@eudiplo/sdk-core 1.14.0-main.0002da5

package/dist/types.gen-sNmRQvUI.d.ts

@@ -0,0 +1,3433 @@
+type ClientOptions = {
+    baseUrl: string;
+};
+type RoleDto = {
+    /**
+     * OAuth2 roles
+     */
+    role: "presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "tenants:manage" | "registrar:manage";
+};
+type ClientCredentialsDto = {
+    grant_type?: string;
+    client_id: string;
+    client_secret: string;
+};
+type TokenResponse = {
+    access_token: string;
+    refresh_token?: string;
+    token_type: string;
+    expires_in: number;
+};
+type ImportTenantDto = {
+    /**
+     * The name of the tenant.
+     */
+    name: string;
+    /**
+     * The description of the tenant.
+     */
+    description?: string;
+};
+type SessionStorageConfig = {
+    /**
+     * Time-to-live for sessions in seconds. If not set, uses global SESSION_TTL.
+     */
+    ttlSeconds?: number;
+    /**
+     * Cleanup mode: 'full' deletes everything, 'anonymize' keeps metadata but removes PII.
+     */
+    cleanupMode?: "full" | "anonymize";
+};
+type StatusListConfig = {
+    /**
+     * The capacity of the status list. If not set, uses global STATUS_CAPACITY.
+     */
+    capacity?: number;
+    /**
+     * Bits per status entry: 1 (valid/revoked), 2 (with suspended), 4/8 (extended). If not set, uses global STATUS_BITS.
+     */
+    bits?: 1 | 2 | 4 | 8;
+    /**
+     * TTL in seconds for the status list JWT. If not set, uses global STATUS_TTL.
+     */
+    ttl?: number;
+    /**
+     * If true, regenerate JWT immediately on status changes. If false (default), use lazy regeneration on TTL expiry.
+     */
+    immediateUpdate?: boolean;
+    /**
+     * If true, include aggregation_uri in status list JWTs for pre-fetching support (default: true).
+     */
+    enableAggregation?: boolean;
+};
+type TenantEntity = {
+    /**
+     * Session storage configuration for this tenant. Controls TTL and cleanup behavior.
+     */
+    sessionConfig?: SessionStorageConfig;
+    /**
+     * Status list configuration for this tenant. Only affects newly created status lists.
+     */
+    statusListConfig?: StatusListConfig;
+    /**
+     * The unique identifier for the tenant.
+     */
+    id: string;
+    /**
+     * The name of the tenant.
+     */
+    name: string;
+    /**
+     * The description of the tenant.
+     */
+    description?: string;
+    /**
+     * The current status of the tenant.
+     */
+    status: string;
+    /**
+     * The clients associated with the tenant.
+     */
+    clients: Array<ClientEntity>;
+};
+type ClientEntity = {
+    /**
+     * List of presentation config IDs this client can use. If empty/null, all configs are allowed.
+     */
+    allowedPresentationConfigs?: Array<string>;
+    /**
+     * List of issuance config IDs this client can use. If empty/null, all configs are allowed.
+     */
+    allowedIssuanceConfigs?: Array<string>;
+    /**
+     * The unique identifier for the client.
+     */
+    clientId: string;
+    /**
+     * The secret key for the client.
+     */
+    secret?: string;
+    /**
+     * The unique identifier for the tenant that the client belongs to. Only null for accounts that manage tenants, that do not belong to a client
+     */
+    tenantId?: string;
+    /**
+     * The description of the client.
+     */
+    description?: string;
+    /**
+     * The roles assigned to the client.
+     */
+    roles: Array<"presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "tenants:manage" | "registrar:manage">;
+    /**
+     * The tenant that the client belongs to.
+     */
+    tenant?: TenantEntity;
+};
+type CreateTenantDto = {
+    /**
+     * Status list configuration for this tenant. Only affects newly created status lists.
+     */
+    statusListConfig?: StatusListConfig;
+    /**
+     * Session storage configuration. Controls TTL and cleanup behavior.
+     */
+    sessionConfig?: SessionStorageConfig;
+    roles?: Array<"presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "tenants:manage" | "registrar:manage">;
+    /**
+     * The unique identifier for the tenant.
+     */
+    id: string;
+    /**
+     * The name of the tenant.
+     */
+    name: string;
+    /**
+     * The description of the tenant.
+     */
+    description?: string;
+};
+type UpdateTenantDto = {
+    /**
+     * Status list configuration for this tenant. Only affects newly created status lists.
+     */
+    statusListConfig?: StatusListConfig;
+    /**
+     * Session storage configuration. Controls TTL and cleanup behavior.
+     */
+    sessionConfig?: SessionStorageConfig;
+    /**
+     * The name of the tenant.
+     */
+    name?: string;
+    /**
+     * The description of the tenant.
+     */
+    description?: string;
+    roles?: Array<"presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "tenants:manage" | "registrar:manage">;
+};
+type ClientSecretResponseDto = {
+    secret: string;
+};
+type UpdateClientDto = {
+    /**
+     * List of presentation config IDs this client can use. If empty/null, all configs are allowed.
+     */
+    allowedPresentationConfigs?: Array<string>;
+    /**
+     * List of issuance config IDs this client can use. If empty/null, all configs are allowed.
+     */
+    allowedIssuanceConfigs?: Array<string>;
+    /**
+     * The description of the client.
+     */
+    description?: string;
+    /**
+     * The roles assigned to the client.
+     */
+    roles: Array<"presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "tenants:manage" | "registrar:manage">;
+};
+type CreateClientDto = {
+    /**
+     * List of presentation config IDs this client can use. If empty/null, all configs are allowed.
+     */
+    allowedPresentationConfigs?: Array<string>;
+    /**
+     * List of issuance config IDs this client can use. If empty/null, all configs are allowed.
+     */
+    allowedIssuanceConfigs?: Array<string>;
+    /**
+     * The unique identifier for the client.
+     */
+    clientId: string;
+    /**
+     * The secret key for the client.
+     */
+    secret?: string;
+    /**
+     * The description of the client.
+     */
+    description?: string;
+    /**
+     * The roles assigned to the client.
+     */
+    roles: Array<"presentation:manage" | "presentation:request" | "issuance:manage" | "issuance:offer" | "clients:manage" | "tenants:manage" | "registrar:manage">;
+};
+type StatusListImportDto = {
+    /**
+     * Unique identifier for the status list
+     */
+    id: string;
+    /**
+     * Credential configuration ID to bind this list exclusively to. Leave empty for a shared list.
+     */
+    credentialConfigurationId?: string;
+    /**
+     * Key chain ID to use for signing. Leave empty to use the tenant's default StatusList key chain.
+     */
+    keyChainId?: string;
+    /**
+     * Capacity of the status list. If not provided, uses tenant or global defaults.
+     */
+    capacity?: number;
+    /**
+     * Bits per status value. If not provided, uses tenant or global defaults.
+     */
+    bits?: 1 | 2 | 4 | 8;
+};
+type StatusListAggregationDto = {
+    /**
+     * Array of status list token URIs
+     */
+    status_lists: Array<string>;
+};
+type UpdateStatusListConfigDto = {
+    /**
+     * The capacity of the status list. Set to null to reset to global default.
+     */
+    capacity?: number;
+    /**
+     * Bits per status entry. Set to null to reset to global default.
+     */
+    bits?: 1 | 2 | 4 | 8;
+    /**
+     * TTL in seconds for the status list JWT. Set to null to reset to global default.
+     */
+    ttl?: number;
+    /**
+     * If true, regenerate JWT on every status change. Set to null to reset to default (false).
+     */
+    immediateUpdate?: boolean;
+    /**
+     * If true, include aggregation_uri in status list JWTs for pre-fetching support. Set to null to reset to default (true).
+     */
+    enableAggregation?: boolean;
+};
+type StatusListResponseDto = {
+    /**
+     * Unique identifier for the status list
+     */
+    id: string;
+    /**
+     * The tenant ID
+     */
+    tenantId: string;
+    /**
+     * Credential configuration ID this list is bound to. Null means shared.
+     */
+    credentialConfigurationId?: string;
+    /**
+     * Key chain ID used for signing. Null means using the tenant's default.
+     */
+    keyChainId?: string;
+    /**
+     * Bits per status value
+     */
+    bits: 1 | 2 | 4 | 8;
+    /**
+     * Total capacity of the status list
+     */
+    capacity: number;
+    /**
+     * Number of entries in use
+     */
+    usedEntries: number;
+    /**
+     * Number of available entries
+     */
+    availableEntries: number;
+    /**
+     * The public URI for this status list
+     */
+    uri: string;
+    /**
+     * Creation timestamp
+     */
+    createdAt: string;
+    /**
+     * JWT expiration timestamp. Null if JWT has not been generated yet.
+     */
+    expiresAt?: string;
+};
+type CreateStatusListDto = {
+    /**
+     * Credential configuration ID to bind this list exclusively to. Leave empty for a shared list.
+     */
+    credentialConfigurationId?: string;
+    /**
+     * Key chain ID to use for signing. Leave empty to use the tenant's default StatusList key chain.
+     */
+    keyChainId?: string;
+    /**
+     * Bits per status value. More bits allow more status states. Defaults to tenant configuration.
+     */
+    bits?: 1 | 2 | 4 | 8;
+    /**
+     * Maximum number of credential status entries. Defaults to tenant configuration.
+     */
+    capacity?: number;
+};
+type UpdateStatusListDto = {
+    /**
+     * Credential configuration ID to bind this list exclusively to. Set to null to make this a shared list.
+     */
+    credentialConfigurationId?: string;
+    /**
+     * Key chain ID to use for signing. Set to null to use the tenant's default StatusList key chain.
+     */
+    keyChainId?: string;
+};
+type AuthorizeQueries = {
+    issuer_state?: string;
+    response_type?: string;
+    client_id?: string;
+    redirect_uri?: string;
+    resource?: string;
+    scope?: string;
+    code_challenge?: string;
+    code_challenge_method?: string;
+    dpop_jkt?: string;
+    request_uri?: string;
+    auth_session?: string;
+    state?: string;
+};
+type OfferRequestDto = {
+    /**
+     * The type of response expected for the offer request.
+     */
+    response_type: "uri" | "dc-api";
+    /**
+     * Credential claims configuration per credential. Keys must match credentialConfigurationIds.
+     */
+    credentialClaims?: {
+        additionalProperties?: {
+            type: "inline";
+            claims: {
+                [key: string]: unknown;
+            };
+        } | {
+            type: "attributeProvider";
+            attributeProviderId: string;
+        } | {
+            type: "webhook";
+            webhook: {
+                url: string;
+                auth?: {
+                    [key: string]: unknown;
+                };
+            };
+        };
+    };
+    /**
+     * The flow type for the offer request.
+     */
+    flow: "authorization_code" | "pre_authorized_code";
+    /**
+     * Transaction code for pre-authorized code flow.
+     */
+    tx_code?: string;
+    /**
+     * Description for the transaction code (e.g., "Please enter the PIN sent to your email").
+     */
+    tx_code_description?: string;
+    /**
+     * List of credential configuration ids to be included in the offer.
+     */
+    credentialConfigurationIds: Array<string>;
+    /**
+     * Optional authorization server to be used for this issuance flow.
+     */
+    authorization_server?: string;
+    /**
+     * ID of the webhook endpoint to notify about the status of the issuance process.
+     */
+    webhookEndpointId?: string;
+};
+type WebHookAuthConfigNone = {
+    /**
+     * The type of authentication used for the webhook.
+     */
+    type: "none";
+};
+type ApiKeyConfig = {
+    /**
+     * The name of the header where the API key will be sent.
+     */
+    headerName: string;
+    /**
+     * The value of the API key to be sent in the header.
+     */
+    value: string;
+};
+type WebHookAuthConfigHeader = {
+    /**
+     * The type of authentication used for the webhook.
+     */
+    type: "apiKey";
+    /**
+     * Configuration for API key authentication.
+     * This is required if the type is 'apiKey'.
+     */
+    config: ApiKeyConfig;
+};
+type WebhookConfig = {
+    /**
+     * Optional authentication configuration for the webhook.
+     * If not provided, no authentication will be used.
+     */
+    auth: WebHookAuthConfigNone | WebHookAuthConfigHeader;
+    /**
+     * The URL to which the webhook will send notifications.
+     */
+    url: string;
+};
+type TransactionData = {
+    type: string;
+    credential_ids: Array<string>;
+};
+type Session = {
+    /**
+     * Status of the session.
+     */
+    status: "active" | "fetched" | "completed" | "expired" | "failed";
+    /**
+     * Unique identifier for the session.
+     */
+    id: string;
+    /**
+     * The timestamp when the request was created.
+     */
+    createdAt: string;
+    /**
+     * The timestamp when the request was last updated.
+     */
+    updatedAt: string;
+    /**
+     * The timestamp when the request is set to expire.
+     */
+    expiresAt?: string;
+    /**
+     * Flag indicating whether to use the DC API for the presentation request.
+     */
+    useDcApi: boolean;
+    /**
+     * Tenant ID for multi-tenancy support.
+     */
+    tenantId: string;
+    /**
+     * The tenant that owns this object.
+     */
+    tenant: TenantEntity;
+    authorization_code?: string;
+    /**
+     * Request URI from the authorization request.
+     */
+    request_uri?: string;
+    /**
+     * Authorization queries associated with the session.
+     * Encrypted at rest.
+     */
+    auth_queries?: AuthorizeQueries;
+    /**
+     * Credential offer object containing details about the credential offer or presentation request.
+     * Encrypted at rest.
