@cubist-labs/cubesigner-sdk 0.4.254 → 0.4.260

package/dist/src/schema.d.ts

@@ -880,6 +880,12 @@ export interface paths {
          * but extends the output with an `id_token`.
          *
          * This `id_token` can then be used with any CubeSigner endpoint that requires an OIDC token.
+         * Callers must request *at least* scopes `tweet.read` and `users.read` during auth with twitter.
+         *
+         * By default, the id token does not contain a confirmed email;
+         * callers can request this field be populated by requesting the `users.email` scope
+         * and adding `fetch_email` as a URL parameter to this route.
+         *
          *
          * > [!IMPORTANT]
          * > This endpoint will fail unless the org is configured to allow the issuer `https://shim.oauth2.cubist.dev/twitter` and client ID being used for Twitter.
@@ -943,6 +949,33 @@ export interface paths {
          */
         patch: operations["siweComplete"];
     };
+    "/v0/org/{org_id}/oidc/siws": {
+        /**
+         * Initiate login via Sign-in With Solana (SIWS).
+         * @description Initiate login via Sign-in With Solana (SIWS).
+         *
+         * This endpoint generates a challenge which can be answered (via the corresponding PATCH endpoint)
+         * to obtain an OIDC token. The OIDC token can then be exchanged for a user session via the standard
+         * OIDC auth route.
+         *
+         * > [!IMPORTANT]
+         * > For this endpoint to succeed, the org must be configured to:
+         * > Allow the issuer `https://shim.oauth2.cubist.dev/siws` with the Org ID as the client ID
+         */
+        post: operations["siwsInit"];
+        /**
+         * Complete login via Sign-in With Solana (SIWS)
+         * @description Complete login via Sign-in With Solana (SIWS)
+         *
+         * If the challenge (issued by the corresponding POST endpoint) is answered correctly, this endpoint
+         * generates an OIDC token that can then be exchanged for a user session via the standard OIDC auth route.
+         *
+         * > [!IMPORTANT]
+         * > For this endpoint to succeed, the org must be configured to:
+         * > Allow the issuer `https://shim.oauth2.cubist.dev/siws` with the Org ID as the client ID
+         */
+        patch: operations["siwsComplete"];
+    };
     "/v0/org/{org_id}/oidc/telegram": {
         /**
          * Allows a user to authenticate with the telegram API using the tgWebAppData value
@@ -1306,6 +1339,13 @@ export interface paths {
          *
          * If a `role` query parameter is provided, **ALL** session for **THAT ROLE** are revoked
          * (if the current user has permissions to revoke sessions for the role).
+         *
+         * If a `role_created_by` query parameter is provided, **ROLE** sessions created by **THAT USER**
+         * are revoked (gated by the same permissions as revoking that user's own sessions: the current
+         * user must be that user or an org owner). User sessions are not affected. Unless the current
+         * user is an org owner, only sessions for roles the current user is **still a member of** are
+         * revoked (so a user cannot revoke sessions for a role they have since been removed from); org
+         * owners revoke across all roles.
          */
         delete: operations["revokeSessions"];
     };
@@ -1753,6 +1793,9 @@ export interface components {
             {
                 BinanceDryRun: components["schemas"]["BinanceDryRunArgs"];
             },
+            {
+                BybitDryRun: components["schemas"]["BybitDryRunArgs"];
+            },
             {
                 CoinbaseDryRun: components["schemas"]["CoinbaseDryRunArgs"];
             },
@@ -1761,7 +1804,7 @@ export interface components {
             }
         ]>;
         /** @enum {string} */
-        AcceptedValueCode: "SignDryRun" | "BinanceDryRun" | "CoinbaseDryRun" | "MfaRequired";
+        AcceptedValueCode: "SignDryRun" | "BinanceDryRun" | "BybitDryRun" | "CoinbaseDryRun" | "MfaRequired";
         /**
          * @description Determines who controls the keys within an org
          * @enum {string}
@@ -2774,7 +2817,7 @@ export interface components {
         /** @enum {string} */
         BadGatewayErrorCode: "Generic" | "CustomChainRpcError" | "EsploraApiError" | "SentryApiError" | "CallWebhookError" | "OAuthProviderError" | "OidcDisoveryFailed" | "OidcIssuerJwkEndpointUnavailable" | "SmtpServerUnavailable";
         /** @enum {string} */
-        BadRequestErrorCode: "GenericBadRequest" | "DisallowedAllowRuleReference" | "InvalidPaginationToken" | "InvalidEmail" | "InvalidEmailTemplate" | "QueryMetricsError" | "InvalidTelegramData" | "ValidationError" | "WebhookPolicyTimeoutOutOfBounds" | "WebhookPolicyDisallowedUrlScheme" | "WebhookPolicyDisallowedUrlHost" | "WebhookPolicyDisallowedHeaders" | "ReservedName" | "UserEmailNotConfigured" | "EmailPasswordNotFound" | "PasswordAuthNotAllowedByInvitation" | "OneTimeCodeExpired" | "InvalidBody" | "InvalidJwt" | "InvitationNoLongerValid" | "TokenRequestError" | "InvalidMfaReceipt" | "InvalidMfaPolicyCount" | "InvalidMfaPolicyNumAuthFactors" | "InvalidMfaPolicyNumAllowedApprovers" | "InvalidMfaPolicyGracePeriodTooLong" | "InvalidBabylonStakingPolicyParams" | "InvalidSuiTxReceiversEmptyAllowlist" | "InvalidBtcTxReceiversEmptyAllowlist" | "InvalidRequireRoleSessionAllowlist" | "InvalidCreateKeyCount" | "InvalidDiffieHellmanCount" | "OrgInviteExistingUser" | "OrgUserAlreadyExists" | "OrgNameTaken" | "KwkNotFoundInRegion" | "OrgIsNotOrgExport" | "RoleNameTaken" | "PolicyNameTaken" | "NameTaken" | "ContactNameInvalid" | "ContactAddressesInvalid" | "ContactLabelInvalid" | "ContactModified" | "PolicyNotFound" | "PolicyVersionNotFound" | "PolicyRuleDisallowedByType" | "PolicyTypeDisallowed" | "PolicyDuplicateError" | "PolicyStillAttached" | "PolicyModified" | "PolicyNotAttached" | "AddKeyToRoleCountTooHigh" | "InvalidKeyId" | "InvalidTimeLockAlreadyInThePast" | "InvalidRestrictedScopes" | "InvalidUpdate" | "InvalidMetadataLength" | "InvalidLength" | "InvalidKeyMaterialId" | "KeyNotFound" | "SiweChallengeNotFound" | "SiweInvalidRequest" | "UserExportDerivedKey" | "UserExportPublicKeyInvalid" | "NistP256PublicKeyInvalid" | "UnableToAccessSmtpRelay" | "UserExportInProgress" | "RoleNotFound" | "InvalidRoleNameOrId" | "InvalidMfaReceiptOrgIdMissing" | "InvalidMfaReceiptInvalidOrgId" | "MfaRequestNotFound" | "InvalidKeyType" | "InvalidPropertiesForKeyType" | "MismatchedKeyPropertiesPatch" | "MissingBinanceApiKey" | "MissingCoinbaseApiKey" | "BinanceKeyMasterMismatch" | "InvalidKeyMaterial" | "InvalidHexValue" | "InvalidBase32Value" | "InvalidBase58Value" | "InvalidBase64Value" | "InvalidSs58Value" | "InvalidForkVersionLength" | "InvalidEthAddress" | "InvalidStellarAddress" | "InvalidOrgNameOrId" | "InvalidUpdateOrgRequestDisallowedMfaType" | "InvalidUpdateOrgRequestEmptyAllowedMfaTypes" | "EmailOtpDelayTooShortForRegisterMfa" | "InvalidStakeDeposit" | "InvalidBlobSignRequest" | "InvalidDiffieHellmanRequest" | "InvalidSolanaSignRequest" | "InvalidEip712SignRequest" | "OnlySpecifyOne" | "NoOidcDataInProof" | "InvalidEvmSignRequest" | "InvalidEth2SignRequest" | "InvalidDeriveKeyRequest" | "InvalidStakingAmount" | "CustomStakingAmountNotAllowedForWrapperContract" | "InvalidUnstakeRequest" | "InvalidCreateUserRequest" | "UserAlreadyExists" | "IdpUserAlreadyExists" | "CognitoUserAlreadyOrgMember" | "UserNotFound" | "UserWithEmailNotFound" | "PolicyKeyMismatch" | "EmptyScopes" | "InvalidScopesForRoleSession" | "InvalidLifetime" | "NoSingleKeyForUser" | "InvalidOrgPolicyRule" | "SourceIpAllowlistEmpty" | "LimitWindowTooLong" | "Erc20ContractDisallowed" | "EmptyRuleError" | "OptionalListEmpty" | "MultipleExclusiveFieldsProvided" | "DuplicateFieldEntry" | "InvalidRange" | "InvalidOrgPolicyRepeatedRule" | "InvalidSuiTransaction" | "SuiSenderMismatch" | "AvaSignHashError" | "AvaSignError" | "BtcSegwitHashError" | "BtcTaprootHashError" | "BtcSignError" | "TaprootSignError" | "Eip712SignError" | "InvalidMemberRoleInUserAdd" | "InvalidMemberRoleInRecipientAdd" | "ThirdPartyUserAlreadyExists" | "OidcIdentityAlreadyExists" | "UserAlreadyHasIdentity" | "ThirdPartyUserNotFound" | "DeleteOidcUserError" | "DeleteUserError" | "SessionRoleMismatch" | "InvalidOidcToken" | "InvalidOidcIdentity" | "OidcIssuerUnsupported" | "OidcIssuerNotAllowed" | "OidcIssuerNoApplicableJwk" | "FidoKeyAlreadyRegistered" | "FidoKeySignCountTooLow" | "FidoVerificationFailed" | "FidoChallengeMfaMismatch" | "UnsupportedLegacyCognitoSession" | "InvalidIdentityProof" | "PaginationDataExpired" | "ExistingKeysViolateExclusiveKeyAccess" | "ExportDelayTooShort" | "ExportWindowTooLong" | "InvalidTotpFailureLimit" | "InvalidEip191SignRequest" | "CannotResendUserInvitation" | "InvalidNotificationEndpointCount" | "CannotDeletePendingSubscription" | "InvalidNotificationUrlProtocol" | "EmptyOneOfOrgEventFilter" | "EmptyAllExceptOrgEventFilter" | "InvalidTapNodeHash" | "InvalidOneTimeCode" | "MessageNotFound" | "MessageAlreadySigned" | "MessageRejected" | "MessageReplaced" | "InvalidMessageType" | "EmptyAddress" | "InvalidEth2SigningPolicySlotRange" | "InvalidEth2SigningPolicyEpochRange" | "InvalidEth2SigningPolicyTimestampRange" | "InvalidEth2SigningPolicyOverlappingRule" | "RpcUrlMissing" | "MmiChainIdMissing" | "EthersInvalidRpcUrl" | "EthersGetTransactionCountError" | "InvalidPassword" | "BabylonStakingFeePlusDustOverflow" | "BabylonStaking" | "BabylonStakingIncorrectKey" | "BabylonStakingSegwitNonDeposit" | "BabylonStakingRegistrationRequiresTaproot" | "PsbtSigning" | "TooManyResets" | "TooManyRequests" | "TooManyFailedLogins" | "BadBtcMessageSignP2shFlag" | "InvalidTendermintRequest" | "PolicyVersionMaxReached" | "PolicyVersionInvalid" | "PolicySecretLimitReached" | "PolicySecretTooLarge" | "InvalidImportKey" | "AlienOwnerInvalid" | "EmptyUpdateRequest" | "InvalidPolicyReference" | "PolicyEngineDisabled" | "InvalidWasmPolicy" | "InvalidPolicy" | "RedundantDerivationPath" | "ImportKeyMissing" | "InvalidAbiMethods" | "BabylonCovSign" | "InvalidPolicyLogsRequest" | "UserProfileMigrationMultipleEntries" | "UserProfileMigrationTooManyItems" | "InputTooShort" | "InvalidTweakLength" | "InvalidCustomChains" | "InvalidRpcRequest";
