@workos-inc/node 9.3.0 → 10.0.0

package/lib/{workos-DS8Htvr7.d.cts → factory-awA8SmsZ.d.mts}

@@ -82,7 +82,6 @@ type RequestOptions = {
 type ResponseHeaderValue = string | string[];
 type ResponseHeaders = Record<string, ResponseHeaderValue>;
 interface HttpClientInterface {
-  getClientName: () => string;
   get(path: string, options: RequestOptions): any;
   post<Entity = any>(path: string, entity: Entity, options: RequestOptions): any;
   put<Entity = any>(path: string, entity: Entity, options: RequestOptions): any;
@@ -104,15 +103,12 @@ declare abstract class HttpClient implements HttpClientInterface {
   readonly MINIMUM_SLEEP_TIME_IN_MILLISECONDS = 500;
   readonly RETRY_STATUS_CODES: number[];
   constructor(baseURL: string, options?: RequestInit | undefined);
-  /** The HTTP client name used for diagnostics */
-  getClientName(): string;
   abstract get(path: string, options: RequestOptions): Promise<HttpClientResponseInterface>;
   abstract post<Entity = any>(path: string, entity: Entity, options: RequestOptions): Promise<HttpClientResponseInterface>;
   abstract put<Entity = any>(path: string, entity: Entity, options: RequestOptions): Promise<HttpClientResponseInterface>;
   abstract patch<Entity = any>(path: string, entity: Entity, options: RequestOptions): Promise<HttpClientResponseInterface>;
   abstract delete(path: string, options: RequestOptions): Promise<HttpClientResponseInterface>;
   abstract deleteWithBody<Entity = any>(path: string, entity: Entity, options: RequestOptions): Promise<HttpClientResponseInterface>;
-  addClientToUserAgent(userAgent: string): string;
   static getResourceURL(baseURL: string, path: string, params?: Record<string, any>): string;
   static getQueryString(queryObj?: Record<string, any>): string | undefined;
   static getContentTypeHeader(entity: any): RequestHeaders | undefined;
@@ -122,6 +118,9 @@ declare abstract class HttpClient implements HttpClientInterface {
   sleep: (retryAttempt: number) => Promise<unknown>;
 }
 //#endregion
+//#region src/common/crypto/decode-payload.d.ts
+type WebhookPayload = string | Uint8Array | ArrayBuffer | object;
+//#endregion
 //#region src/directory-sync/interfaces/directory.interface.d.ts
 type DirectoryType = 'azure scim v2.0' | 'bamboohr' | 'breathe hr' | 'cezanne hr' | 'cyberark scim v2.0' | 'fourth hr' | 'gsuite directory' | 'generic scim v2.0' | 'hibob' | 'jump cloud scim v2.0' | 'okta scim v2.0' | 'onelogin scim v2.0' | 'people hr' | 'personio' | 'pingfederate scim v2.0' | 'rippling scim v2.0' | 'sftp' | 'sftp workday' | 'workday';
 type DirectoryState = 'active' | 'deleting' | 'inactive' | 'invalid_credentials' | 'validating';
@@ -493,7 +492,6 @@ interface ListAuthorizationResourcesOptions extends PaginationOptions {
   parentResourceId?: string;
   parentResourceTypeSlug?: string;
   parentExternalId?: string;
-  search?: string;
 }
 interface SerializedListAuthorizationResourcesOptions extends PaginationOptions {
   organization_id?: string;
@@ -501,7 +499,6 @@ interface SerializedListAuthorizationResourcesOptions extends PaginationOptions
   parent_resource_id?: string;
   parent_resource_type_slug?: string;
   parent_external_id?: string;
-  search?: string;
 }
 //#endregion
 //#region src/authorization/interfaces/get-authorization-resource-by-external-id-options.interface.d.ts
@@ -1309,7 +1306,7 @@ interface AuthenticateWithSessionCookieOptions {
   sessionData: string;
   cookiePassword?: string;
 }
-interface AccessToken$1 {
+interface UserManagementAccessToken {
   sid: string;
   org_id?: string;
   role?: string;
@@ -1397,6 +1394,64 @@ interface AuthenticationEventResponse {
   user_id: string | null;
 }
 //#endregion
+//#region src/multi-factor-auth/interfaces/totp.interface.d.ts
+interface Totp {
+  issuer: string;
+  user: string;
+}
+interface TotpWithSecrets extends Totp {
+  qrCode: string;
+  secret: string;
+  uri: string;
+}
+interface TotpResponse {
+  issuer: string;
+  user: string;
+}
+interface TotpWithSecretsResponse extends TotpResponse {
+  qr_code: string;
+  secret: string;
+  uri: string;
+}
+//#endregion
+//#region src/user-management/interfaces/authentication-factor.interface.d.ts
+interface AuthenticationFactor {
+  object: 'authentication_factor';
+  id: string;
+  createdAt: string;
+  updatedAt: string;
+  type: 'totp';
+  totp: Totp;
+  userId: string;
+}
+interface AuthenticationFactorWithSecrets {
+  object: 'authentication_factor';
+  id: string;
+  createdAt: string;
+  updatedAt: string;
+  type: 'totp';
+  totp: TotpWithSecrets;
+  userId: string;
+}
+interface AuthenticationFactorResponse {
+  object: 'authentication_factor';
+  id: string;
+  created_at: string;
+  updated_at: string;
+  type: 'totp';
+  totp: TotpResponse;
+  user_id: string;
+}
+interface AuthenticationFactorWithSecretsResponse {
+  object: 'authentication_factor';
+  id: string;
+  created_at: string;
+  updated_at: string;
+  type: 'totp';
+  totp: TotpWithSecretsResponse;
+  user_id: string;
+}
+//#endregion
 //#region src/user-management/interfaces/authentication-radar-risk-detected-event.interface.d.ts
 type AuthenticationRadarRiskDetectedEventData = {
   authMethod: string;
@@ -1585,64 +1640,6 @@ interface SerializedEnrollUserInMfaFactorOptions {
   totp_secret?: string;
 }
 //#endregion
-//#region src/multi-factor-auth/interfaces/totp.interface.d.ts
-interface Totp {
-  issuer: string;
-  user: string;
-}
-interface TotpWithSecrets extends Totp {
-  qrCode: string;
-  secret: string;
-  uri: string;
-}
-interface TotpResponse {
-  issuer: string;
-  user: string;
-}
-interface TotpWithSecretsResponse extends TotpResponse {
-  qr_code: string;
-  secret: string;
-  uri: string;
-}
-//#endregion
-//#region src/user-management/interfaces/factor.interface.d.ts
-interface Factor$1 {
-  object: 'authentication_factor';
-  id: string;
-  createdAt: string;
-  updatedAt: string;
-  type: 'totp';
-  totp: Totp;
-  userId: string;
-}
-interface FactorWithSecrets$1 {
-  object: 'authentication_factor';
-  id: string;
-  createdAt: string;
-  updatedAt: string;
-  type: 'totp';
-  totp: TotpWithSecrets;
-  userId: string;
-}
-interface FactorResponse {
-  object: 'authentication_factor';
-  id: string;
-  created_at: string;
-  updated_at: string;
-  type: 'totp';
-  totp: TotpResponse;
-  user_id: string;
-}
-interface FactorWithSecretsResponse {
-  object: 'authentication_factor';
-  id: string;
-  created_at: string;
-  updated_at: string;
-  type: 'totp';
-  totp: TotpWithSecretsResponse;
-  user_id: string;
-}
-//#endregion
 //#region src/user-management/interfaces/identity.interface.d.ts
 interface Identity {
   idpId: string;
@@ -2387,13 +2384,20 @@ interface GetGroupOptions {
 //#endregion
 //#region src/groups/interfaces/group.interface.d.ts
 interface Group {
+  /** The Group object. */
   object: 'group';
+  /** The unique ID of the Group. */
   id: string;
+  /** The ID of the Organization the Group belongs to. */
   organizationId: string;
+  /** The name of the Group. */
   name: string;
+  /** An optional description of the Group. */
   description: string | null;
-  createdAt: string;
-  updatedAt: string;
+  /** An ISO 8601 timestamp. */
+  createdAt: Date;
+  /** An ISO 8601 timestamp. */
+  updatedAt: Date;
 }
 interface GroupResponse {
   object: 'group';
@@ -3502,7 +3506,7 @@ declare class Actions {
     secret,
     tolerance
   }: {
-    payload: any;
+    payload: WebhookPayload;
     sigHeader: string;
     secret: string;
     tolerance?: number;
@@ -3519,43 +3523,13 @@ declare class Actions {
     secret,
     tolerance
   }: {
-    payload: unknown;
+    payload: WebhookPayload;
     sigHeader: string;
     secret: string;
     tolerance?: number;
   }): Promise<ActionContext>;
 }
 //#endregion
-//#region src/webhooks/webhooks.d.ts
-declare class Webhooks {
-  private signatureProvider;
-  constructor(cryptoProvider: CryptoProvider);
-  get verifyHeader(): ({
-    payload,
-    sigHeader,
-    secret,
-    tolerance
-  }: {
-    payload: any;
-    sigHeader: string;
-    secret: string;
-    tolerance?: number;
-  }) => Promise<boolean>;
-  get computeSignature(): (timestamp: any, payload: any, secret: string) => Promise<string>;
-  get getTimestampAndSignatureHash(): (sigHeader: string) => [string, string];
-  constructEvent({
-    payload,
-    sigHeader,
-    secret,
-    tolerance
-  }: {
-    payload: Record<string, unknown>;
-    sigHeader: string;
-    secret: string;
-    tolerance?: number;
-  }): Promise<Event>;
-}
-//#endregion
 //#region src/pkce/pkce.d.ts
 interface PKCEPair {
   codeVerifier: string;
@@ -3670,244 +3644,747 @@ declare class ApiKeys {
   createOrganizationApiKey(options: CreateOrganizationApiKeyOptions, requestOptions?: CreateOrganizationApiKeyRequestOptions): Promise<CreatedApiKey>;
 }
 //#endregion
-//#region src/directory-sync/directory-sync.d.ts
-declare class DirectorySync {
-  private readonly workos;
-  constructor(workos: WorkOS);
-  /**
-   * List Directories
-   *
-   * Get a list of all of your existing directories matching the criteria specified.
-   * @param options - Pagination and filter options.
-   * @returns {Promise<AutoPaginatable<Directory, SerializedListDirectoriesOptions>>}
-   * @throws 403 response from the API.
-   * @throws {UnprocessableEntityException} 422
-   */
-  listDirectories(options?: ListDirectoriesOptions): Promise<AutoPaginatable<Directory, SerializedListDirectoriesOptions>>;
-  /**
-   * Get a Directory
-   *
-   * Get the details of an existing directory.
-   * @param id - Unique identifier for the Directory.
-   *
-   * @example
-   * "directory_01ECAZ4NV9QMV47GW873HDCX74"
-   *
-   * @returns {Promise<Directory>}
-   * @throws 403 response from the API.
-   * @throws {NotFoundException} 404
-   */
-  getDirectory(id: string): Promise<Directory>;
-  /**
-   * Delete a Directory
-   *
-   * Permanently deletes an existing directory. It cannot be undone.
-   * @param id - Unique identifier for the Directory.
-   *
-   * @example
-   * "directory_01ECAZ4NV9QMV47GW873HDCX74"
-   *
-   * @returns {Promise<void>}
-   * @throws 403 response from the API.
-   */
-  deleteDirectory(id: string): Promise<void>;
-  /**
-   * List Directory Groups
-   *
-   * Get a list of all of existing directory groups matching the criteria specified.
-   * @param options - Pagination and filter options.
-   * @returns {Promise<AutoPaginatable<DirectoryGroup, ListDirectoryGroupsOptions>>}
-   * @throws 403 response from the API.
-   * @throws {NotFoundException} 404
-   * @throws {UnprocessableEntityException} 422
-   */
-  listGroups(options: ListDirectoryGroupsOptions): Promise<AutoPaginatable<DirectoryGroup, ListDirectoryGroupsOptions>>;
-  /**
-   * List Directory Users
-   *
-   * Get a list of all of existing Directory Users matching the criteria specified.
-   * @param options - Pagination and filter options.
-   * @returns {Promise<AutoPaginatable<DirectoryUserWithGroups<TCustomAttributes>, ListDirectoryUsersOptions>>}
-   * @throws 403 response from the API.
-   * @throws {NotFoundException} 404
-   * @throws {UnprocessableEntityException} 422
-   * @throws {RateLimitExceededException} 429
-   */
-  listUsers<TCustomAttributes extends object = DefaultCustomAttributes>(options: ListDirectoryUsersOptions): Promise<AutoPaginatable<DirectoryUserWithGroups<TCustomAttributes>, ListDirectoryUsersOptions>>;
-  /**
-   * Get a Directory User
-   *
-   * Get the details of an existing Directory User.
-   * @param user - Unique identifier for the Directory User.
-   *
-   * @example
-   * "directory_user_01E1JG7J09H96KYP8HM9B0G5SJ"
-   * @returns {Promise<DirectoryUserWithGroups<TCustomAttributes>>}
-   * @throws 403 response from the API.
-   * @throws {NotFoundException} 404
-   */
-  getUser<TCustomAttributes extends object = DefaultCustomAttributes>(user: string): Promise<DirectoryUserWithGroups<TCustomAttributes>>;
-  /**
-   * Get a Directory Group
-   *
-   * Get the details of an existing Directory Group.
-   * @param group - Unique identifier for the Directory Group.
-   *
-   * @example
-   * "directory_group_01E1JJS84MFPPQ3G655FHTKX6Z"
-   * @returns {Promise<DirectoryGroup>}
-   * @throws 403 response from the API.
-   * @throws {NotFoundException} 404
-   */
-  getGroup(group: string): Promise<DirectoryGroup>;
+//#region src/connect/interfaces/user-object.interface.d.ts
+interface UserObject {
+  /** Your application's user identifier, which will be stored as an [`external_id`](https://workos.com/docs/authkit/metadata/external-identifiers). Used for upserting and deduplication. */
+  id: string;
+  /** The user's email address. */
+  email: string;
+  /** The user's first name. */
+  firstName?: string;
+  /** The user's last name. */
+  lastName?: string;
+  /** A set of key-value pairs to attach to the user. */
+  metadata?: Record<string, string>;
+}
+interface UserObjectResponse {
+  id: string;
+  email: string;
+  first_name?: string;
+  last_name?: string;
+  metadata?: Record<string, string>;
 }
 //#endregion
-//#region src/events/interfaces/list-events-options.interface.d.ts
-interface ListEventOptions {
-  events: EventName[];
-  rangeStart?: string;
-  rangeEnd?: string;
-  limit?: number;
-  after?: string;
-  organizationId?: string;
-  order?: 'asc' | 'desc';
+//#region src/connect/interfaces/user-consent-option-choice.interface.d.ts
+interface UserConsentOptionChoice {
+  /** The value of this choice. */
+  value?: string;
+  /** A human-readable label for this choice. */
+  label?: string;
 }
-interface SerializedListEventOptions {
-  events: EventName[];
-  range_start?: string;
-  range_end?: string;
-  limit?: number;
-  after?: string;
+interface UserConsentOptionChoiceResponse {
+  value?: string;
+  label?: string;
+}
+//#endregion
+//#region src/connect/interfaces/user-consent-option.interface.d.ts
+interface UserConsentOption {
+  /** The claim name for this consent option. */
+  claim: string;
+  /** The type of consent option. */
+  type: 'enum';
+  /** A human-readable label for this consent option. */
+  label: string;
+  /** The available choices for this consent option. */
+  choices: UserConsentOptionChoice[];
+}
+interface UserConsentOptionResponse {
+  claim: string;
+  type: 'enum';
+  label: string;
+  choices: UserConsentOptionChoiceResponse[];
+}
+//#endregion
+//#region src/connect/interfaces/complete-oauth-2-options.interface.d.ts
+interface CompleteOAuth2Options {
+  /** Identifier provided when AuthKit redirected to your login page. */
+  externalAuthId: string;
+  /** The user to create or update in AuthKit. */
+  user: UserObject;
+  /** Array of [User Consent Options](https://workos.com/docs/reference/workos-connect/standalone/user-consent-options) to store with the session. */
+  userConsentOptions?: UserConsentOption[];
+}
+//#endregion
+//#region src/connect/interfaces/list-applications-options.interface.d.ts
+interface ListApplicationsOptions extends PaginationOptions {
+  /** Filter Connect Applications by organization ID. */
+  organizationId?: string;
+}
+//#endregion
+//#region src/connect/interfaces/redirect-uri-input.interface.d.ts
+interface RedirectUriInput {
+  /** The redirect URI. */
+  uri: string;
+  /** Whether this is the default redirect URI. */
+  default?: boolean | null;
+}
+interface RedirectUriInputResponse {
+  uri: string;
+  default?: boolean | null;
+}
+//#endregion
+//#region src/connect/interfaces/create-oauth-application.interface.d.ts
+interface CreateOAuthApplication {
+  /** The name of the application. */
+  name: string;
+  /** The type of application to create. */
+  applicationType: 'oauth';
+  /** A description for the application. */
+  description?: string | null;
+  /** The OAuth scopes granted to the application. */
+  scopes?: string[] | null;
+  /** Redirect URIs for the application. */
+  redirectUris?: RedirectUriInput[] | null;
+  /** Whether the application uses PKCE (Proof Key for Code Exchange). */
+  usesPkce?: boolean | null;
+  /** Whether this is a first-party application. Third-party applications require an organization_id. */
+  isFirstParty: boolean;
+  /** The organization ID this application belongs to. Required when is_first_party is false. */
+  organizationId?: string | null;
+}
+interface CreateOAuthApplicationResponse {
+  name: string;
+  application_type: 'oauth';
+  description?: string | null;
+  scopes?: string[] | null;
+  redirect_uris?: RedirectUriInputResponse[] | null;
+  uses_pkce?: boolean | null;
+  is_first_party: boolean;
+  organization_id?: string | null;
+}
+//#endregion
+//#region src/connect/interfaces/create-m2m-application.interface.d.ts
+interface CreateM2MApplication {
+  /** The name of the application. */
+  name: string;
+  /** The type of application to create. */
+  applicationType: 'm2m';
+  /** A description for the application. */
+  description?: string | null;
+  /** The OAuth scopes granted to the application. */
+  scopes?: string[] | null;
+  /** The organization ID this application belongs to. */
+  organizationId: string;
+}
+interface CreateM2MApplicationResponse {
+  name: string;
+  application_type: 'm2m';
+  description?: string | null;
+  scopes?: string[] | null;
+  organization_id: string;
+}
+//#endregion
+//#region src/connect/interfaces/create-application-options.interface.d.ts
+type CreateApplicationOptions = {} & (CreateOAuthApplication | CreateM2MApplication);
+//#endregion
+//#region src/connect/interfaces/get-application-options.interface.d.ts
+interface GetApplicationOptions {
+  /** The application ID or client ID of the Connect Application. */
+  id: string;
+}
+//#endregion
+//#region src/connect/interfaces/update-application-options.interface.d.ts
+interface UpdateApplicationOptions {
+  /** The application ID or client ID of the Connect Application. */
+  id: string;
+  /** The name of the application. */
+  name?: string;
+  /** A description for the application. */
+  description?: string | null;
+  /** The OAuth scopes granted to the application. */
+  scopes?: string[] | null;
+  /** Updated redirect URIs for the application. OAuth applications only. */
+  redirectUris?: RedirectUriInput[] | null;
+}
+//#endregion
+//#region src/connect/interfaces/delete-application-options.interface.d.ts
+interface DeleteApplicationOptions {
+  /** The application ID or client ID of the Connect Application. */
+  id: string;
+}
+//#endregion
+//#region src/connect/interfaces/list-application-client-secrets-options.interface.d.ts
+interface ListApplicationClientSecretsOptions {
+  /** The application ID or client ID of the Connect Application. */
+  id: string;
+}
+//#endregion
+//#region src/connect/interfaces/create-application-client-secret-options.interface.d.ts
+interface CreateApplicationClientSecretOptions {
+  /** The application ID or client ID of the Connect Application. */
+  id: string;
+}
+//#endregion
+//#region src/connect/interfaces/delete-client-secret-options.interface.d.ts
+interface DeleteClientSecretOptions {
+  /** The unique ID of the client secret. */
+  id: string;
+}
+//#endregion
+//#region src/connect/interfaces/external-auth-complete-response.interface.d.ts
+interface ExternalAuthCompleteResponse {
+  /** URI to redirect the user back to AuthKit to complete the OAuth flow. */
+  redirectUri: string;
+}
+interface ExternalAuthCompleteResponseWire {
+  redirect_uri: string;
+}
+//#endregion
+//#region src/connect/interfaces/connect-application-redirect-uri.interface.d.ts
+interface ConnectApplicationRedirectUri {
+  /** The redirect URI for the application. */
+  uri: string;
+  /** Whether this is the default redirect URI. */
+  default: boolean;
+}
+interface ConnectApplicationRedirectUriResponse {
+  uri: string;
+  default: boolean;
+}
+//#endregion
+//#region src/connect/interfaces/connect-application.interface.d.ts
