@cubist-labs/cubesigner-sdk 0.4.241 → 0.4.244

package/dist/src/schema.d.ts

@@ -1745,34 +1745,97 @@ export type webhooks = Record<string, never>;
 export interface components {
     schemas: {
         AcceptedResponse: components["schemas"]["ErrorResponse"] & Record<string, never>;
+        /** @description Different responses we return for success status codes. */
+        AcceptedValue: OneOf<[
+            {
+                SignDryRun: components["schemas"]["SignDryRunArgs"];
+            },
+            {
+                BinanceDryRun: components["schemas"]["BinanceDryRunArgs"];
+            },
+            {
+                MfaRequired: components["schemas"]["MfaRequiredArgs"];
+            }
+        ]>;
+        /** @enum {string} */
+        AcceptedValueCode: "SignDryRun" | "BinanceDryRun" | "MfaRequired";
         /**
-         * @description Different responses we return for status code "202 Accepted".
+         * @description Determines who controls the keys within an org
+         * @enum {string}
+         */
+        AccessModel: "User" | "Org";
+        /**
+         * @description One asset balance entry in [`AccountInfoResponse::balances`]. Distinct from
+         * [`SubAccountAsset`] because the spot-account schema lacks the `freeze` and
+         * `withdrawing` fields.
+         */
+        AccountBalance: {
+            /** @description Asset symbol (e.g. `"USDT"`, `"BTC"`). */
+            asset: string;
+            /** @description Available balance. */
+            free: string;
+            /** @description Balance locked in open orders. */
+            locked: string;
+        };
+        /**
+         * @description Parameters for `GET /api/v3/account`.
          *
-         * Even though "202 Accepted" is a successful response, we represent
-         * it as a Rust error because that makes it easy to have route handlers
-         * return `Result<T, SignerError>` where `T` is the type of the
-         * response for the status code "200 Ok".
+         * Returns Spot account info for whichever account the signing key
+         * authenticates as (master or sub).
          */
-        AcceptedValue: {
-            MfaRequired: {
-                /** @description Always set to first MFA id from `Self::ids` */
-                id: string;
-                /** @description Non-empty MFA request IDs */
-                ids: string[];
-                /** @description Organization id */
-                org_id: string;
-                /** @description Optional policy evaluation tree (included in signer responses, when requested) */
-                policy_eval_tree?: unknown;
-                session?: components["schemas"]["NewSessionResponse"] | null;
-            };
+        AccountInfoRequest: {
+            /**
+             * @description If `true`, the response omits assets with all-zero balances. Defaults to
+             * `false` (Binance's default).
+             */
+            omitZeroBalances?: boolean | null;
+        };
+        /** @description Response for [`BinanceManager::account_info`]. */
+        AccountInfoResponse: {
+            /** @description Account type, e.g. `"SPOT"`. Left as `String` for forward compatibility. */
+            accountType: string;
+            /** @description One entry per asset. Affected by the `omit_zero_balances` request flag. */
+            balances: components["schemas"]["AccountBalance"][];
+            brokered: boolean;
+            /** Format: int64 */
+            buyerCommission: number;
+            canDeposit: boolean;
+            canTrade: boolean;
+            canWithdraw: boolean;
+            commissionRates: components["schemas"]["CommissionRates"];
+            /**
+             * Format: int64
+             * @description Maker commission, in basis points (e.g. `10` = 0.1%). Superseded by
+             * [`AccountInfoResponse::commission_rates`] for fractional rates.
+             */
+            makerCommission: number;
+            /** @description Permission flags, e.g. `["SPOT", "MARGIN"]`. */
+            permissions: string[];
+            preventSor: boolean;
+            requireSelfTradePrevention: boolean;
+            /** Format: int64 */
+            sellerCommission: number;
+            /** Format: int64 */
+            takerCommission: number;
+            /**
+             * Format: int64
+             * @description Account user id.
+             */
+            uid: number;
+            /**
+             * Format: int64
+             * @description Last account update time (ms since epoch).
+             */
+            updateTime: number;
         };
-        /** @enum {string} */
-        AcceptedValueCode: "MfaRequired";
         /**
-         * @description Determines who controls the keys within an org
+         * @description Wallet type used as the source or destination of a [`UniversalTransferRequest`].
+         *
+         * Serializes to the SCREAMING_SNAKE_CASE strings Binance expects. The default
+         * is [`AccountType::Spot`].
          * @enum {string}
          */
-        AccessModel: "User" | "Org";
+        AccountType: "SPOT" | "USDT_FUTURE" | "COIN_FUTURE" | "MARGIN";
         /** @description Request to add OIDC identity to an existing user account */
         AddIdentityRequest: {
             oidc_token: string;
@@ -2069,6 +2132,8 @@ export interface components {
         AuthenticatorTransport: "usb" | "nfc" | "ble" | "internal";
         /** @description Request to sign a serialized Avalanche transaction */
         AvaSerializedTxSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -2091,6 +2156,8 @@ export interface components {
         };
         /** @description Request to sign an Avalanche transaction */
         AvaSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -2128,6 +2195,8 @@ export interface components {
         /** @description Wrapper around a zeroizing 32-byte fixed-size array */
         B32: string;
         BabylonCovSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -2321,6 +2390,8 @@ export interface components {
              */
             value: number;
         }) & {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -2700,7 +2771,7 @@ export interface components {
         /** @enum {string} */
         BadGatewayErrorCode: "Generic" | "CustomChainRpcError" | "EsploraApiError" | "SentryApiError" | "CallWebhookError" | "OAuthProviderError" | "OidcDisoveryFailed" | "OidcIssuerJwkEndpointUnavailable" | "SmtpServerUnavailable";
         /** @enum {string} */
-        BadRequestErrorCode: "GenericBadRequest" | "DisallowedAllowRuleReference" | "InvalidPaginationToken" | "InvalidEmail" | "InvalidEmailTemplate" | "QueryMetricsError" | "InvalidTelegramData" | "ValidationError" | "WebhookPolicyTimeoutOutOfBounds" | "WebhookPolicyDisallowedUrlScheme" | "WebhookPolicyDisallowedUrlHost" | "WebhookPolicyDisallowedHeaders" | "ReservedName" | "UserEmailNotConfigured" | "EmailPasswordNotFound" | "PasswordAuthNotAllowedByInvitation" | "OneTimeCodeExpired" | "InvalidBody" | "InvalidJwt" | "InvitationNoLongerValid" | "TokenRequestError" | "InvalidMfaReceipt" | "InvalidMfaPolicyCount" | "InvalidMfaPolicyNumAuthFactors" | "InvalidMfaPolicyNumAllowedApprovers" | "InvalidMfaPolicyGracePeriodTooLong" | "InvalidBabylonStakingPolicyParams" | "InvalidSuiTxReceiversEmptyAllowlist" | "InvalidBtcTxReceiversEmptyAllowlist" | "InvalidRequireRoleSessionAllowlist" | "InvalidCreateKeyCount" | "InvalidDiffieHellmanCount" | "OrgInviteExistingUser" | "OrgUserAlreadyExists" | "OrgNameTaken" | "KwkNotFoundInRegion" | "OrgIsNotOrgExport" | "RoleNameTaken" | "PolicyNameTaken" | "NameTaken" | "ContactNameInvalid" | "ContactAddressesInvalid" | "ContactLabelInvalid" | "ContactModified" | "PolicyNotFound" | "PolicyVersionNotFound" | "PolicyRuleDisallowedByType" | "PolicyTypeDisallowed" | "PolicyDuplicateError" | "PolicyStillAttached" | "PolicyModified" | "PolicyNotAttached" | "AddKeyToRoleCountTooHigh" | "InvalidKeyId" | "InvalidTimeLockAlreadyInThePast" | "InvalidRestrictedScopes" | "InvalidUpdate" | "InvalidMetadataLength" | "InvalidLength" | "InvalidKeyMaterialId" | "KeyNotFound" | "SiweChallengeNotFound" | "SiweInvalidRequest" | "UserExportDerivedKey" | "UserExportPublicKeyInvalid" | "NistP256PublicKeyInvalid" | "UnableToAccessSmtpRelay" | "UserExportInProgress" | "RoleNotFound" | "InvalidRoleNameOrId" | "InvalidMfaReceiptOrgIdMissing" | "InvalidMfaReceiptInvalidOrgId" | "MfaRequestNotFound" | "InvalidKeyType" | "InvalidKeyMaterial" | "InvalidHexValue" | "InvalidBase32Value" | "InvalidBase58Value" | "InvalidSs58Value" | "InvalidForkVersionLength" | "InvalidEthAddress" | "InvalidStellarAddress" | "InvalidOrgNameOrId" | "InvalidUpdateOrgRequestDisallowedMfaType" | "InvalidUpdateOrgRequestEmptyAllowedMfaTypes" | "EmailOtpDelayTooShortForRegisterMfa" | "InvalidStakeDeposit" | "InvalidBlobSignRequest" | "InvalidDiffieHellmanRequest" | "InvalidSolanaSignRequest" | "InvalidEip712SignRequest" | "OnlySpecifyOne" | "NoOidcDataInProof" | "InvalidEvmSignRequest" | "InvalidEth2SignRequest" | "InvalidDeriveKeyRequest" | "InvalidStakingAmount" | "CustomStakingAmountNotAllowedForWrapperContract" | "InvalidUnstakeRequest" | "InvalidCreateUserRequest" | "UserAlreadyExists" | "IdpUserAlreadyExists" | "CognitoUserAlreadyOrgMember" | "UserNotFound" | "UserWithEmailNotFound" | "PolicyKeyMismatch" | "EmptyScopes" | "InvalidScopesForRoleSession" | "InvalidLifetime" | "NoSingleKeyForUser" | "InvalidOrgPolicyRule" | "SourceIpAllowlistEmpty" | "LimitWindowTooLong" | "Erc20ContractDisallowed" | "EmptyRuleError" | "OptionalListEmpty" | "MultipleExclusiveFieldsProvided" | "DuplicateFieldEntry" | "InvalidRange" | "InvalidOrgPolicyRepeatedRule" | "InvalidSuiTransaction" | "SuiSenderMismatch" | "AvaSignHashError" | "AvaSignError" | "BtcSegwitHashError" | "BtcTaprootHashError" | "BtcSignError" | "TaprootSignError" | "Eip712SignError" | "InvalidMemberRoleInUserAdd" | "InvalidMemberRoleInRecipientAdd" | "ThirdPartyUserAlreadyExists" | "OidcIdentityAlreadyExists" | "UserAlreadyHasIdentity" | "ThirdPartyUserNotFound" | "DeleteOidcUserError" | "DeleteUserError" | "SessionRoleMismatch" | "InvalidOidcToken" | "InvalidOidcIdentity" | "OidcIssuerUnsupported" | "OidcIssuerNotAllowed" | "OidcIssuerNoApplicableJwk" | "FidoKeyAlreadyRegistered" | "FidoKeySignCountTooLow" | "FidoVerificationFailed" | "FidoChallengeMfaMismatch" | "UnsupportedLegacyCognitoSession" | "InvalidIdentityProof" | "PaginationDataExpired" | "ExistingKeysViolateExclusiveKeyAccess" | "ExportDelayTooShort" | "ExportWindowTooLong" | "InvalidTotpFailureLimit" | "InvalidEip191SignRequest" | "CannotResendUserInvitation" | "InvalidNotificationEndpointCount" | "CannotDeletePendingSubscription" | "InvalidNotificationUrlProtocol" | "EmptyOneOfOrgEventFilter" | "EmptyAllExceptOrgEventFilter" | "InvalidTapNodeHash" | "InvalidOneTimeCode" | "MessageNotFound" | "MessageAlreadySigned" | "MessageRejected" | "MessageReplaced" | "InvalidMessageType" | "EmptyAddress" | "InvalidEth2SigningPolicySlotRange" | "InvalidEth2SigningPolicyEpochRange" | "InvalidEth2SigningPolicyTimestampRange" | "InvalidEth2SigningPolicyOverlappingRule" | "RpcUrlMissing" | "MmiChainIdMissing" | "EthersInvalidRpcUrl" | "EthersGetTransactionCountError" | "InvalidPassword" | "BabylonStakingFeePlusDustOverflow" | "BabylonStaking" | "BabylonStakingIncorrectKey" | "BabylonStakingSegwitNonDeposit" | "BabylonStakingRegistrationRequiresTaproot" | "PsbtSigning" | "TooManyResets" | "TooManyRequests" | "TooManyFailedLogins" | "BadBtcMessageSignP2shFlag" | "InvalidTendermintRequest" | "PolicyVersionMaxReached" | "PolicyVersionInvalid" | "PolicySecretLimitReached" | "PolicySecretTooLarge" | "InvalidImportKey" | "AlienOwnerInvalid" | "EmptyUpdateRequest" | "InvalidPolicyReference" | "PolicyEngineDisabled" | "InvalidWasmPolicy" | "InvalidPolicy" | "RedundantDerivationPath" | "ImportKeyMissing" | "InvalidAbiMethods" | "BabylonCovSign" | "InvalidPolicyLogsRequest" | "UserProfileMigrationMultipleEntries" | "UserProfileMigrationTooManyItems" | "InputTooShort" | "InvalidTweakLength" | "InvalidCustomChains" | "InvalidRpcRequest";
+        BadRequestErrorCode: "GenericBadRequest" | "DisallowedAllowRuleReference" | "InvalidPaginationToken" | "InvalidEmail" | "InvalidEmailTemplate" | "QueryMetricsError" | "InvalidTelegramData" | "ValidationError" | "WebhookPolicyTimeoutOutOfBounds" | "WebhookPolicyDisallowedUrlScheme" | "WebhookPolicyDisallowedUrlHost" | "WebhookPolicyDisallowedHeaders" | "ReservedName" | "UserEmailNotConfigured" | "EmailPasswordNotFound" | "PasswordAuthNotAllowedByInvitation" | "OneTimeCodeExpired" | "InvalidBody" | "InvalidJwt" | "InvitationNoLongerValid" | "TokenRequestError" | "InvalidMfaReceipt" | "InvalidMfaPolicyCount" | "InvalidMfaPolicyNumAuthFactors" | "InvalidMfaPolicyNumAllowedApprovers" | "InvalidMfaPolicyGracePeriodTooLong" | "InvalidBabylonStakingPolicyParams" | "InvalidSuiTxReceiversEmptyAllowlist" | "InvalidBtcTxReceiversEmptyAllowlist" | "InvalidRequireRoleSessionAllowlist" | "InvalidCreateKeyCount" | "InvalidDiffieHellmanCount" | "OrgInviteExistingUser" | "OrgUserAlreadyExists" | "OrgNameTaken" | "KwkNotFoundInRegion" | "OrgIsNotOrgExport" | "RoleNameTaken" | "PolicyNameTaken" | "NameTaken" | "ContactNameInvalid" | "ContactAddressesInvalid" | "ContactLabelInvalid" | "ContactModified" | "PolicyNotFound" | "PolicyVersionNotFound" | "PolicyRuleDisallowedByType" | "PolicyTypeDisallowed" | "PolicyDuplicateError" | "PolicyStillAttached" | "PolicyModified" | "PolicyNotAttached" | "AddKeyToRoleCountTooHigh" | "InvalidKeyId" | "InvalidTimeLockAlreadyInThePast" | "InvalidRestrictedScopes" | "InvalidUpdate" | "InvalidMetadataLength" | "InvalidLength" | "InvalidKeyMaterialId" | "KeyNotFound" | "SiweChallengeNotFound" | "SiweInvalidRequest" | "UserExportDerivedKey" | "UserExportPublicKeyInvalid" | "NistP256PublicKeyInvalid" | "UnableToAccessSmtpRelay" | "UserExportInProgress" | "RoleNotFound" | "InvalidRoleNameOrId" | "InvalidMfaReceiptOrgIdMissing" | "InvalidMfaReceiptInvalidOrgId" | "MfaRequestNotFound" | "InvalidKeyType" | "InvalidPropertiesForKeyType" | "MismatchedKeyPropertiesPatch" | "MissingBinanceApiKey" | "BinanceKeyMasterMismatch" | "InvalidKeyMaterial" | "InvalidHexValue" | "InvalidBase32Value" | "InvalidBase58Value" | "InvalidBase64Value" | "InvalidSs58Value" | "InvalidForkVersionLength" | "InvalidEthAddress" | "InvalidStellarAddress" | "InvalidOrgNameOrId" | "InvalidUpdateOrgRequestDisallowedMfaType" | "InvalidUpdateOrgRequestEmptyAllowedMfaTypes" | "EmailOtpDelayTooShortForRegisterMfa" | "InvalidStakeDeposit" | "InvalidBlobSignRequest" | "InvalidDiffieHellmanRequest" | "InvalidSolanaSignRequest" | "InvalidEip712SignRequest" | "OnlySpecifyOne" | "NoOidcDataInProof" | "InvalidEvmSignRequest" | "InvalidEth2SignRequest" | "InvalidDeriveKeyRequest" | "InvalidStakingAmount" | "CustomStakingAmountNotAllowedForWrapperContract" | "InvalidUnstakeRequest" | "InvalidCreateUserRequest" | "UserAlreadyExists" | "IdpUserAlreadyExists" | "CognitoUserAlreadyOrgMember" | "UserNotFound" | "UserWithEmailNotFound" | "PolicyKeyMismatch" | "EmptyScopes" | "InvalidScopesForRoleSession" | "InvalidLifetime" | "NoSingleKeyForUser" | "InvalidOrgPolicyRule" | "SourceIpAllowlistEmpty" | "LimitWindowTooLong" | "Erc20ContractDisallowed" | "EmptyRuleError" | "OptionalListEmpty" | "MultipleExclusiveFieldsProvided" | "DuplicateFieldEntry" | "InvalidRange" | "InvalidOrgPolicyRepeatedRule" | "InvalidSuiTransaction" | "SuiSenderMismatch" | "AvaSignHashError" | "AvaSignError" | "BtcSegwitHashError" | "BtcTaprootHashError" | "BtcSignError" | "TaprootSignError" | "Eip712SignError" | "InvalidMemberRoleInUserAdd" | "InvalidMemberRoleInRecipientAdd" | "ThirdPartyUserAlreadyExists" | "OidcIdentityAlreadyExists" | "UserAlreadyHasIdentity" | "ThirdPartyUserNotFound" | "DeleteOidcUserError" | "DeleteUserError" | "SessionRoleMismatch" | "InvalidOidcToken" | "InvalidOidcIdentity" | "OidcIssuerUnsupported" | "OidcIssuerNotAllowed" | "OidcIssuerNoApplicableJwk" | "FidoKeyAlreadyRegistered" | "FidoKeySignCountTooLow" | "FidoVerificationFailed" | "FidoChallengeMfaMismatch" | "UnsupportedLegacyCognitoSession" | "InvalidIdentityProof" | "PaginationDataExpired" | "ExistingKeysViolateExclusiveKeyAccess" | "ExportDelayTooShort" | "ExportWindowTooLong" | "InvalidTotpFailureLimit" | "InvalidEip191SignRequest" | "CannotResendUserInvitation" | "InvalidNotificationEndpointCount" | "CannotDeletePendingSubscription" | "InvalidNotificationUrlProtocol" | "EmptyOneOfOrgEventFilter" | "EmptyAllExceptOrgEventFilter" | "InvalidTapNodeHash" | "InvalidOneTimeCode" | "MessageNotFound" | "MessageAlreadySigned" | "MessageRejected" | "MessageReplaced" | "InvalidMessageType" | "EmptyAddress" | "InvalidEth2SigningPolicySlotRange" | "InvalidEth2SigningPolicyEpochRange" | "InvalidEth2SigningPolicyTimestampRange" | "InvalidEth2SigningPolicyOverlappingRule" | "RpcUrlMissing" | "MmiChainIdMissing" | "EthersInvalidRpcUrl" | "EthersGetTransactionCountError" | "InvalidPassword" | "BabylonStakingFeePlusDustOverflow" | "BabylonStaking" | "BabylonStakingIncorrectKey" | "BabylonStakingSegwitNonDeposit" | "BabylonStakingRegistrationRequiresTaproot" | "PsbtSigning" | "TooManyResets" | "TooManyRequests" | "TooManyFailedLogins" | "BadBtcMessageSignP2shFlag" | "InvalidTendermintRequest" | "PolicyVersionMaxReached" | "PolicyVersionInvalid" | "PolicySecretLimitReached" | "PolicySecretTooLarge" | "InvalidImportKey" | "AlienOwnerInvalid" | "EmptyUpdateRequest" | "InvalidPolicyReference" | "PolicyEngineDisabled" | "InvalidWasmPolicy" | "InvalidPolicy" | "RedundantDerivationPath" | "ImportKeyMissing" | "InvalidAbiMethods" | "BabylonCovSign" | "InvalidPolicyLogsRequest" | "UserProfileMigrationMultipleEntries" | "UserProfileMigrationTooManyItems" | "InputTooShort" | "InvalidTweakLength" | "InvalidCustomChains" | "InvalidRpcRequest";
         BillingArgs: {
             billing_org: components["schemas"]["Id"];
             event_type: components["schemas"]["BillingEvent"];
@@ -2717,7 +2788,168 @@ export interface components {
          * @description Billing event types.
