@constructive-io/sdk 0.14.7 → 0.14.9

package/auth/orm/input-types.d.ts

@@ -229,6 +229,7 @@ export interface UUIDListFilter {
     anyGreaterThan?: string;
     anyGreaterThanOrEqualTo?: string;
 }
+export type Base64EncodedBinary = unknown;
 export type ConstructiveInternalTypeEmail = unknown;
 export type ConstructiveInternalTypeImage = unknown;
 export type ConstructiveInternalTypeOrigin = unknown;
@@ -242,6 +243,8 @@ export interface Email {
     isVerified?: boolean | null;
     /** Whether this is the user's primary email address */
     isPrimary?: boolean | null;
+    /** Optional user-provided label for this email (e.g. "Work", "Personal"). */
+    name?: string | null;
     createdAt?: string | null;
     updatedAt?: string | null;
 }
@@ -257,6 +260,8 @@ export interface PhoneNumber {
     isVerified?: boolean | null;
     /** Whether this is the user's primary phone number */
     isPrimary?: boolean | null;
+    /** Optional user-provided label for this phone number (e.g. "Mobile", "Work"). */
+    name?: string | null;
     createdAt?: string | null;
     updatedAt?: string | null;
 }
@@ -270,6 +275,35 @@ export interface CryptoAddress {
     isVerified?: boolean | null;
     /** Whether this is the user's primary cryptocurrency address */
     isPrimary?: boolean | null;
+    /** Optional user-provided label for this address (e.g. "Main wallet", "Hardware wallet"). */
+    name?: string | null;
+    createdAt?: string | null;
+    updatedAt?: string | null;
+}
+/** WebAuthn/passkey credentials owned by users. One row per registered authenticator (security key, device biometric, synced passkey). Schema mirrors SimpleWebAuthn's canonical Passkey object. */
+export interface WebauthnCredential {
+    id: string;
+    ownerId?: string | null;
+    /** Base64url-encoded credential ID returned by the authenticator. Globally unique per WebAuthn spec. */
+    credentialId?: string | null;
+    /** COSE-encoded public key bytes from the authenticator attestation. */
+    publicKey?: Base64EncodedBinary | null;
+    /** Monotonic signature counter. Strict-increase check during sign-in detects cloned credentials. 0 means the authenticator does not implement a counter. */
+    signCount?: string | null;
+    /** Random per-user handle sent to authenticators as user.id. Privacy-preserving; NOT the internal user UUID. */
+    webauthnUserId?: string | null;
+    /** Authenticator transport hints (e.g. usb, nfc, ble, internal, hybrid). Used to hint browser UI during sign-in. */
+    transports?: string[] | null;
+    /** Either 'singleDevice' (hardware-bound) or 'multiDevice' (synced passkey). Enforced by CHECK constraint below. */
+    credentialDeviceType?: string | null;
+    /** Whether this credential is eligible for backup (syncing) per the authenticator's flags at registration. */
+    backupEligible?: boolean | null;
+    /** Current backup state; updated on each successful sign-in assertion. */
+    backupState?: boolean | null;
+    /** User-provided label for this credential (e.g. "YubiKey 5C", "iPhone 15"). Renamed via rename_passkey. */
+    name?: string | null;
+    /** Timestamp of the most recent successful sign-in assertion using this credential. */
+    lastUsedAt?: string | null;
     createdAt?: string | null;
     updatedAt?: string | null;
 }
@@ -291,6 +325,13 @@ export interface AuditLog {
     /** Timestamp when the audit event was recorded */
     createdAt?: string | null;
 }
+export interface IdentityProvider {
+    slug?: string | null;
+    kind?: string | null;
+    displayName?: string | null;
+    enabled?: boolean | null;
+    isBuiltIn?: boolean | null;
+}
 export interface RoleType {
     id: number;
     name?: string | null;
@@ -341,9 +382,14 @@ export interface PhoneNumberRelations {
 export interface CryptoAddressRelations {
     owner?: User | null;
 }
+export interface WebauthnCredentialRelations {
+    owner?: User | null;
+}
 export interface AuditLogRelations {
     actor?: User | null;
 }
+export interface IdentityProviderRelations {
+}
 export interface RoleTypeRelations {
 }
 export interface UserConnectedAccountRelations {
@@ -353,12 +399,15 @@ export interface UserRelations {
     ownedEmails?: ConnectionResult<Email>;
     ownedPhoneNumbers?: ConnectionResult<PhoneNumber>;
     ownedCryptoAddresses?: ConnectionResult<CryptoAddress>;
+    ownedWebauthnCredentials?: ConnectionResult<WebauthnCredential>;
     auditLogsByActorId?: ConnectionResult<AuditLog>;
 }
 export type EmailWithRelations = Email & EmailRelations;
 export type PhoneNumberWithRelations = PhoneNumber & PhoneNumberRelations;
 export type CryptoAddressWithRelations = CryptoAddress & CryptoAddressRelations;
+export type WebauthnCredentialWithRelations = WebauthnCredential & WebauthnCredentialRelations;
 export type AuditLogWithRelations = AuditLog & AuditLogRelations;
+export type IdentityProviderWithRelations = IdentityProvider & IdentityProviderRelations;
 export type RoleTypeWithRelations = RoleType & RoleTypeRelations;
 export type UserConnectedAccountWithRelations = UserConnectedAccount & UserConnectedAccountRelations;
 export type UserWithRelations = User & UserRelations;
@@ -368,6 +417,7 @@ export type EmailSelect = {
     email?: boolean;
     isVerified?: boolean;
     isPrimary?: boolean;
+    name?: boolean;
     createdAt?: boolean;
     updatedAt?: boolean;
