opal-security 5.0.1 → 5.1.0

package/build/graphql/graphql.js

@@ -11,64 +11,126 @@ export var AccessChangeType;
     AccessChangeType["Other"] = "OTHER";
     AccessChangeType["Revoked"] = "REVOKED";
 })(AccessChangeType || (AccessChangeType = {}));
+/** Possible filter values for access levels */
+export var AccessLevelFilter;
+(function (AccessLevelFilter) {
+    /** All access levels */
+    AccessLevelFilter["All"] = "ALL";
+    /** Access levels that are requestable to users */
+    AccessLevelFilter["Requestable"] = "REQUESTABLE";
+    /** Access levels that are not requestable */
+    AccessLevelFilter["Unrequestable"] = "UNREQUESTABLE";
+})(AccessLevelFilter || (AccessLevelFilter = {}));
+/** Access filtering options for catalog items. */
 export var AccessOption;
 (function (AccessOption) {
+    /** All items regardless of access. */
     AccessOption["All"] = "ALL";
+    /** Items that can be managed by the current user. */
     AccessOption["Manageable"] = "MANAGEABLE";
+    /** Items the current user has access to. */
     AccessOption["Mine"] = "MINE";
+    /** Items that can be requested. */
     AccessOption["Requestable"] = "REQUESTABLE";
-    /** @deprecated no longer supported */
+    /**
+     * Unmanaged items (deprecated).
+     * @deprecated no longer supported
+     */
     AccessOption["Unmanaged"] = "UNMANAGED";
 })(AccessOption || (AccessOption = {}));
+/** Actions that can be taken on an access during review. */
 export var AccessReviewAction;
 (function (AccessReviewAction) {
+    /** Accept/approve the access as-is. */
     AccessReviewAction["Accept"] = "ACCEPT";
+    /** Admin-initiated revocation (bypassing normal approval flow). */
     AccessReviewAction["AdminRevoke"] = "ADMIN_REVOKE";
+    /** No action taken yet. */
     AccessReviewAction["NoAction"] = "NO_ACTION";
+    /** Revoke the access. */
     AccessReviewAction["Revoke"] = "REVOKE";
+    /** Update/modify the access (e.g., change access level). */
     AccessReviewAction["Update"] = "UPDATE";
 })(AccessReviewAction || (AccessReviewAction = {}));
+/** Status indicating whether a review item has been assigned to reviewers */
 export var AccessReviewAssignedStatus;
 (function (AccessReviewAssignedStatus) {
+    /** The review item has been assigned to one or more reviewers */
     AccessReviewAssignedStatus["Assigned"] = "ASSIGNED";
+    /** The review item has not been assigned to any reviewers */
     AccessReviewAssignedStatus["Unassigned"] = "UNASSIGNED";
 })(AccessReviewAssignedStatus || (AccessReviewAssignedStatus = {}));
+/** The default view for end users performing reviews. */
 export var AccessReviewEndUserView;
 (function (AccessReviewEndUserView) {
+    /** Resource-centric view (show resources first, then users with access). */
     AccessReviewEndUserView["ResourceFirst"] = "RESOURCE_FIRST";
+    /** User-centric view (show users first, then their access). */
     AccessReviewEndUserView["UserFirst"] = "USER_FIRST";
 })(AccessReviewEndUserView || (AccessReviewEndUserView = {}));
+/** The kind of item being reviewed in a group access review (either a resource or another group) */
 export var AccessReviewGroupItemKind;
 (function (AccessReviewGroupItemKind) {
+    /** The item is a group */
     AccessReviewGroupItemKind["Group"] = "GROUP";
+    /** The item is a resource */
     AccessReviewGroupItemKind["Resource"] = "RESOURCE";
 })(AccessReviewGroupItemKind || (AccessReviewGroupItemKind = {}));
+/** Policy controlling which group resources are visible to reviewers. */
 export var AccessReviewGroupResourceVisibilityPolicy;
 (function (AccessReviewGroupResourceVisibilityPolicy) {
+    /** Only show group resources that are visible to the reviewer. */
     AccessReviewGroupResourceVisibilityPolicy["Strict"] = "STRICT";
+    /** Show all group resources regardless of reviewer visibility. */
     AccessReviewGroupResourceVisibilityPolicy["ViewAll"] = "VIEW_ALL";
+    /** Also show assigned group resources even if not normally visible. */
     AccessReviewGroupResourceVisibilityPolicy["ViewVisibleAndAssigned"] = "VIEW_VISIBLE_AND_ASSIGNED";
 })(AccessReviewGroupResourceVisibilityPolicy || (AccessReviewGroupResourceVisibilityPolicy = {}));
+/** The outcome/decision made on an access item after review. */
 export var AccessReviewItemOutcome;
 (function (AccessReviewItemOutcome) {
+    /** Item accepted. */
     AccessReviewItemOutcome["Accepted"] = "ACCEPTED";
+    /** No outcome yet. */
     AccessReviewItemOutcome["None"] = "NONE";
+    /** Item revoked. */
     AccessReviewItemOutcome["Revoked"] = "REVOKED";
+    /** Item updated. */
     AccessReviewItemOutcome["Updated"] = "UPDATED";
 })(AccessReviewItemOutcome || (AccessReviewItemOutcome = {}));
+/**
+ * Aggregates the ReviewerUserStatus of multiple reviewers, at the item level.
+ * For example: AccessReviewResourceUser (item level) has multiple AccessReviewResourceUserReviewer (reviewer level).
+ */
 export var AccessReviewItemStatus;
 (function (AccessReviewItemStatus) {
+    /** All reviewers have completed their reviews. */
     AccessReviewItemStatus["Completed"] = "COMPLETED";
+    /** This item has warnings. Takes precedence over all other statuses. */
     AccessReviewItemStatus["NeedsAttention"] = "NEEDS_ATTENTION";
+    /**
+     * This item was revoked in Opal and is awaiting end-system revocation. Takes
+     * precedence over all other statuses besides NEEDS_ATTENTION.
+     */
     AccessReviewItemStatus["NeedsEndSystemRevocation"] = "NEEDS_END_SYSTEM_REVOCATION";
+    /**
+     * This item was updated in Opal and the resulting access request needs to be
+     * approved. Takes precedence over all other statuses besides NEEDS_ATTENTION.
+     */
     AccessReviewItemStatus["NeedsUpdateRequestApproval"] = "NEEDS_UPDATE_REQUEST_APPROVAL";
+    /** No reviewers have completed any reviews yet. */
     AccessReviewItemStatus["NotStarted"] = "NOT_STARTED";
+    /** There are no items to review. */
     AccessReviewItemStatus["NoReviewNeeded"] = "NO_REVIEW_NEEDED";
+    /** Some reviewers have completed their reviews. */
     AccessReviewItemStatus["PartiallyCompleted"] = "PARTIALLY_COMPLETED";
 })(AccessReviewItemStatus || (AccessReviewItemStatus = {}));
+/** Fields that access review items can be sorted by. */
 export var AccessReviewItemsSortByField;
 (function (AccessReviewItemsSortByField) {
+    /** Sort by name. */
     AccessReviewItemsSortByField["Name"] = "NAME";
+    /** Sort by review status. */
     AccessReviewItemsSortByField["Status"] = "STATUS";
 })(AccessReviewItemsSortByField || (AccessReviewItemsSortByField = {}));
 export var AccessReviewPreviewSortByField;
@@ -76,64 +138,117 @@ export var AccessReviewPreviewSortByField;
     AccessReviewPreviewSortByField["EntityName"] = "ENTITY_NAME";
     AccessReviewPreviewSortByField["ReviewCount"] = "REVIEW_COUNT";
 })(AccessReviewPreviewSortByField || (AccessReviewPreviewSortByField = {}));
+/** Policy for automatically assigning reviewers to access. */
 export var AccessReviewReviewerAssignmentPolicy;
 (function (AccessReviewReviewerAssignmentPolicy) {
+    /** Assign to the access approvers. */
     AccessReviewReviewerAssignmentPolicy["ByApprovers"] = "BY_APPROVERS";
+    /** Assign to all access approvers. */
     AccessReviewReviewerAssignmentPolicy["ByApproversAll"] = "BY_APPROVERS_ALL";
+    /** Assign to the user's manager. */
     AccessReviewReviewerAssignmentPolicy["ByManager"] = "BY_MANAGER";
+    /** Assign to admins of the owning team. */
     AccessReviewReviewerAssignmentPolicy["ByOwningTeamAdmin"] = "BY_OWNING_TEAM_ADMIN";
+    /** Assign to all admins of the owning team. */
     AccessReviewReviewerAssignmentPolicy["ByOwningTeamAdminAll"] = "BY_OWNING_TEAM_ADMIN_ALL";
+    /** Reviewers are assigned manually. */
     AccessReviewReviewerAssignmentPolicy["Manually"] = "MANUALLY";
 })(AccessReviewReviewerAssignmentPolicy || (AccessReviewReviewerAssignmentPolicy = {}));
+/** The status of an access review. */
 export var AccessReviewStatus;
 (function (AccessReviewStatus) {
+    /** The access review has been completed/stopped. */
     AccessReviewStatus["Completed"] = "COMPLETED";
+    /** The access review is currently in progress. */
     AccessReviewStatus["Started"] = "STARTED";
 })(AccessReviewStatus || (AccessReviewStatus = {}));
+/**
+ * Aggregates the AccessReviewItemStatus of multiple items at the summary level.
+ * For example: AccessReviewResource (summary level) has multiple AccessReviewResourceUser (item level).
+ */
 export var AccessReviewSummaryStatus;
 (function (AccessReviewSummaryStatus) {
+    /** All items' reviews are complete. */
     AccessReviewSummaryStatus["Completed"] = "COMPLETED";
+    /** Some item(s) have warnings. Takes precedence over all other statuses. */
     AccessReviewSummaryStatus["NeedsAttention"] = "NEEDS_ATTENTION";
+    /**
+     * Some item(s) were revoked in Opal and are awaiting end-system revocation.
+     * Takes precedence over all other statuses besides NEEDS_ATTENTION.
+     */
     AccessReviewSummaryStatus["NeedsEndSystemRevocation"] = "NEEDS_END_SYSTEM_REVOCATION";
+    /**
+     * This item was updated in Opal and the resulting access request needs to be
+     * approved. Takes precedence over all other statuses besides NEEDS_ATTENTION.
