@workos-inc/node 9.3.1 → 10.1.0

package/lib/{workos-D5a84gFU.d.mts → factory-BNdbGia2.d.mts}

@@ -492,7 +492,6 @@ interface ListAuthorizationResourcesOptions extends PaginationOptions {
   parentResourceId?: string;
   parentResourceTypeSlug?: string;
   parentExternalId?: string;
-  search?: string;
 }
 interface SerializedListAuthorizationResourcesOptions extends PaginationOptions {
   organization_id?: string;
@@ -500,7 +499,6 @@ interface SerializedListAuthorizationResourcesOptions extends PaginationOptions
   parent_resource_id?: string;
   parent_resource_type_slug?: string;
   parent_external_id?: string;
-  search?: string;
 }
 //#endregion
 //#region src/authorization/interfaces/get-authorization-resource-by-external-id-options.interface.d.ts
@@ -1022,6 +1020,8 @@ interface Profile<CustomAttributesType extends UnknownRecord> {
   connectionType: ConnectionType;
   /** The user's email address. */
   email: string;
+  /** The user's full name. */
+  name?: string;
   /** The user's first name. */
   firstName?: string;
   /** The user's last name. */
@@ -1046,6 +1046,7 @@ interface ProfileResponse<CustomAttributesType extends UnknownRecord> {
   connection_id: string;
   connection_type: ConnectionType;
   email: string;
+  name?: string;
   first_name?: string;
   last_name?: string;
   role?: RoleResponse;
@@ -1157,6 +1158,7 @@ interface AuthenticateWithMagicAuthOptions extends AuthenticateWithOptionsBase {
   email: string;
   invitationToken?: string;
   linkAuthorizationCode?: string;
+  radarAuthAttemptId?: string;
 }
 interface AuthenticateUserWithMagicAuthCredentials {
   clientSecret: string | undefined;
@@ -1167,6 +1169,7 @@ interface SerializedAuthenticateWithMagicAuthOptions extends SerializedAuthentic
   email: string;
   invitation_token?: string;
   link_authorization_code?: string;
+  radar_auth_attempt_id?: string;
 }
 //#endregion
 //#region src/user-management/interfaces/authenticate-with-organization-selection.interface.d.ts
@@ -1188,6 +1191,7 @@ interface AuthenticateWithPasswordOptions extends AuthenticateWithOptionsBase {
   email: string;
   password: string;
   invitationToken?: string;
+  radarAuthAttemptId?: string;
 }
 interface AuthenticateUserWithPasswordCredentials {
   clientSecret: string | undefined;
@@ -1197,6 +1201,7 @@ interface SerializedAuthenticateWithPasswordOptions extends SerializedAuthentica
   email: string;
   password: string;
   invitation_token?: string;
+  radar_auth_attempt_id?: string;
 }
 //#endregion
 //#region src/user-management/interfaces/authenticate-with-refresh-token-options.interface.d.ts
@@ -1248,6 +1253,8 @@ interface User {
   emailVerified: boolean;
   /** A URL reference to an image representing the user. */
   profilePictureUrl: string | null;
+  /** The full name of the user. */
+  name: string | null;
   /** The first name of the user. */
   firstName: string | null;
   /** The last name of the user. */
@@ -1271,6 +1278,7 @@ interface UserResponse {
   email: string;
   email_verified: boolean;
   profile_picture_url: string | null;
+  name: string | null;
   first_name: string | null;
   last_name: string | null;
   last_sign_in_at: string | null;
@@ -1280,6 +1288,12 @@ interface UserResponse {
   external_id?: string;
   metadata?: Record<string, string>;
 }
+interface CreateUserResponse extends User {
+  radarAuthAttemptId?: string;
+}
+interface CreateUserResponseResponse extends UserResponse {
+  radar_auth_attempt_id?: string;
+}
 //#endregion
 //#region src/user-management/interfaces/authentication-response.interface.d.ts
 type AuthenticationMethod = 'SSO' | 'Password' | 'Passkey' | 'AppleOAuth' | 'BitbucketOAuth' | 'DiscordOAuth' | 'GitHubOAuth' | 'GitLabOAuth' | 'GoogleOAuth' | 'IntuitOAuth' | 'LinkedInOAuth' | 'MicrosoftOAuth' | 'SalesforceOAuth' | 'SlackOAuth' | 'VercelMarketplaceOAuth' | 'VercelOAuth' | 'XeroOAuth' | 'MagicAuth' | 'CrossAppAuth' | 'ExternalAuth' | 'MigratedSession' | 'Impersonation';
@@ -1308,7 +1322,7 @@ interface AuthenticateWithSessionCookieOptions {
   sessionData: string;
   cookiePassword?: string;
 }
-interface AccessToken$1 {
+interface UserManagementAccessToken {
   sid: string;
   org_id?: string;
   role?: string;
@@ -1396,6 +1410,64 @@ interface AuthenticationEventResponse {
   user_id: string | null;
 }
 //#endregion
+//#region src/multi-factor-auth/interfaces/totp.interface.d.ts
+interface Totp {
+  issuer: string;
+  user: string;
+}
+interface TotpWithSecrets extends Totp {
+  qrCode: string;
+  secret: string;
+  uri: string;
+}
+interface TotpResponse {
+  issuer: string;
+  user: string;
+}
+interface TotpWithSecretsResponse extends TotpResponse {
+  qr_code: string;
+  secret: string;
+  uri: string;
+}
+//#endregion
+//#region src/user-management/interfaces/authentication-factor.interface.d.ts
+interface AuthenticationFactor {
+  object: 'authentication_factor';
+  id: string;
+  createdAt: string;
+  updatedAt: string;
+  type: 'totp';
+  totp: Totp;
+  userId: string;
+}
+interface AuthenticationFactorWithSecrets {
+  object: 'authentication_factor';
+  id: string;
+  createdAt: string;
+  updatedAt: string;
+  type: 'totp';
+  totp: TotpWithSecrets;
+  userId: string;
+}
+interface AuthenticationFactorResponse {
+  object: 'authentication_factor';
+  id: string;
+  created_at: string;
+  updated_at: string;
+  type: 'totp';
+  totp: TotpResponse;
+  user_id: string;
+}
+interface AuthenticationFactorWithSecretsResponse {
+  object: 'authentication_factor';
+  id: string;
+  created_at: string;
+  updated_at: string;
+  type: 'totp';
+  totp: TotpWithSecretsResponse;
+  user_id: string;
+}
+//#endregion
 //#region src/user-management/interfaces/authentication-radar-risk-detected-event.interface.d.ts
 type AuthenticationRadarRiskDetectedEventData = {
   authMethod: string;
@@ -1466,10 +1538,16 @@ interface PKCEAuthorizationURLResult {
 interface CreateMagicAuthOptions {
   email: string;
   invitationToken?: string;
+  ipAddress?: string;
+  userAgent?: string;
+  radarAuthAttemptId?: string;
 }
 interface SerializedCreateMagicAuthOptions {
   email: string;
   invitation_token?: string;
+  ip_address?: string;
+  user_agent?: string;
+  radar_auth_attempt_id?: string;
 }
 //#endregion
 //#region src/user-management/interfaces/create-organization-membership-options.interface.d.ts
@@ -1503,22 +1581,28 @@ interface CreateUserOptions {
   password?: string;
   passwordHash?: string;
   passwordHashType?: PasswordHashType;
+  name?: string;
   firstName?: string;
   lastName?: string;
   emailVerified?: boolean;
   externalId?: string;
   metadata?: Record<string, string>;
+  ipAddress?: string;
+  userAgent?: string;
 }
 interface SerializedCreateUserOptions {
   email: string;
   password?: string;
   password_hash?: string;
   password_hash_type?: PasswordHashType;
+  name?: string;
   first_name?: string;
   last_name?: string;
   email_verified?: boolean;
   external_id?: string;
   metadata?: Record<string, string>;
+  ip_address?: string;
+  user_agent?: string;
 }
 //#endregion
 //#region src/user-management/interfaces/email-verification.interface.d.ts
@@ -1584,64 +1668,6 @@ interface SerializedEnrollUserInMfaFactorOptions {
   totp_secret?: string;
 }
 //#endregion
-//#region src/multi-factor-auth/interfaces/totp.interface.d.ts
-interface Totp {
-  issuer: string;
-  user: string;
-}
-interface TotpWithSecrets extends Totp {
-  qrCode: string;
-  secret: string;
-  uri: string;
-}
-interface TotpResponse {
-  issuer: string;
-  user: string;
-}
-interface TotpWithSecretsResponse extends TotpResponse {
-  qr_code: string;
-  secret: string;
-  uri: string;
-}
-//#endregion
-//#region src/user-management/interfaces/factor.interface.d.ts
-interface Factor$1 {
-  object: 'authentication_factor';
-  id: string;
-  createdAt: string;
-  updatedAt: string;
-  type: 'totp';
-  totp: Totp;
-  userId: string;
-}
-interface FactorWithSecrets$1 {
-  object: 'authentication_factor';
-  id: string;
-  createdAt: string;
-  updatedAt: string;
-  type: 'totp';
-  totp: TotpWithSecrets;
-  userId: string;
-}
-interface FactorResponse {
-  object: 'authentication_factor';
-  id: string;
-  created_at: string;
-  updated_at: string;
-  type: 'totp';
-  totp: TotpResponse;
-  user_id: string;
-}
-interface FactorWithSecretsResponse {
-  object: 'authentication_factor';
-  id: string;
-  created_at: string;
-  updated_at: string;
-  type: 'totp';
-  totp: TotpWithSecretsResponse;
-  user_id: string;
-}
-//#endregion
 //#region src/user-management/interfaces/identity.interface.d.ts
 interface Identity {
   idpId: string;
@@ -1875,6 +1901,12 @@ interface MagicAuthResponse {
   created_at: string;
   updated_at: string;
 }
+interface CreateMagicAuthResponse extends MagicAuth {
+  radarAuthAttemptId?: string;
+}
+interface CreateMagicAuthResponseResponse extends MagicAuthResponse {
+  radar_auth_attempt_id?: string;
+}
 interface MagicAuthEventResponse {
   object: 'magic_auth';
   id: string;
@@ -2048,6 +2080,7 @@ interface SerializedUpdateOrganizationMembershipOptions {
 interface UpdateUserOptions {
   userId: string;
   email?: string;
+  name?: string;
   firstName?: string;
   lastName?: string;
   emailVerified?: boolean;
@@ -2060,6 +2093,7 @@ interface UpdateUserOptions {
 }
 interface SerializedUpdateUserOptions {
   email?: string;
+  name?: string;
   first_name?: string;
   last_name?: string;
   email_verified?: boolean;
@@ -2386,13 +2420,20 @@ interface GetGroupOptions {
 //#endregion
 //#region src/groups/interfaces/group.interface.d.ts
 interface Group {
+  /** The Group object. */
   object: 'group';
+  /** The unique ID of the Group. */
   id: string;
+  /** The ID of the Organization the Group belongs to. */
   organizationId: string;
+  /** The name of the Group. */
   name: string;
+  /** An optional description of the Group. */
   description: string | null;
-  createdAt: string;
-  updatedAt: string;
+  /** An ISO 8601 timestamp. */
+  createdAt: Date;
+  /** An ISO 8601 timestamp. */
+  updatedAt: Date;
 }
 interface GroupResponse {
   object: 'group';
@@ -3425,6 +3466,7 @@ interface AuthenticationActionContext {
 interface UserData {
   object: 'user_data';
   email: string;
+  name: string | null;
   firstName: string;
   lastName: string;
 }
@@ -3452,6 +3494,7 @@ interface AuthenticationActionPayload {
 interface UserDataPayload {
   object: 'user_data';
   email: string;
+  name: string | null;
   first_name: string;
   last_name: string;
 }
@@ -3525,36 +3568,6 @@ declare class Actions {
   }): Promise<ActionContext>;
 }
 //#endregion
-//#region src/webhooks/webhooks.d.ts
-declare class Webhooks {
-  private signatureProvider;
-  constructor(cryptoProvider: CryptoProvider);
-  get verifyHeader(): ({
-    payload,
-    sigHeader,
-    secret,
-    tolerance
-  }: {
-    payload: WebhookPayload;
-    sigHeader: string;
-    secret: string;
-    tolerance?: number;
-  }) => Promise<boolean>;
-  get computeSignature(): (timestamp: any, payload: WebhookPayload, secret: string) => Promise<string>;
-  get getTimestampAndSignatureHash(): (sigHeader: string) => [string, string];
-  constructEvent({
-    payload,
-    sigHeader,
-    secret,
-    tolerance
-  }: {
-    payload: WebhookPayload;
-    sigHeader: string;
-    secret: string;
-    tolerance?: number;
-  }): Promise<Event>;
-}
-//#endregion
 //#region src/pkce/pkce.d.ts
 interface PKCEPair {
   codeVerifier: string;
@@ -3669,98 +3682,601 @@ declare class ApiKeys {
   createOrganizationApiKey(options: CreateOrganizationApiKeyOptions, requestOptions?: CreateOrganizationApiKeyRequestOptions): Promise<CreatedApiKey>;
 }
 //#endregion
-//#region src/directory-sync/directory-sync.d.ts
-declare class DirectorySync {
-  private readonly workos;
-  constructor(workos: WorkOS);
-  /**
-   * List Directories
-   *
-   * Get a list of all of your existing directories matching the criteria specified.
-   * @param options - Pagination and filter options.
-   * @returns {Promise<AutoPaginatable<Directory, SerializedListDirectoriesOptions>>}
-   * @throws 403 response from the API.
-   * @throws {UnprocessableEntityException} 422
-   */
-  listDirectories(options?: ListDirectoriesOptions): Promise<AutoPaginatable<Directory, SerializedListDirectoriesOptions>>;
-  /**
-   * Get a Directory
-   *
-   * Get the details of an existing directory.
-   * @param id - Unique identifier for the Directory.
-   *
-   * @example
-   * "directory_01ECAZ4NV9QMV47GW873HDCX74"
-   *
-   * @returns {Promise<Directory>}
-   * @throws 403 response from the API.
-   * @throws {NotFoundException} 404
-   */
-  getDirectory(id: string): Promise<Directory>;
-  /**
-   * Delete a Directory
-   *
-   * Permanently deletes an existing directory. It cannot be undone.
-   * @param id - Unique identifier for the Directory.
-   *
-   * @example
-   * "directory_01ECAZ4NV9QMV47GW873HDCX74"
-   *
-   * @returns {Promise<void>}
-   * @throws 403 response from the API.
-   */
-  deleteDirectory(id: string): Promise<void>;
-  /**
-   * List Directory Groups
-   *
-   * Get a list of all of existing directory groups matching the criteria specified.
-   * @param options - Pagination and filter options.
-   * @returns {Promise<AutoPaginatable<DirectoryGroup, ListDirectoryGroupsOptions>>}
-   * @throws 403 response from the API.
-   * @throws {NotFoundException} 404
-   * @throws {UnprocessableEntityException} 422
-   */
-  listGroups(options: ListDirectoryGroupsOptions): Promise<AutoPaginatable<DirectoryGroup, ListDirectoryGroupsOptions>>;
-  /**
-   * List Directory Users
-   *
-   * Get a list of all of existing Directory Users matching the criteria specified.
-   * @param options - Pagination and filter options.
-   * @returns {Promise<AutoPaginatable<DirectoryUserWithGroups<TCustomAttributes>, ListDirectoryUsersOptions>>}
-   * @throws 403 response from the API.
-   * @throws {NotFoundException} 404
-   * @throws {UnprocessableEntityException} 422
-   * @throws {RateLimitExceededException} 429
-   */
-  listUsers<TCustomAttributes extends object = DefaultCustomAttributes>(options: ListDirectoryUsersOptions): Promise<AutoPaginatable<DirectoryUserWithGroups<TCustomAttributes>, ListDirectoryUsersOptions>>;
-  /**
-   * Get a Directory User
-   *
-   * Get the details of an existing Directory User.
-   * @param user - Unique identifier for the Directory User.
-   *
-   * @example
-   * "directory_user_01E1JG7J09H96KYP8HM9B0G5SJ"
-   * @returns {Promise<DirectoryUserWithGroups<TCustomAttributes>>}
-   * @throws 403 response from the API.
-   * @throws {NotFoundException} 404
-   */
-  getUser<TCustomAttributes extends object = DefaultCustomAttributes>(user: string): Promise<DirectoryUserWithGroups<TCustomAttributes>>;
-  /**
-   * Get a Directory Group
-   *
-   * Get the details of an existing Directory Group.
-   * @param group - Unique identifier for the Directory Group.
-   *
-   * @example
-   * "directory_group_01E1JJS84MFPPQ3G655FHTKX6Z"
-   * @returns {Promise<DirectoryGroup>}
-   * @throws 403 response from the API.
