chore: move the go code into a subfolder

2025-08-12 09:37:45 +00:00 · 2025-08-05 15:20:32 -07:00
parent 4ad22ba456
commit cd2921de26
2978 changed files with 373 additions and 300 deletions
--- a/apps/api/internal/repository/policy/custom_text.go
+++ b/apps/api/internal/repository/policy/custom_text.go
@@ -0,0 +1,135 @@
+package policy
+
+import (
+	"golang.org/x/text/language"
+
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+const (
+	customTextPrefix                   = "customtext."
+	CustomTextSetEventType             = customTextPrefix + "set"
+	CustomTextRemovedEventType         = customTextPrefix + "removed"
+	CustomTextTemplateRemovedEventType = customTextPrefix + "template.removed"
+)
+
+type CustomTextSetEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Template string       `json:"template,omitempty"`
+	Key      string       `json:"key,omitempty"`
+	Language language.Tag `json:"language,omitempty"`
+	Text     string       `json:"text,omitempty"`
+}
+
+func (e *CustomTextSetEvent) Payload() interface{} {
+	return e
+}
+
+func (e *CustomTextSetEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewCustomTextSetEvent(
+	base *eventstore.BaseEvent,
+	template,
+	key,
+	text string,
+	language language.Tag,
+) *CustomTextSetEvent {
+	return &CustomTextSetEvent{
+		BaseEvent: *base,
+		Template:  template,
+		Key:       key,
+		Language:  language,
+		Text:      text,
+	}
+}
+
+func CustomTextSetEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &CustomTextSetEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "TEXT-28dwe", "unable to unmarshal custom text")
+	}
+
+	return e, nil
+}
+
+type CustomTextRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Template string       `json:"template,omitempty"`
+	Key      string       `json:"key,omitempty"`
+	Language language.Tag `json:"language,omitempty"`
+}
+
+func (e *CustomTextRemovedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *CustomTextRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewCustomTextRemovedEvent(base *eventstore.BaseEvent, template, key string, language language.Tag) *CustomTextRemovedEvent {
+	return &CustomTextRemovedEvent{
+		BaseEvent: *base,
+		Template:  template,
+		Key:       key,
+		Language:  language,
+	}
+}
+
+func CustomTextRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &CustomTextRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "TEXT-28sMf", "unable to unmarshal custom text removed")
+	}
+
+	return e, nil
+}
+
+type CustomTextTemplateRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Template string       `json:"template,omitempty"`
+	Language language.Tag `json:"language,omitempty"`
+}
+
+func (e *CustomTextTemplateRemovedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *CustomTextTemplateRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewCustomTextTemplateRemovedEvent(base *eventstore.BaseEvent, template string, language language.Tag) *CustomTextTemplateRemovedEvent {
+	return &CustomTextTemplateRemovedEvent{
+		BaseEvent: *base,
+		Template:  template,
+		Language:  language,
+	}
+}
+
+func CustomTextTemplateRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &CustomTextTemplateRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "TEXT-mKKRs", "unable to unmarshal custom text message removed")
+	}
+
+	return e, nil
+}
--- a/apps/api/internal/repository/policy/label.go
+++ b/apps/api/internal/repository/policy/label.go
@@ -0,0 +1,572 @@
+package policy
+
+import (
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/repository/asset"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+const (
+	LabelPolicyAddedEventType     = "policy.label.added"
+	LabelPolicyChangedEventType   = "policy.label.changed"
+	LabelPolicyActivatedEventType = "policy.label.activated"
+
+	LabelPolicyLogoAddedEventType   = "policy.label.logo.added"
+	LabelPolicyLogoRemovedEventType = "policy.label.logo.removed"
+	LabelPolicyIconAddedEventType   = "policy.label.icon.added"
+	LabelPolicyIconRemovedEventType = "policy.label.icon.removed"
+
+	LabelPolicyLogoDarkAddedEventType   = "policy.label.logo.dark.added"
+	LabelPolicyLogoDarkRemovedEventType = "policy.label.logo.dark.removed"
+	LabelPolicyIconDarkAddedEventType   = "policy.label.icon.dark.added"
+	LabelPolicyIconDarkRemovedEventType = "policy.label.icon.dark.removed"
+
+	LabelPolicyFontAddedEventType   = "policy.label.font.added"
+	LabelPolicyFontRemovedEventType = "policy.label.font.removed"
+
+	LabelPolicyAssetsRemovedEventType = "policy.label.assets.removed"
+
+	LabelPolicyRemovedEventType = "policy.label.removed"
+)
+
+type LabelPolicyAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	PrimaryColor        string                      `json:"primaryColor,omitempty"`
+	BackgroundColor     string                      `json:"backgroundColor,omitempty"`
+	WarnColor           string                      `json:"warnColor,omitempty"`
+	FontColor           string                      `json:"fontColor,omitempty"`
+	PrimaryColorDark    string                      `json:"primaryColorDark,omitempty"`
+	BackgroundColorDark string                      `json:"backgroundColorDark,omitempty"`
+	WarnColorDark       string                      `json:"warnColorDark,omitempty"`
+	FontColorDark       string                      `json:"fontColorDark,omitempty"`
+	HideLoginNameSuffix bool                        `json:"hideLoginNameSuffix,omitempty"`
+	ErrorMsgPopup       bool                        `json:"errorMsgPopup,omitempty"`
+	DisableWatermark    bool                        `json:"disableMsgPopup,omitempty"`
+	ThemeMode           domain.LabelPolicyThemeMode `json:"themeMode,omitempty"`
+}
+
+func (e *LabelPolicyAddedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *LabelPolicyAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLabelPolicyAddedEvent(
+	base *eventstore.BaseEvent,
+	primaryColor,
+	backgroundColor,
+	warnColor,
+	fontColor,
+	primaryColorDark,
+	backgroundColorDark,
+	warnColorDark,
+	fontColorDark string,
+	hideLoginNameSuffix,
+	errorMsgPopup,
+	disableWatermark bool,
+	themeMode domain.LabelPolicyThemeMode,
+) *LabelPolicyAddedEvent {
+
+	return &LabelPolicyAddedEvent{
+		BaseEvent:           *base,
+		PrimaryColor:        primaryColor,
+		BackgroundColor:     backgroundColor,
+		WarnColor:           warnColor,
+		FontColor:           fontColor,
+		PrimaryColorDark:    primaryColorDark,
+		BackgroundColorDark: backgroundColorDark,
+		WarnColorDark:       warnColorDark,
+		FontColorDark:       fontColorDark,
+		HideLoginNameSuffix: hideLoginNameSuffix,
+		ErrorMsgPopup:       errorMsgPopup,
+		DisableWatermark:    disableWatermark,
+		ThemeMode:           themeMode,
+	}
+}
+
+func LabelPolicyAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &LabelPolicyAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-puqv4", "unable to unmarshal label policy")
+	}
+
+	return e, nil
+}
+
+type LabelPolicyChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	PrimaryColor        *string                      `json:"primaryColor,omitempty"`
+	BackgroundColor     *string                      `json:"backgroundColor,omitempty"`
+	WarnColor           *string                      `json:"warnColor,omitempty"`
+	FontColor           *string                      `json:"fontColor,omitempty"`
+	PrimaryColorDark    *string                      `json:"primaryColorDark,omitempty"`
+	BackgroundColorDark *string                      `json:"backgroundColorDark,omitempty"`
+	WarnColorDark       *string                      `json:"warnColorDark,omitempty"`
+	FontColorDark       *string                      `json:"fontColorDark,omitempty"`
+	HideLoginNameSuffix *bool                        `json:"hideLoginNameSuffix,omitempty"`
+	ErrorMsgPopup       *bool                        `json:"errorMsgPopup,omitempty"`
+	DisableWatermark    *bool                        `json:"disableWatermark,omitempty"`