     owner?: {
@@ -381,6 +431,7 @@ export type PhoneNumberSelect = {
     number?: boolean;
     isVerified?: boolean;
     isPrimary?: boolean;
+    name?: boolean;
     createdAt?: boolean;
     updatedAt?: boolean;
     owner?: {
@@ -393,6 +444,26 @@ export type CryptoAddressSelect = {
     address?: boolean;
     isVerified?: boolean;
     isPrimary?: boolean;
+    name?: boolean;
+    createdAt?: boolean;
+    updatedAt?: boolean;
+    owner?: {
+        select: UserSelect;
+    };
+};
+export type WebauthnCredentialSelect = {
+    id?: boolean;
+    ownerId?: boolean;
+    credentialId?: boolean;
+    publicKey?: boolean;
+    signCount?: boolean;
+    webauthnUserId?: boolean;
+    transports?: boolean;
+    credentialDeviceType?: boolean;
+    backupEligible?: boolean;
+    backupState?: boolean;
+    name?: boolean;
+    lastUsedAt?: boolean;
     createdAt?: boolean;
     updatedAt?: boolean;
     owner?: {
@@ -412,6 +483,13 @@ export type AuditLogSelect = {
         select: UserSelect;
     };
 };
+export type IdentityProviderSelect = {
+    slug?: boolean;
+    kind?: boolean;
+    displayName?: boolean;
+    enabled?: boolean;
+    isBuiltIn?: boolean;
+};
 export type RoleTypeSelect = {
     id?: boolean;
     name?: boolean;
@@ -459,6 +537,12 @@ export type UserSelect = {
         filter?: CryptoAddressFilter;
         orderBy?: CryptoAddressOrderBy[];
     };
+    ownedWebauthnCredentials?: {
+        select: WebauthnCredentialSelect;
+        first?: number;
+        filter?: WebauthnCredentialFilter;
+        orderBy?: WebauthnCredentialOrderBy[];
+    };
     auditLogsByActorId?: {
         select: AuditLogSelect;
         first?: number;
@@ -477,6 +561,8 @@ export interface EmailFilter {
     isVerified?: BooleanFilter;
     /** Filter by the object’s `isPrimary` field. */
     isPrimary?: BooleanFilter;
+    /** Filter by the object’s `name` field. */
+    name?: StringFilter;
     /** Filter by the object’s `createdAt` field. */
     createdAt?: DatetimeFilter;
     /** Filter by the object’s `updatedAt` field. */
@@ -503,6 +589,8 @@ export interface PhoneNumberFilter {
     isVerified?: BooleanFilter;
     /** Filter by the object’s `isPrimary` field. */
     isPrimary?: BooleanFilter;
+    /** Filter by the object’s `name` field. */
+    name?: StringFilter;
     /** Filter by the object’s `createdAt` field. */
     createdAt?: DatetimeFilter;
     /** Filter by the object’s `updatedAt` field. */
@@ -527,6 +615,8 @@ export interface CryptoAddressFilter {
     isVerified?: BooleanFilter;
     /** Filter by the object’s `isPrimary` field. */
     isPrimary?: BooleanFilter;
+    /** Filter by the object’s `name` field. */
+    name?: StringFilter;
     /** Filter by the object’s `createdAt` field. */
     createdAt?: DatetimeFilter;
     /** Filter by the object’s `updatedAt` field. */
@@ -540,6 +630,44 @@ export interface CryptoAddressFilter {
     /** Filter by the object’s `owner` relation. */
     owner?: UserFilter;
 }
+export interface WebauthnCredentialFilter {
+    /** Filter by the object’s `id` field. */
+    id?: UUIDFilter;
+    /** Filter by the object’s `ownerId` field. */
+    ownerId?: UUIDFilter;
+    /** Filter by the object’s `credentialId` field. */
+    credentialId?: StringFilter;
+    /** Filter by the object’s `publicKey` field. */
+    publicKey?: Base64EncodedBinaryFilter;
+    /** Filter by the object’s `signCount` field. */
+    signCount?: BigIntFilter;
+    /** Filter by the object’s `webauthnUserId` field. */
+    webauthnUserId?: StringFilter;
+    /** Filter by the object’s `transports` field. */
+    transports?: StringListFilter;
+    /** Filter by the object’s `credentialDeviceType` field. */
+    credentialDeviceType?: StringFilter;
+    /** Filter by the object’s `backupEligible` field. */
+    backupEligible?: BooleanFilter;
+    /** Filter by the object’s `backupState` field. */
+    backupState?: BooleanFilter;
+    /** Filter by the object’s `name` field. */
+    name?: StringFilter;
+    /** Filter by the object’s `lastUsedAt` field. */
+    lastUsedAt?: DatetimeFilter;
+    /** Filter by the object’s `createdAt` field. */
+    createdAt?: DatetimeFilter;
+    /** Filter by the object’s `updatedAt` field. */
+    updatedAt?: DatetimeFilter;
+    /** Checks for all expressions in this list. */
+    and?: WebauthnCredentialFilter[];
+    /** Checks for any expressions in this list. */
+    or?: WebauthnCredentialFilter[];
+    /** Negates the expression. */
+    not?: WebauthnCredentialFilter;
+    /** Filter by the object’s `owner` relation. */
+    owner?: UserFilter;
+}
 export interface AuditLogFilter {
     /** Filter by the object’s `id` field. */
     id?: UUIDFilter;
@@ -568,6 +696,24 @@ export interface AuditLogFilter {
     /** A related `actor` exists. */
     actorExists?: boolean;
 }
+export interface IdentityProviderFilter {
+    /** Filter by the object’s `slug` field. */
+    slug?: StringFilter;
+    /** Filter by the object’s `kind` field. */
+    kind?: StringFilter;
+    /** Filter by the object’s `displayName` field. */
+    displayName?: StringFilter;
+    /** Filter by the object’s `enabled` field. */
+    enabled?: BooleanFilter;
+    /** Filter by the object’s `isBuiltIn` field. */
+    isBuiltIn?: BooleanFilter;
+    /** Checks for all expressions in this list. */
+    and?: IdentityProviderFilter[];
