@turnkey/http 0.17.0 → 0.18.0

package/dist/__generated__/services/coordinator/public/v1/public_api.types.d.ts

@@ -55,6 +55,10 @@ export type paths = {
         /** Create API-only Users in an existing Organization */
         post: operations["PublicApiService_CreateApiOnlyUsers"];
     };
+    "/public/v1/submit/create_authenticators": {
+        /** Create Authenticators to authenticate requests to Turnkey */
+        post: operations["PublicApiService_CreateAuthenticators"];
+    };
     "/public/v1/submit/create_invitations": {
         /** Create Invitations to join an existing Organization */
         post: operations["PublicApiService_CreateInvitations"];
@@ -67,6 +71,10 @@ export type paths = {
         /** Create new Private Keys */
         post: operations["PublicApiService_CreatePrivateKeys"];
     };
+    "/public/v1/submit/create_sub_organization": {
+        /** Create a new Sub-Organization */
+        post: operations["PublicApiService_CreateSubOrganization"];
+    };
     "/public/v1/submit/create_users": {
         /** Create Users in an existing Organization */
         post: operations["PublicApiService_CreateUsers"];
@@ -99,10 +107,17 @@ export type paths = {
         /** Update human-readable name or associated private keys. Note that this activity is atomic: all of the updates will succeed at once, or all of them will fail. */
         post: operations["PublicApiService_UpdatePrivateKeyTag"];
     };
+    "/public/v1/submit/update_root_quorum": {
+        /** Set the threshold and members of the root quorum. This must be approved by the current root quorum. */
+        post: operations["PublicApiService_UpdateRootQuorum"];
+    };
     "/public/v1/submit/update_user_tag": {
         /** Update human-readable name or associated users. Note that this activity is atomic: all of the updates will succeed at once, or all of them will fail. */
         post: operations["PublicApiService_UpdateUserTag"];
     };
+    "/tkhq/api/v1/noop-codegen-anchor": {
+        post: operations["PublicApiService_NOOPCodegenAnchor"];
+    };
     "/tkhq/public/v1/query/get_private_key": {
         /** Get details about a Private Key */
         post: operations["PublicApiService_GetPrivateKeyBackwardsCompat"];
@@ -206,6 +221,19 @@ export type definitions = {
         userId: string;
         authenticator: definitions["v1AuthenticatorParams"];
     };
+    v1AcceptInvitationIntentV2: {
+        /**
+         * @inject_tag: validate:"required,uuid"
+         * @description Unique identifier for a given Invitation object.
+         */
+        invitationId: string;
+        /**
+         * @inject_tag: validate:"required,uuid"
+         * @description Unique identifier for a given User.
+         */
+        userId: string;
+        authenticator: definitions["v1AuthenticatorParamsV2"];
+    };
     v1AcceptInvitationResult: {
         /** @description Unique identifier for a given Invitation. */
         invitationId: string;
@@ -254,7 +282,7 @@ export type definitions = {
      * @description Type of Activity, such as Add User, or Sign Transaction.
