg" | "WrongMfaEmailOtpJwt" | "OrgFlagNotSet" | "FidoRequiredToRemoveTotp" | "OidcIdentityLimitReached" | "OidcScopeCeilingMissing" | "OidcIssuerNotAllowedForMemberRole" | "OidcNoMemberRolesAllowed" | "EmailOtpNotConfigured" | "MfaChallengeExpired" | "ChainIdNotAllowed" | "InvalidOrg" | "OrgIdMismatch" | "SessionForWrongOrg" | "SelfDelete" | "SelfDisable" | "InvalidOrgMembershipRoleChange" | "UserDisabled" | "OrgDisabled" | "OrgNotFound" | "OrgWithoutOwner" | "OrphanedUser" | "OidcUserNotFound" | "UserNotInOrg" | "UserNotOrgOwner" | "UserNotKeyOwner" | "InvalidRole" | "DisabledRole" | "KeyDisabled" | "KeyNotInRole" | "ContactNotInOrg" | "UserExportRequestNotInOrg" | "UserExportRequestInvalid" | "UserExportDisabled" | "UserNotOriginalKeyOwner" | "UserNotInRole" | "MustBeFullMember" | "SessionExpired" | "SessionChanged" | "SessionRevoked" | "ExpectedUserSession" | "SessionRoleChanged" | "ScopedNameNotFound" | "SessionInvalidEpochToken" | "SessionInvalidRefreshToken" | "SessionRefreshTokenExpired" | "InvalidAuthHeader" | "SessionNotFound" | "InvalidArn" | "SessionInvalidAuthToken" | "SessionAuthTokenExpired" | "SessionPossiblyStolenToken" | "MfaDisallowedIdentity" | "MfaDisallowedApprover" | "MfaTypeNotAllowed" | "MfaNotApprovedYet" | "MfaConfirmationCodeMismatch" | "MfaHttpRequestMismatch" | "MfaRemoveBelowMin" | "MfaOrgRequirementNotMet" | "MfaRegistrationDisallowed" | "TotpAlreadyConfigured" | "TotpConfigurationChanged" | "MfaTotpBadConfiguration" | "MfaTotpBadCode" | "MfaTotpRateLimit" | "ImproperSessionScope" | "FullSessionRequired" | "SessionWithoutAnyScopeUnder" | "UserRoleUnprivileged" | "MemberRoleForbidden" | "MfaNotConfigured" | "RemoveLastOidcIdentity" | "OperationNotAllowed" | "OrgExportRetrievalDisabled" | "ChangingKeyExportRequirementIsDisabled" | "AutoAddBlsKeyToProtectedRole" | "UserNotPolicyOwner" | "UserNotContactOwner" | "LegacySessionCannotHaveScopeCeiling" | "RoleInParentOrgNotAllowed" | "RemoveKeyFromRoleUserNotAllowed" | "SiweChallengeExpired" | "SiweMessageNotValid" | "SiweMessageInvalidSignature" | "Acl";
+        ForbiddenErrorCode: "AlienKeyCreate" | "CannotAssumeIdentity" | "SentryDisallowed" | "PasskeyLoginDisabled" | "PasskeyNotRegistered" | "CannotCreateOrg" | "WrongMfaEmailOtpJwt" | "OrgFlagNotSet" | "FidoRequiredToRemoveTotp" | "OidcIdentityLimitReached" | "OidcScopeCeilingMissing" | "OidcIssuerNotAllowedForMemberRole" | "OidcNoMemberRolesAllowed" | "EmailOtpNotConfigured" | "MfaChallengeExpired" | "ChainIdNotAllowed" | "InvalidOrg" | "OrgIdMismatch" | "SessionForWrongOrg" | "SelfDelete" | "SelfDisable" | "InvalidOrgMembershipRoleChange" | "UserDisabled" | "OrgDisabled" | "OrgNotFound" | "OrgWithoutOwner" | "OrphanedUser" | "OidcUserNotFound" | "UserNotInOrg" | "UserNotOrgOwner" | "UserNotKeyOwner" | "InvalidRole" | "DisabledRole" | "KeyDisabled" | "KeyNotInRole" | "ContactNotInOrg" | "UserExportRequestNotInOrg" | "UserExportRequestInvalid" | "UserExportDisabled" | "UserNotOriginalKeyOwner" | "UserNotInRole" | "MustBeFullMember" | "SessionExpired" | "SessionChanged" | "SessionRevoked" | "ExpectedUserSession" | "SessionRoleChanged" | "ScopedNameNotFound" | "SessionInvalidEpochToken" | "SessionInvalidRefreshToken" | "SessionRefreshTokenExpired" | "InvalidAuthHeader" | "SessionNotFound" | "InvalidArn" | "SessionInvalidAuthToken" | "SessionAuthTokenExpired" | "SessionPossiblyStolenToken" | "MfaDisallowedIdentity" | "MfaDisallowedApprover" | "MfaTypeNotAllowed" | "MfaNotApprovedYet" | "MfaConfirmationCodeMismatch" | "MfaHttpRequestMismatch" | "MfaRemoveBelowMin" | "MfaOrgRequirementNotMet" | "MfaRegistrationDisallowed" | "TotpAlreadyConfigured" | "TotpConfigurationChanged" | "MfaTotpBadConfiguration" | "MfaTotpBadCode" | "MfaTotpRateLimit" | "ImproperSessionScope" | "FullSessionRequired" | "SessionWithoutAnyScopeUnder" | "UserRoleUnprivileged" | "MemberRoleForbidden" | "MfaNotConfigured" | "RemoveLastOidcIdentity" | "OperationNotAllowed" | "OrgExportRetrievalDisabled" | "ChangingKeyExportRequirementIsDisabled" | "AutoAddBlsKeyToProtectedRole" | "UserNotPolicyOwner" | "UserNotContactOwner" | "UserNotBucketOwner" | "LegacySessionCannotHaveScopeCeiling" | "RoleInParentOrgNotAllowed" | "RemoveKeyFromRoleUserNotAllowed" | "SiweChallengeExpired" | "SiweMessageNotValid" | "SiweMessageInvalidSignature" | "Acl";
         /**
          * @description Specifies a fork of the `BeaconChain`, to prevent replay attacks.
