@workos-inc/node 8.13.0 → 9.1.0

package/lib/{workos-CESKLr5j.d.mts → workos-DhbLRXvR.d.mts}

@@ -127,15 +127,25 @@ type DirectoryType = 'azure scim v2.0' | 'bamboohr' | 'breathe hr' | 'cezanne hr
 type DirectoryState = 'active' | 'deleting' | 'inactive' | 'invalid_credentials' | 'validating';
 type DirectoryStateResponse = 'deleting' | 'invalid_credentials' | 'linked' | 'unlinked' | 'validating';
 interface Directory {
+  /** Distinguishes the Directory object. */
   object: 'directory';
+  /** Unique identifier for the Directory. */
   id: string;
+  /** The URL associated with an Enterprise Client. */
   domain: string;
+  /** External Key for the Directory. */
   externalKey: string;
+  /** The name of the directory. */
   name: string;
+  /** The unique identifier for the Organization in which the directory resides. */
   organizationId?: string;
+  /** Describes whether the Directory has been successfully connected to an external provider. */
   state: DirectoryState;
+  /** The type of external Directory Provider integrated with. */
   type: DirectoryType;
+  /** An ISO 8601 timestamp. */
   createdAt: string;
+  /** An ISO 8601 timestamp. */
   updatedAt: string;
 }
 interface DirectoryResponse {
@@ -212,7 +222,9 @@ interface PaginationOptions {
 //#endregion
 //#region src/directory-sync/interfaces/list-directories-options.interface.d.ts
 interface ListDirectoriesOptions extends PaginationOptions {
+  /** Filter Directories by their associated organization. */
   organizationId?: string;
+  /** Searchable text to match against Directory names. */
   search?: string;
 }
 interface SerializedListDirectoriesOptions extends PaginationOptions {
@@ -376,22 +388,6 @@ interface PermissionResponse {
   created_at: string;
   updated_at: string;
 }
-interface PermissionList {
-  object: 'list';
-  data: Permission[];
-  listMetadata: {
-    before: string | null;
-    after: string | null;
-  };
-}
-interface PermissionListResponse {
-  object: 'list';
-  data: PermissionResponse[];
-  list_metadata: {
-    before: string | null;
-    after: string | null;
-  };
-}
 //#endregion
 //#region src/authorization/interfaces/create-permission-options.interface.d.ts
 interface CreatePermissionOptions {
@@ -422,15 +418,25 @@ type ListPermissionsOptions = PaginationOptions;
 //#endregion
 //#region src/authorization/interfaces/authorization-resource.interface.d.ts
 interface AuthorizationResource {
+  /** Distinguishes the Resource object. */
   object: 'authorization_resource';
+  /** The unique ID of the Resource. */
   id: string;
+  /** An identifier you provide to reference the resource in your system. */
   externalId: string;
+  /** A human-readable name for the Resource. */
   name: string;
+  /** An optional description of the Resource. */
   description: string | null;
+  /** The slug of the resource type this resource belongs to. */
   resourceTypeSlug: string;
+  /** The ID of the organization that owns the resource. */
   organizationId: string;
+  /** The ID of the parent resource, if this resource is nested. */
   parentResourceId: string | null;
+  /** An ISO 8601 timestamp. */
   createdAt: string;
+  /** An ISO 8601 timestamp. */
   updatedAt: string;
 }
 interface AuthorizationResourceResponse {
@@ -479,22 +485,6 @@ interface SerializedUpdateAuthorizationResourceOptions {
   name?: string;
   description?: string | null;
 }
-interface AuthorizationResourceList {
-  object: 'list';
-  data: AuthorizationResource[];
-  listMetadata: {
-    before: string | null;
-    after: string | null;
-  };
-}
-interface AuthorizationResourceListResponse {
-  object: 'list';
-  data: AuthorizationResourceResponse[];
-  list_metadata: {
-    before: string | null;
-    after: string | null;
-  };
-}
 //#endregion
 //#region src/authorization/interfaces/list-authorization-resources-options.interface.d.ts
 interface ListAuthorizationResourcesOptions extends PaginationOptions {
@@ -594,7 +584,9 @@ interface SerializedListResourcesForMembershipOptions extends PaginationOptions
 //#region src/authorization/interfaces/list-memberships-for-resource-options.interface.d.ts
 interface ListMembershipsForResourceOptions extends PaginationOptions {
   resourceId: string;
+  /** The permission slug to filter by. Only users with this permission on the resource are returned. */
   permissionSlug: string;
+  /** Filter by assignment type. Use `direct` for direct assignments only, or `indirect` to include inherited assignments. */
   assignment?: 'direct' | 'indirect';
 }
 //#endregion
@@ -622,11 +614,17 @@ interface RoleAssignmentResourceResponse {
   resource_type_slug: string;
 }
 interface RoleAssignment {
+  /** Distinguishes the role assignment object. */
   object: 'role_assignment';
+  /** Unique identifier of the role assignment. */
   id: string;
+  /** The role included in the assignment. */
   role: RoleAssignmentRole;
+  /** The resource to which the role is assigned. */
   resource: RoleAssignmentResource;
+  /** An ISO 8601 timestamp. */
   createdAt: string;
+  /** An ISO 8601 timestamp. */
   updatedAt: string;
 }
 interface RoleAssignmentResponse {
@@ -637,22 +635,6 @@ interface RoleAssignmentResponse {
   created_at: string;
   updated_at: string;
 }
-interface RoleAssignmentList {
-  object: 'list';
-  data: RoleAssignment[];
-  listMetadata: {
-    before: string | null;
-    after: string | null;
-  };
-}
-interface RoleAssignmentListResponse {
-  object: 'list';
-  data: RoleAssignmentResponse[];
-  list_metadata: {
-    before: string | null;
-    after: string | null;
-  };
-}
 //#endregion
 //#region src/authorization/interfaces/list-role-assignments-options.interface.d.ts
 interface ListRoleAssignmentsOptions extends PaginationOptions {
@@ -695,6 +677,20 @@ interface RemoveRoleAssignmentOptions {
   roleAssignmentId: string;
 }
 //#endregion
+//#region src/authorization/interfaces/list-effective-permissions-options.interface.d.ts
+interface ListEffectivePermissionsOptions extends PaginationOptions {
+  organizationMembershipId: string;
+  resourceId: string;
+}
+//#endregion
+//#region src/authorization/interfaces/list-effective-permissions-by-external-id-options.interface.d.ts
+interface ListEffectivePermissionsByExternalIdOptions extends PaginationOptions {
+  organizationMembershipId: string;
+  organizationId: string;
+  resourceTypeSlug: string;
+  externalId: string;
+}
+//#endregion
 //#region src/roles/interfaces/role.interface.d.ts
 interface RoleResponse {
   slug: string;
@@ -861,10 +857,12 @@ declare enum ConnectionType {
   Auth0SAML = "Auth0SAML",
   AzureSAML = "AzureSAML",
   CasSAML = "CasSAML",
+  CleverOIDC = "CleverOIDC",
   ClassLinkSAML = "ClassLinkSAML",
   CloudflareSAML = "CloudflareSAML",
   CyberArkSAML = "CyberArkSAML",
   DuoSAML = "DuoSAML",
+  EntraIdOIDC = "EntraIdOIDC",
   GenericOIDC = "GenericOIDC",
   GenericSAML = "GenericSAML",
   GitHubOAuth = "GitHubOAuth",
@@ -878,6 +876,7 @@ declare enum ConnectionType {
   MicrosoftOAuth = "MicrosoftOAuth",
   MiniOrangeSAML = "MiniOrangeSAML",
   NetIqSAML = "NetIqSAML",
+  OktaOIDC = "OktaOIDC",
   OktaSAML = "OktaSAML",
   OneLoginSAML = "OneLoginSAML",
   OracleSAML = "OracleSAML",
@@ -899,14 +898,22 @@ interface ConnectionDomain {
   domain: string;
 }
 interface Connection {
+  /** Distinguishes the Connection object. */
   object: 'connection';
+  /** Unique identifier for the Connection. */
   id: string;
+  /** Unique identifier for the Organization in which the Connection resides. */
   organizationId?: string;
+  /** A human-readable name for the Connection. This will most commonly be the organization's name. */
   name: string;
+  /** Indicates whether a Connection is able to authenticate users. */
   state: 'draft' | 'active' | 'inactive' | 'validating';
+  /** List of Organization Domains. */
   domains: ConnectionDomain[];
   type: ConnectionType;
+  /** An ISO 8601 timestamp. */
   createdAt: string;
+  /** An ISO 8601 timestamp. */
   updatedAt: string;
 }
 interface ConnectionResponse {
@@ -940,8 +947,11 @@ interface GetProfileAndTokenOptions {
 //#endregion
 //#region src/sso/interfaces/list-connections-options.interface.d.ts
 interface ListConnectionsOptions extends PaginationOptions {
+  /** Filter Connections by their type. */
   connectionType?: ConnectionType;
+  /** Filter Connections by their associated domain. */
   domain?: string;
+  /** Filter Connections by their associated organization. */
   organizationId?: string;
 }
 interface SerializedListConnectionsOptions extends PaginationOptions {
@@ -969,18 +979,31 @@ interface OauthTokensResponse {
 //#endregion
 //#region src/sso/interfaces/profile.interface.d.ts
 interface Profile<CustomAttributesType extends UnknownRecord> {
+  /** Unique identifier of the profile. */
   id: string;
+  /** The user's unique identifier from the identity provider. */
   idpId: string;
+  /** The ID of the organization the user belongs to. */
   organizationId?: string;
+  /** The ID of the SSO connection used for authentication. */
   connectionId: string;
+  /** The type of SSO connection. */
   connectionType: ConnectionType;
+  /** The user's email address. */
   email: string;
+  /** The user's first name. */
   firstName?: string;
+  /** The user's last name. */
   lastName?: string;
+  /** The role assigned to the user within the organization, if applicable. */
   role?: RoleResponse;
+  /** The roles assigned to the user within the organization, if applicable. */
   roles?: RoleResponse[];
+  /** The groups the user belongs to, as returned by the identity provider. */
   groups?: string[];
+  /** Custom attribute mappings defined for the connection, returned as key-value pairs. */
   customAttributes?: CustomAttributesType;
+  /** The complete set of raw attributes returned by the identity provider. */
   rawAttributes?: {
     [key: string]: any;
   };
@@ -1182,19 +1205,33 @@ interface ImpersonatorResponse {
 }
 //#endregion
 //#region src/user-management/interfaces/user.interface.d.ts
+/** The user object. */
 interface User {
+  /** Distinguishes the user object. */
   object: 'user';
+  /** The unique ID of the user. */
   id: string;
+  /** The email address of the user. */
   email: string;
+  /** Whether the user's email has been verified. */
   emailVerified: boolean;
+  /** A URL reference to an image representing the user. */
   profilePictureUrl: string | null;
+  /** The first name of the user. */
   firstName: string | null;
+  /** The last name of the user. */
   lastName: string | null;
+  /** The timestamp when the user last signed in. */
   lastSignInAt: string | null;
+  /** The user's preferred locale. */
   locale: string | null;
+  /** An ISO 8601 timestamp. */
   createdAt: string;
+  /** An ISO 8601 timestamp. */
   updatedAt: string;
+  /** The external ID of the user. */
   externalId: string | null;
+  /** Object containing metadata key/value pairs associated with the user. */
   metadata: Record<string, string>;
 }
 interface UserResponse {
@@ -1455,13 +1492,21 @@ interface SerializedCreateUserOptions {
 //#endregion
 //#region src/user-management/interfaces/email-verification.interface.d.ts
 interface EmailVerification {
+  /** Distinguishes the email verification object. */
   object: 'email_verification';
+  /** The unique ID of the email verification code. */
   id: string;
+  /** The unique ID of the user. */
   userId: string;
+  /** The email address of the user. */
   email: string;
+  /** The timestamp when the email verification code expires. */
   expiresAt: string;
+  /** The code used to verify the email. */
   code: string;
+  /** An ISO 8601 timestamp. */
   createdAt: string;
+  /** An ISO 8601 timestamp. */
   updatedAt: string;
 }
 interface EmailVerificationEvent {
@@ -1508,7 +1553,7 @@ interface SerializedEnrollUserInMfaFactorOptions {
   totp_secret?: string;
 }
 //#endregion
-//#region src/mfa/interfaces/totp.interface.d.ts
+//#region src/multi-factor-auth/interfaces/totp.interface.d.ts
 interface Totp {
   issuer: string;
   user: string;
@@ -1572,27 +1617,38 @@ interface Identity {
   type: 'OAuth';
   provider: 'AppleOAuth' | 'GoogleOAuth' | 'GitHubOAuth' | 'MicrosoftOAuth' | 'SalesforceOAuth';
 }
-interface IdentityResponse {
-  idp_id: string;
-  type: 'OAuth';
-  provider: 'AppleOAuth' | 'GoogleOAuth' | 'GitHubOAuth' | 'MicrosoftOAuth' | 'SalesforceOAuth';
-}
 //#endregion
 //#region src/user-management/interfaces/invitation.interface.d.ts
 interface Invitation {
+  /** Distinguishes the invitation object. */
   object: 'invitation';
+  /** The unique ID of the invitation. */
   id: string;
+  /** The email address of the recipient. */
   email: string;
+  /** The state of the invitation. */
   state: 'pending' | 'accepted' | 'expired' | 'revoked';
+  /** The timestamp when the invitation was accepted, or null if not yet accepted. */
   acceptedAt: string | null;
+  /** The timestamp when the invitation was revoked, or null if not revoked. */
   revokedAt: string | null;
+  /** The timestamp when the invitation expires. */
   expiresAt: string;
+  /** The ID of the [organization](https://workos.com/docs/reference/organization) that the recipient will join. */
   organizationId: string | null;
+  /** The ID of the user who invited the recipient, if provided. */
   inviterUserId: string | null;
+  /** The ID of the user who accepted the invitation, once accepted. */
   acceptedUserId: string | null;
+  /** Slug of the role the invitee will be assigned on acceptance. Reflects the current role on the pending organization membership, which may change before acceptance. null when the invitation has no associated organization. */
+  roleSlug: string | null;
+  /** The token used to accept the invitation. */
   token: string;
+  /** The URL where the recipient can accept the invitation. */
   acceptInvitationUrl: string;
+  /** An ISO 8601 timestamp. */
   createdAt: string;
+  /** An ISO 8601 timestamp. */
   updatedAt: string;
 }
 interface InvitationEvent {
@@ -1606,6 +1662,7 @@ interface InvitationEvent {
   organizationId: string | null;
   inviterUserId: string | null;
   acceptedUserId: string | null;
+  roleSlug: string | null;
   createdAt: string;
   updatedAt: string;
 }
@@ -1620,6 +1677,7 @@ interface InvitationResponse {
   organization_id: string | null;
   inviter_user_id: string | null;
   accepted_user_id: string | null;
+  role_slug: string | null;
   token: string;
   accept_invitation_url: string;
   created_at: string;
@@ -1636,6 +1694,7 @@ interface InvitationEventResponse {
   organization_id: string | null;
   inviter_user_id: string | null;
   accepted_user_id: string | null;
+  role_slug: string | null;
   created_at: string;
   updated_at: string;
 }
@@ -1645,9 +1704,16 @@ interface ListAuthFactorsOptions extends PaginationOptions {
   userId: string;
 }
 //#endregion
+//#region src/user-management/interfaces/list-groups-for-organization-membership-options.interface.d.ts
+interface ListGroupsForOrganizationMembershipOptions extends PaginationOptions {
+  organizationMembershipId: string;
+}
+//#endregion
 //#region src/user-management/interfaces/list-invitations-options.interface.d.ts
 interface ListInvitationsOptions extends PaginationOptions {
+  /** The ID of the [organization](https://workos.com/docs/reference/organization) that the recipient will join. */
   organizationId?: string;
+  /** The email address of the recipient. */
   email?: string;
 }
 interface SerializedListInvitationsOptions extends PaginationOptions {
@@ -1669,7 +1735,9 @@ interface BaseOrganizationMembership {
   customAttributes: Record<string, unknown>;
 }
 interface OrganizationMembership extends BaseOrganizationMembership {
+  /** The name of the organization which the user belongs to. */
   organizationName: string;
+  /** The primary role assigned to the user within the organization. */
   role: RoleResponse;
   roles?: RoleResponse[];
 }
@@ -1691,22 +1759,6 @@ interface OrganizationMembershipResponse extends BaseOrganizationMembershipRespo
   roles?: RoleResponse[];
 }
 type AuthorizationOrganizationMembershipResponse = BaseOrganizationMembershipResponse;
-interface AuthorizationOrganizationMembershipList {
-  object: 'list';
-  data: AuthorizationOrganizationMembership[];
-  listMetadata: {
-    before: string | null;
-    after: string | null;
-  };
-}
-interface AuthorizationOrganizationMembershipListResponse {
-  object: 'list';
-  data: AuthorizationOrganizationMembershipResponse[];
-  list_metadata: {
-    before: string | null;
-    after: string | null;
-  };
-}
 //#endregion
 //#region src/user-management/interfaces/list-organization-memberships-options.interface.d.ts
 type ListOrganizationMembershipsOptions = PaginationOptions & {
@@ -1735,7 +1787,9 @@ interface ListUserFeatureFlagsOptions extends PaginationOptions {
 //#endregion
 //#region src/user-management/interfaces/list-users-options.interface.d.ts
 interface ListUsersOptions extends PaginationOptions {
+  /** Filter users by their email address. */
   email?: string;
+  /** Filter users by the organization they are a member of. */
   organizationId?: string;
 }
 interface SerializedListUsersOptions extends PaginationOptions {
@@ -1754,13 +1808,21 @@ interface LogoutURLOptions {
 //#endregion
 //#region src/user-management/interfaces/magic-auth.interface.d.ts
 interface MagicAuth {
+  /** Distinguishes the Magic Auth object. */
   object: 'magic_auth';
+  /** The unique ID of the Magic Auth code. */
   id: string;
+  /** The unique ID of the user. */
   userId: string;
+  /** The email address of the user. */
   email: string;
+  /** The timestamp when the Magic Auth code expires. */
   expiresAt: string;
+  /** The code used to verify the Magic Auth code. */
   code: string;
+  /** An ISO 8601 timestamp. */
   createdAt: string;
+  /** An ISO 8601 timestamp. */
   updatedAt: string;
 }
 interface MagicAuthEvent {
@@ -1794,13 +1856,21 @@ interface MagicAuthEventResponse {
 //#endregion
 //#region src/user-management/interfaces/password-reset.interface.d.ts
 interface PasswordReset {
+  /** Distinguishes the password reset object. */
   object: 'password_reset';
+  /** The unique ID of the password reset object. */
   id: string;
+  /** The unique ID of the user. */
   userId: string;
+  /** The email address of the user. */
   email: string;
+  /** The token used to reset the password. */
   passwordResetToken: string;
+  /** The URL where the user can reset their password. */
   passwordResetUrl: string;
+  /** The timestamp when the password reset token expires. */
   expiresAt: string;
+  /** The timestamp when the password reset token was created. */
   createdAt: string;
 }
 interface PasswordResetEvent {
@@ -2009,15 +2079,25 @@ declare enum OrganizationDomainVerificationStrategy {
   Manual = "manual"
 }
 interface OrganizationDomain {
+  /** Distinguishes the organization domain object. */
   object: 'organization_domain';
+  /** Unique identifier of the organization domain. */
   id: string;
+  /** Domain for the organization domain. */
   domain: string;
+  /** ID of the parent Organization. */
   organizationId: string;
+  /** Verification state of the domain. */
   state: OrganizationDomainState;
+  /** Validation token to be used in DNS TXT record. */
   verificationToken?: string;
+  /** Strategy used to verify the domain. */
   verificationStrategy: OrganizationDomainVerificationStrategy;
+  /** The prefix used in DNS verification. */
   verificationPrefix?: string;
+  /** An ISO 8601 timestamp. */
   createdAt: string;
+  /** An ISO 8601 timestamp. */
   updatedAt: string;
 }
 interface OrganizationDomainResponse {
@@ -2044,18 +2124,28 @@ interface OrganizationDomainVerificationFailedResponse {
 }
 //#endregion
 //#region src/api-keys/interfaces/api-key.interface.d.ts
+/** The API Key object if the value is valid, or `null` if invalid. */
 interface ApiKey {
+  /** Distinguishes the API Key object. */
   object: 'api_key';
+  /** Unique identifier of the API Key. */
