@distilled.cloud/cloudflare 0.0.0-john

package/src/services/accounts.ts

@@ -0,0 +1,2152 @@
+/**
+ * Cloudflare ACCOUNTS API
+ *
+ * Generated from Cloudflare TypeScript SDK.
+ * DO NOT EDIT - regenerate with: bun scripts/generate.ts --service accounts
+ */
+
+import * as stream from "effect/Stream";
+import * as Schema from "effect/Schema";
+import type * as HttpClient from "effect/unstable/http/HttpClient";
+import * as API from "../client/api.ts";
+import * as T from "../traits.ts";
+import type { Credentials } from "../credentials.ts";
+import { type DefaultErrors } from "../errors.ts";
+
+// =============================================================================
+// Errors
+// =============================================================================
+
+export class AccountCreationForbidden extends Schema.TaggedErrorClass<AccountCreationForbidden>()(
+  "AccountCreationForbidden",
+  { code: Schema.Number, message: Schema.String },
+) {}
+T.applyErrorMatchers(AccountCreationForbidden, [{ code: 1002 }]);
+
+export class AccountNameTooLong extends Schema.TaggedErrorClass<AccountNameTooLong>()(
+  "AccountNameTooLong",
+  { code: Schema.Number, message: Schema.String },
+) {}
+T.applyErrorMatchers(AccountNameTooLong, [
+  { code: 1001, message: { includes: "too long" } },
+]);
+
+export class BadRequest extends Schema.TaggedErrorClass<BadRequest>()(
+  "BadRequest",
+  { code: Schema.Number, message: Schema.String },
+) {}
+T.applyErrorMatchers(BadRequest, [{ code: 400 }]);
+
+export class EndpointNotFound extends Schema.TaggedErrorClass<EndpointNotFound>()(
+  "EndpointNotFound",
+  { code: Schema.Number, message: Schema.String },
+) {}
+T.applyErrorMatchers(EndpointNotFound, [{ code: 1199 }]);
+
+export class InvalidAccountName extends Schema.TaggedErrorClass<InvalidAccountName>()(
+  "InvalidAccountName",
+  { code: Schema.Number, message: Schema.String },
+) {}
+T.applyErrorMatchers(InvalidAccountName, [
+  { code: 1001, message: { includes: "invalid character" } },
+]);
+
+export class InvalidRoute extends Schema.TaggedErrorClass<InvalidRoute>()(
+  "InvalidRoute",
+  { code: Schema.Number, message: Schema.String },
+) {}
+T.applyErrorMatchers(InvalidRoute, [{ code: 7003 }]);
+
+export class InvalidTokenName extends Schema.TaggedErrorClass<InvalidTokenName>()(
+  "InvalidTokenName",
+  { code: Schema.Number, message: Schema.String },
+) {}
+T.applyErrorMatchers(InvalidTokenName, [
+  { code: 400, message: { includes: "name must have a length" } },
+]);
+
+export class JsonDecodeFailure extends Schema.TaggedErrorClass<JsonDecodeFailure>()(
+  "JsonDecodeFailure",
+  { code: Schema.Number, message: Schema.String },
+) {}
+T.applyErrorMatchers(JsonDecodeFailure, [{ code: 1198 }]);
+
+export class MemberNotFound extends Schema.TaggedErrorClass<MemberNotFound>()(
+  "MemberNotFound",
+  { code: Schema.Number, message: Schema.String },
+) {}
+T.applyErrorMatchers(MemberNotFound, [{ code: 1003 }]);
+
+export class MethodNotAllowed extends Schema.TaggedErrorClass<MethodNotAllowed>()(
+  "MethodNotAllowed",
+  { code: Schema.Number, message: Schema.String },
+) {}
+T.applyErrorMatchers(MethodNotAllowed, [
+  { code: 7001 },
+  { code: 10000 },
+  { code: 10405 },
+]);
+
+export class MissingAuthenticationToken extends Schema.TaggedErrorClass<MissingAuthenticationToken>()(
+  "MissingAuthenticationToken",
+  { code: Schema.Number, message: Schema.String },
+) {}
+T.applyErrorMatchers(MissingAuthenticationToken, [{ code: 1001 }]);
+
+export class MissingName extends Schema.TaggedErrorClass<MissingName>()(
+  "MissingName",
+  { code: Schema.Number, message: Schema.String },
+) {}
+T.applyErrorMatchers(MissingName, [{ code: 1001 }]);
+
+export class UpdateAccountTypeNotSupported extends Schema.TaggedErrorClass<UpdateAccountTypeNotSupported>()(
+  "UpdateAccountTypeNotSupported",
+  { code: Schema.Number, message: Schema.String },
+) {}
+T.applyErrorMatchers(UpdateAccountTypeNotSupported, [
+  { code: 1001, message: { includes: "account type is not supported" } },
+]);
+
+export class ValidationError extends Schema.TaggedErrorClass<ValidationError>()(
+  "ValidationError",
+  { code: Schema.Number, message: Schema.String },
+) {}
+T.applyErrorMatchers(ValidationError, [{ code: 1001 }]);
+
+// =============================================================================
+// Account
+// =============================================================================
+
+export interface GetAccountRequest {
+  /** Account identifier tag. */
+  accountId: string;
+}
+
+export const GetAccountRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  accountId: Schema.String.pipe(T.HttpPath("account_id")),
+}).pipe(
+  T.Http({ method: "GET", path: "/accounts/{account_id}" }),
+) as unknown as Schema.Schema<GetAccountRequest>;
+
+export interface GetAccountResponse {
+  /** Identifier */
+  id: string;
+  /** Account name */
+  name: string;
+  type: "standard" | "enterprise";
+  /** Timestamp for the creation of the account */
+  createdOn?: string | null;
+  /** Parent container details */
+  managedBy?: {
+    parentOrgId?: string | null;
+    parentOrgName?: string | null;
+  } | null;
+  /** Account settings */
+  settings?: {
+    abuseContactEmail?: string | null;
+    enforceTwofactor?: boolean | null;
+  } | null;
+}
+
+export const GetAccountResponse = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  id: Schema.String,
+  name: Schema.String,
+  type: Schema.Literals(["standard", "enterprise"]),
+  createdOn: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+  managedBy: Schema.optional(
+    Schema.Union([
+      Schema.Struct({
+        parentOrgId: Schema.optional(
+          Schema.Union([Schema.String, Schema.Null]),
+        ),
+        parentOrgName: Schema.optional(
+          Schema.Union([Schema.String, Schema.Null]),
+        ),
+      }).pipe(
+        Schema.encodeKeys({
+          parentOrgId: "parent_org_id",
+          parentOrgName: "parent_org_name",
+        }),
+      ),
+      Schema.Null,
+    ]),
+  ),
+  settings: Schema.optional(
+    Schema.Union([
+      Schema.Struct({
+        abuseContactEmail: Schema.optional(
+          Schema.Union([Schema.String, Schema.Null]),
+        ),
+        enforceTwofactor: Schema.optional(
+          Schema.Union([Schema.Boolean, Schema.Null]),
+        ),
+      }).pipe(
+        Schema.encodeKeys({
+          abuseContactEmail: "abuse_contact_email",
+          enforceTwofactor: "enforce_twofactor",
+        }),
+      ),
+      Schema.Null,
+    ]),
+  ),
+})
+  .pipe(
+    Schema.encodeKeys({
+      id: "id",
+      name: "name",
+      type: "type",
+      createdOn: "created_on",
+      managedBy: "managed_by",
+      settings: "settings",
+    }),
+  )
+  .pipe(
+    T.ResponsePath("result"),
+  ) as unknown as Schema.Schema<GetAccountResponse>;
+
+export type GetAccountError = DefaultErrors | InvalidRoute;
+
+export const getAccount: API.OperationMethod<
+  GetAccountRequest,
+  GetAccountResponse,
+  GetAccountError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: GetAccountRequest,
+  output: GetAccountResponse,
+  errors: [InvalidRoute],
+}));
+
+export interface ListAccountsRequest {}
+
+export const ListAccountsRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct(
+  {},
+).pipe(
+  T.Http({ method: "GET", path: "/accounts" }),
+) as unknown as Schema.Schema<ListAccountsRequest>;
+
+export interface ListAccountsResponse {
+  result: {
+    id: string;
+    name: string;
+    type: "standard" | "enterprise";
+    createdOn?: string | null;
+    managedBy?: {
+      parentOrgId?: string | null;
+      parentOrgName?: string | null;
+    } | null;
+    settings?: {
+      abuseContactEmail?: string | null;
+      enforceTwofactor?: boolean | null;
+    } | null;
+  }[];
+  resultInfo: {
+    count?: number | null;
+    page?: number | null;
+    perPage?: number | null;
+    totalCount?: number | null;
+  };
+}
+
+export const ListAccountsResponse = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  result: Schema.Array(
+    Schema.Struct({
+      id: Schema.String,
+      name: Schema.String,
+      type: Schema.Literals(["standard", "enterprise"]),
+      createdOn: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+      managedBy: Schema.optional(
+        Schema.Union([
+          Schema.Struct({
+            parentOrgId: Schema.optional(
+              Schema.Union([Schema.String, Schema.Null]),
+            ),
