@cubist-labs/cubesigner-sdk 0.4.241 → 0.4.246

package/src/schema.ts

@@ -1664,6 +1664,19 @@ export interface paths {
      */
     get: operations["userOrgs"];
   };
+  "/v1/org/{org_id}/binance/sign/{material_id}": {
+    /**
+     * Sign Binance RPC Request
+     * @description Sign Binance RPC Request
+     *
+     * Signs a typed [`BinanceRpc`] request with the [`KeyType::Ed25519BinanceApi`]
+     * key identified by `material_id`. The signer URL-encodes the inner request,
+     * appends Binance's `recvWindow` and `timestamp` parameters, signs the
+     * resulting query, and returns the full query string ready to be submitted
+     * to Binance.
+     */
+    post: operations["binanceSign"];
+  };
   "/v1/org/{org_id}/blob/sign/{key_id}": {
     /**
      * Sign Raw Blob
@@ -1751,34 +1764,99 @@ export type webhooks = Record<string, never>;
 export interface components {
   schemas: {
     AcceptedResponse: components["schemas"]["ErrorResponse"] & Record<string, never>;
+    /** @description Different responses we return for success status codes. */
+    AcceptedValue: OneOf<
+      [
+        {
+          SignDryRun: components["schemas"]["SignDryRunArgs"];
+        },
+        {
+          BinanceDryRun: components["schemas"]["BinanceDryRunArgs"];
+        },
+        {
+          MfaRequired: components["schemas"]["MfaRequiredArgs"];
+        },
+      ]
+    >;
+    /** @enum {string} */
+    AcceptedValueCode: "SignDryRun" | "BinanceDryRun" | "MfaRequired";
     /**
-     * @description Different responses we return for status code "202 Accepted".
+     * @description Determines who controls the keys within an org
+     * @enum {string}
+     */
+    AccessModel: "User" | "Org";
+    /**
+     * @description One asset balance entry in [`AccountInfoResponse::balances`]. Distinct from
+     * [`SubAccountAsset`] because the spot-account schema lacks the `freeze` and
+     * `withdrawing` fields.
+     */
+    AccountBalance: {
+      /** @description Asset symbol (e.g. `"USDT"`, `"BTC"`). */
+      asset: string;
+      /** @description Available balance. */
+      free: string;
+      /** @description Balance locked in open orders. */
+      locked: string;
+    };
+    /**
+     * @description Parameters for `GET /api/v3/account`.
      *
-     * Even though "202 Accepted" is a successful response, we represent
-     * it as a Rust error because that makes it easy to have route handlers
-     * return `Result<T, SignerError>` where `T` is the type of the
-     * response for the status code "200 Ok".
+     * Returns Spot account info for whichever account the signing key
+     * authenticates as (master or sub).
      */
-    AcceptedValue: {
-      MfaRequired: {
-        /** @description Always set to first MFA id from `Self::ids` */
-        id: string;
-        /** @description Non-empty MFA request IDs */
-        ids: string[];
-        /** @description Organization id */
-        org_id: string;
-        /** @description Optional policy evaluation tree (included in signer responses, when requested) */
-        policy_eval_tree?: unknown;
-        session?: components["schemas"]["NewSessionResponse"] | null;
-      };
+    AccountInfoRequest: {
+      /**
+       * @description If `true`, the response omits assets with all-zero balances. Defaults to
+       * `false` (Binance's default).
+       */
+      omitZeroBalances?: boolean | null;
+    };
+    /** @description Response returned by `cs_binanceAccountInfo`. */
+    AccountInfoResponse: {
+      /** @description Account type, e.g. `"SPOT"`. Left as `String` for forward compatibility. */
+      accountType: string;
+      /** @description One entry per asset. Affected by the `omit_zero_balances` request flag. */
+      balances: components["schemas"]["AccountBalance"][];
+      brokered: boolean;
+      /** Format: int64 */
+      buyerCommission: number;
+      canDeposit: boolean;
+      canTrade: boolean;
+      canWithdraw: boolean;
+      commissionRates: components["schemas"]["CommissionRates"];
+      /**
+       * Format: int64
+       * @description Maker commission, in basis points (e.g. `10` = 0.1%). Superseded by
+       * [`AccountInfoResponse::commission_rates`] for fractional rates.
+       */
+      makerCommission: number;
+      /** @description Permission flags, e.g. `["SPOT", "MARGIN"]`. */
+      permissions: string[];
+      preventSor: boolean;
+      requireSelfTradePrevention: boolean;
+      /** Format: int64 */
+      sellerCommission: number;
+      /** Format: int64 */
+      takerCommission: number;
+      /**
+       * Format: int64
+       * @description Account user id.
+       */
+      uid: number;
+      /**
+       * Format: int64
+       * @description Last account update time (ms since epoch).
+       */
+      updateTime: number;
     };
-    /** @enum {string} */
-    AcceptedValueCode: "MfaRequired";
     /**
-     * @description Determines who controls the keys within an org
+     * @description Wallet type used as the source or destination of a [`UniversalTransferRequest`].
+     *
+     * Serializes to the SCREAMING_SNAKE_CASE strings Binance expects. The default
+     * is [`AccountType::Spot`].
      * @enum {string}
      */
-    AccessModel: "User" | "Org";
+    AccountType: "SPOT" | "USDT_FUTURE" | "COIN_FUTURE" | "MARGIN";
     /** @description Request to add OIDC identity to an existing user account */
     AddIdentityRequest: {
       oidc_token: string;
@@ -2075,6 +2153,8 @@ export interface components {
     AuthenticatorTransport: "usb" | "nfc" | "ble" | "internal";
     /** @description Request to sign a serialized Avalanche transaction */
     AvaSerializedTxSignRequest: {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -2097,6 +2177,8 @@ export interface components {
     };
     /** @description Request to sign an Avalanche transaction */
     AvaSignRequest: {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -2134,6 +2216,8 @@ export interface components {
     /** @description Wrapper around a zeroizing 32-byte fixed-size array */
     B32: string;
     BabylonCovSignRequest: {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -2327,6 +2411,8 @@ export interface components {
        */
       value: number;
     }) & {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -2797,10 +2883,15 @@ export interface components {
       | "InvalidMfaReceiptInvalidOrgId"
       | "MfaRequestNotFound"
       | "InvalidKeyType"
+      | "InvalidPropertiesForKeyType"
+      | "MismatchedKeyPropertiesPatch"
+      | "MissingBinanceApiKey"
+      | "BinanceKeyMasterMismatch"
       | "InvalidKeyMaterial"
       | "InvalidHexValue"
       | "InvalidBase32Value"
       | "InvalidBase58Value"
+      | "InvalidBase64Value"
       | "InvalidSs58Value"
       | "InvalidForkVersionLength"
       | "InvalidEthAddress"
@@ -3071,6 +3162,7 @@ export interface components {
       | "BabylonRegistration"
       | "BabylonStaking"
       | "BabylonCovSign"
+      | "BinanceSign"
       | "BlobSign"
       | "BtcMessageSign"
       | "BtcSign"
@@ -3116,6 +3208,8 @@ export interface components {
       | "RpcCreateTransaction"
       | "RpcGetTransaction"
       | "RpcListTransactions"
+      | "RpcRetryTransaction"
+      | "RpcBinance"
       | "CustomChainRpcCall"
       | "EsploraApiCall"
       | "SentryApiCall"
@@ -3125,6 +3219,213 @@ export interface components {
       | "UserOrgs"
       | "PublicOrgInfo"
       | "EmailMyOrgs";
+    /** @description Parameters envelope for all Binance RPC methods. */
+    BinanceAccountInfoParams: components["schemas"]["AccountInfoRequest"] & {
+      dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+      keyId: components["schemas"]["Id"];
+      /**
+       * Format: float
+       * @description Optional "receive window", i.e., for how long the request stays valid.
