npm - @aws-sdk/client-bedrock-agentcore-control - Versions diffs - 3.1044.0 → 3.1046.0 - Mend

@aws-sdk/client-bedrock-agentcore-control 3.1044.0 → 3.1046.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (499) hide show

package/dist-types/models/models_1.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-import type { ActorTokenContentType, ClientAuthenticationMethodType, ContentLevel, ContentType, CredentialProviderVendorType, DescriptorType, FilterOperator, FindingType, MemoryStatus, MemoryStrategyStatus, MemoryStrategyType, MemoryView, OnBehalfOfTokenExchangeGrantTypeType, OnlineEvaluationConfigStatus, OnlineEvaluationExecutionStatus, OverrideType, PolicyEngineStatus, PolicyGenerationStatus, PolicyStatus, PolicyValidationMode, RegistryAuthorizerType, RegistryRecordCredentialProviderType, RegistryRecordOAuthGrantType, RegistryRecordStatus, RegistryStatus, SchemaType, Status, SynchronizationType, TargetProtocolType, TargetStatus } from "./enums";
-import type { A2aDescriptor, AgentSkillsDescriptor, ApiGatewayTargetConfiguration, ApiSchemaConfiguration, AuthorizationData, AuthorizerConfiguration, CredentialProviderConfiguration, CustomMemoryStrategyInput, EpisodicMemoryStrategyInput, EpisodicOverrideConsolidationConfigurationInput, EpisodicOverrideExtractionConfigurationInput, EpisodicOverrideReflectionConfigurationInput, EpisodicReflectionConfigurationInput, HttpTargetConfiguration, IndexedKey, KmsConfiguration, ManagedResourceDetails, McpServerTargetConfiguration, MemoryRecordSchema, MetadataConfiguration, PrivateEndpoint, PrivateEndpointOverride, S3Configuration, Secret, SemanticMemoryStrategyInput, SemanticOverrideConsolidationConfigurationInput, SemanticOverrideExtractionConfigurationInput, SkillDefinition, SkillMdDefinition, SummaryOverrideConsolidationConfigurationInput, TriggerConditionInput, UpdatedAuthorizerConfiguration, UserPreferenceOverrideConsolidationConfigurationInput, UserPreferenceOverrideExtractionConfigurationInput } from "./models_0";
+import type { ActorTokenContentType, ClientAuthenticationMethodType, ContentLevel, ContentType, CredentialProviderVendorType, DescriptorType, FilterOperator, FindingType, MemoryStatus, MemoryStrategyStatus, MemoryStrategyType, MemoryView, OnBehalfOfTokenExchangeGrantTypeType, OnlineEvaluationConfigStatus, OnlineEvaluationExecutionStatus, OverrideType, PaymentConnectorStatus, PaymentConnectorType, PaymentCredentialProviderVendorType, PaymentManagerStatus, PaymentsAuthorizerType, PolicyEngineStatus, PolicyGenerationStatus, PolicyStatus, PolicyValidationMode, RegistryAuthorizerType, RegistryRecordCredentialProviderType, RegistryRecordOAuthGrantType, RegistryRecordStatus, RegistryStatus, SchemaType, Status, SynchronizationType, TargetProtocolType, TargetStatus } from "./enums";
+import type { A2aDescriptor, AgentSkillsDescriptor, ApiGatewayTargetConfiguration, ApiSchemaConfiguration, AuthorizationData, AuthorizerConfiguration, CredentialProviderConfiguration, CustomMemoryStrategyInput, EpisodicMemoryStrategyInput, EpisodicOverrideConsolidationConfigurationInput, EpisodicOverrideExtractionConfigurationInput, EpisodicOverrideReflectionConfigurationInput, EpisodicReflectionConfigurationInput, HttpTargetConfiguration, IndexedKey, KmsConfiguration, ManagedResourceDetails, McpServerTargetConfiguration, MemoryRecordSchema, MetadataConfiguration, PrivateEndpoint, PrivateEndpointOverride, S3Configuration, Secret, SemanticMemoryStrategyInput, SemanticOverrideConsolidationConfigurationInput, SemanticOverrideExtractionConfigurationInput, SkillDefinition, SkillMdDefinition, SummaryOverrideConsolidationConfigurationInput, TriggerConditionInput, UpdatedAuthorizerConfiguration, UserPreferenceOverrideConsolidationConfigurationInput, UserPreferenceOverrideExtractionConfigurationInput, WorkloadIdentityDetails } from "./models_0";
 /**
  * <p>Input for creating a summary memory strategy.</p>
  * @public
@@ -16,7 +16,7 @@ export interface SummaryMemoryStrategyInput {
      */
     description?: string | undefined;
     /**
-     * <p>The namespaces associated with the summary memory strategy.</p>
+     * <p>This is a legacy parameter, use <code>namespaceTemplates</code>. The namespaces associated with the summary memory strategy.</p>
      *
      * @deprecated (since 2026-03-02) Use namespaceTemplates instead.
      * @public
@@ -49,7 +49,7 @@ export interface UserPreferenceMemoryStrategyInput {
      */
     description?: string | undefined;
     /**
-     * <p>The namespaces associated with the user preference memory strategy.</p>
+     * <p>This is a legacy parameter, use <code>namespaceTemplates</code>. The namespaces associated with the user preference memory strategy.</p>
      *
      * @deprecated (since 2026-03-02) Use namespaceTemplates instead.
      * @public
@@ -618,7 +618,7 @@ export interface EpisodicReflectionOverride {
      */
     modelId: string | undefined;
     /**
-     * <p>The namespaces over which reflections were created. Can be less nested than the episodic namespaces.</p>
+     * <p>This is a legacy parameter. The namespaces over which reflections were created. Can be less nested than the episodic namespaces.</p>
      *
      * @deprecated (since 2026-03-02) Use namespaceTemplates instead.
      * @public
@@ -674,7 +674,7 @@ export declare namespace CustomReflectionConfiguration {
  */
 export interface EpisodicReflectionConfiguration {
     /**
-     * <p>The namespaces for which to create reflections. Can be less nested than the episodic namespaces.</p>
+     * <p>This is a legacy parameter, use <code>namespaceTemplates</code>. The namespaces for which to create reflections. Can be less nested than the episodic namespaces.</p>
      *
      * @deprecated (since 2026-03-02) Use namespaceTemplates instead.
      * @public
@@ -927,7 +927,7 @@ export interface MemoryStrategy {
      */
     type: MemoryStrategyType | undefined;
     /**
-     * <p>The namespaces associated with the memory strategy.</p>
+     * <p>This is a legacy parameter. The namespaces associated with the memory strategy.</p>
      *
      * @deprecated (since 2026-03-02) Use namespaceTemplates instead.
      * @public
@@ -1529,7 +1529,7 @@ export interface ModifyMemoryStrategyInput {
      */
     description?: string | undefined;
     /**
-     * <p>The updated namespaces for the memory strategy.</p>
+     * <p>This is a legacy parameter, use <code>namespaceTemplates</code>. The updated namespaces for the memory strategy.</p>
      *
      * @deprecated (since 2026-03-02) Use namespaceTemplates instead.
      * @public
@@ -1777,7 +1777,7 @@ export interface CustomOauth2ProviderConfigInput {
      */
     privateEndpoint?: PrivateEndpoint | undefined;
     /**
-     * <p>The list of private endpoint overrides for the custom OAuth2 provider. Each override maps a specific domain to a private endpoint, enabling secure connectivity through VPC Lattice resource configurations.</p>
+     * <p>The private endpoint overrides for the custom OAuth2 provider configuration.</p>
      * @public
      */
     privateEndpointOverrides?: PrivateEndpointOverride[] | undefined;
@@ -2171,7 +2171,7 @@ export interface CustomOauth2ProviderConfigOutput {
      */
     privateEndpoint?: PrivateEndpoint | undefined;
     /**
-     * <p>The list of private endpoint overrides for the custom OAuth2 provider. Each override maps a specific domain to a private endpoint, enabling secure connectivity through VPC Lattice resource configurations.</p>
+     * <p>The private endpoint overrides for the custom OAuth2 provider configuration.</p>
      * @public
      */
     privateEndpointOverrides?: PrivateEndpointOverride[] | undefined;
@@ -2593,7 +2593,7 @@ export interface GetOauth2CredentialProviderResponse {
      */
     status?: Status | undefined;
     /**
-     * <p>The reason for the failure if the OAuth2 credential provider is in a failed state.</p>
+     * <p>The reason for failure if the OAuth2 credential provider is in a failed state.</p>
      * @public
      */
     failureReason?: string | undefined;
@@ -2724,7 +2724,7 @@ export interface UpdateOauth2CredentialProviderResponse {
      */
     lastUpdatedTime: Date | undefined;
     /**
-     * <p>The current status of the OAuth2 credential provider.</p>
+     * <p>The current status of the updated OAuth2 credential provider.</p>
      * @public
      */
     status?: Status | undefined;
@@ -3323,361 +3323,1625 @@ export interface UpdateOnlineEvaluationConfigResponse {
     failureReason?: string | undefined;
 }
 /**
+ * <p>Coinbase CDP configuration — credentials provided by Coinbase Developer Platform.</p>
  * @public
  */
-export interface CreatePolicyEngineRequest {
+export interface CoinbaseCdpConfigurationInput {
     /**
-     * <p>The customer-assigned immutable name for the policy engine. This name identifies the policy engine and cannot be changed after creation.</p>
+     * <p>The API key identifier provided by Coinbase Developer Platform.</p>
      * @public
      */
-    name: string | undefined;
+    apiKeyId: string | undefined;
     /**
-     * <p>A human-readable description of the policy engine's purpose and scope (1-4,096 characters). This helps administrators understand the policy engine's role in the overall governance strategy. Document which Gateway this engine will be associated with, what types of tools or workflows it governs, and the team or service responsible for maintaining it. Clear descriptions are essential when managing multiple policy engines across different services or environments.</p>
+     * <p>The API key secret provided by Coinbase Developer Platform.</p>
      * @public
      */
-    description?: string | undefined;
+    apiKeySecret: string | undefined;
     /**
-     * <p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request with the same client token, the service returns the same response without creating a duplicate policy engine.</p>
+     * <p>The wallet secret provided by Coinbase Developer Platform.</p>
      * @public
      */
-    clientToken?: string | undefined;
+    walletSecret: string | undefined;
+}
+/**
+ * <p>Stripe Privy configuration — credentials provided by Stripe and Privy.</p>
+ * @public
+ */
+export interface StripePrivyConfigurationInput {
     /**
-     * <p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.</p>
+     * <p>The app ID provided by Privy.</p>
      * @public
      */
-    encryptionKeyArn?: string | undefined;
+    appId: string | undefined;
     /**
-     * <p>A map of tag keys and values to assign to an AgentCore Policy. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.</p>
+     * <p>The app secret provided by Privy.</p>
      * @public
      */
-    tags?: Record<string, string> | undefined;
-}
-/**
- * @public
- */
-export interface CreatePolicyEngineResponse {
+    appSecret: string | undefined;
     /**
-     * <p>The unique identifier for the created policy engine. This system-generated identifier consists of the user name plus a 10-character generated suffix and is used for all subsequent policy engine operations.</p>
+     * <p>The authorization private key for the Stripe Privy integration.</p>
      * @public
      */
-    policyEngineId: string | undefined;
+    authorizationPrivateKey: string | undefined;
     /**
-     * <p>The customer-assigned name of the created policy engine. This matches the name provided in the request and serves as the human-readable identifier.</p>
+     * <p>The authorization ID for the Stripe Privy integration.</p>
      * @public
      */
-    name: string | undefined;
+    authorizationId: string | undefined;
+}
+/**
+ * <p>Provider configuration input — contains secrets for creation and update. Varies by vendor type.</p>
+ * @public
+ */
+export type PaymentProviderConfigurationInput = PaymentProviderConfigurationInput.CoinbaseCdpConfigurationMember | PaymentProviderConfigurationInput.StripePrivyConfigurationMember | PaymentProviderConfigurationInput.$UnknownMember;
+/**
+ * @public
+ */
+export declare namespace PaymentProviderConfigurationInput {
     /**
-     * <p>A human-readable description of the policy engine's purpose.</p>
+     * <p>The Coinbase CDP configuration.</p>
      * @public
      */
-    description?: string | undefined;
+    interface CoinbaseCdpConfigurationMember {
+        coinbaseCdpConfiguration: CoinbaseCdpConfigurationInput;
+        stripePrivyConfiguration?: never;
+        $unknown?: never;
+    }
     /**
-     * <p>The timestamp when the policy engine was created. This is automatically set by the service and used for auditing and lifecycle management.</p>
+     * <p>The Stripe Privy configuration.</p>
      * @public
      */
-    createdAt: Date | undefined;
+    interface StripePrivyConfigurationMember {
+        coinbaseCdpConfiguration?: never;
+        stripePrivyConfiguration: StripePrivyConfigurationInput;
+        $unknown?: never;
+    }
     /**
-     * <p>The timestamp when the policy engine was last updated. For newly created policy engines, this matches the <code>createdAt</code> timestamp.</p>
      * @public
      */
-    updatedAt: Date | undefined;
+    interface $UnknownMember {
+        coinbaseCdpConfiguration?: never;
+        stripePrivyConfiguration?: never;
+        $unknown: [string, any];
+    }
     /**
-     * <p>The Amazon Resource Name (ARN) of the created policy engine. This globally unique identifier can be used for cross-service references and IAM policy statements.</p>
+     * @deprecated unused in schema-serde mode.
