@authhero/cloudflare-adapter 2.30.1 → 2.31.1

package/dist/types/code-executor/index.d.ts

@@ -0,0 +1,106 @@
+import { CodeExecutionResult, CodeExecutor } from "@authhero/adapter-interfaces";
+/**
+ * Cloudflare Workers for Platforms dispatch namespace binding type.
+ * This is the type of `env.DISPATCHER` when configured in wrangler.toml:
+ *
+ * ```toml
+ * [[dispatch_namespaces]]
+ * binding = "DISPATCHER"
+ * namespace = "authhero-hooks"
+ * ```
+ */
+export interface DispatchNamespace {
+    get(name: string, options?: Record<string, unknown>, init?: {
+        limits?: {
+            cpuMs?: number;
+            subrequests?: number;
+        };
+    }): {
+        fetch(request: Request | string, init?: RequestInit): Promise<Response>;
+    };
+}
+export interface DispatchNamespaceCodeExecutorConfig {
+    /** Cloudflare account ID */
+    accountId: string;
+    /** API token with Workers Scripts write permission */
+    apiToken: string;
+    /** Dispatch namespace name (e.g., "authhero-hooks") */
+    dispatchNamespace: string;
+    /**
+     * Dispatch namespace binding from the worker environment.
+     * When running inside a Cloudflare Worker, pass `env.DISPATCHER`.
+     * Enables low-latency same-origin invocation.
+     */
+    dispatcher?: DispatchNamespace;
+    /**
+     * Fallback URL for invoking user workers when no dispatcher binding is available.
+     * The executor appends `/{scriptName}` to this URL.
+     * Only used when `dispatcher` is not provided.
+     */
+    dispatchUrl?: string;
+    /**
+     * Cloudflare Workers compatibility date used when deploying scripts.
+     * Defaults to "2024-11-20" if not provided.
+     */
+    compatibilityDate?: string;
+}
+/**
+ * Code executor that uses Cloudflare Workers for Platforms dispatch namespaces.
+ *
+ * User code is deployed as individual worker scripts in a dispatch namespace
+ * (via the `deploy()` method, which calls the Cloudflare API). At execution
+ * time, the pre-deployed worker is invoked via the dispatch namespace binding
+ * (in-worker) or via HTTP (external fallback).
+ *
+ * Contrast with `WorkerLoaderCodeExecutor`, which creates isolates on the fly
+ * from in-memory code via the Worker Loader binding and does not require
+ * pre-deployment.
+ *
+ * Usage:
+ * ```typescript
+ * const codeExecutor = new DispatchNamespaceCodeExecutor({
+ *   accountId: env.CF_ACCOUNT_ID,
+ *   apiToken: env.CF_API_TOKEN,
+ *   dispatchNamespace: "authhero-hooks",
+ *   dispatcher: env.DISPATCHER,
+ * });
+ *
+ * const { app } = init({ dataAdapter, codeExecutor });
+ * ```
+ */
+export declare class DispatchNamespaceCodeExecutor implements CodeExecutor {
+    private config;
+    constructor(config: DispatchNamespaceCodeExecutorConfig);
+    execute(params: {
+        code: string;
+        hookCodeId?: string;
+        triggerId: string;
+        event: Record<string, unknown>;
+        /** Wall-clock timeout (ms). Used for HTTP-based fallback invocation. */
+        timeoutMs?: number;
+        /**
+         * CPU-time limit (ms) passed to the Cloudflare dispatcher binding.
+         * Unlike timeoutMs (wall-clock), this caps only actual CPU cycles;
+         * I/O wait does not count against it. Defaults to 5 000 ms.
+         */
+        cpuLimitMs?: number;
+    }): Promise<CodeExecutionResult>;
+    /**
+     * Deploy user code as a worker to the dispatch namespace.
+     * Wraps the code in a worker template and uploads via Cloudflare API.
+     */
+    deploy(hookCodeId: string, code: string): Promise<void>;
+    /**
+     * Remove a user worker from the dispatch namespace.
+     */
+    remove(hookCodeId: string): Promise<void>;
+}
+/**
+ * @deprecated Renamed to `DispatchNamespaceCodeExecutor` to disambiguate from
+ * `WorkerLoaderCodeExecutor` (also Cloudflare-based, but using the Worker
+ * Loader binding instead of Workers for Platforms). This alias will be removed
+ * in the next major.
+ */
+export declare const CloudflareCodeExecutor: typeof DispatchNamespaceCodeExecutor;
+/** @deprecated Use `DispatchNamespaceCodeExecutorConfig`. */
+export type CloudflareCodeExecutorConfig = DispatchNamespaceCodeExecutorConfig;