+       * May only be specified in milliseconds, with up to three decimal places of precision.
+       * If omitted, defaults to 10000. Must not be greater than 60000.
+       */
+      recvWindow?: number | null;
+    };
+    BinanceApiPropertiesPatch: {
+      /** @description The Binance-issued API key string. Encrypted server-side before storage. */
+      api_key?: string | null;
+      /** @description Email address of the Binance (master or sub) account this key authenticates as. */
+      email?: string | null;
+      /** @description Whether this corresponds to a master (as opposed to a sub) account on Binance. */
+      is_master?: boolean | null;
+      /** @description Arbitrary label. Useful for storing the corresponding API key label on the Binance side. */
+      label?: string | null;
+    };
+    /** @description Parameters envelope for all Binance RPC methods. */
+    BinanceDepositParams: components["schemas"]["DepositRequest"] & {
+      dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+      keyId: components["schemas"]["Id"];
+      /**
+       * Format: float
+       * @description Optional "receive window", i.e., for how long the request stays valid.
+       * May only be specified in milliseconds, with up to three decimal places of precision.
+       * If omitted, defaults to 10000. Must not be greater than 60000.
+       */
+      recvWindow?: number | null;
+    };
+    BinanceDryRunArgs: {
+      /** @description The Binance API method that would have been used */
+      method: string;
+      /** @description The Binance API url method that would have been called */
+      url: string;
+    };
+    /**
+     * @description Different "dry run" modes for executing Binance requests.
+     * @enum {string}
+     */
+    BinanceDryRunMode: "NO_SIGN" | "NO_SUBMIT";
+    /**
+     * @description Binance-family RPC methods. Each variant authenticates as the
+     * [`KeyType::Ed25519BinanceApi`] key in its `params.key_id`.
+     */
+    BinanceRpc:
+      | {
+          /** @enum {string} */
+          method: "cs_binanceSubToMaster";
+          params: components["schemas"]["BinanceSubToMasterParams"];
+        }
+      | {
+          /** @enum {string} */
+          method: "cs_binanceSubToSub";
+          params: components["schemas"]["BinanceSubToSubParams"];
+        }
+      | {
+          /** @enum {string} */
+          method: "cs_binanceUniversalTransfer";
+          params: components["schemas"]["BinanceUniversalTransferParams"];
+        }
+      | {
+          /** @enum {string} */
+          method: "cs_binanceSubAccountAssets";
+          params: components["schemas"]["BinanceSubAccountAssetsParams"];
+        }
+      | {
+          /** @enum {string} */
+          method: "cs_binanceAccountInfo";
+          params: components["schemas"]["BinanceAccountInfoParams"];
+        }
+      | {
+          /** @enum {string} */
+          method: "cs_binanceSubAccountTransferHistory";
+          params: components["schemas"]["BinanceSubAccountTransferHistoryParams"];
+        }
+      | {
+          /** @enum {string} */
+          method: "cs_binanceUniversalTransferHistory";
+          params: components["schemas"]["BinanceUniversalTransferHistoryParams"];
+        }
+      | {
+          /** @enum {string} */
+          method: "cs_binanceWithdraw";
+          params: components["schemas"]["BinanceWithdrawParams"];
+        }
+      | {
+          /** @enum {string} */
+          method: "cs_binanceWithdrawHistory";
+          params: components["schemas"]["BinanceWithdrawHistoryParams"];
+        }
+      | {
+          /** @enum {string} */
+          method: "cs_binanceDeposit";
+          params: components["schemas"]["BinanceDepositParams"];
+        };
+    /** @description Response returned by the typed `binance_sign` endpoint. */
+    BinanceSignResponse: {
+      /** @description Optional policy evaluation tree. */
+      policy_eval_tree?: unknown;
+    } & {
+      /**
+       * @description The full signed query string, ready to be submitted to Binance.
+       * Encoded as `<urlencoded params>&recvWindow=<ms>&timestamp=<ms>&signature=<urlencoded base64 sig>`.
+       */
+      signed_query: string;
+    };
+    /** @description Parameters envelope for all Binance RPC methods. */
+    BinanceSubAccountAssetsParams: components["schemas"]["SubAccountAssetsRequest"] & {
+      dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+      keyId: components["schemas"]["Id"];
+      /**
+       * Format: float
+       * @description Optional "receive window", i.e., for how long the request stays valid.
+       * May only be specified in milliseconds, with up to three decimal places of precision.
+       * If omitted, defaults to 10000. Must not be greater than 60000.
+       */
+      recvWindow?: number | null;
+    };
+    /** @description Parameters envelope for all Binance RPC methods. */
+    BinanceSubAccountTransferHistoryParams: components["schemas"]["SubAccountTransferHistoryRequest"] & {
+      dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+      keyId: components["schemas"]["Id"];
+      /**
+       * Format: float
+       * @description Optional "receive window", i.e., for how long the request stays valid.
+       * May only be specified in milliseconds, with up to three decimal places of precision.
+       * If omitted, defaults to 10000. Must not be greater than 60000.
+       */
+      recvWindow?: number | null;
+    };
+    /** @description Parameters envelope for all Binance RPC methods. */
+    BinanceSubToMasterParams: components["schemas"]["SubToMasterRequest"] & {
+      dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+      keyId: components["schemas"]["Id"];
+      /**
+       * Format: float
+       * @description Optional "receive window", i.e., for how long the request stays valid.
+       * May only be specified in milliseconds, with up to three decimal places of precision.
+       * If omitted, defaults to 10000. Must not be greater than 60000.
+       */
+      recvWindow?: number | null;
+    };
+    /** @description Parameters envelope for all Binance RPC methods. */
+    BinanceSubToSubParams: components["schemas"]["SubToSubRequest"] & {
+      dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+      keyId: components["schemas"]["Id"];
+      /**
+       * Format: float
+       * @description Optional "receive window", i.e., for how long the request stays valid.
