@epilot/integration-toolkit-client 1.0.4 → 1.1.1

package/dist/openapi.d.ts

@@ -296,10 +296,10 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
+             * URL-safe identifier for the use case. Required for explicit creates so every use case has a portable cross-environment identifier. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
              *
              */
-            slug?: string; // ^[a-z0-9][a-z0-9_-]*$
+            slug: string; // ^[a-z0-9][a-z0-9_-]*$
             /**
              * Whether the use case is enabled
              */
@@ -324,10 +324,10 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
+             * URL-safe identifier for the use case. Required for explicit creates so every use case has a portable cross-environment identifier. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
              *
              */
-            slug?: string; // ^[a-z0-9][a-z0-9_-]*$
+            slug: string; // ^[a-z0-9][a-z0-9_-]*$
             /**
              * Whether the use case is enabled
              */
@@ -381,10 +381,10 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
+             * URL-safe identifier for the use case. Required for explicit creates so every use case has a portable cross-environment identifier. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
              *
              */
-            slug?: string; // ^[a-z0-9][a-z0-9_-]*$
+            slug: string; // ^[a-z0-9][a-z0-9_-]*$
             /**
              * Whether the use case is enabled
              */
@@ -401,10 +401,10 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
+             * URL-safe identifier for the use case. Required for explicit creates so every use case has a portable cross-environment identifier. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
              *
              */
-            slug?: string; // ^[a-z0-9][a-z0-9_-]*$
+            slug: string; // ^[a-z0-9][a-z0-9_-]*$
             /**
              * Whether the use case is enabled
              */
@@ -421,10 +421,10 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
+             * URL-safe identifier for the use case. Required for explicit creates so every use case has a portable cross-environment identifier. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
              *
              */
-            slug?: string; // ^[a-z0-9][a-z0-9_-]*$
+            slug: string; // ^[a-z0-9][a-z0-9_-]*$
             /**
              * Whether the use case is enabled
              */
@@ -446,10 +446,10 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
+             * URL-safe identifier for the use case. Required for explicit creates so every use case has a portable cross-environment identifier. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
              *
              */
-            slug?: string; // ^[a-z0-9][a-z0-9_-]*$
+            slug: string; // ^[a-z0-9][a-z0-9_-]*$
             /**
              * Whether the use case is enabled
              */
@@ -500,7 +500,7 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation.
+             * URL-safe identifier for the use case. Optional on this upsert/sync endpoint — when omitted, the server derives one from the name and ensures uniqueness within the integration. Immutable after creation.
              *
              */
             slug?: string; // ^[a-z0-9][a-z0-9_-]*$
@@ -540,7 +540,7 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation.
+             * URL-safe identifier for the use case. Optional on this upsert/sync endpoint — when omitted, the server derives one from the name and ensures uniqueness within the integration. Immutable after creation.
              *
              */
             slug?: string; // ^[a-z0-9][a-z0-9_-]*$
@@ -572,7 +572,7 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation.
+             * URL-safe identifier for the use case. Optional on this upsert/sync endpoint — when omitted, the server derives one from the name and ensures uniqueness within the integration. Immutable after creation.
              *
              */
             slug?: string; // ^[a-z0-9][a-z0-9_-]*$
@@ -604,7 +604,7 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation.
+             * URL-safe identifier for the use case. Optional on this upsert/sync endpoint — when omitted, the server derives one from the name and ensures uniqueness within the integration. Immutable after creation.
              *
              */
             slug?: string; // ^[a-z0-9][a-z0-9_-]*$
@@ -636,7 +636,7 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation.
+             * URL-safe identifier for the use case. Optional on this upsert/sync endpoint — when omitted, the server derives one from the name and ensures uniqueness within the integration. Immutable after creation.
              *
              */
             slug?: string; // ^[a-z0-9][a-z0-9_-]*$
@@ -673,7 +673,7 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation.
+             * URL-safe identifier for the use case. Optional on this upsert/sync endpoint — when omitted, the server derives one from the name and ensures uniqueness within the integration. Immutable after creation.