+            parentOrgName: Schema.optional(
+              Schema.Union([Schema.String, Schema.Null]),
+            ),
+          }).pipe(
+            Schema.encodeKeys({
+              parentOrgId: "parent_org_id",
+              parentOrgName: "parent_org_name",
+            }),
+          ),
+          Schema.Null,
+        ]),
+      ),
+      settings: Schema.optional(
+        Schema.Union([
+          Schema.Struct({
+            abuseContactEmail: Schema.optional(
+              Schema.Union([Schema.String, Schema.Null]),
+            ),
+            enforceTwofactor: Schema.optional(
+              Schema.Union([Schema.Boolean, Schema.Null]),
+            ),
+          }).pipe(
+            Schema.encodeKeys({
+              abuseContactEmail: "abuse_contact_email",
+              enforceTwofactor: "enforce_twofactor",
+            }),
+          ),
+          Schema.Null,
+        ]),
+      ),
+    }).pipe(
+      Schema.encodeKeys({
+        id: "id",
+        name: "name",
+        type: "type",
+        createdOn: "created_on",
+        managedBy: "managed_by",
+        settings: "settings",
+      }),
+    ),
+  ),
+  resultInfo: Schema.Struct({
+    count: Schema.optional(Schema.Union([Schema.Number, Schema.Null])),
+    page: Schema.optional(Schema.Union([Schema.Number, Schema.Null])),
+    perPage: Schema.optional(Schema.Union([Schema.Number, Schema.Null])),
+    totalCount: Schema.optional(Schema.Union([Schema.Number, Schema.Null])),
+  }).pipe(
+    Schema.encodeKeys({
+      count: "count",
+      page: "page",
+      perPage: "per_page",
+      totalCount: "total_count",
+    }),
+  ),
+}).pipe(
+  Schema.encodeKeys({ result: "result", resultInfo: "result_info" }),
+) as unknown as Schema.Schema<ListAccountsResponse>;
+
+export type ListAccountsError = DefaultErrors;
+
+export const listAccounts: API.PaginatedOperationMethod<
+  ListAccountsRequest,
+  ListAccountsResponse,
+  ListAccountsError,
+  Credentials | HttpClient.HttpClient
+> & {
+  pages: (
+    input: ListAccountsRequest,
+  ) => stream.Stream<
+    ListAccountsResponse,
+    ListAccountsError,
+    Credentials | HttpClient.HttpClient
+  >;
+  items: (input: ListAccountsRequest) => stream.Stream<
+    {
+      id: string;
+      name: string;
+      type: "standard" | "enterprise";
+      createdOn?: string | null;
+      managedBy?: {
+        parentOrgId?: string | null;
+        parentOrgName?: string | null;
+      } | null;
+      settings?: {
+        abuseContactEmail?: string | null;
+        enforceTwofactor?: boolean | null;
+      } | null;
+    },
+    ListAccountsError,
+    Credentials | HttpClient.HttpClient
+  >;
+} = /*@__PURE__*/ /*#__PURE__*/ API.makePaginated(() => ({
+  input: ListAccountsRequest,
+  output: ListAccountsResponse,
+  errors: [],
+  pagination: {
+    mode: "page",
+    inputToken: "page",
+    outputToken: "resultInfo.page",
+    items: "result",
+    pageSize: "perPage",
+  } as const,
+}));
+
+export interface CreateAccountRequest {
+  /** Account name */
+  name: string;
+  type?: "standard" | "enterprise";
+  /** information related to the tenant unit, and optionally, an id of the unit to create the account on. see https://developers.cloudflare.com/tenant/how-to/manage-accounts/ */
+  unit?: { id?: string };
+}
+
+export const CreateAccountRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  name: Schema.String,
+  type: Schema.optional(Schema.Literals(["standard", "enterprise"])),
+  unit: Schema.optional(
+    Schema.Struct({
+      id: Schema.optional(Schema.String),
+    }),
+  ),
+}).pipe(
+  T.Http({ method: "POST", path: "/accounts" }),
+) as unknown as Schema.Schema<CreateAccountRequest>;
+
+export interface CreateAccountResponse {
+  /** Identifier */
+  id: string;
+  /** Account name */
+  name: string;
+  type: "standard" | "enterprise";
+  /** Timestamp for the creation of the account */
+  createdOn?: string | null;
+  /** Parent container details */
+  managedBy?: {
+    parentOrgId?: string | null;
+    parentOrgName?: string | null;
+  } | null;
+  /** Account settings */
+  settings?: {
+    abuseContactEmail?: string | null;
+    enforceTwofactor?: boolean | null;
+  } | null;
+}
+
+export const CreateAccountResponse = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  id: Schema.String,
+  name: Schema.String,
+  type: Schema.Literals(["standard", "enterprise"]),
+  createdOn: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+  managedBy: Schema.optional(
+    Schema.Union([
+      Schema.Struct({
+        parentOrgId: Schema.optional(
+          Schema.Union([Schema.String, Schema.Null]),
+        ),
+        parentOrgName: Schema.optional(
+          Schema.Union([Schema.String, Schema.Null]),
+        ),
+      }).pipe(
+        Schema.encodeKeys({
+          parentOrgId: "parent_org_id",
+          parentOrgName: "parent_org_name",
+        }),
+      ),
+      Schema.Null,
+    ]),
+  ),
+  settings: Schema.optional(
+    Schema.Union([
+      Schema.Struct({
+        abuseContactEmail: Schema.optional(
+          Schema.Union([Schema.String, Schema.Null]),
+        ),
+        enforceTwofactor: Schema.optional(
+          Schema.Union([Schema.Boolean, Schema.Null]),
+        ),
+      }).pipe(
+        Schema.encodeKeys({
+          abuseContactEmail: "abuse_contact_email",
+          enforceTwofactor: "enforce_twofactor",
+        }),
+      ),
+      Schema.Null,
+    ]),
+  ),
+})
+  .pipe(
+    Schema.encodeKeys({
+      id: "id",
+      name: "name",
+      type: "type",
+      createdOn: "created_on",
+      managedBy: "managed_by",
+      settings: "settings",
+    }),
+  )
+  .pipe(
+    T.ResponsePath("result"),
+  ) as unknown as Schema.Schema<CreateAccountResponse>;
+
+export type CreateAccountError =
+  | DefaultErrors
+  | AccountCreationForbidden
+  | MissingName;
+
+export const createAccount: API.OperationMethod<
+  CreateAccountRequest,
+  CreateAccountResponse,
+  CreateAccountError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: CreateAccountRequest,
+  output: CreateAccountResponse,
+  errors: [AccountCreationForbidden, MissingName],
+}));
+
+export interface UpdateAccountRequest {
+  /** Path param: Account identifier tag. */
+  accountId: string;
+  /** Body param: Identifier */
+  id: string;
+  /** Body param: Account name */
+  name: string;
+  /** Body param: */
+  type?: "standard" | "enterprise";
+  /** Body param: Parent container details */
+  managedBy?: unknown;
+  /** Body param: Account settings */
+  settings?: { abuseContactEmail?: string; enforceTwofactor?: boolean };
+}
+
+export const UpdateAccountRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  accountId: Schema.String.pipe(T.HttpPath("account_id")),
+  id: Schema.String,
+  name: Schema.String,
+  type: Schema.optional(Schema.Literals(["standard", "enterprise"])),
+  managedBy: Schema.optional(Schema.Unknown),
+  settings: Schema.optional(
+    Schema.Struct({
+      abuseContactEmail: Schema.optional(Schema.String),
+      enforceTwofactor: Schema.optional(Schema.Boolean),
+    }).pipe(
+      Schema.encodeKeys({
+        abuseContactEmail: "abuse_contact_email",
+        enforceTwofactor: "enforce_twofactor",
+      }),
+    ),
+  ),
+}).pipe(
+  Schema.encodeKeys({
+    id: "id",
+    name: "name",
+    type: "type",
+    managedBy: "managed_by",
+    settings: "settings",
+  }),
+  T.Http({ method: "PUT", path: "/accounts/{account_id}" }),
+) as unknown as Schema.Schema<UpdateAccountRequest>;
+
+export interface UpdateAccountResponse {
+  /** Identifier */
+  id: string;
+  /** Account name */
+  name: string;
+  type: "standard" | "enterprise";
+  /** Timestamp for the creation of the account */
+  createdOn?: string | null;
+  /** Parent container details */
+  managedBy?: {
+    parentOrgId?: string | null;
+    parentOrgName?: string | null;
+  } | null;
+  /** Account settings */
+  settings?: {
+    abuseContactEmail?: string | null;
+    enforceTwofactor?: boolean | null;
+  } | null;
+}
+
+export const UpdateAccountResponse = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  id: Schema.String,
+  name: Schema.String,
+  type: Schema.Literals(["standard", "enterprise"]),
+  createdOn: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+  managedBy: Schema.optional(
+    Schema.Union([
+      Schema.Struct({
+        parentOrgId: Schema.optional(
+          Schema.Union([Schema.String, Schema.Null]),
+        ),
+        parentOrgName: Schema.optional(
