npm - @authhero/adapter-interfaces - Versions diffs - 0.147.0 → 0.149.0 - Mend

@authhero/adapter-interfaces 0.147.0 → 0.149.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/adapter-interfaces.cjs +1 -1
package/dist/adapter-interfaces.d.ts +1311 -115
package/dist/adapter-interfaces.mjs +478 -431
package/package.json +1 -1

package/dist/adapter-interfaces.mjs CHANGED Viewed

@@ -1,21 +1,21 @@
 import { z as e } from "@hono/zod-openapi";
-const s = e.object({
+const r = e.object({
   created_at: e.string(),
   updated_at: e.string()
-}), pt = e.enum(["AUTH0", "EMAIL", "REDIRECT"]), ct = e.enum([
+}), gt = e.enum(["AUTH0", "EMAIL", "REDIRECT"]), ut = e.enum([
   "CREATE_USER",
   "GET_USER",
   "UPDATE_USER",
   "SEND_REQUEST",
   "SEND_EMAIL"
-]), _t = e.enum(["VERIFY_EMAIL"]), K = e.object({
+]), mt = e.enum(["VERIFY_EMAIL"]), q = e.object({
   require_mx_record: e.boolean().optional(),
   block_aliases: e.boolean().optional(),
   block_free_emails: e.boolean().optional(),
   block_disposable_emails: e.boolean().optional(),
   blocklist: e.array(e.string()).optional(),
   allowlist: e.array(e.string()).optional()
-}), z = e.object({
+}), X = e.object({
   id: e.string(),
   alias: e.string().max(100).optional(),
   type: e.literal("AUTH0"),
@@ -27,7 +27,7 @@ const s = e.object({
     user_id: e.string(),
     changes: e.record(e.string(), e.any())
   })
-}), X = e.object({
+}), V = e.object({
   id: e.string(),
   alias: e.string().max(100).optional(),
   type: e.literal("EMAIL"),
@@ -36,9 +36,9 @@ const s = e.object({
   mask_output: e.boolean().optional(),
   params: e.object({
     email: e.string(),
-    rules: K.optional()
+    rules: q.optional()
   })
-}), q = e.enum(["change-email", "account", "custom"]), V = e.object({
+}), Y = e.enum(["change-email", "account", "custom"]), Q = e.object({
   id: e.string(),
   alias: e.string().max(100).optional(),
   type: e.literal("REDIRECT"),
@@ -46,32 +46,32 @@ const s = e.object({
   allow_failure: e.boolean().optional(),
   mask_output: e.boolean().optional(),
   params: e.object({
-    target: q.openapi({
+    target: Y.openapi({
       description: "The predefined target to redirect to, or 'custom' for a custom URL"
     }),
     custom_url: e.string().optional().openapi({
       description: "Custom URL to redirect to when target is 'custom'"
     })
   })
-}), Y = e.union([
-  z,
+}), Z = e.union([
   X,
-  V
-]), Q = e.object({
+  V,
+  Q
+]), J = e.object({
   name: e.string().min(1).max(150).openapi({
     description: "The name of the flow"
   }),
   // Actions is an array of action steps (Auth0 stores as JSON blob)
-  actions: e.array(Y).optional().default([]).openapi({
+  actions: e.array(Z).optional().default([]).openapi({
     description: "The list of actions to execute in sequence"
   })
-}), dt = Q.extend({
-  ...s.shape,
+}), ht = J.extend({
+  ...r.shape,
   id: e.string().openapi({
     description: "Unique identifier for the flow",
     example: "af_12tMpdJ3iek7svMyZkSh5M"
   })
-}), gt = e.object({
+}), bt = e.object({
   page: e.string().min(0).optional().default("0").transform((o) => parseInt(o, 10)).openapi({
     description: "The page number where 0 is the first page"
   }),
@@ -87,12 +87,12 @@ const s = e.object({
   q: e.string().optional().openapi({
     description: "A lucene query string used to filter the results"
   })
-}), ut = e.object({
+}), ft = e.object({
   start: e.number(),
   limit: e.number(),
   length: e.number(),
   total: e.number().optional()
-}), J = e.object({
+}), $ = e.object({
   email: e.string().optional(),
   email_verified: e.boolean().optional(),
   name: e.string().optional(),
@@ -101,7 +101,7 @@ const s = e.object({
   phone_number: e.string().optional(),
   phone_verified: e.boolean().optional(),
   family_name: e.string().optional()
-}).catchall(e.any()), Z = e.object({
+}).catchall(e.any()), ee = e.object({
   connection: e.string(),
   user_id: e.string(),
   provider: e.string(),
@@ -114,8 +114,8 @@ const s = e.object({
   access_token: e.string().optional(),
   access_token_secret: e.string().optional(),
   refresh_token: e.string().optional(),
-  profileData: J.optional()
-}), $ = e.object({
+  profileData: $.optional()
+}), oe = e.object({
   formatted: e.string().optional(),
   // Full mailing address
   street_address: e.string().optional(),
@@ -160,8 +160,8 @@ const s = e.object({
   zoneinfo: e.string().optional(),
   // e.g., "Europe/Paris"
   // OIDC address claim (OIDC Core 5.1.1)
-  address: $
-}), ee = N.extend({
+  address: oe
+}), te = N.extend({
   email_verified: e.boolean().default(!1),
   verify_email: e.boolean().optional(),
   last_ip: e.string().optional(),
@@ -176,29 +176,29 @@ const s = e.object({
     hash: e.string(),
     algorithm: e.string()
   }).optional()
-}), oe = e.object({
-  ...ee.omit({ password: !0 }).shape,
-  ...s.shape,
+}), ne = e.object({
+  ...te.omit({ password: !0 }).shape,
+  ...r.shape,
   user_id: e.string(),
   provider: e.string(),
   is_social: e.boolean(),
   email: e.string().optional(),
   login_count: e.number().default(0),
-  identities: e.array(Z).optional()
-}), mt = oe, ht = N.extend({
+  identities: e.array(ee).optional()
+}), Et = ne, St = N.extend({
   login_count: e.number(),
   multifactor: e.array(e.string()).optional(),
   last_ip: e.string().optional(),
   last_login: e.string().optional(),
   user_id: e.string()
 }).catchall(e.any());
-let te = "useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict", ne = (o = 21) => {
+let ie = "useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict", ae = (o = 21) => {
   let n = "", i = crypto.getRandomValues(new Uint8Array(o |= 0));
   for (; o--; )
-    n += te[i[o] & 63];
+    n += ie[i[o] & 63];
   return n;
 };
-const ie = e.object({
+const se = e.object({
   client_id: e.string().openapi({
     description: "ID of this client."
   }),
@@ -211,7 +211,7 @@ const ie = e.object({
   global: e.boolean().default(!1).openapi({
     description: "Whether this is your global 'All Applications' client representing legacy tenant settings (true) or a regular client (false)."
   }),
-  client_secret: e.string().default(() => ne()).optional().openapi({
+  client_secret: e.string().default(() => ae()).optional().openapi({
     description: "Client secret (which you must not make public)."
   }),
   app_type: e.enum([
@@ -371,11 +371,11 @@ const ie = e.object({
     description: "Specifies how long, in seconds, a Pushed Authorization Request URI remains valid"
   }),
   token_quota: e.record(e.any()).default({}).optional()
-}), bt = e.object({
+}), At = e.object({
   created_at: e.string(),
   updated_at: e.string(),
-  ...ie.shape
-}), ae = e.object({
+  ...se.shape
+}), re = e.object({
   client_id: e.string().min(1).openapi({
     description: "ID of the client."
   }),
@@ -400,23 +400,23 @@ const ie = e.object({
   authorization_details_types: e.array(e.string()).optional().openapi({
     description: "Types of authorization_details allowed for this client grant. Use of this field is subject to the applicable Free Trial terms in Okta's Master Subscription Agreement."
   })
-}), re = e.object({
+}), le = e.object({
   id: e.string().openapi({
     description: "ID of the client grant."