              *
              */
             slug?: string; // ^[a-z0-9][a-z0-9_-]*$
@@ -704,6 +704,43 @@ declare namespace Components {
                 [name: string]: any;
             };
         }
+        /**
+         * Resolves to an org-scoped environment variable from the epilot environments-api service at runtime, replacing hard-coded environment-specific values (URLs, prefixes, identifiers) in inbound mappings. Secrets (`SecretString` values) are never exposed; the runtime treats both "missing key" and "secret-typed key" as identical `undefined` outcomes (no info disclosure via error code). For secret-resolving contexts (e.g. authorization headers in managed-call or file-proxy step configurations), use the templated `{{ env.<key> }}` syntax instead — that mechanism does decrypt secrets.
+         *
+         */
+        export type EnvVarRefConfig = /**
+         * Resolves to an org-scoped environment variable from the epilot environments-api service at runtime, replacing hard-coded environment-specific values (URLs, prefixes, identifiers) in inbound mappings. Secrets (`SecretString` values) are never exposed; the runtime treats both "missing key" and "secret-typed key" as identical `undefined` outcomes (no info disclosure via error code). For secret-resolving contexts (e.g. authorization headers in managed-call or file-proxy step configurations), use the templated `{{ env.<key> }}` syntax instead — that mechanism does decrypt secrets.
+         *
+         */
+        {
+            /**
+             * Environment variable key. Must match the environments-api key contract (lowercase, digits, `_`, `.`, `-`; max 128 chars; starts with a lowercase letter or digit). Supports dot-namespaced keys like `erp_api.base_url`.
+             *
+             */
+            key: string; // ^[a-z0-9][a-z0-9_.-]{0,127}$
+            /**
+             * Literal string returned when the key is missing (or is a secret). When provided, the `ENV_VAR_REF_NOT_FOUND` warning is suppressed because the author signalled the absence is expected.
+             *
+             */
+            default?: string;
+            /**
+             * `value` returns the resolved env-var string as-is.
+             *
+             */
+            return?: "value";
+        } | {
+            key: string; // ^[a-z0-9][a-z0-9_.-]{0,127}$
+            default?: string;
+            /**
+             * Evaluate the sibling `jsonataExpression` against the resolved env-var value (the input `$` is the string value).
+             *
+             */
+            return: "jsonata";
+            /**
+             * JSONata expression evaluated against the resolved env-var value.
+             */
+            jsonataExpression: string;
+        };
         export interface EnvironmentFieldConfig {
             /**
              * Environment variable key, used to look up the value in the Environments API.
@@ -760,6 +797,11 @@ declare namespace Components {
              * evt-2025-05-01-12345-create-bp
              */
             deduplication_id?: string; // ^[a-zA-Z0-9_-]+$
+            /**
+             * Resolved use case ID for the inbound event. Null when no use case matched or for events ingested before this field was introduced. Server-populated only — ignored if supplied on inbound requests.
+             *
+             */
+            use_case_id?: string | null;
         }
         export type ErpEventV3 = {
             /**
@@ -880,14 +922,28 @@ declare namespace Components {
              */
             correlation_id?: string;
             /**
-             * Optional override for the stage 1 FIFO message group ID used when queuing
-             * the events for processing. Defaults to `INTEGRATION#<hash(integration_id)>`,
-             * which strictly serializes all events from one integration. Provide a
-             * finer-grained value (e.g. including a use case slug or a payload-derived key)
-             * to pin related events to the same group while letting unrelated events process
-             * in parallel. Downstream stage 2 still serializes per-entity via its own
-             * message group ID.
+             * Controls ordering and parallelism for this request's events.
+             *
+             * By default, all events for a given `integration_id` are processed
+             * **strictly in order, one at a time**. For high-volume integrations this
+             * can become a throughput bottleneck.
              *
+             * Set `group_id` to opt into **parallel processing**:
+             * - Events sharing the same `group_id` are processed in the order received.
+             * - Events with different `group_id` values are processed in parallel.
+             *
+             * Typical usage is to derive `group_id` from a logical partition key in
+             * your payload — for example the customer ID, contract ID, or meter ID —
+             * so updates to the same business object remain ordered while unrelated
+             * objects are processed concurrently.
+             *
+             * Notes:
+             * - Up to 20 groups per integration are processed concurrently. Using
+             *   more distinct values than that yields no additional parallelism.
+             * - Omit this field if strict per-integration ordering is required.
