@cubist-labs/cubesigner-sdk 0.4.241 → 0.4.246

package/src/schema_types.ts

@@ -46,6 +46,7 @@ const AllOperationKinds: Record<OperationKind, true> = {
   BabylonCovSign: true,
   BabylonRegistration: true,
   BabylonStaking: true,
+  BinanceSign: true,
   BlobSign: true,
   BtcMessageSign: true,
   BtcSign: true,
@@ -193,6 +194,7 @@ export type MmiJrpcMethod =
   | "custodian_getSignedMessageLink";
 
 export type AcceptedResponse = schemas["AcceptedResponse"];
+export type AcceptedValue = schemas["AcceptedValue"];
 export type ErrorResponse = schemas["ErrorResponse"];
 export type BtcSignatureKind = schemas["BtcSignatureKind"];
 export type CsErrCode = schemas["SignerErrorCode"];
@@ -211,10 +213,14 @@ export type MfaPolicy = Omit<schemas["MfaPolicy"], "allowed_mfa_types"> & {
 export type MfaVote = schemas["MfaVote"];
 export type MfaRequestInfo = schemas["MfaRequestInfo"];
 export type MfaProtectedAction = schemas["MfaProtectedAction"];
-export type MfaRequired = schemas["AcceptedValue"]["MfaRequired"];
+export type MfaRequired = schemas["MfaRequiredArgs"];
+export type SignDryRun = schemas["SignDryRunArgs"];
+export type BinanceDryRun = schemas["BinanceDryRunArgs"];
 export type EvmTxCmp = schemas["EvmTxCmp"];
 export type SolanaTxCmp = schemas["SolanaTxCmp"];
 
+export type BinanceApiProperties = schemas["BinanceApiPropertiesPatch"];
+
 export type CreateOrgRequest = schemas["CreateOrgRequest"];
 export type OrgMetricName = schemas["MetricName"];
 export type QueryMetricsRequest = schemas["QueryMetricsRequest"];
@@ -232,6 +238,11 @@ export type UserExportCompleteRequest = schemas["UserExportCompleteRequest"];
 export type UserExportCompleteResponse = schemas["UserExportCompleteResponse"];
 export type UserExportListResponse = schemas["PaginatedUserExportListResponse"];
 export type UserExportKeyMaterial = schemas["JsonKeyPackage"];
+export type JsonRpcResponse = schemas["JsonRpcResponse"];
+export type JsonRpcRequest = schemas["RpcMethod"] & {
+  /** @description Request ID */
+  id?: string;
+};
 
 export type HistoricalTx = schemas["HistoricalTx"];
 export type ListHistoricalTxResponse = schemas["PaginatedListHistoricalTxResponse"];