+interface ConnectApplicationOAuth {
+  /** Distinguishes the connect application object. */
+  object: 'connect_application';
+  /** The unique ID of the connect application. */
+  id: string;
+  /** The client ID of the connect application. */
+  clientId: string;
+  /** A description of the connect application. */
+  description: string | null;
+  /** The name of the connect application. */
+  name: string;
+  /** The scopes available for this application. */
+  scopes: string[];
+  /** An ISO 8601 timestamp. */
+  createdAt: Date;
+  /** An ISO 8601 timestamp. */
+  updatedAt: Date;
+  /** The type of the application. */
+  applicationType: 'oauth';
+  /** The redirect URIs configured for this application. */
+  redirectUris: ConnectApplicationRedirectUri[];
+  /** Whether the application uses PKCE for authorization. */
+  usesPkce: boolean;
+  /** Whether the application is a first-party application. */
+  isFirstParty: boolean;
+  /** Whether the application was dynamically registered. */
+  wasDynamicallyRegistered?: boolean;
+  /** The ID of the organization the application belongs to. */
+  organizationId?: string;
+}
+interface ConnectApplicationOAuthResponse {
+  /** Distinguishes the connect application object. */
+  object: 'connect_application';
+  /** The unique ID of the connect application. */
+  id: string;
+  /** The client ID of the connect application. */
+  client_id: string;
+  /** A description of the connect application. */
+  description: string | null;
+  /** The name of the connect application. */
+  name: string;
+  /** The scopes available for this application. */
+  scopes: string[];
+  /** An ISO 8601 timestamp. */
+  created_at: string;
+  /** An ISO 8601 timestamp. */
+  updated_at: string;
+  /** The type of the application. */
+  application_type: 'oauth';
+  /** The redirect URIs configured for this application. */
+  redirect_uris: ConnectApplicationRedirectUriResponse[];
+  /** Whether the application uses PKCE for authorization. */
+  uses_pkce: boolean;
+  /** Whether the application is a first-party application. */
+  is_first_party: boolean;
+  /** Whether the application was dynamically registered. */
+  was_dynamically_registered?: boolean;
+  /** The ID of the organization the application belongs to. */
   organization_id?: string;
-  order?: 'asc' | 'desc';
 }
+interface ConnectApplicationM2M {
+  /** Distinguishes the connect application object. */
+  object: 'connect_application';
+  /** The unique ID of the connect application. */
+  id: string;
+  /** The client ID of the connect application. */
+  clientId: string;
+  /** A description of the connect application. */
+  description: string | null;
+  /** The name of the connect application. */
+  name: string;
+  /** The scopes available for this application. */
+  scopes: string[];
+  /** An ISO 8601 timestamp. */
+  createdAt: Date;
+  /** An ISO 8601 timestamp. */
+  updatedAt: Date;
+  /** The type of the application. */
+  applicationType: 'm2m';
+  /** The ID of the organization the application belongs to. */
+  organizationId: string;
+}
+interface ConnectApplicationM2MResponse {
+  /** Distinguishes the connect application object. */
+  object: 'connect_application';
+  /** The unique ID of the connect application. */
+  id: string;
+  /** The client ID of the connect application. */
+  client_id: string;
+  /** A description of the connect application. */
+  description: string | null;
+  /** The name of the connect application. */
+  name: string;
+  /** The scopes available for this application. */
+  scopes: string[];
+  /** An ISO 8601 timestamp. */
+  created_at: string;
+  /** An ISO 8601 timestamp. */
+  updated_at: string;
+  /** The type of the application. */
+  application_type: 'm2m';
+  /** The ID of the organization the application belongs to. */
+  organization_id: string;
+}
+type ConnectApplication = ConnectApplicationOAuth | ConnectApplicationM2M;
+type ConnectApplicationResponse = ConnectApplicationOAuthResponse | ConnectApplicationM2MResponse;
 //#endregion
-//#region src/events/events.d.ts
-declare class Events {
+//#region src/connect/interfaces/application-credentials-list-item.interface.d.ts
+interface ApplicationCredentialsListItem {
+  /** Distinguishes the connect application secret object. */
+  object: 'connect_application_secret';
+  /** The unique ID of the client secret. */
+  id: string;
+  /** A hint showing the last few characters of the secret value. */
+  secretHint: string;
+  /** The timestamp when the client secret was last used, or null if never used. */
+  lastUsedAt: Date | null;
+  /** An ISO 8601 timestamp. */
+  createdAt: Date;
+  /** An ISO 8601 timestamp. */
+  updatedAt: Date;
+}
+interface ApplicationCredentialsListItemResponse {
+  object: 'connect_application_secret';
+  id: string;
+  secret_hint: string;
+  last_used_at: string | null;
+  created_at: string;
+  updated_at: string;
+}
+//#endregion
+//#region src/connect/interfaces/new-connect-application-secret.interface.d.ts
+interface NewConnectApplicationSecret {
+  /** Distinguishes the connect application secret object. */
+  object: 'connect_application_secret';
+  /** The unique ID of the client secret. */
+  id: string;
+  /** A hint showing the last few characters of the secret value. */
+  secretHint: string;
+  /** The timestamp when the client secret was last used, or null if never used. */
+  lastUsedAt: Date | null;
+  /** An ISO 8601 timestamp. */
+  createdAt: Date;
+  /** An ISO 8601 timestamp. */
+  updatedAt: Date;
+  /** The plaintext secret value. Only returned at creation time and cannot be retrieved later. */
+  secret: string;
+}
+interface NewConnectApplicationSecretResponse {
+  object: 'connect_application_secret';
+  id: string;
+  secret_hint: string;
+  last_used_at: string | null;
+  created_at: string;
+  updated_at: string;
+  secret: string;
+}
+//#endregion
+//#region src/connect/connect.d.ts
+declare class Connect {
   private readonly workos;
   constructor(workos: WorkOS);
   /**
-   * List events
+   * Complete external authentication
    *
-   * List events for the current environment.
-   * @param options - Pagination and filter options.
-   * @returns {Promise<List<Event>>}
+   * Completes an external authentication flow and returns control to AuthKit. This endpoint is used with [Standalone Connect](https://workos.com/docs/authkit/connect/standalone) to bridge your existing authentication system with the Connect OAuth API infrastructure.
+   *
+   * After successfully authenticating a user in your application, calling this endpoint will:
+   *
+   * - Create or update the user in AuthKit, using the given `id` as its `external_id`.
+   * - Return a `redirect_uri` your application should redirect to in order for AuthKit to complete the flow
+   *
+   * Users are automatically created or updated based on the `id` and `email` provided. If a user with the same `id` exists, their information is updated. Otherwise, a new user is created.
+   *
+   * If you provide a new `id` with an `email` that already belongs to an existing user, the request will fail with an error as email addresses are unique to a user.
+   * @param options - Object containing externalAuthId, user.
+   * @param options.externalAuthId - Identifier provided when AuthKit redirected to your login page.
+   * @example "ext_auth_01HXYZ123456789ABCDEFGHIJ"
+   * @param options.user - The user to create or update in AuthKit.
+   * @param options.userConsentOptions - Array of [User Consent Options](https://workos.com/docs/reference/workos-connect/standalone/user-consent-options) to store with the session.
+   * @returns {Promise<ExternalAuthCompleteResponse>}
    * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
    * @throws {UnprocessableEntityException} 422
    */
-  listEvents(options: ListEventOptions): Promise<List<Event>>;
-}
-//#endregion
-//#region src/organizations/organizations.d.ts
-declare class Organizations {
-  private readonly workos;
-  constructor(workos: WorkOS);
+  completeOAuth2(options: CompleteOAuth2Options): Promise<ExternalAuthCompleteResponse>;
   /**
-   * List Organizations
+   * List Connect Applications
    *
-   * Get a list of all of your existing organizations matching the criteria specified.
+   * List all Connect Applications in the current environment with optional filtering.
    * @param options - Pagination and filter options.
-   * @returns {Promise<AutoPaginatable<Organization, ListOrganizationsOptions>>}
+   * @returns {Promise<AutoPaginatable<ConnectApplication, ListApplicationsOptions>>}
    * @throws {UnprocessableEntityException} 422
    */
-  listOrganizations(options?: ListOrganizationsOptions): Promise<AutoPaginatable<Organization, ListOrganizationsOptions>>;
+  listApplications(options?: ListApplicationsOptions): Promise<AutoPaginatable<ConnectApplication, ListApplicationsOptions>>;
   /**
-   * Create an Organization
+   * Create a Connect Application
    *
-   * Creates a new organization in the current environment.
-   * @param payload - Object containing name.
-   * @returns {Promise<Organization>}
-   * @throws {BadRequestException} 400
-   * @throws {ConflictException} 409
+   * Create a new Connect Application. Supports both OAuth and Machine-to-Machine (M2M) application types.
+   * @param options - The request body.
+   * @returns {Promise<ConnectApplication>}
+   * @throws {NotFoundException} 404
    * @throws {UnprocessableEntityException} 422
    */
-  createOrganization(payload: CreateOrganizationOptions, requestOptions?: CreateOrganizationRequestOptions): Promise<Organization>;
+  createApplication(options: CreateApplicationOptions): Promise<ConnectApplication>;
   /**
-   * Delete an Organization
+   * Create oauth application.
+   * @param name - The name of the application.
+   * @param isFirstParty - Whether this is a first-party application. Third-party applications require an organization_id.
+   * @param description - A description for the application.
+   * @param scopes - The OAuth scopes granted to the application.
+   * @param redirectUris - Redirect URIs for the application.
+   * @param usesPkce - Whether the application uses PKCE (Proof Key for Code Exchange).
+   * @param organizationId - The organization ID this application belongs to. Required when is_first_party is false.
+   * @returns {Promise<ConnectApplication>}
+   */
+  createOAuthApplication(name: string, isFirstParty: boolean, description?: string | null, scopes?: string[] | null, redirectUris?: RedirectUriInput[] | null, usesPkce?: boolean | null, organizationId?: string | null): Promise<ConnectApplication>;
+  /**
+   * Create m2m application.
+   * @param name - The name of the application.
+   * @param organizationId - The organization ID this application belongs to.
+   * @param description - A description for the application.
+   * @param scopes - The OAuth scopes granted to the application.
+   * @returns {Promise<ConnectApplication>}
+   */
+  createM2MApplication(name: string, organizationId: string, description?: string | null, scopes?: string[] | null): Promise<ConnectApplication>;
+  /**
+   * Get a Connect Application
    *
-   * Permanently deletes an organization in the current environment. It cannot be undone.
-   * @param id - Unique identifier of the Organization.
+   * Retrieve details for a specific Connect Application by ID or client ID.
+   * @param options - The request options.
+   * @param options.id - The application ID or client ID of the Connect Application.
+   * @example "conn_app_01HXYZ123456789ABCDEFGHIJ"
+   * @returns {Promise<ConnectApplication>}
+   * @throws {NotFoundException} 404
+   */
+  getApplication(options: GetApplicationOptions): Promise<ConnectApplication>;
+  /**
+   * Update a Connect Application
    *
-   * @example
-   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   * Update an existing Connect Application. For OAuth applications, you can update redirect URIs. For all applications, you can update the name, description, and scopes.
+   * @param options - The request body.
+   * @param options.id - The application ID or client ID of the Connect Application.
+   * @example "conn_app_01HXYZ123456789ABCDEFGHIJ"
+   * @param options.name - The name of the application.
+   * @example "My Application"
+   * @param options.description - A description for the application.
+   * @example "An application for managing user access"
+   * @param options.scopes - The OAuth scopes granted to the application.
+   * @example ["openid","profile","email"]
+   * @param options.redirectUris - Updated redirect URIs for the application. OAuth applications only.
+   * @example [{"uri":"https://example.com/callback","default":true}]
+   * @returns {Promise<ConnectApplication>}
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  updateApplication(options: UpdateApplicationOptions): Promise<ConnectApplication>;
+  /**
+   * Delete a Connect Application
    *
+   * Delete an existing Connect Application.
+   * @param options - The request options.
+   * @param options.id - The application ID or client ID of the Connect Application.
+   * @example "conn_app_01HXYZ123456789ABCDEFGHIJ"
    * @returns {Promise<void>}
-   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
    */
-  deleteOrganization(id: string): Promise<void>;
+  deleteApplication(options: DeleteApplicationOptions): Promise<void>;
   /**
-   * Get an Organization
-   *
-   * Get the details of an existing organization.
-   * @param id - Unique identifier of the Organization.
+   * List Client Secrets for a Connect Application
    *
-   * @example
-   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
-   *
-   * @returns {Promise<Organization>}
+   * List all client secrets associated with a Connect Application.
+   * @param options - The request options.
+   * @param options.id - The application ID or client ID of the Connect Application.
+   * @example "conn_app_01HXYZ123456789ABCDEFGHIJ"
+   * @returns {Promise<ApplicationCredentialsListItem[]>}
    * @throws {NotFoundException} 404
    */
-  getOrganization(id: string): Promise<Organization>;
+  listApplicationClientSecrets(options: ListApplicationClientSecretsOptions): Promise<ApplicationCredentialsListItem[]>;
   /**
-   * Get an Organization by External ID
-   *
-   * Get the details of an existing organization by an [external identifier](https://workos.com/docs/authkit/metadata/external-identifiers).
-   * @param externalId - The external ID of the Organization.
-   *
-   * @example
-   * "2fe01467-f7ea-4dd2-8b79-c2b4f56d0191"
+   * Create a new client secret for a Connect Application
    *
-   * @returns {Promise<Organization>}
+   * Create new secrets for a Connect Application.
+   * @param options - The request body.
+   * @param options.id - The application ID or client ID of the Connect Application.
+   * @example "conn_app_01HXYZ123456789ABCDEFGHIJ"
+   * @returns {Promise<NewConnectApplicationSecret>}
    * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
    */
-  getOrganizationByExternalId(externalId: string): Promise<Organization>;
+  createApplicationClientSecret(options: CreateApplicationClientSecretOptions): Promise<NewConnectApplicationSecret>;
   /**
-   * Update an Organization
+   * Delete a Client Secret
    *
-   * Updates an organization in the current environment.
-   * @param payload - The request body.
-   * @returns {Promise<Organization>}
-   * @throws {BadRequestException} 400
-   * @throws 403 response from the API.
+   * Delete (revoke) an existing client secret.
+   * @param options - The request options.
+   * @param options.id - The unique ID of the client secret.
+   * @example "secret_01J9Q2Z3X4Y5W6V7U8T9S0R1Q"
+   * @returns {Promise<void>}
    * @throws {NotFoundException} 404
-   * @throws {ConflictException} 409
-   * @throws {UnprocessableEntityException} 422
    */
-  updateOrganization(options: UpdateOrganizationOptions): Promise<Organization>;
+  deleteClientSecret(options: DeleteClientSecretOptions): Promise<void>;
 }
 //#endregion
-//#region src/organization-domains/organization-domains.d.ts
-declare class OrganizationDomains {
+//#region src/directory-sync/directory-sync.d.ts
+declare class DirectorySync {
   private readonly workos;
   constructor(workos: WorkOS);
   /**
-   * Get an Organization Domain
+   * List Directories
    *
-   * Get the details of an existing organization domain.
-   * @param id - Unique identifier of the organization domain.
+   * Get a list of all of your existing directories matching the criteria specified.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<Directory, SerializedListDirectoriesOptions>>}
+   * @throws 403 response from the API.
+   * @throws {UnprocessableEntityException} 422
+   */
+  listDirectories(options?: ListDirectoriesOptions): Promise<AutoPaginatable<Directory, SerializedListDirectoriesOptions>>;
+  /**
+   * Get a Directory
+   *
+   * Get the details of an existing directory.
+   * @param id - Unique identifier for the Directory.
    *
    * @example
-   * "org_domain_01EHZNVPK2QXHMVWCEDQEKY69A"
+   * "directory_01ECAZ4NV9QMV47GW873HDCX74"
    *
-   * @returns {Promise<OrganizationDomain>}
+   * @returns {Promise<Directory>}
+   * @throws 403 response from the API.
    * @throws {NotFoundException} 404
    */
-  getOrganizationDomain(id: string): Promise<OrganizationDomain>;
+  getDirectory(id: string): Promise<Directory>;
   /**
-   * Verify an Organization Domain
+   * Delete a Directory
    *
-   * Initiates verification process for an Organization Domain.
-   * @param id - Unique identifier of the organization domain.
+   * Permanently deletes an existing directory. It cannot be undone.
+   * @param id - Unique identifier for the Directory.
    *
    * @example
-   * "org_domain_01EHZNVPK2QXHMVWCEDQEKY69A"
+   * "directory_01ECAZ4NV9QMV47GW873HDCX74"
    *
-   * @returns {Promise<OrganizationDomain>}
-   * @throws {BadRequestException} 400
+   * @returns {Promise<void>}
+   * @throws 403 response from the API.
    */
-  verifyOrganizationDomain(id: string): Promise<OrganizationDomain>;
+  deleteDirectory(id: string): Promise<void>;
   /**
-   * Create an Organization Domain
+   * List Directory Groups
+   *
+   * Get a list of all of existing directory groups matching the criteria specified.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<DirectoryGroup, ListDirectoryGroupsOptions>>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  listGroups(options: ListDirectoryGroupsOptions): Promise<AutoPaginatable<DirectoryGroup, ListDirectoryGroupsOptions>>;
+  /**
+   * List Directory Users
+   *
+   * Get a list of all of existing Directory Users matching the criteria specified.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<DirectoryUserWithGroups<TCustomAttributes>, ListDirectoryUsersOptions>>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   * @throws {RateLimitExceededException} 429
+   */
+  listUsers<TCustomAttributes extends object = DefaultCustomAttributes>(options: ListDirectoryUsersOptions): Promise<AutoPaginatable<DirectoryUserWithGroups<TCustomAttributes>, ListDirectoryUsersOptions>>;
+  /**
+   * Get a Directory User
+   *
+   * Get the details of an existing Directory User.
+   * @param user - Unique identifier for the Directory User.
+   *
+   * @example
+   * "directory_user_01E1JG7J09H96KYP8HM9B0G5SJ"
+   * @returns {Promise<DirectoryUserWithGroups<TCustomAttributes>>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
+  getUser<TCustomAttributes extends object = DefaultCustomAttributes>(user: string): Promise<DirectoryUserWithGroups<TCustomAttributes>>;
+  /**
+   * Get a Directory Group
+   *
+   * Get the details of an existing Directory Group.
+   * @param group - Unique identifier for the Directory Group.