+             *
+             * example:
+             * customer-42
              */
             group_id?: string;
             /**
@@ -1142,6 +1198,10 @@ declare namespace Components {
              * Additional use-case-specific parameters expected in the download URL query string (beyond the required orgId, integrationId, and useCaseSlug or useCaseId)
              */
             params?: FileProxyParam[];
+            /**
+             * Additional origins permitted to call /download for this use case (CORS, exact match). Portal origins are always allowed.
+             */
+            allowed_origins?: string /* uri ^https?:// */[];
             /**
              * Ordered list of HTTP steps to execute to retrieve the file
              */
@@ -1180,6 +1240,10 @@ declare namespace Components {
              * Description of the change that was made at this point in history
              */
             change_description?: string;
+            /**
+             * User ID of the user who made the change that produced this history entry
+             */
+            changed_by?: string;
             /**
              * ISO-8601 timestamp when the use case was originally created
              */
@@ -1516,6 +1580,10 @@ declare namespace Components {
              * Description of the change that was made at this point in history
              */
             change_description?: string;
+            /**
+             * User ID of the user who made the change that produced this history entry
+             */
+            changed_by?: string;
             /**
              * ISO-8601 timestamp when the use case was originally created
              */
@@ -1740,6 +1808,16 @@ declare namespace Components {
              *
              */
             FileProxyUrlConfig;
+            portal_ref?: /**
+             * Resolves to a property of one of the calling organization's epilot portal configurations at runtime, replacing hard-coded environment-specific portal UUIDs in inbound mappings. Matched portals are sorted ascending by `(_created_at, portal_id)`; portals without `_created_at` sort first (treated as oldest). When `select: "single"` matches more than one portal, the resolver still returns the oldest match and emits a `PORTAL_REF_AMBIGUOUS` warning.
+             *
+             */
+            PortalRefConfig;
+            env_var_ref?: /**
+             * Resolves to an org-scoped environment variable from the epilot environments-api service at runtime, replacing hard-coded environment-specific values (URLs, prefixes, identifiers) in inbound mappings. Secrets (`SecretString` values) are never exposed; the runtime treats both "missing key" and "secret-typed key" as identical `undefined` outcomes (no info disclosure via error code). For secret-resolving contexts (e.g. authorization headers in managed-call or file-proxy step configurations), use the templated `{{ env.<key> }}` syntax instead — that mechanism does decrypt secrets.
+             *
+             */
+            EnvVarRefConfig;
         }
         export interface IntegrationFieldV1 {
             /**
@@ -2098,6 +2176,10 @@ declare namespace Components {
              * Description of the change that was made at this point in history
              */
             change_description?: string;
+            /**
+             * User ID of the user who made the change that produced this history entry
+             */
+            changed_by?: string;
             /**
              * ISO-8601 timestamp when the use case was originally created
              */
@@ -2212,7 +2294,7 @@ declare namespace Components {
                 };
             };
             /**
-             * Meter reading attributes. Required: external_id, timestamp, source, value. `source` must be one of: ECP, ERP, 360, journey-submission. `reason` (optional) must be one of: regular, irregular, last, first, meter_change, contract_change, meter_adjustment (or empty/null).
+             * Meter reading attributes. Required: external_id, timestamp, source, value. `timestamp` must be ISO 8601 — either `YYYY-MM-DD` or `YYYY-MM-DDTHH:mm:ss` (with optional fractional seconds and optional `Z` / `±HH:mm` timezone offset); non-ISO formats (e.g. `DD.MM.YYYY` or epoch numbers) are rejected and must be converted upstream via a `jsonataExpression` (e.g. `$fromMillis(...)`). Date-only values are normalized to midnight UTC and offset-less date-times are anchored to UTC before being forwarded to the metering API. `source` must be one of: ECP, ERP, 360, journey-submission. `reason` (optional) must be one of: regular, irregular, last, first, meter_change, contract_change, meter_adjustment (or empty/null).
              */
             attributes: {
                 [name: string]: any;
@@ -2601,6 +2683,10 @@ declare namespace Components {
              * Description of the change that was made at this point in history
              */
             change_description?: string;
+            /**
+             * User ID of the user who made the change that produced this history entry
+             */
+            changed_by?: string;
             /**
              * ISO-8601 timestamp when the use case was originally created
              */
@@ -2656,6 +2742,80 @@ declare namespace Components {
              */
             conflicts?: OutboundConflict[];
         }
+        /**
+         * Origin/type of an epilot portal configuration.
