npm - @robelest/convex-auth - Versions diffs - 0.0.4-preview.25 → 0.0.4-preview.28 - Mend

@robelest/convex-auth 0.0.4-preview.25 → 0.0.4-preview.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (666) hide show

package/README.md +43 -36
package/dist/bin.js +5765 -4880
package/dist/browser/index.d.ts +30 -0
package/dist/browser/index.js +93 -0
package/dist/browser/locks.js +11 -0
package/dist/browser/navigation.js +14 -0
package/dist/{factors → browser}/passkey.js +23 -32
package/dist/browser/runtime.js +92 -0
package/dist/client/core/types.d.ts +452 -5
package/dist/client/core/types.js +17 -0
package/dist/client/errors.js +19 -0
package/dist/client/factors/device.js +94 -0
package/dist/{factors → client/factors}/totp.js +12 -4
package/dist/client/index.d.ts +47 -1
package/dist/client/index.js +269 -232
package/dist/client/runtime/mutex.js +24 -0
package/dist/client/runtime/proxy.js +30 -0
package/dist/client/runtime/storage.js +45 -0
package/dist/client/services/adapters.js +7 -0
package/dist/client/services/http.js +6 -0
package/dist/client/services/resolve.js +13 -0
package/dist/client/services/runtime.js +6 -0
package/dist/component/_generated/component.d.ts +1355 -1399
package/dist/component/convex.config.d.ts +2 -2
package/dist/component/index.d.ts +4 -26
package/dist/component/index.js +1 -1
package/dist/component/model.d.ts +26 -112
package/dist/component/model.js +76 -54
package/dist/component/modules.js +38 -0
package/dist/component/public/factors/devices.js +1 -1
package/dist/component/public/factors/passkeys.js +1 -1
package/dist/component/public/factors/totp.js +1 -1
package/dist/component/public/groups/core.js +2 -2
package/dist/component/public/groups/invites.js +1 -1
package/dist/component/public/groups/members.js +1 -1
package/dist/component/public/identity/accounts.js +1 -1
package/dist/component/public/identity/codes.js +1 -1
package/dist/component/public/identity/sessions.js +39 -2
package/dist/component/public/identity/tokens.js +82 -4
package/dist/component/public/identity/users.js +1 -1
package/dist/component/public/identity/verifiers.js +10 -4
package/dist/component/public/security/keys.js +1 -1
package/dist/component/public/security/limits.js +1 -1
package/dist/component/public/{enterprise → sso}/audit.js +26 -26
package/dist/component/public/sso/core.js +263 -0
package/dist/component/public/sso/domains.js +280 -0
package/dist/component/public/{enterprise → sso}/scim.js +87 -87
package/dist/component/public/sso/secrets.js +125 -0
package/dist/component/public/{enterprise → sso}/webhooks.js +59 -59
package/dist/component/public.js +9 -9
package/dist/component/schema.d.ts +472 -393
package/dist/component/schema.js +36 -35
package/dist/core/index.d.ts +380 -0
package/dist/core/index.js +83 -0
package/dist/otel.d.ts +69 -0
package/dist/otel.js +82 -0
package/dist/providers/anonymous.d.ts +15 -34
package/dist/providers/anonymous.js +27 -35
package/dist/providers/apple.d.ts +59 -0
package/dist/providers/apple.js +58 -0
package/dist/providers/credentials.d.ts +18 -34
package/dist/providers/credentials.js +16 -27
package/dist/providers/custom.d.ts +94 -0
package/dist/providers/custom.js +119 -0
package/dist/providers/device.d.ts +15 -49
package/dist/providers/device.js +17 -34
package/dist/providers/email.d.ts +21 -38
package/dist/providers/email.js +36 -55
package/dist/providers/github.d.ts +54 -0
package/dist/providers/github.js +75 -0
package/dist/providers/google.d.ts +54 -0
package/dist/providers/google.js +61 -0
package/dist/providers/index.d.ts +16 -12
package/dist/providers/index.js +15 -11
package/dist/providers/microsoft.d.ts +57 -0
package/dist/providers/microsoft.js +101 -0
package/dist/providers/passkey.d.ts +19 -35
package/dist/providers/passkey.js +20 -30
package/dist/providers/password.d.ts +17 -18
package/dist/providers/password.js +121 -143
package/dist/providers/phone.d.ts +13 -28
package/dist/providers/phone.js +21 -46
package/dist/providers/sso.d.ts +16 -36
package/dist/providers/sso.js +21 -22
package/dist/providers/totp.d.ts +13 -29
package/dist/providers/totp.js +17 -27
package/dist/server/auth-context.d.ts +204 -0
package/dist/server/auth-context.js +76 -0
package/dist/server/auth.d.ts +99 -244
package/dist/server/auth.js +56 -152
package/dist/server/componentContext.d.ts +12 -0
package/dist/server/componentContext.js +1 -0
package/dist/server/config.js +6 -67
package/dist/server/constants.js +6 -0
package/dist/server/contract.d.ts +105 -0
package/dist/server/contract.js +43 -0
package/dist/server/cookies.js +3 -2
package/dist/server/core.js +31 -36
package/dist/server/crypto.js +34 -44
package/dist/server/db.js +6 -1
package/dist/server/device.js +96 -130
package/dist/server/env.js +48 -0
package/dist/server/errors.js +20 -0
package/dist/server/http.d.ts +15 -59
package/dist/server/http.js +136 -120
package/dist/server/identity.js +2 -2
package/dist/server/index.d.ts +5 -4
package/dist/server/index.js +3 -3
package/dist/server/keys.js +10 -1
package/dist/server/limits.js +26 -26
package/dist/server/log.js +28 -0
package/dist/server/mounts.d.ts +1107 -296
package/dist/server/mounts.js +315 -196
package/dist/server/mutations/account.js +11 -14
package/dist/server/mutations/code.js +6 -5
package/dist/server/mutations/invalidate.js +9 -11
package/dist/server/mutations/oauth.js +112 -73
package/dist/server/mutations/refresh.js +47 -97
package/dist/server/mutations/register.js +37 -35
package/dist/server/mutations/retrieve.js +16 -16
package/dist/server/mutations/signature.js +15 -18
package/dist/server/mutations/signin.js +10 -5
package/dist/server/mutations/signout.js +11 -14
package/dist/server/mutations/store.js +25 -18
package/dist/server/mutations/verifier.js +11 -8
package/dist/server/mutations/verify.js +53 -41
package/dist/server/oauth/factory.js +44 -0
package/dist/server/oauth/index.js +12 -0
package/dist/server/oauth/runtime.js +248 -0
package/dist/server/passkey.js +331 -365
package/dist/server/payloads.d.ts +16 -0
package/dist/server/payloads.js +30 -0
package/dist/server/{ssr.d.ts → prefetch.d.ts} +2 -2
package/dist/server/prefetch.js +635 -0
package/dist/server/random.js +19 -0
package/dist/server/redirects.js +10 -5
package/dist/server/refresh.js +14 -86
package/dist/server/runtime.d.ts +531 -31
package/dist/server/runtime.js +106 -267
package/dist/server/secret.js +44 -0
package/dist/server/services/config.js +10 -0
package/dist/server/services/group.js +211 -0
package/dist/server/services/logger.js +8 -0
package/dist/server/services/providers.js +22 -0
package/dist/server/services/refresh.js +8 -0
package/dist/server/services/resolve.js +27 -0
package/dist/server/services/signin.js +8 -0
package/dist/server/sessions.js +35 -34
package/dist/server/signin.js +229 -140
package/dist/server/{enterprise → sso}/config.js +10 -3
package/dist/server/sso/domain.d.ts +614 -0
package/dist/server/sso/domain.js +1175 -0
package/dist/server/sso/http.js +1060 -0
package/dist/server/sso/oidc.js +324 -0
package/dist/server/sso/policies.js +59 -0
package/dist/server/sso/policy.js +139 -0
package/dist/server/sso/profile.js +22 -0
package/dist/server/sso/provision.js +179 -0
package/dist/{component/server/enterprise → server/sso}/saml.js +142 -56
package/dist/{component/server/enterprise → server/sso}/scim.js +13 -7
package/dist/server/sso/shared.js +74 -0
package/dist/server/sso/validators.js +88 -0
package/dist/server/sso/webhook.js +94 -0
package/dist/server/tokens.js +16 -4
package/dist/server/totp.js +155 -164
package/dist/server/types.d.ts +306 -296
package/dist/server/types.js +1 -30
package/dist/server/url.js +32 -0
package/dist/server/users.js +74 -40
package/dist/server/utils/cache.js +51 -0
package/dist/server/utils/dispatch.js +36 -0
package/dist/server/utils/retry.js +24 -0
package/dist/server/utils/span.js +32 -0
package/dist/shared/errors.js +19 -0
package/dist/shared/log.js +45 -0
package/{src/test.ts → dist/test.d.ts} +21 -22
package/dist/test.js +51 -0
package/package.json +70 -42
package/dist/authorization/index.d.ts.map +0 -1
package/dist/authorization/index.js.map +0 -1
package/dist/client/core/types.d.ts.map +0 -1
package/dist/client/index.d.ts.map +0 -1
package/dist/client/index.js.map +0 -1
package/dist/component/_generated/api.d.ts +0 -75
package/dist/component/_generated/api.d.ts.map +0 -1
package/dist/component/_generated/api.js.map +0 -1
package/dist/component/_generated/component.d.ts.map +0 -1
package/dist/component/_generated/dataModel.d.ts +0 -42
package/dist/component/_generated/dataModel.d.ts.map +0 -1
package/dist/component/_generated/server.d.ts +0 -117
package/dist/component/_generated/server.d.ts.map +0 -1
package/dist/component/_generated/server.js.map +0 -1
package/dist/component/_virtual/rolldown_runtime.js +0 -18
package/dist/component/client/core/types.d.ts +0 -2
package/dist/component/client/index.d.ts +0 -1
package/dist/component/convex.config.d.ts.map +0 -1
package/dist/component/convex.config.js.map +0 -1
package/dist/component/functions.d.ts +0 -25
package/dist/component/functions.d.ts.map +0 -1
package/dist/component/functions.js.map +0 -1
package/dist/component/index.d.ts.map +0 -1
package/dist/component/model.d.ts.map +0 -1
package/dist/component/model.js.map +0 -1
package/dist/component/providers/anonymous.d.ts +0 -54
package/dist/component/providers/anonymous.d.ts.map +0 -1
package/dist/component/providers/credentials.d.ts +0 -38
package/dist/component/providers/credentials.d.ts.map +0 -1
package/dist/component/providers/device.d.ts +0 -67
package/dist/component/providers/device.d.ts.map +0 -1
package/dist/component/providers/email.d.ts +0 -62
package/dist/component/providers/email.d.ts.map +0 -1
package/dist/component/providers/oauth.d.ts +0 -25
package/dist/component/providers/oauth.d.ts.map +0 -1
package/dist/component/providers/oauth.js +0 -13
package/dist/component/providers/oauth.js.map +0 -1
package/dist/component/providers/passkey.d.ts +0 -57
package/dist/component/providers/passkey.d.ts.map +0 -1
package/dist/component/providers/password.d.ts +0 -88
package/dist/component/providers/password.d.ts.map +0 -1
package/dist/component/providers/phone.d.ts +0 -48
package/dist/component/providers/phone.d.ts.map +0 -1
package/dist/component/providers/sso.d.ts +0 -50
package/dist/component/providers/sso.d.ts.map +0 -1
package/dist/component/providers/totp.d.ts +0 -45
package/dist/component/providers/totp.d.ts.map +0 -1
package/dist/component/public/enterprise/audit.d.ts +0 -73
package/dist/component/public/enterprise/audit.d.ts.map +0 -1
package/dist/component/public/enterprise/audit.js.map +0 -1
package/dist/component/public/enterprise/core.d.ts +0 -176
package/dist/component/public/enterprise/core.d.ts.map +0 -1
package/dist/component/public/enterprise/core.js +0 -292
package/dist/component/public/enterprise/core.js.map +0 -1
package/dist/component/public/enterprise/domains.d.ts +0 -174
package/dist/component/public/enterprise/domains.d.ts.map +0 -1
package/dist/component/public/enterprise/domains.js +0 -271
package/dist/component/public/enterprise/domains.js.map +0 -1
package/dist/component/public/enterprise/scim.d.ts +0 -245
package/dist/component/public/enterprise/scim.d.ts.map +0 -1
package/dist/component/public/enterprise/scim.js.map +0 -1
package/dist/component/public/enterprise/secrets.d.ts +0 -78
package/dist/component/public/enterprise/secrets.d.ts.map +0 -1
package/dist/component/public/enterprise/secrets.js +0 -118
package/dist/component/public/enterprise/secrets.js.map +0 -1
package/dist/component/public/enterprise/webhooks.d.ts +0 -211
package/dist/component/public/enterprise/webhooks.d.ts.map +0 -1
package/dist/component/public/enterprise/webhooks.js.map +0 -1
package/dist/component/public/factors/devices.d.ts +0 -157
package/dist/component/public/factors/devices.d.ts.map +0 -1
package/dist/component/public/factors/devices.js.map +0 -1
package/dist/component/public/factors/passkeys.d.ts +0 -175
package/dist/component/public/factors/passkeys.d.ts.map +0 -1
package/dist/component/public/factors/passkeys.js.map +0 -1
package/dist/component/public/factors/totp.d.ts +0 -189
package/dist/component/public/factors/totp.d.ts.map +0 -1
package/dist/component/public/factors/totp.js.map +0 -1
package/dist/component/public/groups/core.d.ts +0 -137
package/dist/component/public/groups/core.d.ts.map +0 -1
package/dist/component/public/groups/core.js.map +0 -1
package/dist/component/public/groups/invites.d.ts +0 -217
package/dist/component/public/groups/invites.d.ts.map +0 -1
package/dist/component/public/groups/invites.js.map +0 -1
package/dist/component/public/groups/members.d.ts +0 -204
package/dist/component/public/groups/members.d.ts.map +0 -1
package/dist/component/public/groups/members.js.map +0 -1
package/dist/component/public/identity/accounts.d.ts +0 -147
package/dist/component/public/identity/accounts.d.ts.map +0 -1
package/dist/component/public/identity/accounts.js.map +0 -1
package/dist/component/public/identity/codes.d.ts +0 -104
package/dist/component/public/identity/codes.d.ts.map +0 -1
package/dist/component/public/identity/codes.js.map +0 -1
package/dist/component/public/identity/sessions.d.ts +0 -128
package/dist/component/public/identity/sessions.d.ts.map +0 -1
package/dist/component/public/identity/sessions.js.map +0 -1
package/dist/component/public/identity/tokens.d.ts +0 -169
package/dist/component/public/identity/tokens.d.ts.map +0 -1
package/dist/component/public/identity/tokens.js.map +0 -1
package/dist/component/public/identity/users.d.ts +0 -212
package/dist/component/public/identity/users.d.ts.map +0 -1
package/dist/component/public/identity/users.js.map +0 -1
package/dist/component/public/identity/verifiers.d.ts +0 -116
package/dist/component/public/identity/verifiers.d.ts.map +0 -1
package/dist/component/public/identity/verifiers.js.map +0 -1
package/dist/component/public/security/keys.d.ts +0 -209
package/dist/component/public/security/keys.d.ts.map +0 -1
package/dist/component/public/security/keys.js.map +0 -1
package/dist/component/public/security/limits.d.ts +0 -114
package/dist/component/public/security/limits.d.ts.map +0 -1
package/dist/component/public/security/limits.js.map +0 -1
package/dist/component/public.d.ts +0 -28
package/dist/component/public.d.ts.map +0 -1
package/dist/component/schema.d.ts.map +0 -1
package/dist/component/schema.js.map +0 -1
package/dist/component/server/auth.d.ts +0 -447
package/dist/component/server/auth.d.ts.map +0 -1
package/dist/component/server/auth.js +0 -254
package/dist/component/server/auth.js.map +0 -1
package/dist/component/server/config.js +0 -121
package/dist/component/server/config.js.map +0 -1
package/dist/component/server/context.js +0 -53
package/dist/component/server/context.js.map +0 -1
package/dist/component/server/cookies.js +0 -47
package/dist/component/server/cookies.js.map +0 -1
package/dist/component/server/core.js +0 -576
package/dist/component/server/core.js.map +0 -1
package/dist/component/server/crypto.js +0 -56
package/dist/component/server/crypto.js.map +0 -1
package/dist/component/server/db.js +0 -87
package/dist/component/server/db.js.map +0 -1
package/dist/component/server/device.js +0 -152
package/dist/component/server/device.js.map +0 -1
package/dist/component/server/enterprise/config.js +0 -46
package/dist/component/server/enterprise/config.js.map +0 -1
package/dist/component/server/enterprise/domain.js +0 -974
package/dist/component/server/enterprise/domain.js.map +0 -1
package/dist/component/server/enterprise/http.js +0 -787
package/dist/component/server/enterprise/http.js.map +0 -1
package/dist/component/server/enterprise/oidc.js +0 -248