      * @enum {string}
      */
-    v1ActivityType: "ACTIVITY_TYPE_CREATE_API_KEYS" | "ACTIVITY_TYPE_CREATE_USERS" | "ACTIVITY_TYPE_CREATE_PRIVATE_KEYS" | "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD" | "ACTIVITY_TYPE_CREATE_INVITATIONS" | "ACTIVITY_TYPE_ACCEPT_INVITATION" | "ACTIVITY_TYPE_CREATE_POLICY" | "ACTIVITY_TYPE_DISABLE_PRIVATE_KEY" | "ACTIVITY_TYPE_DELETE_USERS" | "ACTIVITY_TYPE_DELETE_API_KEYS" | "ACTIVITY_TYPE_DELETE_INVITATION" | "ACTIVITY_TYPE_DELETE_ORGANIZATION" | "ACTIVITY_TYPE_DELETE_POLICY" | "ACTIVITY_TYPE_CREATE_USER_TAG" | "ACTIVITY_TYPE_DELETE_USER_TAGS" | "ACTIVITY_TYPE_CREATE_ORGANIZATION" | "ACTIVITY_TYPE_SIGN_TRANSACTION" | "ACTIVITY_TYPE_APPROVE_ACTIVITY" | "ACTIVITY_TYPE_REJECT_ACTIVITY" | "ACTIVITY_TYPE_DELETE_AUTHENTICATORS" | "ACTIVITY_TYPE_CREATE_AUTHENTICATORS" | "ACTIVITY_TYPE_CREATE_PRIVATE_KEY_TAG" | "ACTIVITY_TYPE_DELETE_PRIVATE_KEY_TAGS" | "ACTIVITY_TYPE_SET_PAYMENT_METHOD" | "ACTIVITY_TYPE_ACTIVATE_BILLING_TIER" | "ACTIVITY_TYPE_DELETE_PAYMENT_METHOD" | "ACTIVITY_TYPE_CREATE_POLICY_V2" | "ACTIVITY_TYPE_CREATE_POLICY_V3" | "ACTIVITY_TYPE_CREATE_API_ONLY_USERS" | "ACTIVITY_TYPE_UPDATE_ROOT_QUORUM" | "ACTIVITY_TYPE_UPDATE_USER_TAG" | "ACTIVITY_TYPE_UPDATE_PRIVATE_KEY_TAG";
+    v1ActivityType: "ACTIVITY_TYPE_CREATE_API_KEYS" | "ACTIVITY_TYPE_CREATE_USERS" | "ACTIVITY_TYPE_CREATE_PRIVATE_KEYS" | "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD" | "ACTIVITY_TYPE_CREATE_INVITATIONS" | "ACTIVITY_TYPE_ACCEPT_INVITATION" | "ACTIVITY_TYPE_CREATE_POLICY" | "ACTIVITY_TYPE_DISABLE_PRIVATE_KEY" | "ACTIVITY_TYPE_DELETE_USERS" | "ACTIVITY_TYPE_DELETE_API_KEYS" | "ACTIVITY_TYPE_DELETE_INVITATION" | "ACTIVITY_TYPE_DELETE_ORGANIZATION" | "ACTIVITY_TYPE_DELETE_POLICY" | "ACTIVITY_TYPE_CREATE_USER_TAG" | "ACTIVITY_TYPE_DELETE_USER_TAGS" | "ACTIVITY_TYPE_CREATE_ORGANIZATION" | "ACTIVITY_TYPE_SIGN_TRANSACTION" | "ACTIVITY_TYPE_APPROVE_ACTIVITY" | "ACTIVITY_TYPE_REJECT_ACTIVITY" | "ACTIVITY_TYPE_DELETE_AUTHENTICATORS" | "ACTIVITY_TYPE_CREATE_AUTHENTICATORS" | "ACTIVITY_TYPE_CREATE_PRIVATE_KEY_TAG" | "ACTIVITY_TYPE_DELETE_PRIVATE_KEY_TAGS" | "ACTIVITY_TYPE_SET_PAYMENT_METHOD" | "ACTIVITY_TYPE_ACTIVATE_BILLING_TIER" | "ACTIVITY_TYPE_DELETE_PAYMENT_METHOD" | "ACTIVITY_TYPE_CREATE_POLICY_V2" | "ACTIVITY_TYPE_CREATE_POLICY_V3" | "ACTIVITY_TYPE_CREATE_API_ONLY_USERS" | "ACTIVITY_TYPE_UPDATE_ROOT_QUORUM" | "ACTIVITY_TYPE_UPDATE_USER_TAG" | "ACTIVITY_TYPE_UPDATE_PRIVATE_KEY_TAG" | "ACTIVITY_TYPE_CREATE_AUTHENTICATORS_V2" | "ACTIVITY_TYPE_CREATE_ORGANIZATION_V2" | "ACTIVITY_TYPE_CREATE_USERS_V2" | "ACTIVITY_TYPE_ACCEPT_INVITATION_V2" | "ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION" | "ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V2";
     v1ApiKey: {
         credential: definitions["v1Credential"];
         /** @description Unique identifier for a given API Key. */
@@ -314,14 +342,31 @@ export type definitions = {
         organizationId: string;
         parameters: definitions["v1ApproveActivityIntent"];
     };
+    v1Attestation: {
+        /**
+         * @inject_tag: validate:"required,max=256"
+         * @description The cbor encoded then base64 url encoded id of the credential.