package/src/scopes.ts

@@ -30,6 +30,17 @@ export const AllScopes: Record<ExplicitScope, string> =
   "sign:btc:message:*"                          : "Allows access to the BTC message signing endpoint for any key type",
   "sign:btc:message:segwit"                     : "Allows access to the BTC message signing endpoint for segwit keys",
   "sign:btc:message:legacy"                     : "Allows access to the BTC message signing endpoint for legacy keys",
+  "sign:binance:*"                              : "Allows access to the Binance sign endpoint, without restrictions",
+  "sign:binance:accountInfo"                    : "Allows access to the Binance sign endpoint, restricted to the 'AccountInfo' operation",
+  "sign:binance:deposit"                        : "Allows access to the Binance sign endpoint, restricted to the 'Deposit' method",
+  "sign:binance:subAccountAssets"               : "Allows access to the Binance sign endpoint, restricted to the 'SubAccountAssets' operation",
+  "sign:binance:subAccountTransferHistory"      : "Allows access to the Binance sign endpoint, restricted to the 'SubAccountTransferHistory' operation",
+  "sign:binance:subToMaster"                    : "Allows access to the Binance sign endpoint, restricted to the 'SubToMaster' operation",
+  "sign:binance:subToSub"                       : "Allows access to the Binance sign endpoint, restricted to the 'SubToSub' operation",
+  "sign:binance:universalTransfer"              : "Allows access to the Binance sign endpoint, restricted to the 'UniversalTransfer' operation",
+  "sign:binance:universalTransferHistory"       : "Allows access to the Binance sign endpoint, restricted to the 'UniversalTransferHistory' operation",
+  "sign:binance:withdraw"                       : "Allows access to the Binance sign endpoint, restricted to the 'Withdraw' operation",
+  "sign:binance:withdrawHistory"                : "Allows access to the Binance sign endpoint, restricted to the 'WithdrawHistory' operation",
   "sign:babylon:*"                              : "Allows access to all Babylon endpoints",
   "sign:babylon:eots:*"                         : "Allows access to all Babylon EOTS endpoints",
   "sign:babylon:eots:nonces"                    : "Allows access to the EOTS nonce generation endpoint",
@@ -91,6 +102,7 @@ export const AllScopes: Record<ExplicitScope, string> =
   "manage:key:update:policy"                    : "Allows access only to the key 'update' endpoint, but restricting updates to the key 'policy' property",
   "manage:key:update:enabled"                   : "Allows access only to the key 'update' endpoint, but restricting updates to the key 'enabled' property",
   "manage:key:update:metadata"                  : "Allows access only to the key 'update' endpoint and restricts updates to the key 'metadata' property",
+  "manage:key:update:properties"                : "Allows access only to the key 'update' endpoint and restricts updates to the key 'properties' property",
   "manage:key:update:editPolicy"                : "Allows access only to the key 'update' endpoint and restricts updates to the 'edit_policy' property",
   "manage:key:delete"                           : "Allows access only to the key 'delete' endpoint",
   "manage:policy:*"                             : "Allows access to all policy endpoints",
@@ -177,10 +189,16 @@ export const AllScopes: Record<ExplicitScope, string> =
   "manage:org:invitation:cancel"                : "Allows access only to the org endpoint for canceling pending invitations",
   "manage:org:inviteUser"                       : "Allows access only to the org endpoint for inviting a new member or org owner to the org",
   "manage:org:inviteAlien"                      : "Allows access only to the org endpoint for inviting a new alien user to the org",
-  "manage:org:updateMembership"                 : "Allows access only to the org endpoint for updating existing user's org membership",
+  "manage:org:updateMembership:*"               : "Allows access only to the org endpoint for updating existing user's org membership",
+  "manage:org:updateMembership:owner"           : "Allows access only to the org endpoint for updating existing org Owner's membership",
+  "manage:org:updateMembership:member"          : "Allows access only to the org endpoint for updating existing org Member's membership",
+  "manage:org:updateMembership:alien"           : "Allows access only to the org endpoint for updating existing org Alien's membership",
   "manage:org:listUsers"                        : "Allows access only to the org endpoint for listing all org users (members)",
   "manage:org:user:get"                         : "Allows access only to the org endpoints for getting users by id or email",
-  "manage:org:deleteUser"                       : "Allows access only to the org endpoint for deleting an OIDC user",
+  "manage:org:deleteUser:*"                     : "Allows access only to the org endpoint for deleting an OIDC user",
+  "manage:org:deleteUser:owner"                 : "Allows access only to the org endpoint for deleting a user, only when deleting an existing org Owner",
+  "manage:org:deleteUser:member"                : "Allows access only to the org endpoint for deleting a user, only when deleting an existing org Member",
+  "manage:org:deleteUser:alien"                 : "Allows access only to the org endpoint for deleting a user, only when deleting an existing org Alien",
   "manage:org:get"                              : "Allows access to retrieving organization information",
   "manage:org:user:resetMfa"                    : "Allows an owner to initiate an MFA reset for a user",
   "manage:org:update:*"                         : "Allows access to all org 'update' actions",
@@ -240,6 +258,8 @@ export const AllScopes: Record<ExplicitScope, string> =
   "rpc:createTransaction:evm"                   : "Allows access to the RPC API endpoint, but only for the 'cs_createTransaction' function with an EVM transaction request.",
   "rpc:getTransaction"                          : "Allows access to the RPC API endpoint, but only for the 'cs_getTransaction' function.",
   "rpc:listTransactions"                        : "Allows access to the RPC API endpoint, but only for the 'cs_listTransactions' function.",
+  "rpc:retryTransaction"                        : "Allows access to the RPC API endpoint, but only for the 'cs_retryTransaction' function",
+  "rpc:binance"                                 : "Allows access to the RPC API endpoint, but only for the 'cs_binance*' functions",
 };
 
