@cloudflare/workers-types 4.20260617.1 → 4.20260620.1

package/2023-03-01/index.d.ts

@@ -477,7 +477,8 @@ interface ExecutionContext<Props = unknown> {
   passThroughOnException(): void;
   readonly props: Props;
   cache?: CacheContext;
-  tracing?: Tracing;
+  readonly access?: CloudflareAccessContext;
+  tracing: Tracing;
 }
 type ExportedHandlerFetchHandler<
   Env = unknown,
@@ -576,6 +577,10 @@ interface CachePurgeOptions {
 interface CacheContext {
   purge(options: CachePurgeOptions): Promise<CachePurgeResult>;
 }
+interface CloudflareAccessContext {
+  readonly aud: string;
+  getIdentity(): Promise<CloudflareAccessIdentity | undefined>;
+}
 declare abstract class ColoLocalActorNamespace {
   get(actorId: string): Fetcher;
 }
@@ -641,6 +646,8 @@ type DurableObjectLocationHint =
   | "weur"
   | "eeur"
   | "apac"
+  | "apac-ne"
+  | "apac-se"
   | "oc"
   | "afr"
   | "me";
@@ -782,6 +789,7 @@ interface DurableObjectFacets {
   ): Fetcher<T>;
   abort(name: string, reason: any): void;
   delete(name: string): void;
+  clone(src: string, dst: string): void;
 }
 interface FacetStartupOptions<
   T extends Rpc.DurableObjectBranded | undefined = undefined,
@@ -3836,6 +3844,28 @@ interface EventSourceEventSourceInit {
   withCredentials?: boolean;
   fetcher?: Fetcher;
 }
+interface ExecOutput {
+  readonly stdout: ArrayBuffer;
+  readonly stderr: ArrayBuffer;
+  readonly exitCode: number;
+}
+interface ContainerExecOptions {
+  cwd?: string;
+  env?: Record<string, string>;
+  user?: string;
+  stdin?: ReadableStream | "pipe";
+  stdout?: "pipe" | "ignore";
+  stderr?: "pipe" | "ignore" | "combined";
+}
+interface ExecProcess {
+  readonly stdin: WritableStream | null;
+  readonly stdout: ReadableStream | null;
+  readonly stderr: ReadableStream | null;
+  readonly pid: number;
+  readonly exitCode: Promise<number>;
+  output(): Promise<ExecOutput>;
+  kill(signal?: number): void;
+}
 interface Container {
   get running(): boolean;
   start(options?: ContainerStartupOptions): void;
@@ -3853,6 +3883,7 @@ interface Container {
     options: ContainerSnapshotOptions,
   ): Promise<ContainerSnapshot>;
   interceptOutboundHttps(addr: string, binding: Fetcher): Promise<void>;
+  exec(cmd: string[], options?: ContainerExecOptions): Promise<ExecProcess>;
 }
 interface ContainerDirectorySnapshot {
   id: string;
@@ -4027,11 +4058,62 @@ interface Tracing {
     callback: (span: Span, ...args: A) => T,
     ...args: A
   ): T;
+  startActiveSpan<T, A extends unknown[]>(
+    name: string,
+    callback: (span: Span, ...args: A) => T,
+    ...args: A
+  ): T;
   Span: typeof Span;
 }
 declare abstract class Span {
   get isTraced(): boolean;
   setAttribute(key: string, value?: boolean | number | string): void;
+  end(): void;
+}
+/**
+ * Represents the identity of a user authenticated via Cloudflare Access.
+ * This matches the result of calling /cdn-cgi/access/get-identity.
+ *
+ * The exact structure of the returned object depends on the identity provider
+ * configuration for the Access application. The fields below represent commonly
+ * available properties, but additional provider-specific fields may be present.