package/dist/types/code-executor/worker-loader.d.ts

@@ -0,0 +1,57 @@
+import { CodeExecutionResult, CodeExecutor } from "@authhero/adapter-interfaces";
+/**
+ * Worker Loader binding type (Cloudflare Dynamic Workers).
+ * Configure in wrangler.toml:
+ *   [[worker_loaders]]
+ *   binding = "LOADER"
+ */
+interface WorkerLoader {
+    load(code: WorkerCode): WorkerStub;
+    get(id: string, callback: () => Promise<WorkerCode>): WorkerStub;
+}
+interface WorkerCode {
+    compatibilityDate: string;
+    mainModule: string;
+    modules: Record<string, string>;
+}
+interface WorkerStub {
+    getEntrypoint(): {
+        fetch(request: Request): Promise<Response>;
+    };
+}
+interface WorkerLoaderCodeExecutorOptions {
+    loader: WorkerLoader;
+    compatibilityDate?: string;
+}
+/**
+ * Cloudflare Dynamic Workers code executor (Worker Loader binding).
+ * Spins up isolated Workers on demand from in-memory code to execute
+ * user-authored hook code in a sandboxed v8 isolate.
+ *
+ * Uses `env.LOADER.get(id, callback)` to cache workers by hookCodeId + code hash,
+ * so the same code stays warm across requests while code updates get a fresh worker.
+ *
+ * User code can make outbound `fetch()` calls. The Worker Loader still provides
+ * process isolation (separate v8 isolate, no access to the parent worker's
+ * bindings or env), so this only widens the network boundary, not the host
+ * boundary. Plan: a future AI/static-analysis layer inspects action code on
+ * upload to flag exfiltration patterns before they reach the executor.
+ *
+ * Contrast with `DispatchNamespaceCodeExecutor`, which uses Workers for
+ * Platforms dispatch namespaces and requires user code to be pre-deployed
+ * as individual worker scripts via the Cloudflare API.
+ */
+export declare class WorkerLoaderCodeExecutor implements CodeExecutor {
+    private loader;
+    private compatibilityDate;
+    constructor(options: WorkerLoaderCodeExecutorOptions);
+    execute(params: {
+        code: string;
+        hookCodeId?: string;
+        triggerId: string;
+        event: Record<string, unknown>;
+        timeoutMs?: number;
+        cpuLimitMs?: number;
+    }): Promise<CodeExecutionResult>;
+}
+export {};

package/dist/types/code-executor/worker-template.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Generates a Cloudflare Worker script that wraps user-authored code.
+ *
+ * The generated worker:
+ * 1. Accepts POST requests with { triggerId, event }
+ * 2. Creates a recording API proxy that captures method calls
+ * 3. Runs the user's exported function (e.g., exports.onExecutePostLogin)
+ * 4. Returns { success, apiCalls, error, durationMs } as JSON
+ */
+export declare function generateWorkerScript(userCode: string): string;

package/dist/types/customDomains/index.d.ts

@@ -0,0 +1,3 @@
+import { CustomDomainsAdapter } from "@authhero/adapter-interfaces";
+import { CloudflareConfig } from "../types/CloudflareConfig";
+export declare function createCustomDomainsAdapter(config: CloudflareConfig): CustomDomainsAdapter;