   }),
-  ...ae.shape,
+  ...re.shape,
   created_at: e.string().optional(),
   updated_at: e.string().optional()
-}), ft = e.array(re), u = e.object({
+}), It = e.array(le), u = e.object({
   x: e.number(),
   y: e.number()
 });
-var R = /* @__PURE__ */ ((o) => (o.RICH_TEXT = "RICH_TEXT", o.NEXT_BUTTON = "NEXT_BUTTON", o.BACK_BUTTON = "BACK_BUTTON", o.SUBMIT_BUTTON = "SUBMIT_BUTTON", o.DIVIDER = "DIVIDER", o.TEXT = "TEXT", o.EMAIL = "EMAIL", o.PASSWORD = "PASSWORD", o.NUMBER = "NUMBER", o.PHONE = "PHONE", o.DATE = "DATE", o.CHECKBOX = "CHECKBOX", o.RADIO = "RADIO", o.SELECT = "SELECT", o.HIDDEN = "HIDDEN", o.LEGAL = "LEGAL", o))(R || {}), w = /* @__PURE__ */ ((o) => (o.BLOCK = "BLOCK", o.FIELD = "FIELD", o))(w || {});
+var w = /* @__PURE__ */ ((o) => (o.RICH_TEXT = "RICH_TEXT", o.NEXT_BUTTON = "NEXT_BUTTON", o.BACK_BUTTON = "BACK_BUTTON", o.SUBMIT_BUTTON = "SUBMIT_BUTTON", o.DIVIDER = "DIVIDER", o.TEXT = "TEXT", o.EMAIL = "EMAIL", o.PASSWORD = "PASSWORD", o.NUMBER = "NUMBER", o.PHONE = "PHONE", o.DATE = "DATE", o.CHECKBOX = "CHECKBOX", o.RADIO = "RADIO", o.SELECT = "SELECT", o.HIDDEN = "HIDDEN", o.LEGAL = "LEGAL", o))(w || {}), R = /* @__PURE__ */ ((o) => (o.BLOCK = "BLOCK", o.FIELD = "FIELD", o))(R || {});
 const y = e.object({
   id: e.string(),
-  category: e.nativeEnum(w),
-  type: e.nativeEnum(R)
-}), se = y.extend({
+  category: e.nativeEnum(R),
+  type: e.nativeEnum(w)
+}), pe = y.extend({
   category: e.literal(
     "BLOCK"
     /* BLOCK */
@@ -428,7 +428,7 @@ const y = e.object({
   config: e.object({
     content: e.string()
   }).passthrough()
-}), le = y.extend({
+}), ce = y.extend({
   category: e.literal(
     "BLOCK"
     /* BLOCK */
@@ -450,7 +450,7 @@ const y = e.object({
   config: e.object({
     text: e.string()
   }).passthrough()
-}), pe = y.extend({
+}), _e = y.extend({
   category: e.literal(
     "FIELD"
     /* FIELD */
@@ -464,7 +464,7 @@ const y = e.object({
   config: e.object({
     text: e.string()
   }).passthrough()
-}), ce = y.extend({
+}), de = y.extend({
   category: e.literal(
     "FIELD"
     /* FIELD */
@@ -517,19 +517,19 @@ const y = e.object({
     label: e.string().optional(),
     placeholder: e.string().optional()
   }).passthrough()
-}), _e = e.object({
+}), ge = e.object({
   id: e.string(),
   category: e.string(),
   type: e.string()
-}).passthrough(), de = e.union([
-  se,
-  le,
+}).passthrough(), ue = e.union([
   pe,
   ce,
-  _e
+  _e,
+  de,
+  ge
 ]);
-var ge = /* @__PURE__ */ ((o) => (o.STEP = "STEP", o.FLOW = "FLOW", o.CONDITION = "CONDITION", o.ACTION = "ACTION", o))(ge || {});
-const ue = e.object({
+var me = /* @__PURE__ */ ((o) => (o.STEP = "STEP", o.FLOW = "FLOW", o.CONDITION = "CONDITION", o.ACTION = "ACTION", o))(me || {});
+const he = e.object({
   id: e.string(),
   type: e.literal(
     "STEP"
@@ -538,10 +538,10 @@ const ue = e.object({
   coordinates: u,
   alias: e.string().optional(),
   config: e.object({
-    components: e.array(de),
+    components: e.array(ue),
     next_node: e.string()
   }).passthrough()
-}), me = e.object({
+}), be = e.object({
   id: e.string(),
   type: e.literal(
     "FLOW"
@@ -553,7 +553,7 @@ const ue = e.object({
     flow_id: e.string(),
     next_node: e.string()
   })
-}), he = e.object({
+}), fe = e.object({
   id: e.string(),
   type: e.literal(
     "ACTION"
@@ -575,43 +575,43 @@ const ue = e.object({
       description: "The next node to navigate to after action (for non-redirect actions)"
     })
   }).passthrough()
-}), be = e.object({
+}), Ee = e.object({
   id: e.string(),
   type: e.string(),
   coordinates: u
-}).passthrough(), fe = e.union([
-  ue,
-  me,
+}).passthrough(), Se = e.union([
   he,
-  be
-]), Ee = e.object({
+  be,
+  fe,
+  Ee
+]), Ae = e.object({
   next_node: e.string(),
   coordinates: u
-}).passthrough(), Se = e.object({
+}).passthrough(), Ie = e.object({
   resume_flow: e.boolean().optional(),
   coordinates: u
-}).passthrough(), Ae = e.object({
+}).passthrough(), ye = e.object({
   id: e.string(),
   name: e.string(),
   languages: e.object({
     primary: e.string()
   }).passthrough(),
-  nodes: e.array(fe),
-  start: Ee,
-  ending: Se,
+  nodes: e.array(Se),
+  start: Ae,
+  ending: Ie,
   created_at: e.string(),
   updated_at: e.string(),
   links: e.object({
     sdkSrc: e.string().optional(),
     sdk_src: e.string().optional()
   }).passthrough()
-}).passthrough(), Et = Ae.omit({
+}).passthrough(), yt = ye.omit({
   id: !0,
   created_at: !0,
   updated_at: !0
 });
 var j = /* @__PURE__ */ ((o) => (o.TOKEN = "token", o.ID_TOKEN = "id_token", o.TOKEN_ID_TOKEN = "token id_token", o.CODE = "code", o))(j || {}), D = /* @__PURE__ */ ((o) => (o.QUERY = "query", o.FRAGMENT = "fragment", o.FORM_POST = "form_post", o.WEB_MESSAGE = "web_message", o.SAML_POST = "saml_post", o))(D || {}), L = /* @__PURE__ */ ((o) => (o.S256 = "S256", o.Plain = "plain", o))(L || {});
-const Ie = e.object({
+const Ce = e.object({
   client_id: e.string(),
   act_as: e.string().optional(),
   response_type: e.nativeEnum(j).optional(),
@@ -635,7 +635,7 @@ const Ie = e.object({
   acr_values: e.string().optional(),
   // The following fields are not available in Auth0
   vendor_id: e.string().optional()
-}), St = e.object({
+}), Ct = e.object({
   colors: e.object({
     primary: e.string(),
     page_background: e.object({
@@ -651,14 +651,15 @@ const Ie = e.object({
   font: e.object({
     url: e.string()
   }).optional()
-}), ye = e.enum([
+}), Oe = e.enum([
   "password_reset",
   "email_verification",
   "otp",
+  "mfa_otp",
   "authorization_code",
   "oauth2_state",
   "ticket"
-]), Ce = e.object({
+]), Te = e.object({
   code_id: e.string().openapi({
     description: "The code that will be used in for instance an email verification flow"
   }),
@@ -668,7 +669,7 @@ const Ie = e.object({
   connection_id: e.string().optional().openapi({
     description: "The connection that the code is connected to"
   }),
-  code_type: ye,
+  code_type: Oe,
   code_verifier: e.string().optional().openapi({
     description: "The code verifier used in PKCE in outbound flows"
   }),
@@ -681,6 +682,9 @@ const Ie = e.object({
   redirect_uri: e.string().optional().openapi({
     description: "The redirect URI associated with the code"
   }),
+  otp: e.string().optional().openapi({
+    description: "The one-time password value for OTP-based flows"
+  }),
   nonce: e.string().optional().openapi({
     description: "The nonce value used for security in OIDC flows"
   }),
@@ -690,10 +694,10 @@ const Ie = e.object({
   expires_at: e.string(),
   used_at: e.string().optional(),
   user_id: e.string().optional()
-}), At = e.object({
-  ...Ce.shape,
+}), Ot = e.object({
+  ...Te.shape,
   created_at: e.string()
-}), Oe = e.object({
+}), Ne = e.object({
   kid: e.string().optional(),
   team_id: e.string().optional(),
   realms: e.string().optional(),
@@ -805,12 +809,12 @@ const Ie = e.object({
   }).optional(),
   // Controls when root user attributes are updated from external IdP
   set_user_root_attributes: e.enum(["on_each_login", "on_first_login", "never_on_login"]).optional()
-}), Te = e.object({
+}), we = e.object({
   id: e.string().optional(),
   name: e.string(),
   display_name: e.string().optional(),
   strategy: e.string(),
-  options: Oe.default({}),
+  options: Ne.default({}),
   enabled_clients: e.array(e.string()).default([]).optional(),
   response_type: e.custom().optional(),
   response_mode: e.custom().optional(),
@@ -818,11 +822,11 @@ const Ie = e.object({
   show_as_button: e.boolean().optional(),
   metadata: e.record(e.any()).optional(),
   is_system: e.boolean().optional()
-}), It = e.object({
+}), Tt = e.object({