+	ThemeMode           *domain.LabelPolicyThemeMode `json:"themeMode,omitempty"`
+}
+
+func (e *LabelPolicyChangedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *LabelPolicyChangedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLabelPolicyChangedEvent(
+	base *eventstore.BaseEvent,
+	changes []LabelPolicyChanges,
+) (*LabelPolicyChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-Asfd3", "Errors.NoChangesFound")
+	}
+	changeEvent := &LabelPolicyChangedEvent{
+		BaseEvent: *base,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type LabelPolicyChanges func(*LabelPolicyChangedEvent)
+
+func ChangePrimaryColor(primaryColor string) func(*LabelPolicyChangedEvent) {
+	return func(e *LabelPolicyChangedEvent) {
+		e.PrimaryColor = &primaryColor
+	}
+}
+
+func ChangeBackgroundColor(background string) func(*LabelPolicyChangedEvent) {
+	return func(e *LabelPolicyChangedEvent) {
+		e.BackgroundColor = &background
+	}
+}
+
+func ChangeWarnColor(warnColor string) func(*LabelPolicyChangedEvent) {
+	return func(e *LabelPolicyChangedEvent) {
+		e.WarnColor = &warnColor
+	}
+}
+
+func ChangeFontColor(fontColor string) func(*LabelPolicyChangedEvent) {
+	return func(e *LabelPolicyChangedEvent) {
+		e.FontColor = &fontColor
+	}
+}
+
+func ChangePrimaryColorDark(primaryColorDark string) func(*LabelPolicyChangedEvent) {
+	return func(e *LabelPolicyChangedEvent) {
+		e.PrimaryColorDark = &primaryColorDark
+	}
+}
+
+func ChangeBackgroundColorDark(backgroundColorDark string) func(*LabelPolicyChangedEvent) {
+	return func(e *LabelPolicyChangedEvent) {
+		e.BackgroundColorDark = &backgroundColorDark
+	}
+}
+
+func ChangeWarnColorDark(warnColorDark string) func(*LabelPolicyChangedEvent) {
+	return func(e *LabelPolicyChangedEvent) {
+		e.WarnColorDark = &warnColorDark
+	}
+}
+
+func ChangeFontColorDark(fontColorDark string) func(*LabelPolicyChangedEvent) {
+	return func(e *LabelPolicyChangedEvent) {
+		e.FontColorDark = &fontColorDark
+	}
+}
+
+func ChangeHideLoginNameSuffix(hideLoginNameSuffix bool) func(*LabelPolicyChangedEvent) {
+	return func(e *LabelPolicyChangedEvent) {
+		e.HideLoginNameSuffix = &hideLoginNameSuffix
+	}
+}
+
+func ChangeErrorMsgPopup(errMsgPopup bool) func(*LabelPolicyChangedEvent) {
+	return func(e *LabelPolicyChangedEvent) {
+		e.ErrorMsgPopup = &errMsgPopup
+	}
+}
+
+func ChangeDisableWatermark(disableWatermark bool) func(*LabelPolicyChangedEvent) {
+	return func(e *LabelPolicyChangedEvent) {
+		e.DisableWatermark = &disableWatermark
+	}
+}
+
+func ChangeThemeMode(themeMode domain.LabelPolicyThemeMode) func(*LabelPolicyChangedEvent) {
+	return func(e *LabelPolicyChangedEvent) {
+		e.ThemeMode = &themeMode
+	}
+}
+
+func LabelPolicyChangedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &LabelPolicyChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-qhfFb", "unable to unmarshal label policy")
+	}
+
+	return e, nil
+}
+
+type LabelPolicyActivatedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *LabelPolicyActivatedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *LabelPolicyActivatedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLabelPolicyActivatedEvent(base *eventstore.BaseEvent) *LabelPolicyActivatedEvent {
+	return &LabelPolicyActivatedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func LabelPolicyActivatedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	return &LabelPolicyActivatedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
+
+type LabelPolicyRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *LabelPolicyRemovedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *LabelPolicyRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLabelPolicyRemovedEvent(base *eventstore.BaseEvent) *LabelPolicyRemovedEvent {
+	return &LabelPolicyRemovedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func LabelPolicyRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	return &LabelPolicyRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
+
+type LabelPolicyLogoAddedEvent struct {
+	asset.AddedEvent
+}
+
+func (e *LabelPolicyLogoAddedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *LabelPolicyLogoAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLabelPolicyLogoAddedEvent(base *eventstore.BaseEvent, storageKey string) *LabelPolicyLogoAddedEvent {
+	return &LabelPolicyLogoAddedEvent{
+		*asset.NewAddedEvent(base, storageKey),
+	}
+}
+
+func LabelPolicyLogoAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e, err := asset.AddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LabelPolicyLogoAddedEvent{*e.(*asset.AddedEvent)}, nil
+}
+
+type LabelPolicyLogoRemovedEvent struct {
+	asset.RemovedEvent
+}
+
+func (e *LabelPolicyLogoRemovedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *LabelPolicyLogoRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLabelPolicyLogoRemovedEvent(base *eventstore.BaseEvent, storageKey string) *LabelPolicyLogoRemovedEvent {
+	return &LabelPolicyLogoRemovedEvent{
+		*asset.NewRemovedEvent(base, storageKey),
+	}
+}
+
+func LabelPolicyLogoRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e, err := asset.RemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LabelPolicyLogoRemovedEvent{*e.(*asset.RemovedEvent)}, nil
+}
+
+type LabelPolicyIconAddedEvent struct {
+	asset.AddedEvent
+}
+
+func (e *LabelPolicyIconAddedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *LabelPolicyIconAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLabelPolicyIconAddedEvent(base *eventstore.BaseEvent, storageKey string) *LabelPolicyIconAddedEvent {
+	return &LabelPolicyIconAddedEvent{
+		*asset.NewAddedEvent(base, storageKey),
+	}
+}
+
+func LabelPolicyIconAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e, err := asset.AddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LabelPolicyIconAddedEvent{*e.(*asset.AddedEvent)}, nil
+}
+
+type LabelPolicyIconRemovedEvent struct {
+	asset.RemovedEvent
+}
+
+func (e *LabelPolicyIconRemovedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *LabelPolicyIconRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLabelPolicyIconRemovedEvent(base *eventstore.BaseEvent, storageKey string) *LabelPolicyIconRemovedEvent {
+	return &LabelPolicyIconRemovedEvent{
+		*asset.NewRemovedEvent(base, storageKey),
+	}
+}
+
+func LabelPolicyIconRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e, err := asset.RemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LabelPolicyIconRemovedEvent{*e.(*asset.RemovedEvent)}, nil
+}
+
+type LabelPolicyLogoDarkAddedEvent struct {
+	asset.AddedEvent
+}
+
+func (e *LabelPolicyLogoDarkAddedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *LabelPolicyLogoDarkAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLabelPolicyLogoDarkAddedEvent(base *eventstore.BaseEvent, storageKey string) *LabelPolicyLogoDarkAddedEvent {
+	return &LabelPolicyLogoDarkAddedEvent{
+		*asset.NewAddedEvent(base, storageKey),
+	}
+}
+
+func LabelPolicyLogoDarkAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e, err := asset.AddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LabelPolicyLogoDarkAddedEvent{*e.(*asset.AddedEvent)}, nil
+}
+
+type LabelPolicyLogoDarkRemovedEvent struct {
+	asset.RemovedEvent
+}
+
+func (e *LabelPolicyLogoDarkRemovedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *LabelPolicyLogoDarkRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLabelPolicyLogoDarkRemovedEvent(base *eventstore.BaseEvent, storageKey string) *LabelPolicyLogoDarkRemovedEvent {
+	return &LabelPolicyLogoDarkRemovedEvent{
+		*asset.NewRemovedEvent(base, storageKey),
+	}
+}
+
+func LabelPolicyLogoDarkRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e, err := asset.RemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LabelPolicyLogoDarkRemovedEvent{*e.(*asset.RemovedEvent)}, nil
+}
+
+type LabelPolicyIconDarkAddedEvent struct {
+	asset.AddedEvent
+}
+
+func (e *LabelPolicyIconDarkAddedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *LabelPolicyIconDarkAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLabelPolicyIconDarkAddedEvent(base *eventstore.BaseEvent, storageKey string) *LabelPolicyIconDarkAddedEvent {
+	return &LabelPolicyIconDarkAddedEvent{
+		*asset.NewAddedEvent(base, storageKey),
+	}
+}
+
+func LabelPolicyIconDarkAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e, err := asset.AddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LabelPolicyIconDarkAddedEvent{*e.(*asset.AddedEvent)}, nil
+}
+
+type LabelPolicyIconDarkRemovedEvent struct {
+	asset.RemovedEvent
+}
+
+func (e *LabelPolicyIconDarkRemovedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *LabelPolicyIconDarkRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLabelPolicyIconDarkRemovedEvent(base *eventstore.BaseEvent, storageKey string) *LabelPolicyIconDarkRemovedEvent {
+	return &LabelPolicyIconDarkRemovedEvent{
+		*asset.NewRemovedEvent(base, storageKey),
+	}
+}
+
+func LabelPolicyIconDarkRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e, err := asset.RemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LabelPolicyIconDarkRemovedEvent{*e.(*asset.RemovedEvent)}, nil
+}
+
+type LabelPolicyFontAddedEvent struct {
+	asset.AddedEvent
+}
+
+func (e *LabelPolicyFontAddedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *LabelPolicyFontAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLabelPolicyFontAddedEvent(base *eventstore.BaseEvent, storageKey string) *LabelPolicyFontAddedEvent {
+	return &LabelPolicyFontAddedEvent{
+		*asset.NewAddedEvent(base, storageKey),
+	}
+}
+
+func LabelPolicyFontAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e, err := asset.AddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LabelPolicyFontAddedEvent{*e.(*asset.AddedEvent)}, nil
+}
+
+type LabelPolicyFontRemovedEvent struct {
+	asset.RemovedEvent
+}
+
+func (e *LabelPolicyFontRemovedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *LabelPolicyFontRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLabelPolicyFontRemovedEvent(base *eventstore.BaseEvent, storageKey string) *LabelPolicyFontRemovedEvent {
+	return &LabelPolicyFontRemovedEvent{
+		*asset.NewRemovedEvent(base, storageKey),
+	}
+}
+
+func LabelPolicyFontRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e, err := asset.RemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LabelPolicyFontRemovedEvent{*e.(*asset.RemovedEvent)}, nil
+}
+
+type LabelPolicyAssetsRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *LabelPolicyAssetsRemovedEvent) Payload() interface{} {
+	return nil
+}
+
+func (e *LabelPolicyAssetsRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLabelPolicyAssetsRemovedEvent(base *eventstore.BaseEvent) *LabelPolicyAssetsRemovedEvent {
+	return &LabelPolicyAssetsRemovedEvent{
+		*base,
+	}
+}
+
+func LabelPolicyAssetsRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	return &LabelPolicyAssetsRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
--- a/apps/api/internal/repository/policy/login.go
+++ b/apps/api/internal/repository/policy/login.go
@@ -0,0 +1,288 @@
+package policy
+
+import (
+	"time"
+
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+const (
+	loginPolicyPrefix           = "policy.login."
+	LoginPolicyAddedEventType   = loginPolicyPrefix + "added"
+	LoginPolicyChangedEventType = loginPolicyPrefix + "changed"
+	LoginPolicyRemovedEventType = loginPolicyPrefix + "removed"
+)
+
+type LoginPolicyAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	AllowUserNamePassword      bool                    `json:"allowUsernamePassword,omitempty"`
+	AllowRegister              bool                    `json:"allowRegister,omitempty"`
+	AllowExternalIDP           bool                    `json:"allowExternalIdp,omitempty"`
+	ForceMFA                   bool                    `json:"forceMFA,omitempty"`
+	ForceMFALocalOnly          bool                    `json:"forceMFALocalOnly,omitempty"`
+	HidePasswordReset          bool                    `json:"hidePasswordReset,omitempty"`
+	IgnoreUnknownUsernames     bool                    `json:"ignoreUnknownUsernames,omitempty"`
+	AllowDomainDiscovery       bool                    `json:"allowDomainDiscovery,omitempty"`
+	DisableLoginWithEmail      bool                    `json:"disableLoginWithEmail,omitempty"`
+	DisableLoginWithPhone      bool                    `json:"disableLoginWithPhone,omitempty"`
+	PasswordlessType           domain.PasswordlessType `json:"passwordlessType,omitempty"`
+	DefaultRedirectURI         string                  `json:"defaultRedirectURI,omitempty"`
+	PasswordCheckLifetime      time.Duration           `json:"passwordCheckLifetime,omitempty"`
+	ExternalLoginCheckLifetime time.Duration           `json:"externalLoginCheckLifetime,omitempty"`
+	MFAInitSkipLifetime        time.Duration           `json:"mfaInitSkipLifetime,omitempty"`
+	SecondFactorCheckLifetime  time.Duration           `json:"secondFactorCheckLifetime,omitempty"`
+	MultiFactorCheckLifetime   time.Duration           `json:"multiFactorCheckLifetime,omitempty"`
+}
+
+func (e *LoginPolicyAddedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *LoginPolicyAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLoginPolicyAddedEvent(
+	base *eventstore.BaseEvent,
+	allowUserNamePassword,
+	allowRegister,
+	allowExternalIDP,
+	forceMFA,
+	forceMFALocalOnly,
+	hidePasswordReset,
+	ignoreUnknownUsernames,
+	allowDomainDiscovery,
+	disableLoginWithEmail,
+	disableLoginWithPhone bool,
+	passwordlessType domain.PasswordlessType,
+	defaultRedirectURI string,
+	passwordCheckLifetime,
+	externalLoginCheckLifetime,
+	mfaInitSkipLifetime,
+	secondFactorCheckLifetime,
+	multiFactorCheckLifetime time.Duration,
+) *LoginPolicyAddedEvent {
+	return &LoginPolicyAddedEvent{
+		BaseEvent:                  *base,
+		AllowExternalIDP:           allowExternalIDP,
+		AllowRegister:              allowRegister,
+		AllowUserNamePassword:      allowUserNamePassword,
+		ForceMFA:                   forceMFA,
+		ForceMFALocalOnly:          forceMFALocalOnly,
+		PasswordlessType:           passwordlessType,
+		HidePasswordReset:          hidePasswordReset,
+		IgnoreUnknownUsernames:     ignoreUnknownUsernames,
+		AllowDomainDiscovery:       allowDomainDiscovery,
+		DefaultRedirectURI:         defaultRedirectURI,
+		PasswordCheckLifetime:      passwordCheckLifetime,
+		ExternalLoginCheckLifetime: externalLoginCheckLifetime,
+		MFAInitSkipLifetime:        mfaInitSkipLifetime,
+		SecondFactorCheckLifetime:  secondFactorCheckLifetime,
+		MultiFactorCheckLifetime:   multiFactorCheckLifetime,
+		DisableLoginWithEmail:      disableLoginWithEmail,
+		DisableLoginWithPhone:      disableLoginWithPhone,
+	}
+}
+
+func LoginPolicyAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &LoginPolicyAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-nWndT", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type LoginPolicyChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	AllowUserNamePassword      *bool                    `json:"allowUsernamePassword,omitempty"`
+	AllowRegister              *bool                    `json:"allowRegister,omitempty"`
+	AllowExternalIDP           *bool                    `json:"allowExternalIdp,omitempty"`
+	ForceMFA                   *bool                    `json:"forceMFA,omitempty"`
+	ForceMFALocalOnly          *bool                    `json:"forceMFALocalOnly,omitempty"`
+	HidePasswordReset          *bool                    `json:"hidePasswordReset,omitempty"`
+	IgnoreUnknownUsernames     *bool                    `json:"ignoreUnknownUsernames,omitempty"`
+	AllowDomainDiscovery       *bool                    `json:"allowDomainDiscovery,omitempty"`
+	DisableLoginWithEmail      *bool                    `json:"disableLoginWithEmail,omitempty"`
+	DisableLoginWithPhone      *bool                    `json:"disableLoginWithPhone,omitempty"`
