@haimkastner/workforce-ai-mcp 1.0.0-rc.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +135 -0
- package/dist/core/consts.d.ts +9 -0
- package/dist/core/consts.js +9 -0
- package/dist/core/session.d.ts +29 -0
- package/dist/core/session.js +85 -0
- package/dist/core/streamable-http.d.ts +9 -0
- package/dist/core/streamable-http.js +107 -0
- package/dist/core/utils.d.ts +5 -0
- package/dist/core/utils.js +35 -0
- package/dist/executer/executer.d.ts +19 -0
- package/dist/executer/executer.js +104 -0
- package/dist/executer/validator.d.ts +5 -0
- package/dist/executer/validator.js +19 -0
- package/dist/index.d.ts +16 -0
- package/dist/index.js +121 -0
- package/dist/tool-filter.d.ts +12 -0
- package/dist/tool-filter.js +54 -0
- package/dist/tools/tools.g.d.ts +11 -0
- package/dist/tools/tools.g.js +3933 -0
- package/dist/types/types.d.ts +46 -0
- package/dist/types/types.js +8 -0
- package/openapi-mcp.json +1 -0
- package/package.json +45 -0
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
/**
|
|
3
|
+
* Interface for MCP Tool Definition
|
|
4
|
+
*/
|
|
5
|
+
export interface McpToolDefinition {
|
|
6
|
+
name: string;
|
|
7
|
+
description: string;
|
|
8
|
+
inputSchema: any;
|
|
9
|
+
method: string;
|
|
10
|
+
pathTemplate: string;
|
|
11
|
+
executionParameters: {
|
|
12
|
+
name: string;
|
|
13
|
+
in: string;
|
|
14
|
+
}[];
|
|
15
|
+
requestBodyContentType?: string;
|
|
16
|
+
securityRequirements: any[];
|
|
17
|
+
zodValidationSchema: z.ZodTypeAny;
|
|
18
|
+
}
|
|
19
|
+
/**
|
|
20
|
+
* Type definition for JSON objects
|
|
21
|
+
*/
|
|
22
|
+
export type JsonObject = Record<string, any>;
|
|
23
|
+
/**
|
|
24
|
+
* Enum for MCP transport modes
|
|
25
|
+
*/
|
|
26
|
+
export declare enum McpTransportMode {
|
|
27
|
+
HTTP = "http",
|
|
28
|
+
STDIO = "stdio"
|
|
29
|
+
}
|
|
30
|
+
/**
|
|
31
|
+
* OpenAPI spec types used for tool filtering
|
|
32
|
+
*/
|
|
33
|
+
export interface ToolOperation {
|
|
34
|
+
'x-tool-name'?: string;
|
|
35
|
+
'x-tool-description'?: string;
|
|
36
|
+
'x-access-mode'?: string;
|
|
37
|
+
operationId?: string;
|
|
38
|
+
summary?: string;
|
|
39
|
+
parameters?: unknown[];
|
|
40
|
+
requestBody?: unknown;
|
|
41
|
+
[key: string]: unknown;
|
|
42
|
+
}
|
|
43
|
+
export interface OpenApiSpec {
|
|
44
|
+
paths: Record<string, Record<string, ToolOperation>>;
|
|
45
|
+
[key: string]: unknown;
|
|
46
|
+
}
|
package/openapi-mcp.json
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"openapi":"3.1.0","info":{"title":"Workforce AI MCP API","description":"MCP (Model Context Protocol) API for Workforce AI — policy management, asset visibility, and apps catalog optimized for LLM tool consumption.\n\n## Authentication\nAll endpoints require a valid CloudInfra JWT token passed as a Bearer token in the `Authorization` header.\n\n### Obtaining a JWT Token\n1. Go to the [Infinity Portal API Keys page](https://portal.checkpoint.com/dashboard/settings/api-keys).\n2. Click **New** → **New Account API Key**.\n3. In the **Service** dropdown select **Workforce AI Security** and create the key.\n4. Use the generated API key to obtain a JWT token from CloudInfra.\n5. Include the JWT in every request:\n ```\n Authorization: Bearer <JWT_TOKEN>\n ```\n\n## Tool Access Modes\nEach operation is annotated with `x-access-mode` (read or write). The MCP server can be configured to expose only read tools by default.\n","version":"1.0.0"},"servers":[{"url":"https://cloudinfra-gw.portal.checkpoint.com","description":"Europe Region"},{"url":"https://cloudinfra-gw-us.portal.checkpoint.com","description":"United States Region"}],"paths":{"/app/genai-protect-policy/mcp/v1/policy/chats/rulebase":{"get":{"tags":["MCP Policy Rules"],"summary":"List all GenAI DLP chat rules","operationId":"list_chats_rules_mcp_v1_policy_chats_rulebase_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GetRulebaseResponse"}}}}},"security":[{"HTTPBearer":[]}],"x-tool-name":"list_chats_rules","x-tool-description":"List all Chats (GenAI DLP) rules. Each rule defines data-loss-prevention policies for AI chat interactions including prompt/response inspection, sensitive-data detection, and file transfer controls. Returns rules ordered by priority.","x-access-mode":"read"}},"/app/genai-protect-policy/mcp/v1/policy/ai-access/rulebase":{"get":{"tags":["MCP Policy Rules"],"summary":"List all AI Access rules","operationId":"list_ai_access_rules_mcp_v1_policy_ai_access_rulebase_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GetRulebaseResponse"}}}}},"security":[{"HTTPBearer":[]}],"x-tool-name":"list_ai_access_rules","x-tool-description":"List all AI Access rules that control which AI services and applications users are allowed to interact with. Each rule specifies allow/block decisions per service. Returns rules ordered by priority.","x-access-mode":"read"}},"/app/genai-protect-policy/mcp/v1/policy/web-access/rulebase":{"get":{"tags":["MCP Policy Rules"],"summary":"List all Web Access rules","operationId":"list_web_access_rules_mcp_v1_policy_web_access_rulebase_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GetRulebaseResponse"}}}}},"security":[{"HTTPBearer":[]}],"x-tool-name":"list_web_access_rules","x-tool-description":"List all Web Access rules for Browse Security. These rules control which websites and web applications users can access through browser security. Returns rules ordered by priority.","x-access-mode":"read"}},"/app/genai-protect-policy/mcp/v1/policy/agents/rulebase":{"get":{"tags":["MCP Policy Rules"],"summary":"List all Agents rules","operationId":"list_agents_rules_mcp_v1_policy_agents_rulebase_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GetRulebaseResponse"}}}}},"security":[{"HTTPBearer":[]}],"x-tool-name":"list_agents_rules","x-tool-description":"List all Agents (MCP Server) rules that govern agent interactions. These rules control which tools agents can invoke and what access controls apply to agent operations. Returns rules ordered by priority.","x-access-mode":"read"}},"/app/genai-protect-policy/mcp/v1/policy/secure-browsing/rulebase":{"get":{"tags":["MCP Policy Rules"],"summary":"List all Secure Browsing rules","operationId":"list_secure_browsing_rules_mcp_v1_policy_secure_browsing_rulebase_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GetRulebaseResponse"}}}}},"security":[{"HTTPBearer":[]}],"x-tool-name":"list_secure_browsing_rules","x-tool-description":"List all Secure Browsing threat-prevention rules. These rules define phishing protection, password-reuse detection, and domain-based filtering for web browsing. Returns rules ordered by priority.","x-access-mode":"read"}},"/app/genai-protect-policy/mcp/v1/policy/dlp/rulebase":{"get":{"tags":["MCP Policy Rules"],"summary":"List all Browse DLP rules","operationId":"list_dlp_rules_mcp_v1_policy_dlp_rulebase_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GetRulebaseResponse"}}}}},"security":[{"HTTPBearer":[]}],"x-tool-name":"list_dlp_rules","x-tool-description":"List all Browse DLP (Data Loss Prevention) rules for browser security. These rules control data protection for web browsing sessions including file uploads, downloads, and clipboard operations. Returns rules ordered by priority.","x-access-mode":"read"}},"/app/genai-protect-policy/mcp/v1/rules/set-info":{"put":{"tags":["MCP Rule Mutations"],"summary":"Update a rule's name and description","operationId":"set_rule_info_mcp_v1_rules_set_info_put","security":[{"HTTPBearer":[]}],"parameters":[{"name":"rule_id","in":"query","required":true,"schema":{"type":"string","description":"UUID of the rule to update","title":"Rule Id"},"description":"UUID of the rule to update"},{"name":"name","in":"query","required":true,"schema":{"type":"string","description":"New human-readable name for the rule","title":"Name"},"description":"New human-readable name for the rule"},{"name":"description","in":"query","required":false,"schema":{"type":"string","description":"New