npm - authhero - Versions diffs - 4.113.0 → 4.115.0 - Mend

authhero 4.113.0 → 4.115.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/assets/u/widget/index.esm.js +1 -1
package/dist/authhero.cjs +134 -121
package/dist/authhero.d.ts +706 -14
package/dist/authhero.mjs +24952 -20767
package/dist/stats.html +1 -1
package/package.json +10 -5

package/dist/authhero.d.ts CHANGED Viewed

@@ -271,6 +271,164 @@ export declare const actionSchema: z.ZodObject<{
 	deployed_at?: string | undefined;
 }>;
 export type Action = z.infer<typeof actionSchema>;
+export declare const actionVersionInsertSchema: z.ZodObject<{
+	action_id: z.ZodString;
+	code: z.ZodString;
+	runtime: z.ZodOptional<z.ZodString>;
+	dependencies: z.ZodOptional<z.ZodArray<z.ZodObject<{
+		name: z.ZodString;
+		version: z.ZodString;
+	}, "strip", z.ZodTypeAny, {
+		version: string;
+		name: string;
+	}, {
+		version: string;
+		name: string;
+	}>, "many">>;
+	secrets: z.ZodOptional<z.ZodArray<z.ZodObject<{
+		name: z.ZodString;
+		value: z.ZodOptional<z.ZodString>;
+	}, "strip", z.ZodTypeAny, {
+		name: string;
+		value?: string | undefined;
+	}, {
+		name: string;
+		value?: string | undefined;
+	}>, "many">>;
+	supported_triggers: z.ZodOptional<z.ZodArray<z.ZodObject<{
+		id: z.ZodString;
+		version: z.ZodOptional<z.ZodString>;
+	}, "strip", z.ZodTypeAny, {
+		id: string;
+		version?: string | undefined;
+	}, {
+		id: string;
+		version?: string | undefined;
+	}>, "many">>;
+	deployed: z.ZodDefault<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+	code: string;
+	action_id: string;
+	deployed: boolean;
+	supported_triggers?: {
+		id: string;
+		version?: string | undefined;
+	}[] | undefined;
+	runtime?: string | undefined;
+	dependencies?: {
+		version: string;
+		name: string;
+	}[] | undefined;
+	secrets?: {
+		name: string;
+		value?: string | undefined;
+	}[] | undefined;
+}, {
+	code: string;
+	action_id: string;
+	supported_triggers?: {
+		id: string;
+		version?: string | undefined;
+	}[] | undefined;
+	runtime?: string | undefined;
+	dependencies?: {
+		version: string;
+		name: string;
+	}[] | undefined;
+	secrets?: {
+		name: string;
+		value?: string | undefined;
+	}[] | undefined;
+	deployed?: boolean | undefined;
+}>;
+export type ActionVersionInsert = z.infer<typeof actionVersionInsertSchema>;
+export declare const actionVersionSchema: z.ZodObject<{
+	action_id: z.ZodString;
+	code: z.ZodString;
+	runtime: z.ZodOptional<z.ZodString>;
+	dependencies: z.ZodOptional<z.ZodArray<z.ZodObject<{
+		name: z.ZodString;
+		version: z.ZodString;
+	}, "strip", z.ZodTypeAny, {
+		version: string;
+		name: string;
+	}, {
+		version: string;
+		name: string;
+	}>, "many">>;
+	secrets: z.ZodOptional<z.ZodArray<z.ZodObject<{
+		name: z.ZodString;
+		value: z.ZodOptional<z.ZodString>;
+	}, "strip", z.ZodTypeAny, {
+		name: string;
+		value?: string | undefined;
+	}, {
+		name: string;
+		value?: string | undefined;
+	}>, "many">>;
+	supported_triggers: z.ZodOptional<z.ZodArray<z.ZodObject<{
+		id: z.ZodString;
+		version: z.ZodOptional<z.ZodString>;
+	}, "strip", z.ZodTypeAny, {
+		id: string;
+		version?: string | undefined;
+	}, {
+		id: string;
+		version?: string | undefined;
+	}>, "many">>;
+	deployed: z.ZodDefault<z.ZodBoolean>;
+} & {
+	created_at: z.ZodString;
+	updated_at: z.ZodString;
+	id: z.ZodString;
+	tenant_id: z.ZodString;