 // Const for scope category labels

package/src/user_export.ts

@@ -27,7 +27,7 @@ export async function userExportKeygen(): Promise<CryptoKeyPair> {
 }
 
 /**
- * Get the ArrayBuffer slice represented by a Buffer
+ * Get the ArrayBuffer slice represented by a Uint8Array
  *
  * @param b The buffer to convert
  * @returns The resulting ArrayBuffer
@@ -52,7 +52,7 @@ export async function userExportDecrypt(
 
   // decrypt the export ciphertext using the HPKE one-shot API
   const tenc = new TextEncoder();
-  const tdec = new TextDecoder();
+  const tdec = new TextDecoder("utf-8");
   const info = toArrayBuffer(tenc.encode(`cubist-signer::UserExportOwner::${response.user_id}`));
   const public_key = toArrayBuffer(decodeBase64(response.ephemeral_public_key));
   const ctxt = toArrayBuffer(decodeBase64(response.encrypted_key_material));

package/src/util.ts

@@ -27,6 +27,9 @@ export function pathJoin(dir: string, file: string): string {
   return `${dir}${sep}${file}`;
 }
 
+// eslint-disable-next-line no-restricted-globals -- intentionally checking for Buffer before using it
+const nodeBuffer = typeof Buffer === "function" ? Buffer : undefined;
+
 /**
  * Browser-friendly helper for decoding a 'base64'-encoded string into a byte array.
  *
@@ -34,8 +37,8 @@ export function pathJoin(dir: string, file: string): string {
  * @returns Decoded byte array
  */
 export function decodeBase64(b64: string): Uint8Array {
-  return typeof Buffer === "function"
-    ? Buffer.from(b64, "base64")
+  return nodeBuffer
+    ? nodeBuffer.from(b64, "base64")
     : Uint8Array.from(atob(b64), (c) => c.charCodeAt(0));
 }
 
@@ -60,10 +63,9 @@ export function decodeBase64Url(b64url: string): Uint8Array {
  */
 export function encodeToBase64(buffer: Iterable<number> | ArrayBuffer): string {
   const bytes = buffer instanceof ArrayBuffer ? new Uint8Array(buffer) : new Uint8Array(buffer);
-  const b64 =
-    typeof Buffer === "function"
-      ? Buffer.from(bytes).toString("base64")
-      : btoa(bytes.reduce((s, b) => s + String.fromCharCode(b), ""));
+  const b64 = nodeBuffer
+    ? nodeBuffer.from(bytes).toString("base64")
+    : btoa(bytes.reduce((s, b) => s + String.fromCharCode(b), ""));
   return b64;
 }
 
@@ -97,6 +99,30 @@ export function delay(ms: number): Promise<void> {
  * @returns Hex string prefixed with "0x"
  */
 export function encodeToHex(message: string | Uint8Array): string {
-  const buff = typeof message === "string" ? Buffer.from(message, "utf8") : Buffer.from(message);
-  return "0x" + buff.toString("hex");
+  const bytes = typeof message === "string" ? new TextEncoder().encode(message) : message;
+  return "0x" + Array.from(bytes, (b) => b.toString(16).padStart(2, "0")).join("");
+}
+
+/**
+ * Decodes a hex string into a byte array.
+ *
+ * @param hex The hex string to decode, with or without a "0x" prefix
+ * @returns Decoded byte array
+ */
+export function decodeFromHex(hex: string): Uint8Array {
+  const clean = hex.startsWith("0x") ? hex.slice(2) : hex;
+
+  if (clean.length % 2 !== 0) {
+    throw new Error(`Invalid hexadecimal string length, must be even: ${clean.length}`);
+  }
+
+  if (!/^[0-9a-fA-F]*$/.test(clean)) {
+    throw new Error(`Invalid hexadecimal character in: '${clean}'`);
+  }
+
+  const bytes = new Uint8Array(clean.length / 2);
+  for (let i = 0; i < bytes.length; i++) {
+    bytes[i] = parseInt(clean.slice(i * 2, i * 2 + 2), 16);
+  }
+  return bytes;
 }