npm - @authhero/drizzle - Versions diffs - 0.43.2 → 0.43.3 - Mend

@authhero/drizzle 0.43.2 → 0.43.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/drizzle-adapter.cjs +2 -2
package/dist/drizzle-adapter.mjs +135 -127
package/package.json +2 -2
package/src/schema/sqlite/clients.ts +1 -0

package/dist/drizzle-adapter.mjs CHANGED Viewed

@@ -1580,7 +1580,8 @@ const B = $("tenants", {
     connections: s("connections").notNull().default("[]"),
     owner_user_id: s("owner_user_id", { length: 255 }),
     registration_type: s("registration_type", { length: 32 }),
-    registration_metadata: s("registration_metadata")
+    registration_metadata: s("registration_metadata"),
+    user_linking_mode: s("user_linking_mode", { length: 16 })
   },
   (n) => [
     Te({
@@ -3011,7 +3012,7 @@ var Xn;
     // second overwrites first
   });
 })(Xn || (Xn = {}));
-const x = H.arrayToEnum([
+const k = H.arrayToEnum([
   "string",
   "nan",
   "number",
@@ -3035,23 +3036,23 @@ const x = H.arrayToEnum([
 ]), We = (n) => {
   switch (typeof n) {
     case "undefined":
-      return x.undefined;
+      return k.undefined;
     case "string":
-      return x.string;
+      return k.string;
     case "number":
-      return Number.isNaN(n) ? x.nan : x.number;
+      return Number.isNaN(n) ? k.nan : k.number;
     case "boolean":
-      return x.boolean;
+      return k.boolean;
     case "function":
-      return x.function;
+      return k.function;
     case "bigint":
-      return x.bigint;
+      return k.bigint;
     case "symbol":
-      return x.symbol;
+      return k.symbol;
     case "object":
-      return Array.isArray(n) ? x.array : n === null ? x.null : n.then && typeof n.then == "function" && n.catch && typeof n.catch == "function" ? x.promise : typeof Map < "u" && n instanceof Map ? x.map : typeof Set < "u" && n instanceof Set ? x.set : typeof Date < "u" && n instanceof Date ? x.date : x.object;
+      return Array.isArray(n) ? k.array : n === null ? k.null : n.then && typeof n.then == "function" && n.catch && typeof n.catch == "function" ? k.promise : typeof Map < "u" && n instanceof Map ? k.map : typeof Set < "u" && n instanceof Set ? k.set : typeof Date < "u" && n instanceof Date ? k.date : k.object;
     default:
-      return x.unknown;
+      return k.unknown;
   }
 }, N = H.arrayToEnum([
   "invalid_type",
@@ -3139,7 +3140,7 @@ const ln = (n, e) => {
   let t;
   switch (n.code) {
     case N.invalid_type:
-      n.received === x.undefined ? t = "Required" : t = `Expected ${n.expected}, received ${n.received}`;
+      n.received === k.undefined ? t = "Required" : t = `Expected ${n.expected}, received ${n.received}`;
       break;
     case N.invalid_literal:
       t = `Invalid literal value, expected ${JSON.stringify(n.expected, H.jsonStringifyReplacer)}`;
@@ -3573,11 +3574,11 @@ function Us(n, e) {
 }
 class Ze extends q {
   _parse(e) {
-    if (this._def.coerce && (e.data = String(e.data)), this._getType(e) !== x.string) {
+    if (this._def.coerce && (e.data = String(e.data)), this._getType(e) !== k.string) {
       const r = this._getOrReturnCtx(e);
       return E(r, {
         code: N.invalid_type,
-        expected: x.string,
+        expected: k.string,
         received: r.parsedType
       }), R;
     }
@@ -3963,11 +3964,11 @@ class yt extends q {
     super(...arguments), this.min = this.gte, this.max = this.lte, this.step = this.multipleOf;
   }
   _parse(e) {
-    if (this._def.coerce && (e.data = Number(e.data)), this._getType(e) !== x.number) {
+    if (this._def.coerce && (e.data = Number(e.data)), this._getType(e) !== k.number) {
       const r = this._getOrReturnCtx(e);
       return E(r, {
         code: N.invalid_type,
-        expected: x.number,
+        expected: k.number,
         received: r.parsedType
       }), R;
     }
@@ -4141,7 +4142,7 @@ class Et extends q {
       } catch {
         return this._getInvalidInput(e);
       }
-    if (this._getType(e) !== x.bigint)
+    if (this._getType(e) !== k.bigint)
       return this._getInvalidInput(e);
     let i;
     const a = new ke();