+          Schema.Union([Schema.String, Schema.Null]),
+        ),
+      }).pipe(
+        Schema.encodeKeys({
+          parentOrgId: "parent_org_id",
+          parentOrgName: "parent_org_name",
+        }),
+      ),
+      Schema.Null,
+    ]),
+  ),
+  settings: Schema.optional(
+    Schema.Union([
+      Schema.Struct({
+        abuseContactEmail: Schema.optional(
+          Schema.Union([Schema.String, Schema.Null]),
+        ),
+        enforceTwofactor: Schema.optional(
+          Schema.Union([Schema.Boolean, Schema.Null]),
+        ),
+      }).pipe(
+        Schema.encodeKeys({
+          abuseContactEmail: "abuse_contact_email",
+          enforceTwofactor: "enforce_twofactor",
+        }),
+      ),
+      Schema.Null,
+    ]),
+  ),
+})
+  .pipe(
+    Schema.encodeKeys({
+      id: "id",
+      name: "name",
+      type: "type",
+      createdOn: "created_on",
+      managedBy: "managed_by",
+      settings: "settings",
+    }),
+  )
+  .pipe(
+    T.ResponsePath("result"),
+  ) as unknown as Schema.Schema<UpdateAccountResponse>;
+
+export type UpdateAccountError =
+  | DefaultErrors
+  | InvalidAccountName
+  | AccountNameTooLong
+  | UpdateAccountTypeNotSupported
+  | InvalidRoute
+  | MethodNotAllowed;
+
+export const updateAccount: API.OperationMethod<
+  UpdateAccountRequest,
+  UpdateAccountResponse,
+  UpdateAccountError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: UpdateAccountRequest,
+  output: UpdateAccountResponse,
+  errors: [
+    InvalidAccountName,
+    AccountNameTooLong,
+    UpdateAccountTypeNotSupported,
+    InvalidRoute,
+    MethodNotAllowed,
+  ],
+}));
+
+export interface DeleteAccountRequest {
+  /** The account ID of the account to be deleted */
+  accountId: string;
+}
+
+export const DeleteAccountRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  accountId: Schema.String.pipe(T.HttpPath("account_id")),
+}).pipe(
+  T.Http({ method: "DELETE", path: "/accounts/{account_id}" }),
+) as unknown as Schema.Schema<DeleteAccountRequest>;
+
+export interface DeleteAccountResponse {
+  /** Identifier */
+  id: string;
+}
+
+export const DeleteAccountResponse = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  id: Schema.String,
+}).pipe(
+  T.ResponsePath("result"),
+) as unknown as Schema.Schema<DeleteAccountResponse>;
+
+export type DeleteAccountError =
+  | DefaultErrors
+  | InvalidRoute
+  | MethodNotAllowed;
+
+export const deleteAccount: API.OperationMethod<
+  DeleteAccountRequest,
+  DeleteAccountResponse,
+  DeleteAccountError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: DeleteAccountRequest,
+  output: DeleteAccountResponse,
+  errors: [InvalidRoute, MethodNotAllowed],
+}));
+
+// =============================================================================
+// LogAudit
+// =============================================================================
+
+export interface ListLogAuditsRequest {
+  /** Path param: The unique id that identifies the account. */
+  accountId: string;
+  /** Query param: Limits the returned results to logs older than the specified date. This can be a date string 2019-04-30 (interpreted in UTC) or an absolute timestamp that conforms to RFC3339. */
+  before: string;
+  /** Query param: Limits the returned results to logs newer than the specified date. This can be a date string 2019-04-30 (interpreted in UTC) or an absolute timestamp that conforms to RFC3339. */
+  since: string;
+  /** Query param: */
+  id?: { not?: string[] };
+  /** Query param: */
+  accountName?: { not?: string[] };
+  /** Query param: */
+  actionResult?: { not?: ("success" | "failure")[] };
+  /** Query param: */
+  actionType?: { not?: ("create" | "delete" | "view" | "update")[] };
+  /** Query param: */
+  actorContext?: {
+    not?: ("api_key" | "api_token" | "dash" | "oauth" | "origin_ca_key")[];
+  };
+  /** Query param: */
+  actorEmail?: { not?: string[] };
+  /** Query param: */
+  actorId?: { not?: string[] };
+  /** Query param: */
+  actorIpAddress?: { not?: string[] };
+  /** Query param: */
+  actorTokenId?: { not?: string[] };
+  /** Query param: */
+  actorTokenName?: { not?: string[] };
+  /** Query param: */
+  actorType?: { not?: ("account" | "cloudflare_admin" | "system" | "user")[] };
+  /** Query param: */
+  auditLogId?: { not?: string[] };
+  /** Query param: Sets sorting order. */
+  direction?: "desc" | "asc";
+  /** Query param: The number limits the objects to return. The cursor attribute may be used to iterate over the next batch of objects if there are more than the limit. */
+  limit?: number;
+  /** Query param: */
+  rawCfRayId?: { not?: string[] };
+  /** Query param: */
+  rawMethod?: { not?: string[] };
+  /** Query param: */
+  rawStatusCode?: { not?: number[] };
+  /** Query param: */
+  rawUri?: { not?: string[] };
+  /** Query param: */
+  resourceId?: { not?: string[] };
+  /** Query param: */
+  resourceProduct?: { not?: string[] };
+  /** Query param: */
+  resourceScope?: { not?: ("accounts" | "user" | "zones")[] };
+  /** Query param: */
+  resourceType?: { not?: string[] };
+  /** Query param: */
+  zoneId?: { not?: string[] };
+  /** Query param: */
+  zoneName?: { not?: string[] };
+}
+
+export const ListLogAuditsRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  accountId: Schema.String.pipe(T.HttpPath("account_id")),
+  before: Schema.String.pipe(T.HttpQuery("before")),
+  since: Schema.String.pipe(T.HttpQuery("since")),
+  id: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(Schema.Array(Schema.String)),
+    }),
+  ).pipe(T.HttpQuery("id")),
+  accountName: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(Schema.Array(Schema.String)),
+    }),
+  ).pipe(T.HttpQuery("account_name")),
+  actionResult: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(
+        Schema.Array(Schema.Literals(["success", "failure"])),
+      ),
+    }),
+  ).pipe(T.HttpQuery("action_result")),
+  actionType: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(
+        Schema.Array(Schema.Literals(["create", "delete", "view", "update"])),
+      ),
+    }),
+  ).pipe(T.HttpQuery("action_type")),
+  actorContext: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(
+        Schema.Array(
+          Schema.Literals([
+            "api_key",
+            "api_token",
+            "dash",
+            "oauth",
+            "origin_ca_key",
+          ]),
+        ),
+      ),
+    }),
+  ).pipe(T.HttpQuery("actor_context")),
+  actorEmail: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(Schema.Array(Schema.String)),
+    }),
+  ).pipe(T.HttpQuery("actor_email")),
+  actorId: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(Schema.Array(Schema.String)),
+    }),
+  ).pipe(T.HttpQuery("actor_id")),
+  actorIpAddress: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(Schema.Array(Schema.String)),
+    }),
+  ).pipe(T.HttpQuery("actor_ip_address")),
+  actorTokenId: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(Schema.Array(Schema.String)),
+    }),
+  ).pipe(T.HttpQuery("actor_token_id")),
+  actorTokenName: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(Schema.Array(Schema.String)),
+    }),
+  ).pipe(T.HttpQuery("actor_token_name")),
+  actorType: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(
+        Schema.Array(
+          Schema.Literals(["account", "cloudflare_admin", "system", "user"]),
+        ),
+      ),
+    }),
+  ).pipe(T.HttpQuery("actor_type")),
+  auditLogId: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(Schema.Array(Schema.String)),
+    }),
+  ).pipe(T.HttpQuery("audit_log_id")),
+  direction: Schema.optional(Schema.Literals(["desc", "asc"])).pipe(
+    T.HttpQuery("direction"),
+  ),
+  limit: Schema.optional(Schema.Number).pipe(T.HttpQuery("limit")),
+  rawCfRayId: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(Schema.Array(Schema.String)),
+    }),
+  ).pipe(T.HttpQuery("raw_cf_ray_id")),
+  rawMethod: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(Schema.Array(Schema.String)),
+    }),
+  ).pipe(T.HttpQuery("raw_method")),
+  rawStatusCode: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(Schema.Array(Schema.Number)),
+    }),
+  ).pipe(T.HttpQuery("raw_status_code")),
+  rawUri: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(Schema.Array(Schema.String)),
+    }),
+  ).pipe(T.HttpQuery("raw_uri")),
+  resourceId: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(Schema.Array(Schema.String)),
+    }),
+  ).pipe(T.HttpQuery("resource_id")),