          * @enum {string}
          */
-        BillingEvent: "Mmi" | "MmiMessageGet" | "MmiMessageList" | "MmiMessageSign" | "MmiMessageReject" | "MmiMessageDelete" | "AboutMe" | "UserResetEmailInit" | "UserResetEmailComplete" | "UserDeleteTotp" | "UserResetTotpInit" | "UserResetTotpComplete" | "UserVerifyTotp" | "UserRegisterFidoInit" | "UserRegisterFidoComplete" | "UserDeleteFido" | "CreateProofOidc" | "CreateProofCubeSigner" | "VerifyProof" | "AddOidcIdentity" | "RemoveOidcIdentity" | "ListOidcIdentities" | "GetOrg" | "UpdateOrg" | "GetOrgExport" | "CreateOrg" | "ListKeys" | "AttestKey" | "GetKey" | "GetKeyByMaterialId" | "ListKeyRoles" | "UpdateKey" | "ListHistoricalKeyTx" | "Invite" | "CancelInvitation" | "ListInvitations" | "ListUsers" | "GetUser" | "GetUserByEmail" | "GetUserByOidc" | "UpdateMembership" | "ResetMemberMfa" | "CompleteResetMemberMfa" | "CreateRole" | "AttestRole" | "GetRole" | "ListTokenKeys" | "ListRoles" | "GetRoleKey" | "ListRoleKeys" | "ListRoleUsers" | "UpdateRole" | "DeleteRole" | "ConfigureEmail" | "GetEmailConfig" | "DeleteEmailConfig" | "ListHistoricalRoleTx" | "CreatePolicy" | "GetPolicy" | "ListPolicies" | "DeletePolicy" | "UpdatePolicy" | "InvokePolicy" | "GetPolicyLogs" | "UploadWasmPolicy" | "GetPolicySecrets" | "UpdatePolicySecrets" | "SetPolicySecret" | "DeletePolicySecret" | "CreatePolicyImportKey" | "GetPolicyBucket" | "ListPolicyBuckets" | "UpdatePolicyBucket" | "UserExportDelete" | "UserExportList" | "UserExportInit" | "UserExportComplete" | "AddUserToRole" | "RemoveUserFromRole" | "MfaApproveCs" | "MfaRejectCs" | "MfaGet" | "MfaList" | "AddKeysToRole" | "RemoveKeyFromRole" | "CreateToken" | "CreateSession" | "RevokeSession" | "RevokeCurrentSession" | "RevokeSessions" | "ListSessions" | "GetSession" | "SignerSessionRefresh" | "MfaApproveTotp" | "MfaRejectTotp" | "MfaFidoInit" | "MfaApproveFidoComplete" | "MfaRejectFidoComplete" | "MfaEmailInit" | "MfaEmailComplete" | "Cube3signerHeartbeat" | "CreateContact" | "GetContact" | "ListContacts" | "DeleteContact" | "UpdateContact" | "LookupContactsByAddress" | "QueryMetrics" | "QueryAuditLog" | "Counts" | "CreateKey" | "ImportKey" | "CreateKeyImportKey" | "DeriveKey" | "DeleteKey" | "AvaSign" | "AvaSerializedTxSign" | "BabylonRegistration" | "BabylonStaking" | "BabylonCovSign" | "BlobSign" | "BtcMessageSign" | "BtcSign" | "DiffieHellmanExchange" | "PsbtSign" | "PsbtLegacyInputSign" | "PsbtSegwitInputSign" | "PsbtTaprootInputSign" | "TaprootSign" | "Eip712Sign" | "Eip191Sign" | "Eth1Sign" | "Eth2Sign" | "SolanaSign" | "SuiSign" | "TendermintSign" | "Stake" | "Unstake" | "PasskeyAuthInit" | "PasskeyAuthComplete" | "OidcAuth" | "Oauth2Twitter" | "OAuth2TokenRefresh" | "EmailOtpAuth" | "SiweInit" | "SiweComplete" | "TelegramAuth" | "CreateOidcUser" | "DeleteOidcUser" | "DeleteUser" | "CreateEotsNonces" | "EotsSign" | "AuthMigrationIdentityAdd" | "AuthMigrationIdentityRemove" | "AuthMigrationUserUpdate" | "KeyCreated" | "KeyImported" | "InvitationAccept" | "IdpAuthenticate" | "IdpPasswordResetRequest" | "IdpPasswordResetConfirm" | "RpcApi" | "RpcCreateTransaction" | "RpcGetTransaction" | "RpcListTransactions" | "CustomChainRpcCall" | "EsploraApiCall" | "SentryApiCall" | "SentryApiCallPublic" | "MmiJwkSet" | "AttestationJwkSet" | "UserOrgs" | "PublicOrgInfo" | "EmailMyOrgs";
+        BillingEvent: "Mmi" | "MmiMessageGet" | "MmiMessageList" | "MmiMessageSign" | "MmiMessageReject" | "MmiMessageDelete" | "AboutMe" | "UserResetEmailInit" | "UserResetEmailComplete" | "UserDeleteTotp" | "UserResetTotpInit" | "UserResetTotpComplete" | "UserVerifyTotp" | "UserRegisterFidoInit" | "UserRegisterFidoComplete" | "UserDeleteFido" | "CreateProofOidc" | "CreateProofCubeSigner" | "VerifyProof" | "AddOidcIdentity" | "RemoveOidcIdentity" | "ListOidcIdentities" | "GetOrg" | "UpdateOrg" | "GetOrgExport" | "CreateOrg" | "ListKeys" | "AttestKey" | "GetKey" | "GetKeyByMaterialId" | "ListKeyRoles" | "UpdateKey" | "ListHistoricalKeyTx" | "Invite" | "CancelInvitation" | "ListInvitations" | "ListUsers" | "GetUser" | "GetUserByEmail" | "GetUserByOidc" | "UpdateMembership" | "ResetMemberMfa" | "CompleteResetMemberMfa" | "CreateRole" | "AttestRole" | "GetRole" | "ListTokenKeys" | "ListRoles" | "GetRoleKey" | "ListRoleKeys" | "ListRoleUsers" | "UpdateRole" | "DeleteRole" | "ConfigureEmail" | "GetEmailConfig" | "DeleteEmailConfig" | "ListHistoricalRoleTx" | "CreatePolicy" | "GetPolicy" | "ListPolicies" | "DeletePolicy" | "UpdatePolicy" | "InvokePolicy" | "GetPolicyLogs" | "UploadWasmPolicy" | "GetPolicySecrets" | "UpdatePolicySecrets" | "SetPolicySecret" | "DeletePolicySecret" | "CreatePolicyImportKey" | "GetPolicyBucket" | "ListPolicyBuckets" | "UpdatePolicyBucket" | "UserExportDelete" | "UserExportList" | "UserExportInit" | "UserExportComplete" | "AddUserToRole" | "RemoveUserFromRole" | "MfaApproveCs" | "MfaRejectCs" | "MfaGet" | "MfaList" | "AddKeysToRole" | "RemoveKeyFromRole" | "CreateToken" | "CreateSession" | "RevokeSession" | "RevokeCurrentSession" | "RevokeSessions" | "ListSessions" | "GetSession" | "SignerSessionRefresh" | "MfaApproveTotp" | "MfaRejectTotp" | "MfaFidoInit" | "MfaApproveFidoComplete" | "MfaRejectFidoComplete" | "MfaEmailInit" | "MfaEmailComplete" | "Cube3signerHeartbeat" | "CreateContact" | "GetContact" | "ListContacts" | "DeleteContact" | "UpdateContact" | "LookupContactsByAddress" | "QueryMetrics" | "QueryAuditLog" | "Counts" | "CreateKey" | "ImportKey" | "CreateKeyImportKey" | "DeriveKey" | "DeleteKey" | "AvaSign" | "AvaSerializedTxSign" | "BabylonRegistration" | "BabylonStaking" | "BabylonCovSign" | "BlobSign" | "BtcMessageSign" | "BtcSign" | "DiffieHellmanExchange" | "PsbtSign" | "PsbtLegacyInputSign" | "PsbtSegwitInputSign" | "PsbtTaprootInputSign" | "TaprootSign" | "Eip712Sign" | "Eip191Sign" | "Eth1Sign" | "Eth2Sign" | "SolanaSign" | "SuiSign" | "TendermintSign" | "Stake" | "Unstake" | "PasskeyAuthInit" | "PasskeyAuthComplete" | "OidcAuth" | "Oauth2Twitter" | "OAuth2TokenRefresh" | "EmailOtpAuth" | "SiweInit" | "SiweComplete" | "TelegramAuth" | "CreateOidcUser" | "DeleteOidcUser" | "DeleteUser" | "CreateEotsNonces" | "EotsSign" | "AuthMigrationIdentityAdd" | "AuthMigrationIdentityRemove" | "AuthMigrationUserUpdate" | "KeyCreated" | "KeyImported" | "InvitationAccept" | "IdpAuthenticate" | "IdpPasswordResetRequest" | "IdpPasswordResetConfirm" | "RpcApi" | "RpcCreateTransaction" | "RpcGetTransaction" | "RpcListTransactions" | "RpcBinanceSubToMaster" | "RpcBinanceSubToSub" | "RpcBinanceUniversalTransfer" | "RpcBinanceSubAccountAssets" | "RpcBinanceAccountInfo" | "RpcBinanceSubAccountTransferHistory" | "RpcBinanceUniversalTransferHistory" | "RpcBinanceWithdraw" | "RpcBinanceWithdrawHistory" | "CustomChainRpcCall" | "EsploraApiCall" | "SentryApiCall" | "SentryApiCallPublic" | "MmiJwkSet" | "AttestationJwkSet" | "UserOrgs" | "PublicOrgInfo" | "EmailMyOrgs";
+        /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceAccountInfoParams: components["schemas"]["AccountInfoRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to "10000". Must not be greater than "60000".