+    /** Checks for any expressions in this list. */
+    or?: IdentityProviderFilter[];
+    /** Negates the expression. */
+    not?: IdentityProviderFilter;
+}
 export interface RoleTypeFilter {
     /** Filter by the object’s `id` field. */
     id?: IntFilter;
@@ -641,6 +787,10 @@ export interface UserFilter {
     ownedCryptoAddresses?: UserToManyCryptoAddressFilter;
     /** `ownedCryptoAddresses` exist. */
     ownedCryptoAddressesExist?: boolean;
+    /** Filter by the object’s `ownedWebauthnCredentials` relation. */
+    ownedWebauthnCredentials?: UserToManyWebauthnCredentialFilter;
+    /** `ownedWebauthnCredentials` exist. */
+    ownedWebauthnCredentialsExist?: boolean;
     /** Filter by the object’s `auditLogsByActorId` relation. */
     auditLogsByActorId?: UserToManyAuditLogFilter;
     /** `auditLogsByActorId` exist. */
@@ -657,10 +807,12 @@ export interface UserFilter {
      */
     unifiedSearch?: string;
 }
-export type EmailOrderBy = 'NATURAL' | 'PRIMARY_KEY_ASC' | 'PRIMARY_KEY_DESC' | 'ID_ASC' | 'ID_DESC' | 'OWNER_ID_ASC' | 'OWNER_ID_DESC' | 'EMAIL_ASC' | 'EMAIL_DESC' | 'IS_VERIFIED_ASC' | 'IS_VERIFIED_DESC' | 'IS_PRIMARY_ASC' | 'IS_PRIMARY_DESC' | 'CREATED_AT_ASC' | 'CREATED_AT_DESC' | 'UPDATED_AT_ASC' | 'UPDATED_AT_DESC';
-export type PhoneNumberOrderBy = 'NATURAL' | 'PRIMARY_KEY_ASC' | 'PRIMARY_KEY_DESC' | 'ID_ASC' | 'ID_DESC' | 'OWNER_ID_ASC' | 'OWNER_ID_DESC' | 'CC_ASC' | 'CC_DESC' | 'NUMBER_ASC' | 'NUMBER_DESC' | 'IS_VERIFIED_ASC' | 'IS_VERIFIED_DESC' | 'IS_PRIMARY_ASC' | 'IS_PRIMARY_DESC' | 'CREATED_AT_ASC' | 'CREATED_AT_DESC' | 'UPDATED_AT_ASC' | 'UPDATED_AT_DESC';
-export type CryptoAddressOrderBy = 'NATURAL' | 'PRIMARY_KEY_ASC' | 'PRIMARY_KEY_DESC' | 'ID_ASC' | 'ID_DESC' | 'OWNER_ID_ASC' | 'OWNER_ID_DESC' | 'ADDRESS_ASC' | 'ADDRESS_DESC' | 'IS_VERIFIED_ASC' | 'IS_VERIFIED_DESC' | 'IS_PRIMARY_ASC' | 'IS_PRIMARY_DESC' | 'CREATED_AT_ASC' | 'CREATED_AT_DESC' | 'UPDATED_AT_ASC' | 'UPDATED_AT_DESC';
+export type EmailOrderBy = 'NATURAL' | 'PRIMARY_KEY_ASC' | 'PRIMARY_KEY_DESC' | 'ID_ASC' | 'ID_DESC' | 'OWNER_ID_ASC' | 'OWNER_ID_DESC' | 'EMAIL_ASC' | 'EMAIL_DESC' | 'IS_VERIFIED_ASC' | 'IS_VERIFIED_DESC' | 'IS_PRIMARY_ASC' | 'IS_PRIMARY_DESC' | 'NAME_ASC' | 'NAME_DESC' | 'CREATED_AT_ASC' | 'CREATED_AT_DESC' | 'UPDATED_AT_ASC' | 'UPDATED_AT_DESC';
+export type PhoneNumberOrderBy = 'NATURAL' | 'PRIMARY_KEY_ASC' | 'PRIMARY_KEY_DESC' | 'ID_ASC' | 'ID_DESC' | 'OWNER_ID_ASC' | 'OWNER_ID_DESC' | 'CC_ASC' | 'CC_DESC' | 'NUMBER_ASC' | 'NUMBER_DESC' | 'IS_VERIFIED_ASC' | 'IS_VERIFIED_DESC' | 'IS_PRIMARY_ASC' | 'IS_PRIMARY_DESC' | 'NAME_ASC' | 'NAME_DESC' | 'CREATED_AT_ASC' | 'CREATED_AT_DESC' | 'UPDATED_AT_ASC' | 'UPDATED_AT_DESC';
+export type CryptoAddressOrderBy = 'NATURAL' | 'PRIMARY_KEY_ASC' | 'PRIMARY_KEY_DESC' | 'ID_ASC' | 'ID_DESC' | 'OWNER_ID_ASC' | 'OWNER_ID_DESC' | 'ADDRESS_ASC' | 'ADDRESS_DESC' | 'IS_VERIFIED_ASC' | 'IS_VERIFIED_DESC' | 'IS_PRIMARY_ASC' | 'IS_PRIMARY_DESC' | 'NAME_ASC' | 'NAME_DESC' | 'CREATED_AT_ASC' | 'CREATED_AT_DESC' | 'UPDATED_AT_ASC' | 'UPDATED_AT_DESC';
+export type WebauthnCredentialOrderBy = 'NATURAL' | 'PRIMARY_KEY_ASC' | 'PRIMARY_KEY_DESC' | 'ID_ASC' | 'ID_DESC' | 'OWNER_ID_ASC' | 'OWNER_ID_DESC' | 'CREDENTIAL_ID_ASC' | 'CREDENTIAL_ID_DESC' | 'PUBLIC_KEY_ASC' | 'PUBLIC_KEY_DESC' | 'SIGN_COUNT_ASC' | 'SIGN_COUNT_DESC' | 'WEBAUTHN_USER_ID_ASC' | 'WEBAUTHN_USER_ID_DESC' | 'TRANSPORTS_ASC' | 'TRANSPORTS_DESC' | 'CREDENTIAL_DEVICE_TYPE_ASC' | 'CREDENTIAL_DEVICE_TYPE_DESC' | 'BACKUP_ELIGIBLE_ASC' | 'BACKUP_ELIGIBLE_DESC' | 'BACKUP_STATE_ASC' | 'BACKUP_STATE_DESC' | 'NAME_ASC' | 'NAME_DESC' | 'LAST_USED_AT_ASC' | 'LAST_USED_AT_DESC' | 'CREATED_AT_ASC' | 'CREATED_AT_DESC' | 'UPDATED_AT_ASC' | 'UPDATED_AT_DESC';
 export type AuditLogOrderBy = 'NATURAL' | 'PRIMARY_KEY_ASC' | 'PRIMARY_KEY_DESC' | 'ID_ASC' | 'ID_DESC' | 'EVENT_ASC' | 'EVENT_DESC' | 'ACTOR_ID_ASC' | 'ACTOR_ID_DESC' | 'ORIGIN_ASC' | 'ORIGIN_DESC' | 'USER_AGENT_ASC' | 'USER_AGENT_DESC' | 'IP_ADDRESS_ASC' | 'IP_ADDRESS_DESC' | 'SUCCESS_ASC' | 'SUCCESS_DESC' | 'CREATED_AT_ASC' | 'CREATED_AT_DESC';
+export type IdentityProviderOrderBy = 'NATURAL' | 'SLUG_ASC' | 'SLUG_DESC' | 'KIND_ASC' | 'KIND_DESC' | 'DISPLAY_NAME_ASC' | 'DISPLAY_NAME_DESC' | 'ENABLED_ASC' | 'ENABLED_DESC' | 'IS_BUILT_IN_ASC' | 'IS_BUILT_IN_DESC';
 export type RoleTypeOrderBy = 'NATURAL' | 'PRIMARY_KEY_ASC' | 'PRIMARY_KEY_DESC' | 'ID_ASC' | 'ID_DESC' | 'NAME_ASC' | 'NAME_DESC';
 export type UserConnectedAccountOrderBy = 'NATURAL' | 'ID_ASC' | 'ID_DESC' | 'OWNER_ID_ASC' | 'OWNER_ID_DESC' | 'SERVICE_ASC' | 'SERVICE_DESC' | 'IDENTIFIER_ASC' | 'IDENTIFIER_DESC' | 'DETAILS_ASC' | 'DETAILS_DESC' | 'IS_VERIFIED_ASC' | 'IS_VERIFIED_DESC' | 'CREATED_AT_ASC' | 'CREATED_AT_DESC' | 'UPDATED_AT_ASC' | 'UPDATED_AT_DESC';
 export type UserOrderBy = 'NATURAL' | 'PRIMARY_KEY_ASC' | 'PRIMARY_KEY_DESC' | 'ID_ASC' | 'ID_DESC' | 'USERNAME_ASC' | 'USERNAME_DESC' | 'DISPLAY_NAME_ASC' | 'DISPLAY_NAME_DESC' | 'PROFILE_PICTURE_ASC' | 'PROFILE_PICTURE_DESC' | 'SEARCH_TSV_ASC' | 'SEARCH_TSV_DESC' | 'TYPE_ASC' | 'TYPE_DESC' | 'CREATED_AT_ASC' | 'CREATED_AT_DESC' | 'UPDATED_AT_ASC' | 'UPDATED_AT_DESC' | 'SEARCH_TSV_RANK_ASC' | 'SEARCH_TSV_RANK_DESC' | 'DISPLAY_NAME_TRGM_SIMILARITY_ASC' | 'DISPLAY_NAME_TRGM_SIMILARITY_DESC' | 'SEARCH_SCORE_ASC' | 'SEARCH_SCORE_DESC';
@@ -671,6 +823,7 @@ export interface CreateEmailInput {
         email: ConstructiveInternalTypeEmail;