+   *
+   * @example
+   * "directory_group_01E1JJS84MFPPQ3G655FHTKX6Z"
+   * @returns {Promise<DirectoryGroup>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
+  getGroup(group: string): Promise<DirectoryGroup>;
+}
+//#endregion
+//#region src/events/interfaces/list-events-options.interface.d.ts
+interface ListEventOptions {
+  events: EventName[];
+  rangeStart?: string;
+  rangeEnd?: string;
+  limit?: number;
+  after?: string;
+  organizationId?: string;
+  order?: 'asc' | 'desc';
+}
+interface SerializedListEventOptions {
+  events: EventName[];
+  range_start?: string;
+  range_end?: string;
+  limit?: number;
+  after?: string;
+  organization_id?: string;
+  order?: 'asc' | 'desc';
+}
+//#endregion
+//#region src/events/events.d.ts
+declare class Events {
+  private readonly workos;
+  constructor(workos: WorkOS);
+  /**
+   * List events
+   *
+   * List events for the current environment.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<List<Event>>}
+   * @throws {BadRequestException} 400
+   * @throws {UnprocessableEntityException} 422
+   */
+  listEvents(options: ListEventOptions): Promise<List<Event>>;
+}
+//#endregion
+//#region src/organizations/organizations.d.ts
+declare class Organizations {
+  private readonly workos;
+  constructor(workos: WorkOS);
+  /**
+   * List Organizations
+   *
+   * Get a list of all of your existing organizations matching the criteria specified.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<Organization, ListOrganizationsOptions>>}
+   * @throws {UnprocessableEntityException} 422
+   */
+  listOrganizations(options?: ListOrganizationsOptions): Promise<AutoPaginatable<Organization, ListOrganizationsOptions>>;
+  /**
+   * Create an Organization
+   *
+   * Creates a new organization in the current environment.
+   * @param payload - Object containing name.
+   * @returns {Promise<Organization>}
+   * @throws {BadRequestException} 400
+   * @throws {ConflictException} 409
+   * @throws {UnprocessableEntityException} 422
+   */
+  createOrganization(payload: CreateOrganizationOptions, requestOptions?: CreateOrganizationRequestOptions): Promise<Organization>;
+  /**
+   * Delete an Organization
+   *
+   * Permanently deletes an organization in the current environment. It cannot be undone.
+   * @param id - Unique identifier of the Organization.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @returns {Promise<void>}
+   * @throws 403 response from the API.
+   */
+  deleteOrganization(id: string): Promise<void>;
+  /**
+   * Get an Organization
+   *
+   * Get the details of an existing organization.
+   * @param id - Unique identifier of the Organization.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @returns {Promise<Organization>}
+   * @throws {NotFoundException} 404
+   */
+  getOrganization(id: string): Promise<Organization>;
+  /**
+   * Get an Organization by External ID
+   *
+   * Get the details of an existing organization by an [external identifier](https://workos.com/docs/authkit/metadata/external-identifiers).
+   * @param externalId - The external ID of the Organization.
+   *
+   * @example
+   * "2fe01467-f7ea-4dd2-8b79-c2b4f56d0191"
+   *
+   * @returns {Promise<Organization>}
+   * @throws {NotFoundException} 404
+   */
+  getOrganizationByExternalId(externalId: string): Promise<Organization>;
+  /**
+   * Update an Organization
+   *
+   * Updates an organization in the current environment.
+   * @param payload - The request body.
+   * @returns {Promise<Organization>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {ConflictException} 409
+   * @throws {UnprocessableEntityException} 422
+   */
+  updateOrganization(options: UpdateOrganizationOptions): Promise<Organization>;
+}
+//#endregion
+//#region src/organization-domains/organization-domains.d.ts
+declare class OrganizationDomains {
+  private readonly workos;
+  constructor(workos: WorkOS);
+  /**
+   * Get an Organization Domain
+   *
+   * Get the details of an existing organization domain.
+   * @param id - Unique identifier of the organization domain.
+   *
+   * @example
+   * "org_domain_01EHZNVPK2QXHMVWCEDQEKY69A"
+   *
+   * @returns {Promise<OrganizationDomain>}
+   * @throws {NotFoundException} 404
+   */
+  getOrganizationDomain(id: string): Promise<OrganizationDomain>;
+  /**
+   * Verify an Organization Domain
+   *
+   * Initiates verification process for an Organization Domain.
+   * @param id - Unique identifier of the organization domain.
+   *
+   * @example
+   * "org_domain_01EHZNVPK2QXHMVWCEDQEKY69A"
+   *
+   * @returns {Promise<OrganizationDomain>}
+   * @throws {BadRequestException} 400
+   */
+  verifyOrganizationDomain(id: string): Promise<OrganizationDomain>;
+  /**
+   * Create an Organization Domain
    *
    * Creates a new Organization Domain.
    * @param payload - Object containing domain, organizationId.
@@ -3990,12 +4467,23 @@ interface AccessToken {
   scopes: string[];
   missingScopes: string[];
 }
+interface SerializedAccessToken {
+  object: 'access_token';
+  access_token: string;
+  expires_at: string | null;
+  scopes: string[];
+  missing_scopes: string[];
+}
 //#endregion
 //#region src/pipes/interfaces/get-access-token.interface.d.ts
 interface GetAccessTokenOptions {
   userId: string;
   organizationId?: string | null;
 }
+interface SerializedGetAccessTokenOptions {
+  user_id: string;
+  organization_id?: string | null;
+}
 interface GetAccessTokenSuccessResponse {
   active: true;
   accessToken: AccessToken;
@@ -4005,6 +4493,15 @@ interface GetAccessTokenFailureResponse {
   error: 'not_installed' | 'needs_reauthorization';
 }
 type GetAccessTokenResponse = GetAccessTokenSuccessResponse | GetAccessTokenFailureResponse;
+interface SerializedGetAccessTokenSuccessResponse {
+  active: true;
+  access_token: SerializedAccessToken;
+}
+interface SerializedGetAccessTokenFailureResponse {
+  active: false;
+  error: 'not_installed' | 'needs_reauthorization';
+}
+type SerializedGetAccessTokenResponse = SerializedGetAccessTokenSuccessResponse | SerializedGetAccessTokenFailureResponse;
 //#endregion
 //#region src/pipes/pipes.d.ts
 declare class Pipes {
@@ -4018,6 +4515,224 @@ declare class Pipes {
   }): Promise<GetAccessTokenResponse>;
 }
 //#endregion
+//#region src/radar/interfaces/radar-standalone-assess-request-auth-method.interface.d.ts
+declare const RadarStandaloneAssessRequestAuthMethod: {
+  readonly Password: "Password";
+  readonly Passkey: "Passkey";
+  readonly Authenticator: "Authenticator";
+  readonly SmsOtp: "SMS_OTP";
+  readonly EmailOtp: "Email_OTP";
+  readonly Social: "Social";
+  readonly SSO: "SSO";
+  readonly Other: "Other";
+};
+type RadarStandaloneAssessRequestAuthMethod = (typeof RadarStandaloneAssessRequestAuthMethod)[keyof typeof RadarStandaloneAssessRequestAuthMethod];
+//#endregion
+//#region src/radar/interfaces/radar-standalone-assess-request-action.interface.d.ts
+declare const RadarStandaloneAssessRequestAction: {
+  readonly SignUp: "sign-up";
+  readonly SignIn: "sign-in";
+};
+type RadarStandaloneAssessRequestAction = (typeof RadarStandaloneAssessRequestAction)[keyof typeof RadarStandaloneAssessRequestAction];
+//#endregion
+//#region src/radar/interfaces/create-attempt-options.interface.d.ts
+interface CreateAttemptOptions {
+  /** The IP address of the request to assess. */
+  ipAddress: string;
+  /** The user agent string of the request to assess. */
+  userAgent: string;
+  /** The email address of the user making the request. */
+  email: string;
+  /** The authentication method being used. */
+  authMethod: RadarStandaloneAssessRequestAuthMethod;
+  /** The action being performed. */
+  action: RadarStandaloneAssessRequestAction;
+}
+//#endregion
+//#region src/radar/interfaces/update-attempt-options.interface.d.ts
+interface UpdateAttemptOptions {
+  /** The unique identifier of the Radar attempt to update. */
+  id: string;
+  /** Set to `"success"` to mark the challenge as completed. */
+  challengeStatus?: 'success';
+  /** Set to `"success"` to mark the authentication attempt as successful. */
+  attemptStatus?: 'success';
+}
+//#endregion
+//#region src/radar/interfaces/radar-list-type.interface.d.ts
+declare const RadarListType: {
+  readonly IpAddress: "ip_address";
+  readonly Domain: "domain";
+  readonly Email: "email";
+  readonly Device: "device";
+  readonly UserAgent: "user_agent";
+  readonly DeviceFingerprint: "device_fingerprint";
+  readonly Country: "country";
+};
+type RadarListType = (typeof RadarListType)[keyof typeof RadarListType];
+//#endregion
+//#region src/radar/interfaces/radar-list-action.interface.d.ts
+declare const RadarListAction: {
+  readonly Block: "block";
+  readonly Allow: "allow";
+};
+type RadarListAction = (typeof RadarListAction)[keyof typeof RadarListAction];
+//#endregion
+//#region src/radar/interfaces/add-list-entry-options.interface.d.ts
+interface AddListEntryOptions {
+  /** The type of the Radar list (e.g. ip_address, domain, email). */
+  type: RadarListType;
+  /** The list action indicating whether to add the entry to the allow or block list. */
+  action: RadarListAction;
+  /** The value to add to the list. Must match the format of the list type (e.g. a valid IP address for `ip_address`, a valid email for `email`). */
+  entry: string;
+}
+//#endregion
+//#region src/radar/interfaces/remove-list-entry-options.interface.d.ts
+interface RemoveListEntryOptions {
+  /** The type of the Radar list (e.g. ip_address, domain, email). */
+  type: RadarListType;
+  /** The list action indicating whether to remove the entry from the allow or block list. */
+  action: RadarListAction;
+  /** The value to remove from the list. Must match an existing entry. */
+  entry: string;
+}
+//#endregion
+//#region src/radar/interfaces/radar-standalone-response-verdict.interface.d.ts
+declare const RadarStandaloneResponseVerdict: {
+  readonly Allow: "allow";
+  readonly Block: "block";
+  readonly Challenge: "challenge";
+};
+type RadarStandaloneResponseVerdict = (typeof RadarStandaloneResponseVerdict)[keyof typeof RadarStandaloneResponseVerdict];
+//#endregion
+//#region src/radar/interfaces/radar-standalone-response-control.interface.d.ts
+declare const RadarStandaloneResponseControl: {
+  readonly BotDetection: "bot_detection";
+  readonly BruteForceAttack: "brute_force_attack";
+  readonly DomainSignUpRateLimit: "domain_sign_up_rate_limit";
+  readonly ImpossibleTravel: "impossible_travel";
+  readonly RepeatSignUp: "repeat_sign_up";
+  readonly StaleAccount: "stale_account";
+  readonly UnrecognizedDevice: "unrecognized_device";
+  readonly Restriction: "restriction";
+};
+type RadarStandaloneResponseControl = (typeof RadarStandaloneResponseControl)[keyof typeof RadarStandaloneResponseControl];
+//#endregion
+//#region src/radar/interfaces/radar-standalone-response-blocklist-type.interface.d.ts
+declare const RadarStandaloneResponseBlocklistType: {
+  readonly IpAddress: "ip_address";
+  readonly Domain: "domain";
+  readonly Email: "email";
+  readonly Device: "device";
+  readonly UserAgent: "user_agent";
+  readonly DeviceFingerprint: "device_fingerprint";
+  readonly Country: "country";
+};
+type RadarStandaloneResponseBlocklistType = (typeof RadarStandaloneResponseBlocklistType)[keyof typeof RadarStandaloneResponseBlocklistType];
+//#endregion
+//#region src/radar/interfaces/radar-standalone-response.interface.d.ts
+interface RadarStandaloneResponse {
+  /** The verdict of the risk assessment. */
+  verdict: RadarStandaloneResponseVerdict;
+  /** A human-readable reason for the verdict. */
+  reason: string;
+  /** Unique identifier of the authentication attempt. */
+  attemptId: string;
+  /** The Radar control that triggered the verdict. Only present if the verdict is `block` or `challenge`. */
+  control?: RadarStandaloneResponseControl;
+  /** The type of blocklist entry that triggered the verdict. Only present if the control is `restriction`. */
+  blocklistType?: RadarStandaloneResponseBlocklistType;
+}
+interface RadarStandaloneResponseWire {
+  verdict: RadarStandaloneResponseVerdict;
+  reason: string;
+  attempt_id: string;
+  control?: RadarStandaloneResponseControl;
+  blocklist_type?: RadarStandaloneResponseBlocklistType;
+}
+//#endregion
+//#region src/radar/interfaces/radar-list-entry-already-present-response.interface.d.ts
+interface RadarListEntryAlreadyPresentResponse {
+  /** A message indicating the entry already exists. */
+  message: string;
+}
+interface RadarListEntryAlreadyPresentResponseWire {
+  message: string;
+}
+//#endregion
+//#region src/radar/radar.d.ts
+declare class Radar {
+  private readonly workos;
+  constructor(workos: WorkOS);
+  /**
+   * Create an attempt
+   *
+   * Assess a request for risk using the Radar engine and receive a verdict.
+   * @param options - Object containing ipAddress, userAgent, email, authMethod, action.
+   * @param options.ipAddress - The IP address of the request to assess.
+   * @example "49.78.240.97"
+   * @param options.userAgent - The user agent string of the request to assess.
+   * @example "Mozilla/5.0"
+   * @param options.email - The email address of the user making the request.
+   * @example "user@example.com"
+   * @param options.authMethod - The authentication method being used.
+   * @example "Password"
+   * @param options.action - The action being performed.
+   * @example "sign-in"
+   * @returns {Promise<RadarStandaloneResponse>}
+   * @throws {BadRequestException} 400
+   */
+  createAttempt(options: CreateAttemptOptions): Promise<RadarStandaloneResponse>;
+  /**
+   * Update a Radar attempt
+   *
+   * You may optionally inform Radar that an authentication attempt or challenge was successful using this endpoint. Some Radar controls depend on tracking recent successful attempts, such as impossible travel.
+   * @param options - The request body.
+   * @param options.id - The unique identifier of the Radar attempt to update.
+   * @example "radar_att_01HZBC6N1EB1ZY7KG32X"
+   * @param options.challengeStatus - Set to `"success"` to mark the challenge as completed.
+   * @example "success"
+   * @param options.attemptStatus - Set to `"success"` to mark the authentication attempt as successful.
+   * @example "success"
+   * @returns {Promise<void>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   */
+  updateAttempt(options: UpdateAttemptOptions): Promise<void>;
+  /**
+   * Add an entry to a Radar list
+   *
+   * Add an entry to a Radar list.
+   * @param options - Object containing entry.
+   * @param options.type - The type of the Radar list (e.g. ip_address, domain, email).
+   * @example "ip_address"
+   * @param options.action - The list action indicating whether to add the entry to the allow or block list.
+   * @example "block"
+   * @param options.entry - The value to add to the list. Must match the format of the list type (e.g. a valid IP address for `ip_address`, a valid email for `email`).
+   * @example "198.51.100.42"
+   * @returns {Promise<RadarListEntryAlreadyPresentResponse>}
+   * @throws {BadRequestException} 400
+   */
+  addListEntry(options: AddListEntryOptions): Promise<RadarListEntryAlreadyPresentResponse>;
+  /**
+   * Remove an entry from a Radar list
+   *
+   * Remove an entry from a Radar list.
+   * @param options - Object containing entry.
+   * @param options.type - The type of the Radar list (e.g. ip_address, domain, email).
+   * @example "ip_address"
+   * @param options.action - The list action indicating whether to remove the entry from the allow or block list.
+   * @example "block"
+   * @param options.entry - The value to remove from the list. Must match an existing entry.
+   * @example "198.51.100.42"
+   * @returns {Promise<void>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   */
+  removeListEntry(options: RemoveListEntryOptions): Promise<void>;
+}
+//#endregion
 //#region src/admin-portal/admin-portal.d.ts
 declare class AdminPortal {
   private readonly workos;
@@ -4174,8 +4889,17 @@ interface Challenge {
   code?: string;
   authenticationFactorId: string;
 }
-//#endregion
-//#region src/multi-factor-auth/interfaces/enroll-factor-options.d.ts
+interface ChallengeResponse {
+  object: 'authentication_challenge';
+  id: string;
+  created_at: string;
+  updated_at: string;
+  expires_at?: string;
+  code?: string;
+  authentication_factor_id: string;
+}
+//#endregion
+//#region src/multi-factor-auth/interfaces/enroll-factor-options.d.ts
 type EnrollFactorOptions = {
   type: 'sms';
   phoneNumber: string;
@@ -4191,6 +4915,9 @@ type EnrollFactorOptions = {
 interface Sms {
   phoneNumber: string;
 }
+interface SmsResponse {
+  phone_number: string;
+}
 //#endregion
 //#region src/multi-factor-auth/interfaces/factor.interface.d.ts
 type FactorType = 'sms' | 'totp' | 'generic_otp';
@@ -4212,6 +4939,24 @@ interface FactorWithSecrets {
   sms?: Sms;
   totp?: TotpWithSecrets;
 }
+interface FactorResponse {
+  object: 'authentication_factor';
+  id: string;
+  created_at: string;
+  updated_at: string;
+  type: FactorType;
+  sms?: SmsResponse;
+  totp?: TotpResponse;
+}
+interface FactorWithSecretsResponse {
+  object: 'authentication_factor';
+  id: string;
+  created_at: string;
+  updated_at: string;
+  type: FactorType;
+  sms?: SmsResponse;
+  totp?: TotpWithSecretsResponse;
+}
 //#endregion
 //#region src/multi-factor-auth/interfaces/verify-challenge-options.d.ts
 interface VerifyChallengeOptions {
@@ -4224,6 +4969,10 @@ interface VerifyResponse {
   challenge: Challenge;
   valid: boolean;
 }
+interface VerifyResponseResponse {
+  challenge: ChallengeResponse;
+  valid: boolean;
+}
 //#endregion
 //#region src/multi-factor-auth/multi-factor-auth.d.ts
 declare class MultiFactorAuth {
@@ -4294,7 +5043,7 @@ declare class MultiFactorAuth {
    * @throws {UnprocessableEntityException} 422
    */
   createUserAuthFactor(payload: EnrollAuthFactorOptions): Promise<{
-    authenticationFactor: FactorWithSecrets$1;
+    authenticationFactor: AuthenticationFactorWithSecrets;
     authenticationChallenge: Challenge;
   }>;
   /**
@@ -4305,7 +5054,7 @@ declare class MultiFactorAuth {
    * @returns {Promise<AutoPaginatable<UMFactor, PaginationOptions>>}
    * @throws {UnprocessableEntityException} 422
    */
-  listUserAuthFactors(options: ListAuthFactorsOptions): Promise<AutoPaginatable<Factor$1, PaginationOptions>>;
+  listUserAuthFactors(options: ListAuthFactorsOptions): Promise<AutoPaginatable<AuthenticationFactor, PaginationOptions>>;
 }
 //#endregion
 //#region src/audit-logs/interfaces/audit-log-export-options.interface.d.ts
@@ -5520,13 +6269,131 @@ declare class FeatureFlags {
 declare class Groups {
   private readonly workos;
   constructor(workos: WorkOS);
+  /**
+   * List Group members
+   *
+   * Get a list of organization memberships in a group.
+   * @param options - Pagination and filter options.
+   * @param options.organizationId - Unique identifier of the Organization.
+   * @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+   * @param options.groupId - Unique identifier of the Group.
+   * @example "group_01HXYZ123456789ABCDEFGHIJ"
+   * @returns {Promise<AutoPaginatable<AuthorizationOrganizationMembership>>}
+   * @throws {AuthorizationException} 403
+   * @throws {NotFoundException} 404
+   */
+  listOrganizationMemberships(options: ListGroupOrganizationMembershipsOptions): Promise<AutoPaginatable<AuthorizationOrganizationMembership>>;
+  /**
+   * List groups
+   *
+   * Get a paginated list of groups within an organization.
+   * @param options - Pagination and filter options.
+   * @param options.organizationId - The ID of the organization.
+   * @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+   * @returns {Promise<AutoPaginatable<Group, PaginationOptions>>}
+   * @throws {AuthorizationException} 403
+   * @throws {NotFoundException} 404
+   */
+  listGroups(options: ListGroupsOptions): Promise<AutoPaginatable<Group, PaginationOptions>>;
+  /**
+   * Create a group
+   *
+   * Create a new group within an organization.