package/dist/types/geo/index.d.ts

@@ -0,0 +1,37 @@
+import { GeoAdapter } from "@authhero/adapter-interfaces";
+/**
+ * Creates a Cloudflare geo adapter that extracts location information from
+ * Cloudflare's HTTP headers.
+ *
+ * ## Header Availability
+ *
+ * **Always available** (when IP Geolocation is enabled in Cloudflare dashboard):
+ * - `cf-ipcountry`: 2-letter ISO country code
+ *
+ * **Available with "Add visitor location headers" Managed Transform**:
+ * (Free feature in Cloudflare Rules > Transform Rules > Managed Transforms)
+ * - `cf-ipcity`: City name
+ * - `cf-ipcontinent`: 2-letter continent code
+ * - `cf-iplatitude`: Latitude coordinate
+ * - `cf-iplongitude`: Longitude coordinate
+ * - `cf-timezone`: IANA timezone identifier
+ * - `cf-region`: Region name
+ * - `cf-region-code`: Region code
+ * - `cf-metro-code`: Metro code
+ * - `cf-postal-code`: Postal code
+ *
+ * The adapter gracefully handles both scenarios - returning only country_code
+ * when the Managed Transform is not enabled, or full location data when it is.
+ *
+ * @example
+ * ```typescript
+ * import { createCloudflareGeoAdapter } from "@authhero/cloudflare-adapter";
+ *
+ * const geoAdapter = createCloudflareGeoAdapter();
+ *
+ * // In your request handler, pass the headers
+ * const headers = Object.fromEntries(request.headers);
+ * const geoInfo = await geoAdapter.getGeoInfo(headers);
+ * ```
+ */
+export declare function createCloudflareGeoAdapter(): GeoAdapter;

package/dist/types/index.d.ts

@@ -0,0 +1,31 @@
+import { CustomDomainsAdapter, CacheAdapter, LogsDataAdapter, GeoAdapter, RateLimitAdapter, AnalyticsAdapter, ActionExecutionsAdapter } from "@authhero/adapter-interfaces";
+import { type R2SQLLogsAdapterConfig } from "./r2-sql-logs";
+import { type AnalyticsEngineLogsAdapterConfig, type AnalyticsEngineDataset } from "./analytics-engine-logs";
+import { type AnalyticsEngineActionExecutionsAdapterConfig } from "./analytics-engine-action-executions";
+import { type CloudflareRateLimitBinding, type CloudflareRateLimitBindings } from "./rate-limit";
+import { CloudflareConfig } from "./types/CloudflareConfig";
+export type { R2SQLLogsAdapterConfig };
+export type { AnalyticsEngineLogsAdapterConfig, AnalyticsEngineDataset };
+export type { AnalyticsEngineActionExecutionsAdapterConfig };
+export type { CloudflareRateLimitBinding, CloudflareRateLimitBindings };
+export { createCloudflareRateLimitAdapter } from "./rate-limit";
+export type { CloudflareConfig };
+export { DispatchNamespaceCodeExecutor, type DispatchNamespaceCodeExecutorConfig, type DispatchNamespace, CloudflareCodeExecutor, type CloudflareCodeExecutorConfig, } from "./code-executor";
+export { generateWorkerScript } from "./code-executor/worker-template";
+export { WorkerLoaderCodeExecutor } from "./code-executor/worker-loader";
+export { createAnalyticsEngineLogsAdapter } from "./analytics-engine-logs";
+export { createAnalyticsEngineStatsAdapter } from "./analytics-engine-logs";
+export { createAnalyticsEngineAnalyticsAdapter } from "./analytics-engine-logs";
+export { createAnalyticsEngineActionExecutionsAdapter } from "./analytics-engine-action-executions";
+export { createR2SQLLogsAdapter } from "./r2-sql-logs";
+export { createR2SQLStatsAdapter } from "./r2-sql-logs";
+export interface CloudflareAdapters {
+    customDomains: CustomDomainsAdapter;
+    cache: CacheAdapter;
+    logs?: LogsDataAdapter;
+    analytics?: AnalyticsAdapter;
+    geo?: GeoAdapter;
+    rateLimit?: RateLimitAdapter;
+    actionExecutions?: ActionExecutionsAdapter;
+}
+export default function createAdapters(config: CloudflareConfig): CloudflareAdapters;