+         */
+        credentialId: string;
+        /**
+         * @inject_tag: validate:"required"
+         * @description A base64 url encoded payload containing metadata about the signing context and the challenge.
+         */
+        clientDataJson: string;
+        /**
+         * @inject_tag: validate:"required"
+         * @description A base64 url encoded payload containing authenticator data and any attestation the webauthn provider chooses.
+         */
+        attestationObject: string;
+        /** @description The type of authenticator transports. */
+        transports: definitions["immutablewebauthnv1AuthenticatorTransport"][];
+    };
     v1Authenticator: {
         /** @description Types of transports that may be used by an Authenticator (e.g., USB, NFC, BLE). */
         transports: definitions["externaldatav1AuthenticatorTransport"][];
         attestationType: string;
         /** @description Identifier indicating the type of the Security Key. */
         aaguid: string;
-        /** @description Unique identifier for a given User. */
-        userId: string;
         /** @description Unique identifier for a WebAuthn credential. */
         credentialId: string;
         /** @description The type of Authenticator device. */
@@ -361,6 +406,19 @@ export type definitions = {
          */
         challenge: string;
     };
+    v1AuthenticatorParamsV2: {
+        /**
+         * @inject_tag: validate:"required,tk_label_length,tk_label"
+         * @description Human-readable name for an Authenticator.
+         */
+        authenticatorName: string;
+        /**
+         * @inject_tag: validate:"required,max=256"
+         * @description Challenge presented for authentication purposes.
+         */
+        challenge: string;
+        attestation: definitions["v1Attestation"];
+    };
     v1CreateApiKeysIntent: {
         /**
          * @inject_tag: validate:"dive,required"
@@ -418,6 +476,27 @@ export type definitions = {
          */
         userId: string;
     };
+    v1CreateAuthenticatorsIntentV2: {
+        /**
+         * @inject_tag: validate:"dive,required"
+         * @description A list of Authenticators.
+         */
+        authenticators: definitions["v1AuthenticatorParamsV2"][];
+        /**
+         * @inject_tag: validate:"required,uuid"
+         * @description Unique identifier for a given User.
+         */
+        userId: string;
+    };
+    v1CreateAuthenticatorsRequest: {
+        /** @enum {string} */
+        type: "ACTIVITY_TYPE_CREATE_AUTHENTICATORS_V2";
+        /** @description Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */
+        timestampMs: string;
+        /** @description Unique identifier for a given Organization. */
+        organizationId: string;
+        parameters: definitions["v1CreateAuthenticatorsIntentV2"];
+    };
     v1CreateAuthenticatorsResult: {
         /** @description A list of Authenticator IDs. */
         authenticatorIds: string[];
@@ -460,6 +539,24 @@ export type definitions = {
          */
         rootUserId?: string;
     };
+    v1CreateOrganizationIntentV2: {
+        /**
+         * @inject_tag: validate:"required,tk_label_length"
+         * @description Human-readable name for an Organization.
+         */
+        organizationName: string;
+        /**
+         * @inject_tag: validate:"required,email,tk_email"
+         * @description The root user's email address.
+         */
+        rootEmail: string;
+        rootAuthenticator: definitions["v1AuthenticatorParamsV2"];
+        /**
+         * @inject_tag: validate:"uuid"
+         * @description Unique identifier for the root user object.
