@workos-inc/node 9.3.1 → 10.0.0

package/lib/{factory-B2N5WzoO.mjs → factory-fIHNXxrd.mjs}

@@ -732,6 +732,43 @@ const deserializeAuthenticationEvent = (authenticationEvent) => ({
 	userId: authenticationEvent.user_id
 });
 //#endregion
+//#region src/multi-factor-auth/serializers/totp.serializer.ts
+const deserializeTotp = (totp) => {
+	return {
+		issuer: totp.issuer,
+		user: totp.user
+	};
+};
+const deserializeTotpWithSecrets = (totp) => {
+	return {
+		issuer: totp.issuer,
+		user: totp.user,
+		qrCode: totp.qr_code,
+		secret: totp.secret,
+		uri: totp.uri
+	};
+};
+//#endregion
+//#region src/user-management/serializers/authentication-factor.serializer.ts
+const deserializeFactor$1 = (factor) => ({
+	object: factor.object,
+	id: factor.id,
+	createdAt: factor.created_at,
+	updatedAt: factor.updated_at,
+	type: factor.type,
+	totp: deserializeTotp(factor.totp),
+	userId: factor.user_id
+});
+const deserializeFactorWithSecrets$1 = (factor) => ({
+	object: factor.object,
+	id: factor.id,
+	createdAt: factor.created_at,
+	updatedAt: factor.updated_at,
+	type: factor.type,
+	totp: deserializeTotpWithSecrets(factor.totp),
+	userId: factor.user_id
+});
+//#endregion
 //#region src/user-management/serializers/oauth-tokens.serializer.ts
 const deserializeOauthTokens = (oauthTokens) => oauthTokens ? {
 	accessToken: oauthTokens.access_token,
@@ -810,43 +847,6 @@ const serializeEnrollAuthFactorOptions = (options) => ({
 	totp_secret: options.totpSecret
 });
 //#endregion
-//#region src/multi-factor-auth/serializers/totp.serializer.ts
-const deserializeTotp = (totp) => {
-	return {
-		issuer: totp.issuer,
-		user: totp.user
-	};
-};
-const deserializeTotpWithSecrets = (totp) => {
-	return {
-		issuer: totp.issuer,
-		user: totp.user,
-		qrCode: totp.qr_code,
-		secret: totp.secret,
-		uri: totp.uri
-	};
-};
-//#endregion
-//#region src/user-management/serializers/factor.serializer.ts
-const deserializeFactor$1 = (factor) => ({
-	object: factor.object,
-	id: factor.id,
-	createdAt: factor.created_at,
-	updatedAt: factor.updated_at,
-	type: factor.type,
-	totp: deserializeTotp(factor.totp),
-	userId: factor.user_id
-});
-const deserializeFactorWithSecrets$1 = (factor) => ({
-	object: factor.object,
-	id: factor.id,
-	createdAt: factor.created_at,
-	updatedAt: factor.updated_at,
-	type: factor.type,
-	totp: deserializeTotpWithSecrets(factor.totp),
-	userId: factor.user_id
-});
-//#endregion
 //#region src/user-management/serializers/invitation.serializer.ts
 const deserializeInvitation = (invitation) => ({
 	object: invitation.object,
@@ -1082,6 +1082,47 @@ var Actions = class {
 	}
 };
 //#endregion
+//#region src/common/utils/pagination.ts
+var AutoPaginatable = class {
+	list;
+	apiCall;
+	object = "list";
+	options;
+	constructor(list, apiCall, options) {
+		this.list = list;
+		this.apiCall = apiCall;
+		this.options = options ?? {};
+	}
+	get data() {
+		return this.list.data;
+	}
+	get listMetadata() {
+		return this.list.listMetadata;
+	}
+	async *generatePages(params) {
+		const result = await this.apiCall({
+			...this.options,
+			limit: 100,
+			after: params.after
+		});
+		yield result.data;
+		if (result.listMetadata.after) {
+			await new Promise((resolve) => setTimeout(resolve, 350));
+			yield* this.generatePages({ after: result.listMetadata.after });
+		}
+	}
+	/**
+	* Automatically paginates over the list of results, returning the complete data set.
+	* Returns the first result if `options.limit` is passed to the first request.
+	*/
+	async autoPagination() {
+		if (this.options.limit) return this.data;
+		const results = [];
+		for await (const page of this.generatePages({ after: this.options.after })) results.push(...page);
+		return results;
+	}
+};
+//#endregion
 //#region src/directory-sync/serializers/directory-group.serializer.ts
 const deserializeDirectoryGroup = (directoryGroup) => ({
 	id: directoryGroup.id,
@@ -1362,30 +1403,30 @@ const deserializeFeatureFlag = (featureFlag) => ({
 	updatedAt: featureFlag.updated_at
 });
 //#endregion
-//#region src/groups/serializers/add-group-organization-membership-options.serializer.ts
-const serializeAddGroupOrganizationMembershipOptions = (options) => ({ organization_membership_id: options.organizationMembershipId });
-//#endregion
-//#region src/groups/serializers/create-group-options.serializer.ts
-const serializeCreateGroupOptions = (options) => ({
-	name: options.name,
-	description: options.description
+//#region src/groups/serializers/create-group.serializer.ts
+const serializeCreateGroup = (model) => ({
+	name: model.name,
+	description: model.description ?? null
 });
 //#endregion
+//#region src/groups/serializers/create-group-membership.serializer.ts
+const serializeCreateGroupMembership = (model) => ({ organization_membership_id: model.organizationMembershipId });
+//#endregion
 //#region src/groups/serializers/group.serializer.ts
-const deserializeGroup = (group) => ({
-	object: group.object,
-	id: group.id,
-	organizationId: group.organization_id,
-	name: group.name,
-	description: group.description,
-	createdAt: group.created_at,
-	updatedAt: group.updated_at
-});
-//#endregion
-//#region src/groups/serializers/update-group-options.serializer.ts
-const serializeUpdateGroupOptions = (options) => ({
-	name: options.name,
-	description: options.description
+const deserializeGroup = (response) => ({
+	object: response.object,
+	id: response.id,
+	organizationId: response.organization_id,
+	name: response.name,
+	description: response.description ?? null,
+	createdAt: new Date(response.created_at),
+	updatedAt: new Date(response.updated_at)
+});
+//#endregion
+//#region src/groups/serializers/update-group.serializer.ts
+const serializeUpdateGroup = (model) => ({
+	name: model.name,
+	description: model.description ?? null
 });
 //#endregion
 //#region src/vault/serializers/vault-event.serializer.ts
@@ -1712,15 +1753,122 @@ const serializePaginationOptions = (options) => ({
 	...options.order && { order: options.order }
 });
 //#endregion
+//#region src/common/utils/fetch-and-deserialize.ts
+const setDefaultOptions = (options) => {
+	return {
+		...options,
+		order: options?.order || "desc"
+	};
+};
+const fetchAndDeserialize = async (workos, endpoint, deserializeFn, options, requestOptions) => {
+	const { data } = await workos.get(endpoint, {
+		query: setDefaultOptions(options),
+		...requestOptions
+	});
+	return deserializeList(data, deserializeFn);
+};
+//#endregion
+//#region src/webhooks/serializers/webhook-endpoint.serializer.ts
+const deserializeWebhookEndpoint = (response) => ({
+	object: response.object,
+	id: response.id,
+	endpointUrl: response.endpoint_url,
+	secret: response.secret,
+	status: response.status,
+	events: response.events,
+	createdAt: new Date(response.created_at),
+	updatedAt: new Date(response.updated_at)
+});
+//#endregion
+//#region src/webhooks/serializers/create-webhook-endpoint.serializer.ts
+const serializeCreateWebhookEndpoint = (model) => ({
+	endpoint_url: model.endpointUrl,
+	events: model.events
+});
+//#endregion
+//#region src/webhooks/serializers/update-webhook-endpoint.serializer.ts
+const serializeUpdateWebhookEndpoint = (model) => ({
+	endpoint_url: model.endpointUrl,
+	status: model.status,
+	events: model.events
+});
+//#endregion
 //#region src/webhooks/webhooks.ts
-function parseVerifiedPayload(payload) {
-	if (typeof payload === "object" && !isBinaryPayload(payload)) return payload;
-	return JSON.parse(decodePayloadToString(payload));
-}
 var Webhooks = class {
-	signatureProvider;
-	constructor(cryptoProvider) {
-		this.signatureProvider = new SignatureProvider(cryptoProvider);
+	workos;
+	constructor(workos) {
+		this.workos = workos;
+	}
+	/**
+	* List Webhook Endpoints
+	*
+	* Get a list of all of your existing webhook endpoints.
