npm - @cubist-labs/cubesigner-sdk - Versions diffs - 0.4.241 → 0.4.246 - Mend

@cubist-labs/cubesigner-sdk 0.4.241 → 0.4.246

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (61) hide show

package/dist/package.json +1 -1
package/dist/spec/env/gamma.json +5 -0
package/dist/src/audit_log.d.ts +5 -5
package/dist/src/audit_log.js +1 -1
package/dist/src/client/api_client.d.ts +22 -7
package/dist/src/client/api_client.d.ts.map +1 -1
package/dist/src/client/api_client.js +43 -13
package/dist/src/client/base_client.d.ts +5 -1
package/dist/src/client/base_client.d.ts.map +1 -1
package/dist/src/client/base_client.js +16 -10
package/dist/src/client/session.d.ts +3 -1
package/dist/src/client/session.d.ts.map +1 -1
package/dist/src/client/session.js +7 -3
package/dist/src/client.d.ts +12 -5
package/dist/src/client.d.ts.map +1 -1
package/dist/src/client.js +15 -4
package/dist/src/diffie_hellman.js +2 -2
package/dist/src/env.d.ts +7 -0
package/dist/src/env.d.ts.map +1 -1
package/dist/src/env.js +14 -1
package/dist/src/fetch.d.ts.map +1 -1
package/dist/src/fetch.js +2 -3
package/dist/src/key.d.ts +17 -1
package/dist/src/key.d.ts.map +1 -1
package/dist/src/key.js +19 -3
package/dist/src/policy.d.ts +24 -7
package/dist/src/policy.d.ts.map +1 -1
package/dist/src/policy.js +34 -16
package/dist/src/response.d.ts +29 -5
package/dist/src/response.d.ts.map +1 -1
package/dist/src/response.js +62 -24
package/dist/src/schema.d.ts +975 -84
package/dist/src/schema.d.ts.map +1 -1
package/dist/src/schema.js +1 -1
package/dist/src/schema_types.d.ts +10 -1
package/dist/src/schema_types.d.ts.map +1 -1
package/dist/src/schema_types.js +2 -1
package/dist/src/scopes.d.ts.map +1 -1
package/dist/src/scopes.js +23 -3
package/dist/src/user_export.d.ts +1 -1
package/dist/src/user_export.js +3 -3
package/dist/src/util.d.ts +7 -0
package/dist/src/util.d.ts.map +1 -1
package/dist/src/util.js +30 -7
package/package.json +1 -1
package/src/audit_log.ts +3 -5
package/src/client/api_client.ts +54 -14
package/src/client/base_client.ts +13 -3
package/src/client/session.ts +10 -3
package/src/client.ts +17 -4
package/src/diffie_hellman.ts +1 -1
package/src/env.ts +17 -0
package/src/fetch.ts +1 -2
package/src/key.ts +26 -2
package/src/policy.ts +34 -16
package/src/response.ts +72 -25
package/src/schema.ts +1034 -92
package/src/schema_types.ts +12 -1
package/src/scopes.ts +22 -2
package/src/user_export.ts +2 -2
package/src/util.ts +34 -8

package/dist/src/schema.d.ts CHANGED Viewed

@@ -1660,6 +1660,19 @@ export interface paths {
          */
         get: operations["userOrgs"];
     };
+    "/v1/org/{org_id}/binance/sign/{material_id}": {
+        /**
+         * Sign Binance RPC Request
+         * @description Sign Binance RPC Request
+         *
+         * Signs a typed [`BinanceRpc`] request with the [`KeyType::Ed25519BinanceApi`]
+         * key identified by `material_id`. The signer URL-encodes the inner request,
+         * appends Binance's `recvWindow` and `timestamp` parameters, signs the
+         * resulting query, and returns the full query string ready to be submitted
+         * to Binance.
+         */
+        post: operations["binanceSign"];
+    };
     "/v1/org/{org_id}/blob/sign/{key_id}": {
         /**
          * Sign Raw Blob
@@ -1745,34 +1758,97 @@ export type webhooks = Record<string, never>;
 export interface components {
     schemas: {
         AcceptedResponse: components["schemas"]["ErrorResponse"] & Record<string, never>;
+        /** @description Different responses we return for success status codes. */
+        AcceptedValue: OneOf<[
+            {
+                SignDryRun: components["schemas"]["SignDryRunArgs"];
+            },
+            {
+                BinanceDryRun: components["schemas"]["BinanceDryRunArgs"];
+            },
+            {
+                MfaRequired: components["schemas"]["MfaRequiredArgs"];
+            }
+        ]>;
+        /** @enum {string} */
+        AcceptedValueCode: "SignDryRun" | "BinanceDryRun" | "MfaRequired";
         /**
-         * @description Different responses we return for status code "202 Accepted".
+         * @description Determines who controls the keys within an org
+         * @enum {string}
+         */
+        AccessModel: "User" | "Org";
+        /**
+         * @description One asset balance entry in [`AccountInfoResponse::balances`]. Distinct from
+         * [`SubAccountAsset`] because the spot-account schema lacks the `freeze` and
+         * `withdrawing` fields.
+         */
+        AccountBalance: {
+            /** @description Asset symbol (e.g. `"USDT"`, `"BTC"`). */
+            asset: string;
+            /** @description Available balance. */
+            free: string;
+            /** @description Balance locked in open orders. */
+            locked: string;
+        };
+        /**
+         * @description Parameters for `GET /api/v3/account`.
          *
-         * Even though "202 Accepted" is a successful response, we represent
-         * it as a Rust error because that makes it easy to have route handlers
-         * return `Result<T, SignerError>` where `T` is the type of the
-         * response for the status code "200 Ok".
+         * Returns Spot account info for whichever account the signing key
+         * authenticates as (master or sub).
          */
-        AcceptedValue: {
-            MfaRequired: {
-                /** @description Always set to first MFA id from `Self::ids` */
-                id: string;
-                /** @description Non-empty MFA request IDs */
-                ids: string[];
-                /** @description Organization id */
-                org_id: string;
-                /** @description Optional policy evaluation tree (included in signer responses, when requested) */
-                policy_eval_tree?: unknown;
-                session?: components["schemas"]["NewSessionResponse"] | null;
-            };
+        AccountInfoRequest: {
+            /**
+             * @description If `true`, the response omits assets with all-zero balances. Defaults to
+             * `false` (Binance's default).
+             */
+            omitZeroBalances?: boolean | null;
+        };
+        /** @description Response returned by `cs_binanceAccountInfo`. */
+        AccountInfoResponse: {
+            /** @description Account type, e.g. `"SPOT"`. Left as `String` for forward compatibility. */
+            accountType: string;
+            /** @description One entry per asset. Affected by the `omit_zero_balances` request flag. */
+            balances: components["schemas"]["AccountBalance"][];
+            brokered: boolean;
+            /** Format: int64 */
+            buyerCommission: number;
+            canDeposit: boolean;
+            canTrade: boolean;
+            canWithdraw: boolean;
+            commissionRates: components["schemas"]["CommissionRates"];
+            /**
+             * Format: int64
+             * @description Maker commission, in basis points (e.g. `10` = 0.1%). Superseded by
+             * [`AccountInfoResponse::commission_rates`] for fractional rates.
+             */
+            makerCommission: number;
+            /** @description Permission flags, e.g. `["SPOT", "MARGIN"]`. */
+            permissions: string[];
+            preventSor: boolean;
+            requireSelfTradePrevention: boolean;
+            /** Format: int64 */
+            sellerCommission: number;
+            /** Format: int64 */
+            takerCommission: number;
+            /**
+             * Format: int64
+             * @description Account user id.
+             */
+            uid: number;
+            /**
+             * Format: int64
+             * @description Last account update time (ms since epoch).
+             */
+            updateTime: number;
         };
-        /** @enum {string} */
-        AcceptedValueCode: "MfaRequired";
         /**
-         * @description Determines who controls the keys within an org
+         * @description Wallet type used as the source or destination of a [`UniversalTransferRequest`].
+         *
+         * Serializes to the SCREAMING_SNAKE_CASE strings Binance expects. The default
+         * is [`AccountType::Spot`].
          * @enum {string}
          */
-        AccessModel: "User" | "Org";
+        AccountType: "SPOT" | "USDT_FUTURE" | "COIN_FUTURE" | "MARGIN";
         /** @description Request to add OIDC identity to an existing user account */
         AddIdentityRequest: {
             oidc_token: string;
@@ -2069,6 +2145,8 @@ export interface components {
         AuthenticatorTransport: "usb" | "nfc" | "ble" | "internal";
         /** @description Request to sign a serialized Avalanche transaction */
         AvaSerializedTxSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -2091,6 +2169,8 @@ export interface components {
         };
         /** @description Request to sign an Avalanche transaction */
         AvaSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -2128,6 +2208,8 @@ export interface components {
         /** @description Wrapper around a zeroizing 32-byte fixed-size array */
         B32: string;
         BabylonCovSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -2321,6 +2403,8 @@ export interface components {
              */
             value: number;
         }) & {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -2700,7 +2784,7 @@ export interface components {
         /** @enum {string} */
         BadGatewayErrorCode: "Generic" | "CustomChainRpcError" | "EsploraApiError" | "SentryApiError" | "CallWebhookError" | "OAuthProviderError" | "OidcDisoveryFailed" | "OidcIssuerJwkEndpointUnavailable" | "SmtpServerUnavailable";
         /** @enum {string} */