+	number: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+	number: number;
+	created_at: string;
+	updated_at: string;
+	code: string;
+	id: string;
+	tenant_id: string;
+	action_id: string;
+	deployed: boolean;
+	supported_triggers?: {
+		id: string;
+		version?: string | undefined;
+	}[] | undefined;
+	runtime?: string | undefined;
+	dependencies?: {
+		version: string;
+		name: string;
+	}[] | undefined;
+	secrets?: {
+		name: string;
+		value?: string | undefined;
+	}[] | undefined;
+}, {
+	number: number;
+	created_at: string;
+	updated_at: string;
+	code: string;
+	id: string;
+	tenant_id: string;
+	action_id: string;
+	supported_triggers?: {
+		id: string;
+		version?: string | undefined;
+	}[] | undefined;
+	runtime?: string | undefined;
+	dependencies?: {
+		version: string;
+		name: string;
+	}[] | undefined;
+	secrets?: {
+		name: string;
+		value?: string | undefined;
+	}[] | undefined;
+	deployed?: boolean | undefined;
+}>;
+export type ActionVersion = z.infer<typeof actionVersionSchema>;
 export declare const auditCategorySchema: z.ZodEnum<[
 	"user_action",
 	"admin_action",
@@ -11397,7 +11555,7 @@ export interface Auth0FlowInsert {
 export declare enum AuthorizationResponseType {
 	TOKEN = "token",
 	ID_TOKEN = "id_token",
-	TOKEN_ID_TOKEN = "token id_token",
+	TOKEN_ID_TOKEN = "id_token token",
 	CODE = "code"
 }
 export declare enum AuthorizationResponseMode {
@@ -43361,9 +43519,7 @@ export declare const openIDConfigurationSchema: z.ZodObject<{
 	issuer: z.ZodString;
 	authorization_endpoint: z.ZodString;
 	token_endpoint: z.ZodString;
-	device_authorization_endpoint: z.ZodString;
 	userinfo_endpoint: z.ZodString;
-	mfa_challenge_endpoint: z.ZodString;
 	jwks_uri: z.ZodString;
 	registration_endpoint: z.ZodOptional<z.ZodString>;
 	revocation_endpoint: z.ZodString;
@@ -43387,8 +43543,6 @@ export declare const openIDConfigurationSchema: z.ZodObject<{
 	userinfo_endpoint: string;
 	jwks_uri: string;
 	issuer: string;
-	device_authorization_endpoint: string;
-	mfa_challenge_endpoint: string;
 	revocation_endpoint: string;
 	scopes_supported: string[];
 	response_types_supported: string[];
@@ -43411,8 +43565,6 @@ export declare const openIDConfigurationSchema: z.ZodObject<{
 	userinfo_endpoint: string;
 	jwks_uri: string;
 	issuer: string;
-	device_authorization_endpoint: string;
-	mfa_challenge_endpoint: string;
 	revocation_endpoint: string;
 	scopes_supported: string[];
 	response_types_supported: string[];
@@ -45012,6 +45164,7 @@ export declare const sessionSchema: z.ZodObject<{
 export type Session = z.infer<typeof sessionSchema>;
 export declare const signingKeySchema: z.ZodObject<{
 	kid: z.ZodString;
+	tenant_id: z.ZodOptional<z.ZodString>;
 	cert: z.ZodString;
 	fingerprint: z.ZodString;
 	thumbprint: z.ZodString;
@@ -45034,6 +45187,7 @@ export declare const signingKeySchema: z.ZodObject<{
 	cert: string;
 	fingerprint: string;
 	thumbprint: string;
+	tenant_id?: string | undefined;
 	connection?: string | undefined;
 	revoked_at?: string | undefined;
 	pkcs7?: string | undefined;
@@ -45049,6 +45203,7 @@ export declare const signingKeySchema: z.ZodObject<{
 	cert: string;
 	fingerprint: string;
 	thumbprint: string;
+	tenant_id?: string | undefined;
 	connection?: string | undefined;
 	revoked_at?: string | undefined;
 	pkcs7?: string | undefined;