   id: e.string(),
   created_at: e.string().transform((o) => o === null ? "" : o),
   updated_at: e.string().transform((o) => o === null ? "" : o)
-}).extend(Te.shape), Ne = e.object({
+}).extend(we.shape), Re = e.object({
   domain: e.string(),
   custom_domain_id: e.string().optional(),
   type: e.enum(["auth0_managed_certs", "self_managed_certs"]),
@@ -836,7 +840,7 @@ const Ie = e.object({
     "null"
   ]).optional(),
   domain_metadata: e.record(e.string().max(255)).optional()
-}), Re = e.discriminatedUnion("name", [
+}), je = e.discriminatedUnion("name", [
   e.object({
     name: e.literal("txt"),
     record: e.string(),
@@ -847,17 +851,17 @@ const Ie = e.object({
     http_body: e.string(),
     http_url: e.string()
   })
-]), we = e.object({
-  ...Ne.shape,
+]), De = e.object({
+  ...Re.shape,
   custom_domain_id: e.string(),
   primary: e.boolean(),
   status: e.enum(["disabled", "pending", "pending_verification", "ready"]),
   origin_domain_name: e.string().optional(),
   verification: e.object({
-    methods: e.array(Re)
+    methods: e.array(je)
   }).optional(),
   tls_policy: e.string().optional()
-}), yt = we.extend({
+}), Nt = De.extend({
   tenant_id: e.string()
 }), C = e.object({
   id: e.string(),
@@ -865,17 +869,17 @@ const Ie = e.object({
   visible: e.boolean().optional().default(!0)
 }), l = C.extend({
   category: e.literal("BLOCK").optional()
-}), je = l.extend({
+}), Le = l.extend({
   type: e.literal("DIVIDER"),
   config: e.object({
     text: e.string().optional()
   }).optional()
-}), De = l.extend({
+}), ve = l.extend({
   type: e.literal("HTML"),
   config: e.object({
     content: e.string().optional()
   }).optional()
-}), Le = l.extend({
+}), ke = l.extend({
   type: e.literal("IMAGE"),
   config: e.object({
     src: e.string().optional(),
@@ -883,29 +887,29 @@ const Ie = e.object({
     width: e.number().optional(),
     height: e.number().optional()
   }).optional()
-}), ve = l.extend({
+}), Ue = l.extend({
   type: e.literal("JUMP_BUTTON"),
   config: e.object({
     text: e.string().optional(),
     target_step: e.string().optional()
   })
-}), ke = l.extend({
+}), Fe = l.extend({
   type: e.literal("RESEND_BUTTON"),
   config: e.object({
     text: e.string().optional(),
     resend_action: e.string().optional()
   })
-}), Ue = l.extend({
+}), xe = l.extend({
   type: e.literal("NEXT_BUTTON"),
   config: e.object({
     text: e.string().optional()
   })
-}), Fe = l.extend({
+}), Pe = l.extend({
   type: e.literal("PREVIOUS_BUTTON"),
   config: e.object({
     text: e.string().optional()
   })
-}), xe = l.extend({
+}), Me = l.extend({
   type: e.literal("RICH_TEXT"),
   config: e.object({
     content: e.string().optional()
@@ -916,17 +920,17 @@ const Ie = e.object({
   hint: e.string().min(1).max(500).optional(),
   required: e.boolean().optional(),
   sensitive: e.boolean().optional()
-}), Pe = O.extend({
+}), He = O.extend({
   type: e.literal("AUTH0_VERIFIABLE_CREDENTIALS"),
   config: e.object({
     credential_type: e.string().optional()
   })
-}), Me = O.extend({
+}), Ge = O.extend({
   type: e.literal("GMAPS_ADDRESS"),
   config: e.object({
     api_key: e.string().optional()
   })
-}), He = O.extend({
+}), Be = O.extend({
   type: e.literal("RECAPTCHA"),
   config: e.object({
     site_key: e.string().optional()
@@ -944,12 +948,12 @@ const Ie = e.object({
   ).optional(),
   required: e.boolean().optional(),
   sensitive: e.boolean().optional()
-}), Ge = t.extend({
+}), We = t.extend({
   type: e.literal("BOOLEAN"),
   config: e.object({
     default_value: e.boolean().optional()
   }).optional()
-}), Be = t.extend({
+}), Ke = t.extend({
   type: e.literal("CARDS"),
   config: e.object({
     options: e.array(
@@ -962,7 +966,7 @@ const Ie = e.object({
     ).optional(),
     multi_select: e.boolean().optional()
   }).optional()
-}), We = t.extend({
+}), ze = t.extend({
   type: e.literal("CHOICE"),
   config: e.object({
     options: e.array(
@@ -975,7 +979,7 @@ const Ie = e.object({
     multiple: e.boolean().optional(),
     default_value: e.union([e.string(), e.array(e.string())]).optional()
   }).optional()
-}), Ke = t.extend({
+}), qe = t.extend({
   type: e.literal("CUSTOM"),
   config: e.object({
     component: e.string().optional(),
@@ -983,7 +987,7 @@ const Ie = e.object({
     schema: e.record(e.any()).optional(),
     code: e.string().optional()
   })
-}), ze = t.extend({
+}), Xe = t.extend({
   type: e.literal("DATE"),
   config: e.object({
     format: e.string().optional(),
@@ -991,7 +995,7 @@ const Ie = e.object({
     max: e.string().optional(),
     default_value: e.string().optional()
   }).optional()
-}), Xe = t.extend({
+}), Ve = t.extend({
   type: e.literal("DROPDOWN"),
   config: e.object({
     options: e.array(
@@ -1005,26 +1009,26 @@ const Ie = e.object({
     multiple: e.boolean().optional(),
     default_value: e.union([e.string(), e.array(e.string())]).optional()
   }).optional()
-}), qe = t.extend({
+}), Ye = t.extend({
   type: e.literal("EMAIL"),
   config: e.object({
     placeholder: e.string().optional(),
     default_value: e.string().optional()
   }).optional()
-}), Ve = t.extend({
+}), Qe = t.extend({
   type: e.literal("FILE"),
   config: e.object({
     accept: e.string().optional(),
     max_size: e.number().optional(),
     multiple: e.boolean().optional()
   }).optional()
-}), Ye = t.extend({
+}), Ze = t.extend({
   type: e.literal("LEGAL"),
   config: e.object({
     text: e.string(),
     html: e.boolean().optional()
   }).optional()
-}), Qe = t.extend({
+}), Je = t.extend({
   type: e.literal("NUMBER"),
   config: e.object({
     placeholder: e.string().optional(),
@@ -1033,7 +1037,7 @@ const Ie = e.object({
     step: e.number().optional(),
     default_value: e.string().optional()
   }).optional()
-}), Je = t.extend({
+}), $e = t.extend({
   type: e.literal("PASSWORD"),
   config: e.object({
     placeholder: e.string().optional(),
@@ -1042,13 +1046,13 @@ const Ie = e.object({
     forgot_password_link: e.string().optional(),
     default_value: e.string().optional()
   }).optional()
-}), Ze = t.extend({
+}), eo = t.extend({
   type: e.literal("PAYMENT"),
   config: e.object({
     provider: e.string().optional(),
     currency: e.string().optional()
   }).optional()
-}), $e = t.extend({
+}), oo = t.extend({
   type: e.literal("SOCIAL"),
   config: e.object({
     providers: e.array(e.string()).optional(),
@@ -1063,7 +1067,7 @@ const Ie = e.object({
       })
     ).optional()
   }).optional()
-}), eo = t.extend({
+}), to = t.extend({
   type: e.literal("TEL"),
   config: e.object({
     placeholder: e.string().optional(),
@@ -1071,7 +1075,7 @@ const Ie = e.object({
     default_value: e.string().optional(),
     allow_email: e.boolean().optional()
   }).optional()
-}), oo = t.extend({
+}), no = t.extend({
   type: e.literal("TEXT"),
   config: e.object({
     placeholder: e.string().optional(),
@@ -1079,50 +1083,58 @@ const Ie = e.object({
     max_length: e.number().optional(),
     default_value: e.string().optional()
   }).optional()
-}), to = t.extend({
+}), io = t.extend({
+  type: e.literal("COUNTRY"),
+  config: e.object({
+    placeholder: e.string().optional(),
+    default_value: e.string().optional()
+  }).optional()
+}), ao = t.extend({
   type: e.literal("URL"),
   config: e.object({
     placeholder: e.string().optional(),
     default_value: e.string().optional()
   }).optional()
-}), no = e.discriminatedUnion("type", [
-  je,
-  De,
+}), so = e.discriminatedUnion("type", [
   Le,
   ve,
   ke,
   Ue,
   Fe,
-  xe
-]), io = e.discriminatedUnion("type", [
+  xe,
   Pe,
-  Me,
-  He
-]), ao = e.discriminatedUnion("type", [