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<WebhookEndpoint, PaginationOptions>>}
+	*/
+	async listWebhookEndpoints(options) {
+		const paginationOptions = options;
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, "/webhook_endpoints", deserializeWebhookEndpoint, paginationOptions), (params) => fetchAndDeserialize(this.workos, "/webhook_endpoints", deserializeWebhookEndpoint, params), paginationOptions);
+	}
+	/**
+	* Create a Webhook Endpoint
+	*
+	* Create a new webhook endpoint to receive event notifications.
+	* @param options - Object containing endpointUrl, events.
+	* @param options.endpointUrl - The HTTPS URL where webhooks will be sent.
+	* @example "https://example.com/webhooks"
+	* @param options.events - The events that the Webhook Endpoint is subscribed to.
+	* @example ["user.created","dsync.user.created"]
+	* @returns {Promise<WebhookEndpoint>}
+	* @throws {ConflictException} 409
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async createWebhookEndpoint(options) {
+		const payload = options;
+		const { data } = await this.workos.post("/webhook_endpoints", serializeCreateWebhookEndpoint(payload));
+		return deserializeWebhookEndpoint(data);
+	}
+	/**
+	* Update a Webhook Endpoint
+	*
+	* Update the properties of an existing webhook endpoint.
+	* @param options - The request body.
+	* @param options.id - Unique identifier of the Webhook Endpoint.
+	* @example "we_0123456789"
+	* @param options.endpointUrl - The HTTPS URL where webhooks will be sent.
+	* @example "https://example.com/webhooks"
+	* @param options.status - Whether the Webhook Endpoint is enabled or disabled.
+	* @example "enabled"
+	* @param options.events - The events that the Webhook Endpoint is subscribed to.
+	* @example ["user.created","dsync.user.created"]
+	* @returns {Promise<WebhookEndpoint>}
+	* @throws {NotFoundException} 404
+	* @throws {ConflictException} 409
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async updateWebhookEndpoint(options) {
+		const { id, ...payload } = options;
+		const { data } = await this.workos.patch(`/webhook_endpoints/${encodeURIComponent(id)}`, serializeUpdateWebhookEndpoint(payload));
+		return deserializeWebhookEndpoint(data);
+	}
+	/**
+	* Delete a Webhook Endpoint
+	*
+	* Delete an existing webhook endpoint.
+	* @param options - The request options.
+	* @param options.id - Unique identifier of the Webhook Endpoint.
+	* @example "we_0123456789"
+	* @returns {Promise<void>}
+	* @throws {NotFoundException} 404
+	*/
+	async deleteWebhookEndpoint(options) {
+		const { id } = options;
+		await this.workos.delete(`/webhook_endpoints/${encodeURIComponent(id)}`);
+	}
+	_signatureProvider;
+	get signatureProvider() {
+		if (!this._signatureProvider) this._signatureProvider = new SignatureProvider(this.workos.getCryptoProvider());
+		return this._signatureProvider;
 	}
 	get verifyHeader() {
 		return this.signatureProvider.verifyHeader.bind(this.signatureProvider);
@@ -1739,7 +1887,11 @@ var Webhooks = class {
 			tolerance
 		};
 		await this.verifyHeader(options);
-		return deserializeEvent(parseVerifiedPayload(payload));
+		return deserializeEvent(this.parseVerifiedPayload(payload));
+	}
+	parseVerifiedPayload(payload) {
+		if (typeof payload === "object" && !isBinaryPayload(payload)) return payload;
+		return JSON.parse(decodePayloadToString(payload));
 	}
 };
 //#endregion
@@ -1793,47 +1945,6 @@ var PKCE = class {
 	}
 };
 //#endregion
-//#region src/common/utils/pagination.ts
-var AutoPaginatable = class {
-	list;
-	apiCall;
-	object = "list";
-	options;
-	constructor(list, apiCall, options) {
-		this.list = list;
-		this.apiCall = apiCall;
-		this.options = options ?? {};
-	}
-	get data() {
-		return this.list.data;
-	}
-	get listMetadata() {
-		return this.list.listMetadata;
-	}
-	async *generatePages(params) {
-		const result = await this.apiCall({
-			...this.options,
-			limit: 100,
-			after: params.after
-		});
-		yield result.data;
-		if (result.listMetadata.after) {
-			await new Promise((resolve) => setTimeout(resolve, 350));
-			yield* this.generatePages({ after: result.listMetadata.after });
-		}
-	}
-	/**
-	* Automatically paginates over the list of results, returning the complete data set.
-	* Returns the first result if `options.limit` is passed to the first request.
-	*/
-	async autoPagination() {
-		if (this.options.limit) return this.data;
-		const results = [];
-		for await (const page of this.generatePages({ after: this.options.after })) results.push(...page);
-		return results;
-	}
-};
-//#endregion
 //#region src/api-keys/serializers/create-organization-api-key-options.serializer.ts
 function serializeCreateOrganizationApiKeyOptions(options) {
 	return {
@@ -1863,21 +1974,6 @@ function deserializeValidateApiKeyResponse(response) {
 	return { apiKey: response.api_key ? deserializeApiKey(response.api_key) : null };
 }
 //#endregion
-//#region src/common/utils/fetch-and-deserialize.ts
-const setDefaultOptions = (options) => {
-	return {
-		...options,
-		order: options?.order || "desc"
-	};
-};
-const fetchAndDeserialize = async (workos, endpoint, deserializeFn, options, requestOptions) => {
-	const { data } = await workos.get(endpoint, {
-		query: setDefaultOptions(options),
-		...requestOptions
-	});
-	return deserializeList(data, deserializeFn);
-};
-//#endregion
 //#region src/api-keys/api-keys.ts
 var ApiKeys = class {
 	workos;
@@ -1950,6 +2046,359 @@ var ApiKeys = class {
 	}
 };
 //#endregion
+//#region src/connect/serializers/external-auth-complete-response.serializer.ts
+const deserializeExternalAuthCompleteResponse = (response) => ({ redirectUri: response.redirect_uri });
+//#endregion
+//#region src/connect/serializers/connect-application-redirect-uri.serializer.ts
+const deserializeConnectApplicationRedirectUri = (response) => ({
+	uri: response.uri,
+	default: response.default
+});
+//#endregion
+//#region src/connect/serializers/connect-application.serializer.ts
+const deserializeConnectApplication = (response) => {
+	switch (response.application_type) {
+		case "oauth": return {
+			object: response.object,
+			id: response.id,
+			clientId: response.client_id,
+			description: response.description,
+			name: response.name,
+			scopes: response.scopes,
+			createdAt: new Date(response.created_at),
+			updatedAt: new Date(response.updated_at),
+			applicationType: "oauth",
+			redirectUris: response.redirect_uris.map(deserializeConnectApplicationRedirectUri),
+			usesPkce: response.uses_pkce,
+			isFirstParty: response.is_first_party,
+			wasDynamicallyRegistered: response.was_dynamically_registered,
+			organizationId: response.organization_id
+		};
+		case "m2m": return {
+			object: response.object,
+			id: response.id,
+			clientId: response.client_id,
+			description: response.description,
+			name: response.name,
+			scopes: response.scopes,
+			createdAt: new Date(response.created_at),
+			updatedAt: new Date(response.updated_at),
+			applicationType: "m2m",
+			organizationId: response.organization_id
+		};
+		default: throw new Error(`Unknown application_type: ${response.application_type}`);
+	}
+};
+//#endregion
+//#region src/connect/serializers/application-credentials-list-item.serializer.ts
+const deserializeApplicationCredentialsListItem = (response) => ({
+	object: response.object,
+	id: response.id,
+	secretHint: response.secret_hint,
+	lastUsedAt: response.last_used_at != null ? new Date(response.last_used_at) : null,
+	createdAt: new Date(response.created_at),
+	updatedAt: new Date(response.updated_at)
+});
+//#endregion
+//#region src/connect/serializers/new-connect-application-secret.serializer.ts
+const deserializeNewConnectApplicationSecret = (response) => ({
+	object: response.object,
+	id: response.id,
+	secretHint: response.secret_hint,
+	lastUsedAt: response.last_used_at != null ? new Date(response.last_used_at) : null,
+	createdAt: new Date(response.created_at),
+	updatedAt: new Date(response.updated_at),
+	secret: response.secret
+});
+//#endregion
+//#region src/connect/serializers/user-object.serializer.ts
+const serializeUserObject = (model) => ({
+	id: model.id,
+	email: model.email,
+	first_name: model.firstName,
+	last_name: model.lastName,
+	metadata: model.metadata
+});
+//#endregion
+//#region src/connect/serializers/user-consent-option-choice.serializer.ts
+const serializeUserConsentOptionChoice = (model) => ({
+	value: model.value,
+	label: model.label
+});
+//#endregion
+//#region src/connect/serializers/user-consent-option.serializer.ts
+const serializeUserConsentOption = (model) => ({
+	claim: model.claim,
+	type: model.type,