description of the rule's purpose","default":"","title":"Description"},"description":"New description of the rule's purpose"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"type":"object","additionalProperties":true,"title":"Response Set Rule Info Mcp V1 Rules Set Info Put"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}},"x-tool-name":"set_rule_info","x-tool-description":"Update the display name and description of a rule identified by its UUID. Does not change the rule's policy, assignments, or position.","x-access-mode":"write"}},"/app/genai-protect-policy/mcp/v1/rules/set-active":{"put":{"tags":["MCP Rule Mutations"],"summary":"Enable or disable a rule","operationId":"set_rule_active_mcp_v1_rules_set_active_put","security":[{"HTTPBearer":[]}],"parameters":[{"name":"rule_id","in":"query","required":true,"schema":{"type":"string","description":"UUID of the rule to update","title":"Rule Id"},"description":"UUID of the rule to update"},{"name":"active","in":"query","required":true,"schema":{"type":"boolean","description":"true to enforce the rule, false to skip it","title":"Active"},"description":"true to enforce the rule, false to skip it"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"type":"object","additionalProperties":true,"title":"Response Set Rule Active Mcp V1 Rules Set Active Put"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}},"x-tool-name":"set_rule_active","x-tool-description":"Enable or disable a rule without deleting it. Inactive rules remain in the rulebase but are skipped during policy evaluation. Pass active=true to enforce or active=false to skip.","x-access-mode":"write"}},"/app/genai-protect-policy/mcp/v1/rules/reorder":{"put":{"tags":["MCP Rule Mutations"],"summary":"Change a rule's priority position","operationId":"reorder_rule_mcp_v1_rules_reorder_put","security":[{"HTTPBearer":[]}],"parameters":[{"name":"rule_id","in":"query","required":true,"schema":{"type":"string","description":"UUID of the rule to reorder","title":"Rule Id"},"description":"UUID of the rule to reorder"},{"name":"new_order","in":"query","required":true,"schema":{"type":"integer","description":"Target position (1-based). Lower = higher priority","title":"New Order"},"description":"Target position (1-based). Lower = higher priority"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"type":"object","additionalProperties":true,"title":"Response Reorder Rule Mcp V1 Rules Reorder Put"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}},"x-tool-name":"reorder_rule","x-tool-description":"Move a rule to a new position in the rulebase. Lower positions have higher priority and are evaluated first. Other rules shift automatically to accommodate.","x-access-mode":"write"}},"/app/genai-protect-policy/mcp/v1/rules/delete":{"delete":{"tags":["MCP Rule Mutations"],"summary":"Permanently delete a rule","operationId":"delete_rule_mcp_v1_rules_delete_delete","security":[{"HTTPBearer":[]}],"parameters":[{"name":"rule_id","in":"query","required":true,"schema":{"type":"string","description":"UUID of the rule to delete","title":"Rule Id"},"description":"UUID of the rule to delete"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/CommonDeleteRuleResponse"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}},"x-tool-name":"delete_rule","x-tool-description":"Permanently delete a rule from the rulebase by its UUID. This action cannot be undone. Remaining rules are re-ordered automatically.","x-access-mode":"write"}},"/app/genai-protect-policy/mcp/v1/rules/chats/create":{"post":{"tags":["MCP Rule Mutations"],"summary":"Create a Chats DLP rule","operationId":"create_chats_rule_mcp_v1_rules_chats_create_post","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AddChatsRuleRequest"}}},"required":true},"responses":{"201":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AddRuleResponse"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}},"security":[{"HTTPBearer":[]}],"x-tool-name":"create_chats_rule","x-tool-description":"Create a new Chats (GenAI DLP) rule. Provide a name, priority order, and a policy object defining prompt/response inspection, sensitive-data detection, and file transfer controls. Optionally assign to specific users or groups.","x-access-mode":"write"}},"/app/genai-protect-policy/mcp/v1/rules/ai-access/create":{"post":{"tags":["MCP Rule Mutations"],"summary":"Create an AI Access rule","operationId":"create_ai_access_rule_mcp_v1_rules_ai_access_create_post","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AddAccessRuleRequest"}}},"required":true},"responses":{"201":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AddRuleResponse"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}},"security":[{"HTTPBearer":[]}],"x-tool-name":"create_ai_access_rule","x-tool-description":"Create a new AI Access rule that controls which AI services and applications users can interact with. Provide a name, priority order, and a policy defining allow/block decisions per service.","x-access-mode":"write"}},"/app/genai-protect-policy/mcp/v1/rules/agents/create":{"post":{"tags":["MCP Rule Mutations"],"summary":"Create an Agents rule","operationId":"create_agents_rule_mcp_v1_rules_agents_create_post","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AddMCPServerRuleRequest"}}},"required":true},"responses":{"201":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AddRuleResponse"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}},"security":[{"HTTPBearer":[]}],"x-tool-name":"create_agents_rule","x-tool-description":"Create a new Agents (MCP Server) rule that governs agent interactions. Define which tools agents can invoke and access controls for agent operations.","x-access-mode":"write"}},"/app/genai-protect-policy/mcp/v1/rules/dlp/create":{"post":{"tags":["MCP Rule Mutations"],"summary":"Create a Browse DLP rule","operationId":"create_dlp_rule_mcp_v1_rules_dlp_create_post","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AddChatsRuleRequest"}}},"required":true},"responses":{"201":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AddRuleResponse"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}},"security":[{"HTTPBearer":[]}],"x-tool-name":"create_dlp_rule","x-tool-description":"Create a new Browse DLP rule for data loss prevention during web browsing. Controls file uploads, downloads, and clipboard operations.","x-access-mode":"write"}},"/app/genai-protect-policy/mcp/v1/rules/secure-browsing/create":{"post":{"tags":["MCP Rule Mutations"],"summary":"Create a Secure Browsing rule","operationId":"create_secure_browsing_rule_mcp_v1_rules_secure_browsing_create_post","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AddSecureBrowsingRuleRequest"}}},"required":true},"responses":{"201":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AddRuleResponse"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}},"security":[{"HTTPBearer":[]}],"x-tool-name":"create_secure_browsing_rule","x-tool-description":"Create a new Secure Browsing threat-prevention rule. Define phishing protection, password-reuse detection, and domain-based filtering for web browsing.","x-access-mode":"write"}},"/app/genai-protect-policy/mcp/v1/objects/file-protection":{"get":{"tags":["MCP Objects"],"summary":"List all file-protection objects","operationId":"list_file_protection_objects_mcp_v1_objects_file_protection_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GetFileProtectionObjectsResponse"}}}}},"security":[{"HTTPBearer":[]}],"x-tool-name":"list_file_protection_objects","x-tool-description":"List all file-protection policy objects. These reusable objects define file scanning and emulation settings (download/upload actions, size limits) that can be shared across multiple rules.","x-access-mode":"read"}},"/app/genai-protect-policy/mcp/v1/objects/domains":{"get":{"tags":["MCP Objects"],"summary":"List all domains