@@ -48205,6 +48360,66 @@ export declare const emailProviderSchema: z.ZodObject<{
 	settings?: {} | undefined;
 }>;
 export type EmailProvider = z.infer<typeof emailProviderSchema>;
+export declare const emailTemplateNameSchema: z.ZodEnum<[
+	"verify_email",
+	"verify_email_by_code",
+	"reset_email",
+	"reset_email_by_code",
+	"welcome_email",
+	"blocked_account",
+	"stolen_credentials",
+	"enrollment_email",
+	"mfa_oob_code",
+	"change_password",
+	"password_reset",
+	"user_invitation"
+]>;
+export type EmailTemplateName = z.infer<typeof emailTemplateNameSchema>;
+export declare const emailTemplateSchema: z.ZodObject<{
+	template: z.ZodEnum<[
+		"verify_email",
+		"verify_email_by_code",
+		"reset_email",
+		"reset_email_by_code",
+		"welcome_email",
+		"blocked_account",
+		"stolen_credentials",
+		"enrollment_email",
+		"mfa_oob_code",
+		"change_password",
+		"password_reset",
+		"user_invitation"
+	]>;
+	body: z.ZodString;
+	from: z.ZodString;
+	subject: z.ZodString;
+	syntax: z.ZodDefault<z.ZodLiteral<"liquid">>;
+	resultUrl: z.ZodOptional<z.ZodString>;
+	urlLifetimeInSeconds: z.ZodOptional<z.ZodNumber>;
+	includeEmailInRedirect: z.ZodDefault<z.ZodBoolean>;
+	enabled: z.ZodDefault<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+	body: string;
+	from: string;
+	enabled: boolean;
+	template: "verify_email" | "password_reset" | "change_password" | "verify_email_by_code" | "reset_email" | "reset_email_by_code" | "welcome_email" | "blocked_account" | "stolen_credentials" | "enrollment_email" | "mfa_oob_code" | "user_invitation";
+	subject: string;
+	syntax: "liquid";
+	includeEmailInRedirect: boolean;
+	resultUrl?: string | undefined;
+	urlLifetimeInSeconds?: number | undefined;
+}, {
+	body: string;
+	from: string;
+	template: "verify_email" | "password_reset" | "change_password" | "verify_email_by_code" | "reset_email" | "reset_email_by_code" | "welcome_email" | "blocked_account" | "stolen_credentials" | "enrollment_email" | "mfa_oob_code" | "user_invitation";
+	subject: string;
+	enabled?: boolean | undefined;
+	syntax?: "liquid" | undefined;
+	resultUrl?: string | undefined;
+	urlLifetimeInSeconds?: number | undefined;
+	includeEmailInRedirect?: boolean | undefined;
+}>;
+export type EmailTemplate = z.infer<typeof emailTemplateSchema>;
 export declare const refreshTokenInsertSchema: z.ZodObject<{
 	id: z.ZodString;
 	login_id: z.ZodString;
@@ -50462,6 +50677,24 @@ export interface ActionsAdapter {
 	remove: (tenant_id: string, action_id: string) => Promise<boolean>;
 	list: (tenant_id: string, params?: ListParams) => Promise<ListActionsResponse>;
 }
+export interface ListActionVersionsResponse extends Totals {
+	versions: ActionVersion[];
+}
+export interface ActionVersionsAdapter {
+	/**
+	 * Append a new version row for an action. The adapter assigns the next
+	 * sequential `number` per action_id and clears the `deployed` flag on any
+	 * prior versions when the new one is created with `deployed: true`.
+	 */
+	create: (tenant_id: string, version: ActionVersionInsert) => Promise<ActionVersion>;
+	get: (tenant_id: string, action_id: string, version_id: string) => Promise<ActionVersion | null>;
+	list: (tenant_id: string, action_id: string, params?: ListParams) => Promise<ListActionVersionsResponse>;
+	/**
+	 * Remove every version row for an action — used when the parent action is
+	 * deleted. Returns the number of rows removed.