@@ -4169,7 +4170,7 @@ class Et extends q {
     const t = this._getOrReturnCtx(e);
     return E(t, {
       code: N.invalid_type,
-      expected: x.bigint,
+      expected: k.bigint,
       received: t.parsedType
     }), R;
   }
@@ -4265,11 +4266,11 @@ Et.create = (n) => new Et({
 });
 class dn extends q {
   _parse(e) {
-    if (this._def.coerce && (e.data = !!e.data), this._getType(e) !== x.boolean) {
+    if (this._def.coerce && (e.data = !!e.data), this._getType(e) !== k.boolean) {
       const i = this._getOrReturnCtx(e);
       return E(i, {
         code: N.invalid_type,
-        expected: x.boolean,
+        expected: k.boolean,
         received: i.parsedType
       }), R;
     }
@@ -4283,11 +4284,11 @@ dn.create = (n) => new dn({
 });
 class zt extends q {
   _parse(e) {
-    if (this._def.coerce && (e.data = new Date(e.data)), this._getType(e) !== x.date) {
+    if (this._def.coerce && (e.data = new Date(e.data)), this._getType(e) !== k.date) {
       const r = this._getOrReturnCtx(e);
       return E(r, {
         code: N.invalid_type,
-        expected: x.date,
+        expected: k.date,
         received: r.parsedType
       }), R;
     }
@@ -4361,11 +4362,11 @@ zt.create = (n) => new zt({
 });
 class ti extends q {
   _parse(e) {
-    if (this._getType(e) !== x.symbol) {
+    if (this._getType(e) !== k.symbol) {
       const i = this._getOrReturnCtx(e);
       return E(i, {
         code: N.invalid_type,
-        expected: x.symbol,
+        expected: k.symbol,
         received: i.parsedType
       }), R;
     }
@@ -4378,11 +4379,11 @@ ti.create = (n) => new ti({
 });
 class cn extends q {
   _parse(e) {
-    if (this._getType(e) !== x.undefined) {
+    if (this._getType(e) !== k.undefined) {
       const i = this._getOrReturnCtx(e);
       return E(i, {
         code: N.invalid_type,
-        expected: x.undefined,
+        expected: k.undefined,
         received: i.parsedType
       }), R;
     }
@@ -4395,11 +4396,11 @@ cn.create = (n) => new cn({
 });
 class _n extends q {
   _parse(e) {
-    if (this._getType(e) !== x.null) {
+    if (this._getType(e) !== k.null) {
       const i = this._getOrReturnCtx(e);
       return E(i, {
         code: N.invalid_type,
-        expected: x.null,
+        expected: k.null,
         received: i.parsedType
       }), R;
     }
@@ -4439,7 +4440,7 @@ class et extends q {
     const t = this._getOrReturnCtx(e);
     return E(t, {
       code: N.invalid_type,
-      expected: x.never,
+      expected: k.never,
       received: t.parsedType
     }), R;
   }
@@ -4450,11 +4451,11 @@ et.create = (n) => new et({
 });
 class ni extends q {
   _parse(e) {
-    if (this._getType(e) !== x.undefined) {
+    if (this._getType(e) !== k.undefined) {
       const i = this._getOrReturnCtx(e);
       return E(i, {
         code: N.invalid_type,
-        expected: x.void,
+        expected: k.void,
         received: i.parsedType
       }), R;
     }
@@ -4468,10 +4469,10 @@ ni.create = (n) => new ni({
 class $e extends q {
   _parse(e) {
     const { ctx: t, status: i } = this._processInputParams(e), a = this._def;
-    if (t.parsedType !== x.array)
+    if (t.parsedType !== k.array)
       return E(t, {
         code: N.invalid_type,
-        expected: x.array,
+        expected: k.array,
         received: t.parsedType
       }), R;
     if (a.exactLength !== null) {
@@ -4565,11 +4566,11 @@ class le extends q {
     return this._cached = { shape: e, keys: t }, this._cached;
   }
   _parse(e) {
-    if (this._getType(e) !== x.object) {
+    if (this._getType(e) !== k.object) {
       const f = this._getOrReturnCtx(e);
       return E(f, {
         code: N.invalid_type,
-        expected: x.object,
+        expected: k.object,
         received: f.parsedType
       }), R;
     }
@@ -4919,10 +4920,10 @@ const Je = (n) => n instanceof pn ? Je(n.schema) : n instanceof tt ? Je(n.innerT
 class gn extends q {
   _parse(e) {
     const { ctx: t } = this._processInputParams(e);
-    if (t.parsedType !== x.object)
+    if (t.parsedType !== k.object)
       return E(t, {