+   * @param options - Object containing name.
+   * @param options.organizationId - The ID of the organization.
+   * @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+   * @param options.name - The name of the Group.
+   * @example "Engineering"
+   * @param options.description - An optional description of the Group.
+   * @example "The engineering team"
+   * @returns {Promise<Group>}
+   * @throws {BadRequestException} 400
+   * @throws {AuthorizationException} 403
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   createGroup(options: CreateGroupOptions): Promise<Group>;
-  listGroups(options: ListGroupsOptions): Promise<AutoPaginatable<Group>>;
+  /**
+   * Get a group
+   *
+   * Retrieve a group by its ID within an organization.
+   * @param options - The request options.
+   * @param options.organizationId - The ID of the organization.
+   * @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+   * @param options.groupId - The ID of the group.
+   * @example "group_01HXYZ123456789ABCDEFGHIJ"
+   * @returns {Promise<Group>}
+   * @throws {AuthorizationException} 403
+   * @throws {NotFoundException} 404
+   */
   getGroup(options: GetGroupOptions): Promise<Group>;
+  /**
+   * Update a group
+   *
+   * Update an existing group. Only the fields provided in the request body will be updated.
+   * @param options - The request body.
+   * @param options.organizationId - The ID of the organization.
+   * @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+   * @param options.groupId - The ID of the group.
+   * @example "group_01HXYZ123456789ABCDEFGHIJ"
+   * @param options.name - The name of the Group.
+   * @example "Engineering"
+   * @param options.description - An optional description of the Group.
+   * @example "The engineering team"
+   * @returns {Promise<Group>}
+   * @throws {BadRequestException} 400
+   * @throws {AuthorizationException} 403
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   updateGroup(options: UpdateGroupOptions): Promise<Group>;
+  /**
+   * Delete a group
+   *
+   * Delete a group from an organization.
+   * @param options - The request options.
+   * @param options.organizationId - The ID of the organization.
+   * @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+   * @param options.groupId - The ID of the group.
+   * @example "group_01HXYZ123456789ABCDEFGHIJ"
+   * @returns {Promise<void>}
+   * @throws {AuthorizationException} 403
+   * @throws {NotFoundException} 404
+   */
   deleteGroup(options: DeleteGroupOptions): Promise<void>;
+  /**
+   * Add a member to a Group
+   *
+   * Add an organization membership to a group.
+   * @param options - Object containing organizationMembershipId.
+   * @param options.organizationId - Unique identifier of the Organization.
+   * @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+   * @param options.groupId - Unique identifier of the Group.
+   * @example "group_01HXYZ123456789ABCDEFGHIJ"
+   * @param options.organizationMembershipId - The ID of the Organization Membership to add to the group.
+   * @example "om_01HXYZ123456789ABCDEFGHIJ"
+   * @returns {Promise<Group>}
+   * @throws {BadRequestException} 400
+   * @throws {AuthorizationException} 403
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   addOrganizationMembership(options: AddGroupOrganizationMembershipOptions): Promise<Group>;
-  listOrganizationMemberships(options: ListGroupOrganizationMembershipsOptions): Promise<AutoPaginatable<AuthorizationOrganizationMembership>>;
+  /**
+   * Remove a member from a Group
+   *
+   * Remove an organization membership from a group.
+   * @param options - The request options.
+   * @param options.organizationId - Unique identifier of the Organization.
+   * @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+   * @param options.groupId - Unique identifier of the Group.
+   * @example "group_01HXYZ123456789ABCDEFGHIJ"
+   * @param options.omId - Unique identifier of the Organization Membership.
+   * @example "om_01HXYZ123456789ABCDEFGHIJ"
+   * @returns {Promise<void>}
+   * @throws {AuthorizationException} 403
+   * @throws {NotFoundException} 404
+   */
   removeOrganizationMembership(options: RemoveGroupOrganizationMembershipOptions): Promise<void>;
 }
 //#endregion
@@ -5537,9 +6404,19 @@ interface GetTokenOptions {
   userId?: string;
   scopes?: WidgetScope[];
 }
+interface SerializedGetTokenOptions {
+  organization_id: string;
+  user_id?: string;
+  scopes?: WidgetScope[];
+}
+declare const serializeGetTokenOptions: (options: GetTokenOptions) => SerializedGetTokenOptions;
 interface GetTokenResponse {
   token: string;
 }
+interface GetTokenResponseResponse {
+  token: string;
+}
+declare const deserializeGetTokenResponse: (data: GetTokenResponseResponse) => GetTokenResponse;
 //#endregion
 //#region src/widgets/widgets.d.ts
 declare class Widgets {
@@ -6175,45 +7052,828 @@ declare class Authorization {
    * "proj-456"
    *
    * @param options - Pagination and filter options.
-   * @returns {Promise<AutoPaginatable<UserOrganizationMembershipBaseListData>>}
-   * @throws {BadRequestException} 400
-   * @throws 403 response from the API.
-   * @throws {NotFoundException} 404
-   * @throws {UnprocessableEntityException} 422
+   * @returns {Promise<AutoPaginatable<UserOrganizationMembershipBaseListData>>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  listMembershipsForResourceByExternalId(options: ListMembershipsForResourceByExternalIdOptions): Promise<AutoPaginatable<AuthorizationOrganizationMembership>>;
+  /**
+   * List effective permissions for an organization membership on a resource
+   *
+   * Returns all permissions the organization membership effectively has on a resource, including permissions inherited through roles assigned to ancestor resources.
+   * @param organizationMembershipId - The ID of the organization membership.
+   *
+   * @example
+   * "om_01HXYZ123456789ABCDEFGHIJ"
+   *
+   * @param resourceId - The ID of the authorization resource.
+   *
+   * @example
+   * "authz_resource_01HXYZ123456789ABCDEFGHIJ"
+   *
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<AuthorizationPermission>>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  listEffectivePermissions(options: ListEffectivePermissionsOptions): Promise<AutoPaginatable<Permission>>;
+  /**
+   * List effective permissions for an organization membership on a resource by external ID
+   *
+   * Returns all permissions the organization membership effectively has on a resource identified by its external ID, including permissions inherited through roles assigned to ancestor resources.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<Permission, PaginationOptions>>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  listEffectivePermissionsByExternalId(options: ListEffectivePermissionsByExternalIdOptions): Promise<AutoPaginatable<Permission>>;
+}
+//#endregion
+//#region src/vault/interfaces/key/create-data-key.interface.d.ts
+interface CreateDataKeyOptions {
+  context: KeyContext;
+}
+//#endregion
+//#region src/vault/interfaces/key/decrypt-data-key.interface.d.ts
+interface DecryptDataKeyOptions {
+  keys: string;
+}
+interface DecryptDataKeyResponse {
+  data_key: string;
+  id: string;
+}
+//#endregion
+//#region src/vault/interfaces/create-rekey-options.interface.d.ts
+interface CreateRekeyOptions {
+  /** Map of values used to determine the new encryption key. */
+  context: Record<string, string>;
+  /** Base64-encoded encrypted data key blob to re-encrypt. */
+  encryptedKeys: string;
+}
+//#endregion
+//#region src/vault/interfaces/list-objects-options.interface.d.ts
+interface ListObjectsOptions extends PaginationOptions {
+  /** Filter results by name or structured search JSON. */
+  search?: string;
+  /** ISO 8601 timestamp to filter by last modified time. */
+  updatedAfter?: Date;
+}
+//#endregion
+//#region src/vault/interfaces/object/create-object.interface.d.ts
+interface CreateObjectEntity {
+  name: string;
+  value: string;
+  key_context: KeyContext;
+}
+interface CreateObjectOptions {
+  name: string;
+  value: string;
+  context: KeyContext;
+}
+//#endregion
+//#region src/vault/interfaces/object.interface.d.ts
+interface ObjectUpdateBy {
+  id: string;
+  name: string;
+}
+//#endregion
+//#region src/vault/interfaces/object/read-object.interface.d.ts
+interface ReadObjectOptions {
+  id: string;
+}
+interface ReadObjectMetadataResponse {
+  context: KeyContext;
+  environment_id: string;
+  id: string;
+  key_id: string;
+  updated_at: string;
+  updated_by: ObjectUpdateBy;
+  version_id: string;
+}
+interface ReadObjectResponse {
+  id: string;
+  metadata: ReadObjectMetadataResponse;
+  name: string;
+  value?: string;
+}
+//#endregion
+//#region src/vault/interfaces/object/update-object.interface.d.ts
+interface UpdateObjectEntity {
+  value: string;
+  version_check?: string;
+}
+interface UpdateObjectOptions {
+  id: string;
+  value: string;
+  versionCheck?: string;
+}
+//#endregion
+//#region src/vault/interfaces/delete-vault-object-options.interface.d.ts
+interface DeleteVaultObjectOptions {
+  /** Unique identifier of the object. */
+  id: string;
+  /** Expected current version for optimistic locking. */
+  versionCheck?: string;
+}
+//#endregion
+//#region src/vault/interfaces/create-data-key-response.interface.d.ts
+interface CreateDataKeyResponse {
+  /** Map of values used to determine the encryption key. */
+  context: Record<string, string>;
+  /** Base64-encoded data encryption key. */
+  dataKey?: string;
+  /** Base64-encoded encrypted data key blob. */
+  encryptedKeys?: string;
+  /** Unique identifier for the generated data key. */
+  id: string;
+}
+interface CreateDataKeyResponseWire {
+  context: Record<string, string>;
+  data_key: string;
+  encrypted_keys: string;
+  id: string;
+}
+//#endregion
+//#region src/vault/interfaces/actor.interface.d.ts
+/** The user or API key that performed an action. */
+interface Actor {
+  /** Unique identifier of the actor. */
+  id: string;
+  /** Display name of the actor. */
+  name: string;
+}
+interface ActorResponse {
+  id: string;
+  name: string;
+}
+//#endregion
+//#region src/vault/interfaces/object-metadata.interface.d.ts
+/** Metadata for a stored encrypted object. */
+interface ObjectMetadata {
+  /** Map of values used to determine the encryption key. */
+  context: Record<string, string>;
+  /** Environment the object belongs to. */
+  environmentId: string;
+  /** Unique identifier of the object. */
+  id: string;
+  /** Encryption key identifier. */
+  keyId: string;
+  /** Timestamp of the last update. */
+  updatedAt: Date;
+  updatedBy: Actor;
+  /** Current version identifier of the object. */
+  versionId?: string | null;
+}
+interface ObjectMetadataResponse {
+  context: Record<string, string>;
+  environment_id: string;
+  id: string;
+  key_id: string;
+  updated_at: string;
+  updated_by: ActorResponse;
+  version_id?: string | null;
+}
+//#endregion
+//#region src/vault/interfaces/vault-object.interface.d.ts
+/** An encrypted object with its decrypted value and metadata. */
+interface VaultObject {
+  /** Unique identifier of the object. */
+  id: string;
+  metadata: ObjectMetadata;
+  /** Unique name of the object. */
+  name: string;
+  /** Decrypted plaintext value. */
+  value?: string;
+}
+interface VaultObjectResponse {
+  id: string;
+  metadata: ObjectMetadataResponse;
+  name: string;
+  value: string;
+}
+//#endregion
+//#region src/vault/interfaces/object-version.interface.d.ts
+/** A static snapshot of an encrypted object. */
+interface ObjectVersion {
+  /** Timestamp when the version was created. */
+  createdAt: Date;
+  /** Whether this is the active version. */
+  currentVersion: boolean;
+  /** Hash of the object value. */
+  etag?: string;
+  /** Unique identifier of the version. */
+  id: string;
+  /** Number of bytes of stored data. */
+  size?: number;
+}
+interface ObjectVersionResponse {
+  created_at: string;
+  current_version: boolean;
+  etag?: string;
+  id: string;
+  size?: number;
+}
+//#endregion
+//#region src/vault/interfaces/list-metadata.interface.d.ts
+/** Cursor-based pagination metadata. */
+interface ListMetadata {
+  /** Cursor for the next page of results. */
+  after?: string | null;
+  /** Cursor for the previous page of results. */
+  before?: string | null;
+}
+//#endregion
+//#region src/vault/interfaces/version-list-response.interface.d.ts
+interface VersionListResponse {
+  /** List of object versions. */
+  data: ObjectVersion[];
+  listMetadata: ListMetadata;
+}
+//#endregion
+//#region src/vault/interfaces/object-summary.interface.d.ts
+/** Summary of an encrypted object returned in list responses. */
+interface ObjectSummary {
+  /** Unique identifier of the object. */
+  id: string;
+  /** Unique name of the object. */
+  name: string;
+  /** Timestamp of the last update. */
+  updatedAt?: Date | null;
+}
+interface ObjectSummaryResponse {
+  id: string;
+  name: string;
+  updated_at?: string | null;
+}
+//#endregion
+//#region src/vault/interfaces/read-object-by-name-options.interface.d.ts
+interface ReadObjectByNameOptions {
+  /** Unique name of the object. */
+  name: string;
+}
+//#endregion
+//#region src/vault/vault.d.ts
+declare class Vault {
+  private readonly workos;
+  constructor(workos: WorkOS);
+  /**
+   * Read an object by name
+   *
+   * Fetch and decrypt an object by its unique name.
+   * @param options - The object name string or request options.
+   * @param options.name - Unique name of the object.
+   * @example "my-secret"
+   * @returns {Promise<VaultObject>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   */
+  readObjectByName(name: string): Promise<VaultObject>;
+  readObjectByName(options: ReadObjectByNameOptions): Promise<VaultObject>;
+  /**
+   * Create a data key
+   *
+   * Generate an isolated encryption key for local encryption operations.
+   * @param options - Object containing context.
+   * @param options.context - Map of values used to determine the encryption key.
+   * @example {"organization_id":"org_01K8ZYT4AWJ6XP0E0S8CTBHE3P"}
+   * @returns {Promise<DataKeyPair>}
+   * @throws {BadRequestException} 400
+   * @throws {UnprocessableEntityException} 422
+   */
+  createDataKey(options: CreateDataKeyOptions): Promise<DataKeyPair>;
+  /**
+   * Decrypt a data key
+   *
+   * Decrypt a previously encrypted data key from WorkOS Vault.
+   * @param options - Object containing keys.
+   * @param options.keys - Base64-encoded encrypted data key to decrypt.
+   * @example "V09TLkVLTS52MQBiZjUxY2NlYy03OGI0LTUyMDAtYjM4My0zNTczMGU3MWVmNjEBATEBJGJmNjVlMzI2LTQzYTAtNGIyMC04OGM0LTA3ZmYzZGU1NDM0YwF0YmY2NWUzMjYtNDNhMC00YjIwLTg4YzQtMDdmZjNkZTU0MzRj"
+   * @returns {Promise<DataKey>}
+   * @throws {BadRequestException} 400
+   */
+  decryptDataKey(options: DecryptDataKeyOptions): Promise<DataKey>;
+  /**
+   * Re-encrypt a data key
+   *
+   * Decrypt an existing data key and re-encrypt it under a new key context.
+   * @param options - Object containing context, encryptedKeys.
+   * @param options.context - Map of values used to determine the new encryption key.
+   * @example {"organization_id":"org_01K8ZYT4AWJ6XP0E0S8CTBHE3P"}
+   * @param options.encryptedKeys - Base64-encoded encrypted data key blob to re-encrypt.
+   * @example "V09TLkVLTS52MQBiZjUxY2NlYy03OGI0LTUyMDAtYjM4My0zNTczMGU3MWVmNjEBATEBJGJmNjVlMzI2LTQzYTAtNGIyMC04OGM0LTA3ZmYzZGU1NDM0YwF0YmY2NWUzMjYtNDNhMC00YjIwLTg4YzQtMDdmZjNkZTU0MzRj"
+   * @returns {Promise<CreateDataKeyResponse>}
+   * @throws {BadRequestException} 400
+   * @throws {UnprocessableEntityException} 422
+   */
+  createRekey(options: CreateRekeyOptions): Promise<CreateDataKeyResponse>;
+  /**
+   * List objects
+   *
+   * List all encrypted objects with cursor-based pagination.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<ObjectSummary, PaginationOptions>>}
+   * @throws {BadRequestException} 400
+   */
+  listObjects(options?: ListObjectsOptions): Promise<AutoPaginatable<ObjectSummary, PaginationOptions>>;
+  /**
+   * Create an object
+   *
+   * Encrypt and store a new key-value object.
+   * @param options - Object containing keyContext, name, value.
+   * @param options.keyContext - Map of values used to determine the encryption key.
+   * @example {"organization_id":"org_01K8ZYT4AWJ6XP0E0S8CTBHE3P"}
+   * @param options.name - Unique name for the object.
+   * @example "my-secret"
+   * @param options.value - Plaintext data to encrypt and store.
+   * @example "s3cr3t-v4lu3"
+   * @returns {Promise<ObjectMetadata>}
+   * @throws {BadRequestException} 400
+   * @throws {ConflictException} 409
+   * @throws {UnprocessableEntityException} 422
+   */
+  createObject(options: CreateObjectOptions): Promise<ObjectMetadata>;
+  /**
+   * Read an object by ID
+   *
+   * Fetch and decrypt an object by its unique identifier.
+   * @param options - The request options.
+   * @param options.id - Unique identifier of the object.
+   * @example "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
+   * @returns {Promise<VaultObject>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   */
+  readObject(options: ReadObjectOptions): Promise<VaultObject>;
+  /**
+   * Update an object
+   *
+   * Update the value of an existing encrypted object.
+   * @param options - Object containing value.
+   * @param options.id - Unique identifier of the object.
+   * @example "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
+   * @param options.value - New plaintext value.
+   * @example "upd4t3d-v4lu3"
+   * @param options.versionCheck - ID of the expected current version for optimistic locking.
+   * @example "c3d4e5f6-7890-abcd-ef12-34567890abcd"
+   * @returns {Promise<VaultObject>}
+   * @throws {BadRequestException} 400
+   * @throws {ConflictException} 409
+   */
+  updateObject(options: UpdateObjectOptions): Promise<VaultObject>;
+  /**
+   * Delete an object
+   *
+   * Delete an encrypted object.
+   * @param options - Additional query options.
+   * @param options.id - Unique identifier of the object.
+   * @example "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
+   * @param options.versionCheck - Expected current version for optimistic locking.
+   * @example "c3d4e5f6-7890-abcd-ef12-34567890abcd"
+   * @returns {Promise<void>}
+   * @throws {NotFoundException} 404
+   * @throws {ConflictException} 409
+   */
+  deleteObject(options: DeleteVaultObjectOptions): Promise<void>;
+  /**
+   * Describe an object
+   *
+   * Fetch metadata for an object without decrypting it.
+   * @param options - The request options.
+   * @param options.id - Unique identifier of the object.
+   * @example "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
+   * @returns {Promise<VaultObject>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   */
+  describeObject(options: ReadObjectOptions): Promise<VaultObject>;
+  /**
+   * List object versions
+   *
+   * Retrieve all versions for a specific object.
+   * @param options - The request options.
+   * @param options.id - Unique identifier of the object.
+   * @example "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
+   * @returns {Promise<ObjectVersion[]>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   */
+  listObjectVersions(options: ReadObjectOptions): Promise<VersionListResponse['data']>;
+  private decode;
+  decrypt(encryptedData: string, associatedData?: string): Promise<string>;
+  encrypt(data: string, context: KeyContext, associatedData?: string): Promise<string>;
+}
+//#endregion
+//#region src/workos.d.ts
+/** WorkOS REST API */
+declare class WorkOS {
+  readonly baseURL: string;
+  readonly client: HttpClient;
+  readonly clientId?: string;
+  readonly key?: string;
+  readonly options: WorkOSOptions;
+  readonly pkce: PKCE;
+  private readonly hasApiKey;
+  readonly actions: Actions;
+  readonly apiKeys: ApiKeys;
+  readonly auditLogs: AuditLogs;
+  readonly authorization: Authorization;
+  readonly directorySync: DirectorySync;
+  readonly connect: Connect;
+  readonly events: Events;
+  readonly featureFlags: FeatureFlags;
+  readonly groups: Groups;
+  readonly multiFactorAuth: MultiFactorAuth;
+  readonly organizations: Organizations;
+  readonly organizationDomains: OrganizationDomains;
+  readonly passwordless: Passwordless;
+  readonly pipes: Pipes;
+  readonly radar: Radar;
+  readonly adminPortal: AdminPortal;
+  readonly sso: SSO;
+  readonly userManagement: UserManagement;
+  readonly vault: Vault;
+  readonly webhooks: Webhooks;
+  readonly widgets: Widgets;
+  /**
+   * Create a new WorkOS client.
