@authhero/adapter-interfaces 0.133.0 → 0.135.0

package/dist/adapter-interfaces.mjs

@@ -1,21 +1,21 @@
 import { z as e } from "@hono/zod-openapi";
-const r = e.object({
+const p = e.object({
   created_at: e.string(),
   updated_at: e.string()
-}), ot = e.enum(["AUTH0", "EMAIL", "REDIRECT"]), tt = e.enum([
+}), at = e.enum(["AUTH0", "EMAIL", "REDIRECT"]), st = e.enum([
   "CREATE_USER",
   "GET_USER",
   "UPDATE_USER",
   "SEND_REQUEST",
   "SEND_EMAIL"
-]), nt = e.enum(["VERIFY_EMAIL"]), P = e.object({
+]), rt = e.enum(["VERIFY_EMAIL"]), B = e.object({
   require_mx_record: e.boolean().optional(),
   block_aliases: e.boolean().optional(),
   block_free_emails: e.boolean().optional(),
   block_disposable_emails: e.boolean().optional(),
   blocklist: e.array(e.string()).optional(),
   allowlist: e.array(e.string()).optional()
-}), M = e.object({
+}), W = e.object({
   id: e.string(),
   alias: e.string().max(100).optional(),
   type: e.literal("AUTH0"),
@@ -27,7 +27,7 @@ const r = e.object({
     user_id: e.string(),
     changes: e.record(e.string(), e.any())
   })
-}), H = e.object({
+}), K = e.object({
   id: e.string(),
   alias: e.string().max(100).optional(),
   type: e.literal("EMAIL"),
@@ -36,9 +36,9 @@ const r = e.object({
   mask_output: e.boolean().optional(),
   params: e.object({
     email: e.string(),
-    rules: P.optional()
+    rules: B.optional()
   })
-}), G = e.enum(["change-email", "account", "custom"]), B = e.object({
+}), z = e.enum(["change-email", "account", "custom"]), X = e.object({
   id: e.string(),
   alias: e.string().max(100).optional(),
   type: e.literal("REDIRECT"),
@@ -46,32 +46,32 @@ const r = e.object({
   allow_failure: e.boolean().optional(),
   mask_output: e.boolean().optional(),
   params: e.object({
-    target: G.openapi({
+    target: z.openapi({
       description: "The predefined target to redirect to, or 'custom' for a custom URL"
     }),
     custom_url: e.string().optional().openapi({
       description: "Custom URL to redirect to when target is 'custom'"
     })
   })
-}), K = e.union([
-  M,
-  H,
-  B
-]), W = e.object({
+}), V = e.union([
+  W,
+  K,
+  X
+]), q = e.object({
   name: e.string().min(1).max(150).openapi({
     description: "The name of the flow"
   }),
   // Actions is an array of action steps (Auth0 stores as JSON blob)
-  actions: e.array(K).optional().default([]).openapi({
+  actions: e.array(V).optional().default([]).openapi({
     description: "The list of actions to execute in sequence"
   })
-}), it = W.extend({
-  ...r.shape,
+}), lt = q.extend({
+  ...p.shape,
   id: e.string().openapi({
     description: "Unique identifier for the flow",
     example: "af_12tMpdJ3iek7svMyZkSh5M"
   })
-}), at = e.object({
+}), ct = e.object({
   page: e.string().min(0).optional().default("0").transform((o) => parseInt(o, 10)).openapi({
     description: "The page number where 0 is the first page"
   }),
@@ -87,12 +87,12 @@ const r = e.object({
   q: e.string().optional().openapi({
     description: "A lucene query string used to filter the results"
   })
-}), rt = e.object({
+}), pt = e.object({
   start: e.number(),
   limit: e.number(),
   length: e.number(),
   total: e.number().optional()
-}), z = e.object({
+}), Y = e.object({
   email: e.string().optional(),
   email_verified: e.boolean().optional(),
   name: e.string().optional(),
@@ -101,7 +101,7 @@ const r = e.object({
   phone_number: e.string().optional(),
   phone_verified: e.boolean().optional(),
   family_name: e.string().optional()
-}).catchall(e.any()), X = e.object({
+}).catchall(e.any()), Q = e.object({
   connection: e.string(),
   user_id: e.string(),
   provider: e.string(),
@@ -109,8 +109,8 @@ const r = e.object({
   access_token: e.string().optional(),
   access_token_secret: e.string().optional(),
   refresh_token: e.string().optional(),
-  profileData: z.optional()
-}), V = e.object({
+  profileData: Y.optional()
+}), J = e.object({
   formatted: e.string().optional(),
   // Full mailing address
   street_address: e.string().optional(),
@@ -123,9 +123,11 @@ const r = e.object({
   // Zip code or postal code
   country: e.string().optional()
   // Country name
-}).optional(), I = e.object({
+}).optional(), N = e.object({
   email: e.string().optional().transform((o) => o && o.toLowerCase()),
-  username: e.string().optional(),
+  username: e.string().refine((o) => !o.includes("@"), {
+    message: 'Usernames must not contain "@". Use the email field for email addresses.'
+  }).optional(),
   phone_number: e.string().optional(),
   phone_verified: e.boolean().optional(),
   // OIDC phone scope claim (phone_number_verified)
@@ -153,8 +155,8 @@ const r = e.object({
   zoneinfo: e.string().optional(),
   // e.g., "Europe/Paris"
   // OIDC address claim (OIDC Core 5.1.1)
-  address: V
-}), q = I.extend({
+  address: J
+}), Z = N.extend({
   email_verified: e.boolean().default(!1),
   verify_email: e.boolean().optional(),
   last_ip: e.string().optional(),
@@ -169,29 +171,29 @@ const r = e.object({
     hash: e.string(),
     algorithm: e.string()
   }).optional()
-}), Y = e.object({
-  ...q.omit({ password: !0 }).shape,
-  ...r.shape,
+}), $ = e.object({
+  ...Z.omit({ password: !0 }).shape,
+  ...p.shape,
   user_id: e.string(),
   provider: e.string(),
   is_social: e.boolean(),
   email: e.string().optional(),
   login_count: e.number().default(0),
-  identities: e.array(X).optional()
-}), st = Y, lt = I.extend({
+  identities: e.array(Q).optional()
+}), _t = $, dt = N.extend({
   login_count: e.number(),
   multifactor: e.array(e.string()).optional(),
   last_ip: e.string().optional(),
   last_login: e.string().optional(),
   user_id: e.string()
-}).catchall(e.any()), Q = "useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict";
-let J = (o = 21) => {
-  let a = "", s = crypto.getRandomValues(new Uint8Array(o |= 0));
+}).catchall(e.any()), ee = "useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict";
+let oe = (o = 21) => {
+  let n = "", i = crypto.getRandomValues(new Uint8Array(o |= 0));
   for (; o--; )
-    a += Q[s[o] & 63];
-  return a;
+    n += ee[i[o] & 63];
+  return n;
 };
-const Z = e.object({
+const te = e.object({
   client_id: e.string().openapi({
     description: "ID of this client."
   }),
@@ -204,7 +206,7 @@ const Z = e.object({
   global: e.boolean().default(!1).openapi({
     description: "Whether this is your global 'All Applications' client representing legacy tenant settings (true) or a regular client (false)."
   }),
-  client_secret: e.string().default(() => J()).optional().openapi({
+  client_secret: e.string().default(() => oe()).optional().openapi({
     description: "Client secret (which you must not make public)."
   }),
   app_type: e.enum([
@@ -364,11 +366,11 @@ const Z = e.object({
     description: "Specifies how long, in seconds, a Pushed Authorization Request URI remains valid"
   }),
   token_quota: e.record(e.any()).default({}).optional()
-}), ct = e.object({
+}), gt = e.object({
   created_at: e.string(),
   updated_at: e.string(),
-  ...Z.shape
-}), $ = e.object({
+  ...te.shape
+}), ne = e.object({
   client_id: e.string().min(1).openapi({
     description: "ID of the client."
   }),
@@ -393,23 +395,23 @@ const Z = e.object({
   authorization_details_types: e.array(e.string()).optional().openapi({
     description: "Types of authorization_details allowed for this client grant. Use of this field is subject to the applicable Free Trial terms in Okta's Master Subscription Agreement."
   })
-}), ee = e.object({
+}), ie = e.object({
   id: e.string().openapi({
     description: "ID of the client grant."