+	PasswordlessType           *domain.PasswordlessType `json:"passwordlessType,omitempty"`
+	DefaultRedirectURI         *string                  `json:"defaultRedirectURI,omitempty"`
+	PasswordCheckLifetime      *time.Duration           `json:"passwordCheckLifetime,omitempty"`
+	ExternalLoginCheckLifetime *time.Duration           `json:"externalLoginCheckLifetime,omitempty"`
+	MFAInitSkipLifetime        *time.Duration           `json:"mfaInitSkipLifetime,omitempty"`
+	SecondFactorCheckLifetime  *time.Duration           `json:"secondFactorCheckLifetime,omitempty"`
+	MultiFactorCheckLifetime   *time.Duration           `json:"multiFactorCheckLifetime,omitempty"`
+}
+
+func (e *LoginPolicyChangedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *LoginPolicyChangedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLoginPolicyChangedEvent(
+	base *eventstore.BaseEvent,
+	changes []LoginPolicyChanges,
+) (*LoginPolicyChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-ADg34", "Errors.NoChangesFound")
+	}
+	changeEvent := &LoginPolicyChangedEvent{
+		BaseEvent: *base,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type LoginPolicyChanges func(*LoginPolicyChangedEvent)
+
+func ChangeAllowUserNamePassword(allowUserNamePassword bool) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.AllowUserNamePassword = &allowUserNamePassword
+	}
+}
+
+func ChangeAllowRegister(allowRegister bool) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.AllowRegister = &allowRegister
+	}
+}
+
+func ChangeAllowExternalIDP(allowExternalIDP bool) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.AllowExternalIDP = &allowExternalIDP
+	}
+}
+
+func ChangeForceMFA(forceMFA bool) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.ForceMFA = &forceMFA
+	}
+}
+
+func ChangeForceMFALocalOnly(forceMFALocalOnly bool) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.ForceMFALocalOnly = &forceMFALocalOnly
+	}
+}
+
+func ChangePasswordlessType(passwordlessType domain.PasswordlessType) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.PasswordlessType = &passwordlessType
+	}
+}
+
+func ChangeHidePasswordReset(hidePasswordReset bool) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.HidePasswordReset = &hidePasswordReset
+	}
+}
+
+func ChangePasswordCheckLifetime(passwordCheckLifetime time.Duration) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.PasswordCheckLifetime = &passwordCheckLifetime
+	}
+}
+
+func ChangeExternalLoginCheckLifetime(externalLoginCheckLifetime time.Duration) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.ExternalLoginCheckLifetime = &externalLoginCheckLifetime
+	}
+}
+
+func ChangeMFAInitSkipLifetime(mfaInitSkipLifetime time.Duration) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.MFAInitSkipLifetime = &mfaInitSkipLifetime
+	}
+}
+
+func ChangeSecondFactorCheckLifetime(secondFactorCheckLifetime time.Duration) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.SecondFactorCheckLifetime = &secondFactorCheckLifetime
+	}
+}
+
+func ChangeMultiFactorCheckLifetime(multiFactorCheckLifetime time.Duration) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.MultiFactorCheckLifetime = &multiFactorCheckLifetime
+	}
+}
+
+func ChangeIgnoreUnknownUsernames(ignoreUnknownUsernames bool) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.IgnoreUnknownUsernames = &ignoreUnknownUsernames
+	}
+}
+
+func ChangeAllowDomainDiscovery(allowDomainDiscovery bool) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.AllowDomainDiscovery = &allowDomainDiscovery
+	}
+}
+
+func ChangeDefaultRedirectURI(defaultRedirectURI string) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.DefaultRedirectURI = &defaultRedirectURI
+	}
+}
+
+func ChangeDisableLoginWithEmail(disableLoginWithEmail bool) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.DisableLoginWithEmail = &disableLoginWithEmail
+	}
+}
+
+func ChangeDisableLoginWithPhone(DisableLoginWithPhone bool) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.DisableLoginWithPhone = &DisableLoginWithPhone
+	}
+}
+
+func LoginPolicyChangedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &LoginPolicyChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-ehssl", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type LoginPolicyRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *LoginPolicyRemovedEvent) Payload() interface{} {
+	return nil
+}
+
+func (e *LoginPolicyRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLoginPolicyRemovedEvent(base *eventstore.BaseEvent) *LoginPolicyRemovedEvent {
+	return &LoginPolicyRemovedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func LoginPolicyRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	return &LoginPolicyRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
--- a/apps/api/internal/repository/policy/mail_template.go
+++ b/apps/api/internal/repository/policy/mail_template.go
@@ -0,0 +1,126 @@
+package policy
+
+import (
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+const (
+	mailPolicyPrefix                   = "mail."
+	mailTemplatePolicyPrefix           = mailPolicyPrefix + "template."
+	MailTemplatePolicyAddedEventType   = mailTemplatePolicyPrefix + "added"
+	MailTemplatePolicyChangedEventType = mailTemplatePolicyPrefix + "changed"
+	MailTemplatePolicyRemovedEventType = mailTemplatePolicyPrefix + "removed"
+)
+
+type MailTemplateAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Template []byte `json:"template,omitempty"`
+}
+
+func (e *MailTemplateAddedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *MailTemplateAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewMailTemplateAddedEvent(
+	base *eventstore.BaseEvent,
+	template []byte,
+) *MailTemplateAddedEvent {
+	return &MailTemplateAddedEvent{
+		BaseEvent: *base,
+		Template:  template,
+	}
+}
+
+func MailTemplateAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &MailTemplateAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-5m9if", "unable to unmarshal mail template")
+	}
+
+	return e, nil
+}
+
+type MailTemplateChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Template *[]byte `json:"template,omitempty"`
+}
+
+func (e *MailTemplateChangedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *MailTemplateChangedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewMailTemplateChangedEvent(
+	base *eventstore.BaseEvent,
+	changes []MailTemplateChanges,
+) (*MailTemplateChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-m9osd", "Errors.NoChangesFound")
+	}
+	changeEvent := &MailTemplateChangedEvent{
+		BaseEvent: *base,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type MailTemplateChanges func(*MailTemplateChangedEvent)
+
+func ChangeTemplate(template []byte) func(*MailTemplateChangedEvent) {
+	return func(e *MailTemplateChangedEvent) {
+		e.Template = &template
+	}
+}
+
+func MailTemplateChangedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &MailTemplateChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-3uu8K", "unable to unmarshal mail template policy")
+	}
+
+	return e, nil
+}
+
+type MailTemplateRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *MailTemplateRemovedEvent) Payload() interface{} {
+	return nil
+}
+
+func (e *MailTemplateRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewMailTemplateRemovedEvent(base *eventstore.BaseEvent) *MailTemplateRemovedEvent {
+	return &MailTemplateRemovedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func MailTemplateRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	return &MailTemplateRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
--- a/apps/api/internal/repository/policy/mail_text.go
+++ b/apps/api/internal/repository/policy/mail_text.go
@@ -0,0 +1,208 @@
+package policy
+
+import (
+	"fmt"
+
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+const (
+	UniqueMailText                 = "mail_text"
+	mailTextPolicyPrefix           = mailPolicyPrefix + "text."