-        BadRequestErrorCode: "GenericBadRequest" | "DisallowedAllowRuleReference" | "InvalidPaginationToken" | "InvalidEmail" | "InvalidEmailTemplate" | "QueryMetricsError" | "InvalidTelegramData" | "ValidationError" | "WebhookPolicyTimeoutOutOfBounds" | "WebhookPolicyDisallowedUrlScheme" | "WebhookPolicyDisallowedUrlHost" | "WebhookPolicyDisallowedHeaders" | "ReservedName" | "UserEmailNotConfigured" | "EmailPasswordNotFound" | "PasswordAuthNotAllowedByInvitation" | "OneTimeCodeExpired" | "InvalidBody" | "InvalidJwt" | "InvitationNoLongerValid" | "TokenRequestError" | "InvalidMfaReceipt" | "InvalidMfaPolicyCount" | "InvalidMfaPolicyNumAuthFactors" | "InvalidMfaPolicyNumAllowedApprovers" | "InvalidMfaPolicyGracePeriodTooLong" | "InvalidBabylonStakingPolicyParams" | "InvalidSuiTxReceiversEmptyAllowlist" | "InvalidBtcTxReceiversEmptyAllowlist" | "InvalidRequireRoleSessionAllowlist" | "InvalidCreateKeyCount" | "InvalidDiffieHellmanCount" | "OrgInviteExistingUser" | "OrgUserAlreadyExists" | "OrgNameTaken" | "KwkNotFoundInRegion" | "OrgIsNotOrgExport" | "RoleNameTaken" | "PolicyNameTaken" | "NameTaken" | "ContactNameInvalid" | "ContactAddressesInvalid" | "ContactLabelInvalid" | "ContactModified" | "PolicyNotFound" | "PolicyVersionNotFound" | "PolicyRuleDisallowedByType" | "PolicyTypeDisallowed" | "PolicyDuplicateError" | "PolicyStillAttached" | "PolicyModified" | "PolicyNotAttached" | "AddKeyToRoleCountTooHigh" | "InvalidKeyId" | "InvalidTimeLockAlreadyInThePast" | "InvalidRestrictedScopes" | "InvalidUpdate" | "InvalidMetadataLength" | "InvalidLength" | "InvalidKeyMaterialId" | "KeyNotFound" | "SiweChallengeNotFound" | "SiweInvalidRequest" | "UserExportDerivedKey" | "UserExportPublicKeyInvalid" | "NistP256PublicKeyInvalid" | "UnableToAccessSmtpRelay" | "UserExportInProgress" | "RoleNotFound" | "InvalidRoleNameOrId" | "InvalidMfaReceiptOrgIdMissing" | "InvalidMfaReceiptInvalidOrgId" | "MfaRequestNotFound" | "InvalidKeyType" | "InvalidKeyMaterial" | "InvalidHexValue" | "InvalidBase32Value" | "InvalidBase58Value" | "InvalidSs58Value" | "InvalidForkVersionLength" | "InvalidEthAddress" | "InvalidStellarAddress" | "InvalidOrgNameOrId" | "InvalidUpdateOrgRequestDisallowedMfaType" | "InvalidUpdateOrgRequestEmptyAllowedMfaTypes" | "EmailOtpDelayTooShortForRegisterMfa" | "InvalidStakeDeposit" | "InvalidBlobSignRequest" | "InvalidDiffieHellmanRequest" | "InvalidSolanaSignRequest" | "InvalidEip712SignRequest" | "OnlySpecifyOne" | "NoOidcDataInProof" | "InvalidEvmSignRequest" | "InvalidEth2SignRequest" | "InvalidDeriveKeyRequest" | "InvalidStakingAmount" | "CustomStakingAmountNotAllowedForWrapperContract" | "InvalidUnstakeRequest" | "InvalidCreateUserRequest" | "UserAlreadyExists" | "IdpUserAlreadyExists" | "CognitoUserAlreadyOrgMember" | "UserNotFound" | "UserWithEmailNotFound" | "PolicyKeyMismatch" | "EmptyScopes" | "InvalidScopesForRoleSession" | "InvalidLifetime" | "NoSingleKeyForUser" | "InvalidOrgPolicyRule" | "SourceIpAllowlistEmpty" | "LimitWindowTooLong" | "Erc20ContractDisallowed" | "EmptyRuleError" | "OptionalListEmpty" | "MultipleExclusiveFieldsProvided" | "DuplicateFieldEntry" | "InvalidRange" | "InvalidOrgPolicyRepeatedRule" | "InvalidSuiTransaction" | "SuiSenderMismatch" | "AvaSignHashError" | "AvaSignError" | "BtcSegwitHashError" | "BtcTaprootHashError" | "BtcSignError" | "TaprootSignError" | "Eip712SignError" | "InvalidMemberRoleInUserAdd" | "InvalidMemberRoleInRecipientAdd" | "ThirdPartyUserAlreadyExists" | "OidcIdentityAlreadyExists" | "UserAlreadyHasIdentity" | "ThirdPartyUserNotFound" | "DeleteOidcUserError" | "DeleteUserError" | "SessionRoleMismatch" | "InvalidOidcToken" | "InvalidOidcIdentity" | "OidcIssuerUnsupported" | "OidcIssuerNotAllowed" | "OidcIssuerNoApplicableJwk" | "FidoKeyAlreadyRegistered" | "FidoKeySignCountTooLow" | "FidoVerificationFailed" | "FidoChallengeMfaMismatch" | "UnsupportedLegacyCognitoSession" | "InvalidIdentityProof" | "PaginationDataExpired" | "ExistingKeysViolateExclusiveKeyAccess" | "ExportDelayTooShort" | "ExportWindowTooLong" | "InvalidTotpFailureLimit" | "InvalidEip191SignRequest" | "CannotResendUserInvitation" | "InvalidNotificationEndpointCount" | "CannotDeletePendingSubscription" | "InvalidNotificationUrlProtocol" | "EmptyOneOfOrgEventFilter" | "EmptyAllExceptOrgEventFilter" | "InvalidTapNodeHash" | "InvalidOneTimeCode" | "MessageNotFound" | "MessageAlreadySigned" | "MessageRejected" | "MessageReplaced" | "InvalidMessageType" | "EmptyAddress" | "InvalidEth2SigningPolicySlotRange" | "InvalidEth2SigningPolicyEpochRange" | "InvalidEth2SigningPolicyTimestampRange" | "InvalidEth2SigningPolicyOverlappingRule" | "RpcUrlMissing" | "MmiChainIdMissing" | "EthersInvalidRpcUrl" | "EthersGetTransactionCountError" | "InvalidPassword" | "BabylonStakingFeePlusDustOverflow" | "BabylonStaking" | "BabylonStakingIncorrectKey" | "BabylonStakingSegwitNonDeposit" | "BabylonStakingRegistrationRequiresTaproot" | "PsbtSigning" | "TooManyResets" | "TooManyRequests" | "TooManyFailedLogins" | "BadBtcMessageSignP2shFlag" | "InvalidTendermintRequest" | "PolicyVersionMaxReached" | "PolicyVersionInvalid" | "PolicySecretLimitReached" | "PolicySecretTooLarge" | "InvalidImportKey" | "AlienOwnerInvalid" | "EmptyUpdateRequest" | "InvalidPolicyReference" | "PolicyEngineDisabled" | "InvalidWasmPolicy" | "InvalidPolicy" | "RedundantDerivationPath" | "ImportKeyMissing" | "InvalidAbiMethods" | "BabylonCovSign" | "InvalidPolicyLogsRequest" | "UserProfileMigrationMultipleEntries" | "UserProfileMigrationTooManyItems" | "InputTooShort" | "InvalidTweakLength" | "InvalidCustomChains" | "InvalidRpcRequest";
+        BadRequestErrorCode: "GenericBadRequest" | "DisallowedAllowRuleReference" | "InvalidPaginationToken" | "InvalidEmail" | "InvalidEmailTemplate" | "QueryMetricsError" | "InvalidTelegramData" | "ValidationError" | "WebhookPolicyTimeoutOutOfBounds" | "WebhookPolicyDisallowedUrlScheme" | "WebhookPolicyDisallowedUrlHost" | "WebhookPolicyDisallowedHeaders" | "ReservedName" | "UserEmailNotConfigured" | "EmailPasswordNotFound" | "PasswordAuthNotAllowedByInvitation" | "OneTimeCodeExpired" | "InvalidBody" | "InvalidJwt" | "InvitationNoLongerValid" | "TokenRequestError" | "InvalidMfaReceipt" | "InvalidMfaPolicyCount" | "InvalidMfaPolicyNumAuthFactors" | "InvalidMfaPolicyNumAllowedApprovers" | "InvalidMfaPolicyGracePeriodTooLong" | "InvalidBabylonStakingPolicyParams" | "InvalidSuiTxReceiversEmptyAllowlist" | "InvalidBtcTxReceiversEmptyAllowlist" | "InvalidRequireRoleSessionAllowlist" | "InvalidCreateKeyCount" | "InvalidDiffieHellmanCount" | "OrgInviteExistingUser" | "OrgUserAlreadyExists" | "OrgNameTaken" | "KwkNotFoundInRegion" | "OrgIsNotOrgExport" | "RoleNameTaken" | "PolicyNameTaken" | "NameTaken" | "ContactNameInvalid" | "ContactAddressesInvalid" | "ContactLabelInvalid" | "ContactModified" | "PolicyNotFound" | "PolicyVersionNotFound" | "PolicyRuleDisallowedByType" | "PolicyTypeDisallowed" | "PolicyDuplicateError" | "PolicyStillAttached" | "PolicyModified" | "PolicyNotAttached" | "AddKeyToRoleCountTooHigh" | "InvalidKeyId" | "InvalidTimeLockAlreadyInThePast" | "InvalidRestrictedScopes" | "InvalidUpdate" | "InvalidMetadataLength" | "InvalidLength" | "InvalidKeyMaterialId" | "KeyNotFound" | "SiweChallengeNotFound" | "SiweInvalidRequest" | "UserExportDerivedKey" | "UserExportPublicKeyInvalid" | "NistP256PublicKeyInvalid" | "UnableToAccessSmtpRelay" | "UserExportInProgress" | "RoleNotFound" | "InvalidRoleNameOrId" | "InvalidMfaReceiptOrgIdMissing" | "InvalidMfaReceiptInvalidOrgId" | "MfaRequestNotFound" | "InvalidKeyType" | "InvalidPropertiesForKeyType" | "MismatchedKeyPropertiesPatch" | "MissingBinanceApiKey" | "BinanceKeyMasterMismatch" | "InvalidKeyMaterial" | "InvalidHexValue" | "InvalidBase32Value" | "InvalidBase58Value" | "InvalidBase64Value" | "InvalidSs58Value" | "InvalidForkVersionLength" | "InvalidEthAddress" | "InvalidStellarAddress" | "InvalidOrgNameOrId" | "InvalidUpdateOrgRequestDisallowedMfaType" | "InvalidUpdateOrgRequestEmptyAllowedMfaTypes" | "EmailOtpDelayTooShortForRegisterMfa" | "InvalidStakeDeposit" | "InvalidBlobSignRequest" | "InvalidDiffieHellmanRequest" | "InvalidSolanaSignRequest" | "InvalidEip712SignRequest" | "OnlySpecifyOne" | "NoOidcDataInProof" | "InvalidEvmSignRequest" | "InvalidEth2SignRequest" | "InvalidDeriveKeyRequest" | "InvalidStakingAmount" | "CustomStakingAmountNotAllowedForWrapperContract" | "InvalidUnstakeRequest" | "InvalidCreateUserRequest" | "UserAlreadyExists" | "IdpUserAlreadyExists" | "CognitoUserAlreadyOrgMember" | "UserNotFound" | "UserWithEmailNotFound" | "PolicyKeyMismatch" | "EmptyScopes" | "InvalidScopesForRoleSession" | "InvalidLifetime" | "NoSingleKeyForUser" | "InvalidOrgPolicyRule" | "SourceIpAllowlistEmpty" | "LimitWindowTooLong" | "Erc20ContractDisallowed" | "EmptyRuleError" | "OptionalListEmpty" | "MultipleExclusiveFieldsProvided" | "DuplicateFieldEntry" | "InvalidRange" | "InvalidOrgPolicyRepeatedRule" | "InvalidSuiTransaction" | "SuiSenderMismatch" | "AvaSignHashError" | "AvaSignError" | "BtcSegwitHashError" | "BtcTaprootHashError" | "BtcSignError" | "TaprootSignError" | "Eip712SignError" | "InvalidMemberRoleInUserAdd" | "InvalidMemberRoleInRecipientAdd" | "ThirdPartyUserAlreadyExists" | "OidcIdentityAlreadyExists" | "UserAlreadyHasIdentity" | "ThirdPartyUserNotFound" | "DeleteOidcUserError" | "DeleteUserError" | "SessionRoleMismatch" | "InvalidOidcToken" | "InvalidOidcIdentity" | "OidcIssuerUnsupported" | "OidcIssuerNotAllowed" | "OidcIssuerNoApplicableJwk" | "FidoKeyAlreadyRegistered" | "FidoKeySignCountTooLow" | "FidoVerificationFailed" | "FidoChallengeMfaMismatch" | "UnsupportedLegacyCognitoSession" | "InvalidIdentityProof" | "PaginationDataExpired" | "ExistingKeysViolateExclusiveKeyAccess" | "ExportDelayTooShort" | "ExportWindowTooLong" | "InvalidTotpFailureLimit" | "InvalidEip191SignRequest" | "CannotResendUserInvitation" | "InvalidNotificationEndpointCount" | "CannotDeletePendingSubscription" | "InvalidNotificationUrlProtocol" | "EmptyOneOfOrgEventFilter" | "EmptyAllExceptOrgEventFilter" | "InvalidTapNodeHash" | "InvalidOneTimeCode" | "MessageNotFound" | "MessageAlreadySigned" | "MessageRejected" | "MessageReplaced" | "InvalidMessageType" | "EmptyAddress" | "InvalidEth2SigningPolicySlotRange" | "InvalidEth2SigningPolicyEpochRange" | "InvalidEth2SigningPolicyTimestampRange" | "InvalidEth2SigningPolicyOverlappingRule" | "RpcUrlMissing" | "MmiChainIdMissing" | "EthersInvalidRpcUrl" | "EthersGetTransactionCountError" | "InvalidPassword" | "BabylonStakingFeePlusDustOverflow" | "BabylonStaking" | "BabylonStakingIncorrectKey" | "BabylonStakingSegwitNonDeposit" | "BabylonStakingRegistrationRequiresTaproot" | "PsbtSigning" | "TooManyResets" | "TooManyRequests" | "TooManyFailedLogins" | "BadBtcMessageSignP2shFlag" | "InvalidTendermintRequest" | "PolicyVersionMaxReached" | "PolicyVersionInvalid" | "PolicySecretLimitReached" | "PolicySecretTooLarge" | "InvalidImportKey" | "AlienOwnerInvalid" | "EmptyUpdateRequest" | "InvalidPolicyReference" | "PolicyEngineDisabled" | "InvalidWasmPolicy" | "InvalidPolicy" | "RedundantDerivationPath" | "ImportKeyMissing" | "InvalidAbiMethods" | "BabylonCovSign" | "InvalidPolicyLogsRequest" | "UserProfileMigrationMultipleEntries" | "UserProfileMigrationTooManyItems" | "InputTooShort" | "InvalidTweakLength" | "InvalidCustomChains" | "InvalidRpcRequest";
         BillingArgs: {
             billing_org: components["schemas"]["Id"];
             event_type: components["schemas"]["BillingEvent"];
@@ -2717,7 +2801,204 @@ export interface components {
          * @description Billing event types.
