@epilot/sdk 2.4.4 → 2.6.0

package/dist/{integration-toolkit.d-Ry-KC9ow.d.ts → integration-toolkit.d-BstNqiJb.d.ts}

@@ -293,10 +293,10 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
+             * URL-safe identifier for the use case. Required for explicit creates so every use case has a portable cross-environment identifier. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
              *
              */
-            slug?: string; // ^[a-z0-9][a-z0-9_-]*$
+            slug: string; // ^[a-z0-9][a-z0-9_-]*$
             /**
              * Whether the use case is enabled
              */
@@ -321,10 +321,10 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
+             * URL-safe identifier for the use case. Required for explicit creates so every use case has a portable cross-environment identifier. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
              *
              */
-            slug?: string; // ^[a-z0-9][a-z0-9_-]*$
+            slug: string; // ^[a-z0-9][a-z0-9_-]*$
             /**
              * Whether the use case is enabled
              */
@@ -378,10 +378,10 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
+             * URL-safe identifier for the use case. Required for explicit creates so every use case has a portable cross-environment identifier. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
              *
              */
-            slug?: string; // ^[a-z0-9][a-z0-9_-]*$
+            slug: string; // ^[a-z0-9][a-z0-9_-]*$
             /**
              * Whether the use case is enabled
              */
@@ -398,10 +398,10 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
+             * URL-safe identifier for the use case. Required for explicit creates so every use case has a portable cross-environment identifier. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
              *
              */
-            slug?: string; // ^[a-z0-9][a-z0-9_-]*$
+            slug: string; // ^[a-z0-9][a-z0-9_-]*$
             /**
              * Whether the use case is enabled
              */
@@ -418,10 +418,10 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
+             * URL-safe identifier for the use case. Required for explicit creates so every use case has a portable cross-environment identifier. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
              *
              */
-            slug?: string; // ^[a-z0-9][a-z0-9_-]*$
+            slug: string; // ^[a-z0-9][a-z0-9_-]*$
             /**
              * Whether the use case is enabled
              */
@@ -443,10 +443,10 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
+             * URL-safe identifier for the use case. Required for explicit creates so every use case has a portable cross-environment identifier. Must be unique per integration. Immutable after creation. Lowercase alphanumeric, hyphens, and underscores only.
              *
              */
-            slug?: string; // ^[a-z0-9][a-z0-9_-]*$
+            slug: string; // ^[a-z0-9][a-z0-9_-]*$
             /**
              * Whether the use case is enabled
              */
@@ -497,7 +497,7 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation.
+             * URL-safe identifier for the use case. Optional on this upsert/sync endpoint — when omitted, the server derives one from the name and ensures uniqueness within the integration. Immutable after creation.
              *
              */
             slug?: string; // ^[a-z0-9][a-z0-9_-]*$
@@ -537,7 +537,7 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation.
+             * URL-safe identifier for the use case. Optional on this upsert/sync endpoint — when omitted, the server derives one from the name and ensures uniqueness within the integration. Immutable after creation.
              *
              */
             slug?: string; // ^[a-z0-9][a-z0-9_-]*$
@@ -569,7 +569,7 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation.
+             * URL-safe identifier for the use case. Optional on this upsert/sync endpoint — when omitted, the server derives one from the name and ensures uniqueness within the integration. Immutable after creation.
              *
              */
             slug?: string; // ^[a-z0-9][a-z0-9_-]*$
@@ -601,7 +601,7 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation.
+             * URL-safe identifier for the use case. Optional on this upsert/sync endpoint — when omitted, the server derives one from the name and ensures uniqueness within the integration. Immutable after creation.
              *
              */
             slug?: string; // ^[a-z0-9][a-z0-9_-]*$
@@ -633,7 +633,7 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation.
+             * URL-safe identifier for the use case. Optional on this upsert/sync endpoint — when omitted, the server derives one from the name and ensures uniqueness within the integration. Immutable after creation.
              *
              */
             slug?: string; // ^[a-z0-9][a-z0-9_-]*$
@@ -670,7 +670,7 @@ declare namespace Components {
              */
             name: string;
             /**
-             * URL-safe identifier for the use case. Recommended for portable cross-environment referencing. Must be unique per integration. Immutable after creation.
+             * URL-safe identifier for the use case. Optional on this upsert/sync endpoint — when omitted, the server derives one from the name and ensures uniqueness within the integration. Immutable after creation.
              *
              */
             slug?: string; // ^[a-z0-9][a-z0-9_-]*$
@@ -701,6 +701,43 @@ declare namespace Components {
                 [name: string]: any;
             };
         }
+        /**
+         * Resolves to an org-scoped environment variable from the epilot environments-api service at runtime, replacing hard-coded environment-specific values (URLs, prefixes, identifiers) in inbound mappings. Secrets (`SecretString` values) are never exposed; the runtime treats both "missing key" and "secret-typed key" as identical `undefined` outcomes (no info disclosure via error code). For secret-resolving contexts (e.g. authorization headers in managed-call or file-proxy step configurations), use the templated `{{ env.<key> }}` syntax instead — that mechanism does decrypt secrets.
+         *
+         */
+        export type EnvVarRefConfig = /**
+         * Resolves to an org-scoped environment variable from the epilot environments-api service at runtime, replacing hard-coded environment-specific values (URLs, prefixes, identifiers) in inbound mappings. Secrets (`SecretString` values) are never exposed; the runtime treats both "missing key" and "secret-typed key" as identical `undefined` outcomes (no info disclosure via error code). For secret-resolving contexts (e.g. authorization headers in managed-call or file-proxy step configurations), use the templated `{{ env.<key> }}` syntax instead — that mechanism does decrypt secrets.