+	MailTextPolicyAddedEventType   = mailTextPolicyPrefix + "added"
+	MailTextPolicyChangedEventType = mailTextPolicyPrefix + "changed"
+	MailTextPolicyRemovedEventType = mailTextPolicyPrefix + "removed"
+)
+
+func NewAddMailTextUniqueConstraint(aggregateID, mailTextType, langugage string) *eventstore.UniqueConstraint {
+	return eventstore.NewAddEventUniqueConstraint(
+		UniqueMailText,
+		fmt.Sprintf("%v:%v:%v", aggregateID, mailTextType, langugage),
+		"Errors.Org.AlreadyExists")
+}
+
+func NewRemoveMailTextUniqueConstraint(aggregateID, mailTextType, langugage string) *eventstore.UniqueConstraint {
+	return eventstore.NewRemoveUniqueConstraint(
+		UniqueMailText,
+		fmt.Sprintf("%v:%v:%v", aggregateID, mailTextType, langugage))
+}
+
+type MailTextAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	MailTextType string `json:"mailTextType,omitempty"`
+	Language     string `json:"language,omitempty"`
+	Title        string `json:"title,omitempty"`
+	PreHeader    string `json:"preHeader,omitempty"`
+	Subject      string `json:"subject,omitempty"`
+	Greeting     string `json:"greeting,omitempty"`
+	Text         string `json:"text,omitempty"`
+	ButtonText   string `json:"buttonText,omitempty"`
+}
+
+func (e *MailTextAddedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *MailTextAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return []*eventstore.UniqueConstraint{NewAddMailTextUniqueConstraint(e.Aggregate().ResourceOwner, e.MailTextType, e.Language)}
+}
+
+func NewMailTextAddedEvent(
+	base *eventstore.BaseEvent,
+	mailTextType,
+	language,
+	title,
+	preHeader,
+	subject,
+	greeting,
+	text,
+	buttonText string,
+) *MailTextAddedEvent {
+	return &MailTextAddedEvent{
+		BaseEvent:    *base,
+		MailTextType: mailTextType,
+		Language:     language,
+		Title:        title,
+		PreHeader:    preHeader,
+		Subject:      subject,
+		Greeting:     greeting,
+		Text:         text,
+		ButtonText:   buttonText,
+	}
+}
+
+func MailTextAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &MailTextAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-5m9if", "unable to unmarshal mail text policy")
+	}
+
+	return e, nil
+}
+
+type MailTextChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	MailTextType string  `json:"mailTextType,omitempty"`
+	Language     string  `json:"language,omitempty"`
+	Title        *string `json:"title,omitempty"`
+	PreHeader    *string `json:"preHeader,omitempty"`
+	Subject      *string `json:"subject,omitempty"`
+	Greeting     *string `json:"greeting,omitempty"`
+	Text         *string `json:"text,omitempty"`
+	ButtonText   *string `json:"buttonText,omitempty"`
+}
+
+func (e *MailTextChangedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *MailTextChangedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewMailTextChangedEvent(
+	base *eventstore.BaseEvent,
+	mailTextType,
+	language string,
+	changes []MailTextChanges,
+) (*MailTextChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-m9osd", "Errors.NoChangesFound")
+	}
+	changeEvent := &MailTextChangedEvent{
+		BaseEvent:    *base,
+		MailTextType: mailTextType,
+		Language:     language,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type MailTextChanges func(*MailTextChangedEvent)
+
+func ChangeTitle(title string) func(*MailTextChangedEvent) {
+	return func(e *MailTextChangedEvent) {
+		e.Title = &title
+	}
+}
+
+func ChangePreHeader(preHeader string) func(*MailTextChangedEvent) {
+	return func(e *MailTextChangedEvent) {
+		e.PreHeader = &preHeader
+	}
+}
+
+func ChangeSubject(greeting string) func(*MailTextChangedEvent) {
+	return func(e *MailTextChangedEvent) {
+		e.Subject = &greeting
+	}
+}
+
+func ChangeGreeting(greeting string) func(*MailTextChangedEvent) {
+	return func(e *MailTextChangedEvent) {
+		e.Greeting = &greeting
+	}
+}
+
+func ChangeText(text string) func(*MailTextChangedEvent) {
+	return func(e *MailTextChangedEvent) {
+		e.Text = &text
+	}
+}
+
+func ChangeButtonText(buttonText string) func(*MailTextChangedEvent) {
+	return func(e *MailTextChangedEvent) {
+		e.ButtonText = &buttonText
+	}
+}
+
+func MailTextChangedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &MailTextChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-bn88u", "unable to unmarshal mail text policy")
+	}
+
+	return e, nil
+}
+
+type MailTextRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	MailTextType string `json:"mailTextType,omitempty"`
+	Language     string `json:"language,omitempty"`
+}
+
+func (e *MailTextRemovedEvent) Payload() interface{} {
+	return nil
+}
+
+func (e *MailTextRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return []*eventstore.UniqueConstraint{NewRemoveMailTextUniqueConstraint(e.Aggregate().ResourceOwner, e.MailTextType, e.Language)}
+}
+
+func NewMailTextRemovedEvent(base *eventstore.BaseEvent, mailTextType, language string) *MailTextRemovedEvent {
+	return &MailTextRemovedEvent{
+		BaseEvent:    *base,
+		MailTextType: mailTextType,
+		Language:     language,
+	}
+}
+
+func MailTextRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	return &MailTextRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
--- a/apps/api/internal/repository/policy/policy_domain.go
+++ b/apps/api/internal/repository/policy/policy_domain.go
@@ -0,0 +1,156 @@
+package policy
+
+import (
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/repository/user"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+const (
+	DomainPolicyAddedEventType   = "policy.domain.added"
+	DomainPolicyChangedEventType = "policy.domain.changed"
+	DomainPolicyRemovedEventType = "policy.domain.removed"
+)
+
+type DomainPolicyAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	UserLoginMustBeDomain                  bool `json:"userLoginMustBeDomain,omitempty"`
+	ValidateOrgDomains                     bool `json:"validateOrgDomains,omitempty"`
+	SMTPSenderAddressMatchesInstanceDomain bool `json:"smtpSenderAddressMatchesInstanceDomain,omitempty"`
+}
+
+func (e *DomainPolicyAddedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *DomainPolicyAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewDomainPolicyAddedEvent(
+	base *eventstore.BaseEvent,
+	userLoginMustBeDomain,
+	validateOrgDomains,
+	smtpSenderAddressMatchesInstanceDomain bool,
+) *DomainPolicyAddedEvent {
+
+	return &DomainPolicyAddedEvent{
+		BaseEvent:                              *base,
+		UserLoginMustBeDomain:                  userLoginMustBeDomain,
+		ValidateOrgDomains:                     validateOrgDomains,
+		SMTPSenderAddressMatchesInstanceDomain: smtpSenderAddressMatchesInstanceDomain,
+	}
+}
+
+func DomainPolicyAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &DomainPolicyAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-TvSmA", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type DomainPolicyChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	UserLoginMustBeDomain                  *bool `json:"userLoginMustBeDomain,omitempty"`
+	ValidateOrgDomains                     *bool `json:"validateOrgDomains,omitempty"`
+	SMTPSenderAddressMatchesInstanceDomain *bool `json:"smtpSenderAddressMatchesInstanceDomain,omitempty"`
+}
+
+func (e *DomainPolicyChangedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *DomainPolicyChangedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewDomainPolicyChangedEvent(
+	base *eventstore.BaseEvent,
+	changes []DomainPolicyChanges,
+) (*DomainPolicyChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-DAf3h", "Errors.NoChangesFound")
+	}
+	changeEvent := &DomainPolicyChangedEvent{
+		BaseEvent: *base,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type DomainPolicyChanges func(*DomainPolicyChangedEvent)
+
+func ChangeUserLoginMustBeDomain(userLoginMustBeDomain bool) func(*DomainPolicyChangedEvent) {
+	return func(e *DomainPolicyChangedEvent) {
+		e.UserLoginMustBeDomain = &userLoginMustBeDomain
+	}
+}
+
+func ChangeValidateOrgDomains(validateOrgDomain bool) func(*DomainPolicyChangedEvent) {
+	return func(e *DomainPolicyChangedEvent) {
+		e.ValidateOrgDomains = &validateOrgDomain
+	}
+}
+
+func ChangeSMTPSenderAddressMatchesInstanceDomain(smtpSenderAddressMatchesInstanceDomain bool) func(*DomainPolicyChangedEvent) {
+	return func(e *DomainPolicyChangedEvent) {
+		e.SMTPSenderAddressMatchesInstanceDomain = &smtpSenderAddressMatchesInstanceDomain
+	}
+}
+
+func DomainPolicyChangedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &DomainPolicyChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-0Pl9d", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type DomainPolicyRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	usernameChanges          []string
+	userLoginMustBeDomain    bool
+	oldUserLoginMustBeDomain bool
+}
+
+func (e *DomainPolicyRemovedEvent) Payload() interface{} {
+	return nil
+}
+
+func (e *DomainPolicyRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return user.NewUsernameUniqueConstraints(e.usernameChanges, e.Aggregate().ResourceOwner, e.userLoginMustBeDomain, e.oldUserLoginMustBeDomain)
+}
+
+func NewDomainPolicyRemovedEvent(base *eventstore.BaseEvent) *DomainPolicyRemovedEvent {
+	return &DomainPolicyRemovedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func DomainPolicyRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	return &DomainPolicyRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
+
+func (e *DomainPolicyRemovedEvent) AddUniqueConstraintChanges(usernameChanges []string, userLoginMustBeDomain, oldUserLoginMustBeDomain bool) {
+	e.usernameChanges = usernameChanges
+	e.userLoginMustBeDomain = userLoginMustBeDomain
+	e.oldUserLoginMustBeDomain = oldUserLoginMustBeDomain
+}
--- a/apps/api/internal/repository/policy/policy_login_factors.go
+++ b/apps/api/internal/repository/policy/policy_login_factors.go
@@ -0,0 +1,163 @@
+package policy
+
+import (
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+const (
+	loginPolicySecondFactorPrefix           = loginPolicyPrefix + "secondfactor."