+             */
+            recvWindow?: string | null;
+        };
+        BinanceApiPropertiesPatch: {
+            /** @description The Binance-issued API key string. Encrypted server-side before storage. */
+            api_key?: string | null;
+            /** @description Email address of the Binance (master or sub) account this key authenticates as. */
+            email?: string | null;
+            /** @description Whether this corresponds to a master (as opposed to a sub) account on Binance. */
+            is_master?: boolean | null;
+            /** @description Arbitrary label. Useful for storing the corresponding API key label on the Binance side. */
+            label?: string | null;
+        };
+        BinanceDryRunArgs: {
+            /** @description The Binance API method that would have been used */
+            method: string;
+            /** @description The Binance API url method that would have been called */
+            url: string;
+        };
+        /**
+         * @description Different "dry run" modes for executing Binance requests
+         * @enum {string}
+         */
+        BinanceDryRunMode: "NO_SIGN" | "NO_SUBMIT";
+        /**
+         * @description Binance-family RPC methods. Each variant authenticates as the
+         * [`KeyType::Ed25519BinanceApi`] key in its `params.key_id`.
+         */
+        BinanceRpc: {
+            /** @enum {string} */
+            method: "cs_binanceSubToMaster";
+            params: components["schemas"]["BinanceSubToMasterParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_binanceSubToSub";
+            params: components["schemas"]["BinanceSubToSubParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_binanceUniversalTransfer";
+            params: components["schemas"]["BinanceUniversalTransferParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_binanceSubAccountAssets";
+            params: components["schemas"]["BinanceSubAccountAssetsParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_binanceAccountInfo";
+            params: components["schemas"]["BinanceAccountInfoParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_binanceSubAccountTransferHistory";
+            params: components["schemas"]["BinanceSubAccountTransferHistoryParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_binanceUniversalTransferHistory";
+            params: components["schemas"]["BinanceUniversalTransferHistoryParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_binanceWithdraw";
+            params: components["schemas"]["BinanceWithdrawParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_binanceWithdrawHistory";
+            params: components["schemas"]["BinanceWithdrawHistoryParams"];
+        };
+        /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceSubAccountAssetsParams: components["schemas"]["SubAccountAssetsRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to "10000". Must not be greater than "60000".
+             */
+            recvWindow?: string | null;
+        };
+        /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceSubAccountTransferHistoryParams: components["schemas"]["SubAccountTransferHistoryRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to "10000". Must not be greater than "60000".
+             */
+            recvWindow?: string | null;
+        };
+        /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceSubToMasterParams: components["schemas"]["SubToMasterRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to "10000". Must not be greater than "60000".
+             */
+            recvWindow?: string | null;
+        };
+        /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceSubToSubParams: components["schemas"]["SubToSubRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to "10000". Must not be greater than "60000".
+             */
+            recvWindow?: string | null;
+        };
+        /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceUniversalTransferHistoryParams: components["schemas"]["UniversalTransferHistoryRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to "10000". Must not be greater than "60000".
+             */
+            recvWindow?: string | null;
+        };
+        /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceUniversalTransferParams: components["schemas"]["UniversalTransferRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to "10000". Must not be greater than "60000".
+             */
+            recvWindow?: string | null;
+        };
+        /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceWithdrawHistoryParams: components["schemas"]["WithdrawHistoryRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to "10000". Must not be greater than "60000".
+             */
+            recvWindow?: string | null;
+        };
+        /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceWithdrawParams: components["schemas"]["WithdrawRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to "10000". Must not be greater than "60000".
+             */
+            recvWindow?: string | null;
+        };
         /** @description A bitcoin address and its network. */
         BitcoinAddressInfo: {
             /**
@@ -2733,6 +2965,8 @@ export interface components {
          * }
          */
         BlobSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -2821,6 +3055,8 @@ export interface components {
         };
         /** @description Data to sign */
         BtcMessageSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -2857,6 +3093,8 @@ export interface components {
         /** @enum {string} */
         BtcSighashType: "All" | "None" | "Single" | "AllPlusAnyoneCanPay" | "NonePlusAnyoneCanPay" | "SinglePlusAnyoneCanPay";
         BtcSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -3058,6 +3296,13 @@ export interface components {
             client?: components["schemas"]["ClientProfile"];
             os_info?: components["schemas"]["OsInfo"];
         };
+        /** @description Commission rates as decimal strings (e.g. `"0.00100000"`). */
+        CommissionRates: {
+            buyer: string;
+            maker: string;
+            seller: string;
+            taker: string;
+        };
         /**
          * @description Fields that are common to different types of resources such as keys, roles, etc.
          * Includes versioning fields plus metadata, edit policy, etc.
@@ -3148,7 +3393,7 @@ export interface components {
             type: "fido";
         };
         /** @enum {string} */
-        ConflictErrorCode: "ConcurrentRequestDisallowed" | "ConcurrentLockCreation";
+        ConflictErrorCode: "ConcurrentRequestDisallowed" | "ConcurrentLockCreation" | "ConcurrentTransactionSubmission";
         /** @description A contact in the org. */
         Contact: components["schemas"]["CommonFields"] & {
             /**
@@ -3445,6 +3690,24 @@ export interface components {
         CreationOptionsWithHash: components["schemas"]["ChallengePieces"] & {
             options: components["schemas"]["PublicKeyCredentialCreationOptions"];
         };
+        /** @description Core RPC methods (transaction CRUD). */
+        CsRpc: OneOf<[
+            {
+                /** @enum {string} */
+                method: "cs_createTransaction";
+                params: components["schemas"]["CreateTransactionRequest"];
+            },
+            {
+                /** @enum {string} */
+                method: "cs_getTransaction";
+                params: components["schemas"]["GetTransactionRequest"];
+            },
+            {
+                /** @enum {string} */
+                method: "cs_listTransactions";
+                params: components["schemas"]["ListTransactionsRequest"];
+            }
+        ]>;
         CubeSignerUserInfo: {
             /** @description All multi-factor authentication methods configured for this user */
             configured_mfa: components["schemas"]["ConfiguredMfa"][];
@@ -3563,6 +3826,8 @@ export interface components {
             mnemonic_id?: string | null;
         };
         DiffieHellmanRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -3643,6 +3908,8 @@ export interface components {
             time_lock_until?: components["schemas"]["EpochDateTime"] | null;
         };
         Eip191SignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -3765,6 +4032,8 @@ export interface components {
          * }
          */
         Eip712SignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -3860,6 +4129,8 @@ export interface components {
          * at a specified block height.
          */
         EotsCreateNonceRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -3910,6 +4181,8 @@ export interface components {
         };
         /** @description Request for an EOTS signature on a specified message, chain-id, block-height triple */
         EotsSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -4006,6 +4279,8 @@ export interface components {
          * }
          */
         Eth1SignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -4068,6 +4343,8 @@ export interface components {
          * }
          */
         Eth2SignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -4201,7 +4478,7 @@ export interface components {
              *
              * Can be undefined if the transaction hasn't been signed yet, or failed to be signed.
              */
-            signature?: string;
+            signature?: string | null;
             /** @description The transaction itself. */
             tx: unknown;
         };
@@ -4270,7 +4547,7 @@ export interface components {
          * @description Explicitly named scopes for accessing CubeSigner APIs
          * @enum {string}
          */
-        ExplicitScope: "sign:*" | "sign:ava" | "sign:blob" | "sign:diffieHellman" | "sign:btc:*" | "sign:btc:segwit" | "sign:btc:taproot" | "sign:btc:psbt:*" | "sign:btc:psbt:doge" | "sign:btc:psbt:legacy" | "sign:btc:psbt:segwit" | "sign:btc:psbt:taproot" | "sign:btc:psbt:ltcSegwit" | "sign:btc:message:*" | "sign:btc:message:segwit" | "sign:btc:message:legacy" | "sign:babylon:*" | "sign:babylon:eots:*" | "sign:babylon:eots:nonces" | "sign:babylon:eots:sign" | "sign:babylon:staking:*" | "sign:babylon:staking:deposit" | "sign:babylon:staking:unbond" | "sign:babylon:staking:withdraw" | "sign:babylon:staking:slash" | "sign:babylon:registration" | "sign:babylon:covenant" | "sign:evm:*" | "sign:evm:tx" | "sign:evm:eip191" | "sign:evm:eip712" | "sign:eth2:*" | "sign:eth2:validate" | "sign:eth2:stake" | "sign:eth2:unstake" | "sign:solana" | "sign:sui" | "sign:tendermint" | "sign:mmi" | "manage:*" | "manage:readonly" | "manage:email:*" | "manage:email:get" | "manage:email:update" | "manage:email:delete" | "manage:mfa:*" | "manage:mfa:readonly" | "manage:mfa:list" | "manage:mfa:vote:*" | "manage:mfa:vote:cs" | "manage:mfa:vote:email" | "manage:mfa:vote:fido" | "manage:mfa:vote:totp" | "manage:mfa:register:*" | "manage:mfa:register:fido" | "manage:mfa:register:totp" | "manage:mfa:register:email" | "manage:mfa:unregister:*" | "manage:mfa:unregister:fido" | "manage:mfa:unregister:totp" | "manage:mfa:verify:*" | "manage:mfa:verify:totp" | "manage:key:*" | "manage:key:readonly" | "manage:key:get" | "manage:key:attest" | "manage:key:listRoles" | "manage:key:list" | "manage:key:history:tx:list" | "manage:key:create" | "manage:key:import" | "manage:key:update:*" | "manage:key:update:owner" | "manage:key:update:policy" | "manage:key:update:enabled" | "manage:key:update:region" | "manage:key:update:metadata" | "manage:key:update:editPolicy" | "manage:key:delete" | "manage:policy:*" | "manage:policy:readonly" | "manage:policy:create" | "manage:policy:get" | "manage:policy:list" | "manage:policy:delete" | "manage:policy:update:*" | "manage:policy:update:owner" | "manage:policy:update:name" | "manage:policy:update:acl" | "manage:policy:update:editPolicy" | "manage:policy:update:metadata" | "manage:policy:update:rule" | "manage:policy:invoke" | "manage:policy:wasm:*" | "manage:policy:wasm:upload" | "manage:policy:secrets:*" | "manage:policy:secrets:get" | "manage:policy:secrets:update:*" | "manage:policy:secrets:update:values" | "manage:policy:secrets:update:acl" | "manage:policy:secrets:update:editPolicy" | "manage:policy:buckets:*" | "manage:policy:buckets:get" | "manage:policy:buckets:list" | "manage:policy:buckets:update:*" | "manage:policy:buckets:update:owner" | "manage:policy:buckets:update:acl" | "manage:policy:buckets:update:metadata" | "manage:contact:*" | "manage:contact:readonly" | "manage:contact:create" | "manage:contact:get" | "manage:contact:list" | "manage:contact:delete" | "manage:contact:update:*" | "manage:contact:update:name" | "manage:contact:update:addresses" | "manage:contact:update:owner" | "manage:contact:update:labels" | "manage:contact:update:metadata" | "manage:contact:update:editPolicy" | "manage:contact:lookup:*" | "manage:contact:lookup:address" | "manage:policy:createImportKey" | "manage:role:*" | "manage:role:readonly" | "manage:role:create" | "manage:role:delete" | "manage:role:get:*" | "manage:role:attest" | "manage:role:get:keys" | "manage:role:get:keys:list" | "manage:role:get:keys:get" | "manage:role:get:users" | "manage:role:list" | "manage:role:update:*" | "manage:role:update:enabled" | "manage:role:update:policy" | "manage:role:update:editPolicy" | "manage:role:update:actions" | "manage:role:update:key:*" | "manage:role:update:key:add" | "manage:role:update:key:remove" | "manage:role:update:user:*" | "manage:role:update:user:add" | "manage:role:update:user:remove" | "manage:role:history:tx:list" | "manage:identity:*" | "manage:identity:readonly" | "manage:identity:verify" | "manage:identity:add" | "manage:identity:remove" | "manage:identity:list" | "manage:org:*" | "manage:org:create" | "manage:org:metrics:query" | "manage:org:audit:query" | "manage:org:readonly" | "manage:org:addUser" | "manage:org:inviteUser" | "manage:org:inviteAlien" | "manage:org:invitation:list" | "manage:org:invitation:cancel" | "manage:org:updateMembership" | "manage:org:listUsers" | "manage:org:user:get" | "manage:org:deleteUser" | "manage:org:get" | "manage:org:update:*" | "manage:org:update:enabled" | "manage:org:update:policy" | "manage:org:update:signPolicy" | "manage:org:update:export" | "manage:org:update:totpFailureLimit" | "manage:org:update:notificationEndpoints" | "manage:org:update:defaultInviteKind" | "manage:org:update:idpConfiguration" | "manage:org:update:passkeyConfiguration" | "manage:org:update:emailPreferences" | "manage:org:update:historicalData" | "manage:org:update:requireScopeCeiling" | "manage:org:update:alienLoginRequirement" | "manage:org:update:memberLoginRequirement" | "manage:org:update:keyExportRequirement" | "manage:org:update:allowedMfaTypes" | "manage:org:update:policyEngineConf" | "manage:org:update:customChains" | "manage:org:update:extProps" | "manage:org:update:editPolicy" | "manage:org:user:resetMfa" | "manage:session:*" | "manage:session:readonly" | "manage:session:get" | "manage:session:list" | "manage:session:create" | "manage:session:extend" | "manage:session:revoke" | "manage:export:*" | "manage:export:readonly" | "manage:export:org:*" | "manage:export:org:get" | "manage:export:user:*" | "manage:export:user:delete" | "manage:export:user:list" | "manage:authMigration:*" | "manage:authMigration:identity:add" | "manage:authMigration:identity:remove" | "manage:authMigration:user:update" | "manage:mmi:*" | "manage:mmi:readonly" | "manage:mmi:get" | "manage:mmi:list" | "manage:mmi:reject" | "manage:mmi:delete" | "export:*" | "export:user:*" | "export:user:init" | "export:user:complete" | "mmi:*" | "orgAccess:*" | "orgAccess:child:*" | "rpc:*" | "rpc:createTransaction:*" | "rpc:createTransaction:evm" | "rpc:getTransaction" | "rpc:listTransactions";
+        ExplicitScope: "sign:*" | "sign:ava" | "sign:blob" | "sign:diffieHellman" | "sign:btc:*" | "sign:btc:segwit" | "sign:btc:taproot" | "sign:btc:psbt:*" | "sign:btc:psbt:doge" | "sign:btc:psbt:legacy" | "sign:btc:psbt:segwit" | "sign:btc:psbt:taproot" | "sign:btc:psbt:ltcSegwit" | "sign:btc:message:*" | "sign:btc:message:segwit" | "sign:btc:message:legacy" | "sign:babylon:*" | "sign:babylon:eots:*" | "sign:babylon:eots:nonces" | "sign:babylon:eots:sign" | "sign:babylon:staking:*" | "sign:babylon:staking:deposit" | "sign:babylon:staking:unbond" | "sign:babylon:staking:withdraw" | "sign:babylon:staking:slash" | "sign:babylon:registration" | "sign:babylon:covenant" | "sign:evm:*" | "sign:evm:tx" | "sign:evm:eip191" | "sign:evm:eip712" | "sign:eth2:*" | "sign:eth2:validate" | "sign:eth2:stake" | "sign:eth2:unstake" | "sign:solana" | "sign:sui" | "sign:tendermint" | "sign:mmi" | "manage:*" | "manage:readonly" | "manage:email:*" | "manage:email:get" | "manage:email:update" | "manage:email:delete" | "manage:mfa:*" | "manage:mfa:readonly" | "manage:mfa:list" | "manage:mfa:vote:*" | "manage:mfa:vote:cs" | "manage:mfa:vote:email" | "manage:mfa:vote:fido" | "manage:mfa:vote:totp" | "manage:mfa:register:*" | "manage:mfa:register:fido" | "manage:mfa:register:totp" | "manage:mfa:register:email" | "manage:mfa:unregister:*" | "manage:mfa:unregister:fido" | "manage:mfa:unregister:totp" | "manage:mfa:verify:*" | "manage:mfa:verify:totp" | "manage:key:*" | "manage:key:readonly" | "manage:key:get" | "manage:key:attest" | "manage:key:listRoles" | "manage:key:list" | "manage:key:history:tx:list" | "manage:key:create" | "manage:key:import" | "manage:key:update:*" | "manage:key:update:owner" | "manage:key:update:policy" | "manage:key:update:enabled" | "manage:key:update:region" | "manage:key:update:metadata" | "manage:key:update:properties" | "manage:key:update:editPolicy" | "manage:key:delete" | "manage:policy:*" | "manage:policy:readonly" | "manage:policy:create" | "manage:policy:get" | "manage:policy:list" | "manage:policy:delete" | "manage:policy:update:*" | "manage:policy:update:owner" | "manage:policy:update:name" | "manage:policy:update:acl" | "manage:policy:update:editPolicy" | "manage:policy:update:metadata" | "manage:policy:update:rule" | "manage:policy:invoke" | "manage:policy:wasm:*" | "manage:policy:wasm:upload" | "manage:policy:secrets:*" | "manage:policy:secrets:get" | "manage:policy:secrets:update:*" | "manage:policy:secrets:update:values" | "manage:policy:secrets:update:acl" | "manage:policy:secrets:update:editPolicy" | "manage:policy:buckets:*" | "manage:policy:buckets:get" | "manage:policy:buckets:list" | "manage:policy:buckets:update:*" | "manage:policy:buckets:update:owner" | "manage:policy:buckets:update:acl" | "manage:policy:buckets:update:metadata" | "manage:contact:*" | "manage:contact:readonly" | "manage:contact:create" | "manage:contact:get" | "manage:contact:list" | "manage:contact:delete" | "manage:contact:update:*" | "manage:contact:update:name" | "manage:contact:update:addresses" | "manage:contact:update:owner" | "manage:contact:update:labels" | "manage:contact:update:metadata" | "manage:contact:update:editPolicy" | "manage:contact:lookup:*" | "manage:contact:lookup:address" | "manage:policy:createImportKey" | "manage:role:*" | "manage:role:readonly" | "manage:role:create" | "manage:role:delete" | "manage:role:get:*" | "manage:role:attest" | "manage:role:get:keys" | "manage:role:get:keys:list" | "manage:role:get:keys:get" | "manage:role:get:users" | "manage:role:list" | "manage:role:update:*" | "manage:role:update:enabled" | "manage:role:update:policy" | "manage:role:update:editPolicy" | "manage:role:update:actions" | "manage:role:update:key:*" | "manage:role:update:key:add" | "manage:role:update:key:remove" | "manage:role:update:user:*" | "manage:role:update:user:add" | "manage:role:update:user:remove" | "manage:role:history:tx:list" | "manage:identity:*" | "manage:identity:readonly" | "manage:identity:verify" | "manage:identity:add" | "manage:identity:remove" | "manage:identity:list" | "manage:org:*" | "manage:org:create" | "manage:org:metrics:query" | "manage:org:audit:query" | "manage:org:readonly" | "manage:org:addUser" | "manage:org:inviteUser" | "manage:org:inviteAlien" | "manage:org:invitation:list" | "manage:org:invitation:cancel" | "manage:org:updateMembership:*" | "manage:org:updateMembership:owner" | "manage:org:updateMembership:member" | "manage:org:updateMembership:alien" | "manage:org:listUsers" | "manage:org:user:get" | "manage:org:deleteUser:*" | "manage:org:deleteUser:owner" | "manage:org:deleteUser:member" | "manage:org:deleteUser:alien" | "manage:org:get" | "manage:org:update:*" | "manage:org:update:enabled" | "manage:org:update:policy" | "manage:org:update:signPolicy" | "manage:org:update:export" | "manage:org:update:totpFailureLimit" | "manage:org:update:notificationEndpoints" | "manage:org:update:defaultInviteKind" | "manage:org:update:idpConfiguration" | "manage:org:update:passkeyConfiguration" | "manage:org:update:emailPreferences" | "manage:org:update:historicalData" | "manage:org:update:requireScopeCeiling" | "manage:org:update:alienLoginRequirement" | "manage:org:update:memberLoginRequirement" | "manage:org:update:keyExportRequirement" | "manage:org:update:allowedMfaTypes" | "manage:org:update:policyEngineConf" | "manage:org:update:customChains" | "manage:org:update:extProps" | "manage:org:update:editPolicy" | "manage:org:user:resetMfa" | "manage:session:*" | "manage:session:readonly" | "manage:session:get" | "manage:session:list" | "manage:session:create" | "manage:session:extend" | "manage:session:revoke" | "manage:export:*" | "manage:export:readonly" | "manage:export:org:*" | "manage:export:org:get" | "manage:export:user:*" | "manage:export:user:delete" | "manage:export:user:list" | "manage:authMigration:*" | "manage:authMigration:identity:add" | "manage:authMigration:identity:remove" | "manage:authMigration:user:update" | "manage:mmi:*" | "manage:mmi:readonly" | "manage:mmi:get" | "manage:mmi:list" | "manage:mmi:reject" | "manage:mmi:delete" | "export:*" | "export:user:*" | "export:user:init" | "export:user:complete" | "mmi:*" | "orgAccess:*" | "orgAccess:child:*" | "rpc:*" | "rpc:createTransaction:*" | "rpc:createTransaction:evm" | "rpc:getTransaction" | "rpc:listTransactions" | "rpc:binance:*" | "rpc:binance:subToMaster" | "rpc:binance:subToSub" | "rpc:binance:universalTransfer" | "rpc:binance:subAccountAssets" | "rpc:binance:accountInfo" | "rpc:binance:subAccountTransferHistory" | "rpc:binance:universalTransferHistory" | "rpc:binance:withdraw" | "rpc:binance:withdrawHistory";
         /**
          * @description This type specifies the interpretation of the `fee` field in Babylon
          * staking requests. If `sats`, the field is intpreted as a fixed value
@@ -4727,9 +5004,7 @@ export interface components {
             key_type: string;
         };
         /** @description The top-level JSON-RPC request type. */
-        JsonRpcRequest: {
-            method: "JsonRpcRequest";
-        } & Omit<components["schemas"]["RpcMethod"], "method"> & {
+        JsonRpcRequest: components["schemas"]["RpcMethod"] & {
             /** @description Request ID */
             id?: string;
             /** @description JSON-RPC version. */
@@ -4746,7 +5021,7 @@ export interface components {
             result?: Record<string, unknown> | null;
         };
         /** @description Valid `result` from the JSON-RPC API. */
-        JsonRpcResult: components["schemas"]["TransactionInfo"] | components["schemas"]["ListTransactionsPaginatedResponse"];
+        JsonRpcResult: components["schemas"]["TransactionInfo"] | components["schemas"]["ListTransactionsPaginatedResponse"] | components["schemas"]["SubAccountTransferResponse"] | components["schemas"]["UniversalTransferResponse"] | components["schemas"]["SubAccountAssetsResponse"] | components["schemas"]["AccountInfoResponse"] | components["schemas"]["SubAccountTransferHistoryResponse"] | components["schemas"]["UniversalTransferHistoryResponse"] | components["schemas"]["WithdrawResponse"] | components["schemas"]["WithdrawHistoryResponse"];
         JwkSetResponse: {
             /** @description The keys included in this set */
             keys: Record<string, never>[];
@@ -4848,6 +5123,7 @@ export interface components {
              * ]
              */
             policy: unknown[];
+            properties?: components["schemas"]["KeyPropertiesPatch"] | null;
             /** @description The key provenance. */
             provenance?: string | null;
             /**
@@ -4875,8 +5151,21 @@ export interface components {
         KeyInfos: {
             keys: components["schemas"]["KeyInfo"][];
         };
+        /**
+         * @description Client-side wire payload for [`KeyProperties`]. Used in both directions:
+         *
+         * - **On write**: a *patch*, i.e., for each field, missing means "leave alone",
+         * `null` means "clear", and a value means "set". Secret fields arrive in the
+         * clear and are encrypted server-side before persisting.
+         * - **On read**: each field is omitted when the stored property is unset; secret
+         * fields are emitted with the redacted marker (e.g. "[REDACTED]").
+         */
+        KeyPropertiesPatch: components["schemas"]["BinanceApiPropertiesPatch"] & {
+            /** @enum {string} */
+            kind: "BinanceApi";
+        };
         /** @enum {string} */
-        KeyType: "SecpEthAddr" | "SecpBtc" | "SecpBtcTest" | "SecpBtcLegacy" | "SecpBtcLegacyTest" | "SecpAvaAddr" | "SecpAvaTestAddr" | "BlsPub" | "BlsInactive" | "BlsAvaIcm" | "Ed25519SolanaAddr" | "Ed25519SuiAddr" | "Ed25519AptosAddr" | "Ed25519CardanoAddrVk" | "Ed25519StellarAddr" | "Ed25519SubstrateAddr" | "Ed25519CantonAddr" | "Mnemonic" | "Stark" | "BabylonEots" | "BabylonCov" | "TaprootBtc" | "TaprootBtcTest" | "SecpCosmosAddr" | "P256CosmosAddr" | "P256OntologyAddr" | "P256Neo3Addr" | "Ed25519TendermintAddr" | "SecpTronAddr" | "Ed25519TonAddr" | "SecpDogeAddr" | "SecpDogeTestAddr" | "SecpKaspaAddr" | "SecpKaspaTestAddr" | "SchnorrKaspaAddr" | "SchnorrKaspaTestAddr" | "SecpLtc" | "SecpLtcTest" | "SecpXrpAddr" | "Ed25519XrpAddr" | "BabyJubjub";
+        KeyType: "SecpEthAddr" | "SecpBtc" | "SecpBtcTest" | "SecpBtcLegacy" | "SecpBtcLegacyTest" | "SecpAvaAddr" | "SecpAvaTestAddr" | "BlsPub" | "BlsInactive" | "BlsAvaIcm" | "Ed25519SolanaAddr" | "Ed25519SuiAddr" | "Ed25519AptosAddr" | "Ed25519CardanoAddrVk" | "Ed25519StellarAddr" | "Ed25519SubstrateAddr" | "Ed25519CantonAddr" | "Ed25519BinanceApi" | "Mnemonic" | "Stark" | "BabylonEots" | "BabylonCov" | "TaprootBtc" | "TaprootBtcTest" | "SecpCosmosAddr" | "P256CosmosAddr" | "P256OntologyAddr" | "P256Neo3Addr" | "Ed25519TendermintAddr" | "SecpTronAddr" | "Ed25519TonAddr" | "SecpDogeAddr" | "SecpDogeTestAddr" | "SecpKaspaAddr" | "SecpKaspaTestAddr" | "SchnorrKaspaAddr" | "SchnorrKaspaTestAddr" | "SecpLtc" | "SecpLtcTest" | "SecpXrpAddr" | "Ed25519XrpAddr" | "BabyJubjub";
         KeyTypeAndDerivationPath: {
             /**
              * @description List of derivation paths for which to derive.
@@ -4947,7 +5236,7 @@ export interface components {
              */
             owner?: string | null;
         };
-        /** @description The response to [`cs_listTransactions`](super::request::RpcMethod::ListTransactions) */
+        /** @description The response to [`cs_listTransactions`](super::request::CsRpc::ListTransactions) */
         ListTransactionsResponse: {
             /** @description A list of transaction infos. */
             transactions: components["schemas"]["TransactionInfo"][];
@@ -5033,6 +5322,17 @@ export interface components {
             request: components["schemas"]["HttpRequest"];
             status: components["schemas"]["Status"];
         };
+        MfaRequiredArgs: {
+            /** @description Always set to first MFA id from `Self::ids` */
+            id: string;
+            /** @description Non-empty MFA request IDs */
+            ids: string[];
+            /** @description Organization id */
+            org_id: string;
+            /** @description Optional policy evaluation tree (included in signer responses, when requested) */
+            policy_eval_tree?: unknown;
+            session?: components["schemas"]["NewSessionResponse"] | null;
+        };
         /** @description Org-wide MFA requirements. */
         MfaRequirements: {
             alien_login_requirement?: components["schemas"]["SecondFactorRequirement"];
@@ -5072,7 +5372,7 @@ export interface components {
             verified_email?: string | null;
         };
         MigrateUpdateUsersRequest: components["schemas"]["MigrateUpdateUserItem"][];
-        MmiMetadata: (components["schemas"]["MmiMetadataExt"] | null) & {
+        MmiMetadata: {
             /** @description Chain ID (not required when signing a personal message (EIP-191)) */
             chainId?: string | null;
             /** @description If the custodian should publish the transaction */
@@ -5086,40 +5386,6 @@ export interface components {
             /** @description The category of transaction, as best can be determined by the wallet */
             transactionCategory?: string | null;
         };
-        MmiMetadataExt: {
-            /**
-             * @description All accounts the user can access.
-             * Only set when requested explicitly, i.e., via 'customer_listAccountsSigned'.
-             */
-            accounts?: {
-                /**
-                 * @description An Ethereum address, hex-encoded, with leading '0x'
-                 * @example 0x0123456789012345678901234567890123456789
-                 */
-                address: string;
-                /** @description Account metadata */
-                metadata?: unknown;
-                /** @description Account name */
-                name: string;
-                /** @description Ordered list of name-value pairs */
-                tags?: {
-                    /** @description Tag name */
-                    name: string;
-                    /** @description Tag value */
-                    value: string;
-                }[];
-            }[] | null;
-            /** @description The customer ID of the user, i.e., the customer's organization ID. */
-            customerId: string | null;
-            /** @description A human readable name of the corresponding organization, if any. */
-            customerName: string | null;
-        } & {
-            /**
-             * @description This must match the `sub` claim of the customer proof of
-             * the user or role session which created the transaction.