         code: N.invalid_type,
-        expected: x.object,
+        expected: k.object,
         received: t.parsedType
       }), R;
     const i = this.discriminator, a = t.data[i], r = this.optionsMap.get(a);
@@ -4982,7 +4983,7 @@ function ii(n, e) {
   const t = We(n), i = We(e);
   if (n === e)
     return { valid: !0, data: n };
-  if (t === x.object && i === x.object) {
+  if (t === k.object && i === k.object) {
     const a = H.objectKeys(e), r = H.objectKeys(n).filter((d) => a.indexOf(d) !== -1), l = { ...n, ...e };
     for (const d of r) {
       const u = ii(n[d], e[d]);
@@ -4991,7 +4992,7 @@ function ii(n, e) {
       l[d] = u.data;
     }
     return { valid: !0, data: l };
-  } else if (t === x.array && i === x.array) {
+  } else if (t === k.array && i === k.array) {
     if (n.length !== e.length)
       return { valid: !1 };
     const a = [];
@@ -5002,7 +5003,7 @@ function ii(n, e) {
       a.push(u.data);
     }
     return { valid: !0, data: a };
-  } else return t === x.date && i === x.date && +n == +e ? { valid: !0, data: n } : { valid: !1 };
+  } else return t === k.date && i === k.date && +n == +e ? { valid: !0, data: n } : { valid: !1 };
 }
 class Mt extends q {
   _parse(e) {
@@ -5045,10 +5046,10 @@ Mt.create = (n, e, t) => new Mt({
 class st extends q {
   _parse(e) {
     const { status: t, ctx: i } = this._processInputParams(e);
-    if (i.parsedType !== x.array)
+    if (i.parsedType !== k.array)
       return E(i, {
         code: N.invalid_type,
-        expected: x.array,
+        expected: k.array,
         received: i.parsedType
       }), R;
     if (i.data.length < this._def.items.length)
@@ -5101,10 +5102,10 @@ class qt extends q {
   }
   _parse(e) {
     const { status: t, ctx: i } = this._processInputParams(e);
-    if (i.parsedType !== x.object)
+    if (i.parsedType !== k.object)
       return E(i, {
         code: N.invalid_type,
-        expected: x.object,
+        expected: k.object,
         received: i.parsedType
       }), R;
     const a = [], r = this._def.keyType, l = this._def.valueType;
@@ -5142,10 +5143,10 @@ class ai extends q {
   }
   _parse(e) {
     const { status: t, ctx: i } = this._processInputParams(e);
-    if (i.parsedType !== x.map)
+    if (i.parsedType !== k.map)
       return E(i, {
         code: N.invalid_type,
-        expected: x.map,
+        expected: k.map,
         received: i.parsedType
       }), R;
     const a = this._def.keyType, r = this._def.valueType, l = [...i.data.entries()].map(([d, u], f) => ({
@@ -5184,10 +5185,10 @@ ai.create = (n, e, t) => new ai({
 class xt extends q {
   _parse(e) {
     const { status: t, ctx: i } = this._processInputParams(e);
-    if (i.parsedType !== x.set)
+    if (i.parsedType !== k.set)
       return E(i, {
         code: N.invalid_type,
-        expected: x.set,
+        expected: k.set,
         received: i.parsedType
       }), R;
     const a = this._def;
@@ -5345,7 +5346,7 @@ lt.create = _r;
 class $t extends q {
   _parse(e) {
     const t = H.getValidEnumValues(this._def.values), i = this._getOrReturnCtx(e);
-    if (i.parsedType !== x.string && i.parsedType !== x.number) {
+    if (i.parsedType !== k.string && i.parsedType !== k.number) {
       const a = H.objectValues(t);
       return E(i, {
         expected: H.joinValues(a),
@@ -5378,13 +5379,13 @@ class jt extends q {
   }
   _parse(e) {
     const { ctx: t } = this._processInputParams(e);
-    if (t.parsedType !== x.promise && t.common.async === !1)
+    if (t.parsedType !== k.promise && t.common.async === !1)
       return E(t, {
         code: N.invalid_type,
-        expected: x.promise,
+        expected: k.promise,
         received: t.parsedType
       }), R;
-    const i = t.parsedType === x.promise ? t.data : Promise.resolve(t.data);
+    const i = t.parsedType === k.promise ? t.data : Promise.resolve(t.data);
     return De(i.then((a) => this._def.type.parseAsync(a, {
       path: t.path,
       errorMap: t.common.contextualErrorMap
@@ -5490,7 +5491,7 @@ tt.createWithPreprocess = (n, e, t) => new tt({
 });
 class He extends q {