+  Me
+]), ro = e.discriminatedUnion("type", [
+  He,
   Ge,
-  Be,
+  Be
+]), lo = e.discriminatedUnion("type", [
   We,
   Ke,
   ze,
-  Xe,
+  io,
   qe,
+  Xe,
   Ve,
   Ye,
   Qe,
-  Je,
   Ze,
+  Je,
   $e,
   eo,
   oo,
-  to
-]), v = e.union([
+  to,
   no,
-  io,
   ao
-]), Ct = /* @__PURE__ */ new Set([
+]), v = e.union([
+  so,
+  ro,
+  lo
+]), wt = /* @__PURE__ */ new Set([
   "BOOLEAN",
   "CARDS",
   "CHOICE",
+  "COUNTRY",
   "DATE",
   "DROPDOWN",
   "EMAIL",
@@ -1132,7 +1144,7 @@ const Ie = e.object({
   "TEL",
   "TEXT",
   "URL"
-]), Ot = e.object({
+]), Rt = e.object({
   id: e.string(),
   type: e.literal("submit"),
   label: e.string(),
@@ -1144,7 +1156,7 @@ const Ie = e.object({
 }), f = e.object({
   x: e.number(),
   y: e.number()
-}), ro = e.object({
+}), po = e.object({
   id: e.string(),
   type: e.literal("FLOW"),
   coordinates: f,
@@ -1153,7 +1165,7 @@ const Ie = e.object({
     flow_id: e.string().max(30),
     next_node: e.string().optional()
   })
-}), so = e.object({
+}), co = e.object({
   id: e.string(),
   type: e.literal("ROUTER"),
   coordinates: f,
@@ -1169,7 +1181,7 @@ const Ie = e.object({
     ),
     fallback: e.string()
   })
-}), lo = e.object({
+}), _o = e.object({
   id: e.string(),
   type: e.literal("STEP"),
   coordinates: f,
@@ -1178,11 +1190,11 @@ const Ie = e.object({
     components: e.array(v),
     next_node: e.string().optional()
   })
-}), po = e.discriminatedUnion("type", [
-  ro,
-  so,
-  lo
-]), co = e.object({
+}), go = e.discriminatedUnion("type", [
+  po,
+  co,
+  _o
+]), uo = e.object({
   name: e.string().openapi({
     description: "The name of the form"
   }),
@@ -1195,7 +1207,7 @@ const Ie = e.object({
     default: e.string().optional()
   }).optional(),
   translations: e.record(e.string(), e.any()).optional(),
-  nodes: e.array(po).optional(),
+  nodes: e.array(go).optional(),
   start: e.object({
     hidden_fields: e.array(e.object({ key: e.string(), value: e.string() })).optional(),
     next_node: e.string().optional(),
@@ -1217,20 +1229,20 @@ const Ie = e.object({
   }).optional()
 }).openapi({
   description: "Schema for flow-based forms (matches Auth0 Forms structure)"
-}), Tt = e.object({
-  ...s.shape,
-  ...co.shape,
+}), jt = e.object({
+  ...r.shape,
+  ...uo.shape,
   id: e.string()
-}), _o = e.object({
+}), mo = e.object({
   id: e.number().optional(),
   text: e.string(),
   type: e.enum(["info", "error", "success", "warning"])
-}), go = e.object({
+}), ho = e.object({
   id: e.string().optional(),
   text: e.string(),
   href: e.string(),
   linkText: e.string().optional()
-}), Nt = e.object({
+}), Dt = e.object({
   /** Screen identifier for CSS targeting (e.g., 'identifier', 'enter-password', 'signup') */
   name: e.string().optional(),
   action: e.string(),
@@ -1238,18 +1250,18 @@ const Ie = e.object({
   title: e.string().optional(),
   description: e.string().optional(),
   components: e.array(v),
-  messages: e.array(_o).optional(),
-  links: e.array(go).optional(),
+  messages: e.array(mo).optional(),
+  links: e.array(ho).optional(),
   /** Footer HTML content displayed at the very bottom of the widget (e.g., terms and conditions) */
   footer: e.string().optional()
 });
-function Rt(o) {
+function Lt(o) {
   return o.category === "BLOCK";
 }
-function wt(o) {
+function vt(o) {
   return o.category === "WIDGET";
 }
-function jt(o) {
+function kt(o) {
   return o.category === "FIELD";
 }
 const k = e.enum([
@@ -1273,7 +1285,7 @@ const k = e.enum([
 ]), x = e.enum([
   "ensure-username",
   "set-preferred-username"
-]), Dt = {
+]), Ut = {
   "ensure-username": {
     name: "Ensure Username",
     description: "Automatically assigns a username to users who sign in without one. Creates a linked username account for social/email users.",
@@ -1289,52 +1301,52 @@ const k = e.enum([
   synchronous: e.boolean().default(!1),
   priority: e.number().optional(),
   hook_id: e.string().optional()
-}, uo = e.object({
+}, bo = e.object({
   ...m,
   trigger_id: k,
   url: e.string()
-}), mo = e.object({
+}), fo = e.object({
   ...m,
   trigger_id: U,
   form_id: e.string()
-}), ho = e.object({
+}), Eo = e.object({
   ...m,
   trigger_id: F,
   template_id: x
-}), Lt = e.union([
-  uo,
-  mo,
-  ho
-]), bo = e.object({
+}), Ft = e.union([
+  bo,
+  fo,
+  Eo
+]), So = e.object({
   ...m,
   trigger_id: k,
-  ...s.shape,
+  ...r.shape,
   hook_id: e.string(),
   url: e.string()
-}), fo = e.object({
+}), Ao = e.object({
   ...m,
   trigger_id: U,
-  ...s.shape,
+  ...r.shape,
   hook_id: e.string(),
   form_id: e.string()
-}), Eo = e.object({
+}), Io = e.object({
   ...m,
   trigger_id: F,
-  ...s.shape,
+  ...r.shape,
   hook_id: e.string(),
   template_id: x
-}), vt = e.union([
-  bo,
-  fo,
-  Eo
-]), So = e.object({
+}), xt = e.union([
+  So,
+  Ao,
+  Io
+]), yo = e.object({
   name: e.string().optional()
-}), Ao = e.object({
+}), Co = e.object({
   email: e.string().optional()
-}), Io = e.object({
+}), Oo = e.object({
   organization_id: e.string().max(50),
-  inviter: So,
-  invitee: Ao,
+  inviter: yo,
+  invitee: Co,
   invitation_url: e.string().url(),
   client_id: e.string(),
   connection_id: e.string().optional(),
@@ -1343,13 +1355,13 @@ const k = e.enum([
   ttl_sec: e.number().int().max(2592e3).default(604800).optional(),
   roles: e.array(e.string()).default([]).optional(),
   send_invitation_email: e.boolean().default(!0).optional()
-}), kt = e.object({
+}), Pt = e.object({
   id: e.string(),
   organization_id: e.string().max(50),
   created_at: e.string().datetime(),
   expires_at: e.string().datetime(),
   ticket_id: e.string().optional()
-}).extend(Io.shape), yo = e.object({
+}).extend(Oo.shape), To = e.object({
   alg: e.enum([
     "RS256",
     "RS384",
@@ -1368,9 +1380,9 @@ const k = e.enum([
   x5t: e.string().optional(),
   x5c: e.array(e.string()).optional(),
   use: e.enum(["sig", "enc"]).optional()
-}), Ut = e.object({
-  keys: e.array(yo)
-}), Ft = e.object({
+}), Mt = e.object({
+  keys: e.array(To)
+}), Ht = e.object({
   issuer: e.string(),
   authorization_endpoint: e.string(),
   token_endpoint: e.string(),
@@ -1392,18 +1404,18 @@ const k = e.enum([
   request_parameter_supported: e.boolean(),
   token_endpoint_auth_signing_alg_values_supported: e.array(e.string())
 });
-var P = /* @__PURE__ */ ((o) => (o.PENDING = "pending", o.AUTHENTICATED = "authenticated", o.AWAITING_EMAIL_VERIFICATION = "awaiting_email_verification", o.AWAITING_HOOK = "awaiting_hook", o.AWAITING_CONTINUATION = "awaiting_continuation", o.COMPLETED = "completed", o.FAILED = "failed", o.EXPIRED = "expired", o))(P || {});
-const Co = e.nativeEnum(P), Oo = e.object({
+var P = /* @__PURE__ */ ((o) => (o.PENDING = "pending", o.AUTHENTICATED = "authenticated", o.AWAITING_EMAIL_VERIFICATION = "awaiting_email_verification", o.AWAITING_MFA = "awaiting_mfa", o.AWAITING_HOOK = "awaiting_hook", o.AWAITING_CONTINUATION = "awaiting_continuation", o.COMPLETED = "completed", o.FAILED = "failed", o.EXPIRED = "expired", o))(P || {});
+const No = e.nativeEnum(P), wo = e.object({
   csrf_token: e.string(),
   auth0Client: e.string().optional(),
-  authParams: Ie,
+  authParams: Ce,
   expires_at: e.string(),
   deleted_at: e.string().optional(),
   ip: e.string().optional(),
   useragent: e.string().optional(),
   session_id: e.string().optional(),
   authorization_url: e.string().optional(),
-  state: Co.optional().default(
+  state: No.optional().default(
     "pending"
     /* PENDING */
   ),
@@ -1416,14 +1428,14 @@ const Co = e.nativeEnum(P), Oo = e.object({
   // The connection used to authenticate (may differ from primary user's connection)
