From 62b358aeaf30d115c2b892bc05f4e28fd41bfcc5 Mon Sep 17 00:00:00 2001
From: Diego Marquez <diegomarquezp@google.com>
Date: Fri, 5 Dec 2025 15:15:32 -0500
Subject: [PATCH 1/5] fix(deps): update protobuf version to 4.33.0

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b4c466511..c0f9382b0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -81,7 +81,7 @@
     <project.findbugs.version>3.0.2</project.findbugs.version>
     <deploy.autorelease>false</deploy.autorelease>
     <project.error-prone.version>2.38.0</project.error-prone.version>
-    <project.protobuf.version>3.25.5</project.protobuf.version>
+    <project.protobuf.version>4.33.0</project.protobuf.version>
     <project.cel.version>0.9.0-proto3</project.cel.version>
     <project.tink.version>1.15.0</project.tink.version>
     <project.slf4j.version>2.0.17</project.slf4j.version>

From cc249d842f2086569ec51f32e15ac9b75d390dfd Mon Sep 17 00:00:00 2001
From: diegomarquezp <diegomarquezp@google.com>
Date: Tue, 9 Dec 2025 20:53:43 +0000
Subject: [PATCH 2/5] chore: update gencode to 4.33

---
 ...ntSideCredentialAccessBoundaryFactory.java |    4 +-
 .../protobuf/ClientSideAccessBoundary.java    |  895 +++++++
 .../ClientSideAccessBoundaryOrBuilder.java    |   71 +
 .../ClientSideAccessBoundaryProto.java        | 2287 +----------------
 .../ClientSideAccessBoundaryRule.java         | 1196 +++++++++
 ...ClientSideAccessBoundaryRuleOrBuilder.java |  149 ++
 ...deCredentialAccessBoundaryFactoryTest.java |    4 +-
 7 files changed, 2378 insertions(+), 2228 deletions(-)
 create mode 100644 cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundary.java
 create mode 100644 cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryOrBuilder.java
 create mode 100644 cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryRule.java
 create mode 100644 cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryRuleOrBuilder.java

diff --git a/cab-token-generator/java/com/google/auth/credentialaccessboundary/ClientSideCredentialAccessBoundaryFactory.java b/cab-token-generator/java/com/google/auth/credentialaccessboundary/ClientSideCredentialAccessBoundaryFactory.java
index 5b40442b5..cb1e1caa8 100644
--- a/cab-token-generator/java/com/google/auth/credentialaccessboundary/ClientSideCredentialAccessBoundaryFactory.java
+++ b/cab-token-generator/java/com/google/auth/credentialaccessboundary/ClientSideCredentialAccessBoundaryFactory.java
@@ -37,8 +37,8 @@
 
 import com.google.api.client.util.Clock;
 import com.google.auth.Credentials;
-import com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.ClientSideAccessBoundary;
-import com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.ClientSideAccessBoundaryRule;
+import com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary;
+import com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule;
 import com.google.auth.http.HttpTransportFactory;
 import com.google.auth.oauth2.AccessToken;
 import com.google.auth.oauth2.CredentialAccessBoundary;
diff --git a/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundary.java b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundary.java
new file mode 100644
index 000000000..f3d90859b
--- /dev/null
+++ b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundary.java
@@ -0,0 +1,895 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// NO CHECKED-IN PROTOBUF GENCODE
+// source: client_side_access_boundary.proto
+// Protobuf Java Version: 4.33.0
+
+package com.google.auth.credentialaccessboundary.protobuf;
+
+/**
+ * <pre>
+ * An access boundary defines the upper bound of what a principal may access. It
+ * includes a list of client-side access boundary rules that each defines the
+ * resource that may be allowed as well as permissions that may be used on those
+ * resources.
+ * </pre>
+ *
+ * Protobuf type {@code cloud.identity.unifiedauth.proto.ClientSideAccessBoundary}
+ */
+@com.google.protobuf.Generated
+public final class ClientSideAccessBoundary extends
+    com.google.protobuf.GeneratedMessage implements
+    // @@protoc_insertion_point(message_implements:cloud.identity.unifiedauth.proto.ClientSideAccessBoundary)
+    ClientSideAccessBoundaryOrBuilder {
+private static final long serialVersionUID = 0L;
+  static {
+    com.google.protobuf.RuntimeVersion.validateProtobufGencodeVersion(
+      com.google.protobuf.RuntimeVersion.RuntimeDomain.PUBLIC,
+      /* major= */ 4,
+      /* minor= */ 33,
+      /* patch= */ 0,
+      /* suffix= */ "",
+      "ClientSideAccessBoundary");
+  }
+  // Use ClientSideAccessBoundary.newBuilder() to construct.
+  private ClientSideAccessBoundary(com.google.protobuf.GeneratedMessage.Builder<?> builder) {
+    super(builder);
+  }
+  private ClientSideAccessBoundary() {
+    accessBoundaryRules_ = java.util.Collections.emptyList();
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor
+      getDescriptor() {
+    return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessage.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary.class, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary.Builder.class);
+  }
+
+  public static final int ACCESS_BOUNDARY_RULES_FIELD_NUMBER = 1;
+  @SuppressWarnings("serial")
+  private java.util.List<com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule> accessBoundaryRules_;
+  /**
+   * <pre>
+   * A list of client-side access boundary rules which defines the upper bound
+   * of the permission a principal may carry. If multiple rules are specified,
+   * the effective access boundary is the union of all the access boundary rules
+   * attached.
+   * </pre>
+   *
+   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   */
+  @java.lang.Override
+  public java.util.List<com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule> getAccessBoundaryRulesList() {
+    return accessBoundaryRules_;
+  }
+  /**
+   * <pre>
+   * A list of client-side access boundary rules which defines the upper bound
+   * of the permission a principal may carry. If multiple rules are specified,
+   * the effective access boundary is the union of all the access boundary rules
+   * attached.
+   * </pre>
+   *
+   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   */
+  @java.lang.Override
+  public java.util.List<? extends com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder> 
+      getAccessBoundaryRulesOrBuilderList() {
+    return accessBoundaryRules_;
+  }
+  /**
+   * <pre>
+   * A list of client-side access boundary rules which defines the upper bound
+   * of the permission a principal may carry. If multiple rules are specified,
+   * the effective access boundary is the union of all the access boundary rules
+   * attached.
+   * </pre>
+   *
+   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   */
+  @java.lang.Override
+  public int getAccessBoundaryRulesCount() {
+    return accessBoundaryRules_.size();
+  }
+  /**
+   * <pre>
+   * A list of client-side access boundary rules which defines the upper bound
+   * of the permission a principal may carry. If multiple rules are specified,
+   * the effective access boundary is the union of all the access boundary rules
+   * attached.
+   * </pre>
+   *
+   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   */
+  @java.lang.Override
+  public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule getAccessBoundaryRules(int index) {
+    return accessBoundaryRules_.get(index);
+  }
+  /**
+   * <pre>
+   * A list of client-side access boundary rules which defines the upper bound
+   * of the permission a principal may carry. If multiple rules are specified,
+   * the effective access boundary is the union of all the access boundary rules
+   * attached.
+   * </pre>
+   *
+   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   */
+  @java.lang.Override
+  public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder getAccessBoundaryRulesOrBuilder(
+      int index) {
+    return accessBoundaryRules_.get(index);
+  }
+
+  private byte memoizedIsInitialized = -1;
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output)
+                      throws java.io.IOException {
+    for (int i = 0; i < accessBoundaryRules_.size(); i++) {
+      output.writeMessage(1, accessBoundaryRules_.get(i));
+    }
+    getUnknownFields().writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    for (int i = 0; i < accessBoundaryRules_.size(); i++) {
+      size += com.google.protobuf.CodedOutputStream
+        .computeMessageSize(1, accessBoundaryRules_.get(i));
+    }
+    size += getUnknownFields().getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+     return true;
+    }
+    if (!(obj instanceof com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary)) {
+      return super.equals(obj);
+    }
+    com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary other = (com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary) obj;
+
+    if (!getAccessBoundaryRulesList()
+        .equals(other.getAccessBoundaryRulesList())) return false;
+    if (!getUnknownFields().equals(other.getUnknownFields())) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    if (getAccessBoundaryRulesCount() > 0) {
+      hash = (37 * hash) + ACCESS_BOUNDARY_RULES_FIELD_NUMBER;
+      hash = (53 * hash) + getAccessBoundaryRulesList().hashCode();
+    }
+    hash = (29 * hash) + getUnknownFields().hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(
+      java.nio.ByteBuffer data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(
+      java.nio.ByteBuffer data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(
+      byte[] data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(java.io.InputStream input)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage
+        .parseWithIOException(PARSER, input);
+  }
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(
+      java.io.InputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage
+        .parseWithIOException(PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseDelimitedFrom(java.io.InputStream input)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage
+        .parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseDelimitedFrom(
+      java.io.InputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage
+        .parseDelimitedWithIOException(PARSER, input, extensionRegistry);
+  }
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(
+      com.google.protobuf.CodedInputStream input)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage
+        .parseWithIOException(PARSER, input);
+  }
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage
+        .parseWithIOException(PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() { return newBuilder(); }
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+  public static Builder newBuilder(com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE
+        ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(
+      com.google.protobuf.GeneratedMessage.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   * <pre>
+   * An access boundary defines the upper bound of what a principal may access. It
+   * includes a list of client-side access boundary rules that each defines the
+   * resource that may be allowed as well as permissions that may be used on those
+   * resources.
+   * </pre>
+   *
+   * Protobuf type {@code cloud.identity.unifiedauth.proto.ClientSideAccessBoundary}
+   */
+  public static final class Builder extends
+      com.google.protobuf.GeneratedMessage.Builder<Builder> implements
+      // @@protoc_insertion_point(builder_implements:cloud.identity.unifiedauth.proto.ClientSideAccessBoundary)
+      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor
+        getDescriptor() {
+      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessage.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary.class, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary.Builder.class);
+    }
+
+    // Construct using com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary.newBuilder()
+    private Builder() {
+
+    }
+
+    private Builder(
+        com.google.protobuf.GeneratedMessage.BuilderParent parent) {
+      super(parent);
+
+    }
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      bitField0_ = 0;
+      if (accessBoundaryRulesBuilder_ == null) {
+        accessBoundaryRules_ = java.util.Collections.emptyList();
+      } else {
+        accessBoundaryRules_ = null;
+        accessBoundaryRulesBuilder_.clear();
+      }
+      bitField0_ = (bitField0_ & ~0x00000001);
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor
+        getDescriptorForType() {
+      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary getDefaultInstanceForType() {
+      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary build() {
+      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary buildPartial() {
+      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary result = new com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary(this);
+      buildPartialRepeatedFields(result);
+      if (bitField0_ != 0) { buildPartial0(result); }
+      onBuilt();
+      return result;
+    }
+
+    private void buildPartialRepeatedFields(com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary result) {
+      if (accessBoundaryRulesBuilder_ == null) {
+        if (((bitField0_ & 0x00000001) != 0)) {
+          accessBoundaryRules_ = java.util.Collections.unmodifiableList(accessBoundaryRules_);
+          bitField0_ = (bitField0_ & ~0x00000001);
+        }
+        result.accessBoundaryRules_ = accessBoundaryRules_;
+      } else {
+        result.accessBoundaryRules_ = accessBoundaryRulesBuilder_.build();
+      }
+    }
+
+    private void buildPartial0(com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary result) {
+      int from_bitField0_ = bitField0_;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary) {
+        return mergeFrom((com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary)other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary other) {
+      if (other == com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary.getDefaultInstance()) return this;
+      if (accessBoundaryRulesBuilder_ == null) {
+        if (!other.accessBoundaryRules_.isEmpty()) {
+          if (accessBoundaryRules_.isEmpty()) {
+            accessBoundaryRules_ = other.accessBoundaryRules_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+          } else {
+            ensureAccessBoundaryRulesIsMutable();
+            accessBoundaryRules_.addAll(other.accessBoundaryRules_);
+          }
+          onChanged();
+        }
+      } else {
+        if (!other.accessBoundaryRules_.isEmpty()) {
+          if (accessBoundaryRulesBuilder_.isEmpty()) {
+            accessBoundaryRulesBuilder_.dispose();
+            accessBoundaryRulesBuilder_ = null;
+            accessBoundaryRules_ = other.accessBoundaryRules_;
+            bitField0_ = (bitField0_ & ~0x00000001);
+            accessBoundaryRulesBuilder_ = 
+              com.google.protobuf.GeneratedMessage.alwaysUseFieldBuilders ?
+                 internalGetAccessBoundaryRulesFieldBuilder() : null;
+          } else {
+            accessBoundaryRulesBuilder_.addAllMessages(other.accessBoundaryRules_);
+          }
+        }
+      }
+      this.mergeUnknownFields(other.getUnknownFields());
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10: {
+              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule m =
+                  input.readMessage(
+                      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.parser(),
+                      extensionRegistry);
+              if (accessBoundaryRulesBuilder_ == null) {
+                ensureAccessBoundaryRulesIsMutable();
+                accessBoundaryRules_.add(m);
+              } else {
+                accessBoundaryRulesBuilder_.addMessage(m);
+              }
+              break;
+            } // case 10
+            default: {
+              if (!super.parseUnknownField(input, extensionRegistry, tag)) {
+                done = true; // was an endgroup tag
+              }
+              break;
+            } // default:
+          } // switch (tag)
+        } // while (!done)
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.unwrapIOException();
+      } finally {
+        onChanged();
+      } // finally
+      return this;
+    }
+    private int bitField0_;
+
+    private java.util.List<com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule> accessBoundaryRules_ =
+      java.util.Collections.emptyList();
+    private void ensureAccessBoundaryRulesIsMutable() {
+      if (!((bitField0_ & 0x00000001) != 0)) {
+        accessBoundaryRules_ = new java.util.ArrayList<com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule>(accessBoundaryRules_);
+        bitField0_ |= 0x00000001;
+       }
+    }
+
+    private com.google.protobuf.RepeatedFieldBuilder<
+        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder> accessBoundaryRulesBuilder_;
+
+    /**
+     * <pre>
+     * A list of client-side access boundary rules which defines the upper bound
+     * of the permission a principal may carry. If multiple rules are specified,
+     * the effective access boundary is the union of all the access boundary rules
+     * attached.
+     * </pre>
+     *
+     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     */
+    public java.util.List<com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule> getAccessBoundaryRulesList() {
+      if (accessBoundaryRulesBuilder_ == null) {
+        return java.util.Collections.unmodifiableList(accessBoundaryRules_);
+      } else {
+        return accessBoundaryRulesBuilder_.getMessageList();
+      }
+    }
+    /**
+     * <pre>
+     * A list of client-side access boundary rules which defines the upper bound
+     * of the permission a principal may carry. If multiple rules are specified,
+     * the effective access boundary is the union of all the access boundary rules
+     * attached.
+     * </pre>
+     *
+     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     */
+    public int getAccessBoundaryRulesCount() {
+      if (accessBoundaryRulesBuilder_ == null) {
+        return accessBoundaryRules_.size();
+      } else {
+        return accessBoundaryRulesBuilder_.getCount();
+      }
+    }
+    /**
+     * <pre>
+     * A list of client-side access boundary rules which defines the upper bound
+     * of the permission a principal may carry. If multiple rules are specified,
+     * the effective access boundary is the union of all the access boundary rules
+     * attached.
+     * </pre>
+     *
+     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     */
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule getAccessBoundaryRules(int index) {
+      if (accessBoundaryRulesBuilder_ == null) {
+        return accessBoundaryRules_.get(index);
+      } else {
+        return accessBoundaryRulesBuilder_.getMessage(index);
+      }
+    }
+    /**
+     * <pre>
+     * A list of client-side access boundary rules which defines the upper bound
+     * of the permission a principal may carry. If multiple rules are specified,
+     * the effective access boundary is the union of all the access boundary rules
+     * attached.
+     * </pre>
+     *
+     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     */
+    public Builder setAccessBoundaryRules(
+        int index, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule value) {
+      if (accessBoundaryRulesBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureAccessBoundaryRulesIsMutable();
+        accessBoundaryRules_.set(index, value);
+        onChanged();
+      } else {
+        accessBoundaryRulesBuilder_.setMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     * <pre>
+     * A list of client-side access boundary rules which defines the upper bound
+     * of the permission a principal may carry. If multiple rules are specified,
+     * the effective access boundary is the union of all the access boundary rules
+     * attached.
+     * </pre>
+     *
+     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     */
+    public Builder setAccessBoundaryRules(
+        int index, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder builderForValue) {
+      if (accessBoundaryRulesBuilder_ == null) {
+        ensureAccessBoundaryRulesIsMutable();
+        accessBoundaryRules_.set(index, builderForValue.build());
+        onChanged();
+      } else {
+        accessBoundaryRulesBuilder_.setMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     * <pre>
+     * A list of client-side access boundary rules which defines the upper bound
+     * of the permission a principal may carry. If multiple rules are specified,
+     * the effective access boundary is the union of all the access boundary rules
+     * attached.
+     * </pre>
+     *
+     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     */
+    public Builder addAccessBoundaryRules(com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule value) {
+      if (accessBoundaryRulesBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureAccessBoundaryRulesIsMutable();
+        accessBoundaryRules_.add(value);
+        onChanged();
+      } else {
+        accessBoundaryRulesBuilder_.addMessage(value);
+      }
+      return this;
+    }
+    /**
+     * <pre>
+     * A list of client-side access boundary rules which defines the upper bound
+     * of the permission a principal may carry. If multiple rules are specified,
+     * the effective access boundary is the union of all the access boundary rules
+     * attached.
+     * </pre>
+     *
+     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     */
+    public Builder addAccessBoundaryRules(
+        int index, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule value) {
+      if (accessBoundaryRulesBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        ensureAccessBoundaryRulesIsMutable();
+        accessBoundaryRules_.add(index, value);
+        onChanged();
+      } else {
+        accessBoundaryRulesBuilder_.addMessage(index, value);
+      }
+      return this;
+    }
+    /**
+     * <pre>
+     * A list of client-side access boundary rules which defines the upper bound
+     * of the permission a principal may carry. If multiple rules are specified,
+     * the effective access boundary is the union of all the access boundary rules
+     * attached.
+     * </pre>
+     *
+     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     */
+    public Builder addAccessBoundaryRules(
+        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder builderForValue) {
+      if (accessBoundaryRulesBuilder_ == null) {
+        ensureAccessBoundaryRulesIsMutable();
+        accessBoundaryRules_.add(builderForValue.build());
+        onChanged();
+      } else {
+        accessBoundaryRulesBuilder_.addMessage(builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     * <pre>
+     * A list of client-side access boundary rules which defines the upper bound
+     * of the permission a principal may carry. If multiple rules are specified,
+     * the effective access boundary is the union of all the access boundary rules
+     * attached.
+     * </pre>
+     *
+     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     */
+    public Builder addAccessBoundaryRules(
+        int index, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder builderForValue) {
+      if (accessBoundaryRulesBuilder_ == null) {
+        ensureAccessBoundaryRulesIsMutable();
+        accessBoundaryRules_.add(index, builderForValue.build());
+        onChanged();
+      } else {
+        accessBoundaryRulesBuilder_.addMessage(index, builderForValue.build());
+      }
+      return this;
+    }
+    /**
+     * <pre>
+     * A list of client-side access boundary rules which defines the upper bound
+     * of the permission a principal may carry. If multiple rules are specified,
+     * the effective access boundary is the union of all the access boundary rules
+     * attached.
+     * </pre>
+     *
+     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     */
+    public Builder addAllAccessBoundaryRules(
+        java.lang.Iterable<? extends com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule> values) {
+      if (accessBoundaryRulesBuilder_ == null) {
+        ensureAccessBoundaryRulesIsMutable();
+        com.google.protobuf.AbstractMessageLite.Builder.addAll(
+            values, accessBoundaryRules_);
+        onChanged();
+      } else {
+        accessBoundaryRulesBuilder_.addAllMessages(values);
+      }
+      return this;
+    }
+    /**
+     * <pre>
+     * A list of client-side access boundary rules which defines the upper bound
+     * of the permission a principal may carry. If multiple rules are specified,
+     * the effective access boundary is the union of all the access boundary rules
+     * attached.
+     * </pre>
+     *
+     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     */
+    public Builder clearAccessBoundaryRules() {
+      if (accessBoundaryRulesBuilder_ == null) {
+        accessBoundaryRules_ = java.util.Collections.emptyList();
+        bitField0_ = (bitField0_ & ~0x00000001);
+        onChanged();
+      } else {
+        accessBoundaryRulesBuilder_.clear();
+      }
+      return this;
+    }
+    /**
+     * <pre>
+     * A list of client-side access boundary rules which defines the upper bound
+     * of the permission a principal may carry. If multiple rules are specified,
+     * the effective access boundary is the union of all the access boundary rules
+     * attached.
+     * </pre>
+     *
+     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     */
+    public Builder removeAccessBoundaryRules(int index) {
+      if (accessBoundaryRulesBuilder_ == null) {
+        ensureAccessBoundaryRulesIsMutable();
+        accessBoundaryRules_.remove(index);
+        onChanged();
+      } else {
+        accessBoundaryRulesBuilder_.remove(index);
+      }
+      return this;
+    }
+    /**
+     * <pre>
+     * A list of client-side access boundary rules which defines the upper bound
+     * of the permission a principal may carry. If multiple rules are specified,
+     * the effective access boundary is the union of all the access boundary rules
+     * attached.
+     * </pre>
+     *
+     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     */
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder getAccessBoundaryRulesBuilder(
+        int index) {
+      return internalGetAccessBoundaryRulesFieldBuilder().getBuilder(index);
+    }
+    /**
+     * <pre>
+     * A list of client-side access boundary rules which defines the upper bound
+     * of the permission a principal may carry. If multiple rules are specified,
+     * the effective access boundary is the union of all the access boundary rules
+     * attached.
+     * </pre>
+     *
+     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     */
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder getAccessBoundaryRulesOrBuilder(
+        int index) {
+      if (accessBoundaryRulesBuilder_ == null) {
+        return accessBoundaryRules_.get(index);  } else {
+        return accessBoundaryRulesBuilder_.getMessageOrBuilder(index);
+      }
+    }
+    /**
+     * <pre>
+     * A list of client-side access boundary rules which defines the upper bound
+     * of the permission a principal may carry. If multiple rules are specified,
+     * the effective access boundary is the union of all the access boundary rules
+     * attached.
+     * </pre>
+     *
+     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     */
+    public java.util.List<? extends com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder> 
+         getAccessBoundaryRulesOrBuilderList() {
+      if (accessBoundaryRulesBuilder_ != null) {
+        return accessBoundaryRulesBuilder_.getMessageOrBuilderList();
+      } else {
+        return java.util.Collections.unmodifiableList(accessBoundaryRules_);
+      }
+    }
+    /**
+     * <pre>
+     * A list of client-side access boundary rules which defines the upper bound
+     * of the permission a principal may carry. If multiple rules are specified,
+     * the effective access boundary is the union of all the access boundary rules
+     * attached.
+     * </pre>
+     *
+     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     */
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder addAccessBoundaryRulesBuilder() {
+      return internalGetAccessBoundaryRulesFieldBuilder().addBuilder(
+          com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.getDefaultInstance());
+    }
+    /**
+     * <pre>
+     * A list of client-side access boundary rules which defines the upper bound
+     * of the permission a principal may carry. If multiple rules are specified,
+     * the effective access boundary is the union of all the access boundary rules
+     * attached.
+     * </pre>
+     *
+     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     */
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder addAccessBoundaryRulesBuilder(
+        int index) {
+      return internalGetAccessBoundaryRulesFieldBuilder().addBuilder(
+          index, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.getDefaultInstance());
+    }
+    /**
+     * <pre>
+     * A list of client-side access boundary rules which defines the upper bound
+     * of the permission a principal may carry. If multiple rules are specified,
+     * the effective access boundary is the union of all the access boundary rules
+     * attached.
+     * </pre>
+     *
+     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     */
+    public java.util.List<com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder> 
+         getAccessBoundaryRulesBuilderList() {
+      return internalGetAccessBoundaryRulesFieldBuilder().getBuilderList();
+    }
+    private com.google.protobuf.RepeatedFieldBuilder<
+        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder> 
+        internalGetAccessBoundaryRulesFieldBuilder() {
+      if (accessBoundaryRulesBuilder_ == null) {
+        accessBoundaryRulesBuilder_ = new com.google.protobuf.RepeatedFieldBuilder<
+            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder>(
+                accessBoundaryRules_,
+                ((bitField0_ & 0x00000001) != 0),
+                getParentForChildren(),
+                isClean());
+        accessBoundaryRules_ = null;
+      }
+      return accessBoundaryRulesBuilder_;
+    }
+
+    // @@protoc_insertion_point(builder_scope:cloud.identity.unifiedauth.proto.ClientSideAccessBoundary)
+  }
+
+  // @@protoc_insertion_point(class_scope:cloud.identity.unifiedauth.proto.ClientSideAccessBoundary)
+  private static final com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary DEFAULT_INSTANCE;
+  static {
+    DEFAULT_INSTANCE = new com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary();
+  }
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<ClientSideAccessBoundary>
+      PARSER = new com.google.protobuf.AbstractParser<ClientSideAccessBoundary>() {
+    @java.lang.Override
+    public ClientSideAccessBoundary parsePartialFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      Builder builder = newBuilder();
+      try {
+        builder.mergeFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(builder.buildPartial());
+      } catch (com.google.protobuf.UninitializedMessageException e) {
+        throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial());
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e)
+            .setUnfinishedMessage(builder.buildPartial());
+      }
+      return builder.buildPartial();
+    }
+  };
+
+  public static com.google.protobuf.Parser<ClientSideAccessBoundary> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<ClientSideAccessBoundary> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+
+}
+
diff --git a/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryOrBuilder.java b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryOrBuilder.java
new file mode 100644
index 000000000..82c57dade
--- /dev/null
+++ b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryOrBuilder.java
@@ -0,0 +1,71 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// NO CHECKED-IN PROTOBUF GENCODE
+// source: client_side_access_boundary.proto
+// Protobuf Java Version: 4.33.0
+
+package com.google.auth.credentialaccessboundary.protobuf;
+
+@com.google.protobuf.Generated
+public interface ClientSideAccessBoundaryOrBuilder extends
+    // @@protoc_insertion_point(interface_extends:cloud.identity.unifiedauth.proto.ClientSideAccessBoundary)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   * <pre>
+   * A list of client-side access boundary rules which defines the upper bound
+   * of the permission a principal may carry. If multiple rules are specified,
+   * the effective access boundary is the union of all the access boundary rules
+   * attached.
+   * </pre>
+   *
+   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   */
+  java.util.List<com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule> 
+      getAccessBoundaryRulesList();
+  /**
+   * <pre>
+   * A list of client-side access boundary rules which defines the upper bound
+   * of the permission a principal may carry. If multiple rules are specified,
+   * the effective access boundary is the union of all the access boundary rules
+   * attached.
+   * </pre>
+   *
+   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   */
+  com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule getAccessBoundaryRules(int index);
+  /**
+   * <pre>
+   * A list of client-side access boundary rules which defines the upper bound
+   * of the permission a principal may carry. If multiple rules are specified,
+   * the effective access boundary is the union of all the access boundary rules
+   * attached.
+   * </pre>
+   *
+   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   */
+  int getAccessBoundaryRulesCount();
+  /**
+   * <pre>
+   * A list of client-side access boundary rules which defines the upper bound
+   * of the permission a principal may carry. If multiple rules are specified,
+   * the effective access boundary is the union of all the access boundary rules
+   * attached.
+   * </pre>
+   *
+   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   */
+  java.util.List<? extends com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder> 
+      getAccessBoundaryRulesOrBuilderList();
+  /**
+   * <pre>
+   * A list of client-side access boundary rules which defines the upper bound
+   * of the permission a principal may carry. If multiple rules are specified,
+   * the effective access boundary is the union of all the access boundary rules
+   * attached.
+   * </pre>
+   *
+   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   */
+  com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder getAccessBoundaryRulesOrBuilder(
+      int index);
+}
diff --git a/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryProto.java b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryProto.java
index 307f8bde9..b9e81b2b7 100644
--- a/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryProto.java
+++ b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryProto.java
@@ -1,2242 +1,81 @@
 // Generated by the protocol buffer compiler.  DO NOT EDIT!
+// NO CHECKED-IN PROTOBUF GENCODE
 // source: client_side_access_boundary.proto
+// Protobuf Java Version: 4.33.0
 
-// Protobuf Java Version: 3.25.5
 package com.google.auth.credentialaccessboundary.protobuf;
 