+         *
+         */
+        {
+            /**
+             * Environment variable key. Must match the environments-api key contract (lowercase, digits, `_`, `.`, `-`; max 128 chars; starts with a lowercase letter or digit). Supports dot-namespaced keys like `erp_api.base_url`.
+             *
+             */
+            key: string; // ^[a-z0-9][a-z0-9_.-]{0,127}$
+            /**
+             * Literal string returned when the key is missing (or is a secret). When provided, the `ENV_VAR_REF_NOT_FOUND` warning is suppressed because the author signalled the absence is expected.
+             *
+             */
+            default?: string;
+            /**
+             * `value` returns the resolved env-var string as-is.
+             *
+             */
+            return?: "value";
+        } | {
+            key: string; // ^[a-z0-9][a-z0-9_.-]{0,127}$
+            default?: string;
+            /**
+             * Evaluate the sibling `jsonataExpression` against the resolved env-var value (the input `$` is the string value).
+             *
+             */
+            return: "jsonata";
+            /**
+             * JSONata expression evaluated against the resolved env-var value.
+             */
+            jsonataExpression: string;
+        };
         export interface EnvironmentFieldConfig {
             /**
              * Environment variable key, used to look up the value in the Environments API.
@@ -876,6 +913,31 @@ declare namespace Components {
              * Optional ID that identifies the specific request for debugging purposes
              */
             correlation_id?: string;
+            /**
+             * Controls ordering and parallelism for this request's events.
+             *
+             * By default, all events for a given `integration_id` are processed
+             * **strictly in order, one at a time**. For high-volume integrations this
+             * can become a throughput bottleneck.
+             *
+             * Set `group_id` to opt into **parallel processing**:
+             * - Events sharing the same `group_id` are processed in the order received.
+             * - Events with different `group_id` values are processed in parallel.
+             *
+             * Typical usage is to derive `group_id` from a logical partition key in
+             * your payload — for example the customer ID, contract ID, or meter ID —
+             * so updates to the same business object remain ordered while unrelated
+             * objects are processed concurrently.
+             *
+             * Notes:
+             * - Up to 20 groups per integration are processed concurrently. Using
+             *   more distinct values than that yields no additional parallelism.
+             * - Omit this field if strict per-integration ordering is required.
+             *
+             * example:
+             * customer-42
+             */
+            group_id?: string;
             /**
              * List of ERP events to process
              */
@@ -1128,6 +1190,10 @@ declare namespace Components {
              * Additional use-case-specific parameters expected in the download URL query string (beyond the required orgId, integrationId, and useCaseSlug or useCaseId)
              */
             params?: FileProxyParam[];
+            /**
+             * Additional origins permitted to call /download for this use case (CORS, exact match). Portal origins are always allowed.
+             */
+            allowed_origins?: string /* uri ^https?:// */[];
             /**
              * Ordered list of HTTP steps to execute to retrieve the file
              */
@@ -1166,6 +1232,10 @@ declare namespace Components {
              * Description of the change that was made at this point in history
              */
             change_description?: string;
+            /**
+             * User ID of the user who made the change that produced this history entry
+             */
+            changed_by?: string;
             /**
              * ISO-8601 timestamp when the use case was originally created
              */
@@ -1502,6 +1572,10 @@ declare namespace Components {
              * Description of the change that was made at this point in history
              */
             change_description?: string;
+            /**
+             * User ID of the user who made the change that produced this history entry
+             */
+            changed_by?: string;
             /**
              * ISO-8601 timestamp when the use case was originally created
              */
@@ -1726,6 +1800,16 @@ declare namespace Components {
              *
              */
             FileProxyUrlConfig;
+            portal_ref?: /**
+             * Resolves to a property of one of the calling organization's epilot portal configurations at runtime, replacing hard-coded environment-specific portal UUIDs in inbound mappings. Matched portals are sorted ascending by `(_created_at, portal_id)`; portals without `_created_at` sort first (treated as oldest). When `select: "single"` matches more than one portal, the resolver still returns the oldest match and emits a `PORTAL_REF_AMBIGUOUS` warning.
+             *
+             */
+            PortalRefConfig;
+            env_var_ref?: /**
+             * Resolves to an org-scoped environment variable from the epilot environments-api service at runtime, replacing hard-coded environment-specific values (URLs, prefixes, identifiers) in inbound mappings. Secrets (`SecretString` values) are never exposed; the runtime treats both "missing key" and "secret-typed key" as identical `undefined` outcomes (no info disclosure via error code). For secret-resolving contexts (e.g. authorization headers in managed-call or file-proxy step configurations), use the templated `{{ env.<key> }}` syntax instead — that mechanism does decrypt secrets.
+             *
+             */
+            EnvVarRefConfig;
         }
         export interface IntegrationFieldV1 {
             /**
@@ -2084,6 +2168,10 @@ declare namespace Components {
              * Description of the change that was made at this point in history
              */
             change_description?: string;
+            /**
+             * User ID of the user who made the change that produced this history entry
+             */
+            changed_by?: string;
             /**
              * ISO-8601 timestamp when the use case was originally created
              */
@@ -2198,7 +2286,7 @@ declare namespace Components {
                 };
             };
             /**
-             * Meter reading attributes. Required: external_id, timestamp, source, value. `source` must be one of: ECP, ERP, 360, journey-submission. `reason` (optional) must be one of: regular, irregular, last, first, meter_change, contract_change, meter_adjustment (or empty/null).