package/dist/component/server/enterprise/oidc.js.map +0 -1
package/dist/component/server/enterprise/policy.js +0 -85
package/dist/component/server/enterprise/policy.js.map +0 -1
package/dist/component/server/enterprise/saml.js.map +0 -1
package/dist/component/server/enterprise/scim.js.map +0 -1
package/dist/component/server/enterprise/shared.js +0 -51
package/dist/component/server/enterprise/shared.js.map +0 -1
package/dist/component/server/http.d.ts +0 -85
package/dist/component/server/http.d.ts.map +0 -1
package/dist/component/server/http.js +0 -351
package/dist/component/server/http.js.map +0 -1
package/dist/component/server/identity.js +0 -16
package/dist/component/server/identity.js.map +0 -1
package/dist/component/server/keys.js +0 -96
package/dist/component/server/keys.js.map +0 -1
package/dist/component/server/limits.js +0 -52
package/dist/component/server/limits.js.map +0 -1
package/dist/component/server/mutations/account.js +0 -46
package/dist/component/server/mutations/account.js.map +0 -1
package/dist/component/server/mutations/code.js +0 -68
package/dist/component/server/mutations/code.js.map +0 -1
package/dist/component/server/mutations/invalidate.js +0 -32
package/dist/component/server/mutations/invalidate.js.map +0 -1
package/dist/component/server/mutations/oauth.js +0 -116
package/dist/component/server/mutations/oauth.js.map +0 -1
package/dist/component/server/mutations/refresh.js +0 -119
package/dist/component/server/mutations/refresh.js.map +0 -1
package/dist/component/server/mutations/register.js +0 -87
package/dist/component/server/mutations/register.js.map +0 -1
package/dist/component/server/mutations/retrieve.js +0 -61
package/dist/component/server/mutations/retrieve.js.map +0 -1
package/dist/component/server/mutations/signature.js +0 -38
package/dist/component/server/mutations/signature.js.map +0 -1
package/dist/component/server/mutations/signin.js +0 -27
package/dist/component/server/mutations/signin.js.map +0 -1
package/dist/component/server/mutations/signout.js +0 -27
package/dist/component/server/mutations/signout.js.map +0 -1
package/dist/component/server/mutations/store/refs.js +0 -15
package/dist/component/server/mutations/store/refs.js.map +0 -1
package/dist/component/server/mutations/store.js +0 -70
package/dist/component/server/mutations/store.js.map +0 -1
package/dist/component/server/mutations/verifier.js +0 -18
package/dist/component/server/mutations/verifier.js.map +0 -1
package/dist/component/server/mutations/verify.js +0 -98
package/dist/component/server/mutations/verify.js.map +0 -1
package/dist/component/server/oauth.js +0 -242
package/dist/component/server/oauth.js.map +0 -1
package/dist/component/server/passkey.js +0 -415
package/dist/component/server/passkey.js.map +0 -1
package/dist/component/server/redirects.js +0 -40
package/dist/component/server/redirects.js.map +0 -1
package/dist/component/server/refresh.js +0 -99
package/dist/component/server/refresh.js.map +0 -1
package/dist/component/server/runtime.d.ts +0 -136
package/dist/component/server/runtime.d.ts.map +0 -1
package/dist/component/server/runtime.js +0 -456
package/dist/component/server/runtime.js.map +0 -1
package/dist/component/server/sessions.js +0 -71
package/dist/component/server/sessions.js.map +0 -1
package/dist/component/server/signin.js +0 -225
package/dist/component/server/signin.js.map +0 -1
package/dist/component/server/tokens.js +0 -17
package/dist/component/server/tokens.js.map +0 -1
package/dist/component/server/totp.js +0 -208
package/dist/component/server/totp.js.map +0 -1
package/dist/component/server/types.d.ts +0 -949
package/dist/component/server/types.d.ts.map +0 -1
package/dist/component/server/types.js +0 -79
package/dist/component/server/types.js.map +0 -1
package/dist/component/server/users.js +0 -123
package/dist/component/server/users.js.map +0 -1
package/dist/component/server/utils.js +0 -140
package/dist/component/server/utils.js.map +0 -1
package/dist/core/types.d.ts +0 -361
package/dist/core/types.d.ts.map +0 -1
package/dist/factors/device.js +0 -104
package/dist/factors/device.js.map +0 -1
package/dist/factors/passkey.js.map +0 -1
package/dist/factors/totp.js.map +0 -1
package/dist/providers/anonymous.d.ts.map +0 -1
package/dist/providers/anonymous.js.map +0 -1
package/dist/providers/credentials.d.ts.map +0 -1
package/dist/providers/credentials.js.map +0 -1
package/dist/providers/device.d.ts.map +0 -1
package/dist/providers/device.js.map +0 -1
package/dist/providers/email.d.ts.map +0 -1
package/dist/providers/email.js.map +0 -1
package/dist/providers/oauth.d.ts +0 -69
package/dist/providers/oauth.d.ts.map +0 -1
package/dist/providers/oauth.js +0 -43
package/dist/providers/oauth.js.map +0 -1
package/dist/providers/passkey.d.ts.map +0 -1
package/dist/providers/passkey.js.map +0 -1
package/dist/providers/password.d.ts.map +0 -1
package/dist/providers/password.js.map +0 -1
package/dist/providers/phone.d.ts.map +0 -1
package/dist/providers/phone.js.map +0 -1
package/dist/providers/sso.d.ts.map +0 -1
package/dist/providers/sso.js.map +0 -1
package/dist/providers/totp.d.ts.map +0 -1
package/dist/providers/totp.js.map +0 -1
package/dist/runtime/browser.js +0 -68
package/dist/runtime/browser.js.map +0 -1
package/dist/runtime/invite.js.map +0 -1
package/dist/runtime/proxy.js +0 -70
package/dist/runtime/proxy.js.map +0 -1
package/dist/runtime/storage.js +0 -37
package/dist/runtime/storage.js.map +0 -1
package/dist/server/auth.d.ts.map +0 -1
package/dist/server/auth.js.map +0 -1
package/dist/server/config.d.ts +0 -1
package/dist/server/config.js.map +0 -1
package/dist/server/context.d.ts +0 -1
package/dist/server/context.js.map +0 -1
package/dist/server/cookies.d.ts +0 -1
package/dist/server/cookies.js.map +0 -1
package/dist/server/core.d.ts +0 -1315
package/dist/server/core.d.ts.map +0 -1
package/dist/server/core.js.map +0 -1
package/dist/server/crypto.d.ts +0 -8
package/dist/server/crypto.d.ts.map +0 -1
package/dist/server/crypto.js.map +0 -1
package/dist/server/db.d.ts +0 -1
package/dist/server/db.js.map +0 -1
package/dist/server/device.d.ts +0 -1
package/dist/server/device.js.map +0 -1
package/dist/server/enterprise/config.d.ts +0 -1
package/dist/server/enterprise/config.js.map +0 -1
package/dist/server/enterprise/domain.d.ts +0 -401
package/dist/server/enterprise/domain.d.ts.map +0 -1
package/dist/server/enterprise/domain.js +0 -974
package/dist/server/enterprise/domain.js.map +0 -1
package/dist/server/enterprise/http.d.ts +0 -26
package/dist/server/enterprise/http.d.ts.map +0 -1
package/dist/server/enterprise/http.js +0 -787
package/dist/server/enterprise/http.js.map +0 -1
package/dist/server/enterprise/oidc.d.ts +0 -1
package/dist/server/enterprise/oidc.js +0 -248
package/dist/server/enterprise/oidc.js.map +0 -1
package/dist/server/enterprise/policy.d.ts +0 -1
package/dist/server/enterprise/policy.js +0 -85
package/dist/server/enterprise/policy.js.map +0 -1
package/dist/server/enterprise/saml.d.ts +0 -1
package/dist/server/enterprise/saml.js +0 -338
package/dist/server/enterprise/saml.js.map +0 -1
package/dist/server/enterprise/scim.d.ts +0 -1
package/dist/server/enterprise/scim.js +0 -97
package/dist/server/enterprise/scim.js.map +0 -1
package/dist/server/enterprise/shared.d.ts +0 -5
package/dist/server/enterprise/shared.d.ts.map +0 -1
package/dist/server/enterprise/shared.js +0 -51
package/dist/server/enterprise/shared.js.map +0 -1
package/dist/server/enterprise/validators.d.ts +0 -1
package/dist/server/enterprise/validators.js +0 -60
package/dist/server/enterprise/validators.js.map +0 -1
package/dist/server/http.d.ts.map +0 -1
package/dist/server/http.js.map +0 -1
package/dist/server/identity.d.ts +0 -1
package/dist/server/identity.js.map +0 -1
package/dist/server/keys.d.ts +0 -1
package/dist/server/keys.js.map +0 -1
package/dist/server/limits.d.ts +0 -1
package/dist/server/limits.js.map +0 -1
package/dist/server/mounts.d.ts.map +0 -1
package/dist/server/mounts.js.map +0 -1
package/dist/server/mutations/account.d.ts +0 -29
package/dist/server/mutations/account.d.ts.map +0 -1
package/dist/server/mutations/account.js.map +0 -1
package/dist/server/mutations/code.d.ts +0 -30
package/dist/server/mutations/code.d.ts.map +0 -1
package/dist/server/mutations/code.js.map +0 -1
package/dist/server/mutations/index.d.ts +0 -14
package/dist/server/mutations/invalidate.d.ts +0 -20
package/dist/server/mutations/invalidate.d.ts.map +0 -1
package/dist/server/mutations/invalidate.js.map +0 -1
package/dist/server/mutations/oauth.d.ts +0 -30
package/dist/server/mutations/oauth.d.ts.map +0 -1
package/dist/server/mutations/oauth.js.map +0 -1
package/dist/server/mutations/refresh.d.ts +0 -21
package/dist/server/mutations/refresh.d.ts.map +0 -1
package/dist/server/mutations/refresh.js.map +0 -1
package/dist/server/mutations/register.d.ts +0 -38
package/dist/server/mutations/register.d.ts.map +0 -1
package/dist/server/mutations/register.js.map +0 -1
package/dist/server/mutations/retrieve.d.ts +0 -33
package/dist/server/mutations/retrieve.d.ts.map +0 -1
package/dist/server/mutations/retrieve.js.map +0 -1
package/dist/server/mutations/signature.d.ts +0 -21
package/dist/server/mutations/signature.d.ts.map +0 -1
package/dist/server/mutations/signature.js.map +0 -1
package/dist/server/mutations/signin.d.ts +0 -22
package/dist/server/mutations/signin.d.ts.map +0 -1
package/dist/server/mutations/signin.js.map +0 -1
package/dist/server/mutations/signout.d.ts +0 -16
package/dist/server/mutations/signout.d.ts.map +0 -1
package/dist/server/mutations/signout.js.map +0 -1
package/dist/server/mutations/store/refs.d.ts +0 -12
package/dist/server/mutations/store/refs.d.ts.map +0 -1
package/dist/server/mutations/store/refs.js.map +0 -1
package/dist/server/mutations/store.d.ts +0 -306
package/dist/server/mutations/store.d.ts.map +0 -1
package/dist/server/mutations/store.js.map +0 -1
package/dist/server/mutations/verifier.d.ts +0 -13
package/dist/server/mutations/verifier.d.ts.map +0 -1
package/dist/server/mutations/verifier.js.map +0 -1
package/dist/server/mutations/verify.d.ts +0 -26
package/dist/server/mutations/verify.d.ts.map +0 -1
package/dist/server/mutations/verify.js.map +0 -1
package/dist/server/oauth.d.ts +0 -1
package/dist/server/oauth.js +0 -242
package/dist/server/oauth.js.map +0 -1
package/dist/server/passkey.d.ts +0 -27
package/dist/server/passkey.d.ts.map +0 -1
package/dist/server/passkey.js.map +0 -1
package/dist/server/redirects.d.ts +0 -1
package/dist/server/redirects.js.map +0 -1
package/dist/server/refresh.d.ts +0 -1
package/dist/server/refresh.js.map +0 -1
package/dist/server/runtime.d.ts.map +0 -1
package/dist/server/runtime.js.map +0 -1
package/dist/server/sessions.d.ts +0 -1
package/dist/server/sessions.js.map +0 -1
package/dist/server/signin.d.ts +0 -1
package/dist/server/signin.js.map +0 -1
package/dist/server/ssr.d.ts.map +0 -1
package/dist/server/ssr.js +0 -777
package/dist/server/ssr.js.map +0 -1
package/dist/server/templates.d.ts +0 -1
package/dist/server/templates.js.map +0 -1
package/dist/server/tokens.d.ts +0 -1
package/dist/server/tokens.js.map +0 -1
package/dist/server/totp.d.ts +0 -1
package/dist/server/totp.js.map +0 -1
package/dist/server/types.d.ts.map +0 -1
package/dist/server/types.js.map +0 -1
package/dist/server/users.d.ts +0 -1
package/dist/server/users.js.map +0 -1
package/dist/server/utils.d.ts +0 -1
package/dist/server/utils.js +0 -140
package/dist/server/utils.js.map +0 -1
package/src/authorization/index.ts +0 -83
package/src/cli/bin.ts +0 -5
package/src/cli/command.ts +0 -70
package/src/cli/index.ts +0 -1112
package/src/cli/keys.ts +0 -23
package/src/client/core/types.ts +0 -437
package/src/client/factors/device.ts +0 -158
package/src/client/factors/passkey.ts +0 -279
package/src/client/factors/totp.ts +0 -150
package/src/client/index.ts +0 -1124
package/src/client/runtime/browser.ts +0 -112
package/src/client/runtime/invite.ts +0 -63
package/src/client/runtime/proxy.ts +0 -111
package/src/client/runtime/storage.ts +0 -79
package/src/component/_generated/api.ts +0 -96
package/src/component/_generated/component.ts +0 -3774
package/src/component/_generated/dataModel.ts +0 -60
package/src/component/_generated/server.ts +0 -156
package/src/component/convex.config.ts +0 -5
package/src/component/functions.ts +0 -104
package/src/component/index.ts +0 -42
package/src/component/model.ts +0 -449
package/src/component/public/enterprise/audit.ts +0 -125
package/src/component/public/enterprise/core.ts +0 -355
package/src/component/public/enterprise/domains.ts +0 -327
package/src/component/public/enterprise/scim.ts +0 -397
package/src/component/public/enterprise/secrets.ts +0 -133
package/src/component/public/enterprise/webhooks.ts +0 -307
package/src/component/public/factors/devices.ts +0 -224
package/src/component/public/factors/passkeys.ts +0 -243
package/src/component/public/factors/totp.ts +0 -259
package/src/component/public/groups/core.ts +0 -481
package/src/component/public/groups/invites.ts +0 -608
package/src/component/public/groups/members.ts +0 -410
package/src/component/public/identity/accounts.ts +0 -207
package/src/component/public/identity/codes.ts +0 -149
package/src/component/public/identity/sessions.ts +0 -210
package/src/component/public/identity/tokens.ts +0 -251
package/src/component/public/identity/users.ts +0 -355
package/src/component/public/identity/verifiers.ts +0 -158
package/src/component/public/security/keys.ts +0 -366
package/src/component/public/security/limits.ts +0 -174
package/src/component/public.ts +0 -27
package/src/component/schema.ts +0 -505
package/src/providers/anonymous.ts +0 -99
package/src/providers/credentials.ts +0 -102
package/src/providers/device.ts +0 -87
package/src/providers/email.ts +0 -99
package/src/providers/index.ts +0 -31
package/src/providers/oauth.ts +0 -117
package/src/providers/passkey.ts +0 -77
package/src/providers/password.ts +0 -441
package/src/providers/phone.ts +0 -93
package/src/providers/sso.ts +0 -54
package/src/providers/totp.ts +0 -62
package/src/samlify.d.ts +0 -53
package/src/server/auth.ts +0 -949
package/src/server/config.ts +0 -200
package/src/server/context.ts +0 -90
package/src/server/cookies.ts +0 -49
package/src/server/core.ts +0 -2004
package/src/server/crypto.ts +0 -90
package/src/server/db.ts +0 -203
package/src/server/device.ts +0 -254
package/src/server/enterprise/config.ts +0 -51
package/src/server/enterprise/domain.ts +0 -1739
package/src/server/enterprise/http.ts +0 -1331
package/src/server/enterprise/oidc.ts +0 -500
package/src/server/enterprise/policy.ts +0 -128
package/src/server/enterprise/saml.ts +0 -578
package/src/server/enterprise/scim.ts +0 -135
package/src/server/enterprise/shared.ts +0 -134
package/src/server/enterprise/validators.ts +0 -93
package/src/server/http.ts +0 -790
package/src/server/identity.ts +0 -18
package/src/server/index.ts +0 -40
package/src/server/keys.ts +0 -158
package/src/server/limits.ts +0 -107
package/src/server/mounts.ts +0 -924
package/src/server/mutations/account.ts +0 -62
package/src/server/mutations/code.ts +0 -119
package/src/server/mutations/index.ts +0 -13
package/src/server/mutations/invalidate.ts +0 -50
package/src/server/mutations/oauth.ts +0 -243
package/src/server/mutations/refresh.ts +0 -299
package/src/server/mutations/register.ts +0 -155
package/src/server/mutations/retrieve.ts +0 -109
package/src/server/mutations/signature.ts +0 -57
package/src/server/mutations/signin.ts +0 -54
package/src/server/mutations/signout.ts +0 -43
package/src/server/mutations/store/refs.ts +0 -10
package/src/server/mutations/store.ts +0 -123
package/src/server/mutations/verifier.ts +0 -34
package/src/server/mutations/verify.ts +0 -200
package/src/server/oauth.ts +0 -418
package/src/server/passkey.ts +0 -838
package/src/server/redirects.ts +0 -59
package/src/server/refresh.ts +0 -218
package/src/server/runtime.ts +0 -918
package/src/server/sessions.ts +0 -132
package/src/server/signin.ts +0 -445
package/src/server/ssr.ts +0 -1747
package/src/server/templates.ts +0 -82
package/src/server/tokens.ts +0 -35
package/src/server/totp.ts +0 -399
package/src/server/types.ts +0 -1942
package/src/server/users.ts +0 -291
package/src/server/utils.ts +0 -220
/package/dist/{runtime → client/runtime}/invite.js +0 -0

package/dist/component/_generated/component.d.ts CHANGED Viewed

@@ -115,1238 +115,142 @@ type ComponentApi<Name extends string | undefined = string | undefined> = {
       deviceId: string;
       lastPolledAt: number;
     }, null, Name>;
-    enterprise: {
-      audit: {
-        enterpriseAuditEventCreate: FunctionReference<"mutation", "internal", {
-          actorId?: string;
-          actorType: "user" | "system" | "scim" | "api_key" | "webhook";
-          enterpriseId: string;
-          eventType: string;
-          groupId: string;
-          ip?: string;
-          metadata?: any;
-          occurredAt: number;
-          requestId?: string;
-          status: "success" | "failure";
-          subjectId?: string;
-          subjectType: string;
+    factors: {
+      devices: {
+        deviceAuthorize: FunctionReference<"mutation", "internal", {
+          deviceId: string;
+          sessionId: string;
+          userId: string;
+        }, null, Name>;
+        deviceDelete: FunctionReference<"mutation", "internal", {
+          deviceId: string;
+        }, null, Name>;
+        deviceGetByCodeHash: FunctionReference<"query", "internal", {
+          deviceCodeHash: string;
+        }, {
+          _creationTime: number;
+          _id: string;
+          deviceCodeHash: string;
+          expiresAt: number;
+          interval: number;
+          lastPolledAt?: number;
+          sessionId?: string;
+          status: "pending" | "authorized" | "denied";
+          userCode: string;
+          userId?: string;
+        } | null, Name>;
+        deviceGetByUserCode: FunctionReference<"query", "internal", {
+          userCode: string;
+        }, {
+          _creationTime: number;
+          _id: string;
+          deviceCodeHash: string;
+          expiresAt: number;
+          interval: number;
+          lastPolledAt?: number;
+          sessionId?: string;
+          status: "pending" | "authorized" | "denied";
+          userCode: string;
+          userId?: string;
+        } | null, Name>;
+        deviceInsert: FunctionReference<"mutation", "internal", {
+          deviceCodeHash: string;
+          expiresAt: number;
+          interval: number;
+          status: "pending" | "authorized" | "denied";
+          userCode: string;
         }, string, Name>;
-        enterpriseAuditEventList: FunctionReference<"query", "internal", {
-          enterpriseId?: string;
-          groupId?: string;
-          limit?: number;
+        deviceUpdateLastPolled: FunctionReference<"mutation", "internal", {
+          deviceId: string;
+          lastPolledAt: number;
+        }, null, Name>;
+      };
+      passkeys: {
+        passkeyDelete: FunctionReference<"mutation", "internal", {
+          passkeyId: string;
+        }, null, Name>;
+        passkeyGetByCredentialId: FunctionReference<"query", "internal", {
+          credentialId: string;
+        }, {
+          _creationTime: number;
+          _id: string;
+          algorithm: number;
+          backedUp: boolean;
+          counter: number;
+          createdAt: number;
+          credentialId: string;
+          deviceType: string;
+          lastUsedAt?: number;
+          name?: string;
+          publicKey: ArrayBuffer;
+          transports?: Array<string>;
+          userId: string;
+        } | null, Name>;
+        passkeyInsert: FunctionReference<"mutation", "internal", {
+          algorithm: number;
+          backedUp: boolean;
+          counter: number;
+          createdAt: number;
+          credentialId: string;
+          deviceType: string;
+          name?: string;
+          publicKey: ArrayBuffer;
+          transports?: Array<string>;
+          userId: string;
+        }, string, Name>;
+        passkeyListByUserId: FunctionReference<"query", "internal", {
+          userId: string;
         }, Array<{
           _creationTime: number;
           _id: string;
-          actorId?: string;
-          actorType: "user" | "system" | "scim" | "api_key" | "webhook";
-          enterpriseId: string;
-          eventType: string;
-          groupId: string;
-          ip?: string;
-          metadata?: any;
-          occurredAt: number;
-          requestId?: string;
-          status: "success" | "failure";
-          subjectId?: string;
-          subjectType: string;
+          algorithm: number;
+          backedUp: boolean;
+          counter: number;
+          createdAt: number;
+          credentialId: string;
+          deviceType: string;
+          lastUsedAt?: number;
+          name?: string;
+          publicKey: ArrayBuffer;
+          transports?: Array<string>;
+          userId: string;
         }>, Name>;
+        passkeyUpdateCounter: FunctionReference<"mutation", "internal", {
+          counter: number;
+          lastUsedAt: number;
+          passkeyId: string;
+        }, null, Name>;
+        passkeyUpdateMeta: FunctionReference<"mutation", "internal", {
+          data: any;
+          passkeyId: string;
+        }, null, Name>;
       };
-      core: {
-        enterpriseCreate: FunctionReference<"mutation", "internal", {
-          config?: any;
-          extend?: any;
-          groupId: string;
-          name?: string;
-          policy?: {
-            extend?: any;
-            identity: {
-              accountLinking: {
-                oidc: "verifiedEmail" | "none";
-                saml: "verifiedEmail" | "none";
-              };
-            };
-            provisioning: {
-              deprovision: {
-                mode: "soft" | "hard";
-              };
-              jit: {
-                defaultRole?: string;
-                defaultRoleIds?: Array<string>;
-                mode: "off" | "createUser" | "createUserAndMembership";
-              };
-              scimReuse: {
-                user: "externalId" | "none";
-              };
-            };
-            version: 1;
-          };
-          slug?: string;
-          status?: "draft" | "active" | "disabled";
-        }, string, Name>;
-        enterpriseDelete: FunctionReference<"mutation", "internal", {
-          enterpriseId: string;
+      totp: {
+        totpDelete: FunctionReference<"mutation", "internal", {
+          totpId: string;
         }, null, Name>;
-        enterpriseGet: FunctionReference<"query", "internal", {
-          enterpriseId: string;
+        totpGetById: FunctionReference<"query", "internal", {
+          totpId: string;
         }, {
           _creationTime: number;
           _id: string;
-          config?: any;
-          extend?: any;
-          groupId: string;
+          createdAt: number;
+          digits: number;
+          lastUsedAt?: number;
           name?: string;
-          policy?: {
-            extend?: any;
-            identity: {
-              accountLinking: {
-                oidc: "verifiedEmail" | "none";
-                saml: "verifiedEmail" | "none";
-              };
-            };
-            provisioning: {
-              deprovision: {
-                mode: "soft" | "hard";
-              };
-              jit: {
-                defaultRole?: string;
-                defaultRoleIds?: Array<string>;
-                mode: "off" | "createUser" | "createUserAndMembership";
-              };
-              scimReuse: {
-                user: "externalId" | "none";
-              };
-            };
-            version: 1;
-          };
-          slug?: string;
-          status: "draft" | "active" | "disabled";
-        } | null, Name>;
-        enterpriseGetByDomain: FunctionReference<"query", "internal", {
-          domain: string;
-        }, {
-          domain: {
-            _creationTime: number;
-            _id: string;
-            domain: string;
-            enterpriseId: string;
-            groupId: string;
-            isPrimary: boolean;
-            verifiedAt?: number;
-          };
-          enterprise: {
-            _creationTime: number;
-            _id: string;
-            config?: any;
-            extend?: any;
-            groupId: string;
-            name?: string;
-            policy?: {
-              extend?: any;
-              identity: {
-                accountLinking: {
-                  oidc: "verifiedEmail" | "none";
-                  saml: "verifiedEmail" | "none";
-                };
-              };
-              provisioning: {
-                deprovision: {
-                  mode: "soft" | "hard";
-                };
-                jit: {
-                  defaultRole?: string;
-                  defaultRoleIds?: Array<string>;
-                  mode: "off" | "createUser" | "createUserAndMembership";
-                };
-                scimReuse: {
-                  user: "externalId" | "none";
-                };
-              };
-              version: 1;
-            };
-            slug?: string;
-            status: "draft" | "active" | "disabled";
-          };
+          period: number;
+          secret: ArrayBuffer;
+          userId: string;
+          verified: boolean;
         } | null, Name>;
-        enterpriseGetByGroup: FunctionReference<"query", "internal", {
-          groupId: string;
+        totpGetVerifiedByUserId: FunctionReference<"query", "internal", {
+          userId: string;
         }, {
           _creationTime: number;
           _id: string;
-          config?: any;
-          extend?: any;
-          groupId: string;
-          name?: string;
-          policy?: {
-            extend?: any;
-            identity: {
-              accountLinking: {
-                oidc: "verifiedEmail" | "none";
-                saml: "verifiedEmail" | "none";
-              };
-            };
-            provisioning: {
-              deprovision: {
-                mode: "soft" | "hard";
-              };
-              jit: {
-                defaultRole?: string;
-                defaultRoleIds?: Array<string>;
-                mode: "off" | "createUser" | "createUserAndMembership";
-              };
-              scimReuse: {
-                user: "externalId" | "none";
-              };
-            };
-            version: 1;
-          };
-          slug?: string;
-          status: "draft" | "active" | "disabled";
-        } | null, Name>;
-        enterpriseList: FunctionReference<"query", "internal", {
-          cursor?: string | null;
-          limit?: number;
-          order?: "asc" | "desc";
-          orderBy?: "_creationTime" | "name" | "slug" | "status";
-          where?: {
-            groupId?: string;
-            slug?: string;
-            status?: "draft" | "active" | "disabled";
-          };
-        }, {
-          items: Array<{
-            _creationTime: number;
-            _id: string;
-            config?: any;
-            extend?: any;
-            groupId: string;
-            name?: string;
-            policy?: {
-              extend?: any;
-              identity: {
-                accountLinking: {
-                  oidc: "verifiedEmail" | "none";
-                  saml: "verifiedEmail" | "none";
-                };
-              };
-              provisioning: {
-                deprovision: {
-                  mode: "soft" | "hard";
-                };
-                jit: {
-                  defaultRole?: string;
-                  defaultRoleIds?: Array<string>;
-                  mode: "off" | "createUser" | "createUserAndMembership";
-                };
-                scimReuse: {
-                  user: "externalId" | "none";
-                };
-              };
-              version: 1;
-            };
-            slug?: string;
-            status: "draft" | "active" | "disabled";
-          }>;
-          nextCursor: string | null;
-        }, Name>;
-        enterpriseUpdate: FunctionReference<"mutation", "internal", {
-          data: any;
-          enterpriseId: string;
-        }, null, Name>;
-      };
-      domains: {
-        enterpriseDomainAdd: FunctionReference<"mutation", "internal", {
-          domain: string;
-          enterpriseId: string;
-          groupId: string;
-          isPrimary?: boolean;
-        }, string, Name>;
-        enterpriseDomainDelete: FunctionReference<"mutation", "internal", {
-          domainId: string;
-        }, null, Name>;
-        enterpriseDomainList: FunctionReference<"query", "internal", {
-          enterpriseId: string;
-        }, Array<{
-          _creationTime: number;
-          _id: string;
-          domain: string;
-          enterpriseId: string;
-          groupId: string;
-          isPrimary: boolean;
-          verifiedAt?: number;
-        }>, Name>;
-        enterpriseDomainVerificationDelete: FunctionReference<"mutation", "internal", {
-          domainId: string;
-        }, null, Name>;
-        enterpriseDomainVerificationGet: FunctionReference<"query", "internal", {
-          domainId: string;
-        }, {
-          _creationTime: number;
-          _id: string;
-          domain: string;
-          domainId: string;
-          enterpriseId: string;
-          expiresAt: number;
-          groupId: string;
-          recordName: string;
-          requestedAt: number;
-          token: string;
-          tokenHash: string;
-        } | null, Name>;
-        enterpriseDomainVerificationUpsert: FunctionReference<"mutation", "internal", {
-          domain: string;
-          domainId: string;
-          enterpriseId: string;
-          expiresAt: number;
-          groupId: string;
-          recordName: string;
-          requestedAt: number;
-          token: string;
-          tokenHash: string;
-        }, string, Name>;
-        enterpriseDomainVerify: FunctionReference<"mutation", "internal", {
-          domainId: string;
-          verifiedAt: number;
-        }, {
-          _creationTime: number;
-          _id: string;
-          domain: string;
-          enterpriseId: string;
-          groupId: string;
-          isPrimary: boolean;
-          verifiedAt?: number;
-        }, Name>;
-      };
-      scim: {
-        enterpriseScimConfigGetByEnterprise: FunctionReference<"query", "internal", {
-          enterpriseId: string;
-        }, {
-          _creationTime: number;
-          _id: string;
-          basePath: string;
-          enterpriseId: string;
-          extend?: any;
-          groupId: string;
-          lastRotatedAt?: number;
-          status: "draft" | "active" | "disabled";
-          tokenHash: string;
-        } | null, Name>;
-        enterpriseScimConfigGetByTokenHash: FunctionReference<"query", "internal", {
-          tokenHash: string;
-        }, {
-          _creationTime: number;
-          _id: string;
-          basePath: string;
-          enterpriseId: string;
-          extend?: any;
-          groupId: string;
-          lastRotatedAt?: number;
-          status: "draft" | "active" | "disabled";
-          tokenHash: string;
-        } | null, Name>;
-        enterpriseScimConfigUpsert: FunctionReference<"mutation", "internal", {
-          basePath: string;