+       * May only be specified in milliseconds, with up to three decimal places of precision.
+       * If omitted, defaults to 10000. Must not be greater than 60000.
+       */
+      recvWindow?: number | null;
+    };
+    /** @description Parameters envelope for all Binance RPC methods. */
+    BinanceUniversalTransferHistoryParams: components["schemas"]["UniversalTransferHistoryRequest"] & {
+      dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+      keyId: components["schemas"]["Id"];
+      /**
+       * Format: float
+       * @description Optional "receive window", i.e., for how long the request stays valid.
+       * May only be specified in milliseconds, with up to three decimal places of precision.
+       * If omitted, defaults to 10000. Must not be greater than 60000.
+       */
+      recvWindow?: number | null;
+    };
+    /** @description Parameters envelope for all Binance RPC methods. */
+    BinanceUniversalTransferParams: components["schemas"]["UniversalTransferRequest"] & {
+      dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+      keyId: components["schemas"]["Id"];
+      /**
+       * Format: float
+       * @description Optional "receive window", i.e., for how long the request stays valid.
+       * May only be specified in milliseconds, with up to three decimal places of precision.
+       * If omitted, defaults to 10000. Must not be greater than 60000.
+       */
+      recvWindow?: number | null;
+    };
+    /** @description Parameters envelope for all Binance RPC methods. */
+    BinanceWithdrawHistoryParams: components["schemas"]["WithdrawHistoryRequest"] & {
+      dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+      keyId: components["schemas"]["Id"];
+      /**
+       * Format: float
+       * @description Optional "receive window", i.e., for how long the request stays valid.
+       * May only be specified in milliseconds, with up to three decimal places of precision.
+       * If omitted, defaults to 10000. Must not be greater than 60000.
+       */
+      recvWindow?: number | null;
+    };
+    /** @description Parameters envelope for all Binance RPC methods. */
+    BinanceWithdrawParams: components["schemas"]["WithdrawRequest"] & {
+      dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+      keyId: components["schemas"]["Id"];
+      /**
+       * Format: float
+       * @description Optional "receive window", i.e., for how long the request stays valid.
+       * May only be specified in milliseconds, with up to three decimal places of precision.
+       * If omitted, defaults to 10000. Must not be greater than 60000.
+       */
+      recvWindow?: number | null;
+    };
     /** @description A bitcoin address and its network. */
     BitcoinAddressInfo: {
       /**
@@ -3140,6 +3441,8 @@ export interface components {
      * }
      */
     BlobSignRequest: {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -3228,6 +3531,8 @@ export interface components {
     };
     /** @description Data to sign */
     BtcMessageSignRequest: {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -3270,6 +3575,8 @@ export interface components {
       | "NonePlusAnyoneCanPay"
       | "SinglePlusAnyoneCanPay";
     BtcSignRequest: {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -3479,6 +3786,13 @@ export interface components {
       client?: components["schemas"]["ClientProfile"];
       os_info?: components["schemas"]["OsInfo"];
     };
+    /** @description Commission rates as decimal strings (e.g. `"0.00100000"`). */
+    CommissionRates: {
+      buyer: string;
+      maker: string;
+      seller: string;
+      taker: string;
+    };
     /**
      * @description Fields that are common to different types of resources such as keys, roles, etc.
      * Includes versioning fields plus metadata, edit policy, etc.
@@ -3571,7 +3885,10 @@ export interface components {
           type: "fido";
         };
     /** @enum {string} */
-    ConflictErrorCode: "ConcurrentRequestDisallowed" | "ConcurrentLockCreation";
+    ConflictErrorCode:
+      | "ConcurrentRequestDisallowed"
+      | "ConcurrentLockCreation"
+      | "ConcurrentTransactionSubmission";
     /** @description A contact in the org. */
     Contact: components["schemas"]["CommonFields"] & {
       /**
@@ -3876,6 +4193,31 @@ export interface components {
     CreationOptionsWithHash: components["schemas"]["ChallengePieces"] & {
       options: components["schemas"]["PublicKeyCredentialCreationOptions"];
     };
+    /** @description Core RPC methods (transaction CRUD). */
+    CsRpc: OneOf<
+      [
+        {
+          /** @enum {string} */
+          method: "cs_createTransaction";
+          params: components["schemas"]["CreateTransactionRequest"];
+        },
+        {
+          /** @enum {string} */
+          method: "cs_retryTransaction";
+          params: components["schemas"]["RetryTransactionRequest"];
+        },
+        {
+          /** @enum {string} */
+          method: "cs_getTransaction";
+          params: components["schemas"]["GetTransactionRequest"];
+        },
+        {
+          /** @enum {string} */
+          method: "cs_listTransactions";
+          params: components["schemas"]["ListTransactionsRequest"];
+        },
+      ]
+    >;
     CubeSignerUserInfo: {
       /** @description All multi-factor authentication methods configured for this user */
       configured_mfa: components["schemas"]["ConfiguredMfa"][];
@@ -3908,6 +4250,40 @@ export interface components {
       /** @description Custom EVM chains. */
       evm: components["schemas"]["EvmCustomChain"][];
     };
+    /**
+     * @description Parameters for `GET /sapi/v1/capital/deposit/address`.
+     *
+     * Fetches the deposit address for `coin` on the account that the signing key
+     * authenticates as. Optionally narrows the address to a specific `network`.
+     */
+    DepositRequest: {
+      /**
+       * @description Required only when `network` is `"LIGHTNING"`: the deposit amount that
+       * the returned invoice should encode, as a decimal string.
+       */
+      amount?: string | null;
+      /** @description The asset symbol whose deposit address to fetch (e.g. `"USDT"`, `"BTC"`). */
+      coin: string;
+      /**
+       * @description Network identifier (e.g. `"BSC"`, `"ETH"`). If omitted, Binance returns
+       * the address on the asset's default network.
+       */
+      network?: string | null;
+    };
+    /** @description Response returned by `cs_binanceDeposit`. */
+    DepositResponse: {
+      /** @description Deposit address. */
+      address: string;
+      /** @description Asset symbol (echoes [`DepositRequest::coin`]). */
+      coin: string;
+      /**
+       * @description Secondary address identifier required by some assets (e.g. memo for
+       * XRP, tag for XLM). Empty string when the asset does not use one.
+       */
+      tag: string;
+      /** @description Blockchain explorer URL for `address`. */
+      url: string;
+    };
     /**
      * @description Information produced by a successful deposit
      * @example {
@@ -3994,6 +4370,8 @@ export interface components {
       mnemonic_id?: string | null;
     };
     DiffieHellmanRequest: {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -4077,6 +4455,8 @@ export interface components {
       time_lock_until?: components["schemas"]["EpochDateTime"] | null;
     };
     Eip191SignRequest: {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -4199,6 +4579,8 @@ export interface components {
      * }
      */
     Eip712SignRequest: {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -4294,6 +4676,8 @@ export interface components {
      * at a specified block height.