+   *
+   * @param keyOrOptions - API key string, or options object
+   * @param maybeOptions - Options when first argument is API key
+   *
+   * @example
+   * // Server-side with API key (string)
+   * const workos = new WorkOS('sk_...');
+   *
+   * @example
+   * // Server-side with API key (object)
+   * const workos = new WorkOS({ apiKey: 'sk_...', clientId: 'client_...' });
+   *
+   * @example
+   * // PKCE/public client (no API key)
+   * const workos = new WorkOS({ clientId: 'client_...' });
+   */
+  constructor(keyOrOptions?: string | WorkOSOptions, maybeOptions?: WorkOSOptions);
+  private createUserAgent;
+  createWebhookClient(): Webhooks;
+  createActionsClient(): Actions;
+  getCryptoProvider(): CryptoProvider;
+  createHttpClient(options: WorkOSOptions, userAgent: string): HttpClient;
+  get version(): string;
+  /**
+   * Require API key for methods that need it.
+   * @param methodName - Name of the method requiring API key (for error message)
+   * @throws ApiKeyRequiredException if no API key was provided
+   */
+  requireApiKey(methodName: string): void;
+  post<Result = any, Entity = any>(path: string, entity: Entity, options?: PostOptions): Promise<{
+    data: Result;
+  }>;
+  get<Result = any>(path: string, options?: GetOptions): Promise<{
+    data: Result;
+  }>;
+  put<Result = any, Entity = any>(path: string, entity: Entity, options?: PutOptions): Promise<{
+    data: Result;
+  }>;
+  patch<Result = any, Entity = any>(path: string, entity: Entity, options?: PatchOptions): Promise<{
+    data: Result;
+  }>;
+  delete(path: string, query?: any): Promise<void>;
+  deleteWithBody<Entity = any>(path: string, entity: Entity): Promise<void>;
+  emitWarning(warning: string): void;
+  private handleParseError;
+  private handleHttpError;
+}
+//#endregion
+//#region src/webhooks/interfaces/list-webhook-endpoints-options.interface.d.ts
+type ListWebhookEndpointsOptions = PaginationOptions;
+//#endregion
+//#region src/webhooks/interfaces/create-webhook-endpoint-events.interface.d.ts
+declare const CreateWebhookEndpointEvents: {
+  readonly AuthenticationEmailVerificationSucceeded: "authentication.email_verification_succeeded";
+  readonly AuthenticationMagicAuthFailed: "authentication.magic_auth_failed";
+  readonly AuthenticationMagicAuthSucceeded: "authentication.magic_auth_succeeded";
+  readonly AuthenticationMfaSucceeded: "authentication.mfa_succeeded";
+  readonly AuthenticationOAuthFailed: "authentication.oauth_failed";
+  readonly AuthenticationOAuthSucceeded: "authentication.oauth_succeeded";
+  readonly AuthenticationPasswordFailed: "authentication.password_failed";
+  readonly AuthenticationPasswordSucceeded: "authentication.password_succeeded";
+  readonly AuthenticationPasskeyFailed: "authentication.passkey_failed";
+  readonly AuthenticationPasskeySucceeded: "authentication.passkey_succeeded";
+  readonly AuthenticationSSOFailed: "authentication.sso_failed";
+  readonly AuthenticationSSOStarted: "authentication.sso_started";
+  readonly AuthenticationSSOSucceeded: "authentication.sso_succeeded";
+  readonly AuthenticationSSOTimedOut: "authentication.sso_timed_out";
+  readonly AuthenticationRadarRiskDetected: "authentication.radar_risk_detected";
+  readonly ApiKeyCreated: "api_key.created";
+  readonly ApiKeyRevoked: "api_key.revoked";
+  readonly ConnectionActivated: "connection.activated";
+  readonly ConnectionDeactivated: "connection.deactivated";
+  readonly ConnectionSAMLCertificateRenewalRequired: "connection.saml_certificate_renewal_required";
+  readonly ConnectionSAMLCertificateRenewed: "connection.saml_certificate_renewed";
+  readonly ConnectionDeleted: "connection.deleted";
+  readonly DsyncActivated: "dsync.activated";
+  readonly DsyncDeleted: "dsync.deleted";
+  readonly DsyncGroupCreated: "dsync.group.created";
+  readonly DsyncGroupDeleted: "dsync.group.deleted";
+  readonly DsyncGroupUpdated: "dsync.group.updated";
+  readonly DsyncGroupUserAdded: "dsync.group.user_added";
+  readonly DsyncGroupUserRemoved: "dsync.group.user_removed";
+  readonly DsyncUserCreated: "dsync.user.created";
+  readonly DsyncUserDeleted: "dsync.user.deleted";
+  readonly DsyncUserUpdated: "dsync.user.updated";
+  readonly EmailVerificationCreated: "email_verification.created";
+  readonly GroupCreated: "group.created";
+  readonly GroupDeleted: "group.deleted";
+  readonly GroupMemberAdded: "group.member_added";
+  readonly GroupMemberRemoved: "group.member_removed";
+  readonly GroupUpdated: "group.updated";
+  readonly FlagCreated: "flag.created";
+  readonly FlagDeleted: "flag.deleted";
+  readonly FlagUpdated: "flag.updated";
+  readonly FlagRuleUpdated: "flag.rule_updated";
+  readonly InvitationAccepted: "invitation.accepted";
+  readonly InvitationCreated: "invitation.created";
+  readonly InvitationResent: "invitation.resent";
+  readonly InvitationRevoked: "invitation.revoked";
+  readonly MagicAuthCreated: "magic_auth.created";
+  readonly OrganizationCreated: "organization.created";
+  readonly OrganizationDeleted: "organization.deleted";
+  readonly OrganizationUpdated: "organization.updated";
+  readonly OrganizationDomainCreated: "organization_domain.created";
+  readonly OrganizationDomainDeleted: "organization_domain.deleted";
+  readonly OrganizationDomainUpdated: "organization_domain.updated";
+  readonly OrganizationDomainVerified: "organization_domain.verified";
+  readonly OrganizationDomainVerificationFailed: "organization_domain.verification_failed";
+  readonly PasswordResetCreated: "password_reset.created";
+  readonly PasswordResetSucceeded: "password_reset.succeeded";
+  readonly UserCreated: "user.created";
+  readonly UserUpdated: "user.updated";
+  readonly UserDeleted: "user.deleted";
+  readonly OrganizationMembershipCreated: "organization_membership.created";
+  readonly OrganizationMembershipDeleted: "organization_membership.deleted";
+  readonly OrganizationMembershipUpdated: "organization_membership.updated";
+  readonly RoleCreated: "role.created";
+  readonly RoleDeleted: "role.deleted";
+  readonly RoleUpdated: "role.updated";
+  readonly OrganizationRoleCreated: "organization_role.created";
+  readonly OrganizationRoleDeleted: "organization_role.deleted";
+  readonly OrganizationRoleUpdated: "organization_role.updated";
+  readonly PermissionCreated: "permission.created";
+  readonly PermissionDeleted: "permission.deleted";
+  readonly PermissionUpdated: "permission.updated";
+  readonly PipesConnectedAccountConnected: "pipes.connected_account.connected";
+  readonly PipesConnectedAccountDisconnected: "pipes.connected_account.disconnected";
+  readonly PipesConnectedAccountReauthorizationNeeded: "pipes.connected_account.reauthorization_needed";
+  readonly SessionCreated: "session.created";
+  readonly SessionRevoked: "session.revoked";
+  readonly WaitlistUserApproved: "waitlist_user.approved";
+  readonly WaitlistUserCreated: "waitlist_user.created";
+  readonly WaitlistUserDenied: "waitlist_user.denied";
+};
+type CreateWebhookEndpointEvents = (typeof CreateWebhookEndpointEvents)[keyof typeof CreateWebhookEndpointEvents];
+//#endregion
+//#region src/webhooks/interfaces/create-webhook-endpoint-options.interface.d.ts
+interface CreateWebhookEndpointOptions {
+  /** The HTTPS URL where webhooks will be sent. */
+  endpointUrl: string;
+  /** The events that the Webhook Endpoint is subscribed to. */
+  events: CreateWebhookEndpointEvents[];
+}
+//#endregion
+//#region src/webhooks/interfaces/update-webhook-endpoint-status.interface.d.ts
+declare const UpdateWebhookEndpointStatus: {
+  readonly Enabled: "enabled";
+  readonly Disabled: "disabled";
+};
+type UpdateWebhookEndpointStatus = (typeof UpdateWebhookEndpointStatus)[keyof typeof UpdateWebhookEndpointStatus];
+//#endregion
+//#region src/webhooks/interfaces/update-webhook-endpoint-events.interface.d.ts
+declare const UpdateWebhookEndpointEvents: {
+  readonly AuthenticationEmailVerificationSucceeded: "authentication.email_verification_succeeded";
+  readonly AuthenticationMagicAuthFailed: "authentication.magic_auth_failed";
+  readonly AuthenticationMagicAuthSucceeded: "authentication.magic_auth_succeeded";
+  readonly AuthenticationMfaSucceeded: "authentication.mfa_succeeded";
+  readonly AuthenticationOAuthFailed: "authentication.oauth_failed";
+  readonly AuthenticationOAuthSucceeded: "authentication.oauth_succeeded";
+  readonly AuthenticationPasswordFailed: "authentication.password_failed";
+  readonly AuthenticationPasswordSucceeded: "authentication.password_succeeded";
+  readonly AuthenticationPasskeyFailed: "authentication.passkey_failed";
+  readonly AuthenticationPasskeySucceeded: "authentication.passkey_succeeded";
+  readonly AuthenticationSSOFailed: "authentication.sso_failed";
+  readonly AuthenticationSSOStarted: "authentication.sso_started";
+  readonly AuthenticationSSOSucceeded: "authentication.sso_succeeded";
+  readonly AuthenticationSSOTimedOut: "authentication.sso_timed_out";
+  readonly AuthenticationRadarRiskDetected: "authentication.radar_risk_detected";
+  readonly ApiKeyCreated: "api_key.created";
+  readonly ApiKeyRevoked: "api_key.revoked";
+  readonly ConnectionActivated: "connection.activated";
+  readonly ConnectionDeactivated: "connection.deactivated";
+  readonly ConnectionSAMLCertificateRenewalRequired: "connection.saml_certificate_renewal_required";
+  readonly ConnectionSAMLCertificateRenewed: "connection.saml_certificate_renewed";
+  readonly ConnectionDeleted: "connection.deleted";
+  readonly DsyncActivated: "dsync.activated";
+  readonly DsyncDeleted: "dsync.deleted";
+  readonly DsyncGroupCreated: "dsync.group.created";
+  readonly DsyncGroupDeleted: "dsync.group.deleted";
+  readonly DsyncGroupUpdated: "dsync.group.updated";
+  readonly DsyncGroupUserAdded: "dsync.group.user_added";
+  readonly DsyncGroupUserRemoved: "dsync.group.user_removed";
+  readonly DsyncUserCreated: "dsync.user.created";
+  readonly DsyncUserDeleted: "dsync.user.deleted";
+  readonly DsyncUserUpdated: "dsync.user.updated";
+  readonly EmailVerificationCreated: "email_verification.created";
+  readonly GroupCreated: "group.created";
+  readonly GroupDeleted: "group.deleted";
+  readonly GroupMemberAdded: "group.member_added";
+  readonly GroupMemberRemoved: "group.member_removed";
+  readonly GroupUpdated: "group.updated";
+  readonly FlagCreated: "flag.created";
+  readonly FlagDeleted: "flag.deleted";
+  readonly FlagUpdated: "flag.updated";
+  readonly FlagRuleUpdated: "flag.rule_updated";
+  readonly InvitationAccepted: "invitation.accepted";
+  readonly InvitationCreated: "invitation.created";
+  readonly InvitationResent: "invitation.resent";
+  readonly InvitationRevoked: "invitation.revoked";
+  readonly MagicAuthCreated: "magic_auth.created";
+  readonly OrganizationCreated: "organization.created";
+  readonly OrganizationDeleted: "organization.deleted";
+  readonly OrganizationUpdated: "organization.updated";
+  readonly OrganizationDomainCreated: "organization_domain.created";
+  readonly OrganizationDomainDeleted: "organization_domain.deleted";
+  readonly OrganizationDomainUpdated: "organization_domain.updated";
+  readonly OrganizationDomainVerified: "organization_domain.verified";
+  readonly OrganizationDomainVerificationFailed: "organization_domain.verification_failed";
+  readonly PasswordResetCreated: "password_reset.created";
+  readonly PasswordResetSucceeded: "password_reset.succeeded";
+  readonly UserCreated: "user.created";
+  readonly UserUpdated: "user.updated";
+  readonly UserDeleted: "user.deleted";
+  readonly OrganizationMembershipCreated: "organization_membership.created";
+  readonly OrganizationMembershipDeleted: "organization_membership.deleted";
+  readonly OrganizationMembershipUpdated: "organization_membership.updated";
+  readonly RoleCreated: "role.created";
+  readonly RoleDeleted: "role.deleted";
+  readonly RoleUpdated: "role.updated";
+  readonly OrganizationRoleCreated: "organization_role.created";
+  readonly OrganizationRoleDeleted: "organization_role.deleted";
+  readonly OrganizationRoleUpdated: "organization_role.updated";
+  readonly PermissionCreated: "permission.created";
+  readonly PermissionDeleted: "permission.deleted";
+  readonly PermissionUpdated: "permission.updated";
+  readonly PipesConnectedAccountConnected: "pipes.connected_account.connected";
+  readonly PipesConnectedAccountDisconnected: "pipes.connected_account.disconnected";
+  readonly PipesConnectedAccountReauthorizationNeeded: "pipes.connected_account.reauthorization_needed";
+  readonly SessionCreated: "session.created";
+  readonly SessionRevoked: "session.revoked";
+  readonly WaitlistUserApproved: "waitlist_user.approved";
+  readonly WaitlistUserCreated: "waitlist_user.created";
+  readonly WaitlistUserDenied: "waitlist_user.denied";
+};
+type UpdateWebhookEndpointEvents = (typeof UpdateWebhookEndpointEvents)[keyof typeof UpdateWebhookEndpointEvents];
+//#endregion
+//#region src/webhooks/interfaces/update-webhook-endpoint-options.interface.d.ts
+interface UpdateWebhookEndpointOptions {
+  /** Unique identifier of the Webhook Endpoint. */
+  id: string;
+  /** The HTTPS URL where webhooks will be sent. */
+  endpointUrl?: string;
+  /** Whether the Webhook Endpoint is enabled or disabled. */
+  status?: UpdateWebhookEndpointStatus;
+  /** The events that the Webhook Endpoint is subscribed to. */
+  events?: UpdateWebhookEndpointEvents[];
+}
+//#endregion
+//#region src/webhooks/interfaces/delete-webhook-endpoint-options.interface.d.ts
+interface DeleteWebhookEndpointOptions {
+  /** Unique identifier of the Webhook Endpoint. */
+  id: string;
+}
+//#endregion
+//#region src/webhooks/interfaces/webhook-endpoint-status.interface.d.ts
+declare const WebhookEndpointStatus: {
+  readonly Enabled: "enabled";
+  readonly Disabled: "disabled";
+};
+type WebhookEndpointStatus = (typeof WebhookEndpointStatus)[keyof typeof WebhookEndpointStatus];
+//#endregion
+//#region src/webhooks/interfaces/webhook-endpoint.interface.d.ts
+interface WebhookEndpoint {
+  /** Distinguishes the Webhook Endpoint object. */
+  object: 'webhook_endpoint';
+  /** Unique identifier of the Webhook Endpoint. */
+  id: string;
+  /** The URL to which webhooks are sent. */
+  endpointUrl: string;
+  /** The secret used to sign webhook payloads. */
+  secret: string;
+  /** Whether the Webhook Endpoint is enabled or disabled. */
+  status: WebhookEndpointStatus;
+  /** The events that the Webhook Endpoint is subscribed to. */
+  events: string[];
+  /** An ISO 8601 timestamp. */
+  createdAt: Date;
+  /** An ISO 8601 timestamp. */
+  updatedAt: Date;
+}
+interface WebhookEndpointResponse {
+  object: 'webhook_endpoint';
+  id: string;
+  endpoint_url: string;
+  secret: string;
+  status: WebhookEndpointStatus;
+  events: string[];
+  created_at: string;
+  updated_at: string;
+}
+//#endregion
+//#region src/webhooks/webhooks.d.ts
+declare class Webhooks {
+  private readonly workos;
+  constructor(workos: WorkOS);
+  /**
+   * List Webhook Endpoints
+   *
+   * Get a list of all of your existing webhook endpoints.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<WebhookEndpoint, PaginationOptions>>}
    */
-  listMembershipsForResourceByExternalId(options: ListMembershipsForResourceByExternalIdOptions): Promise<AutoPaginatable<AuthorizationOrganizationMembership>>;
+  listWebhookEndpoints(options?: ListWebhookEndpointsOptions): Promise<AutoPaginatable<WebhookEndpoint, PaginationOptions>>;
   /**
-   * List effective permissions for an organization membership on a resource
-   *
-   * Returns all permissions the organization membership effectively has on a resource, including permissions inherited through roles assigned to ancestor resources.
-   * @param organizationMembershipId - The ID of the organization membership.
-   *
-   * @example
-   * "om_01HXYZ123456789ABCDEFGHIJ"
-   *
-   * @param resourceId - The ID of the authorization resource.
+   * Create a Webhook Endpoint
    *
-   * @example
-   * "authz_resource_01HXYZ123456789ABCDEFGHIJ"
+   * Create a new webhook endpoint to receive event notifications.
+   * @param options - Object containing endpointUrl, events.
+   * @param options.endpointUrl - The HTTPS URL where webhooks will be sent.
+   * @example "https://example.com/webhooks"
+   * @param options.events - The events that the Webhook Endpoint is subscribed to.
+   * @example ["user.created","dsync.user.created"]
+   * @returns {Promise<WebhookEndpoint>}
+   * @throws {ConflictException} 409
+   * @throws {UnprocessableEntityException} 422
+   */
+  createWebhookEndpoint(options: CreateWebhookEndpointOptions): Promise<WebhookEndpoint>;
+  /**
+   * Update a Webhook Endpoint
    *
-   * @param options - Pagination and filter options.
-   * @returns {Promise<AutoPaginatable<AuthorizationPermission>>}
-   * @throws 403 response from the API.
+   * Update the properties of an existing webhook endpoint.
+   * @param options - The request body.
+   * @param options.id - Unique identifier of the Webhook Endpoint.
+   * @example "we_0123456789"
+   * @param options.endpointUrl - The HTTPS URL where webhooks will be sent.
+   * @example "https://example.com/webhooks"
+   * @param options.status - Whether the Webhook Endpoint is enabled or disabled.
+   * @example "enabled"
+   * @param options.events - The events that the Webhook Endpoint is subscribed to.
+   * @example ["user.created","dsync.user.created"]
+   * @returns {Promise<WebhookEndpoint>}
    * @throws {NotFoundException} 404
+   * @throws {ConflictException} 409
    * @throws {UnprocessableEntityException} 422
    */
-  listEffectivePermissions(options: ListEffectivePermissionsOptions): Promise<AutoPaginatable<Permission>>;
+  updateWebhookEndpoint(options: UpdateWebhookEndpointOptions): Promise<WebhookEndpoint>;
   /**
-   * List effective permissions for an organization membership on a resource by external ID
+   * Delete a Webhook Endpoint
    *
-   * Returns all permissions the organization membership effectively has on a resource identified by its external ID, including permissions inherited through roles assigned to ancestor resources.