objects","operationId":"list_domains_objects_mcp_v1_objects_domains_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GetDomainsObjectsResponse"}}}}},"security":[{"HTTPBearer":[]}],"x-tool-name":"list_domains_objects","x-tool-description":"List all domains policy objects. These reusable objects define domain allow/block lists that can be shared across multiple rules for domain-based filtering.","x-access-mode":"read"}},"/app/genai-protect-policy/mcp/v1/dlp-datatypes/all":{"get":{"tags":["MCP DLP Datatypes"],"summary":"List all DLP data types","operationId":"list_dlp_datatypes_mcp_v1_dlp_datatypes_all_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GetDlpDataTypesResponse"}}}}},"security":[{"HTTPBearer":[]}],"x-tool-name":"list_dlp_datatypes","x-tool-description":"List all available DLP data types (both predefined and custom). Data types define what sensitive information patterns (credit cards, SSNs, etc.) the DLP engine can detect in chat messages and file transfers.","x-access-mode":"read"}},"/app/genai-protect-policy/mcp/v1/dlp-datatypes/tenant":{"get":{"tags":["MCP DLP Datatypes"],"summary":"Get tenant DLP datatype configuration","operationId":"get_tenant_dlp_datatypes_mcp_v1_dlp_datatypes_tenant_get","responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GetDlpTenantDataTypesResponse"}}}}},"security":[{"HTTPBearer":[]}],"x-tool-name":"get_tenant_dlp_datatypes","x-tool-description":"Get the tenant-specific DLP datatype configuration showing which data types are currently enabled for detection in this tenant's policies.","x-access-mode":"read"}},"/app/genai-protect-policy/mcp/v1/simulation/shadow":{"get":{"tags":["MCP Policy Simulation"],"summary":"Analyze rulebase for shadowed rules","operationId":"analyze_shadow_rules_mcp_v1_simulation_shadow_get","security":[{"HTTPBearer":[]}],"parameters":[{"name":"policy_type","in":"query","required":true,"schema":{"$ref":"#/components/schemas/PolicyType","description":"Policy type to analyze. Allowed values: POLICY_TYPE_DLP (Chats/DLP rules), POLICY_TYPE_ACCESS (AI Access/Web Access rules), POLICY_TYPE_MCP_SERVER (Agents rules), POLICY_TYPE_PAAS (PaaS environment rules), POLICY_TYPE_THREAT_PREVENTION (Secure Browsing rules)"},"description":"Policy type to analyze. Allowed values: POLICY_TYPE_DLP (Chats/DLP rules), POLICY_TYPE_ACCESS (AI Access/Web Access rules), POLICY_TYPE_MCP_SERVER (Agents rules), POLICY_TYPE_PAAS (PaaS environment rules), POLICY_TYPE_THREAT_PREVENTION (Secure Browsing rules)"},{"name":"tag","in":"query","required":true,"schema":{"$ref":"#/components/schemas/RuleTag","description":"Rule tag context: 'genai' for AI Security rules, 'browsing' for Browse Security rules, 'general' for product-agnostic rules"},"description":"Rule tag context: 'genai' for AI Security rules, 'browsing' for Browse Security rules, 'general' for product-agnostic rules"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ShadowAnalysisResponse"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}},"x-tool-name":"analyze_shadow_rules","x-tool-description":"Find unreachable (shadowed) rules in a rulebase. A rule is shadowed when a higher-priority rule already covers every possible request it could match, making it effectively dead. Returns each shadowed rule with a human-readable explanation of why it is unreachable and which rule shadows it.","x-access-mode":"read"}},"/app/genai-protect-policy/mcp/v1/simulation/resolve":{"post":{"tags":["MCP Policy Simulation"],"summary":"Resolve the matching rule for a user and target","operationId":"resolve_matching_rule_mcp_v1_simulation_resolve_post","requestBody":{"content":{"application/json":{"schema":{"oneOf":[{"$ref":"#/components/schemas/ResolveDLPRequest"},{"$ref":"#/components/schemas/ResolveAccessRequest"},{"$ref":"#/components/schemas/ResolveMCPRequest"},{"$ref":"#/components/schemas/ResolvePaaSRequest"},{"$ref":"#/components/schemas/ResolveTPRequest"}],"title":"Request","discriminator":{"propertyName":"policy_type","mapping":{"POLICY_TYPE_DLP":"#/components/schemas/ResolveDLPRequest","POLICY_TYPE_ACCESS":"#/components/schemas/ResolveAccessRequest","POLICY_TYPE_MCP_SERVER":"#/components/schemas/ResolveMCPRequest","POLICY_TYPE_PAAS":"#/components/schemas/ResolvePaaSRequest","POLICY_TYPE_THREAT_PREVENTION":"#/components/schemas/ResolveTPRequest"}}}}},"required":true},"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResolveResponse"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}},"security":[{"HTTPBearer":[]}],"x-tool-name":"resolve_matching_rule","x-tool-description":"Given a user and target, determine which rule in the rulebase would apply. Simulates policy evaluation to find the single winning rule. The request body varies by policy_type — only these types are supported:\n- POLICY_TYPE_DLP: requires user_id, tag, and target with event_type + one of domain/url/genai_app/category_id\n- POLICY_TYPE_ACCESS: requires user_id, tag, and target with one of domain/url/genai_app/category_id\n- POLICY_TYPE_MCP_SERVER: requires user_id and target with client/server/tool info\n- POLICY_TYPE_PAAS: requires tag and target with environment_id (no user)\n- POLICY_TYPE_THREAT_PREVENTION: requires user_id only\n\nReturns the matched rule's ID, name, and priority order, or null if no rule matches.","x-access-mode":"read"}},"/app/genai-protect-assets/mcp/v1/assets":{"get":{"tags":["MCP Assets"],"summary":"Search deployed assets with filters, sorting, and pagination","operationId":"search_assets_mcp_v1_assets_get","security":[{"HTTPBearer":[]}],"parameters":[{"name":"search","in":"query","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"description":"Free text search across device name and user name","title":"Search"},"description":"Free text search across device name and user name"},{"name":"filter_field","in":"query","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"description":"Comma-separated field names to filter on. Options: device_name, device_sid, device_created_at, device_updated_at, user_name, user_display_name, user_samname, user_created_at, user_updated_at, last_connected, os, os_version, device_type, ip, installer_version, chrome_extension_version, firefox_extension_version, edge_extension_version, brave_extension_version, mcp_version, proxy_version","title":"Filter Field"},"description":"Comma-separated field names to filter on. Options: device_name, device_sid, device_created_at, device_updated_at, user_name, user_display_name, user_samname, user_created_at, user_updated_at, last_connected, os, os_version, device_type, ip, installer_version, chrome_extension_version, firefox_extension_version, edge_extension_version, brave_extension_version, mcp_version, proxy_version"},{"name":"filter_operator","in":"query","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"description":"Comma-separated operators, one per filter_field. Text fields: equals, in, contains. Date fields: gte, lte, between. Enum fields (os, device_type): equals, in.","title":"Filter Operator"},"description":"Comma-separated operators, one per filter_field. Text fields: equals, in, contains. Date fields: gte, lte, between. Enum fields (os, device_type): equals, in."},{"name":"filter_value","in":"query","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"description":"Comma-separated single values, one per filter_field. Used with equals, contains, gte, lte operators.","title":"Filter Value"},"description":"Comma-separated single values, one per filter_field. Used with equals, contains, gte, lte operators."