+ */
+interface CloudflareAccessIdentity extends Record<string, unknown> {
+  /** The user's email address, if available from the identity provider. */
+  email?: string;
+  /** The user's display name. */
+  name?: string;
+  /** The user's unique identifier. */
+  user_uuid?: string;
+  /** The Cloudflare account ID. */
+  account_id?: string;
+  /** Login timestamp (Unix epoch seconds). */
+  iat?: number;
+  /** The user's IP address at authentication time. */
+  ip?: string;
+  /** Authentication methods used (e.g., "pwd"). */
+  amr?: string[];
+  /** Identity provider information. */
+  idp?: {
+    id: string;
+    type: string;
+  };
+  /** Geographic information about where the user authenticated. */
+  geo?: {
+    country: string;
+  };
+  /** Group memberships from the identity provider. */
+  groups?: Array<{
+    id: string;
+    name: string;
+    email?: string;
+  }>;
+  /** Device posture check results, keyed by check ID. */
+  devicePosture?: Record<string, unknown>;
+  /** True if the user connected via Cloudflare WARP. */
+  is_warp?: boolean;
+  /** True if the user is authenticated via Cloudflare Gateway. */
+  is_gateway?: boolean;
 }
 // ============================================================================
 // Agent Memory
@@ -12257,6 +12339,17 @@ interface RequestInitCfProperties extends Record<string, unknown> {
   cacheReserveMinimumFileSize?: number;
   scrapeShield?: boolean;
   apps?: boolean;
+  /**
+   * Controls whether an outbound gRPC-web subrequest from this Worker is
+   * converted to gRPC at the Cloudflare edge.
+   *
+   * - `"passthrough"`: forward the subrequest unchanged as gRPC-web (default).
+   * - `"convert"`: convert the gRPC-web subrequest to gRPC at the edge.
+   *
+   * Provides per-request control over the same edge conversion behavior
+   * gated by the `auto_grpc_convert` compatibility flag.
+   */
+  grpcWeb?: "passthrough" | "convert";
   image?: RequestInitCfPropertiesImage;
   minify?: RequestInitCfPropertiesImageMinify;
   mirage?: boolean;
@@ -15544,7 +15637,8 @@ declare namespace TailStream {
     | "loadShed"
     | "responseStreamDisconnected"
     | "scriptNotFound"
-    | "internalError";
+    | "internalError"
+    | "exceededWallTime";
   interface ScriptVersion {
     readonly id: string;
     readonly tag?: string;

package/2023-03-01/index.ts

@@ -479,7 +479,8 @@ export interface ExecutionContext<Props = unknown> {
   passThroughOnException(): void;
   readonly props: Props;
   cache?: CacheContext;
-  tracing?: Tracing;
+  readonly access?: CloudflareAccessContext;
+  tracing: Tracing;
 }
 export type ExportedHandlerFetchHandler<
   Env = unknown,
@@ -578,6 +579,10 @@ export interface CachePurgeOptions {
 export interface CacheContext {
   purge(options: CachePurgeOptions): Promise<CachePurgeResult>;
 }
+export interface CloudflareAccessContext {
+  readonly aud: string;
+  getIdentity(): Promise<CloudflareAccessIdentity | undefined>;
+}
 export declare abstract class ColoLocalActorNamespace {
   get(actorId: string): Fetcher;
 }
@@ -643,6 +648,8 @@ export type DurableObjectLocationHint =
   | "weur"
   | "eeur"
   | "apac"
+  | "apac-ne"
+  | "apac-se"
   | "oc"
   | "afr"
   | "me";
@@ -784,6 +791,7 @@ export interface DurableObjectFacets {
   ): Fetcher<T>;
   abort(name: string, reason: any): void;
   delete(name: string): void;
+  clone(src: string, dst: string): void;
 }
 export interface FacetStartupOptions<
   T extends Rpc.DurableObjectBranded | undefined = undefined,
@@ -3842,6 +3850,28 @@ export interface EventSourceEventSourceInit {
   withCredentials?: boolean;
   fetcher?: Fetcher;
 }
+export interface ExecOutput {
+  readonly stdout: ArrayBuffer;
+  readonly stderr: ArrayBuffer;