+         */
+        export type PortalOrigin = "END_CUSTOMER_PORTAL" | "INSTALLER_PORTAL" | "B2B_PORTAL" | "ADDITIONAL_PORTAL";
+        /**
+         * Resolves to a property of one of the calling organization's epilot portal configurations at runtime, replacing hard-coded environment-specific portal UUIDs in inbound mappings. Matched portals are sorted ascending by `(_created_at, portal_id)`; portals without `_created_at` sort first (treated as oldest). When `select: "single"` matches more than one portal, the resolver still returns the oldest match and emits a `PORTAL_REF_AMBIGUOUS` warning.
+         *
+         */
+        export type PortalRefConfig = /**
+         * Resolves to a property of one of the calling organization's epilot portal configurations at runtime, replacing hard-coded environment-specific portal UUIDs in inbound mappings. Matched portals are sorted ascending by `(_created_at, portal_id)`; portals without `_created_at` sort first (treated as oldest). When `select: "single"` matches more than one portal, the resolver still returns the oldest match and emits a `PORTAL_REF_AMBIGUOUS` warning.
+         *
+         */
+        {
+            filter?: /**
+             * Filter applied to the org's portal configurations before selection. All filters default to "match any" except `enabled` (default `true`) and `is_dummy` (default `false`). Set `enabled` or `is_dummy` to `null` to opt out of the default.
+             *
+             */
+            PortalRefFilter;
+            /**
+             * `single` returns one literal value (the oldest matching portal); `all` returns an array of literal values (0, 1, or many).
+             *
+             */
+            select?: "single" | "all";
+            /**
+             * Which portal field to emit.
+             */
+            return?: "portal_id" | "origin" | "domain" | "name";
+        } | {
+            filter?: /**
+             * Filter applied to the org's portal configurations before selection. All filters default to "match any" except `enabled` (default `true`) and `is_dummy` (default `false`). Set `enabled` or `is_dummy` to `null` to opt out of the default.
+             *
+             */
+            PortalRefFilter;
+            select?: "single" | "all";
+            /**
+             * Evaluate the sibling `jsonataExpression` against the matched portal(s). With `select: "single"` the input is the matched PortalConfig object; with `select: "all"` it is the full filtered+sorted array.
+             *
+             */
+            return: "jsonata";
+            /**
+             * JSONata expression evaluated against the matched portal(s).
+             */
+            jsonataExpression: string;
+        };
+        /**
+         * Filter applied to the org's portal configurations before selection. All filters default to "match any" except `enabled` (default `true`) and `is_dummy` (default `false`). Set `enabled` or `is_dummy` to `null` to opt out of the default.
+         *
+         */
+        export interface PortalRefFilter {
+            /**
+             * Single origin or array of origins (matches if origin is in the array).
+             */
+            origin?: /* Single origin or array of origins (matches if origin is in the array). */ /* Origin/type of an epilot portal configuration. */ PortalOrigin | /* Origin/type of an epilot portal configuration. */ PortalOrigin[];
+            /**
+             * Match portals with this `enabled` value. Default `true`. Set to `null` to ignore.
+             */
+            enabled?: boolean | null;
+            /**
+             * Match portals with this `is_dummy` value. Default `false`. Set to `null` to ignore.
+             */
+            is_dummy?: boolean | null;
+            /**
+             * Optional restriction on `is_epilot_domain`.
+             */
+            is_epilot_domain?: boolean;
+            /**
+             * Exact match on the portal's `name`.
+             */
+            name?: string;
+            /**
+             * Exact match on the portal's `domain`.
+             */
+            domain?: string;
+        }
         /**
          * Scope configuration for upsert-prune-scope modes.
          * Defines how to find entities that should be pruned if not in the upsert payload.