+	 */
+	removeForAction: (tenant_id: string, action_id: string) => Promise<number>;
+}
 export interface ListFlowsResponse extends Totals {
 	flows: Flow[];
 }
@@ -50726,6 +50959,13 @@ export interface EmailProvidersAdapter {
 	get: (tenant_id: string) => Promise<EmailProvider | null>;
 	remove: (tenant_id: string) => Promise<void>;
 }
+export interface EmailTemplatesAdapter {
+	get: (tenant_id: string, templateName: EmailTemplateName) => Promise<EmailTemplate | null>;
+	list: (tenant_id: string) => Promise<EmailTemplate[]>;
+	create: (tenant_id: string, template: EmailTemplate) => Promise<EmailTemplate>;
+	update: (tenant_id: string, templateName: EmailTemplateName, template: Partial<EmailTemplate>) => Promise<boolean>;
+	remove: (tenant_id: string, templateName: EmailTemplateName) => Promise<boolean>;
+}
 export interface ListRefreshTokenResponse extends Totals {
 	refresh_tokens: RefreshToken[];
 }
@@ -51095,6 +51335,7 @@ export interface SessionCleanupParams {
 }
 export interface DataAdapters {
 	actions: ActionsAdapter;
+	actionVersions: ActionVersionsAdapter;
 	branding: BrandingAdapter;
 	cache?: CacheAdapter;
 	clients: ClientsAdapter;
@@ -51105,6 +51346,7 @@ export interface DataAdapters {
 	connections: ConnectionsAdapter;
 	customDomains: CustomDomainsAdapter;
 	emailProviders: EmailProvidersAdapter;
+	emailTemplates: EmailTemplatesAdapter;
 	flows: FlowsAdapter;
 	forms: FormsAdapter;
 	geo?: GeoAdapter;
@@ -54189,6 +54431,29 @@ export type UserLinkingModeOption = UserLinkingMode | UserLinkingModeResolver;
 export type UsernamePasswordProviderResolver = (params: {
 	tenant_id: string;
 }) => "auth0" | "auth2" | Promise<"auth0" | "auth2">;
+/**
+ * Mode for which signing-key bucket a tenant uses when minting and
+ * publishing JWTs.
+ *
+ * - `"control-plane"` — tenant uses the shared control-plane keys (rows
+ *   with `tenant_id IS NULL`). This matches the legacy single-key-pool
+ *   behavior; existing data needs no migration.
+ * - `"tenant"` — tenant uses its own keys (rows with `tenant_id =
+ *   tenantId`). Falls back to the control-plane bucket if the tenant has
+ *   no non-revoked key yet, so flipping a tenant on is safe even before
+ *   a tenant key has been minted. JWKS for that tenant publishes the
+ *   union of tenant + control-plane keys so tokens signed by either set
+ *   keep verifying during rotation.
+ */
+export type SigningKeyMode = "control-plane" | "tenant";
+/**
+ * Resolver form for the per-tenant signing-key mode. Receives the
+ * resolved `tenant_id` and returns which bucket to use. May be async.
+ */
+export type SigningKeyModeResolver = (params: {
+	tenant_id: string;
+}) => SigningKeyMode | Promise<SigningKeyMode>;
+export type SigningKeyModeOption = SigningKeyMode | SigningKeyModeResolver;
 export interface AuthHeroConfig {
 	dataAdapter: DataAdapters;
 	/**
@@ -54404,6 +54669,23 @@ export interface AuthHeroConfig {
 	 * flows can be removed once all tenants have been backfilled.
 	 */
 	usernamePasswordProvider?: UsernamePasswordProviderResolver;
+	/**
+	 * Per-tenant control over which signing-key bucket a tenant uses.
+	 *
+	 * Accepts either a static value or a resolver that receives
+	 * `{ tenant_id }` and returns the mode. Use the resolver form to
+	 * migrate tenants onto their own keys one at a time.
+	 *
+	 * Omit (or set to `"control-plane"`) to preserve the legacy behavior
+	 * where every tenant shares the control-plane keys.
+	 *
+	 * TRANSITIONAL: once every tenant is on `"tenant"` and the
+	 * control-plane bucket has been retired, this option and the
+	 * fallback path can be removed.
