@opentdf/sdk 0.4.1-rc.37 → 0.5.0-beta.42

package/src/platform/policy/objects_pb.ts

@@ -14,7 +14,67 @@ import type { Message } from "@bufbuild/protobuf";
  * Describes the file policy/objects.proto.
  */
 export const file_policy_objects: GenFile = /*@__PURE__*/
-  fileDesc("ChRwb2xpY3kvb2JqZWN0cy5wcm90bxIGcG9saWN5ImYKEUtleVByb3ZpZGVyQ29uZmlnEgoKAmlkGAEgASgJEgwKBG5hbWUYAiABKAkSEwoLY29uZmlnX2pzb24YAyABKAwSIgoIbWV0YWRhdGEYZCABKAsyEC5jb21tb24uTWV0YWRhdGEizQEKCU5hbWVzcGFjZRIKCgJpZBgBIAEoCRIMCgRuYW1lGAIgASgJEgsKA2ZxbhgDIAEoCRIqCgZhY3RpdmUYBCABKAsyGi5nb29nbGUucHJvdG9idWYuQm9vbFZhbHVlEiIKCG1ldGFkYXRhGAUgASgLMhAuY29tbW9uLk1ldGFkYXRhEicKBmdyYW50cxgGIAMoCzIXLnBvbGljeS5LZXlBY2Nlc3NTZXJ2ZXISIAoIa2FzX2tleXMYByADKAsyDi5wb2xpY3kuS2FzS2V5IswCCglBdHRyaWJ1dGUSCgoCaWQYASABKAkSJAoJbmFtZXNwYWNlGAIgASgLMhEucG9saWN5Lk5hbWVzcGFjZRIMCgRuYW1lGAMgASgJEjgKBHJ1bGUYBCABKA4yHS5wb2xpY3kuQXR0cmlidXRlUnVsZVR5cGVFbnVtQgu6SAjIAQGCAQIQARIdCgZ2YWx1ZXMYBSADKAsyDS5wb2xpY3kuVmFsdWUSJwoGZ3JhbnRzGAYgAygLMhcucG9saWN5LktleUFjY2Vzc1NlcnZlchILCgNmcW4YByABKAkSKgoGYWN0aXZlGAggASgLMhouZ29vZ2xlLnByb3RvYnVmLkJvb2xWYWx1ZRIgCghrYXNfa2V5cxgJIAMoCzIOLnBvbGljeS5LYXNLZXkSIgoIbWV0YWRhdGEYZCABKAsyEC5jb21tb24uTWV0YWRhdGEisQIKBVZhbHVlEgoKAmlkGAEgASgJEiQKCWF0dHJpYnV0ZRgCIAEoCzIRLnBvbGljeS5BdHRyaWJ1dGUSDQoFdmFsdWUYAyABKAkSJwoGZ3JhbnRzGAUgAygLMhcucG9saWN5LktleUFjY2Vzc1NlcnZlchILCgNmcW4YBiABKAkSKgoGYWN0aXZlGAcgASgLMhouZ29vZ2xlLnByb3RvYnVmLkJvb2xWYWx1ZRIwChBzdWJqZWN0X21hcHBpbmdzGAggAygLMhYucG9saWN5LlN1YmplY3RNYXBwaW5nEiAKCGthc19rZXlzGAkgAygLMg4ucG9saWN5Lkthc0tleRIiCghtZXRhZGF0YRhkIAEoCzIQLmNvbW1vbi5NZXRhZGF0YUoECAQQBVIHbWVtYmVycyKCAgoGQWN0aW9uEgoKAmlkGAMgASgJEjEKCHN0YW5kYXJkGAEgASgOMh0ucG9saWN5LkFjdGlvbi5TdGFuZGFyZEFjdGlvbkgAEhAKBmN1c3RvbRgCIAEoCUgAEgwKBG5hbWUYBCABKAkSIgoIbWV0YWRhdGEYZCABKAsyEC5jb21tb24uTWV0YWRhdGEibAoOU3RhbmRhcmRBY3Rpb24SHwobU1RBTkRBUkRfQUNUSU9OX1VOU1BFQ0lGSUVEEAASGwoXU1RBTkRBUkRfQUNUSU9OX0RFQ1JZUFQQARIcChhTVEFOREFSRF9BQ1RJT05fVFJBTlNNSVQQAkIHCgV2YWx1ZSLFAQoOU3ViamVjdE1hcHBpbmcSCgoCaWQYASABKAkSJgoPYXR0cmlidXRlX3ZhbHVlGAIgASgLMg0ucG9saWN5LlZhbHVlEjoKFXN1YmplY3RfY29uZGl0aW9uX3NldBgDIAEoCzIbLnBvbGljeS5TdWJqZWN0Q29uZGl0aW9uU2V0Eh8KB2FjdGlvbnMYBCADKAsyDi5wb2xpY3kuQWN0aW9uEiIKCG1ldGFkYXRhGGQgASgLMhAuY29tbW9uLk1ldGFkYXRhIqoBCglDb25kaXRpb24SLwofc3ViamVjdF9leHRlcm5hbF9zZWxlY3Rvcl92YWx1ZRgBIAEoCUIGukgDyAEBEkEKCG9wZXJhdG9yGAIgASgOMiIucG9saWN5LlN1YmplY3RNYXBwaW5nT3BlcmF0b3JFbnVtQgu6SAjIAQGCAQIQARIpChdzdWJqZWN0X2V4dGVybmFsX3ZhbHVlcxgDIAMoCUIIukgFkgECCAEiigEKDkNvbmRpdGlvbkdyb3VwEi8KCmNvbmRpdGlvbnMYASADKAsyES5wb2xpY3kuQ29uZGl0aW9uQgi6SAWSAQIIARJHChBib29sZWFuX29wZXJhdG9yGAIgASgOMiAucG9saWN5LkNvbmRpdGlvbkJvb2xlYW5UeXBlRW51bUILukgIyAEBggECEAEiSAoKU3ViamVjdFNldBI6ChBjb25kaXRpb25fZ3JvdXBzGAEgAygLMhYucG9saWN5LkNvbmRpdGlvbkdyb3VwQgi6SAWSAQIIASJ5ChNTdWJqZWN0Q29uZGl0aW9uU2V0EgoKAmlkGAEgASgJEjIKDHN1YmplY3Rfc2V0cxgDIAMoCzISLnBvbGljeS5TdWJqZWN0U2V0Qgi6SAWSAQIIARIiCghtZXRhZGF0YRhkIAEoCzIQLmNvbW1vbi5NZXRhZGF0YSJWCg9TdWJqZWN0UHJvcGVydHkSKwoXZXh0ZXJuYWxfc2VsZWN0b3JfdmFsdWUYASABKAlCCrpIB8gBAXICEAESFgoOZXh0ZXJuYWxfdmFsdWUYAiABKAkiegoUUmVzb3VyY2VNYXBwaW5nR3JvdXASCgoCaWQYASABKAkSHAoMbmFtZXNwYWNlX2lkGAIgASgJQga6SAPIAQESFAoEbmFtZRgDIAEoCUIGukgDyAEBEiIKCG1ldGFkYXRhGGQgASgLMhAuY29tbW9uLk1ldGFkYXRhIq0BCg9SZXNvdXJjZU1hcHBpbmcSCgoCaWQYASABKAkSIgoIbWV0YWRhdGEYAiABKAsyEC5jb21tb24uTWV0YWRhdGESLgoPYXR0cmlidXRlX3ZhbHVlGAMgASgLMg0ucG9saWN5LlZhbHVlQga6SAPIAQESDQoFdGVybXMYBCADKAkSKwoFZ3JvdXAYBSABKAsyHC5wb2xpY3kuUmVzb3VyY2VNYXBwaW5nR3JvdXAixgQKD0tleUFjY2Vzc1NlcnZlchIKCgJpZBgBIAEoCRKCAwoDdXJpGAIgASgJQvQCukjwAroB7AIKCnVyaV9mb3JtYXQSzwFVUkkgbXVzdCBiZSBhIHZhbGlkIFVSTCAoZS5nLiwgJ2h0dHBzOi8vZGVtby5jb20vJykgZm9sbG93ZWQgYnkgYWRkaXRpb25hbCBzZWdtZW50cy4gRWFjaCBzZWdtZW50IG11c3Qgc3RhcnQgYW5kIGVuZCB3aXRoIGFuIGFscGhhbnVtZXJpYyBjaGFyYWN0ZXIsIGNhbiBjb250YWluIGh5cGhlbnMsIGFscGhhbnVtZXJpYyBjaGFyYWN0ZXJzLCBhbmQgc2xhc2hlcy4aiwF0aGlzLm1hdGNoZXMoJ15odHRwcz86Ly9bYS16QS1aMC05XShbYS16QS1aMC05XFwtXXswLDYxfVthLXpBLVowLTldKT8oXFwuW2EtekEtWjAtOV0oW2EtekEtWjAtOVxcLV17MCw2MX1bYS16QS1aMC05XSk/KSooOlswLTldKyk/KC8uKik/JCcpEiUKCnB1YmxpY19