npm - @cubist-labs/cubesigner-sdk - Versions diffs - 0.4.259 → 0.4.260 - Mend

@cubist-labs/cubesigner-sdk 0.4.259 → 0.4.260

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/dist/package.json +1 -1
package/dist/src/audit_log.d.ts +3 -3
package/dist/src/client/api_client.d.ts +27 -0
package/dist/src/client/api_client.d.ts.map +1 -1
package/dist/src/client/api_client.js +44 -1
package/dist/src/org.d.ts.map +1 -1
package/dist/src/role.d.ts +41 -1
package/dist/src/role.d.ts.map +1 -1
package/dist/src/role.js +1 -1
package/dist/src/schema.d.ts +415 -13
package/dist/src/schema.d.ts.map +1 -1
package/dist/src/schema.js +1 -1
package/dist/src/schema_types.d.ts.map +1 -1
package/dist/src/schema_types.js +2 -1
package/dist/src/scopes.d.ts.map +1 -1
package/dist/src/scopes.js +3 -1
package/package.json +1 -1
package/src/client/api_client.ts +59 -0
package/src/role.ts +47 -0
package/src/schema.ts +433 -11
package/src/schema_types.ts +1 -0
package/src/scopes.ts +2 -0

package/dist/src/schema.d.ts CHANGED Viewed

@@ -880,6 +880,12 @@ export interface paths {
          * but extends the output with an `id_token`.
          *
          * This `id_token` can then be used with any CubeSigner endpoint that requires an OIDC token.
+         * Callers must request *at least* scopes `tweet.read` and `users.read` during auth with twitter.
+         *
+         * By default, the id token does not contain a confirmed email;
+         * callers can request this field be populated by requesting the `users.email` scope
+         * and adding `fetch_email` as a URL parameter to this route.
+         *
          *
          * > [!IMPORTANT]
          * > This endpoint will fail unless the org is configured to allow the issuer `https://shim.oauth2.cubist.dev/twitter` and client ID being used for Twitter.
@@ -943,6 +949,33 @@ export interface paths {
          */
         patch: operations["siweComplete"];
     };
+    "/v0/org/{org_id}/oidc/siws": {
+        /**
+         * Initiate login via Sign-in With Solana (SIWS).
+         * @description Initiate login via Sign-in With Solana (SIWS).
+         *
+         * This endpoint generates a challenge which can be answered (via the corresponding PATCH endpoint)
+         * to obtain an OIDC token. The OIDC token can then be exchanged for a user session via the standard
+         * OIDC auth route.
+         *
+         * > [!IMPORTANT]
+         * > For this endpoint to succeed, the org must be configured to:
+         * > Allow the issuer `https://shim.oauth2.cubist.dev/siws` with the Org ID as the client ID
+         */
+        post: operations["siwsInit"];
+        /**
+         * Complete login via Sign-in With Solana (SIWS)
+         * @description Complete login via Sign-in With Solana (SIWS)
+         *
+         * If the challenge (issued by the corresponding POST endpoint) is answered correctly, this endpoint
+         * generates an OIDC token that can then be exchanged for a user session via the standard OIDC auth route.
+         *
+         * > [!IMPORTANT]
+         * > For this endpoint to succeed, the org must be configured to:
+         * > Allow the issuer `https://shim.oauth2.cubist.dev/siws` with the Org ID as the client ID
+         */
+        patch: operations["siwsComplete"];
+    };
     "/v0/org/{org_id}/oidc/telegram": {
         /**
          * Allows a user to authenticate with the telegram API using the tgWebAppData value
@@ -1306,6 +1339,13 @@ export interface paths {
          *
          * If a `role` query parameter is provided, **ALL** session for **THAT ROLE** are revoked
          * (if the current user has permissions to revoke sessions for the role).
+         *
+         * If a `role_created_by` query parameter is provided, **ROLE** sessions created by **THAT USER**
+         * are revoked (gated by the same permissions as revoking that user's own sessions: the current
+         * user must be that user or an org owner). User sessions are not affected. Unless the current
+         * user is an org owner, only sessions for roles the current user is **still a member of** are
+         * revoked (so a user cannot revoke sessions for a role they have since been removed from); org
+         * owners revoke across all roles.
          */
         delete: operations["revokeSessions"];
     };
@@ -2777,7 +2817,7 @@ export interface components {
         /** @enum {string} */
         BadGatewayErrorCode: "Generic" | "CustomChainRpcError" | "EsploraApiError" | "SentryApiError" | "CallWebhookError" | "OAuthProviderError" | "OidcDisoveryFailed" | "OidcIssuerJwkEndpointUnavailable" | "SmtpServerUnavailable";
         /** @enum {string} */
-        BadRequestErrorCode: "GenericBadRequest" | "DisallowedAllowRuleReference" | "InvalidPaginationToken" | "InvalidEmail" | "InvalidEmailTemplate" | "QueryMetricsError" | "InvalidTelegramData" | "ValidationError" | "WebhookPolicyTimeoutOutOfBounds" | "WebhookPolicyDisallowedUrlScheme" | "WebhookPolicyDisallowedUrlHost" | "WebhookPolicyDisallowedHeaders" | "ReservedName" | "UserEmailNotConfigured" | "EmailPasswordNotFound" | "PasswordAuthNotAllowedByInvitation" | "OneTimeCodeExpired" | "InvalidBody" | "InvalidJwt" | "InvitationNoLongerValid" | "TokenRequestError" | "InvalidMfaReceipt" | "InvalidMfaPolicyCount" | "InvalidMfaPolicyNumAuthFactors" | "InvalidMfaPolicyNumAllowedApprovers" | "InvalidMfaPolicyGracePeriodTooLong" | "InvalidBabylonStakingPolicyParams" | "InvalidSuiTxReceiversEmptyAllowlist" | "InvalidBtcTxReceiversEmptyAllowlist" | "InvalidRequireRoleSessionAllowlist" | "InvalidCreateKeyCount" | "InvalidDiffieHellmanCount" | "OrgInviteExistingUser" | "OrgUserAlreadyExists" | "OrgNameTaken" | "KwkNotFoundInRegion" | "OrgIsNotOrgExport" | "RoleNameTaken" | "PolicyNameTaken" | "NameTaken" | "ContactNameInvalid" | "ContactAddressesInvalid" | "ContactLabelInvalid" | "ContactModified" | "PolicyNotFound" | "PolicyVersionNotFound" | "PolicyRuleDisallowedByType" | "PolicyTypeDisallowed" | "PolicyDuplicateError" | "PolicyStillAttached" | "PolicyModified" | "PolicyNotAttached" | "AddKeyToRoleCountTooHigh" | "InvalidKeyId" | "InvalidTimeLockAlreadyInThePast" | "InvalidRestrictedScopes" | "InvalidUpdate" | "InvalidMetadataLength" | "InvalidLength" | "InvalidKeyMaterialId" | "KeyNotFound" | "SiweChallengeNotFound" | "SiweInvalidRequest" | "UserExportDerivedKey" | "UserExportPublicKeyInvalid" | "NistP256PublicKeyInvalid" | "UnableToAccessSmtpRelay" | "UserExportInProgress" | "RoleNotFound" | "InvalidRoleNameOrId" | "InvalidMfaReceiptOrgIdMissing" | "InvalidMfaReceiptInvalidOrgId" | "MfaRequestNotFound" | "InvalidKeyType" | "InvalidPropertiesForKeyType" | "MismatchedKeyPropertiesPatch" | "MissingBinanceApiKey" | "MissingBybitApiKey" | "MissingCoinbaseApiKey" | "BinanceKeyMasterMismatch" | "BybitAccountMismatch" | "InvalidKeyMaterial" | "InvalidHexValue" | "InvalidBase32Value" | "InvalidBase58Value" | "InvalidBase64Value" | "InvalidSs58Value" | "InvalidForkVersionLength" | "InvalidEthAddress" | "InvalidStellarAddress" | "InvalidOrgNameOrId" | "InvalidUpdateOrgRequestDisallowedMfaType" | "InvalidUpdateOrgRequestEmptyAllowedMfaTypes" | "EmailOtpDelayTooShortForRegisterMfa" | "InvalidStakeDeposit" | "InvalidBlobSignRequest" | "InvalidDiffieHellmanRequest" | "InvalidSolanaSignRequest" | "InvalidEip712SignRequest" | "OnlySpecifyOne" | "NoOidcDataInProof" | "InvalidEvmSignRequest" | "InvalidEth2SignRequest" | "InvalidDeriveKeyRequest" | "InvalidStakingAmount" | "CustomStakingAmountNotAllowedForWrapperContract" | "InvalidUnstakeRequest" | "InvalidCreateUserRequest" | "UserAlreadyExists" | "IdpUserAlreadyExists" | "CognitoUserAlreadyOrgMember" | "UserNotFound" | "UserWithEmailNotFound" | "PolicyKeyMismatch" | "EmptyScopes" | "InvalidScopesForRoleSession" | "InvalidLifetime" | "NoSingleKeyForUser" | "InvalidOrgPolicyRule" | "SourceIpAllowlistEmpty" | "LimitWindowTooLong" | "Erc20ContractDisallowed" | "EmptyRuleError" | "OptionalListEmpty" | "MultipleExclusiveFieldsProvided" | "DuplicateFieldEntry" | "InvalidRange" | "InvalidOrgPolicyRepeatedRule" | "InvalidSuiTransaction" | "SuiSenderMismatch" | "AvaSignHashError" | "AvaSignError" | "BtcSegwitHashError" | "BtcTaprootHashError" | "BtcSignError" | "TaprootSignError" | "Eip712SignError" | "InvalidMemberRoleInUserAdd" | "InvalidMemberRoleInRecipientAdd" | "ThirdPartyUserAlreadyExists" | "OidcIdentityAlreadyExists" | "UserAlreadyHasIdentity" | "ThirdPartyUserNotFound" | "DeleteOidcUserError" | "DeleteUserError" | "SessionRoleMismatch" | "InvalidOidcToken" | "InvalidOidcIdentity" | "OidcIssuerUnsupported" | "OidcIssuerNotAllowed" | "OidcIssuerNoApplicableJwk" | "FidoKeyAlreadyRegistered" | "FidoKeySignCountTooLow" | "FidoVerificationFailed" | "FidoChallengeMfaMismatch" | "UnsupportedLegacyCognitoSession" | "InvalidIdentityProof" | "PaginationDataExpired" | "ExistingKeysViolateExclusiveKeyAccess" | "ExportDelayTooShort" | "ExportWindowTooLong" | "InvalidTotpFailureLimit" | "InvalidEip191SignRequest" | "CannotResendUserInvitation" | "InvalidNotificationEndpointCount" | "CannotDeletePendingSubscription" | "InvalidNotificationUrlProtocol" | "EmptyOneOfOrgEventFilter" | "EmptyAllExceptOrgEventFilter" | "InvalidTapNodeHash" | "InvalidOneTimeCode" | "MessageNotFound" | "MessageAlreadySigned" | "MessageRejected" | "MessageReplaced" | "InvalidMessageType" | "EmptyAddress" | "InvalidEth2SigningPolicySlotRange" | "InvalidEth2SigningPolicyEpochRange" | "InvalidEth2SigningPolicyTimestampRange" | "InvalidEth2SigningPolicyOverlappingRule" | "RpcUrlMissing" | "MmiChainIdMissing" | "EthersInvalidRpcUrl" | "EthersGetTransactionCountError" | "InvalidPassword" | "BabylonStakingFeePlusDustOverflow" | "BabylonStaking" | "BabylonStakingIncorrectKey" | "BabylonStakingSegwitNonDeposit" | "BabylonStakingRegistrationRequiresTaproot" | "PsbtSigning" | "TooManyResets" | "TooManyRequests" | "TooManyFailedLogins" | "BadBtcMessageSignP2shFlag" | "InvalidTendermintRequest" | "PolicyVersionMaxReached" | "PolicyVersionInvalid" | "PolicySecretLimitReached" | "PolicySecretTooLarge" | "InvalidImportKey" | "AlienOwnerInvalid" | "EmptyUpdateRequest" | "InvalidPolicyReference" | "PolicyEngineDisabled" | "InvalidWasmPolicy" | "InvalidPolicy" | "RedundantDerivationPath" | "ImportKeyMissing" | "InvalidAbiMethods" | "BabylonCovSign" | "InvalidPolicyLogsRequest" | "UserProfileMigrationMultipleEntries" | "UserProfileMigrationTooManyItems" | "InputTooShort" | "InvalidTweakLength" | "InvalidCustomChains" | "InvalidRpcRequest";
+        BadRequestErrorCode: "GenericBadRequest" | "DisallowedAllowRuleReference" | "InvalidPaginationToken" | "InvalidEmail" | "InvalidEmailTemplate" | "QueryMetricsError" | "InvalidTelegramData" | "ValidationError" | "WebhookPolicyTimeoutOutOfBounds" | "WebhookPolicyDisallowedUrlScheme" | "WebhookPolicyDisallowedUrlHost" | "WebhookPolicyDisallowedHeaders" | "ReservedName" | "UserEmailNotConfigured" | "EmailPasswordNotFound" | "PasswordAuthNotAllowedByInvitation" | "OneTimeCodeExpired" | "InvalidBody" | "InvalidJwt" | "InvitationNoLongerValid" | "TokenRequestError" | "InvalidMfaReceipt" | "InvalidMfaPolicyCount" | "InvalidMfaPolicyNumAuthFactors" | "InvalidMfaPolicyNumAllowedApprovers" | "InvalidMfaPolicyGracePeriodTooLong" | "InvalidBabylonStakingPolicyParams" | "InvalidSuiTxReceiversEmptyAllowlist" | "InvalidBtcTxReceiversEmptyAllowlist" | "InvalidRequireRoleSessionAllowlist" | "InvalidCreateKeyCount" | "InvalidDiffieHellmanCount" | "OrgInviteExistingUser" | "OrgUserAlreadyExists" | "OrgNameTaken" | "KwkNotFoundInRegion" | "OrgIsNotOrgExport" | "RoleNameTaken" | "PolicyNameTaken" | "NameTaken" | "ContactNameInvalid" | "ContactAddressesInvalid" | "ContactLabelInvalid" | "ContactModified" | "PolicyNotFound" | "PolicyVersionNotFound" | "PolicyRuleDisallowedByType" | "PolicyTypeDisallowed" | "PolicyDuplicateError" | "PolicyStillAttached" | "PolicyModified" | "PolicyNotAttached" | "AddKeyToRoleCountTooHigh" | "InvalidKeyId" | "InvalidTimeLockAlreadyInThePast" | "InvalidRestrictedScopes" | "InvalidUpdate" | "InvalidMetadataLength" | "InvalidLength" | "InvalidKeyMaterialId" | "KeyNotFound" | "SiweChallengeNotFound" | "SiweInvalidRequest" | "SiwsChallengeNotFound" | "SiwsInvalidRequest" | "UserExportDerivedKey" | "UserExportPublicKeyInvalid" | "NistP256PublicKeyInvalid" | "UnableToAccessSmtpRelay" | "UserExportInProgress" | "RoleNotFound" | "InvalidRoleNameOrId" | "InvalidMfaReceiptOrgIdMissing" | "InvalidMfaReceiptInvalidOrgId" | "MfaRequestNotFound" | "InvalidKeyType" | "InvalidPropertiesForKeyType" | "MismatchedKeyPropertiesPatch" | "MissingBinanceApiKey" | "MissingBybitApiKey" | "MissingCoinbaseApiKey" | "BinanceKeyMasterMismatch" | "BybitAccountMismatch" | "InvalidKeyMaterial" | "InvalidHexValue" | "InvalidBase32Value" | "InvalidBase58Value" | "InvalidBase64Value" | "InvalidSs58Value" | "InvalidForkVersionLength" | "InvalidEthAddress" | "InvalidStellarAddress" | "InvalidOrgNameOrId" | "InvalidUpdateOrgRequestDisallowedMfaType" | "InvalidUpdateOrgRequestEmptyAllowedMfaTypes" | "EmailOtpDelayTooShortForRegisterMfa" | "InvalidStakeDeposit" | "InvalidBlobSignRequest" | "InvalidDiffieHellmanRequest" | "InvalidSolanaSignRequest" | "InvalidEip712SignRequest" | "OnlySpecifyOne" | "NoOidcDataInProof" | "InvalidEvmSignRequest" | "InvalidEth2SignRequest" | "InvalidDeriveKeyRequest" | "InvalidStakingAmount" | "CustomStakingAmountNotAllowedForWrapperContract" | "InvalidUnstakeRequest" | "InvalidCreateUserRequest" | "UserAlreadyExists" | "IdpUserAlreadyExists" | "CognitoUserAlreadyOrgMember" | "UserNotFound" | "UserWithEmailNotFound" | "PolicyKeyMismatch" | "EmptyScopes" | "InvalidScopesForRoleSession" | "InvalidLifetime" | "NoSingleKeyForUser" | "InvalidOrgPolicyRule" | "SourceIpAllowlistEmpty" | "LimitWindowTooLong" | "Erc20ContractDisallowed" | "EmptyRuleError" | "PolicyFieldValidationError" | "OptionalListEmpty" | "MultipleExclusiveFieldsProvided" | "DuplicateFieldEntry" | "InvalidRange" | "InvalidOrgPolicyRepeatedRule" | "InvalidSuiTransaction" | "SuiSenderMismatch" | "AvaSignHashError" | "AvaSignError" | "BtcSegwitHashError" | "BtcTaprootHashError" | "BtcSignError" | "TaprootSignError" | "Eip712SignError" | "InvalidMemberRoleInUserAdd" | "InvalidMemberRoleInRecipientAdd" | "ThirdPartyUserAlreadyExists" | "OidcIdentityAlreadyExists" | "UserAlreadyHasIdentity" | "ThirdPartyUserNotFound" | "DeleteOidcUserError" | "DeleteUserError" | "SessionRoleMismatch" | "InvalidOidcToken" | "InvalidOidcIdentity" | "OidcIssuerUnsupported" | "OidcIssuerNotAllowed" | "OidcIssuerNoApplicableJwk" | "FidoKeyAlreadyRegistered" | "FidoKeySignCountTooLow" | "FidoVerificationFailed" | "FidoChallengeMfaMismatch" | "UnsupportedLegacyCognitoSession" | "InvalidIdentityProof" | "PaginationDataExpired" | "ExistingKeysViolateExclusiveKeyAccess" | "ExportDelayTooShort" | "ExportWindowTooLong" | "InvalidTotpFailureLimit" | "InvalidEip191SignRequest" | "CannotResendUserInvitation" | "InvalidNotificationEndpointCount" | "CannotDeletePendingSubscription" | "InvalidNotificationUrlProtocol" | "EmptyOneOfOrgEventFilter" | "EmptyAllExceptOrgEventFilter" | "InvalidTapNodeHash" | "InvalidOneTimeCode" | "MessageNotFound" | "MessageAlreadySigned" | "MessageRejected" | "MessageReplaced" | "InvalidMessageType" | "EmptyAddress" | "InvalidEth2SigningPolicySlotRange" | "InvalidEth2SigningPolicyEpochRange" | "InvalidEth2SigningPolicyTimestampRange" | "InvalidEth2SigningPolicyOverlappingRule" | "RpcUrlMissing" | "MmiChainIdMissing" | "EthersInvalidRpcUrl" | "EthersGetTransactionCountError" | "InvalidPassword" | "BabylonStakingFeePlusDustOverflow" | "BabylonStaking" | "BabylonStakingIncorrectKey" | "BabylonStakingSegwitNonDeposit" | "BabylonStakingRegistrationRequiresTaproot" | "PsbtSigning" | "TooManyResets" | "TooManyRequests" | "TooManyFailedLogins" | "BadBtcMessageSignP2shFlag" | "InvalidTendermintRequest" | "PolicyVersionMaxReached" | "PolicyVersionInvalid" | "PolicySecretLimitReached" | "PolicySecretTooLarge" | "InvalidImportKey" | "AlienOwnerInvalid" | "EmptyUpdateRequest" | "InvalidPolicyReference" | "PolicyEngineDisabled" | "InvalidWasmPolicy" | "CelProgramTooLarge" | "InvalidPolicy" | "RedundantDerivationPath" | "ImportKeyMissing" | "InvalidAbiMethods" | "BabylonCovSign" | "InvalidPolicyLogsRequest" | "UserProfileMigrationMultipleEntries" | "UserProfileMigrationTooManyItems" | "InputTooShort" | "InvalidTweakLength" | "InvalidCustomChains" | "InvalidRpcRequest";
         BillingArgs: {
             billing_org: components["schemas"]["Id"];
             event_type: components["schemas"]["BillingEvent"];
@@ -2794,7 +2834,7 @@ export interface components {
          * @description Billing event types.