-   * @param options - Pagination and filter options.
-   * @returns {Promise<AutoPaginatable<Permission, PaginationOptions>>}
-   * @throws 403 response from the API.
+   * Delete an existing webhook endpoint.
+   * @param options - The request options.
+   * @param options.id - Unique identifier of the Webhook Endpoint.
+   * @example "we_0123456789"
+   * @returns {Promise<void>}
    * @throws {NotFoundException} 404
-   * @throws {UnprocessableEntityException} 422
    */
-  listEffectivePermissionsByExternalId(options: ListEffectivePermissionsByExternalIdOptions): Promise<AutoPaginatable<Permission>>;
+  deleteWebhookEndpoint(options: DeleteWebhookEndpointOptions): Promise<void>;
+  private _signatureProvider?;
+  private get signatureProvider();
+  get verifyHeader(): ({
+    payload,
+    sigHeader,
+    secret,
+    tolerance
+  }: {
+    payload: WebhookPayload;
+    sigHeader: string;
+    secret: string;
+    tolerance?: number;
+  }) => Promise<boolean>;
+  get computeSignature(): (timestamp: any, payload: WebhookPayload, secret: string) => Promise<string>;
+  get getTimestampAndSignatureHash(): (sigHeader: string) => [string, string];
+  constructEvent({
+    payload,
+    sigHeader,
+    secret,
+    tolerance
+  }: {
+    payload: WebhookPayload;
+    sigHeader: string;
+    secret: string;
+    tolerance?: number;
+  }): Promise<Event>;
+  private parseVerifiedPayload;
 }
 //#endregion
 //#region src/common/exceptions/api-key-required.exception.d.ts
@@ -6539,216 +8199,5 @@ interface ConfidentialClientOptions extends WorkOSOptions {
 declare function createWorkOS(options: PublicClientOptions): PublicWorkOS;
 declare function createWorkOS(options: ConfidentialClientOptions): WorkOS;
 //#endregion
-//#region src/index.worker.d.ts
-declare class WorkOSWorker extends WorkOS {
-  /** @override */
-  createHttpClient(options: WorkOSOptions, userAgent: string): HttpClient;
-  /** @override */
-  createWebhookClient(): Webhooks;
-  getCryptoProvider(): CryptoProvider;
-  /** @override */
-  createActionsClient(): Actions;
-  /** @override */
-  emitWarning(warning: string): void;
-}
-//#endregion
-//#region src/vault/interfaces/key/create-data-key.interface.d.ts
-interface CreateDataKeyOptions {
-  context: KeyContext;
-}
-interface CreateDataKeyResponse {
-  context: KeyContext;
-  data_key: string;
-  encrypted_keys: string;
-  id: string;
-}
-//#endregion
-//#region src/vault/interfaces/key/decrypt-data-key.interface.d.ts
-interface DecryptDataKeyOptions {
-  keys: string;
-}
-interface DecryptDataKeyResponse {
-  data_key: string;
-  id: string;
-}
-//#endregion
-//#region src/vault/interfaces/object/create-object.interface.d.ts
-interface CreateObjectEntity {
-  name: string;
-  value: string;
-  key_context: KeyContext;
-}
-interface CreateObjectOptions {
-  name: string;
-  value: string;
-  context: KeyContext;
-}
-//#endregion
-//#region src/vault/interfaces/object/delete-object.interface.d.ts
-interface DeleteObjectOptions {
-  id: string;
-}
-//#endregion
-//#region src/vault/interfaces/object.interface.d.ts
-interface ObjectDigest {
-  id: string;
-  name: string;
-  updatedAt: Date;
-}
-interface ObjectUpdateBy {
-  id: string;
-  name: string;
-}
-interface ObjectMetadata {
-  context: KeyContext;
-  environmentId: string;
-  id: string;
-  keyId: string;
-  updatedAt: Date;
-  updatedBy: ObjectUpdateBy;
-  versionId: string;
-}
-interface VaultObject {
-  id: string;
-  metadata: ObjectMetadata;
-  name: string;
-  value?: string;
-}
-interface ObjectVersion {
-  createdAt: Date;
-  currentVersion: boolean;
-  id: string;
-}
-//#endregion
-//#region src/vault/interfaces/object/read-object.interface.d.ts
-interface ReadObjectOptions {
-  id: string;
-}
-interface ReadObjectMetadataResponse {
-  context: KeyContext;
-  environment_id: string;
-  id: string;
-  key_id: string;
-  updated_at: string;
-  updated_by: ObjectUpdateBy;
-  version_id: string;
-}
-interface ReadObjectResponse {
-  id: string;
-  metadata: ReadObjectMetadataResponse;
-  name: string;
-  value?: string;
-}
-//#endregion
-//#region src/vault/interfaces/object/update-object.interface.d.ts
-interface UpdateObjectEntity {
-  value: string;
-  version_check?: string;
-}
-interface UpdateObjectOptions {
-  id: string;
-  value: string;
-  versionCheck?: string;
-}
-//#endregion
-//#region src/vault/vault.d.ts
-declare class Vault {
-  private readonly workos;
-  private cryptoProvider;
-  constructor(workos: WorkOS);
-  private decode;
-  createObject(options: CreateObjectOptions): Promise<ObjectMetadata>;
-  listObjects(options?: PaginationOptions | undefined): Promise<List<ObjectDigest>>;
-  listObjectVersions(options: ReadObjectOptions): Promise<ObjectVersion[]>;
-  readObject(options: ReadObjectOptions): Promise<VaultObject>;
-  readObjectByName(name: string): Promise<VaultObject>;
-  describeObject(options: ReadObjectOptions): Promise<VaultObject>;
-  updateObject(options: UpdateObjectOptions): Promise<VaultObject>;
-  deleteObject(options: DeleteObjectOptions): Promise<void>;
-  createDataKey(options: CreateDataKeyOptions): Promise<DataKeyPair>;
-  decryptDataKey(options: DecryptDataKeyOptions): Promise<DataKey>;
-  encrypt(data: string, context: KeyContext, associatedData?: string): Promise<string>;
-  decrypt(encryptedData: string, associatedData?: string): Promise<string>;
-}
-//#endregion
-//#region src/workos.d.ts
-/** WorkOS REST API */
-declare class WorkOS {
-  readonly baseURL: string;
-  readonly client: HttpClient;
-  readonly clientId?: string;
-  readonly key?: string;
-  readonly options: WorkOSOptions;
-  readonly pkce: PKCE;
-  private readonly hasApiKey;
-  readonly actions: Actions;
-  readonly apiKeys: ApiKeys;
-  readonly auditLogs: AuditLogs;
-  readonly authorization: Authorization;
-  readonly directorySync: DirectorySync;
-  readonly events: Events;
-  readonly featureFlags: FeatureFlags;
-  readonly groups: Groups;
-  readonly multiFactorAuth: MultiFactorAuth;
-  readonly organizations: Organizations;
-  readonly organizationDomains: OrganizationDomains;
-  readonly passwordless: Passwordless;
-  readonly pipes: Pipes;
-  readonly adminPortal: AdminPortal;
-  readonly sso: SSO;
-  readonly userManagement: UserManagement;
-  readonly vault: Vault;
-  readonly webhooks: Webhooks;
-  readonly widgets: Widgets;
-  /**
-   * Create a new WorkOS client.
-   *
-   * @param keyOrOptions - API key string, or options object
-   * @param maybeOptions - Options when first argument is API key
-   *
-   * @example
-   * // Server-side with API key (string)
-   * const workos = new WorkOS('sk_...');
-   *
-   * @example
-   * // Server-side with API key (object)
-   * const workos = new WorkOS({ apiKey: 'sk_...', clientId: 'client_...' });
-   *
-   * @example
-   * // PKCE/public client (no API key)
-   * const workos = new WorkOS({ clientId: 'client_...' });
-   */
-  constructor(keyOrOptions?: string | WorkOSOptions, maybeOptions?: WorkOSOptions);
-  private createUserAgent;
-  createWebhookClient(): Webhooks;
-  createActionsClient(): Actions;
-  getCryptoProvider(): CryptoProvider;
-  createHttpClient(options: WorkOSOptions, userAgent: string): HttpClient;
-  get version(): string;
-  /**
-   * Require API key for methods that need it.
-   * @param methodName - Name of the method requiring API key (for error message)
-   * @throws ApiKeyRequiredException if no API key was provided
-   */
-  requireApiKey(methodName: string): void;
-  post<Result = any, Entity = any>(path: string, entity: Entity, options?: PostOptions): Promise<{
-    data: Result;
-  }>;
-  get<Result = any>(path: string, options?: GetOptions): Promise<{
-    data: Result;
-  }>;
-  put<Result = any, Entity = any>(path: string, entity: Entity, options?: PutOptions): Promise<{
-    data: Result;
-  }>;
-  patch<Result = any, Entity = any>(path: string, entity: Entity, options?: PatchOptions): Promise<{
-    data: Result;
-  }>;
-  delete(path: string, query?: any): Promise<void>;
-  deleteWithBody<Entity = any>(path: string, entity: Entity): Promise<void>;
-  emitWarning(warning: string): void;
-  private handleParseError;
-  private handleHttpError;
-}
-//#endregion
-export { CreateAuditLogSchemaRequestOptions as $, FlagPollEntry as $a, ConnectionDomain as $c, VaultDekDecryptedEventResponse as $i, DeleteAuthorizationResourceByExternalIdOptions as $l, DsyncUserCreatedEvent as $n, MagicAuth as $o, OrganizationDomainVerifiedEvent as $r, AuthenticationEventSsoResponse as $s, List as $t, HttpClientResponseInterface as $u, IntentOptions as A, VaultNamesListedEventData as Aa, AuthenticateWithEmailVerificationOptions as Ac, RoleUpdatedEventResponse as Ai, SerializedAssignRoleOptions as Al, AuthenticationSSOFailedEventResponse as An, UpdateUserOptions as Ao, GroupUpdatedEventResponse as Ar, FactorWithSecrets$1 as As, UserRegistrationActionResponseData as At, UpdateEnvironmentRoleOptions as Au, NoApiKeyProvidedException as B, Group as Ba, SerializedAuthenticateWithOptionsBase as Bc, UserUpdatedEvent as Bi, RoleAssignmentRole as Bl, DsyncActivatedEventResponse as Bn, RevokeSessionOptions as Bo, MagicAuthCreatedEventResponse as Br, CreatePasswordResetOptions as Bs, ListOrganizationsOptions as Bt, SerializedListDirectoriesOptions as Bu, PublicUserManagement as C, VaultDekDecryptedEventResponseData as Ca, AuthenticateUserWithOrganizationSelectionCredentials as Cc, PermissionUpdatedEvent as Ci, RemoveRoleOptionsWithResourceExternalId as Cl, AuthenticationPasswordFailedEvent as Cn, CreateOrganizationDomainOptions as Co, GroupMemberAddedEvent as Cr, Invitation as Cs, AutoPaginatable as Ct, UpdateOrganizationRoleOptions as Cu, PortalLinkResponseWire as D, VaultKekCreatedEventResponseData as Da, AuthenticateWithMagicAuthOptions as Dc, RoleDeletedEvent as Di, AssignRoleOptionsWithResourceExternalId as Dl, AuthenticationRadarRiskDetectedEvent as Dn, SerializedUpdateUserPasswordOptions as Do, GroupMemberRemovedEvent as Dr, Identity as Ds, Actions as Dt, AddEnvironmentRolePermissionOptions as Du, PortalLinkResponse as E, VaultKekCreatedEventData as Ea, AuthenticateUserWithMagicAuthCredentials as Ec, RoleCreatedEventResponse as Ei, AssignRoleOptions as El, AuthenticationPasswordSucceededEventResponse as En, VerifyEmailOptions as Eo, GroupMemberEventResponseData as Er, InvitationResponse as Es, Webhooks as Et, OrganizationRole as Eu, UnauthorizedException as F, SerializedUpdateGroupOptions as Fa, AuthenticateWithCodeOptions as Fc, UnknownEvent as Fi, SerializedListRoleAssignmentsOptions as Fl, ConnectionDeactivatedEvent as Fn, SessionResponse as Fo, InvitationResentEvent as Fr, EmailVerificationEvent as Fs, UserRegistrationActionPayload as Ft, EnvironmentRoleListResponse as Fu, AuthenticationException as G, SerializedCreateGroupOptions as Ga, ProfileResponse as Gc, VaultDataCreatedEventResponse as Gi, ListResourcesForMembershipOptionsWithParentId as Gl, DsyncGroupDeletedEvent as Gn, ResendInvitationOptions as Go, OrganizationDomainCreatedEvent as Gr, SerializedCreateMagicAuthOptions as Gs, DomainData as Gt, DirectoryResponse as Gu, BadRequestException as H, GetGroupOptions as Ha, ProfileAndToken as Hc, VaultByokKeyVerificationCompletedEvent as Hi, ListMembershipsForResourceOptions as Hl, DsyncDeletedEventResponse as Hn, serializeRevokeSessionOptions as Ho, OrganizationCreatedResponse as Hr, CreateOrganizationMembershipOptions as Hs, CreateOrganizationOptions as Ht, DirectoryGroup as Hu, SignatureVerificationException as I, UpdateGroupOptions as Ia, SerializedAuthenticateWithCodeOptions as Ic, UserCreatedEvent as Ii, RoleAssignment as Il, ConnectionDeactivatedEventResponse as In, SessionStatus as Io, InvitationResentEventResponse as Ir, EmailVerificationEventResponse as Is, SerializedUpdateOrganizationOptions as It, EnvironmentRoleResponse as Iu, WorkOSErrorData as J, RuntimeClientStats as Ja, ListConnectionsOptions as Jc, VaultDataReadEvent as Ji, AuthorizationCheckOptionsWithResourceExternalId as Jl, DsyncGroupUpdatedEventResponse as Jn, RefreshSessionResponse as Jo, OrganizationDomainDeletedEventResponse as Jr, AuthenticationRadarRiskDetectedEventData as Js, WorkOSOptions as Jt, DirectoryType as Ju, isAuthenticationErrorData as K, AddGroupOrganizationMembershipOptions as Ka, OauthTokens as Kc, VaultDataDeletedEvent as Ki, SerializedListResourcesForMembershipOptions as Kl, DsyncGroupDeletedEventResponse as Kn, SerializedResendInvitationOptions as Ko, OrganizationDomainCreatedEventResponse as Kr, PKCEAuthorizationURLResult as Ks, DomainDataState as Kt, DirectoryState as Ku, RateLimitExceededException as L, RemoveGroupOrganizationMembershipOptions as La, AuthenticateWithOptionsBase as Lc, UserCreatedEventResponse as Li, RoleAssignmentResource as Ll, ConnectionDeletedEvent as Ln, SendVerificationEmailOptions as Lo, InvitationRevokedEvent as Lr, EmailVerificationResponse as Ls, UpdateOrganizationOptions as Lt, ListDirectoryUsersOptions as Lu, SSOIntentOptions as M, DataKey as Ma, AuthenticateWithCodeAndVerifierOptions as Mc, SessionCreatedEventResponse as Mi, ListRoleAssignmentsForResourceOptions as Ml, AuthenticationSSOSucceededEventResponse as Mn, UpdateOrganizationMembershipOptions as Mo, InvitationAcceptedEventResponse as Mr, EnrollAuthFactorOptions as Ms, ActionPayload as Mt, SerializedCreateEnvironmentRoleOptions as Mu, SSOIntentOptionsResponse as N, DataKeyPair as Na, SerializedAuthenticateWithCodeAndVerifierOptions as Nc, SessionRevokedEvent as Ni, SerializedListRoleAssignmentsForResourceOptions as Nl, ConnectionActivatedEvent as Nn, AuthMethod as No, InvitationCreatedEvent as Nr, SerializedEnrollUserInMfaFactorOptions as Ns, UserData as Nt, EnvironmentRole as Nu, GenerateLink as O, VaultMetadataReadEventData as Oa, SerializedAuthenticateWithMagicAuthOptions as Oc, RoleDeletedEventResponse as Oi, AssignRoleOptionsWithResourceId as Ol, AuthenticationRadarRiskDetectedEventResponse as On, UpdateUserPasswordOptions as Oo, GroupMemberRemovedEventResponse as Or, Factor$1 as Os, AuthenticationActionResponseData as Ot, SetEnvironmentRolePermissionsOptions as Ou, UnprocessableEntityException as P, KeyContext as Pa, AuthenticateUserWithCodeCredentials as Pc, SessionRevokedEventResponse as Pi, ListRoleAssignmentsOptions as Pl, ConnectionActivatedEventResponse as Pn, Session as Po, InvitationCreatedEventResponse as Pr, EmailVerification as Ps, UserDataPayload as Pt, EnvironmentRoleList as Pu, CreateAuditLogSchemaOptions as Q, ListFeatureFlagsOptions as Qa, Connection as Qc, VaultDekDecryptedEvent as Qi, DeleteAuthorizationResourceOptions as Ql, DsyncGroupUserRemovedEventResponse as Qn, PasswordResetResponse as Qo, OrganizationDomainVerificationFailedEventResponse as Qr, AuthenticationEventSso as Qs, PatchOptions as Qt, HttpClientInterface as Qu, OauthException as R, ListGroupsOptions as Ra, AuthenticateWithSessionOptions as Rc, UserDeletedEvent as Ri, RoleAssignmentResourceResponse as Rl, ConnectionDeletedEventResponse as Rn, SendInvitationOptions as Ro, InvitationRevokedEventResponse as Rr, CreateUserOptions as Rs, Organization as Rt, ListDirectoryGroupsOptions as Ru, PublicSSO as S, VaultDekDecryptedEventData as Sa, SerializedAuthenticateWithPasswordOptions as Sc, PermissionDeletedEventResponse as Si, RemoveRoleOptions as Sl, AuthenticationPasskeySucceededEventResponse as Sn, OrganizationDomainVerificationStrategy as So, GroupDeletedEventResponse as Sr, ListAuthFactorsOptions as Ss, SerializedListEventOptions as St, SerializedUpdateOrganizationRoleOptions as Su, createWorkOS as T, VaultDekReadEventResponseData as Ta, SerializedAuthenticateWithOrganizationSelectionOptions as Tc, RoleCreatedEvent as Ti, SerializedRemoveRoleOptions as Tl, AuthenticationPasswordSucceededEvent as Tn, SerializedVerifyEmailOptions as To, GroupMemberEventData as Tr, InvitationEventResponse as Ts, PKCEPair as Tt, SerializedCreateOrganizationRoleOptions as Tu, AuthenticationErrorCode as U, DeleteGroupOptions as Ua, ProfileAndTokenResponse as Uc, VaultByokKeyVerificationCompletedEventResponse as Ui, ListResourcesForMembershipOptions as Ul, DsyncGroupCreatedEvent as Un, ResetPasswordOptions as Uo, OrganizationDeletedEvent as Ur, SerializedCreateOrganizationMembershipOptions as Us, CreateOrganizationRequestOptions as Ut, DirectoryGroupResponse as Uu, ConflictException as V, GroupResponse as Va, WithResolvedClientId as Vc, UserUpdatedEventResponse as Vi, ListMembershipsForResourceByExternalIdOptions as Vl, DsyncDeletedEvent as Vn, SerializedRevokeSessionOptions as Vo, OrganizationCreatedEvent as Vr, SerializedCreatePasswordResetOptions as Vs, ListOrganizationFeatureFlagsOptions as Vt, PaginationOptions as Vu, AuthenticationErrorData as W, CreateGroupOptions as Wa, Profile as Wc, VaultDataCreatedEvent as Wi, ListResourcesForMembershipOptionsWithParentExternalId as Wl, DsyncGroupCreatedEventResponse as