   id: string;
+  /** The entity that owns the API Key. */
   owner: {
     type: 'organization';
     id: string;
   };
+  /** A descriptive name for the API Key. */
   name: string;
+  /** An obfuscated representation of the API Key value. */
   obfuscatedValue: string;
+  /** Timestamp of when the API Key was last used. */
   lastUsedAt: string | null;
+  /** The permission slugs assigned to the API Key. */
   permissions: string[];
+  /** An ISO 8601 timestamp. */
   createdAt: string;
+  /** An ISO 8601 timestamp. */
   updatedAt: string;
 }
 interface SerializedApiKey {
@@ -2147,15 +2237,25 @@ interface EvaluationContext {
 //#endregion
 //#region src/feature-flags/interfaces/feature-flag.interface.d.ts
 interface FeatureFlag {
+  /** Distinguishes the Feature Flag object. */
   object: 'feature_flag';
+  /** Unique identifier of the Feature Flag. */
   id: string;
+  /** A descriptive name for the Feature Flag. This field does not need to be unique. */
   name: string;
+  /** A unique key to reference the Feature Flag. */
   slug: string;
+  /** A description for the Feature Flag. */
   description: string;
+  /** Labels assigned to the Feature Flag for categorizing and filtering. */
   tags: string[];
+  /** Specifies whether the Feature Flag is active for the current environment. */
   enabled: boolean;
+  /** The value returned for users and organizations who don't match any configured targeting rules. */
   defaultValue: boolean;
+  /** An ISO 8601 timestamp. */
   createdAt: string;
+  /** An ISO 8601 timestamp. */
   updatedAt: string;
 }
 interface FeatureFlagResponse {
@@ -2220,6 +2320,89 @@ interface RuntimeClientStats {
   flagCount: number;
 }
 //#endregion
+//#region src/groups/interfaces/add-group-organization-membership-options.interface.d.ts
+interface AddGroupOrganizationMembershipOptions {
+  organizationId: string;
+  groupId: string;
+  organizationMembershipId: string;
+}
+interface SerializedAddGroupOrganizationMembershipOptions {
+  organization_membership_id: string;
+}
+//#endregion
+//#region src/groups/interfaces/create-group-options.interface.d.ts
+interface CreateGroupOptions {
+  organizationId: string;
+  name: string;
+  description?: string | null;
+}
+interface SerializedCreateGroupOptions {
+  name: string;
+  description?: string | null;
+}
+//#endregion
+//#region src/groups/interfaces/delete-group-options.interface.d.ts
+interface DeleteGroupOptions {
+  organizationId: string;
+  groupId: string;
+}
+//#endregion
+//#region src/groups/interfaces/get-group-options.interface.d.ts
+interface GetGroupOptions {
+  organizationId: string;
+  groupId: string;
+}
+//#endregion
+//#region src/groups/interfaces/group.interface.d.ts
+interface Group {
+  object: 'group';
+  id: string;
+  organizationId: string;
+  name: string;
+  description: string | null;
+  createdAt: string;
+  updatedAt: string;
+}
+interface GroupResponse {
+  object: 'group';
+  id: string;
+  organization_id: string;
+  name: string;
+  description: string | null;
+  created_at: string;
+  updated_at: string;
+}
+//#endregion
+//#region src/groups/interfaces/list-group-organization-memberships-options.interface.d.ts
+interface ListGroupOrganizationMembershipsOptions extends PaginationOptions {
+  organizationId: string;
+  groupId: string;
+}
+//#endregion
+//#region src/groups/interfaces/list-groups-options.interface.d.ts
+interface ListGroupsOptions extends PaginationOptions {
+  organizationId: string;
+}
+//#endregion
+//#region src/groups/interfaces/remove-group-organization-membership-options.interface.d.ts
+interface RemoveGroupOrganizationMembershipOptions {
+  organizationId: string;
+  groupId: string;
+  organizationMembershipId: string;
+}
+//#endregion
+//#region src/groups/interfaces/update-group-options.interface.d.ts
+interface UpdateGroupOptions {
+  organizationId: string;
+  groupId: string;
+  name?: string;
+  description?: string | null;
+}
+interface SerializedUpdateGroupOptions {
+  name?: string;
+  description?: string | null;
+}
+//#endregion
 //#region src/vault/interfaces/key.interface.d.ts
 interface KeyContext {
   [key: string]: any;
@@ -2863,6 +3046,54 @@ interface FlagRuleUpdatedEventResponse extends EventResponseBase {
   event: 'flag.rule_updated';
   data: FeatureFlagResponse;
 }
+interface GroupCreatedEvent extends EventBase {
+  event: 'group.created';
+  data: Group;
+}
+interface GroupCreatedEventResponse extends EventResponseBase {
+  event: 'group.created';
+  data: GroupResponse;
+}
+interface GroupUpdatedEvent extends EventBase {
+  event: 'group.updated';
+  data: Group;
+}
+interface GroupUpdatedEventResponse extends EventResponseBase {
+  event: 'group.updated';
+  data: GroupResponse;
+}
+interface GroupDeletedEvent extends EventBase {
+  event: 'group.deleted';
+  data: Group;
+}
+interface GroupDeletedEventResponse extends EventResponseBase {
+  event: 'group.deleted';
+  data: GroupResponse;
+}
+interface GroupMemberEventData {
+  groupId: string;
+  organizationMembershipId: string;
+}
+interface GroupMemberEventResponseData {
+  group_id: string;
+  organization_membership_id: string;
+}
+interface GroupMemberAddedEvent extends EventBase {
+  event: 'group.member_added';
+  data: GroupMemberEventData;
+}
+interface GroupMemberAddedEventResponse extends EventResponseBase {
+  event: 'group.member_added';
+  data: GroupMemberEventResponseData;
+}
+interface GroupMemberRemovedEvent extends EventBase {
+  event: 'group.member_removed';
+  data: GroupMemberEventData;
+}
+interface GroupMemberRemovedEventResponse extends EventResponseBase {
+  event: 'group.member_removed';
+  data: GroupMemberEventResponseData;
+}
 interface VaultDataCreatedEvent extends EventBase {
   event: 'vault.data.created';
   data: VaultDataCreatedEventData;
@@ -2943,10 +3174,26 @@ interface VaultByokKeyVerificationCompletedEventResponse extends EventResponseBa
   event: 'vault.byok_key.verification_completed';
   data: VaultByokKeyVerificationCompletedEventResponseData;
 }
-type Event = AuthenticationEmailVerificationSucceededEvent | AuthenticationMfaSucceededEvent | AuthenticationOAuthFailedEvent | AuthenticationOAuthSucceededEvent | AuthenticationSSOFailedEvent | AuthenticationSSOSucceededEvent | AuthenticationPasskeyFailedEvent | AuthenticationPasskeySucceededEvent | AuthenticationPasswordFailedEvent | AuthenticationPasswordSucceededEvent | AuthenticationMagicAuthFailedEvent | AuthenticationMagicAuthSucceededEvent | AuthenticationRadarRiskDetectedEvent | ConnectionActivatedEvent | ConnectionDeactivatedEvent | ConnectionDeletedEvent | DsyncActivatedEvent | DsyncDeletedEvent | DsyncGroupCreatedEvent | DsyncGroupUpdatedEvent | DsyncGroupDeletedEvent | DsyncGroupUserAddedEvent | DsyncGroupUserRemovedEvent | DsyncUserCreatedEvent | DsyncUserUpdatedEvent | DsyncUserDeletedEvent | EmailVerificationCreatedEvent | InvitationAcceptedEvent | InvitationCreatedEvent | InvitationRevokedEvent | InvitationResentEvent | MagicAuthCreatedEvent | PasswordResetCreatedEvent | PasswordResetSucceededEvent | UserCreatedEvent | UserUpdatedEvent | UserDeletedEvent | OrganizationMembershipCreated | OrganizationMembershipDeleted | OrganizationMembershipUpdated | RoleCreatedEvent | RoleDeletedEvent | RoleUpdatedEvent | OrganizationRoleCreatedEvent | OrganizationRoleUpdatedEvent | OrganizationRoleDeletedEvent | PermissionCreatedEvent | PermissionUpdatedEvent | PermissionDeletedEvent | SessionCreatedEvent | SessionRevokedEvent | OrganizationCreatedEvent | OrganizationUpdatedEvent | OrganizationDeletedEvent | OrganizationDomainVerifiedEvent | OrganizationDomainVerificationFailedEvent | OrganizationDomainCreatedEvent | OrganizationDomainUpdatedEvent | OrganizationDomainDeletedEvent | ApiKeyCreatedEvent | ApiKeyRevokedEvent | FlagCreatedEvent | FlagUpdatedEvent | FlagDeletedEvent | FlagRuleUpdatedEvent | VaultDataCreatedEvent | VaultDataUpdatedEvent | VaultDataReadEvent | VaultDataDeletedEvent | VaultNamesListedEvent | VaultMetadataReadEvent | VaultKekCreatedEvent | VaultDekReadEvent | VaultDekDecryptedEvent | VaultByokKeyVerificationCompletedEvent;
-type EventResponse = AuthenticationEmailVerificationSucceededEventResponse | AuthenticationMagicAuthFailedEventResponse | AuthenticationMagicAuthSucceededEventResponse | AuthenticationMfaSucceededEventResponse | AuthenticationOAuthFailedEventResponse | AuthenticationOAuthSucceededEventResponse | AuthenticationPasskeyFailedEventResponse | AuthenticationPasskeySucceededEventResponse | AuthenticationPasswordFailedEventResponse | AuthenticationPasswordSucceededEventResponse | AuthenticationSSOFailedEventResponse | AuthenticationSSOSucceededEventResponse | AuthenticationRadarRiskDetectedEventResponse | ConnectionActivatedEventResponse | ConnectionDeactivatedEventResponse | ConnectionDeletedEventResponse | DsyncActivatedEventResponse | DsyncDeletedEventResponse | DsyncGroupCreatedEventResponse | DsyncGroupUpdatedEventResponse | DsyncGroupDeletedEventResponse | DsyncGroupUserAddedEventResponse | DsyncGroupUserRemovedEventResponse | DsyncUserCreatedEventResponse | DsyncUserUpdatedEventResponse | DsyncUserDeletedEventResponse | EmailVerificationCreatedEventResponse | InvitationAcceptedEventResponse | InvitationCreatedEventResponse | InvitationRevokedEventResponse | InvitationResentEventResponse | MagicAuthCreatedEventResponse | PasswordResetCreatedEventResponse | PasswordResetSucceededEventResponse | UserCreatedEventResponse | UserUpdatedEventResponse | UserDeletedEventResponse | OrganizationMembershipCreatedResponse | OrganizationMembershipDeletedResponse | OrganizationMembershipUpdatedResponse | RoleCreatedEventResponse | RoleDeletedEventResponse | RoleUpdatedEventResponse | OrganizationRoleCreatedEventResponse | OrganizationRoleUpdatedEventResponse | OrganizationRoleDeletedEventResponse | PermissionCreatedEventResponse | PermissionUpdatedEventResponse | PermissionDeletedEventResponse | SessionCreatedEventResponse | SessionRevokedEventResponse | OrganizationCreatedResponse | OrganizationUpdatedResponse | OrganizationDeletedResponse | OrganizationDomainVerifiedEventResponse | OrganizationDomainVerificationFailedEventResponse | OrganizationDomainCreatedEventResponse | OrganizationDomainUpdatedEventResponse | OrganizationDomainDeletedEventResponse | ApiKeyCreatedEventResponse | ApiKeyRevokedEventResponse | FlagCreatedEventResponse | FlagUpdatedEventResponse | FlagDeletedEventResponse | FlagRuleUpdatedEventResponse | VaultDataCreatedEventResponse | VaultDataUpdatedEventResponse | VaultDataReadEventResponse | VaultDataDeletedEventResponse | VaultNamesListedEventResponse | VaultMetadataReadEventResponse | VaultKekCreatedEventResponse | VaultDekReadEventResponse | VaultDekDecryptedEventResponse | VaultByokKeyVerificationCompletedEventResponse;
+interface UnknownEvent extends EventBase {
+  event: string;
+  data: Record<string, unknown>;
+}
+type Event = AuthenticationEmailVerificationSucceededEvent | AuthenticationMfaSucceededEvent | AuthenticationOAuthFailedEvent | AuthenticationOAuthSucceededEvent | AuthenticationSSOFailedEvent | AuthenticationSSOSucceededEvent | AuthenticationPasskeyFailedEvent | AuthenticationPasskeySucceededEvent | AuthenticationPasswordFailedEvent | AuthenticationPasswordSucceededEvent | AuthenticationMagicAuthFailedEvent | AuthenticationMagicAuthSucceededEvent | AuthenticationRadarRiskDetectedEvent | ConnectionActivatedEvent | ConnectionDeactivatedEvent | ConnectionDeletedEvent | DsyncActivatedEvent | DsyncDeletedEvent | DsyncGroupCreatedEvent | DsyncGroupUpdatedEvent | DsyncGroupDeletedEvent | DsyncGroupUserAddedEvent | DsyncGroupUserRemovedEvent | DsyncUserCreatedEvent | DsyncUserUpdatedEvent | DsyncUserDeletedEvent | EmailVerificationCreatedEvent | InvitationAcceptedEvent | InvitationCreatedEvent | InvitationRevokedEvent | InvitationResentEvent | MagicAuthCreatedEvent | PasswordResetCreatedEvent | PasswordResetSucceededEvent | UserCreatedEvent | UserUpdatedEvent | UserDeletedEvent | OrganizationMembershipCreated | OrganizationMembershipDeleted | OrganizationMembershipUpdated | RoleCreatedEvent | RoleDeletedEvent | RoleUpdatedEvent | OrganizationRoleCreatedEvent | OrganizationRoleUpdatedEvent | OrganizationRoleDeletedEvent | PermissionCreatedEvent | PermissionUpdatedEvent | PermissionDeletedEvent | SessionCreatedEvent | SessionRevokedEvent | OrganizationCreatedEvent | OrganizationUpdatedEvent | OrganizationDeletedEvent | OrganizationDomainVerifiedEvent | OrganizationDomainVerificationFailedEvent | OrganizationDomainCreatedEvent | OrganizationDomainUpdatedEvent | OrganizationDomainDeletedEvent | ApiKeyCreatedEvent | ApiKeyRevokedEvent | FlagCreatedEvent | FlagUpdatedEvent | FlagDeletedEvent | FlagRuleUpdatedEvent | GroupCreatedEvent | GroupUpdatedEvent | GroupDeletedEvent | GroupMemberAddedEvent | GroupMemberRemovedEvent | VaultDataCreatedEvent | VaultDataUpdatedEvent | VaultDataReadEvent | VaultDataDeletedEvent | VaultNamesListedEvent | VaultMetadataReadEvent | VaultKekCreatedEvent | VaultDekReadEvent | VaultDekDecryptedEvent | VaultByokKeyVerificationCompletedEvent;
+type EventResponse = AuthenticationEmailVerificationSucceededEventResponse | AuthenticationMagicAuthFailedEventResponse | AuthenticationMagicAuthSucceededEventResponse | AuthenticationMfaSucceededEventResponse | AuthenticationOAuthFailedEventResponse | AuthenticationOAuthSucceededEventResponse | AuthenticationPasskeyFailedEventResponse | AuthenticationPasskeySucceededEventResponse | AuthenticationPasswordFailedEventResponse | AuthenticationPasswordSucceededEventResponse | AuthenticationSSOFailedEventResponse | AuthenticationSSOSucceededEventResponse | AuthenticationRadarRiskDetectedEventResponse | ConnectionActivatedEventResponse | ConnectionDeactivatedEventResponse | ConnectionDeletedEventResponse | DsyncActivatedEventResponse | DsyncDeletedEventResponse | DsyncGroupCreatedEventResponse | DsyncGroupUpdatedEventResponse | DsyncGroupDeletedEventResponse | DsyncGroupUserAddedEventResponse | DsyncGroupUserRemovedEventResponse | DsyncUserCreatedEventResponse | DsyncUserUpdatedEventResponse | DsyncUserDeletedEventResponse | EmailVerificationCreatedEventResponse | InvitationAcceptedEventResponse | InvitationCreatedEventResponse | InvitationRevokedEventResponse | InvitationResentEventResponse | MagicAuthCreatedEventResponse | PasswordResetCreatedEventResponse | PasswordResetSucceededEventResponse | UserCreatedEventResponse | UserUpdatedEventResponse | UserDeletedEventResponse | OrganizationMembershipCreatedResponse | OrganizationMembershipDeletedResponse | OrganizationMembershipUpdatedResponse | RoleCreatedEventResponse | RoleDeletedEventResponse | RoleUpdatedEventResponse | OrganizationRoleCreatedEventResponse | OrganizationRoleUpdatedEventResponse | OrganizationRoleDeletedEventResponse | PermissionCreatedEventResponse | PermissionUpdatedEventResponse | PermissionDeletedEventResponse | SessionCreatedEventResponse | SessionRevokedEventResponse | OrganizationCreatedResponse | OrganizationUpdatedResponse | OrganizationDeletedResponse | OrganizationDomainVerifiedEventResponse | OrganizationDomainVerificationFailedEventResponse | OrganizationDomainCreatedEventResponse | OrganizationDomainUpdatedEventResponse | OrganizationDomainDeletedEventResponse | ApiKeyCreatedEventResponse | ApiKeyRevokedEventResponse | FlagCreatedEventResponse | FlagUpdatedEventResponse | FlagDeletedEventResponse | FlagRuleUpdatedEventResponse | GroupCreatedEventResponse | GroupUpdatedEventResponse | GroupDeletedEventResponse | GroupMemberAddedEventResponse | GroupMemberRemovedEventResponse | VaultDataCreatedEventResponse | VaultDataUpdatedEventResponse | VaultDataReadEventResponse | VaultDataDeletedEventResponse | VaultNamesListedEventResponse | VaultMetadataReadEventResponse | VaultKekCreatedEventResponse | VaultDekReadEventResponse | VaultDekDecryptedEventResponse | VaultByokKeyVerificationCompletedEventResponse;
 type EventName = Event['event'];
 //#endregion
+//#region src/common/interfaces/generate-link-intent.interface.d.ts
+declare const GenerateLinkIntent: {
+  readonly SSO: "sso";
+  readonly DSync: "dsync";
+  readonly AuditLogs: "audit_logs";
+  readonly LogStreams: "log_streams";
+  readonly DomainVerification: "domain_verification";
+  readonly CertificateRenewal: "certificate_renewal";
+  readonly BringYourOwnKey: "bring_your_own_key";
+};
+type GenerateLinkIntent = (typeof GenerateLinkIntent)[keyof typeof GenerateLinkIntent];
+//#endregion
 //#region src/common/interfaces/get-options.interface.d.ts
 interface GetOptions {
   query?: Record<string, any>;
@@ -3037,6 +3284,7 @@ interface WorkOSResponseError {
   error?: string;
   errors?: UnprocessableEntityError[];
   message: string;
+  [key: string]: unknown;
 }
 //#endregion
 //#region src/organizations/interfaces/domain-data.interface.d.ts
@@ -3071,20 +3319,34 @@ interface ListOrganizationFeatureFlagsOptions extends PaginationOptions {
 //#endregion
 //#region src/organizations/interfaces/list-organizations-options.interface.d.ts
 interface ListOrganizationsOptions extends PaginationOptions {
+  /** The domains of an Organization. Any Organization with a matching domain will be returned. */
   domains?: string[];
 }
 //#endregion
 //#region src/organizations/interfaces/organization.interface.d.ts
 interface Organization {
+  /** Distinguishes the Organization object. */
   object: 'organization';
+  /** Unique identifier of the Organization. */
   id: string;
+  /** A descriptive name for the Organization. This field does not need to be unique. */
   name: string;
+  /**
+   * Whether the Organization allows profiles outside of its managed domains.
+   * @deprecated
+   */
   allowProfilesOutsideOrganization: boolean;
+  /** List of Organization Domains. */
   domains: OrganizationDomain[];
+  /** The Stripe customer ID of the Organization. */
   stripeCustomerId?: string;
+  /** An ISO 8601 timestamp. */
   createdAt: string;
+  /** An ISO 8601 timestamp. */
   updatedAt: string;
+  /** The external ID of the Organization. */
   externalId: string | null;
+  /** Object containing [metadata](https://workos.com/docs/authkit/metadata) key/value pairs associated with the Organization. */
   metadata: Record<string, string>;
 }
 interface OrganizationResponse {
@@ -3298,14 +3560,6 @@ declare class PKCE {
   private base64UrlEncode;
 }
 //#endregion
-//#region src/api-keys/api-keys.d.ts
-declare class ApiKeys {
-  private readonly workos;
-  constructor(workos: WorkOS);
-  validateApiKey(payload: ValidateApiKeyOptions): Promise<ValidateApiKeyResponse>;
-  deleteApiKey(id: string): Promise<void>;
-}
-//#endregion
 //#region src/common/utils/pagination.d.ts
 declare class AutoPaginatable<ResourceType, ParametersType extends PaginationOptions = PaginationOptions> {
   protected list: List<ResourceType>;
@@ -3326,16 +3580,153 @@ declare class AutoPaginatable<ResourceType, ParametersType extends PaginationOpt
   autoPagination(): Promise<ResourceType[]>;
 }
 //#endregion
+//#region src/api-keys/api-keys.d.ts
+declare class ApiKeys {
+  private readonly workos;
+  constructor(workos: WorkOS);
+  /**
+   * Validate API key
+   *
+   * Validate an API key value and return the API key object if valid.
+   * @param payload - Object containing value.
+   * @returns {Promise<ApiKeyValidationResponse>}
+   * @throws {UnauthorizedException} 401
+   * @throws {UnprocessableEntityException} 422
+   */
+  createValidation(payload: ValidateApiKeyOptions): Promise<ValidateApiKeyResponse>;
+  /**
+   * Delete an API key
+   *
+   * Permanently deletes an API key. This action cannot be undone. Once deleted, any requests using this API key will fail authentication.
+   * @param id - The unique ID of the API key.
+   *
+   * @example
+   * "api_key_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @returns {Promise<void>}
+   * @throws {NotFoundException} 404
+   */
+  deleteApiKey(id: string): Promise<void>;
+  /**
+   * List API keys for an organization
+   *
+   * Get a list of all API keys for an organization.