+     */
+    offer?: {
+        [key: string]: unknown;
+    };
+    /**
+     * Offer URL for the credential offer.
+     */
+    offerUrl?: string;
+    /**
+     * Credential payload containing the offer request details.
+     * Encrypted at rest - may contain sensitive claim data.
+     */
+    credentialPayload?: OfferRequestDto;
+    /**
+     * ID of the webhook endpoint to notify about issuance status.
+     */
+    webhookEndpointId?: string;
+    /**
+     * Notifications associated with the session.
+     */
+    notifications: Array<{
+        [key: string]: unknown;
+    }>;
+    requestId?: string;
+    /**
+     * The URL of the presentation auth request.
+     */
+    requestUrl?: string;
+    /**
+     * Signed presentation auth request.
+     */
+    requestObject?: string;
+    /**
+     * Verified credentials from the presentation process.
+     * Encrypted at rest - contains personal information.
+     */
+    credentials?: Array<{
+        [key: string]: unknown;
+    }>;
+    /**
+     * Noncce from the Verifiable Presentation request.
+     */
+    vp_nonce?: string;
+    /**
+     * Client ID used in the OID4VP authorization request.
+     */
+    clientId?: string;
+    /**
+     * Response URI used in the OID4VP authorization request.
+     */
+    responseUri?: string;
+    /**
+     * Redirect URI to which the user-agent should be redirected after the presentation is completed.
+     */
+    redirectUri?: string;
+    /**
+     * Where to send the claims webhook response.
+     */
+    parsedWebhook?: WebhookConfig;
+    /**
+     * Transaction data to include in the OID4VP authorization request.
+     * Can be overridden per-request from the presentation configuration.
+     */
+    transaction_data?: Array<TransactionData>;
+    externalIssuer?: string;
+    /**
+     * The subject (sub) from the external authorization server token.
+     * Used to identify the user at the external AS.
+     */
+    externalSubject?: string;
+};
+type SessionLogEntryResponseDto = {
+    /**
+     * Log entry ID
+     */
+    id: string;
+    /**
+     * Session ID
+     */
+    sessionId: string;
+    /**
+     * Timestamp of the log entry
+     */
+    timestamp: string;
+    /**
+     * Log level
+     */
+    level: "info" | "warn" | "error";
+    /**
+     * Flow stage
+     */
+    stage?: string;
+    /**
+     * Log message
+     */
+    message: string;
+    /**
+     * Additional structured detail
+     */
+    detail?: {
+        [key: string]: unknown;
+    };
+};
+type StatusUpdateDto = {
+    /**
+     * The session ID of the user
+     */
+    sessionId: string;
+    /**
+     * The ID of the credential configuration
+     * This is optional, if not provided, all credentials will be revoked of the session.
+     */
+    credentialConfigurationId?: string;
+    /**
+     * The status of the credential
+     * 0 = valid, 1 = revoked, 2 = suspended
+     */
+    status: number;
+};
+type UpdateSessionConfigDto = {
+    /**
+     * Time-to-live for sessions in seconds. Set to null to use global default.
+     */
+    ttlSeconds?: number;
+    /**
+     * Cleanup mode: 'full' deletes everything, 'anonymize' keeps metadata but removes PII.
+     */
+    cleanupMode?: "full" | "anonymize";
+};
+type AuthenticationMethodNone = {
+    method: "none";
+};
+type AuthenticationUrlConfig = {
+    /**
+     * The URL used in the OID4VCI authorized code flow.
+     * This URL is where users will be redirected for authentication.
+     */
+    url: string;
+    /**
+     * Optional webhook configuration for authentication callbacks
+     */
+    webhook?: WebhookConfig;
+};
+type AuthenticationMethodAuth = {
+    method: "auth";
+    config: AuthenticationUrlConfig;
+};
+type PresentationDuringIssuanceConfig = {
+    /**
+     * Link to the presentation configuration that is relevant for the issuance process
+     */
+    type: string;
+};
+type AuthenticationMethodPresentation = {
+    method: "presentationDuringIssuance";
+    config: PresentationDuringIssuanceConfig;
+};
+type UpstreamOidcConfig = {
+    /**
+     * The OIDC issuer URL of the upstream provider
+     */
+    issuer: string;
+    /**
+     * The client ID registered with the upstream provider
+     */
+    clientId: string;
+    /**
+     * The client secret for confidential clients
+     */
+    clientSecret?: string;
+    /**
+     * Scopes to request from the upstream provider
+     */
+    scopes?: Array<string>;
+};
+type ChainedAsTokenConfig = {
+    /**
+     * Access token lifetime in seconds
+     */
+    lifetimeSeconds?: number;
+    /**
+     * Key ID for token signing
+     */
+    signingKeyId?: string;
+};
+type ChainedAsConfig = {
+    /**
+     * Enable chained AS mode
+     */
+    enabled: boolean;
+    /**
+     * Upstream OIDC provider configuration
+     */
+    upstream?: UpstreamOidcConfig;
+    /**
+     * Token configuration
+     */
+    token?: ChainedAsTokenConfig;
+    /**
+     * Require DPoP binding for tokens
+     */
+    requireDPoP?: boolean;
+};
+type DisplayLogo = {
+    uri: string;
+    alt_text?: string;
+};
+type DisplayInfo = {
+    name?: string;
+    locale?: string;
+    logo?: DisplayLogo;
+};
+type IssuanceConfig = {
+    /**
+     * Key ID for signing access tokens. If unset, the default signing key is used.
+     */
+    signingKeyId?: string;
+    /**
+     * Configuration for Chained Authorization Server mode.
+     * When enabled, EUDIPLO acts as an OAuth AS facade, delegating user authentication
+     * to an upstream OIDC provider while issuing its own tokens with issuer_state.
+     */
+    chainedAs?: ChainedAsConfig;
+    /**
+     * The tenant that owns this object.
+     */
+    tenant: TenantEntity;
+    /**
+     * Authentication server URL for the issuance process.
+     */
+    authServers?: Array<string>;
+    /**
+     * Value to determine the amount of credentials that are issued in a batch.
+     * Default is 1.
+     */
+    batchSize?: number;
+    /**
+     * Indicates whether DPoP is required for the issuance process. Default value is true.
+     */
+    dPopRequired?: boolean;
+    /**
+     * Indicates whether wallet attestation is required for the token endpoint.
+     * When enabled, wallets must provide OAuth-Client-Attestation headers.
+     * Default value is false.
+     */
+    walletAttestationRequired?: boolean;
+    /**
+     * URLs of trust lists containing trusted wallet providers.
+     * The wallet attestation's X.509 certificate will be validated against these trust lists.
+     * If empty and walletAttestationRequired is true, all wallet providers are rejected.
+     */
+    walletProviderTrustLists?: Array<string>;
+    /**
+     * The URL of the preferred authorization server for wallet-initiated flows.
+     * When set, this AS is placed first in the `authorization_servers` array
+     * of the credential issuer metadata, signaling wallets to use it by default.
+     * Must match one of the configured auth servers, the chained AS URL, or "built-in".
+     */
+    preferredAuthServer?: string;
+    display: Array<DisplayInfo>;
+    /**
+     * The timestamp when the VP request was created.
+     */
+    createdAt: string;
+    /**
+     * The timestamp when the VP request was last updated.
+     */
+    updatedAt: string;
+};
+type IssuanceDto = {
+    /**
+     * Key ID for signing access tokens. If unset, the default signing key is used.
+     */
+    signingKeyId?: string;
+    /**
+     * Configuration for Chained Authorization Server mode.
+     * When enabled, EUDIPLO acts as an OAuth AS facade, delegating user authentication
+     * to an upstream OIDC provider while issuing its own tokens with issuer_state.
+     */
+    chainedAs?: ChainedAsConfig;
+    /**
+     * Authentication server URL for the issuance process.
+     */
+    authServers?: Array<string>;
+    /**
+     * Value to determine the amount of credentials that are issued in a batch.
+     * Default is 1.
+     */
+    batchSize?: number;
+    /**
+     * Indicates whether DPoP is required for the issuance process. Default value is true.
+     */
+    dPopRequired?: boolean;
+    /**
+     * Indicates whether wallet attestation is required for the token endpoint.
+     * When enabled, wallets must provide OAuth-Client-Attestation headers.
+     * Default value is false.
+     */
+    walletAttestationRequired?: boolean;
+    /**
+     * URLs of trust lists containing trusted wallet providers.
+     * The wallet attestation's X.509 certificate will be validated against these trust lists.
+     * If empty and walletAttestationRequired is true, all wallet providers are rejected.
+     */
+    walletProviderTrustLists?: Array<string>;
+    /**
+     * The URL of the preferred authorization server for wallet-initiated flows.
+     * When set, this AS is placed first in the `authorization_servers` array
+     * of the credential issuer metadata, signaling wallets to use it by default.
+     * Must match one of the configured auth servers, the chained AS URL, or "built-in".
+     */
+    preferredAuthServer?: string;
+    display: Array<DisplayInfo>;
+};
+type ClaimsQuery = {
+    id?: string;
+    path: Array<string>;
+    values?: Array<string>;
+};
+type TrustedAuthorityQuery = {
+    type: "aki" | "etsi_tl";
+    values: Array<string>;
+};
+type CredentialQuery = {
+    id: string;
+    format: string;
+    multiple?: boolean;
+    claims?: Array<ClaimsQuery>;
+    meta: {
+        [key: string]: unknown;
+    };
+    trusted_authorities?: Array<TrustedAuthorityQuery>;
+};
+type CredentialSetQuery = {
+    options: Array<Array<string>>;
+    required?: boolean;
+};
+type PolicyCredential = {
+    claims?: Array<ClaimsQuery>;
+    credentials: Array<CredentialQuery>;
+    credential_sets?: Array<CredentialSetQuery>;
+};
+type AttestationBasedPolicy = {
+    policy: "attestationBased";
+    values: Array<PolicyCredential>;
+};
+type NoneTrustPolicy = {
+    policy: "none";
+};
+type AllowListPolicy = {
+    policy: "allowList";
+    values: Array<string>;
+};
+type RootOfTrustPolicy = {
+    policy: "rootOfTrust";
+    values: string;
+};
+type Vct = {
+    vct?: string;
+    name?: string;
+    description?: string;
+    extends?: string;
+    "extends#integrity"?: string;
+    schema_uri?: string;
+    "schema_uri#integrity"?: string;
+};
+type IaeActionOpenid4VpPresentation = {
+    /**
+     * Action type discriminator
+     */
+    type: "openid4vp_presentation";
+    /**
+     * Optional label for this step (for display purposes)
+     */
+    label?: string;
+    /**
+     * ID of the presentation configuration to use for this step
+     */
+    presentationConfigId: string;
+};
+type IaeActionRedirectToWeb = {
+    /**
+     * Action type discriminator
+     */
+    type: "redirect_to_web";
+    /**
+     * Optional label for this step (for display purposes)
+     */
+    label?: string;
+    /**
+     * URL to redirect the user to for web-based interaction
+     */
+    url: string;
+    /**
+     * URL where the external service should redirect back after completion. If not provided, the service must call back to the IAE endpoint.
+     */
+    callbackUrl?: string;
+    /**
+     * Description of what the user should do on the web page (for wallet display)
+     */
+    description?: string;
+};
+type EmbeddedDisclosurePolicy = {
+    policy: string;
+};
+type DisplayImage = {
+    uri: string;
+};
+type Display = {
+    name: string;
+    description: string;
+    locale: string;
+    background_color?: string;
+    text_color?: string;
+    background_image?: DisplayImage;
+    logo?: DisplayImage;
+};
+type IssuerMetadataCredentialConfig = {
+    format: "mso_mdoc" | "dc+sd-jwt";
+    display: Array<Display>;
+    scope?: string;
+    /**
+     * Document type for mDOC credentials (e.g., "org.iso.18013.5.1.mDL").
+     * Only applicable when format is "mso_mdoc".
+     */
+    docType?: string;
+    /**
+     * Namespace for mDOC credentials (e.g., "org.iso.18013.5.1").
+     * Only applicable when format is "mso_mdoc".
+     * Used when claims are provided as a flat object.
+     */
+    namespace?: string;
+    /**
+     * Claims organized by namespace for mDOC credentials.
+     * Allows specifying claims across multiple namespaces.
+     * Only applicable when format is "mso_mdoc".
+     * Example:
+     * {
+     * "org.iso.18013.5.1": { "given_name": "John", "family_name": "Doe" },
+     * "org.iso.18013.5.1.aamva": { "DHS_compliance": "F" }
+     * }
+     */
+    claimsByNamespace?: {
+        [key: string]: unknown;
+    };
+};
+type AttributeProviderEntity = {
+    auth: WebHookAuthConfigNone | WebHookAuthConfigHeader;
+    id: string;
+    tenantId: string;
+    tenant: TenantEntity;
+    name: string;
+    description?: string;
+    url: string;
+};
+type WebhookEndpointEntity = {
+    auth: WebHookAuthConfigNone | WebHookAuthConfigHeader;
+    id: string;
+    tenantId: string;
+    tenant: TenantEntity;
+    name: string;
+    description?: string;
+    url: string;
+};
+type KeyChainEntity = {
+    /**
+     * Unique identifier for the key chain.
+     * This is the ID referenced by other entities (e.g., issuance config's signingKeyId).
+     */
+    id: string;
+    /**
+     * Tenant ID for the key chain.
+     */
+    tenantId: string;
+    /**
+     * The tenant that owns this key chain.
+     */
+    tenant: TenantEntity;
+    /**
+     * Human-readable description of the key chain.
+     */
+    description?: string;
+    /**
+     * The purpose/role of this key chain in the system.