          * @enum {string}
          */
-        BillingEvent: "Mmi" | "MmiMessageGet" | "MmiMessageList" | "MmiMessageSign" | "MmiMessageReject" | "MmiMessageDelete" | "AboutMe" | "UserResetEmailInit" | "UserResetEmailComplete" | "UserDeleteTotp" | "UserResetTotpInit" | "UserResetTotpComplete" | "UserVerifyTotp" | "UserRegisterFidoInit" | "UserRegisterFidoComplete" | "UserDeleteFido" | "CreateProofOidc" | "CreateProofCubeSigner" | "VerifyProof" | "AddOidcIdentity" | "RemoveOidcIdentity" | "ListOidcIdentities" | "GetOrg" | "UpdateOrg" | "GetOrgExport" | "CreateOrg" | "ListKeys" | "AttestKey" | "GetKey" | "GetKeyByMaterialId" | "ListKeyRoles" | "UpdateKey" | "ListHistoricalKeyTx" | "Invite" | "CancelInvitation" | "ListInvitations" | "ListUsers" | "GetUser" | "GetUserByEmail" | "GetUserByOidc" | "UpdateMembership" | "ResetMemberMfa" | "CompleteResetMemberMfa" | "CreateRole" | "AttestRole" | "GetRole" | "ListTokenKeys" | "ListRoles" | "GetRoleKey" | "ListRoleKeys" | "ListRoleUsers" | "UpdateRole" | "DeleteRole" | "ConfigureEmail" | "GetEmailConfig" | "DeleteEmailConfig" | "ListHistoricalRoleTx" | "CreatePolicy" | "GetPolicy" | "ListPolicies" | "DeletePolicy" | "UpdatePolicy" | "InvokePolicy" | "GetPolicyLogs" | "UploadWasmPolicy" | "GetPolicySecrets" | "UpdatePolicySecrets" | "SetPolicySecret" | "DeletePolicySecret" | "CreatePolicyImportKey" | "GetPolicyBucket" | "ListPolicyBuckets" | "UpdatePolicyBucket" | "UserExportDelete" | "UserExportList" | "UserExportInit" | "UserExportComplete" | "AddUserToRole" | "RemoveUserFromRole" | "MfaApproveCs" | "MfaRejectCs" | "MfaGet" | "MfaList" | "AddKeysToRole" | "RemoveKeyFromRole" | "CreateToken" | "CreateSession" | "RevokeSession" | "RevokeCurrentSession" | "RevokeSessions" | "ListSessions" | "GetSession" | "SignerSessionRefresh" | "MfaApproveTotp" | "MfaRejectTotp" | "MfaFidoInit" | "MfaApproveFidoComplete" | "MfaRejectFidoComplete" | "MfaEmailInit" | "MfaEmailComplete" | "Cube3signerHeartbeat" | "CreateContact" | "GetContact" | "ListContacts" | "DeleteContact" | "UpdateContact" | "LookupContactsByAddress" | "QueryMetrics" | "QueryAuditLog" | "Counts" | "CreateKey" | "ImportKey" | "CreateKeyImportKey" | "DeriveKey" | "DeleteKey" | "AvaSign" | "AvaSerializedTxSign" | "BabylonRegistration" | "BabylonStaking" | "BabylonCovSign" | "BlobSign" | "BtcMessageSign" | "BtcSign" | "DiffieHellmanExchange" | "PsbtSign" | "PsbtLegacyInputSign" | "PsbtSegwitInputSign" | "PsbtTaprootInputSign" | "TaprootSign" | "Eip712Sign" | "Eip191Sign" | "Eth1Sign" | "Eth2Sign" | "SolanaSign" | "SuiSign" | "TendermintSign" | "Stake" | "Unstake" | "PasskeyAuthInit" | "PasskeyAuthComplete" | "OidcAuth" | "Oauth2Twitter" | "OAuth2TokenRefresh" | "EmailOtpAuth" | "SiweInit" | "SiweComplete" | "TelegramAuth" | "CreateOidcUser" | "DeleteOidcUser" | "DeleteUser" | "CreateEotsNonces" | "EotsSign" | "AuthMigrationIdentityAdd" | "AuthMigrationIdentityRemove" | "AuthMigrationUserUpdate" | "KeyCreated" | "KeyImported" | "InvitationAccept" | "IdpAuthenticate" | "IdpPasswordResetRequest" | "IdpPasswordResetConfirm" | "RpcApi" | "RpcCreateTransaction" | "RpcGetTransaction" | "RpcListTransactions" | "CustomChainRpcCall" | "EsploraApiCall" | "SentryApiCall" | "SentryApiCallPublic" | "MmiJwkSet" | "AttestationJwkSet" | "UserOrgs" | "PublicOrgInfo" | "EmailMyOrgs";
+        BillingEvent: "Mmi" | "MmiMessageGet" | "MmiMessageList" | "MmiMessageSign" | "MmiMessageReject" | "MmiMessageDelete" | "AboutMe" | "UserResetEmailInit" | "UserResetEmailComplete" | "UserDeleteTotp" | "UserResetTotpInit" | "UserResetTotpComplete" | "UserVerifyTotp" | "UserRegisterFidoInit" | "UserRegisterFidoComplete" | "UserDeleteFido" | "CreateProofOidc" | "CreateProofCubeSigner" | "VerifyProof" | "AddOidcIdentity" | "RemoveOidcIdentity" | "ListOidcIdentities" | "GetOrg" | "UpdateOrg" | "GetOrgExport" | "CreateOrg" | "ListKeys" | "AttestKey" | "GetKey" | "GetKeyByMaterialId" | "ListKeyRoles" | "UpdateKey" | "ListHistoricalKeyTx" | "Invite" | "CancelInvitation" | "ListInvitations" | "ListUsers" | "GetUser" | "GetUserByEmail" | "GetUserByOidc" | "UpdateMembership" | "ResetMemberMfa" | "CompleteResetMemberMfa" | "CreateRole" | "AttestRole" | "GetRole" | "ListTokenKeys" | "ListRoles" | "GetRoleKey" | "ListRoleKeys" | "ListRoleUsers" | "UpdateRole" | "DeleteRole" | "ConfigureEmail" | "GetEmailConfig" | "DeleteEmailConfig" | "ListHistoricalRoleTx" | "CreatePolicy" | "GetPolicy" | "ListPolicies" | "DeletePolicy" | "UpdatePolicy" | "InvokePolicy" | "GetPolicyLogs" | "UploadWasmPolicy" | "GetPolicySecrets" | "UpdatePolicySecrets" | "SetPolicySecret" | "DeletePolicySecret" | "CreatePolicyImportKey" | "GetPolicyBucket" | "ListPolicyBuckets" | "UpdatePolicyBucket" | "UserExportDelete" | "UserExportList" | "UserExportInit" | "UserExportComplete" | "AddUserToRole" | "RemoveUserFromRole" | "MfaApproveCs" | "MfaRejectCs" | "MfaGet" | "MfaList" | "AddKeysToRole" | "RemoveKeyFromRole" | "CreateToken" | "CreateSession" | "RevokeSession" | "RevokeCurrentSession" | "RevokeSessions" | "ListSessions" | "GetSession" | "SignerSessionRefresh" | "MfaApproveTotp" | "MfaRejectTotp" | "MfaFidoInit" | "MfaApproveFidoComplete" | "MfaRejectFidoComplete" | "MfaEmailInit" | "MfaEmailComplete" | "Cube3signerHeartbeat" | "CreateContact" | "GetContact" | "ListContacts" | "DeleteContact" | "UpdateContact" | "LookupContactsByAddress" | "QueryMetrics" | "QueryAuditLog" | "Counts" | "CreateKey" | "ImportKey" | "CreateKeyImportKey" | "DeriveKey" | "DeleteKey" | "AvaSign" | "AvaSerializedTxSign" | "BabylonRegistration" | "BabylonStaking" | "BabylonCovSign" | "BinanceSign" | "BlobSign" | "BtcMessageSign" | "BtcSign" | "DiffieHellmanExchange" | "PsbtSign" | "PsbtLegacyInputSign" | "PsbtSegwitInputSign" | "PsbtTaprootInputSign" | "TaprootSign" | "Eip712Sign" | "Eip191Sign" | "Eth1Sign" | "Eth2Sign" | "SolanaSign" | "SuiSign" | "TendermintSign" | "Stake" | "Unstake" | "PasskeyAuthInit" | "PasskeyAuthComplete" | "OidcAuth" | "Oauth2Twitter" | "OAuth2TokenRefresh" | "EmailOtpAuth" | "SiweInit" | "SiweComplete" | "TelegramAuth" | "CreateOidcUser" | "DeleteOidcUser" | "DeleteUser" | "CreateEotsNonces" | "EotsSign" | "AuthMigrationIdentityAdd" | "AuthMigrationIdentityRemove" | "AuthMigrationUserUpdate" | "KeyCreated" | "KeyImported" | "InvitationAccept" | "IdpAuthenticate" | "IdpPasswordResetRequest" | "IdpPasswordResetConfirm" | "RpcApi" | "RpcCreateTransaction" | "RpcGetTransaction" | "RpcListTransactions" | "RpcRetryTransaction" | "RpcBinance" | "CustomChainRpcCall" | "EsploraApiCall" | "SentryApiCall" | "SentryApiCallPublic" | "MmiJwkSet" | "AttestationJwkSet" | "UserOrgs" | "PublicOrgInfo" | "EmailMyOrgs";
+        /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceAccountInfoParams: components["schemas"]["AccountInfoRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * Format: float
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to 10000. Must not be greater than 60000.