+   * @param organizationId - Unique identifier of the Organization.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<ApiKey>>}
+   * @throws {NotFoundException} 404
+   */
+  listOrganizationApiKeys(options: ListOrganizationApiKeysOptions): Promise<AutoPaginatable<ApiKey>>;
+  /**
+   * Create an API key for an organization
+   *
+   * Create a new API key for an organization.
+   * @param organizationId - Unique identifier of the Organization.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @param options - Object containing name.
+   * @returns {Promise<ApiKeyWithValue>}
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  createOrganizationApiKey(options: CreateOrganizationApiKeyOptions, requestOptions?: CreateOrganizationApiKeyRequestOptions): Promise<CreatedApiKey>;
+}
+//#endregion
 //#region src/directory-sync/directory-sync.d.ts
 declare class DirectorySync {
   private readonly workos;
   constructor(workos: WorkOS);
+  /**
+   * List Directories
+   *
+   * Get a list of all of your existing directories matching the criteria specified.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<Directory, SerializedListDirectoriesOptions>>}
+   * @throws 403 response from the API.
+   * @throws {UnprocessableEntityException} 422
+   */
   listDirectories(options?: ListDirectoriesOptions): Promise<AutoPaginatable<Directory, SerializedListDirectoriesOptions>>;
+  /**
+   * Get a Directory
+   *
+   * Get the details of an existing directory.
+   * @param id - Unique identifier for the Directory.
+   *
+   * @example
+   * "directory_01ECAZ4NV9QMV47GW873HDCX74"
+   *
+   * @returns {Promise<Directory>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
   getDirectory(id: string): Promise<Directory>;
+  /**
+   * Delete a Directory
+   *
+   * Permanently deletes an existing directory. It cannot be undone.
+   * @param id - Unique identifier for the Directory.
+   *
+   * @example
+   * "directory_01ECAZ4NV9QMV47GW873HDCX74"
+   *
+   * @returns {Promise<void>}
+   * @throws 403 response from the API.
+   */
   deleteDirectory(id: string): Promise<void>;
+  /**
+   * List Directory Groups
+   *
+   * Get a list of all of existing directory groups matching the criteria specified.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<DirectoryGroup, ListDirectoryGroupsOptions>>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   listGroups(options: ListDirectoryGroupsOptions): Promise<AutoPaginatable<DirectoryGroup, ListDirectoryGroupsOptions>>;
+  /**
+   * List Directory Users
+   *
+   * Get a list of all of existing Directory Users matching the criteria specified.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<DirectoryUserWithGroups<TCustomAttributes>, ListDirectoryUsersOptions>>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   * @throws {RateLimitExceededException} 429
+   */
   listUsers<TCustomAttributes extends object = DefaultCustomAttributes>(options: ListDirectoryUsersOptions): Promise<AutoPaginatable<DirectoryUserWithGroups<TCustomAttributes>, ListDirectoryUsersOptions>>;
+  /**
+   * Get a Directory User
+   *
+   * Get the details of an existing Directory User.
+   * @param user - Unique identifier for the Directory User.
+   *
+   * @example
+   * "directory_user_01E1JG7J09H96KYP8HM9B0G5SJ"
+   * @returns {Promise<DirectoryUserWithGroups<TCustomAttributes>>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
   getUser<TCustomAttributes extends object = DefaultCustomAttributes>(user: string): Promise<DirectoryUserWithGroups<TCustomAttributes>>;
+  /**
+   * Get a Directory Group
+   *
+   * Get the details of an existing Directory Group.
+   * @param group - Unique identifier for the Directory Group.
+   *
+   * @example
+   * "directory_group_01E1JJS84MFPPQ3G655FHTKX6Z"
+   * @returns {Promise<DirectoryGroup>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
   getGroup(group: string): Promise<DirectoryGroup>;
 }
 //#endregion
@@ -3363,38 +3754,148 @@ interface SerializedListEventOptions {
 declare class Events {
   private readonly workos;
   constructor(workos: WorkOS);
+  /**
+   * List events
+   *
+   * List events for the current environment.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<List<Event>>}
+   * @throws {BadRequestException} 400
+   * @throws {UnprocessableEntityException} 422
+   */
   listEvents(options: ListEventOptions): Promise<List<Event>>;
 }
 //#endregion
-//#region src/organizations/interfaces/list-organization-roles-options.interface.d.ts
-interface ListOrganizationRolesOptions {
-  organizationId: string;
-}
-//#endregion
 //#region src/organizations/organizations.d.ts
 declare class Organizations {
   private readonly workos;
   constructor(workos: WorkOS);
+  /**
+   * List Organizations
+   *
+   * Get a list of all of your existing organizations matching the criteria specified.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<Organization, ListOrganizationsOptions>>}
+   * @throws {UnprocessableEntityException} 422
+   */
   listOrganizations(options?: ListOrganizationsOptions): Promise<AutoPaginatable<Organization, ListOrganizationsOptions>>;
+  /**
+   * Create an Organization
+   *
+   * Creates a new organization in the current environment.
+   * @param payload - Object containing name.
+   * @returns {Promise<Organization>}
+   * @throws {BadRequestException} 400
+   * @throws {ConflictException} 409
+   * @throws {UnprocessableEntityException} 422
+   */
   createOrganization(payload: CreateOrganizationOptions, requestOptions?: CreateOrganizationRequestOptions): Promise<Organization>;
+  /**
+   * Delete an Organization
+   *
+   * Permanently deletes an organization in the current environment. It cannot be undone.
+   * @param id - Unique identifier of the Organization.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @returns {Promise<void>}
+   * @throws 403 response from the API.
+   */
   deleteOrganization(id: string): Promise<void>;
+  /**
+   * Get an Organization
+   *
+   * Get the details of an existing organization.
+   * @param id - Unique identifier of the Organization.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @returns {Promise<Organization>}
+   * @throws {NotFoundException} 404
+   */
   getOrganization(id: string): Promise<Organization>;
+  /**
+   * Get an Organization by External ID
+   *
+   * Get the details of an existing organization by an [external identifier](https://workos.com/docs/authkit/metadata/external-identifiers).
+   * @param externalId - The external ID of the Organization.
+   *
+   * @example
+   * "2fe01467-f7ea-4dd2-8b79-c2b4f56d0191"
+   *
+   * @returns {Promise<Organization>}
+   * @throws {NotFoundException} 404
+   */
   getOrganizationByExternalId(externalId: string): Promise<Organization>;
+  /**
+   * Update an Organization
+   *
+   * Updates an organization in the current environment.
+   * @param payload - The request body.
+   * @returns {Promise<Organization>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {ConflictException} 409
+   * @throws {UnprocessableEntityException} 422
+   */
   updateOrganization(options: UpdateOrganizationOptions): Promise<Organization>;
-  listOrganizationRoles(options: ListOrganizationRolesOptions): Promise<RoleList>;
-  listOrganizationFeatureFlags(options: ListOrganizationFeatureFlagsOptions): Promise<AutoPaginatable<FeatureFlag>>;
-  listOrganizationApiKeys(options: ListOrganizationApiKeysOptions): Promise<AutoPaginatable<ApiKey>>;
-  createOrganizationApiKey(options: CreateOrganizationApiKeyOptions, requestOptions?: CreateOrganizationApiKeyRequestOptions): Promise<CreatedApiKey>;
 }
 //#endregion
 //#region src/organization-domains/organization-domains.d.ts
 declare class OrganizationDomains {
   private readonly workos;
   constructor(workos: WorkOS);
-  get(id: string): Promise<OrganizationDomain>;
-  verify(id: string): Promise<OrganizationDomain>;
-  create(payload: CreateOrganizationDomainOptions): Promise<OrganizationDomain>;
-  delete(id: string): Promise<void>;
+  /**
+   * Get an Organization Domain
+   *
+   * Get the details of an existing organization domain.
+   * @param id - Unique identifier of the organization domain.
+   *
+   * @example
+   * "org_domain_01EHZNVPK2QXHMVWCEDQEKY69A"
+   *
+   * @returns {Promise<OrganizationDomain>}
+   * @throws {NotFoundException} 404
+   */
+  getOrganizationDomain(id: string): Promise<OrganizationDomain>;
+  /**
+   * Verify an Organization Domain
+   *
+   * Initiates verification process for an Organization Domain.
+   * @param id - Unique identifier of the organization domain.
+   *
+   * @example
+   * "org_domain_01EHZNVPK2QXHMVWCEDQEKY69A"
+   *
+   * @returns {Promise<OrganizationDomain>}
+   * @throws {BadRequestException} 400
+   */
+  verifyOrganizationDomain(id: string): Promise<OrganizationDomain>;
+  /**
+   * Create an Organization Domain
+   *
+   * Creates a new Organization Domain.
+   * @param payload - Object containing domain, organizationId.
+   * @returns {Promise<OrganizationDomain>}
+   * @throws {ConflictException} 409
+   */
+  createOrganizationDomain(payload: CreateOrganizationDomainOptions): Promise<OrganizationDomain>;
+  /**
+   * Delete an Organization Domain
+   *
+   * Permanently deletes an organization domain. It cannot be undone.
+   * @param id - Unique identifier of the organization domain.
+   *
+   * @example
+   * "org_domain_01EHZNVPK2QXHMVWCEDQEKY69A"
+   *
+   * @returns {Promise<void>}
+   * @throws {NotFoundException} 404
+   */
+  deleteOrganizationDomain(id: string): Promise<void>;
 }
 //#endregion
 //#region src/passwordless/interfaces/passwordless-session.interface.d.ts
@@ -3485,31 +3986,40 @@ declare class Pipes {
   }): Promise<GetAccessTokenResponse>;
 }
 //#endregion
-//#region src/portal/interfaces/generate-portal-link-intent.interface.d.ts
-declare enum GeneratePortalLinkIntent {
-  AuditLogs = "audit_logs",
-  DomainVerification = "domain_verification",
-  DSync = "dsync",
-  LogStreams = "log_streams",
-  SSO = "sso",
-  CertificateRenewal = "certificate_renewal",
-  BringYourOwnKey = "bring_your_own_key"
-}
-//#endregion
-//#region src/portal/portal.d.ts
-declare class Portal {
+//#region src/admin-portal/admin-portal.d.ts
+declare class AdminPortal {
   private readonly workos;
   constructor(workos: WorkOS);
+  /**
+   * Generate a Portal Link
+   *
+   * Generate a Portal Link scoped to an Organization.
+   * @param payload - Object containing organization.
+   * @returns {Promise<{ link: string; }>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   generateLink({
     intent,
     organization,
     returnUrl,
-    successUrl
+    successUrl,
+    intentOptions,
+    adminEmails
   }: {
-    intent: GeneratePortalLinkIntent;
+    intent?: GenerateLinkIntent;
     organization: string;
     returnUrl?: string;
     successUrl?: string;
+    intentOptions?: {
+      sso: {
+        bookmarkSlug?: string;
+        providerType?: string;
+      };
+    };
+    adminEmails?: string[];
   }): Promise<{
     link: string;
   }>;
@@ -3519,13 +4029,35 @@ declare class Portal {
 declare class SSO {
   private readonly workos;
   constructor(workos: WorkOS);
-  listConnections(options?: ListConnectionsOptions): Promise<AutoPaginatable<Connection, SerializedListConnectionsOptions>>;
-  deleteConnection(id: string): Promise<void>;
-  getAuthorizationUrl(options: SSOAuthorizationURLOptions): string;
   /**
-   * Generates an authorization URL with PKCE parameters automatically generated.
-   * Use this for public clients (CLI apps, Electron, mobile) that cannot
-   * securely store a client secret.
+   * List Connections
+   *
+   * Get a list of all of your existing connections matching the criteria specified.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<Connection, SerializedListConnectionsOptions>>}
+   * @throws 403 response from the API.
+   * @throws {UnprocessableEntityException} 422
+   */
+  listConnections(options?: ListConnectionsOptions): Promise<AutoPaginatable<Connection, SerializedListConnectionsOptions>>;
+  /**
+   * Delete a Connection
+   *
+   * Permanently deletes an existing connection. It cannot be undone.
+   * @param id - Unique identifier for the Connection.
+   *
+   * @example
+   * "conn_01E4ZCR3C56J083X43JQXF3JK5"
+   *
+   * @returns {Promise<void>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
+  deleteConnection(id: string): Promise<void>;
+  getAuthorizationUrl(options: SSOAuthorizationURLOptions): string;
+  /**
+   * Generates an authorization URL with PKCE parameters automatically generated.
+   * Use this for public clients (CLI apps, Electron, mobile) that cannot
+   * securely store a client secret.
    *
    * @returns Object containing url, state, and codeVerifier
    *
@@ -3547,6 +4079,19 @@ declare class SSO {
    * ```
    */
   getAuthorizationUrlWithPKCE(options: Omit<SSOAuthorizationURLOptions, 'codeChallenge' | 'codeChallengeMethod' | 'state'>): Promise<SSOPKCEAuthorizationURLResult>;
+  /**
+   * Get a Connection
+   *
+   * Get the details of an existing connection.
+   * @param id - Unique identifier for the Connection.
+   *
+   * @example
+   * "conn_01E4ZCR3C56J083X43JQXF3JK5"
+   *
+   * @returns {Promise<Connection>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
   getConnection(id: string): Promise<Connection>;
   /**
    * Exchange an authorization code for a profile and access token.
@@ -3566,12 +4111,20 @@ declare class SSO {
     clientId,
     codeVerifier
   }: GetProfileAndTokenOptions): Promise<ProfileAndToken<CustomAttributesType>>;
+  /**
+   * Get a User Profile
+   *
+   * Exchange an access token for a user's [Profile](https://workos.com/docs/reference/sso/profile). Because this profile is returned in the [Get a Profile and Token endpoint](https://workos.com/docs/reference/sso/profile/get-profile-and-token) your application usually does not need to call this endpoint. It is available for any authentication flows that require an additional endpoint to retrieve a user's profile.
+   * @returns {Promise<Profile<CustomAttributesType>>}
+   * @throws {UnauthorizedException} 401
+   * @throws {NotFoundException} 404
+   */
   getProfile<CustomAttributesType extends UnknownRecord = UnknownRecord>({
     accessToken
   }: GetProfileOptions): Promise<Profile<CustomAttributesType>>;
 }
 //#endregion
-//#region src/mfa/interfaces/challenge-factor-options.d.ts
+//#region src/multi-factor-auth/interfaces/challenge-factor-options.d.ts
 type ChallengeFactorOptions = {
   authenticationFactorId: string;
 } | {
@@ -3579,7 +4132,7 @@ type ChallengeFactorOptions = {
   smsTemplate: string;
 };
 //#endregion
-//#region src/mfa/interfaces/challenge.interface.d.ts
+//#region src/multi-factor-auth/interfaces/challenge.interface.d.ts
 interface Challenge {
   object: 'authentication_challenge';
   id: string;
@@ -3590,7 +4143,7 @@ interface Challenge {
   authenticationFactorId: string;
 }
 //#endregion
-//#region src/mfa/interfaces/enroll-factor-options.d.ts
+//#region src/multi-factor-auth/interfaces/enroll-factor-options.d.ts
 type EnrollFactorOptions = {
   type: 'sms';
   phoneNumber: string;
@@ -3602,12 +4155,12 @@ type EnrollFactorOptions = {
   type: 'generic_otp';
 };
 //#endregion
-//#region src/mfa/interfaces/sms.interface.d.ts
+//#region src/multi-factor-auth/interfaces/sms.interface.d.ts
 interface Sms {
   phoneNumber: string;
 }
 //#endregion
-//#region src/mfa/interfaces/factor.interface.d.ts
+//#region src/multi-factor-auth/interfaces/factor.interface.d.ts
 type FactorType = 'sms' | 'totp' | 'generic_otp';
 interface Factor {
   object: 'authentication_factor';
@@ -3628,27 +4181,99 @@ interface FactorWithSecrets {
   totp?: TotpWithSecrets;
 }
 //#endregion
-//#region src/mfa/interfaces/verify-challenge-options.d.ts
+//#region src/multi-factor-auth/interfaces/verify-challenge-options.d.ts
 interface VerifyChallengeOptions {
   authenticationChallengeId: string;
   code: string;
 }
 //#endregion
-//#region src/mfa/interfaces/verify-challenge-response.d.ts
+//#region src/multi-factor-auth/interfaces/verify-challenge-response.d.ts
 interface VerifyResponse {
   challenge: Challenge;
   valid: boolean;
 }
 //#endregion
-//#region src/mfa/mfa.d.ts
-declare class Mfa {
+//#region src/multi-factor-auth/multi-factor-auth.d.ts
+declare class MultiFactorAuth {
   private readonly workos;
   constructor(workos: WorkOS);
+  /**
+   * Delete Factor
+   *
+   * Permanently deletes an Authentication Factor. It cannot be undone.
+   * @param id - The unique ID of the Factor.
+   *
+   * @example
+   * "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ"
+   *
+   * @returns {Promise<void>}
+   * @throws {NotFoundException} 404
+   */
   deleteFactor(id: string): Promise<void>;
+  /**
+   * Get Factor
+   *
+   * Gets an Authentication Factor.
+   * @param id - The unique ID of the Factor.
+   *
+   * @example
+   * "auth_factor_01FVYZ5QM8N98T9ME5BCB2BBMJ"
+   *
+   * @returns {Promise<Factor>}
+   * @throws {NotFoundException} 404
+   */
   getFactor(id: string): Promise<Factor>;
+  /**
+   * Enroll Factor
+   *
+   * Enrolls an Authentication Factor to be used as an additional factor of authentication. The returned ID should be used to create an authentication Challenge.
+   * @param options - Object containing type.
+   * @returns {Promise<FactorWithSecrets>}
+   * @throws {UnprocessableEntityException} 422
+   */
   enrollFactor(options: EnrollFactorOptions): Promise<FactorWithSecrets>;
+  /**
+   * Challenge Factor
+   *
+   * Creates a Challenge for an Authentication Factor.
+   * @param options - The request body.
+   * @returns {Promise<Challenge>}
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   challengeFactor(options: ChallengeFactorOptions): Promise<Challenge>;
+  /**
+   * Verify Challenge
+   *
+   * Verifies an Authentication Challenge.
+   * @param options - Object containing code.
+   * @returns {Promise<VerifyResponse>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   verifyChallenge(options: VerifyChallengeOptions): Promise<VerifyResponse>;
+  /**
+   * Enroll an authentication factor
+   *
+   * Enrolls a user in a new [authentication factor](https://workos.com/docs/reference/authkit/mfa/authentication-factor).
+   * @param payload - Object containing type.
+   * @returns {Promise<{authenticationFactor: UMFactorWithSecrets; authenticationChallenge: Challenge}>}
+   * @throws {UnprocessableEntityException} 422
+   */
+  createUserAuthFactor(payload: EnrollAuthFactorOptions): Promise<{
+    authenticationFactor: FactorWithSecrets$1;
+    authenticationChallenge: Challenge;
+  }>;
+  /**
+   * List authentication factors
+   *
+   * Lists the [authentication factors](https://workos.com/docs/reference/authkit/mfa/authentication-factor) for a user.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<UMFactor, PaginationOptions>>}
+   * @throws {UnprocessableEntityException} 422
+   */
+  listUserAuthFactors(options: ListAuthFactorsOptions): Promise<AutoPaginatable<Factor$1, PaginationOptions>>;
 }
 //#endregion
 //#region src/audit-logs/interfaces/audit-log-export-options.interface.d.ts
@@ -3689,6 +4314,49 @@ interface AuditLogExportResponse {
   updated_at: string;
 }
 //#endregion
+//#region src/audit-logs/interfaces/audit-log-schema.interface.d.ts
+type AuditLogSchemaMetadata = Record<string, {
+  type: 'string' | 'boolean' | 'number';
+}> | undefined;
+interface AuditLogActorSchema {
+  metadata: Record<string, string | boolean | number>;
+}
+interface AuditLogTargetSchema {
+  type: string;
+  metadata?: Record<string, string | boolean | number>;
+}
+interface AuditLogSchema {
+  object: 'audit_log_schema';
+  version: number;
+  targets: AuditLogTargetSchema[];
+  actor: AuditLogActorSchema | undefined;
+  metadata: Record<string, string | boolean | number> | undefined;
+  createdAt: string;
+}
+interface SerializedAuditLogTargetSchema$1 {
+  type: string;
+  metadata?: {
+    type: 'object';
+    properties: AuditLogSchemaMetadata;
+  };
+}
+interface AuditLogSchemaResponse {
+  object: 'audit_log_schema';
+  version: number;
+  targets: SerializedAuditLogTargetSchema$1[];
+  actor?: {
+    metadata: {
+      type: 'object';
+      properties: AuditLogSchemaMetadata;
+    };
+  };
+  metadata?: {
+    type: 'object';
+    properties: AuditLogSchemaMetadata;
+  };
+  created_at: string;
+}
+//#endregion
 //#region src/audit-logs/interfaces/create-audit-log-event-options.interface.d.ts
 interface AuditLogActor {
   id: string;
@@ -3729,24 +4397,6 @@ interface SerializedCreateAuditLogEventOptions {
 type CreateAuditLogEventRequestOptions = Pick<PostOptions, 'idempotencyKey'>;
 //#endregion
 //#region src/audit-logs/interfaces/create-audit-log-schema-options.interface.d.ts
-type AuditLogSchemaMetadata = Record<string, {
-  type: 'string' | 'boolean' | 'number';
-}> | undefined;
-interface AuditLogSchema {
-  object: 'audit_log_schema';
-  version: number;
-  targets: AuditLogTargetSchema[];
-  actor: AuditLogActorSchema;
-  metadata: Record<string, string | boolean | number> | undefined;
-  createdAt: string;
-}
-interface AuditLogActorSchema {
-  metadata: Record<string, string | boolean | number>;
-}
-interface AuditLogTargetSchema {
-  type: string;
-  metadata?: Record<string, string | boolean | number> | undefined;
-}
 interface CreateAuditLogSchemaOptions {
   action: string;
   targets: AuditLogTargetSchema[];
@@ -3773,32 +4423,64 @@ interface SerializedCreateAuditLogSchemaOptions {
     properties: AuditLogSchemaMetadata;
   };
 }
-interface CreateAuditLogSchemaResponse {
-  object: 'audit_log_schema';
-  version: number;
-  targets: SerializedAuditLogTargetSchema[];
-  actor: {
-    metadata: {
-      type: 'object';
-      properties: AuditLogSchemaMetadata;
-    };
-  };
-  metadata?: {
-    type: 'object';
-    properties: AuditLogSchemaMetadata;
-  };
-  created_at: string;
-}
+/** @deprecated Use AuditLogSchemaResponse instead */
+type CreateAuditLogSchemaResponse = AuditLogSchemaResponse;
 type CreateAuditLogSchemaRequestOptions = Pick<PostOptions, 'idempotencyKey'>;
 //#endregion
 //#region src/audit-logs/audit-logs.d.ts
 declare class AuditLogs {
   private readonly workos;
   constructor(workos: WorkOS);
+  /**
+   * Create Event
+   *
+   * Create an Audit Log Event.