@@ -2774,6 +2934,10 @@ declare namespace Components {
              * Filter by event name (alias for object_type)
              */
             event_name?: string;
+            /**
+             * Filter by use case ID
+             */
+            use_case_id?: string;
             /**
              * Maximum number of results to return
              * example:
@@ -3365,6 +3529,10 @@ declare namespace Components {
              * Description of the change that was made at this point in history
              */
             change_description?: string;
+            /**
+             * User ID of the user who made the change that produced this history entry
+             */
+            changed_by?: string;
             /**
              * ISO-8601 timestamp when the use case was originally created
              */
@@ -3387,6 +3555,53 @@ declare namespace Components {
              */
             SecureProxyUseCaseConfiguration;
         }
+        /**
+         * Current whitelist state for a secure_proxy use case. vpc_mode is read-only
+         * context so the UI can show the user what mode the pool is in.
+         *
+         */
+        export interface SecureProxyWhitelist {
+            /**
+             * VPC routing mode (read-only). `null` if not yet set.
+             */
+            vpc_mode: "static_ip" | "secure_link";
+            /**
+             * Exact domain ("api.example.com") or wildcard prefix ("*.example.com").
+             * Wildcards must have at least 2 labels in the suffix.
+             *
+             */
+            allowed_domains: string[];
+            /**
+             * CIDR-notation IP ranges, e.g. "10.0.0.0/24".
+             */
+            allowed_ips: string[];
+        }
+        /**
+         * Partial update for a secure_proxy whitelist. At least one of
+         * `allowed_domains` or `allowed_ips` must be provided.
+         *
+         * Per-field semantics:
+         *   - **omitted** — the field is not modified; the stored value is preserved.
+         *   - **non-empty array** — the stored value is replaced with the supplied list.
+         *   - **empty array (`[]`)** — the list is cleared (stored as `[]`). This is the
+         *     canonical way to remove all entries from a list. `null` is not accepted.
+         *
+         */
+        export interface SecureProxyWhitelistUpdate {
+            /**
+             * Exact domain ("api.example.com") or wildcard prefix ("*.example.com").
+             * Wildcards must have at least 2 labels in the suffix.
+             * Pass `[]` to clear all allowed domains.
+             *
+             */
+            allowed_domains?: string[];
+            /**
+             * CIDR-notation IP ranges, e.g. "10.0.0.0/24".
+             * Pass `[]` to clear all allowed IPs.
+             *
+             */
+            allowed_ips?: string[];
+        }
         export interface SetIntegrationAppMappingRequest {
             /**
              * UUID of the integration app instance
@@ -3872,6 +4087,10 @@ declare namespace Components {
              * Description of the change that was made at this point in history
              */
             change_description?: string;
+            /**
+             * User ID of the user who made the change that produced this history entry
+             */
+            changed_by?: string;
             /**
              * ISO-8601 timestamp when the use case was originally created
              */
@@ -4216,6 +4435,29 @@ declare namespace Paths {
             export type $500 = Components.Responses.InternalServerError;
         }
     }
+    namespace GetSecureProxyWhitelist {
+        namespace Parameters {
+            export type IntegrationId = string; // uuid
+            export type UseCaseId = string; // uuid
+        }
+        export interface PathParameters {
+            integrationId: Parameters.IntegrationId /* uuid */;
+            useCaseId: Parameters.UseCaseId /* uuid */;
+        }
+        namespace Responses {
+            export type $200 = /**
+             * Current whitelist state for a secure_proxy use case. vpc_mode is read-only
+             * context so the UI can show the user what mode the pool is in.
+             *
+             */
+            Components.Schemas.SecureProxyWhitelist;
+            export type $400 = Components.Responses.BadRequest;
+            export type $401 = Components.Responses.Unauthorized;
+            export type $403 = Components.Responses.Forbidden;
+            export interface $404 {
+            }
+        }
+    }
     namespace GetUseCase {
         namespace Parameters {
             export type IntegrationId = string; // uuid
@@ -4260,6 +4502,37 @@ declare namespace Paths {
             export type $500 = Components.Responses.InternalServerError;
         }
     }
+    namespace ListSecureProxyWhitelistHistory {
+        namespace Parameters {
+            export type IntegrationId = string; // uuid
+            export type Limit = number;
+            export type UseCaseId = string; // uuid
+        }
+        export interface PathParameters {
+            integrationId: Parameters.IntegrationId /* uuid */;
+            useCaseId: Parameters.UseCaseId /* uuid */;
+        }
+        export interface QueryParameters {
+            limit?: Parameters.Limit;
+        }
+        namespace Responses {
+            export interface $200 {
+                /**
+                 * Entries are `SecureProxyUseCaseHistoryEntry` in reverse
+                 * chronological order (newest first). Entries older than the
+                 * requested `limit` are not returned.