-public final class ClientSideAccessBoundaryProto {
+@com.google.protobuf.Generated
+public final class ClientSideAccessBoundaryProto extends com.google.protobuf.GeneratedFile {
   private ClientSideAccessBoundaryProto() {}
-
-  public static void registerAllExtensions(com.google.protobuf.ExtensionRegistryLite registry) {}
-
-  public static void registerAllExtensions(com.google.protobuf.ExtensionRegistry registry) {
-    registerAllExtensions((com.google.protobuf.ExtensionRegistryLite) registry);
-  }
-
-  public interface ClientSideAccessBoundaryRuleOrBuilder
-      extends
-      // @@protoc_insertion_point(interface_extends:com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule)
-      com.google.protobuf.MessageOrBuilder {
-
-    /**
-     * <code>string available_resource = 1;</code>
-     *
-     * @return The availableResource.
-     */
-    java.lang.String getAvailableResource();
-
-    /**
-     * <code>string available_resource = 1;</code>
-     *
-     * @return The bytes for availableResource.
-     */
-    com.google.protobuf.ByteString getAvailableResourceBytes();
-
-    /**
-     * <code>repeated string available_permissions = 2;</code>
-     *
-     * @return A list containing the availablePermissions.
-     */
-    java.util.List<java.lang.String> getAvailablePermissionsList();
-
-    /**
-     * <code>repeated string available_permissions = 2;</code>
-     *
-     * @return The count of availablePermissions.
-     */
-    int getAvailablePermissionsCount();
-
-    /**
-     * <code>repeated string available_permissions = 2;</code>
-     *
-     * @param index The index of the element to return.
-     * @return The availablePermissions at the given index.
-     */
-    java.lang.String getAvailablePermissions(int index);
-
-    /**
-     * <code>repeated string available_permissions = 2;</code>
-     *
-     * @param index The index of the value to return.
-     * @return The bytes of the availablePermissions at the given index.
-     */
-    com.google.protobuf.ByteString getAvailablePermissionsBytes(int index);
-
-    /**
-     * <code>.cel.expr.Expr compiled_availability_condition = 4;</code>
-     *
-     * @return Whether the compiledAvailabilityCondition field is set.
-     */
-    boolean hasCompiledAvailabilityCondition();
-
-    /**
-     * <code>.cel.expr.Expr compiled_availability_condition = 4;</code>
-     *
-     * @return The compiledAvailabilityCondition.
-     */
-    dev.cel.expr.Expr getCompiledAvailabilityCondition();
-
-    /** <code>.cel.expr.Expr compiled_availability_condition = 4;</code> */
-    dev.cel.expr.ExprOrBuilder getCompiledAvailabilityConditionOrBuilder();
-  }
-
-  /**
-   * Protobuf type {@code
-   * com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule}
-   */
-  public static final class ClientSideAccessBoundaryRule
-      extends com.google.protobuf.GeneratedMessageV3
-      implements
-      // @@protoc_insertion_point(message_implements:com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule)
-      ClientSideAccessBoundaryRuleOrBuilder {
-    private static final long serialVersionUID = 0L;
-
-    // Use ClientSideAccessBoundaryRule.newBuilder() to construct.
-    private ClientSideAccessBoundaryRule(
-        com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
-      super(builder);
-    }
-
-    private ClientSideAccessBoundaryRule() {
-      availableResource_ = "";
-      availablePermissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
-    }
-
-    @java.lang.Override
-    @SuppressWarnings({"unused"})
-    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
-      return new ClientSideAccessBoundaryRule();
-    }
-
-    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
-      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-          .internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundaryRule_descriptor;
-    }
-
-    @java.lang.Override
-    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
-        internalGetFieldAccessorTable() {
-      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-          .internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundaryRule_fieldAccessorTable
-          .ensureFieldAccessorsInitialized(
-              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundaryRule.class,
-              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundaryRule.Builder.class);
-    }
-
-    private int bitField0_;
-    public static final int AVAILABLE_RESOURCE_FIELD_NUMBER = 1;
-
-    @SuppressWarnings("serial")
-    private volatile java.lang.Object availableResource_ = "";
-
-    /**
-     * <code>string available_resource = 1;</code>
-     *
-     * @return The availableResource.
-     */
-    @java.lang.Override
-    public java.lang.String getAvailableResource() {
-      java.lang.Object ref = availableResource_;
-      if (ref instanceof java.lang.String) {
-        return (java.lang.String) ref;
-      } else {
-        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
-        java.lang.String s = bs.toStringUtf8();
-        availableResource_ = s;
-        return s;
-      }
-    }
-
-    /**
-     * <code>string available_resource = 1;</code>
-     *
-     * @return The bytes for availableResource.
-     */
-    @java.lang.Override
-    public com.google.protobuf.ByteString getAvailableResourceBytes() {
-      java.lang.Object ref = availableResource_;
-      if (ref instanceof java.lang.String) {
-        com.google.protobuf.ByteString b =
-            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
-        availableResource_ = b;
-        return b;
-      } else {
-        return (com.google.protobuf.ByteString) ref;
-      }
-    }
-
-    public static final int AVAILABLE_PERMISSIONS_FIELD_NUMBER = 2;
-
-    @SuppressWarnings("serial")
-    private com.google.protobuf.LazyStringArrayList availablePermissions_ =
-        com.google.protobuf.LazyStringArrayList.emptyList();
-
-    /**
-     * <code>repeated string available_permissions = 2;</code>
-     *
-     * @return A list containing the availablePermissions.
-     */
-    public com.google.protobuf.ProtocolStringList getAvailablePermissionsList() {
-      return availablePermissions_;
-    }
-
-    /**
-     * <code>repeated string available_permissions = 2;</code>
-     *
-     * @return The count of availablePermissions.
-     */
-    public int getAvailablePermissionsCount() {
-      return availablePermissions_.size();
-    }
-
-    /**
-     * <code>repeated string available_permissions = 2;</code>
-     *
-     * @param index The index of the element to return.
-     * @return The availablePermissions at the given index.
-     */
-    public java.lang.String getAvailablePermissions(int index) {
-      return availablePermissions_.get(index);
-    }
-
-    /**
-     * <code>repeated string available_permissions = 2;</code>
-     *
-     * @param index The index of the value to return.
-     * @return The bytes of the availablePermissions at the given index.
-     */
-    public com.google.protobuf.ByteString getAvailablePermissionsBytes(int index) {
-      return availablePermissions_.getByteString(index);
-    }
-
-    public static final int COMPILED_AVAILABILITY_CONDITION_FIELD_NUMBER = 4;
-    private dev.cel.expr.Expr compiledAvailabilityCondition_;
-
-    /**
-     * <code>.cel.expr.Expr compiled_availability_condition = 4;</code>
-     *
-     * @return Whether the compiledAvailabilityCondition field is set.
-     */
-    @java.lang.Override
-    public boolean hasCompiledAvailabilityCondition() {
-      return ((bitField0_ & 0x00000001) != 0);
-    }
-
-    /**
-     * <code>.cel.expr.Expr compiled_availability_condition = 4;</code>
-     *
-     * @return The compiledAvailabilityCondition.
-     */
-    @java.lang.Override
-    public dev.cel.expr.Expr getCompiledAvailabilityCondition() {
-      return compiledAvailabilityCondition_ == null
-          ? dev.cel.expr.Expr.getDefaultInstance()
-          : compiledAvailabilityCondition_;
-    }
-
-    /** <code>.cel.expr.Expr compiled_availability_condition = 4;</code> */
-    @java.lang.Override
-    public dev.cel.expr.ExprOrBuilder getCompiledAvailabilityConditionOrBuilder() {
-      return compiledAvailabilityCondition_ == null
-          ? dev.cel.expr.Expr.getDefaultInstance()
-          : compiledAvailabilityCondition_;
-    }
-
-    private byte memoizedIsInitialized = -1;
-
-    @java.lang.Override
-    public final boolean isInitialized() {
-      byte isInitialized = memoizedIsInitialized;
-      if (isInitialized == 1) return true;
-      if (isInitialized == 0) return false;
-
-      memoizedIsInitialized = 1;
-      return true;
-    }
-
-    @java.lang.Override
-    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
-      if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(availableResource_)) {
-        com.google.protobuf.GeneratedMessageV3.writeString(output, 1, availableResource_);
-      }
-      for (int i = 0; i < availablePermissions_.size(); i++) {
-        com.google.protobuf.GeneratedMessageV3.writeString(
-            output, 2, availablePermissions_.getRaw(i));
-      }
-      if (((bitField0_ & 0x00000001) != 0)) {
-        output.writeMessage(4, getCompiledAvailabilityCondition());
-      }
-      getUnknownFields().writeTo(output);
-    }
-
-    @java.lang.Override
-    public int getSerializedSize() {
-      int size = memoizedSize;
-      if (size != -1) return size;
-
-      size = 0;
-      if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(availableResource_)) {
-        size += com.google.protobuf.GeneratedMessageV3.computeStringSize(1, availableResource_);
-      }
-      {
-        int dataSize = 0;
-        for (int i = 0; i < availablePermissions_.size(); i++) {
-          dataSize += computeStringSizeNoTag(availablePermissions_.getRaw(i));
-        }
-        size += dataSize;
-        size += 1 * getAvailablePermissionsList().size();
-      }
-      if (((bitField0_ & 0x00000001) != 0)) {
-        size +=
-            com.google.protobuf.CodedOutputStream.computeMessageSize(
-                4, getCompiledAvailabilityCondition());
-      }
-      size += getUnknownFields().getSerializedSize();
-      memoizedSize = size;
-      return size;
-    }
-
-    @java.lang.Override
-    public boolean equals(final java.lang.Object obj) {
-      if (obj == this) {
-        return true;
-      }
-      if (!(obj
-          instanceof
-          com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-              .ClientSideAccessBoundaryRule)) {
-        return super.equals(obj);
-      }
-      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-              .ClientSideAccessBoundaryRule
-          other =
-              (com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                      .ClientSideAccessBoundaryRule)
-                  obj;
-
-      if (!getAvailableResource().equals(other.getAvailableResource())) return false;
-      if (!getAvailablePermissionsList().equals(other.getAvailablePermissionsList())) return false;
-      if (hasCompiledAvailabilityCondition() != other.hasCompiledAvailabilityCondition())
-        return false;
-      if (hasCompiledAvailabilityCondition()) {
-        if (!getCompiledAvailabilityCondition().equals(other.getCompiledAvailabilityCondition()))
-          return false;
-      }
-      if (!getUnknownFields().equals(other.getUnknownFields())) return false;
-      return true;
-    }
-
-    @java.lang.Override
-    public int hashCode() {
-      if (memoizedHashCode != 0) {
-        return memoizedHashCode;
-      }
-      int hash = 41;
-      hash = (19 * hash) + getDescriptor().hashCode();
-      hash = (37 * hash) + AVAILABLE_RESOURCE_FIELD_NUMBER;
-      hash = (53 * hash) + getAvailableResource().hashCode();
-      if (getAvailablePermissionsCount() > 0) {
-        hash = (37 * hash) + AVAILABLE_PERMISSIONS_FIELD_NUMBER;
-        hash = (53 * hash) + getAvailablePermissionsList().hashCode();
-      }
-      if (hasCompiledAvailabilityCondition()) {
-        hash = (37 * hash) + COMPILED_AVAILABILITY_CONDITION_FIELD_NUMBER;
-        hash = (53 * hash) + getCompiledAvailabilityCondition().hashCode();
-      }
-      hash = (29 * hash) + getUnknownFields().hashCode();
-      memoizedHashCode = hash;
-      return hash;
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRule
-        parseFrom(java.nio.ByteBuffer data)
-            throws com.google.protobuf.InvalidProtocolBufferException {
-      return PARSER.parseFrom(data);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRule
-        parseFrom(
-            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-            throws com.google.protobuf.InvalidProtocolBufferException {
-      return PARSER.parseFrom(data, extensionRegistry);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRule
-        parseFrom(com.google.protobuf.ByteString data)
-            throws com.google.protobuf.InvalidProtocolBufferException {
-      return PARSER.parseFrom(data);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRule
-        parseFrom(
-            com.google.protobuf.ByteString data,
-            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-            throws com.google.protobuf.InvalidProtocolBufferException {
-      return PARSER.parseFrom(data, extensionRegistry);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRule
-        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
-      return PARSER.parseFrom(data);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRule
-        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-            throws com.google.protobuf.InvalidProtocolBufferException {
-      return PARSER.parseFrom(data, extensionRegistry);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRule
-        parseFrom(java.io.InputStream input) throws java.io.IOException {
-      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRule
-        parseFrom(
-            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-            throws java.io.IOException {
-      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
-          PARSER, input, extensionRegistry);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRule
-        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
-      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRule
-        parseDelimitedFrom(
-            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-            throws java.io.IOException {
-      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
-          PARSER, input, extensionRegistry);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRule
-        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
-      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRule
-        parseFrom(
-            com.google.protobuf.CodedInputStream input,
-            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-            throws java.io.IOException {
-      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
-          PARSER, input, extensionRegistry);
-    }
-
-    @java.lang.Override
-    public Builder newBuilderForType() {
-      return newBuilder();
-    }
-
-    public static Builder newBuilder() {
-      return DEFAULT_INSTANCE.toBuilder();
-    }
-
-    public static Builder newBuilder(
-        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                .ClientSideAccessBoundaryRule
-            prototype) {
-      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
-    }
-
-    @java.lang.Override
-    public Builder toBuilder() {
-      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
-    }
-
-    @java.lang.Override
-    protected Builder newBuilderForType(
-        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
-      Builder builder = new Builder(parent);
-      return builder;
-    }
-
-    /**
-     * Protobuf type {@code
-     * com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule}
-     */
-    public static final class Builder
-        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
-        implements
-        // @@protoc_insertion_point(builder_implements:com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule)
-        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRuleOrBuilder {
-      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
-        return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundaryRule_descriptor;
-      }
-
-      @java.lang.Override
-      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
-          internalGetFieldAccessorTable() {
-        return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundaryRule_fieldAccessorTable
-            .ensureFieldAccessorsInitialized(
-                com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                    .ClientSideAccessBoundaryRule.class,
-                com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                    .ClientSideAccessBoundaryRule.Builder.class);
-      }
-
-      // Construct using
-      // com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.ClientSideAccessBoundaryRule.newBuilder()
-      private Builder() {
-        maybeForceBuilderInitialization();
-      }
-
-      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
-        super(parent);
-        maybeForceBuilderInitialization();
-      }
-
-      private void maybeForceBuilderInitialization() {
-        if (com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders) {
-          getCompiledAvailabilityConditionFieldBuilder();
-        }
-      }
-
-      @java.lang.Override
-      public Builder clear() {
-        super.clear();
-        bitField0_ = 0;
-        availableResource_ = "";
-        availablePermissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
-        compiledAvailabilityCondition_ = null;
-        if (compiledAvailabilityConditionBuilder_ != null) {
-          compiledAvailabilityConditionBuilder_.dispose();
-          compiledAvailabilityConditionBuilder_ = null;
-        }
-        return this;
-      }
-
-      @java.lang.Override
-      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
-        return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundaryRule_descriptor;
-      }
-
-      @java.lang.Override
-      public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-              .ClientSideAccessBoundaryRule
-          getDefaultInstanceForType() {
-        return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRule.getDefaultInstance();
-      }
-
-      @java.lang.Override
-      public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-              .ClientSideAccessBoundaryRule
-          build() {
-        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                .ClientSideAccessBoundaryRule
-            result = buildPartial();
-        if (!result.isInitialized()) {
-          throw newUninitializedMessageException(result);
-        }
-        return result;
-      }
-
-      @java.lang.Override
-      public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-              .ClientSideAccessBoundaryRule
-          buildPartial() {
-        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                .ClientSideAccessBoundaryRule
-            result =
-                new com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                    .ClientSideAccessBoundaryRule(this);
-        if (bitField0_ != 0) {
-          buildPartial0(result);
-        }
-        onBuilt();
-        return result;
-      }
-
-      private void buildPartial0(
-          com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundaryRule
-              result) {
-        int from_bitField0_ = bitField0_;
-        if (((from_bitField0_ & 0x00000001) != 0)) {
-          result.availableResource_ = availableResource_;
-        }
-        if (((from_bitField0_ & 0x00000002) != 0)) {
-          availablePermissions_.makeImmutable();
-          result.availablePermissions_ = availablePermissions_;
-        }
-        int to_bitField0_ = 0;
-        if (((from_bitField0_ & 0x00000004) != 0)) {
-          result.compiledAvailabilityCondition_ =
-              compiledAvailabilityConditionBuilder_ == null
-                  ? compiledAvailabilityCondition_
-                  : compiledAvailabilityConditionBuilder_.build();
-          to_bitField0_ |= 0x00000001;
-        }
-        result.bitField0_ |= to_bitField0_;
-      }
-
-      @java.lang.Override
-      public Builder clone() {
-        return super.clone();
-      }
-
-      @java.lang.Override
-      public Builder setField(
-          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
-        return super.setField(field, value);
-      }
-
-      @java.lang.Override
-      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
-        return super.clearField(field);
-      }
-
-      @java.lang.Override
-      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
-        return super.clearOneof(oneof);
-      }
-
-      @java.lang.Override
-      public Builder setRepeatedField(
-          com.google.protobuf.Descriptors.FieldDescriptor field,
-          int index,
-          java.lang.Object value) {
-        return super.setRepeatedField(field, index, value);
-      }
-
-      @java.lang.Override
-      public Builder addRepeatedField(
-          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
-        return super.addRepeatedField(field, value);
-      }
-
-      @java.lang.Override
-      public Builder mergeFrom(com.google.protobuf.Message other) {
-        if (other
-            instanceof
-            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                .ClientSideAccessBoundaryRule) {
-          return mergeFrom(
-              (com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                      .ClientSideAccessBoundaryRule)
-                  other);
-        } else {
-          super.mergeFrom(other);
-          return this;
-        }
-      }
-
-      public Builder mergeFrom(
-          com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundaryRule
-              other) {
-        if (other
-            == com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                .ClientSideAccessBoundaryRule.getDefaultInstance()) return this;
-        if (!other.getAvailableResource().isEmpty()) {
-          availableResource_ = other.availableResource_;
-          bitField0_ |= 0x00000001;
-          onChanged();
-        }
-        if (!other.availablePermissions_.isEmpty()) {
-          if (availablePermissions_.isEmpty()) {
-            availablePermissions_ = other.availablePermissions_;
-            bitField0_ |= 0x00000002;
-          } else {
-            ensureAvailablePermissionsIsMutable();
-            availablePermissions_.addAll(other.availablePermissions_);
-          }
-          onChanged();
-        }
-        if (other.hasCompiledAvailabilityCondition()) {
-          mergeCompiledAvailabilityCondition(other.getCompiledAvailabilityCondition());
-        }
-        this.mergeUnknownFields(other.getUnknownFields());
-        onChanged();
-        return this;
-      }
-
-      @java.lang.Override
-      public final boolean isInitialized() {
-        return true;
-      }
-
-      @java.lang.Override
-      public Builder mergeFrom(
-          com.google.protobuf.CodedInputStream input,
-          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-          throws java.io.IOException {
-        if (extensionRegistry == null) {
-          throw new java.lang.NullPointerException();
-        }
-        try {
-          boolean done = false;
-          while (!done) {
-            int tag = input.readTag();
-            switch (tag) {
-              case 0:
-                done = true;
-                break;
-              case 10:
-                {
-                  availableResource_ = input.readStringRequireUtf8();
-                  bitField0_ |= 0x00000001;
-                  break;
-                } // case 10
-              case 18:
-                {
-                  java.lang.String s = input.readStringRequireUtf8();
-                  ensureAvailablePermissionsIsMutable();
-                  availablePermissions_.add(s);
-                  break;
-                } // case 18
-              case 34:
-                {
-                  input.readMessage(
-                      getCompiledAvailabilityConditionFieldBuilder().getBuilder(),
-                      extensionRegistry);
-                  bitField0_ |= 0x00000004;
-                  break;
-                } // case 34
-              default:
-                {
-                  if (!super.parseUnknownField(input, extensionRegistry, tag)) {
-                    done = true; // was an endgroup tag
-                  }
-                  break;
-                } // default:
-            } // switch (tag)
-          } // while (!done)
-        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
-          throw e.unwrapIOException();
-        } finally {
-          onChanged();
-        } // finally
-        return this;
-      }
-
-      private int bitField0_;
-
-      private java.lang.Object availableResource_ = "";
-
-      /**
-       * <code>string available_resource = 1;</code>
-       *
-       * @return The availableResource.
-       */
-      public java.lang.String getAvailableResource() {
-        java.lang.Object ref = availableResource_;
-        if (!(ref instanceof java.lang.String)) {
-          com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
-          java.lang.String s = bs.toStringUtf8();
-          availableResource_ = s;
-          return s;
-        } else {
-          return (java.lang.String) ref;
-        }
-      }
-
-      /**
-       * <code>string available_resource = 1;</code>
-       *
-       * @return The bytes for availableResource.
-       */
-      public com.google.protobuf.ByteString getAvailableResourceBytes() {
-        java.lang.Object ref = availableResource_;
-        if (ref instanceof String) {
-          com.google.protobuf.ByteString b =
-              com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
-          availableResource_ = b;
-          return b;
-        } else {
-          return (com.google.protobuf.ByteString) ref;
-        }
-      }
-
-      /**
-       * <code>string available_resource = 1;</code>
-       *
-       * @param value The availableResource to set.
-       * @return This builder for chaining.
-       */
-      public Builder setAvailableResource(java.lang.String value) {
-        if (value == null) {
-          throw new NullPointerException();
-        }
-        availableResource_ = value;
-        bitField0_ |= 0x00000001;
-        onChanged();
-        return this;
-      }
-
-      /**
-       * <code>string available_resource = 1;</code>
-       *
-       * @return This builder for chaining.
-       */
-      public Builder clearAvailableResource() {
-        availableResource_ = getDefaultInstance().getAvailableResource();
-        bitField0_ = (bitField0_ & ~0x00000001);
-        onChanged();
-        return this;
-      }
-
-      /**
-       * <code>string available_resource = 1;</code>
-       *
-       * @param value The bytes for availableResource to set.
-       * @return This builder for chaining.
-       */
-      public Builder setAvailableResourceBytes(com.google.protobuf.ByteString value) {
-        if (value == null) {
-          throw new NullPointerException();
-        }
-        checkByteStringIsUtf8(value);
-        availableResource_ = value;
-        bitField0_ |= 0x00000001;
-        onChanged();
-        return this;
-      }
-
-      private com.google.protobuf.LazyStringArrayList availablePermissions_ =
-          com.google.protobuf.LazyStringArrayList.emptyList();
-
-      private void ensureAvailablePermissionsIsMutable() {
-        if (!availablePermissions_.isModifiable()) {
-          availablePermissions_ =
-              new com.google.protobuf.LazyStringArrayList(availablePermissions_);
-        }
-        bitField0_ |= 0x00000002;
-      }
-
-      /**
-       * <code>repeated string available_permissions = 2;</code>
-       *
-       * @return A list containing the availablePermissions.
-       */
-      public com.google.protobuf.ProtocolStringList getAvailablePermissionsList() {
-        availablePermissions_.makeImmutable();
-        return availablePermissions_;
-      }
-
-      /**
-       * <code>repeated string available_permissions = 2;</code>
-       *
-       * @return The count of availablePermissions.
-       */
-      public int getAvailablePermissionsCount() {
-        return availablePermissions_.size();
-      }
-
-      /**
-       * <code>repeated string available_permissions = 2;</code>
-       *
-       * @param index The index of the element to return.
-       * @return The availablePermissions at the given index.
-       */
-      public java.lang.String getAvailablePermissions(int index) {
-        return availablePermissions_.get(index);
-      }
-
-      /**
-       * <code>repeated string available_permissions = 2;</code>
-       *
-       * @param index The index of the value to return.
-       * @return The bytes of the availablePermissions at the given index.
-       */
-      public com.google.protobuf.ByteString getAvailablePermissionsBytes(int index) {
-        return availablePermissions_.getByteString(index);
-      }
-
-      /**
-       * <code>repeated string available_permissions = 2;</code>
-       *
-       * @param index The index to set the value at.
-       * @param value The availablePermissions to set.
-       * @return This builder for chaining.
-       */
-      public Builder setAvailablePermissions(int index, java.lang.String value) {
-        if (value == null) {
-          throw new NullPointerException();
-        }
-        ensureAvailablePermissionsIsMutable();
-        availablePermissions_.set(index, value);
-        bitField0_ |= 0x00000002;
-        onChanged();
-        return this;
-      }
-
-      /**
-       * <code>repeated string available_permissions = 2;</code>
-       *
-       * @param value The availablePermissions to add.
-       * @return This builder for chaining.
-       */
-      public Builder addAvailablePermissions(java.lang.String value) {
-        if (value == null) {
-          throw new NullPointerException();
-        }
-        ensureAvailablePermissionsIsMutable();
-        availablePermissions_.add(value);
-        bitField0_ |= 0x00000002;
-        onChanged();
-        return this;
-      }
-
-      /**
-       * <code>repeated string available_permissions = 2;</code>
-       *
-       * @param values The availablePermissions to add.
-       * @return This builder for chaining.
-       */
-      public Builder addAllAvailablePermissions(java.lang.Iterable<java.lang.String> values) {
-        ensureAvailablePermissionsIsMutable();
-        com.google.protobuf.AbstractMessageLite.Builder.addAll(values, availablePermissions_);
-        bitField0_ |= 0x00000002;
-        onChanged();
-        return this;
-      }
-
-      /**
-       * <code>repeated string available_permissions = 2;</code>
-       *
-       * @return This builder for chaining.
-       */
-      public Builder clearAvailablePermissions() {
-        availablePermissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
-        bitField0_ = (bitField0_ & ~0x00000002);
-        ;
-        onChanged();
-        return this;
-      }
-
-      /**
-       * <code>repeated string available_permissions = 2;</code>
-       *
-       * @param value The bytes of the availablePermissions to add.
-       * @return This builder for chaining.
-       */
-      public Builder addAvailablePermissionsBytes(com.google.protobuf.ByteString value) {
-        if (value == null) {
-          throw new NullPointerException();
-        }
-        checkByteStringIsUtf8(value);
-        ensureAvailablePermissionsIsMutable();
-        availablePermissions_.add(value);
-        bitField0_ |= 0x00000002;
-        onChanged();
-        return this;
-      }
-
-      private dev.cel.expr.Expr compiledAvailabilityCondition_;
-      private com.google.protobuf.SingleFieldBuilderV3<
-              dev.cel.expr.Expr, dev.cel.expr.Expr.Builder, dev.cel.expr.ExprOrBuilder>
-          compiledAvailabilityConditionBuilder_;
-
-      /**
-       * <code>.cel.expr.Expr compiled_availability_condition = 4;</code>
-       *
-       * @return Whether the compiledAvailabilityCondition field is set.
-       */
-      public boolean hasCompiledAvailabilityCondition() {
-        return ((bitField0_ & 0x00000004) != 0);
-      }
-
-      /**
-       * <code>.cel.expr.Expr compiled_availability_condition = 4;</code>
-       *
-       * @return The compiledAvailabilityCondition.
-       */
-      public dev.cel.expr.Expr getCompiledAvailabilityCondition() {
-        if (compiledAvailabilityConditionBuilder_ == null) {
-          return compiledAvailabilityCondition_ == null
-              ? dev.cel.expr.Expr.getDefaultInstance()
-              : compiledAvailabilityCondition_;
-        } else {
-          return compiledAvailabilityConditionBuilder_.getMessage();
-        }
-      }
-
-      /** <code>.cel.expr.Expr compiled_availability_condition = 4;</code> */
-      public Builder setCompiledAvailabilityCondition(dev.cel.expr.Expr value) {
-        if (compiledAvailabilityConditionBuilder_ == null) {
-          if (value == null) {
-            throw new NullPointerException();
-          }
-          compiledAvailabilityCondition_ = value;
-        } else {
-          compiledAvailabilityConditionBuilder_.setMessage(value);
-        }
-        bitField0_ |= 0x00000004;
-        onChanged();
-        return this;
-      }
-
-      /** <code>.cel.expr.Expr compiled_availability_condition = 4;</code> */
-      public Builder setCompiledAvailabilityCondition(dev.cel.expr.Expr.Builder builderForValue) {
-        if (compiledAvailabilityConditionBuilder_ == null) {
-          compiledAvailabilityCondition_ = builderForValue.build();
-        } else {
-          compiledAvailabilityConditionBuilder_.setMessage(builderForValue.build());
-        }
-        bitField0_ |= 0x00000004;
-        onChanged();
-        return this;
-      }
-
-      /** <code>.cel.expr.Expr compiled_availability_condition = 4;</code> */
-      public Builder mergeCompiledAvailabilityCondition(dev.cel.expr.Expr value) {
-        if (compiledAvailabilityConditionBuilder_ == null) {
-          if (((bitField0_ & 0x00000004) != 0)
-              && compiledAvailabilityCondition_ != null
-              && compiledAvailabilityCondition_ != dev.cel.expr.Expr.getDefaultInstance()) {
-            getCompiledAvailabilityConditionBuilder().mergeFrom(value);
-          } else {
-            compiledAvailabilityCondition_ = value;
-          }
-        } else {
-          compiledAvailabilityConditionBuilder_.mergeFrom(value);
-        }
-        if (compiledAvailabilityCondition_ != null) {
-          bitField0_ |= 0x00000004;
-          onChanged();
-        }
-        return this;
-      }
-
-      /** <code>.cel.expr.Expr compiled_availability_condition = 4;</code> */
-      public Builder clearCompiledAvailabilityCondition() {
-        bitField0_ = (bitField0_ & ~0x00000004);
-        compiledAvailabilityCondition_ = null;
-        if (compiledAvailabilityConditionBuilder_ != null) {
-          compiledAvailabilityConditionBuilder_.dispose();
-          compiledAvailabilityConditionBuilder_ = null;
-        }
-        onChanged();
-        return this;
-      }
-
-      /** <code>.cel.expr.Expr compiled_availability_condition = 4;</code> */
-      public dev.cel.expr.Expr.Builder getCompiledAvailabilityConditionBuilder() {
-        bitField0_ |= 0x00000004;
-        onChanged();
-        return getCompiledAvailabilityConditionFieldBuilder().getBuilder();
-      }
-
-      /** <code>.cel.expr.Expr compiled_availability_condition = 4;</code> */
-      public dev.cel.expr.ExprOrBuilder getCompiledAvailabilityConditionOrBuilder() {
-        if (compiledAvailabilityConditionBuilder_ != null) {
-          return compiledAvailabilityConditionBuilder_.getMessageOrBuilder();
-        } else {
-          return compiledAvailabilityCondition_ == null
-              ? dev.cel.expr.Expr.getDefaultInstance()
-              : compiledAvailabilityCondition_;
-        }
-      }
-
-      /** <code>.cel.expr.Expr compiled_availability_condition = 4;</code> */
-      private com.google.protobuf.SingleFieldBuilderV3<
-              dev.cel.expr.Expr, dev.cel.expr.Expr.Builder, dev.cel.expr.ExprOrBuilder>
-          getCompiledAvailabilityConditionFieldBuilder() {
-        if (compiledAvailabilityConditionBuilder_ == null) {
-          compiledAvailabilityConditionBuilder_ =
-              new com.google.protobuf.SingleFieldBuilderV3<
-                  dev.cel.expr.Expr, dev.cel.expr.Expr.Builder, dev.cel.expr.ExprOrBuilder>(
-                  getCompiledAvailabilityCondition(), getParentForChildren(), isClean());
-          compiledAvailabilityCondition_ = null;
-        }
-        return compiledAvailabilityConditionBuilder_;
-      }
-
-      @java.lang.Override
-      public final Builder setUnknownFields(
-          final com.google.protobuf.UnknownFieldSet unknownFields) {
-        return super.setUnknownFields(unknownFields);
-      }
-
-      @java.lang.Override
-      public final Builder mergeUnknownFields(
-          final com.google.protobuf.UnknownFieldSet unknownFields) {
-        return super.mergeUnknownFields(unknownFields);
-      }
-
-      // @@protoc_insertion_point(builder_scope:com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule)
-    }
-
-    // @@protoc_insertion_point(class_scope:com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule)
-    private static final com.google.auth.credentialaccessboundary.protobuf
-            .ClientSideAccessBoundaryProto.ClientSideAccessBoundaryRule
-        DEFAULT_INSTANCE;
-
-    static {
-      DEFAULT_INSTANCE =
-          new com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-              .ClientSideAccessBoundaryRule();
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRule
-        getDefaultInstance() {
-      return DEFAULT_INSTANCE;
-    }
-
-    private static final com.google.protobuf.Parser<ClientSideAccessBoundaryRule> PARSER =
-        new com.google.protobuf.AbstractParser<ClientSideAccessBoundaryRule>() {
-          @java.lang.Override
-          public ClientSideAccessBoundaryRule parsePartialFrom(
-              com.google.protobuf.CodedInputStream input,
-              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-              throws com.google.protobuf.InvalidProtocolBufferException {
-            Builder builder = newBuilder();
-            try {
-              builder.mergeFrom(input, extensionRegistry);
-            } catch (com.google.protobuf.InvalidProtocolBufferException e) {
-              throw e.setUnfinishedMessage(builder.buildPartial());
-            } catch (com.google.protobuf.UninitializedMessageException e) {
-              throw e.asInvalidProtocolBufferException()
-                  .setUnfinishedMessage(builder.buildPartial());
-            } catch (java.io.IOException e) {
-              throw new com.google.protobuf.InvalidProtocolBufferException(e)
-                  .setUnfinishedMessage(builder.buildPartial());
-            }
-            return builder.buildPartial();
-          }
-        };
-
-    public static com.google.protobuf.Parser<ClientSideAccessBoundaryRule> parser() {
-      return PARSER;
-    }
-
-    @java.lang.Override
-    public com.google.protobuf.Parser<ClientSideAccessBoundaryRule> getParserForType() {
-      return PARSER;
-    }
-
-    @java.lang.Override
-    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRule
-        getDefaultInstanceForType() {
-      return DEFAULT_INSTANCE;
-    }
+  static {
+    com.google.protobuf.RuntimeVersion.validateProtobufGencodeVersion(
+      com.google.protobuf.RuntimeVersion.RuntimeDomain.PUBLIC,
+      /* major= */ 4,
+      /* minor= */ 33,
+      /* patch= */ 0,
+      /* suffix= */ "",
+      "ClientSideAccessBoundaryProto");
   }
-
-  public interface ClientSideAccessBoundaryOrBuilder
-      extends
-      // @@protoc_insertion_point(interface_extends:com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundary)
-      com.google.protobuf.MessageOrBuilder {
-
-    /**
-     * <code>
-     * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-     * </code>
-     */
-    java.util.List<
-            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                .ClientSideAccessBoundaryRule>
-        getAccessBoundaryRulesList();
-
-    /**
-     * <code>
-     * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-     * </code>
-     */
-    com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRule
-        getAccessBoundaryRules(int index);
-
-    /**
-     * <code>
-     * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-     * </code>
-     */
-    int getAccessBoundaryRulesCount();
-
-    /**
-     * <code>
-     * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-     * </code>
-     */
-    java.util.List<
-            ? extends
-                com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                    .ClientSideAccessBoundaryRuleOrBuilder>
-        getAccessBoundaryRulesOrBuilderList();
-
-    /**
-     * <code>
-     * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-     * </code>
-     */
-    com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRuleOrBuilder
-        getAccessBoundaryRulesOrBuilder(int index);
+  public static void registerAllExtensions(
+      com.google.protobuf.ExtensionRegistryLite registry) {
   }
 