+     */
     AccessReviewSummaryStatus["NeedsUpdateRequestApproval"] = "NEEDS_UPDATE_REQUEST_APPROVAL";
+    /** No items' reviews are complete yet. */
     AccessReviewSummaryStatus["NotStarted"] = "NOT_STARTED";
+    /** There are no items to review. */
     AccessReviewSummaryStatus["NoReviewNeeded"] = "NO_REVIEW_NEEDED";
+    /** Some items' reviews are complete. */
     AccessReviewSummaryStatus["PartiallyCompleted"] = "PARTIALLY_COMPLETED";
 })(AccessReviewSummaryStatus || (AccessReviewSummaryStatus = {}));
+/** Enum representing the different tabs in an access review interface. */
 export var AccessReviewTab;
 (function (AccessReviewTab) {
+    /** App/connection-centric view. */
     AccessReviewTab["AppsTab"] = "APPS_TAB";
+    /** Group-centric view. */
     AccessReviewTab["GroupsTab"] = "GROUPS_TAB";
+    /** Resource-centric view. */
     AccessReviewTab["ResourceTab"] = "RESOURCE_TAB";
+    /** User-centric view. */
     AccessReviewTab["UsersTab"] = "USERS_TAB";
 })(AccessReviewTab || (AccessReviewTab = {}));
+/** The type of access being reviewed. */
 export var AccessReviewType;
 (function (AccessReviewType) {
+    /** User access to a connection/app. */
     AccessReviewType["ConnectionUser"] = "CONNECTION_USER";
+    /** Group membership in another group. */
     AccessReviewType["GroupGroup"] = "GROUP_GROUP";
+    /** Group access to a resource. */
     AccessReviewType["GroupResource"] = "GROUP_RESOURCE";
+    /** User membership in a group. */
     AccessReviewType["GroupUser"] = "GROUP_USER";
+    /** Resource (NHI) access to another resource. */
     AccessReviewType["ResourceResource"] = "RESOURCE_RESOURCE";
+    /** User access to a resource. */
     AccessReviewType["ResourceUser"] = "RESOURCE_USER";
 })(AccessReviewType || (AccessReviewType = {}));
+/** Types of warnings that can occur during access review. */
 export var AccessReviewUserWarningType;
 (function (AccessReviewUserWarningType) {
+    /** The assigned reviewer has been deleted. */
     AccessReviewUserWarningType["ReviewerDeleted"] = "REVIEWER_DELETED";
+    /** The reviewer does not have visibility to the item being reviewed. */
     AccessReviewUserWarningType["ReviewerNoVisibility"] = "REVIEWER_NO_VISIBILITY";
+    /** The reviewer is reviewing their own access, which may not be allowed. */
     AccessReviewUserWarningType["SelfReviewNotAllowed"] = "SELF_REVIEW_NOT_ALLOWED";
 })(AccessReviewUserWarningType || (AccessReviewUserWarningType = {}));
+/** Status of an access rule indicating whether it is actively enforcing access conditions. */
 export var AccessRuleStatus;
 (function (AccessRuleStatus) {
+    /** Rule is actively enforcing access conditions. */
     AccessRuleStatus["Active"] = "ACTIVE";
+    /** Rule is forced to active state and will be set back to active after first sync to prevent triggering the failsafe. */
     AccessRuleStatus["ActiveForced"] = "ACTIVE_FORCED";
+    /** Rule is temporarily paused and not enforcing conditions. */
     AccessRuleStatus["Paused"] = "PAUSED";
+    /** Rule was automatically paused by the failsafe mechanism. */
     AccessRuleStatus["PausedByFailsafe"] = "PAUSED_BY_FAILSAFE";
 })(AccessRuleStatus || (AccessRuleStatus = {}));
+/** Internal admin roles that can be assigned to users for testing and development purposes. */
 export var AldwinRole;
 (function (AldwinRole) {
+    /** Full administrative access. */
     AldwinRole["Admin"] = "ADMIN";
+    /** Auditor access for reviewing access patterns. */
     AldwinRole["Auditor"] = "AUDITOR";
+    /** Global requester role allowing requests across all resources. */
     AldwinRole["GlobalRequester"] = "GLOBAL_REQUESTER";
+    /** Read-only administrative access. */
     AldwinRole["ReadOnlyAdmin"] = "READ_ONLY_ADMIN";
 })(AldwinRole || (AldwinRole = {}));
 export var ApiAccessLevel;
@@ -144,7 +259,6 @@ export var ApiAccessLevel;
 export var ApiAuthType;
 (function (ApiAuthType) {
     ApiAuthType["Admin"] = "ADMIN";
-    ApiAuthType["AdminDangerouslyAllowImpersonation"] = "ADMIN_DANGEROUSLY_ALLOW_IMPERSONATION";
     ApiAuthType["Auth"] = "AUTH";
     ApiAuthType["InternalMaybeAuth"] = "INTERNAL_MAYBE_AUTH";
     ApiAuthType["NonAdminDangerouslyAllowImpersonation"] = "NON_ADMIN_DANGEROUSLY_ALLOW_IMPERSONATION";
@@ -153,42 +267,70 @@ export var ApiAuthType;
     ApiAuthType["ReadOnlyAdmin"] = "READ_ONLY_ADMIN";
     ApiAuthType["Unauth"] = "UNAUTH";
 })(ApiAuthType || (ApiAuthType = {}));
+/** Categories for organizing and filtering applications in the catalog. */
 export var AppCategory;
 (function (AppCategory) {
+    /** All applications regardless of category. */
     AppCategory["All"] = "ALL";
+    /** Applications synced from Azure AD. */
     AppCategory["AzureApp"] = "AZURE_APP";
+    /** Cloud infrastructure providers (AWS, GCP, Azure). */
     AppCategory["CloudProviders"] = "CLOUD_PROVIDERS";
+    /** Custom applications and integrations. */
     AppCategory["Custom"] = "CUSTOM";
+    /** Database systems and services. */
     AppCategory["Databases"] = "DATABASES";
+    /** Developer tools and platforms. */
     AppCategory["DeveloperTools"] = "DEVELOPER_TOOLS";
+    /** Human resources systems. */
     AppCategory["HrSystems"] = "HR_SYSTEMS";
+    /** Identity and access management systems. */
     AppCategory["Identity"] = "IDENTITY";
+    /** Applications synced from Okta. */
     AppCategory["OktaApp"] = "OKTA_APP";
+    /** Software-as-a-Service applications. */
     AppCategory["SaasApps"] = "SAAS_APPS";
 })(AppCategory || (AppCategory = {}));
+/** Fields by which app items can be sorted. */
 export var AppItemsSortByField;
 (function (AppItemsSortByField) {
+    /** Sort by creation timestamp. */
     AppItemsSortByField["CreatedAt"] = "CREATED_AT";
+    /** Sort by item name. */
     AppItemsSortByField["Name"] = "NAME";
+    /** Sort by remote ID in the source system. */
     AppItemsSortByField["RemoteId"] = "REMOTE_ID";
 })(AppItemsSortByField || (AppItemsSortByField = {}));
+/** Type of application. */
 export var AppType;
 (function (AppType) {
+    /** Native Opal connection-based app. */
     AppType["Native"] = "NATIVE";
+    /** Okta-synced application. */
     AppType["Okta"] = "OKTA";
 })(AppType || (AppType = {}));
+/** Fields by which applications can be sorted. */
 export var AppsSortByField;
 (function (AppsSortByField) {
+    /** Sort by application name. */
     AppsSortByField["Name"] = "NAME";
+    /** Sort by number of resources in the application. */
     AppsSortByField["ResourceCount"] = "RESOURCE_COUNT";
+    /** Sort by application source/type. */
     AppsSortByField["Source"] = "SOURCE";
+    /** Sort by visibility setting. */
     AppsSortByField["Visiblity"] = "VISIBLITY";
 })(AppsSortByField || (AppsSortByField = {}));
+/** Fields available for sorting access review assignments */
 export var AssignmentsSortByField;
 (function (AssignmentsSortByField) {
+    /** Sort by the name of the entity being reviewed */
     AssignmentsSortByField["EntityName"] = "ENTITY_NAME";
+    /** Sort by the name of the principal (user, group, or resource) */
     AssignmentsSortByField["PrincipalName"] = "PRINCIPAL_NAME";
+    /** Sort by the name of the assigned reviewer */
     AssignmentsSortByField["ReviewerName"] = "REVIEWER_NAME";
+    /** Sort by the type of the entity */
     AssignmentsSortByField["Type"] = "TYPE";
 })(AssignmentsSortByField || (AssignmentsSortByField = {}));
 export var AssociatedItemsSortByField;
@@ -198,10 +340,14 @@ export var AssociatedItemsSortByField;
     AssociatedItemsSortByField["Name"] = "NAME";
     AssociatedItemsSortByField["Visibility"] = "VISIBILITY";
 })(AssociatedItemsSortByField || (AssociatedItemsSortByField = {}));
+/** The authentication flow type used to establish a third-party integration. */
 export var AuthFlowType;
 (function (AuthFlowType) {
+    /** OAuth code flow requiring user authorization. */
     AuthFlowType["Code"] = "CODE";
+    /** Link-based authentication flow. */
     AuthFlowType["Link"] = "LINK";
+    /** Manual authentication using provided credentials or tokens. */
     AuthFlowType["Manual"] = "MANUAL";
 })(AuthFlowType || (AuthFlowType = {}));
 export var AuthSessionStatus;
@@ -244,6 +390,7 @@ export var ConnectionType;
     ConnectionType["CustomConnector"] = "CUSTOM_CONNECTOR";
     ConnectionType["Databricks"] = "DATABRICKS";
     ConnectionType["DatastaxAstra"] = "DATASTAX_ASTRA";
+    ConnectionType["Devin"] = "DEVIN";
     ConnectionType["Duo"] = "DUO";
     ConnectionType["Gcp"] = "GCP";
     ConnectionType["GitHub"] = "GIT_HUB";
@@ -251,11 +398,13 @@ export var ConnectionType;
     ConnectionType["GoogleGroups"] = "GOOGLE_GROUPS";
     ConnectionType["GoogleWorkspace"] = "GOOGLE_WORKSPACE";
     ConnectionType["Ilevel"] = "ILEVEL";
+    ConnectionType["Incidentio"] = "INCIDENTIO";
     ConnectionType["Ldap"] = "LDAP";
     ConnectionType["Mariadb"] = "MARIADB";
     ConnectionType["Mongo"] = "MONGO";
     ConnectionType["MongoAtlas"] = "MONGO_ATLAS";
     ConnectionType["Mysql"] = "MYSQL";
+    ConnectionType["OktaCiam"] = "OKTA_CIAM";
     ConnectionType["OktaDirectory"] = "OKTA_DIRECTORY";
     ConnectionType["Opal"] = "OPAL";
     ConnectionType["OpenaiPlatform"] = "OPENAI_PLATFORM";
@@ -266,6 +415,7 @@ export var ConnectionType;
     ConnectionType["Snowflake"] = "SNOWFLAKE";
     ConnectionType["Tailscale"] = "TAILSCALE";
     ConnectionType["Teleport"] = "TELEPORT";
+    ConnectionType["Vault"] = "VAULT";
     ConnectionType["Workday"] = "WORKDAY";
 })(ConnectionType || (ConnectionType = {}));
 export var ConnectionValidationSeverity;
@@ -280,9 +430,12 @@ export var ConnectionValidationStatus;
     ConnectionValidationStatus["Failed"] = "FAILED";
     ConnectionValidationStatus["Success"] = "SUCCESS";
 })(ConnectionValidationStatus || (ConnectionValidationStatus = {}));
+/** Field to sort entity permissions by. */
 export var EntityPermissionsSortByField;
 (function (EntityPermissionsSortByField) {
+    /** Sort by access level name. */
     EntityPermissionsSortByField["AccessLevelName"] = "ACCESS_LEVEL_NAME";
+    /** Sort by entity name. */
     EntityPermissionsSortByField["Name"] = "NAME";
 })(EntityPermissionsSortByField || (EntityPermissionsSortByField = {}));
 export var EntityType;
@@ -325,24 +478,34 @@ export var EntityType;
     EntityType["ResourceFolder"] = "RESOURCE_FOLDER";
     EntityType["ResourceProposal"] = "RESOURCE_PROPOSAL";
     EntityType["ReviewerStage"] = "REVIEWER_STAGE";
+    EntityType["SavedQuery"] = "SAVED_QUERY";
     EntityType["SearchQuery"] = "SEARCH_QUERY";
     EntityType["Session"] = "SESSION";
     EntityType["SupportTicket"] = "SUPPORT_TICKET";
     EntityType["Tag"] = "TAG";
     EntityType["User"] = "USER";
 })(EntityType || (EntityType = {}));
+/** Determines how error notifications are sent within the organization. */
 export var ErrorNotificationSettingType;
 (function (ErrorNotificationSettingType) {
+    /** Disable error notifications. */
     ErrorNotificationSettingType["Disabled"] = "DISABLED";
+    /** Send error notifications to all admins. */
     ErrorNotificationSettingType["NotifyAdmins"] = "NOTIFY_ADMINS";
+    /** Send error notifications to the owner of the affected resource. */
     ErrorNotificationSettingType["NotifyOwner"] = "NOTIFY_OWNER";
 })(ErrorNotificationSettingType || (ErrorNotificationSettingType = {}));
+/** Severity level for events in the system. */
 export var EventSeverity;
 (function (EventSeverity) {
+    /** Alert event that requires immediate attention. */
     EventSeverity["Alert"] = "ALERT";
+    /** Informational event. */
     EventSeverity["Info"] = "INFO";
+    /** Warning event that requires attention. */
     EventSeverity["Warning"] = "WARNING";
 })(EventSeverity || (EventSeverity = {}));
+/** Types of events that can occur in the system, tracking all changes and activities. */
 export var EventType;
 (function (EventType) {