package/dist/types/r2-sql-logs/index.d.ts

@@ -0,0 +1,60 @@
+import { LogsDataAdapter } from "@authhero/adapter-interfaces";
+import { R2SQLLogsAdapterConfig } from "./types";
+export type { R2SQLLogsAdapterConfig };
+export { createR2SQLStatsAdapter } from "./stats";
+/**
+ * Create an R2 SQL logs adapter
+ *
+ * This adapter uses Cloudflare R2 SQL and Pipelines for storing and querying logs.
+ *
+ * For passthrough mode (syncing writes to multiple destinations), use the core
+ * `createPassthroughAdapter` utility from `@authhero/adapter-interfaces` instead.
+ *
+ * @param config Configuration for the R2 SQL adapter
+ * @returns LogsDataAdapter instance
+ *
+ * @example HTTP endpoint mode
+ * ```typescript
+ * import { createR2SQLLogsAdapter } from "@authhero/cloudflare-adapter";
+ *
+ * const adapter = createR2SQLLogsAdapter({
+ *   pipelineEndpoint: "https://your-stream-id.ingest.cloudflare.com",
+ *   authToken: process.env.R2_SQL_AUTH_TOKEN,
+ *   warehouseName: process.env.R2_WAREHOUSE_NAME,
+ * });
+ * ```
+ *
+ * @example Service binding mode (Workers)
+ * ```typescript
+ * // In wrangler.toml:
+ * // [[pipelines]]
+ * // binding = "AUTH_LOGS_STREAM"
+ * // pipeline = "your-pipeline-id"
+ *
+ * const adapter = createR2SQLLogsAdapter({
+ *   pipelineBinding: env.AUTH_LOGS_STREAM,
+ *   authToken: env.R2_SQL_AUTH_TOKEN,
+ *   warehouseName: env.R2_WAREHOUSE_NAME,
+ * });
+ * ```
+ *
+ * @example Passthrough mode (use core utility)
+ * ```typescript
+ * import { createPassthroughAdapter } from "@authhero/adapter-interfaces";
+ * import { createR2SQLLogsAdapter } from "@authhero/cloudflare-adapter";
+ *
+ * const primaryAdapter = createDatabaseLogsAdapter();
+ * const r2SqlAdapter = createR2SQLLogsAdapter({
+ *   pipelineEndpoint: "https://your-stream-id.ingest.cloudflare.com",
+ *   authToken: process.env.R2_SQL_AUTH_TOKEN,
+ *   warehouseName: process.env.R2_WAREHOUSE_NAME,
+ * });
+ *
+ * const logsAdapter = createPassthroughAdapter({
+ *   primary: primaryAdapter,
+ *   secondaries: [{ adapter: { create: r2SqlAdapter.create } }],
+ * });
+ * ```
+ */
+export declare function createR2SQLLogsAdapter(config: R2SQLLogsAdapterConfig): LogsDataAdapter;
+export default createR2SQLLogsAdapter;

package/dist/types/r2-sql-logs/list.d.ts

@@ -0,0 +1,11 @@
+import { ListParams } from "@authhero/adapter-interfaces";
+import { Log } from "@authhero/adapter-interfaces";
+import { R2SQLLogsAdapterConfig } from "./types";
+interface ListLogsResponse {
+    logs: Log[];
+    start: number;
+    limit: number;
+    length: number;
+}
+export declare function listLogs(config: R2SQLLogsAdapterConfig): (tenantId: string, params?: ListParams) => Promise<ListLogsResponse>;
+export {};