+  readonly exitCode: number;
+}
+export interface ContainerExecOptions {
+  cwd?: string;
+  env?: Record<string, string>;
+  user?: string;
+  stdin?: ReadableStream | "pipe";
+  stdout?: "pipe" | "ignore";
+  stderr?: "pipe" | "ignore" | "combined";
+}
+export interface ExecProcess {
+  readonly stdin: WritableStream | null;
+  readonly stdout: ReadableStream | null;
+  readonly stderr: ReadableStream | null;
+  readonly pid: number;
+  readonly exitCode: Promise<number>;
+  output(): Promise<ExecOutput>;
+  kill(signal?: number): void;
+}
 export interface Container {
   get running(): boolean;
   start(options?: ContainerStartupOptions): void;
@@ -3859,6 +3889,7 @@ export interface Container {
     options: ContainerSnapshotOptions,
   ): Promise<ContainerSnapshot>;
   interceptOutboundHttps(addr: string, binding: Fetcher): Promise<void>;
+  exec(cmd: string[], options?: ContainerExecOptions): Promise<ExecProcess>;
 }
 export interface ContainerDirectorySnapshot {
   id: string;
@@ -4033,11 +4064,62 @@ export interface Tracing {
     callback: (span: Span, ...args: A) => T,
     ...args: A
   ): T;
+  startActiveSpan<T, A extends unknown[]>(
+    name: string,
+    callback: (span: Span, ...args: A) => T,
+    ...args: A
+  ): T;
   Span: typeof Span;
 }
 export declare abstract class Span {
   get isTraced(): boolean;
   setAttribute(key: string, value?: boolean | number | string): void;
+  end(): void;
+}
+/**
+ * Represents the identity of a user authenticated via Cloudflare Access.
+ * This matches the result of calling /cdn-cgi/access/get-identity.
+ *
+ * The exact structure of the returned object depends on the identity provider
+ * configuration for the Access application. The fields below represent commonly
+ * available properties, but additional provider-specific fields may be present.
+ */
+export interface CloudflareAccessIdentity extends Record<string, unknown> {
+  /** The user's email address, if available from the identity provider. */
+  email?: string;
+  /** The user's display name. */
+  name?: string;
+  /** The user's unique identifier. */
+  user_uuid?: string;
+  /** The Cloudflare account ID. */
+  account_id?: string;
+  /** Login timestamp (Unix epoch seconds). */
+  iat?: number;
+  /** The user's IP address at authentication time. */
+  ip?: string;
+  /** Authentication methods used (e.g., "pwd"). */
+  amr?: string[];
+  /** Identity provider information. */
+  idp?: {
+    id: string;
+    type: string;
+  };
+  /** Geographic information about where the user authenticated. */
+  geo?: {
+    country: string;
+  };
+  /** Group memberships from the identity provider. */
+  groups?: Array<{
+    id: string;
+    name: string;
+    email?: string;
+  }>;
+  /** Device posture check results, keyed by check ID. */
+  devicePosture?: Record<string, unknown>;
+  /** True if the user connected via Cloudflare WARP. */
+  is_warp?: boolean;
+  /** True if the user is authenticated via Cloudflare Gateway. */
+  is_gateway?: boolean;
 }
 // ============================================================================
 // Agent Memory
@@ -12269,6 +12351,17 @@ export interface RequestInitCfProperties extends Record<string, unknown> {
   cacheReserveMinimumFileSize?: number;
   scrapeShield?: boolean;
   apps?: boolean;
+  /**
+   * Controls whether an outbound gRPC-web subrequest from this Worker is
+   * converted to gRPC at the Cloudflare edge.
+   *
+   * - `"passthrough"`: forward the subrequest unchanged as gRPC-web (default).
+   * - `"convert"`: convert the gRPC-web subrequest to gRPC at the edge.
+   *
+   * Provides per-request control over the same edge conversion behavior
+   * gated by the `auto_grpc_convert` compatibility flag.