-   * @throws {NotFoundException} 404
-   */
-  getGroup(group: string): Promise<DirectoryGroup>;
-}
-//#endregion
+//#region src/connect/interfaces/user-object.interface.d.ts
+interface UserObject {
+  /** Your application's user identifier, which will be stored as an [`external_id`](https://workos.com/docs/authkit/metadata/external-identifiers). Used for upserting and deduplication. */
+  id: string;
+  /** The user's email address. */
+  email: string;
+  /** The user's first name. */
+  firstName?: string;
+  /** The user's last name. */
+  lastName?: string;
+  /** A set of key-value pairs to attach to the user. */
+  metadata?: Record<string, string>;
+}
+interface UserObjectResponse {
+  id: string;
+  email: string;
+  first_name?: string;
+  last_name?: string;
+  metadata?: Record<string, string>;
+}
+//#endregion
+//#region src/connect/interfaces/user-consent-option-choice.interface.d.ts
+interface UserConsentOptionChoice {
+  /** The value of this choice. */
+  value?: string;
+  /** A human-readable label for this choice. */
+  label?: string;
+}
+interface UserConsentOptionChoiceResponse {
+  value?: string;
+  label?: string;
+}
+//#endregion
+//#region src/connect/interfaces/user-consent-option.interface.d.ts
+interface UserConsentOption {
+  /** The claim name for this consent option. */
+  claim: string;
+  /** The type of consent option. */
+  type: 'enum';
+  /** A human-readable label for this consent option. */
+  label: string;
+  /** The available choices for this consent option. */
+  choices: UserConsentOptionChoice[];
+}
+interface UserConsentOptionResponse {
+  claim: string;
+  type: 'enum';
+  label: string;
+  choices: UserConsentOptionChoiceResponse[];
+}
+//#endregion
+//#region src/connect/interfaces/complete-oauth-2-options.interface.d.ts
+interface CompleteOAuth2Options {
+  /** Identifier provided when AuthKit redirected to your login page. */
+  externalAuthId: string;
+  /** The user to create or update in AuthKit. */
+  user: UserObject;
+  /** Array of [User Consent Options](https://workos.com/docs/reference/workos-connect/standalone/user-consent-options) to store with the session. */
+  userConsentOptions?: UserConsentOption[];
+}
+//#endregion
+//#region src/connect/interfaces/list-applications-options.interface.d.ts
+interface ListApplicationsOptions extends PaginationOptions {
+  /** Filter Connect Applications by organization ID. */
+  organizationId?: string;
+}
+//#endregion
+//#region src/connect/interfaces/redirect-uri-input.interface.d.ts
+interface RedirectUriInput {
+  /** The redirect URI. */
+  uri: string;
+  /** Whether this is the default redirect URI. */
+  default?: boolean | null;
+}
+interface RedirectUriInputResponse {
+  uri: string;
+  default?: boolean | null;
+}
+//#endregion
+//#region src/connect/interfaces/create-oauth-application.interface.d.ts
+interface CreateOAuthApplication {
+  /** The name of the application. */
+  name: string;
+  /** The type of application to create. */
+  applicationType: 'oauth';
+  /** A description for the application. */
+  description?: string | null;
+  /** The OAuth scopes granted to the application. */
+  scopes?: string[] | null;
+  /** Redirect URIs for the application. */
+  redirectUris?: RedirectUriInput[] | null;
+  /** Whether the application uses PKCE (Proof Key for Code Exchange). */
+  usesPkce?: boolean | null;
+  /** Whether this is a first-party application. Third-party applications require an organization_id. */
+  isFirstParty: boolean;
+  /** The organization ID this application belongs to. Required when is_first_party is false. */
+  organizationId?: string | null;
+}
+interface CreateOAuthApplicationResponse {
+  name: string;
+  application_type: 'oauth';
+  description?: string | null;
+  scopes?: string[] | null;
+  redirect_uris?: RedirectUriInputResponse[] | null;
+  uses_pkce?: boolean | null;
+  is_first_party: boolean;
+  organization_id?: string | null;
+}
+//#endregion
+//#region src/connect/interfaces/create-m2m-application.interface.d.ts
+interface CreateM2MApplication {
+  /** The name of the application. */
+  name: string;
+  /** The type of application to create. */
+  applicationType: 'm2m';
+  /** A description for the application. */
+  description?: string | null;
+  /** The OAuth scopes granted to the application. */
+  scopes?: string[] | null;
+  /** The organization ID this application belongs to. */
+  organizationId: string;
+}
+interface CreateM2MApplicationResponse {
+  name: string;
+  application_type: 'm2m';
+  description?: string | null;
+  scopes?: string[] | null;
+  organization_id: string;
+}
+//#endregion
+//#region src/connect/interfaces/create-application-options.interface.d.ts
+type CreateApplicationOptions = {} & (CreateOAuthApplication | CreateM2MApplication);
+//#endregion
+//#region src/connect/interfaces/get-application-options.interface.d.ts
+interface GetApplicationOptions {
+  /** The application ID or client ID of the Connect Application. */
+  id: string;
+}
+//#endregion
+//#region src/connect/interfaces/update-application-options.interface.d.ts
+interface UpdateApplicationOptions {
+  /** The application ID or client ID of the Connect Application. */
+  id: string;
+  /** The name of the application. */
+  name?: string;
+  /** A description for the application. */
+  description?: string | null;
+  /** The OAuth scopes granted to the application. */
+  scopes?: string[] | null;
+  /** Updated redirect URIs for the application. OAuth applications only. */
+  redirectUris?: RedirectUriInput[] | null;
+}
+//#endregion
+//#region src/connect/interfaces/delete-application-options.interface.d.ts
+interface DeleteApplicationOptions {
+  /** The application ID or client ID of the Connect Application. */
+  id: string;
+}
+//#endregion
+//#region src/connect/interfaces/list-application-client-secrets-options.interface.d.ts
+interface ListApplicationClientSecretsOptions {
+  /** The application ID or client ID of the Connect Application. */
+  id: string;
+}
+//#endregion
+//#region src/connect/interfaces/create-application-client-secret-options.interface.d.ts
+interface CreateApplicationClientSecretOptions {
+  /** The application ID or client ID of the Connect Application. */
+  id: string;
+}
+//#endregion
+//#region src/connect/interfaces/delete-client-secret-options.interface.d.ts
+interface DeleteClientSecretOptions {
+  /** The unique ID of the client secret. */
+  id: string;
+}
+//#endregion
+//#region src/connect/interfaces/external-auth-complete-response.interface.d.ts
+interface ExternalAuthCompleteResponse {
+  /** URI to redirect the user back to AuthKit to complete the OAuth flow. */
+  redirectUri: string;
+}
+interface ExternalAuthCompleteResponseWire {
+  redirect_uri: string;
+}
+//#endregion
+//#region src/connect/interfaces/connect-application-redirect-uri.interface.d.ts
+interface ConnectApplicationRedirectUri {
+  /** The redirect URI for the application. */
+  uri: string;
+  /** Whether this is the default redirect URI. */
+  default: boolean;
+}
+interface ConnectApplicationRedirectUriResponse {
+  uri: string;
+  default: boolean;
+}
+//#endregion
+//#region src/connect/interfaces/connect-application.interface.d.ts
+interface ConnectApplicationOAuth {
+  /** Distinguishes the connect application object. */
+  object: 'connect_application';
+  /** The unique ID of the connect application. */
+  id: string;
+  /** The client ID of the connect application. */
+  clientId: string;
+  /** A description of the connect application. */
+  description: string | null;
+  /** The name of the connect application. */
+  name: string;
+  /** The scopes available for this application. */
+  scopes: string[];
+  /** An ISO 8601 timestamp. */
+  createdAt: Date;
+  /** An ISO 8601 timestamp. */
+  updatedAt: Date;
+  /** The type of the application. */
+  applicationType: 'oauth';
+  /** The redirect URIs configured for this application. */
+  redirectUris: ConnectApplicationRedirectUri[];
+  /** Whether the application uses PKCE for authorization. */
+  usesPkce: boolean;
+  /** Whether the application is a first-party application. */
+  isFirstParty: boolean;
+  /** Whether the application was dynamically registered. */
+  wasDynamicallyRegistered?: boolean;
+  /** The ID of the organization the application belongs to. */
+  organizationId?: string;
+}
+interface ConnectApplicationOAuthResponse {
+  /** Distinguishes the connect application object. */
+  object: 'connect_application';
+  /** The unique ID of the connect application. */
+  id: string;
+  /** The client ID of the connect application. */
+  client_id: string;
+  /** A description of the connect application. */
+  description: string | null;
+  /** The name of the connect application. */
+  name: string;
+  /** The scopes available for this application. */
+  scopes: string[];
+  /** An ISO 8601 timestamp. */
+  created_at: string;
+  /** An ISO 8601 timestamp. */
+  updated_at: string;
+  /** The type of the application. */
+  application_type: 'oauth';
+  /** The redirect URIs configured for this application. */
+  redirect_uris: ConnectApplicationRedirectUriResponse[];
+  /** Whether the application uses PKCE for authorization. */
+  uses_pkce: boolean;
+  /** Whether the application is a first-party application. */
+  is_first_party: boolean;
+  /** Whether the application was dynamically registered. */
+  was_dynamically_registered?: boolean;
+  /** The ID of the organization the application belongs to. */
+  organization_id?: string;
+}
+interface ConnectApplicationM2M {
+  /** Distinguishes the connect application object. */
+  object: 'connect_application';
+  /** The unique ID of the connect application. */
+  id: string;
+  /** The client ID of the connect application. */
+  clientId: string;
+  /** A description of the connect application. */
+  description: string | null;
+  /** The name of the connect application. */
+  name: string;
+  /** The scopes available for this application. */
+  scopes: string[];
+  /** An ISO 8601 timestamp. */
+  createdAt: Date;
+  /** An ISO 8601 timestamp. */
+  updatedAt: Date;
+  /** The type of the application. */
+  applicationType: 'm2m';
+  /** The ID of the organization the application belongs to. */
+  organizationId: string;
+}
+interface ConnectApplicationM2MResponse {
+  /** Distinguishes the connect application object. */
+  object: 'connect_application';
+  /** The unique ID of the connect application. */
+  id: string;
+  /** The client ID of the connect application. */
+  client_id: string;
+  /** A description of the connect application. */
+  description: string | null;
+  /** The name of the connect application. */
+  name: string;
+  /** The scopes available for this application. */
+  scopes: string[];
+  /** An ISO 8601 timestamp. */
+  created_at: string;
+  /** An ISO 8601 timestamp. */
+  updated_at: string;
+  /** The type of the application. */
+  application_type: 'm2m';
+  /** The ID of the organization the application belongs to. */
+  organization_id: string;
+}
+type ConnectApplication = ConnectApplicationOAuth | ConnectApplicationM2M;
+type ConnectApplicationResponse = ConnectApplicationOAuthResponse | ConnectApplicationM2MResponse;
+//#endregion
+//#region src/connect/interfaces/application-credentials-list-item.interface.d.ts
+interface ApplicationCredentialsListItem {
+  /** Distinguishes the connect application secret object. */
+  object: 'connect_application_secret';
+  /** The unique ID of the client secret. */
+  id: string;
+  /** A hint showing the last few characters of the secret value. */
+  secretHint: string;
+  /** The timestamp when the client secret was last used, or null if never used. */
+  lastUsedAt: Date | null;
+  /** An ISO 8601 timestamp. */
+  createdAt: Date;
+  /** An ISO 8601 timestamp. */
+  updatedAt: Date;
+}
+interface ApplicationCredentialsListItemResponse {
+  object: 'connect_application_secret';
+  id: string;
+  secret_hint: string;
+  last_used_at: string | null;
+  created_at: string;
+  updated_at: string;
+}
+//#endregion
+//#region src/connect/interfaces/new-connect-application-secret.interface.d.ts
+interface NewConnectApplicationSecret {
+  /** Distinguishes the connect application secret object. */
+  object: 'connect_application_secret';
+  /** The unique ID of the client secret. */
+  id: string;
+  /** A hint showing the last few characters of the secret value. */
+  secretHint: string;
+  /** The timestamp when the client secret was last used, or null if never used. */
+  lastUsedAt: Date | null;
+  /** An ISO 8601 timestamp. */
+  createdAt: Date;
+  /** An ISO 8601 timestamp. */
+  updatedAt: Date;
+  /** The plaintext secret value. Only returned at creation time and cannot be retrieved later. */
+  secret: string;
+}
+interface NewConnectApplicationSecretResponse {
+  object: 'connect_application_secret';
+  id: string;
+  secret_hint: string;
+  last_used_at: string | null;
+  created_at: string;
+  updated_at: string;
+  secret: string;
+}
+//#endregion
+//#region src/connect/connect.d.ts
+declare class Connect {
+  private readonly workos;
+  constructor(workos: WorkOS);
+  /**
+   * Complete external authentication
+   *
+   * Completes an external authentication flow and returns control to AuthKit. This endpoint is used with [Standalone Connect](https://workos.com/docs/authkit/connect/standalone) to bridge your existing authentication system with the Connect OAuth API infrastructure.
+   *
+   * After successfully authenticating a user in your application, calling this endpoint will:
+   *
+   * - Create or update the user in AuthKit, using the given `id` as its `external_id`.
+   * - Return a `redirect_uri` your application should redirect to in order for AuthKit to complete the flow
+   *
+   * Users are automatically created or updated based on the `id` and `email` provided. If a user with the same `id` exists, their information is updated. Otherwise, a new user is created.
+   *
+   * If you provide a new `id` with an `email` that already belongs to an existing user, the request will fail with an error as email addresses are unique to a user.
+   * @param options - Object containing externalAuthId, user.
+   * @param options.externalAuthId - Identifier provided when AuthKit redirected to your login page.
+   * @example "ext_auth_01HXYZ123456789ABCDEFGHIJ"
+   * @param options.user - The user to create or update in AuthKit.
+   * @param options.userConsentOptions - Array of [User Consent Options](https://workos.com/docs/reference/workos-connect/standalone/user-consent-options) to store with the session.
+   * @returns {Promise<ExternalAuthCompleteResponse>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  completeOAuth2(options: CompleteOAuth2Options): Promise<ExternalAuthCompleteResponse>;
+  /**
+   * List Connect Applications
+   *
+   * List all Connect Applications in the current environment with optional filtering.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<ConnectApplication, ListApplicationsOptions>>}
+   * @throws {UnprocessableEntityException} 422
+   */
+  listApplications(options?: ListApplicationsOptions): Promise<AutoPaginatable<ConnectApplication, PaginationOptions>>;
+  /**
+   * Create a Connect Application
+   *
+   * Create a new Connect Application. Supports both OAuth and Machine-to-Machine (M2M) application types.
+   * @param options - The request body.
+   * @returns {Promise<ConnectApplication>}
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  createApplication(options: CreateApplicationOptions): Promise<ConnectApplication>;
+  /**
+   * Create oauth application.
+   * @param name - The name of the application.
+   * @param isFirstParty - Whether this is a first-party application. Third-party applications require an organization_id.
+   * @param description - A description for the application.
+   * @param scopes - The OAuth scopes granted to the application.
+   * @param redirectUris - Redirect URIs for the application.
+   * @param usesPkce - Whether the application uses PKCE (Proof Key for Code Exchange).
+   * @param organizationId - The organization ID this application belongs to. Required when is_first_party is false.
+   * @returns {Promise<ConnectApplication>}
+   */
+  createOAuthApplication(name: string, isFirstParty: boolean, description?: string | null, scopes?: string[] | null, redirectUris?: RedirectUriInput[] | null, usesPkce?: boolean | null, organizationId?: string | null): Promise<ConnectApplication>;
+  /**
+   * Create m2m application.
+   * @param name - The name of the application.
+   * @param organizationId - The organization ID this application belongs to.
+   * @param description - A description for the application.
+   * @param scopes - The OAuth scopes granted to the application.
+   * @returns {Promise<ConnectApplication>}
+   */
+  createM2MApplication(name: string, organizationId: string, description?: string | null, scopes?: string[] | null): Promise<ConnectApplication>;
+  /**
+   * Get a Connect Application
+   *
+   * Retrieve details for a specific Connect Application by ID or client ID.
+   * @param options - The request options.
+   * @param options.id - The application ID or client ID of the Connect Application.
+   * @example "conn_app_01HXYZ123456789ABCDEFGHIJ"
+   * @returns {Promise<ConnectApplication>}
+   * @throws {NotFoundException} 404
+   */
+  getApplication(options: GetApplicationOptions): Promise<ConnectApplication>;
+  /**
+   * Update a Connect Application
+   *
+   * Update an existing Connect Application. For OAuth applications, you can update redirect URIs. For all applications, you can update the name, description, and scopes.
+   * @param options - The request body.
+   * @param options.id - The application ID or client ID of the Connect Application.
+   * @example "conn_app_01HXYZ123456789ABCDEFGHIJ"
+   * @param options.name - The name of the application.
+   * @example "My Application"
+   * @param options.description - A description for the application.
+   * @example "An application for managing user access"
+   * @param options.scopes - The OAuth scopes granted to the application.
+   * @example ["openid","profile","email"]
+   * @param options.redirectUris - Updated redirect URIs for the application. OAuth applications only.
+   * @example [{"uri":"https://example.com/callback","default":true}]
+   * @returns {Promise<ConnectApplication>}
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  updateApplication(options: UpdateApplicationOptions): Promise<ConnectApplication>;
+  /**
+   * Delete a Connect Application
+   *
+   * Delete an existing Connect Application.
+   * @param options - The request options.
+   * @param options.id - The application ID or client ID of the Connect Application.
+   * @example "conn_app_01HXYZ123456789ABCDEFGHIJ"
+   * @returns {Promise<void>}
+   * @throws {NotFoundException} 404
+   */
+  deleteApplication(options: DeleteApplicationOptions): Promise<void>;
+  /**
+   * List Client Secrets for a Connect Application
+   *
+   * List all client secrets associated with a Connect Application.
+   * @param options - The request options.
+   * @param options.id - The application ID or client ID of the Connect Application.
+   * @example "conn_app_01HXYZ123456789ABCDEFGHIJ"
+   * @returns {Promise<ApplicationCredentialsListItem[]>}
+   * @throws {NotFoundException} 404
+   */
+  listApplicationClientSecrets(options: ListApplicationClientSecretsOptions): Promise<ApplicationCredentialsListItem[]>;
+  /**
+   * Create a new client secret for a Connect Application
+   *
+   * Create new secrets for a Connect Application.
+   * @param options - The request body.
+   * @param options.id - The application ID or client ID of the Connect Application.
+   * @example "conn_app_01HXYZ123456789ABCDEFGHIJ"
+   * @returns {Promise<NewConnectApplicationSecret>}
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  createApplicationClientSecret(options: CreateApplicationClientSecretOptions): Promise<NewConnectApplicationSecret>;
+  /**
+   * Delete a Client Secret
+   *
+   * Delete (revoke) an existing client secret.
+   * @param options - The request options.
+   * @param options.id - The unique ID of the client secret.
+   * @example "secret_01J9Q2Z3X4Y5W6V7U8T9S0R1Q"
+   * @returns {Promise<void>}
+   * @throws {NotFoundException} 404
+   */
+  deleteClientSecret(options: DeleteClientSecretOptions): Promise<void>;
+}
+//#endregion
+//#region src/directory-sync/directory-sync.d.ts
+declare class DirectorySync {
+  private readonly workos;
+  constructor(workos: WorkOS);
+  /**
+   * List Directories
+   *
+   * Get a list of all of your existing directories matching the criteria specified.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<Directory, SerializedListDirectoriesOptions>>}
+   * @throws 403 response from the API.
+   * @throws {UnprocessableEntityException} 422
+   */
+  listDirectories(options?: ListDirectoriesOptions): Promise<AutoPaginatable<Directory, SerializedListDirectoriesOptions>>;
+  /**
+   * Get a Directory
+   *
+   * Get the details of an existing directory.
+   * @param id - Unique identifier for the Directory.
+   *
+   * @example
+   * "directory_01ECAZ4NV9QMV47GW873HDCX74"
+   *
+   * @returns {Promise<Directory>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
+  getDirectory(id: string): Promise<Directory>;
+  /**
+   * Delete a Directory
+   *
+   * Permanently deletes an existing directory. It cannot be undone.
+   * @param id - Unique identifier for the Directory.
+   *
+   * @example
+   * "directory_01ECAZ4NV9QMV47GW873HDCX74"
+   *
+   * @returns {Promise<void>}
+   * @throws 403 response from the API.
+   */
+  deleteDirectory(id: string): Promise<void>;
+  /**
+   * List Directory Groups
+   *
+   * Get a list of all of existing directory groups matching the criteria specified.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<DirectoryGroup, ListDirectoryGroupsOptions>>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  listGroups(options: ListDirectoryGroupsOptions): Promise<AutoPaginatable<DirectoryGroup, ListDirectoryGroupsOptions>>;
+  /**
+   * List Directory Users
+   *
+   * Get a list of all of existing Directory Users matching the criteria specified.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<DirectoryUserWithGroups<TCustomAttributes>, ListDirectoryUsersOptions>>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   * @throws {RateLimitExceededException} 429
+   */
+  listUsers<TCustomAttributes extends object = DefaultCustomAttributes>(options: ListDirectoryUsersOptions): Promise<AutoPaginatable<DirectoryUserWithGroups<TCustomAttributes>, ListDirectoryUsersOptions>>;
+  /**
+   * Get a Directory User
+   *
+   * Get the details of an existing Directory User.
+   * @param user - Unique identifier for the Directory User.
+   *
+   * @example
+   * "directory_user_01E1JG7J09H96KYP8HM9B0G5SJ"
+   * @returns {Promise<DirectoryUserWithGroups<TCustomAttributes>>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
+  getUser<TCustomAttributes extends object = DefaultCustomAttributes>(user: string): Promise<DirectoryUserWithGroups<TCustomAttributes>>;
+  /**
+   * Get a Directory Group
+   *
+   * Get the details of an existing Directory Group.
+   * @param group - Unique identifier for the Directory Group.
+   *
+   * @example
+   * "directory_group_01E1JJS84MFPPQ3G655FHTKX6Z"
+   * @returns {Promise<DirectoryGroup>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
+  getGroup(group: string): Promise<DirectoryGroup>;
+}
+//#endregion
 //#region src/events/interfaces/list-events-options.interface.d.ts
 interface ListEventOptions {
   events: EventName[];
@@ -3989,12 +4505,23 @@ interface AccessToken {
   scopes: string[];
   missingScopes: string[];
 }
+interface SerializedAccessToken {
+  object: 'access_token';
+  access_token: string;
+  expires_at: string | null;
+  scopes: string[];
+  missing_scopes: string[];
+}
 //#endregion
 //#region src/pipes/interfaces/get-access-token.interface.d.ts
 interface GetAccessTokenOptions {
   userId: string;
   organizationId?: string | null;
 }
+interface SerializedGetAccessTokenOptions {
+  user_id: string;
+  organization_id?: string | null;
+}
 interface GetAccessTokenSuccessResponse {
   active: true;
   accessToken: AccessToken;
@@ -4004,6 +4531,15 @@ interface GetAccessTokenFailureResponse {
   error: 'not_installed' | 'needs_reauthorization';
 }
 type GetAccessTokenResponse = GetAccessTokenSuccessResponse | GetAccessTokenFailureResponse;
+interface SerializedGetAccessTokenSuccessResponse {
+  active: true;
+  access_token: SerializedAccessToken;
+}
+interface SerializedGetAccessTokenFailureResponse {
+  active: false;
+  error: 'not_installed' | 'needs_reauthorization';
+}
+type SerializedGetAccessTokenResponse = SerializedGetAccessTokenSuccessResponse | SerializedGetAccessTokenFailureResponse;
 //#endregion
 //#region src/pipes/pipes.d.ts
 declare class Pipes {
@@ -4017,6 +4553,224 @@ declare class Pipes {
   }): Promise<GetAccessTokenResponse>;
 }
 //#endregion
+//#region src/radar/interfaces/radar-standalone-assess-request-auth-method.interface.d.ts
+declare const RadarStandaloneAssessRequestAuthMethod: {
+  readonly Password: "Password";
+  readonly Passkey: "Passkey";
+  readonly Authenticator: "Authenticator";
+  readonly SmsOtp: "SMS_OTP";
+  readonly EmailOtp: "Email_OTP";
+  readonly Social: "Social";
+  readonly SSO: "SSO";
+  readonly Other: "Other";
+};
+type RadarStandaloneAssessRequestAuthMethod = (typeof RadarStandaloneAssessRequestAuthMethod)[keyof typeof RadarStandaloneAssessRequestAuthMethod];
+//#endregion
+//#region src/radar/interfaces/radar-standalone-assess-request-action.interface.d.ts
+declare const RadarStandaloneAssessRequestAction: {
+  readonly SignUp: "sign-up";
+  readonly SignIn: "sign-in";
+};
+type RadarStandaloneAssessRequestAction = (typeof RadarStandaloneAssessRequestAction)[keyof typeof RadarStandaloneAssessRequestAction];
+//#endregion
+//#region src/radar/interfaces/create-attempt-options.interface.d.ts
+interface CreateAttemptOptions {
+  /** The IP address of the request to assess. */
+  ipAddress: string;
+  /** The user agent string of the request to assess. */
+  userAgent: string;
+  /** The email address of the user making the request. */
+  email: string;
+  /** The authentication method being used. */
+  authMethod: RadarStandaloneAssessRequestAuthMethod;
+  /** The action being performed. */
+  action: RadarStandaloneAssessRequestAction;
+}
+//#endregion
+//#region src/radar/interfaces/update-attempt-options.interface.d.ts
+interface UpdateAttemptOptions {
+  /** The unique identifier of the Radar attempt to update. */
+  id: string;
+  /** Set to `"success"` to mark the challenge as completed. */
+  challengeStatus?: 'success';
+  /** Set to `"success"` to mark the authentication attempt as successful. */
+  attemptStatus?: 'success';
+}
+//#endregion
+//#region src/radar/interfaces/radar-list-type.interface.d.ts
+declare const RadarListType: {
+  readonly IpAddress: "ip_address";
+  readonly Domain: "domain";
+  readonly Email: "email";
+  readonly Device: "device";
+  readonly UserAgent: "user_agent";
+  readonly DeviceFingerprint: "device_fingerprint";
+  readonly Country: "country";
+};
+type RadarListType = (typeof RadarListType)[keyof typeof RadarListType];
+//#endregion
+//#region src/radar/interfaces/radar-list-action.interface.d.ts
+declare const RadarListAction: {
+  readonly Block: "block";
+  readonly Allow: "allow";
+};
+type RadarListAction = (typeof RadarListAction)[keyof typeof RadarListAction];
+//#endregion
+//#region src/radar/interfaces/add-list-entry-options.interface.d.ts
+interface AddListEntryOptions {
+  /** The type of the Radar list (e.g. ip_address, domain, email). */
+  type: RadarListType;
+  /** The list action indicating whether to add the entry to the allow or block list. */
+  action: RadarListAction;
+  /** The value to add to the list. Must match the format of the list type (e.g. a valid IP address for `ip_address`, a valid email for `email`). */
+  entry: string;
+}
+//#endregion
+//#region src/radar/interfaces/remove-list-entry-options.interface.d.ts
+interface RemoveListEntryOptions {
+  /** The type of the Radar list (e.g. ip_address, domain, email). */
+  type: RadarListType;
+  /** The list action indicating whether to remove the entry from the allow or block list. */
+  action: RadarListAction;
+  /** The value to remove from the list. Must match an existing entry. */
+  entry: string;
+}
+//#endregion
+//#region src/radar/interfaces/radar-standalone-response-verdict.interface.d.ts
+declare const RadarStandaloneResponseVerdict: {
+  readonly Allow: "allow";
+  readonly Block: "block";
+  readonly Challenge: "challenge";
+};
+type RadarStandaloneResponseVerdict = (typeof RadarStandaloneResponseVerdict)[keyof typeof RadarStandaloneResponseVerdict];
+//#endregion
+//#region src/radar/interfaces/radar-standalone-response-control.interface.d.ts
+declare const RadarStandaloneResponseControl: {
+  readonly BotDetection: "bot_detection";
+  readonly BruteForceAttack: "brute_force_attack";
+  readonly DomainSignUpRateLimit: "domain_sign_up_rate_limit";
+  readonly ImpossibleTravel: "impossible_travel";
+  readonly RepeatSignUp: "repeat_sign_up";
+  readonly StaleAccount: "stale_account";
+  readonly UnrecognizedDevice: "unrecognized_device";
+  readonly Restriction: "restriction";
+};
+type RadarStandaloneResponseControl = (typeof RadarStandaloneResponseControl)[keyof typeof RadarStandaloneResponseControl];
+//#endregion
+//#region src/radar/interfaces/radar-standalone-response-blocklist-type.interface.d.ts
+declare const RadarStandaloneResponseBlocklistType: {
+  readonly IpAddress: "ip_address";
+  readonly Domain: "domain";
+  readonly Email: "email";
+  readonly Device: "device";
+  readonly UserAgent: "user_agent";
+  readonly DeviceFingerprint: "device_fingerprint";
+  readonly Country: "country";
+};
+type RadarStandaloneResponseBlocklistType = (typeof RadarStandaloneResponseBlocklistType)[keyof typeof RadarStandaloneResponseBlocklistType];
+//#endregion
+//#region src/radar/interfaces/radar-standalone-response.interface.d.ts
+interface RadarStandaloneResponse {
+  /** The verdict of the risk assessment. */
+  verdict: RadarStandaloneResponseVerdict;
+  /** A human-readable reason for the verdict. */
+  reason: string;
+  /** Unique identifier of the authentication attempt. */
+  attemptId: string;
+  /** The Radar control that triggered the verdict. Only present if the verdict is `block` or `challenge`. */
+  control?: RadarStandaloneResponseControl;
+  /** The type of blocklist entry that triggered the verdict. Only present if the control is `restriction`. */
+  blocklistType?: RadarStandaloneResponseBlocklistType;
+}
+interface RadarStandaloneResponseWire {
+  verdict: RadarStandaloneResponseVerdict;
+  reason: string;
+  attempt_id: string;
+  control?: RadarStandaloneResponseControl;
+  blocklist_type?: RadarStandaloneResponseBlocklistType;
+}
+//#endregion
+//#region src/radar/interfaces/radar-list-entry-already-present-response.interface.d.ts
+interface RadarListEntryAlreadyPresentResponse {
+  /** A message indicating the entry already exists. */
+  message: string;
+}
+interface RadarListEntryAlreadyPresentResponseWire {
+  message: string;
+}
+//#endregion
+//#region src/radar/radar.d.ts
+declare class Radar {
+  private readonly workos;
+  constructor(workos: WorkOS);
+  /**
+   * Create an attempt
+   *
+   * Assess a request for risk using the Radar engine and receive a verdict.