+	label: model.label,
+	choices: model.choices.map(serializeUserConsentOptionChoice)
+});
+//#endregion
+//#region src/connect/serializers/user-management-login-request.serializer.ts
+const serializeUserManagementLoginRequest = (model) => ({
+	external_auth_id: model.externalAuthId,
+	user: serializeUserObject(model.user),
+	user_consent_options: model.userConsentOptions != null ? model.userConsentOptions.map(serializeUserConsentOption) : void 0
+});
+//#endregion
+//#region src/connect/serializers/redirect-uri-input.serializer.ts
+const serializeRedirectUriInput = (model) => ({
+	uri: model.uri,
+	default: model.default ?? null
+});
+//#endregion
+//#region src/connect/serializers/create-oauth-application.serializer.ts
+const serializeCreateOAuthApplication = (model) => ({
+	name: model.name,
+	application_type: model.applicationType,
+	description: model.description ?? null,
+	scopes: model.scopes ?? null,
+	redirect_uris: model.redirectUris != null ? model.redirectUris.map(serializeRedirectUriInput) : null,
+	uses_pkce: model.usesPkce ?? null,
+	is_first_party: model.isFirstParty,
+	organization_id: model.organizationId ?? null
+});
+//#endregion
+//#region src/connect/serializers/create-m2m-application.serializer.ts
+const serializeCreateM2MApplication = (model) => ({
+	name: model.name,
+	application_type: model.applicationType,
+	description: model.description ?? null,
+	scopes: model.scopes ?? null,
+	organization_id: model.organizationId
+});
+//#endregion
+//#region src/connect/serializers/update-oauth-application.serializer.ts
+const serializeUpdateOAuthApplication = (model) => ({
+	name: model.name,
+	description: model.description ?? null,
+	scopes: model.scopes ?? null,
+	redirect_uris: model.redirectUris != null ? model.redirectUris.map(serializeRedirectUriInput) : null
+});
+//#endregion
+//#region src/connect/serializers/create-application-secret.serializer.ts
+const serializeCreateApplicationSecret = (_model) => ({});
+//#endregion
+//#region src/connect/connect.ts
+const serializeListApplicationsOptions = (options) => {
+	const wire = {
+		limit: options.limit,
+		before: options.before,
+		after: options.after,
+		order: options.order
+	};
+	if (options.organizationId !== void 0) wire.organization_id = options.organizationId;
+	return wire;
+};
+var Connect = class {
+	workos;
+	constructor(workos) {
+		this.workos = workos;
+	}
+	/**
+	* Complete external authentication
+	*
+	* Completes an external authentication flow and returns control to AuthKit. This endpoint is used with [Standalone Connect](https://workos.com/docs/authkit/connect/standalone) to bridge your existing authentication system with the Connect OAuth API infrastructure.
+	*
+	* After successfully authenticating a user in your application, calling this endpoint will:
+	*
+	* - Create or update the user in AuthKit, using the given `id` as its `external_id`.
+	* - Return a `redirect_uri` your application should redirect to in order for AuthKit to complete the flow
+	*
+	* Users are automatically created or updated based on the `id` and `email` provided. If a user with the same `id` exists, their information is updated. Otherwise, a new user is created.
+	*
+	* If you provide a new `id` with an `email` that already belongs to an existing user, the request will fail with an error as email addresses are unique to a user.
+	* @param options - Object containing externalAuthId, user.
+	* @param options.externalAuthId - Identifier provided when AuthKit redirected to your login page.
+	* @example "ext_auth_01HXYZ123456789ABCDEFGHIJ"
+	* @param options.user - The user to create or update in AuthKit.
+	* @param options.userConsentOptions - Array of [User Consent Options](https://workos.com/docs/reference/workos-connect/standalone/user-consent-options) to store with the session.
+	* @returns {Promise<ExternalAuthCompleteResponse>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async completeOAuth2(options) {
+		const payload = options;
+		const { data } = await this.workos.post("/authkit/oauth2/complete", serializeUserManagementLoginRequest(payload));
+		return deserializeExternalAuthCompleteResponse(data);
+	}
+	/**
+	* List Connect Applications
+	*
+	* List all Connect Applications in the current environment with optional filtering.
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<ConnectApplication, ListApplicationsOptions>>}
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async listApplications(options) {
+		const paginationOptions = options;
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, "/connect/applications", deserializeConnectApplication, options ? serializeListApplicationsOptions(options) : void 0), (params) => fetchAndDeserialize(this.workos, "/connect/applications", deserializeConnectApplication, params), paginationOptions);
+	}
+	/**
+	* Create a Connect Application
+	*
+	* Create a new Connect Application. Supports both OAuth and Machine-to-Machine (M2M) application types.
+	* @param options - The request body.
+	* @returns {Promise<ConnectApplication>}
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async createApplication(options) {
+		const payload = options;
+		const { data } = await this.workos.post("/connect/applications", (() => {
+			switch (payload.applicationType) {
+				case "oauth": return serializeCreateOAuthApplication(payload);
+				case "m2m": return serializeCreateM2MApplication(payload);
+				default: throw new Error(`Unknown applicationType: ${payload.applicationType}`);
+			}
+		})());
+		return deserializeConnectApplication(data);
+	}
+	/**
+	* Create oauth application.
+	* @param name - The name of the application.
+	* @param isFirstParty - Whether this is a first-party application. Third-party applications require an organization_id.
+	* @param description - A description for the application.
+	* @param scopes - The OAuth scopes granted to the application.
+	* @param redirectUris - Redirect URIs for the application.
+	* @param usesPkce - Whether the application uses PKCE (Proof Key for Code Exchange).
+	* @param organizationId - The organization ID this application belongs to. Required when is_first_party is false.
+	* @returns {Promise<ConnectApplication>}
+	*/
+	async createOAuthApplication(name, isFirstParty, description, scopes, redirectUris, usesPkce, organizationId) {
+		const body = {
+			application_type: "oauth",
+			name,
+			is_first_party: isFirstParty
+		};
+		if (description !== void 0) body.description = description;
+		if (scopes !== void 0) body.scopes = scopes;
+		if (redirectUris !== void 0) body.redirect_uris = redirectUris;
+		if (usesPkce !== void 0) body.uses_pkce = usesPkce;
+		if (organizationId !== void 0) body.organization_id = organizationId;
+		const { data } = await this.workos.post("/connect/applications", body);
+		return deserializeConnectApplication(data);
+	}
+	/**
+	* Create m2m application.
+	* @param name - The name of the application.
+	* @param organizationId - The organization ID this application belongs to.
+	* @param description - A description for the application.
+	* @param scopes - The OAuth scopes granted to the application.
+	* @returns {Promise<ConnectApplication>}
+	*/
+	async createM2MApplication(name, organizationId, description, scopes) {
+		const body = {
+			application_type: "m2m",
+			name,
+			organization_id: organizationId
+		};
+		if (description !== void 0) body.description = description;
+		if (scopes !== void 0) body.scopes = scopes;
+		const { data } = await this.workos.post("/connect/applications", body);
+		return deserializeConnectApplication(data);
+	}
+	/**
+	* Get a Connect Application
+	*
+	* Retrieve details for a specific Connect Application by ID or client ID.
+	* @param options - The request options.
+	* @param options.id - The application ID or client ID of the Connect Application.
+	* @example "conn_app_01HXYZ123456789ABCDEFGHIJ"
+	* @returns {Promise<ConnectApplication>}
+	* @throws {NotFoundException} 404
+	*/
+	async getApplication(options) {
+		const { id } = options;
+		const { data } = await this.workos.get(`/connect/applications/${encodeURIComponent(id)}`);
+		return deserializeConnectApplication(data);
+	}
+	/**
+	* Update a Connect Application
+	*
+	* Update an existing Connect Application. For OAuth applications, you can update redirect URIs. For all applications, you can update the name, description, and scopes.
+	* @param options - The request body.
+	* @param options.id - The application ID or client ID of the Connect Application.
+	* @example "conn_app_01HXYZ123456789ABCDEFGHIJ"
+	* @param options.name - The name of the application.