+                 *
+                 */
+                history: Components.Schemas.SecureProxyUseCaseHistoryEntry[];
+            }
+            export type $400 = Components.Responses.BadRequest;
+            export type $401 = Components.Responses.Unauthorized;
+            export type $403 = Components.Responses.Forbidden;
+            export interface $404 {
+            }
+            export type $500 = Components.Responses.InternalServerError;
+        }
+    }
     namespace ListUseCaseHistory {
         namespace Parameters {
             export type Cursor = string;
@@ -4583,6 +4856,41 @@ declare namespace Paths {
             export type $500 = Components.Responses.InternalServerError;
         }
     }
+    namespace UpdateSecureProxyWhitelist {
+        namespace Parameters {
+            export type IntegrationId = string; // uuid
+            export type UseCaseId = string; // uuid
+        }
+        export interface PathParameters {
+            integrationId: Parameters.IntegrationId /* uuid */;
+            useCaseId: Parameters.UseCaseId /* uuid */;
+        }
+        export type RequestBody = /**
+         * Partial update for a secure_proxy whitelist. At least one of
+         * `allowed_domains` or `allowed_ips` must be provided.
+         *
+         * Per-field semantics:
+         *   - **omitted** — the field is not modified; the stored value is preserved.
+         *   - **non-empty array** — the stored value is replaced with the supplied list.
+         *   - **empty array (`[]`)** — the list is cleared (stored as `[]`). This is the
+         *     canonical way to remove all entries from a list. `null` is not accepted.
+         *
+         */
+        Components.Schemas.SecureProxyWhitelistUpdate;
+        namespace Responses {
+            export type $200 = /**
+             * Current whitelist state for a secure_proxy use case. vpc_mode is read-only
+             * context so the UI can show the user what mode the pool is in.
+             *
+             */
+            Components.Schemas.SecureProxyWhitelist;
+            export type $400 = Components.Responses.BadRequest;
+            export type $401 = Components.Responses.Unauthorized;
+            export type $403 = Components.Responses.Forbidden;
+            export interface $404 {
+            }
+        }
+    }
     namespace UpdateUseCase {
         namespace Parameters {
             export type IntegrationId = string; // uuid
@@ -4882,6 +5190,66 @@ export interface OperationMethods {
     data?: any,
     config?: AxiosRequestConfig  
   ): OperationResponse<Paths.DeleteIntegrationV2.Responses.$200>
+  /**
+   * getSecureProxyWhitelist - Get secure_proxy whitelist (admin portal only)
+   * 
+   * Returns the current allowed_domains, allowed_ips, and vpc_mode for a secure_proxy use case.
+   * Staff-only — gated by internal-auth issuer AND admin-portal Cognito user pool membership.
+   * Rejects Login-As tokens.
+   * 
+   */
+  'getSecureProxyWhitelist'(
+    parameters?: Parameters<Paths.GetSecureProxyWhitelist.PathParameters> | null,
+    data?: any,
+    config?: AxiosRequestConfig  
+  ): OperationResponse<Paths.GetSecureProxyWhitelist.Responses.$200>
+  /**
+   * updateSecureProxyWhitelist - Update secure_proxy whitelist (admin portal only)
+   * 
+   * Replaces allowed_domains and/or allowed_ips on a secure_proxy use case.
+   * At least one of the two fields is required. Validation mirrors the CLI's
+   * `validateDomainPatterns` / `validateCidrs`. Writes a USECASE_HISTORY row
+   * with the admin user's email as `changed_by`.
+   * 
+   * Update semantics per field:
+   *   - **omitted** — field is not modified; the stored value is preserved.
+   *   - **non-empty array** — the stored value is replaced with the supplied list.
+   *   - **empty array (`[]`)** — the list is cleared (stored as `[]`). This is
+   *     the canonical way to remove all entries. `null` is not accepted.
+   * 
+   * Staff-only — same auth gates as GET.