-          enterpriseId: string;
-          extend?: any;
-          groupId: string;
-          lastRotatedAt?: number;
-          status: "draft" | "active" | "disabled";
-          tokenHash: string;
-        }, string, Name>;
-        enterpriseScimIdentityDelete: FunctionReference<"mutation", "internal", {
-          identityId: string;
-        }, null, Name>;
-        enterpriseScimIdentityGet: FunctionReference<"query", "internal", {
-          enterpriseId: string;
-          externalId: string;
-          resourceType: "user" | "group";
-        }, {
-          _creationTime: number;
-          _id: string;
-          active?: boolean;
-          enterpriseId: string;
-          externalId: string;
-          groupId: string;
-          lastProvisionedAt?: number;
-          mappedGroupId?: string;
-          raw?: any;
-          resourceType: "user" | "group";
-          userId?: string;
-        } | null, Name>;
-        enterpriseScimIdentityGetByEnterpriseAndUser: FunctionReference<"query", "internal", {
-          enterpriseId: string;
-          userId: string;
-        }, {
-          _creationTime: number;
-          _id: string;
-          active?: boolean;
-          enterpriseId: string;
-          externalId: string;
-          groupId: string;
-          lastProvisionedAt?: number;
-          mappedGroupId?: string;
-          raw?: any;
-          resourceType: "user" | "group";
-          userId?: string;
-        } | null, Name>;
-        enterpriseScimIdentityGetByMappedGroup: FunctionReference<"query", "internal", {
-          mappedGroupId: string;
-        }, {
-          _creationTime: number;
-          _id: string;
-          active?: boolean;
-          enterpriseId: string;
-          externalId: string;
-          groupId: string;
-          lastProvisionedAt?: number;
-          mappedGroupId?: string;
-          raw?: any;
-          resourceType: "user" | "group";
-          userId?: string;
-        } | null, Name>;
-        enterpriseScimIdentityGetByUser: FunctionReference<"query", "internal", {
-          userId: string;
-        }, {
-          _creationTime: number;
-          _id: string;
-          active?: boolean;
-          enterpriseId: string;
-          externalId: string;
-          groupId: string;
-          lastProvisionedAt?: number;
-          mappedGroupId?: string;
-          raw?: any;
-          resourceType: "user" | "group";
-          userId?: string;
-        } | null, Name>;
-        enterpriseScimIdentityListByEnterprise: FunctionReference<"query", "internal", {
-          enterpriseId: string;
-        }, Array<{
-          _creationTime: number;
-          _id: string;
-          active?: boolean;
-          enterpriseId: string;
-          externalId: string;
-          groupId: string;
-          lastProvisionedAt?: number;
-          mappedGroupId?: string;
-          raw?: any;
-          resourceType: "user" | "group";
-          userId?: string;
-        }>, Name>;
-        enterpriseScimIdentityUpsert: FunctionReference<"mutation", "internal", {
-          active?: boolean;
-          enterpriseId: string;
-          externalId: string;
-          groupId: string;
-          lastProvisionedAt?: number;
-          mappedGroupId?: string;
-          raw?: any;
-          resourceType: "user" | "group";
-          userId?: string;
-        }, string, Name>;
-      };
-      secrets: {
-        enterpriseSecretDelete: FunctionReference<"mutation", "internal", {
-          enterpriseId: string;
-          kind: "oidc_client_secret";
-        }, null, Name>;
-        enterpriseSecretGet: FunctionReference<"query", "internal", {
-          enterpriseId: string;
-          kind: "oidc_client_secret";
-        }, {
-          _creationTime: number;
-          _id: string;
-          ciphertext: string;
-          enterpriseId: string;
-          groupId: string;
-          kind: "oidc_client_secret";
-          updatedAt: number;
-        } | null, Name>;
-        enterpriseSecretUpsert: FunctionReference<"mutation", "internal", {
-          ciphertext: string;
-          enterpriseId: string;
-          groupId: string;
-          kind: "oidc_client_secret";
-          updatedAt: number;
-        }, string, Name>;
-      };
-      webhooks: {
-        enterpriseWebhookDeliveryEnqueue: FunctionReference<"mutation", "internal", {
-          auditEventId?: string;
-          endpointId: string;
-          enterpriseId: string;
-          eventType: string;
-          nextAttemptAt: number;
-          payload: any;
-        }, string, Name>;
-        enterpriseWebhookDeliveryList: FunctionReference<"query", "internal", {
-          enterpriseId: string;
-          limit?: number;
-        }, Array<{
-          _creationTime: number;
-          _id: string;
-          attemptCount: number;
-          auditEventId?: string;
-          endpointId: string;
-          enterpriseId: string;
-          eventType: string;
-          lastAttemptAt?: number;
-          lastError?: string;
-          lastResponseStatus?: number;
-          nextAttemptAt: number;
-          payload: any;
-          status: "pending" | "processing" | "delivered" | "failed";
-        }>, Name>;
-        enterpriseWebhookDeliveryListReady: FunctionReference<"query", "internal", {
-          limit?: number;
-          now: number;
-        }, Array<{
-          _creationTime: number;
-          _id: string;
-          attemptCount: number;
-          auditEventId?: string;
-          endpointId: string;
-          enterpriseId: string;
-          eventType: string;
-          lastAttemptAt?: number;
-          lastError?: string;
-          lastResponseStatus?: number;
-          nextAttemptAt: number;
-          payload: any;
-          status: "pending" | "processing" | "delivered" | "failed";
-        }>, Name>;
-        enterpriseWebhookDeliveryPatch: FunctionReference<"mutation", "internal", {
-          data: any;
-          deliveryId: string;
-        }, null, Name>;
-        enterpriseWebhookEndpointCreate: FunctionReference<"mutation", "internal", {
-          createdByUserId?: string;
-          enterpriseId: string;
-          extend?: any;
-          groupId: string;
-          secretHash: string;
-          status?: "active" | "disabled";
-          subscriptions: Array<string>;
-          url: string;
-        }, string, Name>;
-        enterpriseWebhookEndpointGet: FunctionReference<"query", "internal", {
-          endpointId: string;
-        }, {
-          _creationTime: number;
-          _id: string;
-          createdByUserId?: string;
-          enterpriseId: string;
-          extend?: any;
-          failureCount: number;
-          groupId: string;
-          lastFailureAt?: number;
-          lastSuccessAt?: number;
-          secretHash: string;
-          status: "active" | "disabled";
-          subscriptions: Array<string>;
-          url: string;
-        } | null, Name>;
-        enterpriseWebhookEndpointList: FunctionReference<"query", "internal", {
-          enterpriseId: string;
-        }, Array<{
-          _creationTime: number;
-          _id: string;
-          createdByUserId?: string;
-          enterpriseId: string;
-          extend?: any;
-          failureCount: number;
-          groupId: string;
-          lastFailureAt?: number;
-          lastSuccessAt?: number;
-          secretHash: string;
-          status: "active" | "disabled";
-          subscriptions: Array<string>;
-          url: string;
-        }>, Name>;
-        enterpriseWebhookEndpointUpdate: FunctionReference<"mutation", "internal", {
-          data: any;
-          endpointId: string;
-        }, null, Name>;
-      };
-    };
-    enterpriseAuditEventCreate: FunctionReference<"mutation", "internal", {
-      actorId?: string;
-      actorType: "user" | "system" | "scim" | "api_key" | "webhook";
-      enterpriseId: string;
-      eventType: string;
-      groupId: string;
-      ip?: string;
-      metadata?: any;
-      occurredAt: number;
-      requestId?: string;
-      status: "success" | "failure";
-      subjectId?: string;
-      subjectType: string;
-    }, string, Name>;
-    enterpriseAuditEventList: FunctionReference<"query", "internal", {
-      enterpriseId?: string;
-      groupId?: string;
-      limit?: number;
-    }, Array<{
-      _creationTime: number;
-      _id: string;
-      actorId?: string;
-      actorType: "user" | "system" | "scim" | "api_key" | "webhook";
-      enterpriseId: string;
-      eventType: string;
-      groupId: string;
-      ip?: string;
-      metadata?: any;
-      occurredAt: number;
-      requestId?: string;
-      status: "success" | "failure";
-      subjectId?: string;
-      subjectType: string;
-    }>, Name>;
-    enterpriseCreate: FunctionReference<"mutation", "internal", {
-      config?: any;
-      extend?: any;
-      groupId: string;
-      name?: string;
-      policy?: {
-        extend?: any;
-        identity: {
-          accountLinking: {
-            oidc: "verifiedEmail" | "none";
-            saml: "verifiedEmail" | "none";
-          };
-        };
-        provisioning: {
-          deprovision: {
-            mode: "soft" | "hard";
-          };
-          jit: {
-            defaultRole?: string;
-            defaultRoleIds?: Array<string>;
-            mode: "off" | "createUser" | "createUserAndMembership";
-          };
-          scimReuse: {
-            user: "externalId" | "none";
-          };
-        };
-        version: 1;
-      };
-      slug?: string;
-      status?: "draft" | "active" | "disabled";
-    }, string, Name>;
-    enterpriseDelete: FunctionReference<"mutation", "internal", {
-      enterpriseId: string;
-    }, null, Name>;
-    enterpriseDomainAdd: FunctionReference<"mutation", "internal", {
-      domain: string;
-      enterpriseId: string;
-      groupId: string;
-      isPrimary?: boolean;
-    }, string, Name>;
-    enterpriseDomainDelete: FunctionReference<"mutation", "internal", {
-      domainId: string;
-    }, null, Name>;
-    enterpriseDomainList: FunctionReference<"query", "internal", {
-      enterpriseId: string;
-    }, Array<{
-      _creationTime: number;
-      _id: string;
-      domain: string;
-      enterpriseId: string;
-      groupId: string;
-      isPrimary: boolean;
-      verifiedAt?: number;
-    }>, Name>;
-    enterpriseDomainVerificationDelete: FunctionReference<"mutation", "internal", {
-      domainId: string;
-    }, null, Name>;
-    enterpriseDomainVerificationGet: FunctionReference<"query", "internal", {
-      domainId: string;
-    }, {
-      _creationTime: number;
-      _id: string;
-      domain: string;
-      domainId: string;
-      enterpriseId: string;
-      expiresAt: number;
-      groupId: string;
-      recordName: string;
-      requestedAt: number;
-      token: string;
-      tokenHash: string;
-    } | null, Name>;
-    enterpriseDomainVerificationUpsert: FunctionReference<"mutation", "internal", {
-      domain: string;
-      domainId: string;
-      enterpriseId: string;
-      expiresAt: number;
-      groupId: string;
-      recordName: string;
-      requestedAt: number;
-      token: string;
-      tokenHash: string;
-    }, string, Name>;
-    enterpriseDomainVerify: FunctionReference<"mutation", "internal", {
-      domainId: string;
-      verifiedAt: number;
-    }, {
-      _creationTime: number;
-      _id: string;
-      domain: string;
-      enterpriseId: string;
-      groupId: string;
-      isPrimary: boolean;
-      verifiedAt?: number;
-    }, Name>;
-    enterpriseGet: FunctionReference<"query", "internal", {
-      enterpriseId: string;
-    }, {
-      _creationTime: number;
-      _id: string;
-      config?: any;
-      extend?: any;
-      groupId: string;
-      name?: string;
-      policy?: {
-        extend?: any;
-        identity: {
-          accountLinking: {
-            oidc: "verifiedEmail" | "none";
-            saml: "verifiedEmail" | "none";
-          };
-        };
-        provisioning: {
-          deprovision: {
-            mode: "soft" | "hard";
-          };
-          jit: {
-            defaultRole?: string;
-            defaultRoleIds?: Array<string>;
-            mode: "off" | "createUser" | "createUserAndMembership";
-          };
-          scimReuse: {
-            user: "externalId" | "none";
-          };
-        };
-        version: 1;
-      };
-      slug?: string;
-      status: "draft" | "active" | "disabled";
-    } | null, Name>;
-    enterpriseGetByDomain: FunctionReference<"query", "internal", {
-      domain: string;
-    }, {
-      domain: {
-        _creationTime: number;
-        _id: string;
-        domain: string;
-        enterpriseId: string;
-        groupId: string;
-        isPrimary: boolean;
-        verifiedAt?: number;
-      };
-      enterprise: {
-        _creationTime: number;
-        _id: string;
-        config?: any;
-        extend?: any;
-        groupId: string;
-        name?: string;
-        policy?: {
-          extend?: any;
-          identity: {
-            accountLinking: {
-              oidc: "verifiedEmail" | "none";
-              saml: "verifiedEmail" | "none";
-            };
-          };
-          provisioning: {
-            deprovision: {
-              mode: "soft" | "hard";
-            };
-            jit: {
-              defaultRole?: string;
-              defaultRoleIds?: Array<string>;
-              mode: "off" | "createUser" | "createUserAndMembership";
-            };
-            scimReuse: {
-              user: "externalId" | "none";
-            };
-          };
-          version: 1;
-        };
-        slug?: string;
-        status: "draft" | "active" | "disabled";
-      };
-    } | null, Name>;
-    enterpriseGetByGroup: FunctionReference<"query", "internal", {
-      groupId: string;
-    }, {
-      _creationTime: number;
-      _id: string;
-      config?: any;
-      extend?: any;
-      groupId: string;
-      name?: string;
-      policy?: {
-        extend?: any;
-        identity: {
-          accountLinking: {
-            oidc: "verifiedEmail" | "none";
-            saml: "verifiedEmail" | "none";
-          };
-        };
-        provisioning: {
-          deprovision: {
-            mode: "soft" | "hard";
-          };
-          jit: {
-            defaultRole?: string;
-            defaultRoleIds?: Array<string>;
-            mode: "off" | "createUser" | "createUserAndMembership";
-          };
-          scimReuse: {
-            user: "externalId" | "none";
-          };
-        };
-        version: 1;
-      };
-      slug?: string;
-      status: "draft" | "active" | "disabled";
-    } | null, Name>;
-    enterpriseList: FunctionReference<"query", "internal", {
-      cursor?: string | null;
-      limit?: number;
-      order?: "asc" | "desc";
-      orderBy?: "_creationTime" | "name" | "slug" | "status";
-      where?: {
-        groupId?: string;
-        slug?: string;
-        status?: "draft" | "active" | "disabled";
-      };
-    }, {
-      items: Array<{
-        _creationTime: number;
-        _id: string;
-        config?: any;
-        extend?: any;
-        groupId: string;
-        name?: string;
-        policy?: {
-          extend?: any;
-          identity: {
-            accountLinking: {
-              oidc: "verifiedEmail" | "none";
-              saml: "verifiedEmail" | "none";
-            };
-          };
-          provisioning: {
-            deprovision: {
-              mode: "soft" | "hard";
-            };
-            jit: {
-              defaultRole?: string;