+	* @example "My Application"
+	* @param options.description - A description for the application.
+	* @example "An application for managing user access"
+	* @param options.scopes - The OAuth scopes granted to the application.
+	* @example ["openid","profile","email"]
+	* @param options.redirectUris - Updated redirect URIs for the application. OAuth applications only.
+	* @example [{"uri":"https://example.com/callback","default":true}]
+	* @returns {Promise<ConnectApplication>}
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async updateApplication(options) {
+		const { id, ...payload } = options;
+		const { data } = await this.workos.put(`/connect/applications/${encodeURIComponent(id)}`, serializeUpdateOAuthApplication(payload));
+		return deserializeConnectApplication(data);
+	}
+	/**
+	* Delete a Connect Application
+	*
+	* Delete an existing Connect Application.
+	* @param options - The request options.
+	* @param options.id - The application ID or client ID of the Connect Application.
+	* @example "conn_app_01HXYZ123456789ABCDEFGHIJ"
+	* @returns {Promise<void>}
+	* @throws {NotFoundException} 404
+	*/
+	async deleteApplication(options) {
+		const { id } = options;
+		await this.workos.delete(`/connect/applications/${encodeURIComponent(id)}`);
+	}
+	/**
+	* List Client Secrets for a Connect Application
+	*
+	* List all client secrets associated with a Connect Application.
+	* @param options - The request options.
+	* @param options.id - The application ID or client ID of the Connect Application.
+	* @example "conn_app_01HXYZ123456789ABCDEFGHIJ"
+	* @returns {Promise<ApplicationCredentialsListItem[]>}
+	* @throws {NotFoundException} 404
+	*/
+	async listApplicationClientSecrets(options) {
+		const { id } = options;
+		const { data } = await this.workos.get(`/connect/applications/${encodeURIComponent(id)}/client_secrets`);
+		return data.map(deserializeApplicationCredentialsListItem);
+	}
+	/**
+	* Create a new client secret for a Connect Application
+	*
+	* Create new secrets for a Connect Application.
+	* @param options - The request body.
+	* @param options.id - The application ID or client ID of the Connect Application.
+	* @example "conn_app_01HXYZ123456789ABCDEFGHIJ"
+	* @returns {Promise<NewConnectApplicationSecret>}
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async createApplicationClientSecret(options) {
+		const { id, ...payload } = options;
+		const { data } = await this.workos.post(`/connect/applications/${encodeURIComponent(id)}/client_secrets`, serializeCreateApplicationSecret(payload));
+		return deserializeNewConnectApplicationSecret(data);
+	}
+	/**
+	* Delete a Client Secret
+	*
+	* Delete (revoke) an existing client secret.
+	* @param options - The request options.
+	* @param options.id - The unique ID of the client secret.
+	* @example "secret_01J9Q2Z3X4Y5W6V7U8T9S0R1Q"
+	* @returns {Promise<void>}
+	* @throws {NotFoundException} 404
+	*/
+	async deleteClientSecret(options) {
+		const { id } = options;
+		await this.workos.delete(`/connect/client_secrets/${encodeURIComponent(id)}`);
+	}
+};
+//#endregion
 //#region src/directory-sync/directory-sync.ts
 var DirectorySync = class {
 	workos;
@@ -2321,15 +2770,136 @@ function deserializeGetAccessTokenResponse(response) {
 	};
 }
 //#endregion
-//#region src/pipes/pipes.ts
-var Pipes = class {
+//#region src/pipes/pipes.ts
+var Pipes = class {
+	workos;
+	constructor(workos) {
+		this.workos = workos;
+	}
+	async getAccessToken({ provider, ...options }) {
+		const { data } = await this.workos.post(`data-integrations/${provider}/token`, serializeGetAccessTokenOptions(options));
+		return deserializeGetAccessTokenResponse(data);
+	}
+};
+//#endregion
+//#region src/radar/serializers/radar-standalone-response.serializer.ts
+const deserializeRadarStandaloneResponse = (response) => ({
+	verdict: response.verdict,
+	reason: response.reason,
+	attemptId: response.attempt_id,
+	control: response.control,
+	blocklistType: response.blocklist_type
+});
+//#endregion
+//#region src/radar/serializers/radar-list-entry-already-present-response.serializer.ts
+const deserializeRadarListEntryAlreadyPresentResponse = (response) => ({ message: response.message });
+//#endregion
+//#region src/radar/serializers/radar-standalone-assess-request.serializer.ts
+const serializeRadarStandaloneAssessRequest = (model) => ({
+	ip_address: model.ipAddress,
+	user_agent: model.userAgent,
+	email: model.email,
+	auth_method: model.authMethod,
+	action: model.action
+});
+//#endregion
+//#region src/radar/serializers/radar-standalone-update-radar-attempt-request.serializer.ts
+const serializeRadarStandaloneUpdateRadarAttemptRequest = (model) => ({
+	challenge_status: model.challengeStatus,
+	attempt_status: model.attemptStatus
+});
+//#endregion
+//#region src/radar/serializers/radar-standalone-update-radar-list-request.serializer.ts
+const serializeRadarStandaloneUpdateRadarListRequest = (model) => ({ entry: model.entry });
+//#endregion
+//#region src/radar/serializers/radar-standalone-delete-radar-list-entry-request.serializer.ts
+const serializeRadarStandaloneDeleteRadarListEntryRequest = (model) => ({ entry: model.entry });
+//#endregion
+//#region src/radar/radar.ts
+var Radar = class {
 	workos;
 	constructor(workos) {
 		this.workos = workos;
 	}
-	async getAccessToken({ provider, ...options }) {
-		const { data } = await this.workos.post(`data-integrations/${provider}/token`, serializeGetAccessTokenOptions(options));
-		return deserializeGetAccessTokenResponse(data);
+	/**
+	* Create an attempt
+	*
+	* Assess a request for risk using the Radar engine and receive a verdict.
+	* @param options - Object containing ipAddress, userAgent, email, authMethod, action.
+	* @param options.ipAddress - The IP address of the request to assess.
+	* @example "49.78.240.97"
+	* @param options.userAgent - The user agent string of the request to assess.
+	* @example "Mozilla/5.0"
+	* @param options.email - The email address of the user making the request.
+	* @example "user@example.com"
+	* @param options.authMethod - The authentication method being used.
+	* @example "Password"
+	* @param options.action - The action being performed.
+	* @example "sign-in"
+	* @returns {Promise<RadarStandaloneResponse>}
+	* @throws {BadRequestException} 400
+	*/
+	async createAttempt(options) {
+		const payload = options;
+		const { data } = await this.workos.post("/radar/attempts", serializeRadarStandaloneAssessRequest(payload));
+		return deserializeRadarStandaloneResponse(data);
+	}
+	/**
+	* Update a Radar attempt
+	*
+	* You may optionally inform Radar that an authentication attempt or challenge was successful using this endpoint. Some Radar controls depend on tracking recent successful attempts, such as impossible travel.
+	* @param options - The request body.
+	* @param options.id - The unique identifier of the Radar attempt to update.
+	* @example "radar_att_01HZBC6N1EB1ZY7KG32X"
+	* @param options.challengeStatus - Set to `"success"` to mark the challenge as completed.
+	* @example "success"
+	* @param options.attemptStatus - Set to `"success"` to mark the authentication attempt as successful.
+	* @example "success"
+	* @returns {Promise<void>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	*/
+	async updateAttempt(options) {
+		const { id, ...payload } = options;
+		await this.workos.put(`/radar/attempts/${encodeURIComponent(id)}`, serializeRadarStandaloneUpdateRadarAttemptRequest(payload));
+	}
+	/**
+	* Add an entry to a Radar list
+	*
+	* Add an entry to a Radar list.
+	* @param options - Object containing entry.
+	* @param options.type - The type of the Radar list (e.g. ip_address, domain, email).
+	* @example "ip_address"
+	* @param options.action - The list action indicating whether to add the entry to the allow or block list.
+	* @example "block"
+	* @param options.entry - The value to add to the list. Must match the format of the list type (e.g. a valid IP address for `ip_address`, a valid email for `email`).
+	* @example "198.51.100.42"
+	* @returns {Promise<RadarListEntryAlreadyPresentResponse>}
+	* @throws {BadRequestException} 400
+	*/
+	async addListEntry(options) {
+		const { type, action, ...payload } = options;
+		const { data } = await this.workos.post(`/radar/lists/${encodeURIComponent(type)}/${encodeURIComponent(action)}`, serializeRadarStandaloneUpdateRadarListRequest(payload));
+		return deserializeRadarListEntryAlreadyPresentResponse(data);
+	}
+	/**
+	* Remove an entry from a Radar list
+	*
+	* Remove an entry from a Radar list.