+        BadRequestErrorCode: "GenericBadRequest" | "DisallowedAllowRuleReference" | "InvalidPaginationToken" | "InvalidEmail" | "InvalidEmailTemplate" | "QueryMetricsError" | "InvalidTelegramData" | "ValidationError" | "WebhookPolicyTimeoutOutOfBounds" | "WebhookPolicyDisallowedUrlScheme" | "WebhookPolicyDisallowedUrlHost" | "WebhookPolicyDisallowedHeaders" | "ReservedName" | "UserEmailNotConfigured" | "EmailPasswordNotFound" | "PasswordAuthNotAllowedByInvitation" | "OneTimeCodeExpired" | "InvalidBody" | "InvalidJwt" | "InvitationNoLongerValid" | "TokenRequestError" | "InvalidMfaReceipt" | "InvalidMfaPolicyCount" | "InvalidMfaPolicyNumAuthFactors" | "InvalidMfaPolicyNumAllowedApprovers" | "InvalidMfaPolicyGracePeriodTooLong" | "InvalidBabylonStakingPolicyParams" | "InvalidSuiTxReceiversEmptyAllowlist" | "InvalidBtcTxReceiversEmptyAllowlist" | "InvalidRequireRoleSessionAllowlist" | "InvalidCreateKeyCount" | "InvalidDiffieHellmanCount" | "OrgInviteExistingUser" | "OrgUserAlreadyExists" | "OrgNameTaken" | "KwkNotFoundInRegion" | "OrgIsNotOrgExport" | "RoleNameTaken" | "PolicyNameTaken" | "NameTaken" | "ContactNameInvalid" | "ContactAddressesInvalid" | "ContactLabelInvalid" | "ContactModified" | "PolicyNotFound" | "PolicyVersionNotFound" | "PolicyRuleDisallowedByType" | "PolicyTypeDisallowed" | "PolicyDuplicateError" | "PolicyStillAttached" | "PolicyModified" | "PolicyNotAttached" | "AddKeyToRoleCountTooHigh" | "InvalidKeyId" | "InvalidTimeLockAlreadyInThePast" | "InvalidRestrictedScopes" | "InvalidUpdate" | "InvalidMetadataLength" | "InvalidLength" | "InvalidKeyMaterialId" | "KeyNotFound" | "SiweChallengeNotFound" | "SiweInvalidRequest" | "SiwsChallengeNotFound" | "SiwsInvalidRequest" | "UserExportDerivedKey" | "UserExportPublicKeyInvalid" | "NistP256PublicKeyInvalid" | "UnableToAccessSmtpRelay" | "UserExportInProgress" | "RoleNotFound" | "InvalidRoleNameOrId" | "InvalidMfaReceiptOrgIdMissing" | "InvalidMfaReceiptInvalidOrgId" | "MfaRequestNotFound" | "InvalidKeyType" | "InvalidPropertiesForKeyType" | "MismatchedKeyPropertiesPatch" | "MissingBinanceApiKey" | "MissingBybitApiKey" | "MissingCoinbaseApiKey" | "BinanceKeyMasterMismatch" | "BybitAccountMismatch" | "InvalidKeyMaterial" | "InvalidHexValue" | "InvalidBase32Value" | "InvalidBase58Value" | "InvalidBase64Value" | "InvalidSs58Value" | "InvalidForkVersionLength" | "InvalidEthAddress" | "InvalidStellarAddress" | "InvalidOrgNameOrId" | "InvalidUpdateOrgRequestDisallowedMfaType" | "InvalidUpdateOrgRequestEmptyAllowedMfaTypes" | "EmailOtpDelayTooShortForRegisterMfa" | "InvalidStakeDeposit" | "InvalidBlobSignRequest" | "InvalidDiffieHellmanRequest" | "InvalidSolanaSignRequest" | "InvalidEip712SignRequest" | "OnlySpecifyOne" | "NoOidcDataInProof" | "InvalidEvmSignRequest" | "InvalidEth2SignRequest" | "InvalidDeriveKeyRequest" | "InvalidStakingAmount" | "CustomStakingAmountNotAllowedForWrapperContract" | "InvalidUnstakeRequest" | "InvalidCreateUserRequest" | "UserAlreadyExists" | "IdpUserAlreadyExists" | "CognitoUserAlreadyOrgMember" | "UserNotFound" | "UserWithEmailNotFound" | "PolicyKeyMismatch" | "EmptyScopes" | "InvalidScopesForRoleSession" | "InvalidLifetime" | "NoSingleKeyForUser" | "InvalidOrgPolicyRule" | "SourceIpAllowlistEmpty" | "LimitWindowTooLong" | "Erc20ContractDisallowed" | "EmptyRuleError" | "PolicyFieldValidationError" | "OptionalListEmpty" | "MultipleExclusiveFieldsProvided" | "DuplicateFieldEntry" | "InvalidRange" | "InvalidOrgPolicyRepeatedRule" | "InvalidSuiTransaction" | "SuiSenderMismatch" | "AvaSignHashError" | "AvaSignError" | "BtcSegwitHashError" | "BtcTaprootHashError" | "BtcSignError" | "TaprootSignError" | "Eip712SignError" | "InvalidMemberRoleInUserAdd" | "InvalidMemberRoleInRecipientAdd" | "ThirdPartyUserAlreadyExists" | "OidcIdentityAlreadyExists" | "UserAlreadyHasIdentity" | "ThirdPartyUserNotFound" | "DeleteOidcUserError" | "DeleteUserError" | "SessionRoleMismatch" | "InvalidOidcToken" | "InvalidOidcIdentity" | "OidcIssuerUnsupported" | "OidcIssuerNotAllowed" | "OidcIssuerNoApplicableJwk" | "FidoKeyAlreadyRegistered" | "FidoKeySignCountTooLow" | "FidoVerificationFailed" | "FidoChallengeMfaMismatch" | "UnsupportedLegacyCognitoSession" | "InvalidIdentityProof" | "PaginationDataExpired" | "ExistingKeysViolateExclusiveKeyAccess" | "ExportDelayTooShort" | "ExportWindowTooLong" | "InvalidTotpFailureLimit" | "InvalidEip191SignRequest" | "CannotResendUserInvitation" | "InvalidNotificationEndpointCount" | "CannotDeletePendingSubscription" | "InvalidNotificationUrlProtocol" | "EmptyOneOfOrgEventFilter" | "EmptyAllExceptOrgEventFilter" | "InvalidTapNodeHash" | "InvalidOneTimeCode" | "MessageNotFound" | "MessageAlreadySigned" | "MessageRejected" | "MessageReplaced" | "InvalidMessageType" | "EmptyAddress" | "InvalidEth2SigningPolicySlotRange" | "InvalidEth2SigningPolicyEpochRange" | "InvalidEth2SigningPolicyTimestampRange" | "InvalidEth2SigningPolicyOverlappingRule" | "RpcUrlMissing" | "MmiChainIdMissing" | "EthersInvalidRpcUrl" | "EthersGetTransactionCountError" | "InvalidPassword" | "BabylonStakingFeePlusDustOverflow" | "BabylonStaking" | "BabylonStakingIncorrectKey" | "BabylonStakingSegwitNonDeposit" | "BabylonStakingRegistrationRequiresTaproot" | "PsbtSigning" | "TooManyResets" | "TooManyRequests" | "TooManyFailedLogins" | "BadBtcMessageSignP2shFlag" | "InvalidTendermintRequest" | "PolicyVersionMaxReached" | "PolicyVersionInvalid" | "PolicySecretLimitReached" | "PolicySecretTooLarge" | "InvalidImportKey" | "AlienOwnerInvalid" | "EmptyUpdateRequest" | "InvalidPolicyReference" | "PolicyEngineDisabled" | "InvalidWasmPolicy" | "CelProgramTooLarge" | "InvalidPolicy" | "RedundantDerivationPath" | "ImportKeyMissing" | "InvalidAbiMethods" | "BabylonCovSign" | "InvalidPolicyLogsRequest" | "UserProfileMigrationMultipleEntries" | "UserProfileMigrationTooManyItems" | "InputTooShort" | "InvalidTweakLength" | "InvalidCustomChains" | "InvalidRpcRequest";
         BillingArgs: {
             billing_org: components["schemas"]["Id"];
             event_type: components["schemas"]["BillingEvent"];
@@ -2791,7 +2834,7 @@ export interface components {
          * @description Billing event types.
          * @enum {string}
          */
-        BillingEvent: "Mmi" | "MmiMessageGet" | "MmiMessageList" | "MmiMessageSign" | "MmiMessageReject" | "MmiMessageDelete" | "AboutMe" | "UserResetEmailInit" | "UserResetEmailComplete" | "UserDeleteTotp" | "UserResetTotpInit" | "UserResetTotpComplete" | "UserVerifyTotp" | "UserRegisterFidoInit" | "UserRegisterFidoComplete" | "UserDeleteFido" | "CreateProofOidc" | "CreateProofCubeSigner" | "VerifyProof" | "AddOidcIdentity" | "RemoveOidcIdentity" | "ListOidcIdentities" | "GetOrg" | "UpdateOrg" | "GetOrgExport" | "CreateOrg" | "ListKeys" | "AttestKey" | "GetKey" | "GetKeyByMaterialId" | "ListKeyRoles" | "UpdateKey" | "ListHistoricalKeyTx" | "Invite" | "CancelInvitation" | "ListInvitations" | "ListUsers" | "GetUser" | "GetUserByEmail" | "GetUserByOidc" | "UpdateMembership" | "ResetMemberMfa" | "CompleteResetMemberMfa" | "CreateRole" | "AttestRole" | "GetRole" | "ListTokenKeys" | "ListRoles" | "GetRoleKey" | "ListRoleKeys" | "ListRoleUsers" | "UpdateRole" | "DeleteRole" | "ConfigureEmail" | "GetEmailConfig" | "DeleteEmailConfig" | "ListHistoricalRoleTx" | "CreatePolicy" | "GetPolicy" | "ListPolicies" | "DeletePolicy" | "UpdatePolicy" | "InvokePolicy" | "GetPolicyLogs" | "UploadWasmPolicy" | "GetPolicySecrets" | "UpdatePolicySecrets" | "SetPolicySecret" | "DeletePolicySecret" | "CreatePolicyImportKey" | "GetPolicyBucket" | "ListPolicyBuckets" | "UpdatePolicyBucket" | "UserExportDelete" | "UserExportList" | "UserExportInit" | "UserExportComplete" | "AddUserToRole" | "RemoveUserFromRole" | "MfaApproveCs" | "MfaRejectCs" | "MfaGet" | "MfaList" | "AddKeysToRole" | "RemoveKeyFromRole" | "CreateToken" | "CreateSession" | "RevokeSession" | "RevokeCurrentSession" | "RevokeSessions" | "ListSessions" | "GetSession" | "SignerSessionRefresh" | "MfaApproveTotp" | "MfaRejectTotp" | "MfaFidoInit" | "MfaApproveFidoComplete" | "MfaRejectFidoComplete" | "MfaEmailInit" | "MfaEmailComplete" | "Cube3signerHeartbeat" | "CreateContact" | "GetContact" | "ListContacts" | "DeleteContact" | "UpdateContact" | "LookupContactsByAddress" | "QueryMetrics" | "QueryAuditLog" | "Counts" | "CreateKey" | "ImportKey" | "CreateKeyImportKey" | "DeriveKey" | "DeleteKey" | "AvaSign" | "AvaSerializedTxSign" | "BabylonRegistration" | "BabylonStaking" | "BabylonCovSign" | "BinanceSign" | "CoinbaseSign" | "BlobSign" | "BtcMessageSign" | "BtcSign" | "DiffieHellmanExchange" | "PsbtSign" | "PsbtLegacyInputSign" | "PsbtSegwitInputSign" | "PsbtTaprootInputSign" | "TaprootSign" | "Eip712Sign" | "Eip191Sign" | "Eth1Sign" | "Eth2Sign" | "SolanaSign" | "SuiSign" | "TendermintSign" | "Stake" | "Unstake" | "PasskeyAuthInit" | "PasskeyAuthComplete" | "OidcAuth" | "Oauth2Twitter" | "OAuth2TokenRefresh" | "EmailOtpAuth" | "SiweInit" | "SiweComplete" | "TelegramAuth" | "CreateOidcUser" | "DeleteOidcUser" | "DeleteUser" | "CreateEotsNonces" | "EotsSign" | "AuthMigrationIdentityAdd" | "AuthMigrationIdentityRemove" | "AuthMigrationUserUpdate" | "KeyCreated" | "KeyImported" | "InvitationAccept" | "IdpAuthenticate" | "IdpPasswordResetRequest" | "IdpPasswordResetConfirm" | "RpcApi" | "RpcCreateTransaction" | "RpcGetTransaction" | "RpcListTransactions" | "RpcRetryTransaction" | "RpcBinance" | "RpcCoinbase" | "CustomChainRpcCall" | "EsploraApiCall" | "SentryApiCall" | "SentryApiCallPublic" | "MmiJwkSet" | "AttestationJwkSet" | "UserOrgs" | "PublicOrgInfo" | "EmailMyOrgs";
+        BillingEvent: "Mmi" | "MmiMessageGet" | "MmiMessageList" | "MmiMessageSign" | "MmiMessageReject" | "MmiMessageDelete" | "AboutMe" | "UserResetEmailInit" | "UserResetEmailComplete" | "UserDeleteTotp" | "UserResetTotpInit" | "UserResetTotpComplete" | "UserVerifyTotp" | "UserRegisterFidoInit" | "UserRegisterFidoComplete" | "UserDeleteFido" | "CreateProofOidc" | "CreateProofCubeSigner" | "VerifyProof" | "AddOidcIdentity" | "RemoveOidcIdentity" | "ListOidcIdentities" | "GetOrg" | "UpdateOrg" | "GetOrgExport" | "CreateOrg" | "ListKeys" | "AttestKey" | "GetKey" | "GetKeyByMaterialId" | "ListKeyRoles" | "UpdateKey" | "ListHistoricalKeyTx" | "Invite" | "CancelInvitation" | "ListInvitations" | "ListUsers" | "GetUser" | "GetUserByEmail" | "GetUserByOidc" | "UpdateMembership" | "ResetMemberMfa" | "CompleteResetMemberMfa" | "CreateRole" | "AttestRole" | "GetRole" | "ListTokenKeys" | "ListRoles" | "GetRoleKey" | "ListRoleKeys" | "ListRoleUsers" | "UpdateRole" | "DeleteRole" | "ConfigureEmail" | "GetEmailConfig" | "DeleteEmailConfig" | "ListHistoricalRoleTx" | "CreatePolicy" | "GetPolicy" | "ListPolicies" | "DeletePolicy" | "UpdatePolicy" | "InvokePolicy" | "GetPolicyLogs" | "UploadWasmPolicy" | "GetPolicySecrets" | "UpdatePolicySecrets" | "SetPolicySecret" | "DeletePolicySecret" | "CreatePolicyImportKey" | "GetPolicyBucket" | "ListPolicyBuckets" | "UpdatePolicyBucket" | "UserExportDelete" | "UserExportList" | "UserExportInit" | "UserExportComplete" | "AddUserToRole" | "RemoveUserFromRole" | "MfaApproveCs" | "MfaRejectCs" | "MfaGet" | "MfaList" | "AddKeysToRole" | "RemoveKeyFromRole" | "CreateToken" | "CreateSession" | "RevokeSession" | "RevokeCurrentSession" | "RevokeSessions" | "ListSessions" | "GetSession" | "SignerSessionRefresh" | "MfaApproveTotp" | "MfaRejectTotp" | "MfaFidoInit" | "MfaApproveFidoComplete" | "MfaRejectFidoComplete" | "MfaEmailInit" | "MfaEmailComplete" | "Cube3signerHeartbeat" | "CreateContact" | "GetContact" | "ListContacts" | "DeleteContact" | "UpdateContact" | "LookupContactsByAddress" | "QueryMetrics" | "QueryAuditLog" | "Counts" | "CreateKey" | "ImportKey" | "CreateKeyImportKey" | "DeriveKey" | "DeleteKey" | "AvaSign" | "AvaSerializedTxSign" | "BabylonRegistration" | "BabylonStaking" | "BabylonCovSign" | "BinanceSign" | "BybitSign" | "CoinbaseSign" | "BlobSign" | "BtcMessageSign" | "BtcSign" | "DiffieHellmanExchange" | "PsbtSign" | "PsbtLegacyInputSign" | "PsbtSegwitInputSign" | "PsbtTaprootInputSign" | "TaprootSign" | "Eip712Sign" | "Eip191Sign" | "Eth1Sign" | "Eth2Sign" | "SolanaSign" | "SuiSign" | "TendermintSign" | "Stake" | "Unstake" | "PasskeyAuthInit" | "PasskeyAuthComplete" | "OidcAuth" | "Oauth2Twitter" | "OAuth2TokenRefresh" | "EmailOtpAuth" | "SiweInit" | "SiweComplete" | "SiwsInit" | "SiwsComplete" | "TelegramAuth" | "CreateOidcUser" | "DeleteOidcUser" | "DeleteUser" | "CreateEotsNonces" | "EotsSign" | "AuthMigrationIdentityAdd" | "AuthMigrationIdentityRemove" | "AuthMigrationUserUpdate" | "KeyCreated" | "KeyImported" | "InvitationAccept" | "IdpAuthenticate" | "IdpPasswordResetRequest" | "IdpPasswordResetConfirm" | "RpcApi" | "RpcCreateTransaction" | "RpcGetTransaction" | "RpcListTransactions" | "RpcRetryTransaction" | "RpcCancelTransaction" | "RpcBinance" | "RpcBybit" | "RpcCoinbase" | "CustomChainRpcCall" | "EsploraApiCall" | "SentryApiCall" | "SentryApiCallPublic" | "MmiJwkSet" | "AttestationJwkSet" | "UserOrgs" | "PublicOrgInfo" | "EmailMyOrgs";
         /** @description Parameters envelope for all Binance RPC methods. */
         BinanceAccountInfoParams: components["schemas"]["AccountInfoRequest"] & {
             dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
@@ -2841,6 +2884,18 @@ export interface components {
             recvWindow?: number | null;
         };
         /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceDepositHistoryParams: components["schemas"]["DepositHistoryRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * Format: float
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to 10000. Must not be greater than 60000.