+   * 
+   */
+  'updateSecureProxyWhitelist'(
+    parameters?: Parameters<Paths.UpdateSecureProxyWhitelist.PathParameters> | null,
+    data?: Paths.UpdateSecureProxyWhitelist.RequestBody,
+    config?: AxiosRequestConfig  
+  ): OperationResponse<Paths.UpdateSecureProxyWhitelist.Responses.$200>
+  /**
+   * listSecureProxyWhitelistHistory - List secure_proxy whitelist change history (admin portal only)
+   * 
+   * Returns the most recent USECASE_HISTORY entries for a secure_proxy use case,
+   * in reverse chronological order (newest first). Each entry includes the
+   * actor email (`changed_by`), the ISO-8601 timestamp (`history_created_at`),
+   * the `change_description` (free-text action), and the full `configuration`
+   * snapshot — from which UI-08 computes a before/after diff between consecutive
+   * entries.
+   * 
+   * Staff-only — gated by internal-auth issuer AND admin-portal Cognito user pool
+   * membership. Rejects Login-As tokens (same auth gate as the GET / PUT
+   * secure-proxy-whitelist operations).
+   * 
+   * Thin wrapper over the service-layer `listUseCaseHistory` that powers
+   * `GET /v1/integrations/{integrationId}/use-cases/{useCaseId}/history` — the
+   * separate path exists because the /v1 variant is tenant-gated and admin-portal
+   * internal-auth tokens do not carry tenant permissions.
+   * 
+   */
+  'listSecureProxyWhitelistHistory'(
+    parameters?: Parameters<Paths.ListSecureProxyWhitelistHistory.QueryParameters & Paths.ListSecureProxyWhitelistHistory.PathParameters> | null,
+    data?: any,
+    config?: AxiosRequestConfig  
+  ): OperationResponse<Paths.ListSecureProxyWhitelistHistory.Responses.$200>
   /**
    * setIntegrationAppMapping - setIntegrationAppMapping
    * 
@@ -5414,6 +5782,70 @@ export interface PathsDictionary {
       config?: AxiosRequestConfig  
     ): OperationResponse<Paths.DeleteIntegrationV2.Responses.$200>
   }
+  ['/v2/integrations/{integrationId}/use-cases/{useCaseId}/secure-proxy-whitelist']: {
+    /**
+     * getSecureProxyWhitelist - Get secure_proxy whitelist (admin portal only)
+     * 
+     * Returns the current allowed_domains, allowed_ips, and vpc_mode for a secure_proxy use case.
+     * Staff-only — gated by internal-auth issuer AND admin-portal Cognito user pool membership.
+     * Rejects Login-As tokens.
+     * 
+     */
+    'get'(
+      parameters?: Parameters<Paths.GetSecureProxyWhitelist.PathParameters> | null,
+      data?: any,
+      config?: AxiosRequestConfig  
+    ): OperationResponse<Paths.GetSecureProxyWhitelist.Responses.$200>
+    /**
+     * updateSecureProxyWhitelist - Update secure_proxy whitelist (admin portal only)
+     * 
+     * Replaces allowed_domains and/or allowed_ips on a secure_proxy use case.
+     * At least one of the two fields is required. Validation mirrors the CLI's
+     * `validateDomainPatterns` / `validateCidrs`. Writes a USECASE_HISTORY row
+     * with the admin user's email as `changed_by`.
+     * 
+     * Update semantics per field:
+     *   - **omitted** — field is not modified; the stored value is preserved.
+     *   - **non-empty array** — the stored value is replaced with the supplied list.
+     *   - **empty array (`[]`)** — the list is cleared (stored as `[]`). This is
+     *     the canonical way to remove all entries. `null` is not accepted.
+     * 
+     * Staff-only — same auth gates as GET.
