diff --git a/config.json b/config.json
index 2cc188a2..9c9b62ef 100644
--- a/config.json
+++ b/config.json
@@ -3,7 +3,7 @@
   "licenseName": "MIT",
   "moduleName": "NotehubJs",
   "npmRepository": "https://registry.npmjs.org",
-  "projectVersion": "6.0.0",
+  "projectVersion": "6.0.0-beta.21",
   "sourceFolder": "src",
   "usePromises": true
 }
diff --git a/openapi.yaml b/openapi.yaml
index 866d9882..9bb720da 100644
--- a/openapi.yaml
+++ b/openapi.yaml
@@ -375,6 +375,28 @@ paths:
         - personalAccessToken: []
       tags:
         - alert
+  '/v1/projects/{projectOrProductUID}/aws-role-config':
+    get:
+      operationId: GetAWSRoleConfig
+      summary: Get AWS role configuration for role-based authentication
+      description: |
+        Returns the AWS Account ID and External ID needed to configure an IAM role
+        trust policy for role-based authentication on AWS routes.
+      parameters:
+        - $ref: '#/components/parameters/projectOrProductUIDParam'
+      responses:
+        '200':
+          description: AWS role configuration
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AWSRoleConfig'
+        default:
+          $ref: '#/components/responses/ErrorResponse'
+      security:
+        - personalAccessToken: []
+      tags:
+        - project
   '/v1/projects/{projectOrProductUID}/clone':
     post:
       operationId: CloneProject
@@ -1108,6 +1130,7 @@ paths:
         - $ref: '#/components/parameters/pageNumParam'
         - $ref: '#/components/parameters/startDateParam'
         - $ref: '#/components/parameters/endDateParam'
+        - $ref: '#/components/parameters/firstSyncParam'
       responses:
         '200':
           $ref: '#/components/responses/SessionResponse'
@@ -2925,6 +2948,14 @@ components:
       required: false
       schema:
         type: string
+    firstSyncParam:
+      description: 'When true, filters results to only show first sync sessions'
+      in: query
+      name: firstSync
+      required: false
+      schema:
+        type: boolean
+        default: false
     fleetUIDFilterQueryParam:
       description: Filter by Fleet UID
       explode: true
@@ -3323,6 +3354,19 @@ components:
       schema:
         type: string
   schemas:
+    AWSRoleConfig:
+      description: Configuration needed to set up an IAM role trust policy for role-based authentication on AWS routes
+      type: object
+      properties:
+        aws_account_id:
+          description: The Blues AWS Account ID to trust in your IAM role's trust policy
+          type: string
+        external_id:
+          description: The External ID to use in your IAM role's trust policy condition
+          type: string
+      required:
+        - aws_account_id
+        - external_id
     Alert:
       type: object
       properties:
@@ -3446,6 +3490,9 @@ components:
           type: string
         region:
           type: string
+        role_arn:
+          description: IAM Role ARN for role-based authentication via STS AssumeRole
+          type: string
         throttle_ms:
           type: integer
         timeout:
@@ -4684,6 +4731,7 @@ components:
             - less_than_or_equal_to
             - equal_to
             - not_equal_to
+            - count
         description:
           type: string
         disabled:
@@ -5738,6 +5786,11 @@ components:
         device:
           type: string
           example: 'dev:123456789012345'
+        first_sync_sessions:
+          description: Number of first sync sessions in this period
+          type: integer
+          format: int64
+          example: 2
         fleet:
           type: string
           example: 'fleet:1042ddc5-3b2c-4cec-b1fb-d3040538094d'
@@ -5760,6 +5813,7 @@ components:
       required:
         - period
         - sessions
+        - first_sync_sessions
         - total_bytes
         - total_devices
     UsageTruncatedField: