@logto/schemas 1.25.0 → 1.27.0

package/alterations/1.26.0-1740982044-add-one-time-tokens-table.ts

@@ -0,0 +1,36 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table one_time_tokens (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        id varchar(21) not null,
+        email varchar(128) not null,
+        token varchar(256) not null,
+        context jsonb not null default '{}'::jsonb,
+        status varchar(64) not null default 'active',
+        created_at timestamptz not null default(now()),
+        expires_at timestamptz not null,
+        primary key (id)
+      );
+
+      create index one_time_token__email_status on one_time_tokens (tenant_id, email, status);
+    `);
+
+    await applyTableRls(pool, 'one_time_tokens');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'one_time_tokens');
+    await pool.query(sql`
+      drop table if exists one_time_tokens;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.26.0-1741240284-add-captcha-policy.ts

@@ -0,0 +1,20 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        add column captcha_policy jsonb not null default '{}'::jsonb;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        drop column captcha_policy;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.26.0-1741318144-add-one-time-token-unique-index.ts

@@ -0,0 +1,18 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create unique index one_time_token__token on one_time_tokens (tenant_id, token);
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop index if exists one_time_token__token;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.26.0-1741572426-add-captcha-providers.ts

@@ -0,0 +1,34 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create table captcha_providers (
+        tenant_id varchar(21) not null 
+          references tenants (id) on update cascade on delete cascade,
+        id varchar(128) not null,
+        config jsonb /* @use CaptchaConfig */ not null default '{}'::jsonb,
+        created_at timestamptz not null default(now()),
+        updated_at timestamptz not null default(now()),
+        primary key (id),
+        unique (tenant_id)
+      );
+
+      create index captcha_providers__id
+        on captcha_providers (tenant_id, id);
+    `);
+    await applyTableRls(pool, 'captcha_providers');
+  },
+  down: async (pool) => {
+    await dropTableRls(pool, 'captcha_providers');
+    await pool.query(sql`
+      drop table captcha_providers;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.27.0-1744013256-add-sentinel-policy-column-to-sie-table.ts

@@ -0,0 +1,20 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        add column sentinel_policy jsonb not null default '{}'::jsonb;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table sign_in_experiences
+        drop column sentinel_policy;
+    `);
+  },
+};
+
+export default alteration;

package/alterations/1.27.0-1744357867-add-sentinel-activities-hash-index.ts

@@ -0,0 +1,19 @@
+import { sql } from '@silverhand/slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      create index sentinel_activities__target_type_target_hash
+        on sentinel_activities (tenant_id, target_type, target_hash);
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      drop index sentinel_activities__target_type_target_hash;
+    `);
+  },
+};
+
+export default alteration;

package/alterations-js/1.26.0-1740982044-add-one-time-tokens-table.js

@@ -0,0 +1,30 @@
+import { sql } from '@silverhand/slonik';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create table one_time_tokens (
+        tenant_id varchar(21) not null
+          references tenants (id) on update cascade on delete cascade,
+        id varchar(21) not null,
+        email varchar(128) not null,
+        token varchar(256) not null,
+        context jsonb not null default '{}'::jsonb,
+        status varchar(64) not null default 'active',
+        created_at timestamptz not null default(now()),
+        expires_at timestamptz not null,
+        primary key (id)
+      );
+
+      create index one_time_token__email_status on one_time_tokens (tenant_id, email, status);
+    `);
+        await applyTableRls(pool, 'one_time_tokens');
+    },
+    down: async (pool) => {
+        await dropTableRls(pool, 'one_time_tokens');
+        await pool.query(sql `
+      drop table if exists one_time_tokens;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.26.0-1741240284-add-captcha-policy.js

@@ -0,0 +1,16 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        add column captcha_policy jsonb not null default '{}'::jsonb;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        drop column captcha_policy;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.26.0-1741318144-add-one-time-token-unique-index.js

@@ -0,0 +1,14 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create unique index one_time_token__token on one_time_tokens (tenant_id, token);
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      drop index if exists one_time_token__token;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.26.0-1741572426-add-captcha-providers.js

@@ -0,0 +1,29 @@
+import { sql } from '@silverhand/slonik';
+import { applyTableRls, dropTableRls } from './utils/1704934999-tables.js';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create table captcha_providers (
+        tenant_id varchar(21) not null 
+          references tenants (id) on update cascade on delete cascade,
+        id varchar(128) not null,
+        config jsonb /* @use CaptchaConfig */ not null default '{}'::jsonb,
+        created_at timestamptz not null default(now()),
+        updated_at timestamptz not null default(now()),
+        primary key (id),
+        unique (tenant_id)
+      );
+
+      create index captcha_providers__id
+        on captcha_providers (tenant_id, id);
+    `);
+        await applyTableRls(pool, 'captcha_providers');
+    },
+    down: async (pool) => {
+        await dropTableRls(pool, 'captcha_providers');
+        await pool.query(sql `
+      drop table captcha_providers;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.27.0-1744013256-add-sentinel-policy-column-to-sie-table.js

@@ -0,0 +1,16 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        add column sentinel_policy jsonb not null default '{}'::jsonb;
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      alter table sign_in_experiences
+        drop column sentinel_policy;
+    `);
+    },
+};
+export default alteration;

package/alterations-js/1.27.0-1744357867-add-sentinel-activities-hash-index.js

@@ -0,0 +1,15 @@
+import { sql } from '@silverhand/slonik';
+const alteration = {
+    up: async (pool) => {
+        await pool.query(sql `
+      create index sentinel_activities__target_type_target_hash
+        on sentinel_activities (tenant_id, target_type, target_hash);
+    `);
+    },
+    down: async (pool) => {
+        await pool.query(sql `
+      drop index sentinel_activities__target_type_target_hash;
+    `);
+    },
+};
+export default alteration;

package/lib/consts/experience.d.ts

@@ -7,5 +7,7 @@ export declare const experience: Readonly<{
         readonly resetPassword: "reset-password";
         readonly identifierSignIn: "identifier-sign-in";
         readonly identifierRegister: "identifier-register";
+        readonly switchAccount: "switch-account";
+        readonly oneTimeToken: "one-time-token";
     }>;
 }>;

package/lib/consts/experience.js

@@ -6,6 +6,8 @@ const routes = Object.freeze({
     resetPassword: 'reset-password',
     identifierSignIn: 'identifier-sign-in',
     identifierRegister: 'identifier-register',
+    switchAccount: 'switch-account',
+    oneTimeToken: 'one-time-token',
 });
 export const experience = Object.freeze({
     routes,

package/lib/consts/index.d.ts

@@ -5,3 +5,4 @@ export * from './date.js';
 export * from './tenant.js';
 export * from './subscriptions.js';
 export * from './experience.js';
+export * from './sentinel.js';

package/lib/consts/index.js

@@ -5,3 +5,4 @@ export * from './date.js';
 export * from './tenant.js';
 export * from './subscriptions.js';
 export * from './experience.js';
+export * from './sentinel.js';

package/lib/consts/oidc.d.ts

@@ -49,7 +49,11 @@ export declare enum ExtraParamsKey {
      *
      * @see {@link SignInIdentifier} for available values.
      */
-    Identifier = "identifier"
+    Identifier = "identifier",
+    /**
+     * The one-time token used as a proof for the user's identity. Example use case: Magic link.
+     */
+    OneTimeToken = "one_time_token"
 }
 /** @deprecated Use {@link FirstScreen} instead. */
 export declare enum InteractionMode {
@@ -73,6 +77,7 @@ export declare const extraParamsObjectGuard: z.ZodObject<{
     organization_id: z.ZodOptional<z.ZodString>;
     login_hint: z.ZodOptional<z.ZodString>;
     identifier: z.ZodOptional<z.ZodString>;
+    one_time_token: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
     interaction_mode?: InteractionMode | undefined;
     first_screen?: FirstScreen | undefined;
@@ -80,6 +85,7 @@ export declare const extraParamsObjectGuard: z.ZodObject<{
     organization_id?: string | undefined;
     login_hint?: string | undefined;
     identifier?: string | undefined;
+    one_time_token?: string | undefined;
 }, {
     interaction_mode?: InteractionMode | undefined;
     first_screen?: FirstScreen | undefined;
@@ -87,6 +93,7 @@ export declare const extraParamsObjectGuard: z.ZodObject<{
     organization_id?: string | undefined;
     login_hint?: string | undefined;
     identifier?: string | undefined;
+    one_time_token?: string | undefined;
 }>;
 export type ExtraParamsObject = Partial<{
     [ExtraParamsKey.InteractionMode]: InteractionMode;
@@ -95,4 +102,5 @@ export type ExtraParamsObject = Partial<{
     [ExtraParamsKey.OrganizationId]: string;
     [ExtraParamsKey.LoginHint]: string;
     [ExtraParamsKey.Identifier]: string;
+    [ExtraParamsKey.OneTimeToken]: string;
 }>;

package/lib/consts/oidc.js

@@ -52,6 +52,10 @@ export var ExtraParamsKey;
      * @see {@link SignInIdentifier} for available values.
      */
     ExtraParamsKey["Identifier"] = "identifier";
+    /**
+     * The one-time token used as a proof for the user's identity. Example use case: Magic link.
+     */
+    ExtraParamsKey["OneTimeToken"] = "one_time_token";
 })(ExtraParamsKey || (ExtraParamsKey = {}));
 /** @deprecated Use {@link FirstScreen} instead. */
 export var InteractionMode;
@@ -78,5 +82,6 @@ export const extraParamsObjectGuard = z
     [ExtraParamsKey.OrganizationId]: z.string(),
     [ExtraParamsKey.LoginHint]: z.string(),
     [ExtraParamsKey.Identifier]: z.string(),
+    [ExtraParamsKey.OneTimeToken]: z.string(),
 })
     .partial();

package/lib/consts/sentinel.d.ts

@@ -0,0 +1,10 @@
+/**
+ * The default policy for this sentinel.
+ *
+ * - `maxAttempts`: 100
+ * - `lockoutDuration`: 60 minutes
+ */
+export declare const defaultSentinelPolicy: Readonly<{
+    maxAttempts: number;
+    lockoutDuration: number;
+}>;

package/lib/consts/sentinel.js

@@ -0,0 +1,10 @@
+/**
+ * The default policy for this sentinel.
+ *
+ * - `maxAttempts`: 100
+ * - `lockoutDuration`: 60 minutes
+ */
+export const defaultSentinelPolicy = Object.freeze({
+    maxAttempts: 100,
+    lockoutDuration: 60,
+});

package/lib/db-entries/captcha-provider.d.ts

@@ -0,0 +1,22 @@
+import { CaptchaConfig, GeneratedSchema } from './../foundations/index.js';
+/**
+ *
+ * @remarks This is a type for database creation.
+ * @see {@link CaptchaProvider} for the original type.
+ */
+export type CreateCaptchaProvider = {
+    tenantId?: string;
+    id: string;
+    config?: CaptchaConfig;
+    createdAt?: number;
+    updatedAt?: number;
+};
+export type CaptchaProvider = {
+    tenantId: string;
+    id: string;
+    config: CaptchaConfig;
+    createdAt: number;
+    updatedAt: number;
+};
+export type CaptchaProviderKeys = 'tenantId' | 'id' | 'config' | 'createdAt' | 'updatedAt';
+export declare const CaptchaProviders: GeneratedSchema<CaptchaProviderKeys, CreateCaptchaProvider, CaptchaProvider, 'captcha_providers', 'captcha_provider'>;

package/lib/db-entries/captcha-provider.js

@@ -0,0 +1,38 @@
+// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+import { z } from 'zod';
+import { captchaConfigGuard } from './../foundations/index.js';
+const createGuard = z.object({
+    tenantId: z.string().max(21).optional(),
+    id: z.string().min(1).max(128),
+    config: captchaConfigGuard.optional(),
+    createdAt: z.number().optional(),
+    updatedAt: z.number().optional(),
+});
+const guard = z.object({
+    tenantId: z.string().max(21),
+    id: z.string().min(1).max(128),
+    config: captchaConfigGuard,
+    createdAt: z.number(),
+    updatedAt: z.number(),
+});
+export const CaptchaProviders = Object.freeze({
+    table: 'captcha_providers',
+    tableSingular: 'captcha_provider',
+    fields: {
+        tenantId: 'tenant_id',
+        id: 'id',
+        config: 'config',
+        createdAt: 'created_at',
+        updatedAt: 'updated_at',
+    },
+    fieldKeys: [
+        'tenantId',
+        'id',
+        'config',
+        'createdAt',
+        'updatedAt',
+    ],
+    createGuard,
+    guard,
+    updateGuard: guard.partial(),
+});

package/lib/db-entries/index.d.ts

@@ -13,6 +13,7 @@ export * from './application-user-consent-resource-scope.js';
 export * from './application-user-consent-user-scope.js';
 export * from './application.js';
 export * from './applications-role.js';
+export * from './captcha-provider.js';
 export * from './connector.js';
 export * from './custom-phrase.js';
 export * from './daily-active-user.js';
@@ -24,6 +25,7 @@ export * from './idp-initiated-saml-sso-session.js';
 export * from './log.js';
 export * from './logto-config.js';
 export * from './oidc-model-instance.js';
+export * from './one-time-token.js';
 export * from './organization-application-relation.js';
 export * from './organization-invitation-role-relation.js';
 export * from './organization-invitation.js';

package/lib/db-entries/index.js

@@ -14,6 +14,7 @@ export * from './application-user-consent-resource-scope.js';
 export * from './application-user-consent-user-scope.js';
 export * from './application.js';
 export * from './applications-role.js';
+export * from './captcha-provider.js';
 export * from './connector.js';
 export * from './custom-phrase.js';
 export * from './daily-active-user.js';
@@ -25,6 +26,7 @@ export * from './idp-initiated-saml-sso-session.js';
 export * from './log.js';
 export * from './logto-config.js';
 export * from './oidc-model-instance.js';
+export * from './one-time-token.js';
 export * from './organization-application-relation.js';
 export * from './organization-invitation-role-relation.js';
 export * from './organization-invitation.js';

package/lib/db-entries/one-time-token.d.ts

@@ -0,0 +1,28 @@
+import { OneTimeTokenContext, OneTimeTokenStatus, GeneratedSchema } from './../foundations/index.js';
+/**
+ *
+ * @remarks This is a type for database creation.
+ * @see {@link OneTimeToken} for the original type.
+ */
+export type CreateOneTimeToken = {
+    tenantId?: string;
+    id: string;
+    email: string;
+    token: string;
+    context?: OneTimeTokenContext;
+    status?: OneTimeTokenStatus;
+    createdAt?: number;
+    expiresAt: number;
+};
+export type OneTimeToken = {
+    tenantId: string;
+    id: string;
+    email: string;
+    token: string;
+    context: OneTimeTokenContext;
+    status: OneTimeTokenStatus;
+    createdAt: number;
+    expiresAt: number;
+};
+export type OneTimeTokenKeys = 'tenantId' | 'id' | 'email' | 'token' | 'context' | 'status' | 'createdAt' | 'expiresAt';
+export declare const OneTimeTokens: GeneratedSchema<OneTimeTokenKeys, CreateOneTimeToken, OneTimeToken, 'one_time_tokens', 'one_time_token'>;

package/lib/db-entries/one-time-token.js

@@ -0,0 +1,50 @@
+// THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
+import { z } from 'zod';
+import { oneTimeTokenContextGuard, oneTimeTokenStatusGuard } from './../foundations/index.js';
+const createGuard = z.object({
+    tenantId: z.string().max(21).optional(),
+    id: z.string().min(1).max(21),
+    email: z.string().min(1).max(128),
+    token: z.string().min(1).max(256),
+    context: oneTimeTokenContextGuard.optional(),
+    status: oneTimeTokenStatusGuard.optional(),
+    createdAt: z.number().optional(),
+    expiresAt: z.number(),
+});
+const guard = z.object({
+    tenantId: z.string().max(21),
+    id: z.string().min(1).max(21),
+    email: z.string().min(1).max(128),
+    token: z.string().min(1).max(256),
+    context: oneTimeTokenContextGuard,
+    status: oneTimeTokenStatusGuard,
+    createdAt: z.number(),
+    expiresAt: z.number(),
+});
+export const OneTimeTokens = Object.freeze({
+    table: 'one_time_tokens',
+    tableSingular: 'one_time_token',
+    fields: {
+        tenantId: 'tenant_id',
+        id: 'id',
+        email: 'email',
+        token: 'token',
+        context: 'context',
+        status: 'status',
+        createdAt: 'created_at',
+        expiresAt: 'expires_at',
+    },
+    fieldKeys: [
+        'tenantId',
+        'id',
+        'email',
+        'token',
+        'context',
+        'status',
+        'createdAt',
+        'expiresAt',
+    ],
+    createGuard,
+    guard,
+    updateGuard: guard.partial(),
+});