      */
     EotsCreateNonceRequest: {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -4344,6 +4728,8 @@ export interface components {
     };
     /** @description Request for an EOTS signature on a specified message, chain-id, block-height triple */
     EotsSignRequest: {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -4440,6 +4826,8 @@ export interface components {
      * }
      */
     Eth1SignRequest: {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -4502,6 +4890,8 @@ export interface components {
      * }
      */
     Eth2SignRequest: {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -4628,6 +5018,11 @@ export interface components {
         };
     /** @description EVM-specific transaction details. */
     EvmTransactionDetails: {
+      /**
+       * Format: int64
+       * @description The EVM chain id for the chain the transaction is submitted to.
+       */
+      chain_id: number;
       /**
        * @description The transaction hash, as submitted to the chain.
        *
@@ -4639,7 +5034,7 @@ export interface components {
        *
        * Can be undefined if the transaction hasn't been signed yet, or failed to be signed.
        */
-      signature?: string;
+      signature?: string | null;
       /** @description The transaction itself. */
       tx: unknown;
     };
@@ -4691,8 +5086,7 @@ export interface components {
       /**
        * @description Optional nonce.
        *
-       * If not specified, the sender's transaction count from the latest block is
-       * used.
+       * If not specified, the next available nonce is used.
        */
       nonce?: string | null;
     };
@@ -4728,6 +5122,17 @@ export interface components {
     ExplicitScope:
       | "sign:*"
       | "sign:ava"
+      | "sign:binance:*"
+      | "sign:binance:subToMaster"
+      | "sign:binance:subToSub"
+      | "sign:binance:universalTransfer"
+      | "sign:binance:subAccountAssets"
+      | "sign:binance:accountInfo"
+      | "sign:binance:subAccountTransferHistory"
+      | "sign:binance:universalTransferHistory"
+      | "sign:binance:withdraw"
+      | "sign:binance:withdrawHistory"
+      | "sign:binance:deposit"
       | "sign:blob"
       | "sign:diffieHellman"
       | "sign:btc:*"
@@ -4803,6 +5208,7 @@ export interface components {
       | "manage:key:update:enabled"
       | "manage:key:update:region"
       | "manage:key:update:metadata"
+      | "manage:key:update:properties"
       | "manage:key:update:editPolicy"
       | "manage:key:delete"
       | "manage:policy:*"
@@ -4889,10 +5295,16 @@ export interface components {
       | "manage:org:inviteAlien"
       | "manage:org:invitation:list"
       | "manage:org:invitation:cancel"
-      | "manage:org:updateMembership"
+      | "manage:org:updateMembership:*"
+      | "manage:org:updateMembership:owner"
+      | "manage:org:updateMembership:member"
+      | "manage:org:updateMembership:alien"
       | "manage:org:listUsers"
       | "manage:org:user:get"
-      | "manage:org:deleteUser"
+      | "manage:org:deleteUser:*"
+      | "manage:org:deleteUser:owner"
+      | "manage:org:deleteUser:member"
+      | "manage:org:deleteUser:alien"
       | "manage:org:get"
       | "manage:org:update:*"
       | "manage:org:update:enabled"
@@ -4950,8 +5362,10 @@ export interface components {
       | "rpc:*"
       | "rpc:createTransaction:*"
       | "rpc:createTransaction:evm"
+      | "rpc:retryTransaction"
       | "rpc:getTransaction"
-      | "rpc:listTransactions";
+      | "rpc:listTransactions"
+      | "rpc:binance";
     /**
      * @description This type specifies the interpretation of the `fee` field in Babylon
      * staking requests. If `sats`, the field is intpreted as a fixed value
@@ -5618,14 +6032,12 @@ export interface components {
       key_type: string;
     };
     /** @description The top-level JSON-RPC request type. */
-    JsonRpcRequest: {
-      method: "JsonRpcRequest";
-    } & Omit<components["schemas"]["RpcMethod"], "method"> & {
-        /** @description Request ID */
-        id?: string;
-        /** @description JSON-RPC version. */
-        jsonrpc: string;
-      };
+    JsonRpcRequest: components["schemas"]["RpcMethod"] & {
+      /** @description Request ID */
+      id?: string;
+      /** @description JSON-RPC version. */
+      jsonrpc: string;
+    };
     /** @description The RPC API's response. */
     JsonRpcResponse: {
       error?: components["schemas"]["ErrorObj"] | null;
@@ -5639,7 +6051,16 @@ export interface components {
     /** @description Valid `result` from the JSON-RPC API. */
     JsonRpcResult:
       | components["schemas"]["TransactionInfo"]
-      | components["schemas"]["ListTransactionsPaginatedResponse"];
+      | components["schemas"]["ListTransactionsPaginatedResponse"]
+      | components["schemas"]["SubAccountTransferResponse"]
+      | components["schemas"]["UniversalTransferResponse"]
+      | components["schemas"]["SubAccountAssetsResponse"]
+      | components["schemas"]["AccountInfoResponse"]
+      | components["schemas"]["SubAccountTransferHistoryResponse"]
+      | components["schemas"]["UniversalTransferHistoryResponse"]
+      | components["schemas"]["WithdrawResponse"]
+      | components["schemas"]["WithdrawHistoryResponse"]
+      | components["schemas"]["DepositResponse"];
     JwkSetResponse: {
       /** @description The keys included in this set */
       keys: Record<string, never>[];
@@ -5741,6 +6162,7 @@ export interface components {
        * ]
        */
       policy: unknown[];
+      properties?: components["schemas"]["KeyPropertiesPatch"] | null;
       /** @description The key provenance. */
       provenance?: string | null;
       /**
@@ -5768,6 +6190,19 @@ export interface components {
     KeyInfos: {
       keys: components["schemas"]["KeyInfo"][];
     };
+    /**
+     * @description Client-side wire payload for [`KeyProperties`]. Used in both directions:
+     *
+     * - **On write**: a *patch*, i.e., for each field, missing means "leave alone",
+     * `null` means "clear", and a value means "set". Secret fields arrive in the
+     * clear and are encrypted server-side before persisting.
+     * - **On read**: each field is omitted when the stored property is unset; secret
+     * fields are emitted with the redacted marker (e.g. "[REDACTED]").