+             */
+            recvWindow?: number | null;
+        };
+        /** @description Parameters envelope for all Binance RPC methods. */
         BinanceDepositParams: components["schemas"]["DepositRequest"] & {
             dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
             keyId: components["schemas"]["Id"];
@@ -2919,6 +2974,10 @@ export interface components {
             /** @enum {string} */
             method: "cs_binanceDeposit";
             params: components["schemas"]["BinanceDepositParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_binanceDepositHistory";
+            params: components["schemas"]["BinanceDepositHistoryParams"];
         } | {
             /** @enum {string} */
             method: "cs_binanceListSubAccounts";
@@ -3308,9 +3367,488 @@ export interface components {
             metadata?: unknown;
             owner: components["schemas"]["Id"];
         };
+        /**
+         * @description Wire-format patch payload for [`KeyProperties::BybitApi`].
+         *
+         * Every field follows the same per-field PATCH semantics: a missing field
+         * leaves the existing value alone, a JSON `null` clears it, and a value sets it.
+         */
+        BybitApiPropertiesPatch: {
+            /** @description The Bybit-issued API key string. Encrypted server-side before storage. */
+            api_key?: string | null;
+            /** @description Arbitrary label. Useful for storing the corresponding API key label on the Bybit side. */
+            label?: string | null;
+        };
+        /** @description One entry in [`BybitQueryCoinsBalanceResponse::balance`]. */
+        BybitCoinBalance: {
+            /** @description Bonus / promotional balance, as a decimal string. */
+            bonus?: string | null;
+            /** @description Coin symbol, uppercase (e.g. `USDT`, `BTC`). */
+            coin: string;
+            /** @description Portion of `wallet_balance` that can be transferred out. */
+            transferBalance: string;
+            /** @description Total wallet balance for `coin`, as a decimal string. */
+            walletBalance: string;
+        };
+        /** @description One entry in [`BybitQueryDepositAddressResponse::chains`]. */
+        BybitDepositChain: {
+            /** @description Deposit address on this chain. */
+            addressDeposit: string;
+            /** @description Single-deposit cap for this coin on this chain; `"-1"` means no limit. */
+            batchReleaseLimit?: string | null;
+            /** @description Short chain code (e.g. `ETH`, `TRX`). */
+            chain: string;
+            /** @description Human-readable chain name (e.g. `Ethereum (ERC20)`). */
+            chainType?: string | null;
+            /**
+             * @description Token contract address on this chain. Bybit only returns the last 6
+             * characters; empty for native coins.
+             */
+            contractAddress?: string | null;
+            /**
+             * @description Memo / tag required for chains that use one (e.g. XRP, EOS). Empty for
+             * chains that don't.
+             */
+            tagDeposit?: string | null;
+        };
+        BybitDryRunArgs: {
+            /** @description The Bybit API method that would have been used */
+            method: string;
+            /** @description The request body (for POST endpoints) or query string (for GET endpoints). */
+            payload: string;
+            /** @description The Bybit API url that would have been called */
+            url: string;
+        };
+        /**
+         * @description "Dry run" modes for Bybit requests.
+         * @enum {string}
+         */
+        BybitDryRunMode: "NO_SIGN" | "NO_SUBMIT";
+        /**
+         * @description Parameters envelope for all Bybit RPC variants whose payload schema is
+         * derived from a `*Request` struct. (`BybitQueryUserParams` and
+         * `BybitQuerySubMembersParams` have no per-variant payload and are defined
+         * directly below.)
+         */
+        BybitQueryCoinsBalanceParams: components["schemas"]["BybitQueryCoinsBalanceRequest"] & {
+            dryRun?: components["schemas"]["BybitDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * Format: int32
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * Specified in milliseconds. If omitted, defaults to 10000.
+             */
+            recvWindow?: number | null;
+        };
+        /** @description Parameters for `GET /v5/asset/transfer/query-account-coins-balance`. */
+        BybitQueryCoinsBalanceRequest: {
+            /**
+             * @description Wallet type. Common values: `"FUND"`, `"UNIFIED"`, `"CONTRACT"`. Bybit
+             * expects this verbatim; we don't constrain it on our side.
+             */
+            accountType: string;
+            /**
+             * @description Optional list of coin symbols, comma-separated (e.g. `"BTC,USDT"`).
+             * Bybit returns balances for all coins when omitted.
+             */
+            coin?: string | null;
+            /**
+             * @description Optional sub-account UID. When supplied, the master key queries the
+             * named sub-account's balance.
+             */
+            memberId?: string | null;
+            /**
+             * @description Optional flag: `"0"` query without conversion to USD (default),
+             * `"1"` include USD valuation. Bybit accepts this as a string.
+             */
+            withBonus?: string | null;
+        };
+        /** @description Response of `GET /v5/asset/transfer/query-account-coins-balance`. */
+        BybitQueryCoinsBalanceResponse: {
+            /** @description Account type the balances belong to (e.g. `UNIFIED`, `FUND`, `CONTRACT`). */
+            accountType: string;
+            /** @description Per-coin balances. */
+            balance: components["schemas"]["BybitCoinBalance"][];
+            /** @description UID of the (sub-)account whose balance is being reported. */
+            memberId?: string | null;
+        };
+        /**
+         * @description Parameters envelope for all Bybit RPC variants whose payload schema is
+         * derived from a `*Request` struct. (`BybitQueryUserParams` and
+         * `BybitQuerySubMembersParams` have no per-variant payload and are defined
+         * directly below.)
+         */
+        BybitQueryDepositAddressParams: components["schemas"]["BybitQueryDepositAddressRequest"] & {
+            dryRun?: components["schemas"]["BybitDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * Format: int32
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * Specified in milliseconds. If omitted, defaults to 10000.
+             */
+            recvWindow?: number | null;
+        };
+        /** @description Parameters for `GET /v5/asset/deposit/query-address`. */
+        BybitQueryDepositAddressRequest: {
+            /**
+             * @description Optional network identifier (e.g. `"ETH"`, `"TRX"`). When omitted,
+             * Bybit returns the deposit address on every supported chain.
+             */
+            chainType?: string | null;
+            /** @description Coin symbol (e.g. `"BTC"`, `"USDT"`). */
+            coin: string;
+        };
+        /** @description Response of `GET /v5/asset/deposit/query-address`. */
+        BybitQueryDepositAddressResponse: {
+            /** @description One deposit address per supported chain. */
+            chains: components["schemas"]["BybitDepositChain"][];
+            /** @description Coin symbol the deposit addresses are for (e.g. `USDT`). */
+            coin: string;
+        };
+        /**
+         * @description Parameters for [`BybitRpc::QuerySubMembers`].
+         *
+         * Bybit endpoint: `GET /v5/user/query-sub-members`. Takes no inputs beyond
+         * the common envelope.
+         */
+        BybitQuerySubMembersParams: {
+            dryRun?: components["schemas"]["BybitDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * Format: int32
+             * @description Optional receive window in milliseconds. Defaults to 10000.
+             */
+            recvWindow?: number | null;
+        };
+        /** @description Response of `GET /v5/user/query-sub-members`. */
+        BybitQuerySubMembersResponse: {
+            /** @description The sub-accounts under the calling master account. */
+            subMembers: components["schemas"]["BybitSubMember"][];
+        };
+        /**
+         * @description Parameters for [`BybitRpc::QueryUser`].
+         *
+         * Bybit endpoint: `GET /v5/user/query-api`. Takes no inputs beyond the common
+         * `recvWindow` / `timestamp` envelope; defined directly (instead of through
+         * the [`BybitParams`] generic alias) so utoipa emits a non-empty schema.
+         */
+        BybitQueryUserParams: {
+            dryRun?: components["schemas"]["BybitDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * Format: int32
+             * @description Optional receive window in milliseconds. Defaults to 10000.
+             */
+            recvWindow?: number | null;
+        };
+        /** @description Response of `GET /v5/user/query-api`. */
+        BybitQueryUserResponse: {
+            /** @description Bybit account KYC level (`"0"` = none). */
+            kycLevel?: string | null;
+            /** @description Optional free-text label set on the API key. */
+            note?: string | null;
+            /**
+             * @description Master account UID for sub-accounts, `"0"` if the calling key is a
+             * master account.
+             */
+            parentUid: string;
+            /** @description API permissions assigned to the key. */
+            permissions?: unknown;
+            /**
+             * Format: int64
+             * @description Bybit-assigned account UID of the API key.
+             */
+            userID: number;
+            /** @description VIP level. */
+            vipLevel?: string | null;
+            [key: string]: unknown;
+        };
+        /**
+         * @description Bybit-family RPC methods. Each variant authenticates as the
+         * [`KeyType::HmacSha256`] key in its `params.key_id` (which must carry
+         * [`KeyProperties::BybitApi`]).
+         */
+        BybitRpc: {
+            /** @enum {string} */
+            method: "cs_bybitQueryUser";
+            params: components["schemas"]["BybitQueryUserParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_bybitQuerySubMembers";
+            params: components["schemas"]["BybitQuerySubMembersParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_bybitQueryCoinsBalance";
+            params: components["schemas"]["BybitQueryCoinsBalanceParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_bybitQueryDepositAddress";
+            params: components["schemas"]["BybitQueryDepositAddressParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_bybitUniversalTransfer";
+            params: components["schemas"]["BybitUniversalTransferParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_bybitWithdraw";
+            params: components["schemas"]["BybitWithdrawParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_bybitWithdrawals";
+            params: components["schemas"]["BybitWithdrawalsParams"];
+        };
+        /** @description Response returned by the typed `bybit_sign` endpoint. */
+        BybitSignResponse: {
+            /** @description Optional policy evaluation tree. */
+            policy_eval_tree?: unknown;
+        } & {
+            /**
+             * @description The Bybit-bound payload (URL-encoded query for GET, JSON body for
+             * POST). Submitted verbatim by the rpc-api lambda; the payload bytes are
+             * also part of the signing input.
+             */
+            payload: string;
+            /**
+             * Format: int32
+             * @description Effective receive window in milliseconds.
+             */
+            recv_window: number;
+            /**
+             * @description Hex-encoded HMAC-SHA256 signature of
+             * `timestamp || apiKey || recvWindow || payload`. Goes into the
+             * `X-BAPI-SIGN` header.