},{"name":"filter_values","in":"query","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"description":"Multi-value filters for 'in' and 'between' operators. Semicolon-separated per filter, comma-separated per value within. Example for two filters: 'windows,linux;2024-01-01,2024-12-31'","title":"Filter Values"},"description":"Multi-value filters for 'in' and 'between' operators. Semicolon-separated per filter, comma-separated per value within. Example for two filters: 'windows,linux;2024-01-01,2024-12-31'"},{"name":"sort_field","in":"query","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"description":"Comma-separated field names to sort by (same options as filter_field)","title":"Sort Field"},"description":"Comma-separated field names to sort by (same options as filter_field)"},{"name":"sort_order","in":"query","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"description":"Comma-separated sort orders, one per sort_field. Options: asc, desc (default: desc)","title":"Sort Order"},"description":"Comma-separated sort orders, one per sort_field. Options: asc, desc (default: desc)"},{"name":"joins","in":"query","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"description":"Comma-separated domains to include in the response. Options: users, pings, deployment, policy, status, environment. Omit to return device info only.","title":"Joins"},"description":"Comma-separated domains to include in the response. Options: users, pings, deployment, policy, status, environment. Omit to return device info only."},{"name":"limit","in":"query","required":false,"schema":{"type":"integer","maximum":1000,"minimum":1,"description":"Number of results per page (max 1000)","default":50,"title":"Limit"},"description":"Number of results per page (max 1000)"},{"name":"offset","in":"query","required":false,"schema":{"type":"integer","minimum":0,"description":"Number of results to skip for pagination","default":0,"title":"Offset"},"description":"Number of results to skip for pagination"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AssetsResponse"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}},"x-tool-name":"search_assets","x-tool-description":"Search deployed assets (endpoints/devices) with optional filtering, sorting, text search, and pagination. Returns device info, user, deployment status, health, and policy versions.\n\n**Filtering:** Use filter_field, filter_operator, and filter_value as comma-separated lists (positionally matched). For multi-value operators (in, between) use filter_values with semicolons between filters and commas between values.\n\nAvailable fields: device_name, device_sid, device_created_at, device_updated_at, user_name, user_display_name, user_samname, user_created_at, user_updated_at, last_connected, os, os_version, device_type, ip, installer_version, chrome_extension_version, firefox_extension_version, edge_extension_version, brave_extension_version, mcp_version, proxy_version.\n\nOperators: equals, in, contains (text fields), gte, lte, between (date fields).\n\n**Sorting:** Use sort_field and sort_order as comma-separated lists.\n\n**Search:** Free text search across device name and user name.\n\nExamples:\n- Filter by OS: filter_field=os&filter_operator=equals&filter_value=windows\n- Multiple filters: filter_field=os,device_name&filter_operator=equals,contains&filter_value=windows,laptop\n- Sort by name: sort_field=device_name&sort_order=asc\n- Text search: search=john","x-access-mode":"read"}},"/app/genai-protect-assets/mcp/v1/assets/count":{"get":{"tags":["MCP Assets"],"summary":"Count deployed assets with optional filters","operationId":"count_assets_mcp_v1_assets_count_get","security":[{"HTTPBearer":[]}],"parameters":[{"name":"search","in":"query","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"description":"Free text search across device name and user name","title":"Search"},"description":"Free text search across device name and user name"},{"name":"filter_field","in":"query","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"description":"Comma-separated field names to filter on","title":"Filter Field"},"description":"Comma-separated field names to filter on"},{"name":"filter_operator","in":"query","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"description":"Comma-separated operators, one per filter_field","title":"Filter Operator"},"description":"Comma-separated operators, one per filter_field"},{"name":"filter_value","in":"query","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"description":"Comma-separated single values, one per filter_field","title":"Filter Value"},"description":"Comma-separated single values, one per filter_field"},{"name":"filter_values","in":"query","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"description":"Multi-value filters (semicolon-separated per filter, comma-separated per value)","title":"Filter Values"},"description":"Multi-value filters (semicolon-separated per filter, comma-separated per value)"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AssetsCountResponse"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}},"x-tool-name":"count_assets","x-tool-description":"Get the total count of deployed assets, optionally filtered. Supports the same filter_field, filter_operator, filter_value, filter_values and search params as search_assets. Useful for dashboards and summaries.","x-access-mode":"read"}},"/app/genai-protect-assets/mcp/v1/users":{"get":{"tags":["MCP Users"],"summary":"Search users","operationId":"search_users_mcp_v1_users_get","security":[{"HTTPBearer":[]}],"parameters":[{"name":"search","in":"query","required":false,"schema":{"anyOf":[{"type":"string"},{"type":"null"}],"description":"Case-insensitive search on user name and display name","title":"Search"},"description":"Case-insensitive search on user name and display name"},{"name":"limit","in":"query","required":false,"schema":{"type":"integer","maximum":100,"minimum":1,"description":"Number of results per page (max 100)","default":50,"title":"Limit"},"description":"Number of results per page (max 100)"},{"name":"offset","in":"query","required":false,"schema":{"type":"integer","minimum":0,"description":"Number of results to skip for pagination","default":0,"title":"Offset"},"description":"Number of results to skip for pagination"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UsersResponse"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}},"x-tool-name":"search_users","x-tool-description":"Search users in the organization with optional text search and pagination. Returns user IDs, names, display names, and SAM account names. Use when you need to find user identifiers for policy rule assignments.","x-access-mode":"read"}},"/app/genai-protect-apps/mcp/v1/apps/search":{"get":{"tags":["MCP Apps Catalog"],"summary":"Search GenAI apps catalog","operationId":"search_apps_mcp_v1_apps_search_get","security":[{"HTTPBearer":[]}],"parameters":[{"name":"search","in":"query","required":true,"schema":{"type":"string","minLength":1,"maxLength":200,"description":"Search term (app name, description, or URL)","title":"Search"},"description":"Search term (app name, description, or URL)"},{"name":"search_by","in":"query","required":false,"schema":{"$ref":"#/components/schemas/SearchBy","description":"Search mode: 'name' matches app name only, 'name_and_description' matches both, 'url' matches app URL","default":"name"},"description":"Search mode: 'name' matches app name only, 'name_and_description' matches both, 'url' matches app URL"}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AppSearchResponse"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}},"x-tool-name":"search_apps","x-tool-description":"Search the GenAI apps catalog by name, description, or URL. Returns up to 10 matching apps with their ID, name, description, and page URL. Use this to find app IDs needed for AI Access policy rules.","x-access-mode":"read"}},"/app/genai-protect-apps/mcp/v1/apps/by-ids":{"get":{"tags":["MCP Apps Catalog"],"summary":"Get GenAI apps by IDs","operationId":"get_apps_by_ids_mcp_v1_apps_by_ids_get","security":[{"HTTPBearer":[]}],"parameters":[{"name":"ids","in":"query","required":true,"schema":{"type":"string","description":"Comma-separated list of app IDs (e.g. '123,456,789'). Max 100 IDs.","title":"Ids"},"description":"Comma-separated list of app IDs (e.g. '123,456,789'). Max 100 IDs."