         isVerified?: boolean;
         isPrimary?: boolean;
+        name?: string;
     };
 }
 export interface EmailPatch {
@@ -678,6 +831,7 @@ export interface EmailPatch {
     email?: ConstructiveInternalTypeEmail | null;
     isVerified?: boolean | null;
     isPrimary?: boolean | null;
+    name?: string | null;
 }
 export interface UpdateEmailInput {
     clientMutationId?: string;
@@ -696,6 +850,7 @@ export interface CreatePhoneNumberInput {
         number: string;
         isVerified?: boolean;
         isPrimary?: boolean;
+        name?: string;
     };
 }
 export interface PhoneNumberPatch {
@@ -704,6 +859,7 @@ export interface PhoneNumberPatch {
     number?: string | null;
     isVerified?: boolean | null;
     isPrimary?: boolean | null;
+    name?: string | null;
 }
 export interface UpdatePhoneNumberInput {
     clientMutationId?: string;
@@ -721,6 +877,7 @@ export interface CreateCryptoAddressInput {
         address: string;
         isVerified?: boolean;
         isPrimary?: boolean;
+        name?: string;
     };
 }
 export interface CryptoAddressPatch {
@@ -728,6 +885,7 @@ export interface CryptoAddressPatch {
     address?: string | null;
     isVerified?: boolean | null;
     isPrimary?: boolean | null;
+    name?: string | null;
 }
 export interface UpdateCryptoAddressInput {
     clientMutationId?: string;
@@ -738,6 +896,44 @@ export interface DeleteCryptoAddressInput {
     clientMutationId?: string;
     id: string;
 }
+export interface CreateWebauthnCredentialInput {
+    clientMutationId?: string;
+    webauthnCredential: {
+        ownerId?: string;
+        credentialId: string;
+        publicKey: Base64EncodedBinary;
+        signCount?: string;
+        webauthnUserId: string;
+        transports?: string[];
+        credentialDeviceType: string;
+        backupEligible?: boolean;
+        backupState?: boolean;
+        name?: string;
+        lastUsedAt?: string;
+    };
+}
+export interface WebauthnCredentialPatch {
+    ownerId?: string | null;
+    credentialId?: string | null;
+    publicKey?: Base64EncodedBinary | null;
+    signCount?: string | null;
+    webauthnUserId?: string | null;
+    transports?: string[] | null;
+    credentialDeviceType?: string | null;
+    backupEligible?: boolean | null;
+    backupState?: boolean | null;
+    name?: string | null;
+    lastUsedAt?: string | null;
+}
+export interface UpdateWebauthnCredentialInput {
+    clientMutationId?: string;
+    id: string;
+    webauthnCredentialPatch: WebauthnCredentialPatch;
+}
+export interface DeleteWebauthnCredentialInput {
+    clientMutationId?: string;
+    id: string;
+}
 export interface CreateAuditLogInput {
     clientMutationId?: string;
     auditLog: {
@@ -766,6 +962,32 @@ export interface DeleteAuditLogInput {
     clientMutationId?: string;
     id: string;
 }
+export interface CreateIdentityProviderInput {
+    clientMutationId?: string;
+    identityProvider: {
+        slug?: string;
+        kind?: string;
+        displayName?: string;
+        enabled?: boolean;
+        isBuiltIn?: boolean;
+    };
+}
+export interface IdentityProviderPatch {
+    slug?: string | null;
+    kind?: string | null;
+    displayName?: string | null;
+    enabled?: boolean | null;
+    isBuiltIn?: boolean | null;
+}
+export interface UpdateIdentityProviderInput {
+    clientMutationId?: string;
+    id: string;
+    identityProviderPatch: IdentityProviderPatch;
+}
+export interface DeleteIdentityProviderInput {
+    clientMutationId?: string;
+    id: string;
+}
 export interface CreateRoleTypeInput {
     clientMutationId?: string;
     roleType: {
@@ -892,12 +1114,6 @@ export interface ResetPasswordInput {
     resetToken?: string;
     newPassword?: string;
 }
-export interface CreateApiKeyInput {
-    clientMutationId?: string;
-    keyName: string;
-    accessLevel?: string;
-    mfaLevel?: string;
-}
 export interface SignInCrossOriginInput {
     clientMutationId?: string;
     token?: string;
@@ -931,6 +1147,13 @@ export interface ExtendTokenExpiresInput {
     clientMutationId?: string;
     amount?: IntervalInput;
 }
+export interface CreateApiKeyInput {
+    clientMutationId?: string;
+    keyName?: string;
+    accessLevel?: string;
+    mfaLevel?: string;
+    expiresIn?: IntervalInput;
+}
 export interface ForgotPasswordInput {
     clientMutationId?: string;
     email?: ConstructiveInternalTypeEmail;
@@ -942,6 +1165,13 @@ export interface SendVerificationEmailInput {
 export interface RequestUploadUrlInput {
     /** Bucket key (e.g., "public", "private") */
     bucketKey: string;
+    /**
+     * Owner entity ID for entity-scoped uploads.
+     * Omit for app-level (database-wide) storage.
+     * When provided, resolves the storage module for the entity type
+     * that owns this entity instance (e.g., a data room ID, team ID).
+     */
+    ownerId?: string;
     /** SHA-256 content hash computed by the client (hex-encoded, 64 chars) */
     contentHash: string;
     /** MIME type of the file (e.g., "image/png") */
@@ -958,6 +1188,11 @@ export interface ConfirmUploadInput {
 export interface ProvisionBucketInput {
     /** The logical bucket key (e.g., "public", "private") */
     bucketKey: string;
+    /**
+     * Owner entity ID for entity-scoped bucket provisioning.
+     * Omit for app-level (database-wide) storage.
+     */