package/dist/types/r2-sql-logs/logs.d.ts

@@ -0,0 +1,8 @@
+import { Log, LogInsert } from "@authhero/adapter-interfaces";
+import { R2SQLLogsAdapterConfig } from "./types";
+/**
+ * Convert data from R2 SQL back to Log format
+ */
+export declare function formatLogFromStorage(row: Record<string, any>): Log;
+export declare function createLog(config: R2SQLLogsAdapterConfig): (tenantId: string, log: LogInsert) => Promise<Log>;
+export declare function getLogs(config: R2SQLLogsAdapterConfig): (tenantId: string, logId: string) => Promise<Log | null>;

package/dist/types/r2-sql-logs/query.d.ts

@@ -0,0 +1,13 @@
+import { R2SQLLogsAdapterConfig } from "./types";
+/**
+ * Execute a SQL query against R2 SQL
+ */
+export declare function executeR2SQLQuery(config: R2SQLLogsAdapterConfig, query: string): Promise<Record<string, any>[]>;
+/**
+ * Escape a string value for SQL
+ */
+export declare function escapeSQLString(value: string): string;
+/**
+ * Escape an identifier (table name, column name) for SQL
+ */
+export declare function escapeSQLIdentifier(identifier: string): string;

package/dist/types/r2-sql-logs/stats.d.ts

@@ -0,0 +1,8 @@
+import { StatsAdapter } from "@authhero/adapter-interfaces";
+/**
+ * Create a stats adapter for R2 SQL that returns "not supported" errors
+ *
+ * R2 SQL logs does not currently support stats queries.
+ * Use the Analytics Engine stats adapter or Kysely stats adapter instead.
+ */
+export declare function createR2SQLStatsAdapter(): StatsAdapter;

package/dist/types/r2-sql-logs/types.d.ts

@@ -0,0 +1,45 @@
+export interface R2SQLLogsAdapterConfig {
+    /**
+     * Cloudflare Pipeline HTTP endpoint URL for ingesting logs
+     * Example: "https://{stream-id}.ingest.cloudflare.com"
+     * Optional if using pipelineBinding or baseAdapter
+     */
+    pipelineEndpoint?: string;
+    /**
+     * Cloudflare Pipeline binding (for Workers)
+     * Use this instead of pipelineEndpoint when running in a Worker
+     * Pass the Pipeline object from env (e.g., env.AUTH_LOGS_STREAM)
+     * The Pipeline has a send() method for ingesting data
+     */
+    pipelineBinding?: {
+        send: (data: any) => Promise<void>;
+    };
+    /**
+     * Cloudflare account ID for R2 SQL API
+     * Required for the official API endpoint
+     * Can be passed via environment variable: CLOUDFLARE_ACCOUNT_ID
+     */
+    accountId: string;
+    /**
+     * Cloudflare R2 SQL API token for querying logs
+     * Can be passed via environment variable: R2_SQL_AUTH_TOKEN
+     */
+    authToken: string;
+    /**
+     * R2 warehouse name (e.g., "default")
+     * Can be passed via environment variable: R2_WAREHOUSE_NAME
+     */
+    warehouseName: string;
+    /**
+     * Catalog database/namespace for logs (default: "default")
+     */
+    namespace?: string;
+    /**
+     * Catalog table name for logs (default: "logs")
+     */
+    tableName?: string;
+    /**
+     * HTTP timeout in milliseconds (default: 30000)
+     */
+    timeout?: number;
+}