+     */
+    KeyPropertiesPatch: components["schemas"]["BinanceApiPropertiesPatch"] & {
+      /** @enum {string} */
+      kind: "BinanceApi";
+    };
     /** @enum {string} */
     KeyType:
       | "SecpEthAddr"
@@ -5787,6 +6222,7 @@ export interface components {
       | "Ed25519StellarAddr"
       | "Ed25519SubstrateAddr"
       | "Ed25519CantonAddr"
+      | "Ed25519BinanceApi"
       | "Mnemonic"
       | "Stark"
       | "BabylonEots"
@@ -5881,7 +6317,7 @@ export interface components {
        */
       owner?: string | null;
     };
-    /** @description The response to [`cs_listTransactions`](super::request::RpcMethod::ListTransactions) */
+    /** @description The response to [`cs_listTransactions`](super::request::CsRpc::ListTransactions) */
     ListTransactionsResponse: {
       /** @description A list of transaction infos. */
       transactions: components["schemas"]["TransactionInfo"][];
@@ -5975,6 +6411,17 @@ export interface components {
       request: components["schemas"]["HttpRequest"];
       status: components["schemas"]["Status"];
     };
+    MfaRequiredArgs: {
+      /** @description Always set to first MFA id from `Self::ids` */
+      id: string;
+      /** @description Non-empty MFA request IDs */
+      ids: string[];
+      /** @description Organization id */
+      org_id: string;
+      /** @description Optional policy evaluation tree (included in signer responses, when requested) */
+      policy_eval_tree?: unknown;
+      session?: components["schemas"]["NewSessionResponse"] | null;
+    };
     /** @description Org-wide MFA requirements. */
     MfaRequirements: {
       alien_login_requirement?: components["schemas"]["SecondFactorRequirement"];
@@ -6014,7 +6461,7 @@ export interface components {
       verified_email?: string | null;
     };
     MigrateUpdateUsersRequest: components["schemas"]["MigrateUpdateUserItem"][];
-    MmiMetadata: (components["schemas"]["MmiMetadataExt"] | null) & {
+    MmiMetadata: {
       /** @description Chain ID (not required when signing a personal message (EIP-191)) */
       chainId?: string | null;
       /** @description If the custodian should publish the transaction */
@@ -6028,42 +6475,6 @@ export interface components {
       /** @description The category of transaction, as best can be determined by the wallet */
       transactionCategory?: string | null;
     };
-    MmiMetadataExt: {
-      /**
-       * @description All accounts the user can access.
-       * Only set when requested explicitly, i.e., via 'customer_listAccountsSigned'.
-       */
-      accounts?:
-        | {
-            /**
-             * @description An Ethereum address, hex-encoded, with leading '0x'
-             * @example 0x0123456789012345678901234567890123456789
-             */
-            address: string;
-            /** @description Account metadata */
-            metadata?: unknown;
-            /** @description Account name */
-            name: string;
-            /** @description Ordered list of name-value pairs */
-            tags?: {
-              /** @description Tag name */
-              name: string;
-              /** @description Tag value */
-              value: string;
-            }[];
-          }[]
-        | null;
-      /** @description The customer ID of the user, i.e., the customer's organization ID. */
-      customerId: string | null;
-      /** @description A human readable name of the corresponding organization, if any. */
-      customerName: string | null;
-    } & {
-      /**
-       * @description This must match the `sub` claim of the customer proof of
-       * the user or role session which created the transaction.
-       */
-      userId: string | null;
-    };
     MmiRejectRequest: {
       /** @description Optional reason for rejecting. */
       reason?: string | null;
@@ -6263,6 +6674,7 @@ export interface components {
       | "BabylonCovSign"
       | "BabylonRegistration"
       | "BabylonStaking"
+      | "BinanceSign"
       | "BlobSign"
       | "BtcMessageSign"
       | "BtcSign"
@@ -7437,6 +7849,8 @@ export interface components {
     >;
     /** @description A request to sign a PSBT */
     PsbtSignRequest: {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -7978,6 +8392,11 @@ export interface components {
     RestrictedActionsMap: {
       [key: string]: components["schemas"]["MemberRole"][];
     };
+    /** @description Parameters for the [`cs_retryTransaction`](RpcMethod::RetryTransaction) method. */
+    RetryTransactionRequest: components["schemas"]["EvmTxCustomization"] & {
+      /** @description The transaction id. */
+      id: string;
+    };
     /**
      * @description List of role actions that can be restricted to a set of member roles
      * @enum {string}
@@ -8050,23 +8469,14 @@ export interface components {
       /** @description A JSON Web Token whose claims contain the `RoleInfo` structure. */
       jwt: string;
     };
-    /** @description The RPC API method and matching parameters. */
-    RpcMethod:
-      | {
-          /** @enum {string} */
-          method: "cs_createTransaction";
-          params: components["schemas"]["CreateTransactionRequest"];
-        }
-      | {
-          /** @enum {string} */
-          method: "cs_getTransaction";
-          params: components["schemas"]["GetTransactionRequest"];
-        }
-      | {
-          /** @enum {string} */
-          method: "cs_listTransactions";
-          params: components["schemas"]["ListTransactionsRequest"];
-        };
+    /**
+     * @description The RPC API method and matching parameters.
+     *
+     * Top-level dispatch. Wire format is preserved by `#[serde(untagged)]`: each
+     * inbound request is matched against one of the internally-tagged inner enums
+     * ([`CsRpc`] for the core methods, [`BinanceRpc`] for the Binance family).
+     */
+    RpcMethod: components["schemas"]["CsRpc"] | components["schemas"]["BinanceRpc"];
     /** @description All scopes for accessing CubeSigner APIs */
     Scope: components["schemas"]["ExplicitScope"] | string;
     /** @description A set of scopes. */
@@ -8218,6 +8628,12 @@ export interface components {
       /** @description All metrics must include 'org_id' as a dimension. */
       org_id: string;
     };
+    SignDryRunArgs: {
+      /** @description Whether MFA is required */
+      mfa_requests: components["schemas"]["MfaRequestInfo"][];
+      /** @description Optional policy evaluation tree, if requested */
+      policy_eval_tree?: unknown;
+    };
     SignResponse: {
       /** @description Optional policy evaluation tree. */
       policy_eval_tree?: unknown;
@@ -8330,6 +8746,8 @@ export interface components {
      * }
      */
     SolanaSignRequest: {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -8359,6 +8777,8 @@ export interface components {
       source_ip: string;
     };
     StakeRequest: {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -8438,6 +8858,164 @@ export interface components {
       num_auth_factors: number;
       request_comparer?: components["schemas"]["HttpRequestCmp"];
     };
+    /**
+     * @description A single asset balance entry returned by [`SubAccountAssetsResponse`].
+     *
+     * All balance fields are decimal strings (Binance preserves precision by not
+     * converting to floats).