+             * Meter reading attributes. Required: external_id, timestamp, source, value. `timestamp` must be ISO 8601 — either `YYYY-MM-DD` or `YYYY-MM-DDTHH:mm:ss` (with optional fractional seconds and optional `Z` / `±HH:mm` timezone offset); non-ISO formats (e.g. `DD.MM.YYYY` or epoch numbers) are rejected and must be converted upstream via a `jsonataExpression` (e.g. `$fromMillis(...)`). Date-only values are normalized to midnight UTC and offset-less date-times are anchored to UTC before being forwarded to the metering API. `source` must be one of: ECP, ERP, 360, journey-submission. `reason` (optional) must be one of: regular, irregular, last, first, meter_change, contract_change, meter_adjustment (or empty/null).
              */
             attributes: {
                 [name: string]: any;
@@ -2587,6 +2675,10 @@ declare namespace Components {
              * Description of the change that was made at this point in history
              */
             change_description?: string;
+            /**
+             * User ID of the user who made the change that produced this history entry
+             */
+            changed_by?: string;
             /**
              * ISO-8601 timestamp when the use case was originally created
              */
@@ -2642,6 +2734,80 @@ declare namespace Components {
              */
             conflicts?: OutboundConflict[];
         }
+        /**
+         * Origin/type of an epilot portal configuration.
+         */
+        export type PortalOrigin = "END_CUSTOMER_PORTAL" | "INSTALLER_PORTAL" | "B2B_PORTAL" | "ADDITIONAL_PORTAL";
+        /**
+         * Resolves to a property of one of the calling organization's epilot portal configurations at runtime, replacing hard-coded environment-specific portal UUIDs in inbound mappings. Matched portals are sorted ascending by `(_created_at, portal_id)`; portals without `_created_at` sort first (treated as oldest). When `select: "single"` matches more than one portal, the resolver still returns the oldest match and emits a `PORTAL_REF_AMBIGUOUS` warning.
+         *
+         */
+        export type PortalRefConfig = /**
+         * Resolves to a property of one of the calling organization's epilot portal configurations at runtime, replacing hard-coded environment-specific portal UUIDs in inbound mappings. Matched portals are sorted ascending by `(_created_at, portal_id)`; portals without `_created_at` sort first (treated as oldest). When `select: "single"` matches more than one portal, the resolver still returns the oldest match and emits a `PORTAL_REF_AMBIGUOUS` warning.
+         *
+         */
+        {
+            filter?: /**
+             * Filter applied to the org's portal configurations before selection. All filters default to "match any" except `enabled` (default `true`) and `is_dummy` (default `false`). Set `enabled` or `is_dummy` to `null` to opt out of the default.
+             *
+             */
+            PortalRefFilter;
+            /**
+             * `single` returns one literal value (the oldest matching portal); `all` returns an array of literal values (0, 1, or many).
+             *
+             */
+            select?: "single" | "all";
+            /**
+             * Which portal field to emit.
+             */
+            return?: "portal_id" | "origin" | "domain" | "name";
+        } | {
+            filter?: /**
+             * Filter applied to the org's portal configurations before selection. All filters default to "match any" except `enabled` (default `true`) and `is_dummy` (default `false`). Set `enabled` or `is_dummy` to `null` to opt out of the default.
+             *
+             */
+            PortalRefFilter;
+            select?: "single" | "all";
+            /**
+             * Evaluate the sibling `jsonataExpression` against the matched portal(s). With `select: "single"` the input is the matched PortalConfig object; with `select: "all"` it is the full filtered+sorted array.
+             *
+             */
+            return: "jsonata";
+            /**
+             * JSONata expression evaluated against the matched portal(s).
+             */
+            jsonataExpression: string;
+        };
+        /**
+         * Filter applied to the org's portal configurations before selection. All filters default to "match any" except `enabled` (default `true`) and `is_dummy` (default `false`). Set `enabled` or `is_dummy` to `null` to opt out of the default.
+         *
+         */
+        export interface PortalRefFilter {
+            /**
+             * Single origin or array of origins (matches if origin is in the array).
+             */
+            origin?: /* Single origin or array of origins (matches if origin is in the array). */ /* Origin/type of an epilot portal configuration. */ PortalOrigin | /* Origin/type of an epilot portal configuration. */ PortalOrigin[];
+            /**
+             * Match portals with this `enabled` value. Default `true`. Set to `null` to ignore.
+             */
+            enabled?: boolean | null;
+            /**
+             * Match portals with this `is_dummy` value. Default `false`. Set to `null` to ignore.
+             */
+            is_dummy?: boolean | null;
+            /**
+             * Optional restriction on `is_epilot_domain`.
+             */
+            is_epilot_domain?: boolean;
+            /**
+             * Exact match on the portal's `name`.
+             */
+            name?: string;
+            /**
+             * Exact match on the portal's `domain`.
+             */
+            domain?: string;
+        }
         /**
          * Scope configuration for upsert-prune-scope modes.
          * Defines how to find entities that should be pruned if not in the upsert payload.
@@ -3351,6 +3517,10 @@ declare namespace Components {
              * Description of the change that was made at this point in history
              */
             change_description?: string;
+            /**
+             * User ID of the user who made the change that produced this history entry
+             */
+            changed_by?: string;
             /**
              * ISO-8601 timestamp when the use case was originally created
              */
@@ -3373,6 +3543,53 @@ declare namespace Components {
              */
             SecureProxyUseCaseConfiguration;
         }
+        /**
+         * Current whitelist state for a secure_proxy use case. vpc_mode is read-only
+         * context so the UI can show the user what mode the pool is in.