package/lib/db-entries/sign-in-experience.d.ts

@@ -1,4 +1,4 @@
-import { Color, Branding, LanguageInfo, SignIn, SignUp, SocialSignIn, ConnectorTargets, CustomContent, CustomUiAssets, PartialPasswordPolicy, Mfa, GeneratedSchema } from './../foundations/index.js';
+import { Color, Branding, LanguageInfo, SignIn, SignUp, SocialSignIn, ConnectorTargets, CustomContent, CustomUiAssets, PartialPasswordPolicy, Mfa, CaptchaPolicy, SentinelPolicy, GeneratedSchema } from './../foundations/index.js';
 import { AgreeToTermsPolicy, SignInMode } from './custom-types.js';
 /**
  *
@@ -29,6 +29,8 @@ export type CreateSignInExperience = {
     supportEmail?: string | null;
     supportWebsiteUrl?: string | null;
     unknownSessionRedirectUrl?: string | null;
+    captchaPolicy?: CaptchaPolicy;
+    sentinelPolicy?: SentinelPolicy;
 };
 export type SignInExperience = {
     tenantId: string;
@@ -54,6 +56,8 @@ export type SignInExperience = {
     supportEmail: string | null;
     supportWebsiteUrl: string | null;
     unknownSessionRedirectUrl: string | null;
+    captchaPolicy: CaptchaPolicy;
+    sentinelPolicy: SentinelPolicy;
 };
-export type SignInExperienceKeys = 'tenantId' | 'id' | 'color' | 'branding' | 'languageInfo' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'agreeToTermsPolicy' | 'signIn' | 'signUp' | 'socialSignIn' | 'socialSignInConnectorTargets' | 'signInMode' | 'customCss' | 'customContent' | 'customUiAssets' | 'passwordPolicy' | 'mfa' | 'singleSignOnEnabled' | 'supportEmail' | 'supportWebsiteUrl' | 'unknownSessionRedirectUrl';
+export type SignInExperienceKeys = 'tenantId' | 'id' | 'color' | 'branding' | 'languageInfo' | 'termsOfUseUrl' | 'privacyPolicyUrl' | 'agreeToTermsPolicy' | 'signIn' | 'signUp' | 'socialSignIn' | 'socialSignInConnectorTargets' | 'signInMode' | 'customCss' | 'customContent' | 'customUiAssets' | 'passwordPolicy' | 'mfa' | 'singleSignOnEnabled' | 'supportEmail' | 'supportWebsiteUrl' | 'unknownSessionRedirectUrl' | 'captchaPolicy' | 'sentinelPolicy';
 export declare const SignInExperiences: GeneratedSchema<SignInExperienceKeys, CreateSignInExperience, SignInExperience, 'sign_in_experiences', 'sign_in_experience'>;

package/lib/db-entries/sign-in-experience.js

@@ -1,6 +1,6 @@
 // THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
 import { z } from 'zod';
-import { colorGuard, brandingGuard, languageInfoGuard, signInGuard, signUpGuard, socialSignInGuard, connectorTargetsGuard, customContentGuard, customUiAssetsGuard, partialPasswordPolicyGuard, mfaGuard } from './../foundations/index.js';
+import { colorGuard, brandingGuard, languageInfoGuard, signInGuard, signUpGuard, socialSignInGuard, connectorTargetsGuard, customContentGuard, customUiAssetsGuard, partialPasswordPolicyGuard, mfaGuard, captchaPolicyGuard, sentinelPolicyGuard } from './../foundations/index.js';
 import { AgreeToTermsPolicy, SignInMode } from './custom-types.js';
 const createGuard = z.object({
     tenantId: z.string().max(21).optional(),
@@ -25,6 +25,8 @@ const createGuard = z.object({
     supportEmail: z.string().nullable().optional(),
     supportWebsiteUrl: z.string().nullable().optional(),
     unknownSessionRedirectUrl: z.string().nullable().optional(),
+    captchaPolicy: captchaPolicyGuard.optional(),
+    sentinelPolicy: sentinelPolicyGuard.optional(),
 });
 const guard = z.object({
     tenantId: z.string().max(21),
@@ -49,6 +51,8 @@ const guard = z.object({
     supportEmail: z.string().nullable(),
     supportWebsiteUrl: z.string().nullable(),
     unknownSessionRedirectUrl: z.string().nullable(),
+    captchaPolicy: captchaPolicyGuard,
+    sentinelPolicy: sentinelPolicyGuard,
 });
 export const SignInExperiences = Object.freeze({
     table: 'sign_in_experiences',
@@ -76,6 +80,8 @@ export const SignInExperiences = Object.freeze({
         supportEmail: 'support_email',
         supportWebsiteUrl: 'support_website_url',
         unknownSessionRedirectUrl: 'unknown_session_redirect_url',
+        captchaPolicy: 'captcha_policy',
+        sentinelPolicy: 'sentinel_policy',
     },
     fieldKeys: [
         'tenantId',
@@ -100,6 +106,8 @@ export const SignInExperiences = Object.freeze({
         'supportEmail',
         'supportWebsiteUrl',
         'unknownSessionRedirectUrl',
+        'captchaPolicy',
+        'sentinelPolicy',
     ],
     createGuard,
     guard,