   _parse(e) {
-    return this._getType(e) === x.undefined ? De(void 0) : this._def.innerType._parse(e);
+    return this._getType(e) === k.undefined ? De(void 0) : this._def.innerType._parse(e);
   }
   unwrap() {
     return this._def.innerType;
@@ -5503,7 +5504,7 @@ He.create = (n, e) => new He({
 });
 class dt extends q {
   _parse(e) {
-    return this._getType(e) === x.null ? De(null) : this._def.innerType._parse(e);
+    return this._getType(e) === k.null ? De(null) : this._def.innerType._parse(e);
   }
   unwrap() {
     return this._def.innerType;
@@ -5518,7 +5519,7 @@ class Vt extends q {
   _parse(e) {
     const { ctx: t } = this._processInputParams(e);
     let i = t.data;
-    return t.parsedType === x.undefined && (i = this._def.defaultValue()), this._def.innerType._parse({
+    return t.parsedType === k.undefined && (i = this._def.defaultValue()), this._def.innerType._parse({
       data: i,
       path: t.path,
       parent: t
@@ -5579,11 +5580,11 @@ Zt.create = (n, e) => new Zt({
 });
 class oi extends q {
   _parse(e) {
-    if (this._getType(e) !== x.nan) {
+    if (this._getType(e) !== k.nan) {
       const i = this._getOrReturnCtx(e);
       return E(i, {
         code: N.invalid_type,
-        expected: x.nan,
+        expected: k.nan,
         received: i.parsedType
       }), R;
     }
@@ -5673,7 +5674,7 @@ et.create;
 const b = $e.create, _ = le.create, Pe = Pt.create, kt = gn.create;
 Mt.create;
 st.create;
-const P = qt.create, O = Bt.create, k = lt.create, gt = $t.create;
+const P = qt.create, O = Bt.create, x = lt.create, gt = $t.create;
 jt.create;
 He.create;
 dt.create;
@@ -5712,7 +5713,7 @@ const Fs = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
   ZodNumber: yt,
   ZodObject: le,
   ZodOptional: He,
-  ZodParsedType: x,
+  ZodParsedType: k,
   ZodPipeline: mn,
   ZodPromise: jt,
   ZodReadonly: Ht,
@@ -5736,7 +5737,7 @@ const Fs = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
   datetimeRegex: cr,
   defaultErrorMap: ln,
   discriminatedUnion: kt,
-  enum: k,
+  enum: x,
   getErrorMap: rr,
   getParsedType: We,
   isAborted: Yn,
@@ -5781,13 +5782,13 @@ const Ve = _({
   secrets: b(qs).optional()
 });
 ur.partial().extend({
-  status: k(["draft", "built"]).optional(),
+  status: x(["draft", "built"]).optional(),
   deployed_at: o().optional()
 });
 ur.extend({
   id: o(),
   tenant_id: o(),
-  status: k(["draft", "built"]).default("built"),
+  status: x(["draft", "built"]).default("built"),
   deployed_at: o().optional(),
   // Override secrets to return names only (no values) in responses
   secrets: b(
@@ -5798,13 +5799,13 @@ ur.extend({
   ).optional(),
   ...Ve.shape
 });
-const Bs = k([
+const Bs = x([
   "user_action",
   "admin_action",
   "system",
   "api"
 ]), $s = _({
-  type: k(["user", "admin", "system", "api_key", "client_credentials"]),
+  type: x(["user", "admin", "system", "api_key", "client_credentials"]),
   id: o().optional(),
   email: o().optional(),
   org_id: o().optional(),
@@ -5863,15 +5864,15 @@ const Bs = k([
 Qs.extend({
   id: o()
 });
-k(["AUTH0", "EMAIL", "REDIRECT"]);
-k([
+x(["AUTH0", "EMAIL", "REDIRECT"]);
+x([
   "CREATE_USER",
   "GET_USER",
   "UPDATE_USER",
   "SEND_REQUEST",
   "SEND_EMAIL"
 ]);
-k(["VERIFY_EMAIL"]);
+x(["VERIFY_EMAIL"]);
 const Gs = _({
   require_mx_record: h().optional(),
   block_aliases: h().optional(),
@@ -5902,7 +5903,7 @@ const Gs = _({
     email: o(),
     rules: Gs.optional()
   })
-}), Xs = k(["change-email", "account", "custom"]), Ys = _({
+}), Xs = x(["change-email", "account", "custom"]), Ys = _({
   id: o(),
   alias: o().max(100).optional(),
   type: O("REDIRECT"),
@@ -6094,7 +6095,7 @@ const dl = _({
   client_secret: o().default(() => ll()).optional().openapi({
     description: "Client secret (which you must not make public)."
   }),
-  app_type: k([
+  app_type: x([
     "native",
     "spa",
     "regular_web",
@@ -6201,7 +6202,7 @@ const dl = _({
   addons: P(j()).default({}).optional().openapi({
     description: "Addons enabled for this client and their associated configurations."