Wn, SerializedResetPasswordOptions as Wo, OrganizationDeletedResponse as Wr, CreateMagicAuthOptions as Ws, SerializedCreateOrganizationOptions as Wt, Directory as Wu, FeatureFlagsRuntimeClient as X, RuntimeClientOptions as Xa, GetProfileAndTokenOptions as Xc, VaultDataUpdatedEvent as Xi, AuthorizationCheckResult as Xl, DsyncGroupUserAddedEventResponse as Xn, PasswordResetEvent as Xo, OrganizationDomainUpdatedEventResponse as Xr, AuthenticationEvent as Xs, PutOptions as Xt, EventDirectoryResponse as Xu, ApiKeyRequiredException as Y, RuntimeClientLogger as Ya, SerializedListConnectionsOptions as Yc, VaultDataReadEventResponse as Yi, AuthorizationCheckOptionsWithResourceId as Yl, DsyncGroupUserAddedEvent as Yn, PasswordReset as Yo, OrganizationDomainUpdatedEvent as Yr, AuthenticationRadarRiskDetectedEventResponseData as Ys, UnprocessableEntityError as Yt, EventDirectory as Yu, CookieSession as Z, RemoveFlagTargetOptions as Za, GetProfileOptions as Zc, VaultDataUpdatedEventResponse as Zi, SerializedAuthorizationCheckOptions as Zl, DsyncGroupUserRemovedEvent as Zn, PasswordResetEventResponse as Zo, OrganizationDomainVerificationFailedEvent as Zr, AuthenticationEventResponse as Zs, PostOptions as Zt, HttpClient as Zu, CreateDataKeyOptions as _, VaultDataDeletedEventResponseData as _a, AuthenticateUserWithRefreshTokenCredentials as _c, PasswordResetSucceededEvent as _i, RoleResponse as _l, AuthenticationOAuthSucceededEvent as _n, OrganizationDomainVerificationFailed as _o, FlagUpdatedEvent as _r, OrganizationMembershipResponse as _s, CreatePasswordlessSessionOptions as _t, Permission as _u, ReadObjectOptions as a, VaultMetadataReadEventResponse as aa, AuthenticateWithSessionCookieFailureReason as ac, OrganizationMembershipUpdated as ai, DirectoryUser as al, ApiKeyRevokedEvent as an, AddFlagTargetOptions as ao, EmailVerificationCreatedEvent as ar, ListUsersOptions as as, CreateAuditLogEventRequestOptions as at, AuthorizationResourceResponse as au, ConfidentialClientOptions as b, VaultDataUpdatedEventData as ba, AuthenticateUserWithPasswordCredentials as bc, PermissionCreatedEventResponse as bi, RemoveRoleAssignmentOptions as bl, AuthenticationPasskeyFailedEventResponse as bn, OrganizationDomainResponse as bo, GroupCreatedEventResponse as br, SerializedListInvitationsOptions as bs, PasswordlessSessionResponse as bt, AddOrganizationRolePermissionOptions as bu, ObjectMetadata as c, VaultActor as ca, SessionCookieData as cc, OrganizationRoleCreatedEventResponse as ci, DirectoryUserWithGroupsResponse as cl, AuthenticationEmailVerificationSucceededEventResponse as cn, ValidateApiKeyResponse as co, EventBase as cr, ListSessionsOptions as cs, AuditLogSchema as ct, CreateOptionsWithParentResourceId as cu, VaultObject as d, VaultByokKeyProvider as da, User as dc, OrganizationRoleUpdatedEvent as di, OrganizationRoleEventResponse as dl, AuthenticationMagicAuthSucceededEvent as dn, SerializedCreatedApiKey as do, FlagCreatedEvent as dr, SerializedListOrganizationMembershipsOptions as ds, AuditLogTargetSchema as dt, UpdateAuthorizationResourceOptions as du, VaultDekReadEvent as ea, AuthenticateUserWithTotpCredentials as ec, RequestHeaders as ed, OrganizationDomainVerifiedEventResponse as ei, ConnectionResponse as el, ListResponse as en, FlagPollResponse as eo, DsyncUserCreatedEventResponse as er, MagicAuthEvent as es, CreateAuditLogSchemaResponse as et, UpdateAuthorizationResourceByExternalIdOptions as eu, DeleteObjectOptions as f, VaultByokKeyVerificationCompletedEventData as fa, UserResponse as fc, OrganizationRoleUpdatedEventResponse as fi, OrganizationRoleResponse as fl, AuthenticationMagicAuthSucceededEventResponse as fn, CreateOrganizationApiKeyOptions as fo, FlagCreatedEventResponse as fr, AuthorizationOrganizationMembership as fs, AuditLogExport as ft, ListPermissionsOptions as fu, DecryptDataKeyResponse as g, VaultDataDeletedEventData as ga, SerializedAuthenticateWithRefreshTokenPublicClientOptions as gc, PasswordResetCreatedEventResponse as gi, RoleList as gl, AuthenticationOAuthFailedEventResponse as gn, SerializedApiKey as go, FlagRuleUpdatedEventResponse as gr, OrganizationMembership as gs, SendSessionResponse as gt, SerializedCreatePermissionOptions as gu, DecryptDataKeyOptions as h, VaultDataCreatedEventResponseData as ha, AuthenticateWithRefreshTokenPublicClientOptions as hc, PasswordResetCreatedEvent as hi, RoleEventResponse as hl, AuthenticationOAuthFailedEvent as hn, ApiKey as ho, FlagRuleUpdatedEvent as hr, BaseOrganizationMembershipResponse as hs, SerializedAuditLogExportOptions as ht, CreatePermissionOptions as hu, ReadObjectMetadataResponse as i, VaultMetadataReadEvent as ia, AuthenticateWithSessionCookieFailedResponse as ic, CryptoProvider as id, OrganizationMembershipDeletedResponse as ii, DefaultCustomAttributes as il, ApiKeyCreatedEventResponse as in, EvaluationContext as io, DsyncUserUpdatedEventResponse as ir, Locale as is, CreateAuditLogEventOptions as it, AuthorizationResource as iu, IntentOptionsResponse as j, VaultNamesListedEventResponseData as ja, SerializedAuthenticateWithEmailVerificationOptions as jc, SessionCreatedEvent as ji, ListRoleAssignmentsForResourceByExternalIdOptions as jl, AuthenticationSSOSucceededEvent as jn, SerializedUpdateOrganizationMembershipOptions as jo, InvitationAcceptedEvent as jr, FactorWithSecretsResponse as js, ActionContext as jt, CreateEnvironmentRoleOptions as ju, GenerateLinkResponse as k, VaultMetadataReadEventResponseData as ka, AuthenticateUserWithEmailVerificationCredentials as kc, RoleUpdatedEvent as ki, BaseAssignRoleOptions as kl, AuthenticationSSOFailedEvent as kn, SerializedUpdateUserOptions as ko, GroupUpdatedEvent as kr, FactorResponse as ks, ResponsePayload as kt, SerializedUpdateEnvironmentRoleOptions as ku, ObjectUpdateBy as l, VaultActorResponse as la, AuthenticationResponse as lc, OrganizationRoleDeletedEvent as li, ListOrganizationRolesResponse as ll, AuthenticationMagicAuthFailedEvent as ln, ListOrganizationApiKeysOptions as lo, EventName as lr, SerializedListSessionsOptions as ls, AuditLogSchemaMetadata as lt, SerializedCreateAuthorizationResourceOptions as lu, CreateObjectOptions as m, VaultDataCreatedEventData as ma, ImpersonatorResponse as mc, OrganizationUpdatedResponse as mi, RoleEvent as ml, AuthenticationMfaSucceededEventResponse as mn, SerializedCreateOrganizationApiKeyOptions as mo, FlagDeletedEventResponse as mr, BaseOrganizationMembership as ms, AuditLogExportOptions as mt, UpdatePermissionOptions as mu, UpdateObjectEntity as n, VaultKekCreatedEvent as na, SerializedAuthenticateWithTotpOptions as nc, ResponseHeaderValue as nd, OrganizationMembershipCreatedResponse as ni, SSOAuthorizationURLOptions as nl, GenerateLinkIntent as nn, FeatureFlag as no, DsyncUserDeletedEventResponse as nr, MagicAuthResponse as ns, AuditLogActor as nt, ListAuthorizationResourcesOptions as nu, ReadObjectResponse as o, VaultNamesListedEvent as oa, AuthenticateWithSessionCookieOptions as oc, OrganizationMembershipUpdatedResponse as oi, DirectoryUserResponse as ol, ApiKeyRevokedEventResponse as on, SerializedValidateApiKeyResponse as oo, EmailVerificationCreatedEventResponse as or, SerializedListUsersOptions as os, SerializedCreateAuditLogEventOptions as ot, CreateAuthorizationResourceOptions as ou, CreateObjectEntity as p, VaultByokKeyVerificationCompletedEventResponseData as pa, Impersonator as pc, OrganizationUpdatedEvent as pi, Role as pl, AuthenticationMfaSucceededEvent as pn, CreateOrganizationApiKeyRequestOptions as po, FlagDeletedEvent as pr, AuthorizationOrganizationMembershipResponse as ps, AuditLogExportResponse as pt, SerializedUpdatePermissionOptions as pu, GenericServerException as q, SerializedAddGroupOrganizationMembershipOptions as qa, OauthTokensResponse as qc, VaultDataDeletedEventResponse as qi, AuthorizationCheckOptions as ql, DsyncGroupUpdatedEvent as qn, RefreshSessionFailureReason as qo, OrganizationDomainDeletedEvent as qr, UserManagementAuthorizationURLOptions as qs, WorkOSResponseError as qt, DirectoryStateResponse as qu, UpdateObjectOptions as r, VaultKekCreatedEventResponse as ra, AccessToken$1 as rc, ResponseHeaders as rd, OrganizationMembershipDeleted as ri, SSOPKCEAuthorizationURLResult as rl, ApiKeyCreatedEvent as rn, FeatureFlagResponse as ro, DsyncUserUpdatedEvent as rr, LogoutURLOptions as rs, AuditLogTarget as rt, SerializedListAuthorizationResourcesOptions as ru, ObjectDigest as s, VaultNamesListedEventResponse as sa, AuthenticateWithSessionCookieSuccessResponse as sc, OrganizationRoleCreatedEvent as si, DirectoryUserWithGroups as sl, AuthenticationEmailVerificationSucceededEvent as sn, ValidateApiKeyOptions as so, Event as sr, ListUserFeatureFlagsOptions as ss, AuditLogActorSchema as st, CreateOptionsWithParentExternalId as su, WorkOS as t, VaultDekReadEventResponse as ta, AuthenticateWithTotpOptions as tc, RequestOptions as td, OrganizationMembershipCreated as ti, ConnectionType as tl, GetOptions as tn, FlagTarget as to, DsyncUserDeletedEvent as tr, MagicAuthEventResponse as ts, SerializedCreateAuditLogSchemaOptions as tt, GetAuthorizationResourceByExternalIdOptions as tu, ObjectVersion as u, VaultActorSource as ua, AuthenticationResponseResponse as uc, OrganizationRoleDeletedEventResponse as ui, OrganizationRoleEvent as ul, AuthenticationMagicAuthFailedEventResponse as un, CreatedApiKey as uo, EventResponse as ur, ListOrganizationMembershipsOptions as us, AuditLogSchemaResponse as ut, SerializedUpdateAuthorizationResourceOptions as uu, CreateDataKeyResponse as v, VaultDataReadEventData as va, AuthenticateWithRefreshTokenOptions as vc, PasswordResetSucceededEventResponse as vi, ListEffectivePermissionsByExternalIdOptions as vl, AuthenticationOAuthSucceededEventResponse as vn, OrganizationDomainVerificationFailedResponse as vo, FlagUpdatedEventResponse as vr, OrganizationMembershipStatus as vs, SerializedCreatePasswordlessSessionOptions as vt, PermissionResponse as vu, PublicWorkOS as w, VaultDekReadEventData as wa, AuthenticateWithOrganizationSelectionOptions as wc, PermissionUpdatedEventResponse as wi, RemoveRoleOptionsWithResourceId as wl, AuthenticationPasswordFailedEventResponse as wn, SerializedCreateOrganizationDomainOptions as wo, GroupMemberAddedEventResponse as wr, InvitationEvent as ws, PKCE as wt, CreateOrganizationRoleOptions as wu, PublicClientOptions as x, VaultDataUpdatedEventResponseData as xa, AuthenticateWithPasswordOptions as xc, PermissionDeletedEvent as xi, BaseRemoveRoleOptions as xl, AuthenticationPasskeySucceededEvent as xn, OrganizationDomainState as xo, GroupDeletedEvent as xr, ListGroupsForOrganizationMembershipOptions as xs, ListEventOptions as xt, SetOrganizationRolePermissionsOptions as xu, WorkOSWorker as y, VaultDataReadEventResponseData as ya, SerializedAuthenticateWithRefreshTokenOptions as yc, PermissionCreatedEvent as yi, ListEffectivePermissionsOptions as yl, AuthenticationPasskeyFailedEvent as yn, OrganizationDomain as yo, GroupCreatedEvent as yr, ListInvitationsOptions as ys, PasswordlessSession as yt, RemoveOrganizationRolePermissionOptions as yu, NotFoundException as z, ListGroupOrganizationMembershipsOptions as za, SerializedAuthenticatePublicClientBase as zc, UserDeletedEventResponse as zi, RoleAssignmentResponse as zl, DsyncActivatedEvent as zn, SerializedSendInvitationOptions as zo, MagicAuthCreatedEvent as zr, SerializedCreateUserOptions as zs, OrganizationResponse as zt, ListDirectoriesOptions as zu };
-//# sourceMappingURL=workos-DS8Htvr7.d.cts.map
+export { ReadObjectMetadataResponse as $, PermissionDeletedEvent as $a, AuthenticationRadarRiskDetectedEventResponseData as $c, PaginationOptions as $d, GroupDeletedEvent as $i, WithResolvedClientId as $l, UserConsentOptionChoiceResponse as $n, SerializedCreateGroupOptions as $o, AuthenticationPasskeySucceededEvent as $r, ResendInvitationOptions as $s, RadarStandaloneResponseVerdict as $t, ListMembershipsForResourceByExternalIdOptions as $u, ApiKeyRequiredException as A, OrganizationDomainVerificationFailedEventResponse as Aa, ListAuthFactorsOptions as Ac, PermissionResponse as Ad, DsyncGroupUserRemovedEventResponse as Ai, AuthenticateWithRefreshTokenOptions as Al, ConnectApplicationResponse as An, VaultDekDecryptedEvent as Ao, PatchOptions as Ar, OrganizationDomainVerificationStrategy as As, AuditLogExport as At, ListEffectivePermissionsByExternalIdOptions as Au, ObjectSummaryResponse as B, OrganizationRoleCreatedEventResponse as Ba, EmailVerificationEventResponse as Bc, SetEnvironmentRolePermissionsOptions as Bd, EventBase as Bi, SerializedAuthenticateWithMagicAuthOptions as Bl, GetApplicationOptions as Bn, DataKey as Bo, AuthenticationEmailVerificationSucceededEventResponse as Br, UpdateOrganizationMembershipOptions as Bs, FactorWithSecretsResponse as Bt, AssignRoleOptionsWithResourceId as Bu, BadRequestException as C, OrganizationDomainCreatedEvent as Ca, BaseOrganizationMembershipResponse as Cc, UpdateAuthorizationResourceOptions as Cd, DsyncGroupDeletedEvent as Ci, User as Cl, ApplicationCredentialsListItem as Cn, VaultDataCreatedEventResponse as Co, DomainData as Cr, ApiKey as Cs, CreateAuditLogEventRequestOptions as Ct, OrganizationRoleEventResponse as Cu, isAuthenticationErrorData as D, OrganizationDomainUpdatedEvent as Da, ListInvitationsOptions as Dc, CreatePermissionOptions as Dd, DsyncGroupUserAddedEvent as Di, AuthenticateWithRefreshTokenPublicClientOptions as Dl, ConnectApplicationM2MResponse as Dn, VaultDataReadEventResponse as Do, UnprocessableEntityError as Dr, OrganizationDomain as Ds, AuditLogSchemaMetadata as Dt, RoleEventResponse as Du, AuthenticationException as E, OrganizationDomainDeletedEventResponse as Ea, OrganizationMembershipStatus as Ec, UpdatePermissionOptions as Ed, DsyncGroupUpdatedEventResponse as Ei, ImpersonatorResponse as El, ConnectApplicationM2M as En, VaultDataReadEvent as Eo, WorkOSOptions as Er, OrganizationDomainVerificationFailedResponse as Es, AuditLogSchema as Et, RoleEvent as Eu, UpdateWebhookEndpointEvents as F, OrganizationMembershipDeleted as Fa, Identity as Fc, UpdateOrganizationRoleOptions as Fd, DsyncUserUpdatedEvent as Fi, AuthenticateUserWithOrganizationSelectionCredentials as Fl, DeleteClientSecretOptions as Fn, VaultKekCreatedEventResponse as Fo, ApiKeyCreatedEvent as Fr, SerializedUpdateUserPasswordOptions as Fs, VerifyResponseResponse as Ft, RemoveRoleOptionsWithResourceExternalId as Fu, ObjectMetadata as G, OrganizationUpdatedEvent as Ga, SerializedCreatePasswordResetOptions as Gc, EnvironmentRole as Gd, FlagDeletedEvent as Gi, SerializedAuthenticateWithCodeAndVerifierOptions as Gl, CreateOAuthApplicationResponse as Gn, RemoveGroupOrganizationMembershipOptions as Go, AuthenticationMfaSucceededEvent as Gr, SendVerificationEmailOptions as Gs, ChallengeResponse as Gt, SerializedListRoleAssignmentsForResourceOptions as Gu, ObjectVersionResponse as H, OrganizationRoleDeletedEventResponse as Ha, CreateUserOptions as Hc, UpdateEnvironmentRoleOptions as Hd, EventResponse as Hi, AuthenticateWithEmailVerificationOptions as Hl, CreateM2MApplication as Hn, KeyContext as Ho, AuthenticationMagicAuthFailedEventResponse as Hr, Session as Hs, SmsResponse as Ht, SerializedAssignRoleOptions as Hu, UpdateWebhookEndpointStatus as I, OrganizationMembershipDeletedResponse as Ia, EnrollAuthFactorOptions as Ic, CreateOrganizationRoleOptions as Id, DsyncUserUpdatedEventResponse as Ii, AuthenticateWithOrganizationSelectionOptions as Il, CreateApplicationClientSecretOptions as In, VaultMetadataReadEvent as Io, ApiKeyCreatedEventResponse as Ir, UpdateUserPasswordOptions as Is, VerifyChallengeOptions as It, RemoveRoleOptionsWithResourceId as Iu, ActorResponse as J, PasswordResetCreatedEventResponse as Ja, CreateMagicAuthOptions as Jc, EnvironmentRoleResponse as Jd, FlagRuleUpdatedEventResponse as Ji, SerializedAuthenticateWithCodeOptions as Jl, ListApplicationsOptions as Jn, Group as Jo, AuthenticationOAuthFailedEventResponse as Jr, RevokeSessionOptions as Js, RadarListEntryAlreadyPresentResponseWire as Jt, RoleAssignment as Ju, ObjectMetadataResponse as K, OrganizationUpdatedResponse as Ka, CreateOrganizationMembershipOptions as Kc, EnvironmentRoleList as Kd, FlagDeletedEventResponse as Ki, AuthenticateUserWithCodeCredentials as Kl, RedirectUriInput as Kn, ListGroupsOptions as Ko, AuthenticationMfaSucceededEventResponse as Kr, SendInvitationOptions as Ks, ChallengeFactorOptions as Kt, ListRoleAssignmentsOptions as Ku, CreateWebhookEndpointEvents as L, OrganizationMembershipUpdated as La, SerializedEnrollUserInMfaFactorOptions as Lc, SerializedCreateOrganizationRoleOptions as Ld, EmailVerificationCreatedEvent as Li, SerializedAuthenticateWithOrganizationSelectionOptions as Ll, ListApplicationClientSecretsOptions as Ln, VaultMetadataReadEventResponse as Lo, ApiKeyRevokedEvent as Lr, SerializedUpdateUserOptions as