-              defaultRoleIds?: Array<string>;
-              mode: "off" | "createUser" | "createUserAndMembership";
-            };
-            scimReuse: {
-              user: "externalId" | "none";
-            };
-          };
-          version: 1;
-        };
-        slug?: string;
-        status: "draft" | "active" | "disabled";
-      }>;
-      nextCursor: string | null;
-    }, Name>;
-    enterpriseScimConfigGetByEnterprise: FunctionReference<"query", "internal", {
-      enterpriseId: string;
-    }, {
-      _creationTime: number;
-      _id: string;
-      basePath: string;
-      enterpriseId: string;
-      extend?: any;
-      groupId: string;
-      lastRotatedAt?: number;
-      status: "draft" | "active" | "disabled";
-      tokenHash: string;
-    } | null, Name>;
-    enterpriseScimConfigGetByTokenHash: FunctionReference<"query", "internal", {
-      tokenHash: string;
-    }, {
-      _creationTime: number;
-      _id: string;
-      basePath: string;
-      enterpriseId: string;
-      extend?: any;
-      groupId: string;
-      lastRotatedAt?: number;
-      status: "draft" | "active" | "disabled";
-      tokenHash: string;
-    } | null, Name>;
-    enterpriseScimConfigUpsert: FunctionReference<"mutation", "internal", {
-      basePath: string;
-      enterpriseId: string;
-      extend?: any;
-      groupId: string;
-      lastRotatedAt?: number;
-      status: "draft" | "active" | "disabled";
-      tokenHash: string;
-    }, string, Name>;
-    enterpriseScimIdentityDelete: FunctionReference<"mutation", "internal", {
-      identityId: string;
-    }, null, Name>;
-    enterpriseScimIdentityGet: FunctionReference<"query", "internal", {
-      enterpriseId: string;
-      externalId: string;
-      resourceType: "user" | "group";
-    }, {
-      _creationTime: number;
-      _id: string;
-      active?: boolean;
-      enterpriseId: string;
-      externalId: string;
-      groupId: string;
-      lastProvisionedAt?: number;
-      mappedGroupId?: string;
-      raw?: any;
-      resourceType: "user" | "group";
-      userId?: string;
-    } | null, Name>;
-    enterpriseScimIdentityGetByEnterpriseAndUser: FunctionReference<"query", "internal", {
-      enterpriseId: string;
-      userId: string;
-    }, {
-      _creationTime: number;
-      _id: string;
-      active?: boolean;
-      enterpriseId: string;
-      externalId: string;
-      groupId: string;
-      lastProvisionedAt?: number;
-      mappedGroupId?: string;
-      raw?: any;
-      resourceType: "user" | "group";
-      userId?: string;
-    } | null, Name>;
-    enterpriseScimIdentityGetByMappedGroup: FunctionReference<"query", "internal", {
-      mappedGroupId: string;
-    }, {
-      _creationTime: number;
-      _id: string;
-      active?: boolean;
-      enterpriseId: string;
-      externalId: string;
-      groupId: string;
-      lastProvisionedAt?: number;
-      mappedGroupId?: string;
-      raw?: any;
-      resourceType: "user" | "group";
-      userId?: string;
-    } | null, Name>;
-    enterpriseScimIdentityGetByUser: FunctionReference<"query", "internal", {
-      userId: string;
-    }, {
-      _creationTime: number;
-      _id: string;
-      active?: boolean;
-      enterpriseId: string;
-      externalId: string;
-      groupId: string;
-      lastProvisionedAt?: number;
-      mappedGroupId?: string;
-      raw?: any;
-      resourceType: "user" | "group";
-      userId?: string;
-    } | null, Name>;
-    enterpriseScimIdentityListByEnterprise: FunctionReference<"query", "internal", {
-      enterpriseId: string;
-    }, Array<{
-      _creationTime: number;
-      _id: string;
-      active?: boolean;
-      enterpriseId: string;
-      externalId: string;
-      groupId: string;
-      lastProvisionedAt?: number;
-      mappedGroupId?: string;
-      raw?: any;
-      resourceType: "user" | "group";
-      userId?: string;
-    }>, Name>;
-    enterpriseScimIdentityUpsert: FunctionReference<"mutation", "internal", {
-      active?: boolean;
-      enterpriseId: string;
-      externalId: string;
-      groupId: string;
-      lastProvisionedAt?: number;
-      mappedGroupId?: string;
-      raw?: any;
-      resourceType: "user" | "group";
-      userId?: string;
-    }, string, Name>;
-    enterpriseSecretDelete: FunctionReference<"mutation", "internal", {
-      enterpriseId: string;
-      kind: "oidc_client_secret";
-    }, null, Name>;
-    enterpriseSecretGet: FunctionReference<"query", "internal", {
-      enterpriseId: string;
-      kind: "oidc_client_secret";
-    }, {
-      _creationTime: number;
-      _id: string;
-      ciphertext: string;
-      enterpriseId: string;
-      groupId: string;
-      kind: "oidc_client_secret";
-      updatedAt: number;
-    } | null, Name>;
-    enterpriseSecretUpsert: FunctionReference<"mutation", "internal", {
-      ciphertext: string;
-      enterpriseId: string;
-      groupId: string;
-      kind: "oidc_client_secret";
-      updatedAt: number;
-    }, string, Name>;
-    enterpriseUpdate: FunctionReference<"mutation", "internal", {
-      data: any;
-      enterpriseId: string;
-    }, null, Name>;
-    enterpriseWebhookDeliveryEnqueue: FunctionReference<"mutation", "internal", {
-      auditEventId?: string;
-      endpointId: string;
-      enterpriseId: string;
-      eventType: string;
-      nextAttemptAt: number;
-      payload: any;
-    }, string, Name>;
-    enterpriseWebhookDeliveryList: FunctionReference<"query", "internal", {
-      enterpriseId: string;
-      limit?: number;
-    }, Array<{
-      _creationTime: number;
-      _id: string;
-      attemptCount: number;
-      auditEventId?: string;
-      endpointId: string;
-      enterpriseId: string;
-      eventType: string;
-      lastAttemptAt?: number;
-      lastError?: string;
-      lastResponseStatus?: number;
-      nextAttemptAt: number;
-      payload: any;
-      status: "pending" | "processing" | "delivered" | "failed";
-    }>, Name>;
-    enterpriseWebhookDeliveryListReady: FunctionReference<"query", "internal", {
-      limit?: number;
-      now: number;
-    }, Array<{
-      _creationTime: number;
-      _id: string;
-      attemptCount: number;
-      auditEventId?: string;
-      endpointId: string;
-      enterpriseId: string;
-      eventType: string;
-      lastAttemptAt?: number;
-      lastError?: string;
-      lastResponseStatus?: number;
-      nextAttemptAt: number;
-      payload: any;
-      status: "pending" | "processing" | "delivered" | "failed";
-    }>, Name>;
-    enterpriseWebhookDeliveryPatch: FunctionReference<"mutation", "internal", {
-      data: any;
-      deliveryId: string;
-    }, null, Name>;
-    enterpriseWebhookEndpointCreate: FunctionReference<"mutation", "internal", {
-      createdByUserId?: string;
-      enterpriseId: string;
-      extend?: any;
-      groupId: string;
-      secretHash: string;
-      status?: "active" | "disabled";
-      subscriptions: Array<string>;
-      url: string;
-    }, string, Name>;
-    enterpriseWebhookEndpointGet: FunctionReference<"query", "internal", {
-      endpointId: string;
-    }, {
-      _creationTime: number;
-      _id: string;
-      createdByUserId?: string;
-      enterpriseId: string;
-      extend?: any;
-      failureCount: number;
-      groupId: string;
-      lastFailureAt?: number;
-      lastSuccessAt?: number;
-      secretHash: string;
-      status: "active" | "disabled";
-      subscriptions: Array<string>;
-      url: string;
-    } | null, Name>;
-    enterpriseWebhookEndpointList: FunctionReference<"query", "internal", {
-      enterpriseId: string;
-    }, Array<{
-      _creationTime: number;
-      _id: string;
-      createdByUserId?: string;
-      enterpriseId: string;
-      extend?: any;
-      failureCount: number;
-      groupId: string;
-      lastFailureAt?: number;
-      lastSuccessAt?: number;
-      secretHash: string;
-      status: "active" | "disabled";
-      subscriptions: Array<string>;
-      url: string;
-    }>, Name>;
-    enterpriseWebhookEndpointUpdate: FunctionReference<"mutation", "internal", {
-      data: any;
-      endpointId: string;
-    }, null, Name>;
-    factors: {
-      devices: {
-        deviceAuthorize: FunctionReference<"mutation", "internal", {
-          deviceId: string;
-          sessionId: string;
-          userId: string;
-        }, null, Name>;
-        deviceDelete: FunctionReference<"mutation", "internal", {
-          deviceId: string;
-        }, null, Name>;
-        deviceGetByCodeHash: FunctionReference<"query", "internal", {
-          deviceCodeHash: string;
-        }, {
-          _creationTime: number;
-          _id: string;
-          deviceCodeHash: string;
-          expiresAt: number;
-          interval: number;
-          lastPolledAt?: number;
-          sessionId?: string;
-          status: "pending" | "authorized" | "denied";
-          userCode: string;
-          userId?: string;
-        } | null, Name>;
-        deviceGetByUserCode: FunctionReference<"query", "internal", {
-          userCode: string;
-        }, {
-          _creationTime: number;
-          _id: string;
-          deviceCodeHash: string;
-          expiresAt: number;
-          interval: number;
-          lastPolledAt?: number;
-          sessionId?: string;
-          status: "pending" | "authorized" | "denied";
-          userCode: string;
-          userId?: string;
-        } | null, Name>;
-        deviceInsert: FunctionReference<"mutation", "internal", {
-          deviceCodeHash: string;
-          expiresAt: number;
-          interval: number;
-          status: "pending" | "authorized" | "denied";
-          userCode: string;
-        }, string, Name>;
-        deviceUpdateLastPolled: FunctionReference<"mutation", "internal", {
-          deviceId: string;
-          lastPolledAt: number;
-        }, null, Name>;
-      };
-      passkeys: {
-        passkeyDelete: FunctionReference<"mutation", "internal", {
-          passkeyId: string;
-        }, null, Name>;
-        passkeyGetByCredentialId: FunctionReference<"query", "internal", {
-          credentialId: string;
-        }, {
-          _creationTime: number;
-          _id: string;
-          algorithm: number;
-          backedUp: boolean;
-          counter: number;
-          createdAt: number;
-          credentialId: string;
-          deviceType: string;
-          lastUsedAt?: number;
-          name?: string;
-          publicKey: ArrayBuffer;
-          transports?: Array<string>;
-          userId: string;
-        } | null, Name>;
-        passkeyInsert: FunctionReference<"mutation", "internal", {
-          algorithm: number;
-          backedUp: boolean;
-          counter: number;
-          createdAt: number;
-          credentialId: string;
-          deviceType: string;
-          name?: string;
-          publicKey: ArrayBuffer;
-          transports?: Array<string>;
-          userId: string;
-        }, string, Name>;
-        passkeyListByUserId: FunctionReference<"query", "internal", {
-          userId: string;
-        }, Array<{
-          _creationTime: number;
-          _id: string;
-          algorithm: number;
-          backedUp: boolean;
-          counter: number;
-          createdAt: number;
-          credentialId: string;
-          deviceType: string;
-          lastUsedAt?: number;
-          name?: string;
-          publicKey: ArrayBuffer;
-          transports?: Array<string>;
-          userId: string;
-        }>, Name>;
-        passkeyUpdateCounter: FunctionReference<"mutation", "internal", {
-          counter: number;
-          lastUsedAt: number;
-          passkeyId: string;
-        }, null, Name>;
-        passkeyUpdateMeta: FunctionReference<"mutation", "internal", {
-          data: any;
-          passkeyId: string;
-        }, null, Name>;
-      };
-      totp: {
-        totpDelete: FunctionReference<"mutation", "internal", {
-          totpId: string;
-        }, null, Name>;
-        totpGetById: FunctionReference<"query", "internal", {
-          totpId: string;
-        }, {
-          _creationTime: number;
-          _id: string;
-          createdAt: number;
-          digits: number;
-          lastUsedAt?: number;
-          name?: string;
-          period: number;
-          secret: ArrayBuffer;
-          userId: string;
-          verified: boolean;
-        } | null, Name>;
-        totpGetVerifiedByUserId: FunctionReference<"query", "internal", {
-          userId: string;
-        }, {
-          _creationTime: number;
-          _id: string;
-          createdAt: number;
-          digits: number;
-          lastUsedAt?: number;
+          createdAt: number;
+          digits: number;
+          lastUsedAt?: number;
           name?: string;
           period: number;
           secret: ArrayBuffer;
@@ -1386,6 +290,328 @@ type ComponentApi<Name extends string | undefined = string | undefined> = {
         }, null, Name>;
       };
     };
+    groupAuditEventCreate: FunctionReference<"mutation", "internal", {
+      actorId?: string;
+      actorType: "user" | "system" | "scim" | "api_key" | "webhook";
+      connectionId?: string;
+      eventType: string;
+      groupId: string;
+      ip?: string;
+      metadata?: any;
+      occurredAt: number;
+      requestId?: string;
+      status: "success" | "failure";
+      subjectId?: string;
+      subjectType: string;
+    }, string, Name>;
+    groupAuditEventList: FunctionReference<"query", "internal", {
+      connectionId?: string;
+      groupId?: string;
+      limit?: number;
+    }, Array<{
+      _creationTime: number;
+      _id: string;
+      actorId?: string;
+      actorType: "user" | "system" | "scim" | "api_key" | "webhook";
+      connectionId?: string;
+      eventType: string;
+      groupId: string;
+      ip?: string;
+      metadata?: any;
+      occurredAt: number;
+      requestId?: string;
+      status: "success" | "failure";
+      subjectId?: string;
+      subjectType: string;
+    }>, Name>;
+    groupConnectionCreate: FunctionReference<"mutation", "internal", {
+      config?: any;
+      extend?: any;
+      groupId: string;
+      name?: string;
+      protocol: "oidc" | "saml";
+      slug?: string;
+      status?: "draft" | "active" | "disabled";
+    }, string, Name>;
+    groupConnectionDelete: FunctionReference<"mutation", "internal", {
+      connectionId: string;
+    }, null, Name>;
+    groupConnectionDomainAdd: FunctionReference<"mutation", "internal", {
+      connectionId: string;
+      domain: string;
+      groupId: string;
+      isPrimary?: boolean;
+    }, string, Name>;
+    groupConnectionDomainDelete: FunctionReference<"mutation", "internal", {
+      domainId: string;
+    }, null, Name>;
+    groupConnectionDomainList: FunctionReference<"query", "internal", {
+      connectionId: string;
+    }, Array<{
+      _creationTime: number;
+      _id: string;
+      connectionId: string;
+      domain: string;
+      groupId: string;
+      isPrimary: boolean;
+      verifiedAt?: number;
+    }>, Name>;
+    groupConnectionDomainVerificationDelete: FunctionReference<"mutation", "internal", {
+      domainId: string;
+    }, null, Name>;
+    groupConnectionDomainVerificationGet: FunctionReference<"query", "internal", {
+      domainId: string;
+    }, {
+      _creationTime: number;
+      _id: string;
+      connectionId: string;
+      domain: string;
+      domainId: string;
+      expiresAt: number;
+      groupId: string;
+      recordName: string;
+      requestedAt: number;
+      token: string;