}],"responses":{"200":{"description":"Successful Response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/AppsByIdsResponse"}}}},"422":{"description":"Validation Error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/HTTPValidationError"}}}}},"x-tool-name":"get_apps_by_ids","x-tool-description":"Get specific GenAI apps from the catalog by their numeric IDs. Pass a comma-separated list of app IDs. Returns app details including name, description, and page URL.","x-access-mode":"read"}}},"components":{"schemas":{"AccessPolicy":{"properties":{"services_and_application":{"anyOf":[{"$ref":"#/components/schemas/ServicesAndApplication"},{"type":"null"}],"description":"Services and application configuration"},"action":{"anyOf":[{"type":"string","enum":["block","allow","ask"]},{"type":"null"}],"title":"Action","description":"Action to take for access control"},"logging":{"anyOf":[{"$ref":"#/components/schemas/LoggingStatus"},{"type":"null"}],"description":"Whether logging is enabled"},"download_file_protection":{"anyOf":[{"$ref":"#/components/schemas/FileDownloadActionSupported"},{"type":"null"}],"description":"File download protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules."},"upload_file_protection":{"anyOf":[{"$ref":"#/components/schemas/FileUploadActionSupported"},{"type":"null"}],"description":"File upload protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules."}},"type":"object","title":"AccessPolicy"},"AccessTarget":{"properties":{"domain":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Domain","description":"Domain name or IPv4 address"},"url":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Url","description":"Full URL"},"genai_app":{"anyOf":[{"$ref":"#/components/schemas/SimulationGenAIApp"},{"type":"null"}],"description":"GenAI application target"},"category_id":{"anyOf":[{"$ref":"#/components/schemas/URLFCategory"},{"type":"null"}],"description":"URLF category ID"}},"type":"object","title":"AccessTarget","description":"Target for ACCESS rules. Exactly ONE target field must be set."},"Account":{"properties":{"account_id":{"type":"string","title":"Account Id","description":"Account identifier"}},"type":"object","required":["account_id"],"title":"Account","description":"External-safe twin of Account."},"AccountSelectionMode":{"type":"string","enum":["all","selected_account"],"title":"AccountSelectionMode","description":"Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."},"AddAccessRuleRequest":{"properties":{"name":{"type":"string","title":"Name","description":"Human-readable rule name"},"description":{"type":"string","title":"Description","description":"Explanation of the rule's purpose","default":""},"order":{"type":"integer","title":"Order","description":"Position in the rulebase; lower values are evaluated first and take precedence"},"policy":{"$ref":"#/components/schemas/AccessPolicy","description":"Access control policy configuration"},"source":{"items":{"$ref":"#/components/schemas/Assignment"},"type":"array","title":"Source","description":"Users or groups this rule applies to; empty means all users"}},"type":"object","required":["name","order","policy"],"title":"AddAccessRuleRequest","description":"Create a new Access rule.\n\nAccess rules control which AI services and applications users are allowed\nto interact with, including allow/block decisions per service."},"AddChatsRuleRequest":{"properties":{"name":{"type":"string","title":"Name","description":"Human-readable rule name"},"description":{"type":"string","title":"Description","description":"Explanation of the rule's purpose","default":""},"order":{"type":"integer","title":"Order","description":"Position in the rulebase; lower values are evaluated first and take precedence"},"policy":{"$ref":"#/components/schemas/ChatsPolicy","description":"Chats policy configuration for chat interactions"},"source":{"items":{"$ref":"#/components/schemas/Assignment"},"type":"array","title":"Source","description":"Users or groups this rule applies to; empty means all users"}},"type":"object","required":["name","order","policy"],"title":"AddChatsRuleRequest","description":"Create a new Chats rule.\n\nChats rules control data-loss-prevention for AI chat interactions:\nprompt/response inspection, sensitive-data detection, and file transfer policies."},"AddMCPServerRuleRequest":{"properties":{"name":{"type":"string","title":"Name","description":"Human-readable rule name"},"description":{"type":"string","title":"Description","description":"Explanation of the rule's purpose","default":""},"order":{"type":"integer","title":"Order","description":"Position in the rulebase; lower values are evaluated first and take precedence"},"policy":{"$ref":"#/components/schemas/AgentsPolicy","description":"Agents policy configuration"},"source":{"items":{"$ref":"#/components/schemas/Assignment"},"type":"array","title":"Source","description":"Users or groups this rule applies to; empty means all users"}},"type":"object","required":["name","order","policy"],"title":"AddMCPServerRuleRequest","description":"Create a new Agents rule.\n\nAgents rules govern agent interactions, including which tools\nagents can invoke and what access controls apply to agent operations."},"AddRuleResponse":{"properties":{"rule_id":{"type":"string","title":"Rule Id","description":"The UUID of the newly created rule"}},"type":"object","required":["rule_id"],"title":"AddRuleResponse","description":"Response returned after creating a rule."},"AddSecureBrowsingRuleRequest":{"properties":{"name":{"type":"string","title":"Name","description":"Human-readable rule name"},"description":{"type":"string","title":"Description","description":"Explanation of the rule's purpose","default":""},"order":{"type":"integer","title":"Order","description":"Position in the rulebase; lower values are evaluated first and take precedence"},"policy":{"$ref":"#/components/schemas/SecureBrowsingPolicy","description":"Secure Browsing policy configuration"},"source":{"items":{"$ref":"#/components/schemas/Assignment"},"type":"array","title":"Source","description":"Users or groups this rule applies to; empty means all users"}},"type":"object","required":["name","order","policy"],"title":"AddSecureBrowsingRuleRequest","description":"Create a new Secure Browsing rule.\n\nSecure Browsing rules define threat-prevention policies for web browsing:\nphishing protection, password-reuse detection, and domain-based filtering."},"AgentsPolicy":{"properties":{"action":{"anyOf":[{"type":"string","enum":["block","allow","ask"]},{"type":"null"}],"title":"Action","description":"Action to take for MCP server"},"logging":{"anyOf":[{"$ref":"#/components/schemas/LoggingStatus"},{"type":"null"}],"description":"Whether logging is enabled"},"clients":{"anyOf":[{"$ref":"#/components/schemas/MCPClients"},{"type":"null"}],"description":"Desktop clients selection"},"servers":{"anyOf":[{"$ref":"#/components/schemas/MCPServers"},{"type":"null"}],"description":"MCP servers configuration"},"tooling":{"anyOf":[{"$ref":"#/components/schemas/Tooling"},{"type":"null"}],"description":"Tooling configuration for MCP"}},"type":"object","title":"AgentsPolicy"},"Assignment":{"properties":{"assignment_id":{"type":"string","format":"uuid","title":"Assignment Id","description":"ID of the user or group"},"display_name":{"type":"string","title":"Display Name","description":"Human-readable name of the user or group"},"assignment_type":{"$ref":"#/components/schemas/AssignmentType","description":"Whether this is a user, group, or entire-org assignment"}},"type":"object","required":["assignment_id","display_name","assignment_type"],"title":"Assignment","description":"External-safe twin of Assignment."