     EventType["AccessExtended"] = "ACCESS_EXTENDED";
@@ -399,6 +562,7 @@ export var EventType;
     EventType["AccessReviewUserAccessToResourceRevoked"] = "ACCESS_REVIEW_USER_ACCESS_TO_RESOURCE_REVOKED";
     EventType["AccessReviewUserAccessToResourceRevokedDecision"] = "ACCESS_REVIEW_USER_ACCESS_TO_RESOURCE_REVOKED_DECISION";
     EventType["AccessReviewUserAccessToResourceRevokedFromEndSystem"] = "ACCESS_REVIEW_USER_ACCESS_TO_RESOURCE_REVOKED_FROM_END_SYSTEM";
+    EventType["AccessRuleFailsafeTriggered"] = "ACCESS_RULE_FAILSAFE_TRIGGERED";
     EventType["ApiTokenCreated"] = "API_TOKEN_CREATED";
     EventType["ApiTokenDeleted"] = "API_TOKEN_DELETED";
     EventType["BreakGlassUsed"] = "BREAK_GLASS_USED";
@@ -519,6 +683,9 @@ export var EventType;
     EventType["IdpStatusNotFound"] = "IDP_STATUS_NOT_FOUND";
     EventType["ImpersonationSessionStarted"] = "IMPERSONATION_SESSION_STARTED";
     EventType["ImpersonationSessionStopped"] = "IMPERSONATION_SESSION_STOPPED";
+    EventType["IpZoneCreated"] = "IP_ZONE_CREATED";
+    EventType["IpZoneDeleted"] = "IP_ZONE_DELETED";
+    EventType["IpZoneUpdated"] = "IP_ZONE_UPDATED";
     EventType["MessageChannelsAddedToGroups"] = "MESSAGE_CHANNELS_ADDED_TO_GROUPS";
     EventType["MessageChannelsAddedToResources"] = "MESSAGE_CHANNELS_ADDED_TO_RESOURCES";
     EventType["MessageChannelsCreated"] = "MESSAGE_CHANNELS_CREATED";
@@ -576,6 +743,7 @@ export var EventType;
     EventType["PropagationTicketCreatedRemotely"] = "PROPAGATION_TICKET_CREATED_REMOTELY";
     EventType["PropagationTicketUpdatedRemotely"] = "PROPAGATION_TICKET_UPDATED_REMOTELY";
     EventType["PropagationTimedOut"] = "PROPAGATION_TIMED_OUT";
+    EventType["QueryExported"] = "QUERY_EXPORTED";
     EventType["RemoteEventGroupsCreated"] = "REMOTE_EVENT_GROUPS_CREATED";
     EventType["RemoteEventGroupsDeleted"] = "REMOTE_EVENT_GROUPS_DELETED";
     /** Deprecated. Please use REMOTE_EVENT_USER_ADDED_TO_GROUP */
@@ -695,41 +863,65 @@ export var EventType;
     EventType["UserTeamAttrUpdated"] = "USER_TEAM_ATTR_UPDATED";
     EventType["UserTeamUpdated"] = "USER_TEAM_UPDATED";
 })(EventType || (EventType = {}));
+/** Types of events that can be received from external systems. */
 export var ExternalEventType;
 (function (ExternalEventType) {
+    /** Groups were created. */
     ExternalEventType["GroupsCreated"] = "GROUPS_CREATED";
+    /** Groups were deleted. */
     ExternalEventType["GroupsDeleted"] = "GROUPS_DELETED";
+    /** Group was added to a resource. */
     ExternalEventType["GroupAddedToResource"] = "GROUP_ADDED_TO_RESOURCE";
+    /** Group was removed from a resource. */
     ExternalEventType["GroupRemovedFromResource"] = "GROUP_REMOVED_FROM_RESOURCE";
+    /** Group was used/accessed. */
     ExternalEventType["GroupUsed"] = "GROUP_USED";
+    /** User logged in successfully. */
     ExternalEventType["LoginSuccess"] = "LOGIN_SUCCESS";
+    /** Resources were created. */
     ExternalEventType["ResourcesCreated"] = "RESOURCES_CREATED";
+    /** Resources were deleted. */
     ExternalEventType["ResourcesDeleted"] = "RESOURCES_DELETED";
+    /** Resource was read/accessed. */
     ExternalEventType["ResourceRead"] = "RESOURCE_READ";
+    /** User was added to a group. */
     ExternalEventType["UserAddedToGroup"] = "USER_ADDED_TO_GROUP";
+    /** User was added to a resource. */
     ExternalEventType["UserAddedToResource"] = "USER_ADDED_TO_RESOURCE";
+    /** User was removed from a group. */
     ExternalEventType["UserRemovedFromGroup"] = "USER_REMOVED_FROM_GROUP";
+    /** User was removed from a resource. */
     ExternalEventType["UserRemovedFromResource"] = "USER_REMOVED_FROM_RESOURCE";
 })(ExternalEventType || (ExternalEventType = {}));
+/** Fields that can be used to sort external events. */
 export var ExternalEventsSortByFields;
 (function (ExternalEventsSortByFields) {
+    /** Sort by event time. */
     ExternalEventsSortByFields["EventTime"] = "EVENT_TIME";
 })(ExternalEventsSortByFields || (ExternalEventsSortByFields = {}));
+/** Type of MFA factor. */
 export var FactorType;
 (function (FactorType) {
+    /** Okta Push notification factor. */
     FactorType["OktaPush"] = "OKTA_PUSH";
+    /** Okta TOTP (Time-based One-Time Password) factor. */
     FactorType["OktaTotp"] = "OKTA_TOTP";
 })(FactorType || (FactorType = {}));
+/** Rule for combining multiple filters. */
 export var FilterRule;
 (function (FilterRule) {
     FilterRule["MatchAll"] = "MATCH_ALL";
     FilterRule["MatchAny"] = "MATCH_ANY";
 })(FilterRule || (FilterRule = {}));
+/** Match mode for combining multiple filters. */
 export var FiltersMatchMode;
 (function (FiltersMatchMode) {
+    /** All filters must match (AND logic). */
     FiltersMatchMode["All"] = "ALL";
+    /** Any filter can match (OR logic). */
     FiltersMatchMode["Any"] = "ANY";
 })(FiltersMatchMode || (FiltersMatchMode = {}));
+/** General settings that can be enabled or disabled for an organization. */
 export var GeneralSettingType;
 (function (GeneralSettingType) {
     GeneralSettingType["AccessExpiringNotifications"] = "ACCESS_EXPIRING_NOTIFICATIONS";
@@ -740,7 +932,11 @@ export var GeneralSettingType;
     GeneralSettingType["AiCustomRoleDescriptionGenerator"] = "AI_CUSTOM_ROLE_DESCRIPTION_GENERATOR";
     GeneralSettingType["AiCustomRoleSummary"] = "AI_CUSTOM_ROLE_SUMMARY";
     GeneralSettingType["AiRiskCenterAskOpal"] = "AI_RISK_CENTER_ASK_OPAL";
+    GeneralSettingType["AllowAllUsersToCreatePat"] = "ALLOW_ALL_USERS_TO_CREATE_PAT";
+    GeneralSettingType["AllowDelegationToAllUsers"] = "ALLOW_DELEGATION_TO_ALL_USERS";
+    GeneralSettingType["ApiIpAcl"] = "API_IP_ACL";
     GeneralSettingType["AutoMergeUsersByEmail"] = "AUTO_MERGE_USERS_BY_EMAIL";
+    GeneralSettingType["DefaultRequestableItemsOnly"] = "DEFAULT_REQUESTABLE_ITEMS_ONLY";
     GeneralSettingType["DisableNonAdminLogins"] = "DISABLE_NON_ADMIN_LOGINS";
     GeneralSettingType["DisableRequestDelegation"] = "DISABLE_REQUEST_DELEGATION";
     GeneralSettingType["GlobalRequesterRole"] = "GLOBAL_REQUESTER_ROLE";
@@ -757,62 +953,111 @@ export var GeneralSettingType;
     GeneralSettingType["UseOidcMfaForGatingOpalActions"] = "USE_OIDC_MFA_FOR_GATING_OPAL_ACTIONS";
     GeneralSettingType["UseOktaMfaForGatingOpalActions"] = "USE_OKTA_MFA_FOR_GATING_OPAL_ACTIONS";
 })(GeneralSettingType || (GeneralSettingType = {}));
+/** Fields that can be used to sort group binding suggestions. */
 export var GroupBindingSuggestionsSortByField;
 (function (GroupBindingSuggestionsSortByField) {
+    /** Sort by primary group name. */
     GroupBindingSuggestionsSortByField["PrimaryGroupName"] = "PRIMARY_GROUP_NAME";
+    /** Sort by secondary group name. */
     GroupBindingSuggestionsSortByField["SecondaryGroupName"] = "SECONDARY_GROUP_NAME";
+    /** Sort by last updated time. */
     GroupBindingSuggestionsSortByField["UpdatedAt"] = "UPDATED_AT";
 })(GroupBindingSuggestionsSortByField || (GroupBindingSuggestionsSortByField = {}));
+/** Field to sort group bindings by. */
 export var GroupBindingsSortByField;
 (function (GroupBindingsSortByField) {
+    /** Sort by creation date. */
     GroupBindingsSortByField["CreatedAt"] = "CREATED_AT";
+    /** Sort by creator. */
     GroupBindingsSortByField["CreatedBy"] = "CREATED_BY";
+    /** Sort by source group name. */
     GroupBindingsSortByField["SourceGroupName"] = "SOURCE_GROUP_NAME";
+    /** Sort by source group type. */
     GroupBindingsSortByField["SourceGroupType"] = "SOURCE_GROUP_TYPE";
 })(GroupBindingsSortByField || (GroupBindingsSortByField = {}));
+/** Source of a group-resource relationship. */
 export var GroupResourceSource;
 (function (GroupResourceSource) {
     /** GroupResource that's inherited from another remote resource */
     GroupResourceSource["Inherited"] = "INHERITED";
+    /** Regular group-resource relationship. */
     GroupResourceSource["Regular"] = "REGULAR";
 })(GroupResourceSource || (GroupResourceSource = {}));
+/** Type of group from various identity providers and systems. */
 export var GroupType;
 (function (GroupType) {
+    /** Active Directory group. */
     GroupType["ActiveDirectoryGroup"] = "ACTIVE_DIRECTORY_GROUP";
+    /** AWS SSO group. */
     GroupType["AwsSsoGroup"] = "AWS_SSO_GROUP";
+    /** Azure AD Microsoft 365 group. */
     GroupType["AzureAdMicrosoft_365Group"] = "AZURE_AD_MICROSOFT_365_GROUP";
+    /** Azure AD security group. */
     GroupType["AzureAdSecurityGroup"] = "AZURE_AD_SECURITY_GROUP";
+    /** Connector group. */
     GroupType["ConnectorGroup"] = "CONNECTOR_GROUP";
+    /** Databricks account group. */
     GroupType["DatabricksAccountGroup"] = "DATABRICKS_ACCOUNT_GROUP";
+    GroupType["DevinGroup"] = "DEVIN_GROUP";
+    /** Duo group. */
     GroupType["DuoGroup"] = "DUO_GROUP";
+    /** GitHub team. */
     GroupType["GitHubTeam"] = "GIT_HUB_TEAM";
+    /** GitLab group. */
     GroupType["GitLabGroup"] = "GIT_LAB_GROUP";
+    /** Google Groups GKE (Kubernetes Engine) group. */
     GroupType["GoogleGroupsGkeGroup"] = "GOOGLE_GROUPS_GKE_GROUP";
+    /** Google Groups group. */
     GroupType["GoogleGroupsGroup"] = "GOOGLE_GROUPS_GROUP";
+    /** Incident.io on-call schedule. */
+    GroupType["IncidentioOnCallSchedule"] = "INCIDENTIO_ON_CALL_SCHEDULE";
+    /** LDAP group. */
     GroupType["LdapGroup"] = "LDAP_GROUP";
+    /** Okta group. */
     GroupType["OktaGroup"] = "OKTA_GROUP";
+    /** Okta group rule. */
     GroupType["OktaGroupRule"] = "OKTA_GROUP_RULE";
+    /** Opal access rule. */
     GroupType["OpalAccessRule"] = "OPAL_ACCESS_RULE";
+    /** Opal-managed group. */
     GroupType["OpalGroup"] = "OPAL_GROUP";
+    /** PagerDuty on-call schedule. */
+    GroupType["PagerdutyOnCallSchedule"] = "PAGERDUTY_ON_CALL_SCHEDULE";
+    /** Snowflake role. */
     GroupType["SnowflakeRole"] = "SNOWFLAKE_ROLE";
+    /** Tailscale group. */
     GroupType["TailscaleGroup"] = "TAILSCALE_GROUP";
+    /** Workday user security group. */
     GroupType["WorkdayUserSecurityGroup"] = "WORKDAY_USER_SECURITY_GROUP";
 })(GroupType || (GroupType = {}));
+/** Field to sort group users by. */
 export var GroupUserSortByField;
 (function (GroupUserSortByField) {
+    /** Sort by access level name. */
     GroupUserSortByField["AccessLevelName"] = "ACCESS_LEVEL_NAME";
+    /** Sort by expiration time. */
     GroupUserSortByField["ExpiresAt"] = "EXPIRES_AT";
+    /** Sort by group name. */
     GroupUserSortByField["GroupName"] = "GROUP_NAME";
+    /** Sort by last used time. */
     GroupUserSortByField["LastUsedAt"] = "LAST_USED_AT";
+    /** Sort by propagation status. */
     GroupUserSortByField["PropagationStatus"] = "PROPAGATION_STATUS";
+    /** Sort by source of access. */
     GroupUserSortByField["SourceOfAccess"] = "SOURCE_OF_ACCESS";
+    /** Sort by user email. */
     GroupUserSortByField["UserEmail"] = "USER_EMAIL";
+    /** Sort by user full name. */
     GroupUserSortByField["UserFullName"] = "USER_FULL_NAME";
 })(GroupUserSortByField || (GroupUserSortByField = {}));
+/** Source of a user's group membership. */
 export var GroupUserSource;
 (function (GroupUserSource) {
+    /** Break glass emergency access. */
     GroupUserSource["BreakGlass"] = "BREAK_GLASS";
+    /** Membership through on-call schedule. */
     GroupUserSource["OnCall"] = "ON_CALL";
+    /** Regular direct membership. */
     GroupUserSource["Regular"] = "REGULAR";
     /** Regular GroupUser derived from a containing group in Opal. */
     GroupUserSource["RegularIndirect"] = "REGULAR_INDIRECT";
@@ -847,26 +1092,44 @@ export var HrIdpStatus;
      */
     HrIdpStatus["Suspended"] = "SUSPENDED";
 })(HrIdpStatus || (HrIdpStatus = {}));
+/** Type of identity provider connection. */
 export var IdpConnectionType;
 (function (IdpConnectionType) {
+    /** Active Directory identity provider. */
     IdpConnectionType["ActiveDirectory"] = "ACTIVE_DIRECTORY";
+    /** Azure Active Directory identity provider. */
     IdpConnectionType["AzureAd"] = "AZURE_AD";