+             */
+            recvWindow?: number | null;
+        };
+        BinanceApiPropertiesPatch: {
+            /** @description The Binance-issued API key string. Encrypted server-side before storage. */
+            api_key?: string | null;
+            /** @description Email address of the Binance (master or sub) account this key authenticates as. */
+            email?: string | null;
+            /** @description Whether this corresponds to a master (as opposed to a sub) account on Binance. */
+            is_master?: boolean | null;
+            /** @description Arbitrary label. Useful for storing the corresponding API key label on the Binance side. */
+            label?: string | null;
+        };
+        /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceDepositParams: components["schemas"]["DepositRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * Format: float
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to 10000. Must not be greater than 60000.
+             */
+            recvWindow?: number | null;
+        };
+        BinanceDryRunArgs: {
+            /** @description The Binance API method that would have been used */
+            method: string;
+            /** @description The Binance API url method that would have been called */
+            url: string;
+        };
+        /**
+         * @description Different "dry run" modes for executing Binance requests.
+         * @enum {string}
+         */
+        BinanceDryRunMode: "NO_SIGN" | "NO_SUBMIT";
+        /**
+         * @description Binance-family RPC methods. Each variant authenticates as the
+         * [`KeyType::Ed25519BinanceApi`] key in its `params.key_id`.
+         */
+        BinanceRpc: {
+            /** @enum {string} */
+            method: "cs_binanceSubToMaster";
+            params: components["schemas"]["BinanceSubToMasterParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_binanceSubToSub";
+            params: components["schemas"]["BinanceSubToSubParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_binanceUniversalTransfer";
+            params: components["schemas"]["BinanceUniversalTransferParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_binanceSubAccountAssets";
+            params: components["schemas"]["BinanceSubAccountAssetsParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_binanceAccountInfo";
+            params: components["schemas"]["BinanceAccountInfoParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_binanceSubAccountTransferHistory";
+            params: components["schemas"]["BinanceSubAccountTransferHistoryParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_binanceUniversalTransferHistory";
+            params: components["schemas"]["BinanceUniversalTransferHistoryParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_binanceWithdraw";
+            params: components["schemas"]["BinanceWithdrawParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_binanceWithdrawHistory";
+            params: components["schemas"]["BinanceWithdrawHistoryParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_binanceDeposit";
+            params: components["schemas"]["BinanceDepositParams"];
+        };
+        /** @description Response returned by the typed `binance_sign` endpoint. */
+        BinanceSignResponse: {
+            /** @description Optional policy evaluation tree. */
+            policy_eval_tree?: unknown;
+        } & {
+            /**
+             * @description The full signed query string, ready to be submitted to Binance.
+             * Encoded as `<urlencoded params>&recvWindow=<ms>&timestamp=<ms>&signature=<urlencoded base64 sig>`.
+             */
+            signed_query: string;
+        };
+        /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceSubAccountAssetsParams: components["schemas"]["SubAccountAssetsRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * Format: float
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to 10000. Must not be greater than 60000.
+             */
+            recvWindow?: number | null;
+        };
+        /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceSubAccountTransferHistoryParams: components["schemas"]["SubAccountTransferHistoryRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * Format: float
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to 10000. Must not be greater than 60000.
+             */
+            recvWindow?: number | null;
+        };
+        /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceSubToMasterParams: components["schemas"]["SubToMasterRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * Format: float
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to 10000. Must not be greater than 60000.
+             */
+            recvWindow?: number | null;
+        };
+        /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceSubToSubParams: components["schemas"]["SubToSubRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * Format: float
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to 10000. Must not be greater than 60000.
+             */
+            recvWindow?: number | null;
+        };
+        /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceUniversalTransferHistoryParams: components["schemas"]["UniversalTransferHistoryRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * Format: float
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to 10000. Must not be greater than 60000.
+             */
+            recvWindow?: number | null;
+        };
+        /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceUniversalTransferParams: components["schemas"]["UniversalTransferRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * Format: float
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to 10000. Must not be greater than 60000.
+             */
+            recvWindow?: number | null;
+        };
+        /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceWithdrawHistoryParams: components["schemas"]["WithdrawHistoryRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * Format: float
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to 10000. Must not be greater than 60000.
+             */
+            recvWindow?: number | null;
+        };
+        /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceWithdrawParams: components["schemas"]["WithdrawRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * Format: float
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to 10000. Must not be greater than 60000.
+             */
+            recvWindow?: number | null;
+        };
         /** @description A bitcoin address and its network. */
         BitcoinAddressInfo: {
             /**
@@ -2733,6 +3014,8 @@ export interface components {
          * }
          */
         BlobSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -2821,6 +3104,8 @@ export interface components {
         };
         /** @description Data to sign */
         BtcMessageSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -2857,6 +3142,8 @@ export interface components {
         /** @enum {string} */
         BtcSighashType: "All" | "None" | "Single" | "AllPlusAnyoneCanPay" | "NonePlusAnyoneCanPay" | "SinglePlusAnyoneCanPay";
         BtcSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -3058,6 +3345,13 @@ export interface components {
             client?: components["schemas"]["ClientProfile"];
             os_info?: components["schemas"]["OsInfo"];
         };
+        /** @description Commission rates as decimal strings (e.g. `"0.00100000"`). */
+        CommissionRates: {
+            buyer: string;
+            maker: string;
+            seller: string;
+            taker: string;
+        };
         /**
          * @description Fields that are common to different types of resources such as keys, roles, etc.
          * Includes versioning fields plus metadata, edit policy, etc.
@@ -3148,7 +3442,7 @@ export interface components {
             type: "fido";
         };
         /** @enum {string} */
-        ConflictErrorCode: "ConcurrentRequestDisallowed" | "ConcurrentLockCreation";
+        ConflictErrorCode: "ConcurrentRequestDisallowed" | "ConcurrentLockCreation" | "ConcurrentTransactionSubmission";
         /** @description A contact in the org. */
         Contact: components["schemas"]["CommonFields"] & {
             /**
@@ -3445,6 +3739,29 @@ export interface components {
         CreationOptionsWithHash: components["schemas"]["ChallengePieces"] & {
             options: components["schemas"]["PublicKeyCredentialCreationOptions"];
         };
+        /** @description Core RPC methods (transaction CRUD). */
+        CsRpc: OneOf<[
+            {
+                /** @enum {string} */
+                method: "cs_createTransaction";
+                params: components["schemas"]["CreateTransactionRequest"];
+            },
+            {
+                /** @enum {string} */
+                method: "cs_retryTransaction";
+                params: components["schemas"]["RetryTransactionRequest"];
+            },
+            {
+                /** @enum {string} */
+                method: "cs_getTransaction";
+                params: components["schemas"]["GetTransactionRequest"];
+            },
+            {
+                /** @enum {string} */
+                method: "cs_listTransactions";
+                params: components["schemas"]["ListTransactionsRequest"];
+            }
+        ]>;
         CubeSignerUserInfo: {
             /** @description All multi-factor authentication methods configured for this user */
             configured_mfa: components["schemas"]["ConfiguredMfa"][];
@@ -3477,6 +3794,40 @@ export interface components {
             /** @description Custom EVM chains. */
             evm: components["schemas"]["EvmCustomChain"][];
         };
+        /**
+         * @description Parameters for `GET /sapi/v1/capital/deposit/address`.
+         *
+         * Fetches the deposit address for `coin` on the account that the signing key
+         * authenticates as. Optionally narrows the address to a specific `network`.
+         */
+        DepositRequest: {
+            /**
+             * @description Required only when `network` is `"LIGHTNING"`: the deposit amount that
+             * the returned invoice should encode, as a decimal string.
+             */
+            amount?: string | null;
+            /** @description The asset symbol whose deposit address to fetch (e.g. `"USDT"`, `"BTC"`). */
+            coin: string;
+            /**
+             * @description Network identifier (e.g. `"BSC"`, `"ETH"`). If omitted, Binance returns
+             * the address on the asset's default network.
+             */
+            network?: string | null;
+        };
+        /** @description Response returned by `cs_binanceDeposit`. */
+        DepositResponse: {
+            /** @description Deposit address. */
+            address: string;
+            /** @description Asset symbol (echoes [`DepositRequest::coin`]). */
+            coin: string;
+            /**
+             * @description Secondary address identifier required by some assets (e.g. memo for
+             * XRP, tag for XLM). Empty string when the asset does not use one.
+             */
+            tag: string;
+            /** @description Blockchain explorer URL for `address`. */
+            url: string;
+        };
         /**
          * @description Information produced by a successful deposit
          * @example {
@@ -3563,6 +3914,8 @@ export interface components {
             mnemonic_id?: string | null;
         };
         DiffieHellmanRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -3643,6 +3996,8 @@ export interface components {
             time_lock_until?: components["schemas"]["EpochDateTime"] | null;
         };
         Eip191SignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -3765,6 +4120,8 @@ export interface components {
          * }
          */
         Eip712SignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -3860,6 +4217,8 @@ export interface components {
          * at a specified block height.
          */
         EotsCreateNonceRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -3910,6 +4269,8 @@ export interface components {
         };
         /** @description Request for an EOTS signature on a specified message, chain-id, block-height triple */
         EotsSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -4006,6 +4367,8 @@ export interface components {
          * }
          */
         Eth1SignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -4068,6 +4431,8 @@ export interface components {
          * }
          */
         Eth2SignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -4190,6 +4555,11 @@ export interface components {
         };
         /** @description EVM-specific transaction details. */
         EvmTransactionDetails: {
+            /**
+             * Format: int64
+             * @description The EVM chain id for the chain the transaction is submitted to.
+             */
+            chain_id: number;
             /**
              * @description The transaction hash, as submitted to the chain.
              *
@@ -4201,7 +4571,7 @@ export interface components {
              *
              * Can be undefined if the transaction hasn't been signed yet, or failed to be signed.
              */
-            signature?: string;
+            signature?: string | null;
             /** @description The transaction itself. */
             tx: unknown;
         };
@@ -4253,8 +4623,7 @@ export interface components {
             /**
              * @description Optional nonce.
              *
-             * If not specified, the sender's transaction count from the latest block is
-             * used.
+             * If not specified, the next available nonce is used.