+     *
+     */
+    interface Visitor<T> {
+        coinbaseCdpConfiguration: (value: CoinbaseCdpConfigurationInput) => T;
+        stripePrivyConfiguration: (value: StripePrivyConfigurationInput) => T;
+        _: (name: string, value: any) => T;
+    }
+}
+/**
+ * @public
+ */
+export interface CreatePaymentCredentialProviderRequest {
+    /**
+     * <p>Unique name for the payment credential provider.</p>
      * @public
      */
-    policyEngineArn: string | undefined;
+    name: string | undefined;
     /**
-     * <p>The current status of the policy engine. A status of <code>ACTIVE</code> indicates the policy engine is ready for use.</p>
+     * <p>The vendor type for the payment credential provider (e.g., CoinbaseCDP, StripePrivy).</p>
      * @public
      */
-    status: PolicyEngineStatus | undefined;
+    credentialProviderVendor: PaymentCredentialProviderVendorType | undefined;
     /**
-     * <p>Additional information about the policy engine status. This provides details about any failures or the current state of the policy engine creation process.</p>
+     * <p>Configuration specific to the vendor, including API credentials.</p>
      * @public
      */
-    statusReasons: string[] | undefined;
+    providerConfigurationInput: PaymentProviderConfigurationInput | undefined;
     /**
-     * <p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.</p>
+     * <p>Optional tags for resource organization.</p>
      * @public
      */
-    encryptionKeyArn?: string | undefined;
+    tags?: Record<string, string> | undefined;
 }
 /**
+ * <p>Coinbase CDP configuration output with secret ARNs.</p>
  * @public
  */
-export interface DeletePolicyEngineRequest {
+export interface CoinbaseCdpConfigurationOutput {
     /**
-     * <p>The unique identifier of the policy engine to be deleted. This must be a valid policy engine ID that exists within the account.</p>
+     * <p>The API key identifier provided by Coinbase Developer Platform.</p>
      * @public
      */
-    policyEngineId: string | undefined;
+    apiKeyId: string | undefined;
+    /**
+     * <p>Contains information about a secret in AWS Secrets Manager.</p>
+     * @public
+     */
+    apiKeySecretArn: Secret | undefined;
+    /**
+     * <p>Contains information about a secret in AWS Secrets Manager.</p>
+     * @public
+     */
+    walletSecretArn: Secret | undefined;
 }
 /**
+ * <p>Stripe Privy configuration output with secret ARNs.</p>
  * @public
  */
-export interface DeletePolicyEngineResponse {
+export interface StripePrivyConfigurationOutput {
     /**
-     * <p>The unique identifier of the policy engine being deleted. This confirms which policy engine the deletion operation targets.</p>
+     * <p>The app ID provided by Privy.</p>
      * @public
      */
-    policyEngineId: string | undefined;
+    appId: string | undefined;
     /**
-     * <p>The customer-assigned name of the deleted policy engine.</p>
+     * <p>Contains information about a secret in AWS Secrets Manager.</p>
      * @public
      */
-    name: string | undefined;
+    appSecretArn: Secret | undefined;
     /**
-     * <p>The human-readable description of the deleted policy engine.</p>
+     * <p>Contains information about a secret in AWS Secrets Manager.</p>
      * @public
      */
-    description?: string | undefined;
+    authorizationPrivateKeyArn: Secret | undefined;
     /**
-     * <p>The timestamp when the deleted policy engine was originally created.</p>
+     * <p>The authorization ID for the Stripe Privy integration.</p>
      * @public
      */
-    createdAt: Date | undefined;
+    authorizationId: string | undefined;
+}
+/**
+ * <p>Provider configuration output — no raw secrets, only ARNs. Varies by vendor type.</p>
+ * @public
+ */
+export type PaymentProviderConfigurationOutput = PaymentProviderConfigurationOutput.CoinbaseCdpConfigurationMember | PaymentProviderConfigurationOutput.StripePrivyConfigurationMember | PaymentProviderConfigurationOutput.$UnknownMember;
+/**
+ * @public
+ */
+export declare namespace PaymentProviderConfigurationOutput {
     /**
-     * <p>The timestamp when the deleted policy engine was last modified before deletion. This tracks the final state of the policy engine before it was removed from the system.</p>
+     * <p>The Coinbase CDP configuration.</p>
      * @public
      */
-    updatedAt: Date | undefined;
+    interface CoinbaseCdpConfigurationMember {
+        coinbaseCdpConfiguration: CoinbaseCdpConfigurationOutput;
+        stripePrivyConfiguration?: never;
+        $unknown?: never;
+    }
     /**
-     * <p>The Amazon Resource Name (ARN) of the deleted policy engine. This globally unique identifier confirms which policy engine resource was successfully removed.</p>
+     * <p>The Stripe Privy configuration.</p>
      * @public
      */
-    policyEngineArn: string | undefined;
+    interface StripePrivyConfigurationMember {
+        coinbaseCdpConfiguration?: never;
+        stripePrivyConfiguration: StripePrivyConfigurationOutput;
+        $unknown?: never;
+    }
     /**
-     * <p>The status of the policy engine deletion operation. This provides status about any issues that occurred during the deletion process.</p>
      * @public
      */
-    status: PolicyEngineStatus | undefined;
+    interface $UnknownMember {
+        coinbaseCdpConfiguration?: never;
+        stripePrivyConfiguration?: never;
+        $unknown: [string, any];
+    }
     /**
-     * <p>Additional information about the deletion status. This provides details about the deletion process or any issues that may have occurred.</p>
+     * @deprecated unused in schema-serde mode.
+     *
+     */
+    interface Visitor<T> {
+        coinbaseCdpConfiguration: (value: CoinbaseCdpConfigurationOutput) => T;
+        stripePrivyConfiguration: (value: StripePrivyConfigurationOutput) => T;
+        _: (name: string, value: any) => T;
+    }
+}
+/**
+ * @public
+ */
+export interface CreatePaymentCredentialProviderResponse {
+    /**
+     * <p>The name of the created payment credential provider.</p>
      * @public
      */
-    statusReasons: string[] | undefined;
+    name: string | undefined;
     /**
-     * <p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.</p>
+     * <p>The vendor type for the created payment credential provider.</p>
      * @public
      */
-    encryptionKeyArn?: string | undefined;
+    credentialProviderVendor: PaymentCredentialProviderVendorType | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the created payment credential provider.</p>
+     * @public
+     */
+    credentialProviderArn: string | undefined;
+    /**
+     * <p>Output configuration (contains secret ARNs, excludes actual secret values).</p>
+     * @public
+     */
+    providerConfigurationOutput: PaymentProviderConfigurationOutput | undefined;
 }
 /**
  * @public
  */
-export interface GetPolicyEngineRequest {
+export interface DeletePaymentCredentialProviderRequest {
     /**
-     * <p>The unique identifier of the policy engine to be retrieved. This must be a valid policy engine ID that exists within the account.</p>
+     * <p>The name of the payment credential provider to delete.</p>
      * @public
      */
-    policyEngineId: string | undefined;
+    name: string | undefined;
 }
 /**
  * @public
  */
-export interface GetPolicyEngineResponse {
-    /**
-     * <p>The unique identifier of the retrieved policy engine. This matches the policy engine ID provided in the request and serves as the system identifier.</p>
-     * @public
-     */
-    policyEngineId: string | undefined;
+export interface DeletePaymentCredentialProviderResponse {
+}
+/**
+ * @public
+ */
+export interface GetPaymentCredentialProviderRequest {
     /**
-     * <p>The customer-assigned name of the policy engine. This is the human-readable identifier that was specified when the policy engine was created.</p>
+     * <p>The name of the payment credential provider to retrieve.</p>
      * @public
      */
     name: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetPaymentCredentialProviderResponse {
     /**
-     * <p>The human-readable description of the policy engine's purpose and scope. This helps administrators understand the policy engine's role in governance.</p>
+     * <p>The name of the payment credential provider.</p>
      * @public
      */
-    description?: string | undefined;
+    name: string | undefined;
     /**
-     * <p>The timestamp when the policy engine was originally created.</p>
+     * <p>The Amazon Resource Name (ARN) of the payment credential provider.</p>
      * @public
      */
-    createdAt: Date | undefined;
+    credentialProviderArn: string | undefined;
     /**
-     * <p>The timestamp when the policy engine was last modified. This tracks the most recent changes to the policy engine configuration.</p>
+     * <p>The vendor type for the payment credential provider.</p>
      * @public
      */
-    updatedAt: Date | undefined;
+    credentialProviderVendor: PaymentCredentialProviderVendorType | undefined;
     /**
-     * <p>The Amazon Resource Name (ARN) of the policy engine. This globally unique identifier can be used for cross-service references and IAM policy statements.</p>
+     * <p>Output configuration (contains secret ARNs, excludes actual secret values).</p>
      * @public
      */
-    policyEngineArn: string | undefined;
+    providerConfigurationOutput: PaymentProviderConfigurationOutput | undefined;
     /**
-     * <p>The current status of the policy engine.</p>
+     * <p>The timestamp when the payment credential provider was created.</p>
      * @public
      */
-    status: PolicyEngineStatus | undefined;
+    createdTime: Date | undefined;
     /**
-     * <p>Additional information about the policy engine status. This provides details about any failures or the current state of the policy engine.</p>
+     * <p>The timestamp when the payment credential provider was last updated.</p>
      * @public
      */
-    statusReasons: string[] | undefined;
+    lastUpdatedTime: Date | undefined;
     /**
-     * <p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.</p>
+     * <p>The tags associated with the payment credential provider.</p>
      * @public
      */
-    encryptionKeyArn?: string | undefined;
+    tags?: Record<string, string> | undefined;
 }
 /**
  * @public
  */
-export interface ListPolicyEnginesRequest {
+export interface ListPaymentCredentialProvidersRequest {
     /**
-     * <p>A pagination token returned from a previous <a href="https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngines.html">ListPolicyEngines</a> call. Use this token to retrieve the next page of results when the response is paginated.</p>
+     * <p>Pagination token.</p>
      * @public
      */
     nextToken?: string | undefined;
     /**
-     * <p>The maximum number of policy engines to return in a single response. If not specified, the default is 10 policy engines per page, with a maximum of 100 per page.</p>
+     * <p>Maximum number of results to return.</p>
      * @public
      */
     maxResults?: number | undefined;
 }
 /**
- * <p>Represents a policy engine resource within the AgentCore Policy system. Policy engines serve as containers for grouping related policies and provide the execution context for policy evaluation and management. Each policy engine can be associated with one Gateway (one engine per Gateway), where it intercepts all agent tool calls and evaluates them against the contained policies before allowing tools to execute. The policy engine maintains the Cedar schema generated from the Gateway's tool manifest, ensuring that policies are validated against the actual tools and parameters available. Policy engines support two enforcement modes that can be configured when associating with a Gateway: log-only mode for testing (evaluates decisions without blocking) and enforce mode for production (actively allows or denies based on policy evaluation).</p>
+ * <p>Contains summary information about a payment credential provider.</p>
  * @public
  */
-export interface PolicyEngine {
-    /**
-     * <p>The unique identifier for the policy engine. This system-generated identifier consists of the user name plus a 10-character generated suffix and serves as the primary key for policy engine operations.</p>
-     * @public
-     */
-    policyEngineId: string | undefined;
+export interface PaymentCredentialProviderItem {
     /**
-     * <p>The customer-assigned immutable name for the policy engine. This human-readable identifier must be unique within the account and cannot exceed 48 characters.</p>
+     * <p>The name of the payment credential provider.</p>
      * @public
      */