-  /**
-   * Protobuf type {@code com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundary}
-   */
-  public static final class ClientSideAccessBoundary extends com.google.protobuf.GeneratedMessageV3
-      implements
-      // @@protoc_insertion_point(message_implements:com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundary)
-      ClientSideAccessBoundaryOrBuilder {
-    private static final long serialVersionUID = 0L;
-
-    // Use ClientSideAccessBoundary.newBuilder() to construct.
-    private ClientSideAccessBoundary(com.google.protobuf.GeneratedMessageV3.Builder<?> builder) {
-      super(builder);
-    }
-
-    private ClientSideAccessBoundary() {
-      accessBoundaryRules_ = java.util.Collections.emptyList();
-    }
-
-    @java.lang.Override
-    @SuppressWarnings({"unused"})
-    protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
-      return new ClientSideAccessBoundary();
-    }
-
-    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
-      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-          .internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundary_descriptor;
-    }
-
-    @java.lang.Override
-    protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
-        internalGetFieldAccessorTable() {
-      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-          .internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundary_fieldAccessorTable
-          .ensureFieldAccessorsInitialized(
-              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundary.class,
-              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundary.Builder.class);
-    }
-
-    public static final int ACCESS_BOUNDARY_RULES_FIELD_NUMBER = 1;
-
-    @SuppressWarnings("serial")
-    private java.util.List<
-            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                .ClientSideAccessBoundaryRule>
-        accessBoundaryRules_;
-
-    /**
-     * <code>
-     * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-     * </code>
-     */
-    @java.lang.Override
-    public java.util.List<
-            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                .ClientSideAccessBoundaryRule>
-        getAccessBoundaryRulesList() {
-      return accessBoundaryRules_;
-    }
-
-    /**
-     * <code>
-     * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-     * </code>
-     */
-    @java.lang.Override
-    public java.util.List<
-            ? extends
-                com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                    .ClientSideAccessBoundaryRuleOrBuilder>
-        getAccessBoundaryRulesOrBuilderList() {
-      return accessBoundaryRules_;
-    }
-
-    /**
-     * <code>
-     * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-     * </code>
-     */
-    @java.lang.Override
-    public int getAccessBoundaryRulesCount() {
-      return accessBoundaryRules_.size();
-    }
-
-    /**
-     * <code>
-     * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-     * </code>
-     */
-    @java.lang.Override
-    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRule
-        getAccessBoundaryRules(int index) {
-      return accessBoundaryRules_.get(index);
-    }
-
-    /**
-     * <code>
-     * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-     * </code>
-     */
-    @java.lang.Override
-    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryRuleOrBuilder
-        getAccessBoundaryRulesOrBuilder(int index) {
-      return accessBoundaryRules_.get(index);
-    }
-
-    private byte memoizedIsInitialized = -1;
-
-    @java.lang.Override
-    public final boolean isInitialized() {
-      byte isInitialized = memoizedIsInitialized;
-      if (isInitialized == 1) return true;
-      if (isInitialized == 0) return false;
-
-      memoizedIsInitialized = 1;
-      return true;
-    }
-
-    @java.lang.Override
-    public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
-      for (int i = 0; i < accessBoundaryRules_.size(); i++) {
-        output.writeMessage(1, accessBoundaryRules_.get(i));
-      }
-      getUnknownFields().writeTo(output);
-    }
-
-    @java.lang.Override
-    public int getSerializedSize() {
-      int size = memoizedSize;
-      if (size != -1) return size;
-
-      size = 0;
-      for (int i = 0; i < accessBoundaryRules_.size(); i++) {
-        size +=
-            com.google.protobuf.CodedOutputStream.computeMessageSize(
-                1, accessBoundaryRules_.get(i));
-      }
-      size += getUnknownFields().getSerializedSize();
-      memoizedSize = size;
-      return size;
-    }
-
-    @java.lang.Override
-    public boolean equals(final java.lang.Object obj) {
-      if (obj == this) {
-        return true;
-      }
-      if (!(obj
-          instanceof
-          com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-              .ClientSideAccessBoundary)) {
-        return super.equals(obj);
-      }
-      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-              .ClientSideAccessBoundary
-          other =
-              (com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                      .ClientSideAccessBoundary)
-                  obj;
-
-      if (!getAccessBoundaryRulesList().equals(other.getAccessBoundaryRulesList())) return false;
-      if (!getUnknownFields().equals(other.getUnknownFields())) return false;
-      return true;
-    }
-
-    @java.lang.Override
-    public int hashCode() {
-      if (memoizedHashCode != 0) {
-        return memoizedHashCode;
-      }
-      int hash = 41;
-      hash = (19 * hash) + getDescriptor().hashCode();
-      if (getAccessBoundaryRulesCount() > 0) {
-        hash = (37 * hash) + ACCESS_BOUNDARY_RULES_FIELD_NUMBER;
-        hash = (53 * hash) + getAccessBoundaryRulesList().hashCode();
-      }
-      hash = (29 * hash) + getUnknownFields().hashCode();
-      memoizedHashCode = hash;
-      return hash;
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundary
-        parseFrom(java.nio.ByteBuffer data)
-            throws com.google.protobuf.InvalidProtocolBufferException {
-      return PARSER.parseFrom(data);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundary
-        parseFrom(
-            java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-            throws com.google.protobuf.InvalidProtocolBufferException {
-      return PARSER.parseFrom(data, extensionRegistry);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundary
-        parseFrom(com.google.protobuf.ByteString data)
-            throws com.google.protobuf.InvalidProtocolBufferException {
-      return PARSER.parseFrom(data);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundary
-        parseFrom(
-            com.google.protobuf.ByteString data,
-            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-            throws com.google.protobuf.InvalidProtocolBufferException {
-      return PARSER.parseFrom(data, extensionRegistry);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundary
-        parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
-      return PARSER.parseFrom(data);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundary
-        parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-            throws com.google.protobuf.InvalidProtocolBufferException {
-      return PARSER.parseFrom(data, extensionRegistry);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundary
-        parseFrom(java.io.InputStream input) throws java.io.IOException {
-      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundary
-        parseFrom(
-            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-            throws java.io.IOException {
-      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
-          PARSER, input, extensionRegistry);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundary
-        parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
-      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundary
-        parseDelimitedFrom(
-            java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-            throws java.io.IOException {
-      return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(
-          PARSER, input, extensionRegistry);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundary
-        parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
-      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundary
-        parseFrom(
-            com.google.protobuf.CodedInputStream input,
-            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-            throws java.io.IOException {
-      return com.google.protobuf.GeneratedMessageV3.parseWithIOException(
-          PARSER, input, extensionRegistry);
-    }
-
-    @java.lang.Override
-    public Builder newBuilderForType() {
-      return newBuilder();
-    }
-
-    public static Builder newBuilder() {
-      return DEFAULT_INSTANCE.toBuilder();
-    }
-
-    public static Builder newBuilder(
-        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                .ClientSideAccessBoundary
-            prototype) {
-      return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
-    }
-
-    @java.lang.Override
-    public Builder toBuilder() {
-      return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
-    }
-
-    @java.lang.Override
-    protected Builder newBuilderForType(
-        com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
-      Builder builder = new Builder(parent);
-      return builder;
-    }
-
-    /**
-     * Protobuf type {@code com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundary}
-     */
-    public static final class Builder
-        extends com.google.protobuf.GeneratedMessageV3.Builder<Builder>
-        implements
-        // @@protoc_insertion_point(builder_implements:com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundary)
-        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundaryOrBuilder {
-      public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
-        return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundary_descriptor;
-      }
-
-      @java.lang.Override
-      protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
-          internalGetFieldAccessorTable() {
-        return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundary_fieldAccessorTable
-            .ensureFieldAccessorsInitialized(
-                com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                    .ClientSideAccessBoundary.class,
-                com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                    .ClientSideAccessBoundary.Builder.class);
-      }
-
-      // Construct using
-      // com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.ClientSideAccessBoundary.newBuilder()
-      private Builder() {}
-
-      private Builder(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) {
-        super(parent);
-      }
-
-      @java.lang.Override
-      public Builder clear() {
-        super.clear();
-        bitField0_ = 0;
-        if (accessBoundaryRulesBuilder_ == null) {
-          accessBoundaryRules_ = java.util.Collections.emptyList();
-        } else {
-          accessBoundaryRules_ = null;
-          accessBoundaryRulesBuilder_.clear();
-        }
-        bitField0_ = (bitField0_ & ~0x00000001);
-        return this;
-      }
-
-      @java.lang.Override
-      public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
-        return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundary_descriptor;
-      }
-
-      @java.lang.Override
-      public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-              .ClientSideAccessBoundary
-          getDefaultInstanceForType() {
-        return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundary.getDefaultInstance();
-      }
-
-      @java.lang.Override
-      public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-              .ClientSideAccessBoundary
-          build() {
-        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                .ClientSideAccessBoundary
-            result = buildPartial();
-        if (!result.isInitialized()) {
-          throw newUninitializedMessageException(result);
-        }
-        return result;
-      }
-
-      @java.lang.Override
-      public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-              .ClientSideAccessBoundary
-          buildPartial() {
-        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                .ClientSideAccessBoundary
-            result =
-                new com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                    .ClientSideAccessBoundary(this);
-        buildPartialRepeatedFields(result);
-        if (bitField0_ != 0) {
-          buildPartial0(result);
-        }
-        onBuilt();
-        return result;
-      }
-
-      private void buildPartialRepeatedFields(
-          com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundary
-              result) {
-        if (accessBoundaryRulesBuilder_ == null) {
-          if (((bitField0_ & 0x00000001) != 0)) {
-            accessBoundaryRules_ = java.util.Collections.unmodifiableList(accessBoundaryRules_);
-            bitField0_ = (bitField0_ & ~0x00000001);
-          }
-          result.accessBoundaryRules_ = accessBoundaryRules_;
-        } else {
-          result.accessBoundaryRules_ = accessBoundaryRulesBuilder_.build();
-        }
-      }
-
-      private void buildPartial0(
-          com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundary
-              result) {
-        int from_bitField0_ = bitField0_;
-      }
-
-      @java.lang.Override
-      public Builder clone() {
-        return super.clone();
-      }
-
-      @java.lang.Override
-      public Builder setField(
-          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
-        return super.setField(field, value);
-      }
-
-      @java.lang.Override
-      public Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field) {
-        return super.clearField(field);
-      }
-
-      @java.lang.Override
-      public Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof) {
-        return super.clearOneof(oneof);
-      }
-
-      @java.lang.Override
-      public Builder setRepeatedField(
-          com.google.protobuf.Descriptors.FieldDescriptor field,
-          int index,
-          java.lang.Object value) {
-        return super.setRepeatedField(field, index, value);
-      }
-
-      @java.lang.Override
-      public Builder addRepeatedField(
-          com.google.protobuf.Descriptors.FieldDescriptor field, java.lang.Object value) {
-        return super.addRepeatedField(field, value);
-      }
-
-      @java.lang.Override
-      public Builder mergeFrom(com.google.protobuf.Message other) {
-        if (other
-            instanceof
-            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                .ClientSideAccessBoundary) {
-          return mergeFrom(
-              (com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                      .ClientSideAccessBoundary)
-                  other);
-        } else {
-          super.mergeFrom(other);
-          return this;
-        }
-      }
-
-      public Builder mergeFrom(
-          com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundary
-              other) {
-        if (other
-            == com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                .ClientSideAccessBoundary.getDefaultInstance()) return this;
-        if (accessBoundaryRulesBuilder_ == null) {
-          if (!other.accessBoundaryRules_.isEmpty()) {
-            if (accessBoundaryRules_.isEmpty()) {
-              accessBoundaryRules_ = other.accessBoundaryRules_;
-              bitField0_ = (bitField0_ & ~0x00000001);
-            } else {
-              ensureAccessBoundaryRulesIsMutable();
-              accessBoundaryRules_.addAll(other.accessBoundaryRules_);
-            }
-            onChanged();
-          }
-        } else {
-          if (!other.accessBoundaryRules_.isEmpty()) {
-            if (accessBoundaryRulesBuilder_.isEmpty()) {
-              accessBoundaryRulesBuilder_.dispose();
-              accessBoundaryRulesBuilder_ = null;
-              accessBoundaryRules_ = other.accessBoundaryRules_;
-              bitField0_ = (bitField0_ & ~0x00000001);
-              accessBoundaryRulesBuilder_ =
-                  com.google.protobuf.GeneratedMessageV3.alwaysUseFieldBuilders
-                      ? getAccessBoundaryRulesFieldBuilder()
-                      : null;
-            } else {
-              accessBoundaryRulesBuilder_.addAllMessages(other.accessBoundaryRules_);
-            }
-          }
-        }
-        this.mergeUnknownFields(other.getUnknownFields());
-        onChanged();
-        return this;
-      }
-
-      @java.lang.Override
-      public final boolean isInitialized() {
-        return true;
-      }
-
-      @java.lang.Override
-      public Builder mergeFrom(
-          com.google.protobuf.CodedInputStream input,
-          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-          throws java.io.IOException {
-        if (extensionRegistry == null) {
-          throw new java.lang.NullPointerException();
-        }
-        try {
-          boolean done = false;
-          while (!done) {
-            int tag = input.readTag();
-            switch (tag) {
-              case 0:
-                done = true;
-                break;
-              case 10:
-                {
-                  com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                          .ClientSideAccessBoundaryRule
-                      m =
-                          input.readMessage(
-                              com.google.auth.credentialaccessboundary.protobuf
-                                  .ClientSideAccessBoundaryProto.ClientSideAccessBoundaryRule
-                                  .parser(),
-                              extensionRegistry);
-                  if (accessBoundaryRulesBuilder_ == null) {
-                    ensureAccessBoundaryRulesIsMutable();
-                    accessBoundaryRules_.add(m);
-                  } else {
-                    accessBoundaryRulesBuilder_.addMessage(m);
-                  }
-                  break;
-                } // case 10
-              default:
-                {
-                  if (!super.parseUnknownField(input, extensionRegistry, tag)) {
-                    done = true; // was an endgroup tag
-                  }
-                  break;
-                } // default:
-            } // switch (tag)
-          } // while (!done)
-        } catch (com.google.protobuf.InvalidProtocolBufferException e) {
-          throw e.unwrapIOException();
-        } finally {
-          onChanged();
-        } // finally
-        return this;
-      }
-
-      private int bitField0_;
-
-      private java.util.List<
-              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundaryRule>
-          accessBoundaryRules_ = java.util.Collections.emptyList();
-
-      private void ensureAccessBoundaryRulesIsMutable() {
-        if (!((bitField0_ & 0x00000001) != 0)) {
-          accessBoundaryRules_ =
-              new java.util.ArrayList<
-                  com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                      .ClientSideAccessBoundaryRule>(accessBoundaryRules_);
-          bitField0_ |= 0x00000001;
-        }
-      }
-
-      private com.google.protobuf.RepeatedFieldBuilderV3<
-              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundaryRule,
-              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundaryRule.Builder,
-              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundaryRuleOrBuilder>
-          accessBoundaryRulesBuilder_;
-
-      /**
-       * <code>
-       * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-       * </code>
-       */
-      public java.util.List<
-              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundaryRule>
-          getAccessBoundaryRulesList() {
-        if (accessBoundaryRulesBuilder_ == null) {
-          return java.util.Collections.unmodifiableList(accessBoundaryRules_);
-        } else {
-          return accessBoundaryRulesBuilder_.getMessageList();
-        }
-      }
-
-      /**
-       * <code>
-       * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-       * </code>
-       */
-      public int getAccessBoundaryRulesCount() {
-        if (accessBoundaryRulesBuilder_ == null) {
-          return accessBoundaryRules_.size();
-        } else {
-          return accessBoundaryRulesBuilder_.getCount();
-        }
-      }
-
-      /**
-       * <code>
-       * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-       * </code>
-       */
-      public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-              .ClientSideAccessBoundaryRule
-          getAccessBoundaryRules(int index) {
-        if (accessBoundaryRulesBuilder_ == null) {
-          return accessBoundaryRules_.get(index);
-        } else {
-          return accessBoundaryRulesBuilder_.getMessage(index);
-        }
-      }
-
-      /**
-       * <code>
-       * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-       * </code>
-       */
-      public Builder setAccessBoundaryRules(
-          int index,
-          com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundaryRule
-              value) {
-        if (accessBoundaryRulesBuilder_ == null) {
-          if (value == null) {
-            throw new NullPointerException();
-          }
-          ensureAccessBoundaryRulesIsMutable();
-          accessBoundaryRules_.set(index, value);
-          onChanged();
-        } else {
-          accessBoundaryRulesBuilder_.setMessage(index, value);
-        }
-        return this;
-      }
-
-      /**
-       * <code>
-       * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-       * </code>
-       */
-      public Builder setAccessBoundaryRules(
-          int index,
-          com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundaryRule.Builder
-              builderForValue) {
-        if (accessBoundaryRulesBuilder_ == null) {
-          ensureAccessBoundaryRulesIsMutable();
-          accessBoundaryRules_.set(index, builderForValue.build());
-          onChanged();
-        } else {
-          accessBoundaryRulesBuilder_.setMessage(index, builderForValue.build());
-        }
-        return this;
-      }
-
-      /**
-       * <code>
-       * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-       * </code>
-       */
-      public Builder addAccessBoundaryRules(
-          com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundaryRule
-              value) {
-        if (accessBoundaryRulesBuilder_ == null) {
-          if (value == null) {
-            throw new NullPointerException();
-          }
-          ensureAccessBoundaryRulesIsMutable();
-          accessBoundaryRules_.add(value);
-          onChanged();
-        } else {
-          accessBoundaryRulesBuilder_.addMessage(value);
-        }
-        return this;
-      }
-
-      /**
-       * <code>
-       * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-       * </code>
-       */
-      public Builder addAccessBoundaryRules(
-          int index,
-          com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundaryRule
-              value) {
-        if (accessBoundaryRulesBuilder_ == null) {
-          if (value == null) {
-            throw new NullPointerException();
-          }
-          ensureAccessBoundaryRulesIsMutable();
-          accessBoundaryRules_.add(index, value);
-          onChanged();
-        } else {
-          accessBoundaryRulesBuilder_.addMessage(index, value);
-        }
-        return this;
-      }
-
-      /**
-       * <code>
-       * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-       * </code>
-       */
-      public Builder addAccessBoundaryRules(
-          com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundaryRule.Builder
-              builderForValue) {
-        if (accessBoundaryRulesBuilder_ == null) {
-          ensureAccessBoundaryRulesIsMutable();
-          accessBoundaryRules_.add(builderForValue.build());
-          onChanged();
-        } else {
-          accessBoundaryRulesBuilder_.addMessage(builderForValue.build());
-        }
-        return this;
-      }
-
-      /**
-       * <code>
-       * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-       * </code>
-       */
-      public Builder addAccessBoundaryRules(
-          int index,
-          com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundaryRule.Builder
-              builderForValue) {
-        if (accessBoundaryRulesBuilder_ == null) {
-          ensureAccessBoundaryRulesIsMutable();
-          accessBoundaryRules_.add(index, builderForValue.build());
-          onChanged();
-        } else {
-          accessBoundaryRulesBuilder_.addMessage(index, builderForValue.build());
-        }
-        return this;
-      }
-
-      /**
-       * <code>
-       * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-       * </code>
-       */
-      public Builder addAllAccessBoundaryRules(
-          java.lang.Iterable<
-                  ? extends
-                      com.google.auth.credentialaccessboundary.protobuf
-                          .ClientSideAccessBoundaryProto.ClientSideAccessBoundaryRule>
-              values) {
-        if (accessBoundaryRulesBuilder_ == null) {
-          ensureAccessBoundaryRulesIsMutable();
-          com.google.protobuf.AbstractMessageLite.Builder.addAll(values, accessBoundaryRules_);
-          onChanged();
-        } else {
-          accessBoundaryRulesBuilder_.addAllMessages(values);
-        }
-        return this;
-      }
-
-      /**
-       * <code>
-       * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-       * </code>
-       */
-      public Builder clearAccessBoundaryRules() {
-        if (accessBoundaryRulesBuilder_ == null) {
-          accessBoundaryRules_ = java.util.Collections.emptyList();
-          bitField0_ = (bitField0_ & ~0x00000001);
-          onChanged();
-        } else {
-          accessBoundaryRulesBuilder_.clear();
-        }
-        return this;
-      }
-
-      /**
-       * <code>
-       * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-       * </code>
-       */
-      public Builder removeAccessBoundaryRules(int index) {
-        if (accessBoundaryRulesBuilder_ == null) {
-          ensureAccessBoundaryRulesIsMutable();
-          accessBoundaryRules_.remove(index);
-          onChanged();
-        } else {
-          accessBoundaryRulesBuilder_.remove(index);
-        }
-        return this;
-      }
-
-      /**
-       * <code>
-       * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-       * </code>
-       */
-      public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-              .ClientSideAccessBoundaryRule.Builder
-          getAccessBoundaryRulesBuilder(int index) {
-        return getAccessBoundaryRulesFieldBuilder().getBuilder(index);
-      }
-
-      /**
-       * <code>
-       * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-       * </code>
-       */
-      public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-              .ClientSideAccessBoundaryRuleOrBuilder
-          getAccessBoundaryRulesOrBuilder(int index) {
-        if (accessBoundaryRulesBuilder_ == null) {
-          return accessBoundaryRules_.get(index);
-        } else {
-          return accessBoundaryRulesBuilder_.getMessageOrBuilder(index);
-        }
-      }
-
-      /**
-       * <code>
-       * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-       * </code>
-       */
-      public java.util.List<
-              ? extends
-                  com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                      .ClientSideAccessBoundaryRuleOrBuilder>
-          getAccessBoundaryRulesOrBuilderList() {
-        if (accessBoundaryRulesBuilder_ != null) {
-          return accessBoundaryRulesBuilder_.getMessageOrBuilderList();
-        } else {
-          return java.util.Collections.unmodifiableList(accessBoundaryRules_);
-        }
-      }
-
-      /**
-       * <code>
-       * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-       * </code>
-       */
-      public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-              .ClientSideAccessBoundaryRule.Builder
-          addAccessBoundaryRulesBuilder() {
-        return getAccessBoundaryRulesFieldBuilder()
-            .addBuilder(
-                com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                    .ClientSideAccessBoundaryRule.getDefaultInstance());
-      }
-
-      /**
-       * <code>
-       * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-       * </code>
-       */
-      public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-              .ClientSideAccessBoundaryRule.Builder
-          addAccessBoundaryRulesBuilder(int index) {
-        return getAccessBoundaryRulesFieldBuilder()
-            .addBuilder(
-                index,
-                com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                    .ClientSideAccessBoundaryRule.getDefaultInstance());
-      }
-
-      /**
-       * <code>
-       * repeated .com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
-       * </code>
-       */
-      public java.util.List<
-              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundaryRule.Builder>
-          getAccessBoundaryRulesBuilderList() {
-        return getAccessBoundaryRulesFieldBuilder().getBuilderList();
-      }
-
-      private com.google.protobuf.RepeatedFieldBuilderV3<
-              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundaryRule,
-              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundaryRule.Builder,
-              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                  .ClientSideAccessBoundaryRuleOrBuilder>
-          getAccessBoundaryRulesFieldBuilder() {
-        if (accessBoundaryRulesBuilder_ == null) {
-          accessBoundaryRulesBuilder_ =
-              new com.google.protobuf.RepeatedFieldBuilderV3<
-                  com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                      .ClientSideAccessBoundaryRule,
-                  com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                      .ClientSideAccessBoundaryRule.Builder,
-                  com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-                      .ClientSideAccessBoundaryRuleOrBuilder>(
-                  accessBoundaryRules_,
-                  ((bitField0_ & 0x00000001) != 0),
-                  getParentForChildren(),
-                  isClean());
-          accessBoundaryRules_ = null;
-        }
-        return accessBoundaryRulesBuilder_;
-      }
-
-      @java.lang.Override
-      public final Builder setUnknownFields(
-          final com.google.protobuf.UnknownFieldSet unknownFields) {
-        return super.setUnknownFields(unknownFields);
-      }
-
-      @java.lang.Override
-      public final Builder mergeUnknownFields(
-          final com.google.protobuf.UnknownFieldSet unknownFields) {
-        return super.mergeUnknownFields(unknownFields);
-      }
-
-      // @@protoc_insertion_point(builder_scope:com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundary)
-    }
-
-    // @@protoc_insertion_point(class_scope:com.google.auth.credentialaccessboundary.proto.ClientSideAccessBoundary)
-    private static final com.google.auth.credentialaccessboundary.protobuf
-            .ClientSideAccessBoundaryProto.ClientSideAccessBoundary
-        DEFAULT_INSTANCE;
-
-    static {
-      DEFAULT_INSTANCE =
-          new com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-              .ClientSideAccessBoundary();
-    }
-
-    public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundary
-        getDefaultInstance() {
-      return DEFAULT_INSTANCE;
-    }
-
-    private static final com.google.protobuf.Parser<ClientSideAccessBoundary> PARSER =
-        new com.google.protobuf.AbstractParser<ClientSideAccessBoundary>() {
-          @java.lang.Override
-          public ClientSideAccessBoundary parsePartialFrom(
-              com.google.protobuf.CodedInputStream input,
-              com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-              throws com.google.protobuf.InvalidProtocolBufferException {
-            Builder builder = newBuilder();
-            try {
-              builder.mergeFrom(input, extensionRegistry);
-            } catch (com.google.protobuf.InvalidProtocolBufferException e) {
-              throw e.setUnfinishedMessage(builder.buildPartial());
-            } catch (com.google.protobuf.UninitializedMessageException e) {
-              throw e.asInvalidProtocolBufferException()
-                  .setUnfinishedMessage(builder.buildPartial());
-            } catch (java.io.IOException e) {
-              throw new com.google.protobuf.InvalidProtocolBufferException(e)
-                  .setUnfinishedMessage(builder.buildPartial());
-            }
-            return builder.buildPartial();
-          }
-        };
-
-    public static com.google.protobuf.Parser<ClientSideAccessBoundary> parser() {
-      return PARSER;
-    }
-
-    @java.lang.Override
-    public com.google.protobuf.Parser<ClientSideAccessBoundary> getParserForType() {
-      return PARSER;
-    }
-
-    @java.lang.Override
-    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
-            .ClientSideAccessBoundary
-        getDefaultInstanceForType() {
-      return DEFAULT_INSTANCE;
-    }
+  public static void registerAllExtensions(
+      com.google.protobuf.ExtensionRegistry registry) {
+    registerAllExtensions(
+        (com.google.protobuf.ExtensionRegistryLite) registry);
   }
-
-  private static final com.google.protobuf.Descriptors.Descriptor
-      internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundaryRule_descriptor;
-  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
-      internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundaryRule_fieldAccessorTable;
-  private static final com.google.protobuf.Descriptors.Descriptor
-      internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundary_descriptor;
-  private static final com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
-      internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundary_fieldAccessorTable;
-
-  public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
+  static final com.google.protobuf.Descriptors.Descriptor
+    internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_descriptor;
+  static final 
+    com.google.protobuf.GeneratedMessage.FieldAccessorTable
+      internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_fieldAccessorTable;
+  static final com.google.protobuf.Descriptors.Descriptor
+    internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_descriptor;
+  static final 
+    com.google.protobuf.GeneratedMessage.FieldAccessorTable
+      internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_fieldAccessorTable;
+
+  public static com.google.protobuf.Descriptors.FileDescriptor
+      getDescriptor() {
     return descriptor;
   }
-
-  private static com.google.protobuf.Descriptors.FileDescriptor descriptor;
-
+  private static  com.google.protobuf.Descriptors.FileDescriptor
+      descriptor;
   static {
     java.lang.String[] descriptorData = {
-      "\n!client_side_access_boundary.proto\022.com"
-          + ".google.auth.credentialaccessboundary.pr"
-          + "oto\032\025cel/expr/syntax.proto\"\222\001\n\034ClientSid"
-          + "eAccessBoundaryRule\022\032\n\022available_resourc"
-          + "e\030\001 \001(\t\022\035\n\025available_permissions\030\002 \003(\t\0227"
-          + "\n\037compiled_availability_condition\030\004 \001(\0132"
-          + "\016.cel.expr.Expr\"\207\001\n\030ClientSideAccessBoun"
-          + "dary\022k\n\025access_boundary_rules\030\001 \003(\0132L.co"
-          + "m.google.auth.credentialaccessboundary.p"
-          + "roto.ClientSideAccessBoundaryRuleBT\n1com"
-          + ".google.auth.credentialaccessboundary.pr"
-          + "otobufB\035ClientSideAccessBoundaryProtoP\000b"
-          + "\006proto3"
+      "\n!client_side_access_boundary.proto\022 clo" +
+      "ud.identity.unifiedauth.proto\032\034google/ap" +
+      "i/expr/syntax.proto\"\240\001\n\034ClientSideAccess" +
+      "BoundaryRule\022!\n\022available_resource\030\001 \001(\t" +
+      "B\005\252\001\002\010\002\022\035\n\025available_permissions\030\002 \003(\t\022>" +
+      "\n\037compiled_availability_condition\030\004 \001(\0132" +
+      "\025.google.api.expr.Expr\"y\n\030ClientSideAcce" +
+      "ssBoundary\022]\n\025access_boundary_rules\030\001 \003(" +
+      "\0132>.cloud.identity.unifiedauth.proto.Cli" +
+      "entSideAccessBoundaryRuleB-\n+com.google." +
+      "cloud.identity.unifiedauth.protob\010editio" +
+      "nsp\351\007"
     };
-    descriptor =
-        com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
-            descriptorData,
-            new com.google.protobuf.Descriptors.FileDescriptor[] {
-              dev.cel.expr.SyntaxProto.getDescriptor(),
-            });
-    internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundaryRule_descriptor =
-        getDescriptor().getMessageTypes().get(0);
-    internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundaryRule_fieldAccessorTable =
-        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
-            internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundaryRule_descriptor,
-            new java.lang.String[] {
-              "AvailableResource", "AvailablePermissions", "CompiledAvailabilityCondition",
-            });
-    internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundary_descriptor =
-        getDescriptor().getMessageTypes().get(1);
-    internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundary_fieldAccessorTable =
-        new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
-            internal_static_com_google_auth_credentialaccessboundary_proto_ClientSideAccessBoundary_descriptor,
-            new java.lang.String[] {
-              "AccessBoundaryRules",
-            });
+    descriptor = com.google.protobuf.Descriptors.FileDescriptor
+      .internalBuildGeneratedFileFrom(descriptorData,
+        new com.google.protobuf.Descriptors.FileDescriptor[] {
+          dev.cel.expr.SyntaxProto.getDescriptor(),
+        });
+    internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_descriptor =
+      getDescriptor().getMessageType(0);
+    internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_fieldAccessorTable = new
+      com.google.protobuf.GeneratedMessage.FieldAccessorTable(
+        internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_descriptor,
+        new java.lang.String[] { "AvailableResource", "AvailablePermissions", "CompiledAvailabilityCondition", });
+    internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_descriptor =
+      getDescriptor().getMessageType(1);
+    internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_fieldAccessorTable = new
+      com.google.protobuf.GeneratedMessage.FieldAccessorTable(
+        internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_descriptor,
+        new java.lang.String[] { "AccessBoundaryRules", });
+    descriptor.resolveAllFeaturesImmutable();
     dev.cel.expr.SyntaxProto.getDescriptor();
   }
 