+    /** Google Workspace identity provider. */
     IdpConnectionType["Google"] = "GOOGLE";
+    /** Okta identity provider. */
     IdpConnectionType["Okta"] = "OKTA";
+    /** Workday identity provider. */
     IdpConnectionType["Workday"] = "WORKDAY";
 })(IdpConnectionType || (IdpConnectionType = {}));
+/** Mapping of IDP user attributes to Opal user fields. */
 export var IdpConnectionUserAttributeUseAs;
 (function (IdpConnectionUserAttributeUseAs) {
+    /** Custom attribute not mapped to a standard field. */
     IdpConnectionUserAttributeUseAs["Custom"] = "CUSTOM";
+    /** User's email address. */
     IdpConnectionUserAttributeUseAs["Email"] = "EMAIL";
+    /** User's first name. */
     IdpConnectionUserAttributeUseAs["FirstName"] = "FIRST_NAME";
+    /** User's GitHub username. */
     IdpConnectionUserAttributeUseAs["GithubUsername"] = "GITHUB_USERNAME";
+    /** User's last name. */
     IdpConnectionUserAttributeUseAs["LastName"] = "LAST_NAME";
+    /** Manager's email address. */
     IdpConnectionUserAttributeUseAs["ManagerEmail"] = "MANAGER_EMAIL";
+    /** User's profile URL. */
     IdpConnectionUserAttributeUseAs["ProfileUrl"] = "PROFILE_URL";
+    /** User's secondary email address. */
     IdpConnectionUserAttributeUseAs["SecondaryEmail"] = "SECONDARY_EMAIL";
+    /** User's team or department. */
     IdpConnectionUserAttributeUseAs["Team"] = "TEAM";
+    /** User's Teleport username. */
     IdpConnectionUserAttributeUseAs["TeleportUsername"] = "TELEPORT_USERNAME";
+    /** User's job title. */
     IdpConnectionUserAttributeUseAs["Title"] = "TITLE";
 })(IdpConnectionUserAttributeUseAs || (IdpConnectionUserAttributeUseAs = {}));
 export var ImportSetting;
@@ -876,343 +1139,618 @@ export var ImportSetting;
     ImportSetting["None"] = "NONE";
     ImportSetting["Tagged"] = "TAGGED";
 })(ImportSetting || (ImportSetting = {}));
+/** The type of third-party integration, indicating whether it is user-specific, organization-wide, or connection-based. */
 export var IntegrationType;
 (function (IntegrationType) {
+    /** Connection-based integration for specific connection configurations. */
     IntegrationType["Connection"] = "CONNECTION";
+    /** Organization-wide integration that applies to the entire organization. */
     IntegrationType["Org"] = "ORG";
+    /** User-specific integration tied to an individual user. */
     IntegrationType["User"] = "USER";
 })(IntegrationType || (IntegrationType = {}));
+/** Multi-factor authentication provider types supported by Opal. */
 export var MfaProvider;
 (function (MfaProvider) {
+    /** OpenID Connect MFA provider. */
     MfaProvider["Oidc"] = "OIDC";
+    /** Okta MFA provider. */
     MfaProvider["Okta"] = "OKTA";
+    /** Opal's native MFA provider. */
     MfaProvider["Opal"] = "OPAL";
 })(MfaProvider || (MfaProvider = {}));
+/** Type of message channel based on its use case. */
 export var MessageChannelType;
 (function (MessageChannelType) {
+    /** Channel for audit logs. */
     MessageChannelType["Audit"] = "AUDIT";
+    /** Channel for monitoring notifications. */
     MessageChannelType["Monitor"] = "MONITOR";
+    /** Channel for reviewer notifications. */
     MessageChannelType["Reviewer"] = "REVIEWER";
 })(MessageChannelType || (MessageChannelType = {}));
+/** Notification delivery method types. */
 export var NotificationType;
 (function (NotificationType) {
+    NotificationType["Automation"] = "AUTOMATION";
     NotificationType["Email"] = "EMAIL";
     NotificationType["GoogleChat"] = "GOOGLE_CHAT";
     NotificationType["Slack"] = "SLACK";
 })(NotificationType || (NotificationType = {}));
+/** Type of OIDC provider based on its use case. */
 export var OidcProviderType;
 (function (OidcProviderType) {
+    /** OIDC Provider used for AWS Orgs integration */
     OidcProviderType["AwsSession"] = "AWS_SESSION";
+    /** OIDC Provider used in optional MFA for resources / requests / approvals */
     OidcProviderType["Mfa"] = "MFA";
+    /** SIGNIN Provider used for signin in airgapped envs that use custom OIDC providers instead of Auth0 */
     OidcProviderType["Signin"] = "SIGNIN";
 })(OidcProviderType || (OidcProviderType = {}));
+/** Type of organization deployment. */
 export var OrganizationType;
 (function (OrganizationType) {
+    /** Cloud-hosted organization. */
     OrganizationType["Cloud"] = "CLOUD";
+    /** On-premises deployment. */
     OrganizationType["OnPrem"] = "ON_PREM";
 })(OrganizationType || (OrganizationType = {}));
+/** Fields that can be used to sort owners. */
 export var OwnersSortByField;
 (function (OwnersSortByField) {
+    /** Sort by creation date. */
     OwnersSortByField["CreatedAt"] = "CREATED_AT";
+    /** Sort by owner name. */
     OwnersSortByField["Name"] = "NAME";
+    /** Sort by source group name. */
     OwnersSortByField["SourceGroupName"] = "SOURCE_GROUP_NAME";
 })(OwnersSortByField || (OwnersSortByField = {}));
+/** Status codes for propagation operations. */
 export var PropagationStatusCode;
 (function (PropagationStatusCode) {
+    /** Dry run mode is enabled. */
     PropagationStatusCode["ErrDryRunModeEnabled"] = "ERR_DRY_RUN_MODE_ENABLED";
+    /** HR IDP provider is not linked. */
     PropagationStatusCode["ErrHrIdpProviderNotLinked"] = "ERR_HR_IDP_PROVIDER_NOT_LINKED";
+    /** IDP email update conflict. */
     PropagationStatusCode["ErrIdpEmailUpdateConflict"] = "ERR_IDP_EMAIL_UPDATE_CONFLICT";
+    /** Not authorized to query the resource. */
     PropagationStatusCode["ErrNotAuthorizedToQueryResource"] = "ERR_NOT_AUTHORIZED_TO_QUERY_RESOURCE";
+    /** Opal internal error occurred. */
     PropagationStatusCode["ErrOpalInternalError"] = "ERR_OPAL_INTERNAL_ERROR";
+    /** Operation is not supported. */
     PropagationStatusCode["ErrOperationUnsupported"] = "ERR_OPERATION_UNSUPPORTED";
+    /** Organization is in read-only mode. */
     PropagationStatusCode["ErrOrgReadOnly"] = "ERR_ORG_READ_ONLY";
+    /** Remote system internal error occurred. */
     PropagationStatusCode["ErrRemoteInternalError"] = "ERR_REMOTE_INTERNAL_ERROR";
+    /** Provisioning via IDP failed. */
     PropagationStatusCode["ErrRemoteProvisioningViaIdpFailed"] = "ERR_REMOTE_PROVISIONING_VIA_IDP_FAILED";
+    /** Remote resource was not found. */
     PropagationStatusCode["ErrRemoteResourceNotFound"] = "ERR_REMOTE_RESOURCE_NOT_FOUND";
+    /** Remote system is throttling requests. */
     PropagationStatusCode["ErrRemoteThrottle"] = "ERR_REMOTE_THROTTLE";
+    /** Remote ticket was not found. */
     PropagationStatusCode["ErrRemoteTicketNotFound"] = "ERR_REMOTE_TICKET_NOT_FOUND";
+    /** Remote unrecoverable error occurred. */
     PropagationStatusCode["ErrRemoteUnrecoverableError"] = "ERR_REMOTE_UNRECOVERABLE_ERROR";
+    /** Remote user was not found. */
     PropagationStatusCode["ErrRemoteUserNotFound"] = "ERR_REMOTE_USER_NOT_FOUND";
+    /** Remote user is not linked to the system. */
     PropagationStatusCode["ErrRemoteUserNotLinked"] = "ERR_REMOTE_USER_NOT_LINKED";
+    /** Ticket creation was skipped. */
     PropagationStatusCode["ErrTicketCreationSkipped"] = "ERR_TICKET_CREATION_SKIPPED";
+    /** Operation timed out. */
     PropagationStatusCode["ErrTimeout"] = "ERR_TIMEOUT";
+    /** Unknown error occurred. */
     PropagationStatusCode["ErrUnknown"] = "ERR_UNKNOWN";
+    /** Propagation is pending. */
     PropagationStatusCode["Pending"] = "PENDING";
+    /** Pending manual propagation. */
     PropagationStatusCode["PendingManualPropagation"] = "PENDING_MANUAL_PROPAGATION";
+    /** Pending ticket creation. */
     PropagationStatusCode["PendingTicketCreation"] = "PENDING_TICKET_CREATION";
+    /** Propagation completed successfully. */
     PropagationStatusCode["Success"] = "SUCCESS";
 })(PropagationStatusCode || (PropagationStatusCode = {}));
+/** Type of propagation task. */
 export var PropagationTaskType;
 (function (PropagationTaskType) {
+    /** Create entities for connections. */
     PropagationTaskType["ConnectionsCreateEntities"] = "CONNECTIONS_CREATE_ENTITIES";
+    /** Delete users from connections. */
     PropagationTaskType["ConnectionsDeleteUsers"] = "CONNECTIONS_DELETE_USERS";
+    /** Create groups. */
     PropagationTaskType["GroupsCreateGroups"] = "GROUPS_CREATE_GROUPS";
+    /** Create resources for groups. */
     PropagationTaskType["GroupsCreateResources"] = "GROUPS_CREATE_RESOURCES";
+    /** Create resource principals for groups. */
     PropagationTaskType["GroupsCreateResourcePrincipals"] = "GROUPS_CREATE_RESOURCE_PRINCIPALS";
+    /** Create users for groups. */
     PropagationTaskType["GroupsCreateUsers"] = "GROUPS_CREATE_USERS";
+    /** Delete groups. */
     PropagationTaskType["GroupsDeleteGroups"] = "GROUPS_DELETE_GROUPS";
+    /** Delete resources from groups. */
     PropagationTaskType["GroupsDeleteResources"] = "GROUPS_DELETE_RESOURCES";
+    /** Delete resource principals from groups. */
     PropagationTaskType["GroupsDeleteResourcePrincipals"] = "GROUPS_DELETE_RESOURCE_PRINCIPALS";
+    /** Delete users from groups. */
     PropagationTaskType["GroupsDeleteUsers"] = "GROUPS_DELETE_USERS";
+    /** Update resources for groups. */
     PropagationTaskType["GroupsUpdateResources"] = "GROUPS_UPDATE_RESOURCES";
+    /** Update users for groups. */
     PropagationTaskType["GroupsUpdateUsers"] = "GROUPS_UPDATE_USERS";
+    /** Create resources. */
     PropagationTaskType["ResourcesCreateResources"] = "RESOURCES_CREATE_RESOURCES";
+    /** Create users for resources. */
     PropagationTaskType["ResourcesCreateUsers"] = "RESOURCES_CREATE_USERS";
+    /** Delete resources. */
     PropagationTaskType["ResourcesDeleteResources"] = "RESOURCES_DELETE_RESOURCES";
+    /** Delete users from resources. */
     PropagationTaskType["ResourcesDeleteUsers"] = "RESOURCES_DELETE_USERS";
+    /** Update users for resources. */
     PropagationTaskType["ResourcesUpdateUsers"] = "RESOURCES_UPDATE_USERS";
 })(PropagationTaskType || (PropagationTaskType = {}));
+/** The source of a role assignment provision. */
 export var ProvisionSource;
 (function (ProvisionSource) {
     ProvisionSource["External"] = "EXTERNAL";
     ProvisionSource["Opal"] = "OPAL";
     ProvisionSource["Unknown"] = "UNKNOWN";
 })(ProvisionSource || (ProvisionSource = {}));
+/** Strategy for provisioning entities to connections. */
 export var ProvisionStrategy;
 (function (ProvisionStrategy) {
+    /** No provisioning strategy (manual provisioning). */
     ProvisionStrategy["None"] = "NONE";
+    /** Push entity to the connection automatically. */
     ProvisionStrategy["PushEntityToConnection"] = "PUSH_ENTITY_TO_CONNECTION";
 })(ProvisionStrategy || (ProvisionStrategy = {}));
+/** Action to perform when provisioning. */
 export var ProvisioningAction;
 (function (ProvisioningAction) {
+    /** Create the entity. */
     ProvisioningAction["Create"] = "CREATE";
+    /** Delete the entity. */
     ProvisioningAction["Delete"] = "DELETE";
 })(ProvisioningAction || (ProvisioningAction = {}));
+/** Type of connection for publishing events to external systems. */
 export var PubsubPublishConnectionType;
 (function (PubsubPublishConnectionType) {
+    /** Webhook-based event stream connection. */
     PubsubPublishConnectionType["Webhook"] = "WEBHOOK";
 })(PubsubPublishConnectionType || (PubsubPublishConnectionType = {}));
+/** Status codes for pubsub publish messages. */
 export var PubsubPublishMessageStatusCode;
 (function (PubsubPublishMessageStatusCode) {
+    /** Message processing was canceled. */
     PubsubPublishMessageStatusCode["Canceled"] = "CANCELED";
+    /** Message processing completed successfully. */
     PubsubPublishMessageStatusCode["Completed"] = "COMPLETED";
+    /** Message is pending processing. */
     PubsubPublishMessageStatusCode["Pending"] = "PENDING";
+    /** Message is currently being processed. */
     PubsubPublishMessageStatusCode["Processing"] = "PROCESSING";