     name: string | undefined;
     /**
-     * <p>A human-readable description of the policy engine's purpose and scope. Limited to 4,096 characters, this helps administrators understand the policy engine's role in the overall governance strategy.</p>
-     * @public
-     */
-    description?: string | undefined;
-    /**
-     * <p>The timestamp when the policy engine was originally created. This is automatically set by the service and used for auditing and lifecycle management.</p>
+     * <p>The vendor type for the payment credential provider.</p>
      * @public
      */
-    createdAt: Date | undefined;
+    credentialProviderVendor: PaymentCredentialProviderVendorType | undefined;
     /**
-     * <p>The timestamp when the policy engine was last modified. This tracks the most recent changes to the policy engine configuration or metadata.</p>
+     * <p>The Amazon Resource Name (ARN) of the payment credential provider.</p>
      * @public
      */
-    updatedAt: Date | undefined;
+    credentialProviderArn: string | undefined;
     /**
-     * <p>The Amazon Resource Name (ARN) of the policy engine. This globally unique identifier can be used for cross-service references and IAM policy statements.</p>
+     * <p>The timestamp when the payment credential provider was created.</p>
      * @public
      */
-    policyEngineArn: string | undefined;
+    createdTime: Date | undefined;
     /**
-     * <p>The current status of the policy engine.</p>
+     * <p>The timestamp when the payment credential provider was last updated.</p>
      * @public
      */
-    status: PolicyEngineStatus | undefined;
+    lastUpdatedTime: Date | undefined;
+}
+/**
+ * @public
+ */
+export interface ListPaymentCredentialProvidersResponse {
     /**
-     * <p>Additional information about the policy engine status. This provides details about any failures or the current state of the policy engine lifecycle.</p>
+     * <p>The list of payment credential providers.</p>
      * @public
      */
-    statusReasons: string[] | undefined;
+    credentialProviders: PaymentCredentialProviderItem[] | undefined;
     /**
-     * <p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.</p>
+     * <p>Pagination token for the next page of results.</p>
      * @public
      */
-    encryptionKeyArn?: string | undefined;
+    nextToken?: string | undefined;
 }
 /**
  * @public
  */
-export interface ListPolicyEnginesResponse {
+export interface UpdatePaymentCredentialProviderRequest {
     /**
-     * <p>An array of policy engine objects that exist in the account. Each policy engine object contains the engine metadata, status, and key identifiers for further operations.</p>
+     * <p>The name of the payment credential provider to update.</p>
      * @public
      */
-    policyEngines: PolicyEngine[] | undefined;
+    name: string | undefined;
     /**
-     * <p>A pagination token that can be used in subsequent <a href="https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngines.html">ListPolicyEngines</a> calls to retrieve additional results. This token is only present when there are more results available. </p>
+     * <p>The vendor type for the payment credential provider (e.g., CoinbaseCDP, StripePrivy).</p>
      * @public
      */
-    nextToken?: string | undefined;
-}
-/**
- * <p>Wrapper for updating an optional Description field with PATCH semantics. When present in an update request, the description is replaced with optionalValue. When absent, the description is left unchanged. To unset the description, include the wrapper with optionalValue not specified.</p>
- * @public
- */
-export interface UpdatedDescription {
+    credentialProviderVendor: PaymentCredentialProviderVendorType | undefined;
     /**
-     * <p>Represents an optional value that is used to update the human-readable description of the resource. If not specified, it will clear the current description of the resource.</p>
+     * <p>Configuration specific to the vendor, including API credentials.</p>
      * @public
      */
-    optionalValue?: string | undefined;
+    providerConfigurationInput: PaymentProviderConfigurationInput | undefined;
 }
 /**
  * @public
  */
-export interface UpdatePolicyEngineRequest {
+export interface UpdatePaymentCredentialProviderResponse {
     /**
-     * <p>The unique identifier of the policy engine to be updated.</p>
+     * <p>The name of the updated payment credential provider.</p>
      * @public
      */
-    policyEngineId: string | undefined;
+    name: string | undefined;
     /**
-     * <p>The new description for the policy engine.</p>
+     * <p>The vendor type for the updated payment credential provider.</p>
      * @public
      */
-    description?: UpdatedDescription | undefined;
-}
-/**
- * @public
- */
-export interface UpdatePolicyEngineResponse {
+    credentialProviderVendor: PaymentCredentialProviderVendorType | undefined;
     /**
-     * <p>The unique identifier of the updated policy engine.</p>
+     * <p>The Amazon Resource Name (ARN) of the updated payment credential provider.</p>
      * @public
      */
-    policyEngineId: string | undefined;
+    credentialProviderArn: string | undefined;
     /**
-     * <p>The name of the updated policy engine.</p>
+     * <p>Output configuration (contains secret ARNs, excludes actual secret values).</p>
      * @public
      */
-    name: string | undefined;
+    providerConfigurationOutput: PaymentProviderConfigurationOutput | undefined;
     /**
-     * <p>The updated description of the policy engine.</p>
+     * <p>The timestamp when the payment credential provider was created.</p>
      * @public
      */
-    description?: string | undefined;
+    createdTime: Date | undefined;
     /**
-     * <p>The original creation timestamp of the policy engine.</p>
+     * <p>The timestamp when the payment credential provider was last updated.</p>
      * @public
      */
-    createdAt: Date | undefined;
+    lastUpdatedTime: Date | undefined;
+}
+/**
+ * @public
+ */
+export interface CreatePaymentManagerRequest {
     /**
-     * <p>The timestamp when the policy engine was last updated.</p>
+     * <p>The name of the payment manager.</p>
      * @public
      */
-    updatedAt: Date | undefined;
+    name: string | undefined;
     /**
-     * <p>The ARN of the updated policy engine.</p>
+     * <p>A description of the payment manager.</p>
      * @public
      */
-    policyEngineArn: string | undefined;
+    description?: string | undefined;
     /**
-     * <p>The current status of the updated policy engine.</p>
+     * <p>The type of authorizer to use for the payment manager.</p> <ul> <li> <p> <code>CUSTOM_JWT</code> - Authorize with a bearer token.</p> </li> <li> <p> <code>AWS_IAM</code> - Authorize with your Amazon Web Services IAM credentials.</p> </li> </ul>
      * @public
      */
-    status: PolicyEngineStatus | undefined;
+    authorizerType: PaymentsAuthorizerType | undefined;
     /**
-     * <p>Additional information about the update status.</p>
+     * <p>The authorizer configuration for the payment manager.</p>
      * @public
      */
-    statusReasons: string[] | undefined;
+    authorizerConfiguration?: AuthorizerConfiguration | undefined;
     /**
-     * <p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.</p>
+     * <p>The Amazon Resource Name (ARN) of the IAM role that the payment manager assumes to access resources on your behalf.</p>
+     * @public
+     */
+    roleArn: string | undefined;
+    /**
+     * <p>A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see <a href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html">Ensuring idempotency</a>.</p>
+     * @public
+     */
+    clientToken?: string | undefined;
+    /**
+     * <p>A map of tag keys and values to assign to the payment manager.</p>
+     * @public
+     */
+    tags?: Record<string, string> | undefined;
+}
+/**
+ * @public
+ */
+export interface CreatePaymentManagerResponse {
+    /**
+     * <p>The Amazon Resource Name (ARN) of the created payment manager.</p>
+     * @public
+     */
+    paymentManagerArn: string | undefined;
+    /**
+     * <p>The unique identifier of the created payment manager.</p>
+     * @public
+     */
+    paymentManagerId: string | undefined;
+    /**
+     * <p>The name of the created payment manager.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The type of authorizer for the created payment manager.</p>
+     * @public
+     */
+    authorizerType: PaymentsAuthorizerType | undefined;
+    /**
+     * <p>Represents inbound authorization configuration options used to authenticate incoming requests. </p>
+     * @public
+     */
+    authorizerConfiguration?: AuthorizerConfiguration | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the IAM role associated with the created payment manager.</p>
+     * @public
+     */
+    roleArn: string | undefined;
+    /**
+     * <p>The information about the workload identity.</p>
+     * @public
+     */
+    workloadIdentityDetails?: WorkloadIdentityDetails | undefined;
+    /**
+     * <p>The timestamp when the payment manager was created.</p>
+     * @public
+     */
+    createdAt: Date | undefined;
+    /**
+     * <p>The current status of the payment manager. Possible values include <code>CREATING</code>, <code>READY</code>, <code>UPDATING</code>, <code>DELETING</code>, <code>CREATE_FAILED</code>, <code>UPDATE_FAILED</code>, and <code>DELETE_FAILED</code>.</p>
+     * @public
+     */
+    status: PaymentManagerStatus | undefined;
+    /**
+     * <p>The tags associated with the created payment manager.</p>
+     * @public
+     */
+    tags?: Record<string, string> | undefined;
+}
+/**
+ * @public
+ */
+export interface DeletePaymentManagerRequest {
+    /**
+     * <p>The unique identifier of the payment manager to delete.</p>
+     * @public
+     */
+    paymentManagerId: string | undefined;
+    /**
+     * <p>A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see <a href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html">Ensuring idempotency</a>.</p>
+     * @public
+     */
+    clientToken?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface DeletePaymentManagerResponse {
+    /**
+     * <p>The current status of the payment manager, set to <code>DELETING</code> when deletion is initiated. Possible values include <code>CREATING</code>, <code>READY</code>, <code>UPDATING</code>, <code>DELETING</code>, <code>CREATE_FAILED</code>, <code>UPDATE_FAILED</code>, and <code>DELETE_FAILED</code>.</p>
+     * @public
+     */
+    status: PaymentManagerStatus | undefined;
+    /**
+     * <p>The unique identifier of the deleted payment manager.</p>
+     * @public
+     */
+    paymentManagerId?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetPaymentManagerRequest {
+    /**
+     * <p>The unique identifier of the payment manager to retrieve.</p>
+     * @public
+     */
+    paymentManagerId: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetPaymentManagerResponse {
+    /**
+     * <p>The Amazon Resource Name (ARN) of the payment manager.</p>
+     * @public
+     */
+    paymentManagerArn: string | undefined;
+    /**
+     * <p>The unique identifier of the payment manager.</p>
+     * @public
+     */
+    paymentManagerId: string | undefined;
+    /**
+     * <p>The name of the payment manager.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The description of the payment manager.</p>
+     * @public
+     */
+    description?: string | undefined;
+    /**
+     * <p>The type of authorizer used by the payment manager.</p> <ul> <li> <p> <code>CUSTOM_JWT</code> - Authorize with a bearer token.</p> </li> <li> <p> <code>AWS_IAM</code> - Authorize with your Amazon Web Services IAM credentials.</p> </li> </ul>
+     * @public
+     */
+    authorizerType: PaymentsAuthorizerType | undefined;
+    /**
+     * <p>Represents inbound authorization configuration options used to authenticate incoming requests. </p>
+     * @public
+     */
+    authorizerConfiguration?: AuthorizerConfiguration | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the IAM role associated with the payment manager.</p>
+     * @public
+     */
+    roleArn: string | undefined;
+    /**
+     * <p>The information about the workload identity.</p>
+     * @public
+     */
+    workloadIdentityDetails?: WorkloadIdentityDetails | undefined;
+    /**
+     * <p>The timestamp when the payment manager was created.</p>
+     * @public
+     */
+    createdAt: Date | undefined;
+    /**
+     * <p>The timestamp when the payment manager was last updated.</p>
+     * @public
+     */
+    lastUpdatedAt: Date | undefined;
+    /**