+         *
+         */
+        export interface SecureProxyWhitelist {
+            /**
+             * VPC routing mode (read-only). `null` if not yet set.
+             */
+            vpc_mode: "static_ip" | "secure_link";
+            /**
+             * Exact domain ("api.example.com") or wildcard prefix ("*.example.com").
+             * Wildcards must have at least 2 labels in the suffix.
+             *
+             */
+            allowed_domains: string[];
+            /**
+             * CIDR-notation IP ranges, e.g. "10.0.0.0/24".
+             */
+            allowed_ips: string[];
+        }
+        /**
+         * Partial update for a secure_proxy whitelist. At least one of
+         * `allowed_domains` or `allowed_ips` must be provided.
+         *
+         * Per-field semantics:
+         *   - **omitted** — the field is not modified; the stored value is preserved.
+         *   - **non-empty array** — the stored value is replaced with the supplied list.
+         *   - **empty array (`[]`)** — the list is cleared (stored as `[]`). This is the
+         *     canonical way to remove all entries from a list. `null` is not accepted.
+         *
+         */
+        export interface SecureProxyWhitelistUpdate {
+            /**
+             * Exact domain ("api.example.com") or wildcard prefix ("*.example.com").
+             * Wildcards must have at least 2 labels in the suffix.
+             * Pass `[]` to clear all allowed domains.
+             *
+             */
+            allowed_domains?: string[];
+            /**
+             * CIDR-notation IP ranges, e.g. "10.0.0.0/24".
+             * Pass `[]` to clear all allowed IPs.
+             *
+             */
+            allowed_ips?: string[];
+        }
         export interface SetIntegrationAppMappingRequest {
             /**
              * UUID of the integration app instance
@@ -3858,6 +4075,10 @@ declare namespace Components {
              * Description of the change that was made at this point in history
              */
             change_description?: string;
+            /**
+             * User ID of the user who made the change that produced this history entry
+             */
+            changed_by?: string;
             /**
              * ISO-8601 timestamp when the use case was originally created
              */
@@ -4202,6 +4423,29 @@ declare namespace Paths {
             export type $500 = Components.Responses.InternalServerError;
         }
     }
+    namespace GetSecureProxyWhitelist {
+        namespace Parameters {
+            export type IntegrationId = string; // uuid
+            export type UseCaseId = string; // uuid
+        }
+        export interface PathParameters {
+            integrationId: Parameters.IntegrationId /* uuid */;
+            useCaseId: Parameters.UseCaseId /* uuid */;
+        }
+        namespace Responses {
+            export type $200 = /**
+             * Current whitelist state for a secure_proxy use case. vpc_mode is read-only
+             * context so the UI can show the user what mode the pool is in.
+             *
+             */
+            Components.Schemas.SecureProxyWhitelist;
+            export type $400 = Components.Responses.BadRequest;
+            export type $401 = Components.Responses.Unauthorized;
+            export type $403 = Components.Responses.Forbidden;
+            export interface $404 {
+            }
+        }
+    }
     namespace GetUseCase {
         namespace Parameters {
             export type IntegrationId = string; // uuid
@@ -4246,6 +4490,37 @@ declare namespace Paths {
             export type $500 = Components.Responses.InternalServerError;
         }
     }
+    namespace ListSecureProxyWhitelistHistory {
+        namespace Parameters {
+            export type IntegrationId = string; // uuid
+            export type Limit = number;
+            export type UseCaseId = string; // uuid
+        }
+        export interface PathParameters {
+            integrationId: Parameters.IntegrationId /* uuid */;
+            useCaseId: Parameters.UseCaseId /* uuid */;
+        }
+        export interface QueryParameters {
+            limit?: Parameters.Limit;
+        }
+        namespace Responses {
+            export interface $200 {
+                /**
+                 * Entries are `SecureProxyUseCaseHistoryEntry` in reverse
+                 * chronological order (newest first). Entries older than the
+                 * requested `limit` are not returned.
+                 *
+                 */
+                history: Components.Schemas.SecureProxyUseCaseHistoryEntry[];
+            }
+            export type $400 = Components.Responses.BadRequest;
+            export type $401 = Components.Responses.Unauthorized;
+            export type $403 = Components.Responses.Forbidden;
+            export interface $404 {
+            }
+            export type $500 = Components.Responses.InternalServerError;
+        }
+    }
     namespace ListUseCaseHistory {
         namespace Parameters {
             export type Cursor = string;
@@ -4569,6 +4844,41 @@ declare namespace Paths {
             export type $500 = Components.Responses.InternalServerError;
         }
     }
+    namespace UpdateSecureProxyWhitelist {
+        namespace Parameters {
+            export type IntegrationId = string; // uuid
+            export type UseCaseId = string; // uuid
+        }
+        export interface PathParameters {
+            integrationId: Parameters.IntegrationId /* uuid */;
+            useCaseId: Parameters.UseCaseId /* uuid */;
+        }
+        export type RequestBody = /**
+         * Partial update for a secure_proxy whitelist. At least one of
+         * `allowed_domains` or `allowed_ips` must be provided.
+         *
+         * Per-field semantics:
+         *   - **omitted** — the field is not modified; the stored value is preserved.
+         *   - **non-empty array** — the stored value is replaced with the supplied list.
+         *   - **empty array (`[]`)** — the list is cleared (stored as `[]`). This is the
+         *     canonical way to remove all entries from a list. `null` is not accepted.