+	LoginPolicySecondFactorAddedEventType   = loginPolicySecondFactorPrefix + "added"
+	LoginPolicySecondFactorRemovedEventType = loginPolicySecondFactorPrefix + "removed"
+
+	loginPolicyMultiFactorPrefix           = "policy.login.multifactor."
+	LoginPolicyMultiFactorAddedEventType   = loginPolicyMultiFactorPrefix + "added"
+	LoginPolicyMultiFactorRemovedEventType = loginPolicyMultiFactorPrefix + "removed"
+)
+
+type SecondFactorAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	MFAType domain.SecondFactorType `json:"mfaType,omitempty"`
+}
+
+func NewSecondFactorAddedEvent(
+	base *eventstore.BaseEvent,
+	mfaType domain.SecondFactorType,
+) *SecondFactorAddedEvent {
+	return &SecondFactorAddedEvent{
+		BaseEvent: *base,
+		MFAType:   mfaType,
+	}
+}
+
+func SecondFactorAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &SecondFactorAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-Lp0dE", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+func (e *SecondFactorAddedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *SecondFactorAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+type SecondFactorRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+	MFAType              domain.SecondFactorType `json:"mfaType"`
+}
+
+func NewSecondFactorRemovedEvent(
+	base *eventstore.BaseEvent,
+	mfaType domain.SecondFactorType,
+) *SecondFactorRemovedEvent {
+	return &SecondFactorRemovedEvent{
+		BaseEvent: *base,
+		MFAType:   mfaType,
+	}
+}
+
+func SecondFactorRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &SecondFactorRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-5M9gd", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+func (e *SecondFactorRemovedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *SecondFactorRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+type MultiFactorAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	MFAType domain.MultiFactorType `json:"mfaType"`
+}
+
+func NewMultiFactorAddedEvent(
+	base *eventstore.BaseEvent,
+	mfaType domain.MultiFactorType,
+) *MultiFactorAddedEvent {
+	return &MultiFactorAddedEvent{
+		BaseEvent: *base,
+		MFAType:   mfaType,
+	}
+}
+
+func MultiFactorAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &MultiFactorAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-5Ms90", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+func (e *MultiFactorAddedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *MultiFactorAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+type MultiFactorRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+	MFAType              domain.MultiFactorType `json:"mfaType"`
+}
+
+func NewMultiFactorRemovedEvent(
+	base *eventstore.BaseEvent,
+	mfaType domain.MultiFactorType,
+) *MultiFactorRemovedEvent {
+	return &MultiFactorRemovedEvent{
+		BaseEvent: *base,
+		MFAType:   mfaType,
+	}
+}
+
+func MultiFactorRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &MultiFactorRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-1N8sd", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+func (e *MultiFactorRemovedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *MultiFactorRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
--- a/apps/api/internal/repository/policy/policy_login_identity_provider.go
+++ b/apps/api/internal/repository/policy/policy_login_identity_provider.go
@@ -0,0 +1,129 @@
+package policy
+
+import (
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+const (
+	loginPolicyIDPProviderPrevix             = loginPolicyPrefix + "idpprovider."
+	LoginPolicyIDPProviderAddedType          = loginPolicyIDPProviderPrevix + "added"
+	LoginPolicyIDPProviderRemovedType        = loginPolicyIDPProviderPrevix + "removed"
+	LoginPolicyIDPProviderCascadeRemovedType = loginPolicyIDPProviderPrevix + "cascade.removed"
+)
+
+type IdentityProviderAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	IDPConfigID     string                      `json:"idpConfigId,omitempty"`
+	IDPProviderType domain.IdentityProviderType `json:"idpProviderType,omitempty"`
+}
+
+func (e *IdentityProviderAddedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *IdentityProviderAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewIdentityProviderAddedEvent(
+	base *eventstore.BaseEvent,
+	idpConfigID string,
+	idpProviderType domain.IdentityProviderType,
+) *IdentityProviderAddedEvent {
+
+	return &IdentityProviderAddedEvent{
+		*base,
+		idpConfigID,
+		idpProviderType,
+	}
+}
+
+func IdentityProviderAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &IdentityProviderAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "PROVI-bfNnp", "Errors.Internal")
+	}
+
+	return e, nil
+}
+
+type IdentityProviderRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	IDPConfigID string `json:"idpConfigId"`
+}
+
+func (e *IdentityProviderRemovedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *IdentityProviderRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewIdentityProviderRemovedEvent(
+	base *eventstore.BaseEvent,
+	idpConfigID string,
+) *IdentityProviderRemovedEvent {
+	return &IdentityProviderRemovedEvent{
+		BaseEvent:   *base,
+		IDPConfigID: idpConfigID,
+	}
+}
+
+func IdentityProviderRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &IdentityProviderRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "PROVI-6H0KQ", "Errors.Internal")
+	}
+
+	return e, nil
+}
+
+type IdentityProviderCascadeRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	IDPConfigID string `json:"idpConfigId"`
+}
+
+func (e *IdentityProviderCascadeRemovedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *IdentityProviderCascadeRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewIdentityProviderCascadeRemovedEvent(
+	base *eventstore.BaseEvent,
+	idpConfigID string,
+) *IdentityProviderCascadeRemovedEvent {
+	return &IdentityProviderCascadeRemovedEvent{
+		BaseEvent:   *base,
+		IDPConfigID: idpConfigID,
+	}
+}
+
+func IdentityProviderCascadeRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &IdentityProviderCascadeRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "PROVI-7M9fs", "Errors.Internal")
+	}
+
+	return e, nil
+}
--- a/apps/api/internal/repository/policy/policy_notification.go
+++ b/apps/api/internal/repository/policy/policy_notification.go
@@ -0,0 +1,124 @@
+package policy
+
+import (
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+const (
+	NotificationPolicyAddedEventType   = "policy.notification.added"
+	NotificationPolicyChangedEventType = "policy.notification.changed"
+	NotificationPolicyRemovedEventType = "policy.notification.removed"
+)
+
+type NotificationPolicyAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	PasswordChange bool `json:"passwordChange,omitempty"`
+}
+
+func (e *NotificationPolicyAddedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *NotificationPolicyAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewNotificationPolicyAddedEvent(
+	base *eventstore.BaseEvent,
+	passwordChange bool,
+) *NotificationPolicyAddedEvent {
+	return &NotificationPolicyAddedEvent{
+		BaseEvent:      *base,
+		PasswordChange: passwordChange,
+	}
+}
+
+func NotificationPolicyAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &NotificationPolicyAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-0sp2nios", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type NotificationPolicyChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	PasswordChange *bool `json:"passwordChange,omitempty"`
+}
+
+func (e *NotificationPolicyChangedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *NotificationPolicyChangedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewNotificationPolicyChangedEvent(
+	base *eventstore.BaseEvent,
+	changes []NotificationPolicyChanges,
+) (*NotificationPolicyChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-09sp2m", "Errors.NoChangesFound")
+	}
+	changeEvent := &NotificationPolicyChangedEvent{
+		BaseEvent: *base,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type NotificationPolicyChanges func(*NotificationPolicyChangedEvent)
+
+func ChangePasswordChange(passwordChange bool) func(*NotificationPolicyChangedEvent) {
+	return func(e *NotificationPolicyChangedEvent) {
+		e.PasswordChange = &passwordChange
+	}
+}
+