+             */
+            signature_hex: string;
+            /**
+             * Format: int64
+             * @description Signing timestamp (ms since epoch). Picked by the signer.
+             */
+            timestamp_ms: number;
+        };
+        /** @description One entry in [`BybitQuerySubMembersResponse::sub_members`]. */
+        BybitSubMember: {
+            /**
+             * Format: int32
+             * @description Trading account configuration: `1` Classic, `3` UTA1.0, `4` UTA1.0 Pro,
+             * `5` UTA2.0, `6` UTA2.0 Pro.
+             */
+            accountMode?: number | null;
+            /**
+             * Format: int32
+             * @description Sub-account category: `1` standard, `6` custodial.
+             */
+            memberType?: number | null;
+            /** @description Free-text remark associated with the sub-account. */
+            remark?: string | null;
+            /**
+             * Format: int32
+             * @description Account state: `1` active, `2` login-restricted, `4` frozen.
+             */
+            status?: number | null;
+            /** @description Sub-account UID. */
+            uid: string;
+            /** @description Display name of the sub-account. */
+            username?: string | null;
+            [key: string]: unknown;
+        };
+        /**
+         * @description Parameters envelope for all Bybit RPC variants whose payload schema is
+         * derived from a `*Request` struct. (`BybitQueryUserParams` and
+         * `BybitQuerySubMembersParams` have no per-variant payload and are defined
+         * directly below.)
+         */
+        BybitUniversalTransferParams: components["schemas"]["BybitUniversalTransferRequest"] & {
+            dryRun?: components["schemas"]["BybitDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * Format: int32
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * Specified in milliseconds. If omitted, defaults to 10000.
+             */
+            recvWindow?: number | null;
+        };
+        /** @description Parameters for `POST /v5/asset/transfer/universal-transfer`. */
+        BybitUniversalTransferRequest: {
+            /** @description Amount as a decimal string (e.g. `"1.5"`). Sent verbatim. */
+            amount: string;
+            /** @description Coin symbol (e.g. `"USDT"`). */
+            coin: string;
+            /**
+             * @description Source wallet type. Defaults to `"FUND"` if omitted; the signer
+             * substitutes the default before signing so the signed and submitted
+             * payloads match.
+             */
+            fromAccountType?: string | null;
+            /**
+             * Format: int64
+             * @description Source account UID. For "self", the manager substitutes the caller's
+             * own UID before this struct reaches the signer.
+             */
+            fromMemberId: number;
+            /** @description Destination wallet type. Defaults to `"FUND"` if omitted. */
+            toAccountType?: string | null;
+            /**
+             * Format: int64
+             * @description Destination account UID.
+             */
+            toMemberId: number;
+            /**
+             * @description Client-supplied transfer id (UUID). Bybit echoes it back as the
+             * canonical reference for this transfer.
+             */
+            transferId: string;
+        };
+        /** @description Response of `POST /v5/asset/transfer/universal-transfer`. */
+        BybitUniversalTransferResponse: {
+            /**
+             * @description Transfer state: one of `SUCCESS`, `PENDING`, `FAILED`, or
+             * `STATUS_UNKNOWN`.
+             */
+            status?: string | null;
+            /**
+             * @description UUID Bybit assigned to the transfer; the caller-supplied `transferId`
+             * echoed back.
+             */
+            transferId: string;
+        };
+        /** @description One entry in [`BybitWithdrawalsResponse::rows`]. */
+        BybitWithdrawEntry: {
+            /** @description Withdrawal amount as a decimal string. */
+            amount: string;
+            /** @description Short chain code (e.g. `ETH`, `TRX`). */
+            chain: string;
+            /** @description Coin symbol, uppercase (e.g. `USDT`). */
+            coin: string;
+            /** @description Creation timestamp, in milliseconds since epoch (as a string). */
+            createTime: string;
+            /**
+             * @description Withdrawal state, e.g. `success`, `pending`, `failed`, `cancelled`. See
+             * the Bybit docs for the full set, which depends on `withdraw_type`.
+             */
+            status: string;
+            /** @description Memo / tag for chains that use one (e.g. XRP, EOS). */
+            tag?: string | null;
+            /** @description Destination: an on-chain address, or a Bybit UID for internal transfers. */
+            toAddress: string;
+            /**
+             * @description On-chain transaction hash; empty for failed/cancelled withdrawals and
+             * for in-flight on-chain withdrawals before broadcast.
+             */
+            txId?: string | null;
+            /** @description Timestamp of the most recent status change, in milliseconds since epoch. */
+            updateTime: string;
+            /** @description Network / processing fee charged for the withdrawal, as a decimal string. */
+            withdrawFee: string;
+            /** @description Bybit-assigned withdrawal id. */
+            withdrawId: string;
+            /**
+             * Format: int32
+             * @description Withdrawal classification: `0` on-chain, `1` off-chain (internal).
+             */
+            withdrawType?: number | null;
+            [key: string]: unknown;
+        };
+        /**
+         * @description Parameters envelope for all Bybit RPC variants whose payload schema is
+         * derived from a `*Request` struct. (`BybitQueryUserParams` and
+         * `BybitQuerySubMembersParams` have no per-variant payload and are defined
+         * directly below.)
+         */
+        BybitWithdrawParams: components["schemas"]["BybitWithdrawRequest"] & {
+            dryRun?: components["schemas"]["BybitDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * Format: int32
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * Specified in milliseconds. If omitted, defaults to 10000.
+             */
+            recvWindow?: number | null;
+        };
+        /** @description Parameters for `POST /v5/asset/withdraw/create`. Master-only. */
+        BybitWithdrawRequest: {
+            /**
+             * @description Source wallet (`"FUND"` or `"SPOT"`). Defaults to Bybit's account-level
+             * default when omitted.
+             */
+            accountType?: string | null;
+            /** @description Destination address. Must already be in Bybit's address book. */
+            address: string;
+            /** @description Amount as a decimal string. Sent verbatim. */
+            amount: string;
+            /** @description Network identifier (e.g. `"ETH"`, `"TRX"`). Required by Bybit. */
+            chain: string;
+            /** @description Coin symbol (e.g. `"USDT"`, `"BTC"`). */
+            coin: string;
+            /**
+             * Format: int32
+             * @description Force-chain flag: `0` (default), `1`, or `2`. See Bybit docs.
+             */
+            forceChain?: number | null;
+            /** @description Client-supplied request id (UUID). Used by Bybit for idempotency. */
+            requestId: string;
+            /** @description Optional memo / tag (e.g. for XRP, XLM). */
+            tag?: string | null;
+            /**
+             * Format: int64
+             * @description Server-supplied timestamp (ms since epoch). Set by the signer just before
+             * signing; clients leave this `None` (because the server will ignore it anyway).
+             */
+            timestamp?: number | null;
+        };
+        /** @description Response of `POST /v5/asset/withdraw/create`. */
+        BybitWithdrawResponse: {
+            /** @description Bybit-assigned withdrawal id. */
+            id: string;
+        };
+        /**
+         * @description Parameters envelope for all Bybit RPC variants whose payload schema is
+         * derived from a `*Request` struct. (`BybitQueryUserParams` and
+         * `BybitQuerySubMembersParams` have no per-variant payload and are defined
+         * directly below.)
+         */
+        BybitWithdrawalsParams: components["schemas"]["BybitWithdrawalsRequest"] & {
+            dryRun?: components["schemas"]["BybitDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * Format: int32
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * Specified in milliseconds. If omitted, defaults to 10000.
+             */
+            recvWindow?: number | null;
+        };
+        /** @description Parameters for `GET /v5/asset/withdraw/query-record`. */
+        BybitWithdrawalsRequest: {
+            /** @description Filter by coin symbol. */
+            coin?: string | null;
+            /**
+             * Format: int32
+             * @description Page size.
+             */
+            limit?: number | null;
+            /**
+             * @description Filter by Bybit-assigned withdrawal id (the `id` returned by
+             * [`BybitRpc::Withdraw`]).
+             */
+            withdrawID?: string | null;
+        };
+        /** @description Response of `GET /v5/asset/withdraw/query-record`. */
+        BybitWithdrawalsResponse: {
+            /**
+             * @description Opaque cursor to pass back as `cursor` on the next request to fetch
+             * the next page; absent on the last page.
+             */
+            nextPageCursor?: string | null;
+            /** @description Withdrawal records matching the query. */
+            rows: components["schemas"]["BybitWithdrawEntry"][];
+        };
         CancelInvitationRequest: {
             email: components["schemas"]["Email"];
         };
+        /** @description Parameters for the [`cs_cancelTransaction`](RpcMethod::CancelTransaction) method. */
+        CancelTransactionRequest: {
+            /** @description The transaction id. */
+            id: string;
+        };
         /**
          * @description Supported Canton environments.
          * @enum {string}
@@ -3461,6 +3999,8 @@ export interface components {
             withdrawFee?: string | null;
             /** @description Step size for withdrawal amounts, as a decimal string. */
             withdrawIntegerMultiple?: string | null;
+            /** @description Minimum internal transfer amount */
+            withdrawInternalMin?: string | null;
             /** @description Maximum withdrawal amount, as a decimal string. */
             withdrawMax?: string | null;
             /** @description Minimum withdrawal amount, as a decimal string. */
@@ -4038,6 +4578,11 @@ export interface components {
                 method: "cs_retryTransaction";
                 params: components["schemas"]["RetryTransactionRequest"];
             },
+            {
+                /** @enum {string} */
+                method: "cs_cancelTransaction";
+                params: components["schemas"]["CancelTransactionRequest"];
+            },
             {
                 /** @enum {string} */
                 method: "cs_getTransaction";
@@ -4081,6 +4626,121 @@ export interface components {
             /** @description Custom EVM chains. */
             evm: components["schemas"]["EvmCustomChain"][];
         };
+        /** @description One deposit entry in [`DepositHistoryResponse`]. */
+        DepositHistoryEntry: {
+            /** @description Destination address the deposit was sent to. */
+            address: string;
+            /**
+             * @description Secondary address identifier (e.g. memo for XRP, tag for XLM). Empty
+             * string when the asset does not use one.
+             */
+            addressTag?: string | null;
+            /** @description Deposit amount, as a decimal string. */
+            amount: string;
+            /** @description Asset symbol (e.g. `"USDT"`, `"BTC"`). */
+            coin: string;
+            /**
+             * Format: int64
+             * @description Represents deposit completion datetime, available for deposits after 6-Mar-2025.
+             */
+            completeTime?: number | null;
+            /** @description On-chain confirmation progress (e.g. `"1/1"`). */
+            confirmTimes?: string | null;
+            /** @description Binance-assigned deposit id. */
+            id?: string | null;
+            /**
+             * Format: int64
+             * @description Time the deposit record was created (ms since epoch).
+             */
+            insertTime: number;
+            /** @description Blockchain network identifier (e.g. `"BSC"`, `"ETH"`). */
+            network: string;
+            /** @description Returned when 'includeSource' in the request is set to true */
+            sourceAddress?: string | null;
+            /**
+             * Format: int32
+             * @description Deposit status. Binance values: `0` = pending, `6` = credited but
+             * cannot withdraw, `7` = wrong deposit, `8` = waiting user confirm,
+             * `1` = success. Left as `u8` for forward compatibility.
+             */
+            status: number;
+            /**
+             * Format: int32
+             * @description `0` = external transfer, `1` = internal (Binance↔Binance) transfer.
+             */
+            transferType: number;
+            /**
+             * Format: int32
+             * @description 0: travel rule not required OR info already provided and funds ready to use;
+             * 1: travel rule required to provide deposit info
+             */
+            travelRuleStatus: number;
+            /** @description On-chain transaction hash of the deposit. */
+            txId: string;
+            /**
+             * Format: int32
+             * @description Confirmations after which the deposit is unlocked for trading.
+             */
+            unlockConfirm?: number | null;
+            /**
+             * Format: int32
+             * @description Destination wallet: `0` = spot wallet, `1` = funding wallet.
+             */
+            walletType: number;
+        };
+        /**
+         * @description Parameters for `GET /sapi/v1/capital/deposit/hisrec`.
+         *
+         * Returns the calling account's deposit history. All filters are optional;
+         * if `start_time`/`end_time` are omitted, Binance returns the most recent 90
+         * days. Use `tx_id` to look up a specific deposit by its on-chain
+         * transaction hash, or `coin`/`status` to narrow the result set.
+         */
+        DepositHistoryRequest: {
+            /** @description Filter to a specific asset (e.g. `"USDT"`, `"BTC"`). */
+            coin?: string | null;
+            /**
+             * Format: int64
+             * @description Window end (ms since epoch, Binance default: present timestamp).
+             */
+            endTime?: number | null;
+            /**
+             * @description If `true`, include the deposit's source address in each entry. Binance
+             * defaults to `false`.
+             */
+            includeSource?: boolean | null;
+            /**
+             * Format: int32
+             * @description Page size (Binance default and max: 1000).
+             */
+            limit?: number | null;
+            /**
+             * Format: int32
+             * @description Pagination offset (Binance default: 0).
+             */
+            offset?: number | null;
+            /**
+             * Format: int64
+             * @description Window start (ms since epoch, Binance default: 90 days from current timestamp).
+             */
+            startTime?: number | null;
+            /**
+             * Format: int32
+             * @description Filter by deposit status. Binance values: `0` = pending, `6` = credited
+             * but cannot withdraw, `7` = wrong deposit, `8` = waiting user confirm,
+             * `1` = success, `2` = rejected. Left as `u8` for forward compatibility.
+             */
+            status?: number | null;
+            /** @description Look up a specific deposit by its on-chain transaction hash. */
+            txId?: string | null;
+        };
+        /**
+         * @description Response returned by `cs_binanceDepositHistory`.