+      tokenHash: string;
+    } | null, Name>;
+    groupConnectionDomainVerificationUpsert: FunctionReference<"mutation", "internal", {
+      connectionId: string;
+      domain: string;
+      domainId: string;
+      expiresAt: number;
+      groupId: string;
+      recordName: string;
+      requestedAt: number;
+      token: string;
+      tokenHash: string;
+    }, string, Name>;
+    groupConnectionDomainVerify: FunctionReference<"mutation", "internal", {
+      domainId: string;
+      verifiedAt: number;
+    }, {
+      _creationTime: number;
+      _id: string;
+      connectionId: string;
+      domain: string;
+      groupId: string;
+      isPrimary: boolean;
+      verifiedAt?: number;
+    }, Name>;
+    groupConnectionGet: FunctionReference<"query", "internal", {
+      connectionId: string;
+    }, {
+      _creationTime: number;
+      _id: string;
+      config?: any;
+      extend?: any;
+      groupId: string;
+      name?: string;
+      protocol: "oidc" | "saml";
+      slug?: string;
+      status: "draft" | "active" | "disabled";
+    } | null, Name>;
+    groupConnectionGetByDomain: FunctionReference<"query", "internal", {
+      domain: string;
+    }, {
+      connection: {
+        _creationTime: number;
+        _id: string;
+        config?: any;
+        extend?: any;
+        groupId: string;
+        name?: string;
+        protocol: "oidc" | "saml";
+        slug?: string;
+        status: "draft" | "active" | "disabled";
+      };
+      domain: {
+        _creationTime: number;
+        _id: string;
+        connectionId: string;
+        domain: string;
+        groupId: string;
+        isPrimary: boolean;
+        verifiedAt?: number;
+      };
+    } | null, Name>;
+    groupConnectionList: FunctionReference<"query", "internal", {
+      cursor?: string | null;
+      limit?: number;
+      order?: "asc" | "desc";
+      orderBy?: "_creationTime" | "name" | "slug" | "status";
+      where?: {
+        groupId?: string;
+        slug?: string;
+        status?: "draft" | "active" | "disabled";
+      };
+    }, {
+      items: Array<{
+        _creationTime: number;
+        _id: string;
+        config?: any;
+        extend?: any;
+        groupId: string;
+        name?: string;
+        protocol: "oidc" | "saml";
+        slug?: string;
+        status: "draft" | "active" | "disabled";
+      }>;
+      nextCursor: string | null;
+    }, Name>;
+    groupConnectionScimConfigGetByGroupConnection: FunctionReference<"query", "internal", {
+      connectionId: string;
+    }, {
+      _creationTime: number;
+      _id: string;
+      basePath: string;
+      connectionId: string;
+      extend?: any;
+      groupId: string;
+      lastRotatedAt?: number;
+      status: "draft" | "active" | "disabled";
+      tokenHash: string;
+    } | null, Name>;
+    groupConnectionScimConfigGetByTokenHash: FunctionReference<"query", "internal", {
+      tokenHash: string;
+    }, {
+      _creationTime: number;
+      _id: string;
+      basePath: string;
+      connectionId: string;
+      extend?: any;
+      groupId: string;
+      lastRotatedAt?: number;
+      status: "draft" | "active" | "disabled";
+      tokenHash: string;
+    } | null, Name>;
+    groupConnectionScimConfigUpsert: FunctionReference<"mutation", "internal", {
+      basePath: string;
+      connectionId: string;
+      extend?: any;
+      groupId: string;
+      lastRotatedAt?: number;
+      status: "draft" | "active" | "disabled";
+      tokenHash: string;
+    }, string, Name>;
+    groupConnectionScimIdentityDelete: FunctionReference<"mutation", "internal", {
+      identityId: string;
+    }, null, Name>;
+    groupConnectionScimIdentityGet: FunctionReference<"query", "internal", {
+      connectionId: string;
+      externalId: string;
+      resourceType: "user" | "group";
+    }, {
+      _creationTime: number;
+      _id: string;
+      active?: boolean;
+      connectionId: string;
+      externalId: string;
+      groupId: string;
+      lastProvisionedAt?: number;
+      mappedGroupId?: string;
+      raw?: any;
+      resourceType: "user" | "group";
+      userId?: string;
+    } | null, Name>;
+    groupConnectionScimIdentityGetByGroupConnectionAndUser: FunctionReference<"query", "internal", {
+      connectionId: string;
+      userId: string;
+    }, {
+      _creationTime: number;
+      _id: string;
+      active?: boolean;
+      connectionId: string;
+      externalId: string;
+      groupId: string;
+      lastProvisionedAt?: number;
+      mappedGroupId?: string;
+      raw?: any;
+      resourceType: "user" | "group";
+      userId?: string;
+    } | null, Name>;
+    groupConnectionScimIdentityGetByMappedGroup: FunctionReference<"query", "internal", {
+      mappedGroupId: string;
+    }, {
+      _creationTime: number;
+      _id: string;
+      active?: boolean;
+      connectionId: string;
+      externalId: string;
+      groupId: string;
+      lastProvisionedAt?: number;
+      mappedGroupId?: string;
+      raw?: any;
+      resourceType: "user" | "group";
+      userId?: string;
+    } | null, Name>;
+    groupConnectionScimIdentityGetByUser: FunctionReference<"query", "internal", {
+      userId: string;
+    }, {
+      _creationTime: number;
+      _id: string;
+      active?: boolean;
+      connectionId: string;
+      externalId: string;
+      groupId: string;
+      lastProvisionedAt?: number;
+      mappedGroupId?: string;
+      raw?: any;
+      resourceType: "user" | "group";
+      userId?: string;
+    } | null, Name>;
+    groupConnectionScimIdentityListByGroupConnection: FunctionReference<"query", "internal", {
+      connectionId: string;
+    }, Array<{
+      _creationTime: number;
+      _id: string;
+      active?: boolean;
+      connectionId: string;
+      externalId: string;
+      groupId: string;
+      lastProvisionedAt?: number;
+      mappedGroupId?: string;
+      raw?: any;
+      resourceType: "user" | "group";
+      userId?: string;
+    }>, Name>;
+    groupConnectionScimIdentityUpsert: FunctionReference<"mutation", "internal", {
+      active?: boolean;
+      connectionId: string;
+      externalId: string;
+      groupId: string;
+      lastProvisionedAt?: number;
+      mappedGroupId?: string;
+      raw?: any;
+      resourceType: "user" | "group";
+      userId?: string;
+    }, string, Name>;
+    groupConnectionSecretDelete: FunctionReference<"mutation", "internal", {
+      connectionId: string;
+      kind: "oidc_client_secret";
+    }, null, Name>;
+    groupConnectionSecretGet: FunctionReference<"query", "internal", {
+      connectionId: string;
+      kind: "oidc_client_secret";
+    }, {
+      _creationTime: number;
+      _id: string;
+      ciphertext: string;
+      connectionId: string;
+      groupId: string;
+      kind: "oidc_client_secret";
+      updatedAt: number;
+    } | null, Name>;
+    groupConnectionSecretUpsert: FunctionReference<"mutation", "internal", {
+      ciphertext: string;
+      connectionId: string;
+      groupId: string;
+      kind: "oidc_client_secret";
+      updatedAt: number;
+    }, string, Name>;
+    groupConnectionUpdate: FunctionReference<"mutation", "internal", {
+      connectionId: string;
+      data: any;
+    }, null, Name>;
     groupCreate: FunctionReference<"mutation", "internal", {
       extend?: any;
       name: string;
@@ -1409,6 +635,45 @@ type ComponentApi<Name extends string | undefined = string | undefined> = {
       isRoot?: boolean;
       name: string;
       parentGroupId?: string;
+      policy?: {
+        extend?: any;
+        identity: {
+          accountLinking: {
+            oidc: "verifiedEmail" | "none";
+            saml: "verifiedEmail" | "none";
+          };
+        };
+        provisioning: {
+          deprovision: {
+            mode: "soft" | "hard";
+          };
+          groups: {
+            mapping?: Record<string, Array<string>>;
+            mode: "ignore" | "sync";
+            source: "protocol";
+          };
+          jit: {
+            defaultRole?: string;
+            defaultRoleIds?: Array<string>;
+            mode: "off" | "createUser" | "createUserAndMembership";
+          };
+          roles: {
+            mapping?: Record<string, Array<string>>;
+            mode: "ignore" | "map";
+            source: "protocol";
+          };
+          scimReuse: {
+            user: "externalId" | "none";
+          };
+          user: {
+            authority: "app" | "sso" | "scim";
+            createOnSignIn: boolean;
+            updateProfileFromScim: "never" | "missing" | "always";
+            updateProfileOnLogin: "never" | "missing" | "always";
+          };
+        };
+        version: 1;
+      };
       rootGroupId?: string;
       slug?: string;
       tags?: Array<{
@@ -1445,6 +710,45 @@ type ComponentApi<Name extends string | undefined = string | undefined> = {
         isRoot?: boolean;
         name: string;
         parentGroupId?: string;
+        policy?: {
+          extend?: any;
+          identity: {
+            accountLinking: {
+              oidc: "verifiedEmail" | "none";
+              saml: "verifiedEmail" | "none";
+            };
+          };
+          provisioning: {
+            deprovision: {
+              mode: "soft" | "hard";
+            };
+            groups: {
+              mapping?: Record<string, Array<string>>;
+              mode: "ignore" | "sync";
+              source: "protocol";
+            };
+            jit: {
+              defaultRole?: string;
+              defaultRoleIds?: Array<string>;
+              mode: "off" | "createUser" | "createUserAndMembership";
+            };
+            roles: {
+              mapping?: Record<string, Array<string>>;
+              mode: "ignore" | "map";
+              source: "protocol";
+            };
+            scimReuse: {
+              user: "externalId" | "none";
+            };
+            user: {
+              authority: "app" | "sso" | "scim";
+              createOnSignIn: boolean;
+              updateProfileFromScim: "never" | "missing" | "always";
+              updateProfileOnLogin: "never" | "missing" | "always";
+            };
+          };
+          version: 1;
+        };
         rootGroupId?: string;
         slug?: string;
         tags?: Array<{
@@ -1480,6 +784,45 @@ type ComponentApi<Name extends string | undefined = string | undefined> = {
           isRoot?: boolean;
           name: string;
           parentGroupId?: string;
+          policy?: {
+            extend?: any;
+            identity: {
+              accountLinking: {
+                oidc: "verifiedEmail" | "none";
+                saml: "verifiedEmail" | "none";
+              };
+            };
+            provisioning: {
+              deprovision: {
+                mode: "soft" | "hard";
+              };
+              groups: {
+                mapping?: Record<string, Array<string>>;
+                mode: "ignore" | "sync";
+                source: "protocol";
+              };
+              jit: {
+                defaultRole?: string;
+                defaultRoleIds?: Array<string>;
+                mode: "off" | "createUser" | "createUserAndMembership";
+              };
+              roles: {
+                mapping?: Record<string, Array<string>>;
+                mode: "ignore" | "map";
+                source: "protocol";
+              };
+              scimReuse: {
+                user: "externalId" | "none";
+              };
+              user: {
+                authority: "app" | "sso" | "scim";
+                createOnSignIn: boolean;
+                updateProfileFromScim: "never" | "missing" | "always";
+                updateProfileOnLogin: "never" | "missing" | "always";
+              };
+            };
+            version: 1;
+          };
           rootGroupId?: string;
           slug?: string;
           tags?: Array<{
@@ -1516,6 +859,45 @@ type ComponentApi<Name extends string | undefined = string | undefined> = {
             isRoot?: boolean;
             name: string;
             parentGroupId?: string;
+            policy?: {
+              extend?: any;
+              identity: {
+                accountLinking: {
+                  oidc: "verifiedEmail" | "none";
+                  saml: "verifiedEmail" | "none";
+                };
+              };
+              provisioning: {
+                deprovision: {
+                  mode: "soft" | "hard";
+                };
+                groups: {
+                  mapping?: Record<string, Array<string>>;
+                  mode: "ignore" | "sync";
+                  source: "protocol";
+                };
+                jit: {
+                  defaultRole?: string;
+                  defaultRoleIds?: Array<string>;
+                  mode: "off" | "createUser" | "createUserAndMembership";
+                };
+                roles: {
+                  mapping?: Record<string, Array<string>>;
+                  mode: "ignore" | "map";
+                  source: "protocol";
+                };
+                scimReuse: {
+                  user: "externalId" | "none";
+                };
+                user: {
+                  authority: "app" | "sso" | "scim";
+                  createOnSignIn: boolean;
+                  updateProfileFromScim: "never" | "missing" | "always";
+                  updateProfileOnLogin: "never" | "missing" | "always";
+                };
+              };
+              version: 1;
+            };
             rootGroupId?: string;
             slug?: string;
             tags?: Array<{
@@ -1718,6 +1100,102 @@ type ComponentApi<Name extends string | undefined = string | undefined> = {
       data: any;
       groupId: string;
     }, null, Name>;
+    groupWebhookDeliveryEnqueue: FunctionReference<"mutation", "internal", {
+      auditEventId?: string;
+      connectionId: string;
+      endpointId: string;
+      eventType: string;
+      nextAttemptAt: number;
+      payload: any;
+    }, string, Name>;
+    groupWebhookDeliveryList: FunctionReference<"query", "internal", {
+      connectionId: string;
+      limit?: number;
+    }, Array<{
+      _creationTime: number;
+      _id: string;
+      attemptCount: number;
+      auditEventId?: string;
+      connectionId: string;
+      endpointId: string;
+      eventType: string;
+      lastAttemptAt?: number;
+      lastError?: string;
+      lastResponseStatus?: number;
+      nextAttemptAt: number;
+      payload: any;
+      status: "pending" | "processing" | "delivered" | "failed";
+    }>, Name>;
+    groupWebhookDeliveryListReady: FunctionReference<"query", "internal", {
+      limit?: number;
+      now: number;
+    }, Array<{
+      _creationTime: number;
+      _id: string;
+      attemptCount: number;
+      auditEventId?: string;
+      connectionId: string;
+      endpointId: string;
+      eventType: string;
+      lastAttemptAt?: number;
+      lastError?: string;
+      lastResponseStatus?: number;
+      nextAttemptAt: number;
+      payload: any;
+      status: "pending" | "processing" | "delivered" | "failed";
+    }>, Name>;
+    groupWebhookDeliveryPatch: FunctionReference<"mutation", "internal", {
+      data: any;
+      deliveryId: string;
+    }, null, Name>;
+    groupWebhookEndpointCreate: FunctionReference<"mutation", "internal", {
+      connectionId: string;
+      createdByUserId?: string;
+      extend?: any;
+      groupId: string;
+      secretHash: string;
+      status?: "active" | "disabled";
+      subscriptions: Array<string>;
+      url: string;