 }).openapi({
   description: "This represents a login sesion"
-}), xt = e.object({
-  ...Oo.shape,
+}), Gt = e.object({
+  ...wo.shape,
   id: e.string().openapi({
     description: "This is is used as the state in the universal login"
   }),
   created_at: e.string(),
   updated_at: e.string()
-}), To = {
+}), Ro = {
   // Network & System
   ACLS_SUMMARY: "acls_summary",
   ACTIONS_EXECUTION_FAILED: "actions_execution_failed",
@@ -1594,24 +1606,24 @@ const Co = e.nativeEnum(P), Oo = e.object({
   WARNING_DURING_LOGIN: "w",
   WARNING_SENDING_NOTIFICATION: "wn",
   WARNING_USER_MANAGEMENT: "wum"
-}, No = e.string().refine(
-  (o) => Object.values(To).includes(o),
+}, jo = e.string().refine(
+  (o) => Object.values(Ro).includes(o),
   { message: "Invalid log type" }
-), Ro = e.object({
+), Do = e.object({
   name: e.string(),
   version: e.string(),
   env: e.object({
     node: e.string().optional()
   }).optional()
-}), wo = e.object({
+}), Lo = e.object({
   country_code: e.string().length(2),
   city_name: e.string(),
   latitude: e.string(),
   longitude: e.string(),
   time_zone: e.string(),
   continent_code: e.string()
-}), jo = e.object({
-  type: No,
+}), vo = e.object({
+  type: jo,
   date: e.string(),
   description: e.string().optional(),
   ip: e.string().optional(),
@@ -1630,19 +1642,19 @@ const Co = e.nativeEnum(P), Oo = e.object({
   strategy: e.string().optional(),
   strategy_type: e.string().optional(),
   hostname: e.string().optional(),
-  auth0_client: Ro.optional(),
+  auth0_client: Do.optional(),
   log_id: e.string().optional(),
-  location_info: wo.optional()
-}), Pt = e.object({
-  ...jo.shape,
+  location_info: Lo.optional()
+}), Bt = e.object({
+  ...vo.shape,
   log_id: e.string()
-}), Do = e.object({
+}), ko = e.object({
   id: e.string().optional(),
   user_id: e.string(),
   password: e.string(),
   algorithm: e.enum(["bcrypt", "argon2id"]).default("argon2id"),
   is_current: e.boolean().default(!0)
-}), Mt = Do.extend({
+}), Wt = ko.extend({
   id: e.string(),
   created_at: e.string(),
   updated_at: e.string()
@@ -1653,7 +1665,7 @@ const Co = e.nativeEnum(P), Oo = e.object({
   last_user_agent: e.string().describe("Last user agent of the device from which this user logged in"),
   last_ip: e.string().describe("Last IP address from which this user logged in"),
   last_asn: e.string().describe("Last autonomous system number from which this user logged in")
-}), Lo = e.object({
+}), Uo = e.object({
   id: e.string(),
   revoked_at: e.string().optional(),
   used_at: e.string().optional(),
@@ -1665,13 +1677,13 @@ const Co = e.nativeEnum(P), Oo = e.object({
     "Metadata related to the device used in the session"
   ),
   clients: e.array(e.string()).describe("List of client details for the session")
-}), Ht = e.object({
+}), Kt = e.object({
   created_at: e.string(),
   updated_at: e.string(),
   authenticated_at: e.string(),
   last_interaction_at: e.string(),
-  ...Lo.shape
-}), Gt = e.object({
+  ...Uo.shape
+}), zt = e.object({
   kid: e.string().openapi({ description: "The key id of the signing key" }),
   cert: e.string().openapi({ description: "The public certificate of the signing key" }),
   fingerprint: e.string().openapi({ description: "The cert fingerprint" }),
@@ -1696,7 +1708,7 @@ const Co = e.nativeEnum(P), Oo = e.object({
   type: e.enum(["jwt_signing", "saml_encryption"]).openapi({
     description: "The type of the signing key"
   })
-}), vo = e.object({
+}), Fo = e.object({
   id: e.string().optional(),
   // Basic settings
   audience: e.string(),
@@ -1822,6 +1834,8 @@ const Co = e.nativeEnum(P), Oo = e.object({
   authorization_response_iss_parameter_supported: e.boolean().optional(),
   // Guardian MFA Factors configuration (internal storage, exposed via /guardian API)
   mfa: e.object({
+    // MFA policy: "never" = MFA disabled, "always" = MFA required for all logins
+    policy: e.enum(["never", "always"]).default("never").optional(),
     // Factor states
     factors: e.object({
       sms: e.boolean().default(!1),
@@ -1849,14 +1863,14 @@ const Co = e.nativeEnum(P), Oo = e.object({
       message: e.string().optional()
     }).optional()
   }).optional()
-}), Bt = e.object({
+}), qt = e.object({
   created_at: e.string().nullable().transform((o) => o ?? ""),
   updated_at: e.string().nullable().transform((o) => o ?? ""),
-  ...vo.shape,
+  ...Fo.shape,
   id: e.string()
 });
-var ko = /* @__PURE__ */ ((o) => (o.RefreshToken = "refresh_token", o.AuthorizationCode = "authorization_code", o.ClientCredential = "client_credentials", o.Passwordless = "passwordless", o.Password = "password", o.OTP = "http://auth0.com/oauth/grant-type/passwordless/otp", o))(ko || {});
-const Wt = e.object({
+var xo = /* @__PURE__ */ ((o) => (o.RefreshToken = "refresh_token", o.AuthorizationCode = "authorization_code", o.ClientCredential = "client_credentials", o.Passwordless = "passwordless", o.Password = "password", o.OTP = "http://auth0.com/oauth/grant-type/passwordless/otp", o))(xo || {});
+const Xt = e.object({
   access_token: e.string(),
   id_token: e.string().optional(),
   scope: e.string().optional(),
@@ -1869,7 +1883,7 @@ e.object({
   code: e.string(),
   state: e.string().optional()
 });
-const Uo = e.object({
+const Po = e.object({
   button_border_radius: e.number(),
   button_border_weight: e.number(),
   buttons_style: e.enum(["pill", "rounded", "sharp"]),
@@ -1879,7 +1893,7 @@ const Uo = e.object({
   show_widget_shadow: e.boolean(),
   widget_border_weight: e.number(),
   widget_corner_radius: e.number()
-}), Fo = e.object({
+}), Mo = e.object({
   base_focus_color: e.string(),
   base_hover_color: e.string(),
   body_text: e.string(),
@@ -1902,7 +1916,7 @@ const Uo = e.object({
 }), g = e.object({
   bold: e.boolean(),
   size: e.number()
-}), xo = e.object({
+}), Ho = e.object({
   body_text: g,
   buttons_text: g,
   font_url: e.string(),
@@ -1912,31 +1926,31 @@ const Uo = e.object({
   reference_text_size: e.number(),
   subtitle: g,
   title: g
-}), Po = e.object({
+}), Go = e.object({
   background_color: e.string(),
   background_image_url: e.string(),
   page_layout: e.enum(["center", "left", "right"])
-}), Mo = e.object({
+}), Bo = e.object({
   header_text_alignment: e.enum(["center", "left", "right"]),
   logo_height: e.number(),
   logo_position: e.enum(["center", "left", "none", "right"]),
   logo_url: e.string(),
   social_buttons_layout: e.enum(["bottom", "top"])
-}), Ho = e.object({
-  borders: Uo,
-  colors: Fo,
+}), Wo = e.object({
+  borders: Po,
+  colors: Mo,
   displayName: e.string(),
-  fonts: xo,
-  page_background: Po,
-  widget: Mo
-}), Kt = Ho.extend({
+  fonts: Ho,
+  page_background: Go,
+  widget: Bo
+}), Vt = Wo.extend({
   themeId: e.string()
-}), zt = e.object({
+}), Yt = e.object({
   universal_login_experience: e.enum(["new", "classic"]).default("new"),
   identifier_first: e.boolean().default(!0),
   password_first: e.boolean().default(!1),
   webauthn_platform_first_factor: e.boolean()
-}), Xt = e.object({
+}), Qt = e.object({
   name: e.string(),
   enabled: e.boolean().optional().default(!0),
   default_from_address: e.string().optional(),
@@ -1966,7 +1980,7 @@ const Uo = e.object({
     })
   ]),
   settings: e.object({}).optional()
-}), Go = e.object({
+}), Ko = e.object({
   // The actual refresh token value (primary key).
   id: e.string(),
   // Link to the login session
@@ -1987,21 +2001,21 @@ const Uo = e.object({
     })
   ),
   rotating: e.boolean()
-}), qt = e.object({
+}), Zt = e.object({
   // When the refresh token record was created.
   created_at: e.string(),
   // Spread in the rest of the refresh token properties.