              */
             nonce?: string | null;
         };
@@ -4270,7 +4639,7 @@ export interface components {
          * @description Explicitly named scopes for accessing CubeSigner APIs
          * @enum {string}
          */
-        ExplicitScope: "sign:*" | "sign:ava" | "sign:blob" | "sign:diffieHellman" | "sign:btc:*" | "sign:btc:segwit" | "sign:btc:taproot" | "sign:btc:psbt:*" | "sign:btc:psbt:doge" | "sign:btc:psbt:legacy" | "sign:btc:psbt:segwit" | "sign:btc:psbt:taproot" | "sign:btc:psbt:ltcSegwit" | "sign:btc:message:*" | "sign:btc:message:segwit" | "sign:btc:message:legacy" | "sign:babylon:*" | "sign:babylon:eots:*" | "sign:babylon:eots:nonces" | "sign:babylon:eots:sign" | "sign:babylon:staking:*" | "sign:babylon:staking:deposit" | "sign:babylon:staking:unbond" | "sign:babylon:staking:withdraw" | "sign:babylon:staking:slash" | "sign:babylon:registration" | "sign:babylon:covenant" | "sign:evm:*" | "sign:evm:tx" | "sign:evm:eip191" | "sign:evm:eip712" | "sign:eth2:*" | "sign:eth2:validate" | "sign:eth2:stake" | "sign:eth2:unstake" | "sign:solana" | "sign:sui" | "sign:tendermint" | "sign:mmi" | "manage:*" | "manage:readonly" | "manage:email:*" | "manage:email:get" | "manage:email:update" | "manage:email:delete" | "manage:mfa:*" | "manage:mfa:readonly" | "manage:mfa:list" | "manage:mfa:vote:*" | "manage:mfa:vote:cs" | "manage:mfa:vote:email" | "manage:mfa:vote:fido" | "manage:mfa:vote:totp" | "manage:mfa:register:*" | "manage:mfa:register:fido" | "manage:mfa:register:totp" | "manage:mfa:register:email" | "manage:mfa:unregister:*" | "manage:mfa:unregister:fido" | "manage:mfa:unregister:totp" | "manage:mfa:verify:*" | "manage:mfa:verify:totp" | "manage:key:*" | "manage:key:readonly" | "manage:key:get" | "manage:key:attest" | "manage:key:listRoles" | "manage:key:list" | "manage:key:history:tx:list" | "manage:key:create" | "manage:key:import" | "manage:key:update:*" | "manage:key:update:owner" | "manage:key:update:policy" | "manage:key:update:enabled" | "manage:key:update:region" | "manage:key:update:metadata" | "manage:key:update:editPolicy" | "manage:key:delete" | "manage:policy:*" | "manage:policy:readonly" | "manage:policy:create" | "manage:policy:get" | "manage:policy:list" | "manage:policy:delete" | "manage:policy:update:*" | "manage:policy:update:owner" | "manage:policy:update:name" | "manage:policy:update:acl" | "manage:policy:update:editPolicy" | "manage:policy:update:metadata" | "manage:policy:update:rule" | "manage:policy:invoke" | "manage:policy:wasm:*" | "manage:policy:wasm:upload" | "manage:policy:secrets:*" | "manage:policy:secrets:get" | "manage:policy:secrets:update:*" | "manage:policy:secrets:update:values" | "manage:policy:secrets:update:acl" | "manage:policy:secrets:update:editPolicy" | "manage:policy:buckets:*" | "manage:policy:buckets:get" | "manage:policy:buckets:list" | "manage:policy:buckets:update:*" | "manage:policy:buckets:update:owner" | "manage:policy:buckets:update:acl" | "manage:policy:buckets:update:metadata" | "manage:contact:*" | "manage:contact:readonly" | "manage:contact:create" | "manage:contact:get" | "manage:contact:list" | "manage:contact:delete" | "manage:contact:update:*" | "manage:contact:update:name" | "manage:contact:update:addresses" | "manage:contact:update:owner" | "manage:contact:update:labels" | "manage:contact:update:metadata" | "manage:contact:update:editPolicy" | "manage:contact:lookup:*" | "manage:contact:lookup:address" | "manage:policy:createImportKey" | "manage:role:*" | "manage:role:readonly" | "manage:role:create" | "manage:role:delete" | "manage:role:get:*" | "manage:role:attest" | "manage:role:get:keys" | "manage:role:get:keys:list" | "manage:role:get:keys:get" | "manage:role:get:users" | "manage:role:list" | "manage:role:update:*" | "manage:role:update:enabled" | "manage:role:update:policy" | "manage:role:update:editPolicy" | "manage:role:update:actions" | "manage:role:update:key:*" | "manage:role:update:key:add" | "manage:role:update:key:remove" | "manage:role:update:user:*" | "manage:role:update:user:add" | "manage:role:update:user:remove" | "manage:role:history:tx:list" | "manage:identity:*" | "manage:identity:readonly" | "manage:identity:verify" | "manage:identity:add" | "manage:identity:remove" | "manage:identity:list" | "manage:org:*" | "manage:org:create" | "manage:org:metrics:query" | "manage:org:audit:query" | "manage:org:readonly" | "manage:org:addUser" | "manage:org:inviteUser" | "manage:org:inviteAlien" | "manage:org:invitation:list" | "manage:org:invitation:cancel" | "manage:org:updateMembership" | "manage:org:listUsers" | "manage:org:user:get" | "manage:org:deleteUser" | "manage:org:get" | "manage:org:update:*" | "manage:org:update:enabled" | "manage:org:update:policy" | "manage:org:update:signPolicy" | "manage:org:update:export" | "manage:org:update:totpFailureLimit" | "manage:org:update:notificationEndpoints" | "manage:org:update:defaultInviteKind" | "manage:org:update:idpConfiguration" | "manage:org:update:passkeyConfiguration" | "manage:org:update:emailPreferences" | "manage:org:update:historicalData" | "manage:org:update:requireScopeCeiling" | "manage:org:update:alienLoginRequirement" | "manage:org:update:memberLoginRequirement" | "manage:org:update:keyExportRequirement" | "manage:org:update:allowedMfaTypes" | "manage:org:update:policyEngineConf" | "manage:org:update:customChains" | "manage:org:update:extProps" | "manage:org:update:editPolicy" | "manage:org:user:resetMfa" | "manage:session:*" | "manage:session:readonly" | "manage:session:get" | "manage:session:list" | "manage:session:create" | "manage:session:extend" | "manage:session:revoke" | "manage:export:*" | "manage:export:readonly" | "manage:export:org:*" | "manage:export:org:get" | "manage:export:user:*" | "manage:export:user:delete" | "manage:export:user:list" | "manage:authMigration:*" | "manage:authMigration:identity:add" | "manage:authMigration:identity:remove" | "manage:authMigration:user:update" | "manage:mmi:*" | "manage:mmi:readonly" | "manage:mmi:get" | "manage:mmi:list" | "manage:mmi:reject" | "manage:mmi:delete" | "export:*" | "export:user:*" | "export:user:init" | "export:user:complete" | "mmi:*" | "orgAccess:*" | "orgAccess:child:*" | "rpc:*" | "rpc:createTransaction:*" | "rpc:createTransaction:evm" | "rpc:getTransaction" | "rpc:listTransactions";
+        ExplicitScope: "sign:*" | "sign:ava" | "sign:binance:*" | "sign:binance:subToMaster" | "sign:binance:subToSub" | "sign:binance:universalTransfer" | "sign:binance:subAccountAssets" | "sign:binance:accountInfo" | "sign:binance:subAccountTransferHistory" | "sign:binance:universalTransferHistory" | "sign:binance:withdraw" | "sign:binance:withdrawHistory" | "sign:binance:deposit" | "sign:blob" | "sign:diffieHellman" | "sign:btc:*" | "sign:btc:segwit" | "sign:btc:taproot" | "sign:btc:psbt:*" | "sign:btc:psbt:doge" | "sign:btc:psbt:legacy" | "sign:btc:psbt:segwit" | "sign:btc:psbt:taproot" | "sign:btc:psbt:ltcSegwit" | "sign:btc:message:*" | "sign:btc:message:segwit" | "sign:btc:message:legacy" | "sign:babylon:*" | "sign:babylon:eots:*" | "sign:babylon:eots:nonces" | "sign:babylon:eots:sign" | "sign:babylon:staking:*" | "sign:babylon:staking:deposit" | "sign:babylon:staking:unbond" | "sign:babylon:staking:withdraw" | "sign:babylon:staking:slash" | "sign:babylon:registration" | "sign:babylon:covenant" | "sign:evm:*" | "sign:evm:tx" | "sign:evm:eip191" | "sign:evm:eip712" | "sign:eth2:*" | "sign:eth2:validate" | "sign:eth2:stake" | "sign:eth2:unstake" | "sign:solana" | "sign:sui" | "sign:tendermint" | "sign:mmi" | "manage:*" | "manage:readonly" | "manage:email:*" | "manage:email:get" | "manage:email:update" | "manage:email:delete" | "manage:mfa:*" | "manage:mfa:readonly" | "manage:mfa:list" | "manage:mfa:vote:*" | "manage:mfa:vote:cs" | "manage:mfa:vote:email" | "manage:mfa:vote:fido" | "manage:mfa:vote:totp" | "manage:mfa:register:*" | "manage:mfa:register:fido" | "manage:mfa:register:totp" | "manage:mfa:register:email" | "manage:mfa:unregister:*" | "manage:mfa:unregister:fido" | "manage:mfa:unregister:totp" | "manage:mfa:verify:*" | "manage:mfa:verify:totp" | "manage:key:*" | "manage:key:readonly" | "manage:key:get" | "manage:key:attest" | "manage:key:listRoles" | "manage:key:list" | "manage:key:history:tx:list" | "manage:key:create" | "manage:key:import" | "manage:key:update:*" | "manage:key:update:owner" | "manage:key:update:policy" | "manage:key:update:enabled" | "manage:key:update:region" | "manage:key:update:metadata" | "manage:key:update:properties" | "manage:key:update:editPolicy" | "manage:key:delete" | "manage:policy:*" | "manage:policy:readonly" | "manage:policy:create" | "manage:policy:get" | "manage:policy:list" | "manage:policy:delete" | "manage:policy:update:*" | "manage:policy:update:owner" | "manage:policy:update:name" | "manage:policy:update:acl" | "manage:policy:update:editPolicy" | "manage:policy:update:metadata" | "manage:policy:update:rule" | "manage:policy:invoke" | "manage:policy:wasm:*" | "manage:policy:wasm:upload" | "manage:policy:secrets:*" | "manage:policy:secrets:get" | "manage:policy:secrets:update:*" | "manage:policy:secrets:update:values" | "manage:policy:secrets:update:acl" | "manage:policy:secrets:update:editPolicy" | "manage:policy:buckets:*" | "manage:policy:buckets:get" | "manage:policy:buckets:list" | "manage:policy:buckets:update:*" | "manage:policy:buckets:update:owner" | "manage:policy:buckets:update:acl" | "manage:policy:buckets:update:metadata" | "manage:contact:*" | "manage:contact:readonly" | "manage:contact:create" | "manage:contact:get" | "manage:contact:list" | "manage:contact:delete" | "manage:contact:update:*" | "manage:contact:update:name" | "manage:contact:update:addresses" | "manage:contact:update:owner" | "manage:contact:update:labels" | "manage:contact:update:metadata" | "manage:contact:update:editPolicy" | "manage:contact:lookup:*" | "manage:contact:lookup:address" | "manage:policy:createImportKey" | "manage:role:*" | "manage:role:readonly" | "manage:role:create" | "manage:role:delete" | "manage:role:get:*" | "manage:role:attest" | "manage:role:get:keys" | "manage:role:get:keys:list" | "manage:role:get:keys:get" | "manage:role:get:users" | "manage:role:list" | "manage:role:update:*" | "manage:role:update:enabled" | "manage:role:update:policy" | "manage:role:update:editPolicy" | "manage:role:update:actions" | "manage:role:update:key:*" | "manage:role:update:key:add" | "manage:role:update:key:remove" | "manage:role:update:user:*" | "manage:role:update:user:add" | "manage:role:update:user:remove" | "manage:role:history:tx:list" | "manage:identity:*" | "manage:identity:readonly" | "manage:identity:verify" | "manage:identity:add" | "manage:identity:remove" | "manage:identity:list" | "manage:org:*" | "manage:org:create" | "manage:org:metrics:query" | "manage:org:audit:query" | "manage:org:readonly" | "manage:org:addUser" | "manage:org:inviteUser" | "manage:org:inviteAlien" | "manage:org:invitation:list" | "manage:org:invitation:cancel" | "manage:org:updateMembership:*" | "manage:org:updateMembership:owner" | "manage:org:updateMembership:member" | "manage:org:updateMembership:alien" | "manage:org:listUsers" | "manage:org:user:get" | "manage:org:deleteUser:*" | "manage:org:deleteUser:owner" | "manage:org:deleteUser:member" | "manage:org:deleteUser:alien" | "manage:org:get" | "manage:org:update:*" | "manage:org:update:enabled" | "manage:org:update:policy" | "manage:org:update:signPolicy" | "manage:org:update:export" | "manage:org:update:totpFailureLimit" | "manage:org:update:notificationEndpoints" | "manage:org:update:defaultInviteKind" | "manage:org:update:idpConfiguration" | "manage:org:update:passkeyConfiguration" | "manage:org:update:emailPreferences" | "manage:org:update:historicalData" | "manage:org:update:requireScopeCeiling" | "manage:org:update:alienLoginRequirement" | "manage:org:update:memberLoginRequirement" | "manage:org:update:keyExportRequirement" | "manage:org:update:allowedMfaTypes" | "manage:org:update:policyEngineConf" | "manage:org:update:customChains" | "manage:org:update:extProps" | "manage:org:update:editPolicy" | "manage:org:user:resetMfa" | "manage:session:*" | "manage:session:readonly" | "manage:session:get" | "manage:session:list" | "manage:session:create" | "manage:session:extend" | "manage:session:revoke" | "manage:export:*" | "manage:export:readonly" | "manage:export:org:*" | "manage:export:org:get" | "manage:export:user:*" | "manage:export:user:delete" | "manage:export:user:list" | "manage:authMigration:*" | "manage:authMigration:identity:add" | "manage:authMigration:identity:remove" | "manage:authMigration:user:update" | "manage:mmi:*" | "manage:mmi:readonly" | "manage:mmi:get" | "manage:mmi:list" | "manage:mmi:reject" | "manage:mmi:delete" | "export:*" | "export:user:*" | "export:user:init" | "export:user:complete" | "mmi:*" | "orgAccess:*" | "orgAccess:child:*" | "rpc:*" | "rpc:createTransaction:*" | "rpc:createTransaction:evm" | "rpc:retryTransaction" | "rpc:getTransaction" | "rpc:listTransactions" | "rpc:binance";