+    }, string, Name>;
+    groupWebhookEndpointGet: FunctionReference<"query", "internal", {
+      endpointId: string;
+    }, {
+      _creationTime: number;
+      _id: string;
+      connectionId: string;
+      createdByUserId?: string;
+      extend?: any;
+      failureCount: number;
+      groupId: string;
+      lastFailureAt?: number;
+      lastSuccessAt?: number;
+      secretHash: string;
+      status: "active" | "disabled";
+      subscriptions: Array<string>;
+      url: string;
+    } | null, Name>;
+    groupWebhookEndpointList: FunctionReference<"query", "internal", {
+      connectionId: string;
+    }, Array<{
+      _creationTime: number;
+      _id: string;
+      connectionId: string;
+      createdByUserId?: string;
+      extend?: any;
+      failureCount: number;
+      groupId: string;
+      lastFailureAt?: number;
+      lastSuccessAt?: number;
+      secretHash: string;
+      status: "active" | "disabled";
+      subscriptions: Array<string>;
+      url: string;
+    }>, Name>;
+    groupWebhookEndpointUpdate: FunctionReference<"mutation", "internal", {
+      data: any;
+      endpointId: string;
+    }, null, Name>;
     identity: {
       accounts: {
         accountDelete: FunctionReference<"mutation", "internal", {
@@ -1831,6 +1309,17 @@ type ComponentApi<Name extends string | undefined = string | undefined> = {
           expirationTime: number;
           userId: string;
         } | null, Name>;
+        sessionIssue: FunctionReference<"mutation", "internal", {
+          refreshTokenExpirationTime?: number;
+          replaceSessionId?: string;
+          sessionExpirationTime: number;
+          sessionId?: string;
+          userId: string;
+        }, {
+          refreshTokenId?: string;
+          sessionId: string;
+          userId: string;
+        }, Name>;
         sessionList: FunctionReference<"query", "internal", {
           cursor?: string | null;
           limit?: number;
@@ -1865,6 +1354,17 @@ type ComponentApi<Name extends string | undefined = string | undefined> = {
         refreshTokenDeleteAll: FunctionReference<"mutation", "internal", {
           sessionId: string;
         }, null, Name>;
+        refreshTokenExchange: FunctionReference<"mutation", "internal", {
+          now: number;
+          refreshTokenExpirationTime: number;
+          refreshTokenId: string;
+          reuseWindowMs: number;
+          sessionId: string;
+        }, {
+          refreshTokenId: string;
+          sessionId: string;
+          userId: string;
+        } | null, Name>;
         refreshTokenGetActive: FunctionReference<"query", "internal", {
           sessionId: string;
         }, {
@@ -1998,6 +1498,7 @@ type ComponentApi<Name extends string | undefined = string | undefined> = {
       verifiers: {
         verifierCreate: FunctionReference<"mutation", "internal", {
           sessionId?: string;
+          signature?: string;
         }, string, Name>;
         verifierDelete: FunctionReference<"mutation", "internal", {
           verifierId: string;
@@ -2423,6 +1924,17 @@ type ComponentApi<Name extends string | undefined = string | undefined> = {
     refreshTokenDeleteAll: FunctionReference<"mutation", "internal", {
       sessionId: string;
     }, null, Name>;
+    refreshTokenExchange: FunctionReference<"mutation", "internal", {
+      now: number;
+      refreshTokenExpirationTime: number;
+      refreshTokenId: string;
+      reuseWindowMs: number;
+      sessionId: string;
+    }, {
+      refreshTokenId: string;
+      sessionId: string;
+      userId: string;
+    } | null, Name>;
     refreshTokenGetActive: FunctionReference<"query", "internal", {
       sessionId: string;
     }, {
@@ -2460,214 +1972,657 @@ type ComponentApi<Name extends string | undefined = string | undefined> = {
       _creationTime: number;
       _id: string;
       expirationTime: number;
-      firstUsedTime?: number;
-      parentRefreshTokenId?: string;
-      sessionId: string;
+      firstUsedTime?: number;
+      parentRefreshTokenId?: string;
+      sessionId: string;
+    }>, Name>;
+    refreshTokenPatch: FunctionReference<"mutation", "internal", {
+      data: any;
+      refreshTokenId: string;
+    }, null, Name>;
+    security: {
+      keys: {
+        keyDelete: FunctionReference<"mutation", "internal", {
+          keyId: string;
+        }, null, Name>;
+        keyGetByHashedKey: FunctionReference<"query", "internal", {
+          hashedKey: string;
+        }, {
+          _creationTime: number;
+          _id: string;
+          createdAt: number;
+          expiresAt?: number;
+          hashedKey: string;
+          lastUsedAt?: number;
+          metadata?: any;
+          name: string;
+          prefix: string;
+          rateLimit?: {
+            maxRequests: number;
+            windowMs: number;
+          };
+          rateLimitState?: {
+            attemptsLeft: number;
+            lastAttemptTime: number;
+          };
+          revoked: boolean;
+          scopes: Array<{
+            actions: Array<string>;
+            resource: string;
+          }>;
+          userId: string;
+        } | null, Name>;
+        keyGetById: FunctionReference<"query", "internal", {
+          keyId: string;
+        }, {
+          _creationTime: number;
+          _id: string;
+          createdAt: number;
+          expiresAt?: number;
+          hashedKey: string;
+          lastUsedAt?: number;
+          metadata?: any;
+          name: string;
+          prefix: string;
+          rateLimit?: {
+            maxRequests: number;
+            windowMs: number;
+          };
+          rateLimitState?: {
+            attemptsLeft: number;
+            lastAttemptTime: number;
+          };
+          revoked: boolean;
+          scopes: Array<{
+            actions: Array<string>;
+            resource: string;
+          }>;
+          userId: string;
+        } | null, Name>;
+        keyInsert: FunctionReference<"mutation", "internal", {
+          expiresAt?: number;
+          hashedKey: string;
+          metadata?: any;
+          name: string;
+          prefix: string;
+          rateLimit?: {
+            maxRequests: number;
+            windowMs: number;
+          };
+          scopes: Array<{
+            actions: Array<string>;
+            resource: string;
+          }>;
+          userId: string;
+        }, string, Name>;
+        keyList: FunctionReference<"query", "internal", {
+          cursor?: string | null;
+          limit?: number;
+          order?: "asc" | "desc";
+          orderBy?: "_creationTime" | "name" | "lastUsedAt" | "expiresAt" | "revoked";
+          where?: {
+            name?: string;
+            prefix?: string;
+            revoked?: boolean;
+            userId?: string;
+          };
+        }, {
+          items: Array<{
+            _creationTime: number;
+            _id: string;
+            createdAt: number;
+            expiresAt?: number;
+            hashedKey: string;
+            lastUsedAt?: number;
+            metadata?: any;
+            name: string;
+            prefix: string;
+            rateLimit?: {
+              maxRequests: number;
+              windowMs: number;
+            };
+            rateLimitState?: {
+              attemptsLeft: number;
+              lastAttemptTime: number;
+            };
+            revoked: boolean;
+            scopes: Array<{
+              actions: Array<string>;
+              resource: string;
+            }>;
+            userId: string;
+          }>;
+          nextCursor: string | null;
+        }, Name>;
+        keyPatch: FunctionReference<"mutation", "internal", {
+          data: {
+            lastUsedAt?: number;
+            name?: string;
+            rateLimit?: {
+              maxRequests: number;
+              windowMs: number;
+            };
+            rateLimitState?: {
+              attemptsLeft: number;
+              lastAttemptTime: number;
+            };
+            revoked?: boolean;
+            scopes?: Array<{
+              actions: Array<string>;
+              resource: string;
+            }>;
+          };
+          keyId: string;
+        }, null, Name>;
+      };
+      limits: {
+        rateLimitCreate: FunctionReference<"mutation", "internal", {
+          attemptsLeft: number;
+          identifier: string;
+          lastAttemptTime: number;
+        }, string, Name>;
+        rateLimitDelete: FunctionReference<"mutation", "internal", {
+          rateLimitId: string;
+        }, null, Name>;
+        rateLimitGet: FunctionReference<"query", "internal", {
+          identifier: string;
+        }, {
+          _creationTime: number;
+          _id: string;
+          attemptsLeft: number;
+          attempts_left: number;
+          identifier: string;
+          lastAttemptTime: number;
+          last_attempt_time: number;
+        } | null, Name>;
+        rateLimitPatch: FunctionReference<"mutation", "internal", {
+          data: any;
+          rateLimitId: string;
+        }, null, Name>;
+      };
+    };
+    sessionCreate: FunctionReference<"mutation", "internal", {
+      expirationTime: number;
+      userId: string;
+    }, string, Name>;
+    sessionDelete: FunctionReference<"mutation", "internal", {
+      sessionId: string;
+    }, null, Name>;
+    sessionGetById: FunctionReference<"query", "internal", {
+      sessionId: string;
+    }, {
+      _creationTime: number;
+      _id: string;
+      expirationTime: number;
+      userId: string;
+    } | null, Name>;
+    sessionIssue: FunctionReference<"mutation", "internal", {
+      refreshTokenExpirationTime?: number;
+      replaceSessionId?: string;
+      sessionExpirationTime: number;
+      sessionId?: string;
+      userId: string;
+    }, {
+      refreshTokenId?: string;
+      sessionId: string;
+      userId: string;
+    }, Name>;
+    sessionList: FunctionReference<"query", "internal", {
+      cursor?: string | null;
+      limit?: number;
+      order?: "asc" | "desc";
+      where?: {
+        userId?: string;
+      };
+    }, {
+      items: Array<{
+        _creationTime: number;
+        _id: string;
+        expirationTime: number;
+        userId: string;
+      }>;
+      nextCursor: string | null;
+    }, Name>;
+    sessionListByUser: FunctionReference<"query", "internal", {
+      userId: string;
+    }, Array<{
+      _creationTime: number;
+      _id: string;
+      expirationTime: number;
+      userId: string;
     }>, Name>;
-    refreshTokenPatch: FunctionReference<"mutation", "internal", {
-      data: any;
-      refreshTokenId: string;
-    }, null, Name>;
-    security: {
-      keys: {
-        keyDelete: FunctionReference<"mutation", "internal", {
-          keyId: string;
+    sso: {
+      audit: {
+        groupAuditEventCreate: FunctionReference<"mutation", "internal", {
+          actorId?: string;
+          actorType: "user" | "system" | "scim" | "api_key" | "webhook";
+          connectionId?: string;
+          eventType: string;
+          groupId: string;
+          ip?: string;
+          metadata?: any;
+          occurredAt: number;
+          requestId?: string;
+          status: "success" | "failure";
+          subjectId?: string;
+          subjectType: string;
+        }, string, Name>;
+        groupAuditEventList: FunctionReference<"query", "internal", {
+          connectionId?: string;
+          groupId?: string;
+          limit?: number;
+        }, Array<{
+          _creationTime: number;
+          _id: string;
+          actorId?: string;
+          actorType: "user" | "system" | "scim" | "api_key" | "webhook";
+          connectionId?: string;
+          eventType: string;
+          groupId: string;
+          ip?: string;
+          metadata?: any;
+          occurredAt: number;
+          requestId?: string;
+          status: "success" | "failure";
+          subjectId?: string;
+          subjectType: string;
+        }>, Name>;
+      };
+      core: {
+        groupConnectionCreate: FunctionReference<"mutation", "internal", {
+          config?: any;
+          extend?: any;
+          groupId: string;
+          name?: string;
+          protocol: "oidc" | "saml";
+          slug?: string;
+          status?: "draft" | "active" | "disabled";
+        }, string, Name>;
+        groupConnectionDelete: FunctionReference<"mutation", "internal", {
+          connectionId: string;
         }, null, Name>;
-        keyGetByHashedKey: FunctionReference<"query", "internal", {
-          hashedKey: string;
+        groupConnectionGet: FunctionReference<"query", "internal", {
+          connectionId: string;
         }, {
           _creationTime: number;
           _id: string;
-          createdAt: number;
-          expiresAt?: number;
-          hashedKey: string;
-          lastUsedAt?: number;
-          metadata?: any;
-          name: string;
-          prefix: string;
-          rateLimit?: {
-            maxRequests: number;
-            windowMs: number;
+          config?: any;
+          extend?: any;
+          groupId: string;
+          name?: string;
+          protocol: "oidc" | "saml";
+          slug?: string;
+          status: "draft" | "active" | "disabled";
+        } | null, Name>;
+        groupConnectionGetByDomain: FunctionReference<"query", "internal", {
+          domain: string;
+        }, {
+          connection: {
+            _creationTime: number;
+            _id: string;
+            config?: any;
+            extend?: any;
+            groupId: string;
+            name?: string;
+            protocol: "oidc" | "saml";
+            slug?: string;
+            status: "draft" | "active" | "disabled";
           };
-          rateLimitState?: {
-            attemptsLeft: number;
-            lastAttemptTime: number;
+          domain: {
+            _creationTime: number;
+            _id: string;
+            connectionId: string;
+            domain: string;
+            groupId: string;
+            isPrimary: boolean;
+            verifiedAt?: number;
           };
-          revoked: boolean;
-          scopes: Array<{
-            actions: Array<string>;
-            resource: string;
+        } | null, Name>;
+        groupConnectionList: FunctionReference<"query", "internal", {
+          cursor?: string | null;
+          limit?: number;
+          order?: "asc" | "desc";
+          orderBy?: "_creationTime" | "name" | "slug" | "status";
+          where?: {
+            groupId?: string;
+            slug?: string;
+            status?: "draft" | "active" | "disabled";
+          };
+        }, {
+          items: Array<{
+            _creationTime: number;
+            _id: string;
+            config?: any;
+            extend?: any;
+            groupId: string;
+            name?: string;
+            protocol: "oidc" | "saml";
+            slug?: string;
+            status: "draft" | "active" | "disabled";
           }>;
+          nextCursor: string | null;
+        }, Name>;
+        groupConnectionUpdate: FunctionReference<"mutation", "internal", {
+          connectionId: string;
+          data: any;
+        }, null, Name>;
+      };
+      domains: {
+        groupConnectionDomainAdd: FunctionReference<"mutation", "internal", {
+          connectionId: string;
+          domain: string;
+          groupId: string;
+          isPrimary?: boolean;
+        }, string, Name>;
+        groupConnectionDomainDelete: FunctionReference<"mutation", "internal", {
+          domainId: string;
+        }, null, Name>;