-  ...Go.shape
-}), Vt = e.object({
+  ...Ko.shape
+}), Jt = e.object({
   to: e.string(),
   message: e.string()
-}), Yt = e.object({
+}), $t = e.object({
   name: e.string(),
   options: e.object({})
-}), Bo = e.object({
+}), zo = e.object({
   value: e.string(),
   description: e.string().optional()
-}), Wo = e.object({
+}), qo = e.object({
   token_dialect: e.enum(["access_token", "access_token_authz"]).optional(),
   enforce_policies: e.boolean().optional(),
   allow_skipping_userinfo: e.boolean().optional(),
@@ -2011,11 +2025,11 @@ const Uo = e.object({
   mtls: e.object({
     bound_access_tokens: e.boolean().optional()
   }).optional()
-}), Ko = e.object({
+}), Xo = e.object({
   id: e.string().optional(),
   name: e.string(),
   identifier: e.string(),
-  scopes: e.array(Bo).optional(),
+  scopes: e.array(zo).optional(),
   signing_alg: e.string().optional(),
   signing_secret: e.string().optional(),
   token_lifetime: e.number().optional(),
@@ -2023,30 +2037,30 @@ const Uo = e.object({
   skip_consent_for_verifiable_first_party_clients: e.boolean().optional(),
   allow_offline_access: e.boolean().optional(),
   verificationKey: e.string().optional(),
-  options: Wo.optional(),
+  options: qo.optional(),
   is_system: e.boolean().optional(),
   metadata: e.record(e.any()).optional()
-}), zo = e.object({
-  ...Ko.shape,
+}), Vo = e.object({
+  ...Xo.shape,
   created_at: e.string().optional(),
   updated_at: e.string().optional()
-}), Qt = e.array(zo), Xo = e.object({
+}), en = e.array(Vo), Yo = e.object({
   role_id: e.string(),
   resource_server_identifier: e.string(),
   permission_name: e.string()
-}), qo = e.object({
-  ...Xo.shape,
+}), Qo = e.object({
+  ...Yo.shape,
   created_at: e.string()
-}), Jt = e.array(qo), Vo = e.object({
+}), on = e.array(Qo), Zo = e.object({
   user_id: e.string(),
   resource_server_identifier: e.string(),
   permission_name: e.string(),
   organization_id: e.string().optional()
-}), Yo = e.object({
-  ...Vo.shape,
+}), Jo = e.object({
+  ...Zo.shape,
   tenant_id: e.string(),
   created_at: e.string().optional()
-}), Zt = e.array(Yo), Qo = e.object({
+}), tn = e.array(Jo), $o = e.object({
   user_id: e.string(),
   resource_server_identifier: e.string(),
   resource_server_name: e.string(),
@@ -2054,17 +2068,17 @@ const Uo = e.object({
   description: e.string().nullable().optional(),
   created_at: e.string().optional(),
   organization_id: e.string().optional()
-}), $t = e.array(
-  Qo
-), Jo = e.object({
+}), nn = e.array(
+  $o
+), et = e.object({
   user_id: e.string(),
   role_id: e.string(),
   organization_id: e.string().optional()
-}), Zo = e.object({
-  ...Jo.shape,
+}), ot = e.object({
+  ...et.shape,
   tenant_id: e.string(),
   created_at: e.string().optional()
-}), en = e.array(Zo), $o = e.object({
+}), an = e.array(ot), tt = e.object({
   id: e.string().optional().openapi({
     description: "The unique identifier of the role. If not provided, one will be generated."
   }),
@@ -2078,13 +2092,13 @@ const Uo = e.object({
   metadata: e.record(e.any()).optional().openapi({
     description: "Metadata associated with the role. Can be used to control sync behavior in multi-tenancy scenarios."
   })
-}), et = $o.extend({
+}), nt = tt.extend({
   id: e.string().openapi({
     description: "The unique identifier of the role"
   }),
   created_at: e.string().optional(),
   updated_at: e.string().optional()
-}), on = e.array(et), ot = e.object({
+}), sn = e.array(nt), it = e.object({
   logo_url: e.string().optional().openapi({
     description: "URL of the organization's logo"
   }),
@@ -2096,7 +2110,7 @@ const Uo = e.object({
       description: "Page background color in hex format (e.g., #FFFFFF)"
     })
   }).optional()
-}).optional(), tt = e.object({
+}).optional(), at = e.object({
   connection_id: e.string().openapi({
     description: "ID of the connection"
   }),
@@ -2109,7 +2123,7 @@ const Uo = e.object({
   is_signup_enabled: e.boolean().default(!0).openapi({
     description: "Whether signup is enabled for this connection"
   })
-}), nt = e.object({
+}), st = e.object({
   client_credentials: e.object({
     enforce: e.boolean().default(!1).openapi({
       description: "Whether to enforce token quota limits"
@@ -2121,7 +2135,7 @@ const Uo = e.object({
       description: "Maximum tokens per hour (0 = unlimited)"
     })
   }).optional()
-}).optional(), it = e.object({
+}).optional(), rt = e.object({
   id: e.string().optional(),
   name: e.string().min(1).regex(/^[a-z0-9_-]+$/, {
     message: "Organization name must be lowercase and can only contain letters, numbers, hyphens, and underscores"
@@ -2131,34 +2145,34 @@ const Uo = e.object({
   display_name: e.string().optional().openapi({
     description: "The display name of the organization"
   }),
-  branding: ot,
+  branding: it,
   metadata: e.record(e.any()).default({}).optional().openapi({
     description: "Custom metadata for the organization"
   }),
-  enabled_connections: e.array(tt).default([]).optional().openapi({
+  enabled_connections: e.array(at).default([]).optional().openapi({
     description: "List of enabled connections for the organization"
   }),
-  token_quota: nt
-}), tn = e.object({
-  ...it.shape,
-  ...s.shape,
+  token_quota: st
+}), rn = e.object({
+  ...rt.shape,
+  ...r.shape,
   id: e.string(),
   // Override name to be lenient when reading from database (to support existing uppercase names)
   name: e.string().min(1).openapi({
     description: "The name of the organization"
   })
-}), at = e.object({
+}), lt = e.object({
   user_id: e.string().openapi({
     description: "ID of the user"
   }),
   organization_id: e.string().openapi({
     description: "ID of the organization"
   })
-}), nn = e.object({
-  ...at.shape,
-  ...s.shape,
+}), ln = e.object({
+  ...lt.shape,
+  ...r.shape,
   id: e.string()
-}), an = e.object({
+}), pn = e.object({
   // Session settings
   idle_session_lifetime: e.number().optional(),
   session_lifetime: e.number().optional(),
@@ -2229,6 +2243,8 @@ const Uo = e.object({
   }).optional(),
   // Guardian MFA Factors configuration (internal storage, exposed via /guardian API)
   mfa: e.object({
+    // MFA policy: "never" = MFA disabled, "always" = MFA required for all logins
+    policy: e.enum(["never", "always"]).default("never").optional(),
     // Factor states
     factors: e.object({
       sms: e.boolean().default(!1),
@@ -2256,7 +2272,7 @@ const Uo = e.object({
       message: e.string().optional()
     }).optional()
   }).optional()
-}), rn = e.object({
+}), cn = e.object({
   date: e.string().openapi({
     description: "Date these events occurred in ISO 8601 format",
     example: "2025-12-19"
@@ -2281,10 +2297,10 @@ const Uo = e.object({
     description: "Approximate date and time the first event occurred in ISO 8601 format",
     example: "2025-12-19T00:00:00.000Z"