-             */
-            userId: string | null;
-        };
         MmiRejectRequest: {
             /** @description Optional reason for rejecting. */
             reason?: string | null;
@@ -6278,6 +6544,8 @@ export interface components {
         ]>;
         /** @description A request to sign a PSBT */
         PsbtSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -6881,20 +7149,14 @@ export interface components {
             /** @description A JSON Web Token whose claims contain the `RoleInfo` structure. */
             jwt: string;
         };
-        /** @description The RPC API method and matching parameters. */
-        RpcMethod: {
-            /** @enum {string} */
-            method: "cs_createTransaction";
-            params: components["schemas"]["CreateTransactionRequest"];
-        } | {
-            /** @enum {string} */
-            method: "cs_getTransaction";
-            params: components["schemas"]["GetTransactionRequest"];
-        } | {
-            /** @enum {string} */
-            method: "cs_listTransactions";
-            params: components["schemas"]["ListTransactionsRequest"];
-        };
+        /**
+         * @description The RPC API method and matching parameters.
+         *
+         * Top-level dispatch. Wire format is preserved by `#[serde(untagged)]`: each
+         * inbound request is matched against one of the internally-tagged inner enums
+         * ([`CsRpc`] for the core methods, [`BinanceRpc`] for the Binance family).
+         */
+        RpcMethod: components["schemas"]["CsRpc"] | components["schemas"]["BinanceRpc"];
         /** @description All scopes for accessing CubeSigner APIs */
         Scope: components["schemas"]["ExplicitScope"] | string;
         /** @description A set of scopes. */
@@ -7035,6 +7297,12 @@ export interface components {
             /** @description All metrics must include 'org_id' as a dimension. */
             org_id: string;
         };
+        SignDryRunArgs: {
+            /** @description Whether MFA is required */
+            mfa_requests: components["schemas"]["MfaRequestInfo"][];
+            /** @description Optional policy evaluation tree, if requested */
+            policy_eval_tree?: unknown;
+        };
         SignResponse: {
             /** @description Optional policy evaluation tree. */
             policy_eval_tree?: unknown;
@@ -7129,6 +7397,8 @@ export interface components {
          * }
          */
         SolanaSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -7158,6 +7428,8 @@ export interface components {
             source_ip: string;
         };
         StakeRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -7237,6 +7509,164 @@ export interface components {
             num_auth_factors: number;
             request_comparer?: components["schemas"]["HttpRequestCmp"];
         };
+        /**
+         * @description A single asset balance entry returned by [`SubAccountAssetsResponse`].
+         *
+         * All balance fields are decimal strings (Binance preserves precision by not
+         * converting to floats).
+         */
+        SubAccountAsset: {
+            /** @description Asset symbol (e.g. `"USDT"`, `"BTC"`). */
+            asset: string;
+            /** @description Available balance. */
+            free: string;
+            /** @description Balance frozen by Binance (e.g. due to compliance holds). */
+            freeze: string;
+            /** @description Balance locked in open orders. */
+            locked: string;
+            /** @description Balance currently being withdrawn. */
+            withdrawing: string;
+        };
+        /**
+         * @description Parameters for `GET /sapi/v4/sub-account/assets`.
+         *
+         * Queries the spot-wallet balances of a single sub-account. Must be called by
+         * a master-account credential.
+         */
+        SubAccountAssetsRequest: {
+            /** @description Email address of the sub-account whose balances to fetch. */
+            email: string;
+        };
+        /** @description Response for [`BinanceManager::sub_account_assets`]. */
+        SubAccountAssetsResponse: {
+            /**
+             * @description One entry per asset held in the sub-account's spot wallet. Binance
+             * omits assets with all-zero balances.
+             */
+            balances: components["schemas"]["SubAccountAsset"][];
+        };
+        /** @description One transfer entry in [`SubAccountTransferHistoryResponse`]. */
+        SubAccountTransferHistoryEntry: {
+            /** @description Asset symbol (e.g. `"USDT"`). */
+            asset: string;
+            /** @description Email of the counterparty account on the other side of the transfer. */
+            counterParty: string;
+            /**
+             * @description Email of the account this entry's API key authenticates as. Binance
+             * returns this on each row even though it is the same for the whole page.
+             */
+            email: string;
+            /**
+             * @description Wallet type debited on the source side (e.g. `"SPOT"`,
+             * `"USDT_FUTURE"`). Left as `String` for forward compatibility.
+             */
+            fromAccountType: string;
+            /** @description Amount transferred, as a decimal string. */
+            qty: string;
+            /**
+             * @description Transfer status: `"PROCESS"`, `"SUCCESS"`, or `"FAILURE"`. Left as
+             * `String` for forward compatibility.
+             */
+            status: string;
+            /**
+             * Format: int64
+             * @description Time of the transfer (ms since epoch).
+             */
+            time: number;
+            /** @description Wallet type credited on the destination side. */
+            toAccountType: string;
+            /**
+             * Format: int64
+             * @description Transfer id. Matches the `txnId` returned by the original
+             * [`SubAccountTransferResponse`].
+             */
+            tranId: number;
+            /**
+             * Format: int32
+             * @description `1` = transfer in, `2` = transfer out.
+             */
+            type: number;
+        };
+        /**
+         * @description Parameters for `GET /sapi/v1/sub-account/transfer/subUserHistory`.
+         *
+         * Lists the transfer history of the calling sub-account. Covers both
+         * sub-to-master and sub-to-sub transfers. All filters are optional; if
+         * `start_time`/`end_time` are omitted, Binance returns the most recent 30
+         * days. If `r#type` is omitted, Binance defaults to `TransferOut` (`2`).
+         */
+        SubAccountTransferHistoryRequest: {
+            /** @description Filter to a specific asset (e.g. `"USDT"`). */
+            asset?: string | null;
+            /**
+             * Format: int64
+             * @description Window end (ms since epoch).
+             */
+            endTime?: number | null;
+            /**
+             * Format: int32
+             * @description Page size (Binance default: 500).
+             */
+            limit?: number | null;
+            /**
+             * @description If `true`, include failed transfers in the response. Binance defaults
+             * to `false`.
+             */
+            returnFailHistory?: boolean | null;
+            /**
+             * Format: int64
+             * @description Window start (ms since epoch).
+             */
+            startTime?: number | null;
+            /**
+             * Format: int32
+             * @description Direction filter (`1` = transfer in, `2` = transfer out).
+             */
+            type?: number | null;
+        };
+        /**
+         * @description Response for [`BinanceManager::sub_account_transfer_history`].
+         *
+         * Binance returns a top-level JSON array; this newtype preserves that wire
+         * format while giving the response a named type in the OpenAPI schema.
+         */
+        SubAccountTransferHistoryResponse: components["schemas"]["SubAccountTransferHistoryEntry"][];
+        /** @description Response for [`BinanceManager::sub_to_master`] and [`BinanceManager::sub_to_sub`]. */
+        SubAccountTransferResponse: {
+            /** Format: int64 */
+            txnId: number;
+        };
+        /**
+         * @description Parameters for `POST /sapi/v1/sub-account/transfer/subToMaster`.
+         *
+         * Transfers an asset from the caller's sub-account to the master account.
+         */
+        SubToMasterRequest: {
+            /**
+             * @description The amount being transferred, formatted as a decimal string (e.g. `"0.1"`).
+             * Sent verbatim: Binance is strict about decimal formatting.
+             */
+            amount: string;
+            /** @description The asset symbol being transferred (e.g. `"USDT"`, `"BTC"`). */
+            asset: string;
+        };
+        /**
+         * @description Parameters for `POST /sapi/v1/sub-account/transfer/subToSub`.
+         *
+         * Transfers an asset from the caller's sub-account to another sub-account
+         * under the same master account.
+         */
+        SubToSubRequest: {
+            /** @description The amount being transferred, as a decimal string (e.g. `"0.1"`). */
+            amount: string;
+            /** @description The asset symbol being transferred (e.g. `"USDT"`). */
+            asset: string;
+            /**
+             * @description Email address of the destination sub-account. Must be a sub-account of
+             * the same master.
+             */
+            toEmail: string;
+        };
         /**
          * @description The status of a subscription
          * @enum {string}
@@ -7258,6 +7688,8 @@ export interface components {
         SuiChain: "mainnet" | "devnet" | "testnet";
         /** @description Request to sign a serialized SUI transaction */
         SuiSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -7284,6 +7716,8 @@ export interface components {
             tx: string;
         };
         TaprootSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -7356,6 +7790,8 @@ export interface components {
         TelegramEnvironment: "production" | "test";
         /** @description The request for using the Tendermint sign endpoint. */
         TendermintSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -7617,6 +8053,119 @@ export interface components {
         ]>;
         /** @enum {string} */
         UnauthorizedErrorCode: "AuthorizationHeaderMissing" | "EndpointRequiresUserSession" | "RefreshTokenMissing";
+        /** @description One transfer entry in [`UniversalTransferHistoryResponse`]. */
+        UniversalTransferHistoryEntry: {
+            /** @description Amount transferred, as a decimal string. */
+            amount: string;
+            /** @description Asset symbol. */
+            asset: string;
+            /** @description Client-supplied transfer id, if one was set on the original transfer. */
+            clientTranId?: string | null;
+            /**
+             * Format: int64
+             * @description Time of the transfer (ms since epoch).
+             */
+            createTimeStamp: number;
+            /**
+             * @description Wallet type debited on the source side. Left as `String` for forward
+             * compatibility.
+             */
+            fromAccountType: string;
+            /** @description Source sub-account email; absent when the source is the master. */
+            fromEmail?: string | null;
+            /** @description Transfer status (e.g. `"SUCCESS"`). */
+            status: string;
+            /** @description Wallet type credited on the destination side. */
+            toAccountType: string;
+            /** @description Destination sub-account email; absent when the destination is master. */
+            toEmail?: string | null;
+            /**
+             * Format: int64
+             * @description Transfer id. Matches the `tranId` returned by the original
+             * [`UniversalTransferResponse`].
+             */
+            tranId: number;
+        };
+        /**
+         * @description Parameters for `GET /sapi/v1/sub-account/universalTransfer`.
+         *
+         * Lists universal transfers initiated by the master account. All filters
+         * are optional; if `start_time`/`end_time` are omitted, Binance returns the
+         * most recent 30 days. Binance does not support filtering by `tran_id`
+         * directly — use `client_tran_id` if you set one when initiating the
+         * transfer, or page through the result and match the `tranId` client-side.
+         */
+        UniversalTransferHistoryRequest: {
+            /** @description Filter by client-supplied transfer id. */
+            clientTranId?: string | null;
+            /**
+             * Format: int64
+             * @description Window end (ms since epoch).