+   * @param options - Object containing ipAddress, userAgent, email, authMethod, action.
+   * @param options.ipAddress - The IP address of the request to assess.
+   * @example "49.78.240.97"
+   * @param options.userAgent - The user agent string of the request to assess.
+   * @example "Mozilla/5.0"
+   * @param options.email - The email address of the user making the request.
+   * @example "user@example.com"
+   * @param options.authMethod - The authentication method being used.
+   * @example "Password"
+   * @param options.action - The action being performed.
+   * @example "sign-in"
+   * @returns {Promise<RadarStandaloneResponse>}
+   * @throws {BadRequestException} 400
+   */
+  createAttempt(options: CreateAttemptOptions): Promise<RadarStandaloneResponse>;
+  /**
+   * Update a Radar attempt
+   *
+   * You may optionally inform Radar that an authentication attempt or challenge was successful using this endpoint. Some Radar controls depend on tracking recent successful attempts, such as impossible travel.
+   * @param options - The request body.
+   * @param options.id - The unique identifier of the Radar attempt to update.
+   * @example "radar_att_01HZBC6N1EB1ZY7KG32X"
+   * @param options.challengeStatus - Set to `"success"` to mark the challenge as completed.
+   * @example "success"
+   * @param options.attemptStatus - Set to `"success"` to mark the authentication attempt as successful.
+   * @example "success"
+   * @returns {Promise<void>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   */
+  updateAttempt(options: UpdateAttemptOptions): Promise<void>;
+  /**
+   * Add an entry to a Radar list
+   *
+   * Add an entry to a Radar list.
+   * @param options - Object containing entry.
+   * @param options.type - The type of the Radar list (e.g. ip_address, domain, email).
+   * @example "ip_address"
+   * @param options.action - The list action indicating whether to add the entry to the allow or block list.
+   * @example "block"
+   * @param options.entry - The value to add to the list. Must match the format of the list type (e.g. a valid IP address for `ip_address`, a valid email for `email`).
+   * @example "198.51.100.42"
+   * @returns {Promise<RadarListEntryAlreadyPresentResponse>}
+   * @throws {BadRequestException} 400
+   */
+  addListEntry(options: AddListEntryOptions): Promise<RadarListEntryAlreadyPresentResponse>;
+  /**
+   * Remove an entry from a Radar list
+   *
+   * Remove an entry from a Radar list.
+   * @param options - Object containing entry.
+   * @param options.type - The type of the Radar list (e.g. ip_address, domain, email).
+   * @example "ip_address"
+   * @param options.action - The list action indicating whether to remove the entry from the allow or block list.
+   * @example "block"
+   * @param options.entry - The value to remove from the list. Must match an existing entry.
+   * @example "198.51.100.42"
+   * @returns {Promise<void>}
+   * @throws {BadRequestException} 400
+   * @throws {NotFoundException} 404
+   */
+  removeListEntry(options: RemoveListEntryOptions): Promise<void>;
+}
+//#endregion
 //#region src/admin-portal/admin-portal.d.ts
 declare class AdminPortal {
   private readonly workos;
@@ -4173,6 +4927,15 @@ interface Challenge {
   code?: string;
   authenticationFactorId: string;
 }
+interface ChallengeResponse {
+  object: 'authentication_challenge';
+  id: string;
+  created_at: string;
+  updated_at: string;
+  expires_at?: string;
+  code?: string;
+  authentication_factor_id: string;
+}
 //#endregion
 //#region src/multi-factor-auth/interfaces/enroll-factor-options.d.ts
 type EnrollFactorOptions = {
@@ -4190,6 +4953,9 @@ type EnrollFactorOptions = {
 interface Sms {
   phoneNumber: string;
 }
+interface SmsResponse {
+  phone_number: string;
+}
 //#endregion
 //#region src/multi-factor-auth/interfaces/factor.interface.d.ts
 type FactorType = 'sms' | 'totp' | 'generic_otp';
@@ -4211,6 +4977,24 @@ interface FactorWithSecrets {
   sms?: Sms;
   totp?: TotpWithSecrets;
 }
+interface FactorResponse {
+  object: 'authentication_factor';
+  id: string;
+  created_at: string;
+  updated_at: string;
+  type: FactorType;
+  sms?: SmsResponse;
+  totp?: TotpResponse;
+}
+interface FactorWithSecretsResponse {
+  object: 'authentication_factor';
+  id: string;
+  created_at: string;
+  updated_at: string;
+  type: FactorType;
+  sms?: SmsResponse;
+  totp?: TotpWithSecretsResponse;
+}
 //#endregion
 //#region src/multi-factor-auth/interfaces/verify-challenge-options.d.ts
 interface VerifyChallengeOptions {
@@ -4223,6 +5007,10 @@ interface VerifyResponse {
   challenge: Challenge;
   valid: boolean;
 }
+interface VerifyResponseResponse {
+  challenge: ChallengeResponse;
+  valid: boolean;
+}
 //#endregion
 //#region src/multi-factor-auth/multi-factor-auth.d.ts
 declare class MultiFactorAuth {
@@ -4293,7 +5081,7 @@ declare class MultiFactorAuth {
    * @throws {UnprocessableEntityException} 422
    */
   createUserAuthFactor(payload: EnrollAuthFactorOptions): Promise<{
-    authenticationFactor: FactorWithSecrets$1;
+    authenticationFactor: AuthenticationFactorWithSecrets;
     authenticationChallenge: Challenge;
   }>;
   /**
@@ -4304,7 +5092,7 @@ declare class MultiFactorAuth {
    * @returns {Promise<AutoPaginatable<UMFactor, PaginationOptions>>}
    * @throws {UnprocessableEntityException} 422
    */
-  listUserAuthFactors(options: ListAuthFactorsOptions): Promise<AutoPaginatable<Factor$1, PaginationOptions>>;
+  listUserAuthFactors(options: ListAuthFactorsOptions): Promise<AutoPaginatable<AuthenticationFactor, PaginationOptions>>;
 }
 //#endregion
 //#region src/audit-logs/interfaces/audit-log-export-options.interface.d.ts
@@ -5003,12 +5791,12 @@ declare class UserManagement {
    *
    * Create a new user in the current environment.
    * @param payload - Object containing email.
-   * @returns {Promise<User>}
+   * @returns {Promise<CreateUserResponse>}
    * @throws {BadRequestException} 400
    * @throws {NotFoundException} 404
    * @throws {UnprocessableEntityException} 422
    */
-  createUser(payload: CreateUserOptions): Promise<User>;
+  createUser(payload: CreateUserOptions): Promise<CreateUserResponse>;
   /** Authenticate with magic auth. */
   authenticateWithMagicAuth(payload: AuthenticateWithMagicAuthOptions): Promise<AuthenticationResponse>;
   /** Authenticate with password. */
@@ -5095,12 +5883,12 @@ declare class UserManagement {
    *
    * Creates a one-time authentication code that can be sent to the user's email address. The code expires in 10 minutes. To verify the code, [authenticate the user with Magic Auth](https://workos.com/docs/reference/authkit/authentication/magic-auth).
    * @param options - Object containing email.
-   * @returns {Promise<MagicAuth>}
+   * @returns {Promise<CreateMagicAuthResponse>}
    * @throws {BadRequestException} 400
    * @throws {UnprocessableEntityException} 422
    * @throws {RateLimitExceededException} 429
    */
-  createMagicAuth(options: CreateMagicAuthOptions): Promise<MagicAuth>;
+  createMagicAuth(options: CreateMagicAuthOptions): Promise<CreateMagicAuthResponse>;
   /**
    * Verify email
    *
@@ -5519,13 +6307,131 @@ declare class FeatureFlags {
 declare class Groups {
   private readonly workos;
   constructor(workos: WorkOS);
+  /**
+   * List Group members
+   *
+   * Get a list of organization memberships in a group.
+   * @param options - Pagination and filter options.
+   * @param options.organizationId - Unique identifier of the Organization.
+   * @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+   * @param options.groupId - Unique identifier of the Group.
+   * @example "group_01HXYZ123456789ABCDEFGHIJ"
+   * @returns {Promise<AutoPaginatable<AuthorizationOrganizationMembership>>}
+   * @throws {AuthorizationException} 403
+   * @throws {NotFoundException} 404
+   */
+  listOrganizationMemberships(options: ListGroupOrganizationMembershipsOptions): Promise<AutoPaginatable<AuthorizationOrganizationMembership>>;
+  /**
+   * List groups
+   *
+   * Get a paginated list of groups within an organization.
+   * @param options - Pagination and filter options.
+   * @param options.organizationId - The ID of the organization.
+   * @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+   * @returns {Promise<AutoPaginatable<Group, PaginationOptions>>}
+   * @throws {AuthorizationException} 403
+   * @throws {NotFoundException} 404
+   */
+  listGroups(options: ListGroupsOptions): Promise<AutoPaginatable<Group, PaginationOptions>>;
+  /**
+   * Create a group
+   *
+   * Create a new group within an organization.
+   * @param options - Object containing name.
+   * @param options.organizationId - The ID of the organization.
+   * @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+   * @param options.name - The name of the Group.
+   * @example "Engineering"
+   * @param options.description - An optional description of the Group.
+   * @example "The engineering team"
+   * @returns {Promise<Group>}
+   * @throws {BadRequestException} 400
+   * @throws {AuthorizationException} 403
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   createGroup(options: CreateGroupOptions): Promise<Group>;
-  listGroups(options: ListGroupsOptions): Promise<AutoPaginatable<Group>>;
+  /**
+   * Get a group
+   *
+   * Retrieve a group by its ID within an organization.
+   * @param options - The request options.
+   * @param options.organizationId - The ID of the organization.
+   * @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+   * @param options.groupId - The ID of the group.
+   * @example "group_01HXYZ123456789ABCDEFGHIJ"
+   * @returns {Promise<Group>}
+   * @throws {AuthorizationException} 403
+   * @throws {NotFoundException} 404
+   */
   getGroup(options: GetGroupOptions): Promise<Group>;
+  /**
+   * Update a group
+   *
+   * Update an existing group. Only the fields provided in the request body will be updated.
+   * @param options - The request body.
+   * @param options.organizationId - The ID of the organization.
+   * @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+   * @param options.groupId - The ID of the group.
+   * @example "group_01HXYZ123456789ABCDEFGHIJ"
+   * @param options.name - The name of the Group.
+   * @example "Engineering"
+   * @param options.description - An optional description of the Group.
+   * @example "The engineering team"
+   * @returns {Promise<Group>}
+   * @throws {BadRequestException} 400
+   * @throws {AuthorizationException} 403
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   updateGroup(options: UpdateGroupOptions): Promise<Group>;
+  /**
+   * Delete a group
+   *
+   * Delete a group from an organization.
+   * @param options - The request options.
+   * @param options.organizationId - The ID of the organization.
+   * @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+   * @param options.groupId - The ID of the group.
+   * @example "group_01HXYZ123456789ABCDEFGHIJ"
+   * @returns {Promise<void>}
+   * @throws {AuthorizationException} 403
+   * @throws {NotFoundException} 404
+   */
   deleteGroup(options: DeleteGroupOptions): Promise<void>;
+  /**
+   * Add a member to a Group
+   *
+   * Add an organization membership to a group.
+   * @param options - Object containing organizationMembershipId.
+   * @param options.organizationId - Unique identifier of the Organization.
+   * @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+   * @param options.groupId - Unique identifier of the Group.
+   * @example "group_01HXYZ123456789ABCDEFGHIJ"
+   * @param options.organizationMembershipId - The ID of the Organization Membership to add to the group.
+   * @example "om_01HXYZ123456789ABCDEFGHIJ"
+   * @returns {Promise<Group>}
+   * @throws {BadRequestException} 400
+   * @throws {AuthorizationException} 403
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
   addOrganizationMembership(options: AddGroupOrganizationMembershipOptions): Promise<Group>;
-  listOrganizationMemberships(options: ListGroupOrganizationMembershipsOptions): Promise<AutoPaginatable<AuthorizationOrganizationMembership>>;
+  /**
+   * Remove a member from a Group
+   *
+   * Remove an organization membership from a group.
+   * @param options - The request options.
+   * @param options.organizationId - Unique identifier of the Organization.
+   * @example "org_01EHWNCE74X7JSDV0X3SZ3KJNY"
+   * @param options.groupId - Unique identifier of the Group.
+   * @example "group_01HXYZ123456789ABCDEFGHIJ"
+   * @param options.omId - Unique identifier of the Organization Membership.
+   * @example "om_01HXYZ123456789ABCDEFGHIJ"
+   * @returns {Promise<void>}
+   * @throws {AuthorizationException} 403
+   * @throws {NotFoundException} 404
+   */
   removeOrganizationMembership(options: RemoveGroupOrganizationMembershipOptions): Promise<void>;
 }
 //#endregion
@@ -5536,9 +6442,19 @@ interface GetTokenOptions {
   userId?: string;
   scopes?: WidgetScope[];
 }
+interface SerializedGetTokenOptions {
+  organization_id: string;
+  user_id?: string;
+  scopes?: WidgetScope[];
+}
+declare const serializeGetTokenOptions: (options: GetTokenOptions) => SerializedGetTokenOptions;
 interface GetTokenResponse {
   token: string;
 }
+interface GetTokenResponseResponse {
+  token: string;
+}
+declare const deserializeGetTokenResponse: (data: GetTokenResponseResponse) => GetTokenResponse;
 //#endregion
 //#region src/widgets/widgets.d.ts
 declare class Widgets {
@@ -5909,68 +6825,261 @@ declare class Authorization {
    * @throws {BadRequestException} 400
    * @throws 403 response from the API.
    * @throws {NotFoundException} 404
-   * @throws {ConflictException} 409
-   * @throws {UnprocessableEntityException} 422
+   * @throws {ConflictException} 409
+   * @throws {UnprocessableEntityException} 422
+   */
+  updateResource(options: UpdateAuthorizationResourceOptions): Promise<AuthorizationResource>;
+  /**
+   * Delete an authorization resource
+   *
+   * Delete an authorization resource and all its descendants.
+   * @param options.cascadeDelete - If true, deletes all descendant resources and role assignments. If not set and the resource has children or assignments, the request will fail.
+   * @default false
+   * @param options - Additional query options.
+   * @returns {Promise<void>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {ConflictException} 409
+   */
+  deleteResource(options: DeleteAuthorizationResourceOptions): Promise<void>;
+  /**
+   * List resources
+   *
+   * Get a paginated list of authorization resources.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<AuthorizationResource, PaginationOptions>>}
+   * @throws 403 response from the API.
+   * @throws {UnprocessableEntityException} 422
+   */
+  listResources(options?: ListAuthorizationResourcesOptions): Promise<AutoPaginatable<AuthorizationResource>>;
+  /**
+   * Get a resource by external ID
+   *
+   * Retrieve the details of an authorization resource by its external ID, organization, and resource type. This is useful when you only have the external ID from your system and need to fetch the full resource details.
+   * @param organizationId - The ID of the organization that owns the resource.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @param resourceTypeSlug - The slug of the resource type.
+   *
+   * @example
+   * "project"
+   *
+   * @param externalId - An identifier you provide to reference the resource in your system.
+   *
+   * @example
+   * "proj-456"
+   *
+   * @returns {Promise<AuthorizationResource>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
+  getResourceByExternalId(options: GetAuthorizationResourceByExternalIdOptions): Promise<AuthorizationResource>;
+  /**
+   * Update a resource by external ID
+   *
+   * Update an existing authorization resource using its external ID.
+   * @param organizationId - The ID of the organization that owns the resource.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @param resourceTypeSlug - The slug of the resource type.
+   *
+   * @example
+   * "project"
+   *
+   * @param externalId - An identifier you provide to reference the resource in your system.
+   *
+   * @example
+   * "proj-456"
+   *
+   * @param options - The request body.
+   * @returns {Promise<AuthorizationResource>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {ConflictException} 409
+   * @throws {UnprocessableEntityException} 422
+   */
+  updateResourceByExternalId(options: UpdateAuthorizationResourceByExternalIdOptions): Promise<AuthorizationResource>;
+  /**
+   * Delete an authorization resource by external ID
+   *
+   * Delete an authorization resource by organization, resource type, and external ID. This also deletes all descendant resources.
+   * @param organizationId - The ID of the organization that owns the resource.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @param resourceTypeSlug - The slug of the resource type.
+   *
+   * @example
+   * "project"
+   *
+   * @param externalId - An identifier you provide to reference the resource in your system.
+   *
+   * @example
+   * "proj-456"
+   *
+   * @param options - Additional query options.
+   * @returns {Promise<void>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {ConflictException} 409
+   */
+  deleteResourceByExternalId(options: DeleteAuthorizationResourceByExternalIdOptions): Promise<void>;
+  /**
+   * Check authorization
+   *
+   * Check if an organization membership has a specific permission on a resource. Supports identification by resource_id OR by resource_external_id + resource_type_slug.
+   * @param options - Object containing permissionSlug.
+   * @returns {Promise<AuthorizationCheckResult>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  check(options: AuthorizationCheckOptions): Promise<AuthorizationCheckResult>;
+  /**
+   * List role assignments
+   *
+   * List all role assignments for an organization membership. This returns all roles that have been assigned to the user on resources, including organization-level and sub-resource roles.
+   * @param organizationMembershipId - The ID of the organization membership.
+   *
+   * @example
+   * "om_01HXYZ123456789ABCDEFGHIJ"
+   *
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<RoleAssignment>>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
+  listRoleAssignments(options: ListRoleAssignmentsOptions): Promise<AutoPaginatable<RoleAssignment>>;
+  /**
+   * List role assignments for a resource
+   *
+   * List all role assignments granted on a resource. This returns every role assignment scoped to the resource, regardless of which organization membership received it.
+   * @param resourceId - The ID of the authorization resource.
+   *
+   * @example
+   * "authz_resource_01HXYZ123456789ABCDEFGHIJ"
+   *
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<RoleAssignment>>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
+  listRoleAssignmentsForResource(options: ListRoleAssignmentsForResourceOptions): Promise<AutoPaginatable<RoleAssignment>>;
+  /**
+   * List role assignments for a resource by external ID
+   *
+   * List all role assignments granted on a resource identified by its external ID, organization, and resource type. This returns every role assignment scoped to the resource, regardless of which organization membership received it.
+   * @param organizationId - The ID of the organization that owns the resource.
+   *
+   * @example
+   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   *
+   * @param resourceTypeSlug - The slug of the resource type this resource belongs to.
+   *
+   * @example
+   * "project"
+   *
+   * @param externalId - An identifier you provide to reference the resource in your system.
+   *
+   * @example
+   * "proj-456"
+   *
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<RoleAssignment>>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
    */
-  updateResource(options: UpdateAuthorizationResourceOptions): Promise<AuthorizationResource>;
+  listResourceRoleAssignments(options: ListRoleAssignmentsForResourceByExternalIdOptions): Promise<AutoPaginatable<RoleAssignment>>;
   /**
-   * Delete an authorization resource
+   * Assign a role
    *
-   * Delete an authorization resource and all its descendants.
-   * @param options.cascadeDelete - If true, deletes all descendant resources and role assignments. If not set and the resource has children or assignments, the request will fail.
-   * @default false
-   * @param options - Additional query options.
-   * @returns {Promise<void>}
-   * @throws {BadRequestException} 400
+   * Assign a role to an organization membership on a specific resource.
+   * @param options - Object containing roleSlug.
+   * @returns {Promise<RoleAssignment>}
    * @throws 403 response from the API.
    * @throws {NotFoundException} 404
-   * @throws {ConflictException} 409
+   * @throws {UnprocessableEntityException} 422
    */
-  deleteResource(options: DeleteAuthorizationResourceOptions): Promise<void>;
+  assignRole(options: AssignRoleOptions): Promise<RoleAssignment>;
   /**
-   * List resources
+   * Remove a role assignment
    *
-   * Get a paginated list of authorization resources.
-   * @param options - Pagination and filter options.
-   * @returns {Promise<AutoPaginatable<AuthorizationResource, PaginationOptions>>}
+   * Remove a role assignment by role slug and resource.
+   * @param options - Object containing roleSlug.
+   * @returns {Promise<void>}
    * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
    * @throws {UnprocessableEntityException} 422
    */
-  listResources(options?: ListAuthorizationResourcesOptions): Promise<AutoPaginatable<AuthorizationResource>>;
+  removeRole(options: RemoveRoleOptions): Promise<void>;
   /**
-   * Get a resource by external ID
+   * Remove a role assignment by ID
    *
-   * Retrieve the details of an authorization resource by its external ID, organization, and resource type. This is useful when you only have the external ID from your system and need to fetch the full resource details.
-   * @param organizationId - The ID of the organization that owns the resource.
+   * Remove a role assignment using its ID.
+   * @param organizationMembershipId - The ID of the organization membership.
    *
    * @example
-   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   * "om_01HXYZ123456789ABCDEFGHIJ"
    *
-   * @param resourceTypeSlug - The slug of the resource type.
+   * @param roleAssignmentId - The ID of the role assignment to remove.
    *
    * @example
-   * "project"
+   * "role_assignment_01HXYZ123456789ABCDEFGH"
    *
-   * @param externalId - An identifier you provide to reference the resource in your system.
+   * @returns {Promise<void>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   */
+  removeRoleAssignment(options: RemoveRoleAssignmentOptions): Promise<void>;
+  /**
+   * List resources for organization membership
+   *
+   * Returns all child resources of a parent resource where the organization membership has a specific permission. This is useful for resource discovery—answering "What projects can this user access in this workspace?"
+   *
+   * You must provide either `parent_resource_id` or both `parent_resource_external_id` and `parent_resource_type_slug` to identify the parent resource.
+   * @param organizationMembershipId - The ID of the organization membership.
    *
    * @example
-   * "proj-456"
+   * "om_01HXYZ123456789ABCDEFGHIJ"
    *
-   * @returns {Promise<AuthorizationResource>}
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<AuthorizationResource>>}
+   * @throws {BadRequestException} 400
    * @throws 403 response from the API.
    * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
    */
-  getResourceByExternalId(options: GetAuthorizationResourceByExternalIdOptions): Promise<AuthorizationResource>;
+  listResourcesForMembership(options: ListResourcesForMembershipOptions): Promise<AutoPaginatable<AuthorizationResource>>;
   /**
-   * Update a resource by external ID
+   * List organization memberships for resource
    *
-   * Update an existing authorization resource using its external ID.
+   * Returns all organization memberships that have a specific permission on a resource instance. This is useful for answering "Who can access this resource?".
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<BaseOrganizationMembership, PaginationOptions>>}
+   * @throws {BadRequestException} 400
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  listMembershipsForResource(options: ListMembershipsForResourceOptions): Promise<AutoPaginatable<AuthorizationOrganizationMembership>>;
+  /**
+   * List memberships for a resource by external ID
+   *
+   * Returns all organization memberships that have a specific permission on a resource, using the resource's external ID. This is useful for answering "Who can access this resource?" when you only have the external ID.
    * @param organizationId - The ID of the organization that owns the resource.
    *
    * @example
    * "org_01EHZNVPK3SFK441A1RGBFSHRT"
    *
-   * @param resourceTypeSlug - The slug of the resource type.
+   * @param resourceTypeSlug - The slug of the resource type this resource belongs to.
    *
    * @example
    * "project"
@@ -5980,239 +7089,829 @@ declare class Authorization {
    * @example
    * "proj-456"
    *
-   * @param options - The request body.
-   * @returns {Promise<AuthorizationResource>}
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<UserOrganizationMembershipBaseListData>>}
    * @throws {BadRequestException} 400
    * @throws 403 response from the API.
    * @throws {NotFoundException} 404
-   * @throws {ConflictException} 409
    * @throws {UnprocessableEntityException} 422
    */
-  updateResourceByExternalId(options: UpdateAuthorizationResourceByExternalIdOptions): Promise<AuthorizationResource>;
+  listMembershipsForResourceByExternalId(options: ListMembershipsForResourceByExternalIdOptions): Promise<AutoPaginatable<AuthorizationOrganizationMembership>>;
   /**
-   * Delete an authorization resource by external ID
+   * List effective permissions for an organization membership on a resource
    *
-   * Delete an authorization resource by organization, resource type, and external ID. This also deletes all descendant resources.
-   * @param organizationId - The ID of the organization that owns the resource.
+   * Returns all permissions the organization membership effectively has on a resource, including permissions inherited through roles assigned to ancestor resources.
+   * @param organizationMembershipId - The ID of the organization membership.
    *
    * @example
-   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
+   * "om_01HXYZ123456789ABCDEFGHIJ"
    *
-   * @param resourceTypeSlug - The slug of the resource type.
+   * @param resourceId - The ID of the authorization resource.
    *
    * @example
-   * "project"
+   * "authz_resource_01HXYZ123456789ABCDEFGHIJ"
    *
-   * @param externalId - An identifier you provide to reference the resource in your system.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<AuthorizationPermission>>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  listEffectivePermissions(options: ListEffectivePermissionsOptions): Promise<AutoPaginatable<Permission>>;
+  /**
+   * List effective permissions for an organization membership on a resource by external ID
    *
-   * @example
-   * "proj-456"
+   * Returns all permissions the organization membership effectively has on a resource identified by its external ID, including permissions inherited through roles assigned to ancestor resources.
+   * @param options - Pagination and filter options.
+   * @returns {Promise<AutoPaginatable<Permission, PaginationOptions>>}
+   * @throws 403 response from the API.
+   * @throws {NotFoundException} 404
+   * @throws {UnprocessableEntityException} 422
+   */
+  listEffectivePermissionsByExternalId(options: ListEffectivePermissionsByExternalIdOptions): Promise<AutoPaginatable<Permission>>;
+}
+//#endregion
+//#region src/vault/interfaces/key/create-data-key.interface.d.ts
+interface CreateDataKeyOptions {
+  context: KeyContext;
+}
+//#endregion
+//#region src/vault/interfaces/key/decrypt-data-key.interface.d.ts
+interface DecryptDataKeyOptions {
+  keys: string;
+}
+interface DecryptDataKeyResponse {
+  data_key: string;
+  id: string;
+}
+//#endregion
+//#region src/vault/interfaces/create-rekey-options.interface.d.ts
+interface CreateRekeyOptions {
+  /** Map of values used to determine the new encryption key. */
+  context: Record<string, string>;
+  /** Base64-encoded encrypted data key blob to re-encrypt. */
+  encryptedKeys: string;
+}
+//#endregion
+//#region src/vault/interfaces/list-objects-options.interface.d.ts
+interface ListObjectsOptions extends PaginationOptions {
+  /** Filter results by name or structured search JSON. */
+  search?: string;
+  /** ISO 8601 timestamp to filter by last modified time. */
+  updatedAfter?: Date;
+}
+//#endregion
+//#region src/vault/interfaces/object/create-object.interface.d.ts
+interface CreateObjectEntity {
+  name: string;
+  value: string;
+  key_context: KeyContext;
+}
+interface CreateObjectOptions {
+  name: string;
+  value: string;
+  context: KeyContext;
+}
+//#endregion
+//#region src/vault/interfaces/object.interface.d.ts
+interface ObjectUpdateBy {
+  id: string;
+  name: string;
+}
+//#endregion
+//#region src/vault/interfaces/object/read-object.interface.d.ts
+interface ReadObjectOptions {
+  id: string;
+}
+interface ReadObjectMetadataResponse {
+  context: KeyContext;
+  environment_id: string;
+  id: string;
+  key_id: string;
+  updated_at: string;
+  updated_by: ObjectUpdateBy;
+  version_id: string;
+}
+interface ReadObjectResponse {
+  id: string;
+  metadata: ReadObjectMetadataResponse;
+  name: string;
+  value?: string;
+}
+//#endregion
+//#region src/vault/interfaces/object/update-object.interface.d.ts
+interface UpdateObjectEntity {
+  value: string;
+  version_check?: string;
+}
+interface UpdateObjectOptions {
+  id: string;
+  value: string;
+  versionCheck?: string;
+}
+//#endregion
+//#region src/vault/interfaces/delete-vault-object-options.interface.d.ts
+interface DeleteVaultObjectOptions {
+  /** Unique identifier of the object. */
+  id: string;
+  /** Expected current version for optimistic locking. */
+  versionCheck?: string;
+}
+//#endregion
+//#region src/vault/interfaces/create-data-key-response.interface.d.ts
+interface CreateDataKeyResponse {
+  /** Map of values used to determine the encryption key. */
+  context: Record<string, string>;
+  /** Base64-encoded data encryption key. */
+  dataKey?: string;
+  /** Base64-encoded encrypted data key blob. */
+  encryptedKeys?: string;
+  /** Unique identifier for the generated data key. */
+  id: string;
+}
+interface CreateDataKeyResponseWire {
+  context: Record<string, string>;
+  data_key: string;
+  encrypted_keys: string;
+  id: string;
+}
+//#endregion
+//#region src/vault/interfaces/actor.interface.d.ts
+/** The user or API key that performed an action. */
+interface Actor {
+  /** Unique identifier of the actor. */
+  id: string;
+  /** Display name of the actor. */
+  name: string;
+}
+interface ActorResponse {
+  id: string;
+  name: string;
+}
+//#endregion
+//#region src/vault/interfaces/object-metadata.interface.d.ts
+/** Metadata for a stored encrypted object. */
+interface ObjectMetadata {
+  /** Map of values used to determine the encryption key. */
+  context: Record<string, string>;
+  /** Environment the object belongs to. */
+  environmentId: string;
+  /** Unique identifier of the object. */
+  id: string;
+  /** Encryption key identifier. */
+  keyId: string;
+  /** Timestamp of the last update. */
+  updatedAt: Date;
+  updatedBy: Actor;
+  /** Current version identifier of the object. */
+  versionId?: string | null;
+}
+interface ObjectMetadataResponse {
+  context: Record<string, string>;
+  environment_id: string;
+  id: string;
+  key_id: string;
+  updated_at: string;
+  updated_by: ActorResponse;
+  version_id?: string | null;
+}
+//#endregion
+//#region src/vault/interfaces/vault-object.interface.d.ts
+/** An encrypted object with its decrypted value and metadata. */
+interface VaultObject {
+  /** Unique identifier of the object. */
+  id: string;
+  metadata: ObjectMetadata;
+  /** Unique name of the object. */
+  name: string;
+  /** Decrypted plaintext value. */
+  value?: string;
+}
+interface VaultObjectResponse {
+  id: string;
+  metadata: ObjectMetadataResponse;
+  name: string;
+  value: string;
+}
+//#endregion
+//#region src/vault/interfaces/object-version.interface.d.ts
+/** A static snapshot of an encrypted object. */
+interface ObjectVersion {
+  /** Timestamp when the version was created. */
+  createdAt: Date;
+  /** Whether this is the active version. */
+  currentVersion: boolean;
+  /** Hash of the object value. */
+  etag?: string;
+  /** Unique identifier of the version. */
+  id: string;
+  /** Number of bytes of stored data. */
+  size?: number;
+}
+interface ObjectVersionResponse {
+  created_at: string;
+  current_version: boolean;
+  etag?: string;
+  id: string;
+  size?: number;
+}
+//#endregion
+//#region src/vault/interfaces/list-metadata.interface.d.ts
+/** Cursor-based pagination metadata. */
+interface ListMetadata {
+  /** Cursor for the next page of results. */
+  after?: string | null;
+  /** Cursor for the previous page of results. */
+  before?: string | null;
+}
+//#endregion
+//#region src/vault/interfaces/version-list-response.interface.d.ts
+interface VersionListResponse {
+  /** List of object versions. */
+  data: ObjectVersion[];
+  listMetadata: ListMetadata;
+}
+//#endregion
+//#region src/vault/interfaces/object-summary.interface.d.ts
+/** Summary of an encrypted object returned in list responses. */
+interface ObjectSummary {
+  /** Unique identifier of the object. */
+  id: string;
+  /** Unique name of the object. */
+  name: string;
+  /** Timestamp of the last update. */
+  updatedAt?: Date | null;
+}
+interface ObjectSummaryResponse {
+  id: string;
+  name: string;
+  updated_at?: string | null;
+}
+//#endregion
+//#region src/vault/interfaces/read-object-by-name-options.interface.d.ts
+interface ReadObjectByNameOptions {
+  /** Unique name of the object. */
+  name: string;
+}
+//#endregion
+//#region src/vault/vault.d.ts
+declare class Vault {
+  private readonly workos;
+  constructor(workos: WorkOS);
+  /**
+   * Read an object by name
    *
-   * @param options - Additional query options.
-   * @returns {Promise<void>}
+   * Fetch and decrypt an object by its unique name.
+   * @param options - The object name string or request options.
+   * @param options.name - Unique name of the object.
+   * @example "my-secret"
+   * @returns {Promise<VaultObject>}
    * @throws {BadRequestException} 400
-   * @throws 403 response from the API.
    * @throws {NotFoundException} 404
-   * @throws {ConflictException} 409
    */
-  deleteResourceByExternalId(options: DeleteAuthorizationResourceByExternalIdOptions): Promise<void>;
+  readObjectByName(name: string): Promise<VaultObject>;
+  readObjectByName(options: ReadObjectByNameOptions): Promise<VaultObject>;
   /**
-   * Check authorization
+   * Create a data key
    *
-   * Check if an organization membership has a specific permission on a resource. Supports identification by resource_id OR by resource_external_id + resource_type_slug.
-   * @param options - Object containing permissionSlug.
-   * @returns {Promise<AuthorizationCheckResult>}
-   * @throws 403 response from the API.
-   * @throws {NotFoundException} 404
+   * Generate an isolated encryption key for local encryption operations.
+   * @param options - Object containing context.
+   * @param options.context - Map of values used to determine the encryption key.
+   * @example {"organization_id":"org_01K8ZYT4AWJ6XP0E0S8CTBHE3P"}
+   * @returns {Promise<DataKeyPair>}
+   * @throws {BadRequestException} 400
    * @throws {UnprocessableEntityException} 422
    */
-  check(options: AuthorizationCheckOptions): Promise<AuthorizationCheckResult>;
+  createDataKey(options: CreateDataKeyOptions): Promise<DataKeyPair>;
   /**
-   * List role assignments
-   *
-   * List all role assignments for an organization membership. This returns all roles that have been assigned to the user on resources, including organization-level and sub-resource roles.
-   * @param organizationMembershipId - The ID of the organization membership.
-   *
-   * @example
-   * "om_01HXYZ123456789ABCDEFGHIJ"
+   * Decrypt a data key
    *
-   * @param options - Pagination and filter options.
-   * @returns {Promise<AutoPaginatable<RoleAssignment>>}
-   * @throws 403 response from the API.
-   * @throws {NotFoundException} 404
+   * Decrypt a previously encrypted data key from WorkOS Vault.
+   * @param options - Object containing keys.
+   * @param options.keys - Base64-encoded encrypted data key to decrypt.
+   * @example "V09TLkVLTS52MQBiZjUxY2NlYy03OGI0LTUyMDAtYjM4My0zNTczMGU3MWVmNjEBATEBJGJmNjVlMzI2LTQzYTAtNGIyMC04OGM0LTA3ZmYzZGU1NDM0YwF0YmY2NWUzMjYtNDNhMC00YjIwLTg4YzQtMDdmZjNkZTU0MzRj"
+   * @returns {Promise<DataKey>}
+   * @throws {BadRequestException} 400
    */
-  listRoleAssignments(options: ListRoleAssignmentsOptions): Promise<AutoPaginatable<RoleAssignment>>;
+  decryptDataKey(options: DecryptDataKeyOptions): Promise<DataKey>;
   /**
-   * List role assignments for a resource
-   *
-   * List all role assignments granted on a resource. This returns every role assignment scoped to the resource, regardless of which organization membership received it.
-   * @param resourceId - The ID of the authorization resource.
+   * Re-encrypt a data key
    *
-   * @example
-   * "authz_resource_01HXYZ123456789ABCDEFGHIJ"
-   *
-   * @param options - Pagination and filter options.
-   * @returns {Promise<AutoPaginatable<RoleAssignment>>}
-   * @throws 403 response from the API.
-   * @throws {NotFoundException} 404
+   * Decrypt an existing data key and re-encrypt it under a new key context.
+   * @param options - Object containing context, encryptedKeys.
+   * @param options.context - Map of values used to determine the new encryption key.
+   * @example {"organization_id":"org_01K8ZYT4AWJ6XP0E0S8CTBHE3P"}
+   * @param options.encryptedKeys - Base64-encoded encrypted data key blob to re-encrypt.
+   * @example "V09TLkVLTS52MQBiZjUxY2NlYy03OGI0LTUyMDAtYjM4My0zNTczMGU3MWVmNjEBATEBJGJmNjVlMzI2LTQzYTAtNGIyMC04OGM0LTA3ZmYzZGU1NDM0YwF0YmY2NWUzMjYtNDNhMC00YjIwLTg4YzQtMDdmZjNkZTU0MzRj"
+   * @returns {Promise<CreateDataKeyResponse>}
+   * @throws {BadRequestException} 400
+   * @throws {UnprocessableEntityException} 422
    */
-  listRoleAssignmentsForResource(options: ListRoleAssignmentsForResourceOptions): Promise<AutoPaginatable<RoleAssignment>>;
+  createRekey(options: CreateRekeyOptions): Promise<CreateDataKeyResponse>;
   /**
-   * List role assignments for a resource by external ID
-   *
-   * List all role assignments granted on a resource identified by its external ID, organization, and resource type. This returns every role assignment scoped to the resource, regardless of which organization membership received it.
-   * @param organizationId - The ID of the organization that owns the resource.
-   *
-   * @example
-   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
-   *
-   * @param resourceTypeSlug - The slug of the resource type this resource belongs to.
-   *
-   * @example
-   * "project"
-   *
-   * @param externalId - An identifier you provide to reference the resource in your system.
-   *
-   * @example
-   * "proj-456"
+   * List objects
    *
+   * List all encrypted objects with cursor-based pagination.
    * @param options - Pagination and filter options.
-   * @returns {Promise<AutoPaginatable<RoleAssignment>>}
-   * @throws 403 response from the API.
-   * @throws {NotFoundException} 404
+   * @returns {Promise<AutoPaginatable<ObjectSummary, PaginationOptions>>}
+   * @throws {BadRequestException} 400
    */
-  listResourceRoleAssignments(options: ListRoleAssignmentsForResourceByExternalIdOptions): Promise<AutoPaginatable<RoleAssignment>>;
+  listObjects(options?: ListObjectsOptions): Promise<AutoPaginatable<ObjectSummary, PaginationOptions>>;
   /**
-   * Assign a role
+   * Create an object
    *
-   * Assign a role to an organization membership on a specific resource.
-   * @param options - Object containing roleSlug.
-   * @returns {Promise<RoleAssignment>}
-   * @throws 403 response from the API.
-   * @throws {NotFoundException} 404
+   * Encrypt and store a new key-value object.
+   * @param options - Object containing keyContext, name, value.
+   * @param options.keyContext - Map of values used to determine the encryption key.
+   * @example {"organization_id":"org_01K8ZYT4AWJ6XP0E0S8CTBHE3P"}
+   * @param options.name - Unique name for the object.