   })
-}), sn = e.number().openapi({
+}), _n = e.number().openapi({
   description: "Number of active users in the last 30 days",
   example: 1234
-}), rt = e.enum([
+}), pt = e.enum([
   "login",
   "login-id",
   "login-password",
@@ -2299,7 +2315,6 @@ const Uo = e.object({
   "mfa-voice",
   "mfa-phone",
   "mfa-webauthn",
-  "mfa-sms",
   "mfa-email",
   "mfa-recovery-code",
   "status",
@@ -2313,17 +2328,17 @@ const Uo = e.object({
   "captcha",
   "custom-form",
   "login-passwordless"
-]), st = e.record(e.string(), e.record(e.string(), e.string())).openapi({
+]), ct = e.record(e.string(), e.record(e.string(), e.string())).openapi({
   type: "object",
   additionalProperties: {
     type: "object",
     additionalProperties: { type: "string" }
   }
-}), ln = e.object({
-  prompt: rt,
+}), dn = e.object({
+  prompt: pt,
   language: e.string(),
-  custom_text: st
-}), pn = {
+  custom_text: ct
+}), gn = {
   EMAIL: "email",
   SMS: "sms",
   USERNAME_PASSWORD: "Username-Password-Authentication",
@@ -2338,18 +2353,47 @@ const Uo = e.object({
   SAMLP: "samlp",
   WAAD: "waad",
   ADFS: "adfs"
-}, cn = {
+}, un = {
   DATABASE: "database",
   SOCIAL: "social",
   PASSWORDLESS: "passwordless"
-};
-function _n(o) {
+}, _t = e.enum([
+  "phone",
+  "totp",
+  "email",
+  "push",
+  "webauthn"
+]), H = e.object({
+  user_id: e.string(),
+  type: _t,
+  phone_number: e.string().optional(),
+  totp_secret: e.string().optional(),
+  confirmed: e.boolean().default(!1)
+});
+function G(o, n) {
+  o.type === "phone" && !o.phone_number && n.addIssue({
+    code: e.ZodIssueCode.custom,
+    message: "phone_number is required when type is 'phone'",
+    path: ["phone_number"]
+  }), o.type === "totp" && !o.totp_secret && n.addIssue({
+    code: e.ZodIssueCode.custom,
+    message: "totp_secret is required when type is 'totp'",
+    path: ["totp_secret"]
+  });
+}
+const mn = H.superRefine(G), hn = e.object({
+  ...H.shape,
+  id: e.string(),
+  created_at: e.string(),
+  updated_at: e.string()
+}).superRefine(G);
+function bn(o) {
   const [n, i] = o.split("|");
   if (!n || !i)
     throw new Error(`Invalid user_id: ${o}`);
   return { connection: n, id: i };
 }
-function dn(o) {
+function fn(o) {
   const {
     primary: n,
     secondaries: i,
@@ -2361,16 +2405,16 @@ function dn(o) {
       const c = p[a];
       return typeof c != "function" ? c : T.includes(a) ? async (..._) => {
         const S = await c.apply(p, _), d = [];
-        for (const r of i) {
-          const h = r.adapter[a];
+        for (const s of i) {
+          const h = s.adapter[a];
           if (typeof h != "function")
             continue;
           const A = (async () => {
             try {
-              await h.apply(r.adapter, _);
+              await h.apply(s.adapter, _);
             } catch (b) {
               try {
-                r.onError ? r.onError(b, a, _) : console.error(
+                s.onError ? s.onError(b, a, _) : console.error(
                   `Passthrough adapter: secondary write failed for ${a}:`,
                   b
                 );
@@ -2382,7 +2426,7 @@ function dn(o) {
               }
             }
           })();
-          r.blocking && d.push(A);
+          s.blocking && d.push(A);
         }
         return d.length > 0 && await Promise.all(d), S;
       } : c.bind(p);
@@ -2390,11 +2434,11 @@ function dn(o) {
   };
   return new Proxy(n, E);
 }
-function gn(o) {
+function En(o) {
   return o;
 }
-function un(o) {
-  var E, p, a, c, _, S, d, r, h, A, b, I;
+function Sn(o) {
+  var E, p, a, c, _, S, d, s, h, A, b, I;
   const n = o == null ? void 0 : o.options;
   if (!n)
     return {
@@ -2405,12 +2449,12 @@ function un(o) {
     };
   const i = n.attributes;
   if (i) {
-    const H = ((p = (E = i.username) == null ? void 0 : E.identifier) == null ? void 0 : p.active) === !0, G = ((c = (a = i.email) == null ? void 0 : a.identifier) == null ? void 0 : c.active) !== !1, B = ((S = (_ = i.username) == null ? void 0 : _.validation) == null ? void 0 : S.min_length) ?? 1, W = ((r = (d = i.username) == null ? void 0 : d.validation) == null ? void 0 : r.max_length) ?? 15;
+    const B = ((p = (E = i.username) == null ? void 0 : E.identifier) == null ? void 0 : p.active) === !0, W = ((c = (a = i.email) == null ? void 0 : a.identifier) == null ? void 0 : c.active) !== !1, K = ((S = (_ = i.username) == null ? void 0 : _.validation) == null ? void 0 : S.min_length) ?? 1, z = ((s = (d = i.username) == null ? void 0 : d.validation) == null ? void 0 : s.max_length) ?? 15;
     return {
-      usernameIdentifierActive: H,
-      emailIdentifierActive: G,
-      usernameMinLength: B,
-      usernameMaxLength: W
+      usernameIdentifierActive: B,
+      emailIdentifierActive: W,
+      usernameMinLength: K,
+      usernameMaxLength: z
     };
   }
   return {
@@ -2421,160 +2465,163 @@ function un(o) {
   };
 }
 export {
-  ct as Auth0ActionEnum,
-  Ro as Auth0Client,
+  ut as Auth0ActionEnum,
+  Do as Auth0Client,
   D as AuthorizationResponseMode,
   j as AuthorizationResponseType,
   L as CodeChallengeMethod,
-  w as ComponentCategory,
-  R as ComponentType,
-  _t as EmailActionEnum,
-  Ct as FORM_FIELD_TYPES,
-  pt as FlowActionTypeEnum,
-  ko as GrantType,
-  wo as LocationInfo,
-  To as LogTypes,
+  R as ComponentCategory,
+  w as ComponentType,
+  mt as EmailActionEnum,
+  wt as FORM_FIELD_TYPES,
+  gt as FlowActionTypeEnum,
+  xo as GrantType,
+  Lo as LocationInfo,
+  Ro as LogTypes,
   P as LoginSessionState,
-  ge as NodeType,
-  q as RedirectTargetEnum,
-  pn as Strategy,
-  cn as StrategyType,
-  he as actionNodeSchema,
-  sn as activeUsersResponseSchema,
-  $ as addressSchema,
-  Et as auth0FlowInsertSchema,
-  Ae as auth0FlowSchema,
-  gt as auth0QuerySchema,
-  z as auth0UpdateUserActionSchema,
-  mt as auth0UserResponseSchema,
-  Ie as authParamsSchema,
+  me as NodeType,
+  Y as RedirectTargetEnum,
+  gn as Strategy,
+  un as StrategyType,
+  fe as actionNodeSchema,
+  _n as activeUsersResponseSchema,
+  oe as addressSchema,
+  yt as auth0FlowInsertSchema,
+  ye as auth0FlowSchema,
+  bt as auth0QuerySchema,
+  X as auth0UpdateUserActionSchema,
+  Et as auth0UserResponseSchema,
+  Ce as authParamsSchema,
   N as baseUserSchema,
-  no as blockComponentSchema,
-  Uo as bordersSchema,
-  St as brandingSchema,
-  le as buttonComponentSchema,
-  ae as clientGrantInsertSchema,
-  ft as clientGrantListSchema,
-  re as clientGrantSchema,
-  ie as clientInsertSchema,
-  bt as clientSchema,
-  Ce as codeInsertSchema,
-  At as codeSchema,
-  ye as codeTypeSchema,
-  Fo as colorsSchema,
-  _o as componentMessageSchema,
-  de as componentSchema,
-  Te as connectionInsertSchema,
-  Oe as connectionOptionsSchema,
-  It as connectionSchema,
+  so as blockComponentSchema,
+  Po as bordersSchema,
+  Ct as brandingSchema,
+  ce as buttonComponentSchema,