+   */
+  grpcWeb?: "passthrough" | "convert";
   image?: RequestInitCfPropertiesImage;
   minify?: RequestInitCfPropertiesImageMinify;
   mirage?: boolean;
@@ -15505,7 +15598,8 @@ export declare namespace TailStream {
     | "loadShed"
     | "responseStreamDisconnected"
     | "scriptNotFound"
-    | "internalError";
+    | "internalError"
+    | "exceededWallTime";
   interface ScriptVersion {
     readonly id: string;
     readonly tag?: string;

package/2023-07-01/index.d.ts

@@ -477,7 +477,8 @@ interface ExecutionContext<Props = unknown> {
   passThroughOnException(): void;
   readonly props: Props;
   cache?: CacheContext;
-  tracing?: Tracing;
+  readonly access?: CloudflareAccessContext;
+  tracing: Tracing;
 }
 type ExportedHandlerFetchHandler<
   Env = unknown,
@@ -576,6 +577,10 @@ interface CachePurgeOptions {
 interface CacheContext {
   purge(options: CachePurgeOptions): Promise<CachePurgeResult>;
 }
+interface CloudflareAccessContext {
+  readonly aud: string;
+  getIdentity(): Promise<CloudflareAccessIdentity | undefined>;
+}
 declare abstract class ColoLocalActorNamespace {
   get(actorId: string): Fetcher;
 }
@@ -641,6 +646,8 @@ type DurableObjectLocationHint =
   | "weur"
   | "eeur"
   | "apac"
+  | "apac-ne"
+  | "apac-se"
   | "oc"
   | "afr"
   | "me";
@@ -782,6 +789,7 @@ interface DurableObjectFacets {
   ): Fetcher<T>;
   abort(name: string, reason: any): void;
   delete(name: string): void;
+  clone(src: string, dst: string): void;
 }
 interface FacetStartupOptions<
   T extends Rpc.DurableObjectBranded | undefined = undefined,
@@ -3836,6 +3844,28 @@ interface EventSourceEventSourceInit {
   withCredentials?: boolean;
   fetcher?: Fetcher;
 }
+interface ExecOutput {
+  readonly stdout: ArrayBuffer;
+  readonly stderr: ArrayBuffer;
+  readonly exitCode: number;
+}
+interface ContainerExecOptions {
+  cwd?: string;
+  env?: Record<string, string>;
+  user?: string;
+  stdin?: ReadableStream | "pipe";
+  stdout?: "pipe" | "ignore";
+  stderr?: "pipe" | "ignore" | "combined";
+}
+interface ExecProcess {
+  readonly stdin: WritableStream | null;
+  readonly stdout: ReadableStream | null;
+  readonly stderr: ReadableStream | null;
+  readonly pid: number;
+  readonly exitCode: Promise<number>;
+  output(): Promise<ExecOutput>;
+  kill(signal?: number): void;
+}
 interface Container {
   get running(): boolean;
   start(options?: ContainerStartupOptions): void;
@@ -3853,6 +3883,7 @@ interface Container {
     options: ContainerSnapshotOptions,
   ): Promise<ContainerSnapshot>;
   interceptOutboundHttps(addr: string, binding: Fetcher): Promise<void>;
+  exec(cmd: string[], options?: ContainerExecOptions): Promise<ExecProcess>;
 }
 interface ContainerDirectorySnapshot {
   id: string;
@@ -4027,11 +4058,62 @@ interface Tracing {
     callback: (span: Span, ...args: A) => T,
     ...args: A
   ): T;
+  startActiveSpan<T, A extends unknown[]>(
+    name: string,
+    callback: (span: Span, ...args: A) => T,
+    ...args: A
+  ): T;
   Span: typeof Span;
 }
 declare abstract class Span {
   get isTraced(): boolean;
   setAttribute(key: string, value?: boolean | number | string): void;
+  end(): void;
+}
+/**
+ * Represents the identity of a user authenticated via Cloudflare Access.
+ * This matches the result of calling /cdn-cgi/access/get-identity.
+ *
+ * The exact structure of the returned object depends on the identity provider
+ * configuration for the Access application. The fields below represent commonly
+ * available properties, but additional provider-specific fields may be present.
+ */
+interface CloudflareAccessIdentity extends Record<string, unknown> {
+  /** The user's email address, if available from the identity provider. */
+  email?: string;
+  /** The user's display name. */
+  name?: string;
+  /** The user's unique identifier. */
+  user_uuid?: string;
+  /** The Cloudflare account ID. */
+  account_id?: string;
+  /** Login timestamp (Unix epoch seconds). */
+  iat?: number;
+  /** The user's IP address at authentication time. */
+  ip?: string;
+  /** Authentication methods used (e.g., "pwd"). */
+  amr?: string[];
+  /** Identity provider information. */
+  idp?: {
+    id: string;
+    type: string;
+  };
+  /** Geographic information about where the user authenticated. */
+  geo?: {
+    country: string;
+  };
+  /** Group memberships from the identity provider. */
+  groups?: Array<{
+    id: string;
+    name: string;
+    email?: string;
+  }>;
+  /** Device posture check results, keyed by check ID. */
+  devicePosture?: Record<string, unknown>;
+  /** True if the user connected via Cloudflare WARP. */
+  is_warp?: boolean;
+  /** True if the user is authenticated via Cloudflare Gateway. */
+  is_gateway?: boolean;
 }
 // ============================================================================
 // Agent Memory
@@ -12257,6 +12339,17 @@ interface RequestInitCfProperties extends Record<string, unknown> {
   cacheReserveMinimumFileSize?: number;
   scrapeShield?: boolean;
   apps?: boolean;
+  /**
+   * Controls whether an outbound gRPC-web subrequest from this Worker is
+   * converted to gRPC at the Cloudflare edge.
+   *
+   * - `"passthrough"`: forward the subrequest unchanged as gRPC-web (default).
+   * - `"convert"`: convert the gRPC-web subrequest to gRPC at the edge.
+   *
+   * Provides per-request control over the same edge conversion behavior
+   * gated by the `auto_grpc_convert` compatibility flag.
+   */
+  grpcWeb?: "passthrough" | "convert";
   image?: RequestInitCfPropertiesImage;
   minify?: RequestInitCfPropertiesImageMinify;
   mirage?: boolean;
@@ -15544,7 +15637,8 @@ declare namespace TailStream {
     | "loadShed"
     | "responseStreamDisconnected"
     | "scriptNotFound"
-    | "internalError";
+    | "internalError"
+    | "exceededWallTime";
   interface ScriptVersion {
     readonly id: string;
     readonly tag?: string;

package/2023-07-01/index.ts

@@ -479,7 +479,8 @@ export interface ExecutionContext<Props = unknown> {
   passThroughOnException(): void;
   readonly props: Props;
   cache?: CacheContext;
-  tracing?: Tracing;
+  readonly access?: CloudflareAccessContext;
+  tracing: Tracing;
 }
 export type ExportedHandlerFetchHandler<
   Env = unknown,
@@ -578,6 +579,10 @@ export interface CachePurgeOptions {
 export interface CacheContext {
   purge(options: CachePurgeOptions): Promise<CachePurgeResult>;
 }
+export interface CloudflareAccessContext {
+  readonly aud: string;
+  getIdentity(): Promise<CloudflareAccessIdentity | undefined>;
+}
 export declare abstract class ColoLocalActorNamespace {
   get(actorId: string): Fetcher;
 }
@@ -643,6 +648,8 @@ export type DurableObjectLocationHint =
   | "weur"
   | "eeur"
   | "apac"
+  | "apac-ne"
+  | "apac-se"
   | "oc"
   | "afr"
   | "me";
@@ -784,6 +791,7 @@ export interface DurableObjectFacets {
   ): Fetcher<T>;
   abort(name: string, reason: any): void;
   delete(name: string): void;
+  clone(src: string, dst: string): void;
 }
 export interface FacetStartupOptions<
   T extends Rpc.DurableObjectBranded | undefined = undefined,
@@ -3842,6 +3850,28 @@ export interface EventSourceEventSourceInit {
   withCredentials?: boolean;
   fetcher?: Fetcher;
 }
+export interface ExecOutput {
+  readonly stdout: ArrayBuffer;
+  readonly stderr: ArrayBuffer;
+  readonly exitCode: number;
+}
+export interface ContainerExecOptions {
+  cwd?: string;
+  env?: Record<string, string>;
+  user?: string;
+  stdin?: ReadableStream | "pipe";
+  stdout?: "pipe" | "ignore";