+   * @example "my-secret"
+   * @param options.value - Plaintext data to encrypt and store.
+   * @example "s3cr3t-v4lu3"
+   * @returns {Promise<ObjectMetadata>}
+   * @throws {BadRequestException} 400
+   * @throws {ConflictException} 409
    * @throws {UnprocessableEntityException} 422
    */
-  assignRole(options: AssignRoleOptions): Promise<RoleAssignment>;
+  createObject(options: CreateObjectOptions): Promise<ObjectMetadata>;
   /**
-   * Remove a role assignment
+   * Read an object by ID
    *
-   * Remove a role assignment by role slug and resource.
-   * @param options - Object containing roleSlug.
-   * @returns {Promise<void>}
-   * @throws 403 response from the API.
+   * Fetch and decrypt an object by its unique identifier.
+   * @param options - The request options.
+   * @param options.id - Unique identifier of the object.
+   * @example "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
+   * @returns {Promise<VaultObject>}
+   * @throws {BadRequestException} 400
    * @throws {NotFoundException} 404
-   * @throws {UnprocessableEntityException} 422
    */
-  removeRole(options: RemoveRoleOptions): Promise<void>;
+  readObject(options: ReadObjectOptions): Promise<VaultObject>;
   /**
-   * Remove a role assignment by ID
-   *
-   * Remove a role assignment using its ID.
-   * @param organizationMembershipId - The ID of the organization membership.
-   *
-   * @example
-   * "om_01HXYZ123456789ABCDEFGHIJ"
-   *
-   * @param roleAssignmentId - The ID of the role assignment to remove.
-   *
-   * @example
-   * "role_assignment_01HXYZ123456789ABCDEFGH"
+   * Update an object
+   *
+   * Update the value of an existing encrypted object.
+   * @param options - Object containing value.
+   * @param options.id - Unique identifier of the object.
+   * @example "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
+   * @param options.value - New plaintext value.
+   * @example "upd4t3d-v4lu3"
+   * @param options.versionCheck - ID of the expected current version for optimistic locking.
+   * @example "c3d4e5f6-7890-abcd-ef12-34567890abcd"
+   * @returns {Promise<VaultObject>}
+   * @throws {BadRequestException} 400
+   * @throws {ConflictException} 409
+   */
+  updateObject(options: UpdateObjectOptions): Promise<VaultObject>;
+  /**
+   * Delete an object
    *
+   * Delete an encrypted object.
+   * @param options - Additional query options.
+   * @param options.id - Unique identifier of the object.
+   * @example "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
+   * @param options.versionCheck - Expected current version for optimistic locking.
+   * @example "c3d4e5f6-7890-abcd-ef12-34567890abcd"
    * @returns {Promise<void>}
-   * @throws 403 response from the API.
    * @throws {NotFoundException} 404
+   * @throws {ConflictException} 409
    */
-  removeRoleAssignment(options: RemoveRoleAssignmentOptions): Promise<void>;
+  deleteObject(options: DeleteVaultObjectOptions): Promise<void>;
   /**
-   * List resources for organization membership
-   *
-   * Returns all child resources of a parent resource where the organization membership has a specific permission. This is useful for resource discovery—answering "What projects can this user access in this workspace?"
-   *
-   * You must provide either `parent_resource_id` or both `parent_resource_external_id` and `parent_resource_type_slug` to identify the parent resource.
-   * @param organizationMembershipId - The ID of the organization membership.
-   *
-   * @example
-   * "om_01HXYZ123456789ABCDEFGHIJ"
+   * Describe an object
    *
-   * @param options - Pagination and filter options.
-   * @returns {Promise<AutoPaginatable<AuthorizationResource>>}
+   * Fetch metadata for an object without decrypting it.
+   * @param options - The request options.
+   * @param options.id - Unique identifier of the object.
+   * @example "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
+   * @returns {Promise<VaultObject>}
    * @throws {BadRequestException} 400
-   * @throws 403 response from the API.
    * @throws {NotFoundException} 404
-   * @throws {UnprocessableEntityException} 422
    */
-  listResourcesForMembership(options: ListResourcesForMembershipOptions): Promise<AutoPaginatable<AuthorizationResource>>;
+  describeObject(options: ReadObjectOptions): Promise<VaultObject>;
   /**
-   * List organization memberships for resource
+   * List object versions
    *
-   * Returns all organization memberships that have a specific permission on a resource instance. This is useful for answering "Who can access this resource?".
-   * @param options - Pagination and filter options.
-   * @returns {Promise<AutoPaginatable<BaseOrganizationMembership, PaginationOptions>>}
+   * Retrieve all versions for a specific object.
+   * @param options - The request options.
+   * @param options.id - Unique identifier of the object.
+   * @example "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
+   * @returns {Promise<ObjectVersion[]>}
    * @throws {BadRequestException} 400
-   * @throws 403 response from the API.
    * @throws {NotFoundException} 404
-   * @throws {UnprocessableEntityException} 422
    */
-  listMembershipsForResource(options: ListMembershipsForResourceOptions): Promise<AutoPaginatable<AuthorizationOrganizationMembership>>;
+  listObjectVersions(options: ReadObjectOptions): Promise<VersionListResponse['data']>;
+  private decode;
+  decrypt(encryptedData: string, associatedData?: string): Promise<string>;
+  encrypt(data: string, context: KeyContext, associatedData?: string): Promise<string>;
+}
+//#endregion
+//#region src/workos.d.ts
+/** WorkOS REST API */
+declare class WorkOS {
+  readonly baseURL: string;
+  readonly client: HttpClient;
+  readonly clientId?: string;
+  readonly key?: string;
+  readonly options: WorkOSOptions;
+  readonly pkce: PKCE;
+  private readonly hasApiKey;
+  readonly actions: Actions;
+  readonly apiKeys: ApiKeys;
+  readonly auditLogs: AuditLogs;
+  readonly authorization: Authorization;
+  readonly directorySync: DirectorySync;
+  readonly connect: Connect;
+  readonly events: Events;
+  readonly featureFlags: FeatureFlags;
+  readonly groups: Groups;
+  readonly multiFactorAuth: MultiFactorAuth;
+  readonly organizations: Organizations;
+  readonly organizationDomains: OrganizationDomains;
+  readonly passwordless: Passwordless;
+  readonly pipes: Pipes;
+  readonly radar: Radar;
+  readonly adminPortal: AdminPortal;
+  readonly sso: SSO;
+  readonly userManagement: UserManagement;
+  readonly vault: Vault;
+  readonly webhooks: Webhooks;
+  readonly widgets: Widgets;
   /**
-   * List memberships for a resource by external ID
+   * Create a new WorkOS client.
    *
-   * Returns all organization memberships that have a specific permission on a resource, using the resource's external ID. This is useful for answering "Who can access this resource?" when you only have the external ID.
-   * @param organizationId - The ID of the organization that owns the resource.
+   * @param keyOrOptions - API key string, or options object
+   * @param maybeOptions - Options when first argument is API key
    *
    * @example
-   * "org_01EHZNVPK3SFK441A1RGBFSHRT"
-   *
-   * @param resourceTypeSlug - The slug of the resource type this resource belongs to.
+   * // Server-side with API key (string)
+   * const workos = new WorkOS('sk_...');
    *
    * @example
-   * "project"
-   *
-   * @param externalId - An identifier you provide to reference the resource in your system.
+   * // Server-side with API key (object)
+   * const workos = new WorkOS({ apiKey: 'sk_...', clientId: 'client_...' });
    *
    * @example
-   * "proj-456"
+   * // PKCE/public client (no API key)
+   * const workos = new WorkOS({ clientId: 'client_...' });
+   */
+  constructor(keyOrOptions?: string | WorkOSOptions, maybeOptions?: WorkOSOptions);
+  private createUserAgent;
+  createWebhookClient(): Webhooks;
+  createActionsClient(): Actions;
+  getCryptoProvider(): CryptoProvider;
+  createHttpClient(options: WorkOSOptions, userAgent: string): HttpClient;
+  get version(): string;
+  /**
+   * Require API key for methods that need it.
+   * @param methodName - Name of the method requiring API key (for error message)
+   * @throws ApiKeyRequiredException if no API key was provided
+   */
+  requireApiKey(methodName: string): void;
+  post<Result = any, Entity = any>(path: string, entity: Entity, options?: PostOptions): Promise<{
+    data: Result;
+  }>;
+  get<Result = any>(path: string, options?: GetOptions): Promise<{
+    data: Result;
+  }>;
+  put<Result = any, Entity = any>(path: string, entity: Entity, options?: PutOptions): Promise<{
+    data: Result;
+  }>;
+  patch<Result = any, Entity = any>(path: string, entity: Entity, options?: PatchOptions): Promise<{
+    data: Result;
+  }>;
+  delete(path: string, query?: any): Promise<void>;
+  deleteWithBody<Entity = any>(path: string, entity: Entity): Promise<void>;
+  emitWarning(warning: string): void;
+  private handleParseError;
+  private handleHttpError;
+}
+//#endregion
+//#region src/webhooks/interfaces/list-webhook-endpoints-options.interface.d.ts
+type ListWebhookEndpointsOptions = PaginationOptions;
+//#endregion
+//#region src/webhooks/interfaces/create-webhook-endpoint-events.interface.d.ts
+declare const CreateWebhookEndpointEvents: {
+  readonly AuthenticationEmailVerificationSucceeded: "authentication.email_verification_succeeded";
+  readonly AuthenticationMagicAuthFailed: "authentication.magic_auth_failed";
+  readonly AuthenticationMagicAuthSucceeded: "authentication.magic_auth_succeeded";
+  readonly AuthenticationMfaSucceeded: "authentication.mfa_succeeded";
+  readonly AuthenticationOAuthFailed: "authentication.oauth_failed";
+  readonly AuthenticationOAuthSucceeded: "authentication.oauth_succeeded";
+  readonly AuthenticationPasswordFailed: "authentication.password_failed";
+  readonly AuthenticationPasswordSucceeded: "authentication.password_succeeded";
+  readonly AuthenticationPasskeyFailed: "authentication.passkey_failed";
+  readonly AuthenticationPasskeySucceeded: "authentication.passkey_succeeded";
+  readonly AuthenticationSSOFailed: "authentication.sso_failed";
+  readonly AuthenticationSSOStarted: "authentication.sso_started";
+  readonly AuthenticationSSOSucceeded: "authentication.sso_succeeded";
+  readonly AuthenticationSSOTimedOut: "authentication.sso_timed_out";
+  readonly AuthenticationRadarRiskDetected: "authentication.radar_risk_detected";
+  readonly ApiKeyCreated: "api_key.created";
+  readonly ApiKeyRevoked: "api_key.revoked";
+  readonly ConnectionActivated: "connection.activated";
+  readonly ConnectionDeactivated: "connection.deactivated";
+  readonly ConnectionSAMLCertificateRenewalRequired: "connection.saml_certificate_renewal_required";
+  readonly ConnectionSAMLCertificateRenewed: "connection.saml_certificate_renewed";
+  readonly ConnectionDeleted: "connection.deleted";
+  readonly DsyncActivated: "dsync.activated";
+  readonly DsyncDeleted: "dsync.deleted";
+  readonly DsyncGroupCreated: "dsync.group.created";
+  readonly DsyncGroupDeleted: "dsync.group.deleted";
+  readonly DsyncGroupUpdated: "dsync.group.updated";
+  readonly DsyncGroupUserAdded: "dsync.group.user_added";
+  readonly DsyncGroupUserRemoved: "dsync.group.user_removed";
+  readonly DsyncUserCreated: "dsync.user.created";
+  readonly DsyncUserDeleted: "dsync.user.deleted";
+  readonly DsyncUserUpdated: "dsync.user.updated";
+  readonly EmailVerificationCreated: "email_verification.created";
+  readonly GroupCreated: "group.created";
+  readonly GroupDeleted: "group.deleted";
+  readonly GroupMemberAdded: "group.member_added";
+  readonly GroupMemberRemoved: "group.member_removed";
+  readonly GroupUpdated: "group.updated";
+  readonly FlagCreated: "flag.created";
+  readonly FlagDeleted: "flag.deleted";
+  readonly FlagUpdated: "flag.updated";
+  readonly FlagRuleUpdated: "flag.rule_updated";
+  readonly InvitationAccepted: "invitation.accepted";
+  readonly InvitationCreated: "invitation.created";
+  readonly InvitationResent: "invitation.resent";
+  readonly InvitationRevoked: "invitation.revoked";
+  readonly MagicAuthCreated: "magic_auth.created";
+  readonly OrganizationCreated: "organization.created";
+  readonly OrganizationDeleted: "organization.deleted";
+  readonly OrganizationUpdated: "organization.updated";
+  readonly OrganizationDomainCreated: "organization_domain.created";
+  readonly OrganizationDomainDeleted: "organization_domain.deleted";
+  readonly OrganizationDomainUpdated: "organization_domain.updated";
+  readonly OrganizationDomainVerified: "organization_domain.verified";
+  readonly OrganizationDomainVerificationFailed: "organization_domain.verification_failed";
+  readonly PasswordResetCreated: "password_reset.created";
+  readonly PasswordResetSucceeded: "password_reset.succeeded";
+  readonly UserCreated: "user.created";
+  readonly UserUpdated: "user.updated";
+  readonly UserDeleted: "user.deleted";
+  readonly OrganizationMembershipCreated: "organization_membership.created";
+  readonly OrganizationMembershipDeleted: "organization_membership.deleted";
+  readonly OrganizationMembershipUpdated: "organization_membership.updated";
+  readonly RoleCreated: "role.created";
+  readonly RoleDeleted: "role.deleted";
+  readonly RoleUpdated: "role.updated";
+  readonly OrganizationRoleCreated: "organization_role.created";
+  readonly OrganizationRoleDeleted: "organization_role.deleted";
+  readonly OrganizationRoleUpdated: "organization_role.updated";
+  readonly PermissionCreated: "permission.created";
+  readonly PermissionDeleted: "permission.deleted";
+  readonly PermissionUpdated: "permission.updated";
+  readonly PipesConnectedAccountConnected: "pipes.connected_account.connected";
+  readonly PipesConnectedAccountDisconnected: "pipes.connected_account.disconnected";
+  readonly PipesConnectedAccountReauthorizationNeeded: "pipes.connected_account.reauthorization_needed";
+  readonly SessionCreated: "session.created";
+  readonly SessionRevoked: "session.revoked";
+  readonly WaitlistUserApproved: "waitlist_user.approved";
+  readonly WaitlistUserCreated: "waitlist_user.created";
+  readonly WaitlistUserDenied: "waitlist_user.denied";
+};
+type CreateWebhookEndpointEvents = (typeof CreateWebhookEndpointEvents)[keyof typeof CreateWebhookEndpointEvents];
+//#endregion
+//#region src/webhooks/interfaces/create-webhook-endpoint-options.interface.d.ts
+interface CreateWebhookEndpointOptions {
+  /** The HTTPS URL where webhooks will be sent. */
+  endpointUrl: string;
+  /** The events that the Webhook Endpoint is subscribed to. */
+  events: CreateWebhookEndpointEvents[];
+}
+//#endregion
+//#region src/webhooks/interfaces/update-webhook-endpoint-status.interface.d.ts
+declare const UpdateWebhookEndpointStatus: {
+  readonly Enabled: "enabled";
+  readonly Disabled: "disabled";
+};
+type UpdateWebhookEndpointStatus = (typeof UpdateWebhookEndpointStatus)[keyof typeof UpdateWebhookEndpointStatus];
+//#endregion
+//#region src/webhooks/interfaces/update-webhook-endpoint-events.interface.d.ts
+declare const UpdateWebhookEndpointEvents: {
+  readonly AuthenticationEmailVerificationSucceeded: "authentication.email_verification_succeeded";
+  readonly AuthenticationMagicAuthFailed: "authentication.magic_auth_failed";
+  readonly AuthenticationMagicAuthSucceeded: "authentication.magic_auth_succeeded";
+  readonly AuthenticationMfaSucceeded: "authentication.mfa_succeeded";
+  readonly AuthenticationOAuthFailed: "authentication.oauth_failed";
+  readonly AuthenticationOAuthSucceeded: "authentication.oauth_succeeded";
+  readonly AuthenticationPasswordFailed: "authentication.password_failed";
+  readonly AuthenticationPasswordSucceeded: "authentication.password_succeeded";
+  readonly AuthenticationPasskeyFailed: "authentication.passkey_failed";
+  readonly AuthenticationPasskeySucceeded: "authentication.passkey_succeeded";
+  readonly AuthenticationSSOFailed: "authentication.sso_failed";
+  readonly AuthenticationSSOStarted: "authentication.sso_started";
+  readonly AuthenticationSSOSucceeded: "authentication.sso_succeeded";
+  readonly AuthenticationSSOTimedOut: "authentication.sso_timed_out";
+  readonly AuthenticationRadarRiskDetected: "authentication.radar_risk_detected";
+  readonly ApiKeyCreated: "api_key.created";
+  readonly ApiKeyRevoked: "api_key.revoked";
+  readonly ConnectionActivated: "connection.activated";
+  readonly ConnectionDeactivated: "connection.deactivated";
+  readonly ConnectionSAMLCertificateRenewalRequired: "connection.saml_certificate_renewal_required";
+  readonly ConnectionSAMLCertificateRenewed: "connection.saml_certificate_renewed";
+  readonly ConnectionDeleted: "connection.deleted";
+  readonly DsyncActivated: "dsync.activated";
+  readonly DsyncDeleted: "dsync.deleted";
+  readonly DsyncGroupCreated: "dsync.group.created";
+  readonly DsyncGroupDeleted: "dsync.group.deleted";
+  readonly DsyncGroupUpdated: "dsync.group.updated";
+  readonly DsyncGroupUserAdded: "dsync.group.user_added";
+  readonly DsyncGroupUserRemoved: "dsync.group.user_removed";
+  readonly DsyncUserCreated: "dsync.user.created";
+  readonly DsyncUserDeleted: "dsync.user.deleted";
+  readonly DsyncUserUpdated: "dsync.user.updated";
+  readonly EmailVerificationCreated: "email_verification.created";
+  readonly GroupCreated: "group.created";
+  readonly GroupDeleted: "group.deleted";
+  readonly GroupMemberAdded: "group.member_added";
+  readonly GroupMemberRemoved: "group.member_removed";
+  readonly GroupUpdated: "group.updated";
+  readonly FlagCreated: "flag.created";
+  readonly FlagDeleted: "flag.deleted";
+  readonly FlagUpdated: "flag.updated";
+  readonly FlagRuleUpdated: "flag.rule_updated";
+  readonly InvitationAccepted: "invitation.accepted";
+  readonly InvitationCreated: "invitation.created";
+  readonly InvitationResent: "invitation.resent";
+  readonly InvitationRevoked: "invitation.revoked";
+  readonly MagicAuthCreated: "magic_auth.created";
+  readonly OrganizationCreated: "organization.created";
+  readonly OrganizationDeleted: "organization.deleted";
+  readonly OrganizationUpdated: "organization.updated";
+  readonly OrganizationDomainCreated: "organization_domain.created";
+  readonly OrganizationDomainDeleted: "organization_domain.deleted";
+  readonly OrganizationDomainUpdated: "organization_domain.updated";
+  readonly OrganizationDomainVerified: "organization_domain.verified";
+  readonly OrganizationDomainVerificationFailed: "organization_domain.verification_failed";
+  readonly PasswordResetCreated: "password_reset.created";
+  readonly PasswordResetSucceeded: "password_reset.succeeded";
+  readonly UserCreated: "user.created";
+  readonly UserUpdated: "user.updated";
+  readonly UserDeleted: "user.deleted";
+  readonly OrganizationMembershipCreated: "organization_membership.created";
+  readonly OrganizationMembershipDeleted: "organization_membership.deleted";
+  readonly OrganizationMembershipUpdated: "organization_membership.updated";
+  readonly RoleCreated: "role.created";
+  readonly RoleDeleted: "role.deleted";
+  readonly RoleUpdated: "role.updated";
+  readonly OrganizationRoleCreated: "organization_role.created";
+  readonly OrganizationRoleDeleted: "organization_role.deleted";
+  readonly OrganizationRoleUpdated: "organization_role.updated";
+  readonly PermissionCreated: "permission.created";
+  readonly PermissionDeleted: "permission.deleted";
+  readonly PermissionUpdated: "permission.updated";
+  readonly PipesConnectedAccountConnected: "pipes.connected_account.connected";
+  readonly PipesConnectedAccountDisconnected: "pipes.connected_account.disconnected";
+  readonly PipesConnectedAccountReauthorizationNeeded: "pipes.connected_account.reauthorization_needed";
+  readonly SessionCreated: "session.created";
+  readonly SessionRevoked: "session.revoked";
+  readonly WaitlistUserApproved: "waitlist_user.approved";
+  readonly WaitlistUserCreated: "waitlist_user.created";
+  readonly WaitlistUserDenied: "waitlist_user.denied";
+};
+type UpdateWebhookEndpointEvents = (typeof UpdateWebhookEndpointEvents)[keyof typeof UpdateWebhookEndpointEvents];
+//#endregion
+//#region src/webhooks/interfaces/update-webhook-endpoint-options.interface.d.ts
+interface UpdateWebhookEndpointOptions {
+  /** Unique identifier of the Webhook Endpoint. */
+  id: string;
+  /** The HTTPS URL where webhooks will be sent. */
+  endpointUrl?: string;
+  /** Whether the Webhook Endpoint is enabled or disabled. */
+  status?: UpdateWebhookEndpointStatus;
+  /** The events that the Webhook Endpoint is subscribed to. */
+  events?: UpdateWebhookEndpointEvents[];
+}
+//#endregion
+//#region src/webhooks/interfaces/delete-webhook-endpoint-options.interface.d.ts
+interface DeleteWebhookEndpointOptions {
+  /** Unique identifier of the Webhook Endpoint. */
+  id: string;
+}
+//#endregion
+//#region src/webhooks/interfaces/webhook-endpoint-status.interface.d.ts
+declare const WebhookEndpointStatus: {
+  readonly Enabled: "enabled";
+  readonly Disabled: "disabled";
+};
+type WebhookEndpointStatus = (typeof WebhookEndpointStatus)[keyof typeof WebhookEndpointStatus];
+//#endregion
+//#region src/webhooks/interfaces/webhook-endpoint.interface.d.ts
+interface WebhookEndpoint {
+  /** Distinguishes the Webhook Endpoint object. */
+  object: 'webhook_endpoint';
+  /** Unique identifier of the Webhook Endpoint. */
+  id: string;
+  /** The URL to which webhooks are sent. */
+  endpointUrl: string;
+  /** The secret used to sign webhook payloads. */
+  secret: string;
+  /** Whether the Webhook Endpoint is enabled or disabled. */
+  status: WebhookEndpointStatus;
+  /** The events that the Webhook Endpoint is subscribed to. */
+  events: string[];
+  /** An ISO 8601 timestamp. */
+  createdAt: Date;
+  /** An ISO 8601 timestamp. */
+  updatedAt: Date;
+}
+interface WebhookEndpointResponse {
+  object: 'webhook_endpoint';
+  id: string;
+  endpoint_url: string;
+  secret: string;
+  status: WebhookEndpointStatus;
+  events: string[];
+  created_at: string;
+  updated_at: string;
+}
+//#endregion
+//#region src/webhooks/webhooks.d.ts
+declare class Webhooks {
+  private readonly workos;
+  constructor(workos: WorkOS);
+  /**
+   * List Webhook Endpoints
    *
+   * Get a list of all of your existing webhook endpoints.