},"AssignmentType":{"type":"string","enum":["ASSIGNMENT_TYPE_USER","ASSIGNMENT_TYPE_GROUP","ASSIGNMENT_TYPE_ENTIRE_ORG"],"title":"AssignmentType"},"CategoryItem":{"properties":{"category_id":{"$ref":"#/components/schemas/URLFCategory","description":"Category ID from the supported URLF categories. The following categories are available:\n\n| Category | ID |\n|---|---|\n| Uncategorized | 0 |\n| Computers & Internet | 1 |\n| Education | 3 |\n| Entertainment | 5 |\n| Financial Services | 7 |\n| Gambling | 9 |\n| Government / Military | 11 |\n| Greeting Cards | 12 |\n| Hacking | 13 |\n| Hate / Racism | 14 |\n| Health | 15 |\n| Illegal / Questionable | 17 |\n| Illegal Drugs | 18 |\n| Job Search / Careers | 21 |\n| Media Streams | 23 |\n| News / Media | 24 |\n| Newsgroups / Forums | 25 |\n| Nudity | 26 |\n| Personals / Dating | 30 |\n| Phishing | 31 |\n| Political / Legal | 32 |\n| Pornography | 33 |\n| Real Estate | 34 |\n| Recreation | 35 |\n| Religion | 37 |\n| Restaurants / Dining / Food | 39 |\n| Sex Education | 41 |\n| Shopping | 42 |\n| Alcohol / Tobacco | 45 |\n| Art / Culture | 47 |\n| Blogs / Personal Pages | 49 |\n| Business / Economy | 51 |\n| Software Downloads | 53 |\n| Sports | 54 |\n| Spyware / Malicious Sites | 55 |\n| Tasteless | 56 |\n| Translation | 58 |\n| Travel | 59 |\n| Vehicles | 60 |\n| Violence | 61 |\n| Weapons | 62 |\n| Botnets | 65 |\n| Spam | 66 |\n| Inactive Sites | 67 |\n| Fashion | 68 |\n| Non-Profits / NGOs | 69 |\n| Sex | 70 |\n| General | 71 |\n| Nature / Conservation | 72 |\n| Child Abuse | 73 |\n| URL Filtering | 74 |\n| Lifestyle | 75 |\n| Lingerie / Swimsuit / Suggestive | 76 |\n| Suspicious Content | 77 |\n| Marijuana | 78 |\n| Web Advertisements | 50000032 |\n| Instant Chat | 50000086 |\n| Very Low Risk | 51000001 |\n| Low Risk | 51000002 |\n| Medium Risk | 51000003 |\n| High Risk | 51000004 |\n| Critical Risk | 51000005 |\n| Anonymizer | 52000038 |\n| P2P File Sharing | 52000046 |\n| Instant Messaging | 52000047 |\n| Media Sharing | 52000051 |\n| Games | 52000058 |\n| Social Networking | 52000069 |\n| Email | 52000130 |\n| Search Engines / Portals | 52000132 |\n| File Storage / Sharing | 52000136 |\n| Keyloggers | 60530540 |\n| Occult | 60530541 |\n| Hosting Sites | 60530542 |\n| DDNS / Dynamic DNS | 60530648 |\n| Artificial Intelligence (AI) | 60517663 |\n| Generative AI Tools | 60531762 |\n\n**Note:** GenAI rules only allow category 60531762 (Generative AI Tools), used as \"Any AI tool\". Browse rules can use any *other* category."}},"type":"object","required":["category_id"],"title":"CategoryItem"},"ChatsPolicy":{"properties":{"event_type":{"anyOf":[{"$ref":"#/components/schemas/DLPEventType"},{"type":"null"}],"description":"Type of event to apply DLP policy on"},"services_and_application":{"anyOf":[{"$ref":"#/components/schemas/ServicesAndApplication"},{"type":"null"}],"description":"Services and application configuration"},"data_types":{"anyOf":[{"items":{"$ref":"#/components/schemas/DataType"},"type":"array"},{"type":"null"}],"title":"Data Types","description":"DLP Data types"},"action":{"anyOf":[{"type":"string","enum":["prevent","ask","redact","detect","allow","block"]},{"type":"null"}],"title":"Action","description":"Action to take when DLP rule is triggered"},"logging":{"anyOf":[{"$ref":"#/components/schemas/LoggingStatus"},{"type":"null"}],"description":"Whether logging is enabled"}},"type":"object","title":"ChatsPolicy"},"ClaudeExtensionsConfig":{"properties":{"extension_name":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Extension Name","description":"Extension name from manifest.json","default":"","examples":["chrome-control"]},"match_mode":{"anyOf":[{"$ref":"#/components/schemas/MatchMode"},{"type":"null"}],"description":"Match mode for extension_name matching","default":"exact"}},"type":"object","title":"ClaudeExtensionsConfig"},"CommonDeleteRuleResponse":{"properties":{"message":{"type":"string","title":"Message"},"rule_id":{"type":"string","title":"Rule Id"}},"type":"object","required":["message","rule_id"],"title":"CommonDeleteRuleResponse","description":"Confirmation of rule deletion."},"DLPEventType":{"type":"string","enum":["file_upload","file_download","paste","prompt","copy"],"title":"DLPEventType"},"DLPTarget":{"properties":{"event_type":{"$ref":"#/components/schemas/DLPEventType","description":"DLP event type to simulate"},"data_type_ids":{"items":{"type":"string"},"type":"array","title":"Data Type Ids","description":"Data type UUIDs the text violates. Empty list = 'any text' (no DLP violations)."},"domain":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Domain","description":"Domain name or IPv4 address"},"url":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Url","description":"Full URL"},"genai_app":{"anyOf":[{"$ref":"#/components/schemas/SimulationGenAIApp"},{"type":"null"}],"description":"GenAI application target"},"category_id":{"anyOf":[{"$ref":"#/components/schemas/URLFCategory"},{"type":"null"}],"description":"URLF category ID"}},"type":"object","required":["event_type","data_type_ids"],"title":"DLPTarget","description":"Target for DLP rules. ``event_type`` is always required and exactly\nONE of the other target fields must be set."},"DLPType":{"type":"string","enum":["PRE_DEFINED","CUSTOM"],"title":"DLPType"},"DataType":{"properties":{"id":{"type":"string","format":"uuid","title":"Id","description":"UUID of the data type","default":"","examples":["cf0523c1-537e-4a4b-8bb8-084b7b9e0b45"]},"name":{"type":"string","title":"Name","description":"Display name of the data type","default":"","examples":["American Express Travelers Cheques Number"]},"type":{"$ref":"#/components/schemas/DLPType","description":"Type of the data type","default":"PRE_DEFINED"},"matchingLevel":{"anyOf":[{"type":"integer"},{"type":"null"}],"title":"Matchinglevel","description":"Matching level for the data type"}},"type":"object","title":"DataType"},"DlpCreateType":{"type":"string","enum":["PRE_DEFINED","CUSTOM"],"title":"DlpCreateType"},"DlpDataType":{"properties":{"id":{"type":"string","title":"Id"},"assetId":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Assetid"},"objectStatus":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Objectstatus"},"name":{"type":"string","title":"Name"},"type":{"type":"string","title":"Type"},"createType":{"$ref":"#/components/schemas/DlpCreateType"},"description":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Description"},"creationTime":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Creationtime"},"lastUpdateTime":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Lastupdatetime"},"dataTypeTags":{"anyOf":[{"items":{"$ref":"#/components/schemas/DlpDataTypeTag"},"type":"array"},{"type":"null"}],"title":"Datatypetags"},"redactSupported":{"anyOf":[{"type":"boolean"},{"type":"null"}],"title":"Redactsupported"},"matchingLevel":{"anyOf":[{"type":"integer"},{"type":"null"}],"title":"Matchinglevel"},"content":{"anyOf":[{"additionalProperties":true,"type":"object"},{"type":"null"}],"title":"Content"},"comment":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Comment"}},"additionalProperties":true,"type":"object","required":["id","name","type","createType"],"title":"DlpDataType","example":{"assetId":"3e2ed446-5d2e-4091-b561-2db1458f9791","createType":"PRE_DEFINED","creationTime":"2023-02-22T15:23:55.446Z","dataTypeTags":[{"isCategory":false,"name":"Financial & Business"}],"description":"Matches American Bankers Association (ABA) Routing Transit Numbers","id":"3e2ed446-5d2e-4091-b561-2db1458f9791","lastUpdateTime":"2023-02-22T15:23:56.317Z","matchingLevel":1,"name":"ABA Transit