+	 *
+	 * @default "control-plane"
+	 */
+	signingKeyMode?: SigningKeyModeOption;
 }
 export type UserInfo = {
 	sub: string;
@@ -54466,6 +54748,7 @@ export type Bindings = {
 	outbox?: OutboxConfig;
 	userLinkingMode?: UserLinkingModeOption;
 	usernamePasswordProvider?: UsernamePasswordProviderResolver;
+	signingKeyMode?: SigningKeyModeOption;
 	/**
 	 * Allow outbound fetches (jwks_uri, request_uri) to localhost / private IP
 	 * ranges and over plain http. Intended for tests and local development;
@@ -65127,6 +65410,7 @@ export declare function init(config: AuthHeroConfig): {
 					cert: string;
 					fingerprint: string;
 					thumbprint: string;
+					tenant_id?: string | undefined | undefined;
 					connection?: string | undefined | undefined;
 					revoked_at?: string | undefined | undefined;
 					pkcs7?: string | undefined | undefined;
@@ -65159,6 +65443,7 @@ export declare function init(config: AuthHeroConfig): {
 					cert: string;
 					fingerprint: string;
 					thumbprint: string;
+					tenant_id?: string | undefined | undefined;
 					connection?: string | undefined | undefined;
 					revoked_at?: string | undefined | undefined;
 					pkcs7?: string | undefined | undefined;
@@ -66271,6 +66556,205 @@ export declare function init(config: AuthHeroConfig): {
 			};
 		};
 	}, "/users"> & import("hono/types").MergeSchemaPath<{
+		"/": {
+			$post: {
+				input: {
+					header: {
+						"tenant-id"?: string | undefined;
+					};
+				} & {
+					json: {
+						body: string;
+						from: string;
+						template: "verify_email" | "password_reset" | "change_password" | "verify_email_by_code" | "reset_email" | "reset_email_by_code" | "welcome_email" | "blocked_account" | "stolen_credentials" | "enrollment_email" | "mfa_oob_code" | "user_invitation";
+						subject: string;
+						enabled?: boolean | undefined;
+						syntax?: "liquid" | undefined;
+						resultUrl?: string | undefined;
+						urlLifetimeInSeconds?: number | undefined;
+						includeEmailInRedirect?: boolean | undefined;
+					};
+				};
+				output: {};
+				outputFormat: string;
+				status: 409;
+			} | {
+				input: {
+					header: {
+						"tenant-id"?: string | undefined;
+					};
+				} & {
+					json: {
+						body: string;
+						from: string;
+						template: "verify_email" | "password_reset" | "change_password" | "verify_email_by_code" | "reset_email" | "reset_email_by_code" | "welcome_email" | "blocked_account" | "stolen_credentials" | "enrollment_email" | "mfa_oob_code" | "user_invitation";
+						subject: string;
+						enabled?: boolean | undefined;
+						syntax?: "liquid" | undefined;
+						resultUrl?: string | undefined;
+						urlLifetimeInSeconds?: number | undefined;
+						includeEmailInRedirect?: boolean | undefined;
+					};
+				};
+				output: {
+					body: string;
+					from: string;
+					enabled: boolean;
+					template: "verify_email" | "password_reset" | "change_password" | "verify_email_by_code" | "reset_email" | "reset_email_by_code" | "welcome_email" | "blocked_account" | "stolen_credentials" | "enrollment_email" | "mfa_oob_code" | "user_invitation";
+					subject: string;
+					syntax: "liquid";
+					includeEmailInRedirect: boolean;
+					resultUrl?: string | undefined | undefined;
+					urlLifetimeInSeconds?: number | undefined | undefined;
+				};
+				outputFormat: "json";
+				status: 201;
+			};
+		};
+	} & {
+		"/:templateName": {
+			$get: {
+				input: {
+					param: {
+						templateName: "verify_email" | "change_password" | "verify_email_by_code" | "reset_email" | "reset_email_by_code" | "welcome_email" | "blocked_account" | "stolen_credentials" | "enrollment_email" | "mfa_oob_code" | "password_reset" | "user_invitation";
+					};
+				} & {
+					header: {
+						"tenant-id"?: string | undefined;
+					};
+				};
+				output: {};
+				outputFormat: string;
+				status: 404;
+			} | {
+				input: {
+					param: {
+						templateName: "verify_email" | "change_password" | "verify_email_by_code" | "reset_email" | "reset_email_by_code" | "welcome_email" | "blocked_account" | "stolen_credentials" | "enrollment_email" | "mfa_oob_code" | "password_reset" | "user_invitation";