+     */
+    usageType: "access" | "attestation" | "trustList" | "statusList" | "encrypt";
+    /**
+     * The usage type of the keys (sign or encrypt).
+     */
+    usage: "sign" | "encrypt";
+    /**
+     * The KMS provider used for this key chain.
+     * References a configured KMS provider name.
+     */
+    kmsProvider: string;
+    /**
+     * External key identifier for cloud KMS providers.
+     * This field stores the provider-specific key reference for the active signing key.
+     */
+    externalKeyId?: string;
+    rootKey?: {
+        [key: string]: unknown;
+    };
+    /**
+     * Root CA certificate in PEM format.
+     * Self-signed certificate for the root CA key.
+     */
+    rootCertificate?: string;
+    activeKey: {
+        [key: string]: unknown;
+    };
+    /**
+     * Certificate for the active signing key in PEM format.
+     * Either CA-signed (if rootKey exists) or self-signed.
+     */
+    activeCertificate: string;
+    rotationEnabled: boolean;
+    /**
+     * Rotation interval in days. Key material will be rotated after this many days.
+     */
+    rotationIntervalDays?: number;
+    /**
+     * Certificate validity in days when generating new certificates.
+     */
+    certValidityDays?: number;
+    /**
+     * Timestamp of when the key was last rotated.
+     */
+    lastRotatedAt?: string;
+    previousKey?: {
+        [key: string]: unknown;
+    };
+    /**
+     * Certificate for the previous signing key in PEM format.
+     */
+    previousCertificate?: string;
+    /**
+     * Expiry date for the previous key.
+     * After this date, the previous key should be deleted.
+     */
+    previousKeyExpiry?: string;
+    createdAt: string;
+    /**
+     * The timestamp when the key chain was last updated.
+     */
+    updatedAt: string;
+};
+type SchemaResponse = {
+    $schema: string;
+    type: string;
+    properties: {
+        [key: string]: unknown;
+    };
+    required?: Array<string>;
+    title?: string;
+    description?: string;
+};
+type CredentialConfig = {
+    /**
+     * VCT as a URI string (e.g., urn:eudi:pid:de:1) or as an object for EUDIPLO-hosted VCT
+     */
+    vct?: string | Vct;
+    /**
+     * List of IAE actions to execute before credential issuance
+     */
+    iaeActions?: Array<IaeActionOpenid4VpPresentation | IaeActionRedirectToWeb>;
+    /**
+     * Embedded disclosure policy (discriminated union by `policy`).
+     * The discriminator makes class-transformer instantiate the right subclass,
+     * and then class-validator runs that subclass’s rules.
+     */
+    embeddedDisclosurePolicy?: EmbeddedDisclosurePolicy;
+    id: string;
+    description?: string;
+    /**
+     * The tenant that owns this object.
+     */
+    tenant: TenantEntity;
+    config: IssuerMetadataCredentialConfig;
+    claims?: {
+        [key: string]: unknown;
+    };
+    /**
+     * Reference to the attribute provider used for fetching claims.
+     * Optional: if set, claims will be fetched from this provider during issuance.
+     */
+    attributeProviderId?: string;
+    attributeProvider?: AttributeProviderEntity;
+    /**
+     * Reference to the webhook endpoint used for notifications.
+     * Optional: if set, notifications will be sent to this endpoint.
+     */
+    webhookEndpointId?: string;
+    webhookEndpoint?: WebhookEndpointEntity;
+    disclosureFrame?: {
+        [key: string]: unknown;
+    };
+    keyBinding?: boolean;
+    /**
+     * Reference to the key chain used for signing.
+     * Optional: if not specified, the default attestation key chain will be used.
+     */
+    keyChainId?: string;
+    keyChain?: KeyChainEntity;
+    statusManagement?: boolean;
+    lifeTime?: number;
+    schema?: SchemaResponse;
+};
+type CredentialConfigCreate = {
+    /**
+     * VCT as a URI string (e.g., urn:eudi:pid:de:1) or as an object for EUDIPLO-hosted VCT
+     */
+    vct?: string | Vct;
+    /**
+     * List of IAE actions to execute before credential issuance
+     */
+    iaeActions?: Array<IaeActionOpenid4VpPresentation | IaeActionRedirectToWeb>;
+    /**
+     * Embedded disclosure policy (discriminated union by `policy`).
+     * The discriminator makes class-transformer instantiate the right subclass,
+     * and then class-validator runs that subclass’s rules.
+     */
+    embeddedDisclosurePolicy?: EmbeddedDisclosurePolicy;
+    id: string;
+    description?: string;
+    config: IssuerMetadataCredentialConfig;
+    claims?: {
+        [key: string]: unknown;
+    };
+    /**
+     * Reference to the attribute provider used for fetching claims.
+     * Optional: if set, claims will be fetched from this provider during issuance.
+     */
+    attributeProviderId?: string;
+    /**
+     * Reference to the webhook endpoint used for notifications.
+     * Optional: if set, notifications will be sent to this endpoint.
+     */
+    webhookEndpointId?: string;
+    disclosureFrame?: {
+        [key: string]: unknown;
+    };
+    keyBinding?: boolean;
+    /**
+     * Reference to the key chain used for signing.
+     * Optional: if not specified, the default attestation key chain will be used.
+     */
+    keyChainId?: string;
+    statusManagement?: boolean;
+    lifeTime?: number;
+    schema?: SchemaResponse;
+};
+type CredentialConfigUpdate = {
+    /**
+     * VCT as a URI string (e.g., urn:eudi:pid:de:1) or as an object for EUDIPLO-hosted VCT
+     */
+    vct?: string | Vct;
+    /**
+     * List of IAE actions to execute before credential issuance
+     */
+    iaeActions?: Array<IaeActionOpenid4VpPresentation | IaeActionRedirectToWeb>;
+    /**
+     * Embedded disclosure policy (discriminated union by `policy`).
+     * The discriminator makes class-transformer instantiate the right subclass,
+     * and then class-validator runs that subclass’s rules.
+     */
+    embeddedDisclosurePolicy?: EmbeddedDisclosurePolicy;
+    id?: string;
+    description?: string;
+    config?: IssuerMetadataCredentialConfig;
+    claims?: {
+        [key: string]: unknown;
+    };
+    /**
+     * Reference to the attribute provider used for fetching claims.
+     * Optional: if set, claims will be fetched from this provider during issuance.
+     */
+    attributeProviderId?: string;
+    /**
+     * Reference to the webhook endpoint used for notifications.
+     * Optional: if set, notifications will be sent to this endpoint.
+     */
+    webhookEndpointId?: string;
+    disclosureFrame?: {
+        [key: string]: unknown;
+    };
+    keyBinding?: boolean;
+    /**
+     * Reference to the key chain used for signing.
+     * Optional: if not specified, the default attestation key chain will be used.
+     */
+    keyChainId?: string;
+    statusManagement?: boolean;
+    lifeTime?: number;
+    schema?: SchemaResponse;
+};
+type CreateAttributeProviderDto = {
+    auth: WebHookAuthConfigNone | WebHookAuthConfigHeader;
+    id: string;
+    name: string;
+    description?: string;
+    url: string;
+};
+type UpdateAttributeProviderDto = {
+    auth?: WebHookAuthConfigNone | WebHookAuthConfigHeader;
+    id?: string;
+    name?: string;
+    description?: string;
+    url?: string;
+};
+type CreateWebhookEndpointDto = {
+    auth: WebHookAuthConfigNone | WebHookAuthConfigHeader;
+    id: string;
+    name: string;
+    description?: string;
+    url: string;
+};
+type UpdateWebhookEndpointDto = {
+    auth?: WebHookAuthConfigNone | WebHookAuthConfigHeader;
+    id?: string;
+    name?: string;
+    description?: string;
+    url?: string;
+};
+type Dcql = {
+    credentials: Array<CredentialQuery>;
+    credential_sets?: Array<CredentialSetQuery>;
+};
+type RegistrationCertificateRequest = {
+    /**
+     * The body of the registration certificate request containing the necessary details.
+     */
+    jwt: string;
+};
+type PresentationAttachment = {
+    format: string;
+    data: {
+        [key: string]: unknown;
+    };
+    credential_ids?: Array<string>;
+};
+type PresentationConfig = {
+    /**
+     * Unique identifier for the VP request.
+     */
+    id: string;
+    /**
+     * The tenant that owns this object.
+     */
+    tenant: TenantEntity;
+    /**
+     * Description of the presentation configuration.
+     */
+    description?: string;
+    /**
+     * Lifetime how long the presentation request is valid after creation, in seconds.
+     */
+    lifeTime?: number;
+    /**
+     * The DCQL query to be used for the VP request.
+     */
+    dcql_query: Dcql;
+    transaction_data?: Array<TransactionData>;
+    /**
+     * The registration certificate request containing the necessary details.
+     */
+    registrationCert?: RegistrationCertificateRequest;
+    /**
+     * Optional webhook URL to receive the response.
+     */
+    webhook?: WebhookConfig;
+    /**
+     * The timestamp when the VP request was created.
+     */
+    createdAt: string;
+    /**
+     * The timestamp when the VP request was last updated.
+     */
+    updatedAt: string;
+    /**
+     * Attestation that should be attached
+     */
+    attached?: Array<PresentationAttachment>;
+    /**
+     * Redirect URI to which the user-agent should be redirected after the presentation is completed.
+     * You can use the `{sessionId}` placeholder in the URI, which will be replaced with the actual session ID.
+     */
+    redirectUri?: string;
+    /**
+     * Optional ID of the access certificate to use for signing the presentation request.
+     * If not provided, the default access certificate for the tenant will be used.
+     *
+     * Note: This is intentionally NOT a TypeORM relationship because CertEntity uses
+     * a composite primary key (id + tenantId), and SQLite cannot create foreign keys
+     * that reference only part of a composite primary key. The relationship is handled
+     * at the application level in the service layer.
+     */
+    accessKeyChainId?: string;
+};
+type PresentationConfigCreateDto = {
+    /**
+     * Unique identifier for the VP request.
+     */
+    id: string;
+    /**
+     * Description of the presentation configuration.
+     */
+    description?: string;
+    /**
+     * Lifetime how long the presentation request is valid after creation, in seconds.
+     */
+    lifeTime?: number;
+    /**
+     * The DCQL query to be used for the VP request.
+     */
+    dcql_query: Dcql;
+    transaction_data?: Array<TransactionData>;
+    /**
+     * The registration certificate request containing the necessary details.
+     */
+    registrationCert?: RegistrationCertificateRequest;
+    /**
+     * Optional webhook URL to receive the response.
+     */
+    webhook?: WebhookConfig;
+    /**
+     * Attestation that should be attached
+     */
+    attached?: Array<PresentationAttachment>;
+    /**
+     * Redirect URI to which the user-agent should be redirected after the presentation is completed.
+     * You can use the `{sessionId}` placeholder in the URI, which will be replaced with the actual session ID.
+     */
+    redirectUri?: string;
+    /**
+     * Optional ID of the access certificate to use for signing the presentation request.
+     * If not provided, the default access certificate for the tenant will be used.
+     *
+     * Note: This is intentionally NOT a TypeORM relationship because CertEntity uses
+     * a composite primary key (id + tenantId), and SQLite cannot create foreign keys
+     * that reference only part of a composite primary key. The relationship is handled
+     * at the application level in the service layer.
+     */
+    accessKeyChainId?: string;
+};
+type PresentationConfigUpdateDto = {
+    /**
+     * Unique identifier for the VP request.
+     */
+    id?: string;
+    /**
+     * Description of the presentation configuration.
+     */
+    description?: string;
+    /**
+     * Lifetime how long the presentation request is valid after creation, in seconds.
+     */
+    lifeTime?: number;
+    /**
+     * The DCQL query to be used for the VP request.
+     */
+    dcql_query?: Dcql;
+    transaction_data?: Array<TransactionData>;
+    /**
+     * The registration certificate request containing the necessary details.
+     */
+    registrationCert?: RegistrationCertificateRequest;
+    /**
+     * Optional webhook URL to receive the response.
+     */
+    webhook?: WebhookConfig;
+    /**
+     * Attestation that should be attached
+     */
+    attached?: Array<PresentationAttachment>;
+    /**
+     * Redirect URI to which the user-agent should be redirected after the presentation is completed.
+     * You can use the `{sessionId}` placeholder in the URI, which will be replaced with the actual session ID.
+     */
+    redirectUri?: string;
+    /**
+     * Optional ID of the access certificate to use for signing the presentation request.
+     * If not provided, the default access certificate for the tenant will be used.
+     *
+     * Note: This is intentionally NOT a TypeORM relationship because CertEntity uses
+     * a composite primary key (id + tenantId), and SQLite cannot create foreign keys
+     * that reference only part of a composite primary key. The relationship is handled
+     * at the application level in the service layer.
+     */
+    accessKeyChainId?: string;
+};
+type DeferredCredentialRequestDto = {
+    /**
+     * The transaction identifier previously returned by the Credential Endpoint
+     */
+    transaction_id: string;
+};
+type NotificationRequestDto = {
+    notification_id: string;
+    event: {
+        [key: string]: unknown;
+    };
+};
+type ParResponseDto = {
+    /**
+     * The request URI for the Pushed Authorization Request.
+     */
+    request_uri: string;
+    /**
+     * The expiration time for the request URI in seconds.
+     */
+    expires_in: number;
+};
+type InteractiveAuthorizationRequestDto = {
+    /**
+     * Response type (for initial request)
+     */
+    response_type?: string;
+    /**
+     * Client identifier (for initial request)
+     */
+    client_id?: string;
+    /**
+     * Comma-separated list of supported interaction types (for initial request)
+     */
+    interaction_types_supported?: string;
+    /**
+     * Redirect URI (for initial request)
+     */
+    redirect_uri?: string;
+    /**
+     * OAuth scope
+     */
+    scope?: string;
+    /**
+     * PKCE code challenge
+     */
+    code_challenge?: string;
+    /**
+     * PKCE code challenge method
+     */
+    code_challenge_method?: string;
+    /**
+     * Authorization details
+     */
+    authorization_details?: {
+        [key: string]: unknown;
+    };
+    /**
+     * State parameter
+     */
+    state?: string;
+    /**
+     * Issuer state from credential offer
+     */
+    issuer_state?: string;
+    /**
+     * Auth session identifier (for follow-up request)
+     */
+    auth_session?: string;
+    /**
+     * OpenID4VP response (for follow-up request)
+     */
+    openid4vp_response?: string;
+    /**
+     * PKCE code verifier (for follow-up request)
+     */
+    code_verifier?: string;
+    /**
+     * JAR request JWT (by value)
+     */
+    request?: string;
+    /**
+     * JAR request URI (by reference)
+     */
+    request_uri?: string;
+};
+type InteractiveAuthorizationCodeResponseDto = {
+    /**
+     * Response status
+     */
+    status: string;
+    /**
+     * Authorization code
+     */
+    code: string;
+};
+type InteractiveAuthorizationErrorResponseDto = {
+    /**
+     * OAuth error code
+     */
+    error: string;
+    /**
+     * Human-readable error description
+     */
+    error_description?: string;
+};
+type ChainedAsParRequestDto = {
+    /**
+     * OAuth response type (must be 'code')
+     */
+    response_type: string;
+    /**
+     * Client identifier (wallet identifier)
+     */
+    client_id: string;
+    /**
+     * URI to redirect the wallet after authorization
+     */
+    redirect_uri: string;
+    /**
+     * PKCE code challenge
+     */
+    code_challenge?: string;
+    /**
+     * PKCE code challenge method (e.g., S256)
+     */
+    code_challenge_method?: string;
+    /**
+     * State parameter (returned in redirect)
+     */
+    state?: string;
+    /**
+     * Scope requested
+     */
+    scope?: string;
+    /**
+     * Issuer state from credential offer
+     */
+    issuer_state?: string;
+    /**
+     * Authorization details (JSON array)
+     */
+    authorization_details?: Array<{
+        [key: string]: unknown;
+    }>;
+};
+type ChainedAsParResponseDto = {
+    /**
+     * The request URI to use at the authorization endpoint
+     */
+    request_uri: string;
+    /**
+     * The lifetime of the request URI in seconds
+     */
+    expires_in: number;
+};
+type ChainedAsErrorResponseDto = {
+    /**
+     * Error code
+     */
+    error: string;
+    /**
+     * Human-readable error description
+     */
+    error_description?: string;
+};
+type ChainedAsTokenRequestDto = {
+    /**
+     * Grant type (must be 'authorization_code')
+     */
+    grant_type: string;
+    /**
+     * Authorization code received in the callback
+     */
+    code: string;
+    /**
+     * Client identifier
+     */
+    client_id?: string;
+    /**
+     * Redirect URI (must match the one used in PAR)
+     */
+    redirect_uri?: string;
+    /**
+     * PKCE code verifier
+     */
+    code_verifier?: string;
+};
+type ChainedAsTokenResponseDto = {
+    /**
+     * The access token
+     */
+    access_token: string;
+    /**
+     * Token type (Bearer or DPoP)
+     */
+    token_type: string;
+    /**
+     * Token lifetime in seconds
+     */
+    expires_in: number;
+    /**
+     * Scope granted
+     */
+    scope?: string;
+    /**
+     * Authorized credential configurations
+     */
+    authorization_details?: Array<{
+        [key: string]: unknown;
+    }>;
+    /**
+     * C_NONCE for credential request
+     */
+    c_nonce?: string;
+    /**
+     * C_NONCE lifetime in seconds
+     */
+    c_nonce_expires_in?: number;
+};
+type OfferResponse = {
+    uri: string;
+    /**
+     * URI for cross-device flows (no redirect after completion)
+     */
+    crossDeviceUri?: string;
+    session: string;
+};
+type CompleteDeferredDto = {
+    /**
+     * Claims to include in the credential. The structure should match the credential configuration's expected claims.
+     */
+    claims: {
+        [key: string]: unknown;
+    };
+};
+type DeferredOperationResponse = {
+    /**
+     * The transaction ID
+     */
+    transactionId: string;
+    /**
+     * The new status of the transaction
+     */
+    status: "pending" | "ready" | "retrieved" | "expired" | "failed";
+    /**
+     * Optional message
+     */
+    message?: string;
+};
+type FailDeferredDto = {
+    /**
+     * Optional error message explaining why the issuance failed
+     */
+    error?: string;
+};
+type EcPublic = {
+    /**
+     * The key type, which is always 'EC' for Elliptic Curve keys.
+     */
+    kty: string;
+    /**
+     * The algorithm intended for use with the key, such as 'ES256'.
+     */
+    crv: string;
+    /**
+     * The x coordinate of the EC public key.
+     */
+    x: string;
+    /**
+     * The y coordinate of the EC public key.
+     */
+    y: string;
+};
+type JwksResponseDto = {
+    /**
+     * An array of EC public keys in JWK format.
+     */
+    keys: Array<EcPublic>;
+};
+type AuthorizationResponse = {
+    /**
+     * The response string containing the authorization details.
+     */
+    response: string;
+    /**
+     * When set to true, the authorization response will be sent to the client.
+     */
+    sendResponse?: boolean;
+};
+type RegistrarConfigEntity = {
+    /**
+     * The base URL of the registrar API
+     */
+    registrarUrl: string;
+    /**
+     * The OIDC issuer URL for authentication (e.g., Keycloak realm URL)
+     */
+    oidcUrl: string;
+    /**
+     * The OIDC client ID for the registrar
+     */
+    clientId: string;
+    /**
+     * The OIDC client secret (optional, for confidential clients)
+     */
+    clientSecret?: string;
+    /**
+     * The username for OIDC login
+     */
+    username: string;
+    /**
+     * The password for OIDC login (stored in plaintext)
+     */
+    password: string;
+    /**
+     * The tenant ID this configuration belongs to.
+     */
+    tenantId: string;
+    /**
+     * The tenant that owns this configuration.
+     */
+    tenant: TenantEntity;
+};
+type CreateRegistrarConfigDto = {
+    /**
+     * The base URL of the registrar API
+     */
+    registrarUrl: string;
+    /**
+     * The OIDC issuer URL for authentication (e.g., Keycloak realm URL)
+     */
+    oidcUrl: string;
+    /**
+     * The OIDC client ID for the registrar
+     */
+    clientId: string;
+    /**
+     * The OIDC client secret (optional, for confidential clients)
+     */
+    clientSecret?: string;
+    /**
+     * The username for OIDC login
+     */
+    username: string;
+    /**
+     * The password for OIDC login (stored in plaintext)
+     */
+    password: string;
+};
+type UpdateRegistrarConfigDto = {
+    /**
+     * The base URL of the registrar API
+     */
+    registrarUrl?: string;
+    /**
+     * The OIDC issuer URL for authentication (e.g., Keycloak realm URL)
+     */
+    oidcUrl?: string;
+    /**
+     * The OIDC client ID for the registrar
+     */
+    clientId?: string;
+    /**
+     * The OIDC client secret (optional, for confidential clients)
+     */
+    clientSecret?: string;
+    /**
+     * The username for OIDC login
+     */
+    username?: string;
+    /**
+     * The password for OIDC login (stored in plaintext)
+     */
+    password?: string;
+};
+type CreateAccessCertificateDto = {
+    /**
+     * The ID of the key to create an access certificate for
+     */
+    keyId: string;
+};
+type TrustListEntityInfo = {
+    name: string;
+    lang?: string;
+    uri?: string;
+    country?: string;
+    locality?: string;
+    postalCode?: string;
+    streetAddress?: string;
+    contactUri?: string;
+};
+type InternalTrustListEntity = {
+    type: "internal";
+    issuerKeyChainId: string;
+    revocationKeyChainId: string;
+    info: TrustListEntityInfo;
+};
+type ExternalTrustListEntity = {
+    type: "external";
+    issuerCertPem: string;
+    revocationCertPem: string;
+    info: TrustListEntityInfo;
+};
+type TrustListCreateDto = {
+    entities: Array<({
+        type: "internal";
+    } & InternalTrustListEntity) | ({
+        type: "external";
+    } & ExternalTrustListEntity)>;
+    id?: string;
+    description?: string;
+    keyChainId?: string;
+    /**
+     * The full trust list JSON (generated LoTE structure)
+     */
+    data?: {
+        [key: string]: unknown;
+    };
+};
+type TrustList = {
+    /**
+     * Unique identifier for the trust list
+     */
+    id: string;
+    description?: string;
+    /**
+     * The tenant ID for which the VP request is made.
+     */
+    tenantId: string;
+    /**
+     * The tenant that owns this object.
+     */
+    tenant: TenantEntity;
+    keyChainId: string;
+    keyChain: KeyChainEntity;
+    /**
+     * The full trust list JSON (generated LoTE structure)
+     */
+    data?: {
+        [key: string]: unknown;
+    };
+    /**
+     * The original entity configuration used to create this trust list.
+     * Stored for round-tripping when editing.
+     */
+    entityConfig?: Array<{
+        [key: string]: unknown;
+    }>;
+    /**
+     * The sequence number for versioning (incremented on updates)
+     */
+    sequenceNumber: number;
+    /**
+     * The signed JWT representation of this trust list
+     */
+    jwt: string;
+    createdAt: string;
+    updatedAt: string;
+};
+type TrustListVersion = {
+    id: string;
+    trustListId: string;
+    trustList: TrustList;
+    tenantId: string;
+    /**
+     * The sequence number at the time this version was created
+     */
+    sequenceNumber: number;
+    /**
+     * The full trust list JSON at this version
+     */
+    data: {
+        [key: string]: unknown;
+    };
+    /**
+     * The entity configuration at this version
+     */
+    entityConfig?: {
+        [key: string]: unknown;
+    };
+    /**
+     * The signed JWT at this version
+     */
+    jwt: string;
+    createdAt: string;
+};
+type KmsProviderCapabilitiesDto = {
+    /**
+     * Whether the provider supports importing existing keys.
+     */
+    canImport: boolean;
+    /**
+     * Whether the provider supports generating new keys.
+     */
+    canCreate: boolean;
+    /**
+     * Whether the provider supports deleting keys.
+     */
+    canDelete: boolean;
+};
+type KmsProviderInfoDto = {
+    /**
+     * Unique provider ID (matches the id in kms.json).
+     */
+    name: string;
+    /**
+     * Type of the KMS provider (db, vault, aws-kms).
+     */
+    type: string;
+    /**
+     * Human-readable description of this provider instance.
+     */
+    description?: string;
+    /**
+     * Capabilities of this provider.
+     */
+    capabilities: KmsProviderCapabilitiesDto;
+};
+type KmsProvidersResponseDto = {
+    /**
+     * Detailed info for each registered KMS provider.
+     */
+    providers: Array<KmsProviderInfoDto>;
+    /**
+     * The default KMS provider name.
+     */
+    default: string;
+};
+type CertificateInfoDto = {
+    /**
+     * Certificate in PEM format.
+     */
+    pem: string;
+    /**
+     * Certificate subject (CN).
+     */
+    subject?: string;
+    /**
+     * Certificate issuer (CN).
+     */
+    issuer?: string;
+    /**
+     * Certificate not before date.
+     */
+    notBefore?: string;
+    /**
+     * Certificate not after date.
+     */
+    notAfter?: string;
+    /**
+     * Serial number.
+     */
+    serialNumber?: string;
+};
+type PublicKeyInfoDto = {
+    /**
+     * Key type (e.g., EC).
+     */
+    kty: string;
+    /**
+     * Key algorithm (e.g., ES256).
+     */
+    alg?: string;
+    /**
+     * Key ID.
+     */
+    kid?: string;
+    /**
+     * Curve (for EC keys).
+     */
+    crv?: string;
+};
+type RotationPolicyResponseDto = {
+    /**
+     * Whether automatic key rotation is enabled.
+     */
+    enabled: boolean;
+    /**
+     * Rotation interval in days.
+     */
+    intervalDays?: number;
+    /**
+     * Certificate validity in days.
+     */
+    certValidityDays?: number;
+    /**
+     * Next scheduled rotation date.
+     */
+    nextRotationAt?: string;
+};
+type KeyChainResponseDto = {
+    /**
+     * Unique identifier for the key chain.
+     */
+    id: string;
+    /**
+     * Usage type of the key chain.
+     */
+    usageType: "access" | "attestation" | "trustList" | "statusList" | "encrypt";
+    /**
+     * Type of key chain (standalone or internalChain).
+     */
+    type: "standalone" | "internalChain";
+    /**
+     * Human-readable description.
+     */
+    description?: string;
+    /**
+     * KMS provider used for this key chain.
+     */
+    kmsProvider: string;
+    /**
+     * Root CA certificate (only for internalChain type).
+     */
+    rootCertificate?: CertificateInfoDto;
+    /**
+     * Active signing key's public key info.
+     */
+    activePublicKey: PublicKeyInfoDto;
+    /**
+     * Active signing key's certificate. Not present for encryption keys.
+     */
+    activeCertificate?: CertificateInfoDto;
+    /**
+     * Previous signing key's public key info (if in grace period).