+  stderr?: "pipe" | "ignore" | "combined";
+}
+export interface ExecProcess {
+  readonly stdin: WritableStream | null;
+  readonly stdout: ReadableStream | null;
+  readonly stderr: ReadableStream | null;
+  readonly pid: number;
+  readonly exitCode: Promise<number>;
+  output(): Promise<ExecOutput>;
+  kill(signal?: number): void;
+}
 export interface Container {
   get running(): boolean;
   start(options?: ContainerStartupOptions): void;
@@ -3859,6 +3889,7 @@ export interface Container {
     options: ContainerSnapshotOptions,
   ): Promise<ContainerSnapshot>;
   interceptOutboundHttps(addr: string, binding: Fetcher): Promise<void>;
+  exec(cmd: string[], options?: ContainerExecOptions): Promise<ExecProcess>;
 }
 export interface ContainerDirectorySnapshot {
   id: string;
@@ -4033,11 +4064,62 @@ export interface Tracing {
     callback: (span: Span, ...args: A) => T,
     ...args: A
   ): T;
+  startActiveSpan<T, A extends unknown[]>(
+    name: string,
+    callback: (span: Span, ...args: A) => T,
+    ...args: A
+  ): T;
   Span: typeof Span;
 }
 export declare abstract class Span {
   get isTraced(): boolean;
   setAttribute(key: string, value?: boolean | number | string): void;
+  end(): void;
+}
+/**
+ * Represents the identity of a user authenticated via Cloudflare Access.
+ * This matches the result of calling /cdn-cgi/access/get-identity.
+ *
+ * The exact structure of the returned object depends on the identity provider
+ * configuration for the Access application. The fields below represent commonly
+ * available properties, but additional provider-specific fields may be present.
+ */
+export interface CloudflareAccessIdentity extends Record<string, unknown> {
+  /** The user's email address, if available from the identity provider. */
+  email?: string;
+  /** The user's display name. */
+  name?: string;
+  /** The user's unique identifier. */
+  user_uuid?: string;
+  /** The Cloudflare account ID. */
+  account_id?: string;
+  /** Login timestamp (Unix epoch seconds). */
+  iat?: number;
+  /** The user's IP address at authentication time. */
+  ip?: string;
+  /** Authentication methods used (e.g., "pwd"). */
+  amr?: string[];
+  /** Identity provider information. */
+  idp?: {
+    id: string;
+    type: string;
+  };
+  /** Geographic information about where the user authenticated. */
+  geo?: {
+    country: string;
+  };
+  /** Group memberships from the identity provider. */
+  groups?: Array<{
+    id: string;
+    name: string;
+    email?: string;
+  }>;
+  /** Device posture check results, keyed by check ID. */
+  devicePosture?: Record<string, unknown>;
+  /** True if the user connected via Cloudflare WARP. */
+  is_warp?: boolean;
+  /** True if the user is authenticated via Cloudflare Gateway. */
+  is_gateway?: boolean;
 }
 // ============================================================================
 // Agent Memory
@@ -12269,6 +12351,17 @@ export interface RequestInitCfProperties extends Record<string, unknown> {
   cacheReserveMinimumFileSize?: number;
   scrapeShield?: boolean;
   apps?: boolean;
+  /**
+   * Controls whether an outbound gRPC-web subrequest from this Worker is
+   * converted to gRPC at the Cloudflare edge.
+   *
+   * - `"passthrough"`: forward the subrequest unchanged as gRPC-web (default).
+   * - `"convert"`: convert the gRPC-web subrequest to gRPC at the edge.
+   *
+   * Provides per-request control over the same edge conversion behavior
+   * gated by the `auto_grpc_convert` compatibility flag.
+   */
+  grpcWeb?: "passthrough" | "convert";
   image?: RequestInitCfPropertiesImage;
   minify?: RequestInitCfPropertiesImageMinify;
   mirage?: boolean;
@@ -15505,7 +15598,8 @@ export declare namespace TailStream {
     | "loadShed"
     | "responseStreamDisconnected"
     | "scriptNotFound"
-    | "internalError";
+    | "internalError"
+    | "exceededWallTime";
   interface ScriptVersion {
     readonly id: string;
     readonly tag?: string;