         /**
          * @description This type specifies the interpretation of the `fee` field in Babylon
          * staking requests. If `sats`, the field is intpreted as a fixed value
@@ -4727,9 +5096,7 @@ export interface components {
             key_type: string;
         };
         /** @description The top-level JSON-RPC request type. */
-        JsonRpcRequest: {
-            method: "JsonRpcRequest";
-        } & Omit<components["schemas"]["RpcMethod"], "method"> & {
+        JsonRpcRequest: components["schemas"]["RpcMethod"] & {
             /** @description Request ID */
             id?: string;
             /** @description JSON-RPC version. */
@@ -4746,7 +5113,7 @@ export interface components {
             result?: Record<string, unknown> | null;
         };
         /** @description Valid `result` from the JSON-RPC API. */
-        JsonRpcResult: components["schemas"]["TransactionInfo"] | components["schemas"]["ListTransactionsPaginatedResponse"];
+        JsonRpcResult: components["schemas"]["TransactionInfo"] | components["schemas"]["ListTransactionsPaginatedResponse"] | components["schemas"]["SubAccountTransferResponse"] | components["schemas"]["UniversalTransferResponse"] | components["schemas"]["SubAccountAssetsResponse"] | components["schemas"]["AccountInfoResponse"] | components["schemas"]["SubAccountTransferHistoryResponse"] | components["schemas"]["UniversalTransferHistoryResponse"] | components["schemas"]["WithdrawResponse"] | components["schemas"]["WithdrawHistoryResponse"] | components["schemas"]["DepositResponse"];
         JwkSetResponse: {
             /** @description The keys included in this set */
             keys: Record<string, never>[];
@@ -4848,6 +5215,7 @@ export interface components {
              * ]
              */
             policy: unknown[];
+            properties?: components["schemas"]["KeyPropertiesPatch"] | null;
             /** @description The key provenance. */
             provenance?: string | null;
             /**
@@ -4875,8 +5243,21 @@ export interface components {
         KeyInfos: {
             keys: components["schemas"]["KeyInfo"][];
         };
+        /**
+         * @description Client-side wire payload for [`KeyProperties`]. Used in both directions:
+         *
+         * - **On write**: a *patch*, i.e., for each field, missing means "leave alone",
+         * `null` means "clear", and a value means "set". Secret fields arrive in the
+         * clear and are encrypted server-side before persisting.
+         * - **On read**: each field is omitted when the stored property is unset; secret
+         * fields are emitted with the redacted marker (e.g. "[REDACTED]").
+         */
+        KeyPropertiesPatch: components["schemas"]["BinanceApiPropertiesPatch"] & {
+            /** @enum {string} */
+            kind: "BinanceApi";
+        };
         /** @enum {string} */
-        KeyType: "SecpEthAddr" | "SecpBtc" | "SecpBtcTest" | "SecpBtcLegacy" | "SecpBtcLegacyTest" | "SecpAvaAddr" | "SecpAvaTestAddr" | "BlsPub" | "BlsInactive" | "BlsAvaIcm" | "Ed25519SolanaAddr" | "Ed25519SuiAddr" | "Ed25519AptosAddr" | "Ed25519CardanoAddrVk" | "Ed25519StellarAddr" | "Ed25519SubstrateAddr" | "Ed25519CantonAddr" | "Mnemonic" | "Stark" | "BabylonEots" | "BabylonCov" | "TaprootBtc" | "TaprootBtcTest" | "SecpCosmosAddr" | "P256CosmosAddr" | "P256OntologyAddr" | "P256Neo3Addr" | "Ed25519TendermintAddr" | "SecpTronAddr" | "Ed25519TonAddr" | "SecpDogeAddr" | "SecpDogeTestAddr" | "SecpKaspaAddr" | "SecpKaspaTestAddr" | "SchnorrKaspaAddr" | "SchnorrKaspaTestAddr" | "SecpLtc" | "SecpLtcTest" | "SecpXrpAddr" | "Ed25519XrpAddr" | "BabyJubjub";
+        KeyType: "SecpEthAddr" | "SecpBtc" | "SecpBtcTest" | "SecpBtcLegacy" | "SecpBtcLegacyTest" | "SecpAvaAddr" | "SecpAvaTestAddr" | "BlsPub" | "BlsInactive" | "BlsAvaIcm" | "Ed25519SolanaAddr" | "Ed25519SuiAddr" | "Ed25519AptosAddr" | "Ed25519CardanoAddrVk" | "Ed25519StellarAddr" | "Ed25519SubstrateAddr" | "Ed25519CantonAddr" | "Ed25519BinanceApi" | "Mnemonic" | "Stark" | "BabylonEots" | "BabylonCov" | "TaprootBtc" | "TaprootBtcTest" | "SecpCosmosAddr" | "P256CosmosAddr" | "P256OntologyAddr" | "P256Neo3Addr" | "Ed25519TendermintAddr" | "SecpTronAddr" | "Ed25519TonAddr" | "SecpDogeAddr" | "SecpDogeTestAddr" | "SecpKaspaAddr" | "SecpKaspaTestAddr" | "SchnorrKaspaAddr" | "SchnorrKaspaTestAddr" | "SecpLtc" | "SecpLtcTest" | "SecpXrpAddr" | "Ed25519XrpAddr" | "BabyJubjub";
         KeyTypeAndDerivationPath: {
             /**
              * @description List of derivation paths for which to derive.
@@ -4947,7 +5328,7 @@ export interface components {
              */
             owner?: string | null;
         };
-        /** @description The response to [`cs_listTransactions`](super::request::RpcMethod::ListTransactions) */
+        /** @description The response to [`cs_listTransactions`](super::request::CsRpc::ListTransactions) */
         ListTransactionsResponse: {
             /** @description A list of transaction infos. */
             transactions: components["schemas"]["TransactionInfo"][];
@@ -5033,6 +5414,17 @@ export interface components {
             request: components["schemas"]["HttpRequest"];
             status: components["schemas"]["Status"];
         };
+        MfaRequiredArgs: {
+            /** @description Always set to first MFA id from `Self::ids` */
+            id: string;
+            /** @description Non-empty MFA request IDs */
+            ids: string[];
+            /** @description Organization id */
+            org_id: string;
+            /** @description Optional policy evaluation tree (included in signer responses, when requested) */
+            policy_eval_tree?: unknown;
+            session?: components["schemas"]["NewSessionResponse"] | null;
+        };
         /** @description Org-wide MFA requirements. */
         MfaRequirements: {
             alien_login_requirement?: components["schemas"]["SecondFactorRequirement"];
@@ -5072,7 +5464,7 @@ export interface components {
             verified_email?: string | null;
         };
         MigrateUpdateUsersRequest: components["schemas"]["MigrateUpdateUserItem"][];
-        MmiMetadata: (components["schemas"]["MmiMetadataExt"] | null) & {
+        MmiMetadata: {
             /** @description Chain ID (not required when signing a personal message (EIP-191)) */
             chainId?: string | null;
             /** @description If the custodian should publish the transaction */
@@ -5086,40 +5478,6 @@ export interface components {
             /** @description The category of transaction, as best can be determined by the wallet */
             transactionCategory?: string | null;
         };
-        MmiMetadataExt: {
-            /**
-             * @description All accounts the user can access.
-             * Only set when requested explicitly, i.e., via 'customer_listAccountsSigned'.
-             */
-            accounts?: {
-                /**
-                 * @description An Ethereum address, hex-encoded, with leading '0x'
-                 * @example 0x0123456789012345678901234567890123456789
-                 */
-                address: string;
-                /** @description Account metadata */
-                metadata?: unknown;
-                /** @description Account name */
-                name: string;
-                /** @description Ordered list of name-value pairs */
-                tags?: {
-                    /** @description Tag name */
-                    name: string;
-                    /** @description Tag value */
-                    value: string;
-                }[];
-            }[] | null;
-            /** @description The customer ID of the user, i.e., the customer's organization ID. */
-            customerId: string | null;
-            /** @description A human readable name of the corresponding organization, if any. */
-            customerName: string | null;
-        } & {
-            /**
-             * @description This must match the `sub` claim of the customer proof of
-             * the user or role session which created the transaction.
-             */
-            userId: string | null;
-        };
         MmiRejectRequest: {
             /** @description Optional reason for rejecting. */
             reason?: string | null;
@@ -5292,7 +5650,7 @@ export interface components {
          * @description All different kinds of sensitive operations
          * @enum {string}
          */
-        OperationKind: "AvaSign" | "AvaChainTxSign" | "BabylonCovSign" | "BabylonRegistration" | "BabylonStaking" | "BlobSign" | "BtcMessageSign" | "BtcSign" | "DiffieHellman" | "PsbtSign" | "TaprootSign" | "Eip191Sign" | "Eip712Sign" | "EotsNonces" | "EotsSign" | "Eth1Sign" | "Eth2Sign" | "Eth2Stake" | "Eth2Unstake" | "SolanaSign" | "SuiSign" | "TendermintSign" | "RoleUpdate";
+        OperationKind: "AvaSign" | "AvaChainTxSign" | "BabylonCovSign" | "BabylonRegistration" | "BabylonStaking" | "BinanceSign" | "BlobSign" | "BtcMessageSign" | "BtcSign" | "DiffieHellman" | "PsbtSign" | "TaprootSign" | "Eip191Sign" | "Eip712Sign" | "EotsNonces" | "EotsSign" | "Eth1Sign" | "Eth2Sign" | "Eth2Stake" | "Eth2Unstake" | "SolanaSign" | "SuiSign" | "TendermintSign" | "RoleUpdate";
         OrgAlertsPrefs: {
             /** @description Recipient users for org-level alerts */
             alert_recipients?: components["schemas"]["Id"][] | null;
@@ -6278,6 +6636,8 @@ export interface components {
         ]>;
         /** @description A request to sign a PSBT */
         PsbtSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -6809,6 +7169,11 @@ export interface components {
         RestrictedActionsMap: {
             [key: string]: components["schemas"]["MemberRole"][];
         };
+        /** @description Parameters for the [`cs_retryTransaction`](RpcMethod::RetryTransaction) method. */
+        RetryTransactionRequest: components["schemas"]["EvmTxCustomization"] & {
+            /** @description The transaction id. */
+            id: string;
+        };
         /**
          * @description List of role actions that can be restricted to a set of member roles
          * @enum {string}
@@ -6881,20 +7246,14 @@ export interface components {
             /** @description A JSON Web Token whose claims contain the `RoleInfo` structure. */
             jwt: string;
         };
-        /** @description The RPC API method and matching parameters. */
-        RpcMethod: {
-            /** @enum {string} */
-            method: "cs_createTransaction";
-            params: components["schemas"]["CreateTransactionRequest"];
-        } | {
-            /** @enum {string} */
-            method: "cs_getTransaction";
-            params: components["schemas"]["GetTransactionRequest"];
-        } | {
-            /** @enum {string} */
-            method: "cs_listTransactions";
-            params: components["schemas"]["ListTransactionsRequest"];
-        };
+        /**
+         * @description The RPC API method and matching parameters.