+     */
+    previousPublicKey?: PublicKeyInfoDto;
+    /**
+     * Previous signing key's certificate (if in grace period).
+     */
+    previousCertificate?: CertificateInfoDto;
+    /**
+     * Previous key expiry date.
+     */
+    previousKeyExpiry?: string;
+    /**
+     * Rotation policy configuration.
+     */
+    rotationPolicy: RotationPolicyResponseDto;
+    /**
+     * Timestamp when the key chain was created.
+     */
+    createdAt: string;
+    /**
+     * Timestamp when the key chain was last updated.
+     */
+    updatedAt: string;
+};
+type ExportEcJwk = {
+    /**
+     * Key type
+     */
+    kty: string;
+    /**
+     * Curve
+     */
+    crv: string;
+    /**
+     * X coordinate (base64url)
+     */
+    x: string;
+    /**
+     * Y coordinate (base64url)
+     */
+    y: string;
+    /**
+     * Private key (base64url)
+     */
+    d: string;
+    /**
+     * Algorithm
+     */
+    alg?: string;
+    /**
+     * Key ID
+     */
+    kid?: string;
+};
+type ExportRotationPolicyDto = {
+    /**
+     * Whether rotation is enabled.
+     */
+    enabled: boolean;
+    /**
+     * Rotation interval in days.
+     */
+    intervalDays?: number;
+    /**
+     * Certificate validity in days.
+     */
+    certValidityDays?: number;
+};
+type KeyChainExportDto = {
+    /**
+     * Key chain ID.
+     */
+    id: string;
+    /**
+     * Human-readable description.
+     */
+    description?: string;
+    /**
+     * Usage type for this key chain.
+     */
+    usageType: "access" | "attestation" | "trustList" | "statusList" | "encrypt";
+    /**
+     * The private key in JWK format (EC).
+     */
+    key: ExportEcJwk;
+    /**
+     * Certificate chain in PEM format (leaf first, then intermediates/CA).
+     */
+    crt?: Array<string>;
+    /**
+     * KMS provider name.
+     */
+    kmsProvider?: string;
+    /**
+     * Rotation policy.
+     */
+    rotationPolicy?: ExportRotationPolicyDto;
+};
+type RotationPolicyCreateDto = {
+    /**
+     * Whether automatic key rotation is enabled.
+     */
+    enabled: boolean;
+    /**
+     * Rotation interval in days. Required when enabled is true.
+     */
+    intervalDays?: number;
+    /**
+     * Certificate validity in days. Defaults to rotation interval + 30 days grace period.
+     */
+    certValidityDays?: number;
+};
+type KeyChainCreateDto = {
+    /**
+     * Usage type determines the purpose of this key chain (access, attestation, etc.).
+     */
+    usageType: "access" | "attestation" | "trustList" | "statusList" | "encrypt";
+    /**
+     * Type of key chain to create.
+     */
+    type: "standalone" | "internalChain";
+    /**
+     * Human-readable description for the key chain.
+     */
+    description?: string;
+    /**
+     * KMS provider to use (defaults to the configured default provider).
+     */
+    kmsProvider?: string;
+    /**
+     * Rotation policy configuration. Only applicable for the signing key (root CA never rotates).
+     */
+    rotationPolicy?: RotationPolicyCreateDto;
+};
+type EcJwk = {
+    kty: string;
+    x: string;
+    y: string;
+    crv: string;
+    d: string;
+    alg?: string;
+    kid?: string;
+};
+type RotationPolicyImportDto = {
+    /**
+     * Whether rotation is enabled. When true, the imported key becomes a root CA.
+     */
+    enabled: boolean;
+    /**
+     * Rotation interval in days.
+     */
+    intervalDays?: number;
+    /**
+     * Certificate validity in days.
+     */
+    certValidityDays?: number;
+};
+type KeyChainImportDto = {
+    /**
+     * ID for the key chain. If not provided, a new UUID will be generated.
+     */
+    id?: string;
+    /**
+     * The private key in JWK format.
+     */
+    key: EcJwk;
+    /**
+     * Human-readable description.
+     */
+    description?: string;
+    /**
+     * Usage type for this key chain.
+     */
+    usageType: "access" | "attestation" | "trustList" | "statusList" | "encrypt";
+    /**
+     * Certificate chain in PEM format (leaf first, then intermediates/CA).
+     */
+    crt?: Array<string>;
+    /**
+     * KMS provider to use. Defaults to 'db'.
+     */
+    kmsProvider?: string;
+    /**
+     * Rotation policy. When enabled, the imported key becomes a root CA and a new leaf key is generated.
+     */
+    rotationPolicy?: RotationPolicyImportDto;
+};
+type RotationPolicyUpdateDto = {
+    /**
+     * Whether automatic key rotation is enabled.
+     */
+    enabled?: boolean;
+    /**
+     * Rotation interval in days.
+     */
+    intervalDays?: number;
+    /**
+     * Certificate validity in days.
+     */
+    certValidityDays?: number;
+};
+type KeyChainUpdateDto = {
+    /**
+     * Human-readable description for the key chain.
+     */
+    description?: string;
+    /**
+     * Rotation policy configuration.
+     */
+    rotationPolicy?: RotationPolicyUpdateDto;
+    /**
+     * Active certificate chain in PEM format. Used for external certificate updates.
+     */
+    activeCertificate?: string;
+};
+type PresentationRequest = {
+    /**
+     * The type of response expected from the presentation request.
+     */
+    response_type: "uri" | "dc-api";
+    /**
+     * Identifier of the presentation configuration
+     */
+    requestId: string;
+    /**
+     * Webhook configuration to receive the response.
+     * If not provided, the configured webhook from the configuration will be used.
+     */
+    webhook?: WebhookConfig;
+    /**
+     * Optional redirect URI to which the user-agent should be redirected after the presentation is completed.
+     * You can use the `{sessionId}` placeholder in the URI, which will be replaced with the actual session ID.
+     */
+    redirectUri?: string;
+    /**
+     * Optional transaction data to include in the OID4VP request.
+     * If provided, this will override the transaction_data from the presentation configuration.
+     */
+    transaction_data?: Array<TransactionData>;
+};
+type FileUploadDto = {
+    file: Blob | File;
+};
+type AppControllerGetVersionData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/version";
+};
+type AppControllerGetVersionResponses = {
+    /**
+     * Service version info
+     */
+    200: unknown;
+};
+type TenantControllerGetTenantsData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/tenant";
+};
+type TenantControllerGetTenantsResponses = {
+    200: Array<TenantEntity>;
+};
+type TenantControllerGetTenantsResponse = TenantControllerGetTenantsResponses[keyof TenantControllerGetTenantsResponses];
+type TenantControllerInitTenantData = {
+    body: CreateTenantDto;
+    path?: never;
+    query?: never;
+    url: "/api/tenant";
+};
+type TenantControllerInitTenantResponses = {
+    201: {
+        [key: string]: unknown;
+    };
+};
+type TenantControllerInitTenantResponse = TenantControllerInitTenantResponses[keyof TenantControllerInitTenantResponses];
+type TenantControllerDeleteTenantData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/tenant/{id}";
+};
+type TenantControllerDeleteTenantResponses = {
+    200: unknown;
+};
+type TenantControllerGetTenantData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/tenant/{id}";
+};
+type TenantControllerGetTenantResponses = {
+    200: TenantEntity;
+};
+type TenantControllerGetTenantResponse = TenantControllerGetTenantResponses[keyof TenantControllerGetTenantResponses];
+type TenantControllerUpdateTenantData = {
+    body: UpdateTenantDto;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/tenant/{id}";
+};
+type TenantControllerUpdateTenantResponses = {
+    200: TenantEntity;
+};
+type TenantControllerUpdateTenantResponse = TenantControllerUpdateTenantResponses[keyof TenantControllerUpdateTenantResponses];
+type ClientControllerGetClientsData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/client";
+};
+type ClientControllerGetClientsResponses = {
+    200: Array<ClientEntity>;
+};
+type ClientControllerGetClientsResponse = ClientControllerGetClientsResponses[keyof ClientControllerGetClientsResponses];
+type ClientControllerCreateClientData = {
+    body: CreateClientDto;
+    path?: never;
+    query?: never;
+    url: "/api/client";
+};
+type ClientControllerCreateClientResponses = {
+    201: ClientEntity;
+};
+type ClientControllerCreateClientResponse = ClientControllerCreateClientResponses[keyof ClientControllerCreateClientResponses];
+type ClientControllerDeleteClientData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/client/{id}";
+};
+type ClientControllerDeleteClientResponses = {
+    200: unknown;
+};
+type ClientControllerGetClientData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/client/{id}";
+};
+type ClientControllerGetClientResponses = {
+    200: ClientEntity;
+};
+type ClientControllerGetClientResponse = ClientControllerGetClientResponses[keyof ClientControllerGetClientResponses];
+type ClientControllerUpdateClientData = {
+    body: UpdateClientDto;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/client/{id}";
+};
+type ClientControllerUpdateClientResponses = {
+    200: {
+        [key: string]: unknown;
+    };
+};
+type ClientControllerUpdateClientResponse = ClientControllerUpdateClientResponses[keyof ClientControllerUpdateClientResponses];
+type ClientControllerGetClientSecretData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/client/{id}/secret";
+};
+type ClientControllerGetClientSecretResponses = {
+    200: ClientSecretResponseDto;
+};
+type ClientControllerGetClientSecretResponse = ClientControllerGetClientSecretResponses[keyof ClientControllerGetClientSecretResponses];
+type ClientControllerRotateClientSecretData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/client/{id}/rotate-secret";
+};
+type ClientControllerRotateClientSecretResponses = {
+    201: ClientSecretResponseDto;
+};
+type ClientControllerRotateClientSecretResponse = ClientControllerRotateClientSecretResponses[keyof ClientControllerRotateClientSecretResponses];
+type StatusListConfigControllerResetConfigData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/status-list-config";
+};
+type StatusListConfigControllerResetConfigResponses = {
+    /**
+     * Configuration reset successfully
+     */
+    204: void;
+};
+type StatusListConfigControllerResetConfigResponse = StatusListConfigControllerResetConfigResponses[keyof StatusListConfigControllerResetConfigResponses];
+type StatusListConfigControllerGetConfigData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/status-list-config";
+};
+type StatusListConfigControllerGetConfigResponses = {
+    /**
+     * The status list configuration
+     */
+    200: StatusListConfig;
+};
+type StatusListConfigControllerGetConfigResponse = StatusListConfigControllerGetConfigResponses[keyof StatusListConfigControllerGetConfigResponses];
+type StatusListConfigControllerUpdateConfigData = {
+    body: UpdateStatusListConfigDto;
+    path?: never;
+    query?: never;
+    url: "/api/status-list-config";
+};
+type StatusListConfigControllerUpdateConfigResponses = {
+    /**
+     * The updated status list configuration
+     */
+    200: StatusListConfig;
+};
+type StatusListConfigControllerUpdateConfigResponse = StatusListConfigControllerUpdateConfigResponses[keyof StatusListConfigControllerUpdateConfigResponses];
+type StatusListManagementControllerGetListsData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/status-lists";
+};
+type StatusListManagementControllerGetListsResponses = {
+    /**
+     * List of status lists
+     */
+    200: Array<StatusListResponseDto>;
+};
+type StatusListManagementControllerGetListsResponse = StatusListManagementControllerGetListsResponses[keyof StatusListManagementControllerGetListsResponses];
+type StatusListManagementControllerCreateListData = {
+    body: CreateStatusListDto;
+    path?: never;
+    query?: never;
+    url: "/api/status-lists";
+};
+type StatusListManagementControllerCreateListResponses = {
+    /**
+     * The created status list
+     */
+    201: StatusListResponseDto;
+};
+type StatusListManagementControllerCreateListResponse = StatusListManagementControllerCreateListResponses[keyof StatusListManagementControllerCreateListResponses];
+type StatusListManagementControllerDeleteListData = {
+    body?: never;
+    path: {
+        /**
+         * The status list ID
+         */
+        listId: string;
+    };
+    query?: never;
+    url: "/api/status-lists/{listId}";
+};
+type StatusListManagementControllerDeleteListResponses = {
+    /**
+     * Status list deleted successfully
+     */
+    204: void;
+};
+type StatusListManagementControllerDeleteListResponse = StatusListManagementControllerDeleteListResponses[keyof StatusListManagementControllerDeleteListResponses];
+type StatusListManagementControllerGetListData = {
+    body?: never;
+    path: {
+        /**
+         * The status list ID
+         */
+        listId: string;
+    };
+    query?: never;
+    url: "/api/status-lists/{listId}";
+};
+type StatusListManagementControllerGetListResponses = {
+    /**
+     * The status list
+     */
+    200: StatusListResponseDto;
+};
+type StatusListManagementControllerGetListResponse = StatusListManagementControllerGetListResponses[keyof StatusListManagementControllerGetListResponses];
+type StatusListManagementControllerUpdateListData = {
+    body: UpdateStatusListDto;
+    path: {
+        /**
+         * The status list ID
+         */
+        listId: string;