+    ownerId?: string;
 }
 /** A filter to be used against ConstructiveInternalTypeEmail fields. All fields are combined with a logical ‘and.’ */
 export interface ConstructiveInternalTypeEmailFilter {
@@ -1036,6 +1271,23 @@ export interface ConstructiveInternalTypeEmailFilter {
     /** Greater than or equal to the specified value (case-insensitive). */
     greaterThanOrEqualToInsensitive?: ConstructiveInternalTypeEmail;
 }
+/** A filter to be used against Base64EncodedBinary fields. All fields are combined with a logical ‘and.’ */
+export interface Base64EncodedBinaryFilter {
+    /** Is null (if `true` is specified) or is not null (if `false` is specified). */
+    isNull?: boolean;
+    /** Equal to the specified value. */
+    equalTo?: Base64EncodedBinary;
+    /** Not equal to the specified value. */
+    notEqualTo?: Base64EncodedBinary;
+    /** Not equal to the specified value, treating null like an ordinary value. */
+    distinctFrom?: Base64EncodedBinary;
+    /** Equal to the specified value, treating null like an ordinary value. */
+    notDistinctFrom?: Base64EncodedBinary;
+    /** Included in the specified list. */
+    in?: Base64EncodedBinary[];
+    /** Not included in the specified list. */
+    notIn?: Base64EncodedBinary[];
+}
 /** A filter to be used against ConstructiveInternalTypeOrigin fields. All fields are combined with a logical ‘and.’ */
 export interface ConstructiveInternalTypeOriginFilter {
     /** Is null (if `true` is specified) or is not null (if `false` is specified). */
@@ -1256,6 +1508,15 @@ export interface UserToManyCryptoAddressFilter {
     /** Filters to entities where no related entity matches. */
     none?: CryptoAddressFilter;
 }
+/** A filter to be used against many `WebauthnCredential` object types. All fields are combined with a logical ‘and.’ */
+export interface UserToManyWebauthnCredentialFilter {
+    /** Filters to entities where at least one related entity matches. */
+    some?: WebauthnCredentialFilter;
+    /** Filters to entities where every related entity matches. */
+    every?: WebauthnCredentialFilter;
+    /** Filters to entities where no related entity matches. */
+    none?: WebauthnCredentialFilter;
+}
 /** A filter to be used against many `AuditLog` object types. All fields are combined with a logical ‘and.’ */
 export interface UserToManyAuditLogFilter {
     /** Filters to entities where at least one related entity matches. */
@@ -1303,6 +1564,8 @@ export interface EmailFilter {
     isVerified?: BooleanFilter;
     /** Filter by the object’s `isPrimary` field. */
     isPrimary?: BooleanFilter;
+    /** Filter by the object’s `name` field. */
+    name?: StringFilter;
     /** Filter by the object’s `createdAt` field. */
     createdAt?: DatetimeFilter;
     /** Filter by the object’s `updatedAt` field. */
@@ -1330,6 +1593,8 @@ export interface PhoneNumberFilter {
     isVerified?: BooleanFilter;
     /** Filter by the object’s `isPrimary` field. */
     isPrimary?: BooleanFilter;
+    /** Filter by the object’s `name` field. */
+    name?: StringFilter;
     /** Filter by the object’s `createdAt` field. */
     createdAt?: DatetimeFilter;
     /** Filter by the object’s `updatedAt` field. */
@@ -1355,6 +1620,8 @@ export interface CryptoAddressFilter {
     isVerified?: BooleanFilter;
     /** Filter by the object’s `isPrimary` field. */
     isPrimary?: BooleanFilter;
+    /** Filter by the object’s `name` field. */
+    name?: StringFilter;
     /** Filter by the object’s `createdAt` field. */
     createdAt?: DatetimeFilter;
     /** Filter by the object’s `updatedAt` field. */
@@ -1368,6 +1635,45 @@ export interface CryptoAddressFilter {
     /** Filter by the object’s `owner` relation. */
     owner?: UserFilter;
 }
+/** A filter to be used against `WebauthnCredential` object types. All fields are combined with a logical ‘and.’ */
+export interface WebauthnCredentialFilter {
+    /** Filter by the object’s `id` field. */
+    id?: UUIDFilter;
+    /** Filter by the object’s `ownerId` field. */
+    ownerId?: UUIDFilter;
+    /** Filter by the object’s `credentialId` field. */
+    credentialId?: StringFilter;
+    /** Filter by the object’s `publicKey` field. */
+    publicKey?: Base64EncodedBinaryFilter;
+    /** Filter by the object’s `signCount` field. */
+    signCount?: BigIntFilter;
+    /** Filter by the object’s `webauthnUserId` field. */
+    webauthnUserId?: StringFilter;
+    /** Filter by the object’s `transports` field. */
+    transports?: StringListFilter;
+    /** Filter by the object’s `credentialDeviceType` field. */
+    credentialDeviceType?: StringFilter;
+    /** Filter by the object’s `backupEligible` field. */
+    backupEligible?: BooleanFilter;
+    /** Filter by the object’s `backupState` field. */
+    backupState?: BooleanFilter;
+    /** Filter by the object’s `name` field. */
+    name?: StringFilter;
+    /** Filter by the object’s `lastUsedAt` field. */
+    lastUsedAt?: DatetimeFilter;
+    /** Filter by the object’s `createdAt` field. */
+    createdAt?: DatetimeFilter;
+    /** Filter by the object’s `updatedAt` field. */
+    updatedAt?: DatetimeFilter;
+    /** Checks for all expressions in this list. */
+    and?: WebauthnCredentialFilter[];
+    /** Checks for any expressions in this list. */
+    or?: WebauthnCredentialFilter[];
+    /** Negates the expression. */