+         */
+        rootUserId?: string;
+    };
     v1CreateOrganizationResult: {
         /** @description Unique identifier for a given Organization. */
         organizationId: string;
@@ -556,6 +653,44 @@ export type definitions = {
         /** @description A list of Private Key IDs. */
         privateKeyIds: string[];
     };
+    v1CreateSubOrganizationIntent: {
+        /**
+         * @inject_tag: validate:"omitempty,tk_label,tk_label_length"
+         * @description Name for this sub-organization
+         */
+        name: string;
+        rootAuthenticator: definitions["v1AuthenticatorParamsV2"];
+    };
+    v1CreateSubOrganizationIntentV2: {
+        /**
+         * @inject_tag: validate:"omitempty,tk_label,tk_label_length"
+         * @description Name for this sub-organization
+         */
+        subOrganizationName: string;
+        /**
+         * @inject_tag: validate:"required"
+         * @description Root users to create within this sub-organization
+         */
+        rootUsers: definitions["v1RootUserParams"][];
+        /**
+         * @inject_tag: validate:"required"
+         * Format: int32
+         * @description The threshold of unique approvals to reach root quorum. This value must be less than or equal to the number of root users
+         */
+        rootQuorumThreshold: number;
+    };
+    v1CreateSubOrganizationRequest: {
+        /** @enum {string} */
+        type: "ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V2";
+        /** @description Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */
+        timestampMs: string;
+        /** @description Unique identifier for a given Organization. */
+        organizationId: string;
+        parameters: definitions["v1CreateSubOrganizationIntentV2"];
+    };
+    v1CreateSubOrganizationResult: {
+        subOrganizationId: string;
+    };
     v1CreateUserTagIntent: {
         /**
          * @inject_tag: validate:"required,tk_label,tk_label_length"
@@ -581,14 +716,21 @@ export type definitions = {
          */
         users: definitions["v1UserParams"][];
     };
+    v1CreateUsersIntentV2: {
+        /**
+         * @inject_tag: validate:"required,dive,required"
+         * @description A list of Users.
+         */
+        users: definitions["v1UserParamsV2"][];
+    };
     v1CreateUsersRequest: {
         /** @enum {string} */
-        type: "ACTIVITY_TYPE_CREATE_USERS";
+        type: "ACTIVITY_TYPE_CREATE_USERS_V2";
         /** @description Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */
         timestampMs: string;
         /** @description Unique identifier for a given Organization. */
         organizationId: string;
-        parameters: definitions["v1CreateUsersIntent"];
+        parameters: definitions["v1CreateUsersIntentV2"];
     };
     v1CreateUsersResult: {
         /** @description A list of User IDs. */
@@ -886,6 +1028,12 @@ export type definitions = {
         updateRootQuorumIntent?: definitions["v1UpdateRootQuorumIntent"];
         updateUserTagIntent?: definitions["v1UpdateUserTagIntent"];
         updatePrivateKeyTagIntent?: definitions["v1UpdatePrivateKeyTagIntent"];
+        createAuthenticatorsIntentV2?: definitions["v1CreateAuthenticatorsIntentV2"];
+        acceptInvitationIntentV2?: definitions["v1AcceptInvitationIntentV2"];
+        createOrganizationIntentV2?: definitions["v1CreateOrganizationIntentV2"];
+        createUsersIntentV2?: definitions["v1CreateUsersIntentV2"];
+        createSubOrganizationIntent?: definitions["v1CreateSubOrganizationIntent"];
+        createSubOrganizationIntentV2?: definitions["v1CreateSubOrganizationIntentV2"];
     };
     v1Invitation: {
         /** @description Unique identifier for a given Invitation object. */
@@ -928,6 +1076,9 @@ export type definitions = {
     };
     /** @enum {string} */
     v1InvitationStatus: "INVITATION_STATUS_CREATED" | "INVITATION_STATUS_ACCEPTED" | "INVITATION_STATUS_REVOKED";
+    v1NOOPCodegenAnchorResponse: {
+        stamp: definitions["v1WebAuthnStamp"];
+    };
     /**
      * @description This proto definition is used in our external-facing APIs.
      * It's important to leverage annotations because they're used in our external interfaces.