+         *
+         * Binance returns a top-level JSON array; this newtype preserves that wire
+         * format while giving the response a named type in the OpenAPI schema.
+         */
+        DepositHistoryResponse: components["schemas"]["DepositHistoryEntry"][];
         /**
          * @description Parameters for `GET /sapi/v1/capital/deposit/address`.
          *
@@ -4105,7 +4765,7 @@ export interface components {
         DepositResponse: {
             /** @description Deposit address. */
             address: string;
-            /** @description Asset symbol (echoes [`DepositRequest::coin`]). */
+            /** @description Asset symbol (echoes the request's `coin` field). */
             coin: string;
             /**
              * @description Secondary address identifier required by some assets (e.g. memo for
@@ -4926,7 +5586,7 @@ export interface components {
          * @description Explicitly named scopes for accessing CubeSigner APIs
          * @enum {string}
          */
-        ExplicitScope: "sign:*" | "sign:ava" | "sign:binance:*" | "sign:binance:subToMaster" | "sign:binance:subToSub" | "sign:binance:universalTransfer" | "sign:binance:subAccountAssets" | "sign:binance:accountInfo" | "sign:binance:subAccountTransferHistory" | "sign:binance:universalTransferHistory" | "sign:binance:withdraw" | "sign:binance:withdrawHistory" | "sign:binance:deposit" | "sign:binance:listSubAccounts" | "sign:binance:coinInfo" | "sign:coinbase:*" | "sign:coinbase:accounts:list" | "sign:coinbase:portfolios:list" | "sign:coinbase:funds:move" | "sign:blob" | "sign:diffieHellman" | "sign:btc:*" | "sign:btc:segwit" | "sign:btc:taproot" | "sign:btc:psbt:*" | "sign:btc:psbt:doge" | "sign:btc:psbt:legacy" | "sign:btc:psbt:segwit" | "sign:btc:psbt:taproot" | "sign:btc:psbt:ltcSegwit" | "sign:btc:message:*" | "sign:btc:message:segwit" | "sign:btc:message:legacy" | "sign:babylon:*" | "sign:babylon:eots:*" | "sign:babylon:eots:nonces" | "sign:babylon:eots:sign" | "sign:babylon:staking:*" | "sign:babylon:staking:deposit" | "sign:babylon:staking:unbond" | "sign:babylon:staking:withdraw" | "sign:babylon:staking:slash" | "sign:babylon:registration" | "sign:babylon:covenant" | "sign:evm:*" | "sign:evm:tx" | "sign:evm:eip191" | "sign:evm:eip712" | "sign:eth2:*" | "sign:eth2:validate" | "sign:eth2:stake" | "sign:eth2:unstake" | "sign:solana" | "sign:sui" | "sign:tendermint" | "sign:mmi" | "manage:*" | "manage:readonly" | "manage:email:*" | "manage:email:get" | "manage:email:update" | "manage:email:delete" | "manage:mfa:*" | "manage:mfa:readonly" | "manage:mfa:list" | "manage:mfa:vote:*" | "manage:mfa:vote:cs" | "manage:mfa:vote:email" | "manage:mfa:vote:fido" | "manage:mfa:vote:totp" | "manage:mfa:register:*" | "manage:mfa:register:fido" | "manage:mfa:register:totp" | "manage:mfa:register:email" | "manage:mfa:unregister:*" | "manage:mfa:unregister:fido" | "manage:mfa:unregister:totp" | "manage:mfa:verify:*" | "manage:mfa:verify:totp" | "manage:key:*" | "manage:key:readonly" | "manage:key:get" | "manage:key:attest" | "manage:key:listRoles" | "manage:key:list" | "manage:key:history:tx:list" | "manage:key:create" | "manage:key:import" | "manage:key:update:*" | "manage:key:update:owner" | "manage:key:update:policy" | "manage:key:update:enabled" | "manage:key:update:region" | "manage:key:update:metadata" | "manage:key:update:properties" | "manage:key:update:editPolicy" | "manage:key:delete" | "manage:policy:*" | "manage:policy:readonly" | "manage:policy:create" | "manage:policy:get" | "manage:policy:list" | "manage:policy:delete" | "manage:policy:update:*" | "manage:policy:update:owner" | "manage:policy:update:name" | "manage:policy:update:acl" | "manage:policy:update:editPolicy" | "manage:policy:update:metadata" | "manage:policy:update:rule" | "manage:policy:invoke" | "manage:policy:wasm:*" | "manage:policy:wasm:upload" | "manage:policy:secrets:*" | "manage:policy:secrets:get" | "manage:policy:secrets:update:*" | "manage:policy:secrets:update:values" | "manage:policy:secrets:update:acl" | "manage:policy:secrets:update:editPolicy" | "manage:policy:buckets:*" | "manage:policy:buckets:get" | "manage:policy:buckets:list" | "manage:policy:buckets:update:*" | "manage:policy:buckets:update:owner" | "manage:policy:buckets:update:acl" | "manage:policy:buckets:update:metadata" | "manage:contact:*" | "manage:contact:readonly" | "manage:contact:create" | "manage:contact:get" | "manage:contact:list" | "manage:contact:delete" | "manage:contact:update:*" | "manage:contact:update:name" | "manage:contact:update:addresses" | "manage:contact:update:owner" | "manage:contact:update:labels" | "manage:contact:update:metadata" | "manage:contact:update:editPolicy" | "manage:contact:lookup:*" | "manage:contact:lookup:address" | "manage:policy:createImportKey" | "manage:role:*" | "manage:role:readonly" | "manage:role:create" | "manage:role:delete" | "manage:role:get:*" | "manage:role:attest" | "manage:role:get:keys" | "manage:role:get:keys:list" | "manage:role:get:keys:get" | "manage:role:get:users" | "manage:role:list" | "manage:role:update:*" | "manage:role:update:enabled" | "manage:role:update:policy" | "manage:role:update:editPolicy" | "manage:role:update:actions" | "manage:role:update:key:*" | "manage:role:update:key:add" | "manage:role:update:key:remove" | "manage:role:update:user:*" | "manage:role:update:user:add" | "manage:role:update:user:remove" | "manage:role:history:tx:list" | "manage:identity:*" | "manage:identity:readonly" | "manage:identity:verify" | "manage:identity:add" | "manage:identity:remove" | "manage:identity:list" | "manage:org:*" | "manage:org:create" | "manage:org:metrics:query" | "manage:org:audit:query" | "manage:org:readonly" | "manage:org:addUser" | "manage:org:inviteUser" | "manage:org:inviteAlien" | "manage:org:invitation:list" | "manage:org:invitation:cancel" | "manage:org:updateMembership:*" | "manage:org:updateMembership:owner" | "manage:org:updateMembership:member" | "manage:org:updateMembership:alien" | "manage:org:listUsers" | "manage:org:user:get" | "manage:org:deleteUser:*" | "manage:org:deleteUser:owner" | "manage:org:deleteUser:member" | "manage:org:deleteUser:alien" | "manage:org:get" | "manage:org:update:*" | "manage:org:update:enabled" | "manage:org:update:policy" | "manage:org:update:signPolicy" | "manage:org:update:export" | "manage:org:update:totpFailureLimit" | "manage:org:update:notificationEndpoints" | "manage:org:update:defaultInviteKind" | "manage:org:update:idpConfiguration" | "manage:org:update:passkeyConfiguration" | "manage:org:update:emailPreferences" | "manage:org:update:historicalData" | "manage:org:update:requireScopeCeiling" | "manage:org:update:alienLoginRequirement" | "manage:org:update:memberLoginRequirement" | "manage:org:update:keyExportRequirement" | "manage:org:update:allowedMfaTypes" | "manage:org:update:policyEngineConf" | "manage:org:update:customChains" | "manage:org:update:extProps" | "manage:org:update:editPolicy" | "manage:org:user:resetMfa" | "manage:session:*" | "manage:session:readonly" | "manage:session:get" | "manage:session:list" | "manage:session:create" | "manage:session:extend" | "manage:session:revoke" | "manage:export:*" | "manage:export:readonly" | "manage:export:org:*" | "manage:export:org:get" | "manage:export:user:*" | "manage:export:user:delete" | "manage:export:user:list" | "manage:authMigration:*" | "manage:authMigration:identity:add" | "manage:authMigration:identity:remove" | "manage:authMigration:user:update" | "manage:mmi:*" | "manage:mmi:readonly" | "manage:mmi:get" | "manage:mmi:list" | "manage:mmi:reject" | "manage:mmi:delete" | "export:*" | "export:user:*" | "export:user:init" | "export:user:complete" | "mmi:*" | "orgAccess:*" | "orgAccess:child:*" | "rpc:*" | "rpc:createTransaction:*" | "rpc:createTransaction:evm" | "rpc:retryTransaction" | "rpc:getTransaction" | "rpc:listTransactions" | "rpc:binance" | "rpc:coinbase";
+        ExplicitScope: "sign:*" | "sign:ava" | "sign:binance:*" | "sign:binance:subToMaster" | "sign:binance:subToSub" | "sign:binance:universalTransfer" | "sign:binance:subAccountAssets" | "sign:binance:accountInfo" | "sign:binance:subAccountTransferHistory" | "sign:binance:universalTransferHistory" | "sign:binance:withdraw" | "sign:binance:withdrawHistory" | "sign:binance:deposit" | "sign:binance:depositHistory" | "sign:binance:listSubAccounts" | "sign:binance:coinInfo" | "sign:bybit:*" | "sign:bybit:queryUser" | "sign:bybit:querySubMembers" | "sign:bybit:queryCoinsBalance" | "sign:bybit:queryDepositAddress" | "sign:bybit:universalTransfer" | "sign:bybit:withdraw" | "sign:bybit:withdrawals" | "sign:coinbase:*" | "sign:coinbase:accounts:list" | "sign:coinbase:portfolios:list" | "sign:coinbase:funds:move" | "sign:blob" | "sign:diffieHellman" | "sign:btc:*" | "sign:btc:segwit" | "sign:btc:taproot" | "sign:btc:psbt:*" | "sign:btc:psbt:doge" | "sign:btc:psbt:legacy" | "sign:btc:psbt:segwit" | "sign:btc:psbt:taproot" | "sign:btc:psbt:ltcSegwit" | "sign:btc:message:*" | "sign:btc:message:segwit" | "sign:btc:message:legacy" | "sign:babylon:*" | "sign:babylon:eots:*" | "sign:babylon:eots:nonces" | "sign:babylon:eots:sign" | "sign:babylon:staking:*" | "sign:babylon:staking:deposit" | "sign:babylon:staking:unbond" | "sign:babylon:staking:withdraw" | "sign:babylon:staking:slash" | "sign:babylon:registration" | "sign:babylon:covenant" | "sign:evm:*" | "sign:evm:tx" | "sign:evm:eip191" | "sign:evm:eip712" | "sign:eth2:*" | "sign:eth2:validate" | "sign:eth2:stake" | "sign:eth2:unstake" | "sign:solana" | "sign:sui" | "sign:tendermint" | "sign:mmi" | "manage:*" | "manage:readonly" | "manage:email:*" | "manage:email:get" | "manage:email:update" | "manage:email:delete" | "manage:mfa:*" | "manage:mfa:readonly" | "manage:mfa:list" | "manage:mfa:vote:*" | "manage:mfa:vote:cs" | "manage:mfa:vote:email" | "manage:mfa:vote:fido" | "manage:mfa:vote:totp" | "manage:mfa:register:*" | "manage:mfa:register:fido" | "manage:mfa:register:totp" | "manage:mfa:register:email" | "manage:mfa:unregister:*" | "manage:mfa:unregister:fido" | "manage:mfa:unregister:totp" | "manage:mfa:verify:*" | "manage:mfa:verify:totp" | "manage:key:*" | "manage:key:readonly" | "manage:key:get" | "manage:key:attest" | "manage:key:listRoles" | "manage:key:list" | "manage:key:history:tx:list" | "manage:key:create" | "manage:key:import" | "manage:key:update:*" | "manage:key:update:owner" | "manage:key:update:policy" | "manage:key:update:enabled" | "manage:key:update:region" | "manage:key:update:metadata" | "manage:key:update:properties" | "manage:key:update:editPolicy" | "manage:key:delete" | "manage:policy:*" | "manage:policy:readonly" | "manage:policy:create" | "manage:policy:get" | "manage:policy:list" | "manage:policy:delete" | "manage:policy:update:*" | "manage:policy:update:owner" | "manage:policy:update:name" | "manage:policy:update:acl" | "manage:policy:update:editPolicy" | "manage:policy:update:metadata" | "manage:policy:update:rule" | "manage:policy:invoke" | "manage:policy:wasm:*" | "manage:policy:wasm:upload" | "manage:policy:secrets:*" | "manage:policy:secrets:get" | "manage:policy:secrets:update:*" | "manage:policy:secrets:update:values" | "manage:policy:secrets:update:acl" | "manage:policy:secrets:update:editPolicy" | "manage:policy:buckets:*" | "manage:policy:buckets:get" | "manage:policy:buckets:list" | "manage:policy:buckets:update:*" | "manage:policy:buckets:update:owner" | "manage:policy:buckets:update:acl" | "manage:policy:buckets:update:metadata" | "manage:contact:*" | "manage:contact:readonly" | "manage:contact:create" | "manage:contact:get" | "manage:contact:list" | "manage:contact:delete" | "manage:contact:update:*" | "manage:contact:update:name" | "manage:contact:update:addresses" | "manage:contact:update:owner" | "manage:contact:update:labels" | "manage:contact:update:metadata" | "manage:contact:update:editPolicy" | "manage:contact:lookup:*" | "manage:contact:lookup:address" | "manage:policy:createImportKey" | "manage:role:*" | "manage:role:readonly" | "manage:role:create" | "manage:role:delete" | "manage:role:get:*" | "manage:role:attest" | "manage:role:get:keys" | "manage:role:get:keys:list" | "manage:role:get:keys:get" | "manage:role:get:users" | "manage:role:list" | "manage:role:update:*" | "manage:role:update:enabled" | "manage:role:update:policy" | "manage:role:update:editPolicy" | "manage:role:update:actions" | "manage:role:update:key:*" | "manage:role:update:key:add" | "manage:role:update:key:remove" | "manage:role:update:user:*" | "manage:role:update:user:add" | "manage:role:update:user:remove" | "manage:role:history:tx:list" | "manage:identity:*" | "manage:identity:readonly" | "manage:identity:verify" | "manage:identity:add" | "manage:identity:remove" | "manage:identity:list" | "manage:org:*" | "manage:org:create" | "manage:org:metrics:query" | "manage:org:audit:query" | "manage:org:readonly" | "manage:org:addUser" | "manage:org:inviteUser" | "manage:org:inviteAlien" | "manage:org:invitation:list" | "manage:org:invitation:cancel" | "manage:org:updateMembership:*" | "manage:org:updateMembership:owner" | "manage:org:updateMembership:member" | "manage:org:updateMembership:alien" | "manage:org:listUsers" | "manage:org:user:get" | "manage:org:deleteUser:*" | "manage:org:deleteUser:owner" | "manage:org:deleteUser:member" | "manage:org:deleteUser:alien" | "manage:org:get" | "manage:org:update:*" | "manage:org:update:enabled" | "manage:org:update:policy" | "manage:org:update:signPolicy" | "manage:org:update:export" | "manage:org:update:totpFailureLimit" | "manage:org:update:notificationEndpoints" | "manage:org:update:defaultInviteKind" | "manage:org:update:idpConfiguration" | "manage:org:update:passkeyConfiguration" | "manage:org:update:emailPreferences" | "manage:org:update:historicalData" | "manage:org:update:requireScopeCeiling" | "manage:org:update:alienLoginRequirement" | "manage:org:update:memberLoginRequirement" | "manage:org:update:keyExportRequirement" | "manage:org:update:allowedMfaTypes" | "manage:org:update:policyEngineConf" | "manage:org:update:customChains" | "manage:org:update:extProps" | "manage:org:update:editPolicy" | "manage:org:user:resetMfa" | "manage:session:*" | "manage:session:readonly" | "manage:session:get" | "manage:session:list" | "manage:session:create" | "manage:session:extend" | "manage:session:revoke" | "manage:export:*" | "manage:export:readonly" | "manage:export:org:*" | "manage:export:org:get" | "manage:export:user:*" | "manage:export:user:delete" | "manage:export:user:list" | "manage:authMigration:*" | "manage:authMigration:identity:add" | "manage:authMigration:identity:remove" | "manage:authMigration:user:update" | "manage:mmi:*" | "manage:mmi:readonly" | "manage:mmi:get" | "manage:mmi:list" | "manage:mmi:reject" | "manage:mmi:delete" | "export:*" | "export:user:*" | "export:user:init" | "export:user:complete" | "mmi:*" | "orgAccess:*" | "orgAccess:child:*" | "rpc:*" | "rpc:createTransaction:*" | "rpc:createTransaction:evm" | "rpc:retryTransaction" | "rpc:cancelTransaction" | "rpc:getTransaction" | "rpc:listTransactions" | "rpc:binance" | "rpc:bybit" | "rpc:coinbase";
         /**
          * @description This type specifies the interpretation of the `fee` field in Babylon
          * staking requests. If `sats`, the field is intpreted as a fixed value
@@ -4982,7 +5642,7 @@ export interface components {
             request_device_identifier?: boolean;
         };
         /** @enum {string} */
-        ForbiddenErrorCode: "AlienKeyCreate" | "CannotAssumeIdentity" | "SentryDisallowed" | "PasskeyLoginDisabled" | "PasskeyNotRegistered" | "CannotCreateOrg" | "WrongMfaEmailOtpJwt" | "OrgFlagNotSet" | "FidoRequiredToRemoveTotp" | "OidcIdentityLimitReached" | "OidcScopeCeilingMissing" | "OidcIssuerNotAllowedForMemberRole" | "OidcNoMemberRolesAllowed" | "EmailOtpNotConfigured" | "MfaChallengeExpired" | "ChainIdNotAllowed" | "InvalidOrg" | "OrgIdMismatch" | "SessionForWrongOrg" | "SelfDelete" | "SelfDisable" | "InvalidOrgMembershipRoleChange" | "UserDisabled" | "OrgDisabled" | "OrgNotFound" | "OrgWithoutOwner" | "OrphanedUser" | "OidcUserNotFound" | "UserNotInOrg" | "UserNotOrgOwner" | "UserNotKeyOwner" | "InvalidRole" | "DisabledRole" | "KeyDisabled" | "KeyNotInRole" | "ContactNotInOrg" | "UserExportRequestNotInOrg" | "UserExportRequestInvalid" | "UserExportDisabled" | "UserNotOriginalKeyOwner" | "UserNotInRole" | "MustBeFullMember" | "SessionExpired" | "SessionChanged" | "SessionRevoked" | "ExpectedUserSession" | "SessionRoleChanged" | "ScopedNameNotFound" | "SessionInvalidEpochToken" | "SessionInvalidRefreshToken" | "SessionRefreshTokenExpired" | "InvalidAuthHeader" | "SessionNotFound" | "InvalidArn" | "SessionInvalidAuthToken" | "SessionAuthTokenExpired" | "SessionPossiblyStolenToken" | "MfaDisallowedIdentity" | "MfaDisallowedApprover" | "MfaTypeNotAllowed" | "MfaNotApprovedYet" | "MfaConfirmationCodeMismatch" | "MfaHttpRequestMismatch" | "MfaRemoveBelowMin" | "MfaOrgRequirementNotMet" | "MfaRegistrationDisallowed" | "TotpAlreadyConfigured" | "TotpConfigurationChanged" | "MfaTotpBadConfiguration" | "MfaTotpBadCode" | "MfaTotpRateLimit" | "ImproperSessionScope" | "FullSessionRequired" | "SessionWithoutAnyScopeUnder" | "UserRoleUnprivileged" | "MemberRoleForbidden" | "MfaNotConfigured" | "RemoveLastOidcIdentity" | "OperationNotAllowed" | "OrgExportRetrievalDisabled" | "ChangingKeyExportRequirementIsDisabled" | "AutoAddBlsKeyToProtectedRole" | "UserNotPolicyOwner" | "UserNotContactOwner" | "UserNotBucketOwner" | "LegacySessionCannotHaveScopeCeiling" | "RoleInParentOrgNotAllowed" | "RemoveKeyFromRoleUserNotAllowed" | "SiweChallengeExpired" | "SiweMessageNotValid" | "SiweMessageInvalidSignature" | "Acl";
+        ForbiddenErrorCode: "AlienKeyCreate" | "CannotAssumeIdentity" | "SentryDisallowed" | "PasskeyLoginDisabled" | "PasskeyNotRegistered" | "CannotCreateOrg" | "WrongMfaEmailOtpJwt" | "OrgFlagNotSet" | "FidoRequiredToRemoveTotp" | "OidcIdentityLimitReached" | "OidcScopeCeilingMissing" | "OidcIssuerNotAllowedForMemberRole" | "OidcNoMemberRolesAllowed" | "EmailOtpNotConfigured" | "MfaChallengeExpired" | "ChainIdNotAllowed" | "InvalidOrg" | "OrgIdMismatch" | "SessionForWrongOrg" | "SelfDelete" | "SelfDisable" | "InvalidOrgMembershipRoleChange" | "UserDisabled" | "OrgDisabled" | "OrgNotFound" | "OrgWithoutOwner" | "OrphanedUser" | "OidcUserNotFound" | "UserNotInOrg" | "UserNotOrgOwner" | "UserNotKeyOwner" | "InvalidRole" | "DisabledRole" | "KeyDisabled" | "KeyNotInRole" | "ContactNotInOrg" | "UserExportRequestNotInOrg" | "UserExportRequestInvalid" | "UserExportDisabled" | "UserNotOriginalKeyOwner" | "UserNotInRole" | "MustBeFullMember" | "SessionExpired" | "SessionChanged" | "SessionRevoked" | "ExpectedUserSession" | "SessionRoleChanged" | "ScopedNameNotFound" | "SessionInvalidEpochToken" | "SessionInvalidRefreshToken" | "SessionRefreshTokenExpired" | "InvalidAuthHeader" | "SessionNotFound" | "InvalidArn" | "SessionInvalidAuthToken" | "SessionAuthTokenExpired" | "SessionPossiblyStolenToken" | "MfaDisallowedIdentity" | "MfaDisallowedApprover" | "MfaTypeNotAllowed" | "MfaNotApprovedYet" | "MfaConfirmationCodeMismatch" | "MfaHttpRequestMismatch" | "MfaRemoveBelowMin" | "MfaOrgRequirementNotMet" | "MfaRegistrationDisallowed" | "TotpAlreadyConfigured" | "TotpConfigurationChanged" | "MfaTotpBadConfiguration" | "MfaTotpBadCode" | "MfaTotpRateLimit" | "ImproperSessionScope" | "FullSessionRequired" | "SessionWithoutAnyScopeUnder" | "UserRoleUnprivileged" | "MemberRoleForbidden" | "MfaNotConfigured" | "RemoveLastOidcIdentity" | "OperationNotAllowed" | "OrgExportRetrievalDisabled" | "ChangingKeyExportRequirementIsDisabled" | "AutoAddBlsKeyToProtectedRole" | "UserNotPolicyOwner" | "UserNotContactOwner" | "UserNotBucketOwner" | "LegacySessionCannotHaveScopeCeiling" | "RoleInParentOrgNotAllowed" | "RemoveKeyFromRoleUserNotAllowed" | "SiweChallengeExpired" | "SiweMessageNotValid" | "SiweMessageInvalidSignature" | "SiwsChallengeExpired" | "SiwsMessageInvalid" | "Acl";
         /**
          * @description Specifies a fork of the `BeaconChain`, to prevent replay attacks.
          * The schema of `Fork` is defined in the [Beacon chain
@@ -5400,7 +6060,7 @@ export interface components {
             result?: Record<string, unknown> | null;
         };
         /** @description Valid `result` from the JSON-RPC API. */
-        JsonRpcResult: components["schemas"]["TransactionInfo"] | components["schemas"]["ListTransactionsPaginatedResponse"] | components["schemas"]["SubAccountTransferResponse"] | components["schemas"]["UniversalTransferResponse"] | components["schemas"]["SubAccountAssetsResponse"] | components["schemas"]["AccountInfoResponse"] | components["schemas"]["SubAccountTransferHistoryResponse"] | components["schemas"]["UniversalTransferHistoryResponse"] | components["schemas"]["WithdrawResponse"] | components["schemas"]["WithdrawHistoryResponse"] | components["schemas"]["DepositResponse"] | components["schemas"]["ListSubAccountsResponse"] | components["schemas"]["CoinInfoResponse"] | components["schemas"]["CoinbaseListAccountsResponse"] | components["schemas"]["CoinbaseListPortfoliosResponse"] | components["schemas"]["CoinbaseMoveFundsResponse"];
+        JsonRpcResult: components["schemas"]["TransactionInfo"] | components["schemas"]["ListTransactionsPaginatedResponse"] | components["schemas"]["SubAccountTransferResponse"] | components["schemas"]["UniversalTransferResponse"] | components["schemas"]["SubAccountAssetsResponse"] | components["schemas"]["AccountInfoResponse"] | components["schemas"]["SubAccountTransferHistoryResponse"] | components["schemas"]["UniversalTransferHistoryResponse"] | components["schemas"]["WithdrawResponse"] | components["schemas"]["WithdrawHistoryResponse"] | components["schemas"]["DepositResponse"] | components["schemas"]["DepositHistoryResponse"] | components["schemas"]["ListSubAccountsResponse"] | components["schemas"]["CoinInfoResponse"] | components["schemas"]["BybitQueryUserResponse"] | components["schemas"]["BybitQuerySubMembersResponse"] | components["schemas"]["BybitQueryCoinsBalanceResponse"] | components["schemas"]["BybitQueryDepositAddressResponse"] | components["schemas"]["BybitUniversalTransferResponse"] | components["schemas"]["BybitWithdrawResponse"] | components["schemas"]["BybitWithdrawalsResponse"] | components["schemas"]["CoinbaseListAccountsResponse"] | components["schemas"]["CoinbaseListPortfoliosResponse"] | components["schemas"]["CoinbaseMoveFundsResponse"];
         JwkSetResponse: {
             /** @description The keys included in this set */
             keys: Record<string, never>[];
@@ -5547,10 +6207,14 @@ export interface components {
             components["schemas"]["CoinbaseApiPropertiesPatch"] & {
                 /** @enum {string} */
                 kind: "CoinbaseApi";
+            },
+            components["schemas"]["BybitApiPropertiesPatch"] & {
+                /** @enum {string} */
+                kind: "BybitApi";
             }
         ]>;
         /** @enum {string} */
-        KeyType: "SecpEthAddr" | "SecpBtc" | "SecpBtcTest" | "SecpBtcLegacy" | "SecpBtcLegacyTest" | "SecpAvaAddr" | "SecpAvaTestAddr" | "BlsPub" | "BlsInactive" | "BlsAvaIcm" | "Ed25519SolanaAddr" | "Ed25519SuiAddr" | "Ed25519AptosAddr" | "Ed25519CardanoAddrVk" | "Ed25519StellarAddr" | "Ed25519SubstrateAddr" | "Ed25519CantonAddr" | "Ed25519BinanceApi" | "Ed25519CoinbaseApi" | "Mnemonic" | "Stark" | "BabylonEots" | "BabylonCov" | "TaprootBtc" | "TaprootBtcTest" | "SecpCosmosAddr" | "P256CosmosAddr" | "P256OntologyAddr" | "P256Neo3Addr" | "Ed25519TendermintAddr" | "SecpTronAddr" | "Ed25519TonAddr" | "SecpDogeAddr" | "SecpDogeTestAddr" | "SecpKaspaAddr" | "SecpKaspaTestAddr" | "SchnorrKaspaAddr" | "SchnorrKaspaTestAddr" | "SecpLtc" | "SecpLtcTest" | "SecpXrpAddr" | "Ed25519XrpAddr" | "BabyJubjub";
+        KeyType: "SecpEthAddr" | "SecpBtc" | "SecpBtcTest" | "SecpBtcLegacy" | "SecpBtcLegacyTest" | "SecpAvaAddr" | "SecpAvaTestAddr" | "BlsPub" | "BlsInactive" | "BlsAvaIcm" | "Ed25519SolanaAddr" | "Ed25519SuiAddr" | "Ed25519AptosAddr" | "Ed25519CardanoAddrVk" | "Ed25519StellarAddr" | "Ed25519SubstrateAddr" | "Ed25519CantonAddr" | "Ed25519BinanceApi" | "Ed25519CoinbaseApi" | "Mnemonic" | "Stark" | "BabylonEots" | "BabylonCov" | "TaprootBtc" | "TaprootBtcTest" | "SecpCosmosAddr" | "P256CosmosAddr" | "P256OntologyAddr" | "P256Neo3Addr" | "Ed25519TendermintAddr" | "SecpTronAddr" | "Ed25519TonAddr" | "SecpDogeAddr" | "SecpDogeTestAddr" | "SecpKaspaAddr" | "SecpKaspaTestAddr" | "SchnorrKaspaAddr" | "SchnorrKaspaTestAddr" | "SecpLtc" | "SecpLtcTest" | "SecpXrpAddr" | "Ed25519XrpAddr" | "BabyJubjub" | "HmacSha256";
         KeyTypeAndDerivationPath: {
             /**
              * @description List of derivation paths for which to derive.