diff --git a/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryRule.java b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryRule.java
new file mode 100644
index 000000000..4410e3b1e
--- /dev/null
+++ b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryRule.java
@@ -0,0 +1,1196 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// NO CHECKED-IN PROTOBUF GENCODE
+// source: client_side_access_boundary.proto
+// Protobuf Java Version: 4.33.0
+
+package com.google.auth.credentialaccessboundary.protobuf;
+
+/**
+ * <pre>
+ * An access boundary rule that defines an upper bound of IAM
+ * permissions on a single resource. This proto has a compiled version of the
+ * availability_condition in the STS API AccessBoundaryRule
+ * (google3/google/identity/sts/v1/access_boundary.proto). It is used to
+ * format the access boundary restriction in the Client-Side CAB access token.
+ * </pre>
+ *
+ * Protobuf type {@code cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule}
+ */
+@com.google.protobuf.Generated
+public final class ClientSideAccessBoundaryRule extends
+    com.google.protobuf.GeneratedMessage implements
+    // @@protoc_insertion_point(message_implements:cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule)
+    ClientSideAccessBoundaryRuleOrBuilder {
+private static final long serialVersionUID = 0L;
+  static {
+    com.google.protobuf.RuntimeVersion.validateProtobufGencodeVersion(
+      com.google.protobuf.RuntimeVersion.RuntimeDomain.PUBLIC,
+      /* major= */ 4,
+      /* minor= */ 33,
+      /* patch= */ 0,
+      /* suffix= */ "",
+      "ClientSideAccessBoundaryRule");
+  }
+  // Use ClientSideAccessBoundaryRule.newBuilder() to construct.
+  private ClientSideAccessBoundaryRule(com.google.protobuf.GeneratedMessage.Builder<?> builder) {
+    super(builder);
+  }
+  private ClientSideAccessBoundaryRule() {
+    availableResource_ = "";
+    availablePermissions_ =
+        com.google.protobuf.LazyStringArrayList.emptyList();
+  }
+
+  public static final com.google.protobuf.Descriptors.Descriptor
+      getDescriptor() {
+    return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_descriptor;
+  }
+
+  @java.lang.Override
+  protected com.google.protobuf.GeneratedMessage.FieldAccessorTable
+      internalGetFieldAccessorTable() {
+    return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_fieldAccessorTable
+        .ensureFieldAccessorsInitialized(
+            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.class, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder.class);
+  }
+
+  private int bitField0_;
+  public static final int AVAILABLE_RESOURCE_FIELD_NUMBER = 1;
+  @SuppressWarnings("serial")
+  private volatile java.lang.Object availableResource_ = "";
+  /**
+   * <pre>
+   * The full resource name of a Google Cloud resource entity.
+   * The format definition is at
+   * https://cloud.google.com/apis/design/resource_names.
+   *
+   * Example value: `//cloudresourcemanager.googleapis.com/projects/my-project`.
+   * </pre>
+   *
+   * <code>string available_resource = 1 [features = { ... }</code>
+   * @return The availableResource.
+   */
+  @java.lang.Override
+  public java.lang.String getAvailableResource() {
+    java.lang.Object ref = availableResource_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = 
+          (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      availableResource_ = s;
+      return s;
+    }
+  }
+  /**
+   * <pre>
+   * The full resource name of a Google Cloud resource entity.
+   * The format definition is at
+   * https://cloud.google.com/apis/design/resource_names.
+   *
+   * Example value: `//cloudresourcemanager.googleapis.com/projects/my-project`.
+   * </pre>
+   *
+   * <code>string available_resource = 1 [features = { ... }</code>
+   * @return The bytes for availableResource.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString
+      getAvailableResourceBytes() {
+    java.lang.Object ref = availableResource_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b = 
+          com.google.protobuf.ByteString.copyFromUtf8(
+              (java.lang.String) ref);
+      availableResource_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
+  public static final int AVAILABLE_PERMISSIONS_FIELD_NUMBER = 2;
+  @SuppressWarnings("serial")
+  private com.google.protobuf.LazyStringArrayList availablePermissions_ =
+      com.google.protobuf.LazyStringArrayList.emptyList();
+  /**
+   * <pre>
+   * A list of permissions that may be allowed for use on the specified
+   * resource.
+   *
+   * The only supported values in the list are IAM roles, following the format
+   * of [google.iam.v1.Binding.role][].
+   *
+   * Example value: `inRole:roles/logging.viewer` for predefined roles and
+   * `inRole:organizations/{ORGANIZATION_ID}/roles/logging.viewer` for custom
+   * roles.
+   * </pre>
+   *
+   * <code>repeated string available_permissions = 2;</code>
+   * @return A list containing the availablePermissions.
+   */
+  public com.google.protobuf.ProtocolStringList
+      getAvailablePermissionsList() {
+    return availablePermissions_;
+  }
+  /**
+   * <pre>
+   * A list of permissions that may be allowed for use on the specified
+   * resource.
+   *
+   * The only supported values in the list are IAM roles, following the format
+   * of [google.iam.v1.Binding.role][].
+   *
+   * Example value: `inRole:roles/logging.viewer` for predefined roles and
+   * `inRole:organizations/{ORGANIZATION_ID}/roles/logging.viewer` for custom
+   * roles.
+   * </pre>
+   *
+   * <code>repeated string available_permissions = 2;</code>
+   * @return The count of availablePermissions.
+   */
+  public int getAvailablePermissionsCount() {
+    return availablePermissions_.size();
+  }
+  /**
+   * <pre>
+   * A list of permissions that may be allowed for use on the specified
+   * resource.
+   *
+   * The only supported values in the list are IAM roles, following the format
+   * of [google.iam.v1.Binding.role][].
+   *
+   * Example value: `inRole:roles/logging.viewer` for predefined roles and
+   * `inRole:organizations/{ORGANIZATION_ID}/roles/logging.viewer` for custom
+   * roles.
+   * </pre>
+   *
+   * <code>repeated string available_permissions = 2;</code>
+   * @param index The index of the element to return.
+   * @return The availablePermissions at the given index.
+   */
+  public java.lang.String getAvailablePermissions(int index) {
+    return availablePermissions_.get(index);
+  }
+  /**
+   * <pre>
+   * A list of permissions that may be allowed for use on the specified
+   * resource.
+   *
+   * The only supported values in the list are IAM roles, following the format
+   * of [google.iam.v1.Binding.role][].
+   *
+   * Example value: `inRole:roles/logging.viewer` for predefined roles and
+   * `inRole:organizations/{ORGANIZATION_ID}/roles/logging.viewer` for custom
+   * roles.
+   * </pre>
+   *
+   * <code>repeated string available_permissions = 2;</code>
+   * @param index The index of the value to return.
+   * @return The bytes of the availablePermissions at the given index.
+   */
+  public com.google.protobuf.ByteString
+      getAvailablePermissionsBytes(int index) {
+    return availablePermissions_.getByteString(index);
+  }
+
+  public static final int COMPILED_AVAILABILITY_CONDITION_FIELD_NUMBER = 4;
+  private dev.cel.expr.Expr compiledAvailabilityCondition_;
+  /**
+   * <pre>
+   * The compiled version of the
+   * availability_condition in the STS API AccessBoundaryRule
+   * (google3/google/identity/sts/v1/access_boundary.proto) with limited
+   * function support.
+   * </pre>
+   *
+   * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+   * @return Whether the compiledAvailabilityCondition field is set.
+   */
+  @java.lang.Override
+  public boolean hasCompiledAvailabilityCondition() {
+    return ((bitField0_ & 0x00000001) != 0);
+  }
+  /**
+   * <pre>
+   * The compiled version of the
+   * availability_condition in the STS API AccessBoundaryRule
+   * (google3/google/identity/sts/v1/access_boundary.proto) with limited
+   * function support.
+   * </pre>
+   *
+   * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+   * @return The compiledAvailabilityCondition.
+   */
+  @java.lang.Override
+  public dev.cel.expr.Expr getCompiledAvailabilityCondition() {
+    return compiledAvailabilityCondition_ == null ? dev.cel.expr.Expr.getDefaultInstance() : compiledAvailabilityCondition_;
+  }
+  /**
+   * <pre>
+   * The compiled version of the
+   * availability_condition in the STS API AccessBoundaryRule
+   * (google3/google/identity/sts/v1/access_boundary.proto) with limited
+   * function support.
+   * </pre>
+   *
+   * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+   */
+  @java.lang.Override
+  public dev.cel.expr.ExprOrBuilder getCompiledAvailabilityConditionOrBuilder() {
+    return compiledAvailabilityCondition_ == null ? dev.cel.expr.Expr.getDefaultInstance() : compiledAvailabilityCondition_;
+  }
+
+  private byte memoizedIsInitialized = -1;
+  @java.lang.Override
+  public final boolean isInitialized() {
+    byte isInitialized = memoizedIsInitialized;
+    if (isInitialized == 1) return true;
+    if (isInitialized == 0) return false;
+
+    memoizedIsInitialized = 1;
+    return true;
+  }
+
+  @java.lang.Override
+  public void writeTo(com.google.protobuf.CodedOutputStream output)
+                      throws java.io.IOException {
+    if (!com.google.protobuf.GeneratedMessage.isStringEmpty(availableResource_)) {
+      com.google.protobuf.GeneratedMessage.writeString(output, 1, availableResource_);
+    }
+    for (int i = 0; i < availablePermissions_.size(); i++) {
+      com.google.protobuf.GeneratedMessage.writeString(output, 2, availablePermissions_.getRaw(i));
+    }
+    if (((bitField0_ & 0x00000001) != 0)) {
+      output.writeMessage(4, getCompiledAvailabilityCondition());
+    }
+    getUnknownFields().writeTo(output);
+  }
+
+  @java.lang.Override
+  public int getSerializedSize() {
+    int size = memoizedSize;
+    if (size != -1) return size;
+
+    size = 0;
+    if (!com.google.protobuf.GeneratedMessage.isStringEmpty(availableResource_)) {
+      size += com.google.protobuf.GeneratedMessage.computeStringSize(1, availableResource_);
+    }
+    {
+      int dataSize = 0;
+      for (int i = 0; i < availablePermissions_.size(); i++) {
+        dataSize += computeStringSizeNoTag(availablePermissions_.getRaw(i));
+      }
+      size += dataSize;
+      size += 1 * getAvailablePermissionsList().size();
+    }
+    if (((bitField0_ & 0x00000001) != 0)) {
+      size += com.google.protobuf.CodedOutputStream
+        .computeMessageSize(4, getCompiledAvailabilityCondition());
+    }
+    size += getUnknownFields().getSerializedSize();
+    memoizedSize = size;
+    return size;
+  }
+
+  @java.lang.Override
+  public boolean equals(final java.lang.Object obj) {
+    if (obj == this) {
+     return true;
+    }
+    if (!(obj instanceof com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule)) {
+      return super.equals(obj);
+    }
+    com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule other = (com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule) obj;
+
+    if (!getAvailableResource()
+        .equals(other.getAvailableResource())) return false;
+    if (!getAvailablePermissionsList()
+        .equals(other.getAvailablePermissionsList())) return false;
+    if (hasCompiledAvailabilityCondition() != other.hasCompiledAvailabilityCondition()) return false;
+    if (hasCompiledAvailabilityCondition()) {
+      if (!getCompiledAvailabilityCondition()
+          .equals(other.getCompiledAvailabilityCondition())) return false;
+    }
+    if (!getUnknownFields().equals(other.getUnknownFields())) return false;
+    return true;
+  }
+
+  @java.lang.Override
+  public int hashCode() {
+    if (memoizedHashCode != 0) {
+      return memoizedHashCode;
+    }
+    int hash = 41;
+    hash = (19 * hash) + getDescriptor().hashCode();
+    hash = (37 * hash) + AVAILABLE_RESOURCE_FIELD_NUMBER;
+    hash = (53 * hash) + getAvailableResource().hashCode();
+    if (getAvailablePermissionsCount() > 0) {
+      hash = (37 * hash) + AVAILABLE_PERMISSIONS_FIELD_NUMBER;
+      hash = (53 * hash) + getAvailablePermissionsList().hashCode();
+    }
+    if (hasCompiledAvailabilityCondition()) {
+      hash = (37 * hash) + COMPILED_AVAILABILITY_CONDITION_FIELD_NUMBER;
+      hash = (53 * hash) + getCompiledAvailabilityCondition().hashCode();
+    }
+    hash = (29 * hash) + getUnknownFields().hashCode();
+    memoizedHashCode = hash;
+    return hash;
+  }
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(
+      java.nio.ByteBuffer data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(
+      java.nio.ByteBuffer data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(
+      com.google.protobuf.ByteString data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(
+      com.google.protobuf.ByteString data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(byte[] data)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data);
+  }
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(
+      byte[] data,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws com.google.protobuf.InvalidProtocolBufferException {
+    return PARSER.parseFrom(data, extensionRegistry);
+  }
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(java.io.InputStream input)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage
+        .parseWithIOException(PARSER, input);
+  }
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(
+      java.io.InputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage
+        .parseWithIOException(PARSER, input, extensionRegistry);
+  }
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseDelimitedFrom(java.io.InputStream input)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage
+        .parseDelimitedWithIOException(PARSER, input);
+  }
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseDelimitedFrom(
+      java.io.InputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage
+        .parseDelimitedWithIOException(PARSER, input, extensionRegistry);
+  }
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(
+      com.google.protobuf.CodedInputStream input)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage
+        .parseWithIOException(PARSER, input);
+  }
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(
+      com.google.protobuf.CodedInputStream input,
+      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+      throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage
+        .parseWithIOException(PARSER, input, extensionRegistry);
+  }
+
+  @java.lang.Override
+  public Builder newBuilderForType() { return newBuilder(); }
+  public static Builder newBuilder() {
+    return DEFAULT_INSTANCE.toBuilder();
+  }
+  public static Builder newBuilder(com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule prototype) {
+    return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
+  }
+  @java.lang.Override
+  public Builder toBuilder() {
+    return this == DEFAULT_INSTANCE
+        ? new Builder() : new Builder().mergeFrom(this);
+  }
+
+  @java.lang.Override
+  protected Builder newBuilderForType(
+      com.google.protobuf.GeneratedMessage.BuilderParent parent) {
+    Builder builder = new Builder(parent);
+    return builder;
+  }
+  /**
+   * <pre>
+   * An access boundary rule that defines an upper bound of IAM
+   * permissions on a single resource. This proto has a compiled version of the
+   * availability_condition in the STS API AccessBoundaryRule
+   * (google3/google/identity/sts/v1/access_boundary.proto). It is used to
+   * format the access boundary restriction in the Client-Side CAB access token.
+   * </pre>
+   *
+   * Protobuf type {@code cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule}
+   */
+  public static final class Builder extends
+      com.google.protobuf.GeneratedMessage.Builder<Builder> implements
+      // @@protoc_insertion_point(builder_implements:cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule)
+      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder {
+    public static final com.google.protobuf.Descriptors.Descriptor
+        getDescriptor() {
+      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_descriptor;
+    }
+
+    @java.lang.Override
+    protected com.google.protobuf.GeneratedMessage.FieldAccessorTable
+        internalGetFieldAccessorTable() {
+      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_fieldAccessorTable
+          .ensureFieldAccessorsInitialized(
+              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.class, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder.class);
+    }
+
+    // Construct using com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.newBuilder()
+    private Builder() {
+      maybeForceBuilderInitialization();
+    }
+
+    private Builder(
+        com.google.protobuf.GeneratedMessage.BuilderParent parent) {
+      super(parent);
+      maybeForceBuilderInitialization();
+    }
+    private void maybeForceBuilderInitialization() {
+      if (com.google.protobuf.GeneratedMessage
+              .alwaysUseFieldBuilders) {
+        internalGetCompiledAvailabilityConditionFieldBuilder();
+      }
+    }
+    @java.lang.Override
+    public Builder clear() {
+      super.clear();
+      bitField0_ = 0;
+      availableResource_ = "";
+      availablePermissions_ =
+          com.google.protobuf.LazyStringArrayList.emptyList();
+      compiledAvailabilityCondition_ = null;
+      if (compiledAvailabilityConditionBuilder_ != null) {
+        compiledAvailabilityConditionBuilder_.dispose();
+        compiledAvailabilityConditionBuilder_ = null;
+      }
+      return this;
+    }
+
+    @java.lang.Override
+    public com.google.protobuf.Descriptors.Descriptor
+        getDescriptorForType() {
+      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_descriptor;
+    }
+
+    @java.lang.Override
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule getDefaultInstanceForType() {
+      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.getDefaultInstance();
+    }
+
+    @java.lang.Override
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule build() {
+      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule result = buildPartial();
+      if (!result.isInitialized()) {
+        throw newUninitializedMessageException(result);
+      }
+      return result;
+    }
+
+    @java.lang.Override
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule buildPartial() {
+      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule result = new com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule(this);
+      if (bitField0_ != 0) { buildPartial0(result); }
+      onBuilt();
+      return result;
+    }
+
+    private void buildPartial0(com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule result) {
+      int from_bitField0_ = bitField0_;
+      if (((from_bitField0_ & 0x00000001) != 0)) {
+        result.availableResource_ = availableResource_;
+      }
+      if (((from_bitField0_ & 0x00000002) != 0)) {
+        availablePermissions_.makeImmutable();
+        result.availablePermissions_ = availablePermissions_;
+      }
+      int to_bitField0_ = 0;
+      if (((from_bitField0_ & 0x00000004) != 0)) {
+        result.compiledAvailabilityCondition_ = compiledAvailabilityConditionBuilder_ == null
+            ? compiledAvailabilityCondition_
+            : compiledAvailabilityConditionBuilder_.build();
+        to_bitField0_ |= 0x00000001;
+      }
+      result.bitField0_ |= to_bitField0_;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(com.google.protobuf.Message other) {
+      if (other instanceof com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule) {
+        return mergeFrom((com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule)other);
+      } else {
+        super.mergeFrom(other);
+        return this;
+      }
+    }
+
+    public Builder mergeFrom(com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule other) {
+      if (other == com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.getDefaultInstance()) return this;
+      if (!other.getAvailableResource().isEmpty()) {
+        availableResource_ = other.availableResource_;
+        bitField0_ |= 0x00000001;
+        onChanged();
+      }
+      if (!other.availablePermissions_.isEmpty()) {
+        if (availablePermissions_.isEmpty()) {
+          availablePermissions_ = other.availablePermissions_;
+          bitField0_ |= 0x00000002;
+        } else {
+          ensureAvailablePermissionsIsMutable();
+          availablePermissions_.addAll(other.availablePermissions_);
+        }
+        onChanged();
+      }
+      if (other.hasCompiledAvailabilityCondition()) {
+        mergeCompiledAvailabilityCondition(other.getCompiledAvailabilityCondition());
+      }
+      this.mergeUnknownFields(other.getUnknownFields());
+      onChanged();
+      return this;
+    }
+
+    @java.lang.Override
+    public final boolean isInitialized() {
+      return true;
+    }
+
+    @java.lang.Override
+    public Builder mergeFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws java.io.IOException {
+      if (extensionRegistry == null) {
+        throw new java.lang.NullPointerException();
+      }
+      try {
+        boolean done = false;
+        while (!done) {
+          int tag = input.readTag();
+          switch (tag) {
+            case 0:
+              done = true;
+              break;
+            case 10: {
+              availableResource_ = input.readStringRequireUtf8();
+              bitField0_ |= 0x00000001;
+              break;
+            } // case 10
+            case 18: {
+              java.lang.String s = input.readStringRequireUtf8();
+              ensureAvailablePermissionsIsMutable();
+              availablePermissions_.add(s);
+              break;
+            } // case 18
+            case 34: {
+              input.readMessage(
+                  internalGetCompiledAvailabilityConditionFieldBuilder().getBuilder(),
+                  extensionRegistry);
+              bitField0_ |= 0x00000004;
+              break;
+            } // case 34
+            default: {
+              if (!super.parseUnknownField(input, extensionRegistry, tag)) {
+                done = true; // was an endgroup tag
+              }
+              break;
+            } // default:
+          } // switch (tag)
+        } // while (!done)
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.unwrapIOException();
+      } finally {
+        onChanged();
+      } // finally
+      return this;
+    }
+    private int bitField0_;
+
+    private java.lang.Object availableResource_ = "";
+    /**
+     * <pre>
+     * The full resource name of a Google Cloud resource entity.
+     * The format definition is at
+     * https://cloud.google.com/apis/design/resource_names.
+     *
+     * Example value: `//cloudresourcemanager.googleapis.com/projects/my-project`.
+     * </pre>
+     *
+     * <code>string available_resource = 1 [features = { ... }</code>
+     * @return The availableResource.
+     */
+    public java.lang.String getAvailableResource() {
+      java.lang.Object ref = availableResource_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs =
+            (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        availableResource_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     * <pre>
+     * The full resource name of a Google Cloud resource entity.
+     * The format definition is at
+     * https://cloud.google.com/apis/design/resource_names.
+     *
+     * Example value: `//cloudresourcemanager.googleapis.com/projects/my-project`.
+     * </pre>
+     *
+     * <code>string available_resource = 1 [features = { ... }</code>
+     * @return The bytes for availableResource.
+     */
+    public com.google.protobuf.ByteString
+        getAvailableResourceBytes() {
+      java.lang.Object ref = availableResource_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b = 
+            com.google.protobuf.ByteString.copyFromUtf8(
+                (java.lang.String) ref);
+        availableResource_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     * <pre>
+     * The full resource name of a Google Cloud resource entity.
+     * The format definition is at
+     * https://cloud.google.com/apis/design/resource_names.
+     *
+     * Example value: `//cloudresourcemanager.googleapis.com/projects/my-project`.
+     * </pre>
+     *
+     * <code>string available_resource = 1 [features = { ... }</code>
+     * @param value The availableResource to set.
+     * @return This builder for chaining.
+     */
+    public Builder setAvailableResource(
+        java.lang.String value) {
+      if (value == null) { throw new NullPointerException(); }
+      availableResource_ = value;
+      bitField0_ |= 0x00000001;
+      onChanged();
+      return this;
+    }
+    /**
+     * <pre>
+     * The full resource name of a Google Cloud resource entity.
+     * The format definition is at
+     * https://cloud.google.com/apis/design/resource_names.
+     *
+     * Example value: `//cloudresourcemanager.googleapis.com/projects/my-project`.
+     * </pre>
+     *
+     * <code>string available_resource = 1 [features = { ... }</code>
+     * @return This builder for chaining.
+     */
+    public Builder clearAvailableResource() {
+      availableResource_ = getDefaultInstance().getAvailableResource();
+      bitField0_ = (bitField0_ & ~0x00000001);
+      onChanged();
+      return this;
+    }
+    /**
+     * <pre>
+     * The full resource name of a Google Cloud resource entity.
+     * The format definition is at
+     * https://cloud.google.com/apis/design/resource_names.
+     *
+     * Example value: `//cloudresourcemanager.googleapis.com/projects/my-project`.
+     * </pre>
+     *
+     * <code>string available_resource = 1 [features = { ... }</code>
+     * @param value The bytes for availableResource to set.
+     * @return This builder for chaining.
+     */
+    public Builder setAvailableResourceBytes(
+        com.google.protobuf.ByteString value) {
+      if (value == null) { throw new NullPointerException(); }
+      checkByteStringIsUtf8(value);
+      availableResource_ = value;
+      bitField0_ |= 0x00000001;
+      onChanged();
+      return this;
+    }
+
+    private com.google.protobuf.LazyStringArrayList availablePermissions_ =
+        com.google.protobuf.LazyStringArrayList.emptyList();
+    private void ensureAvailablePermissionsIsMutable() {
+      if (!availablePermissions_.isModifiable()) {
+        availablePermissions_ = new com.google.protobuf.LazyStringArrayList(availablePermissions_);
+      }
+      bitField0_ |= 0x00000002;
+    }
+    /**
+     * <pre>
+     * A list of permissions that may be allowed for use on the specified
+     * resource.
+     *
+     * The only supported values in the list are IAM roles, following the format
+     * of [google.iam.v1.Binding.role][].
+     *
+     * Example value: `inRole:roles/logging.viewer` for predefined roles and
+     * `inRole:organizations/{ORGANIZATION_ID}/roles/logging.viewer` for custom
+     * roles.
+     * </pre>
+     *
+     * <code>repeated string available_permissions = 2;</code>
+     * @return A list containing the availablePermissions.
+     */
+    public com.google.protobuf.ProtocolStringList
+        getAvailablePermissionsList() {
+      availablePermissions_.makeImmutable();
+      return availablePermissions_;
+    }
+    /**
+     * <pre>
+     * A list of permissions that may be allowed for use on the specified
+     * resource.
+     *
+     * The only supported values in the list are IAM roles, following the format
+     * of [google.iam.v1.Binding.role][].
+     *
+     * Example value: `inRole:roles/logging.viewer` for predefined roles and
+     * `inRole:organizations/{ORGANIZATION_ID}/roles/logging.viewer` for custom
+     * roles.
+     * </pre>
+     *
+     * <code>repeated string available_permissions = 2;</code>
+     * @return The count of availablePermissions.
+     */
+    public int getAvailablePermissionsCount() {
+      return availablePermissions_.size();
+    }
+    /**
+     * <pre>
+     * A list of permissions that may be allowed for use on the specified
+     * resource.
+     *
+     * The only supported values in the list are IAM roles, following the format
+     * of [google.iam.v1.Binding.role][].
+     *
+     * Example value: `inRole:roles/logging.viewer` for predefined roles and
+     * `inRole:organizations/{ORGANIZATION_ID}/roles/logging.viewer` for custom
+     * roles.
+     * </pre>
+     *
+     * <code>repeated string available_permissions = 2;</code>
+     * @param index The index of the element to return.
+     * @return The availablePermissions at the given index.
+     */
+    public java.lang.String getAvailablePermissions(int index) {
+      return availablePermissions_.get(index);
+    }
+    /**
+     * <pre>
+     * A list of permissions that may be allowed for use on the specified
+     * resource.
+     *
+     * The only supported values in the list are IAM roles, following the format
+     * of [google.iam.v1.Binding.role][].
+     *
+     * Example value: `inRole:roles/logging.viewer` for predefined roles and
+     * `inRole:organizations/{ORGANIZATION_ID}/roles/logging.viewer` for custom
+     * roles.
+     * </pre>
+     *
+     * <code>repeated string available_permissions = 2;</code>
+     * @param index The index of the value to return.
+     * @return The bytes of the availablePermissions at the given index.
+     */
+    public com.google.protobuf.ByteString
+        getAvailablePermissionsBytes(int index) {
+      return availablePermissions_.getByteString(index);
+    }
+    /**
+     * <pre>
+     * A list of permissions that may be allowed for use on the specified
+     * resource.
+     *
+     * The only supported values in the list are IAM roles, following the format
+     * of [google.iam.v1.Binding.role][].
+     *
+     * Example value: `inRole:roles/logging.viewer` for predefined roles and
+     * `inRole:organizations/{ORGANIZATION_ID}/roles/logging.viewer` for custom
+     * roles.
+     * </pre>
+     *
+     * <code>repeated string available_permissions = 2;</code>
+     * @param index The index to set the value at.
+     * @param value The availablePermissions to set.
+     * @return This builder for chaining.
+     */
+    public Builder setAvailablePermissions(
+        int index, java.lang.String value) {
+      if (value == null) { throw new NullPointerException(); }
+      ensureAvailablePermissionsIsMutable();
+      availablePermissions_.set(index, value);
+      bitField0_ |= 0x00000002;
+      onChanged();
+      return this;
+    }
+    /**
+     * <pre>
+     * A list of permissions that may be allowed for use on the specified
+     * resource.
+     *
+     * The only supported values in the list are IAM roles, following the format
+     * of [google.iam.v1.Binding.role][].
+     *
+     * Example value: `inRole:roles/logging.viewer` for predefined roles and
+     * `inRole:organizations/{ORGANIZATION_ID}/roles/logging.viewer` for custom
+     * roles.
+     * </pre>
+     *
+     * <code>repeated string available_permissions = 2;</code>
+     * @param value The availablePermissions to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAvailablePermissions(
+        java.lang.String value) {
+      if (value == null) { throw new NullPointerException(); }
+      ensureAvailablePermissionsIsMutable();
+      availablePermissions_.add(value);
+      bitField0_ |= 0x00000002;
+      onChanged();
+      return this;
+    }
+    /**
+     * <pre>
+     * A list of permissions that may be allowed for use on the specified
+     * resource.
+     *
+     * The only supported values in the list are IAM roles, following the format
+     * of [google.iam.v1.Binding.role][].
+     *
+     * Example value: `inRole:roles/logging.viewer` for predefined roles and
+     * `inRole:organizations/{ORGANIZATION_ID}/roles/logging.viewer` for custom
+     * roles.
+     * </pre>
+     *
+     * <code>repeated string available_permissions = 2;</code>
+     * @param values The availablePermissions to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAllAvailablePermissions(
+        java.lang.Iterable<java.lang.String> values) {
+      ensureAvailablePermissionsIsMutable();
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(
+          values, availablePermissions_);
+      bitField0_ |= 0x00000002;
+      onChanged();
+      return this;
+    }
+    /**
+     * <pre>
+     * A list of permissions that may be allowed for use on the specified
+     * resource.
+     *
+     * The only supported values in the list are IAM roles, following the format
+     * of [google.iam.v1.Binding.role][].
+     *
+     * Example value: `inRole:roles/logging.viewer` for predefined roles and
+     * `inRole:organizations/{ORGANIZATION_ID}/roles/logging.viewer` for custom
+     * roles.
+     * </pre>
+     *
+     * <code>repeated string available_permissions = 2;</code>
+     * @return This builder for chaining.
+     */
+    public Builder clearAvailablePermissions() {
+      availablePermissions_ =
+        com.google.protobuf.LazyStringArrayList.emptyList();
+      bitField0_ = (bitField0_ & ~0x00000002);;
+      onChanged();
+      return this;
+    }
+    /**
+     * <pre>
+     * A list of permissions that may be allowed for use on the specified
+     * resource.
+     *
+     * The only supported values in the list are IAM roles, following the format
+     * of [google.iam.v1.Binding.role][].
+     *
+     * Example value: `inRole:roles/logging.viewer` for predefined roles and
+     * `inRole:organizations/{ORGANIZATION_ID}/roles/logging.viewer` for custom
+     * roles.
+     * </pre>
+     *
+     * <code>repeated string available_permissions = 2;</code>
+     * @param value The bytes of the availablePermissions to add.
+     * @return This builder for chaining.
+     */
+    public Builder addAvailablePermissionsBytes(
+        com.google.protobuf.ByteString value) {
+      if (value == null) { throw new NullPointerException(); }
+      checkByteStringIsUtf8(value);
+      ensureAvailablePermissionsIsMutable();
+      availablePermissions_.add(value);
+      bitField0_ |= 0x00000002;
+      onChanged();
+      return this;
+    }
+
+    private dev.cel.expr.Expr compiledAvailabilityCondition_;
+    private com.google.protobuf.SingleFieldBuilder<
+        dev.cel.expr.Expr, dev.cel.expr.Expr.Builder, dev.cel.expr.ExprOrBuilder> compiledAvailabilityConditionBuilder_;
+    /**
+     * <pre>
+     * The compiled version of the
+     * availability_condition in the STS API AccessBoundaryRule
+     * (google3/google/identity/sts/v1/access_boundary.proto) with limited
+     * function support.
+     * </pre>
+     *
+     * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+     * @return Whether the compiledAvailabilityCondition field is set.
+     */
+    public boolean hasCompiledAvailabilityCondition() {
+      return ((bitField0_ & 0x00000004) != 0);
+    }
+    /**
+     * <pre>
+     * The compiled version of the
+     * availability_condition in the STS API AccessBoundaryRule
+     * (google3/google/identity/sts/v1/access_boundary.proto) with limited
+     * function support.
+     * </pre>
+     *
+     * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+     * @return The compiledAvailabilityCondition.
+     */
+    public dev.cel.expr.Expr getCompiledAvailabilityCondition() {
+      if (compiledAvailabilityConditionBuilder_ == null) {
+        return compiledAvailabilityCondition_ == null ? dev.cel.expr.Expr.getDefaultInstance() : compiledAvailabilityCondition_;
+      } else {
+        return compiledAvailabilityConditionBuilder_.getMessage();
+      }
+    }
+    /**
+     * <pre>
+     * The compiled version of the
+     * availability_condition in the STS API AccessBoundaryRule
+     * (google3/google/identity/sts/v1/access_boundary.proto) with limited
+     * function support.
+     * </pre>
+     *
+     * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+     */
+    public Builder setCompiledAvailabilityCondition(dev.cel.expr.Expr value) {
+      if (compiledAvailabilityConditionBuilder_ == null) {
+        if (value == null) {
+          throw new NullPointerException();
+        }
+        compiledAvailabilityCondition_ = value;
+      } else {
+        compiledAvailabilityConditionBuilder_.setMessage(value);
+      }
+      bitField0_ |= 0x00000004;
+      onChanged();
+      return this;
+    }
+    /**
+     * <pre>
+     * The compiled version of the
+     * availability_condition in the STS API AccessBoundaryRule
+     * (google3/google/identity/sts/v1/access_boundary.proto) with limited
+     * function support.
+     * </pre>
+     *
+     * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+     */
+    public Builder setCompiledAvailabilityCondition(
+        dev.cel.expr.Expr.Builder builderForValue) {
+      if (compiledAvailabilityConditionBuilder_ == null) {
+        compiledAvailabilityCondition_ = builderForValue.build();
+      } else {
+        compiledAvailabilityConditionBuilder_.setMessage(builderForValue.build());
+      }
+      bitField0_ |= 0x00000004;
+      onChanged();
+      return this;
+    }
+    /**
+     * <pre>
+     * The compiled version of the
+     * availability_condition in the STS API AccessBoundaryRule
+     * (google3/google/identity/sts/v1/access_boundary.proto) with limited
+     * function support.
+     * </pre>
+     *
+     * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+     */
+    public Builder mergeCompiledAvailabilityCondition(dev.cel.expr.Expr value) {
+      if (compiledAvailabilityConditionBuilder_ == null) {
+        if (((bitField0_ & 0x00000004) != 0) &&
+          compiledAvailabilityCondition_ != null &&
+          compiledAvailabilityCondition_ != dev.cel.expr.Expr.getDefaultInstance()) {
+          getCompiledAvailabilityConditionBuilder().mergeFrom(value);
+        } else {
+          compiledAvailabilityCondition_ = value;
+        }
+      } else {
+        compiledAvailabilityConditionBuilder_.mergeFrom(value);
+      }
+      if (compiledAvailabilityCondition_ != null) {
+        bitField0_ |= 0x00000004;
+        onChanged();
+      }
+      return this;
+    }
+    /**
+     * <pre>
+     * The compiled version of the
+     * availability_condition in the STS API AccessBoundaryRule
+     * (google3/google/identity/sts/v1/access_boundary.proto) with limited
+     * function support.
+     * </pre>
+     *
+     * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+     */
+    public Builder clearCompiledAvailabilityCondition() {
+      bitField0_ = (bitField0_ & ~0x00000004);
+      compiledAvailabilityCondition_ = null;
+      if (compiledAvailabilityConditionBuilder_ != null) {
+        compiledAvailabilityConditionBuilder_.dispose();
+        compiledAvailabilityConditionBuilder_ = null;
+      }
+      onChanged();
+      return this;
+    }
+    /**
+     * <pre>
+     * The compiled version of the
+     * availability_condition in the STS API AccessBoundaryRule
+     * (google3/google/identity/sts/v1/access_boundary.proto) with limited
+     * function support.
+     * </pre>
+     *
+     * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+     */
+    public dev.cel.expr.Expr.Builder getCompiledAvailabilityConditionBuilder() {
+      bitField0_ |= 0x00000004;
+      onChanged();
+      return internalGetCompiledAvailabilityConditionFieldBuilder().getBuilder();
+    }
+    /**
+     * <pre>
+     * The compiled version of the
+     * availability_condition in the STS API AccessBoundaryRule
+     * (google3/google/identity/sts/v1/access_boundary.proto) with limited
+     * function support.
+     * </pre>
+     *
+     * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+     */
+    public dev.cel.expr.ExprOrBuilder getCompiledAvailabilityConditionOrBuilder() {
+      if (compiledAvailabilityConditionBuilder_ != null) {
+        return compiledAvailabilityConditionBuilder_.getMessageOrBuilder();
+      } else {
+        return compiledAvailabilityCondition_ == null ?
+            dev.cel.expr.Expr.getDefaultInstance() : compiledAvailabilityCondition_;
+      }
+    }
+    /**
+     * <pre>
+     * The compiled version of the
+     * availability_condition in the STS API AccessBoundaryRule
+     * (google3/google/identity/sts/v1/access_boundary.proto) with limited
+     * function support.
+     * </pre>
+     *
+     * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+     */
+    private com.google.protobuf.SingleFieldBuilder<
+        dev.cel.expr.Expr, dev.cel.expr.Expr.Builder, dev.cel.expr.ExprOrBuilder> 
+        internalGetCompiledAvailabilityConditionFieldBuilder() {
+      if (compiledAvailabilityConditionBuilder_ == null) {
+        compiledAvailabilityConditionBuilder_ = new com.google.protobuf.SingleFieldBuilder<
+            dev.cel.expr.Expr, dev.cel.expr.Expr.Builder, dev.cel.expr.ExprOrBuilder>(
+                getCompiledAvailabilityCondition(),
+                getParentForChildren(),
+                isClean());
+        compiledAvailabilityCondition_ = null;
+      }
+      return compiledAvailabilityConditionBuilder_;
+    }
+
+    // @@protoc_insertion_point(builder_scope:cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule)
+  }
+
+  // @@protoc_insertion_point(class_scope:cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule)
+  private static final com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule DEFAULT_INSTANCE;
+  static {
+    DEFAULT_INSTANCE = new com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule();
+  }
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule getDefaultInstance() {
+    return DEFAULT_INSTANCE;
+  }
+
+  private static final com.google.protobuf.Parser<ClientSideAccessBoundaryRule>
+      PARSER = new com.google.protobuf.AbstractParser<ClientSideAccessBoundaryRule>() {
+    @java.lang.Override
+    public ClientSideAccessBoundaryRule parsePartialFrom(
+        com.google.protobuf.CodedInputStream input,
+        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+        throws com.google.protobuf.InvalidProtocolBufferException {
+      Builder builder = newBuilder();
+      try {
+        builder.mergeFrom(input, extensionRegistry);
+      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+        throw e.setUnfinishedMessage(builder.buildPartial());
+      } catch (com.google.protobuf.UninitializedMessageException e) {
+        throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial());
+      } catch (java.io.IOException e) {
+        throw new com.google.protobuf.InvalidProtocolBufferException(e)
+            .setUnfinishedMessage(builder.buildPartial());
+      }
+      return builder.buildPartial();
+    }
+  };
+
+  public static com.google.protobuf.Parser<ClientSideAccessBoundaryRule> parser() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.protobuf.Parser<ClientSideAccessBoundaryRule> getParserForType() {
+    return PARSER;
+  }
+
+  @java.lang.Override
+  public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule getDefaultInstanceForType() {
+    return DEFAULT_INSTANCE;
+  }
+
+}
+
diff --git a/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryRuleOrBuilder.java b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryRuleOrBuilder.java
new file mode 100644
index 000000000..82ad99cbd
--- /dev/null
+++ b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryRuleOrBuilder.java
@@ -0,0 +1,149 @@
+// Generated by the protocol buffer compiler.  DO NOT EDIT!
+// NO CHECKED-IN PROTOBUF GENCODE
+// source: client_side_access_boundary.proto
+// Protobuf Java Version: 4.33.0
+
+package com.google.auth.credentialaccessboundary.protobuf;
+
+@com.google.protobuf.Generated
+public interface ClientSideAccessBoundaryRuleOrBuilder extends
+    // @@protoc_insertion_point(interface_extends:cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule)
+    com.google.protobuf.MessageOrBuilder {
+
+  /**
+   * <pre>
+   * The full resource name of a Google Cloud resource entity.
+   * The format definition is at
+   * https://cloud.google.com/apis/design/resource_names.
+   *
+   * Example value: `//cloudresourcemanager.googleapis.com/projects/my-project`.
+   * </pre>
+   *
+   * <code>string available_resource = 1 [features = { ... }</code>
+   * @return The availableResource.
+   */
+  java.lang.String getAvailableResource();
+  /**
+   * <pre>
+   * The full resource name of a Google Cloud resource entity.
+   * The format definition is at
+   * https://cloud.google.com/apis/design/resource_names.
+   *
+   * Example value: `//cloudresourcemanager.googleapis.com/projects/my-project`.
+   * </pre>
+   *
+   * <code>string available_resource = 1 [features = { ... }</code>
+   * @return The bytes for availableResource.
+   */
+  com.google.protobuf.ByteString
+      getAvailableResourceBytes();
+
+  /**
+   * <pre>
+   * A list of permissions that may be allowed for use on the specified
+   * resource.
+   *
+   * The only supported values in the list are IAM roles, following the format
+   * of [google.iam.v1.Binding.role][].
+   *
+   * Example value: `inRole:roles/logging.viewer` for predefined roles and
+   * `inRole:organizations/{ORGANIZATION_ID}/roles/logging.viewer` for custom
+   * roles.
+   * </pre>
+   *
+   * <code>repeated string available_permissions = 2;</code>
+   * @return A list containing the availablePermissions.
+   */
+  java.util.List<java.lang.String>
+      getAvailablePermissionsList();
+  /**
+   * <pre>
+   * A list of permissions that may be allowed for use on the specified
+   * resource.
+   *
+   * The only supported values in the list are IAM roles, following the format
+   * of [google.iam.v1.Binding.role][].
+   *
+   * Example value: `inRole:roles/logging.viewer` for predefined roles and
+   * `inRole:organizations/{ORGANIZATION_ID}/roles/logging.viewer` for custom
+   * roles.
+   * </pre>
+   *
+   * <code>repeated string available_permissions = 2;</code>
+   * @return The count of availablePermissions.
+   */
+  int getAvailablePermissionsCount();
+  /**
+   * <pre>
+   * A list of permissions that may be allowed for use on the specified
+   * resource.
+   *
+   * The only supported values in the list are IAM roles, following the format
+   * of [google.iam.v1.Binding.role][].
+   *
+   * Example value: `inRole:roles/logging.viewer` for predefined roles and
+   * `inRole:organizations/{ORGANIZATION_ID}/roles/logging.viewer` for custom
+   * roles.
+   * </pre>
+   *
+   * <code>repeated string available_permissions = 2;</code>
+   * @param index The index of the element to return.
+   * @return The availablePermissions at the given index.
+   */
+  java.lang.String getAvailablePermissions(int index);
+  /**
+   * <pre>
+   * A list of permissions that may be allowed for use on the specified
+   * resource.
+   *
+   * The only supported values in the list are IAM roles, following the format
+   * of [google.iam.v1.Binding.role][].
+   *
+   * Example value: `inRole:roles/logging.viewer` for predefined roles and
+   * `inRole:organizations/{ORGANIZATION_ID}/roles/logging.viewer` for custom
+   * roles.
+   * </pre>
+   *
+   * <code>repeated string available_permissions = 2;</code>
+   * @param index The index of the value to return.
+   * @return The bytes of the availablePermissions at the given index.
+   */
+  com.google.protobuf.ByteString
+      getAvailablePermissionsBytes(int index);
+
+  /**
+   * <pre>
+   * The compiled version of the
+   * availability_condition in the STS API AccessBoundaryRule
+   * (google3/google/identity/sts/v1/access_boundary.proto) with limited
+   * function support.
+   * </pre>
+   *
+   * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+   * @return Whether the compiledAvailabilityCondition field is set.
+   */
+  boolean hasCompiledAvailabilityCondition();
+  /**
+   * <pre>
+   * The compiled version of the
+   * availability_condition in the STS API AccessBoundaryRule
+   * (google3/google/identity/sts/v1/access_boundary.proto) with limited
+   * function support.
+   * </pre>
+   *
+   * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+   * @return The compiledAvailabilityCondition.
+   */
+  dev.cel.expr.Expr getCompiledAvailabilityCondition();
+  /**
+   * <pre>
+   * The compiled version of the
+   * availability_condition in the STS API AccessBoundaryRule
+   * (google3/google/identity/sts/v1/access_boundary.proto) with limited
+   * function support.
+   * </pre>
+   *
+   * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+   */
+  dev.cel.expr.ExprOrBuilder getCompiledAvailabilityConditionOrBuilder();
+}
diff --git a/cab-token-generator/javatests/com/google/auth/credentialaccessboundary/ClientSideCredentialAccessBoundaryFactoryTest.java b/cab-token-generator/javatests/com/google/auth/credentialaccessboundary/ClientSideCredentialAccessBoundaryFactoryTest.java
index 3f353db37..0ba9cbcf4 100644
--- a/cab-token-generator/javatests/com/google/auth/credentialaccessboundary/ClientSideCredentialAccessBoundaryFactoryTest.java
+++ b/cab-token-generator/javatests/com/google/auth/credentialaccessboundary/ClientSideCredentialAccessBoundaryFactoryTest.java
@@ -45,8 +45,8 @@
 import com.google.auth.TestUtils;
 import com.google.auth.credentialaccessboundary.ClientSideCredentialAccessBoundaryFactory.IntermediateCredentials;
 import com.google.auth.credentialaccessboundary.ClientSideCredentialAccessBoundaryFactory.RefreshType;
-import com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.ClientSideAccessBoundary;
-import com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.ClientSideAccessBoundaryRule;
+import com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary;
+import com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule;
 import com.google.auth.http.HttpTransportFactory;
 import com.google.auth.oauth2.AccessToken;
 import com.google.auth.oauth2.CredentialAccessBoundary;