+    };
+    query?: never;
+    url: "/api/status-lists/{listId}";
+};
+type StatusListManagementControllerUpdateListResponses = {
+    /**
+     * The updated status list
+     */
+    200: StatusListResponseDto;
+};
+type StatusListManagementControllerUpdateListResponse = StatusListManagementControllerUpdateListResponses[keyof StatusListManagementControllerUpdateListResponses];
+type SessionControllerGetAllSessionsData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/session";
+};
+type SessionControllerGetAllSessionsResponses = {
+    200: Array<Session>;
+};
+type SessionControllerGetAllSessionsResponse = SessionControllerGetAllSessionsResponses[keyof SessionControllerGetAllSessionsResponses];
+type SessionControllerDeleteSessionData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/session/{id}";
+};
+type SessionControllerDeleteSessionResponses = {
+    200: unknown;
+};
+type SessionControllerGetSessionData = {
+    body?: never;
+    path: {
+        /**
+         * The session ID
+         */
+        id: string;
+    };
+    query?: never;
+    url: "/api/session/{id}";
+};
+type SessionControllerGetSessionResponses = {
+    200: Session;
+};
+type SessionControllerGetSessionResponse = SessionControllerGetSessionResponses[keyof SessionControllerGetSessionResponses];
+type SessionControllerGetSessionLogsData = {
+    body?: never;
+    path: {
+        /**
+         * The session ID
+         */
+        id: string;
+    };
+    query?: never;
+    url: "/api/session/{id}/logs";
+};
+type SessionControllerGetSessionLogsResponses = {
+    200: Array<SessionLogEntryResponseDto>;
+};
+type SessionControllerGetSessionLogsResponse = SessionControllerGetSessionLogsResponses[keyof SessionControllerGetSessionLogsResponses];
+type SessionControllerRevokeAllData = {
+    body: StatusUpdateDto;
+    path?: never;
+    query?: never;
+    url: "/api/session/revoke";
+};
+type SessionControllerRevokeAllResponses = {
+    201: unknown;
+};
+type SessionConfigControllerResetConfigData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/session-config";
+};
+type SessionConfigControllerResetConfigResponses = {
+    /**
+     * Configuration reset successfully
+     */
+    200: unknown;
+};
+type SessionConfigControllerGetConfigData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/session-config";
+};
+type SessionConfigControllerGetConfigResponses = {
+    /**
+     * The session storage configuration
+     */
+    200: SessionStorageConfig;
+};
+type SessionConfigControllerGetConfigResponse = SessionConfigControllerGetConfigResponses[keyof SessionConfigControllerGetConfigResponses];
+type SessionConfigControllerUpdateConfigData = {
+    body: UpdateSessionConfigDto;
+    path?: never;
+    query?: never;
+    url: "/api/session-config";
+};
+type SessionConfigControllerUpdateConfigResponses = {
+    /**
+     * The updated session storage configuration
+     */
+    200: SessionStorageConfig;
+};
+type SessionConfigControllerUpdateConfigResponse = SessionConfigControllerUpdateConfigResponses[keyof SessionConfigControllerUpdateConfigResponses];
+type SessionEventsControllerSubscribeToSessionEventsData = {
+    body?: never;
+    path: {
+        /**
+         * Session ID to subscribe to
+         */
+        id: string;
+    };
+    query: {
+        /**
+         * JWT access token for authentication
+         */
+        token: string;
+    };
+    url: "/api/session/{id}/events";
+};
+type SessionEventsControllerSubscribeToSessionEventsResponses = {
+    200: unknown;
+};
+type IssuanceConfigControllerGetIssuanceConfigurationsData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/issuer/config";
+};
+type IssuanceConfigControllerGetIssuanceConfigurationsResponses = {
+    200: IssuanceConfig;
+};
+type IssuanceConfigControllerGetIssuanceConfigurationsResponse = IssuanceConfigControllerGetIssuanceConfigurationsResponses[keyof IssuanceConfigControllerGetIssuanceConfigurationsResponses];
+type IssuanceConfigControllerStoreIssuanceConfigurationData = {
+    body: IssuanceDto;
+    path?: never;
+    query?: never;
+    url: "/api/issuer/config";
+};
+type IssuanceConfigControllerStoreIssuanceConfigurationResponses = {
+    201: {
+        [key: string]: unknown;
+    };
+};
+type IssuanceConfigControllerStoreIssuanceConfigurationResponse = IssuanceConfigControllerStoreIssuanceConfigurationResponses[keyof IssuanceConfigControllerStoreIssuanceConfigurationResponses];
+type CredentialConfigControllerGetConfigsData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/issuer/credentials";
+};
+type CredentialConfigControllerGetConfigsResponses = {
+    200: Array<CredentialConfig>;
+};
+type CredentialConfigControllerGetConfigsResponse = CredentialConfigControllerGetConfigsResponses[keyof CredentialConfigControllerGetConfigsResponses];
+type CredentialConfigControllerStoreCredentialConfigurationData = {
+    body: CredentialConfigCreate;
+    path?: never;
+    query?: never;
+    url: "/api/issuer/credentials";
+};
+type CredentialConfigControllerStoreCredentialConfigurationResponses = {
+    201: {
+        [key: string]: unknown;
+    };
+};
+type CredentialConfigControllerStoreCredentialConfigurationResponse = CredentialConfigControllerStoreCredentialConfigurationResponses[keyof CredentialConfigControllerStoreCredentialConfigurationResponses];
+type CredentialConfigControllerDeleteIssuanceConfigurationData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/issuer/credentials/{id}";
+};
+type CredentialConfigControllerDeleteIssuanceConfigurationResponses = {
+    200: unknown;
+};
+type CredentialConfigControllerGetConfigByIdData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/issuer/credentials/{id}";
+};
+type CredentialConfigControllerGetConfigByIdResponses = {
+    200: CredentialConfig;
+};
+type CredentialConfigControllerGetConfigByIdResponse = CredentialConfigControllerGetConfigByIdResponses[keyof CredentialConfigControllerGetConfigByIdResponses];
+type CredentialConfigControllerUpdateCredentialConfigurationData = {
+    body: CredentialConfigUpdate;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/issuer/credentials/{id}";
+};
+type CredentialConfigControllerUpdateCredentialConfigurationResponses = {
+    200: {
+        [key: string]: unknown;
+    };
+};
+type CredentialConfigControllerUpdateCredentialConfigurationResponse = CredentialConfigControllerUpdateCredentialConfigurationResponses[keyof CredentialConfigControllerUpdateCredentialConfigurationResponses];
+type AttributeProviderControllerGetAllData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/issuer/attribute-providers";
+};
+type AttributeProviderControllerGetAllResponses = {
+    /**
+     * List of attribute providers
+     */
+    200: unknown;
+};
+type AttributeProviderControllerCreateData = {
+    body: CreateAttributeProviderDto;
+    path?: never;
+    query?: never;
+    url: "/api/issuer/attribute-providers";
+};
+type AttributeProviderControllerCreateResponses = {
+    /**
+     * Attribute provider created
+     */
+    201: unknown;
+};
+type AttributeProviderControllerDeleteData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/issuer/attribute-providers/{id}";
+};
+type AttributeProviderControllerDeleteErrors = {
+    /**
+     * Attribute provider not found
+     */
+    404: unknown;
+};
+type AttributeProviderControllerDeleteResponses = {
+    /**
+     * Attribute provider deleted
+     */
+    200: unknown;
+};
+type AttributeProviderControllerGetByIdData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/issuer/attribute-providers/{id}";
+};
+type AttributeProviderControllerGetByIdErrors = {
+    /**
+     * Attribute provider not found
+     */
+    404: unknown;
+};
+type AttributeProviderControllerGetByIdResponses = {
+    /**
+     * The attribute provider
+     */
+    200: unknown;
+};
+type AttributeProviderControllerUpdateData = {
+    body: UpdateAttributeProviderDto;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/issuer/attribute-providers/{id}";
+};
+type AttributeProviderControllerUpdateErrors = {
+    /**
+     * Attribute provider not found
+     */
+    404: unknown;
+};
+type AttributeProviderControllerUpdateResponses = {
+    /**
+     * Attribute provider updated
+     */
+    200: unknown;
+};
+type WebhookEndpointControllerGetAllData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/issuer/webhook-endpoints";
+};
+type WebhookEndpointControllerGetAllResponses = {
+    /**
+     * List of webhook endpoints
+     */
+    200: unknown;
+};
+type WebhookEndpointControllerCreateData = {
+    body: CreateWebhookEndpointDto;
+    path?: never;
+    query?: never;
+    url: "/api/issuer/webhook-endpoints";
+};
+type WebhookEndpointControllerCreateResponses = {
+    /**
+     * Webhook endpoint created
+     */
+    201: unknown;
+};
+type WebhookEndpointControllerDeleteData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/issuer/webhook-endpoints/{id}";
+};
+type WebhookEndpointControllerDeleteErrors = {
+    /**
+     * Webhook endpoint not found
+     */
+    404: unknown;
+};
+type WebhookEndpointControllerDeleteResponses = {
+    /**
+     * Webhook endpoint deleted
+     */
+    200: unknown;
+};
+type WebhookEndpointControllerGetByIdData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/issuer/webhook-endpoints/{id}";
+};
+type WebhookEndpointControllerGetByIdErrors = {
+    /**
+     * Webhook endpoint not found
+     */
+    404: unknown;
+};
+type WebhookEndpointControllerGetByIdResponses = {
+    /**
+     * The webhook endpoint
+     */
+    200: unknown;
+};
+type WebhookEndpointControllerUpdateData = {
+    body: UpdateWebhookEndpointDto;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/issuer/webhook-endpoints/{id}";
+};
+type WebhookEndpointControllerUpdateErrors = {
+    /**
+     * Webhook endpoint not found
+     */
+    404: unknown;
+};
+type WebhookEndpointControllerUpdateResponses = {
+    /**
+     * Webhook endpoint updated
+     */
+    200: unknown;
+};
+type PresentationManagementControllerConfigurationData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/verifier/config";
+};
+type PresentationManagementControllerConfigurationResponses = {
+    200: Array<PresentationConfig>;
+};
+type PresentationManagementControllerConfigurationResponse = PresentationManagementControllerConfigurationResponses[keyof PresentationManagementControllerConfigurationResponses];
+type PresentationManagementControllerStorePresentationConfigData = {
+    body: PresentationConfigCreateDto;
+    path?: never;
+    query?: never;
+    url: "/api/verifier/config";
+};
+type PresentationManagementControllerStorePresentationConfigResponses = {
+    201: {
+        [key: string]: unknown;
+    };
+};
+type PresentationManagementControllerStorePresentationConfigResponse = PresentationManagementControllerStorePresentationConfigResponses[keyof PresentationManagementControllerStorePresentationConfigResponses];
+type PresentationManagementControllerDeleteConfigurationData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/verifier/config/{id}";
+};
+type PresentationManagementControllerDeleteConfigurationResponses = {
+    200: unknown;
+};
+type PresentationManagementControllerGetConfigurationData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/verifier/config/{id}";
+};
+type PresentationManagementControllerGetConfigurationResponses = {
+    200: PresentationConfig;
+};
+type PresentationManagementControllerGetConfigurationResponse = PresentationManagementControllerGetConfigurationResponses[keyof PresentationManagementControllerGetConfigurationResponses];
+type PresentationManagementControllerUpdateConfigurationData = {
+    body: PresentationConfigUpdateDto;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/verifier/config/{id}";
+};
+type PresentationManagementControllerUpdateConfigurationResponses = {
+    200: {
+        [key: string]: unknown;
+    };
+};
+type PresentationManagementControllerUpdateConfigurationResponse = PresentationManagementControllerUpdateConfigurationResponses[keyof PresentationManagementControllerUpdateConfigurationResponses];
+type CacheControllerGetStatsData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/cache/stats";
+};
+type CacheControllerGetStatsResponses = {
+    /**
+     * Cache statistics
+     */
+    200: unknown;
+};
+type CacheControllerClearAllCachesData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/cache";
+};
+type CacheControllerClearAllCachesResponses = {
+    /**
+     * All caches cleared successfully
+     */
+    204: void;
+};
+type CacheControllerClearAllCachesResponse = CacheControllerClearAllCachesResponses[keyof CacheControllerClearAllCachesResponses];
+type CacheControllerClearTrustListCacheData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/cache/trust-list";
+};
+type CacheControllerClearTrustListCacheResponses = {
+    /**
+     * Trust list cache cleared successfully
+     */
+    204: void;
+};
+type CacheControllerClearTrustListCacheResponse = CacheControllerClearTrustListCacheResponses[keyof CacheControllerClearTrustListCacheResponses];
+type CacheControllerClearStatusListCacheData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/cache/status-list";
+};
+type CacheControllerClearStatusListCacheResponses = {
+    /**
+     * Status list cache cleared successfully
+     */
+    204: void;
+};