+func NotificationPolicyChangedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &NotificationPolicyChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-09s2oss", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type NotificationPolicyRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *NotificationPolicyRemovedEvent) Payload() interface{} {
+	return nil
+}
+
+func (e *NotificationPolicyRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewNotificationPolicyRemovedEvent(base *eventstore.BaseEvent) *NotificationPolicyRemovedEvent {
+	return &NotificationPolicyRemovedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func NotificationPolicyRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	return &NotificationPolicyRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
--- a/apps/api/internal/repository/policy/policy_password_age.go
+++ b/apps/api/internal/repository/policy/policy_password_age.go
@@ -0,0 +1,135 @@
+package policy
+
+import (
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+const (
+	PasswordAgePolicyAddedEventType   = "policy.password.age.added"
+	PasswordAgePolicyChangedEventType = "policy.password.age.changed"
+	PasswordAgePolicyRemovedEventType = "policy.password.age.removed"
+)
+
+type PasswordAgePolicyAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	ExpireWarnDays uint64 `json:"expireWarnDays,omitempty"`
+	MaxAgeDays     uint64 `json:"maxAgeDays,omitempty"`
+}
+
+func (e *PasswordAgePolicyAddedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *PasswordAgePolicyAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewPasswordAgePolicyAddedEvent(
+	base *eventstore.BaseEvent,
+	expireWarnDays,
+	maxAgeDays uint64,
+) *PasswordAgePolicyAddedEvent {
+
+	return &PasswordAgePolicyAddedEvent{
+		BaseEvent:      *base,
+		ExpireWarnDays: expireWarnDays,
+		MaxAgeDays:     maxAgeDays,
+	}
+}
+
+func PasswordAgePolicyAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &PasswordAgePolicyAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-T3mGp", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type PasswordAgePolicyChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	ExpireWarnDays *uint64 `json:"expireWarnDays,omitempty"`
+	MaxAgeDays     *uint64 `json:"maxAgeDays,omitempty"`
+}
+
+func (e *PasswordAgePolicyChangedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *PasswordAgePolicyChangedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewPasswordAgePolicyChangedEvent(
+	base *eventstore.BaseEvent,
+	changes []PasswordAgePolicyChanges,
+) (*PasswordAgePolicyChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-DAgt5", "Errors.NoChangesFound")
+	}
+	changeEvent := &PasswordAgePolicyChangedEvent{
+		BaseEvent: *base,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type PasswordAgePolicyChanges func(*PasswordAgePolicyChangedEvent)
+
+func ChangeExpireWarnDays(expireWarnDay uint64) func(*PasswordAgePolicyChangedEvent) {
+	return func(e *PasswordAgePolicyChangedEvent) {
+		e.ExpireWarnDays = &expireWarnDay
+	}
+}
+
+func ChangeMaxAgeDays(maxAgeDays uint64) func(*PasswordAgePolicyChangedEvent) {
+	return func(e *PasswordAgePolicyChangedEvent) {
+		e.MaxAgeDays = &maxAgeDays
+	}
+}
+
+func PasswordAgePolicyChangedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &PasswordAgePolicyChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-PqaVq", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type PasswordAgePolicyRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *PasswordAgePolicyRemovedEvent) Payload() interface{} {
+	return nil
+}
+
+func (e *PasswordAgePolicyRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewPasswordAgePolicyRemovedEvent(base *eventstore.BaseEvent) *PasswordAgePolicyRemovedEvent {
+	return &PasswordAgePolicyRemovedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func PasswordAgePolicyRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	return &PasswordAgePolicyRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
--- a/apps/api/internal/repository/policy/policy_password_complexity.go
+++ b/apps/api/internal/repository/policy/policy_password_complexity.go
@@ -0,0 +1,164 @@
+package policy
+
+import (
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+const (
+	PasswordComplexityPolicyAddedEventType   = "policy.password.complexity.added"
+	PasswordComplexityPolicyChangedEventType = "policy.password.complexity.changed"
+	PasswordComplexityPolicyRemovedEventType = "policy.password.complexity.removed"
+)
+
+type PasswordComplexityPolicyAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	MinLength    uint64 `json:"minLength,omitempty"`
+	HasLowercase bool   `json:"hasLowercase,omitempty"`
+	HasUppercase bool   `json:"hasUppercase,omitempty"`
+	HasNumber    bool   `json:"hasNumber,omitempty"`
+	HasSymbol    bool   `json:"hasSymbol,omitempty"`
+}
+
+func (e *PasswordComplexityPolicyAddedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *PasswordComplexityPolicyAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewPasswordComplexityPolicyAddedEvent(
+	base *eventstore.BaseEvent,
+	minLength uint64,
+	hasLowerCase,
+	hasUpperCase,
+	hasNumber,
+	hasSymbol bool,
+) *PasswordComplexityPolicyAddedEvent {
+	return &PasswordComplexityPolicyAddedEvent{
+		BaseEvent:    *base,
+		MinLength:    minLength,
+		HasLowercase: hasLowerCase,
+		HasUppercase: hasUpperCase,
+		HasNumber:    hasNumber,
+		HasSymbol:    hasSymbol,
+	}
+}
+
+func PasswordComplexityPolicyAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &PasswordComplexityPolicyAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-wYxlM", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type PasswordComplexityPolicyChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	MinLength    *uint64 `json:"minLength,omitempty"`
+	HasLowercase *bool   `json:"hasLowercase,omitempty"`
+	HasUppercase *bool   `json:"hasUppercase,omitempty"`
+	HasNumber    *bool   `json:"hasNumber,omitempty"`
+	HasSymbol    *bool   `json:"hasSymbol,omitempty"`
+}
+
+func (e *PasswordComplexityPolicyChangedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *PasswordComplexityPolicyChangedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewPasswordComplexityPolicyChangedEvent(
+	base *eventstore.BaseEvent,
+	changes []PasswordComplexityPolicyChanges,
+) (*PasswordComplexityPolicyChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-Rdhu3", "Errors.NoChangesFound")
+	}
+	changeEvent := &PasswordComplexityPolicyChangedEvent{
+		BaseEvent: *base,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type PasswordComplexityPolicyChanges func(*PasswordComplexityPolicyChangedEvent)
+
+func ChangeMinLength(minLength uint64) func(*PasswordComplexityPolicyChangedEvent) {
+	return func(e *PasswordComplexityPolicyChangedEvent) {
+		e.MinLength = &minLength
+	}
+}
+
+func ChangeHasLowercase(hasLowercase bool) func(*PasswordComplexityPolicyChangedEvent) {
+	return func(e *PasswordComplexityPolicyChangedEvent) {
+		e.HasLowercase = &hasLowercase
+	}
+}
+
+func ChangeHasUppercase(hasUppercase bool) func(*PasswordComplexityPolicyChangedEvent) {
+	return func(e *PasswordComplexityPolicyChangedEvent) {
+		e.HasUppercase = &hasUppercase
+	}
+}
+
+func ChangeHasNumber(hasNumber bool) func(*PasswordComplexityPolicyChangedEvent) {
+	return func(e *PasswordComplexityPolicyChangedEvent) {
+		e.HasNumber = &hasNumber
+	}
+}
+
+func ChangeHasSymbol(hasSymbol bool) func(*PasswordComplexityPolicyChangedEvent) {
+	return func(e *PasswordComplexityPolicyChangedEvent) {
+		e.HasSymbol = &hasSymbol
+	}
+}
+
+func PasswordComplexityPolicyChangedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &PasswordComplexityPolicyChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-zBGB0", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type PasswordComplexityPolicyRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *PasswordComplexityPolicyRemovedEvent) Payload() interface{} {
+	return nil
+}
+
+func (e *PasswordComplexityPolicyRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewPasswordComplexityPolicyRemovedEvent(base *eventstore.BaseEvent) *PasswordComplexityPolicyRemovedEvent {
+	return &PasswordComplexityPolicyRemovedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func PasswordComplexityPolicyRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	return &PasswordComplexityPolicyRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
--- a/apps/api/internal/repository/policy/policy_password_lockout.go
+++ b/apps/api/internal/repository/policy/policy_password_lockout.go