+     * <p>The current status of the payment manager. Possible values include <code>CREATING</code>, <code>READY</code>, <code>UPDATING</code>, <code>DELETING</code>, <code>CREATE_FAILED</code>, <code>UPDATE_FAILED</code>, and <code>DELETE_FAILED</code>.</p>
+     * @public
+     */
+    status: PaymentManagerStatus | undefined;
+    /**
+     * <p>The tags associated with the payment manager.</p>
+     * @public
+     */
+    tags?: Record<string, string> | undefined;
+}
+/**
+ * @public
+ */
+export interface ListPaymentManagersRequest {
+    /**
+     * <p>The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the <code>nextToken</code> field when making another request to return the next batch of results.</p>
+     * @public
+     */
+    maxResults?: number | undefined;
+    /**
+     * <p>If the total number of results is greater than the <code>maxResults</code> value provided in the request, enter the token returned in the <code>nextToken</code> field in the response in this field to return the next batch of results.</p>
+     * @public
+     */
+    nextToken?: string | undefined;
+}
+/**
+ * <p>Contains summary information about a payment manager.</p>
+ * @public
+ */
+export interface PaymentManagerSummary {
+    /**
+     * <p>The Amazon Resource Name (ARN) of the payment manager.</p>
+     * @public
+     */
+    paymentManagerArn: string | undefined;
+    /**
+     * <p>The unique identifier of the payment manager.</p>
+     * @public
+     */
+    paymentManagerId: string | undefined;
+    /**
+     * <p>The name of the payment manager.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The description of the payment manager.</p>
+     * @public
+     */
+    description?: string | undefined;
+    /**
+     * <p>The type of authorizer used by the payment manager.</p> <ul> <li> <p> <code>CUSTOM_JWT</code> - Authorize with a bearer token.</p> </li> <li> <p> <code>AWS_IAM</code> - Authorize with your Amazon Web Services IAM credentials.</p> </li> </ul>
+     * @public
+     */
+    authorizerType: PaymentsAuthorizerType | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the IAM role associated with the payment manager.</p>
+     * @public
+     */
+    roleArn: string | undefined;
+    /**
+     * <p>The current status of the payment manager. Possible values include <code>CREATING</code>, <code>READY</code>, <code>UPDATING</code>, <code>DELETING</code>, <code>CREATE_FAILED</code>, <code>UPDATE_FAILED</code>, and <code>DELETE_FAILED</code>.</p>
+     * @public
+     */
+    status: PaymentManagerStatus | undefined;
+    /**
+     * <p>The timestamp when the payment manager was created.</p>
+     * @public
+     */
+    createdAt?: Date | undefined;
+    /**
+     * <p>The timestamp when the payment manager was last updated.</p>
+     * @public
+     */
+    lastUpdatedAt: Date | undefined;
+}
+/**
+ * @public
+ */
+export interface ListPaymentManagersResponse {
+    /**
+     * <p>The list of payment manager summaries. For details about the fields in each summary, see the <code>PaymentManagerSummary</code> data type.</p>
+     * @public
+     */
+    paymentManagers: PaymentManagerSummary[] | undefined;
+    /**
+     * <p>If the total number of results is greater than the <code>maxResults</code> value provided in the request, use this token when making another request in the <code>nextToken</code> field to return the next batch of results.</p>
+     * @public
+     */
+    nextToken?: string | undefined;
+}
+/**
+ * <p>Configuration for a payment credential provider that stores authentication credentials for a payment provider.</p>
+ * @public
+ */
+export interface PaymentCredentialProviderConfiguration {
+    /**
+     * <p>The Amazon Resource Name (ARN) of the credential provider that stores the authentication credentials for the payment provider.</p>
+     * @public
+     */
+    credentialProviderArn: string | undefined;
+}
+/**
+ * <p>The credential provider configuration for a payment connector. Specifies the payment provider type and its associated credential provider.</p>
+ * @public
+ */
+export type CredentialsProviderConfiguration = CredentialsProviderConfiguration.CoinbaseCDPMember | CredentialsProviderConfiguration.StripePrivyMember | CredentialsProviderConfiguration.$UnknownMember;
+/**
+ * @public
+ */
+export declare namespace CredentialsProviderConfiguration {
+    /**
+     * <p>The credential provider configuration for a Coinbase CDP payment connector.</p>
+     * @public
+     */
+    interface CoinbaseCDPMember {
+        coinbaseCDP: PaymentCredentialProviderConfiguration;
+        stripePrivy?: never;
+        $unknown?: never;
+    }
+    /**
+     * <p>The credential provider configuration for a Stripe Privy payment connector.</p>
+     * @public
+     */
+    interface StripePrivyMember {
+        coinbaseCDP?: never;
+        stripePrivy: PaymentCredentialProviderConfiguration;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     */
+    interface $UnknownMember {
+        coinbaseCDP?: never;
+        stripePrivy?: never;
+        $unknown: [string, any];
+    }
+    /**
+     * @deprecated unused in schema-serde mode.
+     *
+     */
+    interface Visitor<T> {
+        coinbaseCDP: (value: PaymentCredentialProviderConfiguration) => T;
+        stripePrivy: (value: PaymentCredentialProviderConfiguration) => T;
+        _: (name: string, value: any) => T;
+    }
+}
+/**
+ * @public
+ */
+export interface CreatePaymentConnectorRequest {
+    /**
+     * <p>The unique identifier of the payment manager to create the connector for.</p>
+     * @public
+     */
+    paymentManagerId: string | undefined;
+    /**
+     * <p>The name of the payment connector.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>A description of the payment connector.</p>
+     * @public
+     */
+    description?: string | undefined;
+    /**
+     * <p>The type of payment connector, which determines the payment provider integration.</p>
+     * @public
+     */
+    type: PaymentConnectorType | undefined;
+    /**
+     * <p>The credential provider configurations for the payment connector. These configurations specify how the connector authenticates with the payment provider.</p>
+     * @public
+     */
+    credentialProviderConfigurations: CredentialsProviderConfiguration[] | undefined;
+    /**
+     * <p>A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see <a href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html">Ensuring idempotency</a>.</p>
+     * @public
+     */
+    clientToken?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface CreatePaymentConnectorResponse {
+    /**
+     * <p>The unique identifier of the created payment connector.</p>
+     * @public
+     */
+    paymentConnectorId: string | undefined;
+    /**
+     * <p>The unique identifier of the parent payment manager.</p>
+     * @public
+     */
+    paymentManagerId: string | undefined;
+    /**
+     * <p>The name of the created payment connector.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The type of the created payment connector.</p>
+     * @public
+     */
+    type: PaymentConnectorType | undefined;
+    /**
+     * <p>The credential provider configurations for the created payment connector.</p>
+     * @public
+     */
+    credentialProviderConfigurations: CredentialsProviderConfiguration[] | undefined;
+    /**
+     * <p>The timestamp when the payment connector was created.</p>
+     * @public
+     */
+    createdAt: Date | undefined;
+    /**
+     * <p>The current status of the payment connector. Possible values include <code>CREATING</code>, <code>READY</code>, <code>UPDATING</code>, <code>DELETING</code>, <code>CREATE_FAILED</code>, <code>UPDATE_FAILED</code>, and <code>DELETE_FAILED</code>.</p>
+     * @public
+     */
+    status: PaymentConnectorStatus | undefined;
+}
+/**
+ * @public
+ */
+export interface DeletePaymentConnectorRequest {
+    /**
+     * <p>The unique identifier of the parent payment manager.</p>
+     * @public
+     */
+    paymentManagerId: string | undefined;
+    /**
+     * <p>The unique identifier of the payment connector to delete.</p>
+     * @public
+     */
+    paymentConnectorId: string | undefined;
+    /**
+     * <p>A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see <a href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html">Ensuring idempotency</a>.</p>
+     * @public
+     */
+    clientToken?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface DeletePaymentConnectorResponse {
+    /**
+     * <p>The current status of the payment connector, set to <code>DELETING</code> when deletion is initiated. Possible values include <code>CREATING</code>, <code>READY</code>, <code>UPDATING</code>, <code>DELETING</code>, <code>CREATE_FAILED</code>, <code>UPDATE_FAILED</code>, and <code>DELETE_FAILED</code>.</p>
+     * @public
+     */
+    status: PaymentConnectorStatus | undefined;
+    /**
+     * <p>The unique identifier of the deleted payment connector.</p>
+     * @public
+     */
+    paymentConnectorId?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetPaymentConnectorRequest {
+    /**
+     * <p>The unique identifier of the parent payment manager.</p>
+     * @public
+     */
+    paymentManagerId: string | undefined;
+    /**
+     * <p>The unique identifier of the payment connector to retrieve.</p>
+     * @public
+     */
+    paymentConnectorId: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetPaymentConnectorResponse {
+    /**
+     * <p>The unique identifier of the payment connector.</p>
+     * @public
+     */
+    paymentConnectorId: string | undefined;
+    /**
+     * <p>The name of the payment connector.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The description of the payment connector.</p>
+     * @public
+     */
+    description?: string | undefined;
+    /**
+     * <p>The type of the payment connector, which determines the payment provider integration.</p>
+     * @public
+     */
+    type: PaymentConnectorType | undefined;
+    /**
+     * <p>The credential provider configurations for the payment connector.</p>
+     * @public
+     */
+    credentialProviderConfigurations: CredentialsProviderConfiguration[] | undefined;
+    /**
+     * <p>The timestamp when the payment connector was created.</p>
+     * @public
+     */
+    createdAt: Date | undefined;
+    /**
+     * <p>The timestamp when the payment connector was last updated.</p>
+     * @public
+     */
+    lastUpdatedAt: Date | undefined;
+    /**
+     * <p>The current status of the payment connector. Possible values include <code>CREATING</code>, <code>READY</code>, <code>UPDATING</code>, <code>DELETING</code>, <code>CREATE_FAILED</code>, <code>UPDATE_FAILED</code>, and <code>DELETE_FAILED</code>.</p>
+     * @public
+     */
+    status: PaymentConnectorStatus | undefined;
+}
+/**
+ * @public
+ */
+export interface ListPaymentConnectorsRequest {
+    /**
+     * <p>The unique identifier of the payment manager whose connectors to list.</p>
+     * @public
+     */
+    paymentManagerId: string | undefined;
+    /**
+     * <p>The maximum number of results to return in the response. If the total number of results is greater than this value, use the token returned in the response in the <code>nextToken</code> field when making another request to return the next batch of results.</p>
+     * @public
+     */
+    maxResults?: number | undefined;
+    /**
+     * <p>If the total number of results is greater than the <code>maxResults</code> value provided in the request, enter the token returned in the <code>nextToken</code> field in the response in this field to return the next batch of results.</p>
+     * @public
+     */
+    nextToken?: string | undefined;
+}
+/**
+ * <p>Contains summary information about a payment connector.</p>
+ * @public
+ */
+export interface PaymentConnectorSummary {
+    /**
+     * <p>The unique identifier of the payment connector.</p>
+     * @public
+     */
+    paymentConnectorId: string | undefined;
+    /**
+     * <p>The name of the payment connector.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The type of the payment connector, which determines the payment provider integration.</p>
+     * @public
+     */
+    type: PaymentConnectorType | undefined;
+    /**
+     * <p>The current status of the payment connector. Possible values include <code>CREATING</code>, <code>READY</code>, <code>UPDATING</code>, <code>DELETING</code>, <code>CREATE_FAILED</code>, <code>UPDATE_FAILED</code>, and <code>DELETE_FAILED</code>.</p>
+     * @public
+     */
+    status: PaymentConnectorStatus | undefined;
+    /**
+     * <p>The timestamp when the payment connector was last updated.</p>
+     * @public
+     */
+    lastUpdatedAt: Date | undefined;
+}
+/**
+ * @public