rZXkYAyABKAsyES5wb2xpY3kuUHVibGljS2V5EicKC3NvdXJjZV90eXBlGAQgASgOMhIucG9saWN5LlNvdXJjZVR5cGUSIAoIa2FzX2tleXMYBSADKAsyDi5wb2xpY3kuS2FzS2V5EgwKBG5hbWUYFCABKAkSIgoIbWV0YWRhdGEYZCABKAsyEC5jb21tb24uTWV0YWRhdGEi5AEKA0tleRIKCgJpZBgBIAEoCRItCglpc19hY3RpdmUYAiABKAsyGi5nb29nbGUucHJvdG9idWYuQm9vbFZhbHVlEi4KCndhc19tYXBwZWQYAyABKAsyGi5nb29nbGUucHJvdG9idWYuQm9vbFZhbHVlEigKCnB1YmxpY19rZXkYBCABKAsyFC5wb2xpY3kuS2FzUHVibGljS2V5EiQKA2thcxgFIAEoCzIXLnBvbGljeS5LZXlBY2Nlc3NTZXJ2ZXISIgoIbWV0YWRhdGEYZCABKAsyEC5jb21tb24uTWV0YWRhdGEidQoMS2FzUHVibGljS2V5EhcKA3BlbRgBIAEoCUIKukgHcgUQARiAQBIWCgNraWQYAiABKAlCCbpIBnIEEAEYIBI0CgNhbGcYAyABKA4yGy5wb2xpY3kuS2FzUHVibGljS2V5QWxnRW51bUIKukgHggEEEAEgACI1Cg9LYXNQdWJsaWNLZXlTZXQSIgoEa2V5cxgBIAMoCzIULnBvbGljeS5LYXNQdWJsaWNLZXki0AMKCVB1YmxpY0tleRL8AgoGcmVtb3RlGAEgASgJQukCukjlAroB4QIKCnVyaV9mb3JtYXQSzwFVUkkgbXVzdCBiZSBhIHZhbGlkIFVSTCAoZS5nLiwgJ2h0dHBzOi8vZGVtby5jb20vJykgZm9sbG93ZWQgYnkgYWRkaXRpb25hbCBzZWdtZW50cy4gRWFjaCBzZWdtZW50IG11c3Qgc3RhcnQgYW5kIGVuZCB3aXRoIGFuIGFscGhhbnVtZXJpYyBjaGFyYWN0ZXIsIGNhbiBjb250YWluIGh5cGhlbnMsIGFscGhhbnVtZXJpYyBjaGFyYWN0ZXJzLCBhbmQgc2xhc2hlcy4agAF0aGlzLm1hdGNoZXMoJ15odHRwczovL1thLXpBLVowLTldKFthLXpBLVowLTlcXC1dezAsNjF9W2EtekEtWjAtOV0pPyhcXC5bYS16QS1aMC05XShbYS16QS1aMC05XFwtXXswLDYxfVthLXpBLVowLTldKT8pKigvLiopPyQnKUgAEikKBmNhY2hlZBgDIAEoCzIXLnBvbGljeS5LYXNQdWJsaWNLZXlTZXRIAEIMCgpwdWJsaWNfa2V5SgQIAhADUgVsb2NhbCKDAQoSUmVnaXN0ZXJlZFJlc291cmNlEgoKAmlkGAEgASgJEgwKBG5hbWUYAiABKAkSLwoGdmFsdWVzGAMgAygLMh8ucG9saWN5LlJlZ2lzdGVyZWRSZXNvdXJjZVZhbHVlEiIKCG1ldGFkYXRhGGQgASgLMhAuY29tbW9uLk1ldGFkYXRhIoYBChdSZWdpc3RlcmVkUmVzb3VyY2VWYWx1ZRIKCgJpZBgBIAEoCRINCgV2YWx1ZRgCIAEoCRIsCghyZXNvdXJjZRgDIAEoCzIaLnBvbGljeS5SZWdpc3RlcmVkUmVzb3VyY2USIgoIbWV0YWRhdGEYZCABKAsyEC5jb21tb24uTWV0YWRhdGEiPAoGS2FzS2V5Eg4KBmthc19pZBgBIAEoCRIiCgNrZXkYAiABKAsyFS5wb2xpY3kuQXN5bW1ldHJpY0tleSKoAgoNQXN5bW1ldHJpY0tleRIKCgJpZBgBIAEoCRIOCgZrZXlfaWQYAiABKAkSKAoNa2V5X2FsZ29yaXRobRgDIAEoDjIRLnBvbGljeS5BbGdvcml0aG0SJQoKa2V5X3N0YXR1cxgEIAEoDjIRLnBvbGljeS5LZXlTdGF0dXMSIQoIa2V5X21vZGUYBSABKA4yDy5wb2xpY3kuS2V5TW9kZRIWCg5wdWJsaWNfa2V5X2N0eBgGIAEoDBIXCg9wcml2YXRlX2tleV9jdHgYByABKAwSMgoPcHJvdmlkZXJfY29uZmlnGAggASgLMhkucG9saWN5LktleVByb3ZpZGVyQ29uZmlnEiIKCG1ldGFkYXRhGGQgASgLMhAuY29tbW9uLk1ldGFkYXRhIt0BCgxTeW1tZXRyaWNLZXkSCgoCaWQYASABKAkSDgoGa2V5X2lkGAIgASgJEiUKCmtleV9zdGF0dXMYAyABKA4yES5wb2xpY3kuS2V5U3RhdHVzEiEKCGtleV9tb2RlGAQgASgOMg8ucG9saWN5LktleU1vZGUSDwoHa2V5X2N0eBgFIAEoDBIyCg9wcm92aWRlcl9jb25maWcYBiABKAsyGS5wb2xpY3kuS2V5UHJvdmlkZXJDb25maWcSIgoIbWV0YWRhdGEYZCABKAsyEC5jb21tb24uTWV0YWRhdGEqswEKFUF0dHJpYnV0ZVJ1bGVUeXBlRW51bRIoCiRBVFRSSUJVVEVfUlVMRV9UWVBFX0VOVU1fVU5TUEVDSUZJRUQQABIjCh9BVFRSSUJVVEVfUlVMRV9UWVBFX0VOVU1fQUxMX09GEAESIwofQVRUUklCVVRFX1JVTEVfVFlQRV9FTlVNX0FOWV9PRhACEiYKIkFUVFJJQlVURV9SVUxFX1RZUEVfRU5VTV9ISUVSQVJDSFkQAyrKAQoaU3ViamVjdE1hcHBpbmdPcGVyYXRvckVudW0SLQopU1VCSkVDVF9NQVBQSU5HX09QRVJBVE9SX0VOVU1fVU5TUEVDSUZJRUQQABIkCiBTVUJKRUNUX01BUFBJTkdfT1BFUkFUT1JfRU5VTV9JThABEigKJFNVQkpFQ1RfTUFQUElOR19PUEVSQVRPUl9FTlVNX05PVF9JThACEi0KKVNVQkpFQ1RfTUFQUElOR19PUEVSQVRPUl9FTlVNX0lOX0NPTlRBSU5TEAMqkAEKGENvbmRpdGlvbkJvb2xlYW5UeXBlRW51bRIrCidDT05ESVRJT05fQk9PTEVBTl9UWVBFX0VOVU1fVU5TUEVDSUZJRUQQABIjCh9DT05ESVRJT05fQk9PTEVBTl9UWVBFX0VOVU1fQU5EEAESIgoeQ09ORElUSU9OX0JPT0xFQU5fVFlQRV9FTlVNX09SEAIqXQoKU291cmNlVHlwZRIbChdTT1VSQ0VfVFlQRV9VTlNQRUNJRklFRBAAEhgKFFNPVVJDRV9UWVBFX0lOVEVSTkFMEAESGAoUU09VUkNFX1RZUEVfRVhURVJOQUwQAiqIAgoTS2FzUHVibGljS2V5QWxnRW51bRInCiNLQVNfUFVCTElDX0tFWV9BTEdfRU5VTV9VTlNQRUNJRklFRBAAEiQKIEtBU19QVUJMSUNfS0VZX0FMR19FTlVNX1JTQV8yMDQ4EAESJAogS0FTX1BVQkxJQ19LRVlfQUxHX0VOVU1fUlNBXzQwOTYQAhIoCiRLQVNfUFVCTElDX0tFWV9BTEdfRU5VTV9FQ19TRUNQMjU2UjEQBRIoCiRLQVNfUFVCTElDX0tFWV9BTEdfRU5VTV9FQ19TRUNQMzg0UjEQBhIoCiRLQVNfUFVCTElDX0tFWV9BTEdfRU5VTV9FQ19TRUNQNTIxUjEQByqbAQoJQWxnb3JpdGhtEhkKFUFMR09SSVRITV9VTlNQRUNJRklFRBAAEhYKEkFMR09SSVRITV9SU0FfMjA0OBABEhYKEkFMR09SSVRITV9SU0FfNDA5NhACEhUKEUFMR09SSVRITV9FQ19QMjU2EAMSFQoRQUxHT1JJVEhNX0VDX1AzODQQBBIVChFBTEdPUklUSE1fRUNfUDUyMRAFKnMKCUtleVN0YXR1cxIaChZLRVlfU1RBVFVTX1VOU1BFQ0lGSUVEEAASFQoRS0VZX1NUQVRVU19BQ1RJVkUQARIXChNLRVlfU1RBVFVTX0lOQUNUSVZFEAISGgoWS0VZX1NUQVRVU19DT01QUk9NSVNFRBADKkwKB0tleU1vZGUSGAoUS0VZX01PREVfVU5TUEVDSUZJRUQQABISCg5LRVlfTU9ERV9MT0NBTBABEhMKD0tFWV9NT0RFX1JFTU9URRACYgZwcm90bzM", [file_buf_validate_validate, file_common_common, file_google_protobuf_wrappers]);