+    not?: WebauthnCredentialFilter;
+    /** Filter by the object’s `owner` relation. */
+    owner?: UserFilter;
+}
 /** A filter to be used against `AuditLog` object types. All fields are combined with a logical ‘and.’ */
 export interface AuditLogFilter {
     /** Filter by the object’s `id` field. */
@@ -1447,6 +1753,83 @@ export interface BooleanFilter {
     /** Greater than or equal to the specified value. */
     greaterThanOrEqualTo?: boolean;
 }
+/** A filter to be used against String fields. All fields are combined with a logical ‘and.’ */
+export interface StringFilter {
+    /** Is null (if `true` is specified) or is not null (if `false` is specified). */
+    isNull?: boolean;
+    /** Equal to the specified value. */
+    equalTo?: string;
+    /** Not equal to the specified value. */
+    notEqualTo?: string;
+    /** Not equal to the specified value, treating null like an ordinary value. */
+    distinctFrom?: string;
+    /** Equal to the specified value, treating null like an ordinary value. */
+    notDistinctFrom?: string;
+    /** Included in the specified list. */
+    in?: string[];
+    /** Not included in the specified list. */
+    notIn?: string[];
+    /** Less than the specified value. */
+    lessThan?: string;
+    /** Less than or equal to the specified value. */
+    lessThanOrEqualTo?: string;
+    /** Greater than the specified value. */
+    greaterThan?: string;
+    /** Greater than or equal to the specified value. */
+    greaterThanOrEqualTo?: string;
+    /** Contains the specified string (case-sensitive). */
+    includes?: string;
+    /** Does not contain the specified string (case-sensitive). */
+    notIncludes?: string;
+    /** Contains the specified string (case-insensitive). */
+    includesInsensitive?: string;
+    /** Does not contain the specified string (case-insensitive). */
+    notIncludesInsensitive?: string;
+    /** Starts with the specified string (case-sensitive). */
+    startsWith?: string;
+    /** Does not start with the specified string (case-sensitive). */
+    notStartsWith?: string;
+    /** Starts with the specified string (case-insensitive). */
+    startsWithInsensitive?: string;
+    /** Does not start with the specified string (case-insensitive). */
+    notStartsWithInsensitive?: string;
+    /** Ends with the specified string (case-sensitive). */
+    endsWith?: string;
+    /** Does not end with the specified string (case-sensitive). */
+    notEndsWith?: string;
+    /** Ends with the specified string (case-insensitive). */
+    endsWithInsensitive?: string;
+    /** Does not end with the specified string (case-insensitive). */
+    notEndsWithInsensitive?: string;
+    /** Matches the specified pattern (case-sensitive). An underscore (_) matches any single character; a percent sign (%) matches any sequence of zero or more characters. */
+    like?: string;
+    /** Does not match the specified pattern (case-sensitive). An underscore (_) matches any single character; a percent sign (%) matches any sequence of zero or more characters. */
+    notLike?: string;
+    /** Matches the specified pattern (case-insensitive). An underscore (_) matches any single character; a percent sign (%) matches any sequence of zero or more characters. */
+    likeInsensitive?: string;
+    /** Does not match the specified pattern (case-insensitive). An underscore (_) matches any single character; a percent sign (%) matches any sequence of zero or more characters. */
+    notLikeInsensitive?: string;
+    /** Equal to the specified value (case-insensitive). */
+    equalToInsensitive?: string;
+    /** Not equal to the specified value (case-insensitive). */
+    notEqualToInsensitive?: string;
+    /** Not equal to the specified value, treating null like an ordinary value (case-insensitive). */
+    distinctFromInsensitive?: string;
+    /** Equal to the specified value, treating null like an ordinary value (case-insensitive). */
+    notDistinctFromInsensitive?: string;
+    /** Included in the specified list (case-insensitive). */
+    inInsensitive?: string[];
+    /** Not included in the specified list (case-insensitive). */
+    notInInsensitive?: string[];
+    /** Less than the specified value (case-insensitive). */
+    lessThanInsensitive?: string;
+    /** Less than or equal to the specified value (case-insensitive). */
+    lessThanOrEqualToInsensitive?: string;
+    /** Greater than the specified value (case-insensitive). */
+    greaterThanInsensitive?: string;
+    /** Greater than or equal to the specified value (case-insensitive). */
+    greaterThanOrEqualToInsensitive?: string;
+}
 /** A filter to be used against Datetime fields. All fields are combined with a logical ‘and.’ */
 export interface DatetimeFilter {
     /** Is null (if `true` is specified) or is not null (if `false` is specified). */
@@ -1510,6 +1893,10 @@ export interface UserFilter {
     ownedCryptoAddresses?: UserToManyCryptoAddressFilter;
     /** `ownedCryptoAddresses` exist. */
     ownedCryptoAddressesExist?: boolean;
+    /** Filter by the object’s `ownedWebauthnCredentials` relation. */
+    ownedWebauthnCredentials?: UserToManyWebauthnCredentialFilter;
+    /** `ownedWebauthnCredentials` exist. */
+    ownedWebauthnCredentialsExist?: boolean;
     /** Filter by the object’s `auditLogsByActorId` relation. */
     auditLogsByActorId?: UserToManyAuditLogFilter;