+ */
+export interface ListPaymentConnectorsResponse {
+    /**
+     * <p>The list of payment connector summaries. For details about the fields in each summary, see the <code>PaymentConnectorSummary</code> data type.</p>
+     * @public
+     */
+    paymentConnectors: PaymentConnectorSummary[] | undefined;
+    /**
+     * <p>If the total number of results is greater than the <code>maxResults</code> value provided in the request, use this token when making another request in the <code>nextToken</code> field to return the next batch of results.</p>
+     * @public
+     */
+    nextToken?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface UpdatePaymentConnectorRequest {
+    /**
+     * <p>The unique identifier of the parent payment manager.</p>
+     * @public
+     */
+    paymentManagerId: string | undefined;
+    /**
+     * <p>The unique identifier of the payment connector to update.</p>
+     * @public
+     */
+    paymentConnectorId: string | undefined;
+    /**
+     * <p>The updated description of the payment connector.</p>
+     * @public
+     */
+    description?: string | undefined;
+    /**
+     * <p>The updated type of the payment connector.</p>
+     * @public
+     */
+    type?: PaymentConnectorType | undefined;
+    /**
+     * <p>The updated credential provider configurations for the payment connector.</p>
+     * @public
+     */
+    credentialProviderConfigurations?: CredentialsProviderConfiguration[] | undefined;
+    /**
+     * <p>A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see <a href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html">Ensuring idempotency</a>.</p>
+     * @public
+     */
+    clientToken?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface UpdatePaymentConnectorResponse {
+    /**
+     * <p>The unique identifier of the updated payment connector.</p>
+     * @public
+     */
+    paymentConnectorId: string | undefined;
+    /**
+     * <p>The unique identifier of the parent payment manager.</p>
+     * @public
+     */
+    paymentManagerId: string | undefined;
+    /**
+     * <p>The name of the updated payment connector.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The type of the updated payment connector.</p>
+     * @public
+     */
+    type: PaymentConnectorType | undefined;
+    /**
+     * <p>The credential provider configurations for the updated payment connector.</p>
+     * @public
+     */
+    credentialProviderConfigurations: CredentialsProviderConfiguration[] | undefined;
+    /**
+     * <p>The timestamp when the payment connector was last updated.</p>
+     * @public
+     */
+    lastUpdatedAt: Date | undefined;
+    /**
+     * <p>The current status of the updated payment connector. Possible values include <code>CREATING</code>, <code>READY</code>, <code>UPDATING</code>, <code>DELETING</code>, <code>CREATE_FAILED</code>, <code>UPDATE_FAILED</code>, and <code>DELETE_FAILED</code>.</p>
+     * @public
+     */
+    status: PaymentConnectorStatus | undefined;
+}
+/**
+ * @public
+ */
+export interface UpdatePaymentManagerRequest {
+    /**
+     * <p>The unique identifier of the payment manager to update.</p>
+     * @public
+     */
+    paymentManagerId: string | undefined;
+    /**
+     * <p>The updated description of the payment manager.</p>
+     * @public
+     */
+    description?: string | undefined;
+    /**
+     * <p>The updated authorizer type for the payment manager.</p>
+     * @public
+     */
+    authorizerType?: PaymentsAuthorizerType | undefined;
+    /**
+     * <p>The updated authorizer configuration for the payment manager.</p>
+     * @public
+     */
+    authorizerConfiguration?: AuthorizerConfiguration | undefined;
+    /**
+     * <p>The updated Amazon Resource Name (ARN) of the IAM role for the payment manager.</p>
+     * @public
+     */
+    roleArn?: string | undefined;
+    /**
+     * <p>A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If you don't specify this field, a value is randomly generated for you. If this token matches a previous request, the service ignores the request, but doesn't return an error. For more information, see <a href="https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html">Ensuring idempotency</a>.</p>
+     * @public
+     */
+    clientToken?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface UpdatePaymentManagerResponse {
+    /**
+     * <p>The Amazon Resource Name (ARN) of the updated payment manager.</p>
+     * @public
+     */
+    paymentManagerArn: string | undefined;
+    /**
+     * <p>The unique identifier of the updated payment manager.</p>
+     * @public
+     */
+    paymentManagerId: string | undefined;
+    /**
+     * <p>The name of the updated payment manager.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The type of authorizer for the updated payment manager.</p>
+     * @public
+     */
+    authorizerType: PaymentsAuthorizerType | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the IAM role associated with the updated payment manager.</p>
+     * @public
+     */
+    roleArn: string | undefined;
+    /**
+     * <p>The information about the workload identity.</p>
+     * @public
+     */
+    workloadIdentityDetails?: WorkloadIdentityDetails | undefined;
+    /**
+     * <p>The timestamp when the payment manager was last updated.</p>
+     * @public
+     */
+    lastUpdatedAt: Date | undefined;
+    /**
+     * <p>The current status of the updated payment manager. Possible values include <code>CREATING</code>, <code>READY</code>, <code>UPDATING</code>, <code>DELETING</code>, <code>CREATE_FAILED</code>, <code>UPDATE_FAILED</code>, and <code>DELETE_FAILED</code>.</p>
+     * @public
+     */
+    status: PaymentManagerStatus | undefined;
+}
+/**
+ * @public
+ */
+export interface CreatePolicyEngineRequest {
+    /**
+     * <p>The customer-assigned immutable name for the policy engine. This name identifies the policy engine and cannot be changed after creation.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>A human-readable description of the policy engine's purpose and scope (1-4,096 characters). This helps administrators understand the policy engine's role in the overall governance strategy. Document which Gateway this engine will be associated with, what types of tools or workflows it governs, and the team or service responsible for maintaining it. Clear descriptions are essential when managing multiple policy engines across different services or environments.</p>
+     * @public
+     */
+    description?: string | undefined;
+    /**
+     * <p>A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request with the same client token, the service returns the same response without creating a duplicate policy engine.</p>
+     * @public
+     */
+    clientToken?: string | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.</p>
+     * @public
+     */
+    encryptionKeyArn?: string | undefined;
+    /**
+     * <p>A map of tag keys and values to assign to an AgentCore Policy. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.</p>
+     * @public
+     */
+    tags?: Record<string, string> | undefined;
+}
+/**
+ * @public
+ */
+export interface CreatePolicyEngineResponse {
+    /**
+     * <p>The unique identifier for the created policy engine. This system-generated identifier consists of the user name plus a 10-character generated suffix and is used for all subsequent policy engine operations.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+    /**
+     * <p>The customer-assigned name of the created policy engine. This matches the name provided in the request and serves as the human-readable identifier.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The timestamp when the policy engine was created. This is automatically set by the service and used for auditing and lifecycle management.</p>
+     * @public
+     */
+    createdAt: Date | undefined;
+    /**
+     * <p>The timestamp when the policy engine was last updated. For newly created policy engines, this matches the <code>createdAt</code> timestamp.</p>
+     * @public
+     */
+    updatedAt: Date | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the created policy engine. This globally unique identifier can be used for cross-service references and IAM policy statements.</p>
+     * @public
+     */
+    policyEngineArn: string | undefined;
+    /**
+     * <p>The current status of the policy engine. A status of <code>ACTIVE</code> indicates the policy engine is ready for use.</p>
+     * @public
+     */
+    status: PolicyEngineStatus | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.</p>
+     * @public
+     */
+    encryptionKeyArn?: string | undefined;
+    /**
+     * <p>A human-readable description of the policy engine's purpose.</p>
+     * @public
+     */
+    description?: string | undefined;
+    /**
+     * <p>Additional information about the policy engine status. This provides details about any failures or the current state of the policy engine creation process.</p>
+     * @public
+     */
+    statusReasons: string[] | undefined;
+}
+/**
+ * @public
+ */
+export interface DeletePolicyEngineRequest {
+    /**
+     * <p>The unique identifier of the policy engine to be deleted. This must be a valid policy engine ID that exists within the account.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+}
+/**
+ * @public
+ */
+export interface DeletePolicyEngineResponse {
+    /**
+     * <p>The unique identifier of the policy engine being deleted. This confirms which policy engine the deletion operation targets.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+    /**
+     * <p>The customer-assigned name of the deleted policy engine.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The timestamp when the deleted policy engine was originally created.</p>
+     * @public
+     */
+    createdAt: Date | undefined;
+    /**
+     * <p>The timestamp when the deleted policy engine was last modified before deletion. This tracks the final state of the policy engine before it was removed from the system.</p>
+     * @public
+     */
+    updatedAt: Date | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the deleted policy engine. This globally unique identifier confirms which policy engine resource was successfully removed.</p>
+     * @public
+     */
+    policyEngineArn: string | undefined;
+    /**
+     * <p>The status of the policy engine deletion operation. This provides status about any issues that occurred during the deletion process.</p>
+     * @public
+     */
+    status: PolicyEngineStatus | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.</p>
+     * @public
+     */
+    encryptionKeyArn?: string | undefined;
+    /**
+     * <p>The human-readable description of the deleted policy engine.</p>
+     * @public
+     */
+    description?: string | undefined;
+    /**
+     * <p>Additional information about the deletion status. This provides details about the deletion process or any issues that may have occurred.</p>
+     * @public
+     */
+    statusReasons: string[] | undefined;
+}
+/**
+ * @public
+ */
+export interface GetPolicyEngineRequest {
+    /**
+     * <p>The unique identifier of the policy engine to be retrieved. This must be a valid policy engine ID that exists within the account.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetPolicyEngineResponse {
+    /**
+     * <p>The unique identifier of the retrieved policy engine. This matches the policy engine ID provided in the request and serves as the system identifier.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+    /**
+     * <p>The customer-assigned name of the policy engine. This is the human-readable identifier that was specified when the policy engine was created.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The timestamp when the policy engine was originally created.</p>
+     * @public
+     */
+    createdAt: Date | undefined;
+    /**
+     * <p>The timestamp when the policy engine was last modified. This tracks the most recent changes to the policy engine configuration.</p>
+     * @public
+     */
+    updatedAt: Date | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the policy engine. This globally unique identifier can be used for cross-service references and IAM policy statements.</p>
+     * @public
+     */
+    policyEngineArn: string | undefined;
+    /**
+     * <p>The current status of the policy engine.</p>
+     * @public
+     */
+    status: PolicyEngineStatus | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.</p>
+     * @public
+     */
+    encryptionKeyArn?: string | undefined;
+    /**