+  fileDesc("ChRwb2xpY3kvb2JqZWN0cy5wcm90bxIGcG9saWN5IlQKElNpbXBsZUthc1B1YmxpY0tleRIkCglhbGdvcml0aG0YASABKA4yES5wb2xpY3kuQWxnb3JpdGhtEgsKA2tpZBgCIAEoCRILCgNwZW0YAyABKAkiXwoMU2ltcGxlS2FzS2V5Eg8KB2thc191cmkYASABKAkSLgoKcHVibGljX2tleRgCIAEoCzIaLnBvbGljeS5TaW1wbGVLYXNQdWJsaWNLZXkSDgoGa2FzX2lkGAMgASgJIncKEUtleVByb3ZpZGVyQ29uZmlnEgoKAmlkGAEgASgJEgwKBG5hbWUYAiABKAkSEwoLY29uZmlnX2pzb24YAyABKAwSDwoHbWFuYWdlchgEIAEoCRIiCghtZXRhZGF0YRhkIAEoCzIQLmNvbW1vbi5NZXRhZGF0YSL8AQoJTmFtZXNwYWNlEgoKAmlkGAEgASgJEgwKBG5hbWUYAiABKAkSCwoDZnFuGAMgASgJEioKBmFjdGl2ZRgEIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5Cb29sVmFsdWUSIgoIbWV0YWRhdGEYBSABKAsyEC5jb21tb24uTWV0YWRhdGESJwoGZ3JhbnRzGAYgAygLMhcucG9saWN5LktleUFjY2Vzc1NlcnZlchImCghrYXNfa2V5cxgHIAMoCzIULnBvbGljeS5TaW1wbGVLYXNLZXkSJwoKcm9vdF9jZXJ0cxgIIAMoCzITLnBvbGljeS5DZXJ0aWZpY2F0ZSJKCgtDZXJ0aWZpY2F0ZRIKCgJpZBgBIAEoCRILCgNwZW0YAiABKAkSIgoIbWV0YWRhdGEYAyABKAsyEC5jb21tb24uTWV0YWRhdGEi0gIKCUF0dHJpYnV0ZRIKCgJpZBgBIAEoCRIkCgluYW1lc3BhY2UYAiABKAsyES5wb2xpY3kuTmFtZXNwYWNlEgwKBG5hbWUYAyABKAkSOAoEcnVsZRgEIAEoDjIdLnBvbGljeS5BdHRyaWJ1dGVSdWxlVHlwZUVudW1CC7pICMgBAYIBAhABEh0KBnZhbHVlcxgFIAMoCzINLnBvbGljeS5WYWx1ZRInCgZncmFudHMYBiADKAsyFy5wb2xpY3kuS2V5QWNjZXNzU2VydmVyEgsKA2ZxbhgHIAEoCRIqCgZhY3RpdmUYCCABKAsyGi5nb29nbGUucHJvdG9idWYuQm9vbFZhbHVlEiYKCGthc19rZXlzGAkgAygLMhQucG9saWN5LlNpbXBsZUthc0tleRIiCghtZXRhZGF0YRhkIAEoCzIQLmNvbW1vbi5NZXRhZGF0YSKUAwoFVmFsdWUSCgoCaWQYASABKAkSJAoJYXR0cmlidXRlGAIgASgLMhEucG9saWN5LkF0dHJpYnV0ZRINCgV2YWx1ZRgDIAEoCRInCgZncmFudHMYBSADKAsyFy5wb2xpY3kuS2V5QWNjZXNzU2VydmVyEgsKA2ZxbhgGIAEoCRIqCgZhY3RpdmUYByABKAsyGi5nb29nbGUucHJvdG9idWYuQm9vbFZhbHVlEjAKEHN1YmplY3RfbWFwcGluZ3MYCCADKAsyFi5wb2xpY3kuU3ViamVjdE1hcHBpbmcSJgoIa2FzX2tleXMYCSADKAsyFC5wb2xpY3kuU2ltcGxlS2FzS2V5EjIKEXJlc291cmNlX21hcHBpbmdzGAogAygLMhcucG9saWN5LlJlc291cmNlTWFwcGluZxInCgtvYmxpZ2F0aW9ucxgLIAMoCzISLnBvbGljeS5PYmxpZ2F0aW9uEiIKCG1ldGFkYXRhGGQgASgLMhAuY29tbW9uLk1ldGFkYXRhSgQIBBAFUgdtZW1iZXJzIoICCgZBY3Rpb24SCgoCaWQYAyABKAkSMQoIc3RhbmRhcmQYASABKA4yHS5wb2xpY3kuQWN0aW9uLlN0YW5kYXJkQWN0aW9uSAASEAoGY3VzdG9tGAIgASgJSAASDAoEbmFtZRgEIAEoCRIiCghtZXRhZGF0YRhkIAEoCzIQLmNvbW1vbi5NZXRhZGF0YSJsCg5TdGFuZGFyZEFjdGlvbhIfChtTVEFOREFSRF9BQ1RJT05fVU5TUEVDSUZJRUQQABIbChdTVEFOREFSRF9BQ1RJT05fREVDUllQVBABEhwKGFNUQU5EQVJEX0FDVElPTl9UUkFOU01JVBACQgcKBXZhbHVlIsUBCg5TdWJqZWN0TWFwcGluZxIKCgJpZBgBIAEoCRImCg9hdHRyaWJ1dGVfdmFsdWUYAiABKAsyDS5wb2xpY3kuVmFsdWUSOgoVc3ViamVjdF9jb25kaXRpb25fc2V0GAMgASgLMhsucG9saWN5LlN1YmplY3RDb25kaXRpb25TZXQSHwoHYWN0aW9ucxgEIAMoCzIOLnBvbGljeS5BY3Rpb24SIgoIbWV0YWRhdGEYZCABKAsyEC5jb21tb24uTWV0YWRhdGEiqgEKCUNvbmRpdGlvbhIvCh9zdWJqZWN0X2V4dGVybmFsX3NlbGVjdG9yX3ZhbHVlGAEgASgJQga6SAPIAQESQQoIb3BlcmF0b3IYAiABKA4yIi5wb2xpY3kuU3ViamVjdE1hcHBpbmdPcGVyYXRvckVudW1CC7pICMgBAYIBAhABEikKF3N1YmplY3RfZXh0ZXJuYWxfdmFsdWVzGAMgAygJQgi6SAWSAQIIASKKAQoOQ29uZGl0aW9uR3JvdXASLwoKY29uZGl0aW9ucxgBIAMoCzIRLnBvbGljeS5Db25kaXRpb25CCLpIBZIBAggBEkcKEGJvb2xlYW5fb3BlcmF0b3IYAiABKA4yIC5wb2xpY3kuQ29uZGl0aW9uQm9vbGVhblR5cGVFbnVtQgu6SAjIAQGCAQIQASJICgpTdWJqZWN0U2V0EjoKEGNvbmRpdGlvbl9ncm91cHMYASADKAsyFi5wb2xpY3kuQ29uZGl0aW9uR3JvdXBCCLpIBZIBAggBInkKE1N1YmplY3RDb25kaXRpb25TZXQSCgoCaWQYASABKAkSMgoMc3ViamVjdF9zZXRzGAMgAygLMhIucG9saWN5LlN1YmplY3RTZXRCCLpIBZIBAggBEiIKCG1ldGFkYXRhGGQgASgLMhAuY29tbW9uLk1ldGFkYXRhIlYKD1N1YmplY3RQcm9wZXJ0eRIrChdleHRlcm5hbF9zZWxlY3Rvcl92YWx1ZRgBIAEoCUIKukgHyAEBcgIQARIWCg5leHRlcm5hbF92YWx1ZRgCIAEoCSJ6ChRSZXNvdXJjZU1hcHBpbmdHcm91cBIKCgJpZBgBIAEoCRIcCgxuYW1lc3BhY2VfaWQYAiABKAlCBrpIA8gBARIUCgRuYW1lGAMgASgJQga6SAPIAQESIgoIbWV0YWRhdGEYZCABKAsyEC5jb21tb24uTWV0YWRhdGEirQEKD1Jlc291cmNlTWFwcGluZxIKCgJpZBgBIAEoCRIiCghtZXRhZGF0YRgCIAEoCzIQLmNvbW1vbi5NZXRhZGF0YRIuCg9hdHRyaWJ1dGVfdmFsdWUYAyABKAsyDS5wb2xpY3kuVmFsdWVCBrpIA8gBARINCgV0ZXJtcxgEIAMoCRIrCgVncm91cBgFIAEoCzIcLnBvbGljeS5SZXNvdXJjZU1hcHBpbmdHcm91cCLMBAoPS2V5QWNjZXNzU2VydmVyEgoKAmlkGAEgASgJEoIDCgN1cmkYAiABKAlC9AK6SPACugHsAgoKdXJpX2Zvcm1hdBLPAVVSSSBtdXN0IGJlIGEgdmFsaWQgVVJMIChlLmcuLCAnaHR0cHM6Ly9kZW1vLmNvbS8nKSBmb2xsb3dlZCBieSBhZGRpdGlvbmFsIHNlZ21lbnRzLiBFYWNoIHNlZ21lbnQgbXVzdCBzdGFydCBhbmQgZW5kIHdpdGggYW4gYWxwaGFudW1lcmljIGNoYXJhY3RlciwgY2FuIGNvbnRhaW4gaHlwaGVucywgYWxwaGFudW1lcmljIGNoYXJhY3RlcnMsIGFuZCBzbGFzaGVzLhqLAXRoaXMubWF0Y2hlcygnXmh0dHBzPzovL1thLXpBLVowLTldKFthLXpBLVowLTlcXC1dezAsNjF9W2EtekEtWjAtOV0pPyhcXC5bYS16QS1aMC05XShbYS16QS1aMC05XFwtXXswLDYxfVthLXpBLVowLTldKT8pKig6WzAtOV0rKT8oLy4qKT8kJykSJQoKcHVibGljX2tleRgDIAEoCzIRLnBvbGljeS5QdWJsaWNLZXkSJwoLc291cmNlX3R5cGUYBCABKA4yEi5wb2xpY3kuU291cmNlVHlwZRImCghrYXNfa2V5cxgFIAMoCzIULnBvbGljeS5TaW1wbGVLYXNLZXkSDAoEbmFtZRgUIAEoCRIiCghtZXRhZGF0YRhkIAEoCzIQLmNvbW1vbi5NZXRhZGF0YSLkAQoDS2V5EgoKAmlkGAEgASgJEi0KCWlzX2FjdGl2ZRgCIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5Cb29sVmFsdWUSLgoKd2FzX21hcHBlZBgDIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5Cb29sVmFsdWUSKAoKcHVibGljX2tleRgEIAEoCzIULnBvbGljeS5LYXNQdWJsaWNLZXkSJAoDa2FzGAUgASgLMhcucG9saWN5LktleUFjY2Vzc1NlcnZlchIiCghtZXRhZGF0YRhkIAEoCzIQLmNvbW1vbi5NZXRhZGF0YSJ1CgxLYXNQdWJsaWNLZXkSFwoDcGVtGAEgASgJQgq6SAdyBRABGIBAEhYKA2tpZBgCIAEoCUIJukgGcgQQARggEjQKA2FsZxgDIAEoDjIbLnBvbGljeS5LYXNQdWJsaWNLZXlBbGdFbnVtQgq6SAeCAQQQASAAIjUKD0thc1B1YmxpY0tleVNldBIiCgRrZXlzGAEgAygLMhQucG9saWN5Lkthc1B1YmxpY0tleSLQAwoJUHVibGljS2V5EvwCCgZyZW1vdGUYASABKAlC6QK6SOUCugHhAgoKdXJpX2Zvcm1hdBLPAVVSSSBtdXN0IGJlIGEgdmFsaWQgVVJMIChlLmcuLCAnaHR0cHM6Ly9kZW1vLmNvbS8nKSBmb2xsb3dlZCBieSBhZGRpdGlvbmFsIHNlZ21lbnRzLiBFYWNoIHNlZ21lbnQgbXVzdCBzdGFydCBhbmQgZW5kIHdpdGggYW4gYWxwaGFudW1lcmljIGNoYXJhY3RlciwgY2FuIGNvbnRhaW4gaHlwaGVucywgYWxwaGFudW1lcmljIGNoYXJhY3RlcnMsIGFuZCBzbGFzaGVzLhqAAXRoaXMubWF0Y2hlcygnXmh0dHBzOi8vW2EtekEtWjAtOV0oW2EtekEtWjAtOVxcLV17MCw2MX1bYS16QS1aMC05XSk/KFxcLlthLXpBLVowLTldKFthLXpBLVowLTlcXC1dezAsNjF9W2EtekEtWjAtOV0pPykqKC8uKik/JCcpSAASKQoGY2FjaGVkGAMgASgLMhcucG9saWN5Lkthc1B1YmxpY0tleVNldEgAQgwKCnB1YmxpY19rZXlKBAgCEANSBWxvY2FsIoMBChJSZWdpc3RlcmVkUmVzb3VyY2USCgoCaWQYASABKAkSDAoEbmFtZRgCIAEoCRIvCgZ2YWx1ZXMYAyADKAsyHy5wb2xpY3kuUmVnaXN0ZXJlZFJlc291cmNlVmFsdWUSIgoIbWV0YWRhdGEYZCABKAsyEC5jb21tb24uTWV0YWRhdGEi7gIKF1JlZ2lzdGVyZWRSZXNvdXJjZVZhbHVlEgoKAmlkGAEgASgJEg0KBXZhbHVlGAIgASgJEiwKCHJlc291cmNlGAMgASgLMhoucG9saWN5LlJlZ2lzdGVyZWRSZXNvdXJjZRJVChdhY3Rpb25fYXR0cmlidXRlX3ZhbHVlcxgEIAMoCzI0LnBvbGljeS5SZWdpc3RlcmVkUmVzb3VyY2VWYWx1ZS5BY3Rpb25BdHRyaWJ1dGVWYWx1ZRIiCghtZXRhZGF0YRhkIAEoCzIQLmNvbW1vbi5NZXRhZGF0YRqOAQoUQWN0aW9uQXR0cmlidXRlVmFsdWUSCgoCaWQYASABKAkSHgoGYWN0aW9uGAIgASgLMg4ucG9saWN5LkFjdGlvbhImCg9hdHRyaWJ1dGVfdmFsdWUYAyABKAsyDS5wb2xpY3kuVmFsdWUSIgoIbWV0YWRhdGEYZCABKAsyEC5jb21tb24uTWV0YWRhdGEiNAoWUG9saWN5RW5mb3JjZW1lbnRQb2ludBIaCgljbGllbnRfaWQYASABKAlCB7pIBHICEAEiRQoOUmVxdWVzdENvbnRleHQSMwoDcGVwGAEgASgLMh4ucG9saWN5LlBvbGljeUVuZm9yY2VtZW50UG9pbnRCBrpIA8gBASKmAQoKT2JsaWdhdGlvbhIKCgJpZBgBIAEoCRIkCgluYW1lc3BhY2UYAiABKAsyES5wb2xpY3kuTmFtZXNwYWNlEgwKBG5hbWUYAyABKAkSJwoGdmFsdWVzGAQgAygLMhcucG9saWN5Lk9ibGlnYXRpb25WYWx1ZRILCgNmcW4YBSABKAkSIgoIbWV0YWRhdGEYZCABKAsyEC5jb21tb24uTWV0YWRhdGEisgEKD09ibGlnYXRpb25WYWx1ZRIKCgJpZBgBIAEoCRImCgpvYmxpZ2F0aW9uGAIgASgLMhIucG9saWN5Lk9ibGlnYXRpb24SDQoFdmFsdWUYAyABKAkSKwoIdHJpZ2dlcnMYBCADKAsyGS5wb2xpY3kuT2JsaWdhdGlvblRyaWdnZXISCwoDZnFuGAUgASgJEiIKCG1ldGFkYXRhGGQgASgLMhAuY29tbW9uLk1ldGFkYXRhIucBChFPYmxpZ2F0aW9uVHJpZ2dlchIKCgJpZBgBIAEoCRIxChBvYmxpZ2F0aW9uX3ZhbHVlGAIgASgLMhcucG9saWN5Lk9ibGlnYXRpb25WYWx1ZRIeCgZhY3Rpb24YAyABKAsyDi5wb2xpY3kuQWN0aW9uEiYKD2F0dHJpYnV0ZV92YWx1ZRgEIAEoCzINLnBvbGljeS5WYWx1ZRInCgdjb250ZXh0GAUgAygLMhYucG9saWN5LlJlcXVlc3RDb250ZXh0EiIKCG1ldGFkYXRhGGQgASgLMhAuY29tbW9uLk1ldGFkYXRhIk0KBkthc0tleRIOCgZrYXNfaWQYASABKAkSIgoDa2V5GAIgASgLMhUucG9saWN5LkFzeW1tZXRyaWNLZXkSDwoHa2FzX3VyaRgDIAEoCSIkCgxQdWJsaWNLZXlDdHgSFAoDcGVtGAEgASgJQge6SARyAhABIj0KDVByaXZhdGVLZXlDdHgSFwoGa2V5X2lkGAEgASgJQge6SARyAhABEhMKC3dyYXBwZWRfa2V5GAIgASgJIuUCCg1Bc3ltbWV0cmljS2V5EgoKAmlkGAEgASgJEg4KBmtleV9pZBgCIAEoCRIoCg1rZXlfYWxnb3JpdGhtGAMgASgOMhEucG9saWN5LkFsZ29yaXRobRIlCgprZXlfc3RhdHVzGAQgASgOMhEucG9saWN5LktleVN0YXR1cxIhCghrZXlfbW9kZRgFIAEoDjIPLnBvbGljeS5LZXlNb2RlEiwKDnB1YmxpY19rZXlfY3R4GAYgASgLMhQucG9saWN5LlB1YmxpY0tleUN0eBIuCg9wcml2YXRlX2tleV9jdHgYByABKAsyFS5wb2xpY3kuUHJpdmF0ZUtleUN0eBIyCg9wcm92aWRlcl9jb25maWcYCCABKAsyGS5wb2xpY3kuS2V5UHJvdmlkZXJDb25maWcSDgoGbGVnYWN5GAkgASgIEiIKCG1ldGFkYXRhGGQgASgLMhAuY29tbW9uLk1ldGFkYXRhIt0BCgxTeW1tZXRyaWNLZXkSCgoCaWQYASABKAkSDgoGa2V5X2lkGAIgASgJEiUKCmtleV9zdGF0dXMYAyABKA4yES5wb2xpY3kuS2V5U3RhdHVzEiEKCGtleV9tb2RlGAQgASgOMg8ucG9saWN5LktleU1vZGUSDwoHa2V5X2N0eBgFIAEoDBIyCg9wcm92aWRlcl9jb25maWcYBiABKAsyGS5wb2xpY3kuS2V5UHJvdmlkZXJDb25maWcSIgoIbWV0YWRhdGEYZCABKAsyEC5jb21tb24uTWV0YWRhdGEqswEKFUF0dHJpYnV0ZVJ1bGVUeXBlRW51bRIoCiRBVFRSSUJVVEVfUlVMRV9UWVBFX0VOVU1fVU5TUEVDSUZJRUQQABIjCh9BVFRSSUJVVEVfUlVMRV9UWVBFX0VOVU1fQUxMX09GEAESIwofQVRUUklCVVRFX1JVTEVfVFlQRV9FTlVNX0FOWV9PRhACEiYKIkFUVFJJQlVURV9SVUxFX1RZUEVfRU5VTV9ISUVSQVJDSFkQAyrKAQoaU3ViamVjdE1hcHBpbmdPcGVyYXRvckVudW0SLQopU1VCSkVDVF9NQVBQSU5HX09QRVJBVE9SX0VOVU1fVU5TUEVDSUZJRUQQABIkCiBTVUJKRUNUX01BUFBJTkdfT1BFUkFUT1JfRU5VTV9JThABEigKJFNVQkpFQ1RfTUFQUElOR19PUEVSQVRPUl9FTlVNX05PVF9JThACEi0KKVNVQkpFQ1RfTUFQUElOR19PUEVSQVRPUl9FTlVNX0lOX0NPTlRBSU5TEAMqkAEKGENvbmRpdGlvbkJvb2xlYW5UeXBlRW51bRIrCidDT05ESVRJT05fQk9PTEVBTl9UWVBFX0VOVU1fVU5TUEVDSUZJRUQQABIjCh9DT05ESVRJT05fQk9PTEVBTl9UWVBFX0VOVU1fQU5EEAESIgoeQ09ORElUSU9OX0JPT0xFQU5fVFlQRV9FTlVNX09SEAIqXQoKU291cmNlVHlwZRIbChdTT1VSQ0VfVFlQRV9VTlNQRUNJRklFRBAAEhgKFFNPVVJDRV9UWVBFX0lOVEVSTkFMEAESGAoUU09VUkNFX1RZUEVfRVhURVJOQUwQAiqIAgoTS2FzUHVibGljS2V5QWxnRW51bRInCiNLQVNfUFVCTElDX0tFWV9BTEdfRU5VTV9VTlNQRUNJRklFRBAAEiQKIEtBU19QVUJMSUNfS0VZX0FMR19FTlVNX1JTQV8yMDQ4EAESJAogS0FTX1BVQkxJQ19LRVlfQUxHX0VOVU1fUlNBXzQwOTYQAhIoCiRLQVNfUFVCTElDX0tFWV9BTEdfRU5VTV9FQ19TRUNQMjU2UjEQBRIoCiRLQVNfUFVCTElDX0tFWV9BTEdfRU5VTV9FQ19TRUNQMzg0UjEQBhIoCiRLQVNfUFVCTElDX0tFWV9BTEdfRU5VTV9FQ19TRUNQNTIxUjEQByqbAQoJQWxnb3JpdGhtEhkKFUFMR09SSVRITV9VTlNQRUNJRklFRBAAEhYKEkFMR09SSVRITV9SU0FfMjA0OBABEhYKEkFMR09SSVRITV9SU0FfNDA5NhACEhUKEUFMR09SSVRITV9FQ19QMjU2EAMSFQoRQUxHT1JJVEhNX0VDX1AzODQQBBIVChFBTEdPUklUSE1fRUNfUDUyMRAFKlYKCUtleVN0YXR1cxIaChZLRVlfU1RBVFVTX1VOU1BFQ0lGSUVEEAASFQoRS0VZX1NUQVRVU19BQ1RJVkUQARIWChJLRVlfU1RBVFVTX1JPVEFURUQQAiqUAQoHS2V5TW9kZRIYChRLRVlfTU9ERV9VTlNQRUNJRklFRBAAEhwKGEtFWV9NT0RFX0NPTkZJR19ST09UX0tFWRABEh4KGktFWV9NT0RFX1BST1ZJREVSX1JPT1RfS0VZEAISEwoPS0VZX01PREVfUkVNT1RFEAMSHAoYS0VZX01PREVfUFVCTElDX0tFWV9PTkxZEARiBnByb3RvMw", [file_buf_validate_validate, file_common_common, file_google_protobuf_wrappers]);
+
+/**
+ * @generated from message policy.SimpleKasPublicKey
+ */
+export type SimpleKasPublicKey = Message<"policy.SimpleKasPublicKey"> & {
+  /**
+   * @generated from field: policy.Algorithm algorithm = 1;
+   */
+  algorithm: Algorithm;
+
+  /**
+   * @generated from field: string kid = 2;
+   */
+  kid: string;
+
+  /**
+   * @generated from field: string pem = 3;
+   */
+  pem: string;
+};
+
+/**
+ * Describes the message policy.SimpleKasPublicKey.
+ * Use `create(SimpleKasPublicKeySchema)` to create a new message.
+ */
+export const SimpleKasPublicKeySchema: GenMessage<SimpleKasPublicKey> = /*@__PURE__*/
+  messageDesc(file_policy_objects, 0);
+
+/**
+ * @generated from message policy.SimpleKasKey
+ */
+export type SimpleKasKey = Message<"policy.SimpleKasKey"> & {
+  /**
+   * The URL of the Key Access Server
+   *
+   * @generated from field: string kas_uri = 1;
+   */
+  kasUri: string;
+
+  /**
+   * The public key of the Key that belongs to the KAS
+   *
+   * @generated from field: policy.SimpleKasPublicKey public_key = 2;
+   */
+  publicKey?: SimpleKasPublicKey;
+
+  /**
+   * The ID of the Key Access Server
+   *
+   * @generated from field: string kas_id = 3;
+   */
+  kasId: string;
+};
+
+/**
+ * Describes the message policy.SimpleKasKey.
+ * Use `create(SimpleKasKeySchema)` to create a new message.
+ */
+export const SimpleKasKeySchema: GenMessage<SimpleKasKey> = /*@__PURE__*/
+  messageDesc(file_policy_objects, 1);
 
 /**
  * @generated from message policy.KeyProviderConfig
@@ -35,6 +95,11 @@ export type KeyProviderConfig = Message<"policy.KeyProviderConfig"> & {
    */
   configJson: Uint8Array;
 
+  /**
+   * @generated from field: string manager = 4;
+   */
+  manager: string;
+
   /**
    * Common metadata
    *
@@ -48,7 +113,7 @@ export type KeyProviderConfig = Message<"policy.KeyProviderConfig"> & {
  * Use `create(KeyProviderConfigSchema)` to create a new message.
  */
 export const KeyProviderConfigSchema: GenMessage<KeyProviderConfig> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 0);
+  messageDesc(file_policy_objects, 2);
 
 /**
  * @generated from message policy.Namespace
@@ -87,7 +152,7 @@ export type Namespace = Message<"policy.Namespace"> & {
   metadata?: Metadata;
 
   /**
-   * KAS grants for the namespace
+   * Deprecated KAS grants for the namespace. Use kas_keys instead.
    *
    * @generated from field: repeated policy.KeyAccessServer grants = 6;
    */
@@ -96,9 +161,16 @@ export type Namespace = Message<"policy.Namespace"> & {
   /**
    * Keys for the namespace
    *
-   * @generated from field: repeated policy.KasKey kas_keys = 7;
+   * @generated from field: repeated policy.SimpleKasKey kas_keys = 7;
    */
-  kasKeys: KasKey[];
+  kasKeys: SimpleKasKey[];
+
+  /**
+   * Root certificates for chain of trust
+   *
+   * @generated from field: repeated policy.Certificate root_certs = 8;
+   */
+  rootCerts: Certificate[];
 };
 
 /**
@@ -106,7 +178,40 @@ export type Namespace = Message<"policy.Namespace"> & {
  * Use `create(NamespaceSchema)` to create a new message.
  */
 export const NamespaceSchema: GenMessage<Namespace> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 1);
+  messageDesc(file_policy_objects, 3);
+
+/**
+ * @generated from message policy.Certificate
+ */
+export type Certificate = Message<"policy.Certificate"> & {
+  /**
+   * generated uuid in database
+   *
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * PEM format certificate
+   *
+   * @generated from field: string pem = 2;
+   */
+  pem: string;
+
+  /**
+   * Optional metadata.
+   *
+   * @generated from field: common.Metadata metadata = 3;
+   */
+  metadata?: Metadata;
+};
+
+/**
+ * Describes the message policy.Certificate.
+ * Use `create(CertificateSchema)` to create a new message.
+ */
+export const CertificateSchema: GenMessage<Certificate> = /*@__PURE__*/
+  messageDesc(file_policy_objects, 4);
 
 /**
  * @generated from message policy.Attribute
@@ -144,7 +249,7 @@ export type Attribute = Message<"policy.Attribute"> & {
   values: Value[];
 
   /**
-   * Deprecated
+   * Deprecated KAS grants for the attribute. Use kas_keys instead.
    *
    * @generated from field: repeated policy.KeyAccessServer grants = 6;
    */
@@ -165,9 +270,9 @@ export type Attribute = Message<"policy.Attribute"> & {
   /**
    * Keys associated with the attribute
    *
-   * @generated from field: repeated policy.KasKey kas_keys = 9;
+   * @generated from field: repeated policy.SimpleKasKey kas_keys = 9;
    */
-  kasKeys: KasKey[];
+  kasKeys: SimpleKasKey[];
 
   /**
    * Common metadata
@@ -182,7 +287,7 @@ export type Attribute = Message<"policy.Attribute"> & {
  * Use `create(AttributeSchema)` to create a new message.
  */
 export const AttributeSchema: GenMessage<Attribute> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 2);
+  messageDesc(file_policy_objects, 5);
 
 /**
  * @generated from message policy.Value
@@ -206,8 +311,7 @@ export type Value = Message<"policy.Value"> & {
   value: string;
 
   /**
-   * Deprecated
-   * list of key access servers
+   * Deprecated KAS grants for the value. Use kas_keys instead.
    *
    * @generated from field: repeated policy.KeyAccessServer grants = 5;
    */
@@ -233,9 +337,19 @@ export type Value = Message<"policy.Value"> & {
   subjectMappings: SubjectMapping[];
 
   /**
-   * @generated from field: repeated policy.KasKey kas_keys = 9;
+   * @generated from field: repeated policy.SimpleKasKey kas_keys = 9;
+   */
+  kasKeys: SimpleKasKey[];
+
+  /**
+   * @generated from field: repeated policy.ResourceMapping resource_mappings = 10;
+   */
+  resourceMappings: ResourceMapping[];
+
+  /**
+   * @generated from field: repeated policy.Obligation obligations = 11;
    */
-  kasKeys: KasKey[];
+  obligations: Obligation[];
 
   /**
    * Common metadata
@@ -250,7 +364,7 @@ export type Value = Message<"policy.Value"> & {
  * Use `create(ValueSchema)` to create a new message.
  */
 export const ValueSchema: GenMessage<Value> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 3);
+  messageDesc(file_policy_objects, 6);
 
 /**
  * An action an entity can take
@@ -266,7 +380,7 @@ export type Action = Message<"policy.Action"> & {
   id: string;
 
   /**
-   * Deprecated
+   * Deprecated: use 'name' instead
    *
    * @generated from oneof policy.Action.value
    */
@@ -304,7 +418,7 @@ export type Action = Message<"policy.Action"> & {
  * Use `create(ActionSchema)` to create a new message.
  */
 export const ActionSchema: GenMessage<Action> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 4);
+  messageDesc(file_policy_objects, 7);
 
 /**
  * @generated from enum policy.Action.StandardAction
@@ -336,7 +450,7 @@ export enum Action_StandardAction {
  * Describes the enum policy.Action.StandardAction.
  */
 export const Action_StandardActionSchema: GenEnum<Action_StandardAction> = /*@__PURE__*/
-  enumDesc(file_policy_objects, 4, 0);
+  enumDesc(file_policy_objects, 7, 0);
 
 /**
  *
@@ -383,7 +497,7 @@ export type SubjectMapping = Message<"policy.SubjectMapping"> & {
  * Use `create(SubjectMappingSchema)` to create a new message.
  */
 export const SubjectMappingSchema: GenMessage<SubjectMapping> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 5);
+  messageDesc(file_policy_objects, 8);
 
 /**
  * *
@@ -423,7 +537,7 @@ export type Condition = Message<"policy.Condition"> & {
  * Use `create(ConditionSchema)` to create a new message.
  */
 export const ConditionSchema: GenMessage<Condition> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 6);
+  messageDesc(file_policy_objects, 9);
 
 /**
  * A collection of Conditions evaluated by the boolean_operator provided
@@ -449,7 +563,7 @@ export type ConditionGroup = Message<"policy.ConditionGroup"> & {
  * Use `create(ConditionGroupSchema)` to create a new message.
  */
 export const ConditionGroupSchema: GenMessage<ConditionGroup> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 7);
+  messageDesc(file_policy_objects, 10);
 
 /**
  * A collection of Condition Groups
@@ -470,7 +584,7 @@ export type SubjectSet = Message<"policy.SubjectSet"> & {
  * Use `create(SubjectSetSchema)` to create a new message.
  */
 export const SubjectSetSchema: GenMessage<SubjectSet> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 8);
+  messageDesc(file_policy_objects, 11);
 
 /**
  *
@@ -504,7 +618,7 @@ export type SubjectConditionSet = Message<"policy.SubjectConditionSet"> & {
  * Use `create(SubjectConditionSetSchema)` to create a new message.
  */
 export const SubjectConditionSetSchema: GenMessage<SubjectConditionSet> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 9);
+  messageDesc(file_policy_objects, 12);
 
 /**
  *
@@ -539,7 +653,7 @@ export type SubjectProperty = Message<"policy.SubjectProperty"> & {
  * Use `create(SubjectPropertySchema)` to create a new message.
  */
 export const SubjectPropertySchema: GenMessage<SubjectProperty> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 10);
+  messageDesc(file_policy_objects, 13);
 
 /**
  *
@@ -582,7 +696,7 @@ export type ResourceMappingGroup = Message<"policy.ResourceMappingGroup"> & {
  * Use `create(ResourceMappingGroupSchema)` to create a new message.
  */
 export const ResourceMappingGroupSchema: GenMessage<ResourceMappingGroup> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 11);
+  messageDesc(file_policy_objects, 14);
 