+					};
+				} & {
+					header: {
+						"tenant-id"?: string | undefined;
+					};
+				};
+				output: {
+					body: string;
+					from: string;
+					enabled: boolean;
+					template: "verify_email" | "password_reset" | "change_password" | "verify_email_by_code" | "reset_email" | "reset_email_by_code" | "welcome_email" | "blocked_account" | "stolen_credentials" | "enrollment_email" | "mfa_oob_code" | "user_invitation";
+					subject: string;
+					syntax: "liquid";
+					includeEmailInRedirect: boolean;
+					resultUrl?: string | undefined | undefined;
+					urlLifetimeInSeconds?: number | undefined | undefined;
+				};
+				outputFormat: "json";
+				status: 200;
+			};
+		};
+	} & {
+		"/:templateName": {
+			$put: {
+				input: {
+					param: {
+						templateName: "verify_email" | "change_password" | "verify_email_by_code" | "reset_email" | "reset_email_by_code" | "welcome_email" | "blocked_account" | "stolen_credentials" | "enrollment_email" | "mfa_oob_code" | "password_reset" | "user_invitation";
+					};
+				} & {
+					header: {
+						"tenant-id"?: string | undefined;
+					};
+				} & {
+					json: {
+						body: string;
+						from: string;
+						template: "verify_email" | "password_reset" | "change_password" | "verify_email_by_code" | "reset_email" | "reset_email_by_code" | "welcome_email" | "blocked_account" | "stolen_credentials" | "enrollment_email" | "mfa_oob_code" | "user_invitation";
+						subject: string;
+						enabled?: boolean | undefined;
+						syntax?: "liquid" | undefined;
+						resultUrl?: string | undefined;
+						urlLifetimeInSeconds?: number | undefined;
+						includeEmailInRedirect?: boolean | undefined;
+					};
+				};
+				output: {
+					body: string;
+					from: string;
+					enabled: boolean;
+					template: "verify_email" | "password_reset" | "change_password" | "verify_email_by_code" | "reset_email" | "reset_email_by_code" | "welcome_email" | "blocked_account" | "stolen_credentials" | "enrollment_email" | "mfa_oob_code" | "user_invitation";
+					subject: string;
+					syntax: "liquid";
+					includeEmailInRedirect: boolean;
+					resultUrl?: string | undefined | undefined;
+					urlLifetimeInSeconds?: number | undefined | undefined;
+				};
+				outputFormat: "json";
+				status: 200;
+			};
+		};
+	} & {
+		"/:templateName": {
+			$patch: {
+				input: {
+					param: {
+						templateName: "verify_email" | "change_password" | "verify_email_by_code" | "reset_email" | "reset_email_by_code" | "welcome_email" | "blocked_account" | "stolen_credentials" | "enrollment_email" | "mfa_oob_code" | "password_reset" | "user_invitation";
+					};
+				} & {
+					header: {
+						"tenant-id"?: string | undefined;
+					};
+				} & {
+					json: {
+						body?: string | undefined;
+						from?: string | undefined;
+						enabled?: boolean | undefined;
+						template?: "verify_email" | "change_password" | "verify_email_by_code" | "reset_email" | "reset_email_by_code" | "welcome_email" | "blocked_account" | "stolen_credentials" | "enrollment_email" | "mfa_oob_code" | "password_reset" | "user_invitation" | undefined;
+						subject?: string | undefined;
+						syntax?: "liquid" | undefined;
+						resultUrl?: string | undefined;
+						urlLifetimeInSeconds?: number | undefined;
+						includeEmailInRedirect?: boolean | undefined;
+					};
+				};
+				output: {};
+				outputFormat: string;
+				status: 404;
+			} | {
+				input: {
+					param: {
+						templateName: "verify_email" | "change_password" | "verify_email_by_code" | "reset_email" | "reset_email_by_code" | "welcome_email" | "blocked_account" | "stolen_credentials" | "enrollment_email" | "mfa_oob_code" | "password_reset" | "user_invitation";
+					};
+				} & {
+					header: {
+						"tenant-id"?: string | undefined;
+					};
+				} & {
+					json: {
+						body?: string | undefined;
+						from?: string | undefined;
+						enabled?: boolean | undefined;
+						template?: "verify_email" | "change_password" | "verify_email_by_code" | "reset_email" | "reset_email_by_code" | "welcome_email" | "blocked_account" | "stolen_credentials" | "enrollment_email" | "mfa_oob_code" | "password_reset" | "user_invitation" | undefined;