+type CacheControllerClearStatusListCacheResponse = CacheControllerClearStatusListCacheResponses[keyof CacheControllerClearStatusListCacheResponses];
+type CredentialOfferControllerGetOfferData = {
+    body: OfferRequestDto;
+    path?: never;
+    query?: never;
+    url: "/api/issuer/offer";
+};
+type CredentialOfferControllerGetOfferResponses = {
+    /**
+     * JSON response
+     */
+    201: OfferResponse;
+};
+type CredentialOfferControllerGetOfferResponse = CredentialOfferControllerGetOfferResponses[keyof CredentialOfferControllerGetOfferResponses];
+type DeferredControllerCompleteDeferredData = {
+    body: CompleteDeferredDto;
+    path: {
+        transactionId: string;
+    };
+    query?: never;
+    url: "/api/issuer/deferred/{transactionId}/complete";
+};
+type DeferredControllerCompleteDeferredErrors = {
+    /**
+     * Transaction not found
+     */
+    404: unknown;
+};
+type DeferredControllerCompleteDeferredResponses = {
+    /**
+     * Transaction completed successfully
+     */
+    200: DeferredOperationResponse;
+};
+type DeferredControllerCompleteDeferredResponse = DeferredControllerCompleteDeferredResponses[keyof DeferredControllerCompleteDeferredResponses];
+type DeferredControllerFailDeferredData = {
+    body?: FailDeferredDto;
+    path: {
+        transactionId: string;
+    };
+    query?: never;
+    url: "/api/issuer/deferred/{transactionId}/fail";
+};
+type DeferredControllerFailDeferredErrors = {
+    /**
+     * Transaction not found
+     */
+    404: unknown;
+};
+type DeferredControllerFailDeferredResponses = {
+    /**
+     * Transaction marked as failed
+     */
+    200: DeferredOperationResponse;
+};
+type DeferredControllerFailDeferredResponse = DeferredControllerFailDeferredResponses[keyof DeferredControllerFailDeferredResponses];
+type RegistrarControllerDeleteConfigData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/registrar/config";
+};
+type RegistrarControllerDeleteConfigResponses = {
+    /**
+     * Configuration deleted successfully
+     */
+    204: void;
+};
+type RegistrarControllerDeleteConfigResponse = RegistrarControllerDeleteConfigResponses[keyof RegistrarControllerDeleteConfigResponses];
+type RegistrarControllerGetConfigData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/registrar/config";
+};
+type RegistrarControllerGetConfigErrors = {
+    /**
+     * No registrar configuration found
+     */
+    404: unknown;
+};
+type RegistrarControllerGetConfigResponses = {
+    /**
+     * The registrar configuration
+     */
+    200: RegistrarConfigEntity;
+};
+type RegistrarControllerGetConfigResponse = RegistrarControllerGetConfigResponses[keyof RegistrarControllerGetConfigResponses];
+type RegistrarControllerUpdateConfigData = {
+    body: UpdateRegistrarConfigDto;
+    path?: never;
+    query?: never;
+    url: "/api/registrar/config";
+};
+type RegistrarControllerUpdateConfigErrors = {
+    /**
+     * Invalid credentials
+     */
+    400: unknown;
+    /**
+     * No registrar configuration found
+     */
+    404: unknown;
+};
+type RegistrarControllerUpdateConfigResponses = {
+    /**
+     * Configuration updated successfully
+     */
+    200: RegistrarConfigEntity;
+};
+type RegistrarControllerUpdateConfigResponse = RegistrarControllerUpdateConfigResponses[keyof RegistrarControllerUpdateConfigResponses];
+type RegistrarControllerCreateConfigData = {
+    body: CreateRegistrarConfigDto;
+    path?: never;
+    query?: never;
+    url: "/api/registrar/config";
+};
+type RegistrarControllerCreateConfigErrors = {
+    /**
+     * Invalid credentials
+     */
+    400: unknown;
+};
+type RegistrarControllerCreateConfigResponses = {
+    /**
+     * Configuration created successfully
+     */
+    201: RegistrarConfigEntity;
+};
+type RegistrarControllerCreateConfigResponse = RegistrarControllerCreateConfigResponses[keyof RegistrarControllerCreateConfigResponses];
+type RegistrarControllerCreateAccessCertificateData = {
+    body: CreateAccessCertificateDto;
+    path?: never;
+    query?: never;
+    url: "/api/registrar/access-certificate";
+};
+type RegistrarControllerCreateAccessCertificateErrors = {
+    /**
+     * No relying party found at registrar or failed to create certificate
+     */
+    400: unknown;
+    /**
+     * No registrar configuration found or key not found
+     */
+    404: unknown;
+};
+type RegistrarControllerCreateAccessCertificateResponses = {
+    /**
+     * Access certificate created successfully
+     */
+    201: {
+        /**
+         * The certificate ID at the registrar
+         */
+        id?: string;
+        /**
+         * The certificate in PEM format
+         */
+        crt?: string;
+    };
+};
+type RegistrarControllerCreateAccessCertificateResponse = RegistrarControllerCreateAccessCertificateResponses[keyof RegistrarControllerCreateAccessCertificateResponses];
+type TrustListControllerGetAllTrustListsData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/trust-list";
+};
+type TrustListControllerGetAllTrustListsResponses = {
+    200: Array<TrustList>;
+};
+type TrustListControllerGetAllTrustListsResponse = TrustListControllerGetAllTrustListsResponses[keyof TrustListControllerGetAllTrustListsResponses];
+type TrustListControllerCreateTrustListData = {
+    body: TrustListCreateDto;
+    path?: never;
+    query?: never;
+    url: "/api/trust-list";
+};
+type TrustListControllerCreateTrustListResponses = {
+    201: TrustList;
+};
+type TrustListControllerCreateTrustListResponse = TrustListControllerCreateTrustListResponses[keyof TrustListControllerCreateTrustListResponses];
+type TrustListControllerDeleteTrustListData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/trust-list/{id}";
+};
+type TrustListControllerDeleteTrustListResponses = {
+    200: unknown;
+};
+type TrustListControllerGetTrustListData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/trust-list/{id}";
+};
+type TrustListControllerGetTrustListResponses = {
+    200: TrustList;
+};
+type TrustListControllerGetTrustListResponse = TrustListControllerGetTrustListResponses[keyof TrustListControllerGetTrustListResponses];
+type TrustListControllerUpdateTrustListData = {
+    body: TrustListCreateDto;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/trust-list/{id}";
+};
+type TrustListControllerUpdateTrustListResponses = {
+    200: TrustList;
+};
+type TrustListControllerUpdateTrustListResponse = TrustListControllerUpdateTrustListResponses[keyof TrustListControllerUpdateTrustListResponses];
+type TrustListControllerExportTrustListData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/trust-list/{id}/export";
+};
+type TrustListControllerExportTrustListResponses = {
+    200: TrustListCreateDto;
+};
+type TrustListControllerExportTrustListResponse = TrustListControllerExportTrustListResponses[keyof TrustListControllerExportTrustListResponses];
+type TrustListControllerGetTrustListVersionsData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/trust-list/{id}/versions";
+};
+type TrustListControllerGetTrustListVersionsResponses = {
+    200: Array<TrustListVersion>;
+};
+type TrustListControllerGetTrustListVersionsResponse = TrustListControllerGetTrustListVersionsResponses[keyof TrustListControllerGetTrustListVersionsResponses];
+type TrustListControllerGetTrustListVersionData = {
+    body?: never;
+    path: {
+        id: string;
+        versionId: string;
+    };
+    query?: never;
+    url: "/api/trust-list/{id}/versions/{versionId}";
+};
+type TrustListControllerGetTrustListVersionResponses = {
+    200: TrustListVersion;
+};
+type TrustListControllerGetTrustListVersionResponse = TrustListControllerGetTrustListVersionResponses[keyof TrustListControllerGetTrustListVersionResponses];
+type KeyChainControllerGetProvidersData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/key-chain/providers";
+};
+type KeyChainControllerGetProvidersResponses = {
+    /**
+     * List of available KMS providers with capabilities
+     */
+    200: KmsProvidersResponseDto;
+};
+type KeyChainControllerGetProvidersResponse = KeyChainControllerGetProvidersResponses[keyof KeyChainControllerGetProvidersResponses];
+type KeyChainControllerGetAllData = {
+    body?: never;
+    path?: never;
+    query?: never;
+    url: "/api/key-chain";
+};
+type KeyChainControllerGetAllResponses = {
+    /**
+     * List of key chains
+     */
+    200: Array<KeyChainResponseDto>;
+};
+type KeyChainControllerGetAllResponse = KeyChainControllerGetAllResponses[keyof KeyChainControllerGetAllResponses];
+type KeyChainControllerCreateData = {
+    body: KeyChainCreateDto;
+    path?: never;
+    query?: never;
+    url: "/api/key-chain";
+};
+type KeyChainControllerCreateResponses = {
+    /**
+     * Key chain created successfully
+     */
+    201: unknown;
+};
+type KeyChainControllerDeleteData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/key-chain/{id}";
+};
+type KeyChainControllerDeleteErrors = {
+    /**
+     * Key chain not found
+     */
+    404: unknown;
+};
+type KeyChainControllerDeleteResponses = {
+    /**
+     * Key chain deleted successfully
+     */
+    200: unknown;
+};
+type KeyChainControllerGetByIdData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/key-chain/{id}";
+};
+type KeyChainControllerGetByIdErrors = {
+    /**
+     * Key chain not found
+     */
+    404: unknown;
+};
+type KeyChainControllerGetByIdResponses = {
+    /**
+     * The key chain
+     */
+    200: KeyChainResponseDto;
+};
+type KeyChainControllerGetByIdResponse = KeyChainControllerGetByIdResponses[keyof KeyChainControllerGetByIdResponses];
+type KeyChainControllerUpdateData = {
+    body: KeyChainUpdateDto;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/key-chain/{id}";
+};
+type KeyChainControllerUpdateErrors = {
+    /**
+     * Key chain not found
+     */
+    404: unknown;
+};
+type KeyChainControllerUpdateResponses = {
+    /**
+     * Key chain updated successfully
+     */
+    200: unknown;
+};
+type KeyChainControllerExportData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/key-chain/{id}/export";
+};
+type KeyChainControllerExportErrors = {
+    /**
+     * Key chain not found
+     */
+    404: unknown;
+};
+type KeyChainControllerExportResponses = {
+    /**
+     * Key chain export data
+     */
+    200: KeyChainExportDto;
+};
+type KeyChainControllerExportResponse = KeyChainControllerExportResponses[keyof KeyChainControllerExportResponses];
+type KeyChainControllerImportData = {
+    body: KeyChainImportDto;
+    path?: never;
+    query?: never;
+    url: "/api/key-chain/import";
+};
+type KeyChainControllerImportResponses = {
+    /**
+     * Key chain imported successfully
+     */
+    201: unknown;
+};
+type KeyChainControllerRotateData = {
+    body?: never;
+    path: {
+        id: string;
+    };
+    query?: never;
+    url: "/api/key-chain/{id}/rotate";
+};
+type KeyChainControllerRotateErrors = {
+    /**
+     * Key chain not found
+     */
+    404: unknown;
+};
+type KeyChainControllerRotateResponses = {
+    /**
+     * Key chain rotated successfully
+     */
+    200: unknown;
+    201: unknown;
+};
+type VerifierOfferControllerGetOfferData = {
+    body: PresentationRequest;
+    path?: never;
+    query?: never;
+    url: "/api/verifier/offer";
+};
+type VerifierOfferControllerGetOfferResponses = {
+    /**
+     * JSON response
+     */
+    201: OfferResponse;
+};
+type VerifierOfferControllerGetOfferResponse = VerifierOfferControllerGetOfferResponses[keyof VerifierOfferControllerGetOfferResponses];
+type StorageControllerUploadData = {
+    /**
+     * List of cats
+     */
+    body: FileUploadDto;
+    path?: never;
+    query?: never;
+    url: "/api/storage";
+};
+type StorageControllerUploadResponses = {
+    201: {
+        [key: string]: unknown;
+    };
+};
+type StorageControllerUploadResponse = StorageControllerUploadResponses[keyof StorageControllerUploadResponses];
+