   }),
-  token_endpoint_auth_method: k(["none", "client_secret_post", "client_secret_basic"]).default("client_secret_basic").optional().openapi({
+  token_endpoint_auth_method: x(["none", "client_secret_post", "client_secret_basic"]).default("client_secret_basic").optional().openapi({
     description: "Defines the requested authentication method for the token endpoint. Can be none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), or client_secret_basic (client uses HTTP Basic)."
   }),
   client_metadata: P(o().max(255)).default({}).optional().openapi({
@@ -6220,10 +6221,10 @@ const dl = _({
   default_organization: P(j()).default({}).optional().openapi({
     description: "Defines the default Organization ID and flows"
   }),
-  organization_usage: k(["deny", "allow", "require"]).default("deny").optional().openapi({
+  organization_usage: x(["deny", "allow", "require"]).default("deny").optional().openapi({
     description: "Defines how to proceed during an authentication transaction with regards an organization. Can be deny (default), allow or require."
   }),
-  organization_require_behavior: k(["no_prompt", "pre_login_prompt", "post_login_prompt"]).default("no_prompt").optional().openapi({
+  organization_require_behavior: x(["no_prompt", "pre_login_prompt", "post_login_prompt"]).default("no_prompt").optional().openapi({
     description: "Defines how to proceed during an authentication transaction when client.organization_usage: 'require'. Can be no_prompt (default), pre_login_prompt or post_login_prompt. post_login_prompt requires oidc_conformant: true."
   }),
   client_authentication_methods: P(j()).default({}).optional().openapi({
@@ -6238,7 +6239,7 @@ const dl = _({
   signed_request_object: P(j()).default({}).optional().openapi({
     description: "JWT-secured Authorization Requests (JAR) settings."
   }),
-  compliance_level: k([
+  compliance_level: x([
     "none",
     "fapi1_adv_pkj_par",
     "fapi1_adv_mtls_par",
@@ -6254,11 +6255,14 @@ const dl = _({
   owner_user_id: o().optional().openapi({
     description: "User ID of the consenting user when this client was created via IAT-gated Dynamic Client Registration. NULL for clients created via the Management API or open DCR."
   }),
-  registration_type: k(["manual", "open_dcr", "iat_dcr"]).optional().openapi({
+  registration_type: x(["manual", "open_dcr", "iat_dcr"]).optional().openapi({
     description: "Provenance of this client. `manual` = Management API; `open_dcr` = RFC 7591 without IAT; `iat_dcr` = RFC 7591 with an Initial Access Token."
   }),
   registration_metadata: P(j()).default({}).optional().openapi({
     description: "Arbitrary metadata captured at Dynamic Client Registration time that isn't a first-class client field (e.g. integration_type, domain). Also stores `iat_constraints` for clients created via IAT so RFC 7592 PUT can enforce field immutability."
+  }),
+  user_linking_mode: x(["builtin", "off"]).optional().openapi({
+    description: "Per-client override for the built-in email-based user-linking path. `builtin` runs the legacy in-process linking at user creation/email update. `off` disables the legacy path; linking only happens if the tenant has enabled the `account-linking` template hook. When unset, the service-level `userLinkingMode` default applies."
   })
 });
 _({
@@ -6276,7 +6280,7 @@ const cl = _({
   scope: b(o()).optional().openapi({
     description: "Scopes allowed for this client grant."
   }),
-  organization_usage: k(["deny", "allow", "require"]).optional().openapi({
+  organization_usage: x(["deny", "allow", "require"]).optional().openapi({
     description: "Defines whether organizations can be used with client credentials exchanges for this grant."
   }),
   allow_any_organization: h().optional().openapi({
@@ -6285,7 +6289,7 @@ const cl = _({
   is_system: h().optional().openapi({
     description: "If enabled, this grant is a special grant created by Auth0. It cannot be modified or deleted directly."
   }),
-  subject_type: k(["client", "user"]).optional().openapi({
+  subject_type: x(["client", "user"]).optional().openapi({
     description: "The type of application access the client grant allows. Use of this field is subject to the applicable Free Trial terms in Okta's Master Subscription Agreement."