+    /** Message is being retried after a failure. */
     PubsubPublishMessageStatusCode["Retry"] = "RETRY";
 })(PubsubPublishMessageStatusCode || (PubsubPublishMessageStatusCode = {}));
+/** Types of pubsub publish messages. */
 export var PubsubPublishMessageType;
 (function (PubsubPublishMessageType) {
+    /** Event stream message type. */
     PubsubPublishMessageType["EventStream"] = "EVENT_STREAM";
 })(PubsubPublishMessageType || (PubsubPublishMessageType = {}));
+/** Types of entities that can be included in recommendations. */
 export var RecommendationsEntityType;
 (function (RecommendationsEntityType) {
+    /** An application entity */
     RecommendationsEntityType["App"] = "APP";
+    /** A group entity */
     RecommendationsEntityType["Group"] = "GROUP";
+    /** An organization entity */
     RecommendationsEntityType["Organization"] = "ORGANIZATION";
+    /** A resource entity */
     RecommendationsEntityType["Resource"] = "RESOURCE";
+    /** A user entity */
     RecommendationsEntityType["User"] = "USER";
 })(RecommendationsEntityType || (RecommendationsEntityType = {}));
+/** Types of feedback actions that can be logged for recommendations. */
 export var RecommendationsFeedbackType;
 (function (RecommendationsFeedbackType) {
+    /** Dismiss suggestion for not using access */
     RecommendationsFeedbackType["DismissSuggestionNotUsingAccess"] = "DISMISS_SUGGESTION_NOT_USING_ACCESS";
+    /** Dismiss suggestion for overprovisioned rule */
     RecommendationsFeedbackType["DismissSuggestionOverprovisionedRule"] = "DISMISS_SUGGESTION_OVERPROVISIONED_RULE";
+    /** Dismiss suggestion for perpetual and unused access */
     RecommendationsFeedbackType["DismissSuggestionPerpetualAndUnusedAccess"] = "DISMISS_SUGGESTION_PERPETUAL_AND_UNUSED_ACCESS";
+    /** Dismiss suggestion for unmanaged access */
     RecommendationsFeedbackType["DismissSuggestionUnmanagedAccess"] = "DISMISS_SUGGESTION_UNMANAGED_ACCESS";
+    /** Dismiss suggestion for unused access */
     RecommendationsFeedbackType["DismissSuggestionUnusedAccess"] = "DISMISS_SUGGESTION_UNUSED_ACCESS";
+    /** Remediate access that is not being used */
     RecommendationsFeedbackType["RemediateSuggestionNotUsingAccess"] = "REMEDIATE_SUGGESTION_NOT_USING_ACCESS";
+    /** Remediate perpetual and unused access */
     RecommendationsFeedbackType["RemediateSuggestionPerpetualAndUnusedAccess"] = "REMEDIATE_SUGGESTION_PERPETUAL_AND_UNUSED_ACCESS";
+    /** Remediate unmanaged access */
     RecommendationsFeedbackType["RemediateSuggestionUnmanagedAccess"] = "REMEDIATE_SUGGESTION_UNMANAGED_ACCESS";
+    /** Remediate unused access */
     RecommendationsFeedbackType["RemediateSuggestionUnusedAccess"] = "REMEDIATE_SUGGESTION_UNUSED_ACCESS";
 })(RecommendationsFeedbackType || (RecommendationsFeedbackType = {}));
+/** Types of metrics tracked by the recommendations system. */
 export var RecommendationsMetricType;
 (function (RecommendationsMetricType) {
+    /** Total access points converted to JIT */
     RecommendationsMetricType["AccessPointsConvertedToJit"] = "ACCESS_POINTS_CONVERTED_TO_JIT";
+    /** Access points converted to JIT by threat center */
     RecommendationsMetricType["AccessPointsConvertedToJitByThreatCenter"] = "ACCESS_POINTS_CONVERTED_TO_JIT_BY_THREAT_CENTER";
+    /** Access points converted to JIT from suggestions */
     RecommendationsMetricType["AccessPointsConvertedToJitFromSuggestions"] = "ACCESS_POINTS_CONVERTED_TO_JIT_FROM_SUGGESTIONS";
+    /** Total access points revoked */
     RecommendationsMetricType["AccessPointsRevoked"] = "ACCESS_POINTS_REVOKED";
+    /** Access points revoked by threat center */
     RecommendationsMetricType["AccessPointsRevokedByThreatCenter"] = "ACCESS_POINTS_REVOKED_BY_THREAT_CENTER";
+    /** Access points revoked from suggestions */
     RecommendationsMetricType["AccessPointsRevokedFromSuggestions"] = "ACCESS_POINTS_REVOKED_FROM_SUGGESTIONS";
+    /** Daily count of irregular user access */
     RecommendationsMetricType["DailyIrregularUserAccess"] = "DAILY_IRREGULAR_USER_ACCESS";
+    /** Daily count of outside user access */
     RecommendationsMetricType["DailyOutsideUserAccess"] = "DAILY_OUTSIDE_USER_ACCESS";
+    /** Daily count of perpetual user access */
     RecommendationsMetricType["DailyPerpetualUserAccess"] = "DAILY_PERPETUAL_USER_ACCESS";
+    /** Daily count of unused non-human identity access */
     RecommendationsMetricType["DailyUnusedNhiAccess"] = "DAILY_UNUSED_NHI_ACCESS";
+    /** Daily count of unused user access */
     RecommendationsMetricType["DailyUnusedUserAccess"] = "DAILY_UNUSED_USER_ACCESS";
+    /** Count of entities with critical risk score */
     RecommendationsMetricType["EntitiesWithCriticalRiskScore"] = "ENTITIES_WITH_CRITICAL_RISK_SCORE";
+    /** Count of entities with high risk score */
     RecommendationsMetricType["EntitiesWithHighRiskScore"] = "ENTITIES_WITH_HIGH_RISK_SCORE";
+    /** Count of entities with low risk score */
     RecommendationsMetricType["EntitiesWithLowRiskScore"] = "ENTITIES_WITH_LOW_RISK_SCORE";
+    /** Count of entities with medium risk score */
     RecommendationsMetricType["EntitiesWithMediumRiskScore"] = "ENTITIES_WITH_MEDIUM_RISK_SCORE";
+    /** Total licenses revoked */
     RecommendationsMetricType["LicensesRevoked"] = "LICENSES_REVOKED";
+    /** Licenses revoked by threat center */
     RecommendationsMetricType["LicensesRevokedByThreatCenter"] = "LICENSES_REVOKED_BY_THREAT_CENTER";
+    /** Access points converted to JIT from not using access */
     RecommendationsMetricType["NotUsingAccessPointsConvertedToJit"] = "NOT_USING_ACCESS_POINTS_CONVERTED_TO_JIT";
+    /** Access points revoked from not using access */
     RecommendationsMetricType["NotUsingAccessPointsRevoked"] = "NOT_USING_ACCESS_POINTS_REVOKED";
+    /** Access points converted to JIT from perpetual and unused access */
     RecommendationsMetricType["PerpetualAndUnusedAccessPointsConvertedToJit"] = "PERPETUAL_AND_UNUSED_ACCESS_POINTS_CONVERTED_TO_JIT";
+    /** Access points revoked from perpetual and unused access */
     RecommendationsMetricType["PerpetualAndUnusedAccessPointsRevoked"] = "PERPETUAL_AND_UNUSED_ACCESS_POINTS_REVOKED";
+    /** Remediations performed for perpetual and unused access */
     RecommendationsMetricType["RemediationsPerformedSuggestionPerpetualAndUnusedAccess"] = "REMEDIATIONS_PERFORMED_SUGGESTION_PERPETUAL_AND_UNUSED_ACCESS";
+    /** Remediations performed for not using access */
     RecommendationsMetricType["RemediationsPerformedSuggestionSuggestionNotUsingAccess"] = "REMEDIATIONS_PERFORMED_SUGGESTION_SUGGESTION_NOT_USING_ACCESS";
+    /** Remediations performed for unused access */
     RecommendationsMetricType["RemediationsPerformedSuggestionSuggestionUnusedAccess"] = "REMEDIATIONS_PERFORMED_SUGGESTION_SUGGESTION_UNUSED_ACCESS";
+    /** Remediations performed for unmanaged access */
     RecommendationsMetricType["RemediationsPerformedSuggestionUnmanagedAccess"] = "REMEDIATIONS_PERFORMED_SUGGESTION_UNMANAGED_ACCESS";
+    /** Total count of perpetual access */
     RecommendationsMetricType["SumPerpetualAccess"] = "SUM_PERPETUAL_ACCESS";
+    /** Total count of time-bound access */
     RecommendationsMetricType["SumTimeBoundAccess"] = "SUM_TIME_BOUND_ACCESS";
+    /** Total count of unused access */
     RecommendationsMetricType["SumUnusedAccess"] = "SUM_UNUSED_ACCESS";
+    /** Total count of detected threats */
     RecommendationsMetricType["TotalThreatCount"] = "TOTAL_THREAT_COUNT";
+    /** Access points converted to JIT from unmanaged access */
     RecommendationsMetricType["UnmanagedAccessPointsConvertedToJit"] = "UNMANAGED_ACCESS_POINTS_CONVERTED_TO_JIT";
+    /** Access points revoked from unmanaged access */
     RecommendationsMetricType["UnmanagedAccessPointsRevoked"] = "UNMANAGED_ACCESS_POINTS_REVOKED";
+    /** Access points converted to JIT from unused access */
     RecommendationsMetricType["UnusedAccessPointsConvertedToJit"] = "UNUSED_ACCESS_POINTS_CONVERTED_TO_JIT";
+    /** Access points revoked from unused access */
     RecommendationsMetricType["UnusedAccessPointsRevoked"] = "UNUSED_ACCESS_POINTS_REVOKED";
 })(RecommendationsMetricType || (RecommendationsMetricType = {}));
+/** Types of risk factors and suggestions identified by the recommendations system. */
 export var RecommendationsSubscoreType;
 (function (RecommendationsSubscoreType) {
+    /** Access that is used irregularly or outside normal patterns */
     RecommendationsSubscoreType["IrregularAccess"] = "IRREGULAR_ACCESS";
+    /** Heuristic-based detection of irregular access patterns */
     RecommendationsSubscoreType["IrregularAccessHeuristic"] = "IRREGULAR_ACCESS_HEURISTIC";
+    /** Access that never expires */
     RecommendationsSubscoreType["PerpetualAccess"] = "PERPETUAL_ACCESS";
+    /** Resource has known vulnerabilities */
     RecommendationsSubscoreType["ResourceVulnerability"] = "RESOURCE_VULNERABILITY";
+    /** Suggestion for access that is not being used */
     RecommendationsSubscoreType["SuggestionNotUsingAccess"] = "SUGGESTION_NOT_USING_ACCESS";
+    /** Suggestion for over-provisioned rules that grant too much access */
     RecommendationsSubscoreType["SuggestionOverprovisionedRule"] = "SUGGESTION_OVERPROVISIONED_RULE";
+    /** Suggestion to address perpetual and unused access */
     RecommendationsSubscoreType["SuggestionPerpetualAndUnusedAccess"] = "SUGGESTION_PERPETUAL_AND_UNUSED_ACCESS";
+    /** Suggestion to address unmanaged access */
     RecommendationsSubscoreType["SuggestionUnmanagedAccess"] = "SUGGESTION_UNMANAGED_ACCESS";
+    /** Suggestion to address unused access */
     RecommendationsSubscoreType["SuggestionUnusedAccess"] = "SUGGESTION_UNUSED_ACCESS";
+    /** Access that is not managed through Opal */
     RecommendationsSubscoreType["UnmanagedAccess"] = "UNMANAGED_ACCESS";
+    /** Access that has not been used */
     RecommendationsSubscoreType["UnusedAccess"] = "UNUSED_ACCESS";
 })(RecommendationsSubscoreType || (RecommendationsSubscoreType = {}));
+/** Type of approver for a request. */
 export var RequestApprovalType;
 (function (RequestApprovalType) {
+    /** Manager of the requesting user */
     RequestApprovalType["Manager"] = "MANAGER";
+    /** Owner of the resource or group */
     RequestApprovalType["Owner"] = "OWNER";
+    /** Skip-level manager of the requesting user */
     RequestApprovalType["SkipManager"] = "SKIP_MANAGER";
+    /** Specific user assigned as reviewer */
     RequestApprovalType["User"] = "USER";
 })(RequestApprovalType || (RequestApprovalType = {}));
+/** Specific codes for request validation messages. */
 export var RequestMessageCode;
 (function (RequestMessageCode) {
+    /** Entity cannot be requested */
     RequestMessageCode["EntityNotRequestable"] = "ENTITY_NOT_REQUESTABLE";
+    /** Item has reached its capacity limit */
     RequestMessageCode["ItemAtCapacity"] = "ITEM_AT_CAPACITY";
+    /** Linked group is not requestable */
     RequestMessageCode["LinkedGroupNotRequestable"] = "LINKED_GROUP_NOT_REQUESTABLE";
+    /** Nested group access not allowed */
     RequestMessageCode["NestedGroupAccessNotAllowed"] = "NESTED_GROUP_ACCESS_NOT_ALLOWED";
+    /** Request will reset existing access duration */
     RequestMessageCode["RequestResetsAccessDuration"] = "REQUEST_RESETS_ACCESS_DURATION";
+    /** User authentication token required */
     RequestMessageCode["RequireUserAuthToken"] = "REQUIRE_USER_AUTH_TOKEN";
 })(RequestMessageCode || (RequestMessageCode = {}));
+/** Severity level of a request message. */
 export var RequestMessageLevel;
 (function (RequestMessageLevel) {
+    /** Error message */
     RequestMessageLevel["Error"] = "ERROR";
+    /** Informational message */
     RequestMessageLevel["Info"] = "INFO";
+    /** Warning message */
     RequestMessageLevel["Warning"] = "WARNING";
 })(RequestMessageLevel || (RequestMessageLevel = {}));