   }),
-  ...$.shape,
+  ...ne.shape,
   created_at: e.string().optional(),
   updated_at: e.string().optional()
-}), pt = e.array(ee), c = e.object({
+}), ut = e.array(ie), u = e.object({
   x: e.number(),
   y: e.number()
 });
-var C = /* @__PURE__ */ ((o) => (o.RICH_TEXT = "RICH_TEXT", o.NEXT_BUTTON = "NEXT_BUTTON", o.BACK_BUTTON = "BACK_BUTTON", o.SUBMIT_BUTTON = "SUBMIT_BUTTON", o.DIVIDER = "DIVIDER", o.TEXT = "TEXT", o.EMAIL = "EMAIL", o.PASSWORD = "PASSWORD", o.NUMBER = "NUMBER", o.PHONE = "PHONE", o.DATE = "DATE", o.CHECKBOX = "CHECKBOX", o.RADIO = "RADIO", o.SELECT = "SELECT", o.HIDDEN = "HIDDEN", o.LEGAL = "LEGAL", o))(C || {}), y = /* @__PURE__ */ ((o) => (o.BLOCK = "BLOCK", o.FIELD = "FIELD", o))(y || {});
-const u = e.object({
+var R = /* @__PURE__ */ ((o) => (o.RICH_TEXT = "RICH_TEXT", o.NEXT_BUTTON = "NEXT_BUTTON", o.BACK_BUTTON = "BACK_BUTTON", o.SUBMIT_BUTTON = "SUBMIT_BUTTON", o.DIVIDER = "DIVIDER", o.TEXT = "TEXT", o.EMAIL = "EMAIL", o.PASSWORD = "PASSWORD", o.NUMBER = "NUMBER", o.PHONE = "PHONE", o.DATE = "DATE", o.CHECKBOX = "CHECKBOX", o.RADIO = "RADIO", o.SELECT = "SELECT", o.HIDDEN = "HIDDEN", o.LEGAL = "LEGAL", o))(R || {}), w = /* @__PURE__ */ ((o) => (o.BLOCK = "BLOCK", o.FIELD = "FIELD", o))(w || {});
+const I = e.object({
   id: e.string(),
-  category: e.nativeEnum(y),
-  type: e.nativeEnum(C)
-}), oe = u.extend({
+  category: e.nativeEnum(w),
+  type: e.nativeEnum(R)
+}), ae = I.extend({
   category: e.literal(
     "BLOCK"
     /* BLOCK */
@@ -421,7 +423,7 @@ const u = e.object({
   config: e.object({
     content: e.string()
   }).passthrough()
-}), te = u.extend({
+}), se = I.extend({
   category: e.literal(
     "BLOCK"
     /* BLOCK */
@@ -443,7 +445,7 @@ const u = e.object({
   config: e.object({
     text: e.string()
   }).passthrough()
-}), ne = u.extend({
+}), re = I.extend({
   category: e.literal(
     "FIELD"
     /* FIELD */
@@ -457,7 +459,7 @@ const u = e.object({
   config: e.object({
     text: e.string()
   }).passthrough()
-}), ie = u.extend({
+}), le = I.extend({
   category: e.literal(
     "FIELD"
     /* FIELD */
@@ -510,49 +512,49 @@ const u = e.object({
     label: e.string().optional(),
     placeholder: e.string().optional()
   }).passthrough()
-}), ae = e.object({
+}), ce = e.object({
   id: e.string(),
   category: e.string(),
   type: e.string()
-}).passthrough(), re = e.union([
-  oe,
-  te,
-  ne,
-  ie,
-  ae
+}).passthrough(), pe = e.union([
+  ae,
+  se,
+  re,
+  le,
+  ce
 ]);
-var se = /* @__PURE__ */ ((o) => (o.STEP = "STEP", o.FLOW = "FLOW", o.CONDITION = "CONDITION", o.ACTION = "ACTION", o))(se || {});
-const le = e.object({
+var _e = /* @__PURE__ */ ((o) => (o.STEP = "STEP", o.FLOW = "FLOW", o.CONDITION = "CONDITION", o.ACTION = "ACTION", o))(_e || {});
+const de = e.object({
   id: e.string(),
   type: e.literal(
     "STEP"
     /* STEP */
   ),
-  coordinates: c,
+  coordinates: u,
   alias: e.string().optional(),
   config: e.object({
-    components: e.array(re),
+    components: e.array(pe),
     next_node: e.string()
   }).passthrough()
-}), ce = e.object({
+}), ge = e.object({
   id: e.string(),
   type: e.literal(
     "FLOW"
     /* FLOW */
   ),
-  coordinates: c,
+  coordinates: u,
   alias: e.string().optional(),
   config: e.object({
     flow_id: e.string(),
     next_node: e.string()
   })
-}), pe = e.object({
+}), ue = e.object({
   id: e.string(),
   type: e.literal(
     "ACTION"
     /* ACTION */
   ),
-  coordinates: c,
+  coordinates: u,
   alias: e.string().optional(),
   config: e.object({
     action_type: e.enum(["REDIRECT"]).openapi({
@@ -568,47 +570,47 @@ const le = e.object({
       description: "The next node to navigate to after action (for non-redirect actions)"
     })
   }).passthrough()
-}), _e = e.object({
+}), me = e.object({
   id: e.string(),
   type: e.string(),
-  coordinates: c
-}).passthrough(), de = e.union([
-  le,
-  ce,
-  pe,
-  _e
-]), ge = e.object({
+  coordinates: u
+}).passthrough(), he = e.union([
+  de,
+  ge,
+  ue,
+  me
+]), be = e.object({
   next_node: e.string(),
-  coordinates: c
-}).passthrough(), ue = e.object({
+  coordinates: u
+}).passthrough(), fe = e.object({
   resume_flow: e.boolean().optional(),
-  coordinates: c
-}).passthrough(), me = e.object({
+  coordinates: u
+}).passthrough(), Ee = e.object({
   id: e.string(),
   name: e.string(),
   languages: e.object({
     primary: e.string()
   }).passthrough(),
-  nodes: e.array(de),
-  start: ge,
-  ending: ue,
+  nodes: e.array(he),
+  start: be,
+  ending: fe,
   created_at: e.string(),
   updated_at: e.string(),
   links: e.object({
     sdkSrc: e.string().optional(),
     sdk_src: e.string().optional()
   }).passthrough()
-}).passthrough(), _t = me.omit({
+}).passthrough(), mt = Ee.omit({
   id: !0,
   created_at: !0,
   updated_at: !0
 });
-var T = /* @__PURE__ */ ((o) => (o.TOKEN = "token", o.ID_TOKEN = "id_token", o.TOKEN_ID_TOKEN = "token id_token", o.CODE = "code", o))(T || {}), O = /* @__PURE__ */ ((o) => (o.QUERY = "query", o.FRAGMENT = "fragment", o.FORM_POST = "form_post", o.WEB_MESSAGE = "web_message", o.SAML_POST = "saml_post", o))(O || {}), N = /* @__PURE__ */ ((o) => (o.S256 = "S256", o.Plain = "plain", o))(N || {});
-const he = e.object({
+var D = /* @__PURE__ */ ((o) => (o.TOKEN = "token", o.ID_TOKEN = "id_token", o.TOKEN_ID_TOKEN = "token id_token", o.CODE = "code", o))(D || {}), j = /* @__PURE__ */ ((o) => (o.QUERY = "query", o.FRAGMENT = "fragment", o.FORM_POST = "form_post", o.WEB_MESSAGE = "web_message", o.SAML_POST = "saml_post", o))(j || {}), L = /* @__PURE__ */ ((o) => (o.S256 = "S256", o.Plain = "plain", o))(L || {});
+const Se = e.object({
   client_id: e.string(),
   act_as: e.string().optional(),
-  response_type: e.nativeEnum(T).optional(),
-  response_mode: e.nativeEnum(O).optional(),
+  response_type: e.nativeEnum(D).optional(),
+  response_mode: e.nativeEnum(j).optional(),
   redirect_uri: e.string().optional(),
   audience: e.string().optional(),
   organization: e.string().optional(),
@@ -616,7 +618,7 @@ const he = e.object({
   nonce: e.string().optional(),
   scope: e.string().optional(),
   prompt: e.string().optional(),
-  code_challenge_method: e.nativeEnum(N).optional(),
+  code_challenge_method: e.nativeEnum(L).optional(),
   code_challenge: e.string().optional(),
   username: e.string().optional(),
   ui_locales: e.string().optional(),
@@ -628,7 +630,7 @@ const he = e.object({
   acr_values: e.string().optional(),
   // The following fields are not available in Auth0
   vendor_id: e.string().optional()
-}), dt = e.object({
+}), ht = e.object({
   colors: e.object({
     primary: e.string(),
     page_background: e.object({
@@ -644,14 +646,14 @@ const he = e.object({
   font: e.object({
     url: e.string()
   }).optional()
-}), be = e.enum([
+}), Ae = e.enum([
   "password_reset",
   "email_verification",
   "otp",
   "authorization_code",
   "oauth2_state",
   "ticket"
-]), fe = e.object({
+]), Ie = e.object({
   code_id: e.string().openapi({
     description: "The code that will be used in for instance an email verification flow"
   }),
@@ -661,7 +663,7 @@ const he = e.object({
   connection_id: e.string().optional().openapi({
     description: "The connection that the code is connected to"
   }),
-  code_type: be,
+  code_type: Ae,
   code_verifier: e.string().optional().openapi({
     description: "The code verifier used in PKCE in outbound flows"
   }),
@@ -683,10 +685,10 @@ const he = e.object({
   expires_at: e.string(),
   used_at: e.string().optional(),
   user_id: e.string().optional()
-}), gt = e.object({
-  ...fe.shape,
+}), bt = e.object({
+  ...Ie.shape,
   created_at: e.string()
-}), Ee = e.object({
+}), Ce = e.object({
   kid: e.string().optional(),
   team_id: e.string().optional(),
   realms: e.string().optional(),