+						subject?: string | undefined;
+						syntax?: "liquid" | undefined;
+						resultUrl?: string | undefined;
+						urlLifetimeInSeconds?: number | undefined;
+						includeEmailInRedirect?: boolean | undefined;
+					};
+				};
+				output: {
+					body: string;
+					from: string;
+					enabled: boolean;
+					template: "verify_email" | "password_reset" | "change_password" | "verify_email_by_code" | "reset_email" | "reset_email_by_code" | "welcome_email" | "blocked_account" | "stolen_credentials" | "enrollment_email" | "mfa_oob_code" | "user_invitation";
+					subject: string;
+					syntax: "liquid";
+					includeEmailInRedirect: boolean;
+					resultUrl?: string | undefined | undefined;
+					urlLifetimeInSeconds?: number | undefined | undefined;
+				};
+				outputFormat: "json";
+				status: 200;
+			};
+		};
+	}, "/email-templates"> & import("hono/types").MergeSchemaPath<{
 		"/": {
 			$get: {
 				input: {
@@ -67635,6 +68119,216 @@ export declare function init(config: AuthHeroConfig): {
 				status: 200;
 			};
 		};
+	} & {
+		"/:actionId/versions": {
+			$get: {
+				input: {
+					param: {
+						actionId: string;
+					};
+				} & {
+					query: {
+						sort?: string | undefined;
+						page?: string | undefined;
+						per_page?: string | undefined;
+						include_totals?: string | undefined;
+						from?: string | undefined;
+						take?: string | undefined;
+						q?: string | undefined;
+					};
+				} & {
+					header: {
+						"tenant-id"?: string | undefined;
+					};
+				};
+				output: {};
+				outputFormat: string;
+				status: 404;
+			} | {
+				input: {
+					param: {
+						actionId: string;
+					};
+				} & {
+					query: {
+						sort?: string | undefined;
+						page?: string | undefined;
+						per_page?: string | undefined;
+						include_totals?: string | undefined;
+						from?: string | undefined;
+						take?: string | undefined;
+						q?: string | undefined;
+					};
+				} & {
+					header: {
+						"tenant-id"?: string | undefined;
+					};
+				};
+				output: {
+					versions: {
+						number: number;
+						created_at: string;
+						updated_at: string;
+						code: string;
+						id: string;
+						tenant_id: string;
+						action_id: string;
+						deployed: boolean;
+						supported_triggers?: {
+							id: string;
+							version?: string | undefined | undefined;
+						}[] | undefined;
+						runtime?: string | undefined | undefined;
+						dependencies?: {
+							version: string;
+							name: string;
+						}[] | undefined;
+						secrets?: {
+							name: string;
+							value?: string | undefined | undefined;
+						}[] | undefined;
+					}[];
+				} | {
+					length: number;
+					start: number;
+					limit: number;
+					versions: {
+						number: number;
+						created_at: string;
+						updated_at: string;
+						code: string;
+						id: string;
+						tenant_id: string;
+						action_id: string;
+						deployed: boolean;
+						supported_triggers?: {
+							id: string;
+							version?: string | undefined | undefined;
+						}[] | undefined;
+						runtime?: string | undefined | undefined;
+						dependencies?: {
+							version: string;
+							name: string;
+						}[] | undefined;
+						secrets?: {
+							name: string;
+							value?: string | undefined | undefined;
+						}[] | undefined;
+					}[];
+					total?: number | undefined;
+				};
+				outputFormat: "json";
+				status: 200;
+			};
+		};
+	} & {
+		"/:actionId/versions/:id": {
+			$get: {
+				input: {
+					param: {
+						id: string;
+						actionId: string;
+					};
+				} & {
+					header: {
+						"tenant-id"?: string | undefined;
+					};
+				};
+				output: {};
+				outputFormat: string;
+				status: 404;
+			} | {
+				input: {
+					param: {
+						id: string;
+						actionId: string;
+					};
+				} & {
+					header: {
+						"tenant-id"?: string | undefined;
+					};
+				};
+				output: {
+					number: number;
+					created_at: string;
+					updated_at: string;
+					code: string;
+					id: string;
+					tenant_id: string;
+					action_id: string;