@@ -6023,7 +6687,7 @@ export interface components {
          * @description All different kinds of sensitive operations
          * @enum {string}
          */
-        OperationKind: "AvaSign" | "AvaChainTxSign" | "BabylonCovSign" | "BabylonRegistration" | "BabylonStaking" | "BinanceSign" | "BlobSign" | "BtcMessageSign" | "BtcSign" | "CoinbaseSign" | "DiffieHellman" | "PsbtSign" | "TaprootSign" | "Eip191Sign" | "Eip712Sign" | "EotsNonces" | "EotsSign" | "Eth1Sign" | "Eth2Sign" | "Eth2Stake" | "Eth2Unstake" | "SolanaSign" | "SuiSign" | "TendermintSign" | "RoleUpdate";
+        OperationKind: "AvaSign" | "AvaChainTxSign" | "BabylonCovSign" | "BabylonRegistration" | "BabylonStaking" | "BinanceSubToMaster" | "BinanceSubToSub" | "BinanceUniversalTransfer" | "BinanceSubAccountAssets" | "BinanceAccountInfo" | "BinanceSubAccountTransferHistory" | "BinanceUniversalTransferHistory" | "BinanceWithdraw" | "BinanceWithdrawHistory" | "BinanceDeposit" | "BinanceDepositHistory" | "BinanceListSubAccounts" | "BinanceCoinInfo" | "BlobSign" | "BtcMessageSign" | "BtcSign" | "BybitQueryUser" | "BybitQuerySubMembers" | "BybitQueryCoinsBalance" | "BybitQueryDepositAddress" | "BybitUniversalTransfer" | "BybitWithdraw" | "BybitWithdrawals" | "CoinbaseListAccounts" | "CoinbaseListPortfolios" | "CoinbaseMoveFunds" | "DiffieHellman" | "PsbtSign" | "TaprootSign" | "Eip191Sign" | "Eip712Sign" | "EotsNonces" | "EotsSign" | "Eth1Sign" | "Eth2Sign" | "Eth2Stake" | "Eth2Unstake" | "SolanaSign" | "SuiSign" | "TendermintSign" | "RoleUpdate";
         OrgAlertsPrefs: {
             /** @description Recipient users for org-level alerts */
             alert_recipients?: components["schemas"]["Id"][] | null;
@@ -6902,7 +7566,7 @@ export interface components {
         };
         PolicyErrorCode: components["schemas"]["PolicyErrorOwnCodes"] | components["schemas"]["EvmTxDepositErrorCode"];
         /** @enum {string} */
-        PolicyErrorOwnCodes: "Inapplicable" | "SuiTxReceiversDisallowedTransactionKind" | "SuiTxReceiversDisallowedTransferAddress" | "SuiTxReceiversDisallowedCommand" | "BtcTxDisallowedOutputs" | "BtcSignatureExceededValue" | "BtcValueOverflow" | "BtcSighashTypeDisallowed" | "EvmTxReceiverMismatch" | "EvmTxChainIdMismatch" | "EvmTxSenderMismatch" | "EvmTxExceededValue" | "EvmTxExceededGasCost" | "EvmTxGasCostUndefined" | "EvmDataDisallowed" | "Erc20DataInvalid" | "EvmContractAddressUndefined" | "EvmContractChainIdUndefined" | "EvmDataNotDefined" | "EvmDataInvalid" | "EvmContractNotInAllowlist" | "Erc20ExceededTransferLimit" | "Erc20ReceiverMismatch" | "Erc20ExceededApproveLimit" | "Erc20SpenderMismatch" | "EvmFunctionNotInAllowlist" | "EvmFunctionCallInvalid" | "EvmFunctionCallDisallowedArg" | "PolicyDisjunctionError" | "PolicyNegationError" | "Eth2ExceededMaxUnstake" | "Eth2ConcurrentUnstaking" | "NotInIpv4Allowlist" | "NotInOriginAllowlist" | "NotInOperationAllowlist" | "InvalidSourceIp" | "RawSigningNotAllowed" | "DiffieHellmanExchangeNotAllowed" | "Eip712SigningNotAllowed" | "OidcSourceNotAllowed" | "NoOidcAuthSourcesDefined" | "AddKeyToRoleDisallowed" | "KeysAlreadyInRole" | "KeyInMultipleRoles" | "KeyAccessError" | "RequireRoleSessionKeyAccessError" | "BtcMessageSigningNotAllowed" | "Eip191SigningNotAllowed" | "TaprootSigningDisallowed" | "SegwitSigningDisallowed" | "PsbtSigningDisallowed" | "BabylonStakingDisallowed" | "TimeLocked" | "BabylonStakingNetwork" | "BabylonStakingParamsVersion" | "BabylonStakingExplicitParams" | "BabylonStakingStakerPk" | "BabylonStakingFinalityProviderPk" | "BabylonStakingLockTime" | "BabylonStakingValue" | "BabylonStakingChangeAddress" | "BabylonStakingFee" | "BabylonStakingWithdrawalAddress" | "BabylonStakingBbnAddress" | "SolanaInstructionCountLow" | "SolanaInstructionCountHigh" | "SolanaNotInInstructionAllowlist" | "SolanaInstructionMismatch" | "WasmPoliciesDisabled" | "WasmPolicyDenied" | "WasmPolicyFailed" | "WebhookPoliciesDisabled" | "DeniedByWebhook";
+        PolicyErrorOwnCodes: "Inapplicable" | "SuiTxReceiversDisallowedTransactionKind" | "SuiTxReceiversDisallowedTransferAddress" | "SuiTxReceiversDisallowedCommand" | "BtcTxDisallowedOutputs" | "BtcSignatureExceededValue" | "BtcValueOverflow" | "BtcSighashTypeDisallowed" | "EvmTxReceiverMismatch" | "EvmTxChainIdMismatch" | "EvmTxSenderMismatch" | "EvmTxExceededValue" | "EvmTxExceededGasCost" | "EvmTxGasCostUndefined" | "EvmDataDisallowed" | "Erc20DataInvalid" | "EvmContractAddressUndefined" | "EvmContractChainIdUndefined" | "EvmDataNotDefined" | "EvmDataInvalid" | "EvmContractNotInAllowlist" | "Erc20ExceededTransferLimit" | "Erc20ReceiverMismatch" | "Erc20ExceededApproveLimit" | "Erc20SpenderMismatch" | "EvmFunctionNotInAllowlist" | "EvmFunctionCallInvalid" | "EvmFunctionCallDisallowedArg" | "PolicyDisjunctionError" | "PolicyNegationError" | "Eth2ExceededMaxUnstake" | "Eth2ConcurrentUnstaking" | "NotInIpv4Allowlist" | "NotInOriginAllowlist" | "NotInOperationAllowlist" | "InvalidSourceIp" | "RawSigningNotAllowed" | "DiffieHellmanExchangeNotAllowed" | "Eip712SigningNotAllowed" | "OidcSourceNotAllowed" | "NoOidcAuthSourcesDefined" | "AddKeyToRoleDisallowed" | "KeysAlreadyInRole" | "KeyInMultipleRoles" | "KeyAccessError" | "RequireRoleSessionKeyAccessError" | "BtcMessageSigningNotAllowed" | "Eip191SigningNotAllowed" | "TaprootSigningDisallowed" | "SegwitSigningDisallowed" | "PsbtSigningDisallowed" | "BabylonStakingDisallowed" | "TimeLocked" | "CelPolicyDenied" | "BabylonStakingNetwork" | "BabylonStakingParamsVersion" | "BabylonStakingExplicitParams" | "BabylonStakingStakerPk" | "BabylonStakingFinalityProviderPk" | "BabylonStakingLockTime" | "BabylonStakingValue" | "BabylonStakingChangeAddress" | "BabylonStakingFee" | "BabylonStakingWithdrawalAddress" | "BabylonStakingBbnAddress" | "SolanaInstructionCountLow" | "SolanaInstructionCountHigh" | "SolanaNotInInstructionAllowlist" | "SolanaInstructionMismatch" | "WasmPoliciesDisabled" | "WasmPolicyDenied" | "WasmPolicyFailed" | "WebhookPoliciesDisabled" | "DeniedByWebhook" | "ExplicitlyDenied";
         /** @description A struct containing all the information about a specific version of a policy. */
         PolicyInfo: {
             /** @description The access-control entries for the policy. */
@@ -7621,18 +8285,18 @@ export interface components {
         };
         RpcApiErrorCode: components["schemas"]["RpcApiErrorOwnCodes"] | components["schemas"]["SignerClientErrorCode"] | components["schemas"]["RpcEvmErrorCode"];
         /** @enum {string} */
-        RpcApiErrorOwnCodes: "MfaRequired" | "ConcurrentTransactionFailed";
+        RpcApiErrorOwnCodes: "MfaRequired" | "ConcurrentTransactionFailed" | "InvalidTxStatus";
         /** @enum {string} */
-        RpcEvmErrorCode: "SubmissionFailed" | "FailedToReserveNonce" | "InvalidTxStatus" | "MissingTxFrom";
+        RpcEvmErrorCode: "SubmissionFailed" | "FailedToReserveNonce" | "MissingTxField" | "Signer";
         /**
          * @description The RPC API method and matching parameters.
          *
          * Top-level dispatch. Wire format is preserved by `#[serde(untagged)]`: each
          * inbound request is matched against one of the internally-tagged inner enums
          * ([`CsRpc`] for the core methods, [`BinanceRpc`] for the Binance family,
-         * [`CoinbaseRpc`] for the Coinbase family).
+         * [`BybitRpc`] for the Bybit family, [`CoinbaseRpc`] for the Coinbase family).
          */
-        RpcMethod: components["schemas"]["CsRpc"] | components["schemas"]["BinanceRpc"] | components["schemas"]["CoinbaseRpc"];
+        RpcMethod: components["schemas"]["CsRpc"] | components["schemas"]["BinanceRpc"] | components["schemas"]["BybitRpc"] | components["schemas"]["CoinbaseRpc"];
         /** @description All scopes for accessing CubeSigner APIs */
         Scope: components["schemas"]["ExplicitScope"] | string;
         /** @description A set of scopes. */
@@ -7779,6 +8443,37 @@ export interface components {
             /** @description Optional policy evaluation tree, if requested */
             policy_eval_tree?: unknown;
         };
+        /**
+         * @description The structured input to a Sign-In With Solana request (`SolanaSignInInput` in the spec).
+         *
+         * The relying party fills in `domain`/`address`/`uri`/... and the wallet renders it into the
+         * human-readable message (see [SignInInput::to_message_text]) that it signs.