package/dist/types/rate-limit/index.d.ts

@@ -0,0 +1,30 @@
+import type { RateLimitAdapter, RateLimitScope } from "@authhero/adapter-interfaces";
+/**
+ * Minimal shape of the Cloudflare Workers Rate Limiter binding. We declare
+ * it locally rather than depending on `@cloudflare/workers-types` so the
+ * adapter package stays runtime-agnostic.
+ *
+ * Reference: https://developers.cloudflare.com/workers/runtime-apis/bindings/rate-limit/
+ */
+export interface CloudflareRateLimitBinding {
+    limit(options: {
+        key: string;
+    }): Promise<{
+        success: boolean;
+    }>;
+}
+/**
+ * Map of scopes to Cloudflare Workers Rate Limiter bindings. Each binding's
+ * `limit` and `period` are configured at deploy time in `wrangler.toml` and
+ * cannot be overridden per request.
+ *
+ * Workers Rate Limiter only supports `period: 10` or `period: 60` seconds —
+ * it is a short-window burst guard, not a daily cap. For Auth0-style
+ * thresholds (e.g. 100 attempts / day) see `FUTURE: Durable Object backend`
+ * below.
+ *
+ * Any scope omitted from this map results in a permissive ("allowed: true")
+ * decision so callers can configure backends incrementally.
+ */
+export type CloudflareRateLimitBindings = Partial<Record<RateLimitScope, CloudflareRateLimitBinding>>;
+export declare function createCloudflareRateLimitAdapter(bindings: CloudflareRateLimitBindings | undefined): RateLimitAdapter | undefined;

package/dist/types/types/CloudflareConfig.d.ts

@@ -0,0 +1,47 @@
+import { CustomDomainsAdapter } from "@authhero/adapter-interfaces";
+import type { R2SQLLogsAdapterConfig } from "../r2-sql-logs";
+import type { AnalyticsEngineLogsAdapterConfig } from "../analytics-engine-logs";
+import type { AnalyticsEngineActionExecutionsAdapterConfig } from "../analytics-engine-action-executions";
+import type { CloudflareRateLimitBindings } from "../rate-limit";
+export interface CloudflareConfig {
+    zoneId: string;
+    authKey: string;
+    authEmail: string;
+    enterprise?: boolean;
+    customDomainAdapter: CustomDomainsAdapter;
+    /**
+     * Cache name to use (optional, defaults to "default")
+     */
+    cacheName?: string;
+    /**
+     * Default TTL in seconds for cache entries (optional)
+     */
+    defaultTtlSeconds?: number;
+    /**
+     * Key prefix to namespace cache entries (optional)
+     */
+    keyPrefix?: string;
+    /**
+     * R2 SQL logs adapter configuration (optional)
+     * Use this for high-volume log storage with R2 Pipelines and R2 SQL
+     */
+    r2SqlLogs?: R2SQLLogsAdapterConfig;
+    /**
+     * Analytics Engine logs adapter configuration (optional)
+     * Use this for low-latency log writes with Cloudflare Analytics Engine
+     */
+    analyticsEngineLogs?: AnalyticsEngineLogsAdapterConfig;
+    /**
+     * Analytics Engine action_executions adapter configuration (optional).
+     * Stores Auth0-shaped action execution records in a dedicated AE dataset
+     * so logs and the executions they reference can both live in AE.
+     */
+    analyticsEngineActionExecutions?: AnalyticsEngineActionExecutionsAdapterConfig;
+    /**
+     * Cloudflare Workers Rate Limiter bindings, keyed by logical scope.
+     * Each binding's `limit` and `period` are baked in at deploy time; this
+     * adapter can't override them per tenant. Bindings are optional — any
+     * unconfigured scope is treated as permissive.
+     */
+    rateLimitBindings?: CloudflareRateLimitBindings;
+}