+        groupConnectionDomainList: FunctionReference<"query", "internal", {
+          connectionId: string;
+        }, Array<{
+          _creationTime: number;
+          _id: string;
+          connectionId: string;
+          domain: string;
+          groupId: string;
+          isPrimary: boolean;
+          verifiedAt?: number;
+        }>, Name>;
+        groupConnectionDomainVerificationDelete: FunctionReference<"mutation", "internal", {
+          domainId: string;
+        }, null, Name>;
+        groupConnectionDomainVerificationGet: FunctionReference<"query", "internal", {
+          domainId: string;
+        }, {
+          _creationTime: number;
+          _id: string;
+          connectionId: string;
+          domain: string;
+          domainId: string;
+          expiresAt: number;
+          groupId: string;
+          recordName: string;
+          requestedAt: number;
+          token: string;
+          tokenHash: string;
+        } | null, Name>;
+        groupConnectionDomainVerificationUpsert: FunctionReference<"mutation", "internal", {
+          connectionId: string;
+          domain: string;
+          domainId: string;
+          expiresAt: number;
+          groupId: string;
+          recordName: string;
+          requestedAt: number;
+          token: string;
+          tokenHash: string;
+        }, string, Name>;
+        groupConnectionDomainVerify: FunctionReference<"mutation", "internal", {
+          domainId: string;
+          verifiedAt: number;
+        }, {
+          _creationTime: number;
+          _id: string;
+          connectionId: string;
+          domain: string;
+          groupId: string;
+          isPrimary: boolean;
+          verifiedAt?: number;
+        }, Name>;
+      };
+      scim: {
+        groupConnectionScimConfigGetByGroupConnection: FunctionReference<"query", "internal", {
+          connectionId: string;
+        }, {
+          _creationTime: number;
+          _id: string;
+          basePath: string;
+          connectionId: string;
+          extend?: any;
+          groupId: string;
+          lastRotatedAt?: number;
+          status: "draft" | "active" | "disabled";
+          tokenHash: string;
+        } | null, Name>;
+        groupConnectionScimConfigGetByTokenHash: FunctionReference<"query", "internal", {
+          tokenHash: string;
+        }, {
+          _creationTime: number;
+          _id: string;
+          basePath: string;
+          connectionId: string;
+          extend?: any;
+          groupId: string;
+          lastRotatedAt?: number;
+          status: "draft" | "active" | "disabled";
+          tokenHash: string;
+        } | null, Name>;
+        groupConnectionScimConfigUpsert: FunctionReference<"mutation", "internal", {
+          basePath: string;
+          connectionId: string;
+          extend?: any;
+          groupId: string;
+          lastRotatedAt?: number;
+          status: "draft" | "active" | "disabled";
+          tokenHash: string;
+        }, string, Name>;
+        groupConnectionScimIdentityDelete: FunctionReference<"mutation", "internal", {
+          identityId: string;
+        }, null, Name>;
+        groupConnectionScimIdentityGet: FunctionReference<"query", "internal", {
+          connectionId: string;
+          externalId: string;
+          resourceType: "user" | "group";
+        }, {
+          _creationTime: number;
+          _id: string;
+          active?: boolean;
+          connectionId: string;
+          externalId: string;
+          groupId: string;
+          lastProvisionedAt?: number;
+          mappedGroupId?: string;
+          raw?: any;
+          resourceType: "user" | "group";
+          userId?: string;
+        } | null, Name>;
+        groupConnectionScimIdentityGetByGroupConnectionAndUser: FunctionReference<"query", "internal", {
+          connectionId: string;
+          userId: string;
+        }, {
+          _creationTime: number;
+          _id: string;
+          active?: boolean;
+          connectionId: string;
+          externalId: string;
+          groupId: string;
+          lastProvisionedAt?: number;
+          mappedGroupId?: string;
+          raw?: any;
+          resourceType: "user" | "group";
+          userId?: string;
+        } | null, Name>;
+        groupConnectionScimIdentityGetByMappedGroup: FunctionReference<"query", "internal", {
+          mappedGroupId: string;
+        }, {
+          _creationTime: number;
+          _id: string;
+          active?: boolean;
+          connectionId: string;
+          externalId: string;
+          groupId: string;
+          lastProvisionedAt?: number;
+          mappedGroupId?: string;
+          raw?: any;
+          resourceType: "user" | "group";
+          userId?: string;
+        } | null, Name>;
+        groupConnectionScimIdentityGetByUser: FunctionReference<"query", "internal", {
           userId: string;
+        }, {
+          _creationTime: number;
+          _id: string;
+          active?: boolean;
+          connectionId: string;
+          externalId: string;
+          groupId: string;
+          lastProvisionedAt?: number;
+          mappedGroupId?: string;
+          raw?: any;
+          resourceType: "user" | "group";
+          userId?: string;
         } | null, Name>;
-        keyGetById: FunctionReference<"query", "internal", {
-          keyId: string;
+        groupConnectionScimIdentityListByGroupConnection: FunctionReference<"query", "internal", {
+          connectionId: string;
+        }, Array<{
+          _creationTime: number;
+          _id: string;
+          active?: boolean;
+          connectionId: string;
+          externalId: string;
+          groupId: string;
+          lastProvisionedAt?: number;
+          mappedGroupId?: string;
+          raw?: any;
+          resourceType: "user" | "group";
+          userId?: string;
+        }>, Name>;
+        groupConnectionScimIdentityUpsert: FunctionReference<"mutation", "internal", {
+          active?: boolean;
+          connectionId: string;
+          externalId: string;
+          groupId: string;
+          lastProvisionedAt?: number;
+          mappedGroupId?: string;
+          raw?: any;
+          resourceType: "user" | "group";
+          userId?: string;
+        }, string, Name>;
+      };
+      secrets: {
+        groupConnectionSecretDelete: FunctionReference<"mutation", "internal", {
+          connectionId: string;
+          kind: "oidc_client_secret";
+        }, null, Name>;
+        groupConnectionSecretGet: FunctionReference<"query", "internal", {
+          connectionId: string;
+          kind: "oidc_client_secret";
         }, {
           _creationTime: number;
           _id: string;
-          createdAt: number;
-          expiresAt?: number;
-          hashedKey: string;
-          lastUsedAt?: number;
-          metadata?: any;
-          name: string;
-          prefix: string;
-          rateLimit?: {
-            maxRequests: number;
-            windowMs: number;
-          };
-          rateLimitState?: {
-            attemptsLeft: number;
-            lastAttemptTime: number;
-          };
-          revoked: boolean;
-          scopes: Array<{
-            actions: Array<string>;
-            resource: string;
-          }>;
-          userId: string;
+          ciphertext: string;
+          connectionId: string;
+          groupId: string;
+          kind: "oidc_client_secret";
+          updatedAt: number;
         } | null, Name>;
-        keyInsert: FunctionReference<"mutation", "internal", {
-          expiresAt?: number;
-          hashedKey: string;
-          metadata?: any;
-          name: string;
-          prefix: string;
-          rateLimit?: {
-            maxRequests: number;
-            windowMs: number;
-          };
-          scopes: Array<{
-            actions: Array<string>;
-            resource: string;
-          }>;
-          userId: string;
+        groupConnectionSecretUpsert: FunctionReference<"mutation", "internal", {
+          ciphertext: string;
+          connectionId: string;
+          groupId: string;
+          kind: "oidc_client_secret";
+          updatedAt: number;
         }, string, Name>;
-        keyList: FunctionReference<"query", "internal", {
-          cursor?: string | null;
-          limit?: number;
-          order?: "asc" | "desc";
-          orderBy?: "_creationTime" | "name" | "lastUsedAt" | "expiresAt" | "revoked";
-          where?: {
-            name?: string;
-            prefix?: string;
-            revoked?: boolean;
-            userId?: string;
-          };
-        }, {
-          items: Array<{
-            _creationTime: number;
-            _id: string;
-            createdAt: number;
-            expiresAt?: number;
-            hashedKey: string;
-            lastUsedAt?: number;
-            metadata?: any;
-            name: string;
-            prefix: string;
-            rateLimit?: {
-              maxRequests: number;
-              windowMs: number;
-            };
-            rateLimitState?: {
-              attemptsLeft: number;
-              lastAttemptTime: number;
-            };
-            revoked: boolean;
-            scopes: Array<{
-              actions: Array<string>;
-              resource: string;
-            }>;
-            userId: string;
-          }>;
-          nextCursor: string | null;
-        }, Name>;
-        keyPatch: FunctionReference<"mutation", "internal", {
-          data: {
-            lastUsedAt?: number;
-            name?: string;
-            rateLimit?: {
-              maxRequests: number;
-              windowMs: number;
-            };
-            rateLimitState?: {
-              attemptsLeft: number;
-              lastAttemptTime: number;
-            };
-            revoked?: boolean;
-            scopes?: Array<{
-              actions: Array<string>;
-              resource: string;
-            }>;
-          };
-          keyId: string;
-        }, null, Name>;
       };
-      limits: {
-        rateLimitCreate: FunctionReference<"mutation", "internal", {
-          attemptsLeft: number;
-          identifier: string;
-          lastAttemptTime: number;
+      webhooks: {
+        groupWebhookDeliveryEnqueue: FunctionReference<"mutation", "internal", {
+          auditEventId?: string;
+          connectionId: string;
+          endpointId: string;
+          eventType: string;
+          nextAttemptAt: number;
+          payload: any;
         }, string, Name>;
-        rateLimitDelete: FunctionReference<"mutation", "internal", {
-          rateLimitId: string;
+        groupWebhookDeliveryList: FunctionReference<"query", "internal", {
+          connectionId: string;
+          limit?: number;
+        }, Array<{
+          _creationTime: number;
+          _id: string;
+          attemptCount: number;
+          auditEventId?: string;
+          connectionId: string;
+          endpointId: string;
+          eventType: string;
+          lastAttemptAt?: number;
+          lastError?: string;
+          lastResponseStatus?: number;
+          nextAttemptAt: number;
+          payload: any;
+          status: "pending" | "processing" | "delivered" | "failed";
+        }>, Name>;
+        groupWebhookDeliveryListReady: FunctionReference<"query", "internal", {
+          limit?: number;
+          now: number;
+        }, Array<{
+          _creationTime: number;
+          _id: string;
+          attemptCount: number;
+          auditEventId?: string;
+          connectionId: string;
+          endpointId: string;
+          eventType: string;
+          lastAttemptAt?: number;
+          lastError?: string;
+          lastResponseStatus?: number;
+          nextAttemptAt: number;
+          payload: any;
+          status: "pending" | "processing" | "delivered" | "failed";
+        }>, Name>;
+        groupWebhookDeliveryPatch: FunctionReference<"mutation", "internal", {
+          data: any;
+          deliveryId: string;
         }, null, Name>;
-        rateLimitGet: FunctionReference<"query", "internal", {
-          identifier: string;
+        groupWebhookEndpointCreate: FunctionReference<"mutation", "internal", {
+          connectionId: string;
+          createdByUserId?: string;
+          extend?: any;
+          groupId: string;
+          secretHash: string;
+          status?: "active" | "disabled";
+          subscriptions: Array<string>;
+          url: string;
+        }, string, Name>;
+        groupWebhookEndpointGet: FunctionReference<"query", "internal", {
+          endpointId: string;
         }, {
           _creationTime: number;
           _id: string;
-          attemptsLeft: number;
-          attempts_left: number;
-          identifier: string;
-          lastAttemptTime: number;
-          last_attempt_time: number;
+          connectionId: string;
+          createdByUserId?: string;
+          extend?: any;
+          failureCount: number;
+          groupId: string;
+          lastFailureAt?: number;
+          lastSuccessAt?: number;
+          secretHash: string;
+          status: "active" | "disabled";
+          subscriptions: Array<string>;
+          url: string;
         } | null, Name>;
-        rateLimitPatch: FunctionReference<"mutation", "internal", {
+        groupWebhookEndpointList: FunctionReference<"query", "internal", {
+          connectionId: string;
+        }, Array<{
+          _creationTime: number;
+          _id: string;
+          connectionId: string;
+          createdByUserId?: string;
+          extend?: any;
+          failureCount: number;
+          groupId: string;
+          lastFailureAt?: number;
+          lastSuccessAt?: number;
+          secretHash: string;
+          status: "active" | "disabled";
+          subscriptions: Array<string>;
+          url: string;
+        }>, Name>;
+        groupWebhookEndpointUpdate: FunctionReference<"mutation", "internal", {
           data: any;
-          rateLimitId: string;
+          endpointId: string;
         }, null, Name>;
       };
     };
-    sessionCreate: FunctionReference<"mutation", "internal", {
-      expirationTime: number;
-      userId: string;
-    }, string, Name>;
-    sessionDelete: FunctionReference<"mutation", "internal", {
-      sessionId: string;
-    }, null, Name>;
-    sessionGetById: FunctionReference<"query", "internal", {
-      sessionId: string;
-    }, {
-      _creationTime: number;
-      _id: string;
-      expirationTime: number;
-      userId: string;
-    } | null, Name>;
-    sessionList: FunctionReference<"query", "internal", {
-      cursor?: string | null;
-      limit?: number;
-      order?: "asc" | "desc";
-      where?: {
-        userId?: string;
-      };
-    }, {
-      items: Array<{
-        _creationTime: number;
-        _id: string;
-        expirationTime: number;
-        userId: string;
-      }>;
-      nextCursor: string | null;
-    }, Name>;
-    sessionListByUser: FunctionReference<"query", "internal", {
-      userId: string;
-    }, Array<{
-      _creationTime: number;
-      _id: string;
-      expirationTime: number;
-      userId: string;
-    }>, Name>;
     totpDelete: FunctionReference<"mutation", "internal", {
       totpId: string;
     }, null, Name>;
@@ -2852,6 +2807,7 @@ type ComponentApi<Name extends string | undefined = string | undefined> = {
     } | null, Name>;
     verifierCreate: FunctionReference<"mutation", "internal", {
       sessionId?: string;
+      signature?: string;
     }, string, Name>;
     verifierDelete: FunctionReference<"mutation", "internal", {
       verifierId: string;