          * @enum {string}
          */
-        BillingEvent: "Mmi" | "MmiMessageGet" | "MmiMessageList" | "MmiMessageSign" | "MmiMessageReject" | "MmiMessageDelete" | "AboutMe" | "UserResetEmailInit" | "UserResetEmailComplete" | "UserDeleteTotp" | "UserResetTotpInit" | "UserResetTotpComplete" | "UserVerifyTotp" | "UserRegisterFidoInit" | "UserRegisterFidoComplete" | "UserDeleteFido" | "CreateProofOidc" | "CreateProofCubeSigner" | "VerifyProof" | "AddOidcIdentity" | "RemoveOidcIdentity" | "ListOidcIdentities" | "GetOrg" | "UpdateOrg" | "GetOrgExport" | "CreateOrg" | "ListKeys" | "AttestKey" | "GetKey" | "GetKeyByMaterialId" | "ListKeyRoles" | "UpdateKey" | "ListHistoricalKeyTx" | "Invite" | "CancelInvitation" | "ListInvitations" | "ListUsers" | "GetUser" | "GetUserByEmail" | "GetUserByOidc" | "UpdateMembership" | "ResetMemberMfa" | "CompleteResetMemberMfa" | "CreateRole" | "AttestRole" | "GetRole" | "ListTokenKeys" | "ListRoles" | "GetRoleKey" | "ListRoleKeys" | "ListRoleUsers" | "UpdateRole" | "DeleteRole" | "ConfigureEmail" | "GetEmailConfig" | "DeleteEmailConfig" | "ListHistoricalRoleTx" | "CreatePolicy" | "GetPolicy" | "ListPolicies" | "DeletePolicy" | "UpdatePolicy" | "InvokePolicy" | "GetPolicyLogs" | "UploadWasmPolicy" | "GetPolicySecrets" | "UpdatePolicySecrets" | "SetPolicySecret" | "DeletePolicySecret" | "CreatePolicyImportKey" | "GetPolicyBucket" | "ListPolicyBuckets" | "UpdatePolicyBucket" | "UserExportDelete" | "UserExportList" | "UserExportInit" | "UserExportComplete" | "AddUserToRole" | "RemoveUserFromRole" | "MfaApproveCs" | "MfaRejectCs" | "MfaGet" | "MfaList" | "AddKeysToRole" | "RemoveKeyFromRole" | "CreateToken" | "CreateSession" | "RevokeSession" | "RevokeCurrentSession" | "RevokeSessions" | "ListSessions" | "GetSession" | "SignerSessionRefresh" | "MfaApproveTotp" | "MfaRejectTotp" | "MfaFidoInit" | "MfaApproveFidoComplete" | "MfaRejectFidoComplete" | "MfaEmailInit" | "MfaEmailComplete" | "Cube3signerHeartbeat" | "CreateContact" | "GetContact" | "ListContacts" | "DeleteContact" | "UpdateContact" | "LookupContactsByAddress" | "QueryMetrics" | "QueryAuditLog" | "Counts" | "CreateKey" | "ImportKey" | "CreateKeyImportKey" | "DeriveKey" | "DeleteKey" | "AvaSign" | "AvaSerializedTxSign" | "BabylonRegistration" | "BabylonStaking" | "BabylonCovSign" | "BinanceSign" | "BybitSign" | "CoinbaseSign" | "BlobSign" | "BtcMessageSign" | "BtcSign" | "DiffieHellmanExchange" | "PsbtSign" | "PsbtLegacyInputSign" | "PsbtSegwitInputSign" | "PsbtTaprootInputSign" | "TaprootSign" | "Eip712Sign" | "Eip191Sign" | "Eth1Sign" | "Eth2Sign" | "SolanaSign" | "SuiSign" | "TendermintSign" | "Stake" | "Unstake" | "PasskeyAuthInit" | "PasskeyAuthComplete" | "OidcAuth" | "Oauth2Twitter" | "OAuth2TokenRefresh" | "EmailOtpAuth" | "SiweInit" | "SiweComplete" | "TelegramAuth" | "CreateOidcUser" | "DeleteOidcUser" | "DeleteUser" | "CreateEotsNonces" | "EotsSign" | "AuthMigrationIdentityAdd" | "AuthMigrationIdentityRemove" | "AuthMigrationUserUpdate" | "KeyCreated" | "KeyImported" | "InvitationAccept" | "IdpAuthenticate" | "IdpPasswordResetRequest" | "IdpPasswordResetConfirm" | "RpcApi" | "RpcCreateTransaction" | "RpcGetTransaction" | "RpcListTransactions" | "RpcRetryTransaction" | "RpcBinance" | "RpcBybit" | "RpcCoinbase" | "CustomChainRpcCall" | "EsploraApiCall" | "SentryApiCall" | "SentryApiCallPublic" | "MmiJwkSet" | "AttestationJwkSet" | "UserOrgs" | "PublicOrgInfo" | "EmailMyOrgs";
+        BillingEvent: "Mmi" | "MmiMessageGet" | "MmiMessageList" | "MmiMessageSign" | "MmiMessageReject" | "MmiMessageDelete" | "AboutMe" | "UserResetEmailInit" | "UserResetEmailComplete" | "UserDeleteTotp" | "UserResetTotpInit" | "UserResetTotpComplete" | "UserVerifyTotp" | "UserRegisterFidoInit" | "UserRegisterFidoComplete" | "UserDeleteFido" | "CreateProofOidc" | "CreateProofCubeSigner" | "VerifyProof" | "AddOidcIdentity" | "RemoveOidcIdentity" | "ListOidcIdentities" | "GetOrg" | "UpdateOrg" | "GetOrgExport" | "CreateOrg" | "ListKeys" | "AttestKey" | "GetKey" | "GetKeyByMaterialId" | "ListKeyRoles" | "UpdateKey" | "ListHistoricalKeyTx" | "Invite" | "CancelInvitation" | "ListInvitations" | "ListUsers" | "GetUser" | "GetUserByEmail" | "GetUserByOidc" | "UpdateMembership" | "ResetMemberMfa" | "CompleteResetMemberMfa" | "CreateRole" | "AttestRole" | "GetRole" | "ListTokenKeys" | "ListRoles" | "GetRoleKey" | "ListRoleKeys" | "ListRoleUsers" | "UpdateRole" | "DeleteRole" | "ConfigureEmail" | "GetEmailConfig" | "DeleteEmailConfig" | "ListHistoricalRoleTx" | "CreatePolicy" | "GetPolicy" | "ListPolicies" | "DeletePolicy" | "UpdatePolicy" | "InvokePolicy" | "GetPolicyLogs" | "UploadWasmPolicy" | "GetPolicySecrets" | "UpdatePolicySecrets" | "SetPolicySecret" | "DeletePolicySecret" | "CreatePolicyImportKey" | "GetPolicyBucket" | "ListPolicyBuckets" | "UpdatePolicyBucket" | "UserExportDelete" | "UserExportList" | "UserExportInit" | "UserExportComplete" | "AddUserToRole" | "RemoveUserFromRole" | "MfaApproveCs" | "MfaRejectCs" | "MfaGet" | "MfaList" | "AddKeysToRole" | "RemoveKeyFromRole" | "CreateToken" | "CreateSession" | "RevokeSession" | "RevokeCurrentSession" | "RevokeSessions" | "ListSessions" | "GetSession" | "SignerSessionRefresh" | "MfaApproveTotp" | "MfaRejectTotp" | "MfaFidoInit" | "MfaApproveFidoComplete" | "MfaRejectFidoComplete" | "MfaEmailInit" | "MfaEmailComplete" | "Cube3signerHeartbeat" | "CreateContact" | "GetContact" | "ListContacts" | "DeleteContact" | "UpdateContact" | "LookupContactsByAddress" | "QueryMetrics" | "QueryAuditLog" | "Counts" | "CreateKey" | "ImportKey" | "CreateKeyImportKey" | "DeriveKey" | "DeleteKey" | "AvaSign" | "AvaSerializedTxSign" | "BabylonRegistration" | "BabylonStaking" | "BabylonCovSign" | "BinanceSign" | "BybitSign" | "CoinbaseSign" | "BlobSign" | "BtcMessageSign" | "BtcSign" | "DiffieHellmanExchange" | "PsbtSign" | "PsbtLegacyInputSign" | "PsbtSegwitInputSign" | "PsbtTaprootInputSign" | "TaprootSign" | "Eip712Sign" | "Eip191Sign" | "Eth1Sign" | "Eth2Sign" | "SolanaSign" | "SuiSign" | "TendermintSign" | "Stake" | "Unstake" | "PasskeyAuthInit" | "PasskeyAuthComplete" | "OidcAuth" | "Oauth2Twitter" | "OAuth2TokenRefresh" | "EmailOtpAuth" | "SiweInit" | "SiweComplete" | "SiwsInit" | "SiwsComplete" | "TelegramAuth" | "CreateOidcUser" | "DeleteOidcUser" | "DeleteUser" | "CreateEotsNonces" | "EotsSign" | "AuthMigrationIdentityAdd" | "AuthMigrationIdentityRemove" | "AuthMigrationUserUpdate" | "KeyCreated" | "KeyImported" | "InvitationAccept" | "IdpAuthenticate" | "IdpPasswordResetRequest" | "IdpPasswordResetConfirm" | "RpcApi" | "RpcCreateTransaction" | "RpcGetTransaction" | "RpcListTransactions" | "RpcRetryTransaction" | "RpcCancelTransaction" | "RpcBinance" | "RpcBybit" | "RpcCoinbase" | "CustomChainRpcCall" | "EsploraApiCall" | "SentryApiCall" | "SentryApiCallPublic" | "MmiJwkSet" | "AttestationJwkSet" | "UserOrgs" | "PublicOrgInfo" | "EmailMyOrgs";
         /** @description Parameters envelope for all Binance RPC methods. */
         BinanceAccountInfoParams: components["schemas"]["AccountInfoRequest"] & {
             dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
@@ -2844,6 +2884,18 @@ export interface components {
             recvWindow?: number | null;
         };
         /** @description Parameters envelope for all Binance RPC methods. */
+        BinanceDepositHistoryParams: components["schemas"]["DepositHistoryRequest"] & {
+            dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
+            keyId: components["schemas"]["Id"];
+            /**
+             * Format: float
+             * @description Optional "receive window", i.e., for how long the request stays valid.
+             * May only be specified in milliseconds, with up to three decimal places of precision.
+             * If omitted, defaults to 10000. Must not be greater than 60000.
+             */
+            recvWindow?: number | null;
+        };
+        /** @description Parameters envelope for all Binance RPC methods. */
         BinanceDepositParams: components["schemas"]["DepositRequest"] & {
             dryRun?: components["schemas"]["BinanceDryRunMode"] | null;
             keyId: components["schemas"]["Id"];
@@ -2922,6 +2974,10 @@ export interface components {
             /** @enum {string} */
             method: "cs_binanceDeposit";
             params: components["schemas"]["BinanceDepositParams"];
+        } | {
+            /** @enum {string} */
+            method: "cs_binanceDepositHistory";
+            params: components["schemas"]["BinanceDepositHistoryParams"];
         } | {
             /** @enum {string} */
             method: "cs_binanceListSubAccounts";
@@ -3788,6 +3844,11 @@ export interface components {
         CancelInvitationRequest: {
             email: components["schemas"]["Email"];
         };
+        /** @description Parameters for the [`cs_cancelTransaction`](RpcMethod::CancelTransaction) method. */
+        CancelTransactionRequest: {
+            /** @description The transaction id. */
+            id: string;
+        };
         /**
          * @description Supported Canton environments.