+         *
+         * Top-level dispatch. Wire format is preserved by `#[serde(untagged)]`: each
+         * inbound request is matched against one of the internally-tagged inner enums
+         * ([`CsRpc`] for the core methods, [`BinanceRpc`] for the Binance family).
+         */
+        RpcMethod: components["schemas"]["CsRpc"] | components["schemas"]["BinanceRpc"];
         /** @description All scopes for accessing CubeSigner APIs */
         Scope: components["schemas"]["ExplicitScope"] | string;
         /** @description A set of scopes. */
@@ -7035,6 +7394,12 @@ export interface components {
             /** @description All metrics must include 'org_id' as a dimension. */
             org_id: string;
         };
+        SignDryRunArgs: {
+            /** @description Whether MFA is required */
+            mfa_requests: components["schemas"]["MfaRequestInfo"][];
+            /** @description Optional policy evaluation tree, if requested */
+            policy_eval_tree?: unknown;
+        };
         SignResponse: {
             /** @description Optional policy evaluation tree. */
             policy_eval_tree?: unknown;
@@ -7129,6 +7494,8 @@ export interface components {
          * }
          */
         SolanaSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -7158,6 +7525,8 @@ export interface components {
             source_ip: string;
         };
         StakeRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -7237,6 +7606,164 @@ export interface components {
             num_auth_factors: number;
             request_comparer?: components["schemas"]["HttpRequestCmp"];
         };
+        /**
+         * @description A single asset balance entry returned by [`SubAccountAssetsResponse`].
+         *
+         * All balance fields are decimal strings (Binance preserves precision by not
+         * converting to floats).
+         */
+        SubAccountAsset: {
+            /** @description Asset symbol (e.g. `"USDT"`, `"BTC"`). */
+            asset: string;
+            /** @description Available balance. */
+            free: string;
+            /** @description Balance frozen by Binance (e.g. due to compliance holds). */
+            freeze: string;
+            /** @description Balance locked in open orders. */
+            locked: string;
+            /** @description Balance currently being withdrawn. */
+            withdrawing: string;
+        };
+        /**
+         * @description Parameters for `GET /sapi/v4/sub-account/assets`.
+         *
+         * Queries the spot-wallet balances of a single sub-account. Must be called by
+         * a master-account credential.
+         */
+        SubAccountAssetsRequest: {
+            /** @description Email address of the sub-account whose balances to fetch. */
+            email: string;
+        };
+        /** @description Response returned by `cs_binanceSubAccountAssets`. */
+        SubAccountAssetsResponse: {
+            /**
+             * @description One entry per asset held in the sub-account's spot wallet. Binance
+             * omits assets with all-zero balances.
+             */
+            balances: components["schemas"]["SubAccountAsset"][];
+        };
+        /** @description One transfer entry in [`SubAccountTransferHistoryResponse`]. */
+        SubAccountTransferHistoryEntry: {
+            /** @description Asset symbol (e.g. `"USDT"`). */
+            asset: string;
+            /** @description Email of the counterparty account on the other side of the transfer. */
+            counterParty: string;
+            /**
+             * @description Email of the account this entry's API key authenticates as. Binance
+             * returns this on each row even though it is the same for the whole page.
+             */
+            email: string;
+            /**
+             * @description Wallet type debited on the source side (e.g. `"SPOT"`,
+             * `"USDT_FUTURE"`). Left as `String` for forward compatibility.
+             */
+            fromAccountType: string;
+            /** @description Amount transferred, as a decimal string. */
+            qty: string;
+            /**
+             * @description Transfer status: `"PROCESS"`, `"SUCCESS"`, or `"FAILURE"`. Left as
+             * `String` for forward compatibility.
+             */
+            status: string;
+            /**
+             * Format: int64
+             * @description Time of the transfer (ms since epoch).
+             */
+            time: number;
+            /** @description Wallet type credited on the destination side. */
+            toAccountType: string;
+            /**
+             * Format: int64
+             * @description Transfer id. Matches the `txnId` returned by the original
+             * [`SubAccountTransferResponse`].
+             */
+            tranId: number;
+            /**
+             * Format: int32
+             * @description `1` = transfer in, `2` = transfer out.
+             */
+            type: number;
+        };
+        /**
+         * @description Parameters for `GET /sapi/v1/sub-account/transfer/subUserHistory`.
+         *
+         * Lists the transfer history of the calling sub-account. Covers both
+         * sub-to-master and sub-to-sub transfers. All filters are optional; if
+         * `start_time`/`end_time` are omitted, Binance returns the most recent 30
+         * days. If `r#type` is omitted, Binance defaults to `TransferOut` (`2`).
+         */
+        SubAccountTransferHistoryRequest: {
+            /** @description Filter to a specific asset (e.g. `"USDT"`). */
+            asset?: string | null;
+            /**
+             * Format: int64
+             * @description Window end (ms since epoch).
+             */
+            endTime?: number | null;
+            /**
+             * Format: int32
+             * @description Page size (Binance default: 500).
+             */
+            limit?: number | null;
+            /**
+             * @description If `true`, include failed transfers in the response. Binance defaults
+             * to `false`.
+             */
+            returnFailHistory?: boolean | null;
+            /**
+             * Format: int64
+             * @description Window start (ms since epoch).
+             */
+            startTime?: number | null;
+            /**
+             * Format: int32
+             * @description Direction filter (`1` = transfer in, `2` = transfer out).
+             */
+            type?: number | null;
+        };
+        /**
+         * @description Response returned by `cs_binanceSubAccountTransferHistory`.
+         *
+         * Binance returns a top-level JSON array; this newtype preserves that wire
+         * format while giving the response a named type in the OpenAPI schema.
+         */
+        SubAccountTransferHistoryResponse: components["schemas"]["SubAccountTransferHistoryEntry"][];
+        /** @description Response returned by `cs_binanceSubToMaster` and `cs_binanceSubToSub`. */
+        SubAccountTransferResponse: {
+            /** Format: int64 */
+            txnId: number;
+        };
+        /**
+         * @description Parameters for `POST /sapi/v1/sub-account/transfer/subToMaster`.
+         *
+         * Transfers an asset from the caller's sub-account to the master account.
+         */
+        SubToMasterRequest: {
+            /**
+             * @description The amount being transferred, formatted as a decimal string (e.g. `"0.1"`).
+             * Sent verbatim: Binance is strict about decimal formatting.
+             */
+            amount: string;
+            /** @description The asset symbol being transferred (e.g. `"USDT"`, `"BTC"`). */
+            asset: string;
+        };
+        /**
+         * @description Parameters for `POST /sapi/v1/sub-account/transfer/subToSub`.
+         *
+         * Transfers an asset from the caller's sub-account to another sub-account
+         * under the same master account.
+         */
+        SubToSubRequest: {
+            /** @description The amount being transferred, as a decimal string (e.g. `"0.1"`). */
+            amount: string;
+            /** @description The asset symbol being transferred (e.g. `"USDT"`). */
+            asset: string;
+            /**
+             * @description Email address of the destination sub-account. Must be a sub-account of
+             * the same master.
+             */
+            toEmail: string;
+        };
         /**
          * @description The status of a subscription
          * @enum {string}
@@ -7258,6 +7785,8 @@ export interface components {
         SuiChain: "mainnet" | "devnet" | "testnet";
         /** @description Request to sign a serialized SUI transaction */
         SuiSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -7284,6 +7813,8 @@ export interface components {
             tx: string;
         };
         TaprootSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -7356,6 +7887,8 @@ export interface components {
         TelegramEnvironment: "production" | "test";
         /** @description The request for using the Tendermint sign endpoint. */
         TendermintSignRequest: {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -7617,6 +8150,119 @@ export interface components {
         ]>;
         /** @enum {string} */
         UnauthorizedErrorCode: "AuthorizationHeaderMissing" | "EndpointRequiresUserSession" | "RefreshTokenMissing";
+        /** @description One transfer entry in [`UniversalTransferHistoryResponse`]. */
+        UniversalTransferHistoryEntry: {
+            /** @description Amount transferred, as a decimal string. */
+            amount: string;
+            /** @description Asset symbol. */
+            asset: string;
+            /** @description Client-supplied transfer id, if one was set on the original transfer. */
+            clientTranId?: string | null;
+            /**
+             * Format: int64
+             * @description Time of the transfer (ms since epoch).
+             */
+            createTimeStamp: number;
+            /**
+             * @description Wallet type debited on the source side. Left as `String` for forward
+             * compatibility.
+             */
+            fromAccountType: string;
+            /** @description Source sub-account email; absent when the source is the master. */
+            fromEmail?: string | null;
+            /** @description Transfer status (e.g. `"SUCCESS"`). */
+            status: string;
+            /** @description Wallet type credited on the destination side. */
+            toAccountType: string;
+            /** @description Destination sub-account email; absent when the destination is master. */
+            toEmail?: string | null;
+            /**
+             * Format: int64
+             * @description Transfer id. Matches the `tranId` returned by the original
+             * [`UniversalTransferResponse`].
+             */
+            tranId: number;
+        };
+        /**
+         * @description Parameters for `GET /sapi/v1/sub-account/universalTransfer`.
+         *
+         * Lists universal transfers initiated by the master account. All filters
+         * are optional; if `start_time`/`end_time` are omitted, Binance returns the
+         * most recent 30 days. Binance does not support filtering by `tran_id`
+         * directly — use `client_tran_id` if you set one when initiating the
+         * transfer, or page through the result and match the `tranId` client-side.
+         */
+        UniversalTransferHistoryRequest: {
+            /** @description Filter by client-supplied transfer id. */
+            clientTranId?: string | null;
+            /**
+             * Format: int64
+             * @description Window end (ms since epoch).
+             */
+            endTime?: number | null;
+            /** @description Filter to transfers originating from this sub-account email. */
+            fromEmail?: string | null;
+            /**
+             * Format: int32
+             * @description Page size (Binance default: 500, max: 500).
+             */
+            limit?: number | null;
+            /**
+             * Format: int32
+             * @description 1-based page number (Binance default: 1).
+             */
+            page?: number | null;
+            /**
+             * Format: int64
+             * @description Window start (ms since epoch).
+             */
+            startTime?: number | null;
+            /** @description Filter to transfers destined for this sub-account email. */
+            toEmail?: string | null;
+        };
+        /** @description Response returned by `cs_binanceUniversalTransferHistory`. */
+        UniversalTransferHistoryResponse: {
+            /** @description Transfers in the current page. */
+            result: components["schemas"]["UniversalTransferHistoryEntry"][];
+            /**
+             * Format: int64
+             * @description Total number of transfers matching the filters across all pages.