Numbers","objectStatus":"Normal","redactSupported":false,"type":"PATTERN"}},"DlpDataTypeTag":{"properties":{"name":{"type":"string","title":"Name"},"data":{"anyOf":[{"items":{"type":"string"},"type":"array"},{"type":"null"}],"title":"Data"},"isCategory":{"type":"boolean","title":"Iscategory"}},"type":"object","required":["name","isCategory"],"title":"DlpDataTypeTag","example":{"data":["Other"],"isCategory":true,"name":"Regulation"}},"DlpTenantDataType":{"properties":{"id":{"type":"string","title":"Id"},"name":{"type":"string","title":"Name"},"type":{"type":"string","title":"Type"},"createType":{"$ref":"#/components/schemas/DlpCreateType"},"internal":{"type":"boolean","title":"Internal"},"matchingLevel":{"anyOf":[{"type":"integer"},{"type":"null"}],"title":"Matchinglevel"}},"type":"object","required":["id","name","type","createType","internal"],"title":"DlpTenantDataType","example":{"createType":"PRE_DEFINED","id":"73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90","internal":false,"matchingLevel":1,"name":"IP Address","type":"GROUP"}},"DockerGatewayConfig":{"properties":{},"type":"object","title":"DockerGatewayConfig"},"DockerRunnerConfig":{"properties":{"image_name":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Image Name","description":"Docker image name","default":"","examples":["modelcontextprotocol/server-github"]},"match_mode":{"anyOf":[{"$ref":"#/components/schemas/MatchMode"},{"type":"null"}],"description":"Match mode for image_name matching","default":"exact"}},"type":"object","title":"DockerRunnerConfig"},"DomainConfig":{"properties":{"domain_name":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Domain Name","description":"Domain name of the remote server","default":"","examples":["mcp-server.example.com","example.com"]},"match_mode":{"anyOf":[{"$ref":"#/components/schemas/DomainMatchMode"},{"type":"null"}],"description":"Match mode for domain matching (exact_host or any_subdomain)","default":"exact_host"}},"type":"object","title":"DomainConfig"},"DomainItem":{"properties":{"domain":{"type":"string","format":"hostname","title":"Domain","description":"Valid domain name or IPv4 address"},"match_mode":{"anyOf":[{"$ref":"#/components/schemas/DomainMatchMode"},{"type":"null"}],"description":"Match mode for domain matching (exact_host or any_subdomain)","default":"exact_host"}},"type":"object","required":["domain"],"title":"DomainItem"},"DomainMatchMode":{"type":"string","enum":["exact_host","any_subdomain"],"title":"DomainMatchMode","description":"Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."},"DomainsObject":{"properties":{"domains":{"items":{"$ref":"#/components/schemas/DomainItem"},"type":"array","maxItems":200,"title":"Domains","description":"List of domains"}},"type":"object","title":"DomainsObject","description":"External-safe twin of DomainsObject."},"DomainsObjectResponse":{"properties":{"object_id":{"type":"string","title":"Object Id","description":"Unique identifier of the object"},"name":{"type":"string","title":"Name","description":"Display name of the object"},"description":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Description"},"version":{"type":"integer","title":"Version","description":"Incremented on every update"},"created_at":{"anyOf":[{"type":"string","format":"date-time"},{"type":"null"}],"title":"Created At"},"updated_at":{"anyOf":[{"type":"string","format":"date-time"},{"type":"null"}],"title":"Updated At"},"object_data":{"anyOf":[{"$ref":"#/components/schemas/DomainsObject"},{"type":"null"}],"description":"The domain list entries"}},"type":"object","required":["object_id","name","version"],"title":"DomainsObjectResponse","description":"A domains object with its full configuration."},"ExecutableServerConfig":{"properties":{"executable_path":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Executable Path","description":"Path to the executable","default":"","examples":["/path/to/executable"]},"match_mode":{"anyOf":[{"$ref":"#/components/schemas/MatchMode"},{"type":"null"}],"description":"Match mode for executable_path matching","default":"exact"}},"type":"object","title":"ExecutableServerConfig"},"FileActionUnsupported":{"type":"string","enum":["Block","Allow"],"title":"FileActionUnsupported"},"FileDownloadActionSupported":{"type":"string","enum":["na","Block","Allow","EmulateInBackground","WaitForEmulation","Detect","Extract"],"title":"FileDownloadActionSupported"},"FileFailClose":{"type":"string","enum":["FailClose","FailOpen"],"title":"FileFailClose"},"FileProtectionObject":{"properties":{"file_download_action_unsupported":{"anyOf":[{"$ref":"#/components/schemas/FileActionUnsupported"},{"type":"null"}]},"file_upload_action_unsupported":{"anyOf":[{"$ref":"#/components/schemas/FileActionUnsupported"},{"type":"null"}]},"file_download_size_limit_mb":{"anyOf":[{"type":"integer","maximum":100.0,"minimum":1.0},{"type":"null"}],"title":"File Download Size Limit Mb"},"file_upload_size_limit_mb":{"anyOf":[{"type":"integer","maximum":100.0,"minimum":1.0},{"type":"null"}],"title":"File Upload Size Limit Mb"},"file_download_error_fail_close":{"anyOf":[{"$ref":"#/components/schemas/FileFailClose"},{"type":"null"}]},"file_download_size_limit_fail_close":{"anyOf":[{"$ref":"#/components/schemas/FileFailClose"},{"type":"null"}]},"file_upload_error_fail_close":{"anyOf":[{"$ref":"#/components/schemas/FileFailClose"},{"type":"null"}]},"file_upload_size_limit_fail_close":{"anyOf":[{"$ref":"#/components/schemas/FileFailClose"},{"type":"null"}]},"file_download_action_per_supported_file":{"anyOf":[{"additionalProperties":{"$ref":"#/components/schemas/FileDownloadActionSupported"},"propertyNames":{"$ref":"#/components/schemas/SupportedFileType"},"type":"object"},{"type":"null"}],"title":"File Download Action Per Supported File"},"file_download_action_per_unsupported_file":{"anyOf":[{"additionalProperties":{"$ref":"#/components/schemas/FileActionUnsupported"},"type":"object","maxProperties":1000},{"type":"null"}],"title":"File Download Action Per Unsupported File"},"file_upload_action_per_supported_file":{"anyOf":[{"additionalProperties":{"$ref":"#/components/schemas/FileUploadActionSupported"},"propertyNames":{"$ref":"#/components/schemas/SupportedFileType"},"type":"object"},{"type":"null"}],"title":"File Upload Action Per Supported File"},"file_upload_action_per_unsupported_file":{"anyOf":[{"additionalProperties":{"$ref":"#/components/schemas/FileActionUnsupported"},"type":"object","maxProperties":1000},{"type":"null"}],"title":"File Upload Action Per Unsupported File"}},"type":"object","title":"FileProtectionObject","description":"External-safe twin of FileProtectionObject."},"FileProtectionObjectResponse":{"properties":{"object_id":{"type":"string","title":"Object Id","description":"Unique identifier of the object"},"name":{"type":"string","title":"Name","description":"Display name of the object"},"description":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Description"},"version":{"type":"integer","title":"Version","description":"Incremented on every update"},"created_at":{"anyOf":[{"type":"string","format":"date-time"},{"type":"null"}],"title":"Created At"},"updated_at":{"anyOf":[{"type":"string","format":"date-time"},{"type":"null"}],"title":"Updated At"},"object_data":{"anyOf":[{"$ref":"#/components/schemas/FileProtectionObject"},{"type":"null"}],"description":"File protection settings: upload/download actions, size limits, fail-close behavior, and per-file-type overrides"}},"type":"object","required":["object_id","name","version"],"title":"FileProtectionObjectResponse","description":"A file-protection object with its full configuration."