+         *
+         */
+        Components.Schemas.SecureProxyWhitelistUpdate;
+        namespace Responses {
+            export type $200 = /**
+             * Current whitelist state for a secure_proxy use case. vpc_mode is read-only
+             * context so the UI can show the user what mode the pool is in.
+             *
+             */
+            Components.Schemas.SecureProxyWhitelist;
+            export type $400 = Components.Responses.BadRequest;
+            export type $401 = Components.Responses.Unauthorized;
+            export type $403 = Components.Responses.Forbidden;
+            export interface $404 {
+            }
+        }
+    }
     namespace UpdateUseCase {
         namespace Parameters {
             export type IntegrationId = string; // uuid
@@ -4868,6 +5178,66 @@ interface OperationMethods {
     data?: any,
     config?: AxiosRequestConfig  
   ): OperationResponse<Paths.DeleteIntegrationV2.Responses.$200>
+  /**
+   * getSecureProxyWhitelist - Get secure_proxy whitelist (admin portal only)
+   * 
+   * Returns the current allowed_domains, allowed_ips, and vpc_mode for a secure_proxy use case.
+   * Staff-only — gated by internal-auth issuer AND admin-portal Cognito user pool membership.
+   * Rejects Login-As tokens.
+   * 
+   */
+  'getSecureProxyWhitelist'(
+    parameters?: Parameters<Paths.GetSecureProxyWhitelist.PathParameters> | null,
+    data?: any,
+    config?: AxiosRequestConfig  
+  ): OperationResponse<Paths.GetSecureProxyWhitelist.Responses.$200>
+  /**
+   * updateSecureProxyWhitelist - Update secure_proxy whitelist (admin portal only)
+   * 
+   * Replaces allowed_domains and/or allowed_ips on a secure_proxy use case.
+   * At least one of the two fields is required. Validation mirrors the CLI's
+   * `validateDomainPatterns` / `validateCidrs`. Writes a USECASE_HISTORY row
+   * with the admin user's email as `changed_by`.
+   * 
+   * Update semantics per field:
+   *   - **omitted** — field is not modified; the stored value is preserved.
+   *   - **non-empty array** — the stored value is replaced with the supplied list.
+   *   - **empty array (`[]`)** — the list is cleared (stored as `[]`). This is
+   *     the canonical way to remove all entries. `null` is not accepted.
+   * 
+   * Staff-only — same auth gates as GET.
+   * 
+   */
+  'updateSecureProxyWhitelist'(
+    parameters?: Parameters<Paths.UpdateSecureProxyWhitelist.PathParameters> | null,
+    data?: Paths.UpdateSecureProxyWhitelist.RequestBody,
+    config?: AxiosRequestConfig  
+  ): OperationResponse<Paths.UpdateSecureProxyWhitelist.Responses.$200>
+  /**
+   * listSecureProxyWhitelistHistory - List secure_proxy whitelist change history (admin portal only)
+   * 
+   * Returns the most recent USECASE_HISTORY entries for a secure_proxy use case,
+   * in reverse chronological order (newest first). Each entry includes the
+   * actor email (`changed_by`), the ISO-8601 timestamp (`history_created_at`),
+   * the `change_description` (free-text action), and the full `configuration`
+   * snapshot — from which UI-08 computes a before/after diff between consecutive
+   * entries.
+   * 
+   * Staff-only — gated by internal-auth issuer AND admin-portal Cognito user pool
+   * membership. Rejects Login-As tokens (same auth gate as the GET / PUT
+   * secure-proxy-whitelist operations).
+   * 
+   * Thin wrapper over the service-layer `listUseCaseHistory` that powers
+   * `GET /v1/integrations/{integrationId}/use-cases/{useCaseId}/history` — the
+   * separate path exists because the /v1 variant is tenant-gated and admin-portal
+   * internal-auth tokens do not carry tenant permissions.
+   * 
+   */
+  'listSecureProxyWhitelistHistory'(
+    parameters?: Parameters<Paths.ListSecureProxyWhitelistHistory.QueryParameters & Paths.ListSecureProxyWhitelistHistory.PathParameters> | null,
+    data?: any,
+    config?: AxiosRequestConfig  
+  ): OperationResponse<Paths.ListSecureProxyWhitelistHistory.Responses.$200>
   /**
    * setIntegrationAppMapping - setIntegrationAppMapping
    * 
@@ -5400,6 +5770,70 @@ interface PathsDictionary {
       config?: AxiosRequestConfig  
     ): OperationResponse<Paths.DeleteIntegrationV2.Responses.$200>
   }
+  ['/v2/integrations/{integrationId}/use-cases/{useCaseId}/secure-proxy-whitelist']: {
+    /**
+     * getSecureProxyWhitelist - Get secure_proxy whitelist (admin portal only)
+     * 
+     * Returns the current allowed_domains, allowed_ips, and vpc_mode for a secure_proxy use case.
+     * Staff-only — gated by internal-auth issuer AND admin-portal Cognito user pool membership.
+     * Rejects Login-As tokens.
+     * 
+     */
+    'get'(
+      parameters?: Parameters<Paths.GetSecureProxyWhitelist.PathParameters> | null,
+      data?: any,
+      config?: AxiosRequestConfig  
+    ): OperationResponse<Paths.GetSecureProxyWhitelist.Responses.$200>
+    /**
+     * updateSecureProxyWhitelist - Update secure_proxy whitelist (admin portal only)
+     * 
+     * Replaces allowed_domains and/or allowed_ips on a secure_proxy use case.
+     * At least one of the two fields is required. Validation mirrors the CLI's
+     * `validateDomainPatterns` / `validateCidrs`. Writes a USECASE_HISTORY row
+     * with the admin user's email as `changed_by`.