package/dist/types/types/CustomDomain.d.ts

@@ -0,0 +1,185 @@
+import { z } from "@hono/zod-openapi";
+declare const resultSchema: z.ZodObject<{
+    id: z.ZodString;
+    ssl: z.ZodObject<{
+        id: z.ZodString;
+        bundle_method: z.ZodOptional<z.ZodString>;
+        certificate_authority: z.ZodString;
+        custom_certificate: z.ZodOptional<z.ZodString>;
+        custom_csr_id: z.ZodOptional<z.ZodString>;
+        custom_key: z.ZodOptional<z.ZodString>;
+        expires_on: z.ZodOptional<z.ZodString>;
+        hosts: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        issuer: z.ZodOptional<z.ZodString>;
+        method: z.ZodString;
+        serial_number: z.ZodOptional<z.ZodString>;
+        settings: z.ZodOptional<z.ZodObject<{
+            ciphers: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            early_hints: z.ZodOptional<z.ZodString>;
+            http2: z.ZodOptional<z.ZodString>;
+            min_tls_version: z.ZodOptional<z.ZodString>;
+            tls_1_3: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>;
+        signature: z.ZodOptional<z.ZodString>;
+        type: z.ZodString;
+        uploaded_on: z.ZodOptional<z.ZodString>;
+        validation_errors: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            message: z.ZodString;
+        }, z.core.$strip>>>;
+        validation_records: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            emails: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            http_body: z.ZodOptional<z.ZodString>;
+            http_url: z.ZodOptional<z.ZodString>;
+            txt_name: z.ZodOptional<z.ZodString>;
+            txt_value: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>>;
+        wildcard: z.ZodBoolean;
+    }, z.core.$strip>;
+    hostname: z.ZodString;
+    custom_metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+    custom_origin_server: z.ZodOptional<z.ZodString>;
+    custom_origin_sni: z.ZodOptional<z.ZodString>;
+    ownership_verification: z.ZodOptional<z.ZodObject<{
+        name: z.ZodString;
+        type: z.ZodString;
+        value: z.ZodString;
+    }, z.core.$strip>>;
+    ownership_verification_http: z.ZodOptional<z.ZodObject<{
+        http_body: z.ZodOptional<z.ZodString>;
+        http_url: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>;
+    status: z.ZodString;
+    verification_errors: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    created_at: z.ZodString;
+}, z.core.$strip>;
+export type CustomDomainResult = z.infer<typeof resultSchema>;
+export declare const customDomainResponseSchema: z.ZodObject<{
+    errors: z.ZodArray<z.ZodObject<{
+        code: z.ZodNumber;
+        message: z.ZodString;
+    }, z.core.$strip>>;
+    messages: z.ZodArray<z.ZodObject<{
+        code: z.ZodNumber;
+        message: z.ZodString;
+    }, z.core.$strip>>;
+    success: z.ZodBoolean;
+    result: z.ZodObject<{
+        id: z.ZodString;
+        ssl: z.ZodObject<{
+            id: z.ZodString;
+            bundle_method: z.ZodOptional<z.ZodString>;
+            certificate_authority: z.ZodString;
+            custom_certificate: z.ZodOptional<z.ZodString>;
+            custom_csr_id: z.ZodOptional<z.ZodString>;
+            custom_key: z.ZodOptional<z.ZodString>;
+            expires_on: z.ZodOptional<z.ZodString>;
+            hosts: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            issuer: z.ZodOptional<z.ZodString>;
+            method: z.ZodString;
+            serial_number: z.ZodOptional<z.ZodString>;
+            settings: z.ZodOptional<z.ZodObject<{
+                ciphers: z.ZodOptional<z.ZodArray<z.ZodString>>;
+                early_hints: z.ZodOptional<z.ZodString>;
+                http2: z.ZodOptional<z.ZodString>;
+                min_tls_version: z.ZodOptional<z.ZodString>;
+                tls_1_3: z.ZodOptional<z.ZodString>;
+            }, z.core.$strip>>;
+            signature: z.ZodOptional<z.ZodString>;
+            type: z.ZodString;
+            uploaded_on: z.ZodOptional<z.ZodString>;
+            validation_errors: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                message: z.ZodString;
+            }, z.core.$strip>>>;