+  re as clientGrantInsertSchema,
+  It as clientGrantListSchema,
+  le as clientGrantSchema,
+  se as clientInsertSchema,
+  At as clientSchema,
+  Te as codeInsertSchema,
+  Ot as codeSchema,
+  Oe as codeTypeSchema,
+  Mo as colorsSchema,
+  mo as componentMessageSchema,
+  ue as componentSchema,
+  we as connectionInsertSchema,
+  Ne as connectionOptionsSchema,
+  Tt as connectionSchema,
   u as coordinatesSchema,
-  dn as createPassthroughAdapter,
-  gn as createWriteOnlyAdapter,
-  Ne as customDomainInsertSchema,
-  we as customDomainSchema,
-  yt as customDomainWithTenantIdSchema,
-  ln as customTextEntrySchema,
-  st as customTextSchema,
-  rn as dailyStatsSchema,
-  Xt as emailProviderSchema,
-  K as emailVerificationRulesSchema,
-  X as emailVerifyActionSchema,
-  Se as endingSchema,
-  ao as fieldComponentSchema,
-  Y as flowActionStepSchema,
-  Q as flowInsertSchema,
-  dt as flowSchema,
-  ce as flowsFieldComponentSchema,
-  me as flowsFlowNodeSchema,
-  ue as flowsStepNodeSchema,
+  fn as createPassthroughAdapter,
+  En as createWriteOnlyAdapter,
+  Re as customDomainInsertSchema,
+  De as customDomainSchema,
+  Nt as customDomainWithTenantIdSchema,
+  dn as customTextEntrySchema,
+  ct as customTextSchema,
+  cn as dailyStatsSchema,
+  Qt as emailProviderSchema,
+  q as emailVerificationRulesSchema,
+  V as emailVerifyActionSchema,
+  Ie as endingSchema,
+  lo as fieldComponentSchema,
+  Z as flowActionStepSchema,
+  J as flowInsertSchema,
+  ht as flowSchema,
+  de as flowsFieldComponentSchema,
+  be as flowsFlowNodeSchema,
+  he as flowsStepNodeSchema,
   g as fontDetailsSchema,
-  xo as fontsSchema,
-  Ot as formControlSchema,
-  co as formInsertSchema,
+  Ho as fontsSchema,
+  Rt as formControlSchema,
+  uo as formInsertSchema,
   v as formNodeComponentDefinition,
-  po as formNodeSchema,
-  Tt as formSchema,
-  _e as genericComponentSchema,
-  be as genericNodeSchema,
-  un as getConnectionIdentifierConfig,
-  Lt as hookInsertSchema,
-  vt as hookSchema,
+  go as formNodeSchema,
+  jt as formSchema,
+  ge as genericComponentSchema,
+  Ee as genericNodeSchema,
+  Sn as getConnectionIdentifierConfig,
+  Ft as hookInsertSchema,
+  xt as hookSchema,
   x as hookTemplateId,
-  Dt as hookTemplates,
-  Z as identitySchema,
-  Io as inviteInsertSchema,
-  kt as inviteSchema,
-  Ao as inviteeSchema,
-  So as inviterSchema,
-  Rt as isBlockComponent,
-  jt as isFieldComponent,
-  wt as isWidgetComponent,
-  Ut as jwksKeySchema,
-  yo as jwksSchema,
-  pe as legalComponentSchema,
-  jo as logInsertSchema,
-  Pt as logSchema,
-  Oo as loginSessionInsertSchema,
-  xt as loginSessionSchema,
-  Co as loginSessionStateSchema,
-  fe as nodeSchema,
-  Ft as openIDConfigurationSchema,
-  ot as organizationBrandingSchema,
-  tt as organizationEnabledConnectionSchema,
-  it as organizationInsertSchema,
-  tn as organizationSchema,
-  nt as organizationTokenQuotaSchema,
-  Po as pageBackgroundSchema,
-  _n as parseUserId,
-  Do as passwordInsertSchema,
-  Mt as passwordSchema,
-  J as profileDataSchema,
-  rt as promptScreenSchema,
-  zt as promptSettingSchema,
-  V as redirectActionSchema,
-  Go as refreshTokenInsertSchema,
-  qt as refreshTokenSchema,
-  Ko as resourceServerInsertSchema,
-  Qt as resourceServerListSchema,
-  Wo as resourceServerOptionsSchema,
-  zo as resourceServerSchema,
-  Bo as resourceServerScopeSchema,
-  se as richTextComponentSchema,
-  $o as roleInsertSchema,
-  on as roleListSchema,
-  Xo as rolePermissionInsertSchema,
-  Jt as rolePermissionListSchema,
-  qo as rolePermissionSchema,
-  et as roleSchema,
-  go as screenLinkSchema,
-  Lo as sessionInsertSchema,
-  Ht as sessionSchema,
-  Gt as signingKeySchema,
-  Yt as smsProviderSchema,
-  Vt as smsSendParamsSchema,
-  Ee as startSchema,
-  vo as tenantInsertSchema,
-  Bt as tenantSchema,
-  an as tenantSettingsSchema,
-  Ho as themeInsertSchema,
-  Kt as themeSchema,
-  Wt as tokenResponseSchema,
-  ut as totalsSchema,
-  Nt as uiScreenSchema,
-  ee as userInsertSchema,
-  at as userOrganizationInsertSchema,
-  nn as userOrganizationSchema,
-  Vo as userPermissionInsertSchema,
-  Zt as userPermissionListSchema,
-  Yo as userPermissionSchema,
-  $t as userPermissionWithDetailsListSchema,
-  Qo as userPermissionWithDetailsSchema,
-  ht as userResponseSchema,
-  Jo as userRoleInsertSchema,
-  en as userRoleListSchema,
-  Zo as userRoleSchema,
-  oe as userSchema,
-  Re as verificationMethodsSchema,
-  io as widgetComponentSchema,
-  Mo as widgetSchema
+  Ut as hookTemplates,
+  ee as identitySchema,
+  Oo as inviteInsertSchema,
+  Pt as inviteSchema,
+  Co as inviteeSchema,
+  yo as inviterSchema,
+  Lt as isBlockComponent,
+  kt as isFieldComponent,
+  vt as isWidgetComponent,
+  Mt as jwksKeySchema,
+  To as jwksSchema,
+  _e as legalComponentSchema,
+  vo as logInsertSchema,
+  Bt as logSchema,
+  wo as loginSessionInsertSchema,
+  Gt as loginSessionSchema,
+  No as loginSessionStateSchema,
+  mn as mfaEnrollmentInsertSchema,
+  hn as mfaEnrollmentSchema,
+  _t as mfaEnrollmentTypeSchema,
+  Se as nodeSchema,
+  Ht as openIDConfigurationSchema,
+  it as organizationBrandingSchema,
+  at as organizationEnabledConnectionSchema,
+  rt as organizationInsertSchema,
+  rn as organizationSchema,
+  st as organizationTokenQuotaSchema,
+  Go as pageBackgroundSchema,
+  bn as parseUserId,
+  ko as passwordInsertSchema,
+  Wt as passwordSchema,
+  $ as profileDataSchema,
+  pt as promptScreenSchema,
+  Yt as promptSettingSchema,
+  Q as redirectActionSchema,
+  Ko as refreshTokenInsertSchema,
+  Zt as refreshTokenSchema,
+  Xo as resourceServerInsertSchema,
+  en as resourceServerListSchema,
+  qo as resourceServerOptionsSchema,
+  Vo as resourceServerSchema,
+  zo as resourceServerScopeSchema,
+  pe as richTextComponentSchema,
+  tt as roleInsertSchema,
+  sn as roleListSchema,
+  Yo as rolePermissionInsertSchema,
+  on as rolePermissionListSchema,
+  Qo as rolePermissionSchema,
+  nt as roleSchema,
+  ho as screenLinkSchema,
+  Uo as sessionInsertSchema,
+  Kt as sessionSchema,
+  zt as signingKeySchema,
+  $t as smsProviderSchema,
+  Jt as smsSendParamsSchema,
+  Ae as startSchema,
+  Fo as tenantInsertSchema,
+  qt as tenantSchema,
+  pn as tenantSettingsSchema,
+  Wo as themeInsertSchema,
+  Vt as themeSchema,
+  Xt as tokenResponseSchema,
+  ft as totalsSchema,
+  Dt as uiScreenSchema,
+  te as userInsertSchema,
+  lt as userOrganizationInsertSchema,
+  ln as userOrganizationSchema,
+  Zo as userPermissionInsertSchema,
+  tn as userPermissionListSchema,
+  Jo as userPermissionSchema,
+  nn as userPermissionWithDetailsListSchema,
+  $o as userPermissionWithDetailsSchema,
+  St as userResponseSchema,
+  et as userRoleInsertSchema,
+  an as userRoleListSchema,
+  ot as userRoleSchema,
+  ne as userSchema,
+  je as verificationMethodsSchema,
+  ro as widgetComponentSchema,
+  Bo as widgetSchema
 };