   }),
   authorization_details_types: b(o()).optional().openapi({
@@ -6300,7 +6304,7 @@ const cl = _({
   updated_at: o().optional()
 });
 b(_l);
-const fr = k(["iat", "rat"]), ul = _({
+const fr = x(["iat", "rat"]), ul = _({
   id: o(),
   token_hash: o(),
   type: fr,
@@ -6469,10 +6473,10 @@ const yn = _({
   coordinates: Ot,
   alias: o().optional(),
   config: _({
-    action_type: k(["REDIRECT"]).openapi({
+    action_type: x(["REDIRECT"]).openapi({
       description: "The type of action to perform"
     }),
-    target: k(["change-email", "account", "custom"]).openapi({
+    target: x(["change-email", "account", "custom"]).openapi({
       description: "The predefined target to redirect to"
     }),
     custom_url: o().optional().openapi({
@@ -6561,7 +6565,7 @@ _({
     url: o()
   }).optional()
 });
-const Tl = k([
+const Tl = x([
   "password_reset",
   "email_verification",
   "otp",
@@ -6586,7 +6590,7 @@ const Tl = k([
   code_challenge: o().optional().openapi({
     description: "The code challenge used in PKCE in outbound flows"
   }),
-  code_challenge_method: k(["plain", "S256"]).optional().openapi({
+  code_challenge_method: x(["plain", "S256"]).optional().openapi({
     description: "The code challenge method used in PKCE in outbound flows"
   }),
   redirect_uri: o().optional().openapi({
@@ -6630,7 +6634,7 @@ const Il = _({
   twilio_token: o().optional(),
   icon_url: o().optional(),
   // Password policy options for Username-Password-Authentication connections
-  passwordPolicy: k(["none", "low", "fair", "good", "excellent"]).optional(),
+  passwordPolicy: x(["none", "low", "fair", "good", "excellent"]).optional(),
   password_complexity_options: _({
     min_length: I().optional()
   }).optional(),
@@ -6658,7 +6662,7 @@ const Il = _({
         active: h().optional()
       }).optional(),
       signup: _({
-        status: k(["required", "optional", "disabled"]).optional(),
+        status: x(["required", "optional", "disabled"]).optional(),
         verification: _({
           active: h().optional()
         }).optional()
@@ -6668,14 +6672,14 @@ const Il = _({
       }).optional(),
       unique: h().optional(),
       profile_required: h().optional(),
-      verification_method: k(["link", "code"]).optional()
+      verification_method: x(["link", "code"]).optional()
     }).optional(),
     username: _({
       identifier: _({
         active: h().optional()
       }).optional(),
       signup: _({
-        status: k(["required", "optional", "disabled"]).optional()
+        status: x(["required", "optional", "disabled"]).optional()
       }).optional(),
       validation: _({
         max_length: I().optional(),
@@ -6692,7 +6696,7 @@ const Il = _({
         active: h().optional()
       }).optional(),
       signup: _({
-        status: k(["required", "optional", "disabled"]).optional()
+        status: x(["required", "optional", "disabled"]).optional()
       }).optional()
     }).optional()
   }).optional(),
@@ -6707,7 +6711,7 @@ const Il = _({
   }).optional(),
   // Passkey options for Username-Password-Authentication connections
   passkey_options: _({
-    challenge_ui: k(["both", "autofill", "button"]).optional(),
+    challenge_ui: x(["both", "autofill", "button"]).optional(),
     local_enrollment_enabled: h().optional(),
     progressive_enrollment_enabled: h().optional()
   }).optional(),
@@ -6720,7 +6724,7 @@ const Il = _({
     }).optional()
   }).optional(),
   // Controls when root user attributes are updated from external IdP
-  set_user_root_attributes: k(["on_each_login", "on_first_login", "never_on_login"]).optional()
+  set_user_root_attributes: x(["on_each_login", "on_first_login", "never_on_login"]).optional()
 }), Cl = _({
   id: o().optional(),
   name: o(),
@@ -6743,10 +6747,10 @@ _({
 const Dl = _({
   domain: o(),
   custom_domain_id: o().optional(),
-  type: k(["auth0_managed_certs", "self_managed_certs"]),
-  verification_method: k(["txt"]).optional(),
-  tls_policy: k(["recommended"]).optional(),
-  custom_client_ip_header: k([
+  type: x(["auth0_managed_certs", "self_managed_certs"]),
+  verification_method: x(["txt"]).optional(),
+  tls_policy: x(["recommended"]).optional(),
+  custom_client_ip_header: x([
     "true-client-ip",
     "cf-connecting-ip",