+	* @param options - Object containing entry.
+	* @param options.type - The type of the Radar list (e.g. ip_address, domain, email).
+	* @example "ip_address"
+	* @param options.action - The list action indicating whether to remove the entry from the allow or block list.
+	* @example "block"
+	* @param options.entry - The value to remove from the list. Must match an existing entry.
+	* @example "198.51.100.42"
+	* @returns {Promise<void>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	*/
+	async removeListEntry(options) {
+		const { type, action, ...payload } = options;
+		await this.workos.deleteWithBody(`/radar/lists/${encodeURIComponent(type)}/${encodeURIComponent(action)}`, serializeRadarStandaloneDeleteRadarListEntryRequest(payload));
 	}
 };
 //#endregion
@@ -3421,13 +3991,13 @@ var CookieSession = class {
 			authenticated: false,
 			reason: "invalid_session_cookie"
 		};
-		const { org_id: organizationIdFromAccessToken } = decodeJwt(session.accessToken);
+		const { org_id: organizationIdFromUserManagementAccessToken } = decodeJwt(session.accessToken);
 		try {
 			const cookiePassword = options.cookiePassword ?? this.cookiePassword;
 			const authenticationResponse = await this.userManagement.authenticateWithRefreshToken({
 				clientId: this.userManagement.clientId,
 				refreshToken: session.refreshToken,
-				organizationId: options.organizationId ?? organizationIdFromAccessToken,
+				organizationId: options.organizationId ?? organizationIdFromUserManagementAccessToken,
 				session: {
 					sealSession: true,
 					cookiePassword
@@ -4618,42 +5188,160 @@ var Groups = class {
 	constructor(workos) {
 		this.workos = workos;
 	}
-	async createGroup(options) {
-		const { organizationId, ...payload } = options;
-		const { data } = await this.workos.post(`/organizations/${organizationId}/groups`, serializeCreateGroupOptions(payload));
-		return deserializeGroup(data);
+	/**
+	* List Group members
+	*
+	* Get a list of organization memberships in a group.
+	* @param options - Pagination and filter options.
+	* @param options.organizationId - Unique identifier of the Organization.
+	* @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+	* @param options.groupId - Unique identifier of the Group.
+	* @example "group_01HXYZ123456789ABCDEFGHIJ"
+	* @returns {Promise<AutoPaginatable<AuthorizationOrganizationMembership>>}
+	* @throws {AuthorizationException} 403
+	* @throws {NotFoundException} 404
+	*/
+	async listOrganizationMemberships(options) {
+		const { organizationId, groupId, ...paginationOptions } = options;
+		const endpoint = `/organizations/${encodeURIComponent(organizationId)}/groups/${encodeURIComponent(groupId)}/organization-memberships`;
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, endpoint, deserializeAuthorizationOrganizationMembership, paginationOptions), (params) => fetchAndDeserialize(this.workos, endpoint, deserializeAuthorizationOrganizationMembership, params), paginationOptions);
 	}
+	/**
+	* List groups
+	*
+	* Get a paginated list of groups within an organization.
+	* @param options - Pagination and filter options.
+	* @param options.organizationId - The ID of the organization.
+	* @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+	* @returns {Promise<AutoPaginatable<Group, PaginationOptions>>}
+	* @throws {AuthorizationException} 403
+	* @throws {NotFoundException} 404
+	*/
 	async listGroups(options) {
 		const { organizationId, ...paginationOptions } = options;
-		return new AutoPaginatable(await fetchAndDeserialize(this.workos, `/organizations/${organizationId}/groups`, deserializeGroup, paginationOptions), (params) => fetchAndDeserialize(this.workos, `/organizations/${organizationId}/groups`, deserializeGroup, params), paginationOptions);
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, `/organizations/${encodeURIComponent(organizationId)}/groups`, deserializeGroup, paginationOptions), (params) => fetchAndDeserialize(this.workos, `/organizations/${encodeURIComponent(organizationId)}/groups`, deserializeGroup, params), paginationOptions);
+	}
+	/**
+	* Create a group
+	*
+	* Create a new group within an organization.
+	* @param options - Object containing name.
+	* @param options.organizationId - The ID of the organization.
+	* @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+	* @param options.name - The name of the Group.
+	* @example "Engineering"
+	* @param options.description - An optional description of the Group.
+	* @example "The engineering team"
+	* @returns {Promise<Group>}
+	* @throws {BadRequestException} 400
+	* @throws {AuthorizationException} 403
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async createGroup(options) {
+		const { organizationId, ...payload } = options;
+		const { data } = await this.workos.post(`/organizations/${encodeURIComponent(organizationId)}/groups`, serializeCreateGroup(payload));
+		return deserializeGroup(data);
 	}
+	/**
+	* Get a group
+	*
+	* Retrieve a group by its ID within an organization.
+	* @param options - The request options.
+	* @param options.organizationId - The ID of the organization.
+	* @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+	* @param options.groupId - The ID of the group.
+	* @example "group_01HXYZ123456789ABCDEFGHIJ"
+	* @returns {Promise<Group>}
+	* @throws {AuthorizationException} 403
+	* @throws {NotFoundException} 404
+	*/
 	async getGroup(options) {
 		const { organizationId, groupId } = options;
-		const { data } = await this.workos.get(`/organizations/${organizationId}/groups/${groupId}`);
+		const { data } = await this.workos.get(`/organizations/${encodeURIComponent(organizationId)}/groups/${encodeURIComponent(groupId)}`);
 		return deserializeGroup(data);
 	}
+	/**
+	* Update a group
+	*
+	* Update an existing group. Only the fields provided in the request body will be updated.
+	* @param options - The request body.
+	* @param options.organizationId - The ID of the organization.
+	* @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+	* @param options.groupId - The ID of the group.
+	* @example "group_01HXYZ123456789ABCDEFGHIJ"
+	* @param options.name - The name of the Group.
+	* @example "Engineering"
+	* @param options.description - An optional description of the Group.
+	* @example "The engineering team"
+	* @returns {Promise<Group>}
+	* @throws {BadRequestException} 400
+	* @throws {AuthorizationException} 403
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async updateGroup(options) {
 		const { organizationId, groupId, ...payload } = options;
-		const { data } = await this.workos.patch(`/organizations/${organizationId}/groups/${groupId}`, serializeUpdateGroupOptions(payload));
+		const { data } = await this.workos.patch(`/organizations/${encodeURIComponent(organizationId)}/groups/${encodeURIComponent(groupId)}`, serializeUpdateGroup(payload));
 		return deserializeGroup(data);
 	}
+	/**
+	* Delete a group
+	*
+	* Delete a group from an organization.
+	* @param options - The request options.
+	* @param options.organizationId - The ID of the organization.
+	* @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+	* @param options.groupId - The ID of the group.
+	* @example "group_01HXYZ123456789ABCDEFGHIJ"
+	* @returns {Promise<void>}
+	* @throws {AuthorizationException} 403
+	* @throws {NotFoundException} 404
+	*/
 	async deleteGroup(options) {
 		const { organizationId, groupId } = options;
-		await this.workos.delete(`/organizations/${organizationId}/groups/${groupId}`);
+		await this.workos.delete(`/organizations/${encodeURIComponent(organizationId)}/groups/${encodeURIComponent(groupId)}`);
 	}
+	/**
+	* Add a member to a Group
+	*
+	* Add an organization membership to a group.
+	* @param options - Object containing organizationMembershipId.
+	* @param options.organizationId - Unique identifier of the Organization.
+	* @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+	* @param options.groupId - Unique identifier of the Group.
+	* @example "group_01HXYZ123456789ABCDEFGHIJ"
+	* @param options.organizationMembershipId - The ID of the Organization Membership to add to the group.
+	* @example "om_01HXYZ123456789ABCDEFGHIJ"
+	* @returns {Promise<Group>}
+	* @throws {BadRequestException} 400
+	* @throws {AuthorizationException} 403
+	* @throws {NotFoundException} 404
+	* @throws {UnprocessableEntityException} 422
+	*/
 	async addOrganizationMembership(options) {
 		const { organizationId, groupId, ...payload } = options;
-		const { data } = await this.workos.post(`/organizations/${organizationId}/groups/${groupId}/organization-memberships`, serializeAddGroupOrganizationMembershipOptions(payload));
+		const { data } = await this.workos.post(`/organizations/${encodeURIComponent(organizationId)}/groups/${encodeURIComponent(groupId)}/organization-memberships`, serializeCreateGroupMembership(payload));
 		return deserializeGroup(data);
 	}
-	async listOrganizationMemberships(options) {
-		const { organizationId, groupId, ...paginationOptions } = options;
-		const endpoint = `/organizations/${organizationId}/groups/${groupId}/organization-memberships`;
-		return new AutoPaginatable(await fetchAndDeserialize(this.workos, endpoint, deserializeAuthorizationOrganizationMembership, paginationOptions), (params) => fetchAndDeserialize(this.workos, endpoint, deserializeAuthorizationOrganizationMembership, params), paginationOptions);
-	}
+	/**
+	* Remove a member from a Group
+	*
+	* Remove an organization membership from a group.