@@ -721,13 +723,60 @@ const he = e.object({
   password_dictionary: e.object({
     enable: e.boolean().optional(),
     dictionary: e.array(e.string()).optional()
+  }).optional(),
+  // Disable signup for this connection
+  disable_signup: e.boolean().optional(),
+  // Brute force protection
+  brute_force_protection: e.boolean().optional(),
+  // Import mode
+  import_mode: e.boolean().optional(),
+  // Flexible Identifiers: attributes schema (replaces legacy requires_username)
+  attributes: e.object({
+    email: e.object({
+      identifier: e.object({
+        active: e.boolean().optional()
+      }).optional(),
+      signup: e.object({
+        status: e.enum(["required", "optional", "disabled"]).optional(),
+        verification: e.object({
+          active: e.boolean().optional()
+        }).optional()
+      }).optional(),
+      validation: e.object({
+        allowed: e.boolean().optional()
+      }).optional()
+    }).optional(),
+    username: e.object({
+      identifier: e.object({
+        active: e.boolean().optional()
+      }).optional(),
+      signup: e.object({
+        status: e.enum(["required", "optional", "disabled"]).optional()
+      }).optional(),
+      validation: e.object({
+        max_length: e.number().optional(),
+        min_length: e.number().optional(),
+        allowed_types: e.object({
+          email: e.boolean().optional(),
+          phone_number: e.boolean().optional()
+        }).optional()
+      }).optional()
+    }).optional()
+  }).optional(),
+  // Legacy username options (deprecated, use attributes instead)
+  requires_username: e.boolean().optional(),
+  validation: e.object({
+    username: e.object({
+      min: e.number().optional(),
+      max: e.number().optional()
+    }).optional()
   }).optional()
-}), Se = e.object({
+}), ye = e.object({
   id: e.string().optional(),
   name: e.string(),
   display_name: e.string().optional(),
   strategy: e.string(),
-  options: Ee.default({}),
+  options: Ce.default({}),
   enabled_clients: e.array(e.string()).default([]).optional(),
   response_type: e.custom().optional(),
   response_mode: e.custom().optional(),
@@ -735,11 +784,11 @@ const he = e.object({
   show_as_button: e.boolean().optional(),
   metadata: e.record(e.any()).optional(),
   is_system: e.boolean().optional()
-}), ut = e.object({
+}), ft = e.object({
   id: e.string(),
   created_at: e.string().transform((o) => o === null ? "" : o),
   updated_at: e.string().transform((o) => o === null ? "" : o)
-}).extend(Se.shape), Ae = e.object({
+}).extend(ye.shape), Oe = e.object({
   domain: e.string(),
   custom_domain_id: e.string().optional(),
   type: e.enum(["auth0_managed_certs", "self_managed_certs"]),
@@ -753,37 +802,37 @@ const he = e.object({
     "null"
   ]).optional(),
   domain_metadata: e.record(e.string().max(255)).optional()
-}), Ie = e.object({
+}), Te = e.object({
   name: e.literal("txt"),
   record: e.string(),
   domain: e.string()
-}), Ce = e.object({
-  ...Ae.shape,
+}), Ne = e.object({
+  ...Oe.shape,
   custom_domain_id: e.string(),
   primary: e.boolean(),
   status: e.enum(["disabled", "pending", "pending_verification", "ready"]),
   origin_domain_name: e.string().optional(),
   verification: e.object({
-    methods: e.array(Ie)
+    methods: e.array(Te)
   }).optional(),
   tls_policy: e.string().optional()
-}), mt = Ce.extend({
+}), Et = Ne.extend({
   tenant_id: e.string()
-}), f = e.object({
+}), y = e.object({
   id: e.string(),
   order: e.number().optional(),
   visible: e.boolean().optional().default(!0)
-}), i = f.extend({
+}), r = y.extend({
   category: e.literal("BLOCK").optional()
-}), ye = i.extend({
+}), Re = r.extend({
   type: e.literal("DIVIDER"),
   config: e.object({}).optional()
-}), Te = i.extend({
+}), we = r.extend({
   type: e.literal("HTML"),
   config: e.object({
     content: e.string().optional()
   }).optional()
-}), Oe = i.extend({
+}), De = r.extend({
   type: e.literal("IMAGE"),
   config: e.object({
     src: e.string().optional(),
@@ -791,66 +840,66 @@ const he = e.object({
     width: e.number().optional(),
     height: e.number().optional()
   }).optional()
-}), Ne = i.extend({
+}), je = r.extend({
   type: e.literal("JUMP_BUTTON"),
   config: e.object({
     text: e.string().optional(),
     target_step: e.string().optional()
   })
-}), Re = i.extend({
+}), Le = r.extend({
   type: e.literal("RESEND_BUTTON"),
   config: e.object({
     text: e.string().optional(),
     resend_action: e.string().optional()
   })
-}), De = i.extend({
+}), ve = r.extend({
   type: e.literal("NEXT_BUTTON"),
   config: e.object({
     text: e.string().optional()
   })
-}), we = i.extend({
+}), ke = r.extend({
   type: e.literal("PREVIOUS_BUTTON"),
   config: e.object({
     text: e.string().optional()
   })
-}), Le = i.extend({
+}), Ue = r.extend({
   type: e.literal("RICH_TEXT"),
   config: e.object({
     content: e.string().optional()
   }).optional()
-}), E = f.extend({
+}), O = y.extend({
   category: e.literal("WIDGET").optional(),
   label: e.string().min(1).optional(),
   hint: e.string().min(1).max(500).optional(),
   required: e.boolean().optional(),
   sensitive: e.boolean().optional()
-}), je = E.extend({
+}), Fe = O.extend({
   type: e.literal("AUTH0_VERIFIABLE_CREDENTIALS"),
   config: e.object({
     credential_type: e.string().optional()
   })
-}), ke = E.extend({
+}), xe = O.extend({
   type: e.literal("GMAPS_ADDRESS"),
   config: e.object({
     api_key: e.string().optional()
   })
-}), Ue = E.extend({
+}), Pe = O.extend({
   type: e.literal("RECAPTCHA"),
   config: e.object({
     site_key: e.string().optional()
   })
-}), t = f.extend({
+}), t = y.extend({
   category: e.literal("FIELD").optional(),
   label: e.string().min(1).optional(),
   hint: e.string().min(1).max(500).optional(),
   required: e.boolean().optional(),
   sensitive: e.boolean().optional()
-}), Fe = t.extend({
+}), Me = t.extend({
   type: e.literal("BOOLEAN"),
   config: e.object({
     default_value: e.boolean().optional()
   }).optional()
-}), ve = t.extend({
+}), He = t.extend({
   type: e.literal("CARDS"),
   config: e.object({
     options: e.array(
@@ -863,7 +912,7 @@ const he = e.object({
     ).optional(),
     multi_select: e.boolean().optional()
   }).optional()
-}), xe = t.extend({
+}), Ge = t.extend({
   type: e.literal("CHOICE"),
   config: e.object({
     options: e.array(
@@ -876,7 +925,7 @@ const he = e.object({
     multiple: e.boolean().optional(),
     default_value: e.union([e.string(), e.array(e.string())]).optional()
   }).optional()
-}), Pe = t.extend({
+}), Be = t.extend({
   type: e.literal("CUSTOM"),
   config: e.object({
     component: e.string().optional(),
@@ -884,14 +933,15 @@ const he = e.object({
     schema: e.record(e.any()).optional(),
     code: e.string().optional()
   })
-}), Me = t.extend({
+}), We = t.extend({
   type: e.literal("DATE"),
   config: e.object({
     format: e.string().optional(),
     min: e.string().optional(),
-    max: e.string().optional()
+    max: e.string().optional(),
+    default_value: e.string().optional()
   }).optional()
-}), He = t.extend({
+}), Ke = t.extend({
   type: e.literal("DROPDOWN"),
   config: e.object({
     options: e.array(
@@ -905,47 +955,50 @@ const he = e.object({
     multiple: e.boolean().optional(),
     default_value: e.union([e.string(), e.array(e.string())]).optional()
   }).optional()
-}), Ge = t.extend({
+}), ze = t.extend({
   type: e.literal("EMAIL"),
   config: e.object({
-    placeholder: e.string().optional()
+    placeholder: e.string().optional(),
+    default_value: e.string().optional()
   }).optional()
-}), Be = t.extend({
+}), Xe = t.extend({
   type: e.literal("FILE"),
   config: e.object({
     accept: e.string().optional(),
     max_size: e.number().optional(),