@@ -0,0 +1,145 @@
+package policy
+
+import (
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+const (
+	LockoutPolicyAddedEventType   = "policy.lockout.added"
+	LockoutPolicyChangedEventType = "policy.lockout.changed"
+	LockoutPolicyRemovedEventType = "policy.lockout.removed"
+)
+
+type LockoutPolicyAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	MaxPasswordAttempts uint64 `json:"maxPasswordAttempts,omitempty"`
+	MaxOTPAttempts      uint64 `json:"maxOTPAttempts,omitempty"`
+	ShowLockOutFailures bool   `json:"showLockOutFailures,omitempty"`
+}
+
+func (e *LockoutPolicyAddedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *LockoutPolicyAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLockoutPolicyAddedEvent(
+	base *eventstore.BaseEvent,
+	maxPasswordAttempts,
+	maxOTPAttempts uint64,
+	showLockOutFailures bool,
+) *LockoutPolicyAddedEvent {
+
+	return &LockoutPolicyAddedEvent{
+		BaseEvent:           *base,
+		MaxPasswordAttempts: maxPasswordAttempts,
+		MaxOTPAttempts:      maxOTPAttempts,
+		ShowLockOutFailures: showLockOutFailures,
+	}
+}
+
+func LockoutPolicyAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &LockoutPolicyAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-8XiVd", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type LockoutPolicyChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	MaxPasswordAttempts *uint64 `json:"maxPasswordAttempts,omitempty"`
+	MaxOTPAttempts      *uint64 `json:"maxOTPAttempts,omitempty"`
+	ShowLockOutFailures *bool   `json:"showLockOutFailures,omitempty"`
+}
+
+func (e *LockoutPolicyChangedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *LockoutPolicyChangedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLockoutPolicyChangedEvent(
+	base *eventstore.BaseEvent,
+	changes []LockoutPolicyChanges,
+) (*LockoutPolicyChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-sdgh6", "Errors.NoChangesFound")
+	}
+	changeEvent := &LockoutPolicyChangedEvent{
+		BaseEvent: *base,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type LockoutPolicyChanges func(*LockoutPolicyChangedEvent)
+
+func ChangeMaxPasswordAttempts(maxAttempts uint64) func(*LockoutPolicyChangedEvent) {
+	return func(e *LockoutPolicyChangedEvent) {
+		e.MaxPasswordAttempts = &maxAttempts
+	}
+}
+
+func ChangeMaxOTPAttempts(maxAttempts uint64) func(*LockoutPolicyChangedEvent) {
+	return func(e *LockoutPolicyChangedEvent) {
+		e.MaxOTPAttempts = &maxAttempts
+	}
+}
+
+func ChangeShowLockOutFailures(showLockOutFailures bool) func(*LockoutPolicyChangedEvent) {
+	return func(e *LockoutPolicyChangedEvent) {
+		e.ShowLockOutFailures = &showLockOutFailures
+	}
+}
+
+func LockoutPolicyChangedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &LockoutPolicyChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-lWGRc", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type LockoutPolicyRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *LockoutPolicyRemovedEvent) Payload() interface{} {
+	return nil
+}
+
+func (e *LockoutPolicyRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewLockoutPolicyRemovedEvent(base *eventstore.BaseEvent) *LockoutPolicyRemovedEvent {
+	return &LockoutPolicyRemovedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func LockoutPolicyRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	return &LockoutPolicyRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
--- a/apps/api/internal/repository/policy/policy_privacy.go
+++ b/apps/api/internal/repository/policy/policy_privacy.go
@@ -0,0 +1,182 @@
+package policy
+
+import (
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+const (
+	PrivacyPolicyAddedEventType   = "policy.privacy.added"
+	PrivacyPolicyChangedEventType = "policy.privacy.changed"
+	PrivacyPolicyRemovedEventType = "policy.privacy.removed"
+)
+
+type PrivacyPolicyAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	TOSLink        string              `json:"tosLink,omitempty"`
+	PrivacyLink    string              `json:"privacyLink,omitempty"`
+	HelpLink       string              `json:"helpLink,omitempty"`
+	SupportEmail   domain.EmailAddress `json:"supportEmail,omitempty"`
+	DocsLink       string              `json:"docsLink,omitempty"`
+	CustomLink     string              `json:"customLink,omitempty"`
+	CustomLinkText string              `json:"customLinkText,omitempty"`
+}
+
+func (e *PrivacyPolicyAddedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *PrivacyPolicyAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewPrivacyPolicyAddedEvent(
+	base *eventstore.BaseEvent,
+	tosLink,
+	privacyLink,
+	helpLink string,
+	supportEmail domain.EmailAddress,
+	docsLink, customLink, customLinkText string,
+) *PrivacyPolicyAddedEvent {
+	return &PrivacyPolicyAddedEvent{
+		BaseEvent:      *base,
+		TOSLink:        tosLink,
+		PrivacyLink:    privacyLink,
+		HelpLink:       helpLink,
+		SupportEmail:   supportEmail,
+		DocsLink:       docsLink,
+		CustomLink:     customLink,
+		CustomLinkText: customLinkText,
+	}
+}
+
+func PrivacyPolicyAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &PrivacyPolicyAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-2k0fs", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type PrivacyPolicyChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	TOSLink        *string              `json:"tosLink,omitempty"`
+	PrivacyLink    *string              `json:"privacyLink,omitempty"`
+	HelpLink       *string              `json:"helpLink,omitempty"`
+	SupportEmail   *domain.EmailAddress `json:"supportEmail,omitempty"`
+	DocsLink       *string              `json:"docsLink,omitempty"`
+	CustomLink     *string              `json:"customLink,omitempty"`
+	CustomLinkText *string              `json:"customLinkText,omitempty"`
+}
+
+func (e *PrivacyPolicyChangedEvent) Payload() interface{} {
+	return e
+}
+
+func (e *PrivacyPolicyChangedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewPrivacyPolicyChangedEvent(
+	base *eventstore.BaseEvent,
+	changes []PrivacyPolicyChanges,
+) (*PrivacyPolicyChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, zerrors.ThrowPreconditionFailed(nil, "POLICY-PPo0s", "Errors.NoChangesFound")
+	}
+	changeEvent := &PrivacyPolicyChangedEvent{
+		BaseEvent: *base,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type PrivacyPolicyChanges func(*PrivacyPolicyChangedEvent)
+
+func ChangeTOSLink(tosLink string) func(*PrivacyPolicyChangedEvent) {
+	return func(e *PrivacyPolicyChangedEvent) {
+		e.TOSLink = &tosLink
+	}
+}
+
+func ChangePrivacyLink(privacyLink string) func(*PrivacyPolicyChangedEvent) {
+	return func(e *PrivacyPolicyChangedEvent) {
+		e.PrivacyLink = &privacyLink
+	}
+}
+
+func ChangeHelpLink(helpLink string) func(*PrivacyPolicyChangedEvent) {
+	return func(e *PrivacyPolicyChangedEvent) {
+		e.HelpLink = &helpLink
+	}
+}
+
+func ChangeSupportEmail(supportEmail domain.EmailAddress) func(*PrivacyPolicyChangedEvent) {
+	return func(e *PrivacyPolicyChangedEvent) {
+		e.SupportEmail = &supportEmail
+	}
+}
+
+func ChangeDocsLink(docsLink string) func(*PrivacyPolicyChangedEvent) {
+	return func(e *PrivacyPolicyChangedEvent) {
+		e.DocsLink = &docsLink
+	}
+}
+
+func ChangeCustomLink(customLink string) func(*PrivacyPolicyChangedEvent) {
+	return func(e *PrivacyPolicyChangedEvent) {
+		e.CustomLink = &customLink
+	}
+}
+
+func ChangeCustomLinkText(customLinkText string) func(*PrivacyPolicyChangedEvent) {
+	return func(e *PrivacyPolicyChangedEvent) {
+		e.CustomLinkText = &customLinkText
+	}
+}
+
+func PrivacyPolicyChangedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	e := &PrivacyPolicyChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := event.Unmarshal(e)
+	if err != nil {
+		return nil, zerrors.ThrowInternal(err, "POLIC-22nf9", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type PrivacyPolicyRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *PrivacyPolicyRemovedEvent) Payload() interface{} {
+	return nil
+}
+
+func (e *PrivacyPolicyRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
+	return nil
+}
+
+func NewPrivacyPolicyRemovedEvent(base *eventstore.BaseEvent) *PrivacyPolicyRemovedEvent {
+	return &PrivacyPolicyRemovedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func PrivacyPolicyRemovedEventMapper(event eventstore.Event) (eventstore.Event, error) {
+	return &PrivacyPolicyRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}