+/** Field to sort request reviewer delegations by. */
 export var RequestReviewerDelegationsSortByField;
 (function (RequestReviewerDelegationsSortByField) {
+    /** Sort by delegation creation time. */
     RequestReviewerDelegationsSortByField["CreatedAt"] = "CREATED_AT";
+    /** Sort by delegation end time. */
     RequestReviewerDelegationsSortByField["EndTime"] = "END_TIME";
+    /** Sort by delegation start time. */
     RequestReviewerDelegationsSortByField["StartTime"] = "START_TIME";
 })(RequestReviewerDelegationsSortByField || (RequestReviewerDelegationsSortByField = {}));
+/** Source from which a request was created. */
 export var RequestSource;
 (function (RequestSource) {
+    /** Created via API */
     RequestSource["Api"] = "API";
+    /** Created via command-line interface */
     RequestSource["Cli"] = "CLI";
+    /** Created via Slack integration */
     RequestSource["Slack"] = "SLACK";
+    /** Created via web interface */
     RequestSource["Web"] = "WEB";
 })(RequestSource || (RequestSource = {}));
+/** Status of an access request throughout its lifecycle. */
 export var RequestStatus;
 (function (RequestStatus) {
+    /** Request has been approved */
     RequestStatus["Approved"] = "APPROVED";
+    /** Request has been canceled by the requester */
     RequestStatus["Canceled"] = "CANCELED";
+    /** Request has been denied */
     RequestStatus["Denied"] = "DENIED";
+    /** Request is awaiting approval */
     RequestStatus["Pending"] = "PENDING";
 })(RequestStatus || (RequestStatus = {}));
+/** Type of custom field in a request template. */
 export var RequestTemplateCustomFieldType;
 (function (RequestTemplateCustomFieldType) {
+    /** Boolean checkbox field. */
     RequestTemplateCustomFieldType["Boolean"] = "BOOLEAN";
+    /** Long text field (multiple lines). */
     RequestTemplateCustomFieldType["LongText"] = "LONG_TEXT";
+    /** Multiple choice dropdown field. */
     RequestTemplateCustomFieldType["MultiChoice"] = "MULTI_CHOICE";
+    /** Short text field (single line). */
     RequestTemplateCustomFieldType["ShortText"] = "SHORT_TEXT";
 })(RequestTemplateCustomFieldType || (RequestTemplateCustomFieldType = {}));
+/** Direction of a request relative to the current user. */
 export var RequestType;
 (function (RequestType) {
+    /** Requests assigned to the user for review */
     RequestType["Incoming"] = "INCOMING";
+    /** Requests created by the user */
     RequestType["Outgoing"] = "OUTGOING";
 })(RequestType || (RequestType = {}));
+/** Fields to sort requests by. */
 export var RequestsSortByField;
 (function (RequestsSortByField) {
+    /** Sort by creation timestamp */
     RequestsSortByField["CreatedAt"] = "CREATED_AT";
+    /** Sort by access duration */
     RequestsSortByField["Duration"] = "DURATION";
+    /** Sort by request status */
     RequestsSortByField["Status"] = "STATUS";
+    /** Sort by target user or group */
     RequestsSortByField["Target"] = "TARGET";
+    /** Sort by last update timestamp */
     RequestsSortByField["UpdatedAt"] = "UPDATED_AT";
 })(RequestsSortByField || (RequestsSortByField = {}));
+/** Types of resources that can be managed in Opal. */
 export var ResourceType;
 (function (ResourceType) {
+    /** Anthropic Workspace */
     ResourceType["AnthropicWorkspace"] = "ANTHROPIC_WORKSPACE";
+    /** AWS Account */
     ResourceType["AwsAccount"] = "AWS_ACCOUNT";
+    /** AWS EC2 Instance */
     ResourceType["AwsEc2Instance"] = "AWS_EC2_INSTANCE";
+    /** AWS EKS Cluster */
     ResourceType["AwsEksCluster"] = "AWS_EKS_CLUSTER";
+    /** AWS IAM Role */
     ResourceType["AwsIamRole"] = "AWS_IAM_ROLE";
+    /** AWS Organizational Unit */
     ResourceType["AwsOrganizationalUnit"] = "AWS_ORGANIZATIONAL_UNIT";
+    /** AWS RDS MySQL Cluster */
     ResourceType["AwsRdsMysqlCluster"] = "AWS_RDS_MYSQL_CLUSTER";
+    /** AWS RDS MySQL Instance */
     ResourceType["AwsRdsMysqlInstance"] = "AWS_RDS_MYSQL_INSTANCE";
+    /** AWS RDS PostgreSQL Cluster */
     ResourceType["AwsRdsPostgresCluster"] = "AWS_RDS_POSTGRES_CLUSTER";
+    /** AWS RDS PostgreSQL Instance */
     ResourceType["AwsRdsPostgresInstance"] = "AWS_RDS_POSTGRES_INSTANCE";
+    /** AWS SSO Permission Set */
     ResourceType["AwsSsoPermissionSet"] = "AWS_SSO_PERMISSION_SET";
+    /** Azure Enterprise App */
     ResourceType["AzureEnterpriseApp"] = "AZURE_ENTERPRISE_APP";
+    /** Azure Entra ID Role */
     ResourceType["AzureEntraIdRole"] = "AZURE_ENTRA_ID_ROLE";
+    /** Azure Management Group */
     ResourceType["AzureManagementGroup"] = "AZURE_MANAGEMENT_GROUP";
+    /** Azure Resource Group */
     ResourceType["AzureResourceGroup"] = "AZURE_RESOURCE_GROUP";
+    /** Azure SQL Database */
     ResourceType["AzureSqlDatabase"] = "AZURE_SQL_DATABASE";
+    /** Azure SQL Managed Database */
     ResourceType["AzureSqlManagedDatabase"] = "AZURE_SQL_MANAGED_DATABASE";
+    /** Azure SQL Managed Instance */
     ResourceType["AzureSqlManagedInstance"] = "AZURE_SQL_MANAGED_INSTANCE";
+    /** Azure SQL Server */
     ResourceType["AzureSqlServer"] = "AZURE_SQL_SERVER";
+    /** Azure Storage Account */
     ResourceType["AzureStorageAccount"] = "AZURE_STORAGE_ACCOUNT";
+    /** Azure Storage Container */
     ResourceType["AzureStorageContainer"] = "AZURE_STORAGE_CONTAINER";
+    /** Azure Subscription */
     ResourceType["AzureSubscription"] = "AZURE_SUBSCRIPTION";
+    /** Azure User Assigned Managed Identity */
     ResourceType["AzureUserAssignedManagedIdentity"] = "AZURE_USER_ASSIGNED_MANAGED_Identity";
+    /** Azure Virtual Machine */
     ResourceType["AzureVirtualMachine"] = "AZURE_VIRTUAL_MACHINE";
+    /** Coupa Role */
     ResourceType["CoupaRole"] = "COUPA_ROLE";
+    /** Cursor Organization */
     ResourceType["CursorOrganization"] = "CURSOR_ORGANIZATION";
+    /** Custom Resource */
     ResourceType["Custom"] = "CUSTOM";
+    /** Custom Connector Resource */
     ResourceType["CustomConnector"] = "CUSTOM_CONNECTOR";
+    /** Databricks Account Service Principal */
     ResourceType["DatabricksAccountServicePrincipal"] = "DATABRICKS_ACCOUNT_SERVICE_PRINCIPAL";
+    /** DataStax Astra Role */
     ResourceType["DatastaxAstraRole"] = "DATASTAX_ASTRA_ROLE";
+    ResourceType["DevinOrganization"] = "DEVIN_ORGANIZATION";
+    ResourceType["DevinRole"] = "DEVIN_ROLE";
+    /** GCP BigQuery Dataset */
     ResourceType["GcpBigQueryDataset"] = "GCP_BIG_QUERY_DATASET";
+    /** GCP BigQuery Table */
     ResourceType["GcpBigQueryTable"] = "GCP_BIG_QUERY_TABLE";
+    /** GCP Storage Bucket */
     ResourceType["GcpBucket"] = "GCP_BUCKET";
+    /** GCP Cloud SQL MySQL Instance */
     ResourceType["GcpCloudSqlMysqlInstance"] = "GCP_CLOUD_SQL_MYSQL_INSTANCE";
+    /** GCP Cloud SQL PostgreSQL Instance */
     ResourceType["GcpCloudSqlPostgresInstance"] = "GCP_CLOUD_SQL_POSTGRES_INSTANCE";
+    /** GCP Compute Instance */
     ResourceType["GcpComputeInstance"] = "GCP_COMPUTE_INSTANCE";
+    /** GCP Folder */
     ResourceType["GcpFolder"] = "GCP_FOLDER";
+    /** GCP GKE Cluster (Deprecated, use GOOGLE_GROUPS_GKE_GROUP instead) */
     ResourceType["GcpGkeCluster"] = "GCP_GKE_CLUSTER";
+    /** GCP Organization */
     ResourceType["GcpOrganization"] = "GCP_ORGANIZATION";
+    /** GCP Project */
     ResourceType["GcpProject"] = "GCP_PROJECT";
+    /** GCP Service Account */
     ResourceType["GcpServiceAccount"] = "GCP_SERVICE_ACCOUNT";
+    /** GitHub Organization */
     ResourceType["GitHubOrg"] = "GIT_HUB_ORG";
+    /** GitHub Organization Role */
     ResourceType["GitHubOrgRole"] = "GIT_HUB_ORG_ROLE";
+    /** GitHub Repository */
     ResourceType["GitHubRepo"] = "GIT_HUB_REPO";
+    /** GitLab Project */
     ResourceType["GitLabProject"] = "GIT_LAB_PROJECT";
+    /** Google Workspace Role */
     ResourceType["GoogleWorkspaceRole"] = "GOOGLE_WORKSPACE_ROLE";
+    /** iLevel Advanced Role */
     ResourceType["IlevelAdvancedRole"] = "ILEVEL_ADVANCED_ROLE";
+    /** MariaDB Instance */
     ResourceType["MariadbInstance"] = "MARIADB_INSTANCE";
+    /** MongoDB Atlas Instance */
     ResourceType["MongoAtlasInstance"] = "MONGO_ATLAS_INSTANCE";
+    /** MongoDB Instance */
     ResourceType["MongoInstance"] = "MONGO_INSTANCE";
+    /** MySQL Instance */
     ResourceType["MysqlInstance"] = "MYSQL_INSTANCE";
+    /** Okta Application */
     ResourceType["OktaApp"] = "OKTA_APP";
+    /** Okta Role */
     ResourceType["OktaRole"] = "OKTA_ROLE";
+    /** Opal Role */
     ResourceType["OpalRole"] = "OPAL_ROLE";
+    /** Opal Scoped Role */
     ResourceType["OpalScopedRole"] = "OPAL_SCOPED_ROLE";
+    /** OpenAI Platform Project */
     ResourceType["OpenaiPlatformProject"] = "OPENAI_PLATFORM_PROJECT";
+    /** OpenAI Platform Service Account */
     ResourceType["OpenaiPlatformServiceAccount"] = "OPENAI_PLATFORM_SERVICE_ACCOUNT";
+    /** Oracle Fusion Role */
     ResourceType["OracleFusionRole"] = "ORACLE_FUSION_ROLE";
+    /** PagerDuty Role */
     ResourceType["PagerdutyRole"] = "PAGERDUTY_ROLE";
+    /** PostgreSQL Instance */
     ResourceType["PostgresInstance"] = "POSTGRES_INSTANCE";
+    /** Salesforce Permission Set */
     ResourceType["SalesforcePermissionSet"] = "SALESFORCE_PERMISSION_SET";
+    /** Salesforce Profile */
     ResourceType["SalesforceProfile"] = "SALESFORCE_PROFILE";
+    /** Salesforce Role */
     ResourceType["SalesforceRole"] = "SALESFORCE_ROLE";
+    /** Snowflake Database */
     ResourceType["SnowflakeDatabase"] = "SNOWFLAKE_DATABASE";
+    /** Snowflake Schema */
     ResourceType["SnowflakeSchema"] = "SNOWFLAKE_SCHEMA";
+    /** Snowflake Table */
     ResourceType["SnowflakeTable"] = "SNOWFLAKE_TABLE";
+    /** Tailscale SSH */
     ResourceType["TailscaleSsh"] = "TAILSCALE_SSH";
+    /** Teleport Role */
     ResourceType["TeleportRole"] = "TELEPORT_ROLE";
+    ResourceType["VaultOidcRole"] = "VAULT_OIDC_ROLE";
+    ResourceType["VaultPolicy"] = "VAULT_POLICY";
+    ResourceType["VaultSecret"] = "VAULT_SECRET";
+    /** Workday Role */
     ResourceType["WorkdayRole"] = "WORKDAY_ROLE";
 })(ResourceType || (ResourceType = {}));
+/** Fields to sort resource users by. */
 export var ResourceUserSortByField;
 (function (ResourceUserSortByField) {
+    /** Sort by access level name */
     ResourceUserSortByField["AccessLevelName"] = "ACCESS_LEVEL_NAME";
+    /** Sort by expiration time */
     ResourceUserSortByField["ExpiresAt"] = "EXPIRES_AT";
+    /** Sort by last used timestamp */
     ResourceUserSortByField["LastUsedAt"] = "LAST_USED_AT";
+    /** Sort by propagation status */
     ResourceUserSortByField["PropagationStatus"] = "PROPAGATION_STATUS";
+    /** Sort by resource name */
     ResourceUserSortByField["ResourceName"] = "RESOURCE_NAME";
+    /** Sort by source of access */
     ResourceUserSortByField["SourceOfAccess"] = "SOURCE_OF_ACCESS";
+    /** Sort by user email */
     ResourceUserSortByField["UserEmail"] = "USER_EMAIL";
+    /** Sort by user full name */
     ResourceUserSortByField["UserFullName"] = "USER_FULL_NAME";
 })(ResourceUserSortByField || (ResourceUserSortByField = {}));
+/** Source of a resource user assignment. */
 export var ResourceUserSource;
 (function (ResourceUserSource) {
-    /** ResourceUser that's inherited from another remote resource */
+    /** ResourceUser that's inherited from another remote resource. */
     ResourceUserSource["Inherited"] = "INHERITED";
+    /** Regular directly-assigned resource user. */
     ResourceUserSource["Regular"] = "REGULAR";
 })(ResourceUserSource || (ResourceUserSource = {}));
 export var ReviewStageOperator;
@@ -1220,30 +1758,50 @@ export var ReviewStageOperator;
     ReviewStageOperator["And"] = "AND";
     ReviewStageOperator["Or"] = "OR";
 })(ReviewStageOperator || (ReviewStageOperator = {}));
+/** Actions a reviewer can take on a request. */
 export var ReviewerAction;
 (function (ReviewerAction) {
+    /** Reviewer approved the request */