+             */
+            totalCount: number;
+        };
+        /**
+         * @description Parameters for `POST /sapi/v1/sub-account/universalTransfer`.
+         *
+         * Transfers an asset between any two accounts (master to/from sub, or sub
+         * to/from sub) and between any two wallet types (spot, futures, margin, etc).
+         * The signing credential (the API key + Ed25519 key pair) must belong to the
+         * master account.
+         */
+        UniversalTransferRequest: {
+            /** @description The amount being transferred, as a decimal string. */
+            amount: string;
+            /** @description The asset symbol being transferred (e.g. `"USDT"`). */
+            asset: string;
+            /**
+             * @description Optional client-supplied transfer id. If set, Binance echoes it back
+             * on [`UniversalTransferResponse::client_tran_id`] and lets it be used
+             * as a filter on
+             * [`UniversalTransferHistoryRequest::client_tran_id`].
+             */
+            clientTranId?: string | null;
+            fromAccountType?: components["schemas"]["AccountType"];
+            /** @description Source sub-account email. If `None`, the source is the master account. */
+            fromEmail?: string | null;
+            toAccountType?: components["schemas"]["AccountType"];
+            /** @description Destination sub-account email. If `None`, the destination is the master account. */
+            toEmail?: string | null;
+        };
+        /** @description Response returned by `cs_binanceUniversalTransfer`. */
+        UniversalTransferResponse: {
+            clientTranId?: string | null;
+            /** Format: int64 */
+            tranId: number;
+        };
         /** @description Options that should be set only for local devnet testing. */
         UnsafeConf: {
             /**
@@ -7645,6 +8291,8 @@ export interface components {
              */
             validator_index: string;
         } & {
+            /** @description Do not produce a valid signature, just evaluate attached policies. */
+            dry_run?: boolean;
             /**
              * @description Request additional information to be included in the response, explaining
              * the outcome (i.e., permitted vs. denied vs. MFA required) of the sign request.
@@ -7719,6 +8367,14 @@ export interface components {
              * Once disabled, a key cannot be used for signing.
              */
             enabled?: boolean | null;
+            /**
+             * @description If set, patch the key's structured [`KeyProperties`]. The patch's variant must
+             * match the key's [`KeyType`] (e.g. `BinanceApi` properties are only allowed on
+             * `Ed25519BinanceApi` keys). Each field in the patch is independent: missing
+             * means leave alone, JSON `null` clears, a value sets. Sending JSON `null` for
+             * the whole field clears all properties on the key.
+             */
+            properties?: unknown;
             /**
              * @description If set, change the key's region affinity to this value.
              *
@@ -8377,6 +9033,179 @@ export interface components {
         WhereAndWhen: components["schemas"]["SourceIp"] & {
             time: components["schemas"]["EpochDateTime"];
         };
+        /** @description One withdrawal entry in [`WithdrawHistoryResponse`]. */
+        WithdrawHistoryEntry: {
+            /** @description Destination address. */
+            address: string;
+            /** @description Withdrawal amount, as a decimal string. */
+            amount: string;
+            /**
+             * @description Time the withdrawal was requested (Binance returns a UTC string,
+             * e.g. `"2019-09-24 12:43:45"`).
+             */
+            applyTime: string;
+            /** @description Asset symbol (e.g. `"USDT"`, `"BTC"`). */
+            coin: string;
+            /**
+             * @description Time the withdrawal completed (UTC string), present once
+             * `status == 6`.
+             */
+            completeTime?: string | null;
+            /**
+             * Format: int32
+             * @description Number of on-chain confirmations.
+             */
+            confirmNo?: number | null;
+            /**
+             * @description Binance-assigned withdrawal id. Matches the `id` returned by
+             * [`WithdrawResponse`].
+             */
+            id: string;
+            /** @description Failure reason when the withdrawal was rejected. */
+            info?: string | null;
+            /** @description Blockchain network identifier (e.g. `"BSC"`, `"ETH"`). */
+            network?: string | null;
+            /**
+             * Format: int32
+             * @description Withdrawal status. Binance values: `0` = Email Sent,
+             * `2` = Awaiting Approval, `3` = Rejected, `4` = Processing,
+             * `6` = Completed. Left as `u8` for forward compatibility.
+             */
+            status: number;
+            /** @description Network fee charged for the withdrawal, as a decimal string. */
+            transactionFee: string;
+            /**
+             * Format: int32
+             * @description `0` = external transfer, `1` = internal (Binance↔Binance) transfer.
+             */
+            transferType: number;
+            /**
+             * @description On-chain transaction hash, once Binance has broadcast the withdrawal.
+             * May be empty until then.
+             */
+            txId?: string | null;
+            /**
+             * Format: int32
+             * @description Source wallet: `0` = spot wallet, `1` = funding wallet.
+             */
+            walletType: number;
+            /**
+             * @description Client-supplied withdrawal id, if one was set on the original
+             * withdrawal call.
+             */
+            withdrawOrderId?: string | null;
+        };
+        /**
+         * @description Parameters for `GET /sapi/v1/capital/withdraw/history`.
+         *
+         * Returns the master account's withdrawal history. All filters are
+         * optional; if `start_time`/`end_time` are omitted, Binance returns the
+         * most recent 90 days. Use `id_list` to look up specific withdrawals by
+         * the `id` returned from [`BinanceRpc::Withdraw`], or `withdraw_order_id`
+         * to look one up by its client-supplied id.
+         */
+        WithdrawHistoryRequest: {
+            /** @description Filter to a specific asset (e.g. `"USDT"`). */
+            coin?: string | null;
+            /**
+             * Format: int64
+             * @description Window end (ms since epoch).
+             */
+            endTime?: number | null;
+            /**
+             * @description Comma-separated list of Binance-assigned withdrawal ids (the `id`
+             * field of [`WithdrawResponse`]). Up to 45 ids per query, per Binance.
+             */
+            idList?: string | null;
+            /**
+             * Format: int32
+             * @description Page size (Binance default and max: 1000).
+             */
+            limit?: number | null;
+            /**
+             * Format: int32
+             * @description Pagination offset.
+             */
+            offset?: number | null;
+            /**
+             * Format: int64
+             * @description Window start (ms since epoch).
+             */
+            startTime?: number | null;
+            /**
+             * Format: int32
+             * @description Filter by withdrawal status. Binance values:
+             * `0` = Email Sent, `2` = Awaiting Approval, `3` = Rejected,
+             * `4` = Processing, `6` = Completed. Left as `u8` for forward
+             * compatibility.
+             */
+            status?: number | null;
+            /**
+             * @description Filter by the client-supplied withdrawal id originally passed to
+             * [`WithdrawRequest::withdraw_order_id`].
+             */
+            withdrawOrderId?: string | null;
+        };
+        /**
+         * @description Response returned by `cs_binanceWithdrawHistory`.
+         *
+         * Binance returns a top-level JSON array; this newtype preserves that wire
+         * format while giving the response a named type in the OpenAPI schema.
+         */
+        WithdrawHistoryResponse: components["schemas"]["WithdrawHistoryEntry"][];
+        /**
+         * @description Parameters for `POST /sapi/v1/capital/withdraw/apply`.
+         *
+         * Submits a withdrawal of `amount` of `coin` to the given external `address`.
+         * The signing key's account must have withdrawal permissions enabled.
+         */
+        WithdrawRequest: {
+            /** @description Destination address. */
+            address: string;
+            /**
+             * @description Secondary address identifier required by some assets (e.g. memo for
+             * XRP, tag for XLM).
+             */
+            addressTag?: string | null;
+            /**
+             * @description The amount being withdrawn, formatted as a decimal string (e.g. `"0.1"`).
+             * Sent verbatim: Binance is strict about decimal formatting.
+             */
+            amount: string;
+            /** @description The asset symbol being withdrawn (e.g. `"USDT"`, `"BTC"`). */
+            coin: string;
+            /** @description Optional human-readable description for the withdrawal. */
+            name?: string | null;
+            /**
+             * @description Network identifier (e.g. `"BSC"`, `"ETH"`). If omitted, Binance picks
+             * the default network for the asset.
+             */
+            network?: string | null;
+            /**
+             * @description If `true`, the withdrawal fee is deducted from the destination amount;
+             * if `false` (Binance default), it is deducted from the account balance
+             * in addition to `amount`.
+             */
+            transactionFeeFlag?: boolean | null;
+            /**
+             * Format: int32
+             * @description Source wallet: `0` = spot wallet (default), `1` = funding wallet.
+             */
+            walletType?: number | null;
+            /**
+             * @description Client-supplied withdrawal id, returned by Binance as `withdrawOrderId`
+             * in subsequent withdrawal-history queries.
+             */
+            withdrawOrderId?: string | null;
+        };
+        /** @description Response returned by `cs_binanceWithdraw`. */
+        WithdrawResponse: {
+            /**
+             * @description Binance-assigned withdrawal id. Used to look the request up later via
+             * the withdrawal-history endpoint.
+             */
+            id: string;
+        };
     };
     responses: {
         AddThirdPartyUserResponse: {
@@ -8502,6 +9331,21 @@ export interface components {
                 };
             };
         };
+        /** @description Response returned by the typed `binance_sign` endpoint. */
+        BinanceSignResponse: {
+            content: {
+                "application/json": {
+                    /** @description Optional policy evaluation tree. */
+                    policy_eval_tree?: unknown;
+                } & {
+                    /**
+                     * @description The full signed query string, ready to be submitted to Binance.
+                     * Encoded as `<urlencoded params>&recvWindow=<ms>&timestamp=<ms>&signature=<urlencoded base64 sig>`.
+                     */
+                    signed_query: string;
+                };
+            };
+        };
         /** @description BTC message signing response */
         BtcMessageSignResponse: {
             content: {
@@ -8958,6 +9802,7 @@ export interface components {
                      * ]
                      */
                     policy: unknown[];
+                    properties?: components["schemas"]["KeyPropertiesPatch"] | null;
                     /** @description The key provenance. */
                     provenance?: string | null;
                     /**
@@ -15567,6 +16412,11 @@ export interface operations {
                 user_id: string;
             };
         };
+        requestBody: {
+            content: {
+                "application/json": components["schemas"]["Empty"];
+            };
+        };
         responses: {
             200: components["responses"]["EmptyImpl"];
             default: {
@@ -15810,6 +16660,47 @@ export interface operations {
             };
         };
     };
+    /**
+     * Sign Binance RPC Request
+     * @description Sign Binance RPC Request
+     *
+     * Signs a typed [`BinanceRpc`] request with the [`KeyType::Ed25519BinanceApi`]
+     * key identified by `material_id`. The signer URL-encodes the inner request,
+     * appends Binance's `recvWindow` and `timestamp` parameters, signs the
+     * resulting query, and returns the full query string ready to be submitted
+     * to Binance.
+     */
+    binanceSign: {
+        parameters: {
+            path: {
+                /**
+                 * @description Name or ID of the desired Org
+                 * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+                 */
+                org_id: string;
+                /** @description Material id of the Ed25519BinanceApi key */
+                material_id: string;
+            };
+        };
+        requestBody: {
+            content: {
+                "application/json": components["schemas"]["BinanceRpc"];
+            };
+        };
+        responses: {
+            200: components["responses"]["BinanceSignResponse"];
+            202: {
+                content: {
+                    "application/json": components["schemas"]["AcceptedResponse"];
+                };
+            };
+            default: {
+                content: {
+                    "application/json": components["schemas"]["ErrorResponse"];
+                };
+            };
+        };
+    };
     /**
      * Sign Raw Blob
      * @description Sign Raw Blob