          * @enum {string}
@@ -3938,6 +3999,8 @@ export interface components {
             withdrawFee?: string | null;
             /** @description Step size for withdrawal amounts, as a decimal string. */
             withdrawIntegerMultiple?: string | null;
+            /** @description Minimum internal transfer amount */
+            withdrawInternalMin?: string | null;
             /** @description Maximum withdrawal amount, as a decimal string. */
             withdrawMax?: string | null;
             /** @description Minimum withdrawal amount, as a decimal string. */
@@ -4515,6 +4578,11 @@ export interface components {
                 method: "cs_retryTransaction";
                 params: components["schemas"]["RetryTransactionRequest"];
             },
+            {
+                /** @enum {string} */
+                method: "cs_cancelTransaction";
+                params: components["schemas"]["CancelTransactionRequest"];
+            },
             {
                 /** @enum {string} */
                 method: "cs_getTransaction";
@@ -4558,6 +4626,121 @@ export interface components {
             /** @description Custom EVM chains. */
             evm: components["schemas"]["EvmCustomChain"][];
         };
+        /** @description One deposit entry in [`DepositHistoryResponse`]. */
+        DepositHistoryEntry: {
+            /** @description Destination address the deposit was sent to. */
+            address: string;
+            /**
+             * @description Secondary address identifier (e.g. memo for XRP, tag for XLM). Empty
+             * string when the asset does not use one.
+             */
+            addressTag?: string | null;
+            /** @description Deposit amount, as a decimal string. */
+            amount: string;
+            /** @description Asset symbol (e.g. `"USDT"`, `"BTC"`). */
+            coin: string;
+            /**
+             * Format: int64
+             * @description Represents deposit completion datetime, available for deposits after 6-Mar-2025.
+             */
+            completeTime?: number | null;
+            /** @description On-chain confirmation progress (e.g. `"1/1"`). */
+            confirmTimes?: string | null;
+            /** @description Binance-assigned deposit id. */
+            id?: string | null;
+            /**
+             * Format: int64
+             * @description Time the deposit record was created (ms since epoch).
+             */
+            insertTime: number;
+            /** @description Blockchain network identifier (e.g. `"BSC"`, `"ETH"`). */
+            network: string;
+            /** @description Returned when 'includeSource' in the request is set to true */
+            sourceAddress?: string | null;
+            /**
+             * Format: int32
+             * @description Deposit status. Binance values: `0` = pending, `6` = credited but
+             * cannot withdraw, `7` = wrong deposit, `8` = waiting user confirm,
+             * `1` = success. Left as `u8` for forward compatibility.
+             */
+            status: number;
+            /**
+             * Format: int32
+             * @description `0` = external transfer, `1` = internal (Binance↔Binance) transfer.
+             */
+            transferType: number;
+            /**
+             * Format: int32
+             * @description 0: travel rule not required OR info already provided and funds ready to use;
+             * 1: travel rule required to provide deposit info
+             */
+            travelRuleStatus: number;
+            /** @description On-chain transaction hash of the deposit. */
+            txId: string;
+            /**
+             * Format: int32
+             * @description Confirmations after which the deposit is unlocked for trading.
+             */
+            unlockConfirm?: number | null;
+            /**
+             * Format: int32
+             * @description Destination wallet: `0` = spot wallet, `1` = funding wallet.
+             */
+            walletType: number;
+        };
+        /**
+         * @description Parameters for `GET /sapi/v1/capital/deposit/hisrec`.
+         *
+         * Returns the calling account's deposit history. All filters are optional;
+         * if `start_time`/`end_time` are omitted, Binance returns the most recent 90
+         * days. Use `tx_id` to look up a specific deposit by its on-chain
+         * transaction hash, or `coin`/`status` to narrow the result set.
+         */
+        DepositHistoryRequest: {
+            /** @description Filter to a specific asset (e.g. `"USDT"`, `"BTC"`). */
+            coin?: string | null;
+            /**
+             * Format: int64
+             * @description Window end (ms since epoch, Binance default: present timestamp).
+             */
+            endTime?: number | null;
+            /**
+             * @description If `true`, include the deposit's source address in each entry. Binance
+             * defaults to `false`.
+             */
+            includeSource?: boolean | null;
+            /**
+             * Format: int32
+             * @description Page size (Binance default and max: 1000).
+             */
+            limit?: number | null;
+            /**
+             * Format: int32
+             * @description Pagination offset (Binance default: 0).
+             */
+            offset?: number | null;
+            /**
+             * Format: int64
+             * @description Window start (ms since epoch, Binance default: 90 days from current timestamp).
+             */
+            startTime?: number | null;
+            /**
+             * Format: int32
+             * @description Filter by deposit status. Binance values: `0` = pending, `6` = credited
+             * but cannot withdraw, `7` = wrong deposit, `8` = waiting user confirm,
+             * `1` = success, `2` = rejected. Left as `u8` for forward compatibility.
+             */
+            status?: number | null;
+            /** @description Look up a specific deposit by its on-chain transaction hash. */
+            txId?: string | null;
+        };
+        /**
+         * @description Response returned by `cs_binanceDepositHistory`.
+         *
+         * Binance returns a top-level JSON array; this newtype preserves that wire
+         * format while giving the response a named type in the OpenAPI schema.
+         */
+        DepositHistoryResponse: components["schemas"]["DepositHistoryEntry"][];
         /**
          * @description Parameters for `GET /sapi/v1/capital/deposit/address`.
          *
@@ -5403,7 +5586,7 @@ export interface components {
          * @description Explicitly named scopes for accessing CubeSigner APIs
          * @enum {string}
          */
-        ExplicitScope: "sign:*" | "sign:ava" | "sign:binance:*" | "sign:binance:subToMaster" | "sign:binance:subToSub" | "sign:binance:universalTransfer" | "sign:binance:subAccountAssets" | "sign:binance:accountInfo" | "sign:binance:subAccountTransferHistory" | "sign:binance:universalTransferHistory" | "sign:binance:withdraw" | "sign:binance:withdrawHistory" | "sign:binance:deposit" | "sign:binance:listSubAccounts" | "sign:binance:coinInfo" | "sign:bybit:*" | "sign:bybit:queryUser" | "sign:bybit:querySubMembers" | "sign:bybit:queryCoinsBalance" | "sign:bybit:queryDepositAddress" | "sign:bybit:universalTransfer" | "sign:bybit:withdraw" | "sign:bybit:withdrawals" | "sign:coinbase:*" | "sign:coinbase:accounts:list" | "sign:coinbase:portfolios:list" | "sign:coinbase:funds:move" | "sign:blob" | "sign:diffieHellman" | "sign:btc:*" | "sign:btc:segwit" | "sign:btc:taproot" | "sign:btc:psbt:*" | "sign:btc:psbt:doge" | "sign:btc:psbt:legacy" | "sign:btc:psbt:segwit" | "sign:btc:psbt:taproot" | "sign:btc:psbt:ltcSegwit" | "sign:btc:message:*" | "sign:btc:message:segwit" | "sign:btc:message:legacy" | "sign:babylon:*" | "sign:babylon:eots:*" | "sign:babylon:eots:nonces" | "sign:babylon:eots:sign" | "sign:babylon:staking:*" | "sign:babylon:staking:deposit" | "sign:babylon:staking:unbond" | "sign:babylon:staking:withdraw" | "sign:babylon:staking:slash" | "sign:babylon:registration" | "sign:babylon:covenant" | "sign:evm:*" | "sign:evm:tx" | "sign:evm:eip191" | "sign:evm:eip712" | "sign:eth2:*" | "sign:eth2:validate" | "sign:eth2:stake" | "sign:eth2:unstake" | "sign:solana" | "sign:sui" | "sign:tendermint" | "sign:mmi" | "manage:*" | "manage:readonly" | "manage:email:*" | "manage:email:get" | "manage:email:update" | "manage:email:delete" | "manage:mfa:*" | "manage:mfa:readonly" | "manage:mfa:list" | "manage:mfa:vote:*" | "manage:mfa:vote:cs" | "manage:mfa:vote:email" | "manage:mfa:vote:fido" | "manage:mfa:vote:totp" | "manage:mfa:register:*" | "manage:mfa:register:fido" | "manage:mfa:register:totp" | "manage:mfa:register:email" | "manage:mfa:unregister:*" | "manage:mfa:unregister:fido" | "manage:mfa:unregister:totp" | "manage:mfa:verify:*" | "manage:mfa:verify:totp" | "manage:key:*" | "manage:key:readonly" | "manage:key:get" | "manage:key:attest" | "manage:key:listRoles" | "manage:key:list" | "manage:key:history:tx:list" | "manage:key:create" | "manage:key:import" | "manage:key:update:*" | "manage:key:update:owner" | "manage:key:update:policy" | "manage:key:update:enabled" | "manage:key:update:region" | "manage:key:update:metadata" | "manage:key:update:properties" | "manage:key:update:editPolicy" | "manage:key:delete" | "manage:policy:*" | "manage:policy:readonly" | "manage:policy:create" | "manage:policy:get" | "manage:policy:list" | "manage:policy:delete" | "manage:policy:update:*" | "manage:policy:update:owner" | "manage:policy:update:name" | "manage:policy:update:acl" | "manage:policy:update:editPolicy" | "manage:policy:update:metadata" | "manage:policy:update:rule" | "manage:policy:invoke" | "manage:policy:wasm:*" | "manage:policy:wasm:upload" | "manage:policy:secrets:*" | "manage:policy:secrets:get" | "manage:policy:secrets:update:*" | "manage:policy:secrets:update:values" | "manage:policy:secrets:update:acl" | "manage:policy:secrets:update:editPolicy" | "manage:policy:buckets:*" | "manage:policy:buckets:get" | "manage:policy:buckets:list" | "manage:policy:buckets:update:*" | "manage:policy:buckets:update:owner" | "manage:policy:buckets:update:acl" | "manage:policy:buckets:update:metadata" | "manage:contact:*" | "manage:contact:readonly" | "manage:contact:create" | "manage:contact:get" | "manage:contact:list" | "manage:contact:delete" | "manage:contact:update:*" | "manage:contact:update:name" | "manage:contact:update:addresses" | "manage:contact:update:owner" | "manage:contact:update:labels" | "manage:contact:update:metadata" | "manage:contact:update:editPolicy" | "manage:contact:lookup:*" | "manage:contact:lookup:address" | "manage:policy:createImportKey" | "manage:role:*" | "manage:role:readonly" | "manage:role:create" | "manage:role:delete" | "manage:role:get:*" | "manage:role:attest" | "manage:role:get:keys" | "manage:role:get:keys:list" | "manage:role:get:keys:get" | "manage:role:get:users" | "manage:role:list" | "manage:role:update:*" | "manage:role:update:enabled" | "manage:role:update:policy" | "manage:role:update:editPolicy" | "manage:role:update:actions" | "manage:role:update:key:*" | "manage:role:update:key:add" | "manage:role:update:key:remove" | "manage:role:update:user:*" | "manage:role:update:user:add" | "manage:role:update:user:remove" | "manage:role:history:tx:list" | "manage:identity:*" | "manage:identity:readonly" | "manage:identity:verify" | "manage:identity:add" | "manage:identity:remove" | "manage:identity:list" | "manage:org:*" | "manage:org:create" | "manage:org:metrics:query" | "manage:org:audit:query" | "manage:org:readonly" | "manage:org:addUser" | "manage:org:inviteUser" | "manage:org:inviteAlien" | "manage:org:invitation:list" | "manage:org:invitation:cancel" | "manage:org:updateMembership:*" | "manage:org:updateMembership:owner" | "manage:org:updateMembership:member" | "manage:org:updateMembership:alien" | "manage:org:listUsers" | "manage:org:user:get" | "manage:org:deleteUser:*" | "manage:org:deleteUser:owner" | "manage:org:deleteUser:member" | "manage:org:deleteUser:alien" | "manage:org:get" | "manage:org:update:*" | "manage:org:update:enabled" | "manage:org:update:policy" | "manage:org:update:signPolicy" | "manage:org:update:export" | "manage:org:update:totpFailureLimit" | "manage:org:update:notificationEndpoints" | "manage:org:update:defaultInviteKind" | "manage:org:update:idpConfiguration" | "manage:org:update:passkeyConfiguration" | "manage:org:update:emailPreferences" | "manage:org:update:historicalData" | "manage:org:update:requireScopeCeiling" | "manage:org:update:alienLoginRequirement" | "manage:org:update:memberLoginRequirement" | "manage:org:update:keyExportRequirement" | "manage:org:update:allowedMfaTypes" | "manage:org:update:policyEngineConf" | "manage:org:update:customChains" | "manage:org:update:extProps" | "manage:org:update:editPolicy" | "manage:org:user:resetMfa" | "manage:session:*" | "manage:session:readonly" | "manage:session:get" | "manage:session:list" | "manage:session:create" | "manage:session:extend" | "manage:session:revoke" | "manage:export:*" | "manage:export:readonly" | "manage:export:org:*" | "manage:export:org:get" | "manage:export:user:*" | "manage:export:user:delete" | "manage:export:user:list" | "manage:authMigration:*" | "manage:authMigration:identity:add" | "manage:authMigration:identity:remove" | "manage:authMigration:user:update" | "manage:mmi:*" | "manage:mmi:readonly" | "manage:mmi:get" | "manage:mmi:list" | "manage:mmi:reject" | "manage:mmi:delete" | "export:*" | "export:user:*" | "export:user:init" | "export:user:complete" | "mmi:*" | "orgAccess:*" | "orgAccess:child:*" | "rpc:*" | "rpc:createTransaction:*" | "rpc:createTransaction:evm" | "rpc:retryTransaction" | "rpc:getTransaction" | "rpc:listTransactions" | "rpc:binance" | "rpc:bybit" | "rpc:coinbase";
+        ExplicitScope: "sign:*" | "sign:ava" | "sign:binance:*" | "sign:binance:subToMaster" | "sign:binance:subToSub" | "sign:binance:universalTransfer" | "sign:binance:subAccountAssets" | "sign:binance:accountInfo" | "sign:binance:subAccountTransferHistory" | "sign:binance:universalTransferHistory" | "sign:binance:withdraw" | "sign:binance:withdrawHistory" | "sign:binance:deposit" | "sign:binance:depositHistory" | "sign:binance:listSubAccounts" | "sign:binance:coinInfo" | "sign:bybit:*" | "sign:bybit:queryUser" | "sign:bybit:querySubMembers" | "sign:bybit:queryCoinsBalance" | "sign:bybit:queryDepositAddress" | "sign:bybit:universalTransfer" | "sign:bybit:withdraw" | "sign:bybit:withdrawals" | "sign:coinbase:*" | "sign:coinbase:accounts:list" | "sign:coinbase:portfolios:list" | "sign:coinbase:funds:move" | "sign:blob" | "sign:diffieHellman" | "sign:btc:*" | "sign:btc:segwit" | "sign:btc:taproot" | "sign:btc:psbt:*" | "sign:btc:psbt:doge" | "sign:btc:psbt:legacy" | "sign:btc:psbt:segwit" | "sign:btc:psbt:taproot" | "sign:btc:psbt:ltcSegwit" | "sign:btc:message:*" | "sign:btc:message:segwit" | "sign:btc:message:legacy" | "sign:babylon:*" | "sign:babylon:eots:*" | "sign:babylon:eots:nonces" | "sign:babylon:eots:sign" | "sign:babylon:staking:*" | "sign:babylon:staking:deposit" | "sign:babylon:staking:unbond" | "sign:babylon:staking:withdraw" | "sign:babylon:staking:slash" | "sign:babylon:registration" | "sign:babylon:covenant" | "sign:evm:*" | "sign:evm:tx" | "sign:evm:eip191" | "sign:evm:eip712" | "sign:eth2:*" | "sign:eth2:validate" | "sign:eth2:stake" | "sign:eth2:unstake" | "sign:solana" | "sign:sui" | "sign:tendermint" | "sign:mmi" | "manage:*" | "manage:readonly" | "manage:email:*" | "manage:email:get" | "manage:email:update" | "manage:email:delete" | "manage:mfa:*" | "manage:mfa:readonly" | "manage:mfa:list" | "manage:mfa:vote:*" | "manage:mfa:vote:cs" | "manage:mfa:vote:email" | "manage:mfa:vote:fido" | "manage:mfa:vote:totp" | "manage:mfa:register:*" | "manage:mfa:register:fido" | "manage:mfa:register:totp" | "manage:mfa:register:email" | "manage:mfa:unregister:*" | "manage:mfa:unregister:fido" | "manage:mfa:unregister:totp" | "manage:mfa:verify:*" | "manage:mfa:verify:totp" | "manage:key:*" | "manage:key:readonly" | "manage:key:get" | "manage:key:attest" | "manage:key:listRoles" | "manage:key:list" | "manage:key:history:tx:list" | "manage:key:create" | "manage:key:import" | "manage:key:update:*" | "manage:key:update:owner" | "manage:key:update:policy" | "manage:key:update:enabled" | "manage:key:update:region" | "manage:key:update:metadata" | "manage:key:update:properties" | "manage:key:update:editPolicy" | "manage:key:delete" | "manage:policy:*" | "manage:policy:readonly" | "manage:policy:create" | "manage:policy:get" | "manage:policy:list" | "manage:policy:delete" | "manage:policy:update:*" | "manage:policy:update:owner" | "manage:policy:update:name" | "manage:policy:update:acl" | "manage:policy:update:editPolicy" | "manage:policy:update:metadata" | "manage:policy:update:rule" | "manage:policy:invoke" | "manage:policy:wasm:*" | "manage:policy:wasm:upload" | "manage:policy:secrets:*" | "manage:policy:secrets:get" | "manage:policy:secrets:update:*" | "manage:policy:secrets:update:values" | "manage:policy:secrets:update:acl" | "manage:policy:secrets:update:editPolicy" | "manage:policy:buckets:*" | "manage:policy:buckets:get" | "manage:policy:buckets:list" | "manage:policy:buckets:update:*" | "manage:policy:buckets:update:owner" | "manage:policy:buckets:update:acl" | "manage:policy:buckets:update:metadata" | "manage:contact:*" | "manage:contact:readonly" | "manage:contact:create" | "manage:contact:get" | "manage:contact:list" | "manage:contact:delete" | "manage:contact:update:*" | "manage:contact:update:name" | "manage:contact:update:addresses" | "manage:contact:update:owner" | "manage:contact:update:labels" | "manage:contact:update:metadata" | "manage:contact:update:editPolicy" | "manage:contact:lookup:*" | "manage:contact:lookup:address" | "manage:policy:createImportKey" | "manage:role:*" | "manage:role:readonly" | "manage:role:create" | "manage:role:delete" | "manage:role:get:*" | "manage:role:attest" | "manage:role:get:keys" | "manage:role:get:keys:list" | "manage:role:get:keys:get" | "manage:role:get:users" | "manage:role:list" | "manage:role:update:*" | "manage:role:update:enabled" | "manage:role:update:policy" | "manage:role:update:editPolicy" | "manage:role:update:actions" | "manage:role:update:key:*" | "manage:role:update:key:add" | "manage:role:update:key:remove" | "manage:role:update:user:*" | "manage:role:update:user:add" | "manage:role:update:user:remove" | "manage:role:history:tx:list" | "manage:identity:*" | "manage:identity:readonly" | "manage:identity:verify" | "manage:identity:add" | "manage:identity:remove" | "manage:identity:list" | "manage:org:*" | "manage:org:create" | "manage:org:metrics:query" | "manage:org:audit:query" | "manage:org:readonly" | "manage:org:addUser" | "manage:org:inviteUser" | "manage:org:inviteAlien" | "manage:org:invitation:list" | "manage:org:invitation:cancel" | "manage:org:updateMembership:*" | "manage:org:updateMembership:owner" | "manage:org:updateMembership:member" | "manage:org:updateMembership:alien" | "manage:org:listUsers" | "manage:org:user:get" | "manage:org:deleteUser:*" | "manage:org:deleteUser:owner" | "manage:org:deleteUser:member" | "manage:org:deleteUser:alien" | "manage:org:get" | "manage:org:update:*" | "manage:org:update:enabled" | "manage:org:update:policy" | "manage:org:update:signPolicy" | "manage:org:update:export" | "manage:org:update:totpFailureLimit" | "manage:org:update:notificationEndpoints" | "manage:org:update:defaultInviteKind" | "manage:org:update:idpConfiguration" | "manage:org:update:passkeyConfiguration" | "manage:org:update:emailPreferences" | "manage:org:update:historicalData" | "manage:org:update:requireScopeCeiling" | "manage:org:update:alienLoginRequirement" | "manage:org:update:memberLoginRequirement" | "manage:org:update:keyExportRequirement" | "manage:org:update:allowedMfaTypes" | "manage:org:update:policyEngineConf" | "manage:org:update:customChains" | "manage:org:update:extProps" | "manage:org:update:editPolicy" | "manage:org:user:resetMfa" | "manage:session:*" | "manage:session:readonly" | "manage:session:get" | "manage:session:list" | "manage:session:create" | "manage:session:extend" | "manage:session:revoke" | "manage:export:*" | "manage:export:readonly" | "manage:export:org:*" | "manage:export:org:get" | "manage:export:user:*" | "manage:export:user:delete" | "manage:export:user:list" | "manage:authMigration:*" | "manage:authMigration:identity:add" | "manage:authMigration:identity:remove" | "manage:authMigration:user:update" | "manage:mmi:*" | "manage:mmi:readonly" | "manage:mmi:get" | "manage:mmi:list" | "manage:mmi:reject" | "manage:mmi:delete" | "export:*" | "export:user:*" | "export:user:init" | "export:user:complete" | "mmi:*" | "orgAccess:*" | "orgAccess:child:*" | "rpc:*" | "rpc:createTransaction:*" | "rpc:createTransaction:evm" | "rpc:retryTransaction" | "rpc:cancelTransaction" | "rpc:getTransaction" | "rpc:listTransactions" | "rpc:binance" | "rpc:bybit" | "rpc:coinbase";
         /**
          * @description This type specifies the interpretation of the `fee` field in Babylon
          * staking requests. If `sats`, the field is intpreted as a fixed value
@@ -5459,7 +5642,7 @@ export interface components {
             request_device_identifier?: boolean;
         };
         /** @enum {string} */
-        ForbiddenErrorCode: "AlienKeyCreate" | "CannotAssumeIdentity" | "SentryDisallowed" | "PasskeyLoginDisabled" | "PasskeyNotRegistered" | "CannotCreateOrg" | "WrongMfaEmailOtpJwt" | "OrgFlagNotSet" | "FidoRequiredToRemoveTotp" | "OidcIdentityLimitReached" | "OidcScopeCeilingMissing" | "OidcIssuerNotAllowedForMemberRole" | "OidcNoMemberRolesAllowed" | "EmailOtpNotConfigured" | "MfaChallengeExpired" | "ChainIdNotAllowed" | "InvalidOrg" | "OrgIdMismatch" | "SessionForWrongOrg" | "SelfDelete" | "SelfDisable" | "InvalidOrgMembershipRoleChange" | "UserDisabled" | "OrgDisabled" | "OrgNotFound" | "OrgWithoutOwner" | "OrphanedUser" | "OidcUserNotFound" | "UserNotInOrg" | "UserNotOrgOwner" | "UserNotKeyOwner" | "InvalidRole" | "DisabledRole" | "KeyDisabled" | "KeyNotInRole" | "ContactNotInOrg" | "UserExportRequestNotInOrg" | "UserExportRequestInvalid" | "UserExportDisabled" | "UserNotOriginalKeyOwner" | "UserNotInRole" | "MustBeFullMember" | "SessionExpired" | "SessionChanged" | "SessionRevoked" | "ExpectedUserSession" | "SessionRoleChanged" | "ScopedNameNotFound" | "SessionInvalidEpochToken" | "SessionInvalidRefreshToken" | "SessionRefreshTokenExpired" | "InvalidAuthHeader" | "SessionNotFound" | "InvalidArn" | "SessionInvalidAuthToken" | "SessionAuthTokenExpired" | "SessionPossiblyStolenToken" | "MfaDisallowedIdentity" | "MfaDisallowedApprover" | "MfaTypeNotAllowed" | "MfaNotApprovedYet" | "MfaConfirmationCodeMismatch" | "MfaHttpRequestMismatch" | "MfaRemoveBelowMin" | "MfaOrgRequirementNotMet" | "MfaRegistrationDisallowed" | "TotpAlreadyConfigured" | "TotpConfigurationChanged" | "MfaTotpBadConfiguration" | "MfaTotpBadCode" | "MfaTotpRateLimit" | "ImproperSessionScope" | "FullSessionRequired" | "SessionWithoutAnyScopeUnder" | "UserRoleUnprivileged" | "MemberRoleForbidden" | "MfaNotConfigured" | "RemoveLastOidcIdentity" | "OperationNotAllowed" | "OrgExportRetrievalDisabled" | "ChangingKeyExportRequirementIsDisabled" | "AutoAddBlsKeyToProtectedRole" | "UserNotPolicyOwner" | "UserNotContactOwner" | "UserNotBucketOwner" | "LegacySessionCannotHaveScopeCeiling" | "RoleInParentOrgNotAllowed" | "RemoveKeyFromRoleUserNotAllowed" | "SiweChallengeExpired" | "SiweMessageNotValid" | "SiweMessageInvalidSignature" | "Acl";
+        ForbiddenErrorCode: "AlienKeyCreate" | "CannotAssumeIdentity" | "SentryDisallowed" | "PasskeyLoginDisabled" | "PasskeyNotRegistered" | "CannotCreateOrg" | "WrongMfaEmailOtpJwt" | "OrgFlagNotSet" | "FidoRequiredToRemoveTotp" | "OidcIdentityLimitReached" | "OidcScopeCeilingMissing" | "OidcIssuerNotAllowedForMemberRole" | "OidcNoMemberRolesAllowed" | "EmailOtpNotConfigured" | "MfaChallengeExpired" | "ChainIdNotAllowed" | "InvalidOrg" | "OrgIdMismatch" | "SessionForWrongOrg" | "SelfDelete" | "SelfDisable" | "InvalidOrgMembershipRoleChange" | "UserDisabled" | "OrgDisabled" | "OrgNotFound" | "OrgWithoutOwner" | "OrphanedUser" | "OidcUserNotFound" | "UserNotInOrg" | "UserNotOrgOwner" | "UserNotKeyOwner" | "InvalidRole" | "DisabledRole" | "KeyDisabled" | "KeyNotInRole" | "ContactNotInOrg" | "UserExportRequestNotInOrg" | "UserExportRequestInvalid" | "UserExportDisabled" | "UserNotOriginalKeyOwner" | "UserNotInRole" | "MustBeFullMember" | "SessionExpired" | "SessionChanged" | "SessionRevoked" | "ExpectedUserSession" | "SessionRoleChanged" | "ScopedNameNotFound" | "SessionInvalidEpochToken" | "SessionInvalidRefreshToken" | "SessionRefreshTokenExpired" | "InvalidAuthHeader" | "SessionNotFound" | "InvalidArn" | "SessionInvalidAuthToken" | "SessionAuthTokenExpired" | "SessionPossiblyStolenToken" | "MfaDisallowedIdentity" | "MfaDisallowedApprover" | "MfaTypeNotAllowed" | "MfaNotApprovedYet" | "MfaConfirmationCodeMismatch" | "MfaHttpRequestMismatch" | "MfaRemoveBelowMin" | "MfaOrgRequirementNotMet" | "MfaRegistrationDisallowed" | "TotpAlreadyConfigured" | "TotpConfigurationChanged" | "MfaTotpBadConfiguration" | "MfaTotpBadCode" | "MfaTotpRateLimit" | "ImproperSessionScope" | "FullSessionRequired" | "SessionWithoutAnyScopeUnder" | "UserRoleUnprivileged" | "MemberRoleForbidden" | "MfaNotConfigured" | "RemoveLastOidcIdentity" | "OperationNotAllowed" | "OrgExportRetrievalDisabled" | "ChangingKeyExportRequirementIsDisabled" | "AutoAddBlsKeyToProtectedRole" | "UserNotPolicyOwner" | "UserNotContactOwner" | "UserNotBucketOwner" | "LegacySessionCannotHaveScopeCeiling" | "RoleInParentOrgNotAllowed" | "RemoveKeyFromRoleUserNotAllowed" | "SiweChallengeExpired" | "SiweMessageNotValid" | "SiweMessageInvalidSignature" | "SiwsChallengeExpired" | "SiwsMessageInvalid" | "Acl";
         /**
          * @description Specifies a fork of the `BeaconChain`, to prevent replay attacks.
          * The schema of `Fork` is defined in the [Beacon chain
@@ -5877,7 +6060,7 @@ export interface components {
             result?: Record<string, unknown> | null;
         };
         /** @description Valid `result` from the JSON-RPC API. */
-        JsonRpcResult: components["schemas"]["TransactionInfo"] | components["schemas"]["ListTransactionsPaginatedResponse"] | components["schemas"]["SubAccountTransferResponse"] | components["schemas"]["UniversalTransferResponse"] | components["schemas"]["SubAccountAssetsResponse"] | components["schemas"]["AccountInfoResponse"] | components["schemas"]["SubAccountTransferHistoryResponse"] | components["schemas"]["UniversalTransferHistoryResponse"] | components["schemas"]["WithdrawResponse"] | components["schemas"]["WithdrawHistoryResponse"] | components["schemas"]["DepositResponse"] | components["schemas"]["ListSubAccountsResponse"] | components["schemas"]["CoinInfoResponse"] | components["schemas"]["BybitQueryUserResponse"] | components["schemas"]["BybitQuerySubMembersResponse"] | components["schemas"]["BybitQueryCoinsBalanceResponse"] | components["schemas"]["BybitQueryDepositAddressResponse"] | components["schemas"]["BybitUniversalTransferResponse"] | components["schemas"]["BybitWithdrawResponse"] | components["schemas"]["BybitWithdrawalsResponse"] | components["schemas"]["CoinbaseListAccountsResponse"] | components["schemas"]["CoinbaseListPortfoliosResponse"] | components["schemas"]["CoinbaseMoveFundsResponse"];