+         */
+        SignInInput: {
+            /** @description The base58-encoded Solana (ed25519) public key performing the sign-in. */
+            address: string;
+            chainId?: components["schemas"]["SolanaNetwork"] | null;
+            /** @description The RFC 3986 authority that is requesting the sign-in. */
+            domain: string;
+            /** @description The ISO 8601 datetime string after which the signed message is no longer valid. */
+            expirationTime?: string | null;
+            /** @description The ISO 8601 datetime string of the time the message was issued. */
+            issuedAt?: string | null;
+            /** @description A randomized token used to prevent replay attacks; at least 8 alphanumeric characters. */
+            nonce?: string | null;
+            /** @description The ISO 8601 datetime string before which the signed message is not yet valid. */
+            notBefore?: string | null;
+            /** @description A system-specific identifier that may be used to uniquely refer to the sign-in request. */
+            requestId?: string | null;
+            /** @description A list of RFC 3986 URIs the user wishes to have resolved as part of the authentication. */
+            resources?: string[] | null;
+            /** @description A human-readable ASCII assertion that the user will sign; must not contain a newline. */
+            statement?: string | null;
+            /** @description An RFC 3986 URI referring to the resource that is the subject of the sign-in. */
+            uri?: string | null;
+            /** @description The version of the message (currently always `1`). */
+            version?: string | null;
+        };
         SignResponse: {
             /** @description Optional policy evaluation tree. */
             policy_eval_tree?: unknown;
@@ -7857,6 +8552,56 @@ export interface components {
             /** @description The message to sign following the EIP-191 standard. */
             message: string;
         };
+        /** @description Answer to a Sign-in with Solana challenge. */
+        SiwsCompleteRequest: {
+            challenge_id: components["schemas"]["Id"];
+            /** @description The base58-encoded ed25519 signature of `signed_message`. */
+            signature: string;
+            /** @description The base58-encoded UTF-8 bytes of the message that was signed (the rendered `SignInInput`). */
+            signed_message: string;
+        };
+        /** @description Returned upon a successful SIWS authentication. */
+        SiwsCompleteResponse: {
+            /** @description The OIDC token corresponding to the user with the requested SIWS identity. */
+            id_token: string;
+        };
+        /**
+         * @description Initialize the request to sign in with Solana. The response will contain a structured
+         * `SignInInput` that the client must render to text, sign, and submit via the corresponding PATCH
+         * endpoint within 5 minutes.
+         */
+        SiwsInitRequest: {
+            /** @description The base58-encoded Solana (ed25519) public key performing the signing. */
+            address: string;
+            chain_id?: components["schemas"]["SolanaNetwork"] | null;
+            /** @description The RFC 3986 authority that is requesting the signing. */
+            domain: string;
+            /** @description The ISO 8601 datetime string that, if present, indicates when the signed authentication message is no longer valid. */
+            expiration_time?: string | null;
+            /** @description The ISO 8601 datetime string that, if present, indicates when the signed authentication message will become valid. */
+            not_before?: string | null;
+            /** @description A system-specific identifier that may be used to uniquely refer to the sign-in request. */
+            request_id?: string | null;
+            /** @description A list of RFC 3986 URIs the user wishes to have resolved as part of authentication by the relying party. */
+            resources?: string[];
+            /** @description A human-readable ASCII assertion that the user will sign, and it must not contain '\n' (the byte 0x0a). */
+            statement?: string | null;
+            /** @description An RFC 3986 URI referring to the resource that is the subject of the signing (as in the subject of a claim). */
+            uri?: string | null;
+        };
+        /**
+         * @description A challenge returned in response to a Sign-In with Solana request.
+         *
+         * Contains a structured [SignInInput] that the client must render to its canonical text and sign
+         * (ed25519) with the requested key in order to complete authentication.
+         *
+         * The client has until the message expires (but no more than 5 minutes) to complete the challenge.
+         */
+        SiwsInitResponse: {
+            /** @description The ID of the challenge (to include in the request when calling the PATCH ('complete') endpoint) */
+            challenge_id: string;
+            sign_in_input: components["schemas"]["SignInInput"];
+        };
         /** @description A Solana address and the cluster it is on. */
         SolanaAddressInfo: {
             /**
@@ -7871,6 +8616,11 @@ export interface components {
          * @enum {string}
          */
         SolanaCluster: "mainnet" | "devnet";
+        /**
+         * @description The Solana network a SIWS message is bound to (the `Chain ID` field).
+         * @enum {string}
+         */
+        SolanaNetwork: "mainnet" | "testnet" | "devnet" | "localnet" | "solana:mainnet" | "solana:testnet" | "solana:devnet" | "solana:localnet";
         /**
          * @description Solana signing request
          * @example {
@@ -8645,8 +9395,8 @@ export interface components {
             asset: string;
             /**
              * @description Optional client-supplied transfer id. If set, Binance echoes it back
-             * on [`UniversalTransferResponse::client_tran_id`] and lets it be used
-             * as a filter on
+             * as `client_tran_id` on the `UniversalTransferResponse` and lets it be
+             * used as a filter on
              * [`UniversalTransferHistoryRequest::client_tran_id`].
              */
             clientTranId?: string | null;
@@ -9514,7 +10264,7 @@ export interface components {
             endTime?: number | null;
             /**
              * @description Comma-separated list of Binance-assigned withdrawal ids (the `id`
-             * field of [`WithdrawResponse`]). Up to 45 ids per query, per Binance.
+             * field of `WithdrawResponse`). Up to 45 ids per query, per Binance.
              */
             idList?: string | null;
             /**
@@ -9781,6 +10531,38 @@ export interface components {
                 };
             };
         };
+        /** @description Response returned by the typed `bybit_sign` endpoint. */
+        BybitSignResponse: {
+            content: {
+                "application/json": {
+                    /** @description Optional policy evaluation tree. */
+                    policy_eval_tree?: unknown;
+                } & {
+                    /**
+                     * @description The Bybit-bound payload (URL-encoded query for GET, JSON body for
+                     * POST). Submitted verbatim by the rpc-api lambda; the payload bytes are
+                     * also part of the signing input.
+                     */
+                    payload: string;
+                    /**
+                     * Format: int32
+                     * @description Effective receive window in milliseconds.
+                     */
+                    recv_window: number;
+                    /**
+                     * @description Hex-encoded HMAC-SHA256 signature of
+                     * `timestamp || apiKey || recvWindow || payload`. Goes into the
+                     * `X-BAPI-SIGN` header.
+                     */
+                    signature_hex: string;
+                    /**
+                     * Format: int64
+                     * @description Signing timestamp (ms since epoch). Picked by the signer.
+                     */
+                    timestamp_ms: number;
+                };
+            };
+        };
         /** @description Response returned by the typed `coinbase_sign` endpoint. */
         CoinbaseSignResponse: {
             content: {
@@ -11103,6 +11885,32 @@ export interface components {
                 };
             };
         };
+        /** @description Returned upon a successful SIWS authentication. */
+        SiwsCompleteResponse: {
+            content: {
+                "application/json": {
+                    /** @description The OIDC token corresponding to the user with the requested SIWS identity. */
+                    id_token: string;
+                };
+            };
+        };
+        /**
+         * @description A challenge returned in response to a Sign-In with Solana request.
+         *
+         * Contains a structured [SignInInput] that the client must render to its canonical text and sign
+         * (ed25519) with the requested key in order to complete authentication.
+         *
+         * The client has until the message expires (but no more than 5 minutes) to complete the challenge.
+         */
+        SiwsInitResponse: {
+            content: {
+                "application/json": {
+                    /** @description The ID of the challenge (to include in the request when calling the PATCH ('complete') endpoint) */
+                    challenge_id: string;
+                    sign_in_input: components["schemas"]["SignInInput"];
+                };
+            };
+        };
         StakeResponse: {
             content: {
                 "application/json": ({
@@ -11593,6 +12401,11 @@ export interface operations {
         };
         responses: {
             200: components["responses"]["UpdateOrgResponse"];
+            202: {
+                content: {
+                    "application/json": components["schemas"]["AcceptedResponse"];
+                };
+            };
             default: {
                 content: {
                     "application/json": components["schemas"]["ErrorResponse"];
@@ -14224,12 +15037,21 @@ export interface operations {
      * but extends the output with an `id_token`.
      *
      * This `id_token` can then be used with any CubeSigner endpoint that requires an OIDC token.
+     * Callers must request *at least* scopes `tweet.read` and `users.read` during auth with twitter.
+     *
+     * By default, the id token does not contain a confirmed email;
+     * callers can request this field be populated by requesting the `users.email` scope
+     * and adding `fetch_email` as a URL parameter to this route.
+     *
      *
      * > [!IMPORTANT]
      * > This endpoint will fail unless the org is configured to allow the issuer `https://shim.oauth2.cubist.dev/twitter` and client ID being used for Twitter.
      */
     oauth2Twitter: {
         parameters: {
+            query?: {
+                fetch_email?: boolean | null;
+            };
             path: {
                 /**
                  * @description Name or ID of the desired Org
@@ -14402,6 +15224,77 @@ export interface operations {
             };
         };
     };
+    /**
+     * Initiate login via Sign-in With Solana (SIWS).
+     * @description Initiate login via Sign-in With Solana (SIWS).
+     *
+     * This endpoint generates a challenge which can be answered (via the corresponding PATCH endpoint)
+     * to obtain an OIDC token. The OIDC token can then be exchanged for a user session via the standard
+     * OIDC auth route.
+     *
+     * > [!IMPORTANT]
+     * > For this endpoint to succeed, the org must be configured to:
+     * > Allow the issuer `https://shim.oauth2.cubist.dev/siws` with the Org ID as the client ID
+     */
+    siwsInit: {
+        parameters: {
+            path: {
+                /**
+                 * @description Name or ID of the desired Org
+                 * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+                 */
+                org_id: string;
+            };
+        };
+        requestBody: {
+            content: {
+                "application/json": components["schemas"]["SiwsInitRequest"];
+            };
+        };
+        responses: {
+            200: components["responses"]["SiwsInitResponse"];
+            default: {
+                content: {
+                    "application/json": components["schemas"]["ErrorResponse"];
+                };
+            };
+        };
+    };
+    /**
+     * Complete login via Sign-in With Solana (SIWS)
+     * @description Complete login via Sign-in With Solana (SIWS)
+     *
+     * If the challenge (issued by the corresponding POST endpoint) is answered correctly, this endpoint
+     * generates an OIDC token that can then be exchanged for a user session via the standard OIDC auth route.
+     *
+     * > [!IMPORTANT]
+     * > For this endpoint to succeed, the org must be configured to:
+     * > Allow the issuer `https://shim.oauth2.cubist.dev/siws` with the Org ID as the client ID
+     */
+    siwsComplete: {
+        parameters: {
+            path: {
+                /**
+                 * @description Name or ID of the desired Org
+                 * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+                 */
+                org_id: string;
+            };
+        };
+        requestBody: {
+            content: {
+                "application/json": components["schemas"]["SiwsCompleteRequest"];
+            };
+        };
+        responses: {
+            200: components["responses"]["SiwsCompleteResponse"];
+            default: {
+                content: {
+                    "application/json": components["schemas"]["ErrorResponse"];
+                };
+            };
+        };
+    };
     /**
      * Allows a user to authenticate with the telegram API using the tgWebAppData value
      * @description Allows a user to authenticate with the telegram API using the tgWebAppData value
@@ -15746,16 +16639,23 @@ export interface operations {
                 "page.start"?: string | null;
                 /**
                  * @description If provided, the name or ID of a role to operate on.
-                 * Cannot be specified together with `user`.
+                 * Cannot be specified together with other selectors.
                  * @example my-role
                  */
                 role?: string | null;
                 /**
                  * @description If provided, the ID of a user to operate on.
-                 * Cannot be specified together with `role`.
+                 * Cannot be specified together with other selectors.
                  * @example User#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
                  */
                 user?: string | null;
+                /**
+                 * @description If provided, the ID of the user whose created role sessions to operate on.
+                 * Selects all *role* sessions created by that user (user sessions are not affected).
+                 * Cannot be specified together with other selectors.
+                 * @example User#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+                 */
+                role_created_by?: string | null;
             };
             path: {
                 /**
@@ -15818,22 +16718,36 @@ export interface operations {
      *
      * If a `role` query parameter is provided, **ALL** session for **THAT ROLE** are revoked
      * (if the current user has permissions to revoke sessions for the role).
+     *
+     * If a `role_created_by` query parameter is provided, **ROLE** sessions created by **THAT USER**
+     * are revoked (gated by the same permissions as revoking that user's own sessions: the current
+     * user must be that user or an org owner). User sessions are not affected. Unless the current
+     * user is an org owner, only sessions for roles the current user is **still a member of** are
+     * revoked (so a user cannot revoke sessions for a role they have since been removed from); org
+     * owners revoke across all roles.
      */
     revokeSessions: {
         parameters: {
             query?: {
                 /**
                  * @description If provided, the name or ID of a role to operate on.
-                 * Cannot be specified together with `user`.
+                 * Cannot be specified together with other selectors.
                  * @example my-role
                  */
                 role?: string | null;
                 /**
                  * @description If provided, the ID of a user to operate on.
-                 * Cannot be specified together with `role`.
+                 * Cannot be specified together with other selectors.
                  * @example User#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
                  */
                 user?: string | null;
+                /**
+                 * @description If provided, the ID of the user whose created role sessions to operate on.
+                 * Selects all *role* sessions created by that user (user sessions are not affected).
+                 * Cannot be specified together with other selectors.
+                 * @example User#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+                 */
+                role_created_by?: string | null;
             };
             path: {
                 /**
@@ -16673,6 +17587,9 @@ export interface operations {
      */
     deleteOidcUser: {
         parameters: {
+            query?: {
+                revoke_role_sessions_they_created?: boolean | null;
+            };
             path: {
                 /**
                  * @description Name or ID of the desired Org
@@ -16814,6 +17731,9 @@ export interface operations {
      */
     deleteUser: {
         parameters: {
+            query?: {
+                revoke_role_sessions_they_created?: boolean | null;
+            };
             path: {
                 /**
                  * @description Name or ID of the desired Org