    * @param options - Pagination and filter options.
-   * @returns {Promise<AutoPaginatable<UserOrganizationMembershipBaseListData>>}
-   * @throws {BadRequestException} 400
-   * @throws 403 response from the API.
-   * @throws {NotFoundException} 404
-   * @throws {UnprocessableEntityException} 422
+   * @returns {Promise<AutoPaginatable<WebhookEndpoint, PaginationOptions>>}
    */
-  listMembershipsForResourceByExternalId(options: ListMembershipsForResourceByExternalIdOptions): Promise<AutoPaginatable<AuthorizationOrganizationMembership>>;
+  listWebhookEndpoints(options?: ListWebhookEndpointsOptions): Promise<AutoPaginatable<WebhookEndpoint, PaginationOptions>>;
   /**
-   * List effective permissions for an organization membership on a resource
-   *
-   * Returns all permissions the organization membership effectively has on a resource, including permissions inherited through roles assigned to ancestor resources.
-   * @param organizationMembershipId - The ID of the organization membership.
-   *
-   * @example
-   * "om_01HXYZ123456789ABCDEFGHIJ"
-   *
-   * @param resourceId - The ID of the authorization resource.
+   * Create a Webhook Endpoint
    *
-   * @example
-   * "authz_resource_01HXYZ123456789ABCDEFGHIJ"
+   * Create a new webhook endpoint to receive event notifications.
+   * @param options - Object containing endpointUrl, events.
+   * @param options.endpointUrl - The HTTPS URL where webhooks will be sent.
+   * @example "https://example.com/webhooks"
+   * @param options.events - The events that the Webhook Endpoint is subscribed to.
+   * @example ["user.created","dsync.user.created"]
+   * @returns {Promise<WebhookEndpoint>}
+   * @throws {ConflictException} 409
+   * @throws {UnprocessableEntityException} 422
+   */
+  createWebhookEndpoint(options: CreateWebhookEndpointOptions): Promise<WebhookEndpoint>;
+  /**
+   * Update a Webhook Endpoint
    *
-   * @param options - Pagination and filter options.
-   * @returns {Promise<AutoPaginatable<AuthorizationPermission>>}
-   * @throws 403 response from the API.
+   * Update the properties of an existing webhook endpoint.
+   * @param options - The request body.
+   * @param options.id - Unique identifier of the Webhook Endpoint.
+   * @example "we_0123456789"
+   * @param options.endpointUrl - The HTTPS URL where webhooks will be sent.
+   * @example "https://example.com/webhooks"
+   * @param options.status - Whether the Webhook Endpoint is enabled or disabled.
+   * @example "enabled"
+   * @param options.events - The events that the Webhook Endpoint is subscribed to.
+   * @example ["user.created","dsync.user.created"]
+   * @returns {Promise<WebhookEndpoint>}
    * @throws {NotFoundException} 404
+   * @throws {ConflictException} 409
    * @throws {UnprocessableEntityException} 422
    */
-  listEffectivePermissions(options: ListEffectivePermissionsOptions): Promise<AutoPaginatable<Permission>>;
+  updateWebhookEndpoint(options: UpdateWebhookEndpointOptions): Promise<WebhookEndpoint>;
   /**
-   * List effective permissions for an organization membership on a resource by external ID
+   * Delete a Webhook Endpoint
    *
-   * Returns all permissions the organization membership effectively has on a resource identified by its external ID, including permissions inherited through roles assigned to ancestor resources.
-   * @param options - Pagination and filter options.
-   * @returns {Promise<AutoPaginatable<Permission, PaginationOptions>>}
-   * @throws 403 response from the API.
+   * Delete an existing webhook endpoint.
+   * @param options - The request options.
+   * @param options.id - Unique identifier of the Webhook Endpoint.
+   * @example "we_0123456789"
+   * @returns {Promise<void>}
    * @throws {NotFoundException} 404
-   * @throws {UnprocessableEntityException} 422
    */
-  listEffectivePermissionsByExternalId(options: ListEffectivePermissionsByExternalIdOptions): Promise<AutoPaginatable<Permission>>;
+  deleteWebhookEndpoint(options: DeleteWebhookEndpointOptions): Promise<void>;
+  private _signatureProvider?;
+  private get signatureProvider();
+  get verifyHeader(): ({
+    payload,
+    sigHeader,
+    secret,
+    tolerance
+  }: {
+    payload: WebhookPayload;
+    sigHeader: string;
+    secret: string;
+    tolerance?: number;
+  }) => Promise<boolean>;
+  get computeSignature(): (timestamp: any, payload: WebhookPayload, secret: string) => Promise<string>;
+  get getTimestampAndSignatureHash(): (sigHeader: string) => [string, string];
+  constructEvent({
+    payload,
+    sigHeader,
+    secret,
+    tolerance
+  }: {
+    payload: WebhookPayload;
+    sigHeader: string;
+    secret: string;
+    tolerance?: number;
+  }): Promise<Event>;
+  private parseVerifiedPayload;
 }
 //#endregion
 //#region src/common/exceptions/api-key-required.exception.d.ts
@@ -6538,216 +8237,5 @@ interface ConfidentialClientOptions extends WorkOSOptions {
 declare function createWorkOS(options: PublicClientOptions): PublicWorkOS;
 declare function createWorkOS(options: ConfidentialClientOptions): WorkOS;
 //#endregion
-//#region src/index.worker.d.ts
-declare class WorkOSWorker extends WorkOS {
-  /** @override */
-  createHttpClient(options: WorkOSOptions, userAgent: string): HttpClient;
-  /** @override */
-  createWebhookClient(): Webhooks;
-  getCryptoProvider(): CryptoProvider;
-  /** @override */
-  createActionsClient(): Actions;
-  /** @override */
-  emitWarning(warning: string): void;
-}
-//#endregion
-//#region src/vault/interfaces/key/create-data-key.interface.d.ts
-interface CreateDataKeyOptions {
-  context: KeyContext;
-}
-interface CreateDataKeyResponse {
-  context: KeyContext;
-  data_key: string;
-  encrypted_keys: string;
-  id: string;
-}
-//#endregion
-//#region src/vault/interfaces/key/decrypt-data-key.interface.d.ts
-interface DecryptDataKeyOptions {
-  keys: string;
-}
-interface DecryptDataKeyResponse {
-  data_key: string;
-  id: string;
-}
-//#endregion
-//#region src/vault/interfaces/object/create-object.interface.d.ts
-interface CreateObjectEntity {
-  name: string;
-  value: string;
-  key_context: KeyContext;
-}
-interface CreateObjectOptions {
-  name: string;
-  value: string;
-  context: KeyContext;
-}
-//#endregion
-//#region src/vault/interfaces/object/delete-object.interface.d.ts
-interface DeleteObjectOptions {
-  id: string;
-}
-//#endregion
-//#region src/vault/interfaces/object.interface.d.ts
-interface ObjectDigest {
-  id: string;
-  name: string;
-  updatedAt: Date;
-}
-interface ObjectUpdateBy {
-  id: string;
-  name: string;
-}
-interface ObjectMetadata {
-  context: KeyContext;
-  environmentId: string;
-  id: string;
-  keyId: string;
-  updatedAt: Date;
-  updatedBy: ObjectUpdateBy;
-  versionId: string;
-}
-interface VaultObject {
-  id: string;
-  metadata: ObjectMetadata;
-  name: string;
-  value?: string;
-}
-interface ObjectVersion {
-  createdAt: Date;
-  currentVersion: boolean;
-  id: string;
-}
-//#endregion
-//#region src/vault/interfaces/object/read-object.interface.d.ts
-interface ReadObjectOptions {
-  id: string;
-}
-interface ReadObjectMetadataResponse {
-  context: KeyContext;
-  environment_id: string;
-  id: string;
-  key_id: string;
-  updated_at: string;
-  updated_by: ObjectUpdateBy;
-  version_id: string;
-}
-interface ReadObjectResponse {
-  id: string;
-  metadata: ReadObjectMetadataResponse;
-  name: string;
-  value?: string;
-}
-//#endregion
-//#region src/vault/interfaces/object/update-object.interface.d.ts
-interface UpdateObjectEntity {
-  value: string;
-  version_check?: string;
-}
-interface UpdateObjectOptions {
-  id: string;
-  value: string;
-  versionCheck?: string;
-}
-//#endregion
-//#region src/vault/vault.d.ts
-declare class Vault {
-  private readonly workos;
-  private cryptoProvider;
-  constructor(workos: WorkOS);
-  private decode;
-  createObject(options: CreateObjectOptions): Promise<ObjectMetadata>;
-  listObjects(options?: PaginationOptions | undefined): Promise<List<ObjectDigest>>;
-  listObjectVersions(options: ReadObjectOptions): Promise<ObjectVersion[]>;
-  readObject(options: ReadObjectOptions): Promise<VaultObject>;
-  readObjectByName(name: string): Promise<VaultObject>;
-  describeObject(options: ReadObjectOptions): Promise<VaultObject>;
-  updateObject(options: UpdateObjectOptions): Promise<VaultObject>;
-  deleteObject(options: DeleteObjectOptions): Promise<void>;
-  createDataKey(options: CreateDataKeyOptions): Promise<DataKeyPair>;
-  decryptDataKey(options: DecryptDataKeyOptions): Promise<DataKey>;
-  encrypt(data: string, context: KeyContext, associatedData?: string): Promise<string>;
-  decrypt(encryptedData: string, associatedData?: string): Promise<string>;
-}
-//#endregion
-//#region src/workos.d.ts
-/** WorkOS REST API */
-declare class WorkOS {
-  readonly baseURL: string;
-  readonly client: HttpClient;
-  readonly clientId?: string;
-  readonly key?: string;
-  readonly options: WorkOSOptions;
-  readonly pkce: PKCE;
-  private readonly hasApiKey;
-  readonly actions: Actions;
-  readonly apiKeys: ApiKeys;
-  readonly auditLogs: AuditLogs;
-  readonly authorization: Authorization;
-  readonly directorySync: DirectorySync;
-  readonly events: Events;
-  readonly featureFlags: FeatureFlags;
-  readonly groups: Groups;
-  readonly multiFactorAuth: MultiFactorAuth;
-  readonly organizations: Organizations;
-  readonly organizationDomains: OrganizationDomains;
-  readonly passwordless: Passwordless;
-  readonly pipes: Pipes;
-  readonly adminPortal: AdminPortal;
-  readonly sso: SSO;
-  readonly userManagement: UserManagement;
-  readonly vault: Vault;
-  readonly webhooks: Webhooks;
-  readonly widgets: Widgets;
-  /**
-   * Create a new WorkOS client.
-   *
-   * @param keyOrOptions - API key string, or options object
-   * @param maybeOptions - Options when first argument is API key
-   *
-   * @example
-   * // Server-side with API key (string)
-   * const workos = new WorkOS('sk_...');
-   *
-   * @example
-   * // Server-side with API key (object)
-   * const workos = new WorkOS({ apiKey: 'sk_...', clientId: 'client_...' });
-   *
-   * @example
-   * // PKCE/public client (no API key)
-   * const workos = new WorkOS({ clientId: 'client_...' });
-   */
-  constructor(keyOrOptions?: string | WorkOSOptions, maybeOptions?: WorkOSOptions);
-  private createUserAgent;
-  createWebhookClient(): Webhooks;
-  createActionsClient(): Actions;
-  getCryptoProvider(): CryptoProvider;
-  createHttpClient(options: WorkOSOptions, userAgent: string): HttpClient;
-  get version(): string;
-  /**
-   * Require API key for methods that need it.
-   * @param methodName - Name of the method requiring API key (for error message)
-   * @throws ApiKeyRequiredException if no API key was provided
-   */
-  requireApiKey(methodName: string): void;
-  post<Result = any, Entity = any>(path: string, entity: Entity, options?: PostOptions): Promise<{
-    data: Result;
-  }>;
-  get<Result = any>(path: string, options?: GetOptions): Promise<{
-    data: Result;
-  }>;
-  put<Result = any, Entity = any>(path: string, entity: Entity, options?: PutOptions): Promise<{
-    data: Result;
-  }>;
-  patch<Result = any, Entity = any>(path: string, entity: Entity, options?: PatchOptions): Promise<{
-    data: Result;
-  }>;
-  delete(path: string, query?: any): Promise<void>;
-  deleteWithBody<Entity = any>(path: string, entity: Entity): Promise<void>;
-  emitWarning(warning: string): void;
-  private handleParseError;
-  private handleHttpError;
-}
-//#endregion
-export { CreateAuditLogSchemaRequestOptions as $, FlagPollEntry as $a, ConnectionDomain as $c, VaultDekDecryptedEventResponse as $i, DeleteAuthorizationResourceByExternalIdOptions as $l, DsyncUserCreatedEvent as $n, MagicAuth as $o, OrganizationDomainVerifiedEvent as $r, AuthenticationEventSsoResponse as $s, List as $t, HttpClientResponseInterface as $u, IntentOptions as A, VaultNamesListedEventData as Aa, AuthenticateWithEmailVerificationOptions as Ac, RoleUpdatedEventResponse as Ai, SerializedAssignRoleOptions as Al, AuthenticationSSOFailedEventResponse as An, UpdateUserOptions as Ao, GroupUpdatedEventResponse as Ar, FactorWithSecrets$1 as As, UserRegistrationActionResponseData as At, UpdateEnvironmentRoleOptions as Au, NoApiKeyProvidedException as B, Group as Ba, SerializedAuthenticateWithOptionsBase as Bc, UserUpdatedEvent as Bi, RoleAssignmentRole as Bl, DsyncActivatedEventResponse as Bn, RevokeSessionOptions as Bo, MagicAuthCreatedEventResponse as Br, CreatePasswordResetOptions as Bs, ListOrganizationsOptions as Bt, SerializedListDirectoriesOptions as Bu, PublicUserManagement as C, VaultDekDecryptedEventResponseData as Ca, AuthenticateUserWithOrganizationSelectionCredentials as Cc, PermissionUpdatedEvent as Ci, RemoveRoleOptionsWithResourceExternalId as Cl, AuthenticationPasswordFailedEvent as Cn, CreateOrganizationDomainOptions as Co, GroupMemberAddedEvent as Cr, Invitation as Cs, AutoPaginatable as Ct, UpdateOrganizationRoleOptions as Cu, PortalLinkResponseWire as D, VaultKekCreatedEventResponseData as Da, AuthenticateWithMagicAuthOptions as Dc, RoleDeletedEvent as Di, AssignRoleOptionsWithResourceExternalId as Dl, AuthenticationRadarRiskDetectedEvent as Dn, SerializedUpdateUserPasswordOptions as Do, GroupMemberRemovedEvent as Dr, Identity as Ds, Actions as Dt, AddEnvironmentRolePermissionOptions as Du, PortalLinkResponse as E, VaultKekCreatedEventData as Ea, AuthenticateUserWithMagicAuthCredentials as Ec, RoleCreatedEventResponse as Ei, AssignRoleOptions as El, AuthenticationPasswordSucceededEventResponse as En, VerifyEmailOptions as Eo, GroupMemberEventResponseData as Er, InvitationResponse as Es, Webhooks as Et, OrganizationRole as Eu, UnauthorizedException as F, SerializedUpdateGroupOptions as Fa, AuthenticateWithCodeOptions as Fc, UnknownEvent as Fi, SerializedListRoleAssignmentsOptions as Fl, ConnectionDeactivatedEvent as Fn, SessionResponse as Fo, InvitationResentEvent as Fr, EmailVerificationEvent as Fs, UserRegistrationActionPayload as Ft, EnvironmentRoleListResponse as Fu, AuthenticationException as G, SerializedCreateGroupOptions as Ga, ProfileResponse as Gc, VaultDataCreatedEventResponse as Gi, ListResourcesForMembershipOptionsWithParentId as Gl, DsyncGroupDeletedEvent as Gn, ResendInvitationOptions as Go, OrganizationDomainCreatedEvent as Gr, SerializedCreateMagicAuthOptions as Gs, DomainData as Gt, DirectoryResponse as Gu, BadRequestException as H, GetGroupOptions as Ha, ProfileAndToken as Hc, VaultByokKeyVerificationCompletedEvent as Hi, ListMembershipsForResourceOptions as Hl, DsyncDeletedEventResponse as Hn, serializeRevokeSessionOptions as Ho, OrganizationCreatedResponse as Hr, CreateOrganizationMembershipOptions as Hs, CreateOrganizationOptions as Ht, DirectoryGroup as Hu, SignatureVerificationException as I, UpdateGroupOptions as Ia, SerializedAuthenticateWithCodeOptions as Ic, UserCreatedEvent as Ii, RoleAssignment as Il, ConnectionDeactivatedEventResponse as In, SessionStatus as Io, InvitationResentEventResponse as Ir, EmailVerificationEventResponse as Is, SerializedUpdateOrganizationOptions as It, EnvironmentRoleResponse as Iu, WorkOSErrorData as J, RuntimeClientStats as Ja, ListConnectionsOptions as Jc, VaultDataReadEvent as Ji, AuthorizationCheckOptionsWithResourceExternalId as Jl, DsyncGroupUpdatedEventResponse as Jn, RefreshSessionResponse as Jo, OrganizationDomainDeletedEventResponse as Jr, AuthenticationRadarRiskDetectedEventData as Js, WorkOSOptions as Jt, DirectoryType as Ju, isAuthenticationErrorData as K, AddGroupOrganizationMembershipOptions as Ka, OauthTokens as Kc, VaultDataDeletedEvent as Ki, SerializedListResourcesForMembershipOptions as Kl, DsyncGroupDeletedEventResponse as Kn, SerializedResendInvitationOptions as Ko, OrganizationDomainCreatedEventResponse as Kr, PKCEAuthorizationURLResult as Ks, DomainDataState as Kt, DirectoryState as Ku, RateLimitExceededException as L, RemoveGroupOrganizationMembershipOptions as La, AuthenticateWithOptionsBase as Lc, UserCreatedEventResponse as Li, RoleAssignmentResource as Ll, ConnectionDeletedEvent as Ln, SendVerificationEmailOptions as Lo, InvitationRevokedEvent as Lr, EmailVerificationResponse as Ls, UpdateOrganizationOptions as Lt, ListDirectoryUsersOptions as Lu, SSOIntentOptions as M, DataKey as Ma, AuthenticateWithCodeAndVerifierOptions as Mc, SessionCreatedEventResponse as Mi, ListRoleAssignmentsForResourceOptions as Ml, AuthenticationSSOSucceededEventResponse as Mn, UpdateOrganizationMembershipOptions as Mo, InvitationAcceptedEventResponse as Mr, EnrollAuthFactorOptions as Ms, ActionPayload as Mt, SerializedCreateEnvironmentRoleOptions as Mu, SSOIntentOptionsResponse as N, DataKeyPair as Na, SerializedAuthenticateWithCodeAndVerifierOptions as Nc, SessionRevokedEvent as Ni, SerializedListRoleAssignmentsForResourceOptions as Nl, ConnectionActivatedEvent as Nn, AuthMethod as No, InvitationCreatedEvent as Nr, SerializedEnrollUserInMfaFactorOptions as Ns, UserData as Nt, EnvironmentRole as Nu, GenerateLink as O, VaultMetadataReadEventData as Oa, SerializedAuthenticateWithMagicAuthOptions as Oc, RoleDeletedEventResponse as Oi, AssignRoleOptionsWithResourceId as Ol, AuthenticationRadarRiskDetectedEventResponse as On, UpdateUserPasswordOptions as Oo, GroupMemberRemovedEventResponse as Or, Factor$1 as Os, AuthenticationActionResponseData as Ot, SetEnvironmentRolePermissionsOptions as Ou, UnprocessableEntityException as P, KeyContext as Pa, AuthenticateUserWithCodeCredentials as Pc, SessionRevokedEventResponse as Pi, ListRoleAssignmentsOptions as Pl, ConnectionActivatedEventResponse as Pn, Session as Po, InvitationCreatedEventResponse as Pr, EmailVerification as Ps, UserDataPayload as Pt, EnvironmentRoleList as Pu, CreateAuditLogSchemaOptions as Q, ListFeatureFlagsOptions as Qa, Connection as Qc, VaultDekDecryptedEvent as Qi, DeleteAuthorizationResourceOptions as Ql, DsyncGroupUserRemovedEventResponse as Qn, PasswordResetResponse as