+  resourceProduct: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(Schema.Array(Schema.String)),
+    }),
+  ).pipe(T.HttpQuery("resource_product")),
+  resourceScope: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(
+        Schema.Array(Schema.Literals(["accounts", "user", "zones"])),
+      ),
+    }),
+  ).pipe(T.HttpQuery("resource_scope")),
+  resourceType: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(Schema.Array(Schema.String)),
+    }),
+  ).pipe(T.HttpQuery("resource_type")),
+  zoneId: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(Schema.Array(Schema.String)),
+    }),
+  ).pipe(T.HttpQuery("zone_id")),
+  zoneName: Schema.optional(
+    Schema.Struct({
+      not: Schema.optional(Schema.Array(Schema.String)),
+    }),
+  ).pipe(T.HttpQuery("zone_name")),
+}).pipe(
+  T.Http({ method: "GET", path: "/accounts/{account_id}/logs/audit" }),
+) as unknown as Schema.Schema<ListLogAuditsRequest>;
+
+export interface ListLogAuditsResponse {
+  result: {
+    id?: string | null;
+    account?: { id?: string | null; name?: string | null } | null;
+    action?: {
+      description?: string | null;
+      result?: string | null;
+      time?: string | null;
+      type?: string | null;
+    } | null;
+    actor?: {
+      id?: string | null;
+      context?:
+        | "api_key"
+        | "api_token"
+        | "dash"
+        | "oauth"
+        | "origin_ca_key"
+        | null;
+      email?: string | null;
+      ipAddress?: string | null;
+      tokenId?: string | null;
+      tokenName?: string | null;
+      type?: "account" | "cloudflare_admin" | "system" | "user" | null;
+    } | null;
+    raw?: {
+      cfRayId?: string | null;
+      method?: string | null;
+      statusCode?: number | null;
+      uri?: string | null;
+      userAgent?: string | null;
+    } | null;
+    resource?: {
+      id?: string | null;
+      product?: string | null;
+      request?: unknown | null;
+      response?: unknown | null;
+      scope?: unknown | null;
+      type?: string | null;
+    } | null;
+    zone?: { id?: string | null; name?: string | null } | null;
+  }[];
+  resultInfo: { cursors?: { after?: string | null } | null };
+}
+
+export const ListLogAuditsResponse = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  result: Schema.Array(
+    Schema.Struct({
+      id: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+      account: Schema.optional(
+        Schema.Union([
+          Schema.Struct({
+            id: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+            name: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+          }),
+          Schema.Null,
+        ]),
+      ),
+      action: Schema.optional(
+        Schema.Union([
+          Schema.Struct({
+            description: Schema.optional(
+              Schema.Union([Schema.String, Schema.Null]),
+            ),
+            result: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+            time: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+            type: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+          }),
+          Schema.Null,
+        ]),
+      ),
+      actor: Schema.optional(
+        Schema.Union([
+          Schema.Struct({
+            id: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+            context: Schema.optional(
+              Schema.Union([
+                Schema.Literals([
+                  "api_key",
+                  "api_token",
+                  "dash",
+                  "oauth",
+                  "origin_ca_key",
+                ]),
+                Schema.Null,
+              ]),
+            ),
+            email: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+            ipAddress: Schema.optional(
+              Schema.Union([Schema.String, Schema.Null]),
+            ),
+            tokenId: Schema.optional(
+              Schema.Union([Schema.String, Schema.Null]),
+            ),
+            tokenName: Schema.optional(
+              Schema.Union([Schema.String, Schema.Null]),
+            ),
+            type: Schema.optional(
+              Schema.Union([
+                Schema.Literals([
+                  "account",
+                  "cloudflare_admin",
+                  "system",
+                  "user",
+                ]),
+                Schema.Null,
+              ]),
+            ),
+          }).pipe(
+            Schema.encodeKeys({
+              id: "id",
+              context: "context",
+              email: "email",
+              ipAddress: "ip_address",
+              tokenId: "token_id",
+              tokenName: "token_name",
+              type: "type",
+            }),
+          ),
+          Schema.Null,
+        ]),
+      ),
+      raw: Schema.optional(
+        Schema.Union([
+          Schema.Struct({
+            cfRayId: Schema.optional(
+              Schema.Union([Schema.String, Schema.Null]),
+            ),
+            method: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+            statusCode: Schema.optional(
+              Schema.Union([Schema.Number, Schema.Null]),
+            ),
+            uri: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+            userAgent: Schema.optional(
+              Schema.Union([Schema.String, Schema.Null]),
+            ),
+          }).pipe(
+            Schema.encodeKeys({
+              cfRayId: "cf_ray_id",
+              method: "method",
+              statusCode: "status_code",
+              uri: "uri",
+              userAgent: "user_agent",
+            }),
+          ),
+          Schema.Null,
+        ]),
+      ),
+      resource: Schema.optional(
+        Schema.Union([
+          Schema.Struct({
+            id: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+            product: Schema.optional(
+              Schema.Union([Schema.String, Schema.Null]),
+            ),
+            request: Schema.optional(
+              Schema.Union([Schema.Unknown, Schema.Null]),
+            ),
+            response: Schema.optional(
+              Schema.Union([Schema.Unknown, Schema.Null]),
+            ),
+            scope: Schema.optional(Schema.Union([Schema.Unknown, Schema.Null])),
+            type: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+          }),
+          Schema.Null,
+        ]),
+      ),
+      zone: Schema.optional(
+        Schema.Union([
+          Schema.Struct({
+            id: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+            name: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+          }),
+          Schema.Null,
+        ]),
+      ),
+    }),
+  ),
+  resultInfo: Schema.Struct({
+    cursors: Schema.optional(
+      Schema.Union([
+        Schema.Struct({
+          after: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+        }),
+        Schema.Null,
+      ]),
+    ),
+  }),
+}).pipe(
+  Schema.encodeKeys({ result: "result", resultInfo: "result_info" }),
+) as unknown as Schema.Schema<ListLogAuditsResponse>;
+
+export type ListLogAuditsError = DefaultErrors;
+
+export const listLogAudits: API.PaginatedOperationMethod<
+  ListLogAuditsRequest,
+  ListLogAuditsResponse,
+  ListLogAuditsError,
+  Credentials | HttpClient.HttpClient
+> & {
+  pages: (
+    input: ListLogAuditsRequest,
+  ) => stream.Stream<
+    ListLogAuditsResponse,
+    ListLogAuditsError,
+    Credentials | HttpClient.HttpClient
+  >;
+  items: (input: ListLogAuditsRequest) => stream.Stream<
+    {
+      id?: string | null;
+      account?: { id?: string | null; name?: string | null } | null;
+      action?: {
+        description?: string | null;
+        result?: string | null;
+        time?: string | null;
+        type?: string | null;
+      } | null;
+      actor?: {
+        id?: string | null;
+        context?:
+          | "api_key"
+          | "api_token"
+          | "dash"
+          | "oauth"
+          | "origin_ca_key"
+          | null;
+        email?: string | null;
+        ipAddress?: string | null;
+        tokenId?: string | null;
+        tokenName?: string | null;
+        type?: "account" | "cloudflare_admin" | "system" | "user" | null;
+      } | null;
+      raw?: {
+        cfRayId?: string | null;
+        method?: string | null;
+        statusCode?: number | null;
+        uri?: string | null;
+        userAgent?: string | null;
+      } | null;
+      resource?: {
+        id?: string | null;
+        product?: string | null;
+        request?: unknown | null;
+        response?: unknown | null;
+        scope?: unknown | null;
+        type?: string | null;
+      } | null;
+      zone?: { id?: string | null; name?: string | null } | null;
+    },
+    ListLogAuditsError,
+    Credentials | HttpClient.HttpClient
+  >;
+} = /*@__PURE__*/ /*#__PURE__*/ API.makePaginated(() => ({
+  input: ListLogAuditsRequest,
+  output: ListLogAuditsResponse,
+  errors: [],
+  pagination: {
+    mode: "cursor",
+    inputToken: "cursor",
+    outputToken: "resultInfo.cursors.after",
+    items: "result",
+  } as const,
+}));
+
+// =============================================================================
+// Member
+// =============================================================================
+
+export interface GetMemberRequest {
+  memberId: string;
+  /** Account identifier tag. */
+  accountId: string;
+}
+
+export const GetMemberRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  memberId: Schema.String.pipe(T.HttpPath("memberId")),
+  accountId: Schema.String.pipe(T.HttpPath("account_id")),
+}).pipe(
+  T.Http({ method: "GET", path: "/accounts/{account_id}/members/{memberId}" }),
+) as unknown as Schema.Schema<GetMemberRequest>;
+
+export type GetMemberResponse = unknown;
+
+export const GetMemberResponse =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Unknown as unknown as Schema.Schema<GetMemberResponse>;
+
+export type GetMemberError = DefaultErrors | MemberNotFound | InvalidRoute;
+
+export const getMember: API.OperationMethod<
+  GetMemberRequest,
+  GetMemberResponse,
+  GetMemberError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: GetMemberRequest,
+  output: GetMemberResponse,
+  errors: [MemberNotFound, InvalidRoute],
+}));
+
+export interface ListMembersRequest {
+  /** Path param: Account identifier tag. */
+  accountId: string;
+  /** Query param: Direction to order results. */
+  direction?: "asc" | "desc";
+  /** Query param: Field to order results by. */
+  order?: "user.first_name" | "user.last_name" | "user.email" | "status";
+  /** Query param: A member's status in the account. */
+  status?: "accepted" | "pending" | "rejected";
+}
+
+export const ListMembersRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  accountId: Schema.String.pipe(T.HttpPath("account_id")),
+  direction: Schema.optional(Schema.Literals(["asc", "desc"])).pipe(
+    T.HttpQuery("direction"),
+  ),
+  order: Schema.optional(
+    Schema.Literals([
+      "user.first_name",
+      "user.last_name",
+      "user.email",
+      "status",
+    ]),
+  ).pipe(T.HttpQuery("order")),
+  status: Schema.optional(
+    Schema.Literals(["accepted", "pending", "rejected"]),
+  ).pipe(T.HttpQuery("status")),
+}).pipe(
+  T.Http({ method: "GET", path: "/accounts/{account_id}/members" }),
+) as unknown as Schema.Schema<ListMembersRequest>;
+
+export type ListMembersResponse = unknown;
+
+export const ListMembersResponse =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Unknown as unknown as Schema.Schema<ListMembersResponse>;
+
+export type ListMembersError = DefaultErrors;
+
+export const listMembers: API.OperationMethod<
+  ListMembersRequest,
+  ListMembersResponse,
+  ListMembersError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: ListMembersRequest,
+  output: ListMembersResponse,
+  errors: [],
+}));
+
+export interface CreateMemberRequest {
+  /** Path param: Account identifier tag. */
+  accountId: string;
+  /** Body param: The contact email address of the user. */
+  email: string;
+  /** Body param: Array of roles associated with this member. */
+  roles: string[];
+  /** Body param: */
+  status?: "accepted" | "pending";
+}
+
+export const CreateMemberRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  accountId: Schema.String.pipe(T.HttpPath("account_id")),
+  email: Schema.String,
+  roles: Schema.Array(Schema.String),
+  status: Schema.optional(Schema.Literals(["accepted", "pending"])),
+}).pipe(
+  T.Http({ method: "POST", path: "/accounts/{account_id}/members" }),
+) as unknown as Schema.Schema<CreateMemberRequest>;
+
+export type CreateMemberResponse = unknown;
+
+export const CreateMemberResponse =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Unknown as unknown as Schema.Schema<CreateMemberResponse>;
+
+export type CreateMemberError = DefaultErrors | InvalidRoute | ValidationError;
+
+export const createMember: API.OperationMethod<
+  CreateMemberRequest,
+  CreateMemberResponse,
+  CreateMemberError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: CreateMemberRequest,
+  output: CreateMemberResponse,
+  errors: [InvalidRoute, ValidationError],
+}));
+
+export interface UpdateMemberRequest {
+  memberId: string;
+  /** Path param: Account identifier tag. */
+  accountId: string;
+  /** Body param: Roles assigned to this member. */
+  roles?: unknown[];
+}
+
+export const UpdateMemberRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  memberId: Schema.String.pipe(T.HttpPath("memberId")),
+  accountId: Schema.String.pipe(T.HttpPath("account_id")),
+  roles: Schema.optional(Schema.Array(Schema.Unknown)),
+}).pipe(
+  T.Http({ method: "PUT", path: "/accounts/{account_id}/members/{memberId}" }),
+) as unknown as Schema.Schema<UpdateMemberRequest>;
+
+export type UpdateMemberResponse = unknown;
+
+export const UpdateMemberResponse =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Unknown as unknown as Schema.Schema<UpdateMemberResponse>;
+
+export type UpdateMemberError =
+  | DefaultErrors
+  | MemberNotFound
+  | InvalidRoute
+  | BadRequest
+  | MethodNotAllowed;
+
+export const updateMember: API.OperationMethod<
+  UpdateMemberRequest,
+  UpdateMemberResponse,
+  UpdateMemberError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: UpdateMemberRequest,
+  output: UpdateMemberResponse,
+  errors: [MemberNotFound, InvalidRoute, BadRequest, MethodNotAllowed],
+}));
+
+export interface DeleteMemberRequest {
+  memberId: string;
+  /** Account identifier tag. */
+  accountId: string;
+}
+
+export const DeleteMemberRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  memberId: Schema.String.pipe(T.HttpPath("memberId")),
+  accountId: Schema.String.pipe(T.HttpPath("account_id")),
+}).pipe(
+  T.Http({
+    method: "DELETE",
+    path: "/accounts/{account_id}/members/{memberId}",
+  }),
+) as unknown as Schema.Schema<DeleteMemberRequest>;
+
+export interface DeleteMemberResponse {
+  /** Identifier */
+  id: string;
+}
+
+export const DeleteMemberResponse = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  id: Schema.String,
+}).pipe(
+  T.ResponsePath("result"),
+) as unknown as Schema.Schema<DeleteMemberResponse>;
+
+export type DeleteMemberError = DefaultErrors | MemberNotFound | InvalidRoute;
+
+export const deleteMember: API.OperationMethod<
+  DeleteMemberRequest,
+  DeleteMemberResponse,
+  DeleteMemberError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: DeleteMemberRequest,
+  output: DeleteMemberResponse,
+  errors: [MemberNotFound, InvalidRoute],
+}));
+
+// =============================================================================
+// Role
+// =============================================================================
+
+export interface GetRoleRequest {
+  roleId: string;
+  /** Account identifier tag. */
+  accountId: string;
+}
+
+export const GetRoleRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  roleId: Schema.String.pipe(T.HttpPath("roleId")),
+  accountId: Schema.String.pipe(T.HttpPath("account_id")),
+}).pipe(
+  T.Http({ method: "GET", path: "/accounts/{account_id}/roles/{roleId}" }),
+) as unknown as Schema.Schema<GetRoleRequest>;
+
+export type GetRoleResponse = unknown;
+
+export const GetRoleResponse =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Unknown as unknown as Schema.Schema<GetRoleResponse>;
+
+export type GetRoleError = DefaultErrors | InvalidRoute;
+
+export const getRole: API.OperationMethod<
+  GetRoleRequest,
+  GetRoleResponse,
+  GetRoleError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: GetRoleRequest,
+  output: GetRoleResponse,
+  errors: [InvalidRoute],
+}));
+
+export interface ListRolesRequest {
+  /** Path param: Account identifier tag. */
+  accountId: string;
+}
+
+export const ListRolesRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  accountId: Schema.String.pipe(T.HttpPath("account_id")),
+}).pipe(
+  T.Http({ method: "GET", path: "/accounts/{account_id}/roles" }),
+) as unknown as Schema.Schema<ListRolesRequest>;
+
+export type ListRolesResponse = unknown;
+