+     * 
+     * Update semantics per field:
+     *   - **omitted** — field is not modified; the stored value is preserved.
+     *   - **non-empty array** — the stored value is replaced with the supplied list.
+     *   - **empty array (`[]`)** — the list is cleared (stored as `[]`). This is
+     *     the canonical way to remove all entries. `null` is not accepted.
+     * 
+     * Staff-only — same auth gates as GET.
+     * 
+     */
+    'put'(
+      parameters?: Parameters<Paths.UpdateSecureProxyWhitelist.PathParameters> | null,
+      data?: Paths.UpdateSecureProxyWhitelist.RequestBody,
+      config?: AxiosRequestConfig  
+    ): OperationResponse<Paths.UpdateSecureProxyWhitelist.Responses.$200>
+  }
+  ['/v2/integrations/{integrationId}/use-cases/{useCaseId}/secure-proxy-whitelist/history']: {
+    /**
+     * listSecureProxyWhitelistHistory - List secure_proxy whitelist change history (admin portal only)
+     * 
+     * Returns the most recent USECASE_HISTORY entries for a secure_proxy use case,
+     * in reverse chronological order (newest first). Each entry includes the
+     * actor email (`changed_by`), the ISO-8601 timestamp (`history_created_at`),
+     * the `change_description` (free-text action), and the full `configuration`
+     * snapshot — from which UI-08 computes a before/after diff between consecutive
+     * entries.
+     * 
+     * Staff-only — gated by internal-auth issuer AND admin-portal Cognito user pool
+     * membership. Rejects Login-As tokens (same auth gate as the GET / PUT
+     * secure-proxy-whitelist operations).
+     * 
+     * Thin wrapper over the service-layer `listUseCaseHistory` that powers
+     * `GET /v1/integrations/{integrationId}/use-cases/{useCaseId}/history` — the
+     * separate path exists because the /v1 variant is tenant-gated and admin-portal
+     * internal-auth tokens do not carry tenant permissions.
+     * 
+     */
+    'get'(
+      parameters?: Parameters<Paths.ListSecureProxyWhitelistHistory.QueryParameters & Paths.ListSecureProxyWhitelistHistory.PathParameters> | null,
+      data?: any,
+      config?: AxiosRequestConfig  
+    ): OperationResponse<Paths.ListSecureProxyWhitelistHistory.Responses.$200>
+  }
   ['/v1/integrations/{integrationId}/app-mapping']: {
     /**
      * setIntegrationAppMapping - setIntegrationAppMapping
@@ -5683,6 +6117,7 @@ type EmbeddedSecureProxyUseCaseRequest = Components.Schemas.EmbeddedSecureProxyU
 type EmbeddedUseCaseRequest = Components.Schemas.EmbeddedUseCaseRequest;
 type EmbeddedUseCaseRequestBase = Components.Schemas.EmbeddedUseCaseRequestBase;
 type EntityUpdate = Components.Schemas.EntityUpdate;
+type EnvVarRefConfig = Components.Schemas.EnvVarRefConfig;
 type EnvironmentFieldConfig = Components.Schemas.EnvironmentFieldConfig;
 type ErpEvent = Components.Schemas.ErpEvent;
 type ErpEventV3 = Components.Schemas.ErpEventV3;
@@ -5749,6 +6184,9 @@ type OutboundStatusResponse = Components.Schemas.OutboundStatusResponse;
 type OutboundUseCase = Components.Schemas.OutboundUseCase;
 type OutboundUseCaseHistoryEntry = Components.Schemas.OutboundUseCaseHistoryEntry;
 type OutboundUseCaseStatus = Components.Schemas.OutboundUseCaseStatus;
+type PortalOrigin = Components.Schemas.PortalOrigin;
+type PortalRefConfig = Components.Schemas.PortalRefConfig;
+type PortalRefFilter = Components.Schemas.PortalRefFilter;
 type PruneScopeConfig = Components.Schemas.PruneScopeConfig;
 type QueryAccessLogsRequest = Components.Schemas.QueryAccessLogsRequest;
 type QueryEventsRequest = Components.Schemas.QueryEventsRequest;
@@ -5769,6 +6207,8 @@ type SecureProxySummary = Components.Schemas.SecureProxySummary;
 type SecureProxyUseCase = Components.Schemas.SecureProxyUseCase;
 type SecureProxyUseCaseConfiguration = Components.Schemas.SecureProxyUseCaseConfiguration;
 type SecureProxyUseCaseHistoryEntry = Components.Schemas.SecureProxyUseCaseHistoryEntry;
+type SecureProxyWhitelist = Components.Schemas.SecureProxyWhitelist;
+type SecureProxyWhitelistUpdate = Components.Schemas.SecureProxyWhitelistUpdate;
 type SetIntegrationAppMappingRequest = Components.Schemas.SetIntegrationAppMappingRequest;
 type TimeSeriesBreakdownItemV2 = Components.Schemas.TimeSeriesBreakdownItemV2;
 type TimeSeriesBucket = Components.Schemas.TimeSeriesBucket;
@@ -5793,4 +6233,4 @@ type UseCaseHistoryEntryBase = Components.Schemas.UseCaseHistoryEntryBase;
 type UseCaseTypePreview = Components.Schemas.UseCaseTypePreview;
 type WebhookStatus = Components.Schemas.WebhookStatus;
 