+     * <p>The human-readable description of the policy engine's purpose and scope. This helps administrators understand the policy engine's role in governance.</p>
+     * @public
+     */
+    description?: string | undefined;
+    /**
+     * <p>Additional information about the policy engine status. This provides details about any failures or the current state of the policy engine.</p>
+     * @public
+     */
+    statusReasons: string[] | undefined;
+}
+/**
+ * @public
+ */
+export interface GetPolicyEngineSummaryRequest {
+    /**
+     * <p>The unique identifier of the policy engine to retrieve the summary for. This must be a valid policy engine ID that exists within the account.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetPolicyEngineSummaryResponse {
+    /**
+     * <p>The unique identifier of the policy engine.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+    /**
+     * <p>The customer-assigned name of the policy engine.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The timestamp when the policy engine was originally created.</p>
+     * @public
+     */
+    createdAt: Date | undefined;
+    /**
+     * <p>The timestamp when the policy engine was last modified.</p>
+     * @public
+     */
+    updatedAt: Date | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the policy engine.</p>
+     * @public
+     */
+    policyEngineArn: string | undefined;
+    /**
+     * <p>The current status of the policy engine.</p>
+     * @public
+     */
+    status: PolicyEngineStatus | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.</p>
+     * @public
+     */
+    encryptionKeyArn?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface ListPolicyEnginesRequest {
+    /**
+     * <p>A pagination token returned from a previous <a href="https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngines.html">ListPolicyEngines</a> call. Use this token to retrieve the next page of results when the response is paginated.</p>
+     * @public
+     */
+    nextToken?: string | undefined;
+    /**
+     * <p>The maximum number of policy engines to return in a single response. If not specified, the default is 10 policy engines per page, with a maximum of 100 per page.</p>
+     * @public
+     */
+    maxResults?: number | undefined;
+}
+/**
+ * <p>Represents a policy engine resource within the AgentCore Policy system. Policy engines serve as containers for grouping related policies and provide the execution context for policy evaluation and management. Each policy engine can be associated with one Gateway (one engine per Gateway), where it intercepts all agent tool calls and evaluates them against the contained policies before allowing tools to execute. The policy engine maintains the Cedar schema generated from the Gateway's tool manifest, ensuring that policies are validated against the actual tools and parameters available. Policy engines support two enforcement modes that can be configured when associating with a Gateway: log-only mode for testing (evaluates decisions without blocking) and enforce mode for production (actively allows or denies based on policy evaluation).</p>
+ * @public
+ */
+export interface PolicyEngine {
+    /**
+     * <p>The unique identifier for the policy engine. This system-generated identifier consists of the user name plus a 10-character generated suffix and serves as the primary key for policy engine operations.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+    /**
+     * <p>The customer-assigned immutable name for the policy engine. This human-readable identifier must be unique within the account and cannot exceed 48 characters.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The timestamp when the policy engine was originally created. This is automatically set by the service and used for auditing and lifecycle management.</p>
+     * @public
+     */
+    createdAt: Date | undefined;
+    /**
+     * <p>The timestamp when the policy engine was last modified. This tracks the most recent changes to the policy engine configuration or metadata.</p>
+     * @public
+     */
+    updatedAt: Date | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the policy engine. This globally unique identifier can be used for cross-service references and IAM policy statements.</p>
+     * @public
+     */
+    policyEngineArn: string | undefined;
+    /**
+     * <p>The current status of the policy engine.</p>
+     * @public
+     */
+    status: PolicyEngineStatus | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.</p>
+     * @public
+     */
+    encryptionKeyArn?: string | undefined;
+    /**
+     * <p>A human-readable description of the policy engine's purpose and scope. Limited to 4,096 characters, this helps administrators understand the policy engine's role in the overall governance strategy.</p>
+     * @public
+     */
+    description?: string | undefined;
+    /**
+     * <p>Additional information about the policy engine status. This provides details about any failures or the current state of the policy engine lifecycle.</p>
+     * @public
+     */
+    statusReasons: string[] | undefined;
+}
+/**
+ * @public
+ */
+export interface ListPolicyEnginesResponse {
+    /**
+     * <p>An array of policy engine objects that exist in the account. Each policy engine object contains the engine metadata, status, and key identifiers for further operations.</p>
+     * @public
+     */
+    policyEngines: PolicyEngine[] | undefined;
+    /**
+     * <p>A pagination token that can be used in subsequent <a href="https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngines.html">ListPolicyEngines</a> calls to retrieve additional results. This token is only present when there are more results available. </p>
+     * @public
+     */
+    nextToken?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface ListPolicyEngineSummariesRequest {
+    /**
+     * <p>A pagination token returned from a previous <a href="https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngineSummaries.html">ListPolicyEngineSummaries</a> call. Use this token to retrieve the next page of results when the response is paginated.</p>
+     * @public
+     */
+    nextToken?: string | undefined;
+    /**
+     * <p>The maximum number of policy engine summaries to return in a single response.</p>
+     * @public
+     */
+    maxResults?: number | undefined;
+}
+/**
+ * <p>Represents a metadata-only summary of a policy engine resource. This structure contains resource identifiers, status, and timestamps without customer-encrypted fields such as description or status reasons. Policy engine summaries are returned by operations that do not require access to the customer's KMS key.</p>
+ * @public
+ */
+export interface PolicyEngineSummary {
+    /**
+     * <p>The unique identifier for the policy engine.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+    /**
+     * <p>The customer-assigned name of the policy engine.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The timestamp when the policy engine was originally created.</p>
+     * @public
+     */
+    createdAt: Date | undefined;
+    /**
+     * <p>The timestamp when the policy engine was last modified.</p>
+     * @public
+     */
+    updatedAt: Date | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the policy engine.</p>
+     * @public
+     */
+    policyEngineArn: string | undefined;
+    /**
+     * <p>The current status of the policy engine.</p>
+     * @public
+     */
+    status: PolicyEngineStatus | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.</p>
+     * @public
+     */
+    encryptionKeyArn?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface ListPolicyEngineSummariesResponse {
+    /**
+     * <p>An array of policy engine summary objects that exist in the account. Each summary contains resource identifiers, status, and timestamps without customer-encrypted content.</p>
+     * @public
+     */
+    policyEngines: PolicyEngineSummary[] | undefined;
+    /**
+     * <p>A pagination token that can be used in subsequent <a href="https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyEngineSummaries.html">ListPolicyEngineSummaries</a> calls to retrieve additional results. This token is only present when there are more results available.</p>
+     * @public
+     */
+    nextToken?: string | undefined;
+}
+/**
+ * <p>Wrapper for updating an optional Description field with PATCH semantics. When present in an update request, the description is replaced with optionalValue. When absent, the description is left unchanged. To unset the description, include the wrapper with optionalValue not specified.</p>
+ * @public
+ */
+export interface UpdatedDescription {
+    /**
+     * <p>Represents an optional value that is used to update the human-readable description of the resource. If not specified, it will clear the current description of the resource.</p>
+     * @public
+     */
+    optionalValue?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface UpdatePolicyEngineRequest {
+    /**
+     * <p>The unique identifier of the policy engine to be updated.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+    /**
+     * <p>The new description for the policy engine.</p>
+     * @public
+     */
+    description?: UpdatedDescription | undefined;
+}
+/**
+ * @public
+ */
+export interface UpdatePolicyEngineResponse {
+    /**
+     * <p>The unique identifier of the updated policy engine.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+    /**
+     * <p>The name of the updated policy engine.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The original creation timestamp of the policy engine.</p>
+     * @public
+     */
+    createdAt: Date | undefined;
+    /**
+     * <p>The timestamp when the policy engine was last updated.</p>
+     * @public
+     */
+    updatedAt: Date | undefined;
+    /**
+     * <p>The ARN of the updated policy engine.</p>
+     * @public
+     */
+    policyEngineArn: string | undefined;
+    /**
+     * <p>The current status of the updated policy engine.</p>
+     * @public
+     */
+    status: PolicyEngineStatus | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the policy engine data.</p>
      * @public
      */
     encryptionKeyArn?: string | undefined;
+    /**
+     * <p>The updated description of the policy engine.</p>
+     * @public
+     */
+    description?: string | undefined;
+    /**
+     * <p>Additional information about the update status.</p>
+     * @public
+     */
+    statusReasons: string[] | undefined;
 }
 /**
  * @public
@@ -3771,13 +5035,78 @@ export interface GetPolicyGenerationResponse {
      * @public
      */
     status: PolicyGenerationStatus | undefined;
+    /**
+     * <p>The findings and results from the policy generation process. This includes any issues, recommendations, validation results, or insights from the generated policies.</p>
+     * @public
+     */
+    findings?: string | undefined;
     /**
      * <p>Additional information about the generation status. This provides details about any failures, warnings, or the current state of the generation process.</p>
      * @public
      */
     statusReasons: string[] | undefined;
+}
+/**
+ * @public
+ */
+export interface GetPolicyGenerationSummaryRequest {
     /**
-     * <p>The findings and results from the policy generation process. This includes any issues, recommendations, validation results, or insights from the generated policies.</p>
+     * <p>The unique identifier of the policy generation request to retrieve the summary for.</p>
+     * @public
+     */
+    policyGenerationId: string | undefined;
+    /**
+     * <p>The identifier of the policy engine associated with the policy generation request.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetPolicyGenerationSummaryResponse {
+    /**
+     * <p>The identifier of the policy engine associated with this policy generation.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+    /**
+     * <p>The unique identifier of the policy generation request.</p>
+     * @public
+     */
+    policyGenerationId: string | undefined;
+    /**
+     * <p>The customer-assigned name for the policy generation request.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the policy generation request.</p>
+     * @public
+     */
+    policyGenerationArn: string | undefined;
+    /**
+     * <p>The resource information associated with the policy generation.</p>
+     * @public
+     */
+    resource: Resource | undefined;
+    /**
+     * <p>The timestamp when the policy generation request was created.</p>
+     * @public
+     */
+    createdAt: Date | undefined;
+    /**
+     * <p>The timestamp when the policy generation was last updated.</p>
+     * @public
+     */
+    updatedAt: Date | undefined;