Qo, OrganizationDomainVerificationFailedEventResponse as Qr, AuthenticationEventSso as Qs, PatchOptions as Qt, HttpClientInterface as Qu, OauthException as R, ListGroupsOptions as Ra, AuthenticateWithSessionOptions as Rc, UserDeletedEvent as Ri, RoleAssignmentResourceResponse as Rl, ConnectionDeletedEventResponse as Rn, SendInvitationOptions as Ro, InvitationRevokedEventResponse as Rr, CreateUserOptions as Rs, Organization as Rt, ListDirectoryGroupsOptions as Ru, PublicSSO as S, VaultDekDecryptedEventData as Sa, SerializedAuthenticateWithPasswordOptions as Sc, PermissionDeletedEventResponse as Si, RemoveRoleOptions as Sl, AuthenticationPasskeySucceededEventResponse as Sn, OrganizationDomainVerificationStrategy as So, GroupDeletedEventResponse as Sr, ListAuthFactorsOptions as Ss, SerializedListEventOptions as St, SerializedUpdateOrganizationRoleOptions as Su, createWorkOS as T, VaultDekReadEventResponseData as Ta, SerializedAuthenticateWithOrganizationSelectionOptions as Tc, RoleCreatedEvent as Ti, SerializedRemoveRoleOptions as Tl, AuthenticationPasswordSucceededEvent as Tn, SerializedVerifyEmailOptions as To, GroupMemberEventData as Tr, InvitationEventResponse as Ts, PKCEPair as Tt, SerializedCreateOrganizationRoleOptions as Tu, AuthenticationErrorCode as U, DeleteGroupOptions as Ua, ProfileAndTokenResponse as Uc, VaultByokKeyVerificationCompletedEventResponse as Ui, ListResourcesForMembershipOptions as Ul, DsyncGroupCreatedEvent as Un, ResetPasswordOptions as Uo, OrganizationDeletedEvent as Ur, SerializedCreateOrganizationMembershipOptions as Us, CreateOrganizationRequestOptions as Ut, DirectoryGroupResponse as Uu, ConflictException as V, GroupResponse as Va, WithResolvedClientId as Vc, UserUpdatedEventResponse as Vi, ListMembershipsForResourceByExternalIdOptions as Vl, DsyncDeletedEvent as Vn, SerializedRevokeSessionOptions as Vo, OrganizationCreatedEvent as Vr, SerializedCreatePasswordResetOptions as Vs, ListOrganizationFeatureFlagsOptions as Vt, PaginationOptions as Vu, AuthenticationErrorData as W, CreateGroupOptions as Wa, Profile as Wc, VaultDataCreatedEvent as Wi, ListResourcesForMembershipOptionsWithParentExternalId as Wl, DsyncGroupCreatedEventResponse as Wn, SerializedResetPasswordOptions as Wo, OrganizationDeletedResponse as Wr, CreateMagicAuthOptions as Ws, SerializedCreateOrganizationOptions as Wt, Directory as Wu, FeatureFlagsRuntimeClient as X, RuntimeClientOptions as Xa, GetProfileAndTokenOptions as Xc, VaultDataUpdatedEvent as Xi, AuthorizationCheckResult as Xl, DsyncGroupUserAddedEventResponse as Xn, PasswordResetEvent as Xo, OrganizationDomainUpdatedEventResponse as Xr, AuthenticationEvent as Xs, PutOptions as Xt, EventDirectoryResponse as Xu, ApiKeyRequiredException as Y, RuntimeClientLogger as Ya, SerializedListConnectionsOptions as Yc, VaultDataReadEventResponse as Yi, AuthorizationCheckOptionsWithResourceId as Yl, DsyncGroupUserAddedEvent as Yn, PasswordReset as Yo, OrganizationDomainUpdatedEvent as Yr, AuthenticationRadarRiskDetectedEventResponseData as Ys, UnprocessableEntityError as Yt, EventDirectory as Yu, CookieSession as Z, RemoveFlagTargetOptions as Za, GetProfileOptions as Zc, VaultDataUpdatedEventResponse as Zi, SerializedAuthorizationCheckOptions as Zl, DsyncGroupUserRemovedEvent as Zn, PasswordResetEventResponse as Zo, OrganizationDomainVerificationFailedEvent as Zr, AuthenticationEventResponse as Zs, PostOptions as Zt, HttpClient as Zu, CreateDataKeyOptions as _, VaultDataDeletedEventResponseData as _a, AuthenticateUserWithRefreshTokenCredentials as _c, PasswordResetSucceededEvent as _i, RoleResponse as _l, AuthenticationOAuthSucceededEvent as _n, OrganizationDomainVerificationFailed as _o, FlagUpdatedEvent as _r, OrganizationMembershipResponse as _s, CreatePasswordlessSessionOptions as _t, Permission as _u, ReadObjectOptions as a, VaultMetadataReadEventResponse as aa, AuthenticateWithSessionCookieFailureReason as ac, OrganizationMembershipUpdated as ai, DirectoryUser as al, ApiKeyRevokedEvent as an, AddFlagTargetOptions as ao, EmailVerificationCreatedEvent as ar, ListUsersOptions as as, CreateAuditLogEventRequestOptions as at, AuthorizationResourceResponse as au, ConfidentialClientOptions as b, VaultDataUpdatedEventData as ba, AuthenticateUserWithPasswordCredentials as bc, PermissionCreatedEventResponse as bi, RemoveRoleAssignmentOptions as bl, AuthenticationPasskeyFailedEventResponse as bn, OrganizationDomainResponse as bo, GroupCreatedEventResponse as br, SerializedListInvitationsOptions as bs, PasswordlessSessionResponse as bt, AddOrganizationRolePermissionOptions as bu, ObjectMetadata as c, VaultActor as ca, SessionCookieData as cc, OrganizationRoleCreatedEventResponse as ci, DirectoryUserWithGroupsResponse as cl, AuthenticationEmailVerificationSucceededEventResponse as cn, ValidateApiKeyResponse as co, EventBase as cr, ListSessionsOptions as cs, AuditLogSchema as ct, CreateOptionsWithParentResourceId as cu, VaultObject as d, VaultByokKeyProvider as da, User as dc, OrganizationRoleUpdatedEvent as di, OrganizationRoleEventResponse as dl, AuthenticationMagicAuthSucceededEvent as dn, SerializedCreatedApiKey as do, FlagCreatedEvent as dr, SerializedListOrganizationMembershipsOptions as ds, AuditLogTargetSchema as dt, UpdateAuthorizationResourceOptions as du, VaultDekReadEvent as ea, AuthenticateUserWithTotpCredentials as ec, RequestHeaders as ed, OrganizationDomainVerifiedEventResponse as ei, ConnectionResponse as el, ListResponse as en, FlagPollResponse as eo, DsyncUserCreatedEventResponse as er, MagicAuthEvent as es, CreateAuditLogSchemaResponse as et, UpdateAuthorizationResourceByExternalIdOptions as eu, DeleteObjectOptions as f, VaultByokKeyVerificationCompletedEventData as fa, UserResponse as fc, OrganizationRoleUpdatedEventResponse as fi, OrganizationRoleResponse as fl, AuthenticationMagicAuthSucceededEventResponse as fn, CreateOrganizationApiKeyOptions as fo, FlagCreatedEventResponse as fr, AuthorizationOrganizationMembership as fs, AuditLogExport as ft, ListPermissionsOptions as fu, DecryptDataKeyResponse as g, VaultDataDeletedEventData as ga, SerializedAuthenticateWithRefreshTokenPublicClientOptions as gc, PasswordResetCreatedEventResponse as gi, RoleList as gl, AuthenticationOAuthFailedEventResponse as gn, SerializedApiKey as go, FlagRuleUpdatedEventResponse as gr, OrganizationMembership as gs, SendSessionResponse as gt, SerializedCreatePermissionOptions as gu, DecryptDataKeyOptions as h, VaultDataCreatedEventResponseData as ha, AuthenticateWithRefreshTokenPublicClientOptions as hc, PasswordResetCreatedEvent as hi, RoleEventResponse as hl, AuthenticationOAuthFailedEvent as hn, ApiKey as ho, FlagRuleUpdatedEvent as hr, BaseOrganizationMembershipResponse as hs, SerializedAuditLogExportOptions as ht, CreatePermissionOptions as hu, ReadObjectMetadataResponse as i, VaultMetadataReadEvent as ia, AuthenticateWithSessionCookieFailedResponse as ic, CryptoProvider as id, OrganizationMembershipDeletedResponse as ii, DefaultCustomAttributes as il, ApiKeyCreatedEventResponse as in, EvaluationContext as io, DsyncUserUpdatedEventResponse as ir, Locale as is, CreateAuditLogEventOptions as it, AuthorizationResource as iu, IntentOptionsResponse as j, VaultNamesListedEventResponseData as ja, SerializedAuthenticateWithEmailVerificationOptions as jc, SessionCreatedEvent as ji, ListRoleAssignmentsForResourceByExternalIdOptions as jl, AuthenticationSSOSucceededEvent as jn, SerializedUpdateOrganizationMembershipOptions as jo, InvitationAcceptedEvent as jr, FactorWithSecretsResponse as js, ActionContext as jt, CreateEnvironmentRoleOptions as ju, GenerateLinkResponse as k, VaultMetadataReadEventResponseData as ka, AuthenticateUserWithEmailVerificationCredentials as kc, RoleUpdatedEvent as ki, BaseAssignRoleOptions as kl, AuthenticationSSOFailedEvent as kn, SerializedUpdateUserOptions as ko, GroupUpdatedEvent as kr, FactorResponse as ks, ResponsePayload as kt, SerializedUpdateEnvironmentRoleOptions as ku, ObjectUpdateBy as l, VaultActorResponse as la, AuthenticationResponse as lc, OrganizationRoleDeletedEvent as li, ListOrganizationRolesResponse as ll, AuthenticationMagicAuthFailedEvent as ln, ListOrganizationApiKeysOptions as lo, EventName as lr, SerializedListSessionsOptions as ls, AuditLogSchemaMetadata as lt, SerializedCreateAuthorizationResourceOptions as lu, CreateObjectOptions as m, VaultDataCreatedEventData as ma, ImpersonatorResponse as mc, OrganizationUpdatedResponse as mi, RoleEvent as ml, AuthenticationMfaSucceededEventResponse as mn, SerializedCreateOrganizationApiKeyOptions as mo, FlagDeletedEventResponse as mr, BaseOrganizationMembership as ms, AuditLogExportOptions as mt, UpdatePermissionOptions as mu, UpdateObjectEntity as n, VaultKekCreatedEvent as na, SerializedAuthenticateWithTotpOptions as nc, ResponseHeaderValue as nd, OrganizationMembershipCreatedResponse as ni, SSOAuthorizationURLOptions as nl, GenerateLinkIntent as nn, FeatureFlag as no, DsyncUserDeletedEventResponse as nr, MagicAuthResponse as ns, AuditLogActor as nt, ListAuthorizationResourcesOptions as nu, ReadObjectResponse as o, VaultNamesListedEvent as oa, AuthenticateWithSessionCookieOptions as oc, OrganizationMembershipUpdatedResponse as oi, DirectoryUserResponse as ol, ApiKeyRevokedEventResponse as on, SerializedValidateApiKeyResponse as oo, EmailVerificationCreatedEventResponse as or, SerializedListUsersOptions as os, SerializedCreateAuditLogEventOptions as ot, CreateAuthorizationResourceOptions as ou, CreateObjectEntity as p, VaultByokKeyVerificationCompletedEventResponseData as pa, Impersonator as pc, OrganizationUpdatedEvent as pi, Role as pl, AuthenticationMfaSucceededEvent as pn, CreateOrganizationApiKeyRequestOptions as po, FlagDeletedEvent as pr, AuthorizationOrganizationMembershipResponse as ps, AuditLogExportResponse as pt, SerializedUpdatePermissionOptions as pu, GenericServerException as q, SerializedAddGroupOrganizationMembershipOptions as qa, OauthTokensResponse as qc, VaultDataDeletedEventResponse as qi, AuthorizationCheckOptions as ql, DsyncGroupUpdatedEvent as qn, RefreshSessionFailureReason as qo, OrganizationDomainDeletedEvent as qr, UserManagementAuthorizationURLOptions as qs, WorkOSResponseError as qt, DirectoryStateResponse as qu, UpdateObjectOptions as r, VaultKekCreatedEventResponse as ra, AccessToken$1 as rc, ResponseHeaders as rd, OrganizationMembershipDeleted as ri, SSOPKCEAuthorizationURLResult as rl, ApiKeyCreatedEvent as rn, FeatureFlagResponse as ro, DsyncUserUpdatedEvent as rr, LogoutURLOptions as rs, AuditLogTarget as rt, SerializedListAuthorizationResourcesOptions as ru, ObjectDigest as s, VaultNamesListedEventResponse as sa, AuthenticateWithSessionCookieSuccessResponse as sc, OrganizationRoleCreatedEvent as si, DirectoryUserWithGroups as sl, AuthenticationEmailVerificationSucceededEvent as sn, ValidateApiKeyOptions as so, Event as sr, ListUserFeatureFlagsOptions as ss, AuditLogActorSchema as st, CreateOptionsWithParentExternalId as su, WorkOS as t, VaultDekReadEventResponse as ta, AuthenticateWithTotpOptions as tc, RequestOptions as td, OrganizationMembershipCreated as ti, ConnectionType as tl, GetOptions as tn, FlagTarget as to, DsyncUserDeletedEvent as tr, MagicAuthEventResponse as ts, SerializedCreateAuditLogSchemaOptions as tt, GetAuthorizationResourceByExternalIdOptions as tu, ObjectVersion as u, VaultActorSource as ua, AuthenticationResponseResponse as uc, OrganizationRoleDeletedEventResponse as ui, OrganizationRoleEvent as ul, AuthenticationMagicAuthFailedEventResponse as un, CreatedApiKey as uo, EventResponse as ur, ListOrganizationMembershipsOptions as us, AuditLogSchemaResponse as ut, SerializedUpdateAuthorizationResourceOptions as uu, CreateDataKeyResponse as v, VaultDataReadEventData as va, AuthenticateWithRefreshTokenOptions as vc, PasswordResetSucceededEventResponse as vi, ListEffectivePermissionsByExternalIdOptions as vl, AuthenticationOAuthSucceededEventResponse as vn, OrganizationDomainVerificationFailedResponse as vo, FlagUpdatedEventResponse as vr, OrganizationMembershipStatus as vs, SerializedCreatePasswordlessSessionOptions as vt, PermissionResponse as vu, PublicWorkOS as w, VaultDekReadEventData as wa, AuthenticateWithOrganizationSelectionOptions as wc, PermissionUpdatedEventResponse as wi, RemoveRoleOptionsWithResourceId as wl, AuthenticationPasswordFailedEventResponse as wn, SerializedCreateOrganizationDomainOptions as wo, GroupMemberAddedEventResponse as wr, InvitationEvent as ws, PKCE as wt, CreateOrganizationRoleOptions as wu, PublicClientOptions as x, VaultDataUpdatedEventResponseData as xa, AuthenticateWithPasswordOptions as xc, PermissionDeletedEvent as xi, BaseRemoveRoleOptions as xl, AuthenticationPasskeySucceededEvent as xn, OrganizationDomainState as xo, GroupDeletedEvent as xr, ListGroupsForOrganizationMembershipOptions as xs, ListEventOptions as xt, SetOrganizationRolePermissionsOptions as xu, WorkOSWorker as y, VaultDataReadEventResponseData as ya, SerializedAuthenticateWithRefreshTokenOptions as yc, PermissionCreatedEvent as yi, ListEffectivePermissionsOptions as yl, AuthenticationPasskeyFailedEvent as yn, OrganizationDomain as yo, GroupCreatedEvent as yr, ListInvitationsOptions as ys, PasswordlessSession as yt, RemoveOrganizationRolePermissionOptions as yu, NotFoundException as z, ListGroupOrganizationMembershipsOptions as za, SerializedAuthenticatePublicClientBase as zc, UserDeletedEventResponse as zi, RoleAssignmentResponse as zl, DsyncActivatedEvent as zn, SerializedSendInvitationOptions as zo, MagicAuthCreatedEvent as zr, SerializedCreateUserOptions as zs, OrganizationResponse as zt, ListDirectoriesOptions as zu };
-//# sourceMappingURL=workos-D5a84gFU.d.mts.map
+export { ReadObjectMetadataResponse as $, PermissionDeletedEvent as $a, UserManagementAuthorizationURLOptions as $c, ListDirectoryUsersOptions as $d, GroupDeletedEvent as $i, AuthenticateWithOptionsBase as $l, UserConsentOptionChoiceResponse as $n, SerializedCreateGroupOptions as $o, AuthenticationPasskeySucceededEvent as $r, ResendInvitationOptions as $s, RadarStandaloneResponseVerdict as $t, RoleAssignmentResource as $u, ApiKeyRequiredException as A, OrganizationDomainVerificationFailedEventResponse as Aa, SerializedListInvitationsOptions as Ac, UpdatePermissionOptions as Ad, DsyncGroupUserRemovedEventResponse as Ai, ImpersonatorResponse as Al, ConnectApplicationResponse as An, VaultDekDecryptedEvent as Ao, PatchOptions as Ar, OrganizationDomainVerificationStrategy as As, AuditLogExport as At, RoleEvent as Au, ObjectSummaryResponse as B, OrganizationRoleCreatedEventResponse as Ba, EmailVerification as Bc, CreateOrganizationRoleOptions as Bd, EventBase as Bi, AuthenticateWithOrganizationSelectionOptions as Bl, GetApplicationOptions as Bn, DataKey as Bo, AuthenticationEmailVerificationSucceededEventResponse as Br, UpdateOrganizationMembershipOptions as Bs, FactorWithSecretsResponse as Bt, RemoveRoleOptionsWithResourceId as Bu, BadRequestException as C, OrganizationDomainCreatedEvent as Ca, AuthorizationOrganizationMembershipResponse as Cc, CreateOptionsWithParentExternalId as Cd, DsyncGroupDeletedEvent as Ci, AuthenticationResponse as Cl, ApplicationCredentialsListItem as Cn, VaultDataCreatedEventResponse as Co, DomainData as Cr, ApiKey as Cs, CreateAuditLogEventRequestOptions as Ct, DirectoryUserWithGroups as Cu, isAuthenticationErrorData as D, OrganizationDomainUpdatedEvent as Da, OrganizationMembershipResponse as Dc, UpdateAuthorizationResourceOptions as Dd, DsyncGroupUserAddedEvent as Di, User as Dl, ConnectApplicationM2MResponse as Dn, VaultDataReadEventResponse as Do, UnprocessableEntityError as Dr, OrganizationDomain as Ds, AuditLogSchemaMetadata as Dt, OrganizationRoleEventResponse as Du, AuthenticationException as E, OrganizationDomainDeletedEventResponse as Ea, OrganizationMembership as Ec, SerializedUpdateAuthorizationResourceOptions as Ed, DsyncGroupUpdatedEventResponse as Ei, CreateUserResponseResponse as El, ConnectApplicationM2M as En, VaultDataReadEvent as Eo, WorkOSOptions as Er, OrganizationDomainVerificationFailedResponse as Es, AuditLogSchema as Et, OrganizationRoleEvent as Eu, UpdateWebhookEndpointEvents as F, OrganizationMembershipDeleted as Fa, InvitationEventResponse as Fc, RemoveOrganizationRolePermissionOptions as Fd, DsyncUserUpdatedEvent as Fi, SerializedAuthenticateWithRefreshTokenOptions as Fl, DeleteClientSecretOptions as Fn, VaultKekCreatedEventResponse as Fo, ApiKeyCreatedEvent as Fr, SerializedUpdateUserPasswordOptions as Fs, VerifyResponseResponse as Ft, ListEffectivePermissionsOptions as Fu, ObjectMetadata as G, OrganizationUpdatedEvent as Ga, SerializedCreateUserOptions as Gc, SerializedUpdateEnvironmentRoleOptions as Gd, FlagDeletedEvent as Gi, AuthenticateUserWithEmailVerificationCredentials as Gl, CreateOAuthApplicationResponse as Gn, RemoveGroupOrganizationMembershipOptions as Go, AuthenticationMfaSucceededEvent as Gr, SendVerificationEmailOptions as Gs, ChallengeResponse as Gt, BaseAssignRoleOptions as Gu, ObjectVersionResponse as H, OrganizationRoleDeletedEventResponse as Ha, EmailVerificationEventResponse as Hc, OrganizationRole as Hd, EventResponse as Hi, AuthenticateUserWithMagicAuthCredentials as Hl, CreateM2MApplication as Hn, KeyContext as Ho, AuthenticationMagicAuthFailedEventResponse as Hr, Session as Hs, SmsResponse as Ht, AssignRoleOptions as Hu, UpdateWebhookEndpointStatus as I, OrganizationMembershipDeletedResponse as Ia, InvitationResponse as Ic, AddOrganizationRolePermissionOptions as Id, DsyncUserUpdatedEventResponse as Ii, AuthenticateUserWithPasswordCredentials as Il, CreateApplicationClientSecretOptions as In, VaultMetadataReadEvent as Io, ApiKeyCreatedEventResponse as Ir, UpdateUserPasswordOptions as Is, VerifyChallengeOptions as It, RemoveRoleAssignmentOptions as Iu, ActorResponse as J, PasswordResetCreatedEventResponse as Ja, CreateOrganizationMembershipOptions as Jc, SerializedCreateEnvironmentRoleOptions as Jd, FlagRuleUpdatedEventResponse as Ji, AuthenticateWithCodeAndVerifierOptions