-export { type InboundMonitoringEvent as $, type AccessLogEntry as A, type ErpUpdatesEventsV3Request as B, type Client as C, type DeleteIntegrationAppMappingRequest as D, type EmbeddedFileProxyUseCaseRequest as E, type ErrorResponseBase as F, type FileProxyAuth as G, type FileProxyParam as H, type FileProxyResponseConfig as I, type FileProxySecureProxyAttachment as J, type FileProxyStep as K, type FileProxyUrlConfig as L, type FileProxyUrlParam as M, type FileProxyUrlParams as N, type OperationMethods as O, Paths as P, type FileProxyUseCase as Q, type FileProxyUseCaseConfiguration as R, type FileProxyUseCaseHistoryEntry as S, type GenerateTypesPreviewResponse as T, type GenerateTypesRequest as U, type GenerateTypesResponse as V, type GetMonitoringStatsRequest as W, type GetMonitoringStatsV2Request as X, type GetMonitoringTimeSeriesRequest as Y, type GetMonitoringTimeSeriesV2Request as Z, type InboundIntegrationEventConfiguration as _, Components as a, type TimeSeriesBucketV2 as a$, type InboundUseCase as a0, type InboundUseCaseHistoryEntry as a1, type Integration as a2, type IntegrationAppMapping as a3, type IntegrationConfigurationV1 as a4, type IntegrationConfigurationV2 as a5, type IntegrationEditableFields as a6, type IntegrationEntity as a7, type IntegrationEntityField as a8, type IntegrationFieldV1 as a9, type OutboundStatusResponse as aA, type OutboundUseCase as aB, type OutboundUseCaseHistoryEntry as aC, type OutboundUseCaseStatus as aD, type PruneScopeConfig as aE, type QueryAccessLogsRequest as aF, type QueryEventsRequest as aG, type QueryInboundMonitoringEventsRequest as aH, type QueryMonitoringEventsV2Request as aI, type QueryOutboundMonitoringEventsRequest as aJ, type RelationConfig as aK, type RelationItemConfig as aL, type RelationRefItemConfig as aM, type RelationRefValueConfig as aN, type RelationRefsConfig as aO, type RelationUniqueIdField as aP, type RepeatableFieldType as aQ, type ReplayEventsRequest as aR, type SecureProxyRequest as aS, type SecureProxyResponse as aT, type SecureProxySummary as aU, type SecureProxyUseCase as aV, type SecureProxyUseCaseConfiguration as aW, type SecureProxyUseCaseHistoryEntry as aX, type SetIntegrationAppMappingRequest as aY, type TimeSeriesBreakdownItemV2 as aZ, type TimeSeriesBucket as a_, type IntegrationMeterReading as aa, type IntegrationObjectV1 as ab, type IntegrationSettings as ac, type IntegrationWithUseCases as ad, type ManagedCallAuth as ae, type ManagedCallErrorResponse as af, type ManagedCallExecuteRequest as ag, type ManagedCallExecuteResponse as ah, type ManagedCallOperation as ai, type ManagedCallOperationConfig as aj, type ManagedCallUseCase as ak, type ManagedCallUseCaseHistoryEntry as al, type MappingSimulationRequest as am, type MappingSimulationResponse as an, type MappingSimulationV2Request as ao, type MappingSimulationWarning as ap, type MeterReadingPruneScopeConfig as aq, type MeterReadingUpdate as ar, type MeterUniqueIdsConfig as as, type MonitoringEventV2 as at, type MonitoringStats as au, type MonitoringStatsV2 as av, type OutboundConflict as aw, type OutboundIntegrationEventConfiguration as ax, type OutboundMapping as ay, type OutboundMonitoringEvent as az, type PathsDictionary as b, type TriggerErpActionRequest as b0, type TriggerWebhookResp as b1, type TypeAnnotations as b2, type TypeDescriptor as b3, type UpdateFileProxyUseCaseRequest as b4, type UpdateInboundUseCaseRequest as b5, type UpdateIntegrationRequest as b6, type UpdateManagedCallUseCaseRequest as b7, type UpdateOutboundUseCaseRequest as b8, type UpdateSecureProxyUseCaseRequest as b9, type UpdateUseCaseRequest as ba, type UpdateUseCaseRequestBase as bb, type UpsertIntegrationWithUseCasesRequest as bc, type UseCase as bd, type UseCaseBase as be, type UseCaseHistoryEntry as bf, type UseCaseHistoryEntryBase as bg, type UseCaseTypePreview as bh, type WebhookStatus as bi, type AutoRefreshSettings as c, type CommitTypesRequest as d, type CommitTypesResponse as e, type ConnectorConfig as f, type CreateFileProxyUseCaseRequest as g, type CreateInboundUseCaseRequest as h, type CreateIntegrationRequest as i, type CreateManagedCallUseCaseRequest as j, type CreateOutboundUseCaseRequest as k, type CreateSecureProxyUseCaseRequest as l, type CreateUseCaseRequest as m, type CreateUseCaseRequestBase as n, type DeliveryConfig as o, type EmbeddedInboundUseCaseRequest as p, type EmbeddedManagedCallUseCaseRequest as q, type EmbeddedOutboundUseCaseRequest as r, type EmbeddedSecureProxyUseCaseRequest as s, type EmbeddedUseCaseRequest as t, type EmbeddedUseCaseRequestBase as u, type EntityUpdate as v, type EnvironmentFieldConfig as w, type ErpEvent as x, type ErpEventV3 as y, type ErpUpdatesEventsV2Request as z };