+export const ListRolesResponse =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Unknown as unknown as Schema.Schema<ListRolesResponse>;
+
+export type ListRolesError = DefaultErrors;
+
+export const listRoles: API.OperationMethod<
+  ListRolesRequest,
+  ListRolesResponse,
+  ListRolesError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: ListRolesRequest,
+  output: ListRolesResponse,
+  errors: [],
+}));
+
+// =============================================================================
+// Subscription
+// =============================================================================
+
+export interface GetSubscriptionRequest {
+  /** Identifier */
+  accountId: string;
+}
+
+export const GetSubscriptionRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct(
+  {
+    accountId: Schema.String.pipe(T.HttpPath("account_id")),
+  },
+).pipe(
+  T.Http({ method: "GET", path: "/accounts/{account_id}/subscriptions" }),
+) as unknown as Schema.Schema<GetSubscriptionRequest>;
+
+export type GetSubscriptionResponse = unknown;
+
+export const GetSubscriptionResponse =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Unknown as unknown as Schema.Schema<GetSubscriptionResponse>;
+
+export type GetSubscriptionError = DefaultErrors;
+
+export const getSubscription: API.OperationMethod<
+  GetSubscriptionRequest,
+  GetSubscriptionResponse,
+  GetSubscriptionError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: GetSubscriptionRequest,
+  output: GetSubscriptionResponse,
+  errors: [],
+}));
+
+export interface CreateSubscriptionRequest {
+  /** Path param: Identifier */
+  accountId: string;
+  /** Body param: How often the subscription is renewed automatically. */
+  frequency?: "weekly" | "monthly" | "quarterly" | "yearly";
+  /** Body param: The rate plan applied to the subscription. */
+  ratePlan?: unknown;
+}
+
+export const CreateSubscriptionRequest =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+    accountId: Schema.String.pipe(T.HttpPath("account_id")),
+    frequency: Schema.optional(
+      Schema.Literals(["weekly", "monthly", "quarterly", "yearly"]),
+    ),
+    ratePlan: Schema.optional(Schema.Unknown),
+  }).pipe(
+    Schema.encodeKeys({ frequency: "frequency", ratePlan: "rate_plan" }),
+    T.Http({ method: "POST", path: "/accounts/{account_id}/subscriptions" }),
+  ) as unknown as Schema.Schema<CreateSubscriptionRequest>;
+
+export type CreateSubscriptionResponse = unknown;
+
+export const CreateSubscriptionResponse =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Unknown as unknown as Schema.Schema<CreateSubscriptionResponse>;
+
+export type CreateSubscriptionError =
+  | DefaultErrors
+  | JsonDecodeFailure
+  | InvalidRoute;
+
+export const createSubscription: API.OperationMethod<
+  CreateSubscriptionRequest,
+  CreateSubscriptionResponse,
+  CreateSubscriptionError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: CreateSubscriptionRequest,
+  output: CreateSubscriptionResponse,
+  errors: [JsonDecodeFailure, InvalidRoute],
+}));
+
+export interface UpdateSubscriptionRequest {
+  subscriptionIdentifier: string;
+  /** Path param: Identifier */
+  accountId: string;
+  /** Body param: How often the subscription is renewed automatically. */
+  frequency?: "weekly" | "monthly" | "quarterly" | "yearly";
+  /** Body param: The rate plan applied to the subscription. */
+  ratePlan?: unknown;
+}
+
+export const UpdateSubscriptionRequest =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+    subscriptionIdentifier: Schema.String.pipe(
+      T.HttpPath("subscriptionIdentifier"),
+    ),
+    accountId: Schema.String.pipe(T.HttpPath("account_id")),
+    frequency: Schema.optional(
+      Schema.Literals(["weekly", "monthly", "quarterly", "yearly"]),
+    ),
+    ratePlan: Schema.optional(Schema.Unknown),
+  }).pipe(
+    Schema.encodeKeys({ frequency: "frequency", ratePlan: "rate_plan" }),
+    T.Http({
+      method: "PUT",
+      path: "/accounts/{account_id}/subscriptions/{subscriptionIdentifier}",
+    }),
+  ) as unknown as Schema.Schema<UpdateSubscriptionRequest>;
+
+export type UpdateSubscriptionResponse = unknown;
+
+export const UpdateSubscriptionResponse =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Unknown as unknown as Schema.Schema<UpdateSubscriptionResponse>;
+
+export type UpdateSubscriptionError =
+  | DefaultErrors
+  | JsonDecodeFailure
+  | InvalidRoute
+  | EndpointNotFound;
+
+export const updateSubscription: API.OperationMethod<
+  UpdateSubscriptionRequest,
+  UpdateSubscriptionResponse,
+  UpdateSubscriptionError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: UpdateSubscriptionRequest,
+  output: UpdateSubscriptionResponse,
+  errors: [JsonDecodeFailure, InvalidRoute, EndpointNotFound],
+}));
+
+export interface DeleteSubscriptionRequest {
+  subscriptionIdentifier: string;
+  /** Identifier */
+  accountId: string;
+}
+
+export const DeleteSubscriptionRequest =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+    subscriptionIdentifier: Schema.String.pipe(
+      T.HttpPath("subscriptionIdentifier"),
+    ),
+    accountId: Schema.String.pipe(T.HttpPath("account_id")),
+  }).pipe(
+    T.Http({
+      method: "DELETE",
+      path: "/accounts/{account_id}/subscriptions/{subscriptionIdentifier}",
+    }),
+  ) as unknown as Schema.Schema<DeleteSubscriptionRequest>;
+
+export interface DeleteSubscriptionResponse {
+  /** Subscription identifier tag. */
+  subscriptionId?: string | null;
+}
+
+export const DeleteSubscriptionResponse =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+    subscriptionId: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+  })
+    .pipe(Schema.encodeKeys({ subscriptionId: "subscription_id" }))
+    .pipe(
+      T.ResponsePath("result"),
+    ) as unknown as Schema.Schema<DeleteSubscriptionResponse>;
+
+export type DeleteSubscriptionError =
+  | DefaultErrors
+  | InvalidRoute
+  | EndpointNotFound;
+
+export const deleteSubscription: API.OperationMethod<
+  DeleteSubscriptionRequest,
+  DeleteSubscriptionResponse,
+  DeleteSubscriptionError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: DeleteSubscriptionRequest,
+  output: DeleteSubscriptionResponse,
+  errors: [InvalidRoute, EndpointNotFound],
+}));
+
+// =============================================================================
+// Token
+// =============================================================================
+
+export interface GetTokenRequest {
+  tokenId: string;
+  /** Account identifier tag. */
+  accountId: string;
+}
+
+export const GetTokenRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  tokenId: Schema.String.pipe(T.HttpPath("tokenId")),
+  accountId: Schema.String.pipe(T.HttpPath("account_id")),
+}).pipe(
+  T.Http({ method: "GET", path: "/accounts/{account_id}/tokens/{tokenId}" }),
+) as unknown as Schema.Schema<GetTokenRequest>;
+
+export type GetTokenResponse = unknown;
+
+export const GetTokenResponse =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Unknown as unknown as Schema.Schema<GetTokenResponse>;
+
+export type GetTokenError = DefaultErrors | InvalidRoute;
+
+export const getToken: API.OperationMethod<
+  GetTokenRequest,
+  GetTokenResponse,
+  GetTokenError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: GetTokenRequest,
+  output: GetTokenResponse,
+  errors: [InvalidRoute],
+}));
+
+export interface ListTokensRequest {
+  /** Path param: Account identifier tag. */
+  accountId: string;
+  /** Query param: Direction to order results. */
+  direction?: "asc" | "desc";
+}
+
+export const ListTokensRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  accountId: Schema.String.pipe(T.HttpPath("account_id")),
+  direction: Schema.optional(Schema.Literals(["asc", "desc"])).pipe(
+    T.HttpQuery("direction"),
+  ),
+}).pipe(
+  T.Http({ method: "GET", path: "/accounts/{account_id}/tokens" }),
+) as unknown as Schema.Schema<ListTokensRequest>;
+
+export type ListTokensResponse = unknown;
+
+export const ListTokensResponse =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Unknown as unknown as Schema.Schema<ListTokensResponse>;
+
+export type ListTokensError = DefaultErrors;
+
+export const listTokens: API.OperationMethod<
+  ListTokensRequest,
+  ListTokensResponse,
+  ListTokensError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: ListTokensRequest,
+  output: ListTokensResponse,
+  errors: [],
+}));
+
+export interface CreateTokenRequest {
+  /** Path param: Account identifier tag. */