     multiple: e.boolean().optional()
   }).optional()
-}), Ke = t.extend({
+}), Ve = t.extend({
   type: e.literal("LEGAL"),
   config: e.object({
     text: e.string(),
     html: e.boolean().optional()
   }).optional()
-}), We = t.extend({
+}), qe = t.extend({
   type: e.literal("NUMBER"),
   config: e.object({
     placeholder: e.string().optional(),
     min: e.number().optional(),
     max: e.number().optional(),
-    step: e.number().optional()
+    step: e.number().optional(),
+    default_value: e.string().optional()
   }).optional()
-}), ze = t.extend({
+}), Ye = t.extend({
   type: e.literal("PASSWORD"),
   config: e.object({
     placeholder: e.string().optional(),
     min_length: e.number().optional(),
     show_toggle: e.boolean().optional(),
-    forgot_password_link: e.string().optional()
+    forgot_password_link: e.string().optional(),
+    default_value: e.string().optional()
   }).optional()
-}), Xe = t.extend({
+}), Qe = t.extend({
   type: e.literal("PAYMENT"),
   config: e.object({
     provider: e.string().optional(),
     currency: e.string().optional()
   }).optional()
-}), Ve = t.extend({
+}), Je = t.extend({
   type: e.literal("SOCIAL"),
   config: e.object({
     providers: e.array(e.string()).optional(),
@@ -959,59 +1012,75 @@ const he = e.object({
       })
     ).optional()
   }).optional()
-}), qe = t.extend({
+}), Ze = t.extend({
   type: e.literal("TEL"),
   config: e.object({
     placeholder: e.string().optional(),
-    default_country: e.string().optional()
+    default_country: e.string().optional(),
+    default_value: e.string().optional()
   }).optional()
-}), Ye = t.extend({
+}), $e = t.extend({
   type: e.literal("TEXT"),
   config: e.object({
     placeholder: e.string().optional(),
     multiline: e.boolean().optional(),
-    max_length: e.number().optional()
+    max_length: e.number().optional(),
+    default_value: e.string().optional()
   }).optional()
-}), Qe = t.extend({
+}), eo = t.extend({
   type: e.literal("URL"),
   config: e.object({
-    placeholder: e.string().optional()
+    placeholder: e.string().optional(),
+    default_value: e.string().optional()
   }).optional()
-}), Je = e.discriminatedUnion("type", [
-  ye,
-  Te,
-  Oe,
-  Ne,
+}), oo = e.discriminatedUnion("type", [
   Re,
-  De,
   we,
-  Le
-]), Ze = e.discriminatedUnion("type", [
+  De,
   je,
+  Le,
+  ve,
   ke,
   Ue
-]), $e = e.discriminatedUnion("type", [
+]), to = e.discriminatedUnion("type", [
   Fe,
-  ve,
   xe,
-  Pe,
+  Pe
+]), no = e.discriminatedUnion("type", [
   Me,
   He,
   Ge,
   Be,
-  Ke,
   We,
+  Ke,
   ze,
   Xe,
   Ve,
   qe,
   Ye,
-  Qe
-]), R = e.union([
+  Qe,
   Je,
   Ze,
-  $e
-]), ht = e.object({
+  $e,
+  eo
+]), v = e.union([
+  oo,
+  to,
+  no
+]), St = /* @__PURE__ */ new Set([
+  "BOOLEAN",
+  "CARDS",
+  "CHOICE",
+  "DATE",
+  "DROPDOWN",
+  "EMAIL",
+  "LEGAL",
+  "NUMBER",
+  "PASSWORD",
+  "TEL",
+  "TEXT",
+  "URL"
+]), At = e.object({
   id: e.string(),
   type: e.literal("submit"),
   label: e.string(),
@@ -1020,22 +1089,22 @@ const he = e.object({
   order: e.number().optional(),
   visible: e.boolean().optional().default(!0),
   customizations: e.record(e.string(), e.any()).optional()
-}), _ = e.object({
+}), b = e.object({
   x: e.number(),
   y: e.number()
-}), eo = e.object({
+}), io = e.object({
   id: e.string(),
   type: e.literal("FLOW"),
-  coordinates: _,
+  coordinates: b,
   alias: e.string().min(1).max(150).optional(),
   config: e.object({
     flow_id: e.string().max(30),
     next_node: e.string().optional()
   })
-}), oo = e.object({
+}), ao = e.object({
   id: e.string(),
   type: e.literal("ROUTER"),
-  coordinates: _,
+  coordinates: b,
   alias: e.string().min(1).max(150),
   config: e.object({
     rules: e.array(
@@ -1048,20 +1117,20 @@ const he = e.object({
     ),
     fallback: e.string()
   })
-}), to = e.object({
+}), so = e.object({
   id: e.string(),
   type: e.literal("STEP"),
-  coordinates: _,
+  coordinates: b,
   alias: e.string().min(1).max(150).optional(),
   config: e.object({
-    components: e.array(R),
+    components: e.array(v),
     next_node: e.string().optional()
   })
-}), no = e.discriminatedUnion("type", [
-  eo,
-  oo,
-  to
-]), io = e.object({
+}), ro = e.discriminatedUnion("type", [
+  io,
+  ao,
+  so
+]), lo = e.object({
   name: e.string().openapi({
     description: "The name of the form"
   }),
@@ -1074,11 +1143,11 @@ const he = e.object({
     default: e.string().optional()
   }).optional(),
   translations: e.record(e.string(), e.any()).optional(),
-  nodes: e.array(no).optional(),
+  nodes: e.array(ro).optional(),
   start: e.object({
     hidden_fields: e.array(e.object({ key: e.string(), value: e.string() })).optional(),
     next_node: e.string().optional(),
-    coordinates: _.optional()
+    coordinates: b.optional()
   }).optional(),
   ending: e.object({
     redirection: e.object({
@@ -1086,7 +1155,7 @@ const he = e.object({
       target: e.string().optional()
     }).optional(),
     after_submit: e.object({ flow_id: e.string().optional() }).optional(),
-    coordinates: _.optional(),
+    coordinates: b.optional(),
     resume_flow: e.boolean().optional()
   }).optional(),
   style: e.object({ css: e.string().optional() }).optional(),
@@ -1096,42 +1165,42 @@ const he = e.object({
   }).optional()
 }).openapi({
   description: "Schema for flow-based forms (matches Auth0 Forms structure)"
-}), bt = e.object({
-  ...r.shape,
-  ...io.shape,
+}), It = e.object({
+  ...p.shape,
+  ...lo.shape,
   id: e.string()
-}), ao = e.object({
+}), co = e.object({
   id: e.number().optional(),
   text: e.string(),
   type: e.enum(["info", "error", "success", "warning"])
-}), ro = e.object({
+}), po = e.object({
   id: e.string().optional(),
   text: e.string(),
   href: e.string(),
   linkText: e.string().optional()
-}), ft = e.object({
+}), Ct = e.object({
   /** Screen identifier for CSS targeting (e.g., 'identifier', 'enter-password', 'signup') */
   name: e.string().optional(),
   action: e.string(),
   method: e.enum(["POST", "GET"]),
   title: e.string().optional(),
   description: e.string().optional(),
-  components: e.array(R),
-  messages: e.array(ao).optional(),
-  links: e.array(ro).optional(),
+  components: e.array(v),
+  messages: e.array(co).optional(),
+  links: e.array(po).optional(),
   /** Footer HTML content displayed at the very bottom of the widget (e.g., terms and conditions) */
   footer: e.string().optional()
 });
-function Et(o) {
+function yt(o) {
   return o.category === "BLOCK";
 }
-function St(o) {
+function Ot(o) {
   return o.category === "WIDGET";
 }
-function At(o) {
+function Tt(o) {
   return o.category === "FIELD";
 }
-const D = e.enum([
+const k = e.enum([
   "pre-user-registration",
   "post-user-registration",
   "post-user-login",
@@ -1139,49 +1208,49 @@ const D = e.enum([
   "pre-user-deletion",
   "post-user-deletion"
   // Potentially other triggers specific to webhooks in the future
-]), w = e.enum([
+]), U = e.enum([
   "pre-user-registration",
   "post-user-registration",
   "post-user-login",
   "validate-registration-username",
   "pre-user-deletion",
   "post-user-deletion"
-]), m = {
+]), C = {
   enabled: e.boolean().default(!1),
   synchronous: e.boolean().default(!1),
   priority: e.number().optional(),
   hook_id: e.string().optional()
-}, so = e.object({
-  ...m,
-  trigger_id: D,
+}, _o = e.object({
+  ...C,
+  trigger_id: k,
   url: e.string()
-}), lo = e.object({
-  ...m,
-  trigger_id: w,
+}), go = e.object({
+  ...C,
+  trigger_id: U,
   form_id: e.string()
-}), It = e.union([
-  so,
-  lo
-]), co = e.object({
-  ...m,
-  trigger_id: D,
-  ...r.shape,
+}), Nt = e.union([
+  _o,
+  go
+]), uo = e.object({
+  ...C,
+  trigger_id: k,
+  ...p.shape,
   hook_id: e.string(),
   url: e.string()
-}), po = e.object({
-  ...m,
-  trigger_id: w,
-  ...r.shape,
+}), mo = e.object({
+  ...C,
+  trigger_id: U,
+  ...p.shape,
   hook_id: e.string(),
   form_id: e.string()
-}), Ct = e.union([co, po]), _o = e.object({
+}), Rt = e.union([uo, mo]), ho = e.object({
   name: e.string().optional()
-}), go = e.object({
+}), bo = e.object({
   email: e.string().optional()
-}), uo = e.object({
+}), fo = e.object({
   organization_id: e.string().max(50),
-  inviter: _o,
-  invitee: go,
+  inviter: ho,
+  invitee: bo,
   invitation_url: e.string().url(),
   client_id: e.string(),
   connection_id: e.string().optional(),
@@ -1190,13 +1259,13 @@ const D = e.enum([
   ttl_sec: e.number().int().max(2592e3).default(604800).optional(),
   roles: e.array(e.string()).default([]).optional(),
   send_invitation_email: e.boolean().default(!0).optional()
-}), yt = e.object({
+}), wt = e.object({
   id: e.string(),
   organization_id: e.string().max(50),
   created_at: e.string().datetime(),
   expires_at: e.string().datetime(),
   ticket_id: e.string().optional()
-}).extend(uo.shape), mo = e.object({
+}).extend(fo.shape), Eo = e.object({
   alg: e.enum([
     "RS256",
     "RS384",
@@ -1215,9 +1284,9 @@ const D = e.enum([
   x5t: e.string().optional(),
   x5c: e.array(e.string()).optional(),
   use: e.enum(["sig", "enc"]).optional()
-}), Tt = e.object({
-  keys: e.array(mo)
-}), Ot = e.object({
+}), Dt = e.object({
+  keys: e.array(Eo)
+}), jt = e.object({
   issuer: e.string(),
   authorization_endpoint: e.string(),
   token_endpoint: e.string(),
@@ -1239,18 +1308,18 @@ const D = e.enum([
   request_parameter_supported: e.boolean(),
   token_endpoint_auth_signing_alg_values_supported: e.array(e.string())
 });
-var L = /* @__PURE__ */ ((o) => (o.PENDING = "pending", o.AUTHENTICATED = "authenticated", o.AWAITING_EMAIL_VERIFICATION = "awaiting_email_verification", o.AWAITING_HOOK = "awaiting_hook", o.AWAITING_CONTINUATION = "awaiting_continuation", o.COMPLETED = "completed", o.FAILED = "failed", o.EXPIRED = "expired", o))(L || {});
-const ho = e.nativeEnum(L), bo = e.object({
+var F = /* @__PURE__ */ ((o) => (o.PENDING = "pending", o.AUTHENTICATED = "authenticated", o.AWAITING_EMAIL_VERIFICATION = "awaiting_email_verification", o.AWAITING_HOOK = "awaiting_hook", o.AWAITING_CONTINUATION = "awaiting_continuation", o.COMPLETED = "completed", o.FAILED = "failed", o.EXPIRED = "expired", o))(F || {});
+const So = e.nativeEnum(F), Ao = e.object({
   csrf_token: e.string(),
   auth0Client: e.string().optional(),
-  authParams: he,
+  authParams: Se,
   expires_at: e.string(),
   deleted_at: e.string().optional(),
   ip: e.string().optional(),
   useragent: e.string().optional(),
   session_id: e.string().optional(),
   authorization_url: e.string().optional(),
-  state: ho.optional().default(
+  state: So.optional().default(
     "pending"
     /* PENDING */
   ),
@@ -1261,14 +1330,14 @@ const ho = e.nativeEnum(L), bo = e.object({
   // Set once user is authenticated
 }).openapi({
   description: "This represents a login sesion"
-}), Nt = e.object({
-  ...bo.shape,
+}), Lt = e.object({
+  ...Ao.shape,
   id: e.string().openapi({
     description: "This is is used as the state in the universal login"
   }),
   created_at: e.string(),
   updated_at: e.string()
-}), fo = {
+}), Io = {
   // Network & System
   ACLS_SUMMARY: "acls_summary",
   ACTIONS_EXECUTION_FAILED: "actions_execution_failed",
@@ -1439,24 +1508,24 @@ const ho = e.nativeEnum(L), bo = e.object({
   WARNING_DURING_LOGIN: "w",
   WARNING_SENDING_NOTIFICATION: "wn",
   WARNING_USER_MANAGEMENT: "wum"
-}, Eo = e.string().refine(
-  (o) => Object.values(fo).includes(o),
+}, Co = e.string().refine(
+  (o) => Object.values(Io).includes(o),
   { message: "Invalid log type" }
-), So = e.object({
+), yo = e.object({
   name: e.string(),
   version: e.string(),
   env: e.object({
     node: e.string().optional()
   }).optional()
-}), Ao = e.object({
+}), Oo = e.object({
   country_code: e.string().length(2),
   city_name: e.string(),
   latitude: e.string(),
   longitude: e.string(),
   time_zone: e.string(),
   continent_code: e.string()
-}), Io = e.object({
-  type: Eo,
+}), To = e.object({
+  type: Co,
   date: e.string(),
   description: e.string().optional(),
   ip: e.string().optional(),
@@ -1475,30 +1544,30 @@ const ho = e.nativeEnum(L), bo = e.object({
   strategy: e.string().optional(),
   strategy_type: e.string().optional(),
   hostname: e.string().optional(),
-  auth0_client: So.optional(),
+  auth0_client: yo.optional(),
   log_id: e.string().optional(),
-  location_info: Ao.optional()
-}), Rt = e.object({
-  ...Io.shape,
+  location_info: Oo.optional()
+}), vt = e.object({
+  ...To.shape,
   log_id: e.string()
-}), Co = e.object({
+}), No = e.object({
   id: e.string().optional(),
   user_id: e.string(),
   password: e.string(),
   algorithm: e.enum(["bcrypt", "argon2id"]).default("argon2id"),
   is_current: e.boolean().default(!0)
-}), Dt = Co.extend({
+}), kt = No.extend({
   id: e.string(),
   created_at: e.string(),
   updated_at: e.string()
-}), j = e.object({
+}), x = e.object({
   initial_user_agent: e.string().describe("First user agent of the device from which this user logged in"),
   initial_ip: e.string().describe("First IP address associated with this session"),
   initial_asn: e.string().describe("First autonomous system number associated with this session"),
   last_user_agent: e.string().describe("Last user agent of the device from which this user logged in"),
   last_ip: e.string().describe("Last IP address from which this user logged in"),
   last_asn: e.string().describe("Last autonomous system number from which this user logged in")
-}), yo = e.object({
+}), Ro = e.object({
   id: e.string(),
   revoked_at: e.string().optional(),
   used_at: e.string().optional(),
@@ -1506,17 +1575,17 @@ const ho = e.nativeEnum(L), bo = e.object({
   expires_at: e.string().optional(),
   login_session_id: e.string(),
   idle_expires_at: e.string().optional(),
-  device: j.describe(
+  device: x.describe(
     "Metadata related to the device used in the session"
   ),
   clients: e.array(e.string()).describe("List of client details for the session")
-}), wt = e.object({
+}), Ut = e.object({
   created_at: e.string(),
   updated_at: e.string(),
   authenticated_at: e.string(),
   last_interaction_at: e.string(),
-  ...yo.shape
-}), Lt = e.object({
+  ...Ro.shape
+}), Ft = e.object({
   kid: e.string().openapi({ description: "The key id of the signing key" }),
   cert: e.string().openapi({ description: "The public certificate of the signing key" }),
   fingerprint: e.string().openapi({ description: "The cert fingerprint" }),
@@ -1541,7 +1610,7 @@ const ho = e.nativeEnum(L), bo = e.object({
   type: e.enum(["jwt_signing", "saml_encryption"]).openapi({
     description: "The type of the signing key"
   })
-}), To = e.object({
+}), wo = e.object({
   id: e.string().optional(),
   // Basic settings
   audience: e.string(),
@@ -1664,15 +1733,44 @@ const ho = e.nativeEnum(L), bo = e.object({
   }).optional(),
   // Authorization settings
   pushed_authorization_requests_supported: e.boolean().optional(),
-  authorization_response_iss_parameter_supported: e.boolean().optional()
-}), jt = e.object({
+  authorization_response_iss_parameter_supported: e.boolean().optional(),
+  // Guardian MFA Factors configuration (internal storage, exposed via /guardian API)
+  mfa: e.object({
+    // Factor states
+    factors: e.object({
+      sms: e.boolean().default(!1),
+      otp: e.boolean().default(!1),
+      email: e.boolean().default(!1),
+      push_notification: e.boolean().default(!1),
+      webauthn_roaming: e.boolean().default(!1),
+      webauthn_platform: e.boolean().default(!1),
+      recovery_code: e.boolean().default(!1),
+      duo: e.boolean().default(!1)
+    }).optional(),
+    // SMS provider configuration
+    sms_provider: e.object({
+      provider: e.enum(["twilio", "vonage", "aws_sns", "phone_message_hook"]).optional()
+    }).optional(),
+    // Twilio-specific configuration
+    twilio: e.object({
+      sid: e.string().optional(),
+      auth_token: e.string().optional(),
+      from: e.string().optional(),
+      messaging_service_sid: e.string().optional()
+    }).optional(),
+    // Phone message configuration (custom)
+    phone_message: e.object({
+      message: e.string().optional()
+    }).optional()
+  }).optional()
+}), xt = e.object({
   created_at: e.string().nullable().transform((o) => o ?? ""),
   updated_at: e.string().nullable().transform((o) => o ?? ""),
-  ...To.shape,
+  ...wo.shape,
   id: e.string()
 });
-var Oo = /* @__PURE__ */ ((o) => (o.RefreshToken = "refresh_token", o.AuthorizationCode = "authorization_code", o.ClientCredential = "client_credentials", o.Passwordless = "passwordless", o.Password = "password", o.OTP = "http://auth0.com/oauth/grant-type/passwordless/otp", o))(Oo || {});
-const kt = e.object({
+var Do = /* @__PURE__ */ ((o) => (o.RefreshToken = "refresh_token", o.AuthorizationCode = "authorization_code", o.ClientCredential = "client_credentials", o.Passwordless = "passwordless", o.Password = "password", o.OTP = "http://auth0.com/oauth/grant-type/passwordless/otp", o))(Do || {});
+const Pt = e.object({
   access_token: e.string(),
   id_token: e.string().optional(),
   scope: e.string().optional(),
@@ -1685,7 +1783,7 @@ e.object({
   code: e.string(),
   state: e.string().optional()
 });
-const No = e.object({
+const jo = e.object({
   button_border_radius: e.number(),
   button_border_weight: e.number(),
   buttons_style: e.enum(["pill", "rounded", "sharp"]),
@@ -1695,7 +1793,7 @@ const No = e.object({
   show_widget_shadow: e.boolean(),
   widget_border_weight: e.number(),
   widget_corner_radius: e.number()
-}), Ro = e.object({
+}), Lo = e.object({
   base_focus_color: e.string(),
   base_hover_color: e.string(),
   body_text: e.string(),
@@ -1715,44 +1813,44 @@ const No = e.object({
   success: e.string(),
   widget_background: e.string(),
   widget_border: e.string()
-}), l = e.object({
+}), g = e.object({
   bold: e.boolean(),
   size: e.number()
-}), Do = e.object({
-  body_text: l,
-  buttons_text: l,
+}), vo = e.object({
+  body_text: g,
+  buttons_text: g,
   font_url: e.string(),
-  input_labels: l,
-  links: l,
+  input_labels: g,
+  links: g,
   links_style: e.enum(["normal", "underlined"]),
   reference_text_size: e.number(),
-  subtitle: l,
-  title: l
-}), wo = e.object({
+  subtitle: g,
+  title: g
+}), ko = e.object({
   background_color: e.string(),
   background_image_url: e.string(),
   page_layout: e.enum(["center", "left", "right"])
-}), Lo = e.object({
+}), Uo = e.object({
   header_text_alignment: e.enum(["center", "left", "right"]),
   logo_height: e.number(),
   logo_position: e.enum(["center", "left", "none", "right"]),
   logo_url: e.string(),
   social_buttons_layout: e.enum(["bottom", "top"])
-}), jo = e.object({
-  borders: No,
-  colors: Ro,
+}), Fo = e.object({
+  borders: jo,
+  colors: Lo,
   displayName: e.string(),
-  fonts: Do,
-  page_background: wo,
-  widget: Lo
-}), Ut = jo.extend({
+  fonts: vo,
+  page_background: ko,
+  widget: Uo
+}), Mt = Fo.extend({
   themeId: e.string()
-}), Ft = e.object({
+}), Ht = e.object({
   universal_login_experience: e.enum(["new", "classic"]).default("new"),
   identifier_first: e.boolean().default(!0),
   password_first: e.boolean().default(!1),
   webauthn_platform_first_factor: e.boolean()
-}), vt = e.object({
+}), Gt = e.object({
   name: e.string(),
   enabled: e.boolean().optional().default(!0),
   default_from_address: e.string().optional(),
@@ -1782,7 +1880,7 @@ const No = e.object({
     })
   ]),
   settings: e.object({}).optional()
-}), ko = e.object({
+}), xo = e.object({
   // The actual refresh token value (primary key).
   id: e.string(),
   // Link to the session record
@@ -1795,7 +1893,7 @@ const No = e.object({
   idle_expires_at: e.string().optional(),
   // When the token was last used.
   last_exchanged_at: e.string().optional(),
-  device: j,
+  device: x,
   resource_servers: e.array(
     e.object({
       audience: e.string(),
@@ -1803,21 +1901,21 @@ const No = e.object({
     })
   ),
   rotating: e.boolean()
-}), xt = e.object({
+}), Bt = e.object({
   // When the refresh token record was created.
   created_at: e.string(),
   // Spread in the rest of the refresh token properties.
-  ...ko.shape
-}), Pt = e.object({
+  ...xo.shape
+}), Wt = e.object({
   to: e.string(),
   message: e.string()
-}), Mt = e.object({
+}), Kt = e.object({
   name: e.string(),
   options: e.object({})
-}), Uo = e.object({
+}), Po = e.object({
   value: e.string(),
   description: e.string().optional()
-}), Fo = e.object({
+}), Mo = e.object({
   token_dialect: e.enum(["access_token", "access_token_authz"]).optional(),
   enforce_policies: e.boolean().optional(),
   allow_skipping_userinfo: e.boolean().optional(),
@@ -1827,11 +1925,11 @@ const No = e.object({
   mtls: e.object({
     bound_access_tokens: e.boolean().optional()
   }).optional()
-}), vo = e.object({
+}), Ho = e.object({
   id: e.string().optional(),
   name: e.string(),
   identifier: e.string(),
-  scopes: e.array(Uo).optional(),
+  scopes: e.array(Po).optional(),
   signing_alg: e.string().optional(),
   signing_secret: e.string().optional(),
   token_lifetime: e.number().optional(),
@@ -1839,30 +1937,30 @@ const No = e.object({
   skip_consent_for_verifiable_first_party_clients: e.boolean().optional(),
   allow_offline_access: e.boolean().optional(),
   verificationKey: e.string().optional(),
-  options: Fo.optional(),
+  options: Mo.optional(),
   is_system: e.boolean().optional(),
   metadata: e.record(e.any()).optional()
-}), xo = e.object({
-  ...vo.shape,
+}), Go = e.object({
+  ...Ho.shape,
   created_at: e.string().optional(),
   updated_at: e.string().optional()
-}), Ht = e.array(xo), Po = e.object({
+}), zt = e.array(Go), Bo = e.object({
   role_id: e.string(),
   resource_server_identifier: e.string(),
   permission_name: e.string()
-}), Mo = e.object({
-  ...Po.shape,
+}), Wo = e.object({
+  ...Bo.shape,
   created_at: e.string()
-}), Gt = e.array(Mo), Ho = e.object({
+}), Xt = e.array(Wo), Ko = e.object({
   user_id: e.string(),
   resource_server_identifier: e.string(),
   permission_name: e.string(),
   organization_id: e.string().optional()
-}), Go = e.object({
-  ...Ho.shape,
+}), zo = e.object({
+  ...Ko.shape,
   tenant_id: e.string(),
   created_at: e.string().optional()
-}), Bt = e.array(Go), Bo = e.object({
+}), Vt = e.array(zo), Xo = e.object({
   user_id: e.string(),
   resource_server_identifier: e.string(),
   resource_server_name: e.string(),
@@ -1870,17 +1968,17 @@ const No = e.object({
   description: e.string().nullable().optional(),
   created_at: e.string().optional(),
   organization_id: e.string().optional()
-}), Kt = e.array(
-  Bo
-), Ko = e.object({
+}), qt = e.array(
+  Xo
+), Vo = e.object({
   user_id: e.string(),
   role_id: e.string(),
   organization_id: e.string().optional()
-}), Wo = e.object({
-  ...Ko.shape,
+}), qo = e.object({
+  ...Vo.shape,
   tenant_id: e.string(),
   created_at: e.string().optional()
-}), Wt = e.array(Wo), zo = e.object({
+}), Yt = e.array(qo), Yo = e.object({
   id: e.string().optional().openapi({
     description: "The unique identifier of the role. If not provided, one will be generated."
   }),
@@ -1894,13 +1992,13 @@ const No = e.object({
   metadata: e.record(e.any()).optional().openapi({
     description: "Metadata associated with the role. Can be used to control sync behavior in multi-tenancy scenarios."
   })
-}), Xo = zo.extend({
+}), Qo = Yo.extend({
   id: e.string().openapi({
     description: "The unique identifier of the role"
   }),
   created_at: e.string().optional(),
   updated_at: e.string().optional()
-}), zt = e.array(Xo), Vo = e.object({
+}), Qt = e.array(Qo), Jo = e.object({
   logo_url: e.string().optional().openapi({
     description: "URL of the organization's logo"
   }),
@@ -1912,7 +2010,7 @@ const No = e.object({
       description: "Page background color in hex format (e.g., #FFFFFF)"
     })
   }).optional()
-}).optional(), qo = e.object({
+}).optional(), Zo = e.object({
   connection_id: e.string().openapi({
     description: "ID of the connection"
   }),
@@ -1925,7 +2023,7 @@ const No = e.object({
   is_signup_enabled: e.boolean().default(!0).openapi({
     description: "Whether signup is enabled for this connection"
   })
-}), Yo = e.object({
+}), $o = e.object({
   client_credentials: e.object({
     enforce: e.boolean().default(!1).openapi({
       description: "Whether to enforce token quota limits"
@@ -1937,7 +2035,7 @@ const No = e.object({
       description: "Maximum tokens per hour (0 = unlimited)"
     })
   }).optional()
-}).optional(), Qo = e.object({
+}).optional(), et = e.object({
   id: e.string().optional(),
   name: e.string().min(1).regex(/^[a-z0-9_-]+$/, {
     message: "Organization name must be lowercase and can only contain letters, numbers, hyphens, and underscores"
@@ -1947,34 +2045,34 @@ const No = e.object({
   display_name: e.string().optional().openapi({
     description: "The display name of the organization"
   }),
-  branding: Vo,
+  branding: Jo,
   metadata: e.record(e.any()).default({}).optional().openapi({
     description: "Custom metadata for the organization"
   }),
-  enabled_connections: e.array(qo).default([]).optional().openapi({
+  enabled_connections: e.array(Zo).default([]).optional().openapi({
     description: "List of enabled connections for the organization"
   }),
-  token_quota: Yo
-}), Xt = e.object({
-  ...Qo.shape,
-  ...r.shape,
+  token_quota: $o
+}), Jt = e.object({
+  ...et.shape,
+  ...p.shape,
   id: e.string(),
   // Override name to be lenient when reading from database (to support existing uppercase names)
   name: e.string().min(1).openapi({
     description: "The name of the organization"
   })
-}), Jo = e.object({
+}), ot = e.object({
   user_id: e.string().openapi({
     description: "ID of the user"
   }),
   organization_id: e.string().openapi({
     description: "ID of the organization"
   })
-}), Vt = e.object({
-  ...Jo.shape,
-  ...r.shape,
+}), Zt = e.object({
+  ...ot.shape,
+  ...p.shape,
   id: e.string()
-}), qt = e.object({
+}), $t = e.object({
   // Session settings
   idle_session_lifetime: e.number().optional(),
   session_lifetime: e.number().optional(),
@@ -2042,8 +2140,37 @@ const No = e.object({
   // Session management
   sessions: e.object({
     oidc_logout_prompt_enabled: e.boolean().optional()
+  }).optional(),
+  // Guardian MFA Factors configuration (internal storage, exposed via /guardian API)
+  mfa: e.object({
+    // Factor states
+    factors: e.object({
+      sms: e.boolean().default(!1),
+      otp: e.boolean().default(!1),
+      email: e.boolean().default(!1),
+      push_notification: e.boolean().default(!1),
+      webauthn_roaming: e.boolean().default(!1),
+      webauthn_platform: e.boolean().default(!1),
+      recovery_code: e.boolean().default(!1),
+      duo: e.boolean().default(!1)
+    }).optional(),
+    // SMS provider configuration
+    sms_provider: e.object({
+      provider: e.enum(["twilio", "vonage", "aws_sns", "phone_message_hook"]).optional()
+    }).optional(),
+    // Twilio-specific configuration
+    twilio: e.object({
+      sid: e.string().optional(),
+      auth_token: e.string().optional(),
+      from: e.string().optional(),
+      messaging_service_sid: e.string().optional()
+    }).optional(),
+    // Phone message configuration (custom)
+    phone_message: e.object({
+      message: e.string().optional()
+    }).optional()
   }).optional()
-}), Yt = e.object({
+}), en = e.object({
   date: e.string().openapi({
     description: "Date these events occurred in ISO 8601 format",
     example: "2025-12-19"
@@ -2068,10 +2195,10 @@ const No = e.object({
     description: "Approximate date and time the first event occurred in ISO 8601 format",
     example: "2025-12-19T00:00:00.000Z"
   })
-}), Qt = e.number().openapi({
+}), on = e.number().openapi({
   description: "Number of active users in the last 30 days",
   example: 1234
-}), Zo = e.enum([
+}), tt = e.enum([
   "login",
   "login-id",
   "login-password",
@@ -2099,213 +2226,242 @@ const No = e.object({
   "passkeys",
   "captcha",
   "custom-form"
-]), $o = e.record(e.string(), e.string()).openapi({
+]), nt = e.record(e.string(), e.string()).openapi({
   type: "object",
   additionalProperties: { type: "string" }
-}), Jt = e.object({
-  prompt: Zo,
+}), tn = e.object({
+  prompt: tt,
   language: e.string(),
-  custom_text: $o
+  custom_text: nt
 });
-function Zt(o) {
-  const [a, s] = o.split("|");
-  if (!a || !s)
+function nn(o) {
+  const [n, i] = o.split("|");
+  if (!n || !i)
     throw new Error(`Invalid user_id: ${o}`);
-  return { connection: a, id: s };
+  return { connection: n, id: i };
 }
-function $t(o) {
+function an(o) {
   const {
-    primary: a,
-    secondaries: s,
-    syncMethods: k = ["create", "update", "remove", "delete", "set"]
-  } = o, U = {
-    get(d, n) {
-      if (typeof n == "symbol")
-        return d[n];
-      const g = d[n];
-      return typeof g != "function" ? g : k.includes(n) ? async (...h) => {
-        const F = await g.apply(d, h), b = [];
-        for (const p of s) {
-          const S = p.adapter[n];
-          if (typeof S != "function")
+    primary: n,
+    secondaries: i,
+    syncMethods: T = ["create", "update", "remove", "delete", "set"]
+  } = o, f = {
+    get(l, a) {
+      if (typeof a == "symbol")
+        return l[a];
+      const c = l[a];
+      return typeof c != "function" ? c : T.includes(a) ? async (..._) => {
+        const E = await c.apply(l, _), d = [];
+        for (const s of i) {
+          const m = s.adapter[a];
+          if (typeof m != "function")
             continue;
-          const v = (async () => {
+          const S = (async () => {
             try {
-              await S.apply(p.adapter, h);
-            } catch (A) {
+              await m.apply(s.adapter, _);
+            } catch (h) {
               try {
-                p.onError ? p.onError(A, n, h) : console.error(
-                  `Passthrough adapter: secondary write failed for ${n}:`,
-                  A
+                s.onError ? s.onError(h, a, _) : console.error(
+                  `Passthrough adapter: secondary write failed for ${a}:`,
+                  h
                 );
-              } catch (x) {
+              } catch (A) {
                 console.error(
-                  `Passthrough adapter: onError handler threw for ${n}:`,
-                  x
+                  `Passthrough adapter: onError handler threw for ${a}:`,
+                  A
                 );
               }
             }
           })();
-          p.blocking && b.push(v);
+          s.blocking && d.push(S);
         }
-        return b.length > 0 && await Promise.all(b), F;
-      } : g.bind(d);
+        return d.length > 0 && await Promise.all(d), E;
+      } : c.bind(l);
     }
   };
-  return new Proxy(a, U);
+  return new Proxy(n, f);
 }
-function en(o) {
+function sn(o) {
   return o;
 }
+function rn(o) {
+  var f, l, a, c, _, E, d, s, m, S, h, A;
+  const n = o == null ? void 0 : o.options;
+  if (!n)
+    return {
+      usernameIdentifierActive: !1,
+      emailIdentifierActive: !0,
+      usernameMinLength: 1,
+      usernameMaxLength: 15
+    };
+  const i = n.attributes;
+  if (i) {
+    const P = ((l = (f = i.username) == null ? void 0 : f.identifier) == null ? void 0 : l.active) === !0, M = ((c = (a = i.email) == null ? void 0 : a.identifier) == null ? void 0 : c.active) !== !1, H = ((E = (_ = i.username) == null ? void 0 : _.validation) == null ? void 0 : E.min_length) ?? 1, G = ((s = (d = i.username) == null ? void 0 : d.validation) == null ? void 0 : s.max_length) ?? 15;
+    return {
+      usernameIdentifierActive: P,
+      emailIdentifierActive: M,
+      usernameMinLength: H,
+      usernameMaxLength: G
+    };
+  }
+  return {
+    usernameIdentifierActive: n.requires_username === !0,
+    emailIdentifierActive: !0,
+    usernameMinLength: ((S = (m = n.validation) == null ? void 0 : m.username) == null ? void 0 : S.min) ?? 1,
+    usernameMaxLength: ((A = (h = n.validation) == null ? void 0 : h.username) == null ? void 0 : A.max) ?? 15
+  };
+}
 export {
-  tt as Auth0ActionEnum,
-  So as Auth0Client,
-  O as AuthorizationResponseMode,
-  T as AuthorizationResponseType,
-  N as CodeChallengeMethod,
-  y as ComponentCategory,
-  C as ComponentType,
-  nt as EmailActionEnum,
-  ot as FlowActionTypeEnum,
-  Oo as GrantType,
-  Ao as LocationInfo,
-  fo as LogTypes,
-  L as LoginSessionState,
-  se as NodeType,
-  G as RedirectTargetEnum,
-  pe as actionNodeSchema,
-  Qt as activeUsersResponseSchema,
-  V as addressSchema,
-  _t as auth0FlowInsertSchema,
-  me as auth0FlowSchema,
-  at as auth0QuerySchema,
-  M as auth0UpdateUserActionSchema,
-  st as auth0UserResponseSchema,
-  he as authParamsSchema,
-  I as baseUserSchema,
-  Je as blockComponentSchema,
-  No as bordersSchema,
-  dt as brandingSchema,
-  te as buttonComponentSchema,
-  $ as clientGrantInsertSchema,
-  pt as clientGrantListSchema,
-  ee as clientGrantSchema,
-  Z as clientInsertSchema,
-  ct as clientSchema,
-  fe as codeInsertSchema,
-  gt as codeSchema,
-  be as codeTypeSchema,
-  Ro as colorsSchema,
-  ao as componentMessageSchema,
-  re as componentSchema,
-  Se as connectionInsertSchema,
-  Ee as connectionOptionsSchema,
-  ut as connectionSchema,
-  c as coordinatesSchema,
-  $t as createPassthroughAdapter,
-  en as createWriteOnlyAdapter,
-  Ae as customDomainInsertSchema,
-  Ce as customDomainSchema,
-  mt as customDomainWithTenantIdSchema,
-  Jt as customTextEntrySchema,
-  $o as customTextSchema,
-  Yt as dailyStatsSchema,
-  vt as emailProviderSchema,
-  P as emailVerificationRulesSchema,
-  H as emailVerifyActionSchema,
-  ue as endingSchema,
-  $e as fieldComponentSchema,
-  K as flowActionStepSchema,
-  W as flowInsertSchema,
-  it as flowSchema,
-  ie as flowsFieldComponentSchema,
-  ce as flowsFlowNodeSchema,
-  le as flowsStepNodeSchema,
-  l as fontDetailsSchema,
-  Do as fontsSchema,
-  ht as formControlSchema,
-  io as formInsertSchema,
-  R as formNodeComponentDefinition,
-  no as formNodeSchema,
-  bt as formSchema,
-  ae as genericComponentSchema,
-  _e as genericNodeSchema,
-  It as hookInsertSchema,
-  Ct as hookSchema,
-  X as identitySchema,
-  uo as inviteInsertSchema,
-  yt as inviteSchema,
-  go as inviteeSchema,
-  _o as inviterSchema,
-  Et as isBlockComponent,
-  At as isFieldComponent,
-  St as isWidgetComponent,
-  Tt as jwksKeySchema,
-  mo as jwksSchema,
-  ne as legalComponentSchema,
-  Io as logInsertSchema,
-  Rt as logSchema,
-  bo as loginSessionInsertSchema,
-  Nt as loginSessionSchema,
-  ho as loginSessionStateSchema,
-  de as nodeSchema,
-  Ot as openIDConfigurationSchema,
-  Vo as organizationBrandingSchema,
-  qo as organizationEnabledConnectionSchema,
-  Qo as organizationInsertSchema,
-  Xt as organizationSchema,
-  Yo as organizationTokenQuotaSchema,
-  wo as pageBackgroundSchema,
-  Zt as parseUserId,
-  Co as passwordInsertSchema,
-  Dt as passwordSchema,
-  z as profileDataSchema,
-  Zo as promptScreenSchema,
-  Ft as promptSettingSchema,
-  B as redirectActionSchema,
-  ko as refreshTokenInsertSchema,
-  xt as refreshTokenSchema,
-  vo as resourceServerInsertSchema,
-  Ht as resourceServerListSchema,
-  Fo as resourceServerOptionsSchema,
-  xo as resourceServerSchema,
-  Uo as resourceServerScopeSchema,
-  oe as richTextComponentSchema,
-  zo as roleInsertSchema,
-  zt as roleListSchema,
-  Po as rolePermissionInsertSchema,
-  Gt as rolePermissionListSchema,
-  Mo as rolePermissionSchema,
-  Xo as roleSchema,
-  ro as screenLinkSchema,
-  yo as sessionInsertSchema,
-  wt as sessionSchema,
-  Lt as signingKeySchema,
-  Mt as smsProviderSchema,
-  Pt as smsSendParamsSchema,
-  ge as startSchema,
-  To as tenantInsertSchema,
-  jt as tenantSchema,
-  qt as tenantSettingsSchema,
-  jo as themeInsertSchema,
-  Ut as themeSchema,
-  kt as tokenResponseSchema,
-  rt as totalsSchema,
-  ft as uiScreenSchema,
-  q as userInsertSchema,
-  Jo as userOrganizationInsertSchema,
-  Vt as userOrganizationSchema,
-  Ho as userPermissionInsertSchema,
-  Bt as userPermissionListSchema,
-  Go as userPermissionSchema,
-  Kt as userPermissionWithDetailsListSchema,
-  Bo as userPermissionWithDetailsSchema,
-  lt as userResponseSchema,
-  Ko as userRoleInsertSchema,
-  Wt as userRoleListSchema,
-  Wo as userRoleSchema,
-  Y as userSchema,
-  Ie as verificationMethodsSchema,
-  Ze as widgetComponentSchema,
-  Lo as widgetSchema
+  st as Auth0ActionEnum,
+  yo as Auth0Client,
+  j as AuthorizationResponseMode,
+  D as AuthorizationResponseType,
+  L as CodeChallengeMethod,
+  w as ComponentCategory,
+  R as ComponentType,
+  rt as EmailActionEnum,
+  St as FORM_FIELD_TYPES,
+  at as FlowActionTypeEnum,
+  Do as GrantType,
+  Oo as LocationInfo,
+  Io as LogTypes,
+  F as LoginSessionState,
+  _e as NodeType,
+  z as RedirectTargetEnum,
+  ue as actionNodeSchema,
+  on as activeUsersResponseSchema,
+  J as addressSchema,
+  mt as auth0FlowInsertSchema,
+  Ee as auth0FlowSchema,
+  ct as auth0QuerySchema,
+  W as auth0UpdateUserActionSchema,
+  _t as auth0UserResponseSchema,
+  Se as authParamsSchema,
+  N as baseUserSchema,
+  oo as blockComponentSchema,
+  jo as bordersSchema,
+  ht as brandingSchema,
+  se as buttonComponentSchema,
+  ne as clientGrantInsertSchema,
+  ut as clientGrantListSchema,
+  ie as clientGrantSchema,
+  te as clientInsertSchema,
+  gt as clientSchema,
+  Ie as codeInsertSchema,
+  bt as codeSchema,
+  Ae as codeTypeSchema,
+  Lo as colorsSchema,
+  co as componentMessageSchema,
+  pe as componentSchema,
+  ye as connectionInsertSchema,
+  Ce as connectionOptionsSchema,
+  ft as connectionSchema,
+  u as coordinatesSchema,
+  an as createPassthroughAdapter,
+  sn as createWriteOnlyAdapter,
+  Oe as customDomainInsertSchema,
+  Ne as customDomainSchema,
+  Et as customDomainWithTenantIdSchema,
+  tn as customTextEntrySchema,
+  nt as customTextSchema,
+  en as dailyStatsSchema,
+  Gt as emailProviderSchema,
+  B as emailVerificationRulesSchema,
+  K as emailVerifyActionSchema,
+  fe as endingSchema,
+  no as fieldComponentSchema,
+  V as flowActionStepSchema,
+  q as flowInsertSchema,
+  lt as flowSchema,
+  le as flowsFieldComponentSchema,
+  ge as flowsFlowNodeSchema,
+  de as flowsStepNodeSchema,
+  g as fontDetailsSchema,
+  vo as fontsSchema,
+  At as formControlSchema,
+  lo as formInsertSchema,
+  v as formNodeComponentDefinition,
+  ro as formNodeSchema,
+  It as formSchema,
+  ce as genericComponentSchema,
+  me as genericNodeSchema,
+  rn as getConnectionIdentifierConfig,
+  Nt as hookInsertSchema,
+  Rt as hookSchema,
+  Q as identitySchema,
+  fo as inviteInsertSchema,
+  wt as inviteSchema,
+  bo as inviteeSchema,
+  ho as inviterSchema,
+  yt as isBlockComponent,
+  Tt as isFieldComponent,
+  Ot as isWidgetComponent,
+  Dt as jwksKeySchema,
+  Eo as jwksSchema,
+  re as legalComponentSchema,
+  To as logInsertSchema,
+  vt as logSchema,
+  Ao as loginSessionInsertSchema,
+  Lt as loginSessionSchema,
+  So as loginSessionStateSchema,
+  he as nodeSchema,
+  jt as openIDConfigurationSchema,
+  Jo as organizationBrandingSchema,
+  Zo as organizationEnabledConnectionSchema,
+  et as organizationInsertSchema,
+  Jt as organizationSchema,
+  $o as organizationTokenQuotaSchema,
+  ko as pageBackgroundSchema,
+  nn as parseUserId,
+  No as passwordInsertSchema,
+  kt as passwordSchema,
+  Y as profileDataSchema,
+  tt as promptScreenSchema,
+  Ht as promptSettingSchema,
+  X as redirectActionSchema,
+  xo as refreshTokenInsertSchema,
+  Bt as refreshTokenSchema,
+  Ho as resourceServerInsertSchema,
+  zt as resourceServerListSchema,
+  Mo as resourceServerOptionsSchema,
+  Go as resourceServerSchema,
+  Po as resourceServerScopeSchema,
+  ae as richTextComponentSchema,
+  Yo as roleInsertSchema,
+  Qt as roleListSchema,
+  Bo as rolePermissionInsertSchema,
+  Xt as rolePermissionListSchema,
+  Wo as rolePermissionSchema,
+  Qo as roleSchema,
+  po as screenLinkSchema,
+  Ro as sessionInsertSchema,
+  Ut as sessionSchema,
+  Ft as signingKeySchema,
+  Kt as smsProviderSchema,
+  Wt as smsSendParamsSchema,
+  be as startSchema,
+  wo as tenantInsertSchema,
+  xt as tenantSchema,
+  $t as tenantSettingsSchema,
+  Fo as themeInsertSchema,
+  Mt as themeSchema,
+  Pt as tokenResponseSchema,
+  pt as totalsSchema,
+  Ct as uiScreenSchema,
+  Z as userInsertSchema,
+  ot as userOrganizationInsertSchema,
+  Zt as userOrganizationSchema,
+  Ko as userPermissionInsertSchema,
+  Vt as userPermissionListSchema,
+  zo as userPermissionSchema,
+  qt as userPermissionWithDetailsListSchema,
+  Xo as userPermissionWithDetailsSchema,
+  dt as userResponseSchema,
+  Vo as userRoleInsertSchema,
+  Yt as userRoleListSchema,
+  qo as userRoleSchema,
+  $ as userSchema,
+  Te as verificationMethodsSchema,
+  to as widgetComponentSchema,
+  Uo as widgetSchema
 };