+   *
+   * This API supports idempotency which guarantees that performing the same operation multiple times will have the same result as if the operation were performed only once. This is handy in situations where you may need to retry a request due to a failure or prevent accidental duplicate requests from creating more than one resource.
+   *
+   * To achieve idempotency, you can add `Idempotency-Key` request header to a Create Event request with a unique string as the value. Each subsequent request matching this unique string will return the same response. We suggest using [v4 UUIDs](https://en.wikipedia.org/wiki/Universally_unique_identifier) for idempotency keys to avoid collisions.
+   *
+   * Idempotency keys expire after 24 hours. The API will generate a new response if you submit a request with an expired key.
+   * @param payload - Object containing organizationId, event.
+   * @returns {Promise<void>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   * @throws {RateLimitExceededException} 429
+   */
   createEvent(organization: string, event: CreateAuditLogEventOptions, options?: CreateAuditLogEventRequestOptions): Promise<void>;
+  /**
+   * Create Export
+   *
+   * Create an Audit Log Export. Exports are scoped to a single organization within a specified date range.
+   * @param payload - Object containing organizationId, rangeStart, rangeEnd.
+   * @returns {Promise<AuditLogExport>}
+   * @throws {BadRequestException} 400
+   */
   createExport(options: AuditLogExportOptions): Promise<AuditLogExport>;
+  /**
+   * Get Export
+   *
+   * Get an Audit Log Export. The URL will expire after 10 minutes. If the export is needed again at a later time, refetching the export will regenerate the URL.
+   * @param auditLogExportId - The unique ID of the Audit Log Export.
+   *
+   * @example
+   * "audit_log_export_01GBZK5MP7TD1YCFQHFR22180V"
+   *
+   * @returns {Promise<AuditLogExport>}
+   * @throws {NotFoundException} 404
+   */
   getExport(auditLogExportId: string): Promise<AuditLogExport>;
+  /**
+   * Create Schema
+   *
+   * Creates a new Audit Log schema used to validate the payload of incoming Audit Log Events. If the `action` does not exist, it will also be created.
+   * @param payload - Object containing targets.
+   * @returns {Promise<AuditLogSchema>}
+   * @throws {UnprocessableEntityException} 422
+   */
   createSchema(schema: CreateAuditLogSchemaOptions, options?: CreateAuditLogSchemaRequestOptions): Promise<AuditLogSchema>;
+  listSchemas(action: string, options?: PaginationOptions): Promise<AutoPaginatable<AuditLogSchema, PaginationOptions>>;
 }
 //#endregion
 //#region node_modules/jose/dist/types/types.d.ts
@@ -4254,11 +4936,51 @@ declare class UserManagement {
     sessionData: string;
     cookiePassword: string;
   }): CookieSession;
+  /**
+   * Get a user
+   *
+   * Get the details of an existing user.
+   * @param userId - The unique ID of the user.
+   * @returns {Promise<User>}
+   * @throws {NotFoundException} 404
+   */
   getUser(userId: string): Promise<User>;
+  /**
+   * Get a user by external ID
+   *
+   * Get the details of an existing user by an [external identifier](https://workos.com/docs/authkit/metadata/external-identifiers).
+   * @param externalId - The external ID of the user.
+   *
+   * @example
+   * "f1ffa2b2-c20b-4d39-be5c-212726e11222"
+   *
+   * @returns {Promise<User>}
+   * @throws {NotFoundException} 404
+   */
   getUserByExternalId(externalId: string): Promise<User>;
+  /**
+   * List users
+   *
+   * Get a list of all of your existing users matching the criteria specified.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<User, SerializedListUsersOptions>>}
+   * @throws {UnprocessableEntityException} 422
+   */
   listUsers(options?: ListUsersOptions): Promise<AutoPaginatable<User, SerializedListUsersOptions>>;
+  /**
+   * Create a user
+   *
+   * Create a new user in the current environment.
+   * @param payload - Object containing email.
+   * @returns {Promise<User>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   createUser(payload: CreateUserOptions): Promise<User>;
+  /** Authenticate with magic auth. */
   authenticateWithMagicAuth(payload: AuthenticateWithMagicAuthOptions): Promise<AuthenticationResponse>;
+  /** Authenticate with password. */
   authenticateWithPassword(payload: AuthenticateWithPasswordOptions): Promise<AuthenticationResponse>;
   /**
    * Exchange an authorization code for tokens.
@@ -4290,8 +5012,11 @@ declare class UserManagement {
    * omits client_secret from the request.
    */
   authenticateWithRefreshToken(payload: AuthenticateWithRefreshTokenOptions): Promise<AuthenticationResponse>;
+  /** Authenticate with totp. */
   authenticateWithTotp(payload: AuthenticateWithTotpOptions): Promise<AuthenticationResponse>;
+  /** Authenticate with email verification. */
   authenticateWithEmailVerification(payload: AuthenticateWithEmailVerificationOptions): Promise<AuthenticationResponse>;
+  /** Authenticate with organization selection. */
   authenticateWithOrganizationSelection(payload: AuthenticateWithOrganizationSelectionOptions): Promise<AuthenticationResponse>;
   authenticateWithSessionCookie({
     sessionData,
@@ -4304,49 +5029,270 @@ declare class UserManagement {
     sessionData,
     cookiePassword
   }: SessionHandlerOptions): Promise<SessionCookieData | undefined>;
+  /**
+   * Get an email verification code
+   *
+   * Get the details of an existing email verification code that can be used to send an email to a user for verification.
+   * @returns {Promise<EmailVerification>}
+   * @throws {NotFoundException} 404
+   */
   getEmailVerification(emailVerificationId: string): Promise<EmailVerification>;
+  /**
+   * Send verification email
+   *
+   * Sends an email that contains a one-time code used to verify a user’s email address.
+   * @returns {Promise<{ user: User; }>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   * @throws {RateLimitExceededException} 429
+   */
   sendVerificationEmail({
     userId
   }: SendVerificationEmailOptions): Promise<{
     user: User;
   }>;
+  /**
+   * Get Magic Auth code details
+   *
+   * Get the details of an existing [Magic Auth](https://workos.com/docs/reference/authkit/magic-auth) code that can be used to send an email to a user for authentication.
+   * @returns {Promise<MagicAuth>}
+   * @throws {NotFoundException} 404
+   */
   getMagicAuth(magicAuthId: string): Promise<MagicAuth>;
+  /**
+   * Create a Magic Auth code
+   *
+   * Creates a one-time authentication code that can be sent to the user's email address. The code expires in 10 minutes. To verify the code, [authenticate the user with Magic Auth](https://workos.com/docs/reference/authkit/authentication/magic-auth).
+   * @param options - Object containing email.
+   * @returns {Promise<MagicAuth>}
+   * @throws {BadRequestException} 400
+   * @throws {UnprocessableEntityException} 422
+   * @throws {RateLimitExceededException} 429
+   */
   createMagicAuth(options: CreateMagicAuthOptions): Promise<MagicAuth>;
+  /**
+   * Verify email
+   *
+   * Verifies an email address using the one-time code received by the user.
+   * @param options - Object containing code.
+   * @returns {Promise<{ user: User; }>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   verifyEmail({
     code,
     userId
   }: VerifyEmailOptions): Promise<{
     user: User;
   }>;
+  /**
+   * Get a password reset token
+   *
+   * Get the details of an existing password reset token that can be used to reset a user's password.
+   * @returns {Promise<PasswordReset>}
+   * @throws {NotFoundException} 404
+   */
   getPasswordReset(passwordResetId: string): Promise<PasswordReset>;
   createPasswordReset(options: CreatePasswordResetOptions): Promise<PasswordReset>;
+  /**
+   * Reset the password
+   *
+   * Sets a new password using the `token` query parameter from the link that
+   * the user received. Successfully resetting the password will verify a
+   * user's email, if it hasn't been verified yet.
+   * @param payload - Object containing the reset token and new password.
+   * @returns {Promise<{ user: User; }>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   * @throws {RateLimitExceededException} 429
+   */
   resetPassword(payload: ResetPasswordOptions): Promise<{
     user: User;
   }>;
+  /**
+   * Update a user
+   *
+   * Updates properties of a user. The omitted properties will be left unchanged.
+   * @param payload - The request body.
+   * @returns {Promise<User>}
+   * @throws {BadRequestException} 400
+   * @throws {UnprocessableEntityException} 422
+   */
   updateUser(payload: UpdateUserOptions): Promise<User>;
-  enrollAuthFactor(payload: EnrollAuthFactorOptions): Promise<{
-    authenticationFactor: FactorWithSecrets$1;
-    authenticationChallenge: Challenge;
-  }>;
-  listAuthFactors(options: ListAuthFactorsOptions): Promise<AutoPaginatable<Factor$1, PaginationOptions>>;
-  listUserFeatureFlags(options: ListUserFeatureFlagsOptions): Promise<AutoPaginatable<FeatureFlag>>;
+  /**
+   * List sessions
+   *
+   * Get a list of all active sessions for a specific user.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<Session, SerializedListSessionsOptions>>}
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   listSessions(userId: string, options?: ListSessionsOptions): Promise<AutoPaginatable<Session, SerializedListSessionsOptions>>;
+  /**
+   * Delete a user
+   *
+   * Permanently deletes a user in the current environment. It cannot be undone.
+   * @returns {Promise<void>}
+   * @throws {NotFoundException} 404
+   */
   deleteUser(userId: string): Promise<void>;
+  /**
+   * Get user identities
+   *
+   * Get a list of identities associated with the user. A user can have multiple associated identities after going through [identity linking](https://workos.com/docs/authkit/identity-linking). Currently only OAuth identities are supported. More provider types may be added in the future.
+   * @returns {Promise<Identity[]>}
+   * @throws {NotFoundException} 404
+   */
   getUserIdentities(userId: string): Promise<Identity[]>;
+  /**
+   * Get an organization membership
+   *
+   * Get the details of an existing organization membership.
+   * @returns {Promise<OrganizationMembership>}
+   * @throws {NotFoundException} 404
+   */
   getOrganizationMembership(organizationMembershipId: string): Promise<OrganizationMembership>;
+  /**
+   * List organization memberships
+   *
+   * Get a list of all organization memberships matching the criteria specified. At least one of `user_id` or `organization_id` must be provided. By default only active memberships are returned. Use the `statuses` parameter to filter by other statuses.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<OrganizationMembership, SerializedListOrganizationMembershipsOptions>>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   listOrganizationMemberships(options: ListOrganizationMembershipsOptions): Promise<AutoPaginatable<OrganizationMembership, SerializedListOrganizationMembershipsOptions>>;
+  /**
+   * Create an organization membership
+   *
+   * Creates a new `active` organization membership for the given organization and user.
+   *
+   * Calling this API with an organization and user that match an `inactive` organization membership will activate the membership with the specified role(s).
+   * @param options - Object containing userId, organizationId.
+   * @returns {Promise<OrganizationMembership>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   createOrganizationMembership(options: CreateOrganizationMembershipOptions): Promise<OrganizationMembership>;
+  /**
+   * Update an organization membership
+   *
+   * Update the details of an existing organization membership.
+   * @param options - The request body.
+   * @returns {Promise<OrganizationMembership>}
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   updateOrganizationMembership(organizationMembershipId: string, options: UpdateOrganizationMembershipOptions): Promise<OrganizationMembership>;
+  /**
+   * Delete an organization membership
+   *
+   * Permanently deletes an existing organization membership. It cannot be undone.
+   * @returns {Promise<void>}
+   * @throws {NotFoundException} 404
+   */
   deleteOrganizationMembership(organizationMembershipId: string): Promise<void>;
+  /**
+   * Deactivate an organization membership
+   *
+   * Deactivates an `active` organization membership. Emits an [organization_membership.updated](https://workos.com/docs/events/organization-membership) event upon successful deactivation.
+   *
+   * - Deactivating an `inactive` membership is a no-op and does not emit an event.
+   * - Deactivating a `pending` membership returns an error. This membership should be [deleted](https://workos.com/docs/reference/authkit/organization-membership/delete) instead.
+   *
+   * See the [membership management documentation](https://workos.com/docs/authkit/users-organizations/organizations/membership-management) for additional details.
+   * @returns {Promise<OrganizationMembership>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   deactivateOrganizationMembership(organizationMembershipId: string): Promise<OrganizationMembership>;
+  /**
+   * Reactivate an organization membership
+   *
+   * Reactivates an `inactive` organization membership, retaining the pre-existing role(s). Emits an [organization_membership.updated](https://workos.com/docs/events/organization-membership) event upon successful reactivation.
+   *
+   * - Reactivating an `active` membership is a no-op and does not emit an event.
+   * - Reactivating a `pending` membership returns an error. The user needs to [accept the invitation](https://workos.com/docs/authkit/invitations) instead.
+   *
+   * See the [membership management documentation](https://workos.com/docs/authkit/users-organizations/organizations/membership-management) for additional details.
+   * @returns {Promise<OrganizationMembership>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   reactivateOrganizationMembership(organizationMembershipId: string): Promise<OrganizationMembership>;
+  listGroupsForOrganizationMembership(options: ListGroupsForOrganizationMembershipOptions): Promise<AutoPaginatable<Group>>;
   getInvitation(invitationId: string): Promise<Invitation>;
+  /**
+   * Find an invitation by token
+   *
+   * Retrieve an existing invitation using the token.
+   * @returns {Promise<Invitation>}
+   * @throws {NotFoundException} 404
+   */
   findInvitationByToken(invitationToken: string): Promise<Invitation>;
+  /**
+   * List invitations
+   *
+   * Get a list of all of invitations matching the criteria specified.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<Invitation, SerializedListInvitationsOptions>>}
+   * @throws {UnprocessableEntityException} 422
+   */
   listInvitations(options: ListInvitationsOptions): Promise<AutoPaginatable<Invitation, SerializedListInvitationsOptions>>;
+  /**
+   * Send an invitation
+   *
+   * Sends an invitation email to the recipient.
+   * @param payload - Object containing email.
+   * @returns {Promise<Invitation>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   sendInvitation(payload: SendInvitationOptions): Promise<Invitation>;
+  /**
+   * Accept an invitation
+   *
+   * Accepts an invitation and, if linked to an organization, activates the user's membership in that organization.
+   * @returns {Promise<Invitation>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   */
   acceptInvitation(invitationId: string): Promise<Invitation>;
+  /**
+   * Revoke an invitation
+   *
+   * Revokes an existing invitation.
+   * @returns {Promise<Invitation>}
+   * @throws {BadRequestException} 400
+   */
   revokeInvitation(invitationId: string): Promise<Invitation>;
+  /**
+   * Resend an invitation
+   *
+   * Resends an invitation email to the recipient. The invitation must be in a pending state.
+   * @param options - The request body.
+   * @returns {Promise<Invitation>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   resendInvitation(invitationId: string, options?: ResendInvitationOptions): Promise<Invitation>;
+  /**
+   * Revoke Session
+   *
+   * Revoke a [user session](https://workos.com/docs/reference/authkit/session).
+   * @param payload - Object containing sessionId.
+   * @returns {Promise<void>}
+   * @throws {BadRequestException} 400
+   */
   revokeSession(payload: RevokeSessionOptions): Promise<void>;
   /**
    * Generate an OAuth 2.0 authorization URL.
@@ -4386,375 +5332,27 @@ declare class UserManagement {
    * ```
    */
   getAuthorizationUrlWithPKCE(options: Omit<UserManagementAuthorizationURLOptions, 'codeChallenge' | 'codeChallengeMethod' | 'state'>): Promise<PKCEAuthorizationURLResult>;
+  /**
+   * Logout
+   *
+   * Logout a user from the current [session](https://workos.com/docs/reference/authkit/session).
+   * @param options.sessionId - The ID of the session to revoke. This can be extracted from the `sid` claim of the access token.
+   *
+   * @example
+   * "session_01H93ZY4F80QPBEZ1R5B2SHQG8"
+   *
+   * @param options.returnTo - The URL to redirect the user to after session revocation.