From d66780d74b96b502f8fc327d2557827d45788a45 Mon Sep 17 00:00:00 2001
From: diegomarquezp <diegomarquezp@google.com>
Date: Tue, 9 Dec 2025 21:03:31 +0000
Subject: [PATCH 3/5] chore: format

---
 .../protobuf/ClientSideAccessBoundary.java    | 652 ++++++++++++------
 .../ClientSideAccessBoundaryOrBuilder.java    |  51 +-
 .../ClientSideAccessBoundaryProto.java        | 102 +--
 .../ClientSideAccessBoundaryRule.java         | 632 +++++++++++------
 ...ClientSideAccessBoundaryRuleOrBuilder.java |  44 +-
 5 files changed, 961 insertions(+), 520 deletions(-)

diff --git a/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundary.java b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundary.java
index f3d90859b..afaa011d1 100644
--- a/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundary.java
+++ b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundary.java
@@ -6,6 +6,8 @@
 package com.google.auth.credentialaccessboundary.protobuf;
 
 /**
+ *
+ *
  * <pre>
  * An access boundary defines the upper bound of what a principal may access. It
  * includes a list of client-side access boundary rules that each defines the
@@ -16,45 +18,57 @@
  * Protobuf type {@code cloud.identity.unifiedauth.proto.ClientSideAccessBoundary}
  */
 @com.google.protobuf.Generated
-public final class ClientSideAccessBoundary extends
-    com.google.protobuf.GeneratedMessage implements
+public final class ClientSideAccessBoundary extends com.google.protobuf.GeneratedMessage
+    implements
     // @@protoc_insertion_point(message_implements:cloud.identity.unifiedauth.proto.ClientSideAccessBoundary)
     ClientSideAccessBoundaryOrBuilder {
-private static final long serialVersionUID = 0L;
+  private static final long serialVersionUID = 0L;
+
   static {
     com.google.protobuf.RuntimeVersion.validateProtobufGencodeVersion(
-      com.google.protobuf.RuntimeVersion.RuntimeDomain.PUBLIC,
-      /* major= */ 4,
-      /* minor= */ 33,
-      /* patch= */ 0,
-      /* suffix= */ "",
-      "ClientSideAccessBoundary");
+        com.google.protobuf.RuntimeVersion.RuntimeDomain.PUBLIC,
+        /* major= */ 4,
+        /* minor= */ 33,
+        /* patch= */ 0,
+        /* suffix= */ "",
+        "ClientSideAccessBoundary");
   }
+
   // Use ClientSideAccessBoundary.newBuilder() to construct.
   private ClientSideAccessBoundary(com.google.protobuf.GeneratedMessage.Builder<?> builder) {
     super(builder);
   }
+
   private ClientSideAccessBoundary() {
     accessBoundaryRules_ = java.util.Collections.emptyList();
   }
 
-  public static final com.google.protobuf.Descriptors.Descriptor
-      getDescriptor() {
-    return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_descriptor;
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
+        .internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_descriptor;
   }
 