+        JsonRpcResult: components["schemas"]["TransactionInfo"] | components["schemas"]["ListTransactionsPaginatedResponse"] | components["schemas"]["SubAccountTransferResponse"] | components["schemas"]["UniversalTransferResponse"] | components["schemas"]["SubAccountAssetsResponse"] | components["schemas"]["AccountInfoResponse"] | components["schemas"]["SubAccountTransferHistoryResponse"] | components["schemas"]["UniversalTransferHistoryResponse"] | components["schemas"]["WithdrawResponse"] | components["schemas"]["WithdrawHistoryResponse"] | components["schemas"]["DepositResponse"] | components["schemas"]["DepositHistoryResponse"] | components["schemas"]["ListSubAccountsResponse"] | components["schemas"]["CoinInfoResponse"] | components["schemas"]["BybitQueryUserResponse"] | components["schemas"]["BybitQuerySubMembersResponse"] | components["schemas"]["BybitQueryCoinsBalanceResponse"] | components["schemas"]["BybitQueryDepositAddressResponse"] | components["schemas"]["BybitUniversalTransferResponse"] | components["schemas"]["BybitWithdrawResponse"] | components["schemas"]["BybitWithdrawalsResponse"] | components["schemas"]["CoinbaseListAccountsResponse"] | components["schemas"]["CoinbaseListPortfoliosResponse"] | components["schemas"]["CoinbaseMoveFundsResponse"];
         JwkSetResponse: {
             /** @description The keys included in this set */
             keys: Record<string, never>[];
@@ -6504,7 +6687,7 @@ export interface components {
          * @description All different kinds of sensitive operations
          * @enum {string}
          */
-        OperationKind: "AvaSign" | "AvaChainTxSign" | "BabylonCovSign" | "BabylonRegistration" | "BabylonStaking" | "BinanceSubToMaster" | "BinanceSubToSub" | "BinanceUniversalTransfer" | "BinanceSubAccountAssets" | "BinanceAccountInfo" | "BinanceSubAccountTransferHistory" | "BinanceUniversalTransferHistory" | "BinanceWithdraw" | "BinanceWithdrawHistory" | "BinanceDeposit" | "BinanceListSubAccounts" | "BinanceCoinInfo" | "BlobSign" | "BtcMessageSign" | "BtcSign" | "BybitQueryUser" | "BybitQuerySubMembers" | "BybitQueryCoinsBalance" | "BybitQueryDepositAddress" | "BybitUniversalTransfer" | "BybitWithdraw" | "BybitWithdrawals" | "CoinbaseListAccounts" | "CoinbaseListPortfolios" | "CoinbaseMoveFunds" | "DiffieHellman" | "PsbtSign" | "TaprootSign" | "Eip191Sign" | "Eip712Sign" | "EotsNonces" | "EotsSign" | "Eth1Sign" | "Eth2Sign" | "Eth2Stake" | "Eth2Unstake" | "SolanaSign" | "SuiSign" | "TendermintSign" | "RoleUpdate";
+        OperationKind: "AvaSign" | "AvaChainTxSign" | "BabylonCovSign" | "BabylonRegistration" | "BabylonStaking" | "BinanceSubToMaster" | "BinanceSubToSub" | "BinanceUniversalTransfer" | "BinanceSubAccountAssets" | "BinanceAccountInfo" | "BinanceSubAccountTransferHistory" | "BinanceUniversalTransferHistory" | "BinanceWithdraw" | "BinanceWithdrawHistory" | "BinanceDeposit" | "BinanceDepositHistory" | "BinanceListSubAccounts" | "BinanceCoinInfo" | "BlobSign" | "BtcMessageSign" | "BtcSign" | "BybitQueryUser" | "BybitQuerySubMembers" | "BybitQueryCoinsBalance" | "BybitQueryDepositAddress" | "BybitUniversalTransfer" | "BybitWithdraw" | "BybitWithdrawals" | "CoinbaseListAccounts" | "CoinbaseListPortfolios" | "CoinbaseMoveFunds" | "DiffieHellman" | "PsbtSign" | "TaprootSign" | "Eip191Sign" | "Eip712Sign" | "EotsNonces" | "EotsSign" | "Eth1Sign" | "Eth2Sign" | "Eth2Stake" | "Eth2Unstake" | "SolanaSign" | "SuiSign" | "TendermintSign" | "RoleUpdate";
         OrgAlertsPrefs: {
             /** @description Recipient users for org-level alerts */
             alert_recipients?: components["schemas"]["Id"][] | null;
@@ -7383,7 +7566,7 @@ export interface components {
         };
         PolicyErrorCode: components["schemas"]["PolicyErrorOwnCodes"] | components["schemas"]["EvmTxDepositErrorCode"];
         /** @enum {string} */
-        PolicyErrorOwnCodes: "Inapplicable" | "SuiTxReceiversDisallowedTransactionKind" | "SuiTxReceiversDisallowedTransferAddress" | "SuiTxReceiversDisallowedCommand" | "BtcTxDisallowedOutputs" | "BtcSignatureExceededValue" | "BtcValueOverflow" | "BtcSighashTypeDisallowed" | "EvmTxReceiverMismatch" | "EvmTxChainIdMismatch" | "EvmTxSenderMismatch" | "EvmTxExceededValue" | "EvmTxExceededGasCost" | "EvmTxGasCostUndefined" | "EvmDataDisallowed" | "Erc20DataInvalid" | "EvmContractAddressUndefined" | "EvmContractChainIdUndefined" | "EvmDataNotDefined" | "EvmDataInvalid" | "EvmContractNotInAllowlist" | "Erc20ExceededTransferLimit" | "Erc20ReceiverMismatch" | "Erc20ExceededApproveLimit" | "Erc20SpenderMismatch" | "EvmFunctionNotInAllowlist" | "EvmFunctionCallInvalid" | "EvmFunctionCallDisallowedArg" | "PolicyDisjunctionError" | "PolicyNegationError" | "Eth2ExceededMaxUnstake" | "Eth2ConcurrentUnstaking" | "NotInIpv4Allowlist" | "NotInOriginAllowlist" | "NotInOperationAllowlist" | "InvalidSourceIp" | "RawSigningNotAllowed" | "DiffieHellmanExchangeNotAllowed" | "Eip712SigningNotAllowed" | "OidcSourceNotAllowed" | "NoOidcAuthSourcesDefined" | "AddKeyToRoleDisallowed" | "KeysAlreadyInRole" | "KeyInMultipleRoles" | "KeyAccessError" | "RequireRoleSessionKeyAccessError" | "BtcMessageSigningNotAllowed" | "Eip191SigningNotAllowed" | "TaprootSigningDisallowed" | "SegwitSigningDisallowed" | "PsbtSigningDisallowed" | "BabylonStakingDisallowed" | "TimeLocked" | "BabylonStakingNetwork" | "BabylonStakingParamsVersion" | "BabylonStakingExplicitParams" | "BabylonStakingStakerPk" | "BabylonStakingFinalityProviderPk" | "BabylonStakingLockTime" | "BabylonStakingValue" | "BabylonStakingChangeAddress" | "BabylonStakingFee" | "BabylonStakingWithdrawalAddress" | "BabylonStakingBbnAddress" | "SolanaInstructionCountLow" | "SolanaInstructionCountHigh" | "SolanaNotInInstructionAllowlist" | "SolanaInstructionMismatch" | "WasmPoliciesDisabled" | "WasmPolicyDenied" | "WasmPolicyFailed" | "WebhookPoliciesDisabled" | "DeniedByWebhook";
+        PolicyErrorOwnCodes: "Inapplicable" | "SuiTxReceiversDisallowedTransactionKind" | "SuiTxReceiversDisallowedTransferAddress" | "SuiTxReceiversDisallowedCommand" | "BtcTxDisallowedOutputs" | "BtcSignatureExceededValue" | "BtcValueOverflow" | "BtcSighashTypeDisallowed" | "EvmTxReceiverMismatch" | "EvmTxChainIdMismatch" | "EvmTxSenderMismatch" | "EvmTxExceededValue" | "EvmTxExceededGasCost" | "EvmTxGasCostUndefined" | "EvmDataDisallowed" | "Erc20DataInvalid" | "EvmContractAddressUndefined" | "EvmContractChainIdUndefined" | "EvmDataNotDefined" | "EvmDataInvalid" | "EvmContractNotInAllowlist" | "Erc20ExceededTransferLimit" | "Erc20ReceiverMismatch" | "Erc20ExceededApproveLimit" | "Erc20SpenderMismatch" | "EvmFunctionNotInAllowlist" | "EvmFunctionCallInvalid" | "EvmFunctionCallDisallowedArg" | "PolicyDisjunctionError" | "PolicyNegationError" | "Eth2ExceededMaxUnstake" | "Eth2ConcurrentUnstaking" | "NotInIpv4Allowlist" | "NotInOriginAllowlist" | "NotInOperationAllowlist" | "InvalidSourceIp" | "RawSigningNotAllowed" | "DiffieHellmanExchangeNotAllowed" | "Eip712SigningNotAllowed" | "OidcSourceNotAllowed" | "NoOidcAuthSourcesDefined" | "AddKeyToRoleDisallowed" | "KeysAlreadyInRole" | "KeyInMultipleRoles" | "KeyAccessError" | "RequireRoleSessionKeyAccessError" | "BtcMessageSigningNotAllowed" | "Eip191SigningNotAllowed" | "TaprootSigningDisallowed" | "SegwitSigningDisallowed" | "PsbtSigningDisallowed" | "BabylonStakingDisallowed" | "TimeLocked" | "CelPolicyDenied" | "BabylonStakingNetwork" | "BabylonStakingParamsVersion" | "BabylonStakingExplicitParams" | "BabylonStakingStakerPk" | "BabylonStakingFinalityProviderPk" | "BabylonStakingLockTime" | "BabylonStakingValue" | "BabylonStakingChangeAddress" | "BabylonStakingFee" | "BabylonStakingWithdrawalAddress" | "BabylonStakingBbnAddress" | "SolanaInstructionCountLow" | "SolanaInstructionCountHigh" | "SolanaNotInInstructionAllowlist" | "SolanaInstructionMismatch" | "WasmPoliciesDisabled" | "WasmPolicyDenied" | "WasmPolicyFailed" | "WebhookPoliciesDisabled" | "DeniedByWebhook" | "ExplicitlyDenied";
         /** @description A struct containing all the information about a specific version of a policy. */
         PolicyInfo: {
             /** @description The access-control entries for the policy. */
@@ -8102,9 +8285,9 @@ export interface components {
         };
         RpcApiErrorCode: components["schemas"]["RpcApiErrorOwnCodes"] | components["schemas"]["SignerClientErrorCode"] | components["schemas"]["RpcEvmErrorCode"];
         /** @enum {string} */
-        RpcApiErrorOwnCodes: "MfaRequired" | "ConcurrentTransactionFailed";
+        RpcApiErrorOwnCodes: "MfaRequired" | "ConcurrentTransactionFailed" | "InvalidTxStatus";
         /** @enum {string} */
-        RpcEvmErrorCode: "SubmissionFailed" | "FailedToReserveNonce" | "InvalidTxStatus" | "MissingTxFrom";
+        RpcEvmErrorCode: "SubmissionFailed" | "FailedToReserveNonce" | "MissingTxField" | "Signer";
         /**
          * @description The RPC API method and matching parameters.
          *
@@ -8260,6 +8443,37 @@ export interface components {
             /** @description Optional policy evaluation tree, if requested */
             policy_eval_tree?: unknown;
         };
+        /**
+         * @description The structured input to a Sign-In With Solana request (`SolanaSignInInput` in the spec).
+         *
+         * The relying party fills in `domain`/`address`/`uri`/... and the wallet renders it into the
+         * human-readable message (see [SignInInput::to_message_text]) that it signs.