     /** `auditLogsByActorId` exist. */
@@ -1526,8 +1913,8 @@ export interface UserFilter {
      */
     unifiedSearch?: string;
 }
-/** A filter to be used against String fields. All fields are combined with a logical ‘and.’ */
-export interface StringFilter {
+/** A filter to be used against BigInt fields. All fields are combined with a logical ‘and.’ */
+export interface BigIntFilter {
     /** Is null (if `true` is specified) or is not null (if `false` is specified). */
     isNull?: boolean;
     /** Equal to the specified value. */
@@ -1550,58 +1937,45 @@ export interface StringFilter {
     greaterThan?: string;
     /** Greater than or equal to the specified value. */
     greaterThanOrEqualTo?: string;
-    /** Contains the specified string (case-sensitive). */
-    includes?: string;
-    /** Does not contain the specified string (case-sensitive). */
-    notIncludes?: string;
-    /** Contains the specified string (case-insensitive). */
-    includesInsensitive?: string;
-    /** Does not contain the specified string (case-insensitive). */
-    notIncludesInsensitive?: string;
-    /** Starts with the specified string (case-sensitive). */
-    startsWith?: string;
-    /** Does not start with the specified string (case-sensitive). */
-    notStartsWith?: string;
-    /** Starts with the specified string (case-insensitive). */
-    startsWithInsensitive?: string;
-    /** Does not start with the specified string (case-insensitive). */
-    notStartsWithInsensitive?: string;
-    /** Ends with the specified string (case-sensitive). */
-    endsWith?: string;
-    /** Does not end with the specified string (case-sensitive). */
-    notEndsWith?: string;
-    /** Ends with the specified string (case-insensitive). */
-    endsWithInsensitive?: string;
-    /** Does not end with the specified string (case-insensitive). */
-    notEndsWithInsensitive?: string;
-    /** Matches the specified pattern (case-sensitive). An underscore (_) matches any single character; a percent sign (%) matches any sequence of zero or more characters. */
-    like?: string;
-    /** Does not match the specified pattern (case-sensitive). An underscore (_) matches any single character; a percent sign (%) matches any sequence of zero or more characters. */
-    notLike?: string;
-    /** Matches the specified pattern (case-insensitive). An underscore (_) matches any single character; a percent sign (%) matches any sequence of zero or more characters. */
-    likeInsensitive?: string;
-    /** Does not match the specified pattern (case-insensitive). An underscore (_) matches any single character; a percent sign (%) matches any sequence of zero or more characters. */
-    notLikeInsensitive?: string;
-    /** Equal to the specified value (case-insensitive). */
-    equalToInsensitive?: string;
-    /** Not equal to the specified value (case-insensitive). */
-    notEqualToInsensitive?: string;
-    /** Not equal to the specified value, treating null like an ordinary value (case-insensitive). */
-    distinctFromInsensitive?: string;
-    /** Equal to the specified value, treating null like an ordinary value (case-insensitive). */
-    notDistinctFromInsensitive?: string;
-    /** Included in the specified list (case-insensitive). */
-    inInsensitive?: string[];
-    /** Not included in the specified list (case-insensitive). */
-    notInInsensitive?: string[];
-    /** Less than the specified value (case-insensitive). */
-    lessThanInsensitive?: string;
-    /** Less than or equal to the specified value (case-insensitive). */
-    lessThanOrEqualToInsensitive?: string;
-    /** Greater than the specified value (case-insensitive). */
-    greaterThanInsensitive?: string;
-    /** Greater than or equal to the specified value (case-insensitive). */
-    greaterThanOrEqualToInsensitive?: string;
+}
+/** A filter to be used against String List fields. All fields are combined with a logical ‘and.’ */
+export interface StringListFilter {
+    /** Is null (if `true` is specified) or is not null (if `false` is specified). */
+    isNull?: boolean;
+    /** Equal to the specified value. */
+    equalTo?: string[];
+    /** Not equal to the specified value. */
+    notEqualTo?: string[];
+    /** Not equal to the specified value, treating null like an ordinary value. */
+    distinctFrom?: string[];
+    /** Equal to the specified value, treating null like an ordinary value. */
+    notDistinctFrom?: string[];
+    /** Less than the specified value. */
+    lessThan?: string[];
+    /** Less than or equal to the specified value. */
+    lessThanOrEqualTo?: string[];
+    /** Greater than the specified value. */
+    greaterThan?: string[];
+    /** Greater than or equal to the specified value. */
+    greaterThanOrEqualTo?: string[];
+    /** Contains the specified list of values. */
+    contains?: string[];
+    /** Contained by the specified list of values. */
+    containedBy?: string[];
+    /** Overlaps the specified list of values. */
+    overlaps?: string[];
+    /** Any array item is equal to the specified value. */
+    anyEqualTo?: string;
+    /** Any array item is not equal to the specified value. */
+    anyNotEqualTo?: string;
+    /** Any array item is less than the specified value. */
+    anyLessThan?: string;
+    /** Any array item is less than or equal to the specified value. */