+     */
+    SubAccountAsset: {
+      /** @description Asset symbol (e.g. `"USDT"`, `"BTC"`). */
+      asset: string;
+      /** @description Available balance. */
+      free: string;
+      /** @description Balance frozen by Binance (e.g. due to compliance holds). */
+      freeze: string;
+      /** @description Balance locked in open orders. */
+      locked: string;
+      /** @description Balance currently being withdrawn. */
+      withdrawing: string;
+    };
+    /**
+     * @description Parameters for `GET /sapi/v4/sub-account/assets`.
+     *
+     * Queries the spot-wallet balances of a single sub-account. Must be called by
+     * a master-account credential.
+     */
+    SubAccountAssetsRequest: {
+      /** @description Email address of the sub-account whose balances to fetch. */
+      email: string;
+    };
+    /** @description Response returned by `cs_binanceSubAccountAssets`. */
+    SubAccountAssetsResponse: {
+      /**
+       * @description One entry per asset held in the sub-account's spot wallet. Binance
+       * omits assets with all-zero balances.
+       */
+      balances: components["schemas"]["SubAccountAsset"][];
+    };
+    /** @description One transfer entry in [`SubAccountTransferHistoryResponse`]. */
+    SubAccountTransferHistoryEntry: {
+      /** @description Asset symbol (e.g. `"USDT"`). */
+      asset: string;
+      /** @description Email of the counterparty account on the other side of the transfer. */
+      counterParty: string;
+      /**
+       * @description Email of the account this entry's API key authenticates as. Binance
+       * returns this on each row even though it is the same for the whole page.
+       */
+      email: string;
+      /**
+       * @description Wallet type debited on the source side (e.g. `"SPOT"`,
+       * `"USDT_FUTURE"`). Left as `String` for forward compatibility.
+       */
+      fromAccountType: string;
+      /** @description Amount transferred, as a decimal string. */
+      qty: string;
+      /**
+       * @description Transfer status: `"PROCESS"`, `"SUCCESS"`, or `"FAILURE"`. Left as
+       * `String` for forward compatibility.
+       */
+      status: string;
+      /**
+       * Format: int64
+       * @description Time of the transfer (ms since epoch).
+       */
+      time: number;
+      /** @description Wallet type credited on the destination side. */
+      toAccountType: string;
+      /**
+       * Format: int64
+       * @description Transfer id. Matches the `txnId` returned by the original
+       * [`SubAccountTransferResponse`].
+       */
+      tranId: number;
+      /**
+       * Format: int32
+       * @description `1` = transfer in, `2` = transfer out.
+       */
+      type: number;
+    };
+    /**
+     * @description Parameters for `GET /sapi/v1/sub-account/transfer/subUserHistory`.
+     *
+     * Lists the transfer history of the calling sub-account. Covers both
+     * sub-to-master and sub-to-sub transfers. All filters are optional; if
+     * `start_time`/`end_time` are omitted, Binance returns the most recent 30
+     * days. If `r#type` is omitted, Binance defaults to `TransferOut` (`2`).
+     */
+    SubAccountTransferHistoryRequest: {
+      /** @description Filter to a specific asset (e.g. `"USDT"`). */
+      asset?: string | null;
+      /**
+       * Format: int64
+       * @description Window end (ms since epoch).
+       */
+      endTime?: number | null;
+      /**
+       * Format: int32
+       * @description Page size (Binance default: 500).
+       */
+      limit?: number | null;
+      /**
+       * @description If `true`, include failed transfers in the response. Binance defaults
+       * to `false`.
+       */
+      returnFailHistory?: boolean | null;
+      /**
+       * Format: int64
+       * @description Window start (ms since epoch).
+       */
+      startTime?: number | null;
+      /**
+       * Format: int32
+       * @description Direction filter (`1` = transfer in, `2` = transfer out).
+       */
+      type?: number | null;
+    };
+    /**
+     * @description Response returned by `cs_binanceSubAccountTransferHistory`.
+     *
+     * Binance returns a top-level JSON array; this newtype preserves that wire
+     * format while giving the response a named type in the OpenAPI schema.
+     */
+    SubAccountTransferHistoryResponse: components["schemas"]["SubAccountTransferHistoryEntry"][];
+    /** @description Response returned by `cs_binanceSubToMaster` and `cs_binanceSubToSub`. */
+    SubAccountTransferResponse: {
+      /** Format: int64 */
+      txnId: number;
+    };
+    /**
+     * @description Parameters for `POST /sapi/v1/sub-account/transfer/subToMaster`.
+     *
+     * Transfers an asset from the caller's sub-account to the master account.
+     */
+    SubToMasterRequest: {
+      /**
+       * @description The amount being transferred, formatted as a decimal string (e.g. `"0.1"`).
+       * Sent verbatim: Binance is strict about decimal formatting.
+       */
+      amount: string;
+      /** @description The asset symbol being transferred (e.g. `"USDT"`, `"BTC"`). */
+      asset: string;
+    };
+    /**
+     * @description Parameters for `POST /sapi/v1/sub-account/transfer/subToSub`.
+     *
+     * Transfers an asset from the caller's sub-account to another sub-account
+     * under the same master account.
+     */
+    SubToSubRequest: {
+      /** @description The amount being transferred, as a decimal string (e.g. `"0.1"`). */
+      amount: string;
+      /** @description The asset symbol being transferred (e.g. `"USDT"`). */
+      asset: string;
+      /**
+       * @description Email address of the destination sub-account. Must be a sub-account of
+       * the same master.
+       */
+      toEmail: string;
+    };
     /**
      * @description The status of a subscription
      * @enum {string}
@@ -8459,6 +9037,8 @@ export interface components {
     SuiChain: "mainnet" | "devnet" | "testnet";
     /** @description Request to sign a serialized SUI transaction */
     SuiSignRequest: {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -8485,6 +9065,8 @@ export interface components {
       tx: string;
     };
     TaprootSignRequest: {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -8557,6 +9139,8 @@ export interface components {
     TelegramEnvironment: "production" | "test";
     /** @description The request for using the Tendermint sign endpoint. */
     TendermintSignRequest: {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -8836,6 +9420,119 @@ export interface components {
       | "AuthorizationHeaderMissing"
       | "EndpointRequiresUserSession"
       | "RefreshTokenMissing";
+    /** @description One transfer entry in [`UniversalTransferHistoryResponse`]. */
+    UniversalTransferHistoryEntry: {
+      /** @description Amount transferred, as a decimal string. */
+      amount: string;
+      /** @description Asset symbol. */
+      asset: string;
+      /** @description Client-supplied transfer id, if one was set on the original transfer. */
+      clientTranId?: string | null;
+      /**
+       * Format: int64
+       * @description Time of the transfer (ms since epoch).
+       */
+      createTimeStamp: number;
+      /**
+       * @description Wallet type debited on the source side. Left as `String` for forward
+       * compatibility.