+            validation_records: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                emails: z.ZodOptional<z.ZodArray<z.ZodString>>;
+                http_body: z.ZodOptional<z.ZodString>;
+                http_url: z.ZodOptional<z.ZodString>;
+                txt_name: z.ZodOptional<z.ZodString>;
+                txt_value: z.ZodOptional<z.ZodString>;
+            }, z.core.$strip>>>;
+            wildcard: z.ZodBoolean;
+        }, z.core.$strip>;
+        hostname: z.ZodString;
+        custom_metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+        custom_origin_server: z.ZodOptional<z.ZodString>;
+        custom_origin_sni: z.ZodOptional<z.ZodString>;
+        ownership_verification: z.ZodOptional<z.ZodObject<{
+            name: z.ZodString;
+            type: z.ZodString;
+            value: z.ZodString;
+        }, z.core.$strip>>;
+        ownership_verification_http: z.ZodOptional<z.ZodObject<{
+            http_body: z.ZodOptional<z.ZodString>;
+            http_url: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>;
+        status: z.ZodString;
+        verification_errors: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        created_at: z.ZodString;
+    }, z.core.$strip>;
+}, z.core.$strip>;
+export declare const customDomainListResponseSchema: z.ZodObject<{
+    errors: z.ZodArray<z.ZodObject<{
+        code: z.ZodNumber;
+        message: z.ZodString;
+    }, z.core.$strip>>;
+    messages: z.ZodArray<z.ZodObject<{
+        code: z.ZodNumber;
+        message: z.ZodString;
+    }, z.core.$strip>>;
+    success: z.ZodBoolean;
+    result: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        ssl: z.ZodObject<{
+            id: z.ZodString;
+            bundle_method: z.ZodOptional<z.ZodString>;
+            certificate_authority: z.ZodString;
+            custom_certificate: z.ZodOptional<z.ZodString>;
+            custom_csr_id: z.ZodOptional<z.ZodString>;
+            custom_key: z.ZodOptional<z.ZodString>;
+            expires_on: z.ZodOptional<z.ZodString>;
+            hosts: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            issuer: z.ZodOptional<z.ZodString>;
+            method: z.ZodString;
+            serial_number: z.ZodOptional<z.ZodString>;
+            settings: z.ZodOptional<z.ZodObject<{
+                ciphers: z.ZodOptional<z.ZodArray<z.ZodString>>;
+                early_hints: z.ZodOptional<z.ZodString>;
+                http2: z.ZodOptional<z.ZodString>;
+                min_tls_version: z.ZodOptional<z.ZodString>;
+                tls_1_3: z.ZodOptional<z.ZodString>;
+            }, z.core.$strip>>;
+            signature: z.ZodOptional<z.ZodString>;
+            type: z.ZodString;
+            uploaded_on: z.ZodOptional<z.ZodString>;
+            validation_errors: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                message: z.ZodString;
+            }, z.core.$strip>>>;
+            validation_records: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                emails: z.ZodOptional<z.ZodArray<z.ZodString>>;
+                http_body: z.ZodOptional<z.ZodString>;
+                http_url: z.ZodOptional<z.ZodString>;
+                txt_name: z.ZodOptional<z.ZodString>;
+                txt_value: z.ZodOptional<z.ZodString>;
+            }, z.core.$strip>>>;
+            wildcard: z.ZodBoolean;
+        }, z.core.$strip>;
+        hostname: z.ZodString;
+        custom_metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+        custom_origin_server: z.ZodOptional<z.ZodString>;
+        custom_origin_sni: z.ZodOptional<z.ZodString>;
+        ownership_verification: z.ZodOptional<z.ZodObject<{
+            name: z.ZodString;
+            type: z.ZodString;
+            value: z.ZodString;
+        }, z.core.$strip>>;
+        ownership_verification_http: z.ZodOptional<z.ZodObject<{
+            http_body: z.ZodOptional<z.ZodString>;
+            http_url: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>;
+        status: z.ZodString;
+        verification_errors: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        created_at: z.ZodString;
+    }, z.core.$strip>>;
+}, z.core.$strip>;
+export type CustomDomainResponse = z.infer<typeof customDomainResponseSchema>;
+export {};