+   *
+   * @example
+   * "https://example.com"
+   *
+   * @returns {string}
+   * @throws {UnprocessableEntityException} 422
+   */
   getLogoutUrl(options: LogoutURLOptions): string;
   getJwksUrl(clientId: string): string;
 }
 //#endregion
-//#region src/fga/interfaces/check-op.enum.d.ts
-declare enum CheckOp {
-  AllOf = "all_of",
-  AnyOf = "any_of"
-}
-//#endregion
-//#region src/fga/interfaces/resource-op.enum.d.ts
-declare enum ResourceOp {
-  Create = "create",
-  Delete = "delete"
-}
-//#endregion
-//#region src/fga/interfaces/resource.interface.d.ts
-interface ResourceInterface {
-  getResourceType(): string;
-  getResourceId(): string;
-}
-interface ResourceOptions {
-  resourceType: string;
-  resourceId?: string;
-}
-interface SerializedResourceOptions {
-  resource_type: string;
-  resource_id?: string;
-}
-interface CreateResourceOptions {
-  resource: ResourceInterface | ResourceOptions;
-  meta?: {
-    [key: string]: any;
-  };
-}
-interface SerializedCreateResourceOptions {
-  resource_type: string;
-  resource_id?: string;
-  meta?: {
-    [key: string]: any;
-  };
-}
-type GetResourceOptions = ResourceInterface | ResourceOptions;
-interface ListResourcesOptions extends PaginationOptions {
-  resourceType?: string;
-  search?: string;
-}
-interface SerializedListResourcesOptions extends PaginationOptions {
-  resource_type?: string;
-  search?: string;
-}
-interface UpdateResourceOptions {
-  resource: ResourceInterface | ResourceOptions;
-  meta: {
-    [key: string]: any;
-  };
-}
-type DeleteResourceOptions = ResourceInterface | ResourceOptions;
-interface SerializedDeleteResourceOptions {
-  resource_type: string;
-  resource_id: string;
-}
-interface Resource {
-  resourceType: string;
-  resourceId: string;
-  meta?: {
-    [key: string]: any;
-  };
-}
-interface ResourceResponse {
-  resource_type: string;
-  resource_id: string;
-  meta?: {
-    [key: string]: any;
-  };
-}
-interface BatchWriteResourcesOptions {
-  op: ResourceOp;
-  resources: CreateResourceOptions[] | DeleteResourceOptions[];
-}
-interface SerializedBatchWriteResourcesOptions {
-  op: string;
-  resources: SerializedCreateResourceOptions[] | SerializedDeleteResourceOptions[];
-}
-interface BatchWriteResourcesResponse {
-  data: ResourceResponse[];
-}
-//#endregion
-//#region src/fga/interfaces/warrant-op.enum.d.ts
-declare enum WarrantOp {
-  Create = "create",
-  Delete = "delete"
-}
-//#endregion
-//#region src/fga/interfaces/warrant.interface.d.ts
-interface ListWarrantsOptions {
-  resourceType?: string;
-  resourceId?: string;
-  relation?: string;
-  subjectType?: string;
-  subjectId?: string;
-  subjectRelation?: string;
-  limit?: number;
-  after?: string | null;
-}
-interface SerializedListWarrantsOptions {
-  resource_type?: string;
-  resource_id?: string;
-  relation?: string;
-  subject_type?: string;
-  subject_id?: string;
-  subject_relation?: string;
-  limit?: number;
-  after?: string | null;
-}
-interface PolicyContext {
-  [key: string]: any;
-}
-interface Subject {
-  resourceType: string;
-  resourceId: string;
-  relation?: string;
-}
-interface SerializedSubject {
-  resource_type: string;
-  resource_id: string;
-  relation?: string;
-}
-interface Warrant {
-  resourceType: string;
-  resourceId: string;
-  relation: string;
-  subject: Subject;
-  policy?: string;
-}
-interface WriteWarrantOptions {
-  op?: WarrantOp;
-  resource: ResourceInterface | ResourceOptions;
-  relation: string;
-  subject: ResourceInterface | Subject;
-  policy?: string;
-}
-interface SerializedWriteWarrantOptions {
-  op?: WarrantOp;
-  resource_type: string;
-  resource_id: string;
-  relation: string;
-  subject: SerializedSubject;
-  policy?: string;
-}
-type ListWarrantsRequestOptions = Pick<GetOptions, 'warrantToken'>;
-interface WarrantResponse {
-  resource_type: string;
-  resource_id: string;
-  relation: string;
-  subject: SerializedSubject;
-  policy?: string;
-}
-//#endregion
-//#region src/fga/interfaces/warning.interface.d.ts
-interface BaseWarning {
-  code: string;
-  message: string;
-}
-interface MissingContextKeysWarning extends BaseWarning {
-  code: 'missing_context_keys';
-  keys: string[];
-}
-type Warning = BaseWarning | MissingContextKeysWarning;
-//#endregion
-//#region src/fga/interfaces/check.interface.d.ts
-interface CheckWarrantOptions {
-  resource: ResourceInterface | ResourceOptions;
-  relation: string;
-  subject: ResourceInterface | Subject;
-  context?: PolicyContext;
-}
-interface SerializedCheckWarrantOptions {
-  resource_type: string;
-  resource_id: string;
-  relation: string;
-  subject: SerializedSubject;
-  context: PolicyContext;
-}
-interface CheckOptions {
-  op?: CheckOp;
-  checks: CheckWarrantOptions[];
-  debug?: boolean;
-}
-interface CheckBatchOptions {
-  checks: CheckWarrantOptions[];
-  debug?: boolean;
-}
-interface SerializedCheckOptions {
-  op?: CheckOp;
-  checks: SerializedCheckWarrantOptions[];
-  debug?: boolean;
-}
-interface SerializedCheckBatchOptions {
-  op: 'batch';
-  checks: SerializedCheckWarrantOptions[];
-  debug?: boolean;
-}
-interface CheckResultResponse {
-  result: string;
-  is_implicit: boolean;
-  warrant_token: string;
-  debug_info?: DebugInfoResponse;
-  warnings?: Warning[];
-}
-interface DebugInfo {
-  processingTime: number;
-  decisionTree: DecisionTreeNode;
-}
-interface DecisionTreeNode {
-  check: CheckWarrantOptions;
-  policy?: string;
-  decision: string;
-  processingTime: number;
-  children: DecisionTreeNode[];
-}
-interface DebugInfoResponse {
-  processing_time: number;
-  decision_tree: DecisionTreeNodeResponse;
-}
-interface DecisionTreeNodeResponse {
-  check: SerializedCheckWarrantOptions;
-  policy?: string;
-  decision: string;
-  processing_time: number;
-  children: DecisionTreeNodeResponse[];
-}
-interface CheckResultInterface {
-  result: string;
-  isImplicit: boolean;
-  warrantToken: string;
-  debugInfo?: DebugInfo;
-  warnings?: Warning[];
-}
-declare class CheckResult implements CheckResultInterface {
-  result: string;
-  isImplicit: boolean;
-  warrantToken: string;
-  debugInfo?: DebugInfo;
-  warnings?: Warning[];
-  constructor(json: CheckResultResponse);
-  isAuthorized(): boolean;
-}
-type CheckRequestOptions = Pick<PostOptions, 'warrantToken'>;
-//#endregion
-//#region src/fga/interfaces/query.interface.d.ts
-interface QueryOptions extends PaginationOptions {
-  q: string;
-  context?: PolicyContext;
-}
-interface SerializedQueryOptions extends PaginationOptions {
-  q: string;
-  context?: string;
-}
-interface QueryResult {
-  resourceType: string;
-  resourceId: string;
-  relation: string;
-  warrant: Warrant;
-  isImplicit: boolean;
-  meta?: {
-    [key: string]: any;
-  };
-}
-interface QueryResultResponse {
-  resource_type: string;
-  resource_id: string;
-  relation: string;
-  warrant: WarrantResponse;
-  is_implicit: boolean;
-  meta?: Record<string, any>;
-}
-type QueryRequestOptions = Pick<GetOptions, 'warrantToken'>;
-//#endregion
-//#region src/fga/interfaces/warrant-token.interface.d.ts
-interface WarrantToken {
-  warrantToken: string;
-}
-interface WarrantTokenResponse {
-  warrant_token: string;
-}
-//#endregion
-//#region src/fga/interfaces/list.interface.d.ts
-interface FGAList<T> extends List<T> {
-  warnings?: Warning[];
-}
-//#endregion
-//#region src/fga/utils/fga-paginatable.d.ts
-declare class FgaPaginatable<T, P extends PaginationOptions = PaginationOptions> extends AutoPaginatable<T, P> {
-  protected list: FGAList<T>;
-  constructor(list: FGAList<T>, apiCall: (params: PaginationOptions) => Promise<FGAList<T>>, options?: P);
-  get warnings(): Warning[] | undefined;
-}
-//#endregion
-//#region src/fga/fga.d.ts
-/**
- * @deprecated The FGA module is deprecated. Use the Authorization module instead.
- * @see src/authorization/authorization.ts
- */
-declare class FGA {
-  private readonly workos;
-  constructor(workos: WorkOS);
-  /**
-   * @deprecated The FGA module is deprecated. Use the Authorization module instead.
-   * @see src/authorization/authorization.ts
-   */
-  check(checkOptions: CheckOptions, options?: CheckRequestOptions): Promise<CheckResult>;
-  /**
-   * @deprecated The FGA module is deprecated. Use the Authorization module instead.
-   * @see src/authorization/authorization.ts
-   */
-  checkBatch(checkOptions: CheckBatchOptions, options?: CheckRequestOptions): Promise<CheckResult[]>;
-  /**
-   * @deprecated The FGA module is deprecated. Use the Authorization module instead.
-   * @see src/authorization/authorization.ts
-   */
-  createResource(resource: CreateResourceOptions): Promise<Resource>;
-  /**
-   * @deprecated The FGA module is deprecated. Use the Authorization module instead.
-   * @see src/authorization/authorization.ts
-   */
-  getResource(resource: ResourceInterface | ResourceOptions): Promise<Resource>;
-  /**
-   * @deprecated The FGA module is deprecated. Use the Authorization module instead.
-   * @see src/authorization/authorization.ts
-   */
-  listResources(options?: ListResourcesOptions): Promise<AutoPaginatable<Resource, SerializedListResourcesOptions>>;
-  /**
-   * @deprecated The FGA module is deprecated. Use the Authorization module instead.
-   * @see src/authorization/authorization.ts
-   */
-  updateResource(options: UpdateResourceOptions): Promise<Resource>;
-  /**
-   * @deprecated The FGA module is deprecated. Use the Authorization module instead.
-   * @see src/authorization/authorization.ts
-   */
-  deleteResource(resource: DeleteResourceOptions): Promise<void>;
-  /**
-   * @deprecated The FGA module is deprecated. Use the Authorization module instead.
-   * @see src/authorization/authorization.ts
-   */
-  batchWriteResources(options: BatchWriteResourcesOptions): Promise<Resource[]>;
-  /**
-   * @deprecated The FGA module is deprecated. Use the Authorization module instead.
-   * @see src/authorization/authorization.ts
-   */
-  writeWarrant(options: WriteWarrantOptions): Promise<WarrantToken>;
-  /**
-   * @deprecated The FGA module is deprecated. Use the Authorization module instead.
-   * @see src/authorization/authorization.ts
-   */
-  batchWriteWarrants(options: WriteWarrantOptions[]): Promise<WarrantToken>;
-  /**
-   * @deprecated The FGA module is deprecated. Use the Authorization module instead.
-   * @see src/authorization/authorization.ts
-   */
-  listWarrants(options?: ListWarrantsOptions, requestOptions?: ListWarrantsRequestOptions): Promise<AutoPaginatable<Warrant, SerializedListWarrantsOptions>>;
-  /**
-   * @deprecated The FGA module is deprecated. Use the Authorization module instead.
-   * @see src/authorization/authorization.ts
-   */
-  query(options: QueryOptions, requestOptions?: QueryRequestOptions): Promise<FgaPaginatable<QueryResult, SerializedQueryOptions>>;
-}
-//#endregion
 //#region src/feature-flags/runtime-client.d.ts
 declare class FeatureFlagsRuntimeClient extends EventEmitter {
   private readonly workos;
@@ -4794,15 +5392,112 @@ declare class FeatureFlagsRuntimeClient extends EventEmitter {
 declare class FeatureFlags {
   private readonly workos;
   constructor(workos: WorkOS);
+  /**
+   * List feature flags
+   *
+   * Get a list of all of your existing feature flags matching the criteria specified.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<FeatureFlag>>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   listFeatureFlags(options?: ListFeatureFlagsOptions): Promise<AutoPaginatable<FeatureFlag>>;
+  /**
+   * Get a feature flag
+   *
+   * Get the details of an existing feature flag by its slug.
+   * @param slug - A unique key to reference the Feature Flag.
+   *
+   * @example
+   * "advanced-analytics"
+   *
+   * @returns {Promise<FeatureFlag>}
+   * @throws {NotFoundException} 404
+   */
   getFeatureFlag(slug: string): Promise<FeatureFlag>;
+  /**
+   * Enable a feature flag
+   *
+   * Enables a feature flag in the current environment.
+   * @param slug - A unique key to reference the Feature Flag.
+   *
+   * @example
+   * "advanced-analytics"
+   *
+   * @returns {Promise<FeatureFlag>}
+   * @throws {NotFoundException} 404
+   */
   enableFeatureFlag(slug: string): Promise<FeatureFlag>;
+  /**
+   * Disable a feature flag
+   *
+   * Disables a feature flag in the current environment.
+   * @param slug - A unique key to reference the Feature Flag.
+   *
+   * @example
+   * "advanced-analytics"
+   *
+   * @returns {Promise<FeatureFlag>}
+   * @throws {NotFoundException} 404
+   */
   disableFeatureFlag(slug: string): Promise<FeatureFlag>;
+  /**
+   * Add a feature flag target
+   *
+   * Enables a feature flag for a specific target in the current environment. Currently, supported targets include users and organizations.
+   * @params options - Object containing slug and targetId.
+   * @returns {Promise<void>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
   addFlagTarget(options: AddFlagTargetOptions): Promise<void>;
+  /**
+   * Remove a feature flag target
+   *
+   * Removes a target from the feature flag's target list in the current environment. Currently, supported targets include users and organizations.
+   * @params options - Object containing slug and targetId.
+   * @returns {Promise<void>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
   removeFlagTarget(options: RemoveFlagTargetOptions): Promise<void>;
+  /**
+   * List enabled feature flags for an organization
+   *
+   * Get a list of all enabled feature flags for an organization.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<FeatureFlag>>}
+   * @throws {NotFoundException} 404
+   */
+  listOrganizationFeatureFlags(options: ListOrganizationFeatureFlagsOptions): Promise<AutoPaginatable<FeatureFlag>>;
+  /**
+   * List enabled feature flags for a user
+   *
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<Flag>>}
+   * @throws {NotFoundException} 404
+   */
+  listUserFeatureFlags(options: ListUserFeatureFlagsOptions): Promise<AutoPaginatable<FeatureFlag>>;
   createRuntimeClient(options?: RuntimeClientOptions): FeatureFlagsRuntimeClient;
 }
 //#endregion
+//#region src/groups/groups.d.ts
+declare class Groups {
+  private readonly workos;
+  constructor(workos: WorkOS);
+  createGroup(options: CreateGroupOptions): Promise<Group>;
+  listGroups(options: ListGroupsOptions): Promise<AutoPaginatable<Group>>;
+  getGroup(options: GetGroupOptions): Promise<Group>;
+  updateGroup(options: UpdateGroupOptions): Promise<Group>;
+  deleteGroup(options: DeleteGroupOptions): Promise<void>;
+  addOrganizationMembership(options: AddGroupOrganizationMembershipOptions): Promise<Group>;
+  listOrganizationMemberships(options: ListGroupOrganizationMembershipsOptions): Promise<AutoPaginatable<AuthorizationOrganizationMembership>>;
+  removeOrganizationMembership(options: RemoveGroupOrganizationMembershipOptions): Promise<void>;
+}
+//#endregion
 //#region src/widgets/interfaces/get-token.d.ts
 type WidgetScope = 'widgets:users-table:manage' | 'widgets:sso:manage' | 'widgets:domain-verification:manage' | 'widgets:dsync:manage' | 'widgets:api-keys:manage' | 'widgets:audit-log-streaming:manage';
 interface GetTokenOptions {
@@ -4810,53 +5505,643 @@ interface GetTokenOptions {
   userId?: string;
   scopes?: WidgetScope[];
 }
+interface GetTokenResponse {
+  token: string;
+}
 //#endregion
 //#region src/widgets/widgets.d.ts
 declare class Widgets {
   private readonly workos;
   constructor(workos: WorkOS);
-  getToken(payload: GetTokenOptions): Promise<string>;
+  /**
+   * Generate a widget token
+   *
+   * Generate a widget token scoped to an organization and user with the specified scopes.
+   * @param payload - Object containing organizationId.
+   * @returns {Promise<GetTokenResponse>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  createToken(payload: GetTokenOptions): Promise<GetTokenResponse>;
 }
 //#endregion
 //#region src/authorization/authorization.d.ts
 declare class Authorization {
   private readonly workos;
   constructor(workos: WorkOS);
+  /**
+   * Create an environment role
+   *
+   * Create a new environment role.
+   * @param options - Object containing slug, name.
+   * @returns {Promise<EnvironmentRole>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {ConflictException} 409
+   * @throws {UnprocessableEntityException} 422
+   */
   createEnvironmentRole(options: CreateEnvironmentRoleOptions): Promise<EnvironmentRole>;
+  /**
+   * List environment roles
+   *
+   * List all environment roles in priority order.
+   * @returns {Promise<EnvironmentRoleList>}
+   * @throws 403 response from the API.
+   */
   listEnvironmentRoles(): Promise<EnvironmentRoleList>;
+  /**
+   * Get an environment role
+   *
+   * Get an environment role by its slug.
+   * @param slug - The slug of the environment role.
+   *
+   * @example
+   * "admin"
+   *
+   * @returns {Promise<EnvironmentRole>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
   getEnvironmentRole(slug: string): Promise<EnvironmentRole>;
+  /**
+   * Update an environment role
+   *
+   * Update an existing environment role.
+   * @param slug - The slug of the environment role.
+   *
+   * @example
+   * "admin"
+   *
+   * @param options - The request body.
+   * @returns {Promise<EnvironmentRole>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   updateEnvironmentRole(slug: string, options: UpdateEnvironmentRoleOptions): Promise<EnvironmentRole>;
+  /**
+   * Set permissions for an environment role
+   *
+   * Replace all permissions on an environment role with the provided list.
+   * @param slug - The slug of the environment role.
+   *
+   * @example
+   * "admin"
+   *
+   * @param options - Object containing permissions.
+   * @returns {Promise<EnvironmentRole>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   setEnvironmentRolePermissions(slug: string, options: SetEnvironmentRolePermissionsOptions): Promise<EnvironmentRole>;
+  /**
+   * Add a permission to an environment role
+   *
+   * Add a single permission to an environment role. If the permission is already assigned to the role, this operation has no effect.
+   * @param slug - The slug of the environment role.
+   *
+   * @example
+   * "admin"
+   *
+   * @param options - Object containing slug.
+   * @returns {Promise<EnvironmentRole>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   addEnvironmentRolePermission(slug: string, options: AddEnvironmentRolePermissionOptions): Promise<EnvironmentRole>;
+  /**
+   * Create a custom role
+   *
+   * Create a new custom role for this organization.
+   * @param organizationId - The ID of the organization.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @param options - Object containing name.
+   * @returns {Promise<OrganizationRole>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {ConflictException} 409
+   * @throws {UnprocessableEntityException} 422
+   */
   createOrganizationRole(organizationId: string, options: CreateOrganizationRoleOptions): Promise<OrganizationRole>;
+  /**
+   * List custom roles
+   *
+   * Get a list of all roles that apply to an organization. This includes both environment roles and custom roles, returned in priority order.
+   * @param organizationId - The ID of the organization.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @returns {Promise<RoleList>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
   listOrganizationRoles(organizationId: string): Promise<RoleList>;
+  /**
+   * Get a custom role
+   *
+   * Retrieve a role that applies to an organization by its slug. This can return either an environment role or a custom role.
+   * @param organizationId - The ID of the organization.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @param slug - The slug of the role.
+   *
+   * @example
+   * "org-billing-admin"
+   *
+   * @returns {Promise<Role>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
   getOrganizationRole(organizationId: string, slug: string): Promise<Role>;
+  /**
+   * Update a custom role
+   *
+   * Update an existing custom role. Only the fields provided in the request body will be updated.
+   * @param organizationId - The ID of the organization.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @param slug - The slug of the role.
+   *
+   * @example
+   * "org-billing-admin"
+   *
+   * @param options - The request body.
+   * @returns {Promise<OrganizationRole>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   updateOrganizationRole(organizationId: string, slug: string, options: UpdateOrganizationRoleOptions): Promise<OrganizationRole>;
+  /**
+   * Delete a custom role
+   *
+   * Delete an existing custom role.
+   * @param organizationId - The ID of the organization.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @param slug - The slug of the role.
+   *
+   * @example
+   * "org-admin"
+   *
+   * @returns {Promise<void>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {ConflictException} 409
+   */
   deleteOrganizationRole(organizationId: string, slug: string): Promise<void>;
-  setOrganizationRolePermissions(organizationId: string, slug: string, options: SetOrganizationRolePermissionsOptions): Promise<OrganizationRole>;
-  addOrganizationRolePermission(organizationId: string, slug: string, options: AddOrganizationRolePermissionOptions): Promise<OrganizationRole>;
-  removeOrganizationRolePermission(organizationId: string, slug: string, options: RemoveOrganizationRolePermissionOptions): Promise<void>;
+  /**
+   * Set permissions for a custom role
+   *
+   * Replace all permissions on a custom role with the provided list.
+   * @param organizationId - The ID of the organization.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @param slug - The slug of the role.
+   *
+   * @example
+   * "org-admin"
+   *
+   * @param options - Object containing permissions.
+   * @returns {Promise<Role>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  updateRolePermissions(organizationId: string, slug: string, options: SetOrganizationRolePermissionsOptions): Promise<OrganizationRole>;
+  /**
+   * Add a permission to a custom role
+   *
+   * Add a single permission to a custom role. If the permission is already assigned to the role, this operation has no effect.
+   * @param organizationId - The ID of the organization.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @param slug - The slug of the role.
+   *
+   * @example
+   * "org-admin"
+   *
+   * @param options - Object containing slug.
+   * @returns {Promise<Role>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  createRolePermission(organizationId: string, slug: string, options: AddOrganizationRolePermissionOptions): Promise<OrganizationRole>;
+  /**
+   * Remove a permission from a custom role
+   *
+   * Remove a single permission from a custom role by its slug.
+   * @param organizationId - The ID of the organization.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @param slug - The slug of the role.
+   *
+   * @example
+   * "org-admin"
+   *
+   * @param permissionSlug - The slug of the permission to remove.
+   *
+   * @example
+   * "documents:read"
+   *
+   * @returns {Promise<void>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
+  deleteRolePermission(organizationId: string, slug: string, options: RemoveOrganizationRolePermissionOptions): Promise<void>;
+  /**
+   * Create a permission
+   *
+   * Create a new permission in your WorkOS environment. The permission can then be assigned to environment roles and custom roles.
+   * @param options - Object containing slug, name.
+   * @returns {Promise<Permission>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   * @throws {ConflictException} 409
+   * @throws {UnprocessableEntityException} 422
+   */
   createPermission(options: CreatePermissionOptions): Promise<Permission>;
-  listPermissions(options?: ListPermissionsOptions): Promise<PermissionList>;
+  /**
+   * List permissions
+   *
+   * Get a list of all permissions in your WorkOS environment.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<Permission, PaginationOptions>>}
+   * @throws {NotFoundException} 404
+   */
+  listPermissions(options?: ListPermissionsOptions): Promise<AutoPaginatable<Permission>>;
+  /**
+   * Get a permission
+   *
+   * Retrieve a permission by its unique slug.
+   * @param slug - A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
+   *
+   * @example
+   * "documents:read"
+   *
+   * @returns {Promise<Permission>}
+   * @throws {NotFoundException} 404
+   */
   getPermission(slug: string): Promise<Permission>;
+  /**
+   * Update a permission
+   *
+   * Update an existing permission. Only the fields provided in the request body will be updated.
+   * @param slug - A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
+   *
+   * @example
+   * "documents:read"
+   *
+   * @param options - The request body.
+   * @returns {Promise<Permission>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   updatePermission(slug: string, options: UpdatePermissionOptions): Promise<Permission>;
+  /**
+   * Delete a permission
+   *
+   * Delete an existing permission. System permissions cannot be deleted.
+   * @param slug - A unique key to reference the permission. Must be lowercase and contain only letters, numbers, hyphens, underscores, colons, periods, and asterisks.
+   *
+   * @example
+   * "documents:read"
+   *
+   * @returns {Promise<void>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
   deletePermission(slug: string): Promise<void>;
+  /**
+   * Get a resource
+   *
+   * Retrieve the details of an authorization resource by its ID.
+   * @param resourceId - The ID of the authorization resource.
+   *
+   * @example
+   * "authz_resource_01HXYZ123456789ABCDEFGHIJ"
+   *
+   * @returns {Promise<AuthorizationResource>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   getResource(resourceId: string): Promise<AuthorizationResource>;
+  /**
+   * Create an authorization resource
+   *
+   * Create a new authorization resource.