+       */
+      fromAccountType: string;
+      /** @description Source sub-account email; absent when the source is the master. */
+      fromEmail?: string | null;
+      /** @description Transfer status (e.g. `"SUCCESS"`). */
+      status: string;
+      /** @description Wallet type credited on the destination side. */
+      toAccountType: string;
+      /** @description Destination sub-account email; absent when the destination is master. */
+      toEmail?: string | null;
+      /**
+       * Format: int64
+       * @description Transfer id. Matches the `tranId` returned by the original
+       * [`UniversalTransferResponse`].
+       */
+      tranId: number;
+    };
+    /**
+     * @description Parameters for `GET /sapi/v1/sub-account/universalTransfer`.
+     *
+     * Lists universal transfers initiated by the master account. All filters
+     * are optional; if `start_time`/`end_time` are omitted, Binance returns the
+     * most recent 30 days. Binance does not support filtering by `tran_id`
+     * directly — use `client_tran_id` if you set one when initiating the
+     * transfer, or page through the result and match the `tranId` client-side.
+     */
+    UniversalTransferHistoryRequest: {
+      /** @description Filter by client-supplied transfer id. */
+      clientTranId?: string | null;
+      /**
+       * Format: int64
+       * @description Window end (ms since epoch).
+       */
+      endTime?: number | null;
+      /** @description Filter to transfers originating from this sub-account email. */
+      fromEmail?: string | null;
+      /**
+       * Format: int32
+       * @description Page size (Binance default: 500, max: 500).
+       */
+      limit?: number | null;
+      /**
+       * Format: int32
+       * @description 1-based page number (Binance default: 1).
+       */
+      page?: number | null;
+      /**
+       * Format: int64
+       * @description Window start (ms since epoch).
+       */
+      startTime?: number | null;
+      /** @description Filter to transfers destined for this sub-account email. */
+      toEmail?: string | null;
+    };
+    /** @description Response returned by `cs_binanceUniversalTransferHistory`. */
+    UniversalTransferHistoryResponse: {
+      /** @description Transfers in the current page. */
+      result: components["schemas"]["UniversalTransferHistoryEntry"][];
+      /**
+       * Format: int64
+       * @description Total number of transfers matching the filters across all pages.
+       */
+      totalCount: number;
+    };
+    /**
+     * @description Parameters for `POST /sapi/v1/sub-account/universalTransfer`.
+     *
+     * Transfers an asset between any two accounts (master to/from sub, or sub
+     * to/from sub) and between any two wallet types (spot, futures, margin, etc).
+     * The signing credential (the API key + Ed25519 key pair) must belong to the
+     * master account.
+     */
+    UniversalTransferRequest: {
+      /** @description The amount being transferred, as a decimal string. */
+      amount: string;
+      /** @description The asset symbol being transferred (e.g. `"USDT"`). */
+      asset: string;
+      /**
+       * @description Optional client-supplied transfer id. If set, Binance echoes it back
+       * on [`UniversalTransferResponse::client_tran_id`] and lets it be used
+       * as a filter on
+       * [`UniversalTransferHistoryRequest::client_tran_id`].
+       */
+      clientTranId?: string | null;
+      fromAccountType?: components["schemas"]["AccountType"];
+      /** @description Source sub-account email. If `None`, the source is the master account. */
+      fromEmail?: string | null;
+      toAccountType?: components["schemas"]["AccountType"];
+      /** @description Destination sub-account email. If `None`, the destination is the master account. */
+      toEmail?: string | null;
+    };
+    /** @description Response returned by `cs_binanceUniversalTransfer`. */
+    UniversalTransferResponse: {
+      clientTranId?: string | null;
+      /** Format: int64 */
+      tranId: number;
+    };
     /** @description Options that should be set only for local devnet testing. */
     UnsafeConf: {
       /**
@@ -8864,6 +9561,8 @@ export interface components {
        */
       validator_index: string;
     } & {
+      /** @description Do not produce a valid signature, just evaluate attached policies. */
+      dry_run?: boolean;
       /**
        * @description Request additional information to be included in the response, explaining
        * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -8938,6 +9637,14 @@ export interface components {
        * Once disabled, a key cannot be used for signing.
        */
       enabled?: boolean | null;
+      /**
+       * @description If set, patch the key's structured [`KeyProperties`]. The patch's variant must
+       * match the key's [`KeyType`] (e.g. `BinanceApi` properties are only allowed on
+       * `Ed25519BinanceApi` keys). Each field in the patch is independent: missing
+       * means leave alone, JSON `null` clears, a value sets. Sending JSON `null` for
+       * the whole field clears all properties on the key.
+       */
+      properties?: unknown;
       /**
        * @description If set, change the key's region affinity to this value.
        *
@@ -9603,6 +10310,179 @@ export interface components {
     WhereAndWhen: components["schemas"]["SourceIp"] & {
       time: components["schemas"]["EpochDateTime"];
     };
+    /** @description One withdrawal entry in [`WithdrawHistoryResponse`]. */
+    WithdrawHistoryEntry: {
+      /** @description Destination address. */
+      address: string;
+      /** @description Withdrawal amount, as a decimal string. */
+      amount: string;
+      /**
+       * @description Time the withdrawal was requested (Binance returns a UTC string,
+       * e.g. `"2019-09-24 12:43:45"`).
+       */
+      applyTime: string;
+      /** @description Asset symbol (e.g. `"USDT"`, `"BTC"`). */
+      coin: string;
+      /**
+       * @description Time the withdrawal completed (UTC string), present once
+       * `status == 6`.
+       */
+      completeTime?: string | null;
+      /**
+       * Format: int32
+       * @description Number of on-chain confirmations.
+       */
+      confirmNo?: number | null;
+      /**
+       * @description Binance-assigned withdrawal id. Matches the `id` returned by
+       * [`WithdrawResponse`].
+       */
+      id: string;
+      /** @description Failure reason when the withdrawal was rejected. */
+      info?: string | null;
+      /** @description Blockchain network identifier (e.g. `"BSC"`, `"ETH"`). */
+      network?: string | null;
+      /**
+       * Format: int32
+       * @description Withdrawal status. Binance values: `0` = Email Sent,
+       * `2` = Awaiting Approval, `3` = Rejected, `4` = Processing,
+       * `6` = Completed. Left as `u8` for forward compatibility.
+       */
+      status: number;
+      /** @description Network fee charged for the withdrawal, as a decimal string. */
+      transactionFee: string;
+      /**
+       * Format: int32
+       * @description `0` = external transfer, `1` = internal (Binance↔Binance) transfer.
+       */
+      transferType: number;
+      /**
+       * @description On-chain transaction hash, once Binance has broadcast the withdrawal.
+       * May be empty until then.
+       */
+      txId?: string | null;
+      /**
+       * Format: int32
+       * @description Source wallet: `0` = spot wallet, `1` = funding wallet.