          * The schema of `Fork` is defined in the [Beacon chain
@@ -5120,7 +5187,7 @@ export interface components {
         /** Format: binary */
         NonceValue: string;
         /** @enum {string} */
-        NotFoundErrorCode: "UriSegmentMissing" | "UriSegmentInvalid" | "TotpNotConfigured" | "FidoKeyNotFound" | "FidoChallengeNotFound" | "TotpChallengeNotFound" | "UserExportRequestNotFound" | "UserExportCiphertextNotFound" | "OrgExportCiphertextNotFound" | "UploadObjectNotFound" | "PolicySecretNotFound" | "TimestreamDisabled" | "CustomChainNotFound" | "InvitationNotFound" | "TransactionNotFound" | "EmailConfigNotFound";
+        NotFoundErrorCode: "UriSegmentMissing" | "UriSegmentInvalid" | "TotpNotConfigured" | "FidoKeyNotFound" | "FidoChallengeNotFound" | "TotpChallengeNotFound" | "UserExportRequestNotFound" | "UserExportCiphertextNotFound" | "OrgExportCiphertextNotFound" | "UploadObjectNotFound" | "PolicySecretNotFound" | "BucketMetaNotFound" | "TimestreamDisabled" | "CustomChainNotFound" | "InvitationNotFound" | "TransactionNotFound" | "EmailConfigNotFound";
         /** @description The configuration and status of a notification endpoint */
         NotificationEndpoint: components["schemas"]["NotificationEndpointSubscription"] & {
             status: components["schemas"]["SubscriptionStatus"];
@@ -5716,6 +5783,21 @@ export interface components {
              */
             last_evaluated_key?: string | null;
         };
+        /**
+         * @description Response type that wraps another type and adds base64url-encoded encrypted `last_evaluated_key`
+         * value (which can the user pass back to use as a url query parameter to continue pagination).
+         */
+        PaginatedListBucketsResponse: {
+            /** @description The buckets in the organization. */
+            buckets: components["schemas"]["BucketInfo"][];
+        } & {
+            /**
+             * @description If set, the content of `response` does not contain the entire result set.
+             * To fetch the next page of the result set, call the same endpoint
+             * but specify this value as the 'page.start' query parameter.
+             */
+            last_evaluated_key?: string | null;
+        };
         /**
          * @description Response type that wraps another type and adds base64url-encoded encrypted `last_evaluated_key`
          * value (which can the user pass back to use as a url query parameter to continue pagination).
@@ -6035,12 +6117,10 @@ export interface components {
             message_tx?: components["schemas"]["TypedTransaction"] | null;
         }) & Record<string, never>;
         /**
-         * PolicyAction
          * @description The access-controlled actions that can be performed on a named policy.
-         * @example read:policy
          * @enum {string}
          */
-        PolicyAction: "read:*" | "read:policy" | "read:logs" | "update:*" | "update:name" | "update:rules" | "update:metadata" | "update:editPolicy" | "update:owner" | "update:acl" | "delete" | "attach" | "sign" | "invoke";
+        PolicyAction: "read:*" | "read" | "read:policy" | "read:logs" | "update:*" | "update" | "update:name" | "update:rules" | "update:metadata" | "update:editPolicy" | "update:owner" | "update:acl" | "delete" | "attach" | "sign" | "invoke";
         /** @description The id for attaching a named policy to a key, role, or key in role. */
         PolicyAttachedToId: OneOf<[
             {
@@ -7594,6 +7674,23 @@ export interface components {
             /** @description Optional policy evaluation tree. */
             policy_eval_tree?: unknown;
         } & Record<string, never>;
+        /** @description The information needed to update a bucket. */
+        UpdateBucketRequest: {
+            /** @description Access-control entries defining how the bucket can be accessed. */
+            acl?: unknown;
+            /**
+             * Format: int64
+             * @description If set, updating only succeeds if the current version matches this value.