+  accountId: string;
+  /** Body param: Token name. */
+  name: string;
+  /** Body param: List of access policies assigned to the token. */
+  policies: unknown[];
+  /** Body param: */
+  condition?: { requestIp?: { in?: string[]; notIn?: string[] } };
+  /** Body param: The expiration time on or after which the JWT MUST NOT be accepted for processing. */
+  expiresOn?: string;
+  /** Body param: The time before which the token MUST NOT be accepted for processing. */
+  notBefore?: string;
+}
+
+export const CreateTokenRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  accountId: Schema.String.pipe(T.HttpPath("account_id")),
+  name: Schema.String,
+  policies: Schema.Array(Schema.Unknown),
+  condition: Schema.optional(
+    Schema.Struct({
+      requestIp: Schema.optional(
+        Schema.Struct({
+          in: Schema.optional(Schema.Array(Schema.String)),
+          notIn: Schema.optional(Schema.Array(Schema.String)),
+        }).pipe(Schema.encodeKeys({ in: "in", notIn: "not_in" })),
+      ),
+    }).pipe(Schema.encodeKeys({ requestIp: "request_ip" })),
+  ),
+  expiresOn: Schema.optional(Schema.String),
+  notBefore: Schema.optional(Schema.String),
+}).pipe(
+  Schema.encodeKeys({
+    name: "name",
+    policies: "policies",
+    condition: "condition",
+    expiresOn: "expires_on",
+    notBefore: "not_before",
+  }),
+  T.Http({ method: "POST", path: "/accounts/{account_id}/tokens" }),
+) as unknown as Schema.Schema<CreateTokenRequest>;
+
+export interface CreateTokenResponse {
+  /** Token identifier tag. */
+  id?: string | null;
+  condition?: {
+    requestIp?: { in?: string[] | null; notIn?: string[] | null } | null;
+  } | null;
+  /** The expiration time on or after which the JWT MUST NOT be accepted for processing. */
+  expiresOn?: string | null;
+  /** The time on which the token was created. */
+  issuedOn?: string | null;
+  /** Last time the token was used. */
+  lastUsedOn?: string | null;
+  /** Last time the token was modified. */
+  modifiedOn?: string | null;
+  /** Token name. */
+  name?: string | null;
+  /** The time before which the token MUST NOT be accepted for processing. */
+  notBefore?: string | null;
+  /** List of access policies assigned to the token. */
+  policies?: unknown[] | null;
+  /** Status of the token. */
+  status?: "active" | "disabled" | "expired" | null;
+  /** The token value. */
+  value?: string | null;
+}
+
+export const CreateTokenResponse = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  id: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+  condition: Schema.optional(
+    Schema.Union([
+      Schema.Struct({
+        requestIp: Schema.optional(
+          Schema.Union([
+            Schema.Struct({
+              in: Schema.optional(
+                Schema.Union([Schema.Array(Schema.String), Schema.Null]),
+              ),
+              notIn: Schema.optional(
+                Schema.Union([Schema.Array(Schema.String), Schema.Null]),
+              ),
+            }).pipe(Schema.encodeKeys({ in: "in", notIn: "not_in" })),
+            Schema.Null,
+          ]),
+        ),
+      }).pipe(Schema.encodeKeys({ requestIp: "request_ip" })),
+      Schema.Null,
+    ]),
+  ),
+  expiresOn: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+  issuedOn: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+  lastUsedOn: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+  modifiedOn: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+  name: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+  notBefore: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+  policies: Schema.optional(
+    Schema.Union([Schema.Array(Schema.Unknown), Schema.Null]),
+  ),
+  status: Schema.optional(
+    Schema.Union([
+      Schema.Literals(["active", "disabled", "expired"]),
+      Schema.Null,
+    ]),
+  ),
+  value: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+})
+  .pipe(
+    Schema.encodeKeys({
+      id: "id",
+      condition: "condition",
+      expiresOn: "expires_on",
+      issuedOn: "issued_on",
+      lastUsedOn: "last_used_on",
+      modifiedOn: "modified_on",
+      name: "name",
+      notBefore: "not_before",
+      policies: "policies",
+      status: "status",
+      value: "value",
+    }),
+  )
+  .pipe(
+    T.ResponsePath("result"),
+  ) as unknown as Schema.Schema<CreateTokenResponse>;
+
+export type CreateTokenError = DefaultErrors | InvalidRoute | InvalidTokenName;
+
+export const createToken: API.OperationMethod<
+  CreateTokenRequest,
+  CreateTokenResponse,
+  CreateTokenError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: CreateTokenRequest,
+  output: CreateTokenResponse,
+  errors: [InvalidRoute, InvalidTokenName],
+}));
+
+export interface UpdateTokenRequest {
+  tokenId: string;
+  /** Path param: Account identifier tag. */
+  accountId: string;
+  /** Body param: Token name. */
+  name: string;
+  /** Body param: List of access policies assigned to the token. */
+  policies: unknown[];
+  /** Body param: */
+  condition?: { requestIp?: { in?: string[]; notIn?: string[] } };
+  /** Body param: The expiration time on or after which the JWT MUST NOT be accepted for processing. */
+  expiresOn?: string;
+  /** Body param: The time before which the token MUST NOT be accepted for processing. */
+  notBefore?: string;
+  /** Body param: Status of the token. */
+  status?: "active" | "disabled" | "expired";
+}
+
+export const UpdateTokenRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  tokenId: Schema.String.pipe(T.HttpPath("tokenId")),
+  accountId: Schema.String.pipe(T.HttpPath("account_id")),
+  name: Schema.String,
+  policies: Schema.Array(Schema.Unknown),
+  condition: Schema.optional(
+    Schema.Struct({
+      requestIp: Schema.optional(
+        Schema.Struct({
+          in: Schema.optional(Schema.Array(Schema.String)),
+          notIn: Schema.optional(Schema.Array(Schema.String)),
+        }).pipe(Schema.encodeKeys({ in: "in", notIn: "not_in" })),
+      ),
+    }).pipe(Schema.encodeKeys({ requestIp: "request_ip" })),
+  ),
+  expiresOn: Schema.optional(Schema.String),
+  notBefore: Schema.optional(Schema.String),
+  status: Schema.optional(Schema.Literals(["active", "disabled", "expired"])),
+}).pipe(
+  Schema.encodeKeys({
+    name: "name",
+    policies: "policies",
+    condition: "condition",
+    expiresOn: "expires_on",
+    notBefore: "not_before",
+    status: "status",
+  }),
+  T.Http({ method: "PUT", path: "/accounts/{account_id}/tokens/{tokenId}" }),
+) as unknown as Schema.Schema<UpdateTokenRequest>;
+
+export type UpdateTokenResponse = unknown;
+
+export const UpdateTokenResponse =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Unknown as unknown as Schema.Schema<UpdateTokenResponse>;
+
+export type UpdateTokenError = DefaultErrors | InvalidRoute | MethodNotAllowed;
+
+export const updateToken: API.OperationMethod<
+  UpdateTokenRequest,
+  UpdateTokenResponse,
+  UpdateTokenError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: UpdateTokenRequest,
+  output: UpdateTokenResponse,
+  errors: [InvalidRoute, MethodNotAllowed],
+}));
+
+export interface DeleteTokenRequest {
+  tokenId: string;
+  /** Account identifier tag. */
+  accountId: string;
+}
+
+export const DeleteTokenRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  tokenId: Schema.String.pipe(T.HttpPath("tokenId")),
+  accountId: Schema.String.pipe(T.HttpPath("account_id")),
+}).pipe(
+  T.Http({ method: "DELETE", path: "/accounts/{account_id}/tokens/{tokenId}" }),
+) as unknown as Schema.Schema<DeleteTokenRequest>;
+
+export interface DeleteTokenResponse {
+  /** Identifier */
+  id: string;
+}
+
+export const DeleteTokenResponse = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  id: Schema.String,
+}).pipe(
+  T.ResponsePath("result"),
+) as unknown as Schema.Schema<DeleteTokenResponse>;
+
+export type DeleteTokenError = DefaultErrors | InvalidRoute | MethodNotAllowed;
+
+export const deleteToken: API.OperationMethod<
+  DeleteTokenRequest,
+  DeleteTokenResponse,
+  DeleteTokenError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: DeleteTokenRequest,
+  output: DeleteTokenResponse,
+  errors: [InvalidRoute, MethodNotAllowed],
+}));
+
+export interface VerifyTokenRequest {
+  /** Account identifier tag. */
+  accountId: string;
+}
+
+export const VerifyTokenRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  accountId: Schema.String.pipe(T.HttpPath("account_id")),
+}).pipe(