+    anyLessThanOrEqualTo?: string;
+    /** Any array item is greater than the specified value. */
+    anyGreaterThan?: string;
+    /** Any array item is greater than or equal to the specified value. */
+    anyGreaterThanOrEqualTo?: string;
 }
 /** A filter to be used against InternetAddress fields. All fields are combined with a logical ‘and.’ */
 export interface InternetAddressFilter {
@@ -1795,16 +2169,6 @@ export type ResetPasswordPayloadSelect = {
     clientMutationId?: boolean;
     result?: boolean;
 };
-export interface CreateApiKeyPayload {
-    clientMutationId?: string | null;
-    result?: CreateApiKeyRecord | null;
-}
-export type CreateApiKeyPayloadSelect = {
-    clientMutationId?: boolean;
-    result?: {
-        select: CreateApiKeyRecordSelect;
-    };
-};
 export interface SignInCrossOriginPayload {
     clientMutationId?: string | null;
     result?: SignInCrossOriginRecord | null;
@@ -1853,6 +2217,16 @@ export type ExtendTokenExpiresPayloadSelect = {
         select: ExtendTokenExpiresRecordSelect;
     };
 };
+export interface CreateApiKeyPayload {
+    clientMutationId?: string | null;
+    result?: CreateApiKeyRecord | null;
+}
+export type CreateApiKeyPayloadSelect = {
+    clientMutationId?: boolean;
+    result?: {
+        select: CreateApiKeyRecordSelect;
+    };
+};
 export interface ForgotPasswordPayload {
     clientMutationId?: string | null;
 }
@@ -2056,6 +2430,51 @@ export type DeleteCryptoAddressPayloadSelect = {
         select: CryptoAddressEdgeSelect;
     };
 };
+export interface CreateWebauthnCredentialPayload {
+    clientMutationId?: string | null;
+    /** The `WebauthnCredential` that was created by this mutation. */
+    webauthnCredential?: WebauthnCredential | null;
+    webauthnCredentialEdge?: WebauthnCredentialEdge | null;
+}
+export type CreateWebauthnCredentialPayloadSelect = {
+    clientMutationId?: boolean;
+    webauthnCredential?: {
+        select: WebauthnCredentialSelect;
+    };
+    webauthnCredentialEdge?: {
+        select: WebauthnCredentialEdgeSelect;
+    };
+};
+export interface UpdateWebauthnCredentialPayload {
+    clientMutationId?: string | null;
+    /** The `WebauthnCredential` that was updated by this mutation. */
+    webauthnCredential?: WebauthnCredential | null;
+    webauthnCredentialEdge?: WebauthnCredentialEdge | null;
+}
+export type UpdateWebauthnCredentialPayloadSelect = {
+    clientMutationId?: boolean;
+    webauthnCredential?: {
+        select: WebauthnCredentialSelect;
+    };
+    webauthnCredentialEdge?: {
+        select: WebauthnCredentialEdgeSelect;
+    };
+};
+export interface DeleteWebauthnCredentialPayload {
+    clientMutationId?: string | null;
+    /** The `WebauthnCredential` that was deleted by this mutation. */
+    webauthnCredential?: WebauthnCredential | null;
+    webauthnCredentialEdge?: WebauthnCredentialEdge | null;
+}
+export type DeleteWebauthnCredentialPayloadSelect = {
+    clientMutationId?: boolean;
+    webauthnCredential?: {
+        select: WebauthnCredentialSelect;
+    };
+    webauthnCredentialEdge?: {
+        select: WebauthnCredentialEdgeSelect;
+    };
+};
 export interface CreateAuditLogPayload {
     clientMutationId?: string | null;
     /** The `AuditLog` that was created by this mutation. */
@@ -2101,6 +2520,17 @@ export type DeleteAuditLogPayloadSelect = {
         select: AuditLogEdgeSelect;
     };
 };
+export interface CreateIdentityProviderPayload {
+    clientMutationId?: string | null;
+    /** The `IdentityProvider` that was created by this mutation. */
+    identityProvider?: IdentityProvider | null;
+}
+export type CreateIdentityProviderPayloadSelect = {
+    clientMutationId?: boolean;
+    identityProvider?: {
+        select: IdentityProviderSelect;
+    };
+};
 export interface CreateRoleTypePayload {
     clientMutationId?: string | null;
     /** The `RoleType` that was created by this mutation. */
@@ -2202,14 +2632,6 @@ export type DeleteUserPayloadSelect = {
         select: UserEdgeSelect;
     };
 };
-export interface CreateApiKeyRecord {
-    apiKey?: string | null;
-    keyId?: string | null;
-}
-export type CreateApiKeyRecordSelect = {
-    apiKey?: boolean;
-    keyId?: boolean;
-};
 export interface SignInCrossOriginRecord {
     id?: string | null;
     userId?: string | null;
@@ -2272,6 +2694,16 @@ export type ExtendTokenExpiresRecordSelect = {
     sessionId?: boolean;
     expiresAt?: boolean;
 };
+export interface CreateApiKeyRecord {
+    apiKey?: string | null;
+    keyId?: string | null;
+    expiresAt?: string | null;
+}
+export type CreateApiKeyRecordSelect = {
+    apiKey?: boolean;
+    keyId?: boolean;
+    expiresAt?: boolean;
+};
 /** A `Email` edge in the connection. */
 export interface EmailEdge {
     cursor?: string | null;
@@ -2308,6 +2740,18 @@ export type CryptoAddressEdgeSelect = {
         select: CryptoAddressSelect;
     };
 };
+/** A `WebauthnCredential` edge in the connection. */
+export interface WebauthnCredentialEdge {
+    cursor?: string | null;
+    /** The `WebauthnCredential` at the end of the edge. */
+    node?: WebauthnCredential | null;
+}
+export type WebauthnCredentialEdgeSelect = {
+    cursor?: boolean;
+    node?: {
+        select: WebauthnCredentialSelect;
+    };
+};
 /** A `AuditLog` edge in the connection. */
 export interface AuditLogEdge {
     cursor?: string | null;