   @java.lang.Override
   protected com.google.protobuf.GeneratedMessage.FieldAccessorTable
       internalGetFieldAccessorTable() {
-    return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_fieldAccessorTable
+    return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
+        .internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_fieldAccessorTable
         .ensureFieldAccessorsInitialized(
-            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary.class, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary.Builder.class);
+            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary.class,
+            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary.Builder
+                .class);
   }
 
   public static final int ACCESS_BOUNDARY_RULES_FIELD_NUMBER = 1;
+
   @SuppressWarnings("serial")
-  private java.util.List<com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule> accessBoundaryRules_;
+  private java.util.List<
+          com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule>
+      accessBoundaryRules_;
+
   /**
+   *
+   *
    * <pre>
    * A list of client-side access boundary rules which defines the upper bound
    * of the permission a principal may carry. If multiple rules are specified,
@@ -62,13 +76,20 @@ private ClientSideAccessBoundary() {
    * attached.
    * </pre>
    *
-   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   * <code>
+   * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+   * </code>
    */
   @java.lang.Override
-  public java.util.List<com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule> getAccessBoundaryRulesList() {
+  public java.util.List<
+          com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule>
+      getAccessBoundaryRulesList() {
     return accessBoundaryRules_;
   }
+
   /**
+   *
+   *
    * <pre>
    * A list of client-side access boundary rules which defines the upper bound
    * of the permission a principal may carry. If multiple rules are specified,
@@ -76,14 +97,22 @@ public java.util.List<com.google.auth.credentialaccessboundary.protobuf.ClientSi
    * attached.
    * </pre>
    *
-   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   * <code>
+   * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+   * </code>
    */
   @java.lang.Override
-  public java.util.List<? extends com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder> 
+  public java.util.List<
+          ? extends
+              com.google.auth.credentialaccessboundary.protobuf
+                  .ClientSideAccessBoundaryRuleOrBuilder>
       getAccessBoundaryRulesOrBuilderList() {
     return accessBoundaryRules_;
   }
+
   /**
+   *
+   *
    * <pre>
    * A list of client-side access boundary rules which defines the upper bound
    * of the permission a principal may carry. If multiple rules are specified,
@@ -91,13 +120,18 @@ public java.util.List<com.google.auth.credentialaccessboundary.protobuf.ClientSi
    * attached.
    * </pre>
    *
-   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   * <code>
+   * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+   * </code>
    */
   @java.lang.Override
   public int getAccessBoundaryRulesCount() {
     return accessBoundaryRules_.size();
   }
+
   /**
+   *
+   *
    * <pre>
    * A list of client-side access boundary rules which defines the upper bound
    * of the permission a principal may carry. If multiple rules are specified,
@@ -105,13 +139,19 @@ public int getAccessBoundaryRulesCount() {
    * attached.
    * </pre>
    *
-   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   * <code>
+   * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+   * </code>
    */
   @java.lang.Override
-  public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule getAccessBoundaryRules(int index) {
+  public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+      getAccessBoundaryRules(int index) {
     return accessBoundaryRules_.get(index);
   }
+
   /**
+   *
+   *
    * <pre>
    * A list of client-side access boundary rules which defines the upper bound
    * of the permission a principal may carry. If multiple rules are specified,
@@ -119,15 +159,18 @@ public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundar
    * attached.
    * </pre>
    *
-   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   * <code>
+   * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+   * </code>
    */
   @java.lang.Override
-  public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder getAccessBoundaryRulesOrBuilder(
-      int index) {
+  public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder
+      getAccessBoundaryRulesOrBuilder(int index) {
     return accessBoundaryRules_.get(index);
   }
 
   private byte memoizedIsInitialized = -1;
+
   @java.lang.Override
   public final boolean isInitialized() {
     byte isInitialized = memoizedIsInitialized;
@@ -139,8 +182,7 @@ public final boolean isInitialized() {
   }
 
   @java.lang.Override
-  public void writeTo(com.google.protobuf.CodedOutputStream output)
-                      throws java.io.IOException {
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
     for (int i = 0; i < accessBoundaryRules_.size(); i++) {
       output.writeMessage(1, accessBoundaryRules_.get(i));
     }
@@ -154,8 +196,8 @@ public int getSerializedSize() {
 
     size = 0;
     for (int i = 0; i < accessBoundaryRules_.size(); i++) {
-      size += com.google.protobuf.CodedOutputStream
-        .computeMessageSize(1, accessBoundaryRules_.get(i));
+      size +=
+          com.google.protobuf.CodedOutputStream.computeMessageSize(1, accessBoundaryRules_.get(i));
     }
     size += getUnknownFields().getSerializedSize();
     memoizedSize = size;
@@ -165,15 +207,16 @@ public int getSerializedSize() {
   @java.lang.Override
   public boolean equals(final java.lang.Object obj) {
     if (obj == this) {
-     return true;
+      return true;
     }
-    if (!(obj instanceof com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary)) {
+    if (!(obj
+        instanceof com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary)) {
       return super.equals(obj);
     }
-    com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary other = (com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary) obj;
+    com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary other =
+        (com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary) obj;
 
-    if (!getAccessBoundaryRulesList()
-        .equals(other.getAccessBoundaryRulesList())) return false;
+    if (!getAccessBoundaryRulesList().equals(other.getAccessBoundaryRulesList())) return false;
     if (!getUnknownFields().equals(other.getUnknownFields())) return false;
     return true;
   }
@@ -194,99 +237,112 @@ public int hashCode() {
     return hash;
   }
 
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(
-      java.nio.ByteBuffer data)
-      throws com.google.protobuf.InvalidProtocolBufferException {
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary
+      parseFrom(java.nio.ByteBuffer data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
     return PARSER.parseFrom(data);
   }
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(
-      java.nio.ByteBuffer data,
-      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-      throws com.google.protobuf.InvalidProtocolBufferException {
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary
+      parseFrom(
+          java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
     return PARSER.parseFrom(data, extensionRegistry);
   }
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(
-      com.google.protobuf.ByteString data)
-      throws com.google.protobuf.InvalidProtocolBufferException {
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary
+      parseFrom(com.google.protobuf.ByteString data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
     return PARSER.parseFrom(data);
   }
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(
-      com.google.protobuf.ByteString data,
-      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-      throws com.google.protobuf.InvalidProtocolBufferException {
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary
+      parseFrom(
+          com.google.protobuf.ByteString data,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
     return PARSER.parseFrom(data, extensionRegistry);
   }
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(byte[] data)
-      throws com.google.protobuf.InvalidProtocolBufferException {
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary
+      parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
     return PARSER.parseFrom(data);
   }
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(
-      byte[] data,
-      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-      throws com.google.protobuf.InvalidProtocolBufferException {
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary
+      parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
     return PARSER.parseFrom(data, extensionRegistry);
   }
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(java.io.InputStream input)
-      throws java.io.IOException {
-    return com.google.protobuf.GeneratedMessage
-        .parseWithIOException(PARSER, input);
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary
+      parseFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage.parseWithIOException(PARSER, input);
   }
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(
-      java.io.InputStream input,
-      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-      throws java.io.IOException {
-    return com.google.protobuf.GeneratedMessage
-        .parseWithIOException(PARSER, input, extensionRegistry);
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary
+      parseFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage.parseWithIOException(
+        PARSER, input, extensionRegistry);
   }
 
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseDelimitedFrom(java.io.InputStream input)
-      throws java.io.IOException {
-    return com.google.protobuf.GeneratedMessage
-        .parseDelimitedWithIOException(PARSER, input);
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage.parseDelimitedWithIOException(PARSER, input);
   }
 
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseDelimitedFrom(
-      java.io.InputStream input,
-      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-      throws java.io.IOException {
-    return com.google.protobuf.GeneratedMessage
-        .parseDelimitedWithIOException(PARSER, input, extensionRegistry);
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
   }
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(
-      com.google.protobuf.CodedInputStream input)
-      throws java.io.IOException {
-    return com.google.protobuf.GeneratedMessage
-        .parseWithIOException(PARSER, input);
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary
+      parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage.parseWithIOException(PARSER, input);
   }
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary parseFrom(
-      com.google.protobuf.CodedInputStream input,
-      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-      throws java.io.IOException {
-    return com.google.protobuf.GeneratedMessage
-        .parseWithIOException(PARSER, input, extensionRegistry);
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary
+      parseFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage.parseWithIOException(
+        PARSER, input, extensionRegistry);
   }
 
   @java.lang.Override
-  public Builder newBuilderForType() { return newBuilder(); }
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
   public static Builder newBuilder() {
     return DEFAULT_INSTANCE.toBuilder();
   }
-  public static Builder newBuilder(com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary prototype) {
+
+  public static Builder newBuilder(
+      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary prototype) {
     return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
   }
+
   @java.lang.Override
   public Builder toBuilder() {
-    return this == DEFAULT_INSTANCE
-        ? new Builder() : new Builder().mergeFrom(this);
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
   }
 
   @java.lang.Override
-  protected Builder newBuilderForType(
-      com.google.protobuf.GeneratedMessage.BuilderParent parent) {
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessage.BuilderParent parent) {
     Builder builder = new Builder(parent);
     return builder;
   }
+
   /**
+   *
+   *
    * <pre>
    * An access boundary defines the upper bound of what a principal may access. It
    * includes a list of client-side access boundary rules that each defines the
@@ -296,33 +352,34 @@ protected Builder newBuilderForType(
    *
    * Protobuf type {@code cloud.identity.unifiedauth.proto.ClientSideAccessBoundary}
    */
-  public static final class Builder extends
-      com.google.protobuf.GeneratedMessage.Builder<Builder> implements
+  public static final class Builder extends com.google.protobuf.GeneratedMessage.Builder<Builder>
+      implements
       // @@protoc_insertion_point(builder_implements:cloud.identity.unifiedauth.proto.ClientSideAccessBoundary)
       com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryOrBuilder {
-    public static final com.google.protobuf.Descriptors.Descriptor
-        getDescriptor() {
-      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_descriptor;
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
+          .internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_descriptor;
     }
 
     @java.lang.Override
     protected com.google.protobuf.GeneratedMessage.FieldAccessorTable
         internalGetFieldAccessorTable() {
-      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_fieldAccessorTable
+      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
+          .internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_fieldAccessorTable
           .ensureFieldAccessorsInitialized(
-              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary.class, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary.Builder.class);
+              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary.class,
+              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary.Builder
+                  .class);
     }
 
-    // Construct using com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary.newBuilder()
-    private Builder() {
-
-    }
+    // Construct using
+    // com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary.newBuilder()
+    private Builder() {}
 
-    private Builder(
-        com.google.protobuf.GeneratedMessage.BuilderParent parent) {
+    private Builder(com.google.protobuf.GeneratedMessage.BuilderParent parent) {
       super(parent);
-
     }
+
     @java.lang.Override
     public Builder clear() {
       super.clear();
@@ -338,19 +395,22 @@ public Builder clear() {
     }
 
     @java.lang.Override
-    public com.google.protobuf.Descriptors.Descriptor
-        getDescriptorForType() {
-      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_descriptor;
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
+          .internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_descriptor;
     }
 
     @java.lang.Override
-    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary getDefaultInstanceForType() {
-      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary.getDefaultInstance();
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary
+        getDefaultInstanceForType() {
+      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary
+          .getDefaultInstance();
     }
 
     @java.lang.Override
     public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary build() {
-      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary result = buildPartial();
+      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary result =
+          buildPartial();
       if (!result.isInitialized()) {
         throw newUninitializedMessageException(result);
       }
@@ -358,15 +418,20 @@ public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundar
     }
 
     @java.lang.Override
-    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary buildPartial() {
-      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary result = new com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary(this);
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary
+        buildPartial() {
+      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary result =
+          new com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary(this);
       buildPartialRepeatedFields(result);
-      if (bitField0_ != 0) { buildPartial0(result); }
+      if (bitField0_ != 0) {
+        buildPartial0(result);
+      }
       onBuilt();
       return result;
     }
 
-    private void buildPartialRepeatedFields(com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary result) {
+    private void buildPartialRepeatedFields(
+        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary result) {
       if (accessBoundaryRulesBuilder_ == null) {
         if (((bitField0_ & 0x00000001) != 0)) {
           accessBoundaryRules_ = java.util.Collections.unmodifiableList(accessBoundaryRules_);
@@ -378,22 +443,28 @@ private void buildPartialRepeatedFields(com.google.auth.credentialaccessboundary
       }
     }
 
-    private void buildPartial0(com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary result) {
+    private void buildPartial0(
+        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary result) {
       int from_bitField0_ = bitField0_;
     }
 
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
-      if (other instanceof com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary) {
-        return mergeFrom((com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary)other);
+      if (other
+          instanceof com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary) {
+        return mergeFrom(
+            (com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary) other);
       } else {
         super.mergeFrom(other);
         return this;
       }
     }
 
-    public Builder mergeFrom(com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary other) {
-      if (other == com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary.getDefaultInstance()) return this;
+    public Builder mergeFrom(
+        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary other) {
+      if (other
+          == com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary
+              .getDefaultInstance()) return this;
       if (accessBoundaryRulesBuilder_ == null) {
         if (!other.accessBoundaryRules_.isEmpty()) {
           if (accessBoundaryRules_.isEmpty()) {
@@ -412,9 +483,10 @@ public Builder mergeFrom(com.google.auth.credentialaccessboundary.protobuf.Clien
             accessBoundaryRulesBuilder_ = null;
             accessBoundaryRules_ = other.accessBoundaryRules_;
             bitField0_ = (bitField0_ & ~0x00000001);
-            accessBoundaryRulesBuilder_ = 
-              com.google.protobuf.GeneratedMessage.alwaysUseFieldBuilders ?
-                 internalGetAccessBoundaryRulesFieldBuilder() : null;
+            accessBoundaryRulesBuilder_ =
+                com.google.protobuf.GeneratedMessage.alwaysUseFieldBuilders
+                    ? internalGetAccessBoundaryRulesFieldBuilder()
+                    : null;
           } else {
             accessBoundaryRulesBuilder_.addAllMessages(other.accessBoundaryRules_);
           }
@@ -446,25 +518,28 @@ public Builder mergeFrom(
             case 0:
               done = true;
               break;
-            case 10: {
-              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule m =
-                  input.readMessage(
-                      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.parser(),
-                      extensionRegistry);
-              if (accessBoundaryRulesBuilder_ == null) {
-                ensureAccessBoundaryRulesIsMutable();
-                accessBoundaryRules_.add(m);
-              } else {
-                accessBoundaryRulesBuilder_.addMessage(m);
-              }
-              break;
-            } // case 10
-            default: {
-              if (!super.parseUnknownField(input, extensionRegistry, tag)) {
-                done = true; // was an endgroup tag
-              }
-              break;
-            } // default:
+            case 10:
+              {
+                com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule m =
+                    input.readMessage(
+                        com.google.auth.credentialaccessboundary.protobuf
+                            .ClientSideAccessBoundaryRule.parser(),
+                        extensionRegistry);
+                if (accessBoundaryRulesBuilder_ == null) {
+                  ensureAccessBoundaryRulesIsMutable();
+                  accessBoundaryRules_.add(m);
+                } else {
+                  accessBoundaryRulesBuilder_.addMessage(m);
+                }
+                break;
+              } // case 10
+            default:
+              {
+                if (!super.parseUnknownField(input, extensionRegistry, tag)) {
+                  done = true; // was an endgroup tag
+                }
+                break;
+              } // default:
           } // switch (tag)
         } // while (!done)
       } catch (com.google.protobuf.InvalidProtocolBufferException e) {
@@ -474,21 +549,32 @@ public Builder mergeFrom(
       } // finally
       return this;
     }
+
     private int bitField0_;
 
-    private java.util.List<com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule> accessBoundaryRules_ =
-      java.util.Collections.emptyList();
+    private java.util.List<
+            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule>
+        accessBoundaryRules_ = java.util.Collections.emptyList();
+
     private void ensureAccessBoundaryRulesIsMutable() {
       if (!((bitField0_ & 0x00000001) != 0)) {
-        accessBoundaryRules_ = new java.util.ArrayList<com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule>(accessBoundaryRules_);
+        accessBoundaryRules_ =
+            new java.util.ArrayList<
+                com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule>(
+                accessBoundaryRules_);
         bitField0_ |= 0x00000001;
-       }
+      }
     }
 
     private com.google.protobuf.RepeatedFieldBuilder<
-        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder> accessBoundaryRulesBuilder_;
+            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule,
+            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder,
+            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder>
+        accessBoundaryRulesBuilder_;
 
     /**
+     *
+     *
      * <pre>
      * A list of client-side access boundary rules which defines the upper bound
      * of the permission a principal may carry. If multiple rules are specified,
@@ -496,16 +582,23 @@ private void ensureAccessBoundaryRulesIsMutable() {
      * attached.
      * </pre>
      *
-     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     * <code>
+     * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+     * </code>
      */
-    public java.util.List<com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule> getAccessBoundaryRulesList() {
+    public java.util.List<
+            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule>
+        getAccessBoundaryRulesList() {
       if (accessBoundaryRulesBuilder_ == null) {
         return java.util.Collections.unmodifiableList(accessBoundaryRules_);
       } else {
         return accessBoundaryRulesBuilder_.getMessageList();
       }
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of client-side access boundary rules which defines the upper bound
      * of the permission a principal may carry. If multiple rules are specified,
@@ -513,7 +606,9 @@ public java.util.List<com.google.auth.credentialaccessboundary.protobuf.ClientSi
      * attached.
      * </pre>
      *
-     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     * <code>
+     * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+     * </code>
      */
     public int getAccessBoundaryRulesCount() {
       if (accessBoundaryRulesBuilder_ == null) {
@@ -522,7 +617,10 @@ public int getAccessBoundaryRulesCount() {
         return accessBoundaryRulesBuilder_.getCount();
       }
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of client-side access boundary rules which defines the upper bound
      * of the permission a principal may carry. If multiple rules are specified,
@@ -530,16 +628,22 @@ public int getAccessBoundaryRulesCount() {
      * attached.
      * </pre>
      *
-     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     * <code>
+     * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+     * </code>
      */
-    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule getAccessBoundaryRules(int index) {
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+        getAccessBoundaryRules(int index) {
       if (accessBoundaryRulesBuilder_ == null) {
         return accessBoundaryRules_.get(index);
       } else {
         return accessBoundaryRulesBuilder_.getMessage(index);
       }
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of client-side access boundary rules which defines the upper bound
      * of the permission a principal may carry. If multiple rules are specified,
@@ -547,10 +651,13 @@ public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundar
      * attached.
      * </pre>
      *
-     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     * <code>
+     * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+     * </code>
      */
     public Builder setAccessBoundaryRules(
-        int index, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule value) {
+        int index,
+        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule value) {
       if (accessBoundaryRulesBuilder_ == null) {
         if (value == null) {
           throw new NullPointerException();
@@ -563,7 +670,10 @@ public Builder setAccessBoundaryRules(
       }
       return this;
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of client-side access boundary rules which defines the upper bound
      * of the permission a principal may carry. If multiple rules are specified,
@@ -571,10 +681,14 @@ public Builder setAccessBoundaryRules(
      * attached.
      * </pre>
      *
-     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     * <code>
+     * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+     * </code>
      */
     public Builder setAccessBoundaryRules(
-        int index, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder builderForValue) {
+        int index,
+        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder
+            builderForValue) {
       if (accessBoundaryRulesBuilder_ == null) {
         ensureAccessBoundaryRulesIsMutable();
         accessBoundaryRules_.set(index, builderForValue.build());
@@ -584,7 +698,10 @@ public Builder setAccessBoundaryRules(
       }
       return this;
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of client-side access boundary rules which defines the upper bound
      * of the permission a principal may carry. If multiple rules are specified,
@@ -592,9 +709,12 @@ public Builder setAccessBoundaryRules(
      * attached.
      * </pre>
      *
-     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     * <code>
+     * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+     * </code>
      */
-    public Builder addAccessBoundaryRules(com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule value) {
+    public Builder addAccessBoundaryRules(
+        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule value) {
       if (accessBoundaryRulesBuilder_ == null) {
         if (value == null) {
           throw new NullPointerException();
@@ -607,7 +727,10 @@ public Builder addAccessBoundaryRules(com.google.auth.credentialaccessboundary.p
       }
       return this;
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of client-side access boundary rules which defines the upper bound
      * of the permission a principal may carry. If multiple rules are specified,
@@ -615,10 +738,13 @@ public Builder addAccessBoundaryRules(com.google.auth.credentialaccessboundary.p
      * attached.
      * </pre>
      *
-     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     * <code>
+     * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+     * </code>
      */
     public Builder addAccessBoundaryRules(
-        int index, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule value) {
+        int index,
+        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule value) {
       if (accessBoundaryRulesBuilder_ == null) {
         if (value == null) {
           throw new NullPointerException();
@@ -631,7 +757,10 @@ public Builder addAccessBoundaryRules(
       }
       return this;
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of client-side access boundary rules which defines the upper bound
      * of the permission a principal may carry. If multiple rules are specified,
@@ -639,10 +768,13 @@ public Builder addAccessBoundaryRules(
      * attached.
      * </pre>
      *
-     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     * <code>
+     * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+     * </code>
      */
     public Builder addAccessBoundaryRules(
-        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder builderForValue) {
+        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder
+            builderForValue) {
       if (accessBoundaryRulesBuilder_ == null) {
         ensureAccessBoundaryRulesIsMutable();
         accessBoundaryRules_.add(builderForValue.build());
@@ -652,7 +784,10 @@ public Builder addAccessBoundaryRules(
       }
       return this;
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of client-side access boundary rules which defines the upper bound
      * of the permission a principal may carry. If multiple rules are specified,
@@ -660,10 +795,14 @@ public Builder addAccessBoundaryRules(
      * attached.
      * </pre>
      *
-     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     * <code>
+     * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+     * </code>
      */
     public Builder addAccessBoundaryRules(
-        int index, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder builderForValue) {
+        int index,
+        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder
+            builderForValue) {
       if (accessBoundaryRulesBuilder_ == null) {
         ensureAccessBoundaryRulesIsMutable();
         accessBoundaryRules_.add(index, builderForValue.build());
@@ -673,7 +812,10 @@ public Builder addAccessBoundaryRules(
       }
       return this;
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of client-side access boundary rules which defines the upper bound
      * of the permission a principal may carry. If multiple rules are specified,
@@ -681,21 +823,28 @@ public Builder addAccessBoundaryRules(
      * attached.
      * </pre>
      *
-     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     * <code>
+     * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+     * </code>
      */
     public Builder addAllAccessBoundaryRules(
-        java.lang.Iterable<? extends com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule> values) {
+        java.lang.Iterable<
+                ? extends
+                    com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule>
+            values) {
       if (accessBoundaryRulesBuilder_ == null) {
         ensureAccessBoundaryRulesIsMutable();
-        com.google.protobuf.AbstractMessageLite.Builder.addAll(
-            values, accessBoundaryRules_);
+        com.google.protobuf.AbstractMessageLite.Builder.addAll(values, accessBoundaryRules_);
         onChanged();
       } else {
         accessBoundaryRulesBuilder_.addAllMessages(values);
       }
       return this;
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of client-side access boundary rules which defines the upper bound
      * of the permission a principal may carry. If multiple rules are specified,
@@ -703,7 +852,9 @@ public Builder addAllAccessBoundaryRules(
      * attached.
      * </pre>
      *
-     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     * <code>
+     * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+     * </code>
      */
     public Builder clearAccessBoundaryRules() {
       if (accessBoundaryRulesBuilder_ == null) {
@@ -715,7 +866,10 @@ public Builder clearAccessBoundaryRules() {
       }
       return this;
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of client-side access boundary rules which defines the upper bound
      * of the permission a principal may carry. If multiple rules are specified,
@@ -723,7 +877,9 @@ public Builder clearAccessBoundaryRules() {
      * attached.
      * </pre>
      *
-     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     * <code>
+     * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+     * </code>
      */
     public Builder removeAccessBoundaryRules(int index) {
       if (accessBoundaryRulesBuilder_ == null) {
@@ -735,7 +891,10 @@ public Builder removeAccessBoundaryRules(int index) {
       }
       return this;
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of client-side access boundary rules which defines the upper bound
      * of the permission a principal may carry. If multiple rules are specified,
@@ -743,13 +902,18 @@ public Builder removeAccessBoundaryRules(int index) {
      * attached.
      * </pre>
      *
-     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     * <code>
+     * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+     * </code>
      */
-    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder getAccessBoundaryRulesBuilder(
-        int index) {
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder
+        getAccessBoundaryRulesBuilder(int index) {
       return internalGetAccessBoundaryRulesFieldBuilder().getBuilder(index);
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of client-side access boundary rules which defines the upper bound
      * of the permission a principal may carry. If multiple rules are specified,
@@ -757,16 +921,22 @@ public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundar
      * attached.
      * </pre>
      *
-     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     * <code>
+     * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+     * </code>
      */
-    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder getAccessBoundaryRulesOrBuilder(
-        int index) {
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder
+        getAccessBoundaryRulesOrBuilder(int index) {
       if (accessBoundaryRulesBuilder_ == null) {
-        return accessBoundaryRules_.get(index);  } else {
+        return accessBoundaryRules_.get(index);
+      } else {
         return accessBoundaryRulesBuilder_.getMessageOrBuilder(index);
       }
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of client-side access boundary rules which defines the upper bound
      * of the permission a principal may carry. If multiple rules are specified,
@@ -774,17 +944,25 @@ public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundar
      * attached.
      * </pre>
      *
-     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     * <code>
+     * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+     * </code>
      */
-    public java.util.List<? extends com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder> 
-         getAccessBoundaryRulesOrBuilderList() {
+    public java.util.List<
+            ? extends
+                com.google.auth.credentialaccessboundary.protobuf
+                    .ClientSideAccessBoundaryRuleOrBuilder>
+        getAccessBoundaryRulesOrBuilderList() {
       if (accessBoundaryRulesBuilder_ != null) {
         return accessBoundaryRulesBuilder_.getMessageOrBuilderList();
       } else {
         return java.util.Collections.unmodifiableList(accessBoundaryRules_);
       }
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of client-side access boundary rules which defines the upper bound
      * of the permission a principal may carry. If multiple rules are specified,
@@ -792,13 +970,21 @@ public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundar
      * attached.
      * </pre>
      *
-     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     * <code>
+     * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+     * </code>
      */
-    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder addAccessBoundaryRulesBuilder() {
-      return internalGetAccessBoundaryRulesFieldBuilder().addBuilder(
-          com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.getDefaultInstance());
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder
+        addAccessBoundaryRulesBuilder() {
+      return internalGetAccessBoundaryRulesFieldBuilder()
+          .addBuilder(
+              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+                  .getDefaultInstance());
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of client-side access boundary rules which defines the upper bound
      * of the permission a principal may carry. If multiple rules are specified,
@@ -806,14 +992,22 @@ public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundar
      * attached.
      * </pre>
      *
-     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     * <code>
+     * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+     * </code>
      */
-    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder addAccessBoundaryRulesBuilder(
-        int index) {
-      return internalGetAccessBoundaryRulesFieldBuilder().addBuilder(
-          index, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.getDefaultInstance());
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder
+        addAccessBoundaryRulesBuilder(int index) {
+      return internalGetAccessBoundaryRulesFieldBuilder()
+          .addBuilder(
+              index,
+              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+                  .getDefaultInstance());
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of client-side access boundary rules which defines the upper bound
      * of the permission a principal may carry. If multiple rules are specified,
@@ -821,18 +1015,29 @@ public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundar
      * attached.
      * </pre>
      *
-     * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+     * <code>
+     * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+     * </code>
      */
-    public java.util.List<com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder> 
-         getAccessBoundaryRulesBuilderList() {
+    public java.util.List<
+            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder>
+        getAccessBoundaryRulesBuilderList() {
       return internalGetAccessBoundaryRulesFieldBuilder().getBuilderList();
     }
+
     private com.google.protobuf.RepeatedFieldBuilder<
-        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder> 
+            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule,
+            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder,
+            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder>
         internalGetAccessBoundaryRulesFieldBuilder() {
       if (accessBoundaryRulesBuilder_ == null) {
-        accessBoundaryRulesBuilder_ = new com.google.protobuf.RepeatedFieldBuilder<
-            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder>(
+        accessBoundaryRulesBuilder_ =
+            new com.google.protobuf.RepeatedFieldBuilder<
+                com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule,
+                com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+                    .Builder,
+                com.google.auth.credentialaccessboundary.protobuf
+                    .ClientSideAccessBoundaryRuleOrBuilder>(
                 accessBoundaryRules_,
                 ((bitField0_ & 0x00000001) != 0),
                 getParentForChildren(),
@@ -846,36 +1051,40 @@ public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundar
   }
 
   // @@protoc_insertion_point(class_scope:cloud.identity.unifiedauth.proto.ClientSideAccessBoundary)
-  private static final com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary DEFAULT_INSTANCE;
+  private static final com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary
+      DEFAULT_INSTANCE;
+
   static {
-    DEFAULT_INSTANCE = new com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary();
+    DEFAULT_INSTANCE =
+        new com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary();
   }
 
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary getDefaultInstance() {
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary
+      getDefaultInstance() {
     return DEFAULT_INSTANCE;
   }
 
-  private static final com.google.protobuf.Parser<ClientSideAccessBoundary>
-      PARSER = new com.google.protobuf.AbstractParser<ClientSideAccessBoundary>() {
-    @java.lang.Override
-    public ClientSideAccessBoundary parsePartialFrom(
-        com.google.protobuf.CodedInputStream input,
-        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-        throws com.google.protobuf.InvalidProtocolBufferException {
-      Builder builder = newBuilder();
-      try {
-        builder.mergeFrom(input, extensionRegistry);
-      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
-        throw e.setUnfinishedMessage(builder.buildPartial());
-      } catch (com.google.protobuf.UninitializedMessageException e) {
-        throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial());
-      } catch (java.io.IOException e) {
-        throw new com.google.protobuf.InvalidProtocolBufferException(e)
-            .setUnfinishedMessage(builder.buildPartial());
-      }
-      return builder.buildPartial();
-    }
-  };
+  private static final com.google.protobuf.Parser<ClientSideAccessBoundary> PARSER =
+      new com.google.protobuf.AbstractParser<ClientSideAccessBoundary>() {
+        @java.lang.Override
+        public ClientSideAccessBoundary parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          Builder builder = newBuilder();
+          try {
+            builder.mergeFrom(input, extensionRegistry);
+          } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+            throw e.setUnfinishedMessage(builder.buildPartial());
+          } catch (com.google.protobuf.UninitializedMessageException e) {
+            throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial());
+          } catch (java.io.IOException e) {
+            throw new com.google.protobuf.InvalidProtocolBufferException(e)
+                .setUnfinishedMessage(builder.buildPartial());
+          }
+          return builder.buildPartial();
+        }
+      };
 
   public static com.google.protobuf.Parser<ClientSideAccessBoundary> parser() {
     return PARSER;
@@ -887,9 +1096,8 @@ public com.google.protobuf.Parser<ClientSideAccessBoundary> getParserForType() {
   }
 