+     * 
+     */
+    'put'(
+      parameters?: Parameters<Paths.UpdateSecureProxyWhitelist.PathParameters> | null,
+      data?: Paths.UpdateSecureProxyWhitelist.RequestBody,
+      config?: AxiosRequestConfig  
+    ): OperationResponse<Paths.UpdateSecureProxyWhitelist.Responses.$200>
+  }
+  ['/v2/integrations/{integrationId}/use-cases/{useCaseId}/secure-proxy-whitelist/history']: {
+    /**
+     * listSecureProxyWhitelistHistory - List secure_proxy whitelist change history (admin portal only)
+     * 
+     * Returns the most recent USECASE_HISTORY entries for a secure_proxy use case,
+     * in reverse chronological order (newest first). Each entry includes the
+     * actor email (`changed_by`), the ISO-8601 timestamp (`history_created_at`),
+     * the `change_description` (free-text action), and the full `configuration`
+     * snapshot — from which UI-08 computes a before/after diff between consecutive
+     * entries.
+     * 
+     * Staff-only — gated by internal-auth issuer AND admin-portal Cognito user pool
+     * membership. Rejects Login-As tokens (same auth gate as the GET / PUT
+     * secure-proxy-whitelist operations).
+     * 
+     * Thin wrapper over the service-layer `listUseCaseHistory` that powers
+     * `GET /v1/integrations/{integrationId}/use-cases/{useCaseId}/history` — the
+     * separate path exists because the /v1 variant is tenant-gated and admin-portal
+     * internal-auth tokens do not carry tenant permissions.
+     * 
+     */
+    'get'(
+      parameters?: Parameters<Paths.ListSecureProxyWhitelistHistory.QueryParameters & Paths.ListSecureProxyWhitelistHistory.PathParameters> | null,
+      data?: any,
+      config?: AxiosRequestConfig  
+    ): OperationResponse<Paths.ListSecureProxyWhitelistHistory.Responses.$200>
+  }
   ['/v1/integrations/{integrationId}/app-mapping']: {
     /**
      * setIntegrationAppMapping - setIntegrationAppMapping
@@ -5697,6 +6129,7 @@ export type EmbeddedSecureProxyUseCaseRequest = Components.Schemas.EmbeddedSecur
 export type EmbeddedUseCaseRequest = Components.Schemas.EmbeddedUseCaseRequest;
 export type EmbeddedUseCaseRequestBase = Components.Schemas.EmbeddedUseCaseRequestBase;
 export type EntityUpdate = Components.Schemas.EntityUpdate;
+export type EnvVarRefConfig = Components.Schemas.EnvVarRefConfig;
 export type EnvironmentFieldConfig = Components.Schemas.EnvironmentFieldConfig;
 export type ErpEvent = Components.Schemas.ErpEvent;
 export type ErpEventV3 = Components.Schemas.ErpEventV3;
@@ -5763,6 +6196,9 @@ export type OutboundStatusResponse = Components.Schemas.OutboundStatusResponse;
 export type OutboundUseCase = Components.Schemas.OutboundUseCase;
 export type OutboundUseCaseHistoryEntry = Components.Schemas.OutboundUseCaseHistoryEntry;
 export type OutboundUseCaseStatus = Components.Schemas.OutboundUseCaseStatus;
+export type PortalOrigin = Components.Schemas.PortalOrigin;
+export type PortalRefConfig = Components.Schemas.PortalRefConfig;
+export type PortalRefFilter = Components.Schemas.PortalRefFilter;
 export type PruneScopeConfig = Components.Schemas.PruneScopeConfig;
 export type QueryAccessLogsRequest = Components.Schemas.QueryAccessLogsRequest;
 export type QueryEventsRequest = Components.Schemas.QueryEventsRequest;
@@ -5783,6 +6219,8 @@ export type SecureProxySummary = Components.Schemas.SecureProxySummary;
 export type SecureProxyUseCase = Components.Schemas.SecureProxyUseCase;
 export type SecureProxyUseCaseConfiguration = Components.Schemas.SecureProxyUseCaseConfiguration;
 export type SecureProxyUseCaseHistoryEntry = Components.Schemas.SecureProxyUseCaseHistoryEntry;
+export type SecureProxyWhitelist = Components.Schemas.SecureProxyWhitelist;
+export type SecureProxyWhitelistUpdate = Components.Schemas.SecureProxyWhitelistUpdate;
 export type SetIntegrationAppMappingRequest = Components.Schemas.SetIntegrationAppMappingRequest;
 export type TimeSeriesBreakdownItemV2 = Components.Schemas.TimeSeriesBreakdownItemV2;
 export type TimeSeriesBucket = Components.Schemas.TimeSeriesBucket;