+					deployed: boolean;
+					supported_triggers?: {
+						id: string;
+						version?: string | undefined | undefined;
+					}[] | undefined;
+					runtime?: string | undefined | undefined;
+					dependencies?: {
+						version: string;
+						name: string;
+					}[] | undefined;
+					secrets?: {
+						name: string;
+						value?: string | undefined | undefined;
+					}[] | undefined;
+				};
+				outputFormat: "json";
+				status: 200;
+			};
+		};
+	} & {
+		"/:actionId/versions/:id/deploy": {
+			$post: {
+				input: {
+					param: {
+						id: string;
+						actionId: string;
+					};
+				} & {
+					header: {
+						"tenant-id"?: string | undefined;
+					};
+				};
+				output: {};
+				outputFormat: string;
+				status: 404;
+			} | {
+				input: {
+					param: {
+						id: string;
+						actionId: string;
+					};
+				} & {
+					header: {
+						"tenant-id"?: string | undefined;
+					};
+				};
+				output: {
+					created_at: string;
+					updated_at: string;
+					code: string;
+					status: "draft" | "built";
+					id: string;
+					name: string;
+					tenant_id: string;
+					supported_triggers?: {
+						id: string;
+						version?: string | undefined | undefined;
+					}[] | undefined;
+					runtime?: string | undefined | undefined;
+					dependencies?: {
+						version: string;
+						name: string;
+					}[] | undefined;
+					secrets?: {
+						name: string;
+						value?: string | undefined | undefined;
+					}[] | undefined;
+					deployed_at?: string | undefined | undefined;
+				};
+				outputFormat: "json";
+				status: 200;
+			};
+		};
 	}, "/actions/actions">, "/">;
 	oauthApp: OpenAPIHono<{
 		Bindings: Bindings;
@@ -68106,7 +68800,7 @@ export declare function init(config: AuthHeroConfig): {
 						organization?: string | undefined;
 						nonce?: string | undefined;
 						response_mode?: AuthorizationResponseMode | undefined;
-						response_type?: AuthorizationResponseType | undefined;
+						response_type?: unknown;
 						prompt?: string | undefined;
 						state?: string | undefined;
 						auth0Client?: string | undefined;
@@ -68139,7 +68833,7 @@ export declare function init(config: AuthHeroConfig): {
 						organization?: string | undefined;
 						nonce?: string | undefined;
 						response_mode?: AuthorizationResponseMode | undefined;
-						response_type?: AuthorizationResponseType | undefined;
+						response_type?: unknown;
 						prompt?: string | undefined;
 						state?: string | undefined;
 						auth0Client?: string | undefined;
@@ -68172,7 +68866,7 @@ export declare function init(config: AuthHeroConfig): {
 						organization?: string | undefined;
 						nonce?: string | undefined;
 						response_mode?: AuthorizationResponseMode | undefined;
-						response_type?: AuthorizationResponseType | undefined;
+						response_type?: unknown;
 						prompt?: string | undefined;
 						state?: string | undefined;
 						auth0Client?: string | undefined;
@@ -68213,7 +68907,7 @@ export declare function init(config: AuthHeroConfig): {
 						organization?: string | undefined;
 						nonce?: string | undefined;
 						response_mode?: AuthorizationResponseMode | undefined;
-						response_type?: AuthorizationResponseType | undefined;
+						response_type?: unknown;
 						prompt?: string | undefined;
 						state?: string | undefined;
 						auth0Client?: string | undefined;
@@ -68248,7 +68942,7 @@ export declare function init(config: AuthHeroConfig): {
 						organization?: string | undefined;
 						nonce?: string | undefined;
 						response_mode?: AuthorizationResponseMode | undefined;
-						response_type?: AuthorizationResponseType | undefined;
+						response_type?: unknown;
 						prompt?: string | undefined;
 						state?: string | undefined;
 						auth0Client?: string | undefined;
@@ -69010,8 +69704,6 @@ export declare function init(config: AuthHeroConfig): {
 					userinfo_endpoint: string;
 					jwks_uri: string;
 					issuer: string;
-					device_authorization_endpoint: string;
-					mfa_challenge_endpoint: string;
 					revocation_endpoint: string;
 					scopes_supported: string[];
 					response_types_supported: string[];