+         */
+        SignInInput: {
+            /** @description The base58-encoded Solana (ed25519) public key performing the sign-in. */
+            address: string;
+            chainId?: components["schemas"]["SolanaNetwork"] | null;
+            /** @description The RFC 3986 authority that is requesting the sign-in. */
+            domain: string;
+            /** @description The ISO 8601 datetime string after which the signed message is no longer valid. */
+            expirationTime?: string | null;
+            /** @description The ISO 8601 datetime string of the time the message was issued. */
+            issuedAt?: string | null;
+            /** @description A randomized token used to prevent replay attacks; at least 8 alphanumeric characters. */
+            nonce?: string | null;
+            /** @description The ISO 8601 datetime string before which the signed message is not yet valid. */
+            notBefore?: string | null;
+            /** @description A system-specific identifier that may be used to uniquely refer to the sign-in request. */
+            requestId?: string | null;
+            /** @description A list of RFC 3986 URIs the user wishes to have resolved as part of the authentication. */
+            resources?: string[] | null;
+            /** @description A human-readable ASCII assertion that the user will sign; must not contain a newline. */
+            statement?: string | null;
+            /** @description An RFC 3986 URI referring to the resource that is the subject of the sign-in. */
+            uri?: string | null;
+            /** @description The version of the message (currently always `1`). */
+            version?: string | null;
+        };
         SignResponse: {
             /** @description Optional policy evaluation tree. */
             policy_eval_tree?: unknown;
@@ -8338,6 +8552,56 @@ export interface components {
             /** @description The message to sign following the EIP-191 standard. */
             message: string;
         };
+        /** @description Answer to a Sign-in with Solana challenge. */
+        SiwsCompleteRequest: {
+            challenge_id: components["schemas"]["Id"];
+            /** @description The base58-encoded ed25519 signature of `signed_message`. */
+            signature: string;
+            /** @description The base58-encoded UTF-8 bytes of the message that was signed (the rendered `SignInInput`). */
+            signed_message: string;
+        };
+        /** @description Returned upon a successful SIWS authentication. */
+        SiwsCompleteResponse: {
+            /** @description The OIDC token corresponding to the user with the requested SIWS identity. */
+            id_token: string;
+        };
+        /**
+         * @description Initialize the request to sign in with Solana. The response will contain a structured
+         * `SignInInput` that the client must render to text, sign, and submit via the corresponding PATCH
+         * endpoint within 5 minutes.
+         */
+        SiwsInitRequest: {
+            /** @description The base58-encoded Solana (ed25519) public key performing the signing. */
+            address: string;
+            chain_id?: components["schemas"]["SolanaNetwork"] | null;
+            /** @description The RFC 3986 authority that is requesting the signing. */
+            domain: string;
+            /** @description The ISO 8601 datetime string that, if present, indicates when the signed authentication message is no longer valid. */
+            expiration_time?: string | null;
+            /** @description The ISO 8601 datetime string that, if present, indicates when the signed authentication message will become valid. */
+            not_before?: string | null;
+            /** @description A system-specific identifier that may be used to uniquely refer to the sign-in request. */
+            request_id?: string | null;
+            /** @description A list of RFC 3986 URIs the user wishes to have resolved as part of authentication by the relying party. */
+            resources?: string[];
+            /** @description A human-readable ASCII assertion that the user will sign, and it must not contain '\n' (the byte 0x0a). */
+            statement?: string | null;
+            /** @description An RFC 3986 URI referring to the resource that is the subject of the signing (as in the subject of a claim). */
+            uri?: string | null;
+        };
+        /**
+         * @description A challenge returned in response to a Sign-In with Solana request.
+         *
+         * Contains a structured [SignInInput] that the client must render to its canonical text and sign
+         * (ed25519) with the requested key in order to complete authentication.
+         *
+         * The client has until the message expires (but no more than 5 minutes) to complete the challenge.
+         */
+        SiwsInitResponse: {
+            /** @description The ID of the challenge (to include in the request when calling the PATCH ('complete') endpoint) */
+            challenge_id: string;
+            sign_in_input: components["schemas"]["SignInInput"];
+        };
         /** @description A Solana address and the cluster it is on. */
         SolanaAddressInfo: {
             /**
@@ -8352,6 +8616,11 @@ export interface components {
          * @enum {string}
          */
         SolanaCluster: "mainnet" | "devnet";
+        /**
+         * @description The Solana network a SIWS message is bound to (the `Chain ID` field).
+         * @enum {string}
+         */
+        SolanaNetwork: "mainnet" | "testnet" | "devnet" | "localnet" | "solana:mainnet" | "solana:testnet" | "solana:devnet" | "solana:localnet";
         /**
          * @description Solana signing request
          * @example {
@@ -11616,6 +11885,32 @@ export interface components {
                 };
             };
         };
+        /** @description Returned upon a successful SIWS authentication. */
+        SiwsCompleteResponse: {
+            content: {
+                "application/json": {
+                    /** @description The OIDC token corresponding to the user with the requested SIWS identity. */
+                    id_token: string;
+                };
+            };
+        };
+        /**
+         * @description A challenge returned in response to a Sign-In with Solana request.
+         *
+         * Contains a structured [SignInInput] that the client must render to its canonical text and sign
+         * (ed25519) with the requested key in order to complete authentication.
+         *
+         * The client has until the message expires (but no more than 5 minutes) to complete the challenge.
+         */
+        SiwsInitResponse: {
+            content: {
+                "application/json": {
+                    /** @description The ID of the challenge (to include in the request when calling the PATCH ('complete') endpoint) */
+                    challenge_id: string;
+                    sign_in_input: components["schemas"]["SignInInput"];
+                };
+            };
+        };
         StakeResponse: {
             content: {
                 "application/json": ({
@@ -14742,12 +15037,21 @@ export interface operations {
      * but extends the output with an `id_token`.
      *
      * This `id_token` can then be used with any CubeSigner endpoint that requires an OIDC token.
+     * Callers must request *at least* scopes `tweet.read` and `users.read` during auth with twitter.
+     *
+     * By default, the id token does not contain a confirmed email;
+     * callers can request this field be populated by requesting the `users.email` scope
+     * and adding `fetch_email` as a URL parameter to this route.
+     *
      *
      * > [!IMPORTANT]
      * > This endpoint will fail unless the org is configured to allow the issuer `https://shim.oauth2.cubist.dev/twitter` and client ID being used for Twitter.
      */
     oauth2Twitter: {
         parameters: {
+            query?: {
+                fetch_email?: boolean | null;
+            };
             path: {
                 /**
                  * @description Name or ID of the desired Org
@@ -14920,6 +15224,77 @@ export interface operations {
             };
         };
     };
+    /**
+     * Initiate login via Sign-in With Solana (SIWS).
+     * @description Initiate login via Sign-in With Solana (SIWS).
+     *
+     * This endpoint generates a challenge which can be answered (via the corresponding PATCH endpoint)
+     * to obtain an OIDC token. The OIDC token can then be exchanged for a user session via the standard
+     * OIDC auth route.
+     *
+     * > [!IMPORTANT]
+     * > For this endpoint to succeed, the org must be configured to:
+     * > Allow the issuer `https://shim.oauth2.cubist.dev/siws` with the Org ID as the client ID
+     */
+    siwsInit: {
+        parameters: {
+            path: {
+                /**
+                 * @description Name or ID of the desired Org
+                 * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+                 */
+                org_id: string;
+            };
+        };
+        requestBody: {
+            content: {
+                "application/json": components["schemas"]["SiwsInitRequest"];
+            };
+        };
+        responses: {
+            200: components["responses"]["SiwsInitResponse"];
+            default: {
+                content: {
+                    "application/json": components["schemas"]["ErrorResponse"];
+                };
+            };
+        };
+    };
+    /**
+     * Complete login via Sign-in With Solana (SIWS)
+     * @description Complete login via Sign-in With Solana (SIWS)
+     *
+     * If the challenge (issued by the corresponding POST endpoint) is answered correctly, this endpoint
+     * generates an OIDC token that can then be exchanged for a user session via the standard OIDC auth route.
+     *
+     * > [!IMPORTANT]
+     * > For this endpoint to succeed, the org must be configured to:
+     * > Allow the issuer `https://shim.oauth2.cubist.dev/siws` with the Org ID as the client ID
+     */
+    siwsComplete: {
+        parameters: {
+            path: {
+                /**
+                 * @description Name or ID of the desired Org
+                 * @example Org#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+                 */
+                org_id: string;
+            };
+        };
+        requestBody: {
+            content: {
+                "application/json": components["schemas"]["SiwsCompleteRequest"];
+            };
+        };
+        responses: {
+            200: components["responses"]["SiwsCompleteResponse"];
+            default: {
+                content: {
+                    "application/json": components["schemas"]["ErrorResponse"];
+                };
+            };
+        };
+    };
     /**
      * Allows a user to authenticate with the telegram API using the tgWebAppData value
      * @description Allows a user to authenticate with the telegram API using the tgWebAppData value
@@ -16264,16 +16639,23 @@ export interface operations {
                 "page.start"?: string | null;
                 /**
                  * @description If provided, the name or ID of a role to operate on.
-                 * Cannot be specified together with `user`.
+                 * Cannot be specified together with other selectors.
                  * @example my-role
                  */
                 role?: string | null;
                 /**
                  * @description If provided, the ID of a user to operate on.
-                 * Cannot be specified together with `role`.
+                 * Cannot be specified together with other selectors.
                  * @example User#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
                  */
                 user?: string | null;
+                /**
+                 * @description If provided, the ID of the user whose created role sessions to operate on.
+                 * Selects all *role* sessions created by that user (user sessions are not affected).
+                 * Cannot be specified together with other selectors.
+                 * @example User#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+                 */
+                role_created_by?: string | null;
             };
             path: {
                 /**
@@ -16336,22 +16718,36 @@ export interface operations {
      *
      * If a `role` query parameter is provided, **ALL** session for **THAT ROLE** are revoked
      * (if the current user has permissions to revoke sessions for the role).
+     *
+     * If a `role_created_by` query parameter is provided, **ROLE** sessions created by **THAT USER**
+     * are revoked (gated by the same permissions as revoking that user's own sessions: the current
+     * user must be that user or an org owner). User sessions are not affected. Unless the current
+     * user is an org owner, only sessions for roles the current user is **still a member of** are
+     * revoked (so a user cannot revoke sessions for a role they have since been removed from); org
+     * owners revoke across all roles.
      */
     revokeSessions: {
         parameters: {
             query?: {
                 /**
                  * @description If provided, the name or ID of a role to operate on.
-                 * Cannot be specified together with `user`.
+                 * Cannot be specified together with other selectors.
                  * @example my-role
                  */
                 role?: string | null;
                 /**
                  * @description If provided, the ID of a user to operate on.
-                 * Cannot be specified together with `role`.
+                 * Cannot be specified together with other selectors.
                  * @example User#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
                  */
                 user?: string | null;
+                /**
+                 * @description If provided, the ID of the user whose created role sessions to operate on.
+                 * Selects all *role* sessions created by that user (user sessions are not affected).
+                 * Cannot be specified together with other selectors.
+                 * @example User#124dfe3e-3bbd-487d-80c0-53c55e8ab87a
+                 */
+                role_created_by?: string | null;
             };
             path: {
                 /**
@@ -17191,6 +17587,9 @@ export interface operations {
      */
     deleteOidcUser: {
         parameters: {
+            query?: {
+                revoke_role_sessions_they_created?: boolean | null;
+            };
             path: {
                 /**
                  * @description Name or ID of the desired Org
@@ -17332,6 +17731,9 @@ export interface operations {
      */
     deleteUser: {
         parameters: {
+            query?: {
+                revoke_role_sessions_they_created?: boolean | null;
+            };
             path: {
                 /**
                  * @description Name or ID of the desired Org