     "x-forwarded-for",
@@ -6769,7 +6773,7 @@ const Dl = _({
   ...Dl.shape,
   custom_domain_id: o(),
   primary: h(),
-  status: k(["disabled", "pending", "pending_verification", "ready"]),
+  status: x(["disabled", "pending", "pending_verification", "ready"]),
   origin_domain_name: o().optional(),
   verification: _({
     methods: b(Ll)
@@ -6859,7 +6863,7 @@ const vi = _({
     _({
       id: I().optional(),
       text: o(),
-      type: k(["info", "error", "success", "warning"])
+      type: x(["info", "error", "success", "warning"])
     })
   ).optional(),
   required: h().optional(),
@@ -6891,7 +6895,7 @@ const vi = _({
         label: o()
       })
     ).optional(),
-    display: k(["radio", "checkbox"]).optional(),
+    display: x(["radio", "checkbox"]).optional(),
     multiple: h().optional(),
     default_value: Pe([o(), b(o())]).optional()
   }).optional()
@@ -7142,7 +7146,7 @@ _({
 const md = _({
   id: I().optional(),
   text: o(),
-  type: k(["info", "error", "success", "warning"])
+  type: x(["info", "error", "success", "warning"])
 }), yd = _({
   id: o().optional(),
   text: o(),
@@ -7153,7 +7157,7 @@ _({
   /** Screen identifier for CSS targeting (e.g., 'identifier', 'enter-password', 'signup') */
   name: o().optional(),
   action: o(),
-  method: k(["POST", "GET"]),
+  method: x(["POST", "GET"]),
   title: o().optional(),
   description: o().optional(),
   components: b(wr),
@@ -7162,32 +7166,36 @@ _({
   /** Footer HTML content displayed at the very bottom of the widget (e.g., terms and conditions) */
   footer: o().optional()
 });
-const Nr = k([
+const Nr = x([
   "pre-user-registration",
   "post-user-registration",
   "post-user-login",
+  "post-user-update",
   "validate-registration-username",
   "pre-user-deletion",
   "post-user-deletion"
   // Potentially other triggers specific to webhooks in the future
-]), Sr = k([
+]), Sr = x([
   "pre-user-registration",
   "post-user-registration",
   "post-user-login",
   "validate-registration-username",
   "pre-user-deletion",
   "post-user-deletion"
-]), br = k([
+]), br = x([
   "post-user-login",
+  "post-user-registration",
+  "post-user-update",
   "credentials-exchange"
-]), Er = k([
+]), Er = x([
   "post-user-login",
   "credentials-exchange",
   "pre-user-registration",
   "post-user-registration"
-]), xr = k([
+]), xr = x([
   "ensure-username",
-  "set-preferred-username"
+  "set-preferred-username",
+  "account-linking"
 ]), _t = {
   enabled: h().default(!1),
   synchronous: h().default(!1),
@@ -7281,7 +7289,7 @@ _({
   ticket_id: o().optional()
 }).extend(Id.shape);
 const Cd = _({
-  alg: k([
+  alg: x([
     "RS256",
     "RS384",
     "RS512",
@@ -7294,11 +7302,11 @@ const Cd = _({
   ]),
   e: o(),
   kid: o(),
-  kty: k(["RSA", "EC", "oct"]),
+  kty: x(["RSA", "EC", "oct"]),
   n: o(),
   x5t: o().optional(),
   x5c: b(o()).optional(),
-  use: k(["sig", "enc"]).optional()
+  use: x(["sig", "enc"]).optional()
 });
 _({
   keys: b(Cd)
@@ -7584,7 +7592,7 @@ const qd = _({
   id: o().optional(),
   user_id: o(),
   password: o(),
-  algorithm: k(["bcrypt", "argon2id"]).default("argon2id"),
+  algorithm: x(["bcrypt", "argon2id"]).default("argon2id"),
   is_current: h().default(!0)
 });
 qd.extend({
@@ -7641,7 +7649,7 @@ _({
   connection: o().optional().openapi({
     description: "The connection identifier associated with the key"
   }),
-  type: k(["jwt_signing", "saml_encryption"]).openapi({
+  type: x(["jwt_signing", "saml_encryption"]).openapi({
     description: "The type of the signing key"
   })
 });
@@ -7663,7 +7671,7 @@ const $d = _({
   ephemeral_session_lifetime: I().optional(),
   idle_ephemeral_session_lifetime: I().optional(),
   session_cookie: _({
-    mode: k(["persistent", "non-persistent"]).optional()
+    mode: x(["persistent", "non-persistent"]).optional()
   }).optional(),
   // Logout settings
   allowed_logout_urls: b(o()).optional(),
@@ -7755,7 +7763,7 @@ const $d = _({
   }).optional(),
   // Device flow settings
   device_flow: _({
-    charset: k(["base20", "digits"]).optional(),
+    charset: x(["base20", "digits"]).optional(),
     mask: o().max(20).optional()
   }).optional(),
   // Default token quota
@@ -7795,7 +7803,7 @@ const $d = _({
   // Guardian MFA Factors configuration (internal storage, exposed via /guardian API)