+export type { ClientControllerGetClientResponses as $, AllowListPolicy as A, CacheControllerClearStatusListCacheData as B, CacheControllerClearAllCachesData as C, CacheControllerClearStatusListCacheResponse as D, CacheControllerClearStatusListCacheResponses as E, CacheControllerClearTrustListCacheData as F, CacheControllerClearTrustListCacheResponse as G, CacheControllerClearTrustListCacheResponses as H, CacheControllerGetStatsData as I, CacheControllerGetStatsResponses as J, CertificateInfoDto as K, ChainedAsConfig as L, ChainedAsErrorResponseDto as M, ChainedAsParRequestDto as N, ChainedAsParResponseDto as O, ChainedAsTokenConfig as P, ChainedAsTokenRequestDto as Q, ChainedAsTokenResponseDto as R, Session as S, ClaimsQuery as T, ClientControllerCreateClientData as U, ClientControllerCreateClientResponse as V, ClientControllerCreateClientResponses as W, ClientControllerDeleteClientData as X, ClientControllerDeleteClientResponses as Y, ClientControllerGetClientData as Z, ClientControllerGetClientResponse as _, ApiKeyConfig as a, EmbeddedDisclosurePolicy as a$, ClientControllerGetClientSecretData as a0, ClientControllerGetClientSecretResponse as a1, ClientControllerGetClientSecretResponses as a2, ClientControllerGetClientsData as a3, ClientControllerGetClientsResponse as a4, ClientControllerGetClientsResponses as a5, ClientControllerRotateClientSecretData as a6, ClientControllerRotateClientSecretResponse as a7, ClientControllerRotateClientSecretResponses as a8, ClientControllerUpdateClientData as a9, CredentialConfigControllerUpdateCredentialConfigurationData as aA, CredentialConfigControllerUpdateCredentialConfigurationResponse as aB, CredentialConfigControllerUpdateCredentialConfigurationResponses as aC, CredentialConfigCreate as aD, CredentialConfigUpdate as aE, CredentialOfferControllerGetOfferData as aF, CredentialOfferControllerGetOfferResponse as aG, CredentialOfferControllerGetOfferResponses as aH, CredentialQuery as aI, CredentialSetQuery as aJ, Dcql as aK, DeferredControllerCompleteDeferredData as aL, DeferredControllerCompleteDeferredErrors as aM, DeferredControllerCompleteDeferredResponse as aN, DeferredControllerCompleteDeferredResponses as aO, DeferredControllerFailDeferredData as aP, DeferredControllerFailDeferredErrors as aQ, DeferredControllerFailDeferredResponse as aR, DeferredControllerFailDeferredResponses as aS, DeferredCredentialRequestDto as aT, DeferredOperationResponse as aU, Display as aV, DisplayImage as aW, DisplayInfo as aX, DisplayLogo as aY, EcJwk as aZ, EcPublic as a_, ClientControllerUpdateClientResponse as aa, ClientControllerUpdateClientResponses as ab, ClientCredentialsDto as ac, ClientEntity as ad, ClientOptions as ae, ClientSecretResponseDto as af, CompleteDeferredDto as ag, CreateAccessCertificateDto as ah, CreateAttributeProviderDto as ai, CreateClientDto as aj, CreateRegistrarConfigDto as ak, CreateStatusListDto as al, CreateTenantDto as am, CreateWebhookEndpointDto as an, CredentialConfig as ao, CredentialConfigControllerDeleteIssuanceConfigurationData as ap, CredentialConfigControllerDeleteIssuanceConfigurationResponses as aq, CredentialConfigControllerGetConfigByIdData as ar, CredentialConfigControllerGetConfigByIdResponse as as, CredentialConfigControllerGetConfigByIdResponses as at, CredentialConfigControllerGetConfigsData as au, CredentialConfigControllerGetConfigsResponse as av, CredentialConfigControllerGetConfigsResponses as aw, CredentialConfigControllerStoreCredentialConfigurationData as ax, CredentialConfigControllerStoreCredentialConfigurationResponse as ay, CredentialConfigControllerStoreCredentialConfigurationResponses as az, AppControllerGetVersionData as b, PolicyCredential as b$, ExportEcJwk as b0, ExportRotationPolicyDto as b1, ExternalTrustListEntity as b2, FailDeferredDto as b3, FileUploadDto as b4, IaeActionOpenid4VpPresentation as b5, IaeActionRedirectToWeb as b6, ImportTenantDto as b7, InteractiveAuthorizationCodeResponseDto as b8, InteractiveAuthorizationErrorResponseDto as b9, KeyChainControllerGetByIdResponse as bA, KeyChainControllerGetByIdResponses as bB, KeyChainControllerGetProvidersData as bC, KeyChainControllerGetProvidersResponse as bD, KeyChainControllerGetProvidersResponses as bE, KeyChainControllerImportData as bF, KeyChainControllerImportResponses as bG, KeyChainControllerRotateData as bH, KeyChainControllerRotateErrors as bI, KeyChainControllerRotateResponses as bJ, KeyChainControllerUpdateData as bK, KeyChainControllerUpdateErrors as bL, KeyChainControllerUpdateResponses as bM, KeyChainCreateDto as bN, KeyChainEntity as bO, KeyChainExportDto as bP, KeyChainImportDto as bQ, KeyChainResponseDto as bR, KeyChainUpdateDto as bS, KmsProviderCapabilitiesDto as bT, KmsProviderInfoDto as bU, KmsProvidersResponseDto as bV, NoneTrustPolicy as bW, NotificationRequestDto as bX, OfferRequestDto as bY, OfferResponse as bZ, ParResponseDto as b_, InteractiveAuthorizationRequestDto as ba, InternalTrustListEntity as bb, IssuanceConfig as bc, IssuanceConfigControllerGetIssuanceConfigurationsData as bd, IssuanceConfigControllerGetIssuanceConfigurationsResponse as be, IssuanceConfigControllerGetIssuanceConfigurationsResponses as bf, IssuanceConfigControllerStoreIssuanceConfigurationData as bg, IssuanceConfigControllerStoreIssuanceConfigurationResponse as bh, IssuanceConfigControllerStoreIssuanceConfigurationResponses as bi, IssuanceDto as bj, IssuerMetadataCredentialConfig as bk, JwksResponseDto as bl, KeyChainControllerCreateData as bm, KeyChainControllerCreateResponses as bn, KeyChainControllerDeleteData as bo, KeyChainControllerDeleteErrors as bp, KeyChainControllerDeleteResponses as bq, KeyChainControllerExportData as br, KeyChainControllerExportErrors as bs, KeyChainControllerExportResponse as bt, KeyChainControllerExportResponses as bu, KeyChainControllerGetAllData as bv, KeyChainControllerGetAllResponse as bw, KeyChainControllerGetAllResponses as bx, KeyChainControllerGetByIdData as by, KeyChainControllerGetByIdErrors as bz, AppControllerGetVersionResponses as c, SessionControllerGetSessionLogsData as c$, PresentationAttachment as c0, PresentationConfig as c1, PresentationConfigCreateDto as c2, PresentationConfigUpdateDto as c3, PresentationDuringIssuanceConfig as c4, PresentationManagementControllerConfigurationData as c5, PresentationManagementControllerConfigurationResponse as c6, PresentationManagementControllerConfigurationResponses as c7, PresentationManagementControllerDeleteConfigurationData as c8, PresentationManagementControllerDeleteConfigurationResponses as c9, RegistrarControllerGetConfigResponses as cA, RegistrarControllerUpdateConfigData as cB, RegistrarControllerUpdateConfigErrors as cC, RegistrarControllerUpdateConfigResponse as cD, RegistrarControllerUpdateConfigResponses as cE, RegistrationCertificateRequest as cF, RoleDto as cG, RootOfTrustPolicy as cH, RotationPolicyCreateDto as cI, RotationPolicyImportDto as cJ, RotationPolicyResponseDto as cK, RotationPolicyUpdateDto as cL, SchemaResponse as cM, SessionConfigControllerGetConfigData as cN, SessionConfigControllerGetConfigResponse as cO, SessionConfigControllerGetConfigResponses as cP, SessionConfigControllerResetConfigData as cQ, SessionConfigControllerResetConfigResponses as cR, SessionConfigControllerUpdateConfigData as cS, SessionConfigControllerUpdateConfigResponse as cT, SessionConfigControllerUpdateConfigResponses as cU, SessionControllerDeleteSessionData as cV, SessionControllerDeleteSessionResponses as cW, SessionControllerGetAllSessionsData as cX, SessionControllerGetAllSessionsResponse as cY, SessionControllerGetAllSessionsResponses as cZ, SessionControllerGetSessionData as c_, PresentationManagementControllerGetConfigurationData as ca, PresentationManagementControllerGetConfigurationResponse as cb, PresentationManagementControllerGetConfigurationResponses as cc, PresentationManagementControllerStorePresentationConfigData as cd, PresentationManagementControllerStorePresentationConfigResponse as ce, PresentationManagementControllerStorePresentationConfigResponses as cf, PresentationManagementControllerUpdateConfigurationData as cg, PresentationManagementControllerUpdateConfigurationResponse as ch, PresentationManagementControllerUpdateConfigurationResponses as ci, PresentationRequest as cj, PublicKeyInfoDto as ck, RegistrarConfigEntity as cl, RegistrarControllerCreateAccessCertificateData as cm, RegistrarControllerCreateAccessCertificateErrors as cn, RegistrarControllerCreateAccessCertificateResponse as co, RegistrarControllerCreateAccessCertificateResponses as cp, RegistrarControllerCreateConfigData as cq, RegistrarControllerCreateConfigErrors as cr, RegistrarControllerCreateConfigResponse as cs, RegistrarControllerCreateConfigResponses as ct, RegistrarControllerDeleteConfigData as cu, RegistrarControllerDeleteConfigResponse as cv, RegistrarControllerDeleteConfigResponses as cw, RegistrarControllerGetConfigData as cx, RegistrarControllerGetConfigErrors as cy, RegistrarControllerGetConfigResponse as cz, AttestationBasedPolicy as d, TrustListControllerCreateTrustListResponses as d$, SessionControllerGetSessionLogsResponse as d0, SessionControllerGetSessionLogsResponses as d1, SessionControllerGetSessionResponse as d2, SessionControllerGetSessionResponses as d3, SessionControllerRevokeAllData as d4, SessionControllerRevokeAllResponses as d5, SessionEventsControllerSubscribeToSessionEventsData as d6, SessionEventsControllerSubscribeToSessionEventsResponses as d7, SessionLogEntryResponseDto as d8, SessionStorageConfig as d9, StatusListManagementControllerUpdateListResponse as dA, StatusListManagementControllerUpdateListResponses as dB, StatusListResponseDto as dC, StatusUpdateDto as dD, StorageControllerUploadData as dE, StorageControllerUploadResponse as dF, StorageControllerUploadResponses as dG, TenantControllerDeleteTenantData as dH, TenantControllerDeleteTenantResponses as dI, TenantControllerGetTenantData as dJ, TenantControllerGetTenantResponse as dK, TenantControllerGetTenantResponses as dL, TenantControllerGetTenantsData as dM, TenantControllerGetTenantsResponse as dN, TenantControllerGetTenantsResponses as dO, TenantControllerInitTenantData as dP, TenantControllerInitTenantResponse as dQ, TenantControllerInitTenantResponses as dR, TenantControllerUpdateTenantData as dS, TenantControllerUpdateTenantResponse as dT, TenantControllerUpdateTenantResponses as dU, TenantEntity as dV, TokenResponse as dW, TransactionData as dX, TrustList as dY, TrustListControllerCreateTrustListData as dZ, TrustListControllerCreateTrustListResponse as d_, StatusListAggregationDto as da, StatusListConfig as db, StatusListConfigControllerGetConfigData as dc, StatusListConfigControllerGetConfigResponse as dd, StatusListConfigControllerGetConfigResponses as de, StatusListConfigControllerResetConfigData as df, StatusListConfigControllerResetConfigResponse as dg, StatusListConfigControllerResetConfigResponses as dh, StatusListConfigControllerUpdateConfigData as di, StatusListConfigControllerUpdateConfigResponse as dj, StatusListConfigControllerUpdateConfigResponses as dk, StatusListImportDto as dl, StatusListManagementControllerCreateListData as dm, StatusListManagementControllerCreateListResponse as dn, StatusListManagementControllerCreateListResponses as dp, StatusListManagementControllerDeleteListData as dq, StatusListManagementControllerDeleteListResponse as dr, StatusListManagementControllerDeleteListResponses as ds, StatusListManagementControllerGetListData as dt, StatusListManagementControllerGetListResponse as du, StatusListManagementControllerGetListResponses as dv, StatusListManagementControllerGetListsData as dw, StatusListManagementControllerGetListsResponse as dx, StatusListManagementControllerGetListsResponses as dy, StatusListManagementControllerUpdateListData as dz, AttributeProviderControllerCreateData as e, TrustListControllerDeleteTrustListData as e0, TrustListControllerDeleteTrustListResponses as e1, TrustListControllerExportTrustListData as e2, TrustListControllerExportTrustListResponse as e3, TrustListControllerExportTrustListResponses as e4, TrustListControllerGetAllTrustListsData as e5, TrustListControllerGetAllTrustListsResponse as e6, TrustListControllerGetAllTrustListsResponses as e7, TrustListControllerGetTrustListData as e8, TrustListControllerGetTrustListResponse as e9, VerifierOfferControllerGetOfferResponses as eA, WebHookAuthConfigHeader as eB, WebHookAuthConfigNone as eC, WebhookConfig as eD, WebhookEndpointControllerCreateData as eE, WebhookEndpointControllerCreateResponses as eF, WebhookEndpointControllerDeleteData as eG, WebhookEndpointControllerDeleteErrors as eH, WebhookEndpointControllerDeleteResponses as eI, WebhookEndpointControllerGetAllData as eJ, WebhookEndpointControllerGetAllResponses as eK, WebhookEndpointControllerGetByIdData as eL, WebhookEndpointControllerGetByIdErrors as eM, WebhookEndpointControllerGetByIdResponses as eN, WebhookEndpointControllerUpdateData as eO, WebhookEndpointControllerUpdateErrors as eP, WebhookEndpointControllerUpdateResponses as eQ, WebhookEndpointEntity as eR, TrustListControllerGetTrustListResponses as ea, TrustListControllerGetTrustListVersionData as eb, TrustListControllerGetTrustListVersionResponse as ec, TrustListControllerGetTrustListVersionResponses as ed, TrustListControllerGetTrustListVersionsData as ee, TrustListControllerGetTrustListVersionsResponse as ef, TrustListControllerGetTrustListVersionsResponses as eg, TrustListControllerUpdateTrustListData as eh, TrustListControllerUpdateTrustListResponse as ei, TrustListControllerUpdateTrustListResponses as ej, TrustListCreateDto as ek, TrustListEntityInfo as el, TrustListVersion as em, TrustedAuthorityQuery as en, UpdateAttributeProviderDto as eo, UpdateClientDto as ep, UpdateRegistrarConfigDto as eq, UpdateSessionConfigDto as er, UpdateStatusListConfigDto as es, UpdateStatusListDto as et, UpdateTenantDto as eu, UpdateWebhookEndpointDto as ev, UpstreamOidcConfig as ew, Vct as ex, VerifierOfferControllerGetOfferData as ey, VerifierOfferControllerGetOfferResponse as ez, AttributeProviderControllerCreateResponses as f, AttributeProviderControllerDeleteData as g, AttributeProviderControllerDeleteErrors as h, AttributeProviderControllerDeleteResponses as i, AttributeProviderControllerGetAllData as j, AttributeProviderControllerGetAllResponses as k, AttributeProviderControllerGetByIdData as l, AttributeProviderControllerGetByIdErrors as m, AttributeProviderControllerGetByIdResponses as n, AttributeProviderControllerUpdateData as o, AttributeProviderControllerUpdateErrors as p, AttributeProviderControllerUpdateResponses as q, AttributeProviderEntity as r, AuthenticationMethodAuth as s, AuthenticationMethodNone as t, AuthenticationMethodPresentation as u, AuthenticationUrlConfig as v, AuthorizationResponse as w, AuthorizeQueries as x, CacheControllerClearAllCachesResponse as y, CacheControllerClearAllCachesResponses as z };