     ReviewerAction["Approved"] = "APPROVED";
+    /** Reviewer denied the request */
     ReviewerAction["Denied"] = "DENIED";
 })(ReviewerAction || (ReviewerAction = {}));
+/** The status of a single reviewer's decision on an access item. */
 export var ReviewerUserStatus;
 (function (ReviewerUserStatus) {
+    /** The reviewer accepted/approved the access. */
     ReviewerUserStatus["Accepted"] = "ACCEPTED";
+    /** Admin revoked the access and it needs to be removed in the end system. */
     ReviewerUserStatus["AdminNeedsEndSystemRevocation"] = "ADMIN_NEEDS_END_SYSTEM_REVOCATION";
+    /** Admin revoked the access. */
     ReviewerUserStatus["AdminRevoked"] = "ADMIN_REVOKED";
+    /** The reviewer revoked the access and it needs to be removed in the end system. */
     ReviewerUserStatus["NeedsEndSystemRevocation"] = "NEEDS_END_SYSTEM_REVOCATION";
+    /** The reviewer updated the access and the resulting request needs approval. */
     ReviewerUserStatus["NeedsUpdateRequestApproval"] = "NEEDS_UPDATE_REQUEST_APPROVAL";
+    /** No review is required for this item. */
     ReviewerUserStatus["NotRequired"] = "NOT_REQUIRED";
+    /** The reviewer has not started reviewing this item yet. */
     ReviewerUserStatus["NotStarted"] = "NOT_STARTED";
+    /** The reviewer revoked the access. */
     ReviewerUserStatus["Revoked"] = "REVOKED";
+    /** The reviewer updated/modified the access. */
     ReviewerUserStatus["Updated"] = "UPDATED";
 })(ReviewerUserStatus || (ReviewerUserStatus = {}));
+/** Represents the severity level of a security risk or threat. */
 export var RiskLevel;
 (function (RiskLevel) {
+    /** Critical severity risk requiring immediate attention */
     RiskLevel["Critical"] = "CRITICAL";
+    /** High severity risk */
     RiskLevel["High"] = "HIGH";
+    /** Low severity risk */
     RiskLevel["Low"] = "LOW";
+    /** Medium severity risk */
     RiskLevel["Medium"] = "MEDIUM";
+    /** No risk identified */
     RiskLevel["None"] = "NONE";
+    /** Unknown or unclassified risk level */
     RiskLevel["Unknown"] = "UNKNOWN";
 })(RiskLevel || (RiskLevel = {}));
 export var RoleAssignmentSource;
@@ -1258,6 +1816,7 @@ export var RoleAssignmentSource;
     /** Regular GroupUser that's imported from a nested group. */
     RoleAssignmentSource["RegularNested"] = "REGULAR_NESTED";
 })(RoleAssignmentSource || (RoleAssignmentSource = {}));
+/** Field to sort role assignments by. */
 export var RoleAssignmentsSortByField;
 (function (RoleAssignmentsSortByField) {
     RoleAssignmentsSortByField["EntityName"] = "ENTITY_NAME";
@@ -1269,6 +1828,7 @@ export var RoleAssignmentsSortByField;
     RoleAssignmentsSortByField["Role"] = "ROLE";
     RoleAssignmentsSortByField["VulnerabilityCount"] = "VULNERABILITY_COUNT";
 })(RoleAssignmentsSortByField || (RoleAssignmentsSortByField = {}));
+/** Permissions that can be granted on various target types in Opal. */
 export var RolePermission;
 (function (RolePermission) {
     RolePermission["AssignUarReviewers"] = "ASSIGN_UAR_REVIEWERS";
@@ -1293,6 +1853,7 @@ export var RolePermission;
     RolePermission["Stop"] = "STOP";
     RolePermission["Sync"] = "SYNC";
 })(RolePermission || (RolePermission = {}));
+/** Target types that permissions can be scoped to. */
 export var RolePermissionTargetType;
 (function (RolePermissionTargetType) {
     RolePermissionTargetType["AccessReview"] = "ACCESS_REVIEW";
@@ -1326,6 +1887,7 @@ export var ServiceType;
     ServiceType["CustomConnector"] = "CUSTOM_CONNECTOR";
     ServiceType["Databricks"] = "DATABRICKS";
     ServiceType["DatastaxAstra"] = "DATASTAX_ASTRA";
+    ServiceType["Devin"] = "DEVIN";
     ServiceType["Duo"] = "DUO";
     ServiceType["GcpBigQuery"] = "GCP_BIG_QUERY";
     ServiceType["GcpIam"] = "GCP_IAM";
@@ -1334,12 +1896,14 @@ export var ServiceType;
     ServiceType["GitLab"] = "GIT_LAB";
     ServiceType["GoogleGroups"] = "GOOGLE_GROUPS";
     ServiceType["GoogleWorkspace"] = "GOOGLE_WORKSPACE";
+    ServiceType["Incidentio"] = "INCIDENTIO";
     ServiceType["Kubernetes"] = "KUBERNETES";
     ServiceType["Ldap"] = "LDAP";
     ServiceType["Mariadb"] = "MARIADB";
     ServiceType["Mongo"] = "MONGO";
     ServiceType["MongoAtlas"] = "MONGO_ATLAS";
     ServiceType["Mysql"] = "MYSQL";
+    ServiceType["OktaCiam"] = "OKTA_CIAM";
     ServiceType["OktaDirectory"] = "OKTA_DIRECTORY";
     ServiceType["Opal"] = "OPAL";
     ServiceType["OpenaiPlatform"] = "OPENAI_PLATFORM";
@@ -1352,12 +1916,16 @@ export var ServiceType;
     ServiceType["Tailscale"] = "TAILSCALE";
     ServiceType["Teleport"] = "TELEPORT";
     ServiceType["Unknown"] = "UNKNOWN";
+    ServiceType["Vault"] = "VAULT";
     ServiceType["Workday"] = "WORKDAY";
 })(ServiceType || (ServiceType = {}));
+/** The strategy used for service user automation. */
 export var ServiceUserAutomationStrategy;
 (function (ServiceUserAutomationStrategy) {
+    ServiceUserAutomationStrategy["Starlark"] = "STARLARK";
     ServiceUserAutomationStrategy["Webhook"] = "WEBHOOK";
 })(ServiceUserAutomationStrategy || (ServiceUserAutomationStrategy = {}));
+/** The trigger event for service user automation. */
 export var ServiceUserAutomationTrigger;
 (function (ServiceUserAutomationTrigger) {
     ServiceUserAutomationTrigger["RequestCreatedForReviewer"] = "REQUEST_CREATED_FOR_REVIEWER";
@@ -1367,18 +1935,41 @@ export var SortDirection;
     SortDirection["Asc"] = "ASC";
     SortDirection["Desc"] = "DESC";
 })(SortDirection || (SortDirection = {}));
+export var StarlarkScriptExecutionResult;
+(function (StarlarkScriptExecutionResult) {
+    StarlarkScriptExecutionResult["Fail"] = "FAIL";
+    StarlarkScriptExecutionResult["Success"] = "SUCCESS";
+})(StarlarkScriptExecutionResult || (StarlarkScriptExecutionResult = {}));
+export var StarlarkScriptType;
+(function (StarlarkScriptType) {
+    StarlarkScriptType["RequestReview"] = "REQUEST_REVIEW";
+})(StarlarkScriptType || (StarlarkScriptType = {}));
 export var StringFormatType;
 (function (StringFormatType) {
     StringFormatType["Email"] = "EMAIL";
 })(StringFormatType || (StringFormatType = {}));
+export var StringMatchType;
+(function (StringMatchType) {
+    StringMatchType["Contains"] = "CONTAINS";
+    StringMatchType["EndsWith"] = "ENDS_WITH";
+    StringMatchType["Equals"] = "EQUALS";
+    StringMatchType["StartsWith"] = "STARTS_WITH";
+})(StringMatchType || (StringMatchType = {}));
+/** Fields that can be used to sort sub-events. */
 export var SubEventsSortByField;
 (function (SubEventsSortByField) {
+    /** Sort by creation time. */
     SubEventsSortByField["CreatedAt"] = "CREATED_AT";
+    /** Sort by first entity name. */
     SubEventsSortByField["Entity_1Name"] = "ENTITY_1_NAME";
+    /** Sort by second entity name. */
     SubEventsSortByField["Entity_2Name"] = "ENTITY_2_NAME";
+    /** Sort by third entity name. */
     SubEventsSortByField["Entity_3Name"] = "ENTITY_3_NAME";
+    /** Sort by fourth entity name. */
     SubEventsSortByField["Entity_4Name"] = "ENTITY_4_NAME";
 })(SubEventsSortByField || (SubEventsSortByField = {}));
+/** Status of a sync task. */
 export var SyncTaskStatus;
 (function (SyncTaskStatus) {
     SyncTaskStatus["Completed"] = "COMPLETED";
@@ -1386,11 +1977,14 @@ export var SyncTaskStatus;
     SyncTaskStatus["Started"] = "STARTED";
     SyncTaskStatus["TimedOut"] = "TIMED_OUT";
 })(SyncTaskStatus || (SyncTaskStatus = {}));
+/** Types of sync operations supported by Opal. */
 export var SyncType;
 (function (SyncType) {
     SyncType["PullConnectionsAll"] = "PULL_CONNECTIONS_ALL";
+    SyncType["PullConnectionsAllConnectionUsers"] = "PULL_CONNECTIONS_ALL_CONNECTION_USERS";
     SyncType["PullConnectionsAllGroups"] = "PULL_CONNECTIONS_ALL_GROUPS";
     SyncType["PullConnectionsAllIncludeUnmanagedItems"] = "PULL_CONNECTIONS_ALL_INCLUDE_UNMANAGED_ITEMS";
+    SyncType["PullConnectionsAllIncludeUnmanagedItemsWithoutDetails"] = "PULL_CONNECTIONS_ALL_INCLUDE_UNMANAGED_ITEMS_WITHOUT_DETAILS";
     SyncType["PullConnectionsAllResources"] = "PULL_CONNECTIONS_ALL_RESOURCES";
     SyncType["PullConnectionsCustom"] = "PULL_CONNECTIONS_CUSTOM";
     SyncType["PullConnectionsEventsOnly"] = "PULL_CONNECTIONS_EVENTS_ONLY";
@@ -1405,13 +1999,19 @@ export var SyncType;
     SyncType["PullPropagationTickets"] = "PULL_PROPAGATION_TICKETS";
     SyncType["PullUarRemoteTickets"] = "PULL_UAR_REMOTE_TICKETS";
 })(SyncType || (SyncType = {}));
+/** Match mode for tag filtering. */
 export var TagFilterMatchMode;
 (function (TagFilterMatchMode) {
+    /** Match entities with all of the tags. */
     TagFilterMatchMode["All"] = "ALL";
+    /** Match entities with any of the tags. */
     TagFilterMatchMode["Any"] = "ANY";
+    /** Match entities with none of the tags. */
     TagFilterMatchMode["None"] = "NONE";
+    /** Match entities that don't have all of the tags. */
     TagFilterMatchMode["NotAll"] = "NOT_ALL";
 })(TagFilterMatchMode || (TagFilterMatchMode = {}));
+/** Field to sort tags by. */
 export var TagsSortByField;
 (function (TagsSortByField) {
     TagsSortByField["CreatedAt"] = "CREATED_AT";
@@ -1456,29 +2056,52 @@ export var TaskTrigger;
     TaskTrigger["ThirdPartyProviderPull"] = "THIRD_PARTY_PROVIDER_PULL";
     TaskTrigger["UserDeleted"] = "USER_DELETED";
 })(TaskTrigger || (TaskTrigger = {}));
+/** Supported third-party service providers that can be integrated with Opal. */
 export var ThirdPartyProvider;
 (function (ThirdPartyProvider) {
+    /** Auth0 authentication provider. */
     ThirdPartyProvider["Auth0"] = "AUTH0";
+    /** FreshService IT service management platform integration. */
     ThirdPartyProvider["FreshService"] = "FRESH_SERVICE";
+    /** GitHub integration for storing user mappings between Opal and GitHub users. */
     ThirdPartyProvider["GitHub"] = "GIT_HUB";
+    /** GitHub connection integration for authentication after GitHub app installation. */
     ThirdPartyProvider["GitHubConnection"] = "GIT_HUB_CONNECTION";
+    /** GitHub registration integration for handling redirects after GitHub app registration. */
     ThirdPartyProvider["GitHubRegistration"] = "GIT_HUB_REGISTRATION";
+    /** GitLab integration for storing user mappings between Opal and GitLab SaaS users. */
     ThirdPartyProvider["GitLab"] = "GIT_LAB";
+    /** GitLab connection integration for handling OAuth flow. */
     ThirdPartyProvider["GitLabConnection"] = "GIT_LAB_CONNECTION";
+    /** Google Chat messaging platform integration. */
     ThirdPartyProvider["GoogleChat"] = "GOOGLE_CHAT";
+    /** Jira project management and issue tracking integration. */
     ThirdPartyProvider["Jira"] = "JIRA";
+    /** Linear project management and issue tracking integration. */
     ThirdPartyProvider["Linear"] = "LINEAR";
+    /** Notion workspace and documentation integration. */
     ThirdPartyProvider["Notion"] = "NOTION";
+    /** Opsgenie incident management platform integration. */
     ThirdPartyProvider["Opsgenie"] = "OPSGENIE";
+    /** PagerDuty incident response platform integration. */
     ThirdPartyProvider["PagerDuty"] = "PAGER_DUTY";
+    /** ServiceNow IT service management platform integration. */
     ThirdPartyProvider["ServiceNow"] = "SERVICE_NOW";
+    /** Shortcut project management platform integration. */
+    ThirdPartyProvider["Shortcut"] = "SHORTCUT";
+    /** Slack messaging platform integration. */
     ThirdPartyProvider["Slack"] = "SLACK";
+    /** Teleport access platform integration. */
     ThirdPartyProvider["Teleport"] = "TELEPORT";
 })(ThirdPartyProvider || (ThirdPartyProvider = {}));
+/** Time bucket size for aggregating metrics data. */
 export var TimeBucket;
 (function (TimeBucket) {
+    /** Aggregate by day. */
     TimeBucket["Day"] = "DAY";
+    /** Aggregate by month. */
     TimeBucket["Month"] = "MONTH";
+    /** Aggregate by week. */
     TimeBucket["Week"] = "WEEK";
 })(TimeBucket || (TimeBucket = {}));
 export var TimePeriod;
@@ -1497,38 +2120,60 @@ export var UiSource;