+    /**
+     * <p>The current status of the policy generation request.</p>
+     * @public
+     */
+    status: PolicyGenerationStatus | undefined;
+    /**
+     * <p>The findings from the policy generation process, if available.</p>
      * @public
      */
     findings?: string | undefined;
@@ -3901,37 +5230,128 @@ export interface Finding {
  */
 export interface PolicyGenerationAsset {
     /**
-     * <p>The unique identifier for this generated policy asset within the policy generation request. This ID can be used to reference specific generated policy options when creating actual policies from the generation results.</p>
+     * <p>The unique identifier for this generated policy asset within the policy generation request. This ID can be used to reference specific generated policy options when creating actual policies from the generation results.</p>
+     * @public
+     */
+    policyGenerationAssetId: string | undefined;
+    /**
+     * <p>Represents the definition structure for policies within the AgentCore Policy system. This structure encapsulates different policy formats and languages that can be used to define access control rules.</p>
+     * @public
+     */
+    definition?: PolicyDefinition | undefined;
+    /**
+     * <p>The portion of the original natural language input that this generated policy asset addresses. This helps users understand which part of their policy description was translated into this specific Cedar policy statement, enabling better policy selection and refinement. When a single natural language input describes multiple authorization requirements, the generation process creates separate policy assets for each requirement, with each asset's rawTextFragment showing which requirement it addresses. Use this mapping to verify that all parts of your natural language input were correctly translated into Cedar policies.</p>
+     * @public
+     */
+    rawTextFragment: string | undefined;
+    /**
+     * <p>Analysis findings and insights related to this specific generated policy asset. These findings may include validation results, potential issues, or recommendations for improvement to help users evaluate the quality and appropriateness of the generated policy.</p>
+     * @public
+     */
+    findings: Finding[] | undefined;
+}
+/**
+ * @public
+ */
+export interface ListPolicyGenerationAssetsResponse {
+    /**
+     * <p>An array of generated policy assets including Cedar policies and related artifacts from the AI-powered policy generation process. Each asset represents a different policy option or variation generated from the original natural language input.</p>
+     * @public
+     */
+    policyGenerationAssets?: PolicyGenerationAsset[] | undefined;
+    /**
+     * <p>A pagination token that can be used in subsequent <a href="https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerationAssets.html">ListPolicyGenerationAssets</a> calls to retrieve additional assets. This token is only present when there are more generated policy assets available beyond the current response.</p>
+     * @public
+     */
+    nextToken?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface ListPolicyGenerationsRequest {
+    /**
+     * <p>A pagination token for retrieving additional policy generations when results are paginated.</p>
+     * @public
+     */
+    nextToken?: string | undefined;
+    /**
+     * <p>The maximum number of policy generations to return in a single response.</p>
+     * @public
+     */
+    maxResults?: number | undefined;
+    /**
+     * <p>The identifier of the policy engine whose policy generations to retrieve.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+}
+/**
+ * <p>Represents a policy generation request within the AgentCore Policy system. Tracks the AI-powered conversion of natural language descriptions into Cedar policy statements, enabling users to author policies by describing authorization requirements in plain English. The generation process analyzes the natural language input along with the Gateway's tool context and Cedar schema to produce one or more validated policy options. Each generation request tracks the status of the conversion process and maintains findings about the generated policies, including validation results and potential issues. Generated policy assets remain available for one week after successful generation, allowing time to review and create policies from the generated options.</p>
+ * @public
+ */
+export interface PolicyGeneration {
+    /**
+     * <p>The identifier of the policy engine associated with this generation request.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+    /**
+     * <p>The unique identifier for this policy generation request.</p>
+     * @public
+     */
+    policyGenerationId: string | undefined;
+    /**
+     * <p>The customer-assigned name for this policy generation request.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The ARN of this policy generation request.</p>
+     * @public
+     */
+    policyGenerationArn: string | undefined;
+    /**
+     * <p>The resource information associated with this policy generation.</p>
+     * @public
+     */
+    resource: Resource | undefined;
+    /**
+     * <p>The timestamp when this policy generation request was created.</p>
+     * @public
+     */
+    createdAt: Date | undefined;
+    /**
+     * <p>The timestamp when this policy generation was last updated.</p>
      * @public
      */
-    policyGenerationAssetId: string | undefined;
+    updatedAt: Date | undefined;
     /**
-     * <p>Represents the definition structure for policies within the AgentCore Policy system. This structure encapsulates different policy formats and languages that can be used to define access control rules.</p>
+     * <p>The current status of this policy generation request.</p>
      * @public
      */
-    definition?: PolicyDefinition | undefined;
+    status: PolicyGenerationStatus | undefined;
     /**
-     * <p>The portion of the original natural language input that this generated policy asset addresses. This helps users understand which part of their policy description was translated into this specific Cedar policy statement, enabling better policy selection and refinement. When a single natural language input describes multiple authorization requirements, the generation process creates separate policy assets for each requirement, with each asset's rawTextFragment showing which requirement it addresses. Use this mapping to verify that all parts of your natural language input were correctly translated into Cedar policies.</p>
+     * <p>Findings and insights from this policy generation process.</p>
      * @public
      */
-    rawTextFragment: string | undefined;
+    findings?: string | undefined;
     /**
-     * <p>Analysis findings and insights related to this specific generated policy asset. These findings may include validation results, potential issues, or recommendations for improvement to help users evaluate the quality and appropriateness of the generated policy.</p>
+     * <p>Additional information about the generation status.</p>
      * @public
      */
-    findings: Finding[] | undefined;
+    statusReasons: string[] | undefined;
 }
 /**
  * @public
  */
-export interface ListPolicyGenerationAssetsResponse {
+export interface ListPolicyGenerationsResponse {
     /**
-     * <p>An array of generated policy assets including Cedar policies and related artifacts from the AI-powered policy generation process. Each asset represents a different policy option or variation generated from the original natural language input.</p>
+     * <p>An array of policy generation objects that match the specified criteria.</p>
      * @public
      */
-    policyGenerationAssets?: PolicyGenerationAsset[] | undefined;
+    policyGenerations: PolicyGeneration[] | undefined;
     /**
-     * <p>A pagination token that can be used in subsequent <a href="https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerationAssets.html">ListPolicyGenerationAssets</a> calls to retrieve additional assets. This token is only present when there are more generated policy assets available beyond the current response.</p>
+     * <p>A pagination token for retrieving additional policy generations if more results are available.</p>
      * @public
      */
     nextToken?: string | undefined;
@@ -3939,28 +5359,28 @@ export interface ListPolicyGenerationAssetsResponse {
 /**
  * @public
  */
-export interface ListPolicyGenerationsRequest {
+export interface ListPolicyGenerationSummariesRequest {
     /**
-     * <p>A pagination token for retrieving additional policy generations when results are paginated.</p>
+     * <p>A pagination token returned from a previous <a href="https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerationSummaries.html">ListPolicyGenerationSummaries</a> call. Use this token to retrieve the next page of results when the response is paginated.</p>
      * @public
      */
     nextToken?: string | undefined;
     /**
-     * <p>The maximum number of policy generations to return in a single response.</p>
+     * <p>The maximum number of policy generation summaries to return in a single response.</p>
      * @public
      */
     maxResults?: number | undefined;
     /**
-     * <p>The identifier of the policy engine whose policy generations to retrieve.</p>
+     * <p>The identifier of the policy engine whose policy generation summaries to retrieve.</p>
      * @public
      */
     policyEngineId: string | undefined;
 }
 /**
- * <p>Represents a policy generation request within the AgentCore Policy system. Tracks the AI-powered conversion of natural language descriptions into Cedar policy statements, enabling users to author policies by describing authorization requirements in plain English. The generation process analyzes the natural language input along with the Gateway's tool context and Cedar schema to produce one or more validated policy options. Each generation request tracks the status of the conversion process and maintains findings about the generated policies, including validation results and potential issues. Generated policy assets remain available for one week after successful generation, allowing time to review and create policies from the generated options.</p>
+ * <p>Represents a metadata-only summary of a policy generation resource. This structure contains resource identifiers, status, timestamps, and findings without customer-encrypted fields such as status reasons. Policy generation summaries are returned by operations that do not require access to the customer's KMS key.</p>
  * @public
  */
-export interface PolicyGeneration {
+export interface PolicyGenerationSummary {
     /**
      * <p>The identifier of the policy engine associated with this generation request.</p>
      * @public
@@ -4001,11 +5421,6 @@ export interface PolicyGeneration {
      * @public
      */
     status: PolicyGenerationStatus | undefined;
-    /**
-     * <p>Additional information about the generation status.</p>
-     * @public
-     */
-    statusReasons: string[] | undefined;
     /**
      * <p>Findings and insights from this policy generation process.</p>
      * @public
@@ -4015,14 +5430,14 @@ export interface PolicyGeneration {
 /**
  * @public
  */
-export interface ListPolicyGenerationsResponse {
+export interface ListPolicyGenerationSummariesResponse {
     /**
-     * <p>An array of policy generation objects that match the specified criteria.</p>
+     * <p>An array of policy generation summary objects that match the specified criteria. Each summary contains resource identifiers, status, timestamps, and findings without customer-encrypted content.</p>
      * @public
      */
-    policyGenerations: PolicyGeneration[] | undefined;
+    policyGenerations: PolicyGenerationSummary[] | undefined;
     /**
-     * <p>A pagination token for retrieving additional policy generations if more results are available.</p>
+     * <p>A pagination token that can be used in subsequent <a href="https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicyGenerationSummaries.html">ListPolicyGenerationSummaries</a> calls to retrieve additional results. This token is only present when there are more results available.</p>
      * @public
      */
     nextToken?: string | undefined;
@@ -4135,15 +5550,15 @@ export interface StartPolicyGenerationResponse {
      */
     status: PolicyGenerationStatus | undefined;
     /**
-     * <p>Additional information about the generation status.</p>
+     * <p>Initial findings from the policy generation process.</p>
      * @public
      */
-    statusReasons: string[] | undefined;