@@ -940,13 +1091,8 @@ export type definitions = {
         privateKeys?: definitions["v1PrivateKey"][];
         invitations?: definitions["v1Invitation"][];
         tags?: definitions["datav1Tag"][];
-        deletedUsers?: definitions["v1User"][];
-        deletedPolicies?: definitions["v1Policy"][];
         disabledPrivateKeys?: definitions["v1PrivateKey"][];
-        deletedInvitations?: definitions["v1Invitation"][];
-        deletedApiKeys?: definitions["v1ApiKey"][];
-        deletedAuthenticators?: definitions["v1Authenticator"][];
-        deletedTags?: definitions["datav1Tag"][];
+        rootQuorum?: definitions["v1Quorum"];
     };
     v1Pagination: {
         /**
@@ -1032,6 +1178,15 @@ export type definitions = {
         response: definitions["v1AuthenticatorAttestationResponse"];
         clientExtensionResults: definitions["v1SimpleClientExtensionResults"];
     };
+    v1Quorum: {
+        /**
+         * Format: int32
+         * @description Count of unique approvals required to meet quorum.
+         */
+        threshold: number;
+        /** @description Unique identifiers of quorum set members. */
+        userIds: string[];
+    };
     v1RejectActivityIntent: {
         /**
          * @inject_tag: validate:"required"
@@ -1078,6 +1233,29 @@ export type definitions = {
         updateRootQuorumResult?: definitions["v1UpdateRootQuorumResult"];
         updateUserTagResult?: definitions["v1UpdateUserTagResult"];
         updatePrivateKeyTagResult?: definitions["v1UpdatePrivateKeyTagResult"];
+        createSubOrganizationResult?: definitions["v1CreateSubOrganizationResult"];
+    };
+    v1RootUserParams: {
+        /**
+         * @inject_tag: validate:"required,tk_label_length,tk_label"
+         * @description Human-readable name for a User.
+         */
+        userName: string;
+        /**
+         * @inject_tag: validate:"omitempty,email,tk_email"
+         * @description The user's email address.
+         */
+        userEmail?: string;
+        /**
+         * @inject_tag: validate:"dive"
+         * @description A list of API Key parameters.
+         */
+        apiKeys: definitions["v1ApiKeyParams"][];
+        /**
+         * @inject_tag: validate:"dive"
+         * @description A list of Authenticator parameters.
+         */
+        authenticators: definitions["v1AuthenticatorParamsV2"][];
     };
     v1SelectorV2: {
         subject?: string;
@@ -1234,11 +1412,20 @@ export type definitions = {
          */
         threshold: number;
         /**
-         * @inject_tag: validate:"required,uuid"
+         * @inject_tag: validate:"dive,uuid"
          * @description The unique identifiers of users who comprise the quorum set.
          */
         userIds: string[];
     };
+    v1UpdateRootQuorumRequest: {
+        /** @enum {string} */
+        type: "ACTIVITY_TYPE_UPDATE_ROOT_QUORUM";
+        /** @description Timestamp (in milliseconds) of the request, used to verify liveness of user requests. */
+        timestampMs: string;
+        /** @description Unique identifier for a given Organization. */
+        organizationId: string;
+        parameters: definitions["v1UpdateRootQuorumIntent"];
+    };
     v1UpdateRootQuorumResult: {
         [key: string]: unknown;
     };
@@ -1325,6 +1512,34 @@ export type definitions = {
          */
         userTags: string[];
     };
+    v1UserParamsV2: {
+        /**
+         * @inject_tag: validate:"required,tk_label_length,tk_label"
+         * @description Human-readable name for a User.
+         */
+        userName: string;
+        /**
+         * @inject_tag: validate:"omitempty,email,tk_email"
+         * @description The user's email address.
+         */
+        userEmail?: string;
+        accessType: definitions["immutableactivityv1AccessType"];
+        /**
+         * @inject_tag: validate:"dive,uuid"
+         * @description A list of API Key parameters.
+         */
+        apiKeys: definitions["v1ApiKeyParams"][];
+        /**
+         * @inject_tag: validate:"dive"
+         * @description A list of Authenticator parameters.
+         */
+        authenticators: definitions["v1AuthenticatorParamsV2"][];
+        /**
+         * @inject_tag: validate:"dive,uuid"
+         * @description A list of User Tag IDs.