 /**
  *
@@ -623,7 +737,7 @@ export type ResourceMapping = Message<"policy.ResourceMapping"> & {
  * Use `create(ResourceMappingSchema)` to create a new message.
  */
 export const ResourceMappingSchema: GenMessage<ResourceMapping> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 12);
+  messageDesc(file_policy_objects, 15);
 
 /**
  *
@@ -645,7 +759,7 @@ export type KeyAccessServer = Message<"policy.KeyAccessServer"> & {
   uri: string;
 
   /**
-   * Deprecated
+   * Deprecated: KAS can have multiple key pairs
    *
    * @generated from field: policy.PublicKey public_key = 3;
    */
@@ -661,9 +775,9 @@ export type KeyAccessServer = Message<"policy.KeyAccessServer"> & {
   /**
    * Kas keys associated with this KAS
    *
-   * @generated from field: repeated policy.KasKey kas_keys = 5;
+   * @generated from field: repeated policy.SimpleKasKey kas_keys = 5;
    */
-  kasKeys: KasKey[];
+  kasKeys: SimpleKasKey[];
 
   /**
    * Optional
@@ -686,7 +800,7 @@ export type KeyAccessServer = Message<"policy.KeyAccessServer"> & {
  * Use `create(KeyAccessServerSchema)` to create a new message.
  */
 export const KeyAccessServerSchema: GenMessage<KeyAccessServer> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 13);
+  messageDesc(file_policy_objects, 16);
 
 /**
  * @generated from message policy.Key
@@ -732,7 +846,7 @@ export type Key = Message<"policy.Key"> & {
  * Use `create(KeySchema)` to create a new message.
  */
 export const KeySchema: GenMessage<Key> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 14);
+  messageDesc(file_policy_objects, 17);
 
 /**
  * Deprecated
@@ -770,7 +884,7 @@ export type KasPublicKey = Message<"policy.KasPublicKey"> & {
  * Use `create(KasPublicKeySchema)` to create a new message.
  */
 export const KasPublicKeySchema: GenMessage<KasPublicKey> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 15);
+  messageDesc(file_policy_objects, 18);
 
 /**
  * Deprecated
@@ -790,7 +904,7 @@ export type KasPublicKeySet = Message<"policy.KasPublicKeySet"> & {
  * Use `create(KasPublicKeySetSchema)` to create a new message.
  */
 export const KasPublicKeySetSchema: GenMessage<KasPublicKeySet> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 16);
+  messageDesc(file_policy_objects, 19);
 
 /**
  * Deprecated
@@ -825,7 +939,7 @@ export type PublicKey = Message<"policy.PublicKey"> & {
  * Use `create(PublicKeySchema)` to create a new message.
  */
 export const PublicKeySchema: GenMessage<PublicKey> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 17);
+  messageDesc(file_policy_objects, 20);
 
 /**
  * @generated from message policy.RegisteredResource
@@ -859,7 +973,7 @@ export type RegisteredResource = Message<"policy.RegisteredResource"> & {
  * Use `create(RegisteredResourceSchema)` to create a new message.
  */
 export const RegisteredResourceSchema: GenMessage<RegisteredResource> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 18);
+  messageDesc(file_policy_objects, 21);
 
 /**
  * @generated from message policy.RegisteredResourceValue
@@ -880,6 +994,11 @@ export type RegisteredResourceValue = Message<"policy.RegisteredResourceValue">
    */
   resource?: RegisteredResource;
 
+  /**
+   * @generated from field: repeated policy.RegisteredResourceValue.ActionAttributeValue action_attribute_values = 4;
+   */
+  actionAttributeValues: RegisteredResourceValue_ActionAttributeValue[];
+
   /**
    * Common metadata
    *
@@ -893,7 +1012,203 @@ export type RegisteredResourceValue = Message<"policy.RegisteredResourceValue">
  * Use `create(RegisteredResourceValueSchema)` to create a new message.
  */
 export const RegisteredResourceValueSchema: GenMessage<RegisteredResourceValue> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 19);
+  messageDesc(file_policy_objects, 22);
+
+/**
+ * @generated from message policy.RegisteredResourceValue.ActionAttributeValue
+ */
+export type RegisteredResourceValue_ActionAttributeValue = Message<"policy.RegisteredResourceValue.ActionAttributeValue"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * @generated from field: policy.Action action = 2;
+   */
+  action?: Action;
+
+  /**
+   * @generated from field: policy.Value attribute_value = 3;
+   */
+  attributeValue?: Value;
+
+  /**
+   * Common metadata
+   *
+   * @generated from field: common.Metadata metadata = 100;
+   */
+  metadata?: Metadata;
+};
+
+/**
+ * Describes the message policy.RegisteredResourceValue.ActionAttributeValue.
+ * Use `create(RegisteredResourceValue_ActionAttributeValueSchema)` to create a new message.
+ */
+export const RegisteredResourceValue_ActionAttributeValueSchema: GenMessage<RegisteredResourceValue_ActionAttributeValue> = /*@__PURE__*/
+  messageDesc(file_policy_objects, 22, 0);
+
+/**
+ * @generated from message policy.PolicyEnforcementPoint
+ */
+export type PolicyEnforcementPoint = Message<"policy.PolicyEnforcementPoint"> & {
+  /**
+   * @generated from field: string client_id = 1;
+   */
+  clientId: string;
+};
+
+/**
+ * Describes the message policy.PolicyEnforcementPoint.
+ * Use `create(PolicyEnforcementPointSchema)` to create a new message.
+ */
+export const PolicyEnforcementPointSchema: GenMessage<PolicyEnforcementPoint> = /*@__PURE__*/
+  messageDesc(file_policy_objects, 23);
+
+/**
+ * Holds the context needed for obligation fulfillment
+ *
+ * @generated from message policy.RequestContext
+ */
+export type RequestContext = Message<"policy.RequestContext"> & {
+  /**
+   * @generated from field: policy.PolicyEnforcementPoint pep = 1;
+   */
+  pep?: PolicyEnforcementPoint;
+};
+
+/**
+ * Describes the message policy.RequestContext.
+ * Use `create(RequestContextSchema)` to create a new message.
+ */
+export const RequestContextSchema: GenMessage<RequestContext> = /*@__PURE__*/
+  messageDesc(file_policy_objects, 24);
+
+/**
+ * @generated from message policy.Obligation
+ */
+export type Obligation = Message<"policy.Obligation"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * @generated from field: policy.Namespace namespace = 2;
+   */
+  namespace?: Namespace;
+
+  /**
+   * @generated from field: string name = 3;
+   */
+  name: string;
+
+  /**
+   * @generated from field: repeated policy.ObligationValue values = 4;
+   */
+  values: ObligationValue[];
+
+  /**
+   * @generated from field: string fqn = 5;
+   */
+  fqn: string;
+
+  /**
+   * @generated from field: common.Metadata metadata = 100;
+   */
+  metadata?: Metadata;
+};
+
+/**
+ * Describes the message policy.Obligation.
+ * Use `create(ObligationSchema)` to create a new message.
+ */
+export const ObligationSchema: GenMessage<Obligation> = /*@__PURE__*/
+  messageDesc(file_policy_objects, 25);
+
+/**
+ * @generated from message policy.ObligationValue
+ */
+export type ObligationValue = Message<"policy.ObligationValue"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * @generated from field: policy.Obligation obligation = 2;
+   */
+  obligation?: Obligation;
+
+  /**
+   * @generated from field: string value = 3;
+   */
+  value: string;
+
+  /**
+   * @generated from field: repeated policy.ObligationTrigger triggers = 4;
+   */
+  triggers: ObligationTrigger[];
+
+  /**
+   * @generated from field: string fqn = 5;
+   */
+  fqn: string;
+
+  /**
+   * @generated from field: common.Metadata metadata = 100;
+   */
+  metadata?: Metadata;
+};
+
+/**
+ * Describes the message policy.ObligationValue.
+ * Use `create(ObligationValueSchema)` to create a new message.
+ */
+export const ObligationValueSchema: GenMessage<ObligationValue> = /*@__PURE__*/
+  messageDesc(file_policy_objects, 26);
+
+/**
+ * @generated from message policy.ObligationTrigger
+ */
+export type ObligationTrigger = Message<"policy.ObligationTrigger"> & {
+  /**
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * @generated from field: policy.ObligationValue obligation_value = 2;
+   */
+  obligationValue?: ObligationValue;
+
+  /**
+   * @generated from field: policy.Action action = 3;
+   */
+  action?: Action;
+
+  /**
+   * @generated from field: policy.Value attribute_value = 4;
+   */
+  attributeValue?: Value;
+
+  /**
+   * @generated from field: repeated policy.RequestContext context = 5;
+   */
+  context: RequestContext[];
+
+  /**
+   * @generated from field: common.Metadata metadata = 100;
+   */
+  metadata?: Metadata;
+};
+
+/**
+ * Describes the message policy.ObligationTrigger.
+ * Use `create(ObligationTriggerSchema)` to create a new message.
+ */
+export const ObligationTriggerSchema: GenMessage<ObligationTrigger> = /*@__PURE__*/
+  messageDesc(file_policy_objects, 27);
 
 /**
  * @generated from message policy.KasKey
@@ -908,6 +1223,11 @@ export type KasKey = Message<"policy.KasKey"> & {
    * @generated from field: policy.AsymmetricKey key = 2;
    */
   key?: AsymmetricKey;
+
+  /**
+   * @generated from field: string kas_uri = 3;
+   */
+  kasUri: string;
 };
 
 /**
@@ -915,33 +1235,94 @@ export type KasKey = Message<"policy.KasKey"> & {
  * Use `create(KasKeySchema)` to create a new message.
  */
 export const KasKeySchema: GenMessage<KasKey> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 20);
+  messageDesc(file_policy_objects, 28);
+
+/**
+ * @generated from message policy.PublicKeyCtx
+ */
+export type PublicKeyCtx = Message<"policy.PublicKeyCtx"> & {
+  /**
+   * Required
+   *
+   * Base64 encoded public key in PEM format
+   *
+   * @generated from field: string pem = 1;
+   */
+  pem: string;
+};
+
+/**
+ * Describes the message policy.PublicKeyCtx.
+ * Use `create(PublicKeyCtxSchema)` to create a new message.
+ */
+export const PublicKeyCtxSchema: GenMessage<PublicKeyCtx> = /*@__PURE__*/
+  messageDesc(file_policy_objects, 29);
+
+/**
+ * @generated from message policy.PrivateKeyCtx
+ */
+export type PrivateKeyCtx = Message<"policy.PrivateKeyCtx"> & {
+  /**
+   * Required
+   *
+   * Key ID for the symmetric key wrapping this key.
+   *
+   * @generated from field: string key_id = 1;
+   */
+  keyId: string;
+
+  /**
+   * Optional
+   *
+   * Base64 encoded wrapped key. Conditionally required if key_mode is LOCAL. Should not be present if key_mode is REMOTE.
+   *
+   * @generated from field: string wrapped_key = 2;
+   */
+  wrappedKey: string;
+};
+
+/**
+ * Describes the message policy.PrivateKeyCtx.
+ * Use `create(PrivateKeyCtxSchema)` to create a new message.
+ */
+export const PrivateKeyCtxSchema: GenMessage<PrivateKeyCtx> = /*@__PURE__*/
+  messageDesc(file_policy_objects, 30);
 
 /**
  * @generated from message policy.AsymmetricKey
  */
 export type AsymmetricKey = Message<"policy.AsymmetricKey"> & {
   /**
+   * Required
+   *
    * @generated from field: string id = 1;
    */
   id: string;
 
   /**
+   * Required
+   *
    * @generated from field: string key_id = 2;
    */
   keyId: string;
 
   /**
+   * Required
+   *
    * @generated from field: policy.Algorithm key_algorithm = 3;
    */
   keyAlgorithm: Algorithm;
 
   /**
+   * Required
+   *
    * @generated from field: policy.KeyStatus key_status = 4;
    */
   keyStatus: KeyStatus;
 
   /**
+   * Required
+   *
    * Specifies how the key is managed (local or remote)
    *
    * @generated from field: policy.KeyMode key_mode = 5;
@@ -949,26 +1330,41 @@ export type AsymmetricKey = Message<"policy.AsymmetricKey"> & {
   keyMode: KeyMode;
 
   /**
+   * Required
+   *
    * Specific structure based on key provider implementation
    *
-   * @generated from field: bytes public_key_ctx = 6;
+   * @generated from field: policy.PublicKeyCtx public_key_ctx = 6;
    */
-  publicKeyCtx: Uint8Array;
+  publicKeyCtx?: PublicKeyCtx;
 
   /**
+   * Optional
+   *
    * Specific structure based on key provider implementation
    *
-   * @generated from field: bytes private_key_ctx = 7;
+   * @generated from field: policy.PrivateKeyCtx private_key_ctx = 7;
    */
-  privateKeyCtx: Uint8Array;
+  privateKeyCtx?: PrivateKeyCtx;
 
   /**
+   * Optional
+   *
    * Configuration for the key provider
    *
    * @generated from field: policy.KeyProviderConfig provider_config = 8;
    */
   providerConfig?: KeyProviderConfig;
 
+  /**
+   * Optional
+   *
+   * Indicates a key may be found in TDFs without key identifiers
+   *
+   * @generated from field: bool legacy = 9;
+   */
+  legacy: boolean;
+
   /**
    * Common metadata fields
    *
@@ -982,7 +1378,7 @@ export type AsymmetricKey = Message<"policy.AsymmetricKey"> & {
  * Use `create(AsymmetricKeySchema)` to create a new message.
  */
 export const AsymmetricKeySchema: GenMessage<AsymmetricKey> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 21);
+  messageDesc(file_policy_objects, 31);
 
 /**
  * @generated from message policy.SymmetricKey
@@ -1037,7 +1433,7 @@ export type SymmetricKey = Message<"policy.SymmetricKey"> & {
  * Use `create(SymmetricKeySchema)` to create a new message.
  */
 export const SymmetricKeySchema: GenMessage<SymmetricKey> = /*@__PURE__*/
-  messageDesc(file_policy_objects, 22);
+  messageDesc(file_policy_objects, 32);
 
 /**
  * @generated from enum policy.AttributeRuleTypeEnum
@@ -1269,14 +1665,9 @@ export enum KeyStatus {
   ACTIVE = 1,
 
   /**
-   * @generated from enum value: KEY_STATUS_INACTIVE = 2;
+   * @generated from enum value: KEY_STATUS_ROTATED = 2;
    */
-  INACTIVE = 2,
-
-  /**
-   * @generated from enum value: KEY_STATUS_COMPROMISED = 3;
-   */
-  COMPROMISED = 3,
+  ROTATED = 2,
 }
 
 /**
@@ -1286,29 +1677,53 @@ export const KeyStatusSchema: GenEnum<KeyStatus> = /*@__PURE__*/
   enumDesc(file_policy_objects, 6);
 
 /**
- * Describe how the kas private key is managed.
- * If the key mode is LOCAL, then the kas private key is stored in the database.
- * This could be encrypted or unencrypted.
- * Remote means that the kas private key is stored in a remote key system like KMS or HSM
- * and all operations are done by the remote key system.
+ * Describes the management and operational mode of a cryptographic key.
  *
  * @generated from enum policy.KeyMode
  */
 export enum KeyMode {
   /**
+   * KEY_MODE_UNSPECIFIED: Default, unspecified key mode. Indicates an uninitialized or error state.
+   *
    * @generated from enum value: KEY_MODE_UNSPECIFIED = 0;
    */
   UNSPECIFIED = 0,
 
   /**
-   * @generated from enum value: KEY_MODE_LOCAL = 1;
+   * KEY_MODE_CONFIG_ROOT_KEY: Local key management where the private key is wrapped by a Key Encryption Key (KEK)
+   * sourced from local configuration. Unwrapping and all cryptographic operations are performed locally.
+   *
+   * @generated from enum value: KEY_MODE_CONFIG_ROOT_KEY = 1;
+   */
+  CONFIG_ROOT_KEY = 1,
+
+  /**
+   * KEY_MODE_PROVIDER_ROOT_KEY: Local key management where the private key is wrapped by a Key Encryption Key (KEK)
+   * managed by an external provider (e.g., a Hardware Security Module or Cloud KMS).
+   * Key unwrapping is delegated to the external provider; subsequent cryptographic operations
+   * are performed locally using the unwrapped key.
+   *
+   * @generated from enum value: KEY_MODE_PROVIDER_ROOT_KEY = 2;
    */
-  LOCAL = 1,
+  PROVIDER_ROOT_KEY = 2,
 
   /**
-   * @generated from enum value: KEY_MODE_REMOTE = 2;
+   * KEY_MODE_REMOTE: Remote key management where the private key is stored in, and all cryptographic
+   * operations are performed by, a remote Key Management Service (KMS) or HSM.
+   * The private key material never leaves the secure boundary of the remote system.
+   *
+   * @generated from enum value: KEY_MODE_REMOTE = 3;
+   */
+  REMOTE = 3,
+
+  /**
+   * KEY_MODE_PUBLIC_KEY_ONLY: Public key only mode. Used when only a public key is available or required,
+   * typically for wrapping operations (e.g., encrypting a Data Encryption Key (DEK) for an external KAS).
+   * The corresponding private key is not managed or accessible by this system.
+   *
+   * @generated from enum value: KEY_MODE_PUBLIC_KEY_ONLY = 4;
    */
-  REMOTE = 2,
+  PUBLIC_KEY_ONLY = 4,
 }
 
 /**