   @java.lang.Override
-  public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary getDefaultInstanceForType() {
+  public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundary
+      getDefaultInstanceForType() {
     return DEFAULT_INSTANCE;
   }
-
 }
-
diff --git a/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryOrBuilder.java b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryOrBuilder.java
index 82c57dade..3d8824472 100644
--- a/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryOrBuilder.java
+++ b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryOrBuilder.java
@@ -6,11 +6,14 @@
 package com.google.auth.credentialaccessboundary.protobuf;
 
 @com.google.protobuf.Generated
-public interface ClientSideAccessBoundaryOrBuilder extends
+public interface ClientSideAccessBoundaryOrBuilder
+    extends
     // @@protoc_insertion_point(interface_extends:cloud.identity.unifiedauth.proto.ClientSideAccessBoundary)
     com.google.protobuf.MessageOrBuilder {
 
   /**
+   *
+   *
    * <pre>
    * A list of client-side access boundary rules which defines the upper bound
    * of the permission a principal may carry. If multiple rules are specified,
@@ -18,11 +21,16 @@ public interface ClientSideAccessBoundaryOrBuilder extends
    * attached.
    * </pre>
    *
-   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   * <code>
+   * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+   * </code>
    */
-  java.util.List<com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule> 
+  java.util.List<com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule>
       getAccessBoundaryRulesList();
+
   /**
+   *
+   *
    * <pre>
    * A list of client-side access boundary rules which defines the upper bound
    * of the permission a principal may carry. If multiple rules are specified,
@@ -30,10 +38,16 @@ public interface ClientSideAccessBoundaryOrBuilder extends
    * attached.
    * </pre>
    *
-   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   * <code>
+   * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+   * </code>
    */
-  com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule getAccessBoundaryRules(int index);
+  com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+      getAccessBoundaryRules(int index);
+
   /**
+   *
+   *
    * <pre>
    * A list of client-side access boundary rules which defines the upper bound
    * of the permission a principal may carry. If multiple rules are specified,
@@ -41,10 +55,15 @@ public interface ClientSideAccessBoundaryOrBuilder extends
    * attached.
    * </pre>
    *
-   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   * <code>
+   * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+   * </code>
    */
   int getAccessBoundaryRulesCount();
+
   /**
+   *
+   *
    * <pre>
    * A list of client-side access boundary rules which defines the upper bound
    * of the permission a principal may carry. If multiple rules are specified,
@@ -52,11 +71,19 @@ public interface ClientSideAccessBoundaryOrBuilder extends
    * attached.
    * </pre>
    *
-   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   * <code>
+   * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+   * </code>
    */
-  java.util.List<? extends com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder> 
+  java.util.List<
+          ? extends
+              com.google.auth.credentialaccessboundary.protobuf
+                  .ClientSideAccessBoundaryRuleOrBuilder>
       getAccessBoundaryRulesOrBuilderList();
+
   /**
+   *
+   *
    * <pre>
    * A list of client-side access boundary rules which defines the upper bound
    * of the permission a principal may carry. If multiple rules are specified,
@@ -64,8 +91,10 @@ public interface ClientSideAccessBoundaryOrBuilder extends
    * attached.
    * </pre>
    *
-   * <code>repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;</code>
+   * <code>
+   * repeated .cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule access_boundary_rules = 1;
+   * </code>
    */
-  com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder getAccessBoundaryRulesOrBuilder(
-      int index);
+  com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder
+      getAccessBoundaryRulesOrBuilder(int index);
 }
diff --git a/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryProto.java b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryProto.java
index b9e81b2b7..2e35de87f 100644
--- a/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryProto.java
+++ b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryProto.java
@@ -8,73 +8,75 @@
 @com.google.protobuf.Generated
 public final class ClientSideAccessBoundaryProto extends com.google.protobuf.GeneratedFile {
   private ClientSideAccessBoundaryProto() {}
+
   static {
     com.google.protobuf.RuntimeVersion.validateProtobufGencodeVersion(
-      com.google.protobuf.RuntimeVersion.RuntimeDomain.PUBLIC,
-      /* major= */ 4,
-      /* minor= */ 33,
-      /* patch= */ 0,
-      /* suffix= */ "",
-      "ClientSideAccessBoundaryProto");
-  }
-  public static void registerAllExtensions(
-      com.google.protobuf.ExtensionRegistryLite registry) {
+        com.google.protobuf.RuntimeVersion.RuntimeDomain.PUBLIC,
+        /* major= */ 4,
+        /* minor= */ 33,
+        /* patch= */ 0,
+        /* suffix= */ "",
+        "ClientSideAccessBoundaryProto");
   }
 
-  public static void registerAllExtensions(
-      com.google.protobuf.ExtensionRegistry registry) {
-    registerAllExtensions(
-        (com.google.protobuf.ExtensionRegistryLite) registry);
+  public static void registerAllExtensions(com.google.protobuf.ExtensionRegistryLite registry) {}
+
+  public static void registerAllExtensions(com.google.protobuf.ExtensionRegistry registry) {
+    registerAllExtensions((com.google.protobuf.ExtensionRegistryLite) registry);
   }
+
   static final com.google.protobuf.Descriptors.Descriptor
-    internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_descriptor;
-  static final 
-    com.google.protobuf.GeneratedMessage.FieldAccessorTable
+      internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_descriptor;
+  static final com.google.protobuf.GeneratedMessage.FieldAccessorTable
       internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_fieldAccessorTable;
   static final com.google.protobuf.Descriptors.Descriptor
-    internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_descriptor;
-  static final 
-    com.google.protobuf.GeneratedMessage.FieldAccessorTable
+      internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_descriptor;
+  static final com.google.protobuf.GeneratedMessage.FieldAccessorTable
       internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_fieldAccessorTable;
 
-  public static com.google.protobuf.Descriptors.FileDescriptor
-      getDescriptor() {
+  public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
     return descriptor;
   }
-  private static  com.google.protobuf.Descriptors.FileDescriptor
-      descriptor;
+
+  private static com.google.protobuf.Descriptors.FileDescriptor descriptor;
+
   static {
     java.lang.String[] descriptorData = {
-      "\n!client_side_access_boundary.proto\022 clo" +
-      "ud.identity.unifiedauth.proto\032\034google/ap" +
-      "i/expr/syntax.proto\"\240\001\n\034ClientSideAccess" +
-      "BoundaryRule\022!\n\022available_resource\030\001 \001(\t" +
-      "B\005\252\001\002\010\002\022\035\n\025available_permissions\030\002 \003(\t\022>" +
-      "\n\037compiled_availability_condition\030\004 \001(\0132" +
-      "\025.google.api.expr.Expr\"y\n\030ClientSideAcce" +
-      "ssBoundary\022]\n\025access_boundary_rules\030\001 \003(" +
-      "\0132>.cloud.identity.unifiedauth.proto.Cli" +
-      "entSideAccessBoundaryRuleB-\n+com.google." +
-      "cloud.identity.unifiedauth.protob\010editio" +
-      "nsp\351\007"
+      "\n!client_side_access_boundary.proto\022 clo"
+          + "ud.identity.unifiedauth.proto\032\034google/ap"
+          + "i/expr/syntax.proto\"\240\001\n\034ClientSideAccess"
+          + "BoundaryRule\022!\n\022available_resource\030\001 \001(\t"
+          + "B\005\252\001\002\010\002\022\035\n\025available_permissions\030\002 \003(\t\022>"
+          + "\n\037compiled_availability_condition\030\004 \001(\0132"
+          + "\025.google.api.expr.Expr\"y\n\030ClientSideAcce"
+          + "ssBoundary\022]\n\025access_boundary_rules\030\001 \003("
+          + "\0132>.cloud.identity.unifiedauth.proto.Cli"
+          + "entSideAccessBoundaryRuleB-\n+com.google."
+          + "cloud.identity.unifiedauth.protob\010editio"
+          + "nsp\351\007"
     };
-    descriptor = com.google.protobuf.Descriptors.FileDescriptor
-      .internalBuildGeneratedFileFrom(descriptorData,
-        new com.google.protobuf.Descriptors.FileDescriptor[] {
-          dev.cel.expr.SyntaxProto.getDescriptor(),
-        });
+    descriptor =
+        com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
+            descriptorData,
+            new com.google.protobuf.Descriptors.FileDescriptor[] {
+              dev.cel.expr.SyntaxProto.getDescriptor(),
+            });
     internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_descriptor =
-      getDescriptor().getMessageType(0);
-    internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_fieldAccessorTable = new
-      com.google.protobuf.GeneratedMessage.FieldAccessorTable(
-        internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_descriptor,
-        new java.lang.String[] { "AvailableResource", "AvailablePermissions", "CompiledAvailabilityCondition", });
+        getDescriptor().getMessageType(0);
+    internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessage.FieldAccessorTable(
+            internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_descriptor,
+            new java.lang.String[] {
+              "AvailableResource", "AvailablePermissions", "CompiledAvailabilityCondition",
+            });
     internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_descriptor =
-      getDescriptor().getMessageType(1);
-    internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_fieldAccessorTable = new
-      com.google.protobuf.GeneratedMessage.FieldAccessorTable(
-        internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_descriptor,
-        new java.lang.String[] { "AccessBoundaryRules", });
+        getDescriptor().getMessageType(1);
+    internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_fieldAccessorTable =
+        new com.google.protobuf.GeneratedMessage.FieldAccessorTable(
+            internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundary_descriptor,
+            new java.lang.String[] {
+              "AccessBoundaryRules",
+            });
     descriptor.resolveAllFeaturesImmutable();
     dev.cel.expr.SyntaxProto.getDescriptor();
   }
diff --git a/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryRule.java b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryRule.java
index 4410e3b1e..7b024f07f 100644
--- a/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryRule.java
+++ b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryRule.java
@@ -6,6 +6,8 @@
 package com.google.auth.credentialaccessboundary.protobuf;
 
 /**
+ *
+ *
  * <pre>
  * An access boundary rule that defines an upper bound of IAM
  * permissions on a single resource. This proto has a compiled version of the
@@ -17,48 +19,57 @@
  * Protobuf type {@code cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule}
  */
 @com.google.protobuf.Generated
-public final class ClientSideAccessBoundaryRule extends
-    com.google.protobuf.GeneratedMessage implements
+public final class ClientSideAccessBoundaryRule extends com.google.protobuf.GeneratedMessage
+    implements
     // @@protoc_insertion_point(message_implements:cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule)
     ClientSideAccessBoundaryRuleOrBuilder {
-private static final long serialVersionUID = 0L;
+  private static final long serialVersionUID = 0L;
+
   static {
     com.google.protobuf.RuntimeVersion.validateProtobufGencodeVersion(
-      com.google.protobuf.RuntimeVersion.RuntimeDomain.PUBLIC,
-      /* major= */ 4,
-      /* minor= */ 33,
-      /* patch= */ 0,
-      /* suffix= */ "",
-      "ClientSideAccessBoundaryRule");
+        com.google.protobuf.RuntimeVersion.RuntimeDomain.PUBLIC,
+        /* major= */ 4,
+        /* minor= */ 33,
+        /* patch= */ 0,
+        /* suffix= */ "",
+        "ClientSideAccessBoundaryRule");
   }
+
   // Use ClientSideAccessBoundaryRule.newBuilder() to construct.
   private ClientSideAccessBoundaryRule(com.google.protobuf.GeneratedMessage.Builder<?> builder) {
     super(builder);
   }
+
   private ClientSideAccessBoundaryRule() {
     availableResource_ = "";
-    availablePermissions_ =
-        com.google.protobuf.LazyStringArrayList.emptyList();
+    availablePermissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
   }
 
-  public static final com.google.protobuf.Descriptors.Descriptor
-      getDescriptor() {
-    return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_descriptor;
+  public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+    return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
+        .internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_descriptor;
   }
 
   @java.lang.Override
   protected com.google.protobuf.GeneratedMessage.FieldAccessorTable
       internalGetFieldAccessorTable() {
-    return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_fieldAccessorTable
+    return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
+        .internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_fieldAccessorTable
         .ensureFieldAccessorsInitialized(
-            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.class, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder.class);
+            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.class,
+            com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder
+                .class);
   }
 
   private int bitField0_;
   public static final int AVAILABLE_RESOURCE_FIELD_NUMBER = 1;
+
   @SuppressWarnings("serial")
   private volatile java.lang.Object availableResource_ = "";
+
   /**
+   *
+   *
    * <pre>
    * The full resource name of a Google Cloud resource entity.
    * The format definition is at
@@ -68,6 +79,7 @@ private ClientSideAccessBoundaryRule() {
    * </pre>
    *
    * <code>string available_resource = 1 [features = { ... }</code>
+   *
    * @return The availableResource.
    */
   @java.lang.Override
@@ -76,14 +88,16 @@ public java.lang.String getAvailableResource() {
     if (ref instanceof java.lang.String) {
       return (java.lang.String) ref;
     } else {
-      com.google.protobuf.ByteString bs = 
-          (com.google.protobuf.ByteString) ref;
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
       java.lang.String s = bs.toStringUtf8();
       availableResource_ = s;
       return s;
     }
   }
+
   /**
+   *
+   *
    * <pre>
    * The full resource name of a Google Cloud resource entity.
    * The format definition is at
@@ -93,16 +107,15 @@ public java.lang.String getAvailableResource() {
    * </pre>
    *
    * <code>string available_resource = 1 [features = { ... }</code>
+   *
    * @return The bytes for availableResource.
    */
   @java.lang.Override
-  public com.google.protobuf.ByteString
-      getAvailableResourceBytes() {
+  public com.google.protobuf.ByteString getAvailableResourceBytes() {
     java.lang.Object ref = availableResource_;
     if (ref instanceof java.lang.String) {
-      com.google.protobuf.ByteString b = 
-          com.google.protobuf.ByteString.copyFromUtf8(
-              (java.lang.String) ref);
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
       availableResource_ = b;
       return b;
     } else {
@@ -111,10 +124,14 @@ public java.lang.String getAvailableResource() {
   }
 
   public static final int AVAILABLE_PERMISSIONS_FIELD_NUMBER = 2;
+
   @SuppressWarnings("serial")
   private com.google.protobuf.LazyStringArrayList availablePermissions_ =
       com.google.protobuf.LazyStringArrayList.emptyList();
+
   /**
+   *
+   *
    * <pre>
    * A list of permissions that may be allowed for use on the specified
    * resource.
@@ -128,13 +145,16 @@ public java.lang.String getAvailableResource() {
    * </pre>
    *
    * <code>repeated string available_permissions = 2;</code>
+   *
    * @return A list containing the availablePermissions.
    */
-  public com.google.protobuf.ProtocolStringList
-      getAvailablePermissionsList() {
+  public com.google.protobuf.ProtocolStringList getAvailablePermissionsList() {
     return availablePermissions_;
   }
+
   /**
+   *
+   *
    * <pre>
    * A list of permissions that may be allowed for use on the specified
    * resource.
@@ -148,12 +168,16 @@ public java.lang.String getAvailableResource() {
    * </pre>
    *
    * <code>repeated string available_permissions = 2;</code>
+   *
    * @return The count of availablePermissions.
    */
   public int getAvailablePermissionsCount() {
     return availablePermissions_.size();
   }
+
   /**
+   *
+   *
    * <pre>
    * A list of permissions that may be allowed for use on the specified
    * resource.
@@ -167,13 +191,17 @@ public int getAvailablePermissionsCount() {
    * </pre>
    *
    * <code>repeated string available_permissions = 2;</code>
+   *
    * @param index The index of the element to return.
    * @return The availablePermissions at the given index.
    */
   public java.lang.String getAvailablePermissions(int index) {
     return availablePermissions_.get(index);
   }
+
   /**
+   *
+   *
    * <pre>
    * A list of permissions that may be allowed for use on the specified
    * resource.
@@ -187,17 +215,20 @@ public java.lang.String getAvailablePermissions(int index) {
    * </pre>
    *
    * <code>repeated string available_permissions = 2;</code>
+   *
    * @param index The index of the value to return.
    * @return The bytes of the availablePermissions at the given index.
    */
-  public com.google.protobuf.ByteString
-      getAvailablePermissionsBytes(int index) {
+  public com.google.protobuf.ByteString getAvailablePermissionsBytes(int index) {
     return availablePermissions_.getByteString(index);
   }
 
   public static final int COMPILED_AVAILABILITY_CONDITION_FIELD_NUMBER = 4;
   private dev.cel.expr.Expr compiledAvailabilityCondition_;
+
   /**
+   *
+   *
    * <pre>
    * The compiled version of the
    * availability_condition in the STS API AccessBoundaryRule
@@ -206,13 +237,17 @@ public java.lang.String getAvailablePermissions(int index) {
    * </pre>
    *
    * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+   *
    * @return Whether the compiledAvailabilityCondition field is set.
    */
   @java.lang.Override
   public boolean hasCompiledAvailabilityCondition() {
     return ((bitField0_ & 0x00000001) != 0);
   }
+
   /**
+   *
+   *
    * <pre>
    * The compiled version of the
    * availability_condition in the STS API AccessBoundaryRule
@@ -221,13 +256,19 @@ public boolean hasCompiledAvailabilityCondition() {
    * </pre>
    *
    * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+   *
    * @return The compiledAvailabilityCondition.
    */
   @java.lang.Override
   public dev.cel.expr.Expr getCompiledAvailabilityCondition() {
-    return compiledAvailabilityCondition_ == null ? dev.cel.expr.Expr.getDefaultInstance() : compiledAvailabilityCondition_;
+    return compiledAvailabilityCondition_ == null
+        ? dev.cel.expr.Expr.getDefaultInstance()
+        : compiledAvailabilityCondition_;
   }
+
   /**
+   *
+   *
    * <pre>
    * The compiled version of the
    * availability_condition in the STS API AccessBoundaryRule
@@ -239,10 +280,13 @@ public dev.cel.expr.Expr getCompiledAvailabilityCondition() {
    */
   @java.lang.Override
   public dev.cel.expr.ExprOrBuilder getCompiledAvailabilityConditionOrBuilder() {
-    return compiledAvailabilityCondition_ == null ? dev.cel.expr.Expr.getDefaultInstance() : compiledAvailabilityCondition_;
+    return compiledAvailabilityCondition_ == null
+        ? dev.cel.expr.Expr.getDefaultInstance()
+        : compiledAvailabilityCondition_;
   }
 
   private byte memoizedIsInitialized = -1;
+
   @java.lang.Override
   public final boolean isInitialized() {
     byte isInitialized = memoizedIsInitialized;
@@ -254,8 +298,7 @@ public final boolean isInitialized() {
   }
 
   @java.lang.Override
-  public void writeTo(com.google.protobuf.CodedOutputStream output)
-                      throws java.io.IOException {
+  public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
     if (!com.google.protobuf.GeneratedMessage.isStringEmpty(availableResource_)) {
       com.google.protobuf.GeneratedMessage.writeString(output, 1, availableResource_);
     }
@@ -286,8 +329,9 @@ public int getSerializedSize() {
       size += 1 * getAvailablePermissionsList().size();
     }
     if (((bitField0_ & 0x00000001) != 0)) {
-      size += com.google.protobuf.CodedOutputStream
-        .computeMessageSize(4, getCompiledAvailabilityCondition());
+      size +=
+          com.google.protobuf.CodedOutputStream.computeMessageSize(
+              4, getCompiledAvailabilityCondition());
     }
     size += getUnknownFields().getSerializedSize();
     memoizedSize = size;
@@ -297,21 +341,23 @@ public int getSerializedSize() {
   @java.lang.Override
   public boolean equals(final java.lang.Object obj) {
     if (obj == this) {
-     return true;
+      return true;
     }
-    if (!(obj instanceof com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule)) {
+    if (!(obj
+        instanceof
+        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule)) {
       return super.equals(obj);
     }
-    com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule other = (com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule) obj;
+    com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule other =
+        (com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule) obj;
 
-    if (!getAvailableResource()
-        .equals(other.getAvailableResource())) return false;
-    if (!getAvailablePermissionsList()
-        .equals(other.getAvailablePermissionsList())) return false;
-    if (hasCompiledAvailabilityCondition() != other.hasCompiledAvailabilityCondition()) return false;
+    if (!getAvailableResource().equals(other.getAvailableResource())) return false;
+    if (!getAvailablePermissionsList().equals(other.getAvailablePermissionsList())) return false;
+    if (hasCompiledAvailabilityCondition() != other.hasCompiledAvailabilityCondition())
+      return false;
     if (hasCompiledAvailabilityCondition()) {
-      if (!getCompiledAvailabilityCondition()
-          .equals(other.getCompiledAvailabilityCondition())) return false;
+      if (!getCompiledAvailabilityCondition().equals(other.getCompiledAvailabilityCondition()))
+        return false;
     }
     if (!getUnknownFields().equals(other.getUnknownFields())) return false;
     return true;
@@ -339,99 +385,112 @@ public int hashCode() {
     return hash;
   }
 
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(
-      java.nio.ByteBuffer data)
-      throws com.google.protobuf.InvalidProtocolBufferException {
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+      parseFrom(java.nio.ByteBuffer data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
     return PARSER.parseFrom(data);
   }
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(
-      java.nio.ByteBuffer data,
-      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-      throws com.google.protobuf.InvalidProtocolBufferException {
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+      parseFrom(
+          java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
     return PARSER.parseFrom(data, extensionRegistry);
   }
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(
-      com.google.protobuf.ByteString data)
-      throws com.google.protobuf.InvalidProtocolBufferException {
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+      parseFrom(com.google.protobuf.ByteString data)
+          throws com.google.protobuf.InvalidProtocolBufferException {
     return PARSER.parseFrom(data);
   }
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(
-      com.google.protobuf.ByteString data,
-      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-      throws com.google.protobuf.InvalidProtocolBufferException {
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+      parseFrom(
+          com.google.protobuf.ByteString data,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
     return PARSER.parseFrom(data, extensionRegistry);
   }
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(byte[] data)
-      throws com.google.protobuf.InvalidProtocolBufferException {
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+      parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
     return PARSER.parseFrom(data);
   }
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(
-      byte[] data,
-      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-      throws com.google.protobuf.InvalidProtocolBufferException {
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+      parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws com.google.protobuf.InvalidProtocolBufferException {
     return PARSER.parseFrom(data, extensionRegistry);
   }
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(java.io.InputStream input)
-      throws java.io.IOException {
-    return com.google.protobuf.GeneratedMessage
-        .parseWithIOException(PARSER, input);
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+      parseFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage.parseWithIOException(PARSER, input);
   }
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(
-      java.io.InputStream input,
-      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-      throws java.io.IOException {
-    return com.google.protobuf.GeneratedMessage
-        .parseWithIOException(PARSER, input, extensionRegistry);
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+      parseFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage.parseWithIOException(
+        PARSER, input, extensionRegistry);
   }
 
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseDelimitedFrom(java.io.InputStream input)
-      throws java.io.IOException {
-    return com.google.protobuf.GeneratedMessage
-        .parseDelimitedWithIOException(PARSER, input);
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+      parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage.parseDelimitedWithIOException(PARSER, input);
   }
 
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseDelimitedFrom(
-      java.io.InputStream input,
-      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-      throws java.io.IOException {
-    return com.google.protobuf.GeneratedMessage
-        .parseDelimitedWithIOException(PARSER, input, extensionRegistry);
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+      parseDelimitedFrom(
+          java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage.parseDelimitedWithIOException(
+        PARSER, input, extensionRegistry);
   }
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(
-      com.google.protobuf.CodedInputStream input)
-      throws java.io.IOException {
-    return com.google.protobuf.GeneratedMessage
-        .parseWithIOException(PARSER, input);
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+      parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage.parseWithIOException(PARSER, input);
   }
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule parseFrom(
-      com.google.protobuf.CodedInputStream input,
-      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-      throws java.io.IOException {
-    return com.google.protobuf.GeneratedMessage
-        .parseWithIOException(PARSER, input, extensionRegistry);
+
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+      parseFrom(
+          com.google.protobuf.CodedInputStream input,
+          com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+          throws java.io.IOException {
+    return com.google.protobuf.GeneratedMessage.parseWithIOException(
+        PARSER, input, extensionRegistry);
   }
 
   @java.lang.Override
-  public Builder newBuilderForType() { return newBuilder(); }
+  public Builder newBuilderForType() {
+    return newBuilder();
+  }
+
   public static Builder newBuilder() {
     return DEFAULT_INSTANCE.toBuilder();
   }
-  public static Builder newBuilder(com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule prototype) {
+
+  public static Builder newBuilder(
+      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule prototype) {
     return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
   }
+
   @java.lang.Override
   public Builder toBuilder() {
-    return this == DEFAULT_INSTANCE
-        ? new Builder() : new Builder().mergeFrom(this);
+    return this == DEFAULT_INSTANCE ? new Builder() : new Builder().mergeFrom(this);
   }
 
   @java.lang.Override
-  protected Builder newBuilderForType(
-      com.google.protobuf.GeneratedMessage.BuilderParent parent) {
+  protected Builder newBuilderForType(com.google.protobuf.GeneratedMessage.BuilderParent parent) {
     Builder builder = new Builder(parent);
     return builder;
   }
+
   /**
+   *
+   *
    * <pre>
    * An access boundary rule that defines an upper bound of IAM
    * permissions on a single resource. This proto has a compiled version of the
@@ -442,46 +501,49 @@ protected Builder newBuilderForType(
    *
    * Protobuf type {@code cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule}
    */
-  public static final class Builder extends
-      com.google.protobuf.GeneratedMessage.Builder<Builder> implements
+  public static final class Builder extends com.google.protobuf.GeneratedMessage.Builder<Builder>
+      implements
       // @@protoc_insertion_point(builder_implements:cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule)
       com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRuleOrBuilder {
-    public static final com.google.protobuf.Descriptors.Descriptor
-        getDescriptor() {
-      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_descriptor;
+    public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
+      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
+          .internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_descriptor;
     }
 
     @java.lang.Override
     protected com.google.protobuf.GeneratedMessage.FieldAccessorTable
         internalGetFieldAccessorTable() {
-      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_fieldAccessorTable
+      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
+          .internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_fieldAccessorTable
           .ensureFieldAccessorsInitialized(
-              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.class, com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder.class);
+              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.class,
+              com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.Builder
+                  .class);
     }
 
-    // Construct using com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.newBuilder()
+    // Construct using
+    // com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.newBuilder()
     private Builder() {
       maybeForceBuilderInitialization();
     }
 
-    private Builder(
-        com.google.protobuf.GeneratedMessage.BuilderParent parent) {
+    private Builder(com.google.protobuf.GeneratedMessage.BuilderParent parent) {
       super(parent);
       maybeForceBuilderInitialization();
     }
+
     private void maybeForceBuilderInitialization() {
-      if (com.google.protobuf.GeneratedMessage
-              .alwaysUseFieldBuilders) {
+      if (com.google.protobuf.GeneratedMessage.alwaysUseFieldBuilders) {
         internalGetCompiledAvailabilityConditionFieldBuilder();
       }
     }
+
     @java.lang.Override
     public Builder clear() {
       super.clear();
       bitField0_ = 0;
       availableResource_ = "";
-      availablePermissions_ =
-          com.google.protobuf.LazyStringArrayList.emptyList();
+      availablePermissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
       compiledAvailabilityCondition_ = null;
       if (compiledAvailabilityConditionBuilder_ != null) {
         compiledAvailabilityConditionBuilder_.dispose();
@@ -491,19 +553,22 @@ public Builder clear() {
     }
 
     @java.lang.Override
-    public com.google.protobuf.Descriptors.Descriptor
-        getDescriptorForType() {
-      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto.internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_descriptor;
+    public com.google.protobuf.Descriptors.Descriptor getDescriptorForType() {
+      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryProto
+          .internal_static_cloud_identity_unifiedauth_proto_ClientSideAccessBoundaryRule_descriptor;
     }
 
     @java.lang.Override
-    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule getDefaultInstanceForType() {
-      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.getDefaultInstance();
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+        getDefaultInstanceForType() {
+      return com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+          .getDefaultInstance();
     }
 
     @java.lang.Override
     public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule build() {
-      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule result = buildPartial();
+      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule result =
+          buildPartial();
       if (!result.isInitialized()) {
         throw newUninitializedMessageException(result);
       }
@@ -511,14 +576,19 @@ public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundar
     }
 
     @java.lang.Override
-    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule buildPartial() {
-      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule result = new com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule(this);
-      if (bitField0_ != 0) { buildPartial0(result); }
+    public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+        buildPartial() {
+      com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule result =
+          new com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule(this);
+      if (bitField0_ != 0) {
+        buildPartial0(result);
+      }
       onBuilt();
       return result;
     }
 