+    findings?: string | undefined;
     /**
-     * <p>Initial findings from the policy generation process.</p>
+     * <p>Additional information about the generation status.</p>
      * @public
      */
-    findings?: string | undefined;
+    statusReasons: string[] | undefined;
 }
 /**
  * @public
@@ -4199,16 +5614,6 @@ export interface CreatePolicyResponse {
      * @public
      */
     policyEngineId: string | undefined;
-    /**
-     * <p>The Cedar policy statement that was created. This is the validated policy definition that will be used for agent behavior control and access decisions.</p>
-     * @public
-     */
-    definition: PolicyDefinition | undefined;
-    /**
-     * <p>The human-readable description of the policy's purpose and functionality. This helps administrators understand and manage the policy.</p>
-     * @public
-     */
-    description?: string | undefined;
     /**
      * <p>The timestamp when the policy was created. This is automatically set by the service and used for auditing and lifecycle management.</p>
      * @public
@@ -4229,6 +5634,16 @@ export interface CreatePolicyResponse {
      * @public
      */
     status: PolicyStatus | undefined;
+    /**
+     * <p>The Cedar policy statement that was created. This is the validated policy definition that will be used for agent behavior control and access decisions.</p>
+     * @public
+     */
+    definition: PolicyDefinition | undefined;
+    /**
+     * <p>The human-readable description of the policy's purpose and functionality. This helps administrators understand and manage the policy.</p>
+     * @public
+     */
+    description?: string | undefined;
     /**
      * <p>Additional information about the policy status. This provides details about any failures or the current state of the policy creation process.</p>
      * @public
@@ -4269,16 +5684,6 @@ export interface DeletePolicyResponse {
      * @public
      */
     policyEngineId: string | undefined;
-    /**
-     * <p>Represents the definition structure for policies within the AgentCore Policy system. This structure encapsulates different policy formats and languages that can be used to define access control rules.</p>
-     * @public
-     */
-    definition: PolicyDefinition | undefined;
-    /**
-     * <p>The human-readable description of the deleted policy.</p>
-     * @public
-     */
-    description?: string | undefined;
     /**
      * <p>The timestamp when the deleted policy was originally created.</p>
      * @public
@@ -4299,6 +5704,16 @@ export interface DeletePolicyResponse {
      * @public
      */
     status: PolicyStatus | undefined;
+    /**
+     * <p>Represents the definition structure for policies within the AgentCore Policy system. This structure encapsulates different policy formats and languages that can be used to define access control rules.</p>
+     * @public
+     */
+    definition: PolicyDefinition | undefined;
+    /**
+     * <p>The human-readable description of the deleted policy.</p>
+     * @public
+     */
+    description?: string | undefined;
     /**
      * <p>Additional information about the deletion status. This provides details about the deletion process or any issues that may have occurred.</p>
      * @public
@@ -4339,6 +5754,26 @@ export interface GetPolicyResponse {
      * @public
      */
     policyEngineId: string | undefined;
+    /**
+     * <p>The timestamp when the policy was originally created.</p>
+     * @public
+     */
+    createdAt: Date | undefined;
+    /**
+     * <p>The timestamp when the policy was last modified. This tracks the most recent changes to the policy configuration.</p>
+     * @public
+     */
+    updatedAt: Date | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the policy. This globally unique identifier can be used for cross-service references and IAM policy statements.</p>
+     * @public
+     */
+    policyArn: string | undefined;
+    /**
+     * <p>The current status of the policy.</p>
+     * @public
+     */
+    status: PolicyStatus | undefined;
     /**
      * <p>The Cedar policy statement that defines the access control rules. This contains the actual policy logic used for agent behavior control and access decisions.</p>
      * @public
@@ -4349,18 +5784,58 @@ export interface GetPolicyResponse {
      * @public
      */
     description?: string | undefined;
+    /**
+     * <p>Additional information about the policy status. This provides details about any failures or the current state of the policy.</p>
+     * @public
+     */
+    statusReasons: string[] | undefined;
+}
+/**
+ * @public
+ */
+export interface GetPolicySummaryRequest {
+    /**
+     * <p>The identifier of the policy engine that manages the policy to retrieve the summary for.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+    /**
+     * <p>The unique identifier of the policy to retrieve the summary for. This must be a valid policy ID that exists within the specified policy engine.</p>
+     * @public
+     */
+    policyId: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetPolicySummaryResponse {
+    /**
+     * <p>The unique identifier of the policy.</p>
+     * @public
+     */
+    policyId: string | undefined;
+    /**
+     * <p>The customer-assigned name of the policy.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The identifier of the policy engine that manages this policy.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
     /**
      * <p>The timestamp when the policy was originally created.</p>
      * @public
      */
     createdAt: Date | undefined;
     /**
-     * <p>The timestamp when the policy was last modified. This tracks the most recent changes to the policy configuration.</p>
+     * <p>The timestamp when the policy was last modified.</p>
      * @public
      */
     updatedAt: Date | undefined;
     /**
-     * <p>The Amazon Resource Name (ARN) of the policy. This globally unique identifier can be used for cross-service references and IAM policy statements.</p>
+     * <p>The Amazon Resource Name (ARN) of the policy.</p>
      * @public
      */
     policyArn: string | undefined;
@@ -4369,11 +5844,6 @@ export interface GetPolicyResponse {
      * @public
      */
     status: PolicyStatus | undefined;
-    /**
-     * <p>Additional information about the policy status. This provides details about any failures or the current state of the policy.</p>
-     * @public
-     */
-    statusReasons: string[] | undefined;
 }
 /**
  * @public
@@ -4420,16 +5890,6 @@ export interface Policy {
      * @public
      */
     policyEngineId: string | undefined;
-    /**
-     * <p>The Cedar policy statement that defines the access control rules. This contains the actual policy logic used for agent behavior control and access decisions.</p>
-     * @public
-     */
-    definition: PolicyDefinition | undefined;
-    /**
-     * <p>A human-readable description of the policy's purpose and functionality. Limited to 4,096 characters, this helps administrators understand and manage the policy.</p>
-     * @public
-     */
-    description?: string | undefined;
     /**
      * <p>The timestamp when the policy was originally created. This is automatically set by the service and used for auditing and lifecycle management.</p>
      * @public
@@ -4450,6 +5910,16 @@ export interface Policy {
      * @public
      */
     status: PolicyStatus | undefined;
+    /**
+     * <p>The Cedar policy statement that defines the access control rules. This contains the actual policy logic used for agent behavior control and access decisions.</p>
+     * @public
+     */
+    definition: PolicyDefinition | undefined;
+    /**
+     * <p>A human-readable description of the policy's purpose and functionality. Limited to 4,096 characters, this helps administrators understand and manage the policy.</p>
+     * @public
+     */
+    description?: string | undefined;
     /**
      * <p>Additional information about the policy status. This provides details about any failures or the current state of the policy lifecycle.</p>
      * @public
@@ -4471,6 +5941,87 @@ export interface ListPoliciesResponse {
      */
     nextToken?: string | undefined;
 }
+/**
+ * @public
+ */
+export interface ListPolicySummariesRequest {
+    /**
+     * <p>A pagination token returned from a previous <a href="https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicySummaries.html">ListPolicySummaries</a> call. Use this token to retrieve the next page of results when the response is paginated.</p>
+     * @public
+     */
+    nextToken?: string | undefined;
+    /**
+     * <p>The maximum number of policy summaries to return in a single response.</p>
+     * @public
+     */
+    maxResults?: number | undefined;
+    /**
+     * <p>The identifier of the policy engine whose policy summaries to retrieve.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+    /**
+     * <p>Optional filter to list policy summaries that apply to a specific resource scope or resource type. This helps narrow down results to those relevant for particular Amazon Web Services resources, agent tools, or operational contexts within the policy engine ecosystem.</p>
+     * @public
+     */
+    targetResourceScope?: string | undefined;
+}
+/**
+ * <p>Represents a metadata-only summary of a policy resource. This structure contains resource identifiers, status, and timestamps without customer-encrypted fields such as definition, description, or status reasons. Policy summaries are returned by operations that do not require access to the customer's KMS key.</p>
+ * @public
+ */
+export interface PolicySummary {
+    /**
+     * <p>The unique identifier for the policy.</p>
+     * @public
+     */
+    policyId: string | undefined;
+    /**
+     * <p>The customer-assigned name of the policy.</p>
+     * @public
+     */
+    name: string | undefined;
+    /**
+     * <p>The identifier of the policy engine that manages this policy.</p>
+     * @public
+     */
+    policyEngineId: string | undefined;
+    /**
+     * <p>The timestamp when the policy was originally created.</p>
+     * @public
+     */
+    createdAt: Date | undefined;
+    /**
+     * <p>The timestamp when the policy was last modified.</p>
+     * @public
+     */
+    updatedAt: Date | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the policy.</p>
+     * @public
+     */
+    policyArn: string | undefined;
+    /**
+     * <p>The current status of the policy.</p>
+     * @public
+     */
+    status: PolicyStatus | undefined;
+}
+/**
+ * @public
+ */
+export interface ListPolicySummariesResponse {
+    /**
+     * <p>An array of policy summary objects that match the specified criteria. Each summary contains resource identifiers, status, and timestamps without customer-encrypted content.</p>
+     * @public
+     */
+    policies: PolicySummary[] | undefined;
+    /**
+     * <p>A pagination token that can be used in subsequent <a href="https://docs.aws.amazon.com/bedrock-agentcore-control/latest/APIReference/API_ListPolicySummaries.html">ListPolicySummaries</a> calls to retrieve additional results. This token is only present when there are more results available.</p>
+     * @public
+     */
+    nextToken?: string | undefined;
+}
 /**
  * @public
  */
@@ -4520,16 +6071,6 @@ export interface UpdatePolicyResponse {
      * @public
      */
     policyEngineId: string | undefined;
-    /**
-     * <p>The updated Cedar policy statement.</p>
-     * @public
-     */
-    definition: PolicyDefinition | undefined;
-    /**
-     * <p>The updated description of the policy.</p>
-     * @public
-     */
-    description?: string | undefined;
     /**
      * <p>The original creation timestamp of the policy.</p>
      * @public
@@ -4550,6 +6091,16 @@ export interface UpdatePolicyResponse {
      * @public
      */
     status: PolicyStatus | undefined;
+    /**
+     * <p>The updated Cedar policy statement.</p>
+     * @public
+     */
+    definition: PolicyDefinition | undefined;
+    /**
+     * <p>The updated description of the policy.</p>
+     * @public
+     */
+    description?: string | undefined;
     /**
      * <p>Additional information about the update status.</p>
      * @public
@@ -5661,6 +7212,11 @@ export interface ListRegistriesRequest {
      * @public
      */
     status?: RegistryStatus | undefined;
+    /**
+     * <p>Filter registries by their authorizer type. Possible values are <code>CUSTOM_JWT</code> and <code>AWS_IAM</code>. For more information about authorizer types, see the <code>RegistryAuthorizerType</code> enum.</p>
+     * @public
+     */
+    authorizerType?: RegistryAuthorizerType | undefined;
 }
 /**
  * <p>Contains summary information about a registry.</p>