+	* @param options - The request options.
+	* @param options.organizationId - Unique identifier of the Organization.
+	* @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+	* @param options.groupId - Unique identifier of the Group.
+	* @example "group_01HXYZ123456789ABCDEFGHIJ"
+	* @param options.omId - Unique identifier of the Organization Membership.
+	* @example "om_01HXYZ123456789ABCDEFGHIJ"
+	* @returns {Promise<void>}
+	* @throws {AuthorizationException} 403
+	* @throws {NotFoundException} 404
+	*/
 	async removeOrganizationMembership(options) {
 		const { organizationId, groupId, organizationMembershipId } = options;
-		await this.workos.delete(`/organizations/${organizationId}/groups/${groupId}/organization-memberships/${organizationMembershipId}`);
+		await this.workos.delete(`/organizations/${encodeURIComponent(organizationId)}/groups/${encodeURIComponent(groupId)}/organization-memberships/${encodeURIComponent(organizationMembershipId)}`);
 	}
 };
 //#endregion
@@ -4790,7 +5478,6 @@ const serializeListAuthorizationResourcesOptions = (options) => ({
 	...options.parentResourceId && { parent_resource_id: options.parentResourceId },
 	...options.parentResourceTypeSlug && { parent_resource_type_slug: options.parentResourceTypeSlug },
 	...options.parentExternalId && { parent_external_id: options.parentExternalId },
-	...options.search && { search: options.search },
 	...serializePaginationOptions(options)
 });
 //#endregion
@@ -5738,6 +6425,105 @@ function hasContinuationBit(byte) {
 	return (byte & CONTINUATION_BIT) !== 0;
 }
 //#endregion
+//#region src/vault/serializers/create-data-key-response.serializer.ts
+const deserializeCreateDataKeyResponse = (response) => ({
+	context: response.context,
+	dataKey: response.data_key,
+	encryptedKeys: response.encrypted_keys,
+	id: response.id
+});
+//#endregion
+//#region src/vault/serializers/decrypt-response.serializer.ts
+const deserializeDecryptResponse = (response) => ({
+	dataKey: response.data_key,
+	id: response.id
+});
+//#endregion
+//#region src/vault/serializers/actor.serializer.ts
+const deserializeActor = (response) => ({
+	id: response.id,
+	name: response.name
+});
+//#endregion
+//#region src/vault/serializers/object-metadata.serializer.ts
+const deserializeObjectMetadata = (response) => ({
+	context: response.context,
+	environmentId: response.environment_id,
+	id: response.id,
+	keyId: response.key_id,
+	updatedAt: new Date(response.updated_at),
+	updatedBy: deserializeActor(response.updated_by),
+	versionId: response.version_id ?? null
+});
+//#endregion
+//#region src/vault/serializers/vault-object.serializer.ts
+const deserializeVaultObject = (response) => ({
+	id: response.id,
+	metadata: deserializeObjectMetadata(response.metadata),
+	name: response.name,
+	value: response.value
+});
+//#endregion
+//#region src/vault/serializers/object-without-value.serializer.ts
+const deserializeObjectWithoutValue = (response) => ({
+	id: response.id,
+	metadata: deserializeObjectMetadata(response.metadata),
+	name: response.name
+});
+//#endregion
+//#region src/vault/serializers/object-version.serializer.ts
+const deserializeObjectVersion = (response) => ({
+	createdAt: new Date(response.created_at),
+	currentVersion: response.current_version,
+	etag: response.etag ?? "",
+	id: response.id,
+	size: response.size ?? 0
+});
+//#endregion
+//#region src/vault/serializers/list-metadata.serializer.ts
+const deserializeListMetadata = (response) => ({
+	after: response.after ?? null,
+	before: response.before ?? null
+});
+//#endregion
+//#region src/vault/serializers/version-list-response.serializer.ts
+const deserializeVersionListResponse = (response) => ({
+	data: response.data.map(deserializeObjectVersion),
+	listMetadata: deserializeListMetadata(response.list_metadata)
+});
+//#endregion
+//#region src/vault/serializers/object-summary.serializer.ts
+const deserializeObjectSummary = (response) => ({
+	id: response.id,
+	name: response.name,
+	updatedAt: response.updated_at != null ? new Date(response.updated_at) : null
+});
+//#endregion
+//#region src/vault/serializers/create-data-key-request.serializer.ts
+const serializeCreateDataKeyRequest = (model) => ({ context: model.context });
+//#endregion
+//#region src/vault/serializers/decrypt-request.serializer.ts
+const serializeDecryptRequest = (model) => ({ keys: model.keys });
+//#endregion
+//#region src/vault/serializers/rekey-request.serializer.ts
+const serializeRekeyRequest = (model) => ({
+	context: model.context,
+	encrypted_keys: model.encryptedKeys
+});
+//#endregion
+//#region src/vault/serializers/create-object-request.serializer.ts
+const serializeCreateObjectRequest = (model) => ({
+	key_context: model.keyContext,
+	name: model.name,
+	value: model.value
+});
+//#endregion
+//#region src/vault/serializers/update-object-request.serializer.ts
+const serializeUpdateObjectRequest = (model) => ({
+	value: model.value,
+	version_check: model.versionCheck ?? null
+});
+//#endregion
 //#region src/common/utils/base64.ts
 /**
 * Cross-runtime compatible base64 encoding/decoding utilities
@@ -5767,128 +6553,235 @@ function uint8ArrayToBase64(bytes) {
 	else throw new Error("No base64 encoding implementation available");
 }
 //#endregion
-//#region src/vault/serializers/vault-key.serializer.ts
-const deserializeCreateDataKeyResponse = (key) => ({
-	context: key.context,
-	dataKey: {
-		key: key.data_key,
-		id: key.id
-	},
-	encryptedKeys: key.encrypted_keys
-});
-const deserializeDecryptDataKeyResponse = (key) => ({
-	key: key.data_key,
-	id: key.id
-});
-//#endregion
-//#region src/vault/serializers/vault-object.serializer.ts
-const deserializeObjectMetadata = (metadata) => ({
-	context: metadata.context,
-	environmentId: metadata.environment_id,
-	id: metadata.id,
-	keyId: metadata.key_id,
-	updatedAt: new Date(Date.parse(metadata.updated_at)),
-	updatedBy: metadata.updated_by,
-	versionId: metadata.version_id
-});
-const deserializeObject = (object) => ({
-	id: object.id,
-	name: object.name,
-	...object.value !== void 0 && { value: object.value },
-	metadata: deserializeObjectMetadata(object.metadata)
-});
-const deserializeObjectDigest = (digest) => ({
-	id: digest.id,
-	name: digest.name,
-	updatedAt: new Date(Date.parse(digest.updated_at))
-});
-const deserializeListObjects = (list) => ({
-	object: "list",
-	data: list.data.map(deserializeObjectDigest),
-	listMetadata: {
-		...list.list_metadata.after !== void 0 && { after: list.list_metadata.after },
-		...list.list_metadata.before !== void 0 && { before: list.list_metadata.before }
-	}
-});
-const desrializeListObjectVersions = (list) => list.data.map(deserializeObjectVersion);
-const deserializeObjectVersion = (version) => ({
-	createdAt: new Date(Date.parse(version.created_at)),
-	currentVersion: version.current_version,
-	id: version.id
-});
-const serializeCreateObjectEntity = (options) => ({
-	name: options.name,
-	value: options.value,
-	key_context: options.context
-});
-const serializeUpdateObjectEntity = (options) => ({
-	value: options.value,
-	version_check: options.versionCheck
-});
-//#endregion
 //#region src/vault/vault.ts
+const serializeListObjectsOptions = (options) => {
+	const wire = {
+		limit: options.limit,
+		before: options.before,
+		after: options.after,
+		order: options.order
+	};
+	if (options.search !== void 0) wire.search = options.search;
+	if (options.updatedAfter !== void 0) wire.updated_after = options.updatedAfter;
+	return wire;
+};
 var Vault = class {
 	workos;
-	cryptoProvider;
 	constructor(workos) {
 		this.workos = workos;
-		this.cryptoProvider = workos.getCryptoProvider();
 	}
-	decode(payload) {
-		const inputData = base64ToUint8Array(payload);
-		const iv = new Uint8Array(inputData.subarray(0, 12));
-		const tag = new Uint8Array(inputData.subarray(12, 28));
-		const { value: keyLen, nextIndex } = decodeUInt32(inputData, 28);
+	async readObjectByName(options) {
+		const name = typeof options === "string" ? options : options.name;
+		const { data } = await this.workos.get(`/vault/v1/kv/name/${encodeURIComponent(name)}`);
+		return deserializeVaultObject(data);
+	}
+	/**
+	* Create a data key
+	*
+	* Generate an isolated encryption key for local encryption operations.