Ls, Factor as Lt, SerializedRemoveRoleOptions as Lu, WebhookEndpoint as M, OrganizationDomainVerifiedEventResponse as Ma, InvitationEvent as Mc, AddOrganizationRolePermissionOptions as Md, DsyncUserCreatedEventResponse as Mi, AuthenticateUserWithPasswordCredentials as Ml, ConnectApplicationRedirectUriResponse as Mn, VaultDekReadEvent as Mo, ListResponse as Mr, SerializedCreateOrganizationDomainOptions as Ms, AuditLogExportOptions as Mt, RemoveRoleAssignmentOptions as Mu, WebhookEndpointResponse as N, OrganizationMembershipCreated as Na, InvitationEventResponse as Nc, SetOrganizationRolePermissionsOptions as Nd, DsyncUserDeletedEvent as Ni, AuthenticateWithPasswordOptions as Nl, ExternalAuthCompleteResponse as Nn, VaultDekReadEventResponse as No, GetOptions as Nr, SerializedVerifyEmailOptions as Ns, SerializedAuditLogExportOptions as Nt, BaseRemoveRoleOptions as Nu, GenericServerException as O, OrganizationDomainUpdatedEventResponse as Oa, SerializedListInvitationsOptions as Oc, SerializedCreatePermissionOptions as Od, DsyncGroupUserAddedEventResponse as Oi, SerializedAuthenticateWithRefreshTokenPublicClientOptions as Ol, ConnectApplicationOAuth as On, VaultDataUpdatedEvent as Oo, PutOptions as Or, OrganizationDomainResponse as Os, AuditLogSchemaResponse as Ot, RoleList as Ou, WebhookEndpointStatus as P, OrganizationMembershipCreatedResponse as Pa, InvitationResponse as Pc, SerializedUpdateOrganizationRoleOptions as Pd, DsyncUserDeletedEventResponse as Pi, SerializedAuthenticateWithPasswordOptions as Pl, ExternalAuthCompleteResponseWire as Pn, VaultKekCreatedEvent as Po, GenerateLinkIntent as Pr, VerifyEmailOptions as Ps, VerifyResponse as Pt, RemoveRoleOptions as Pu, UpdateObjectOptions as Q, PermissionCreatedEventResponse as Qa, AuthenticationRadarRiskDetectedEventData as Qc, SerializedListDirectoriesOptions as Qd, GroupCreatedEventResponse as Qi, SerializedAuthenticateWithOptionsBase as Ql, UserConsentOptionChoice as Qn, CreateGroupOptions as Qo, AuthenticationPasskeyFailedEventResponse as Qr, SerializedResetPasswordOptions as Qs, RadarStandaloneResponseControl as Qt, RoleAssignmentRole as Qu, WorkOS as R, OrganizationMembershipUpdatedResponse as Ra, EmailVerification as Rc, OrganizationRole as Rd, EmailVerificationCreatedEventResponse as Ri, AuthenticateUserWithMagicAuthCredentials as Rl, DeleteApplicationOptions as Rn, VaultNamesListedEvent as Ro, ApiKeyRevokedEventResponse as Rr, UpdateUserOptions as Rs, FactorResponse as Rt, AssignRoleOptions as Ru, ConflictException as S, OrganizationDeletedResponse as Sa, BaseOrganizationMembership as Sc, SerializedUpdateAuthorizationResourceOptions as Sd, DsyncGroupCreatedEventResponse as Si, AuthenticationResponseResponse as Sl, NewConnectApplicationSecretResponse as Sn, VaultDataCreatedEvent as So, SerializedCreateOrganizationOptions as Sr, SerializedCreateOrganizationApiKeyOptions as Ss, CreateAuditLogEventOptions as St, OrganizationRoleEvent as Su, AuthenticationErrorData as T, OrganizationDomainDeletedEvent as Ta, OrganizationMembershipResponse as Tc, SerializedUpdatePermissionOptions as Td, DsyncGroupUpdatedEvent as Ti, Impersonator as Tl, ConnectApplication as Tn, VaultDataDeletedEventResponse as To, WorkOSResponseError as Tr, OrganizationDomainVerificationFailed as Ts, AuditLogActorSchema as Tt, Role as Tu, VaultObject as U, OrganizationRoleUpdatedEvent as Ua, SerializedCreateUserOptions as Uc, CreateEnvironmentRoleOptions as Ud, FlagCreatedEvent as Ui, SerializedAuthenticateWithEmailVerificationOptions as Ul, CreateM2MApplicationResponse as Un, SerializedUpdateGroupOptions as Uo, AuthenticationMagicAuthSucceededEvent as Ur, SessionResponse as Us, EnrollFactorOptions as Ut, ListRoleAssignmentsForResourceByExternalIdOptions as Uu, ObjectVersion as V, OrganizationRoleDeletedEvent as Va, EmailVerificationResponse as Vc, SerializedUpdateEnvironmentRoleOptions as Vd, EventName as Vi, AuthenticateUserWithEmailVerificationCredentials as Vl, CreateApplicationOptions as Vn, DataKeyPair as Vo, AuthenticationMagicAuthFailedEvent as Vr, AuthMethod as Vs, Sms as Vt, BaseAssignRoleOptions as Vu, VaultObjectResponse as W, OrganizationRoleUpdatedEventResponse as Wa, CreatePasswordResetOptions as Wc, SerializedCreateEnvironmentRoleOptions as Wd, FlagCreatedEventResponse as Wi, AuthenticateWithCodeAndVerifierOptions as Wl, CreateOAuthApplication as Wn, UpdateGroupOptions as Wo, AuthenticationMagicAuthSucceededEventResponse as Wr, SessionStatus as Ws, Challenge as Wt, ListRoleAssignmentsForResourceOptions as Wu, CreateDataKeyResponseWire as X, PasswordResetSucceededEventResponse as Xa, PKCEAuthorizationURLResult as Xc, ListDirectoryGroupsOptions as Xd, FlagUpdatedEventResponse as Xi, AuthenticateWithSessionOptions as Xl, UserConsentOption as Xn, GetGroupOptions as Xo, AuthenticationOAuthSucceededEventResponse as Xr, serializeRevokeSessionOptions as Xs, RadarStandaloneResponseWire as Xt, RoleAssignmentResourceResponse as Xu, CreateDataKeyResponse as Y, PasswordResetSucceededEvent as Ya, SerializedCreateMagicAuthOptions as Yc, ListDirectoryUsersOptions as Yd, FlagUpdatedEvent as Yi, AuthenticateWithOptionsBase as Yl, CompleteOAuth2Options as Yn, GroupResponse as Yo, AuthenticationOAuthSucceededEvent as Yr, SerializedRevokeSessionOptions as Ys, RadarStandaloneResponse as Yt, RoleAssignmentResource as Yu, UpdateObjectEntity as Z, PermissionCreatedEvent as Za, UserManagementAuthorizationURLOptions as Zc, ListDirectoriesOptions as Zd, GroupCreatedEvent as Zi, SerializedAuthenticatePublicClientBase as Zl, UserConsentOptionResponse as Zn, DeleteGroupOptions as Zo, AuthenticationPasskeyFailedEvent as Zr, ResetPasswordOptions as Zs, RadarStandaloneResponseBlocklistType as Zt, RoleAssignmentResponse as Zu, SignatureVerificationException as _, MagicAuthCreatedEvent as _a, SerializedListSessionsOptions as _c, AuthorizationResourceResponse as _d, DsyncActivatedEvent as _i, AuthenticateWithSessionCookieOptions as _l, PasswordlessSession as _n, UserDeletedEventResponse as _o, OrganizationResponse as _r, ListOrganizationApiKeysOptions as _s, CreateAuditLogSchemaRequestOptions as _t, DirectoryUser as _u, PublicWorkOS as a, GroupMemberRemovedEvent as aa, PasswordResetEventResponse as ac, AuthorizationCheckOptions as ad, DirectoryStateResponse as af, AuthenticationRadarRiskDetectedEvent as ai, TotpResponse as al, GetAccessTokenOptions as an, RoleDeletedEvent as ao, Actions as ar, RemoveFlagTargetOptions as as, DecryptDataKeyResponse as at, OauthTokensResponse as au, NotFoundException as b, OrganizationCreatedResponse as ba, AuthorizationOrganizationMembership as bc, CreateOptionsWithParentResourceId as bd, DsyncDeletedEventResponse as bi, UserManagementAccessToken as bl, SerializedListEventOptions as bn, VaultByokKeyVerificationCompletedEvent as bo, CreateOrganizationOptions as br, CreateOrganizationApiKeyOptions as bs, AuditLogActor as bt, DirectoryUserWithGroupsResponse as bu, PortalLinkResponseWire as c, GroupUpdatedEventResponse as ca, MagicAuthEvent as cc, AuthorizationCheckResult as cd, EventDirectoryResponse as cf, AuthenticationSSOFailedEventResponse as ci, AuthenticationEvent as cl, SerializedGetAccessTokenFailureResponse as cn, RoleUpdatedEventResponse as co, UserRegistrationActionResponseData as cr, FlagPollResponse as cs, GetTokenResponse as ct, GetProfileAndTokenOptions as cu, IntentOptions as d, InvitationCreatedEvent as da, LogoutURLOptions as dc, DeleteAuthorizationResourceByExternalIdOptions as dd, HttpClientResponseInterface as df, ConnectionActivatedEvent as di, AuthenticationEventSsoResponse as dl, SerializedGetAccessTokenSuccessResponse as dn, SessionRevokedEvent as do, UserData as dr, FeatureFlagResponse as ds, WidgetScope as dt, ConnectionDomain as du, GroupDeletedEventResponse as ea, SerializedResendInvitationOptions as ec, ListMembershipsForResourceOptions as ed, DirectoryGroup as ef, AuthenticationPasskeySucceededEventResponse as ei, AuthenticationFactor as el, RadarListAction as en, PermissionDeletedEventResponse as eo, UserObject as er, AddGroupOrganizationMembershipOptions as es, ReadObjectOptions as et, ProfileAndToken as eu, IntentOptionsResponse as f, InvitationCreatedEventResponse as fa, Locale as fc, UpdateAuthorizationResourceByExternalIdOptions as fd, RequestHeaders as ff, ConnectionActivatedEventResponse as fi, AuthenticateUserWithTotpCredentials as fl, AccessToken as fn, SessionRevokedEventResponse as fo, UserDataPayload as fr, EvaluationContext as fs, deserializeGetTokenResponse as ft, ConnectionResponse as fu, UnauthorizedException as g, InvitationRevokedEventResponse as ga, ListSessionsOptions as gc, AuthorizationResource as gd, CryptoProvider as gf, ConnectionDeletedEventResponse as gi, AuthenticateWithSessionCookieFailureReason as gl, SerializedCreatePasswordlessSessionOptions as gn, UserDeletedEvent as go, Organization as gr, ValidateApiKeyResponse as gs, CreateAuditLogSchemaOptions as gt, DefaultCustomAttributes as gu, UnprocessableEntityException as h, InvitationRevokedEvent as ha, ListUserFeatureFlagsOptions as hc, SerializedListAuthorizationResourcesOptions as hd, ResponseHeaders as hf, ConnectionDeletedEvent as hi, AuthenticateWithSessionCookieFailedResponse as hl, CreatePasswordlessSessionOptions as hn, UserCreatedEventResponse as ho, UpdateOrganizationOptions as hr, ValidateApiKeyOptions as hs, CookieSession as ht, SSOPKCEAuthorizationURLResult as hu, PublicUserManagement as i, GroupMemberEventResponseData as ia, PasswordResetEvent as ic, SerializedListResourcesForMembershipOptions as id, DirectoryState as if, AuthenticationPasswordSucceededEventResponse as ii, Totp as il, GetAccessTokenFailureResponse as in, RoleCreatedEventResponse as io, PKCEPair as ir, RuntimeClientOptions as is, DecryptDataKeyOptions as it, OauthTokens as iu, Webhooks as j, OrganizationDomainVerifiedEvent as ja, Invitation as jc, RemoveOrganizationRolePermissionOptions as jd, DsyncUserCreatedEvent as ji, SerializedAuthenticateWithRefreshTokenOptions as jl, ConnectApplicationRedirectUri as jn, VaultDekDecryptedEventResponse as jo, List as jr, CreateOrganizationDomainOptions as js, AuditLogExportResponse as jt, ListEffectivePermissionsOptions as ju, WorkOSErrorData as k, OrganizationDomainVerificationFailedEvent as ka, ListGroupsForOrganizationMembershipOptions as kc, Permission as kd, DsyncGroupUserRemovedEvent as ki, AuthenticateUserWithRefreshTokenCredentials as kl, ConnectApplicationOAuthResponse as kn, VaultDataUpdatedEventResponse as ko, PostOptions as kr, OrganizationDomainState as ks, AuditLogTargetSchema as kt, RoleResponse as ku, GenerateLink as l, InvitationAcceptedEvent as la, MagicAuthEventResponse as lc, SerializedAuthorizationCheckOptions as ld, HttpClient as lf, AuthenticationSSOSucceededEvent as li, AuthenticationEventResponse as ll, SerializedGetAccessTokenOptions as ln, SessionCreatedEvent as lo, ActionContext as lr, FlagTarget as ls, GetTokenResponseResponse as lt, GetProfileOptions as lu, SSOIntentOptionsResponse as m, InvitationResentEventResponse as ma, SerializedListUsersOptions as mc, ListAuthorizationResourcesOptions as md, ResponseHeaderValue as mf, ConnectionDeactivatedEventResponse as mi, SerializedAuthenticateWithTotpOptions as ml, SendSessionResponse as mn, UserCreatedEvent as mo, SerializedUpdateOrganizationOptions as mr, SerializedValidateApiKeyResponse as ms, FeatureFlagsRuntimeClient as mt, SSOAuthorizationURLOptions as mu, PublicClientOptions as n, GroupMemberAddedEventResponse as na, RefreshSessionResponse as nc, ListResourcesForMembershipOptionsWithParentExternalId as nd, Directory as nf, AuthenticationPasswordFailedEventResponse as ni, AuthenticationFactorWithSecrets as nl, RadarStandaloneAssessRequestAction as nn, PermissionUpdatedEventResponse as no, AutoPaginatable as nr, RuntimeClientStats as ns, CreateObjectEntity as nt, Profile as nu, createWorkOS as o, GroupMemberRemovedEventResponse as oa, PasswordResetResponse as oc, AuthorizationCheckOptionsWithResourceExternalId as od, DirectoryType as of, AuthenticationRadarRiskDetectedEventResponse as oi, TotpWithSecrets as ol, GetAccessTokenResponse as on, RoleDeletedEventResponse as oo, AuthenticationActionResponseData as or, ListFeatureFlagsOptions as os, CreateDataKeyOptions as ot, ListConnectionsOptions as ou, SSOIntentOptions as p, InvitationResentEvent as pa, ListUsersOptions as pc, GetAuthorizationResourceByExternalIdOptions as pd, RequestOptions as pf, ConnectionDeactivatedEvent as pi, AuthenticateWithTotpOptions as pl, SerializedAccessToken as pn, UnknownEvent as po, UserRegistrationActionPayload as pr, AddFlagTargetOptions as ps, serializeGetTokenOptions as pt, ConnectionType as pu, Actor as q, PasswordResetCreatedEvent as qa, SerializedCreateOrganizationMembershipOptions as qc, EnvironmentRoleListResponse as qd, FlagRuleUpdatedEvent as qi, AuthenticateWithCodeOptions as ql, RedirectUriInputResponse as qn, ListGroupOrganizationMembershipsOptions as qo, AuthenticationOAuthFailedEvent as qr, SerializedSendInvitationOptions as qs, RadarListEntryAlreadyPresentResponse as qt, SerializedListRoleAssignmentsOptions as qu, PublicSSO as r, GroupMemberEventData as ra, PasswordReset as rc, ListResourcesForMembershipOptionsWithParentId as rd, DirectoryResponse as rf, AuthenticationPasswordSucceededEvent as ri, AuthenticationFactorWithSecretsResponse as rl, RadarStandaloneAssessRequestAuthMethod as rn, RoleCreatedEvent as ro, PKCE as rr, RuntimeClientLogger as rs, CreateObjectOptions as rt, ProfileResponse as ru, PortalLinkResponse as s, GroupUpdatedEvent as sa, MagicAuth as sc, AuthorizationCheckOptionsWithResourceId as sd, EventDirectory as sf, AuthenticationSSOFailedEvent as si, TotpWithSecretsResponse as sl, GetAccessTokenSuccessResponse as sn, RoleUpdatedEvent as so, ResponsePayload as sr, FlagPollEntry as ss, GetTokenOptions as st, SerializedListConnectionsOptions as su, ConfidentialClientOptions as t, GroupMemberAddedEvent as ta, RefreshSessionFailureReason as tc, ListResourcesForMembershipOptions as td, DirectoryGroupResponse as tf, AuthenticationPasswordFailedEvent as ti, AuthenticationFactorResponse as tl, RadarListType as tn, PermissionUpdatedEvent as to, UserObjectResponse as tr, SerializedAddGroupOrganizationMembershipOptions as ts, ReadObjectResponse as tt, ProfileAndTokenResponse as tu, GenerateLinkResponse as u, InvitationAcceptedEventResponse as ua, MagicAuthResponse as uc, DeleteAuthorizationResourceOptions as ud, HttpClientInterface as uf, AuthenticationSSOSucceededEventResponse as ui, AuthenticationEventSso as ul, SerializedGetAccessTokenResponse as un, SessionCreatedEventResponse as uo, ActionPayload as ur, FeatureFlag as us, SerializedGetTokenOptions as ut, Connection as uu, RateLimitExceededException as v, MagicAuthCreatedEventResponse as va, ListOrganizationMembershipsOptions as vc, CreateAuthorizationResourceOptions as vd, DsyncActivatedEventResponse as vi, AuthenticateWithSessionCookieSuccessResponse as vl, PasswordlessSessionResponse as vn, UserUpdatedEvent as vo, ListOrganizationsOptions as vr, CreatedApiKey as vs, CreateAuditLogSchemaResponse as vt, DirectoryUserResponse as vu, AuthenticationErrorCode as w, OrganizationDomainCreatedEventResponse as wa, OrganizationMembership as wc, ListPermissionsOptions as wd, DsyncGroupDeletedEventResponse as wi, UserResponse as wl, ApplicationCredentialsListItemResponse as wn, VaultDataDeletedEvent as wo, DomainDataState as wr, SerializedApiKey as ws, SerializedCreateAuditLogEventOptions as wt, OrganizationRoleResponse as wu, NoApiKeyProvidedException as x, OrganizationDeletedEvent as xa, AuthorizationOrganizationMembershipResponse as xc, SerializedCreateAuthorizationResourceOptions as xd, DsyncGroupCreatedEvent as xi, AuthenticationResponse as xl, NewConnectApplicationSecret as xn, VaultByokKeyVerificationCompletedEventResponse as xo, CreateOrganizationRequestOptions as xr, CreateOrganizationApiKeyRequestOptions as xs, AuditLogTarget as xt, ListOrganizationRolesResponse as xu, OauthException as y, OrganizationCreatedEvent as ya, SerializedListOrganizationMembershipsOptions as yc, CreateOptionsWithParentExternalId as yd, DsyncDeletedEvent as yi, SessionCookieData as yl, ListEventOptions as yn, UserUpdatedEventResponse as yo, ListOrganizationFeatureFlagsOptions as yr, SerializedCreatedApiKey as ys, SerializedCreateAuditLogSchemaOptions as yt, DirectoryUserWithGroups as yu, ObjectSummary as z, OrganizationRoleCreatedEvent as za, EmailVerificationEvent as zc, AddEnvironmentRolePermissionOptions as zd, Event as zi, AuthenticateWithMagicAuthOptions as zl, UpdateApplicationOptions as zn, VaultNamesListedEventResponse as zo, AuthenticationEmailVerificationSucceededEvent as zr, SerializedUpdateOrganizationMembershipOptions as zs, FactorWithSecrets as zt, AssignRoleOptionsWithResourceExternalId as zu };
+//# sourceMappingURL=factory-awA8SmsZ.d.mts.map