as Jl, ListApplicationsOptions as Jn, Group as Jo, AuthenticationOAuthFailedEventResponse as Jr, RevokeSessionOptions as Js, RadarListEntryAlreadyPresentResponseWire as Jt, ListRoleAssignmentsForResourceOptions as Ju, ObjectMetadataResponse as K, OrganizationUpdatedResponse as Ka, CreatePasswordResetOptions as Kc, UpdateEnvironmentRoleOptions as Kd, FlagDeletedEventResponse as Ki, AuthenticateWithEmailVerificationOptions as Kl, RedirectUriInput as Kn, ListGroupsOptions as Ko, AuthenticationMfaSucceededEventResponse as Kr, SendInvitationOptions as Ks, ChallengeFactorOptions as Kt, SerializedAssignRoleOptions as Ku, CreateWebhookEndpointEvents as L, OrganizationMembershipUpdated as La, Identity as Lc, SetOrganizationRolePermissionsOptions as Ld, EmailVerificationCreatedEvent as Li, AuthenticateWithPasswordOptions as Ll, ListApplicationClientSecretsOptions as Ln, VaultMetadataReadEventResponse as Lo, ApiKeyRevokedEvent as Lr, SerializedUpdateUserOptions as Ls, Factor as Lt, BaseRemoveRoleOptions as Lu, WebhookEndpoint as M, OrganizationDomainVerifiedEventResponse as Ma, ListAuthFactorsOptions as Mc, SerializedCreatePermissionOptions as Md, DsyncUserCreatedEventResponse as Mi, SerializedAuthenticateWithRefreshTokenPublicClientOptions as Ml, ConnectApplicationRedirectUriResponse as Mn, VaultDekReadEvent as Mo, ListResponse as Mr, SerializedCreateOrganizationDomainOptions as Ms, AuditLogExportOptions as Mt, RoleList as Mu, WebhookEndpointResponse as N, OrganizationMembershipCreated as Na, Invitation as Nc, Permission as Nd, DsyncUserDeletedEvent as Ni, AuthenticateUserWithRefreshTokenCredentials as Nl, ExternalAuthCompleteResponse as Nn, VaultDekReadEventResponse as No, GetOptions as Nr, SerializedVerifyEmailOptions as Ns, SerializedAuditLogExportOptions as Nt, RoleResponse as Nu, GenericServerException as O, OrganizationDomainUpdatedEventResponse as Oa, OrganizationMembershipStatus as Oc, ListPermissionsOptions as Od, DsyncGroupUserAddedEventResponse as Oi, UserResponse as Ol, ConnectApplicationOAuth as On, VaultDataUpdatedEvent as Oo, PutOptions as Or, OrganizationDomainResponse as Os, AuditLogSchemaResponse as Ot, OrganizationRoleResponse as Ou, WebhookEndpointStatus as P, OrganizationMembershipCreatedResponse as Pa, InvitationEvent as Pc, PermissionResponse as Pd, DsyncUserDeletedEventResponse as Pi, AuthenticateWithRefreshTokenOptions as Pl, ExternalAuthCompleteResponseWire as Pn, VaultKekCreatedEvent as Po, GenerateLinkIntent as Pr, VerifyEmailOptions as Ps, VerifyResponse as Pt, ListEffectivePermissionsByExternalIdOptions as Pu, UpdateObjectOptions as Q, PermissionCreatedEventResponse as Qa, PKCEAuthorizationURLResult as Qc, EnvironmentRoleResponse as Qd, GroupCreatedEventResponse as Qi, SerializedAuthenticateWithCodeOptions as Ql, UserConsentOptionChoice as Qn, CreateGroupOptions as Qo, AuthenticationPasskeyFailedEventResponse as Qr, SerializedResetPasswordOptions as Qs, RadarStandaloneResponseControl as Qt, RoleAssignment as Qu, WorkOS as R, OrganizationMembershipUpdatedResponse as Ra, EnrollAuthFactorOptions as Rc, SerializedUpdateOrganizationRoleOptions as Rd, EmailVerificationCreatedEventResponse as Ri, SerializedAuthenticateWithPasswordOptions as Rl, DeleteApplicationOptions as Rn, VaultNamesListedEvent as Ro, ApiKeyRevokedEventResponse as Rr, UpdateUserOptions as Rs, FactorResponse as Rt, RemoveRoleOptions as Ru, ConflictException as S, OrganizationDeletedResponse as Sa, AuthorizationOrganizationMembership as Sc, CreateAuthorizationResourceOptions as Sd, DsyncGroupCreatedEventResponse as Si, UserManagementAccessToken as Sl, NewConnectApplicationSecretResponse as Sn, VaultDataCreatedEvent as So, SerializedCreateOrganizationOptions as Sr, SerializedCreateOrganizationApiKeyOptions as Ss, CreateAuditLogEventOptions as St, DirectoryUserResponse as Su, AuthenticationErrorData as T, OrganizationDomainDeletedEvent as Ta, BaseOrganizationMembershipResponse as Tc, SerializedCreateAuthorizationResourceOptions as Td, DsyncGroupUpdatedEvent as Ti, CreateUserResponse as Tl, ConnectApplication as Tn, VaultDataDeletedEventResponse as To, WorkOSResponseError as Tr, OrganizationDomainVerificationFailed as Ts, AuditLogActorSchema as Tt, ListOrganizationRolesResponse as Tu, VaultObject as U, OrganizationRoleUpdatedEvent as Ua, EmailVerificationResponse as Uc, AddEnvironmentRolePermissionOptions as Ud, FlagCreatedEvent as Ui, AuthenticateWithMagicAuthOptions as Ul, CreateM2MApplicationResponse as Un, SerializedUpdateGroupOptions as Uo, AuthenticationMagicAuthSucceededEvent as Ur, SessionResponse as Us, EnrollFactorOptions as Ut, AssignRoleOptionsWithResourceExternalId as Uu, ObjectVersion as V, OrganizationRoleDeletedEvent as Va, EmailVerificationEvent as Vc, SerializedCreateOrganizationRoleOptions as Vd, EventName as Vi, SerializedAuthenticateWithOrganizationSelectionOptions as Vl, CreateApplicationOptions as Vn, DataKeyPair as Vo, AuthenticationMagicAuthFailedEvent as Vr, AuthMethod as Vs, Sms as Vt, SerializedRemoveRoleOptions as Vu, VaultObjectResponse as W, OrganizationRoleUpdatedEventResponse as Wa, CreateUserOptions as Wc, SetEnvironmentRolePermissionsOptions as Wd, FlagCreatedEventResponse as Wi, SerializedAuthenticateWithMagicAuthOptions as Wl, CreateOAuthApplication as Wn, UpdateGroupOptions as Wo, AuthenticationMagicAuthSucceededEventResponse as Wr, SessionStatus as Ws, Challenge as Wt, AssignRoleOptionsWithResourceId as Wu, CreateDataKeyResponseWire as X, PasswordResetSucceededEventResponse as Xa, CreateMagicAuthOptions as Xc, EnvironmentRoleList as Xd, FlagUpdatedEventResponse as Xi, AuthenticateUserWithCodeCredentials as Xl, UserConsentOption as Xn, GetGroupOptions as Xo, AuthenticationOAuthSucceededEventResponse as Xr, serializeRevokeSessionOptions as Xs, RadarStandaloneResponseWire as Xt, ListRoleAssignmentsOptions as Xu, CreateDataKeyResponse as Y, PasswordResetSucceededEvent as Ya, SerializedCreateOrganizationMembershipOptions as Yc, EnvironmentRole as Yd, FlagUpdatedEvent as Yi, SerializedAuthenticateWithCodeAndVerifierOptions as Yl, CompleteOAuth2Options as Yn, GroupResponse as Yo, AuthenticationOAuthSucceededEvent as Yr, SerializedRevokeSessionOptions as Ys, RadarStandaloneResponse as Yt, SerializedListRoleAssignmentsForResourceOptions as Yu, UpdateObjectEntity as Z, PermissionCreatedEvent as Za, SerializedCreateMagicAuthOptions as Zc, EnvironmentRoleListResponse as Zd, GroupCreatedEvent as Zi, AuthenticateWithCodeOptions as Zl, UserConsentOptionResponse as Zn, DeleteGroupOptions as Zo, AuthenticationPasskeyFailedEvent as Zr, ResetPasswordOptions as Zs, RadarStandaloneResponseBlocklistType as Zt, SerializedListRoleAssignmentsOptions as Zu, SignatureVerificationException as _, MagicAuthCreatedEvent as _a, ListUserFeatureFlagsOptions as _c, GetAuthorizationResourceByExternalIdOptions as _d, RequestOptions as _f, DsyncActivatedEvent as _i, AuthenticateWithSessionCookieFailedResponse as _l, PasswordlessSession as _n, UserDeletedEventResponse as _o, OrganizationResponse as _r, ListOrganizationApiKeysOptions as _s, CreateAuditLogSchemaRequestOptions as _t, ConnectionType as _u, PublicWorkOS as a, GroupMemberRemovedEvent as aa, PasswordResetEventResponse as ac, ListResourcesForMembershipOptions as ad, DirectoryGroupResponse as af, AuthenticationRadarRiskDetectedEvent as ai, AuthenticationFactorWithSecretsResponse as al, GetAccessTokenOptions as an, RoleDeletedEvent as ao, Actions as ar, RemoveFlagTargetOptions as as, DecryptDataKeyResponse as at, ProfileAndTokenResponse as au, NotFoundException as b, OrganizationCreatedResponse as ba, ListOrganizationMembershipsOptions as bc, AuthorizationResource as bd, CryptoProvider as bf, DsyncDeletedEventResponse as bi, AuthenticateWithSessionCookieSuccessResponse as bl, SerializedListEventOptions as bn, VaultByokKeyVerificationCompletedEvent as bo, CreateOrganizationOptions as br, CreateOrganizationApiKeyOptions as bs, AuditLogActor as bt, DefaultCustomAttributes as bu, PortalLinkResponseWire as c, GroupUpdatedEventResponse as ca, CreateMagicAuthResponseResponse as cc, SerializedListResourcesForMembershipOptions as cd, DirectoryState as cf, AuthenticationSSOFailedEventResponse as ci, TotpWithSecrets as cl, SerializedGetAccessTokenFailureResponse as cn, RoleUpdatedEventResponse as co, UserRegistrationActionResponseData as cr, FlagPollResponse as cs, GetTokenResponse as ct, OauthTokens as cu, IntentOptions as d, InvitationCreatedEvent as da, MagicAuthEventResponse as dc, AuthorizationCheckOptionsWithResourceId as dd, EventDirectory as df, ConnectionActivatedEvent as di, AuthenticationEventResponse as dl, SerializedGetAccessTokenSuccessResponse as dn, SessionRevokedEvent as do, UserData as dr, FeatureFlagResponse as ds, WidgetScope as dt, SerializedListConnectionsOptions as du, GroupDeletedEventResponse as ea, SerializedResendInvitationOptions as ec, RoleAssignmentResourceResponse as ed, ListDirectoryGroupsOptions as ef, AuthenticationPasskeySucceededEventResponse as ei, AuthenticationRadarRiskDetectedEventData as el, RadarListAction as en, PermissionDeletedEventResponse as eo, UserObject as er, AddGroupOrganizationMembershipOptions as es, ReadObjectOptions as et, AuthenticateWithSessionOptions as eu, IntentOptionsResponse as f, InvitationCreatedEventResponse as fa, MagicAuthResponse as fc, AuthorizationCheckResult as fd, EventDirectoryResponse as ff, ConnectionActivatedEventResponse as fi, AuthenticationEventSso as fl, AccessToken as fn, SessionRevokedEventResponse as fo, UserDataPayload as fr, EvaluationContext as fs, deserializeGetTokenResponse as ft, GetProfileAndTokenOptions as fu, UnauthorizedException as g, InvitationRevokedEventResponse as ga, SerializedListUsersOptions as gc, UpdateAuthorizationResourceByExternalIdOptions as gd, RequestHeaders as gf, ConnectionDeletedEventResponse as gi, SerializedAuthenticateWithTotpOptions as gl, SerializedCreatePasswordlessSessionOptions as gn, UserDeletedEvent as go, Organization as gr, ValidateApiKeyResponse as gs, CreateAuditLogSchemaOptions as gt, ConnectionResponse as gu, UnprocessableEntityException as h, InvitationRevokedEvent as ha, ListUsersOptions as hc, DeleteAuthorizationResourceByExternalIdOptions as hd, HttpClientResponseInterface as hf, ConnectionDeletedEvent as hi, AuthenticateWithTotpOptions as hl, CreatePasswordlessSessionOptions as hn, UserCreatedEventResponse as ho, UpdateOrganizationOptions as hr, ValidateApiKeyOptions as hs, CookieSession as ht, ConnectionDomain as hu, PublicUserManagement as i, GroupMemberEventResponseData as ia, PasswordResetEvent as ic, ListMembershipsForResourceOptions as id, DirectoryGroup as if, AuthenticationPasswordSucceededEventResponse as ii, AuthenticationFactorWithSecrets as il, GetAccessTokenFailureResponse as in, RoleCreatedEventResponse as io, PKCEPair as ir, RuntimeClientOptions as is, DecryptDataKeyOptions as it, ProfileAndToken as iu, Webhooks as j, OrganizationDomainVerifiedEvent as ja, ListGroupsForOrganizationMembershipOptions as jc, CreatePermissionOptions as jd, DsyncUserCreatedEvent as ji, AuthenticateWithRefreshTokenPublicClientOptions as jl, ConnectApplicationRedirectUri as jn, VaultDekDecryptedEventResponse as jo, List as jr, CreateOrganizationDomainOptions as js, AuditLogExportResponse as jt, RoleEventResponse as ju, WorkOSErrorData as k, OrganizationDomainVerificationFailedEvent as ka, ListInvitationsOptions as kc, SerializedUpdatePermissionOptions as kd, DsyncGroupUserRemovedEvent as ki, Impersonator as kl, ConnectApplicationOAuthResponse as kn, VaultDataUpdatedEventResponse as ko, PostOptions as kr, OrganizationDomainState as ks, AuditLogTargetSchema as kt, Role as ku, GenerateLink as l, InvitationAcceptedEvent as la, MagicAuth as lc, AuthorizationCheckOptions as ld, DirectoryStateResponse as lf, AuthenticationSSOSucceededEvent as li, TotpWithSecretsResponse as ll, SerializedGetAccessTokenOptions as ln, SessionCreatedEvent as lo, ActionContext as lr, FlagTarget as ls, GetTokenResponseResponse as lt, OauthTokensResponse as lu, SSOIntentOptionsResponse as m, InvitationResentEventResponse as ma, Locale as mc, DeleteAuthorizationResourceOptions as md, HttpClientInterface as mf, ConnectionDeactivatedEventResponse as mi, AuthenticateUserWithTotpCredentials as ml, SendSessionResponse as mn, UserCreatedEvent as mo, SerializedUpdateOrganizationOptions as mr, SerializedValidateApiKeyResponse as ms, FeatureFlagsRuntimeClient as mt, Connection as mu, PublicClientOptions as n, GroupMemberAddedEventResponse as na, RefreshSessionResponse as nc, RoleAssignmentRole as nd, SerializedListDirectoriesOptions as nf, AuthenticationPasswordFailedEventResponse as ni, AuthenticationFactor as nl, RadarStandaloneAssessRequestAction as nn, PermissionUpdatedEventResponse as no, AutoPaginatable as nr, RuntimeClientStats as ns, CreateObjectEntity as nt, SerializedAuthenticateWithOptionsBase as nu, createWorkOS as o, GroupMemberRemovedEventResponse as oa, PasswordResetResponse as oc, ListResourcesForMembershipOptionsWithParentExternalId as od, Directory as of, AuthenticationRadarRiskDetectedEventResponse as oi, Totp as ol, GetAccessTokenResponse as on, RoleDeletedEventResponse as oo, AuthenticationActionResponseData as or, ListFeatureFlagsOptions as os, CreateDataKeyOptions as ot, Profile as ou, SSOIntentOptions as p, InvitationResentEvent as pa, LogoutURLOptions as pc, SerializedAuthorizationCheckOptions as pd, HttpClient as pf, ConnectionDeactivatedEvent as pi, AuthenticationEventSsoResponse as pl, SerializedAccessToken as pn, UnknownEvent as po, UserRegistrationActionPayload as pr, AddFlagTargetOptions as ps, serializeGetTokenOptions as pt, GetProfileOptions as pu, Actor as q, PasswordResetCreatedEvent as qa, SerializedCreatePasswordResetOptions as qc, CreateEnvironmentRoleOptions as qd, FlagRuleUpdatedEvent as qi, SerializedAuthenticateWithEmailVerificationOptions as ql, RedirectUriInputResponse as qn, ListGroupOrganizationMembershipsOptions as qo, AuthenticationOAuthFailedEvent as qr, SerializedSendInvitationOptions as qs, RadarListEntryAlreadyPresentResponse as qt, ListRoleAssignmentsForResourceByExternalIdOptions as qu, PublicSSO as r, GroupMemberEventData as ra, PasswordReset as rc, ListMembershipsForResourceByExternalIdOptions as rd, PaginationOptions as rf, AuthenticationPasswordSucceededEvent as ri, AuthenticationFactorResponse as rl, RadarStandaloneAssessRequestAuthMethod as rn, RoleCreatedEvent as ro, PKCE as rr, RuntimeClientLogger as rs, CreateObjectOptions as rt, WithResolvedClientId as ru, PortalLinkResponse as s, GroupUpdatedEvent as sa, CreateMagicAuthResponse as sc, ListResourcesForMembershipOptionsWithParentId as sd, DirectoryResponse as sf, AuthenticationSSOFailedEvent as si, TotpResponse as sl, GetAccessTokenSuccessResponse as sn, RoleUpdatedEvent as so, ResponsePayload as sr, FlagPollEntry as ss, GetTokenOptions as st, ProfileResponse as su, ConfidentialClientOptions as t, GroupMemberAddedEvent as ta, RefreshSessionFailureReason as tc, RoleAssignmentResponse as td, ListDirectoriesOptions as tf, AuthenticationPasswordFailedEvent as ti, AuthenticationRadarRiskDetectedEventResponseData as tl, RadarListType as tn, PermissionUpdatedEvent as to, UserObjectResponse as tr, SerializedAddGroupOrganizationMembershipOptions as ts, ReadObjectResponse as tt, SerializedAuthenticatePublicClientBase as tu, GenerateLinkResponse as u, InvitationAcceptedEventResponse as ua, MagicAuthEvent as uc, AuthorizationCheckOptionsWithResourceExternalId as ud, DirectoryType as uf, AuthenticationSSOSucceededEventResponse as ui, AuthenticationEvent as ul, SerializedGetAccessTokenResponse as un, SessionCreatedEventResponse as uo, ActionPayload as ur, FeatureFlag as us, SerializedGetTokenOptions as ut, ListConnectionsOptions as uu, RateLimitExceededException as v, MagicAuthCreatedEventResponse as va, ListSessionsOptions as vc, ListAuthorizationResourcesOptions as vd, ResponseHeaderValue as vf, DsyncActivatedEventResponse as vi, AuthenticateWithSessionCookieFailureReason as vl, PasswordlessSessionResponse as vn, UserUpdatedEvent as vo, ListOrganizationsOptions as vr, CreatedApiKey as vs, CreateAuditLogSchemaResponse as vt, SSOAuthorizationURLOptions as vu, AuthenticationErrorCode as w, OrganizationDomainCreatedEventResponse as wa, BaseOrganizationMembership as wc, CreateOptionsWithParentResourceId as wd, DsyncGroupDeletedEventResponse as wi, AuthenticationResponseResponse as wl, ApplicationCredentialsListItemResponse as wn, VaultDataDeletedEvent as wo, DomainDataState as wr, SerializedApiKey as ws, SerializedCreateAuditLogEventOptions as wt, DirectoryUserWithGroupsResponse as wu, NoApiKeyProvidedException as x, OrganizationDeletedEvent as xa, SerializedListOrganizationMembershipsOptions as xc, AuthorizationResourceResponse as xd, DsyncGroupCreatedEvent as xi, SessionCookieData as xl, NewConnectApplicationSecret as xn, VaultByokKeyVerificationCompletedEventResponse as xo, CreateOrganizationRequestOptions as xr, CreateOrganizationApiKeyRequestOptions as xs, AuditLogTarget as xt, DirectoryUser as xu, OauthException as y, OrganizationCreatedEvent as ya, SerializedListSessionsOptions as yc, SerializedListAuthorizationResourcesOptions as yd, ResponseHeaders as yf, DsyncDeletedEvent as yi, AuthenticateWithSessionCookieOptions as yl, ListEventOptions as yn, UserUpdatedEventResponse as yo, ListOrganizationFeatureFlagsOptions as yr, SerializedCreatedApiKey as ys, SerializedCreateAuditLogSchemaOptions as yt, SSOPKCEAuthorizationURLResult as yu, ObjectSummary as z, OrganizationRoleCreatedEvent as za, SerializedEnrollUserInMfaFactorOptions as zc, UpdateOrganizationRoleOptions as zd, Event as zi, AuthenticateUserWithOrganizationSelectionCredentials as zl, UpdateApplicationOptions as zn, VaultNamesListedEventResponse as zo, AuthenticationEmailVerificationSucceededEvent as zr, SerializedUpdateOrganizationMembershipOptions as zs, FactorWithSecrets as zt, RemoveRoleOptionsWithResourceExternalId as zu };
+//# sourceMappingURL=factory-BNdbGia2.d.mts.map