+	* @param options - Object containing context.
+	* @param options.context - Map of values used to determine the encryption key.
+	* @example {"organization_id":"org_01K8ZYT4AWJ6XP0E0S8CTBHE3P"}
+	* @returns {Promise<DataKeyPair>}
+	* @throws {BadRequestException} 400
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async createDataKey(options) {
+		const payload = options;
+		const { data } = await this.workos.post("/vault/v1/keys/data-key", serializeCreateDataKeyRequest(payload));
+		const result = deserializeCreateDataKeyResponse(data);
 		return {
-			iv,
-			tag,
-			keys: uint8ArrayToBase64(inputData.subarray(nextIndex, nextIndex + keyLen)),
-			ciphertext: new Uint8Array(inputData.subarray(nextIndex + keyLen))
+			context: result.context,
+			dataKey: {
+				key: result.dataKey,
+				id: result.id
+			},
+			encryptedKeys: result.encryptedKeys
 		};
 	}
-	async createObject(options) {
-		const { data } = await this.workos.post(`/vault/v1/kv`, serializeCreateObjectEntity(options));
-		return deserializeObjectMetadata(data);
+	/**
+	* Decrypt a data key
+	*
+	* Decrypt a previously encrypted data key from WorkOS Vault.
+	* @param options - Object containing keys.
+	* @param options.keys - Base64-encoded encrypted data key to decrypt.
+	* @example "V09TLkVLTS52MQBiZjUxY2NlYy03OGI0LTUyMDAtYjM4My0zNTczMGU3MWVmNjEBATEBJGJmNjVlMzI2LTQzYTAtNGIyMC04OGM0LTA3ZmYzZGU1NDM0YwF0YmY2NWUzMjYtNDNhMC00YjIwLTg4YzQtMDdmZjNkZTU0MzRj"
+	* @returns {Promise<DataKey>}
+	* @throws {BadRequestException} 400
+	*/
+	async decryptDataKey(options) {
+		const payload = options;
+		const { data } = await this.workos.post("/vault/v1/keys/decrypt", serializeDecryptRequest(payload));
+		const result = deserializeDecryptResponse(data);
+		return {
+			key: result.dataKey,
+			id: result.id
+		};
+	}
+	/**
+	* Re-encrypt a data key
+	*
+	* Decrypt an existing data key and re-encrypt it under a new key context.
+	* @param options - Object containing context, encryptedKeys.
+	* @param options.context - Map of values used to determine the new encryption key.
+	* @example {"organization_id":"org_01K8ZYT4AWJ6XP0E0S8CTBHE3P"}
+	* @param options.encryptedKeys - Base64-encoded encrypted data key blob to re-encrypt.
+	* @example "V09TLkVLTS52MQBiZjUxY2NlYy03OGI0LTUyMDAtYjM4My0zNTczMGU3MWVmNjEBATEBJGJmNjVlMzI2LTQzYTAtNGIyMC04OGM0LTA3ZmYzZGU1NDM0YwF0YmY2NWUzMjYtNDNhMC00YjIwLTg4YzQtMDdmZjNkZTU0MzRj"
+	* @returns {Promise<CreateDataKeyResponse>}
+	* @throws {BadRequestException} 400
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async createRekey(options) {
+		const payload = options;
+		const { data } = await this.workos.post("/vault/v1/keys/rekey", serializeRekeyRequest(payload));
+		return deserializeCreateDataKeyResponse(data);
 	}
+	/**
+	* List objects
+	*
+	* List all encrypted objects with cursor-based pagination.
+	* @param options - Pagination and filter options.
+	* @returns {Promise<AutoPaginatable<ObjectSummary, PaginationOptions>>}
+	* @throws {BadRequestException} 400
+	*/
 	async listObjects(options) {
-		const url = new URL("/vault/v1/kv", this.workos.baseURL);
-		if (options?.after) url.searchParams.set("after", options.after);
-		if (options?.before) url.searchParams.set("before", options.before);
-		if (options?.limit) url.searchParams.set("limit", options.limit.toString());
-		if (options?.order) url.searchParams.set("order", options.order);
-		const { data } = await this.workos.get(url.toString());
-		return deserializeListObjects(data);
+		const paginationOptions = options;
+		return new AutoPaginatable(await fetchAndDeserialize(this.workos, "/vault/v1/kv", deserializeObjectSummary, options ? serializeListObjectsOptions(options) : void 0), (params) => fetchAndDeserialize(this.workos, "/vault/v1/kv", deserializeObjectSummary, params), paginationOptions);
 	}
-	async listObjectVersions(options) {
-		const { data } = await this.workos.get(`/vault/v1/kv/${encodeURIComponent(options.id)}/versions`);
-		return desrializeListObjectVersions(data);
+	/**
+	* Create an object
+	*
+	* Encrypt and store a new key-value object.
+	* @param options - Object containing keyContext, name, value.
+	* @param options.keyContext - Map of values used to determine the encryption key.
+	* @example {"organization_id":"org_01K8ZYT4AWJ6XP0E0S8CTBHE3P"}
+	* @param options.name - Unique name for the object.
+	* @example "my-secret"
+	* @param options.value - Plaintext data to encrypt and store.
+	* @example "s3cr3t-v4lu3"
+	* @returns {Promise<ObjectMetadata>}
+	* @throws {BadRequestException} 400
+	* @throws {ConflictException} 409
+	* @throws {UnprocessableEntityException} 422
+	*/
+	async createObject(options) {
+		const payload = options;
+		const requestPayload = {
+			...payload,
+			keyContext: payload.context
+		};
+		const { data } = await this.workos.post("/vault/v1/kv", serializeCreateObjectRequest(requestPayload));
+		return deserializeObjectMetadata(data);
 	}
+	/**
+	* Read an object by ID
+	*
+	* Fetch and decrypt an object by its unique identifier.
+	* @param options - The request options.
+	* @param options.id - Unique identifier of the object.
+	* @example "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
+	* @returns {Promise<VaultObject>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	*/
 	async readObject(options) {
-		const { data } = await this.workos.get(`/vault/v1/kv/${encodeURIComponent(options.id)}`);
-		return deserializeObject(data);
+		const { id } = options;
+		const { data } = await this.workos.get(`/vault/v1/kv/${encodeURIComponent(id)}`);
+		return deserializeVaultObject(data);
+	}
+	/**
+	* Update an object
+	*
+	* Update the value of an existing encrypted object.
+	* @param options - Object containing value.
+	* @param options.id - Unique identifier of the object.
+	* @example "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
+	* @param options.value - New plaintext value.
+	* @example "upd4t3d-v4lu3"
+	* @param options.versionCheck - ID of the expected current version for optimistic locking.
+	* @example "c3d4e5f6-7890-abcd-ef12-34567890abcd"
+	* @returns {Promise<VaultObject>}
+	* @throws {BadRequestException} 400
+	* @throws {ConflictException} 409
+	*/
+	async updateObject(options) {
+		const { id, ...payload } = options;
+		const { data } = await this.workos.put(`/vault/v1/kv/${encodeURIComponent(id)}`, serializeUpdateObjectRequest(payload));
+		return {
+			...deserializeObjectWithoutValue(data),
+			value: void 0
+		};
 	}
-	async readObjectByName(name) {
-		const { data } = await this.workos.get(`/vault/v1/kv/name/${encodeURIComponent(name)}`);
-		return deserializeObject(data);
+	/**
+	* Delete an object
+	*
+	* Delete an encrypted object.
+	* @param options - Additional query options.
+	* @param options.id - Unique identifier of the object.
+	* @example "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
+	* @param options.versionCheck - Expected current version for optimistic locking.