-    private void buildPartial0(com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule result) {
+    private void buildPartial0(
+        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule result) {
       int from_bitField0_ = bitField0_;
       if (((from_bitField0_ & 0x00000001) != 0)) {
         result.availableResource_ = availableResource_;
@@ -529,9 +599,10 @@ private void buildPartial0(com.google.auth.credentialaccessboundary.protobuf.Cli
       }
       int to_bitField0_ = 0;
       if (((from_bitField0_ & 0x00000004) != 0)) {
-        result.compiledAvailabilityCondition_ = compiledAvailabilityConditionBuilder_ == null
-            ? compiledAvailabilityCondition_
-            : compiledAvailabilityConditionBuilder_.build();
+        result.compiledAvailabilityCondition_ =
+            compiledAvailabilityConditionBuilder_ == null
+                ? compiledAvailabilityCondition_
+                : compiledAvailabilityConditionBuilder_.build();
         to_bitField0_ |= 0x00000001;
       }
       result.bitField0_ |= to_bitField0_;
@@ -539,16 +610,22 @@ private void buildPartial0(com.google.auth.credentialaccessboundary.protobuf.Cli
 
     @java.lang.Override
     public Builder mergeFrom(com.google.protobuf.Message other) {
-      if (other instanceof com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule) {
-        return mergeFrom((com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule)other);
+      if (other
+          instanceof
+          com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule) {
+        return mergeFrom(
+            (com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule) other);
       } else {
         super.mergeFrom(other);
         return this;
       }
     }
 
-    public Builder mergeFrom(com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule other) {
-      if (other == com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule.getDefaultInstance()) return this;
+    public Builder mergeFrom(
+        com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule other) {
+      if (other
+          == com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+              .getDefaultInstance()) return this;
       if (!other.getAvailableResource().isEmpty()) {
         availableResource_ = other.availableResource_;
         bitField0_ |= 0x00000001;
@@ -593,30 +670,34 @@ public Builder mergeFrom(
             case 0:
               done = true;
               break;
-            case 10: {
-              availableResource_ = input.readStringRequireUtf8();
-              bitField0_ |= 0x00000001;
-              break;
-            } // case 10
-            case 18: {
-              java.lang.String s = input.readStringRequireUtf8();
-              ensureAvailablePermissionsIsMutable();
-              availablePermissions_.add(s);
-              break;
-            } // case 18
-            case 34: {
-              input.readMessage(
-                  internalGetCompiledAvailabilityConditionFieldBuilder().getBuilder(),
-                  extensionRegistry);
-              bitField0_ |= 0x00000004;
-              break;
-            } // case 34
-            default: {
-              if (!super.parseUnknownField(input, extensionRegistry, tag)) {
-                done = true; // was an endgroup tag
-              }
-              break;
-            } // default:
+            case 10:
+              {
+                availableResource_ = input.readStringRequireUtf8();
+                bitField0_ |= 0x00000001;
+                break;
+              } // case 10
+            case 18:
+              {
+                java.lang.String s = input.readStringRequireUtf8();
+                ensureAvailablePermissionsIsMutable();
+                availablePermissions_.add(s);
+                break;
+              } // case 18
+            case 34:
+              {
+                input.readMessage(
+                    internalGetCompiledAvailabilityConditionFieldBuilder().getBuilder(),
+                    extensionRegistry);
+                bitField0_ |= 0x00000004;
+                break;
+              } // case 34
+            default:
+              {
+                if (!super.parseUnknownField(input, extensionRegistry, tag)) {
+                  done = true; // was an endgroup tag
+                }
+                break;
+              } // default:
           } // switch (tag)
         } // while (!done)
       } catch (com.google.protobuf.InvalidProtocolBufferException e) {
@@ -626,10 +707,14 @@ public Builder mergeFrom(
       } // finally
       return this;
     }
+
     private int bitField0_;
 
     private java.lang.Object availableResource_ = "";
+
     /**
+     *
+     *
      * <pre>
      * The full resource name of a Google Cloud resource entity.
      * The format definition is at
@@ -639,13 +724,13 @@ public Builder mergeFrom(
      * </pre>
      *
      * <code>string available_resource = 1 [features = { ... }</code>
+     *
      * @return The availableResource.
      */
     public java.lang.String getAvailableResource() {
       java.lang.Object ref = availableResource_;
       if (!(ref instanceof java.lang.String)) {
-        com.google.protobuf.ByteString bs =
-            (com.google.protobuf.ByteString) ref;
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
         java.lang.String s = bs.toStringUtf8();
         availableResource_ = s;
         return s;
@@ -653,7 +738,10 @@ public java.lang.String getAvailableResource() {
         return (java.lang.String) ref;
       }
     }
+
     /**
+     *
+     *
      * <pre>
      * The full resource name of a Google Cloud resource entity.
      * The format definition is at
@@ -663,22 +751,24 @@ public java.lang.String getAvailableResource() {
      * </pre>
      *
      * <code>string available_resource = 1 [features = { ... }</code>
+     *
      * @return The bytes for availableResource.
      */
-    public com.google.protobuf.ByteString
-        getAvailableResourceBytes() {
+    public com.google.protobuf.ByteString getAvailableResourceBytes() {
       java.lang.Object ref = availableResource_;
       if (ref instanceof String) {
-        com.google.protobuf.ByteString b = 
-            com.google.protobuf.ByteString.copyFromUtf8(
-                (java.lang.String) ref);
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
         availableResource_ = b;
         return b;
       } else {
         return (com.google.protobuf.ByteString) ref;
       }
     }
+
     /**
+     *
+     *
      * <pre>
      * The full resource name of a Google Cloud resource entity.
      * The format definition is at
@@ -688,18 +778,23 @@ public java.lang.String getAvailableResource() {
      * </pre>
      *
      * <code>string available_resource = 1 [features = { ... }</code>
+     *
      * @param value The availableResource to set.
      * @return This builder for chaining.
      */
-    public Builder setAvailableResource(
-        java.lang.String value) {
-      if (value == null) { throw new NullPointerException(); }
+    public Builder setAvailableResource(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
       availableResource_ = value;
       bitField0_ |= 0x00000001;
       onChanged();
       return this;
     }
+
     /**
+     *
+     *
      * <pre>
      * The full resource name of a Google Cloud resource entity.
      * The format definition is at
@@ -709,6 +804,7 @@ public Builder setAvailableResource(
      * </pre>
      *
      * <code>string available_resource = 1 [features = { ... }</code>
+     *
      * @return This builder for chaining.
      */
     public Builder clearAvailableResource() {
@@ -717,7 +813,10 @@ public Builder clearAvailableResource() {
       onChanged();
       return this;
     }
+
     /**
+     *
+     *
      * <pre>
      * The full resource name of a Google Cloud resource entity.
      * The format definition is at
@@ -727,12 +826,14 @@ public Builder clearAvailableResource() {
      * </pre>
      *
      * <code>string available_resource = 1 [features = { ... }</code>
+     *
      * @param value The bytes for availableResource to set.
      * @return This builder for chaining.
      */
-    public Builder setAvailableResourceBytes(
-        com.google.protobuf.ByteString value) {
-      if (value == null) { throw new NullPointerException(); }
+    public Builder setAvailableResourceBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
       checkByteStringIsUtf8(value);
       availableResource_ = value;
       bitField0_ |= 0x00000001;
@@ -742,13 +843,17 @@ public Builder setAvailableResourceBytes(
 
     private com.google.protobuf.LazyStringArrayList availablePermissions_ =
         com.google.protobuf.LazyStringArrayList.emptyList();
+
     private void ensureAvailablePermissionsIsMutable() {
       if (!availablePermissions_.isModifiable()) {
         availablePermissions_ = new com.google.protobuf.LazyStringArrayList(availablePermissions_);
       }
       bitField0_ |= 0x00000002;
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of permissions that may be allowed for use on the specified
      * resource.
@@ -762,14 +867,17 @@ private void ensureAvailablePermissionsIsMutable() {
      * </pre>
      *
      * <code>repeated string available_permissions = 2;</code>
+     *
      * @return A list containing the availablePermissions.
      */
-    public com.google.protobuf.ProtocolStringList
-        getAvailablePermissionsList() {
+    public com.google.protobuf.ProtocolStringList getAvailablePermissionsList() {
       availablePermissions_.makeImmutable();
       return availablePermissions_;
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of permissions that may be allowed for use on the specified
      * resource.
@@ -783,12 +891,16 @@ private void ensureAvailablePermissionsIsMutable() {
      * </pre>
      *
      * <code>repeated string available_permissions = 2;</code>
+     *
      * @return The count of availablePermissions.
      */
     public int getAvailablePermissionsCount() {
       return availablePermissions_.size();
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of permissions that may be allowed for use on the specified
      * resource.
@@ -802,13 +914,17 @@ public int getAvailablePermissionsCount() {
      * </pre>
      *
      * <code>repeated string available_permissions = 2;</code>
+     *
      * @param index The index of the element to return.
      * @return The availablePermissions at the given index.
      */
     public java.lang.String getAvailablePermissions(int index) {
       return availablePermissions_.get(index);
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of permissions that may be allowed for use on the specified
      * resource.
@@ -822,14 +938,17 @@ public java.lang.String getAvailablePermissions(int index) {
      * </pre>
      *
      * <code>repeated string available_permissions = 2;</code>
+     *
      * @param index The index of the value to return.
      * @return The bytes of the availablePermissions at the given index.
      */
-    public com.google.protobuf.ByteString
-        getAvailablePermissionsBytes(int index) {
+    public com.google.protobuf.ByteString getAvailablePermissionsBytes(int index) {
       return availablePermissions_.getByteString(index);
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of permissions that may be allowed for use on the specified
      * resource.
@@ -843,20 +962,25 @@ public java.lang.String getAvailablePermissions(int index) {
      * </pre>
      *
      * <code>repeated string available_permissions = 2;</code>
+     *
      * @param index The index to set the value at.
      * @param value The availablePermissions to set.
      * @return This builder for chaining.
      */
-    public Builder setAvailablePermissions(
-        int index, java.lang.String value) {
-      if (value == null) { throw new NullPointerException(); }
+    public Builder setAvailablePermissions(int index, java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
       ensureAvailablePermissionsIsMutable();
       availablePermissions_.set(index, value);
       bitField0_ |= 0x00000002;
       onChanged();
       return this;
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of permissions that may be allowed for use on the specified
      * resource.
@@ -870,19 +994,24 @@ public Builder setAvailablePermissions(
      * </pre>
      *
      * <code>repeated string available_permissions = 2;</code>
+     *
      * @param value The availablePermissions to add.
      * @return This builder for chaining.
      */
-    public Builder addAvailablePermissions(
-        java.lang.String value) {
-      if (value == null) { throw new NullPointerException(); }
+    public Builder addAvailablePermissions(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
       ensureAvailablePermissionsIsMutable();
       availablePermissions_.add(value);
       bitField0_ |= 0x00000002;
       onChanged();
       return this;
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of permissions that may be allowed for use on the specified
      * resource.
@@ -896,19 +1025,21 @@ public Builder addAvailablePermissions(
      * </pre>
      *
      * <code>repeated string available_permissions = 2;</code>
+     *
      * @param values The availablePermissions to add.
      * @return This builder for chaining.
      */
-    public Builder addAllAvailablePermissions(
-        java.lang.Iterable<java.lang.String> values) {
+    public Builder addAllAvailablePermissions(java.lang.Iterable<java.lang.String> values) {
       ensureAvailablePermissionsIsMutable();
-      com.google.protobuf.AbstractMessageLite.Builder.addAll(
-          values, availablePermissions_);
+      com.google.protobuf.AbstractMessageLite.Builder.addAll(values, availablePermissions_);
       bitField0_ |= 0x00000002;
       onChanged();
       return this;
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of permissions that may be allowed for use on the specified
      * resource.
@@ -922,16 +1053,20 @@ public Builder addAllAvailablePermissions(
      * </pre>
      *
      * <code>repeated string available_permissions = 2;</code>
+     *
      * @return This builder for chaining.
      */
     public Builder clearAvailablePermissions() {
-      availablePermissions_ =
-        com.google.protobuf.LazyStringArrayList.emptyList();
-      bitField0_ = (bitField0_ & ~0x00000002);;
+      availablePermissions_ = com.google.protobuf.LazyStringArrayList.emptyList();
+      bitField0_ = (bitField0_ & ~0x00000002);
+      ;
       onChanged();
       return this;
     }
+
     /**
+     *
+     *
      * <pre>
      * A list of permissions that may be allowed for use on the specified
      * resource.
@@ -945,12 +1080,14 @@ public Builder clearAvailablePermissions() {
      * </pre>
      *
      * <code>repeated string available_permissions = 2;</code>
+     *
      * @param value The bytes of the availablePermissions to add.
      * @return This builder for chaining.
      */
-    public Builder addAvailablePermissionsBytes(
-        com.google.protobuf.ByteString value) {
-      if (value == null) { throw new NullPointerException(); }
+    public Builder addAvailablePermissionsBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
       checkByteStringIsUtf8(value);
       ensureAvailablePermissionsIsMutable();
       availablePermissions_.add(value);
@@ -961,8 +1098,12 @@ public Builder addAvailablePermissionsBytes(
 
     private dev.cel.expr.Expr compiledAvailabilityCondition_;
     private com.google.protobuf.SingleFieldBuilder<
-        dev.cel.expr.Expr, dev.cel.expr.Expr.Builder, dev.cel.expr.ExprOrBuilder> compiledAvailabilityConditionBuilder_;
+            dev.cel.expr.Expr, dev.cel.expr.Expr.Builder, dev.cel.expr.ExprOrBuilder>
+        compiledAvailabilityConditionBuilder_;
+
     /**
+     *
+     *
      * <pre>
      * The compiled version of the
      * availability_condition in the STS API AccessBoundaryRule
@@ -971,12 +1112,16 @@ public Builder addAvailablePermissionsBytes(
      * </pre>
      *
      * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+     *
      * @return Whether the compiledAvailabilityCondition field is set.
      */
     public boolean hasCompiledAvailabilityCondition() {
       return ((bitField0_ & 0x00000004) != 0);
     }
+
     /**
+     *
+     *
      * <pre>
      * The compiled version of the
      * availability_condition in the STS API AccessBoundaryRule
@@ -985,16 +1130,22 @@ public boolean hasCompiledAvailabilityCondition() {
      * </pre>
      *
      * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+     *
      * @return The compiledAvailabilityCondition.
      */
     public dev.cel.expr.Expr getCompiledAvailabilityCondition() {
       if (compiledAvailabilityConditionBuilder_ == null) {
-        return compiledAvailabilityCondition_ == null ? dev.cel.expr.Expr.getDefaultInstance() : compiledAvailabilityCondition_;
+        return compiledAvailabilityCondition_ == null
+            ? dev.cel.expr.Expr.getDefaultInstance()
+            : compiledAvailabilityCondition_;
       } else {
         return compiledAvailabilityConditionBuilder_.getMessage();
       }
     }
+
     /**
+     *
+     *
      * <pre>
      * The compiled version of the
      * availability_condition in the STS API AccessBoundaryRule
@@ -1017,7 +1168,10 @@ public Builder setCompiledAvailabilityCondition(dev.cel.expr.Expr value) {
       onChanged();
       return this;
     }
+
     /**
+     *
+     *
      * <pre>
      * The compiled version of the
      * availability_condition in the STS API AccessBoundaryRule
@@ -1027,8 +1181,7 @@ public Builder setCompiledAvailabilityCondition(dev.cel.expr.Expr value) {
      *
      * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
      */
-    public Builder setCompiledAvailabilityCondition(
-        dev.cel.expr.Expr.Builder builderForValue) {
+    public Builder setCompiledAvailabilityCondition(dev.cel.expr.Expr.Builder builderForValue) {
       if (compiledAvailabilityConditionBuilder_ == null) {
         compiledAvailabilityCondition_ = builderForValue.build();
       } else {
@@ -1038,7 +1191,10 @@ public Builder setCompiledAvailabilityCondition(
       onChanged();
       return this;
     }
+
     /**
+     *
+     *
      * <pre>
      * The compiled version of the
      * availability_condition in the STS API AccessBoundaryRule
@@ -1050,9 +1206,9 @@ public Builder setCompiledAvailabilityCondition(
      */
     public Builder mergeCompiledAvailabilityCondition(dev.cel.expr.Expr value) {
       if (compiledAvailabilityConditionBuilder_ == null) {
-        if (((bitField0_ & 0x00000004) != 0) &&
-          compiledAvailabilityCondition_ != null &&
-          compiledAvailabilityCondition_ != dev.cel.expr.Expr.getDefaultInstance()) {
+        if (((bitField0_ & 0x00000004) != 0)
+            && compiledAvailabilityCondition_ != null
+            && compiledAvailabilityCondition_ != dev.cel.expr.Expr.getDefaultInstance()) {
           getCompiledAvailabilityConditionBuilder().mergeFrom(value);
         } else {
           compiledAvailabilityCondition_ = value;
@@ -1066,7 +1222,10 @@ public Builder mergeCompiledAvailabilityCondition(dev.cel.expr.Expr value) {
       }
       return this;
     }
+
     /**
+     *
+     *
      * <pre>
      * The compiled version of the
      * availability_condition in the STS API AccessBoundaryRule
@@ -1086,7 +1245,10 @@ public Builder clearCompiledAvailabilityCondition() {
       onChanged();
       return this;
     }
+
     /**
+     *
+     *
      * <pre>
      * The compiled version of the
      * availability_condition in the STS API AccessBoundaryRule
@@ -1101,7 +1263,10 @@ public dev.cel.expr.Expr.Builder getCompiledAvailabilityConditionBuilder() {
       onChanged();
       return internalGetCompiledAvailabilityConditionFieldBuilder().getBuilder();
     }
+
     /**
+     *
+     *
      * <pre>
      * The compiled version of the
      * availability_condition in the STS API AccessBoundaryRule
@@ -1115,11 +1280,15 @@ public dev.cel.expr.ExprOrBuilder getCompiledAvailabilityConditionOrBuilder() {
       if (compiledAvailabilityConditionBuilder_ != null) {
         return compiledAvailabilityConditionBuilder_.getMessageOrBuilder();
       } else {
-        return compiledAvailabilityCondition_ == null ?
-            dev.cel.expr.Expr.getDefaultInstance() : compiledAvailabilityCondition_;
+        return compiledAvailabilityCondition_ == null
+            ? dev.cel.expr.Expr.getDefaultInstance()
+            : compiledAvailabilityCondition_;
       }
     }
+
     /**
+     *
+     *
      * <pre>
      * The compiled version of the
      * availability_condition in the STS API AccessBoundaryRule
@@ -1130,14 +1299,13 @@ public dev.cel.expr.ExprOrBuilder getCompiledAvailabilityConditionOrBuilder() {
      * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
      */
     private com.google.protobuf.SingleFieldBuilder<
-        dev.cel.expr.Expr, dev.cel.expr.Expr.Builder, dev.cel.expr.ExprOrBuilder> 
+            dev.cel.expr.Expr, dev.cel.expr.Expr.Builder, dev.cel.expr.ExprOrBuilder>
         internalGetCompiledAvailabilityConditionFieldBuilder() {
       if (compiledAvailabilityConditionBuilder_ == null) {
-        compiledAvailabilityConditionBuilder_ = new com.google.protobuf.SingleFieldBuilder<
-            dev.cel.expr.Expr, dev.cel.expr.Expr.Builder, dev.cel.expr.ExprOrBuilder>(
-                getCompiledAvailabilityCondition(),
-                getParentForChildren(),
-                isClean());
+        compiledAvailabilityConditionBuilder_ =
+            new com.google.protobuf.SingleFieldBuilder<
+                dev.cel.expr.Expr, dev.cel.expr.Expr.Builder, dev.cel.expr.ExprOrBuilder>(
+                getCompiledAvailabilityCondition(), getParentForChildren(), isClean());
         compiledAvailabilityCondition_ = null;
       }
       return compiledAvailabilityConditionBuilder_;
@@ -1147,36 +1315,41 @@ public dev.cel.expr.ExprOrBuilder getCompiledAvailabilityConditionOrBuilder() {
   }
 
   // @@protoc_insertion_point(class_scope:cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule)
-  private static final com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule DEFAULT_INSTANCE;
+  private static final com.google.auth.credentialaccessboundary.protobuf
+          .ClientSideAccessBoundaryRule
+      DEFAULT_INSTANCE;
+
   static {
-    DEFAULT_INSTANCE = new com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule();
+    DEFAULT_INSTANCE =
+        new com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule();
   }
 
-  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule getDefaultInstance() {
+  public static com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+      getDefaultInstance() {
     return DEFAULT_INSTANCE;
   }
 
-  private static final com.google.protobuf.Parser<ClientSideAccessBoundaryRule>
-      PARSER = new com.google.protobuf.AbstractParser<ClientSideAccessBoundaryRule>() {
-    @java.lang.Override
-    public ClientSideAccessBoundaryRule parsePartialFrom(
-        com.google.protobuf.CodedInputStream input,
-        com.google.protobuf.ExtensionRegistryLite extensionRegistry)
-        throws com.google.protobuf.InvalidProtocolBufferException {
-      Builder builder = newBuilder();
-      try {
-        builder.mergeFrom(input, extensionRegistry);
-      } catch (com.google.protobuf.InvalidProtocolBufferException e) {
-        throw e.setUnfinishedMessage(builder.buildPartial());
-      } catch (com.google.protobuf.UninitializedMessageException e) {
-        throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial());
-      } catch (java.io.IOException e) {
-        throw new com.google.protobuf.InvalidProtocolBufferException(e)
-            .setUnfinishedMessage(builder.buildPartial());
-      }
-      return builder.buildPartial();
-    }
-  };
+  private static final com.google.protobuf.Parser<ClientSideAccessBoundaryRule> PARSER =
+      new com.google.protobuf.AbstractParser<ClientSideAccessBoundaryRule>() {
+        @java.lang.Override
+        public ClientSideAccessBoundaryRule parsePartialFrom(
+            com.google.protobuf.CodedInputStream input,
+            com.google.protobuf.ExtensionRegistryLite extensionRegistry)
+            throws com.google.protobuf.InvalidProtocolBufferException {
+          Builder builder = newBuilder();
+          try {
+            builder.mergeFrom(input, extensionRegistry);
+          } catch (com.google.protobuf.InvalidProtocolBufferException e) {
+            throw e.setUnfinishedMessage(builder.buildPartial());
+          } catch (com.google.protobuf.UninitializedMessageException e) {
+            throw e.asInvalidProtocolBufferException().setUnfinishedMessage(builder.buildPartial());
+          } catch (java.io.IOException e) {
+            throw new com.google.protobuf.InvalidProtocolBufferException(e)
+                .setUnfinishedMessage(builder.buildPartial());
+          }
+          return builder.buildPartial();
+        }
+      };
 
   public static com.google.protobuf.Parser<ClientSideAccessBoundaryRule> parser() {
     return PARSER;
@@ -1188,9 +1361,8 @@ public com.google.protobuf.Parser<ClientSideAccessBoundaryRule> getParserForType
   }
 
   @java.lang.Override
-  public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule getDefaultInstanceForType() {
+  public com.google.auth.credentialaccessboundary.protobuf.ClientSideAccessBoundaryRule
+      getDefaultInstanceForType() {
     return DEFAULT_INSTANCE;
   }
-
 }
-
diff --git a/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryRuleOrBuilder.java b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryRuleOrBuilder.java
index 82ad99cbd..36d9c8b74 100644
--- a/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryRuleOrBuilder.java
+++ b/cab-token-generator/java/com/google/auth/credentialaccessboundary/protobuf/ClientSideAccessBoundaryRuleOrBuilder.java
@@ -6,11 +6,14 @@
 package com.google.auth.credentialaccessboundary.protobuf;
 
 @com.google.protobuf.Generated
-public interface ClientSideAccessBoundaryRuleOrBuilder extends
+public interface ClientSideAccessBoundaryRuleOrBuilder
+    extends
     // @@protoc_insertion_point(interface_extends:cloud.identity.unifiedauth.proto.ClientSideAccessBoundaryRule)
     com.google.protobuf.MessageOrBuilder {
 
   /**
+   *
+   *
    * <pre>
    * The full resource name of a Google Cloud resource entity.
    * The format definition is at
@@ -20,10 +23,14 @@ public interface ClientSideAccessBoundaryRuleOrBuilder extends
    * </pre>
    *
    * <code>string available_resource = 1 [features = { ... }</code>
+   *
    * @return The availableResource.
    */
   java.lang.String getAvailableResource();
+
   /**
+   *
+   *
    * <pre>
    * The full resource name of a Google Cloud resource entity.
    * The format definition is at
@@ -33,12 +40,14 @@ public interface ClientSideAccessBoundaryRuleOrBuilder extends
    * </pre>
    *
    * <code>string available_resource = 1 [features = { ... }</code>
+   *
    * @return The bytes for availableResource.
    */
-  com.google.protobuf.ByteString
-      getAvailableResourceBytes();
+  com.google.protobuf.ByteString getAvailableResourceBytes();
 
   /**
+   *
+   *
    * <pre>
    * A list of permissions that may be allowed for use on the specified
    * resource.
@@ -52,11 +61,14 @@ public interface ClientSideAccessBoundaryRuleOrBuilder extends
    * </pre>
    *
    * <code>repeated string available_permissions = 2;</code>
+   *
    * @return A list containing the availablePermissions.
    */
-  java.util.List<java.lang.String>
-      getAvailablePermissionsList();
+  java.util.List<java.lang.String> getAvailablePermissionsList();
+
   /**
+   *
+   *
    * <pre>
    * A list of permissions that may be allowed for use on the specified
    * resource.
@@ -70,10 +82,14 @@ public interface ClientSideAccessBoundaryRuleOrBuilder extends
    * </pre>
    *
    * <code>repeated string available_permissions = 2;</code>
+   *
    * @return The count of availablePermissions.
    */
   int getAvailablePermissionsCount();
+
   /**
+   *
+   *
    * <pre>
    * A list of permissions that may be allowed for use on the specified
    * resource.
@@ -87,11 +103,15 @@ public interface ClientSideAccessBoundaryRuleOrBuilder extends
    * </pre>
    *
    * <code>repeated string available_permissions = 2;</code>
+   *
    * @param index The index of the element to return.
    * @return The availablePermissions at the given index.
    */
   java.lang.String getAvailablePermissions(int index);
+
   /**
+   *
+   *
    * <pre>
    * A list of permissions that may be allowed for use on the specified
    * resource.
@@ -105,13 +125,15 @@ public interface ClientSideAccessBoundaryRuleOrBuilder extends
    * </pre>
    *
    * <code>repeated string available_permissions = 2;</code>
+   *
    * @param index The index of the value to return.
    * @return The bytes of the availablePermissions at the given index.
    */
-  com.google.protobuf.ByteString
-      getAvailablePermissionsBytes(int index);
+  com.google.protobuf.ByteString getAvailablePermissionsBytes(int index);
 
   /**
+   *
+   *
    * <pre>
    * The compiled version of the
    * availability_condition in the STS API AccessBoundaryRule
@@ -120,10 +142,14 @@ public interface ClientSideAccessBoundaryRuleOrBuilder extends
    * </pre>
    *
    * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+   *
    * @return Whether the compiledAvailabilityCondition field is set.
    */
   boolean hasCompiledAvailabilityCondition();
+
   /**
+   *
+   *
    * <pre>
    * The compiled version of the
    * availability_condition in the STS API AccessBoundaryRule
@@ -132,10 +158,14 @@ public interface ClientSideAccessBoundaryRuleOrBuilder extends
    * </pre>
    *
    * <code>.google.api.expr.Expr compiled_availability_condition = 4;</code>
+   *
    * @return The compiledAvailabilityCondition.
    */
   dev.cel.expr.Expr getCompiledAvailabilityCondition();
+
   /**
+   *
+   *
    * <pre>
    * The compiled version of the
    * availability_condition in the STS API AccessBoundaryRule

From 21a63841442e874f703ffdbd27d1fe25e75d9803 Mon Sep 17 00:00:00 2001
From: diegomarquezp <diegomarquezp@google.com>
Date: Tue, 9 Dec 2025 21:03:41 +0000
Subject: [PATCH 4/5] deps: update http-client to 2.1.0-rc1

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index c0f9382b0..841e07a6f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -74,7 +74,7 @@
 
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <project.google.http.version>2.0.2</project.google.http.version>
+    <project.google.http.version>2.1.0-rc1</project.google.http.version>
     <project.junit.version>4.13.2</project.junit.version>
     <project.guava.version>33.5.0-android</project.guava.version>
     <project.appengine.version>2.0.33</project.appengine.version>

From 72e9af34e66fc08996c9877988beb11e6a74182f Mon Sep 17 00:00:00 2001
From: diegomarquezp <diegomarquezp@google.com>
Date: Tue, 9 Dec 2025 21:04:19 +0000
Subject: [PATCH 5/5] chore: skip clirr

---
 pom.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pom.xml b/pom.xml
index 841e07a6f..4dac9b316 100644
--- a/pom.xml
+++ b/pom.xml
@@ -87,6 +87,7 @@
     <project.slf4j.version>2.0.17</project.slf4j.version>
     <project.gson.version>2.12.1</project.gson.version>
     <project.api-common.version>2.53.0</project.api-common.version>
+    <clirr.skip>true</clirr.skip>
   </properties>
 
   <dependencyManagement>