+       */
+      walletType: number;
+      /**
+       * @description Client-supplied withdrawal id, if one was set on the original
+       * withdrawal call.
+       */
+      withdrawOrderId?: string | null;
+    };
+    /**
+     * @description Parameters for `GET /sapi/v1/capital/withdraw/history`.
+     *
+     * Returns the master account's withdrawal history. All filters are
+     * optional; if `start_time`/`end_time` are omitted, Binance returns the
+     * most recent 90 days. Use `id_list` to look up specific withdrawals by
+     * the `id` returned from [`BinanceRpc::Withdraw`], or `withdraw_order_id`
+     * to look one up by its client-supplied id.
+     */
+    WithdrawHistoryRequest: {
+      /** @description Filter to a specific asset (e.g. `"USDT"`). */
+      coin?: string | null;
+      /**
+       * Format: int64
+       * @description Window end (ms since epoch).
+       */
+      endTime?: number | null;
+      /**
+       * @description Comma-separated list of Binance-assigned withdrawal ids (the `id`
+       * field of [`WithdrawResponse`]). Up to 45 ids per query, per Binance.
+       */
+      idList?: string | null;
+      /**
+       * Format: int32
+       * @description Page size (Binance default and max: 1000).
+       */
+      limit?: number | null;
+      /**
+       * Format: int32
+       * @description Pagination offset.
+       */
+      offset?: number | null;
+      /**
+       * Format: int64
+       * @description Window start (ms since epoch).
+       */
+      startTime?: number | null;
+      /**
+       * Format: int32
+       * @description Filter by withdrawal status. Binance values:
+       * `0` = Email Sent, `2` = Awaiting Approval, `3` = Rejected,
+       * `4` = Processing, `6` = Completed. Left as `u8` for forward
+       * compatibility.
+       */
+      status?: number | null;
+      /**
+       * @description Filter by the client-supplied withdrawal id originally passed to
+       * [`WithdrawRequest::withdraw_order_id`].
+       */
+      withdrawOrderId?: string | null;
+    };
+    /**
+     * @description Response returned by `cs_binanceWithdrawHistory`.
+     *
+     * Binance returns a top-level JSON array; this newtype preserves that wire
+     * format while giving the response a named type in the OpenAPI schema.
+     */
+    WithdrawHistoryResponse: components["schemas"]["WithdrawHistoryEntry"][];
+    /**
+     * @description Parameters for `POST /sapi/v1/capital/withdraw/apply`.
+     *
+     * Submits a withdrawal of `amount` of `coin` to the given external `address`.
+     * The signing key's account must have withdrawal permissions enabled.
+     */
+    WithdrawRequest: {
+      /** @description Destination address. */
+      address: string;
+      /**
+       * @description Secondary address identifier required by some assets (e.g. memo for
+       * XRP, tag for XLM).
+       */
+      addressTag?: string | null;
+      /**
+       * @description The amount being withdrawn, formatted as a decimal string (e.g. `"0.1"`).
+       * Sent verbatim: Binance is strict about decimal formatting.
+       */
+      amount: string;
+      /** @description The asset symbol being withdrawn (e.g. `"USDT"`, `"BTC"`). */
+      coin: string;
+      /** @description Optional human-readable description for the withdrawal. */
+      name?: string | null;
+      /**
+       * @description Network identifier (e.g. `"BSC"`, `"ETH"`). If omitted, Binance picks
+       * the default network for the asset.
+       */
+      network?: string | null;
+      /**
+       * @description If `true`, the withdrawal fee is deducted from the destination amount;
+       * if `false` (Binance default), it is deducted from the account balance
+       * in addition to `amount`.
+       */
+      transactionFeeFlag?: boolean | null;
+      /**
+       * Format: int32
+       * @description Source wallet: `0` = spot wallet (default), `1` = funding wallet.
+       */
+      walletType?: number | null;
+      /**
+       * @description Client-supplied withdrawal id, returned by Binance as `withdrawOrderId`
+       * in subsequent withdrawal-history queries.
+       */
+      withdrawOrderId?: string | null;
+    };
+    /** @description Response returned by `cs_binanceWithdraw`. */
+    WithdrawResponse: {
+      /**
+       * @description Binance-assigned withdrawal id. Used to look the request up later via
+       * the withdrawal-history endpoint.
+       */
+      id: string;
+    };
   };
   responses: {
     AddThirdPartyUserResponse: {
@@ -9728,6 +10608,21 @@ export interface components {
         };
       };
     };
+    /** @description Response returned by the typed `binance_sign` endpoint. */
+    BinanceSignResponse: {
+      content: {
+        "application/json": {
+          /** @description Optional policy evaluation tree. */
+          policy_eval_tree?: unknown;
+        } & {
+          /**
+           * @description The full signed query string, ready to be submitted to Binance.
+           * Encoded as `<urlencoded params>&recvWindow=<ms>&timestamp=<ms>&signature=<urlencoded base64 sig>`.
+           */
+          signed_query: string;
+        };
+      };
+    };
     /** @description BTC message signing response */
     BtcMessageSignResponse: {
       content: {
@@ -10187,6 +11082,7 @@ export interface components {
            * ]
            */
           policy: unknown[];
+          properties?: components["schemas"]["KeyPropertiesPatch"] | null;
           /** @description The key provenance. */
           provenance?: string | null;
           /**
@@ -16833,6 +17729,11 @@ export interface operations {
         user_id: string;
       };
     };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["Empty"];
+      };
+    };
     responses: {
       200: components["responses"]["EmptyImpl"];
       default: {
@@ -17076,6 +17977,47 @@ export interface operations {
       };
     };
   };
+  /**
+   * Sign Binance RPC Request
+   * @description Sign Binance RPC Request
+   *
+   * Signs a typed [`BinanceRpc`] request with the [`KeyType::Ed25519BinanceApi`]
+   * key identified by `material_id`. The signer URL-encodes the inner request,
+   * appends Binance's `recvWindow` and `timestamp` parameters, signs the
+   * resulting query, and returns the full query string ready to be submitted
+   * to Binance.
+   */
+  binanceSign: {
+    parameters: {
+      path: {
+        /**
+         * @description Name or ID of the desired Org
+         * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+         */
+        org_id: string;
+        /** @description Material id of the Ed25519BinanceApi key */
+        material_id: string;
+      };
+    };
+    requestBody: {
+      content: {
+        "application/json": components["schemas"]["BinanceRpc"];
+      };
+    };
+    responses: {
+      200: components["responses"]["BinanceSignResponse"];
+      202: {
+        content: {
+          "application/json": components["schemas"]["AcceptedResponse"];
+        };
+      };
+      default: {
+        content: {
+          "application/json": components["schemas"]["ErrorResponse"];
+        };
+      };
+    };
+  };
   /**
    * Sign Raw Blob
    * @description Sign Raw Blob