+             */
+            expected_version?: number | null;
+            /** @description Optional metadata. */
+            metadata?: unknown;
+            /**
+             * @description Update the owner of the bucket
+             * @example User#00000000-0000-0000-0000-000000000000
+             */
+            owner?: string | null;
+        };
         /** @description The information needed to update a Contact. */
         UpdateContactRequest: {
             addresses?: components["schemas"]["AddressMap"] | null;
@@ -8417,6 +8514,29 @@ export interface components {
                 };
             };
         };
+        /** @description Information about a policy KV store bucket. */
+        BucketInfo: {
+            content: {
+                "application/json": ({
+                    created?: components["schemas"]["EpochDateTime"] | null;
+                    last_modified?: components["schemas"]["EpochDateTime"] | null;
+                    /**
+                     * Format: int64
+                     * @description Version of this object
+                     */
+                    version?: number;
+                } & {
+                    /** @description The access-control entries for the bucket. */
+                    acl?: unknown[] | null;
+                    /** @description Arbitrary user-defined metadata. */
+                    metadata?: unknown;
+                    owner: components["schemas"]["Id"];
+                }) & {
+                    /** @description The name of the bucket. */
+                    name: string;
+                };
+            };
+        };
         /** @description The number of users and keys in an org, organized by user role and key type */
         ComputeCountsResponse: {
             content: {
@@ -9132,6 +9252,21 @@ export interface components {
                 };
             };
         };
+        PaginatedListBucketsResponse: {
+            content: {
+                "application/json": {
+                    /** @description The buckets in the organization. */
+                    buckets: components["schemas"]["BucketInfo"][];
+                } & {
+                    /**
+                     * @description If set, the content of `response` does not contain the entire result set.
+                     * To fetch the next page of the result set, call the same endpoint
+                     * but specify this value as the 'page.start' query parameter.
+                     */
+                    last_evaluated_key?: string | null;
+                };
+            };
+        };
         PaginatedListContactsResponse: {
             content: {
                 "application/json": {
@@ -13358,6 +13493,108 @@ export interface operations {
             };
         };
     };
+    /**
+     * List Buckets
+     * @description List Buckets
+     *
+     * List available meta information about all policy KV store buckets in the org.
+     */
+    listPolicyBuckets: {
+        parameters: {
+            query?: {
+                /**
+                 * @description Max number of items to return per page.
+                 *
+                 * If the actual number of returned items may be less that this, even if there exist more
+                 * data in the result set. To reliably determine if more data is left in the result set,
+                 * inspect the [UnencryptedLastEvalKey] value in the response object.
+                 */
+                "page.size"?: number;
+                /**
+                 * @description The start of the page.  Omit to start from the beginning; otherwise, only specify a
+                 * the exact value previously returned as 'last_evaluated_key' from the same endpoint.
+                 */
+                "page.start"?: string | null;
+            };
+            path: {
+                /**
+                 * @description Name or ID of the desired Org
+                 * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+                 */
+                org_id: string;
+            };
+        };
+        responses: {
+            200: components["responses"]["PaginatedListBucketsResponse"];
+            default: {
+                content: {
+                    "application/json": components["schemas"]["ErrorResponse"];
+                };
+            };
+        };
+    };
+    /**
+     * Get Bucket
+     * @description Get Bucket
+     *
+     * Returns the meta information of a policy KV store bucket.
+     */
+    getPolicyBucket: {
+        parameters: {
+            path: {
+                /**
+                 * @description Name or ID of the desired Org
+                 * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+                 */
+                org_id: string;
+                bucket_name: string;
+            };
+        };
+        responses: {
+            200: components["responses"]["BucketInfo"];
+            default: {
+                content: {
+                    "application/json": components["schemas"]["ErrorResponse"];
+                };
+            };
+        };
+    };
+    /**
+     * Update Bucket
+     * @description Update Bucket
+     *
+     * Updates meta information for an existing policy KV store bucket.
+     */
+    updatePolicyBucket: {
+        parameters: {
+            path: {
+                /**
+                 * @description Name or ID of the desired Org
+                 * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+                 */
+                org_id: string;
+                bucket_name: string;
+            };
+        };
+        requestBody: {
+            content: {
+                "application/json": components["schemas"]["UpdateBucketRequest"];
+            };
+        };
+        responses: {
+            200: components["responses"]["BucketInfo"];
+            202: {
+                content: {
+                    "application/json": components["schemas"]["AcceptedResponse"];
+                };
+            };
+            default: {
+                content: {
+                    "application/json": components["schemas"]["ErrorResponse"];
+                };
+            };
+        };
+    };
     /**
      * Create Policy Import Key
      * @description Create Policy Import Key
@@ -13388,7 +13625,7 @@ export interface operations {
      * Get the org-wide policy secrets.
      * @description Get the org-wide policy secrets.
      *
-     * Note that this only returns the keys for the secrets, omiting the values.
+     * Note that this only returns the keys for the secrets, omitting the values.
      * The values are secret and are not accessible outside Wasm policy execution.
      */
     getPolicySecrets: {