+   * @param options - Object containing externalId, name, resourceTypeSlug, organizationId.
+   * @returns {Promise<AuthorizationResource>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {ConflictException} 409
+   * @throws {UnprocessableEntityException} 422
+   */
   createResource(options: CreateAuthorizationResourceOptions): Promise<AuthorizationResource>;
+  /**
+   * Update a resource
+   *
+   * Update an existing authorization resource.
+   * @param options - The request body.
+   * @returns {Promise<AuthorizationResource>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {ConflictException} 409
+   * @throws {UnprocessableEntityException} 422
+   */
   updateResource(options: UpdateAuthorizationResourceOptions): Promise<AuthorizationResource>;
+  /**
+   * Delete an authorization resource
+   *
+   * Delete an authorization resource and all its descendants.
+   * @param options.cascadeDelete - If true, deletes all descendant resources and role assignments. If not set and the resource has children or assignments, the request will fail.
+   * @default false
+   * @param options - Additional query options.
+   * @returns {Promise<void>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {ConflictException} 409
+   */
   deleteResource(options: DeleteAuthorizationResourceOptions): Promise<void>;
-  listResources(options?: ListAuthorizationResourcesOptions): Promise<AuthorizationResourceList>;
-  getResourceByExternalId(options: GetAuthorizationResourceByExternalIdOptions): Promise<AuthorizationResource>;
-  updateResourceByExternalId(options: UpdateAuthorizationResourceByExternalIdOptions): Promise<AuthorizationResource>;
-  deleteResourceByExternalId(options: DeleteAuthorizationResourceByExternalIdOptions): Promise<void>;
+  /**
+   * List resources
+   *
+   * Get a paginated list of authorization resources.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<AuthorizationResource, PaginationOptions>>}
+   * @throws 403 response from the API.
+   * @throws {UnprocessableEntityException} 422
+   */
+  listResources(options?: ListAuthorizationResourcesOptions): Promise<AutoPaginatable<AuthorizationResource>>;
+  /**
+   * Get a resource by external ID
+   *
+   * Retrieve the details of an authorization resource by its external ID, organization, and resource type. This is useful when you only have the external ID from your system and need to fetch the full resource details.
+   * @param organizationId - The ID of the organization that owns the resource.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @param resourceTypeSlug - The slug of the resource type.
+   *
+   * @example
+   * "project"
+   *
+   * @param externalId - An identifier you provide to reference the resource in your system.
+   *
+   * @example
+   * "proj-456"
+   *
+   * @returns {Promise<AuthorizationResource>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
+  getOrganizationResource(options: GetAuthorizationResourceByExternalIdOptions): Promise<AuthorizationResource>;
+  /**
+   * Update a resource by external ID
+   *
+   * Update an existing authorization resource using its external ID.
+   * @param organizationId - The ID of the organization that owns the resource.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @param resourceTypeSlug - The slug of the resource type.
+   *
+   * @example
+   * "project"
+   *
+   * @param externalId - An identifier you provide to reference the resource in your system.
+   *
+   * @example
+   * "proj-456"
+   *
+   * @param options - The request body.
+   * @returns {Promise<AuthorizationResource>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {ConflictException} 409
+   * @throws {UnprocessableEntityException} 422
+   */
+  updateOrganizationResource(options: UpdateAuthorizationResourceByExternalIdOptions): Promise<AuthorizationResource>;
+  /**
+   * Delete an authorization resource by external ID
+   *
+   * Delete an authorization resource by organization, resource type, and external ID. This also deletes all descendant resources.
+   * @param organizationId - The ID of the organization that owns the resource.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @param resourceTypeSlug - The slug of the resource type.
+   *
+   * @example
+   * "project"
+   *
+   * @param externalId - An identifier you provide to reference the resource in your system.
+   *
+   * @example
+   * "proj-456"
+   *
+   * @param options - Additional query options.
+   * @returns {Promise<void>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {ConflictException} 409
+   */
+  deleteOrganizationResource(options: DeleteAuthorizationResourceByExternalIdOptions): Promise<void>;
+  /**
+   * Check authorization
+   *
+   * Check if an organization membership has a specific permission on a resource. Supports identification by resource_id OR by resource_external_id + resource_type_slug.
+   * @param options - Object containing permissionSlug.
+   * @returns {Promise<AuthorizationCheckResult>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   check(options: AuthorizationCheckOptions): Promise<AuthorizationCheckResult>;
-  listRoleAssignments(options: ListRoleAssignmentsOptions): Promise<RoleAssignmentList>;
+  /**
+   * List role assignments
+   *
+   * List all role assignments for an organization membership. This returns all roles that have been assigned to the user on resources, including organization-level and sub-resource roles.
+   * @param organizationMembershipId - The ID of the organization membership.
+   *
+   * @example
+   * "om_01HXYZ123456789ABCDEFGHIJ"
+   *
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<RoleAssignment>>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
+  listOrganizationMembershipRoleAssignments(options: ListRoleAssignmentsOptions): Promise<AutoPaginatable<RoleAssignment>>;
+  /**
+   * Assign a role
+   *
+   * Assign a role to an organization membership on a specific resource.
+   * @param options - Object containing roleSlug.
+   * @returns {Promise<RoleAssignment>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   assignRole(options: AssignRoleOptions): Promise<RoleAssignment>;
+  /**
+   * Remove a role assignment
+   *
+   * Remove a role assignment by role slug and resource.
+   * @param options - Object containing roleSlug.
+   * @returns {Promise<void>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   removeRole(options: RemoveRoleOptions): Promise<void>;
-  removeRoleAssignment(options: RemoveRoleAssignmentOptions): Promise<void>;
-  listResourcesForMembership(options: ListResourcesForMembershipOptions): Promise<AuthorizationResourceList>;
-  listMembershipsForResource(options: ListMembershipsForResourceOptions): Promise<AuthorizationOrganizationMembershipList>;
-  listMembershipsForResourceByExternalId(options: ListMembershipsForResourceByExternalIdOptions): Promise<AuthorizationOrganizationMembershipList>;
+  /**
+   * Remove a role assignment by ID
+   *
+   * Remove a role assignment using its ID.
+   * @param organizationMembershipId - The ID of the organization membership.
+   *
+   * @example
+   * "om_01HXYZ123456789ABCDEFGHIJ"
+   *
+   * @param roleAssignmentId - The ID of the role assignment to remove.
+   *
+   * @example
+   * "role_assignment_01HXYZ123456789ABCDEFGH"
+   *
+   * @returns {Promise<void>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
+  deleteOrganizationMembershipRoleAssignment(options: RemoveRoleAssignmentOptions): Promise<void>;
+  /**
+   * List resources for organization membership
+   *
+   * Returns all child resources of a parent resource where the organization membership has a specific permission. This is useful for resource discovery—answering "What projects can this user access in this workspace?"
+   *
+   * You must provide either `parent_resource_id` or both `parent_resource_external_id` and `parent_resource_type_slug` to identify the parent resource.
+   * @param organizationMembershipId - The ID of the organization membership.
+   *
+   * @example
+   * "om_01HXYZ123456789ABCDEFGHIJ"
+   *
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<AuthorizationResource>>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  listOrganizationMembershipResources(options: ListResourcesForMembershipOptions): Promise<AutoPaginatable<AuthorizationResource>>;
+  /**
+   * List organization memberships for resource
+   *
+   * Returns all organization memberships that have a specific permission on a resource instance. This is useful for answering "Who can access this resource?".
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<BaseOrganizationMembership, PaginationOptions>>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  listMembershipsForResource(options: ListMembershipsForResourceOptions): Promise<AutoPaginatable<AuthorizationOrganizationMembership>>;
+  /**
+   * List memberships for a resource by external ID
+   *
+   * Returns all organization memberships that have a specific permission on a resource, using the resource's external ID. This is useful for answering "Who can access this resource?" when you only have the external ID.
+   * @param organizationId - The ID of the organization that owns the resource.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @param resourceTypeSlug - The slug of the resource type this resource belongs to.
+   *
+   * @example
+   * "project"
+   *
+   * @param externalId - An identifier you provide to reference the resource in your system.
+   *
+   * @example
+   * "proj-456"
+   *
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<UserOrganizationMembershipBaseListData>>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  listResourceOrganizationMemberships(options: ListMembershipsForResourceByExternalIdOptions): Promise<AutoPaginatable<AuthorizationOrganizationMembership>>;
+  /**
+   * List effective permissions for an organization membership on a resource
+   *
+   * Returns all permissions the organization membership effectively has on a resource, including permissions inherited through roles assigned to ancestor resources.
+   * @param organizationMembershipId - The ID of the organization membership.
+   *
+   * @example
+   * "om_01HXYZ123456789ABCDEFGHIJ"
+   *
+   * @param resourceId - The ID of the authorization resource.
+   *
+   * @example
+   * "authz_resource_01HXYZ123456789ABCDEFGHIJ"
+   *
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<AuthorizationPermission>>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  listResourcePermissions(options: ListEffectivePermissionsOptions): Promise<AutoPaginatable<Permission>>;
+  /**
+   * List effective permissions for an organization membership on a resource by external ID
+   *
+   * Returns all permissions the organization membership effectively has on a resource identified by its external ID, including permissions inherited through roles assigned to ancestor resources.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<Permission, PaginationOptions>>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  listEffectivePermissionsByExternalId(options: ListEffectivePermissionsByExternalIdOptions): Promise<AutoPaginatable<Permission>>;
 }
 //#endregion
 //#region src/common/exceptions/api-key-required.exception.d.ts
@@ -4875,13 +6160,38 @@ interface RequestException {
 }
 //#endregion
 //#region src/common/exceptions/generic-server.exception.d.ts
+interface WorkOSErrorData {
+  code?: string;
+  message?: string;
+  [key: string]: unknown;
+}
 declare class GenericServerException extends Error implements RequestException {
   readonly status: number;
-  readonly rawData: unknown;
+  readonly rawData: WorkOSErrorData;
   readonly requestID: string;
   readonly name: string;
   readonly message: string;
-  constructor(status: number, message: string | undefined, rawData: unknown, requestID: string);
+  readonly code: string | undefined;
+  constructor(status: number, message: string | undefined, rawData: WorkOSErrorData, requestID: string);
+}
+//#endregion
+//#region src/common/exceptions/authentication.exception.d.ts
+type AuthenticationErrorCode = 'email_verification_required' | 'organization_selection_required' | 'mfa_enrollment' | 'mfa_challenge' | 'mfa_verification' | 'sso_required';
+interface AuthenticationErrorData extends WorkOSErrorData {
+  code: AuthenticationErrorCode;
+  pending_authentication_token?: string;
+  user?: Record<string, unknown>;
+  organizations?: Array<{
+    id: string;
+    name: string;
+  }>;
+}
+declare function isAuthenticationErrorData(data: WorkOSErrorData): data is AuthenticationErrorData;
+declare class AuthenticationException extends GenericServerException {
+  readonly rawData: AuthenticationErrorData;
+  readonly name = "AuthenticationException";
+  readonly pendingAuthenticationToken: string | undefined;
+  constructor(status: number, rawData: AuthenticationErrorData, requestID: string);
 }
 //#endregion
 //#region src/common/exceptions/bad-request.exception.d.ts
@@ -4905,6 +6215,25 @@ declare class BadRequestException extends Error implements RequestException {
   });
 }
 //#endregion
+//#region src/common/exceptions/conflict.exception.d.ts
+declare class ConflictException extends Error implements RequestException {
+  readonly status = 409;
+  readonly name = "ConflictException";
+  readonly requestID: string;
+  readonly code?: string;
+  constructor({
+    error,
+    message,
+    requestID,
+    code
+  }: {
+    error?: string;
+    message?: string;
+    requestID: string;
+    code?: string;
+  });
+}
+//#endregion
 //#region src/common/exceptions/no-api-key-provided.exception.d.ts
 declare class NoApiKeyProvidedException extends Error {
   readonly status = 500;
@@ -4993,6 +6322,70 @@ declare class UnprocessableEntityException extends Error implements RequestExcep
   });
 }
 //#endregion
+//#region src/admin-portal/interfaces/sso-intent-options.interface.d.ts
+interface SSOIntentOptions {
+  /** The bookmark slug to use for SSO. */
+  bookmarkSlug?: string;
+  /** The SSO provider type to configure. */
+  providerType?: 'GoogleSAML';
+}
+interface SSOIntentOptionsResponse {
+  bookmark_slug?: string;
+  provider_type?: 'GoogleSAML';
+}
+//#endregion
+//#region src/admin-portal/interfaces/intent-options.interface.d.ts
+interface IntentOptions {
+  /** SSO-specific options for the Admin Portal. */
+  sso: SSOIntentOptions;
+}
+interface IntentOptionsResponse {
+  sso: SSOIntentOptionsResponse;
+}
+//#endregion
+//#region src/admin-portal/interfaces/generate-link.interface.d.ts
+interface GenerateLink {
+  /** The URL to go to when an admin clicks on your logo in the Admin Portal. If not specified, the return URL configured on the [Redirects](https://dashboard.workos.com/redirects) page will be used. */
+  returnUrl?: string;
+  /** The URL to redirect the admin to when they finish setup. If not specified, the success URL configured on the [Redirects](https://dashboard.workos.com/redirects) page will be used. */
+  successUrl?: string;
+  /** An [Organization](https://workos.com/docs/reference/organization) identifier. */
+  organization: string;
+  /**
+   *
+   *       The intent of the Admin Portal.
+   *         - `sso` - Launch Admin Portal for creating SSO connections
+   *         - `dsync` - Launch Admin Portal for creating Directory Sync connections
+   *         - `audit_logs` - Launch Admin Portal for viewing Audit Logs
+   *         - `log_streams` - Launch Admin Portal for creating Log Streams
+   *         - `domain_verification` - Launch Admin Portal for Domain Verification
+   *         - `certificate_renewal` - Launch Admin Portal for renewing SAML Certificates
+   *         - `bring_your_own_key` - Launch Admin Portal for configuring Bring Your Own Key
+   */
+  intent?: GenerateLinkIntent;
+  /** Options to configure the Admin Portal based on the intent. */
+  intentOptions?: IntentOptions;
+  /** The email addresses of the IT admins to grant access to the Admin Portal for the given organization. Accepts up to 20 emails. */
+  adminEmails?: string[];
+}
+interface GenerateLinkResponse {
+  return_url?: string;
+  success_url?: string;
+  organization: string;
+  intent?: GenerateLinkIntent;
+  intent_options?: IntentOptionsResponse;
+  admin_emails?: string[];
+}
+//#endregion
+//#region src/admin-portal/interfaces/portal-link-response.interface.d.ts
+interface PortalLinkResponse {
+  /** An ephemeral link to initiate the Admin Portal. */
+  link: string;
+}
+interface PortalLinkResponseWire {
+  link: string;
+}
+//#endregion
 //#region src/factory.d.ts
 /**
  * Method names available without API key - single source of truth.
@@ -5200,6 +6593,7 @@ declare class Vault {
 }
 //#endregion
 //#region src/workos.d.ts
+/** WorkOS REST API */
 declare class WorkOS {
   readonly baseURL: string;
   readonly client: HttpClient;
@@ -5215,13 +6609,13 @@ declare class WorkOS {
   readonly directorySync: DirectorySync;
   readonly events: Events;
   readonly featureFlags: FeatureFlags;
-  readonly fga: FGA;
-  readonly mfa: Mfa;
+  readonly groups: Groups;
+  readonly multiFactorAuth: MultiFactorAuth;
   readonly organizations: Organizations;
   readonly organizationDomains: OrganizationDomains;
   readonly passwordless: Passwordless;
   readonly pipes: Pipes;
-  readonly portal: Portal;
+  readonly adminPortal: AdminPortal;
   readonly sso: SSO;
   readonly userManagement: UserManagement;
   readonly vault: Vault;
@@ -5277,5 +6671,5 @@ declare class WorkOS {
   private handleHttpError;
 }
 //#endregion