   mfa: _({
     // MFA policy: "never" = MFA disabled, "always" = MFA required for all logins
-    policy: k(["never", "always"]).default("never").optional(),
+    policy: x(["never", "always"]).default("never").optional(),
     // Factor states
     factors: _({
       sms: h().default(!1),
@@ -7809,7 +7817,7 @@ const $d = _({
     }).optional(),
     // SMS provider configuration
     sms_provider: _({
-      provider: k(["twilio", "vonage", "aws_sns", "phone_message_hook"]).optional()
+      provider: x(["twilio", "vonage", "aws_sns", "phone_message_hook"]).optional()
     }).optional(),
     // Twilio-specific configuration
     twilio: _({
@@ -7846,10 +7854,10 @@ _({
 const jd = _({
   button_border_radius: I(),
   button_border_weight: I(),
-  buttons_style: k(["pill", "rounded", "sharp"]),
+  buttons_style: x(["pill", "rounded", "sharp"]),
   input_border_radius: I(),
   input_border_weight: I(),
-  inputs_style: k(["pill", "rounded", "sharp"]),
+  inputs_style: x(["pill", "rounded", "sharp"]),
   show_widget_shadow: h(),
   widget_border_weight: I(),
   widget_corner_radius: I()
@@ -7857,7 +7865,7 @@ const jd = _({
   base_focus_color: o(),
   base_hover_color: o(),
   body_text: o(),
-  captcha_widget_theme: k(["auto", "dark", "light"]),
+  captcha_widget_theme: x(["auto", "dark", "light"]),
   error: o(),
   header: o(),
   icons: o(),
@@ -7882,20 +7890,20 @@ const jd = _({
   font_url: o(),
   input_labels: vt,
   links: vt,
-  links_style: k(["normal", "underlined"]),
+  links_style: x(["normal", "underlined"]),
   reference_text_size: I(),
   subtitle: vt,
   title: vt
 }), Hd = _({
   background_color: o(),
   background_image_url: o(),
-  page_layout: k(["center", "left", "right"])
+  page_layout: x(["center", "left", "right"])
 }), Kd = _({
-  header_text_alignment: k(["center", "left", "right"]),
+  header_text_alignment: x(["center", "left", "right"]),
   logo_height: I(),
-  logo_position: k(["center", "left", "none", "right"]),
+  logo_position: x(["center", "left", "none", "right"]),
   logo_url: o(),
-  social_buttons_layout: k(["bottom", "top"])
+  social_buttons_layout: x(["bottom", "top"])
 }), Qd = _({
   borders: jd,
   colors: Vd,
@@ -7908,7 +7916,7 @@ Qd.extend({
   themeId: o()
 });
 _({
-  universal_login_experience: k(["new", "classic"]).default("new"),
+  universal_login_experience: x(["new", "classic"]).default("new"),
   identifier_first: h().default(!0),
   password_first: h().default(!1),
   webauthn_platform_first_factor: h()
@@ -7986,7 +7994,7 @@ const Jd = _({
   value: o(),
   description: o().optional()
 }), Wd = _({
-  token_dialect: k(["access_token", "access_token_authz"]).optional(),
+  token_dialect: x(["access_token", "access_token_authz"]).optional(),
   enforce_policies: h().optional(),
   allow_skipping_userinfo: h().optional(),
   skip_userinfo: h().optional(),
@@ -8163,7 +8171,7 @@ _({
   idle_session_lifetime: I().default(72),
   session_lifetime: I().default(168),
   session_cookie: _({
-    mode: k(["persistent", "non-persistent"]).optional()
+    mode: x(["persistent", "non-persistent"]).optional()
   }).optional(),
   // MFA settings
   enable_client_connections: h().optional(),
@@ -8230,7 +8238,7 @@ _({
   // Guardian MFA Factors configuration (internal storage, exposed via /guardian API)
   mfa: _({
     // MFA policy: "never" = MFA disabled, "always" = MFA required for all logins
-    policy: k(["never", "always"]).default("never").optional(),
+    policy: x(["never", "always"]).default("never").optional(),
     // Factor states
     factors: _({
       sms: h().default(!1),
@@ -8244,7 +8252,7 @@ _({
     }).optional(),
     // SMS provider configuration
     sms_provider: _({
-      provider: k(["twilio", "vonage", "aws_sns", "phone_message_hook"]).optional()
+      provider: x(["twilio", "vonage", "aws_sns", "phone_message_hook"]).optional()
     }).optional(),
     // Twilio-specific configuration
     twilio: _({
@@ -8289,7 +8297,7 @@ I().openapi({
   description: "Number of active users in the last 30 days",
   example: 1234
 });
-const fc = k([
+const fc = x([
   "login",
   "login-id",
   "login-password",
@@ -8330,7 +8338,7 @@ _({
   language: o(),
   custom_text: hc
 });
-const gc = k([
+const gc = x([
   "phone",
   "totp",
   "email",