+	* @example "c3d4e5f6-7890-abcd-ef12-34567890abcd"
+	* @returns {Promise<void>}
+	* @throws {NotFoundException} 404
+	* @throws {ConflictException} 409
+	*/
+	async deleteObject(options) {
+		const { id } = options;
+		await this.workos.delete(`/vault/v1/kv/${encodeURIComponent(id)}`, { query: { ...options.versionCheck !== void 0 && { version_check: options.versionCheck } } });
 	}
+	/**
+	* Describe an object
+	*
+	* Fetch metadata for an object without decrypting it.
+	* @param options - The request options.
+	* @param options.id - Unique identifier of the object.
+	* @example "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
+	* @returns {Promise<VaultObject>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	*/
 	async describeObject(options) {
-		const { data } = await this.workos.get(`/vault/v1/kv/${encodeURIComponent(options.id)}/metadata`);
-		return deserializeObject(data);
-	}
-	async updateObject(options) {
-		const { data } = await this.workos.put(`/vault/v1/kv/${encodeURIComponent(options.id)}`, serializeUpdateObjectEntity(options));
-		return deserializeObject(data);
+		const { id } = options;
+		const { data } = await this.workos.get(`/vault/v1/kv/${encodeURIComponent(id)}/metadata`);
+		return {
+			...deserializeObjectWithoutValue(data),
+			value: void 0
+		};
 	}
-	async deleteObject(options) {
-		return this.workos.delete(`/vault/v1/kv/${encodeURIComponent(options.id)}`);
+	/**
+	* List object versions
+	*
+	* Retrieve all versions for a specific object.
+	* @param options - The request options.
+	* @param options.id - Unique identifier of the object.
+	* @example "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
+	* @returns {Promise<ObjectVersion[]>}
+	* @throws {BadRequestException} 400
+	* @throws {NotFoundException} 404
+	*/
+	async listObjectVersions(options) {
+		const { id } = options;
+		const { data } = await this.workos.get(`/vault/v1/kv/${encodeURIComponent(id)}/versions`);
+		return deserializeVersionListResponse(data).data;
 	}
-	async createDataKey(options) {
-		const { data } = await this.workos.post(`/vault/v1/keys/data-key`, options);
-		return deserializeCreateDataKeyResponse(data);
+	decode(payload) {
+		const inputData = base64ToUint8Array(payload);
+		const iv = new Uint8Array(inputData.subarray(0, 12));
+		const tag = new Uint8Array(inputData.subarray(12, 28));
+		const { value: keyLen, nextIndex } = decodeUInt32(inputData, 28);
+		return {
+			iv,
+			tag,
+			keys: uint8ArrayToBase64(inputData.subarray(nextIndex, nextIndex + keyLen)),
+			ciphertext: new Uint8Array(inputData.subarray(nextIndex + keyLen))
+		};
 	}
-	async decryptDataKey(options) {
-		const { data } = await this.workos.post(`/vault/v1/keys/decrypt`, options);
-		return deserializeDecryptDataKeyResponse(data);
+	async decrypt(encryptedData, associatedData) {
+		const decoded = this.decode(encryptedData);
+		const key = base64ToUint8Array((await this.decryptDataKey({ keys: decoded.keys })).key);
+		const aadBuffer = associatedData ? new TextEncoder().encode(associatedData) : void 0;
+		const decrypted = await this.workos.getCryptoProvider().decrypt(decoded.ciphertext, key, decoded.iv, decoded.tag, aadBuffer);
+		return new TextDecoder().decode(decrypted);
 	}
 	async encrypt(data, context, associatedData) {
 		const keyPair = await this.createDataKey({ context });
@@ -5897,8 +6790,9 @@ var Vault = class {
 		const keyBlob = base64ToUint8Array(keyPair.encryptedKeys);
 		const prefixLenBuffer = encodeUInt32(keyBlob.length);
 		const aadBuffer = associatedData ? encoder.encode(associatedData) : void 0;
-		const iv = this.cryptoProvider.randomBytes(12);
-		const { ciphertext, iv: resultIv, tag } = await this.cryptoProvider.encrypt(encoder.encode(data), key, iv, aadBuffer);
+		const cryptoProvider = this.workos.getCryptoProvider();
+		const iv = cryptoProvider.randomBytes(12);
+		const { ciphertext, iv: resultIv, tag } = await cryptoProvider.encrypt(encoder.encode(data), key, iv, aadBuffer);
 		const resultArray = new Uint8Array(resultIv.length + tag.length + prefixLenBuffer.length + keyBlob.length + ciphertext.length);
 		let offset = 0;
 		resultArray.set(resultIv, offset);
@@ -5912,18 +6806,10 @@ var Vault = class {
 		resultArray.set(ciphertext, offset);
 		return uint8ArrayToBase64(resultArray);
 	}
-	async decrypt(encryptedData, associatedData) {
-		const decoded = this.decode(encryptedData);
-		const key = base64ToUint8Array((await this.decryptDataKey({ keys: decoded.keys })).key);
-		const encoder = new TextEncoder();
-		const aadBuffer = associatedData ? encoder.encode(associatedData) : void 0;
-		const decrypted = await this.cryptoProvider.decrypt(decoded.ciphertext, key, decoded.iv, decoded.tag, aadBuffer);
-		return new TextDecoder().decode(decrypted);
-	}
 };
 //#endregion
 //#region package.json
-var version = "9.3.1";
+var version = "10.0.0";
 //#endregion
 //#region src/workos.ts
 const DEFAULT_HOSTNAME = "api.workos.com";
@@ -5944,6 +6830,7 @@ var WorkOS = class {
 	auditLogs = new AuditLogs(this);
 	authorization = new Authorization(this);
 	directorySync = new DirectorySync(this);
+	connect = new Connect(this);
 	events = new Events(this);
 	featureFlags = new FeatureFlags(this);
 	groups = new Groups(this);
@@ -5952,6 +6839,7 @@ var WorkOS = class {
 	organizationDomains = new OrganizationDomains(this);
 	passwordless = new Passwordless(this);
 	pipes = new Pipes(this);
+	radar = new Radar(this);
 	adminPortal = new AdminPortal(this);
 	sso = new SSO(this);
 	userManagement;
@@ -6006,7 +6894,7 @@ var WorkOS = class {
 		return `workos-node/${version}`;
 	}
 	createWebhookClient() {
-		return new Webhooks(this.getCryptoProvider());
+		return new Webhooks(this);
 	}
 	createActionsClient() {
 		return new Actions(this.getCryptoProvider());
@@ -6299,6 +7187,6 @@ function createWorkOS(options) {
 	return new WorkOS(options);
 }
 //#endregion
-export { FetchHttpClient as A, NoApiKeyProvidedException as C, isAuthenticationErrorData as D, AuthenticationException as E, GenericServerException as O, NotFoundException as S, BadRequestException as T, UnprocessableEntityException as _, DomainDataState as a, RateLimitExceededException as b, FeatureFlagsRuntimeClient as c, serializeRevokeSessionOptions as d, AuthenticateWithSessionCookieFailureReason as f, Actions as g, Webhooks as h, OrganizationDomainVerificationStrategy as i, SubtleCryptoProvider as j, ApiKeyRequiredException as k, CookieSession as l, PKCE as m, ConnectionType as n, GenerateLinkIntent as o, AutoPaginatable as p, OrganizationDomainState as r, WorkOS as s, createWorkOS as t, RefreshSessionFailureReason as u, UnauthorizedException as v, ConflictException as w, OauthException as x, SignatureVerificationException as y };
+export { GenericServerException as A, OauthException as C, BadRequestException as D, ConflictException as E, FetchHttpClient as M, SubtleCryptoProvider as N, AuthenticationException as O, RateLimitExceededException as S, NoApiKeyProvidedException as T, AutoPaginatable as _, DomainDataState as a, UnauthorizedException as b, deserializeGetTokenResponse as c, CookieSession as d, RefreshSessionFailureReason as f, Webhooks as g, PKCE as h, OrganizationDomainVerificationStrategy as i, ApiKeyRequiredException as j, isAuthenticationErrorData as k, serializeGetTokenOptions as l, AuthenticateWithSessionCookieFailureReason as m, ConnectionType as n, GenerateLinkIntent as o, serializeRevokeSessionOptions as p, OrganizationDomainState as r, WorkOS as s, createWorkOS as t, FeatureFlagsRuntimeClient as u, Actions as v, NotFoundException as w, SignatureVerificationException as x, UnprocessableEntityException as y };
 
-//# sourceMappingURL=factory-B2N5WzoO.mjs.map
+//# sourceMappingURL=factory-fIHNXxrd.mjs.map