+             */
+            endTime?: number | null;
+            /** @description Filter to transfers originating from this sub-account email. */
+            fromEmail?: string | null;
+            /**
+             * Format: int32
+             * @description Page size (Binance default: 500, max: 500).
+             */
+            limit?: number | null;
+            /**
+             * Format: int32
+             * @description 1-based page number (Binance default: 1).
+             */
+            page?: number | null;
+            /**
+             * Format: int64
+             * @description Window start (ms since epoch).
+             */
+            startTime?: number | null;
+            /** @description Filter to transfers destined for this sub-account email. */
+            toEmail?: string | null;
+        };
+        /** @description Response for [`BinanceManager::universal_transfer_history`]. */
+        UniversalTransferHistoryResponse: {
+            /** @description Transfers in the current page. */
+            result: components["schemas"]["UniversalTransferHistoryEntry"][];
+            /**
+             * Format: int64
+             * @description Total number of transfers matching the filters across all pages.
+             */
+            totalCount: number;
+        };
+        /**
+         * @description Parameters for `POST /sapi/v1/sub-account/universalTransfer`.
+         *
+         * Transfers an asset between any two accounts (master to/from sub, or sub
+         * to/from sub) and between any two wallet types (spot, futures, margin, etc).
+         * The signing credential (the API key + Ed25519 key pair) must belong to the
+         * master account.
+         */
+        UniversalTransferRequest: {
+            /** @description The amount being transferred, as a decimal string. */
+            amount: string;
+            /** @description The asset symbol being transferred (e.g. `"USDT"`). */
+            asset: string;
+            /**
+             * @description Optional client-supplied transfer id. If set, Binance echoes it back
+             * on [`UniversalTransferResponse::client_tran_id`] and lets it be used
+             * as a filter on
+             * [`UniversalTransferHistoryRequest::client_tran_id`].
+             */
+            clientTranId?: string | null;
+            fromAccountType?: components["schemas"]["AccountType"];
+            /** @description Source sub-account email. If `None`, the source is the master account. */
+            fromEmail?: string | null;
+            toAccountType?: components["schemas"]["AccountType"];
+            /** @description Destination sub-account email. If `None`, the destination is the master account. */
+            toEmail?: string | null;
+        };
+        /** @description Response for [`BinanceManager::universal_transfer`]. */
+        UniversalTransferResponse: {
+            clientTranId?: string | null;
+            /** Format: int64 */
+            tranId: number;
+        };
         /** @description Options that should be set only for local devnet testing. */
         UnsafeConf: {
             /**
@@ -7645,6 +8194,8 @@ export interface components {
              */
             validator_index: string;
         } & {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -7719,6 +8270,14 @@ export interface components {
              * Once disabled, a key cannot be used for signing.
              */
             enabled?: boolean | null;
+            /**
+             * @description If set, patch the key's structured [`KeyProperties`]. The patch's variant must
+             * match the key's [`KeyType`] (e.g. `BinanceApi` properties are only allowed on
+             * `Ed25519BinanceApi` keys). Each field in the patch is independent: missing
+             * means leave alone, JSON `null` clears, a value sets. Sending JSON `null` for
+             * the whole field clears all properties on the key.
+             */
+            properties?: unknown;
             /**
              * @description If set, change the key's region affinity to this value.
              *
@@ -8377,6 +8936,179 @@ export interface components {
         WhereAndWhen: components["schemas"]["SourceIp"] & {
             time: components["schemas"]["EpochDateTime"];
         };
+        /** @description One withdrawal entry in [`WithdrawHistoryResponse`]. */
+        WithdrawHistoryEntry: {
+            /** @description Destination address. */
+            address: string;
+            /** @description Withdrawal amount, as a decimal string. */
+            amount: string;
+            /**
+             * @description Time the withdrawal was requested (Binance returns a UTC string,
+             * e.g. `"2019-09-24 12:43:45"`).
+             */
+            applyTime: string;
+            /** @description Asset symbol (e.g. `"USDT"`, `"BTC"`). */
+            coin: string;
+            /**
+             * @description Time the withdrawal completed (UTC string), present once
+             * `status == 6`.
+             */
+            completeTime?: string | null;
+            /**
+             * Format: int32
+             * @description Number of on-chain confirmations.
+             */
+            confirmNo?: number | null;
+            /**
+             * @description Binance-assigned withdrawal id. Matches the `id` returned by
+             * [`WithdrawResponse`].
+             */
+            id: string;
+            /** @description Failure reason when the withdrawal was rejected. */
+            info?: string | null;
+            /** @description Blockchain network identifier (e.g. `"BSC"`, `"ETH"`). */
+            network?: string | null;
+            /**
+             * Format: int32
+             * @description Withdrawal status. Binance values: `0` = Email Sent,
+             * `2` = Awaiting Approval, `3` = Rejected, `4` = Processing,
+             * `6` = Completed. Left as `u8` for forward compatibility.
+             */
+            status: number;
+            /** @description Network fee charged for the withdrawal, as a decimal string. */
+            transactionFee: string;
+            /**
+             * Format: int32
+             * @description `0` = external transfer, `1` = internal (Binance↔Binance) transfer.
+             */
+            transferType: number;
+            /**
+             * @description On-chain transaction hash, once Binance has broadcast the withdrawal.
+             * May be empty until then.
+             */
+            txId?: string | null;
+            /**
+             * Format: int32
+             * @description Source wallet: `0` = spot wallet, `1` = funding wallet.
+             */
+            walletType: number;
+            /**
+             * @description Client-supplied withdrawal id, if one was set on the original
+             * withdrawal call.
+             */
+            withdrawOrderId?: string | null;
+        };
+        /**
+         * @description Parameters for `GET /sapi/v1/capital/withdraw/history`.
+         *
+         * Returns the master account's withdrawal history. All filters are
+         * optional; if `start_time`/`end_time` are omitted, Binance returns the
+         * most recent 90 days. Use `id_list` to look up specific withdrawals by
+         * the `id` returned from [`BinanceRpc::Withdraw`], or `withdraw_order_id`
+         * to look one up by its client-supplied id.
+         */
+        WithdrawHistoryRequest: {
+            /** @description Filter to a specific asset (e.g. `"USDT"`). */
+            coin?: string | null;
+            /**
+             * Format: int64
+             * @description Window end (ms since epoch).
+             */
+            endTime?: number | null;
+            /**
+             * @description Comma-separated list of Binance-assigned withdrawal ids (the `id`
+             * field of [`WithdrawResponse`]). Up to 45 ids per query, per Binance.
+             */
+            idList?: string | null;
+            /**
+             * Format: int32
+             * @description Page size (Binance default and max: 1000).
+             */
+            limit?: number | null;
+            /**
+             * Format: int32
+             * @description Pagination offset.
+             */
+            offset?: number | null;
+            /**
+             * Format: int64
+             * @description Window start (ms since epoch).
+             */
+            startTime?: number | null;
+            /**
+             * Format: int32
+             * @description Filter by withdrawal status. Binance values:
+             * `0` = Email Sent, `2` = Awaiting Approval, `3` = Rejected,
+             * `4` = Processing, `6` = Completed. Left as `u8` for forward
+             * compatibility.
+             */
+            status?: number | null;
+            /**
+             * @description Filter by the client-supplied withdrawal id originally passed to
+             * [`WithdrawRequest::withdraw_order_id`].
+             */
+            withdrawOrderId?: string | null;
+        };
+        /**
+         * @description Response for [`BinanceManager::withdraw_history`].
+         *
+         * Binance returns a top-level JSON array; this newtype preserves that wire
+         * format while giving the response a named type in the OpenAPI schema.
+         */
+        WithdrawHistoryResponse: components["schemas"]["WithdrawHistoryEntry"][];
+        /**
+         * @description Parameters for `POST /sapi/v1/capital/withdraw/apply`.
+         *
+         * Submits a withdrawal of `amount` of `coin` to the given external `address`.
+         * The signing key's account must have withdrawal permissions enabled.
+         */
+        WithdrawRequest: {
+            /** @description Destination address. */
+            address: string;
+            /**
+             * @description Secondary address identifier required by some assets (e.g. memo for
+             * XRP, tag for XLM).
+             */
+            addressTag?: string | null;
+            /**
+             * @description The amount being withdrawn, formatted as a decimal string (e.g. `"0.1"`).
+             * Sent verbatim: Binance is strict about decimal formatting.
+             */
+            amount: string;
+            /** @description The asset symbol being withdrawn (e.g. `"USDT"`, `"BTC"`). */
+            coin: string;
+            /** @description Optional human-readable description for the withdrawal. */
+            name?: string | null;
+            /**
+             * @description Network identifier (e.g. `"BSC"`, `"ETH"`). If omitted, Binance picks
+             * the default network for the asset.
+             */
+            network?: string | null;
+            /**
+             * @description If `true`, the withdrawal fee is deducted from the destination amount;
+             * if `false` (Binance default), it is deducted from the account balance
+             * in addition to `amount`.
+             */
+            transactionFeeFlag?: boolean | null;
+            /**
+             * Format: int32
+             * @description Source wallet: `0` = spot wallet (default), `1` = funding wallet.
+             */
+            walletType?: number | null;
+            /**
+             * @description Client-supplied withdrawal id, returned by Binance as `withdrawOrderId`
+             * in subsequent withdrawal-history queries.
+             */
+            withdrawOrderId?: string | null;
+        };
+        /** @description Response for [`BinanceManager::withdraw`]. */
+        WithdrawResponse: {
+            /**
+             * @description Binance-assigned withdrawal id. Used to look the request up later via
+             * the withdrawal-history endpoint.
+             */
+            id: string;
+        };
     };
     responses: {
         AddThirdPartyUserResponse: {
@@ -8958,6 +9690,7 @@ export interface components {
                      * ]
                      */
                     policy: unknown[];
+                    properties?: components["schemas"]["KeyPropertiesPatch"] | null;
                     /** @description The key provenance. */
                     provenance?: string | null;
                     /**
@@ -15567,6 +16300,11 @@ export interface operations {
                 user_id: string;
             };
         };
+        requestBody: {
+            content: {
+                "application/json": components["schemas"]["Empty"];
+            };
+        };
         responses: {
             200: components["responses"]["EmptyImpl"];
             default: {