+  T.Http({ method: "GET", path: "/accounts/{account_id}/tokens/verify" }),
+) as unknown as Schema.Schema<VerifyTokenRequest>;
+
+export interface VerifyTokenResponse {
+  /** Token identifier tag. */
+  id: string;
+  /** Status of the token. */
+  status: "active" | "disabled" | "expired";
+  /** The expiration time on or after which the JWT MUST NOT be accepted for processing. */
+  expiresOn?: string | null;
+  /** The time before which the token MUST NOT be accepted for processing. */
+  notBefore?: string | null;
+}
+
+export const VerifyTokenResponse = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  id: Schema.String,
+  status: Schema.Literals(["active", "disabled", "expired"]),
+  expiresOn: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+  notBefore: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+})
+  .pipe(
+    Schema.encodeKeys({
+      id: "id",
+      status: "status",
+      expiresOn: "expires_on",
+      notBefore: "not_before",
+    }),
+  )
+  .pipe(
+    T.ResponsePath("result"),
+  ) as unknown as Schema.Schema<VerifyTokenResponse>;
+
+export type VerifyTokenError =
+  | DefaultErrors
+  | MissingAuthenticationToken
+  | InvalidRoute;
+
+export const verifyToken: API.OperationMethod<
+  VerifyTokenRequest,
+  VerifyTokenResponse,
+  VerifyTokenError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: VerifyTokenRequest,
+  output: VerifyTokenResponse,
+  errors: [MissingAuthenticationToken, InvalidRoute],
+}));
+
+// =============================================================================
+// TokenPermissionGroup
+// =============================================================================
+
+export interface GetTokenPermissionGroupRequest {
+  /** Path param: Account identifier tag. */
+  accountId: string;
+  /** Query param: Filter by the name of the permission group. The value must be URL-encoded. */
+  name?: string;
+  /** Query param: Filter by the scope of the permission group. The value must be URL-encoded. */
+  scope?: string;
+}
+
+export const GetTokenPermissionGroupRequest =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+    accountId: Schema.String.pipe(T.HttpPath("account_id")),
+    name: Schema.optional(Schema.String).pipe(T.HttpQuery("name")),
+    scope: Schema.optional(Schema.String).pipe(T.HttpQuery("scope")),
+  }).pipe(
+    T.Http({
+      method: "GET",
+      path: "/accounts/{account_id}/tokens/permission_groups",
+    }),
+  ) as unknown as Schema.Schema<GetTokenPermissionGroupRequest>;
+
+export type GetTokenPermissionGroupResponse = {
+  id?: string | null;
+  name?: string | null;
+  scopes?:
+    | (
+        | "com.cloudflare.api.account"
+        | "com.cloudflare.api.account.zone"
+        | "com.cloudflare.api.user"
+        | "com.cloudflare.edge.r2.bucket"
+      )[]
+    | null;
+}[];
+
+export const GetTokenPermissionGroupResponse =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Array(
+    Schema.Struct({
+      id: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+      name: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+      scopes: Schema.optional(
+        Schema.Union([
+          Schema.Array(
+            Schema.Literals([
+              "com.cloudflare.api.account",
+              "com.cloudflare.api.account.zone",
+              "com.cloudflare.api.user",
+              "com.cloudflare.edge.r2.bucket",
+            ]),
+          ),
+          Schema.Null,
+        ]),
+      ),
+    }),
+  ).pipe(
+    T.ResponsePath("result"),
+  ) as unknown as Schema.Schema<GetTokenPermissionGroupResponse>;
+
+export type GetTokenPermissionGroupError = DefaultErrors | InvalidRoute;
+
+export const getTokenPermissionGroup: API.OperationMethod<
+  GetTokenPermissionGroupRequest,
+  GetTokenPermissionGroupResponse,
+  GetTokenPermissionGroupError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: GetTokenPermissionGroupRequest,
+  output: GetTokenPermissionGroupResponse,
+  errors: [InvalidRoute],
+}));
+
+export interface ListTokenPermissionGroupsRequest {
+  /** Path param: Account identifier tag. */
+  accountId: string;
+  /** Query param: Filter by the name of the permission group. The value must be URL-encoded. */
+  name?: string;
+  /** Query param: Filter by the scope of the permission group. The value must be URL-encoded. */
+  scope?: string;
+}
+
+export const ListTokenPermissionGroupsRequest =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+    accountId: Schema.String.pipe(T.HttpPath("account_id")),
+    name: Schema.optional(Schema.String).pipe(T.HttpQuery("name")),
+    scope: Schema.optional(Schema.String).pipe(T.HttpQuery("scope")),
+  }).pipe(
+    T.Http({
+      method: "GET",
+      path: "/accounts/{account_id}/tokens/permission_groups",
+    }),
+  ) as unknown as Schema.Schema<ListTokenPermissionGroupsRequest>;
+
+export interface ListTokenPermissionGroupsResponse {
+  result: {
+    id?: string | null;
+    name?: string | null;
+    scopes?:
+      | (
+          | "com.cloudflare.api.account"
+          | "com.cloudflare.api.account.zone"
+          | "com.cloudflare.api.user"
+          | "com.cloudflare.edge.r2.bucket"
+        )[]
+      | null;
+  }[];
+}
+
+export const ListTokenPermissionGroupsResponse =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+    result: Schema.Array(
+      Schema.Struct({
+        id: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+        name: Schema.optional(Schema.Union([Schema.String, Schema.Null])),
+        scopes: Schema.optional(
+          Schema.Union([
+            Schema.Array(
+              Schema.Literals([
+                "com.cloudflare.api.account",
+                "com.cloudflare.api.account.zone",
+                "com.cloudflare.api.user",
+                "com.cloudflare.edge.r2.bucket",
+              ]),
+            ),
+            Schema.Null,
+          ]),
+        ),
+      }),
+    ),
+  }) as unknown as Schema.Schema<ListTokenPermissionGroupsResponse>;
+
+export type ListTokenPermissionGroupsError = DefaultErrors;
+
+export const listTokenPermissionGroups: API.PaginatedOperationMethod<
+  ListTokenPermissionGroupsRequest,
+  ListTokenPermissionGroupsResponse,
+  ListTokenPermissionGroupsError,
+  Credentials | HttpClient.HttpClient
+> & {
+  pages: (
+    input: ListTokenPermissionGroupsRequest,
+  ) => stream.Stream<
+    ListTokenPermissionGroupsResponse,
+    ListTokenPermissionGroupsError,
+    Credentials | HttpClient.HttpClient
+  >;
+  items: (input: ListTokenPermissionGroupsRequest) => stream.Stream<
+    {
+      id?: string | null;
+      name?: string | null;
+      scopes?:
+        | (
+            | "com.cloudflare.api.account"
+            | "com.cloudflare.api.account.zone"
+            | "com.cloudflare.api.user"
+            | "com.cloudflare.edge.r2.bucket"
+          )[]
+        | null;
+    },
+    ListTokenPermissionGroupsError,
+    Credentials | HttpClient.HttpClient
+  >;
+} = /*@__PURE__*/ /*#__PURE__*/ API.makePaginated(() => ({
+  input: ListTokenPermissionGroupsRequest,
+  output: ListTokenPermissionGroupsResponse,
+  errors: [],
+  pagination: {
+    mode: "single",
+    items: "result",
+  } as const,
+}));
+
+// =============================================================================
+// TokenValue
+// =============================================================================
+
+export interface PutTokenValueRequest {
+  tokenId: string;
+  /** Path param: Account identifier tag. */
+  accountId: string;
+  /** Body param: */
+  body: unknown;
+}
+
+export const PutTokenValueRequest = /*@__PURE__*/ /*#__PURE__*/ Schema.Struct({
+  tokenId: Schema.String.pipe(T.HttpPath("tokenId")),
+  accountId: Schema.String.pipe(T.HttpPath("account_id")),
+  body: Schema.Unknown.pipe(T.HttpBody()),
+}).pipe(
+  T.Http({
+    method: "PUT",
+    path: "/accounts/{account_id}/tokens/{tokenId}/value",
+  }),
+) as unknown as Schema.Schema<PutTokenValueRequest>;
+
+export type PutTokenValueResponse = unknown;
+
+export const PutTokenValueResponse =
+  /*@__PURE__*/ /*#__PURE__*/ Schema.Unknown as unknown as Schema.Schema<PutTokenValueResponse>;
+
+export type PutTokenValueError = DefaultErrors | InvalidRoute;
+
+export const putTokenValue: API.OperationMethod<
+  PutTokenValueRequest,
+  PutTokenValueResponse,
+  PutTokenValueError,
+  Credentials | HttpClient.HttpClient
+> = /*@__PURE__*/ /*#__PURE__*/ API.make(() => ({
+  input: PutTokenValueRequest,
+  output: PutTokenValueResponse,
+  errors: [InvalidRoute],
+}));