-export { DecisionTreeNode as $, VaultNamesListedEventResponseData as $a, ProfileAndToken as $c, RoleUpdatedEventResponse as $i, SerializedListResourcesForMembershipOptions as $l, AuthenticationOAuthSucceededEventResponse as $n, SerializedResetPasswordOptions as $o, FlagUpdatedEventResponse as $r, CreateOrganizationMembershipOptions as $s, CreatePasswordlessSessionOptions as $t, DirectoryGroup as $u, OauthException as A, VaultActor as Aa, SerializedAuthenticateWithRefreshTokenOptions as Ac, OrganizationRoleCreatedEvent as Ai, BaseRemoveRoleOptions as Al, WorkOSOptions as An, OrganizationDomainState as Ao, DsyncGroupUserAddedEvent as Ar, ListInvitationsOptions as As, UpdateResourceOptions as At, RemoveOrganizationRolePermissionOptions as Au, QueryRequestOptions as B, VaultDataReadEventData as Ba, AuthenticateUserWithEmailVerificationCredentials as Bc, PasswordResetSucceededEvent as Bi, ListRoleAssignmentsOptions as Bl, ApiKeyRevokedEvent as Bn, SerializedUpdateOrganizationMembershipOptions as Bo, EmailVerificationCreatedEvent as Br, FactorResponse as Bs, CreateAuditLogSchemaResponse as Bt, SerializedUpdateEnvironmentRoleOptions as Bu, PublicUserManagement as C, VaultDekReadEventResponse as Ca, UserResponse as Cc, OrganizationDomainVerifiedEventResponse as Ci, OrganizationRoleResponse as Cl, ListOrganizationFeatureFlagsOptions as Cn, SerializedCreateOrganizationApiKeyOptions as Co, DsyncDeletedEventResponse as Cr, AuthorizationOrganizationMembershipListResponse as Cs, ResourceOptions as Ct, UpdatePermissionOptions as Cu, UnauthorizedException as D, VaultMetadataReadEventResponse as Da, SerializedAuthenticateWithRefreshTokenPublicClientOptions as Dc, OrganizationMembershipDeletedResponse as Di, RoleList as Dl, DomainData as Dn, OrganizationDomainVerificationFailedResponse as Do, DsyncGroupDeletedEventResponse as Dr, OrganizationMembership as Ds, SerializedDeleteResourceOptions as Dt, PermissionList as Du, UnprocessableEntityException as E, VaultMetadataReadEvent as Ea, AuthenticateWithRefreshTokenPublicClientOptions as Ec, OrganizationMembershipDeleted as Ei, RoleEventResponse as El, SerializedCreateOrganizationOptions as En, OrganizationDomainVerificationFailed as Eo, DsyncGroupDeletedEvent as Er, BaseOrganizationMembershipResponse as Es, SerializedCreateResourceOptions as Et, Permission as Eu, ApiKeyRequiredException as F, VaultByokKeyVerificationCompletedEventResponseData as Fa, AuthenticateWithOrganizationSelectionOptions as Fc, OrganizationRoleUpdatedEventResponse as Fi, AssignRoleOptions as Fl, List as Fn, VerifyEmailOptions as Fo, DsyncUserCreatedEventResponse as Fr, InvitationEventResponse as Fs, AuditLogSchema as Ft, CreateOrganizationRoleOptions as Fu, CheckOptions as G, VaultDekDecryptedEventResponseData as Ga, AuthenticateUserWithCodeCredentials as Gc, PermissionDeletedEventResponse as Gi, RoleAssignmentResourceResponse as Gl, AuthenticationMagicAuthFailedEventResponse as Gn, SessionStatus as Go, EventResponse as Gr, EmailVerification as Gs, CreateAuditLogEventRequestOptions as Gt, EnvironmentRoleList as Gu, QueryResultResponse as H, VaultDataUpdatedEventData as Ha, SerializedAuthenticateWithEmailVerificationOptions as Hc, PermissionCreatedEvent as Hi, RoleAssignmentList as Hl, AuthenticationEmailVerificationSucceededEvent as Hn, AuthMethod as Ho, Event as Hr, FactorWithSecretsResponse as Hs, AuditLogActor as Ht, CreateEnvironmentRoleOptions as Hu, FeatureFlagsRuntimeClient as I, VaultDataCreatedEventData as Ia, SerializedAuthenticateWithOrganizationSelectionOptions as Ic, OrganizationUpdatedEvent as Ii, AssignRoleOptionsWithResourceExternalId as Il, ListResponse as In, SerializedUpdateUserPasswordOptions as Io, DsyncUserDeletedEvent as Ir, InvitationResponse as Is, AuditLogSchemaMetadata as It, SerializedCreateOrganizationRoleOptions as Iu, CheckResultInterface as J, VaultKekCreatedEventData as Ja, AuthenticateWithOptionsBase as Jc, RoleCreatedEvent as Ji, ListMembershipsForResourceByExternalIdOptions as Jl, AuthenticationMfaSucceededEvent as Jn, SerializedSendInvitationOptions as Jo, FlagDeletedEvent as Jr, EmailVerificationResponse as Js, AuditLogExportResponse as Jt, ListDirectoryUsersOptions as Ju, CheckRequestOptions as K, VaultDekReadEventData as Ka, AuthenticateWithCodeOptions as Kc, PermissionUpdatedEvent as Ki, RoleAssignmentResponse as Kl, AuthenticationMagicAuthSucceededEvent as Kn, SendVerificationEmailOptions as Ko, FlagCreatedEvent as Kr, EmailVerificationEvent as Ks, SerializedCreateAuditLogEventOptions as Kt, EnvironmentRoleListResponse as Ku, WarrantToken as L, VaultDataCreatedEventResponseData as La, AuthenticateUserWithMagicAuthCredentials as Lc, OrganizationUpdatedResponse as Li, AssignRoleOptionsWithResourceId as Ll, GetOptions as Ln, UpdateUserPasswordOptions as Lo, DsyncUserDeletedEventResponse as Lr, Identity as Ls, AuditLogTargetSchema as Lt, OrganizationRole as Lu, NoApiKeyProvidedException as M, VaultActorSource as Ma, AuthenticateWithPasswordOptions as Mc, OrganizationRoleDeletedEvent as Mi, RemoveRoleOptionsWithResourceExternalId as Ml, PutOptions as Mn, CreateOrganizationDomainOptions as Mo, DsyncGroupUserRemovedEvent as Mr, ListAuthFactorsOptions as Ms, CheckOp as Mt, SetOrganizationRolePermissionsOptions as Mu, BadRequestException as N, VaultByokKeyProvider as Na, SerializedAuthenticateWithPasswordOptions as Nc, OrganizationRoleDeletedEventResponse as Ni, RemoveRoleOptionsWithResourceId as Nl, PostOptions as Nn, SerializedCreateOrganizationDomainOptions as No, DsyncGroupUserRemovedEventResponse as Nr, Invitation as Ns, CookieSession as Nt, SerializedUpdateOrganizationRoleOptions as Nu, SignatureVerificationException as O, VaultNamesListedEvent as Oa, AuthenticateUserWithRefreshTokenCredentials as Oc, OrganizationMembershipUpdated as Oi, RoleResponse as Ol, DomainDataState as On, OrganizationDomain as Oo, DsyncGroupUpdatedEvent as Or, OrganizationMembershipResponse as Os, SerializedListResourcesOptions as Ot, PermissionListResponse as Ou, GenericServerException as P, VaultByokKeyVerificationCompletedEventData as Pa, AuthenticateUserWithOrganizationSelectionCredentials as Pc, OrganizationRoleUpdatedEvent as Pi, SerializedRemoveRoleOptions as Pl, PatchOptions as Pn, SerializedVerifyEmailOptions as Po, DsyncUserCreatedEvent as Pr, InvitationEvent as Ps, AuditLogActorSchema as Pt, UpdateOrganizationRoleOptions as Pu, DebugInfoResponse as Q, VaultNamesListedEventData as Qa, WithResolvedClientId as Qc, RoleUpdatedEvent as Qi, ListResourcesForMembershipOptionsWithParentId as Ql, AuthenticationOAuthSucceededEvent as Qn, ResetPasswordOptions as Qo, FlagUpdatedEvent as Qr, SerializedCreatePasswordResetOptions as Qs, SendSessionResponse as Qt, PaginationOptions as Qu, WarrantTokenResponse as R, VaultDataDeletedEventData as Ra, AuthenticateWithMagicAuthOptions as Rc, PasswordResetCreatedEvent as Ri, BaseAssignRoleOptions as Rl, ApiKeyCreatedEvent as Rn, SerializedUpdateUserOptions as Ro, DsyncUserUpdatedEvent as Rr, IdentityResponse as Rs, CreateAuditLogSchemaOptions as Rt, AddEnvironmentRolePermissionOptions as Ru, PublicSSO as S, VaultDekReadEvent as Sa, User as Sc, OrganizationDomainVerifiedEvent as Si, OrganizationRoleEventResponse as Sl, ListOrganizationsOptions as Sn, CreateOrganizationApiKeyRequestOptions as So, DsyncDeletedEvent as Sr, AuthorizationOrganizationMembershipList as Ss, ResourceInterface as St, SerializedUpdatePermissionOptions as Su, createWorkOS as T, VaultKekCreatedEventResponse as Ta, ImpersonatorResponse as Tc, OrganizationMembershipCreatedResponse as Ti, RoleEvent as Tl, CreateOrganizationRequestOptions as Tn, SerializedApiKey as To, DsyncGroupCreatedEventResponse as Tr, BaseOrganizationMembership as Ts, SerializedBatchWriteResourcesOptions as Tt, SerializedCreatePermissionOptions as Tu, SerializedQueryOptions as U, VaultDataUpdatedEventResponseData as Ua, AuthenticateWithCodeAndVerifierOptions as Uc, PermissionCreatedEventResponse as Ui, RoleAssignmentListResponse as Ul, AuthenticationEmailVerificationSucceededEventResponse as Un, Session as Uo, EventBase as Ur, EnrollAuthFactorOptions as Us, AuditLogTarget as Ut, SerializedCreateEnvironmentRoleOptions as Uu, QueryResult as V, VaultDataReadEventResponseData as Va, AuthenticateWithEmailVerificationOptions as Vc, PasswordResetSucceededEventResponse as Vi, RoleAssignment as Vl, ApiKeyRevokedEventResponse as Vn, UpdateOrganizationMembershipOptions as Vo, EmailVerificationCreatedEventResponse as Vr, FactorWithSecrets$1 as Vs, SerializedCreateAuditLogSchemaOptions as Vt, UpdateEnvironmentRoleOptions as Vu, CheckBatchOptions as W, VaultDekDecryptedEventData as Wa, SerializedAuthenticateWithCodeAndVerifierOptions as Wc, PermissionDeletedEvent as Wi, RoleAssignmentResource as Wl, AuthenticationMagicAuthFailedEvent as Wn, SessionResponse as Wo, EventName as Wr, SerializedEnrollUserInMfaFactorOptions as Ws, CreateAuditLogEventOptions as Wt, EnvironmentRole as Wu, CheckWarrantOptions as X, VaultMetadataReadEventData as Xa, SerializedAuthenticatePublicClientBase as Xc, RoleDeletedEvent as Xi, ListResourcesForMembershipOptions as Xl, AuthenticationOAuthFailedEvent as Xn, SerializedRevokeSessionOptions as Xo, FlagRuleUpdatedEvent as Xr, SerializedCreateUserOptions as Xs, SerializedAuditLogExportOptions as Xt, ListDirectoriesOptions as Xu, CheckResultResponse as Y, VaultKekCreatedEventResponseData as Ya, AuthenticateWithSessionOptions as Yc, RoleCreatedEventResponse as Yi, ListMembershipsForResourceOptions as Yl, AuthenticationMfaSucceededEventResponse as Yn, RevokeSessionOptions as Yo, FlagDeletedEventResponse as Yr, CreateUserOptions as Ys, AuditLogExportOptions as Yt, ListDirectoryGroupsOptions as Yu, DebugInfo as Z, VaultMetadataReadEventResponseData as Za, SerializedAuthenticateWithOptionsBase as Zc, RoleDeletedEventResponse as Zi, ListResourcesForMembershipOptionsWithParentExternalId as Zl, AuthenticationOAuthFailedEventResponse as Zn, serializeRevokeSessionOptions as Zo, FlagRuleUpdatedEventResponse as Zr, CreatePasswordResetOptions as Zs, GeneratePortalLinkIntent as Zt, SerializedListDirectoriesOptions as Zu, CreateDataKeyOptions as _, VaultDataReadEventResponse as _a, AuthenticateWithSessionCookieOptions as _c, OrganizationDomainDeletedEventResponse as _i, DirectoryUserResponse as _l, UserRegistrationActionPayload as _n, ValidateApiKeyResponse as _o, ConnectionDeactivatedEventResponse as _r, ListSessionsOptions as _s, CreateResourceOptions as _t, CreateOptionsWithParentResourceId as _u, ReadObjectOptions as a, UserCreatedEventResponse as aa, AuthenticationRadarRiskDetectedEventData as ac, DirectoryType as ad, InvitationResentEventResponse as ai, ListConnectionsOptions as al, AutoPaginatable as an, RuntimeClientOptions as ao, AuthenticationPasswordFailedEventResponse as ar, PasswordResetEvent as as, ListWarrantsRequestOptions as at, DeleteAuthorizationResourceOptions as au, ConfidentialClientOptions as b, VaultDekDecryptedEvent as ba, AuthenticationResponse as bc, OrganizationDomainVerificationFailedEvent as bi, ListOrganizationRolesResponse as bl, Organization as bn, SerializedCreatedApiKey as bo, DsyncActivatedEvent as br, SerializedListOrganizationMembershipsOptions as bs, ListResourcesOptions as bt, UpdateAuthorizationResourceOptions as bu, ObjectMetadata as c, UserUpdatedEvent as ca, AuthenticationEventResponse as cc, HttpClient as cd, MagicAuthCreatedEvent as ci, GetProfileOptions as cl, Webhooks as cn, FlagPollEntry as co, AuthenticationRadarRiskDetectedEvent as cr, MagicAuth as cs, SerializedSubject as ct, GetAuthorizationResourceByExternalIdOptions as cu, VaultObject as d, VaultByokKeyVerificationCompletedEventResponse as da, AuthenticateUserWithTotpCredentials as dc, RequestHeaders as dd, OrganizationCreatedResponse as di, ConnectionResponse as dl, ResponsePayload as dn, FeatureFlag as do, AuthenticationSSOFailedEventResponse as dr, MagicAuthResponse as ds, Warrant as dt, AuthorizationResource as du, SessionCreatedEvent as ea, SerializedCreateOrganizationMembershipOptions as ec, DirectoryGroupResponse as ed, InvitationAcceptedEvent as ei, ProfileAndTokenResponse as el, SerializedCreatePasswordlessSessionOptions as en, DataKey as eo, AuthenticationPasskeyFailedEvent as er, ResendInvitationOptions as es, DecisionTreeNodeResponse as et, AuthorizationCheckOptions as eu, DeleteObjectOptions as f, VaultDataCreatedEvent as fa, AuthenticateWithTotpOptions as fc, RequestOptions as fd, OrganizationDeletedEvent as fi, ConnectionType as fl, UserRegistrationActionResponseData as fn, FeatureFlagResponse as fo, AuthenticationSSOSucceededEvent as fr, LogoutURLOptions as fs, WarrantResponse as ft, AuthorizationResourceList as fu, DecryptDataKeyResponse as g, VaultDataReadEvent as ga, AuthenticateWithSessionCookieFailureReason as gc, OrganizationDomainDeletedEvent as gi, DirectoryUser as gl, UserDataPayload as gn, ValidateApiKeyOptions as go, ConnectionDeactivatedEvent as gr, ListUserFeatureFlagsOptions as gs, BatchWriteResourcesResponse as gt, CreateOptionsWithParentExternalId as gu, DecryptDataKeyOptions as h, VaultDataDeletedEventResponse as ha, AuthenticateWithSessionCookieFailedResponse as hc, CryptoProvider as hd, OrganizationDomainCreatedEventResponse as hi, DefaultCustomAttributes as hl, UserData as hn, SerializedValidateApiKeyResponse as ho, ConnectionActivatedEventResponse as hr, SerializedListUsersOptions as hs, BatchWriteResourcesOptions as ht, CreateAuthorizationResourceOptions as hu, ReadObjectMetadataResponse as i, UserCreatedEvent as ia, UserManagementAuthorizationURLOptions as ic, DirectoryStateResponse as id, InvitationResentEvent as ii, OauthTokensResponse as il, SerializedListEventOptions as in, RuntimeClientLogger as io, AuthenticationPasswordFailedEvent as ir, PasswordReset as is, ListWarrantsOptions as it, SerializedAuthorizationCheckOptions as iu, NotFoundException as j, VaultActorResponse as ja, AuthenticateUserWithPasswordCredentials as jc, OrganizationRoleCreatedEventResponse as ji, RemoveRoleOptions as jl, UnprocessableEntityError as jn, OrganizationDomainVerificationStrategy as jo, DsyncGroupUserAddedEventResponse as jr, SerializedListInvitationsOptions as js, ResourceOp as jt, AddOrganizationRolePermissionOptions as ju, RateLimitExceededException as k, VaultNamesListedEventResponse as ka, AuthenticateWithRefreshTokenOptions as kc, OrganizationMembershipUpdatedResponse as ki, RemoveRoleAssignmentOptions as kl, WorkOSResponseError as kn, OrganizationDomainResponse as ko, DsyncGroupUpdatedEventResponse as kr, OrganizationMembershipStatus as ks, SerializedResourceOptions as kt, PermissionResponse as ku, ObjectUpdateBy as l, UserUpdatedEventResponse as la, AuthenticationEventSso as lc, HttpClientInterface as ld, MagicAuthCreatedEventResponse as li, Connection as ll, Actions as ln, FlagPollResponse as lo, AuthenticationRadarRiskDetectedEventResponse as lr, MagicAuthEvent as ls, SerializedWriteWarrantOptions as lt, ListAuthorizationResourcesOptions as lu, CreateObjectOptions as m, VaultDataDeletedEvent as ma, AccessToken$1 as mc, ResponseHeaders as md, OrganizationDomainCreatedEvent as mi, SSOPKCEAuthorizationURLResult as ml, ActionPayload as mn, AddFlagTargetOptions as mo, ConnectionActivatedEvent as mr, ListUsersOptions as ms, WarrantOp as mt, AuthorizationResourceResponse as mu, UpdateObjectEntity as n, SessionRevokedEvent as na, SerializedCreateMagicAuthOptions as nc, DirectoryResponse as nd, InvitationCreatedEvent as ni, ProfileResponse as nl, PasswordlessSessionResponse as nn, KeyContext as no, AuthenticationPasskeySucceededEvent as nr, RefreshSessionFailureReason as ns, SerializedCheckOptions as nt, AuthorizationCheckOptionsWithResourceId as nu, ReadObjectResponse as o, UserDeletedEvent as oa, AuthenticationRadarRiskDetectedEventResponseData as oc, EventDirectory as od, InvitationRevokedEvent as oi, SerializedListConnectionsOptions as ol, PKCE as on, RemoveFlagTargetOptions as oo, AuthenticationPasswordSucceededEvent as or, PasswordResetEventResponse as os, PolicyContext as ot, DeleteAuthorizationResourceByExternalIdOptions as ou, CreateObjectEntity as p, VaultDataCreatedEventResponse as pa, SerializedAuthenticateWithTotpOptions as pc, ResponseHeaderValue as pd, OrganizationDeletedResponse as pi, SSOAuthorizationURLOptions as pl, ActionContext as pn, EvaluationContext as po, AuthenticationSSOSucceededEventResponse as pr, Locale as ps, WriteWarrantOptions as pt, AuthorizationResourceListResponse as pu, CheckResult as q, VaultDekReadEventResponseData as qa, SerializedAuthenticateWithCodeOptions as qc, PermissionUpdatedEventResponse as qi, RoleAssignmentRole as ql, AuthenticationMagicAuthSucceededEventResponse as qn, SendInvitationOptions as qo, FlagCreatedEventResponse as qr, EmailVerificationEventResponse as qs, AuditLogExport as qt, EnvironmentRoleResponse as qu, UpdateObjectOptions as r, SessionRevokedEventResponse as ra, PKCEAuthorizationURLResult as rc, DirectoryState as rd, InvitationCreatedEventResponse as ri, OauthTokens as rl, ListEventOptions as rn, RuntimeClientStats as ro, AuthenticationPasskeySucceededEventResponse as rr, RefreshSessionResponse as rs, SerializedCheckWarrantOptions as rt, AuthorizationCheckResult as ru, ObjectDigest as s, UserDeletedEventResponse as sa, AuthenticationEvent as sc, EventDirectoryResponse as sd, InvitationRevokedEventResponse as si, GetProfileAndTokenOptions as sl, PKCEPair as sn, ListFeatureFlagsOptions as so, AuthenticationPasswordSucceededEventResponse as sr, PasswordResetResponse as ss, SerializedListWarrantsOptions as st, UpdateAuthorizationResourceByExternalIdOptions as su, WorkOS as t, SessionCreatedEventResponse as ta, CreateMagicAuthOptions as tc, Directory as td, InvitationAcceptedEventResponse as ti, Profile as tl, PasswordlessSession as tn, DataKeyPair as to, AuthenticationPasskeyFailedEventResponse as tr, SerializedResendInvitationOptions as ts, SerializedCheckBatchOptions as tt, AuthorizationCheckOptionsWithResourceExternalId as tu, ObjectVersion as u, VaultByokKeyVerificationCompletedEvent as ua, AuthenticationEventSsoResponse as uc, HttpClientResponseInterface as ud, OrganizationCreatedEvent as ui, ConnectionDomain as ul, AuthenticationActionResponseData as un, FlagTarget as uo, AuthenticationSSOFailedEvent as ur, MagicAuthEventResponse as us, Subject as ut, SerializedListAuthorizationResourcesOptions as uu, CreateDataKeyResponse as v, VaultDataUpdatedEvent as va, AuthenticateWithSessionCookieSuccessResponse as vc, OrganizationDomainUpdatedEvent as vi, DirectoryUserWithGroups as vl, SerializedUpdateOrganizationOptions as vn, ListOrganizationApiKeysOptions as vo, ConnectionDeletedEvent as vr, SerializedListSessionsOptions as vs, DeleteResourceOptions as vt, SerializedCreateAuthorizationResourceOptions as vu, PublicWorkOS as w, VaultKekCreatedEvent as wa, Impersonator as wc, OrganizationMembershipCreated as wi, Role as wl, CreateOrganizationOptions as wn, ApiKey as wo, DsyncGroupCreatedEvent as wr, AuthorizationOrganizationMembershipResponse as ws, ResourceResponse as wt, CreatePermissionOptions as wu, PublicClientOptions as x, VaultDekDecryptedEventResponse as xa, AuthenticationResponseResponse as xc, OrganizationDomainVerificationFailedEventResponse as xi, OrganizationRoleEvent as xl, OrganizationResponse as xn, CreateOrganizationApiKeyOptions as xo, DsyncActivatedEventResponse as xr, AuthorizationOrganizationMembership as xs, Resource as xt, ListPermissionsOptions as xu, WorkOSWorker as y, VaultDataUpdatedEventResponse as ya, SessionCookieData as yc, OrganizationDomainUpdatedEventResponse as yi, DirectoryUserWithGroupsResponse as yl, UpdateOrganizationOptions as yn, CreatedApiKey as yo, ConnectionDeletedEventResponse as yr, ListOrganizationMembershipsOptions as ys, GetResourceOptions as yt, SerializedUpdateAuthorizationResourceOptions as yu, QueryOptions as z, VaultDataDeletedEventResponseData as za, SerializedAuthenticateWithMagicAuthOptions as zc, PasswordResetCreatedEventResponse as zi, SerializedAssignRoleOptions as zl, ApiKeyCreatedEventResponse as zn, UpdateUserOptions as zo, DsyncUserUpdatedEventResponse as zr, Factor$1 as zs, CreateAuditLogSchemaRequestOptions as zt, SetEnvironmentRolePermissionsOptions as zu };
-//# sourceMappingURL=workos-CESKLr5j.d.mts.map