+         */
+        userTags: string[];
+    };
     /** @description Object representing a particular User's approval or rejection of a Consensus request, including all relevant metadata. */
     v1Vote: {
         /** @description Unique identifier for a given Vote object. */
@@ -1346,6 +1561,17 @@ export type definitions = {
         scheme: string;
         createdAt: definitions["v1Timestamp"];
     };
+    /** We expect this to be passed in as a JSON-encoded, then base64-encoded string within a X-Stamp-Webauthn header */
+    v1WebAuthnStamp: {
+        /** @description A base64 url encoded Unique identifier for a given credential. */
+        credentialId: string;
+        /** @description A base64 encoded payload containing metadata about the signing context and the challenge. */
+        clientDataJson: string;
+        /** @description A base64 encoded payload containing metadata about the authenticator. */
+        authenticatorData: string;
+        /** @description The base64 url encoded signature bytes contained within the WebAuthn assertion response. */
+        signature: string;
+    };
 };
 export type operations = {
     /** Get details about an Activity */
@@ -1686,6 +1912,32 @@ export type operations = {
             };
         };
     };
+    /** Create Authenticators to authenticate requests to Turnkey */
+    PublicApiService_CreateAuthenticators: {
+        parameters: {
+            body: {
+                body: definitions["v1CreateAuthenticatorsRequest"];
+            };
+        };
+        responses: {
+            /** A successful response. */
+            200: {
+                schema: definitions["v1ActivityResponse"];
+            };
+            /** Returned when the user does not have permission to access the resource. */
+            403: {
+                schema: unknown;
+            };
+            /** Returned when the resource does not exist. */
+            404: {
+                schema: string;
+            };
+            /** An unexpected error response. */
+            default: {
+                schema: definitions["rpcStatus"];
+            };
+        };
+    };
     /** Create Invitations to join an existing Organization */
     PublicApiService_CreateInvitations: {
         parameters: {
@@ -1764,6 +2016,32 @@ export type operations = {
             };
         };
     };
+    /** Create a new Sub-Organization */
+    PublicApiService_CreateSubOrganization: {
+        parameters: {
+            body: {
+                body: definitions["v1CreateSubOrganizationRequest"];
+            };
+        };
+        responses: {
+            /** A successful response. */
+            200: {
+                schema: definitions["v1ActivityResponse"];
+            };
+            /** Returned when the user does not have permission to access the resource. */
+            403: {
+                schema: unknown;
+            };
+            /** Returned when the resource does not exist. */
+            404: {
+                schema: string;
+            };
+            /** An unexpected error response. */
+            default: {
+                schema: definitions["rpcStatus"];
+            };
+        };
+    };
     /** Create Users in an existing Organization */
     PublicApiService_CreateUsers: {
         parameters: {
@@ -1972,6 +2250,32 @@ export type operations = {
             };
         };
     };
+    /** Set the threshold and members of the root quorum. This must be approved by the current root quorum. */
+    PublicApiService_UpdateRootQuorum: {
+        parameters: {
+            body: {
+                body: definitions["v1UpdateRootQuorumRequest"];
+            };
+        };
+        responses: {
+            /** A successful response. */
+            200: {
+                schema: definitions["v1ActivityResponse"];
+            };
+            /** Returned when the user does not have permission to access the resource. */
+            403: {
+                schema: unknown;
+            };
+            /** Returned when the resource does not exist. */
+            404: {
+                schema: string;
+            };
+            /** An unexpected error response. */
+            default: {
+                schema: definitions["rpcStatus"];
+            };
+        };
+    };
     /** Update human-readable name or associated users. Note that this activity is atomic: all of the updates will succeed at once, or all of them will fail. */
     PublicApiService_UpdateUserTag: {
         parameters: {
@@ -1998,6 +2302,26 @@ export type operations = {
             };
         };
     };
+    PublicApiService_NOOPCodegenAnchor: {
+        responses: {
+            /** A successful response. */
+            200: {
+                schema: definitions["v1NOOPCodegenAnchorResponse"];
+            };
+            /** Returned when the user does not have permission to access the resource. */
+            403: {
+                schema: unknown;
+            };
+            /** Returned when the resource does not exist. */
+            404: {
+                schema: string;
+            };
+            /** An unexpected error response. */
+            default: {
+                schema: definitions["rpcStatus"];
+            };
+        };
+    };
     /** Get details about a Private Key */
     PublicApiService_GetPrivateKeyBackwardsCompat: {
         parameters: {