+export { type InboundIntegrationEventConfiguration as $, type AccessLogEntry as A, type ErpUpdatesEventsV2Request as B, type Client as C, type DeleteIntegrationAppMappingRequest as D, type EmbeddedFileProxyUseCaseRequest as E, type ErpUpdatesEventsV3Request as F, type ErrorResponseBase as G, type FileProxyAuth as H, type FileProxyParam as I, type FileProxyResponseConfig as J, type FileProxySecureProxyAttachment as K, type FileProxyStep as L, type FileProxyUrlConfig as M, type FileProxyUrlParam as N, type OperationMethods as O, Paths as P, type FileProxyUrlParams as Q, type FileProxyUseCase as R, type FileProxyUseCaseConfiguration as S, type FileProxyUseCaseHistoryEntry as T, type GenerateTypesPreviewResponse as U, type GenerateTypesRequest as V, type GenerateTypesResponse as W, type GetMonitoringStatsRequest as X, type GetMonitoringStatsV2Request as Y, type GetMonitoringTimeSeriesRequest as Z, type GetMonitoringTimeSeriesV2Request as _, Components as a, type SecureProxyUseCaseHistoryEntry as a$, type InboundMonitoringEvent as a0, type InboundUseCase as a1, type InboundUseCaseHistoryEntry as a2, type Integration as a3, type IntegrationAppMapping as a4, type IntegrationConfigurationV1 as a5, type IntegrationConfigurationV2 as a6, type IntegrationEditableFields as a7, type IntegrationEntity as a8, type IntegrationEntityField as a9, type OutboundMonitoringEvent as aA, type OutboundStatusResponse as aB, type OutboundUseCase as aC, type OutboundUseCaseHistoryEntry as aD, type OutboundUseCaseStatus as aE, type PortalOrigin as aF, type PortalRefConfig as aG, type PortalRefFilter as aH, type PruneScopeConfig as aI, type QueryAccessLogsRequest as aJ, type QueryEventsRequest as aK, type QueryInboundMonitoringEventsRequest as aL, type QueryMonitoringEventsV2Request as aM, type QueryOutboundMonitoringEventsRequest as aN, type RelationConfig as aO, type RelationItemConfig as aP, type RelationRefItemConfig as aQ, type RelationRefValueConfig as aR, type RelationRefsConfig as aS, type RelationUniqueIdField as aT, type RepeatableFieldType as aU, type ReplayEventsRequest as aV, type SecureProxyRequest as aW, type SecureProxyResponse as aX, type SecureProxySummary as aY, type SecureProxyUseCase as aZ, type SecureProxyUseCaseConfiguration as a_, type IntegrationFieldV1 as aa, type IntegrationMeterReading as ab, type IntegrationObjectV1 as ac, type IntegrationSettings as ad, type IntegrationWithUseCases as ae, type ManagedCallAuth as af, type ManagedCallErrorResponse as ag, type ManagedCallExecuteRequest as ah, type ManagedCallExecuteResponse as ai, type ManagedCallOperation as aj, type ManagedCallOperationConfig as ak, type ManagedCallUseCase as al, type ManagedCallUseCaseHistoryEntry as am, type MappingSimulationRequest as an, type MappingSimulationResponse as ao, type MappingSimulationV2Request as ap, type MappingSimulationWarning as aq, type MeterReadingPruneScopeConfig as ar, type MeterReadingUpdate as as, type MeterUniqueIdsConfig as at, type MonitoringEventV2 as au, type MonitoringStats as av, type MonitoringStatsV2 as aw, type OutboundConflict as ax, type OutboundIntegrationEventConfiguration as ay, type OutboundMapping as az, type PathsDictionary as b, type SecureProxyWhitelist as b0, type SecureProxyWhitelistUpdate as b1, type SetIntegrationAppMappingRequest as b2, type TimeSeriesBreakdownItemV2 as b3, type TimeSeriesBucket as b4, type TimeSeriesBucketV2 as b5, type TriggerErpActionRequest as b6, type TriggerWebhookResp as b7, type TypeAnnotations as b8, type TypeDescriptor as b9, type UpdateFileProxyUseCaseRequest as ba, type UpdateInboundUseCaseRequest as bb, type UpdateIntegrationRequest as bc, type UpdateManagedCallUseCaseRequest as bd, type UpdateOutboundUseCaseRequest as be, type UpdateSecureProxyUseCaseRequest as bf, type UpdateUseCaseRequest as bg, type UpdateUseCaseRequestBase as bh, type UpsertIntegrationWithUseCasesRequest as bi, type UseCase as bj, type UseCaseBase as bk, type UseCaseHistoryEntry as bl, type UseCaseHistoryEntryBase as bm, type UseCaseTypePreview as bn, type WebhookStatus as bo, type AutoRefreshSettings as c, type CommitTypesRequest as d, type CommitTypesResponse as e, type ConnectorConfig as f, type CreateFileProxyUseCaseRequest as g, type CreateInboundUseCaseRequest as h, type CreateIntegrationRequest as i, type CreateManagedCallUseCaseRequest as j, type CreateOutboundUseCaseRequest as k, type CreateSecureProxyUseCaseRequest as l, type CreateUseCaseRequest as m, type CreateUseCaseRequestBase as n, type DeliveryConfig as o, type EmbeddedInboundUseCaseRequest as p, type EmbeddedManagedCallUseCaseRequest as q, type EmbeddedOutboundUseCaseRequest as r, type EmbeddedSecureProxyUseCaseRequest as s, type EmbeddedUseCaseRequest as t, type EmbeddedUseCaseRequestBase as u, type EntityUpdate as v, type EnvVarRefConfig as w, type EnvironmentFieldConfig as x, type ErpEvent as y, type ErpEventV3 as z };