+export { CreateAuditLogSchemaRequestOptions as $, FlagPollEntry as $a, ConnectionDomain as $c, VaultDekDecryptedEventResponse as $i, SerializedListAuthorizationResourcesOptions as $l, DsyncUserCreatedEvent as $n, MagicAuth as $o, OrganizationDomainVerifiedEvent as $r, AuthenticationEventSsoResponse as $s, List as $t, ResponseHeaders as $u, IntentOptions as A, VaultNamesListedEventData as Aa, AuthenticateWithEmailVerificationOptions as Ac, RoleUpdatedEventResponse as Ai, SerializedAssignRoleOptions as Al, AuthenticationSSOFailedEventResponse as An, UpdateUserOptions as Ao, GroupUpdatedEventResponse as Ar, FactorWithSecrets$1 as As, UserRegistrationActionResponseData as At, EnvironmentRoleList as Au, NoApiKeyProvidedException as B, Group as Ba, SerializedAuthenticateWithOptionsBase as Bc, UserUpdatedEvent as Bi, ListResourcesForMembershipOptionsWithParentExternalId as Bl, DsyncActivatedEventResponse as Bn, RevokeSessionOptions as Bo, MagicAuthCreatedEventResponse as Br, CreatePasswordResetOptions as Bs, ListOrganizationsOptions as Bt, Directory as Bu, PublicUserManagement as C, VaultDekDecryptedEventResponseData as Ca, AuthenticateUserWithOrganizationSelectionCredentials as Cc, PermissionUpdatedEvent as Ci, RemoveRoleOptionsWithResourceExternalId as Cl, AuthenticationPasswordFailedEvent as Cn, CreateOrganizationDomainOptions as Co, GroupMemberAddedEvent as Cr, Invitation as Cs, AutoPaginatable as Ct, AddEnvironmentRolePermissionOptions as Cu, PortalLinkResponseWire as D, VaultKekCreatedEventResponseData as Da, AuthenticateWithMagicAuthOptions as Dc, RoleDeletedEvent as Di, AssignRoleOptionsWithResourceExternalId as Dl, AuthenticationRadarRiskDetectedEvent as Dn, SerializedUpdateUserPasswordOptions as Do, GroupMemberRemovedEvent as Dr, Identity as Ds, Actions as Dt, CreateEnvironmentRoleOptions as Du, PortalLinkResponse as E, VaultKekCreatedEventData as Ea, AuthenticateUserWithMagicAuthCredentials as Ec, RoleCreatedEventResponse as Ei, AssignRoleOptions as El, AuthenticationPasswordSucceededEventResponse as En, VerifyEmailOptions as Eo, GroupMemberEventResponseData as Er, InvitationResponse as Es, Webhooks as Et, UpdateEnvironmentRoleOptions as Eu, UnauthorizedException as F, SerializedUpdateGroupOptions as Fa, AuthenticateWithCodeOptions as Fc, UnknownEvent as Fi, RoleAssignmentResponse as Fl, ConnectionDeactivatedEvent as Fn, SessionResponse as Fo, InvitationResentEvent as Fr, EmailVerificationEvent as Fs, UserRegistrationActionPayload as Ft, ListDirectoriesOptions as Fu, AuthenticationException as G, SerializedCreateGroupOptions as Ga, ProfileResponse as Gc, VaultDataCreatedEventResponse as Gi, AuthorizationCheckOptionsWithResourceId as Gl, DsyncGroupDeletedEvent as Gn, ResendInvitationOptions as Go, OrganizationDomainCreatedEvent as Gr, SerializedCreateMagicAuthOptions as Gs, DomainData as Gt, EventDirectory as Gu, BadRequestException as H, GetGroupOptions as Ha, ProfileAndToken as Hc, VaultByokKeyVerificationCompletedEvent as Hi, SerializedListResourcesForMembershipOptions as Hl, DsyncDeletedEventResponse as Hn, serializeRevokeSessionOptions as Ho, OrganizationCreatedResponse as Hr, CreateOrganizationMembershipOptions as Hs, CreateOrganizationOptions as Ht, DirectoryState as Hu, SignatureVerificationException as I, UpdateGroupOptions as Ia, SerializedAuthenticateWithCodeOptions as Ic, UserCreatedEvent as Ii, RoleAssignmentRole as Il, ConnectionDeactivatedEventResponse as In, SessionStatus as Io, InvitationResentEventResponse as Ir, EmailVerificationEventResponse as Is, SerializedUpdateOrganizationOptions as It, SerializedListDirectoriesOptions as Iu, WorkOSErrorData as J, RuntimeClientStats as Ja, ListConnectionsOptions as Jc, VaultDataReadEvent as Ji, DeleteAuthorizationResourceOptions as Jl, DsyncGroupUpdatedEventResponse as Jn, RefreshSessionResponse as Jo, OrganizationDomainDeletedEventResponse as Jr, AuthenticationRadarRiskDetectedEventData as Js, WorkOSOptions as Jt, HttpClientInterface as Ju, isAuthenticationErrorData as K, AddGroupOrganizationMembershipOptions as Ka, OauthTokens as Kc, VaultDataDeletedEvent as Ki, AuthorizationCheckResult as Kl, DsyncGroupDeletedEventResponse as Kn, SerializedResendInvitationOptions as Ko, OrganizationDomainCreatedEventResponse as Kr, PKCEAuthorizationURLResult as Ks, DomainDataState as Kt, EventDirectoryResponse as Ku, RateLimitExceededException as L, RemoveGroupOrganizationMembershipOptions as La, AuthenticateWithOptionsBase as Lc, UserCreatedEventResponse as Li, ListMembershipsForResourceByExternalIdOptions as Ll, ConnectionDeletedEvent as Ln, SendVerificationEmailOptions as Lo, InvitationRevokedEvent as Lr, EmailVerificationResponse as Ls, UpdateOrganizationOptions as Lt, PaginationOptions as Lu, SSOIntentOptions as M, DataKey as Ma, AuthenticateWithCodeAndVerifierOptions as Mc, SessionCreatedEventResponse as Mi, RoleAssignment as Ml, AuthenticationSSOSucceededEventResponse as Mn, UpdateOrganizationMembershipOptions as Mo, InvitationAcceptedEventResponse as Mr, EnrollAuthFactorOptions as Ms, ActionPayload as Mt, EnvironmentRoleResponse as Mu, SSOIntentOptionsResponse as N, DataKeyPair as Na, SerializedAuthenticateWithCodeAndVerifierOptions as Nc, SessionRevokedEvent as Ni, RoleAssignmentResource as Nl, ConnectionActivatedEvent as Nn, AuthMethod as No, InvitationCreatedEvent as Nr, SerializedEnrollUserInMfaFactorOptions as Ns, UserData as Nt, ListDirectoryUsersOptions as Nu, GenerateLink as O, VaultMetadataReadEventData as Oa, SerializedAuthenticateWithMagicAuthOptions as Oc, RoleDeletedEventResponse as Oi, AssignRoleOptionsWithResourceId as Ol, AuthenticationRadarRiskDetectedEventResponse as On, UpdateUserPasswordOptions as Oo, GroupMemberRemovedEventResponse as Or, Factor$1 as Os, AuthenticationActionResponseData as Ot, SerializedCreateEnvironmentRoleOptions as Ou, UnprocessableEntityException as P, KeyContext as Pa, AuthenticateUserWithCodeCredentials as Pc, SessionRevokedEventResponse as Pi, RoleAssignmentResourceResponse as Pl, ConnectionActivatedEventResponse as Pn, Session as Po, InvitationCreatedEventResponse as Pr, EmailVerification as Ps, UserDataPayload as Pt, ListDirectoryGroupsOptions as Pu, CreateAuditLogSchemaOptions as Q, ListFeatureFlagsOptions as Qa, Connection as Qc, VaultDekDecryptedEvent as Qi, ListAuthorizationResourcesOptions as Ql, DsyncGroupUserRemovedEventResponse as Qn, PasswordResetResponse as Qo, OrganizationDomainVerificationFailedEventResponse as Qr, AuthenticationEventSso as Qs, PatchOptions as Qt, ResponseHeaderValue as Qu, OauthException as R, ListGroupsOptions as Ra, AuthenticateWithSessionOptions as Rc, UserDeletedEvent as Ri, ListMembershipsForResourceOptions as Rl, ConnectionDeletedEventResponse as Rn, SendInvitationOptions as Ro, InvitationRevokedEventResponse as Rr, CreateUserOptions as Rs, Organization as Rt, DirectoryGroup as Ru, PublicSSO as S, VaultDekDecryptedEventData as Sa, SerializedAuthenticateWithPasswordOptions as Sc, PermissionDeletedEventResponse as Si, RemoveRoleOptions as Sl, AuthenticationPasskeySucceededEventResponse as Sn, OrganizationDomainVerificationStrategy as So, GroupDeletedEventResponse as Sr, ListAuthFactorsOptions as Ss, SerializedListEventOptions as St, OrganizationRole as Su, createWorkOS as T, VaultDekReadEventResponseData as Ta, SerializedAuthenticateWithOrganizationSelectionOptions as Tc, RoleCreatedEvent as Ti, SerializedRemoveRoleOptions as Tl, AuthenticationPasswordSucceededEvent as Tn, SerializedVerifyEmailOptions as To, GroupMemberEventData as Tr, InvitationEventResponse as Ts, PKCEPair as Tt, SerializedUpdateEnvironmentRoleOptions as Tu, AuthenticationErrorCode as U, DeleteGroupOptions as Ua, ProfileAndTokenResponse as Uc, VaultByokKeyVerificationCompletedEventResponse as Ui, AuthorizationCheckOptions as Ul, DsyncGroupCreatedEvent as Un, ResetPasswordOptions as Uo, OrganizationDeletedEvent as Ur, SerializedCreateOrganizationMembershipOptions as Us, CreateOrganizationRequestOptions as Ut, DirectoryStateResponse as Uu, ConflictException as V, GroupResponse as Va, WithResolvedClientId as Vc, UserUpdatedEventResponse as Vi, ListResourcesForMembershipOptionsWithParentId as Vl, DsyncDeletedEvent as Vn, SerializedRevokeSessionOptions as Vo, OrganizationCreatedEvent as Vr, SerializedCreatePasswordResetOptions as Vs, ListOrganizationFeatureFlagsOptions as Vt, DirectoryResponse as Vu, AuthenticationErrorData as W, CreateGroupOptions as Wa, Profile as Wc, VaultDataCreatedEvent as Wi, AuthorizationCheckOptionsWithResourceExternalId as Wl, DsyncGroupCreatedEventResponse as Wn, SerializedResetPasswordOptions as Wo, OrganizationDeletedResponse as Wr, CreateMagicAuthOptions as Ws, SerializedCreateOrganizationOptions as Wt, DirectoryType as Wu, FeatureFlagsRuntimeClient as X, RuntimeClientOptions as Xa, GetProfileAndTokenOptions as Xc, VaultDataUpdatedEvent as Xi, UpdateAuthorizationResourceByExternalIdOptions as Xl, DsyncGroupUserAddedEventResponse as Xn, PasswordResetEvent as Xo, OrganizationDomainUpdatedEventResponse as Xr, AuthenticationEvent as Xs, PutOptions as Xt, RequestHeaders as Xu, ApiKeyRequiredException as Y, RuntimeClientLogger as Ya, SerializedListConnectionsOptions as Yc, VaultDataReadEventResponse as Yi, DeleteAuthorizationResourceByExternalIdOptions as Yl, DsyncGroupUserAddedEvent as Yn, PasswordReset as Yo, OrganizationDomainUpdatedEvent as Yr, AuthenticationRadarRiskDetectedEventResponseData as Ys, UnprocessableEntityError as Yt, HttpClientResponseInterface as Yu, CookieSession as Z, RemoveFlagTargetOptions as Za, GetProfileOptions as Zc, VaultDataUpdatedEventResponse as Zi, GetAuthorizationResourceByExternalIdOptions as Zl, DsyncGroupUserRemovedEvent as Zn, PasswordResetEventResponse as Zo, OrganizationDomainVerificationFailedEvent as Zr, AuthenticationEventResponse as Zs, PostOptions as Zt, RequestOptions as Zu, CreateDataKeyOptions as _, VaultDataDeletedEventResponseData as _a, AuthenticateUserWithRefreshTokenCredentials as _c, PasswordResetSucceededEvent as _i, RoleResponse as _l, AuthenticationOAuthSucceededEvent as _n, OrganizationDomainVerificationFailed as _o, FlagUpdatedEvent as _r, OrganizationMembershipResponse as _s, CreatePasswordlessSessionOptions as _t, SetOrganizationRolePermissionsOptions as _u, ReadObjectOptions as a, VaultMetadataReadEventResponse as aa, AuthenticateWithSessionCookieFailureReason as ac, OrganizationMembershipUpdated as ai, DirectoryUser as al, ApiKeyRevokedEvent as an, AddFlagTargetOptions as ao, EmailVerificationCreatedEvent as ar, ListUsersOptions as as, CreateAuditLogEventRequestOptions as at, SerializedCreateAuthorizationResourceOptions as au, ConfidentialClientOptions as b, VaultDataUpdatedEventData as ba, AuthenticateUserWithPasswordCredentials as bc, PermissionCreatedEventResponse as bi, RemoveRoleAssignmentOptions as bl, AuthenticationPasskeyFailedEventResponse as bn, OrganizationDomainResponse as bo, GroupCreatedEventResponse as br, SerializedListInvitationsOptions as bs, PasswordlessSessionResponse as bt, CreateOrganizationRoleOptions as bu, ObjectMetadata as c, VaultActor as ca, SessionCookieData as cc, OrganizationRoleCreatedEventResponse as ci, DirectoryUserWithGroupsResponse as cl, AuthenticationEmailVerificationSucceededEventResponse as cn, ValidateApiKeyResponse as co, EventBase as cr, ListSessionsOptions as cs, AuditLogSchema as ct, ListPermissionsOptions as cu, VaultObject as d, VaultByokKeyProvider as da, User as dc, OrganizationRoleUpdatedEvent as di, OrganizationRoleEventResponse as dl, AuthenticationMagicAuthSucceededEvent as dn, SerializedCreatedApiKey as do, FlagCreatedEvent as dr, SerializedListOrganizationMembershipsOptions as ds, AuditLogTargetSchema as dt, CreatePermissionOptions as du, VaultDekReadEvent as ea, AuthenticateUserWithTotpCredentials as ec, CryptoProvider as ed, OrganizationDomainVerifiedEventResponse as ei, ConnectionResponse as el, ListResponse as en, FlagPollResponse as eo, DsyncUserCreatedEventResponse as er, MagicAuthEvent as es, CreateAuditLogSchemaResponse as et, AuthorizationResource as eu, DeleteObjectOptions as f, VaultByokKeyVerificationCompletedEventData as fa, UserResponse as fc, OrganizationRoleUpdatedEventResponse as fi, OrganizationRoleResponse as fl, AuthenticationMagicAuthSucceededEventResponse as fn, CreateOrganizationApiKeyOptions as fo, FlagCreatedEventResponse as fr, AuthorizationOrganizationMembership as fs, AuditLogExport as ft, SerializedCreatePermissionOptions as fu, DecryptDataKeyResponse as g, VaultDataDeletedEventData as ga, SerializedAuthenticateWithRefreshTokenPublicClientOptions as gc, PasswordResetCreatedEventResponse as gi, RoleList as gl, AuthenticationOAuthFailedEventResponse as gn, SerializedApiKey as go, FlagRuleUpdatedEventResponse as gr, OrganizationMembership as gs, SendSessionResponse as gt, AddOrganizationRolePermissionOptions as gu, DecryptDataKeyOptions as h, VaultDataCreatedEventResponseData as ha, AuthenticateWithRefreshTokenPublicClientOptions as hc, PasswordResetCreatedEvent as hi, RoleEventResponse as hl, AuthenticationOAuthFailedEvent as hn, ApiKey as ho, FlagRuleUpdatedEvent as hr, BaseOrganizationMembershipResponse as hs, SerializedAuditLogExportOptions as ht, RemoveOrganizationRolePermissionOptions as hu, ReadObjectMetadataResponse as i, VaultMetadataReadEvent as ia, AuthenticateWithSessionCookieFailedResponse as ic, OrganizationMembershipDeletedResponse as ii, DefaultCustomAttributes as il, ApiKeyCreatedEventResponse as in, EvaluationContext as io, DsyncUserUpdatedEventResponse as ir, Locale as is, CreateAuditLogEventOptions as it, CreateOptionsWithParentResourceId as iu, IntentOptionsResponse as j, VaultNamesListedEventResponseData as ja, SerializedAuthenticateWithEmailVerificationOptions as jc, SessionCreatedEvent as ji, ListRoleAssignmentsOptions as jl, AuthenticationSSOSucceededEvent as jn, SerializedUpdateOrganizationMembershipOptions as jo, InvitationAcceptedEvent as jr, FactorWithSecretsResponse as js, ActionContext as jt, EnvironmentRoleListResponse as ju, GenerateLinkResponse as k, VaultMetadataReadEventResponseData as ka, AuthenticateUserWithEmailVerificationCredentials as kc, RoleUpdatedEvent as ki, BaseAssignRoleOptions as kl, AuthenticationSSOFailedEvent as kn, SerializedUpdateUserOptions as ko, GroupUpdatedEvent as kr, FactorResponse as ks, ResponsePayload as kt, EnvironmentRole as ku, ObjectUpdateBy as l, VaultActorResponse as la, AuthenticationResponse as lc, OrganizationRoleDeletedEvent as li, ListOrganizationRolesResponse as ll, AuthenticationMagicAuthFailedEvent as ln, ListOrganizationApiKeysOptions as lo, EventName as lr, SerializedListSessionsOptions as ls, AuditLogSchemaMetadata as lt, SerializedUpdatePermissionOptions as lu, CreateObjectOptions as m, VaultDataCreatedEventData as ma, ImpersonatorResponse as mc, OrganizationUpdatedResponse as mi, RoleEvent as ml, AuthenticationMfaSucceededEventResponse as mn, SerializedCreateOrganizationApiKeyOptions as mo, FlagDeletedEventResponse as mr, BaseOrganizationMembership as ms, AuditLogExportOptions as mt, PermissionResponse as mu, UpdateObjectEntity as n, VaultKekCreatedEvent as na, SerializedAuthenticateWithTotpOptions as nc, OrganizationMembershipCreatedResponse as ni, SSOAuthorizationURLOptions as nl, GenerateLinkIntent as nn, FeatureFlag as no, DsyncUserDeletedEventResponse as nr, MagicAuthResponse as ns, AuditLogActor as nt, CreateAuthorizationResourceOptions as nu, ReadObjectResponse as o, VaultNamesListedEvent as oa, AuthenticateWithSessionCookieOptions as oc, OrganizationMembershipUpdatedResponse as oi, DirectoryUserResponse as ol, ApiKeyRevokedEventResponse as on, SerializedValidateApiKeyResponse as oo, EmailVerificationCreatedEventResponse as or, SerializedListUsersOptions as os, SerializedCreateAuditLogEventOptions as ot, SerializedUpdateAuthorizationResourceOptions as ou, CreateObjectEntity as p, VaultByokKeyVerificationCompletedEventResponseData as pa, Impersonator as pc, OrganizationUpdatedEvent as pi, Role as pl, AuthenticationMfaSucceededEvent as pn, CreateOrganizationApiKeyRequestOptions as po, FlagDeletedEvent as pr, AuthorizationOrganizationMembershipResponse as ps, AuditLogExportResponse as pt, Permission as pu, GenericServerException as q, SerializedAddGroupOrganizationMembershipOptions as qa, OauthTokensResponse as qc, VaultDataDeletedEventResponse as qi, SerializedAuthorizationCheckOptions as ql, DsyncGroupUpdatedEvent as qn, RefreshSessionFailureReason as qo, OrganizationDomainDeletedEvent as qr, UserManagementAuthorizationURLOptions as qs, WorkOSResponseError as qt, HttpClient as qu, UpdateObjectOptions as r, VaultKekCreatedEventResponse as ra, AccessToken$1 as rc, OrganizationMembershipDeleted as ri, SSOPKCEAuthorizationURLResult as rl, ApiKeyCreatedEvent as rn, FeatureFlagResponse as ro, DsyncUserUpdatedEvent as rr, LogoutURLOptions as rs, AuditLogTarget as rt, CreateOptionsWithParentExternalId as ru, ObjectDigest as s, VaultNamesListedEventResponse as sa, AuthenticateWithSessionCookieSuccessResponse as sc, OrganizationRoleCreatedEvent as si, DirectoryUserWithGroups as sl, AuthenticationEmailVerificationSucceededEvent as sn, ValidateApiKeyOptions as so, Event as sr, ListUserFeatureFlagsOptions as ss, AuditLogActorSchema as st, UpdateAuthorizationResourceOptions as su, WorkOS as t, VaultDekReadEventResponse as ta, AuthenticateWithTotpOptions as tc, OrganizationMembershipCreated as ti, ConnectionType as tl, GetOptions as tn, FlagTarget as to, DsyncUserDeletedEvent as tr, MagicAuthEventResponse as ts, SerializedCreateAuditLogSchemaOptions as tt, AuthorizationResourceResponse as tu, ObjectVersion as u, VaultActorSource as ua, AuthenticationResponseResponse as uc, OrganizationRoleDeletedEventResponse as ui, OrganizationRoleEvent as ul, AuthenticationMagicAuthFailedEventResponse as un, CreatedApiKey as uo, EventResponse as ur, ListOrganizationMembershipsOptions as us, AuditLogSchemaResponse as ut, UpdatePermissionOptions as uu, CreateDataKeyResponse as v, VaultDataReadEventData as va, AuthenticateWithRefreshTokenOptions as vc, PasswordResetSucceededEventResponse as vi, ListEffectivePermissionsByExternalIdOptions as vl, AuthenticationOAuthSucceededEventResponse as vn, OrganizationDomainVerificationFailedResponse as vo, FlagUpdatedEventResponse as vr, OrganizationMembershipStatus as vs, SerializedCreatePasswordlessSessionOptions as vt, SerializedUpdateOrganizationRoleOptions as vu, PublicWorkOS as w, VaultDekReadEventData as wa, AuthenticateWithOrganizationSelectionOptions as wc, PermissionUpdatedEventResponse as wi, RemoveRoleOptionsWithResourceId as wl, AuthenticationPasswordFailedEventResponse as wn, SerializedCreateOrganizationDomainOptions as wo, GroupMemberAddedEventResponse as wr, InvitationEvent as ws, PKCE as wt, SetEnvironmentRolePermissionsOptions as wu, PublicClientOptions as x, VaultDataUpdatedEventResponseData as xa, AuthenticateWithPasswordOptions as xc, PermissionDeletedEvent as xi, BaseRemoveRoleOptions as xl, AuthenticationPasskeySucceededEvent as xn, OrganizationDomainState as xo, GroupDeletedEvent as xr, ListGroupsForOrganizationMembershipOptions as xs, ListEventOptions as xt, SerializedCreateOrganizationRoleOptions as xu, WorkOSWorker as y, VaultDataReadEventResponseData as ya, SerializedAuthenticateWithRefreshTokenOptions as yc, PermissionCreatedEvent as yi, ListEffectivePermissionsOptions as yl, AuthenticationPasskeyFailedEvent as yn, OrganizationDomain as yo, GroupCreatedEvent as yr, ListInvitationsOptions as ys, PasswordlessSession as yt, UpdateOrganizationRoleOptions as yu, NotFoundException as z, ListGroupOrganizationMembershipsOptions as za, SerializedAuthenticatePublicClientBase as zc, UserDeletedEventResponse as zi, ListResourcesForMembershipOptions as zl, DsyncActivatedEvent as zn, SerializedSendInvitationOptions as zo, MagicAuthCreatedEvent as zr, SerializedCreateUserOptions as zs, OrganizationResponse as zt, DirectoryGroupResponse as zu };
+//# sourceMappingURL=workos-DhbLRXvR.d.mts.map