     UiSource["ThreatCenter"] = "THREAT_CENTER";
     UiSource["Unknown"] = "UNKNOWN";
 })(UiSource || (UiSource = {}));
+/** Denotes where the usage is stored or should be attributed to. */
 export var UsageAttributionType;
 (function (UsageAttributionType) {
+    /** Usage stored in event records */
     UsageAttributionType["Event"] = "EVENT";
+    /** Usage stored in aggregated rollup records */
     UsageAttributionType["UsageRollup"] = "USAGE_ROLLUP";
 })(UsageAttributionType || (UsageAttributionType = {}));
+/** Types of user-facing errors that may occur. */
 export var UserErrorType;
 (function (UserErrorType) {
+    /** Support ticket was not found. */
     UserErrorType["SupportTicketNotFound"] = "SUPPORT_TICKET_NOT_FOUND";
 })(UserErrorType || (UserErrorType = {}));
+/** The product role for a user in Opal. */
 export var UserProductRole;
 (function (UserProductRole) {
     UserProductRole["Admin"] = "ADMIN";
     UserProductRole["Member"] = "MEMBER";
 })(UserProductRole || (UserProductRole = {}));
+/** Fields that users can be sorted by. */
 export var UsersSortByField;
 (function (UsersSortByField) {
+    /** Sort by creation date. */
     UsersSortByField["CreatedAt"] = "CREATED_AT";
+    /** Sort by email address. */
     UsersSortByField["Email"] = "EMAIL";
+    /** Sort by first name. */
     UsersSortByField["FirstName"] = "FIRST_NAME";
+    /** Sort by full name. */
     UsersSortByField["FullName"] = "FULL_NAME";
+    /** Sort by HR/IDP status. */
     UsersSortByField["HrIdpStatus"] = "HR_IDP_STATUS";
+    /** Sort by last name. */
     UsersSortByField["LastName"] = "LAST_NAME";
+    /** Sort by manager name. */
     UsersSortByField["Manager"] = "MANAGER";
+    /** Sort by team. */
     UsersSortByField["Team"] = "TEAM";
+    /** Sort by job title. */
     UsersSortByField["Title"] = "TITLE";
 })(UsersSortByField || (UsersSortByField = {}));
+/** Status of MFA factor verification. */
 export var VerifyFactorStatus;
 (function (VerifyFactorStatus) {
+    /** Verification failed. */
     VerifyFactorStatus["Failed"] = "FAILED";
+    /** Verification was rejected by the user. */
     VerifyFactorStatus["Rejected"] = "REJECTED";
+    /** Verification was successful. */
     VerifyFactorStatus["Success"] = "SUCCESS";
+    /** Verification timed out. */
     VerifyFactorStatus["Timeout"] = "TIMEOUT";
+    /** Verification is waiting for user action. */
     VerifyFactorStatus["Waiting"] = "WAITING";
 })(VerifyFactorStatus || (VerifyFactorStatus = {}));
 export var Visibility;
@@ -1536,20 +2181,30 @@ export var Visibility;
     Visibility["Global"] = "GLOBAL";
     Visibility["Team"] = "TEAM";
 })(Visibility || (Visibility = {}));
+/** Location where API key should be placed in webhook requests. */
 export var WebhookPubsubPublishConnectionApiKeyLocation;
 (function (WebhookPubsubPublishConnectionApiKeyLocation) {
+    /** API key in HTTP header. */
     WebhookPubsubPublishConnectionApiKeyLocation["Header"] = "HEADER";
+    /** API key in query parameter. */
     WebhookPubsubPublishConnectionApiKeyLocation["QueryParam"] = "QUERY_PARAM";
 })(WebhookPubsubPublishConnectionApiKeyLocation || (WebhookPubsubPublishConnectionApiKeyLocation = {}));
+/** Authentication type for webhook connections. */
 export var WebhookPubsubPublishConnectionAuthType;
 (function (WebhookPubsubPublishConnectionAuthType) {
+    /** API key authentication. */
     WebhookPubsubPublishConnectionAuthType["ApiKey"] = "API_KEY";
+    /** HMAC signature authentication. */
     WebhookPubsubPublishConnectionAuthType["Hmac"] = "HMAC";
+    /** No authentication. */
     WebhookPubsubPublishConnectionAuthType["None"] = "NONE";
 })(WebhookPubsubPublishConnectionAuthType || (WebhookPubsubPublishConnectionAuthType = {}));
+/** Level of decision authority for request approval/denial. */
 export var RequestDecisionLevel;
 (function (RequestDecisionLevel) {
+    /** Admin override approval */
     RequestDecisionLevel["Admin"] = "ADMIN";
+    /** Regular reviewer approval */
     RequestDecisionLevel["Regular"] = "REGULAR";
 })(RequestDecisionLevel || (RequestDecisionLevel = {}));
 export const ResourceFieldsFragmentDoc = {
@@ -2913,6 +3568,13 @@ export const PaginatedEntityDropdownDocument = {
                                                                                     kind: "Field",
                                                                                     name: { kind: "Name", value: "name" },
                                                                                 },
+                                                                                {
+                                                                                    kind: "Field",
+                                                                                    name: {
+                                                                                        kind: "Name",
+                                                                                        value: "resourceType",
+                                                                                    },
+                                                                                },
                                                                             ],
                                                                         },
                                                                     },
@@ -2930,6 +3592,13 @@ export const PaginatedEntityDropdownDocument = {
                                                                                     kind: "Field",
                                                                                     name: { kind: "Name", value: "name" },
                                                                                 },
+                                                                                {
+                                                                                    kind: "Field",
+                                                                                    name: {
+                                                                                        kind: "Name",
+                                                                                        value: "groupType",
+                                                                                    },
+                                                                                },
                                                                             ],
                                                                         },
                                                                     },
@@ -4661,6 +5330,28 @@ export const GetAssociatedItemsDocument = {
                                                                                                                 value: "name",
                                                                                                             },
                                                                                                         },
+                                                                                                        {
+                                                                                                            kind: "InlineFragment",
+                                                                                                            typeCondition: {
+                                                                                                                kind: "NamedType",
+                                                                                                                name: {
+                                                                                                                    kind: "Name",
+                                                                                                                    value: "Group",
+                                                                                                                },
+                                                                                                            },
+                                                                                                            selectionSet: {
+                                                                                                                kind: "SelectionSet",
+                                                                                                                selections: [
+                                                                                                                    {
+                                                                                                                        kind: "Field",
+                                                                                                                        name: {
+                                                                                                                            kind: "Name",
+                                                                                                                            value: "groupType",
+                                                                                                                        },
+                                                                                                                    },
+                                                                                                                ],
+                                                                                                            },
+                                                                                                        },
                                                                                                         {
                                                                                                             kind: "InlineFragment",
                                                                                                             typeCondition: {
@@ -4673,6 +5364,13 @@ export const GetAssociatedItemsDocument = {
                                                                                                             selectionSet: {
                                                                                                                 kind: "SelectionSet",
                                                                                                                 selections: [
+                                                                                                                    {
+                                                                                                                        kind: "Field",
+                                                                                                                        name: {
+                                                                                                                            kind: "Name",
+                                                                                                                            value: "resourceType",
+                                                                                                                        },
+                                                                                                                    },
                                                                                                                     {
                                                                                                                         kind: "Field",
                                                                                                                         name: {