},"FileUploadActionSupported":{"type":"string","enum":["na","Block","Allow","EmulateInBackground","WaitForEmulation","Detect"],"title":"FileUploadActionSupported"},"GenAIApp":{"properties":{"id":{"type":"integer","exclusiveMinimum":0.0,"title":"Id","description":"GenAI application ID"},"mode":{"anyOf":[{"$ref":"#/components/schemas/AccountSelectionMode"},{"type":"null"}],"description":"Account selection mode: 'all' or 'selected_account'","default":"all"},"accounts":{"items":{"$ref":"#/components/schemas/Account"},"type":"array","title":"Accounts","description":"List of selected accounts (used when mode='selected_account')"}},"type":"object","required":["id"],"title":"GenAIApp"},"GetDlpDataTypesResponse":{"properties":{"status":{"type":"string","title":"Status"},"dataTypes":{"items":{"$ref":"#/components/schemas/DlpDataType"},"type":"array","title":"Datatypes"}},"type":"object","required":["status","dataTypes"],"title":"GetDlpDataTypesResponse","example":{"dataTypes":[{"assetId":"3e2ed446-5d2e-4091-b561-2db1458f9791","createType":"PRE_DEFINED","creationTime":"2023-02-22T15:23:55.446Z","description":"Matches ABA Routing Transit Numbers","id":"3e2ed446-5d2e-4091-b561-2db1458f9791","lastUpdateTime":"2023-02-22T15:23:56.317Z","name":"ABA Transit Numbers","objectStatus":"Normal","redactSupported":false,"type":"PATTERN"}],"status":"SUCCESS"}},"GetDlpTenantDataTypesResponse":{"properties":{"status":{"type":"string","title":"Status"},"id":{"type":"string","title":"Id"},"dataTypes":{"items":{"$ref":"#/components/schemas/DlpTenantDataType"},"type":"array","title":"Datatypes"}},"type":"object","required":["status","id","dataTypes"],"title":"GetDlpTenantDataTypesResponse","example":{"dataTypes":[{"createType":"PRE_DEFINED","id":"73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90","internal":false,"name":"IP Address","type":"GROUP"},{"createType":"PRE_DEFINED","id":"d2c4411f-dd0e-495b-b856-5686e68892b4","internal":false,"name":"PCI - Credit Card Numbers","type":"PATTERN"}],"id":"bb47587c-fda0-4cb3-896e-1d359d0e3f9d","status":"SUCCESS"}},"GetDomainsObjectsResponse":{"properties":{"objects":{"items":{"$ref":"#/components/schemas/DomainsObjectResponse"},"type":"array","title":"Objects"}},"type":"object","required":["objects"],"title":"GetDomainsObjectsResponse","description":"All domains objects for the tenant, including their full configuration."},"GetFileProtectionObjectsResponse":{"properties":{"objects":{"items":{"$ref":"#/components/schemas/FileProtectionObjectResponse"},"type":"array","title":"Objects"}},"type":"object","required":["objects"],"title":"GetFileProtectionObjectsResponse","description":"All file-protection objects for the tenant, including their full configuration."},"GetRulebaseResponse":{"properties":{"rulebase_version":{"type":"integer","title":"Rulebase Version","description":"Monotonically increasing version of this rulebase. Incremented whenever any rule in the rulebase is created, modified, or deleted. Compare with a previously stored value to detect whether the rulebase has changed (useful for caching or polling)"},"rules":{"items":{"$ref":"#/components/schemas/RuleResponse"},"type":"array","title":"Rules","description":"All rules in the rulebase, ordered by priority (ascending)"}},"type":"object","required":["rulebase_version","rules"],"title":"GetRulebaseResponse","description":"Full rulebase for a given policy type, including its version for change detection."},"HTTPValidationError":{"properties":{"detail":{"items":{"$ref":"#/components/schemas/ValidationError"},"type":"array","title":"Detail"}},"type":"object","title":"HTTPValidationError"},"LoggingStatus":{"type":"string","enum":["enabled","disabled"],"title":"LoggingStatus","description":"Logging status enumeration."},"MCPClient":{"properties":{"os":{"anyOf":[{"$ref":"#/components/schemas/OSType"},{"type":"null"}],"description":"Operating system for the client"},"name_id":{"anyOf":[{"$ref":"#/components/schemas/MCPClientNameId"},{"type":"null"}],"description":"Client name identifier e.g. 'claude_desktop', 'docker_desktop'","examples":["claude_desktop","docker_desktop"]}},"type":"object","title":"MCPClient"},"MCPClientNameId":{"type":"string","enum":["claude_desktop","vscode","cursor","windsurf","zed","perplexity","antigravity","jetbrains","roo","cline","docker_desktop"],"title":"MCPClientNameId","description":"MCP Client name identifier enumeration."},"MCPClients":{"properties":{"mode":{"anyOf":[{"$ref":"#/components/schemas/SelectionMode"},{"type":"null"}],"description":"Mode for client selection"},"selected":{"anyOf":[{"items":{"$ref":"#/components/schemas/MCPClient"},"type":"array"},{"type":"null"}],"title":"Selected","description":"List of selected clients"}},"type":"object","title":"MCPClients"},"MCPIds":{"properties":{"name_id":{"anyOf":[{"type":"string","minLength":1},{"type":"null"}],"title":"Name Id","description":"Name of the managed MCP","default":"","examples":["jira","github"]}},"type":"object","title":"MCPIds"},"MCPRiskLevel":{"properties":{"use_min":{"anyOf":[{"type":"boolean"},{"type":"null"}],"title":"Use Min","description":"Whether to use minimum risk level limit","default":false},"use_max":{"anyOf":[{"type":"boolean"},{"type":"null"}],"title":"Use Max","description":"Whether to use maximum risk level limit","default":false},"min":{"anyOf":[{"type":"integer","minimum":0.0},{"type":"null"}],"title":"Min","description":"Minimum risk level"},"max":{"anyOf":[{"type":"integer","minimum":0.0},{"type":"null"}],"title":"Max","description":"Maximum risk level"}},"type":"object","title":"MCPRiskLevel"},"MCPServer":{"properties":{"server_type":{"anyOf":[{"type":"string","enum":["all","node_server","python_server","claude_extensions","executable_server","unknown_server","docker_gateway","docker_runner","remote_server"]},{"type":"null"}],"title":"Server Type","description":"Type of the MCP server"},"node_server":{"anyOf":[{"$ref":"#/components/schemas/NodeServerConfig"},{"type":"null"}],"description":"Node server configuration"},"python_server":{"anyOf":[{"$ref":"#/components/schemas/PythonServerConfig"},{"type":"null"}],"description":"Python server configuration"},"claude_extensions":{"anyOf":[{"$ref":"#/components/schemas/ClaudeExtensionsConfig"},{"type":"null"}],"description":"Claude extensions configuration"},"executable_server":{"anyOf":[{"$ref":"#/components/schemas/ExecutableServerConfig"},{"type":"null"}],"description":"Executable server configuration"},"unknown_server":{"anyOf":[{"$ref":"#/components/schemas/UnknownServerConfig"},{"type":"null"}],"description":"Unknown server configuration"},"docker_gateway":{"anyOf":[{"$ref":"#/components/schemas/DockerGatewayConfig"},{"type":"null"}],"description":"Docker gateway configuration"},"docker_runner":{"anyOf":[{"$ref":"#/components/schemas/DockerRunnerConfig"},{"type":"null"}],"description":"Docker runner configuration"},"remote_server":{"anyOf":[{"$ref":"#/components/schemas/RemoteServerConfig"},{"type":"null"}],"description":"Remote server configuration"}},"type":"object","title":"MCPServer"},"MCPServers":{"properties":{"mcp_servers_mode":{"anyOf":[{"$ref":"#/components/schemas/MCPServersMode"},{"type":"null"}],"description":"Mode for MCP servers selection: all, risk_level, managed, manual"},"risk_level":{"anyOf":[{"$ref":"#/components/schemas/MCPRiskLevel"},{"type":"null"}],"description":"Risk level configuration for MCP servers"},"managed":{"anyOf":[{"$ref":"#/components/schemas/ManagedMCP"},{"type":"null"}],"description":"Managed MCP configuration"},"manual":{"anyOf":[{"items":{"$ref":"#/components/schemas/MCPServer"},"type":"array"},{"type":"null"}],"title":"Manual","description":"List of manual MCP servers"}},"type":"object","title":"MCPServers"},"MCPServersMode":{"type":"string","enum":["all","risk_level","manual","managed"],"title":"MCPServersMode","description":"MCP Servers mode enumeration."},"MCPTarget":{"properties":{"client":{"anyOf":[{"$ref":"#/components/schemas/SimulationMCPClient"},{"type":"null"}],"description":"MCP client to simulate"},"server_type":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Server Type","description":"MCP server type (e.g. node_server, remote_server)"},"server_identifier":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Server Identifier","description":"Server identifier (package name / module / URL / domain / image name)"},"tool_name":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Tool Name","description":"Tool name to simulate"},"operation":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Operation","description":"CRUD operation (CREATE/READ/UPDATE/DELETE/OTHER)"}},"type":"object","title":"MCPTarget","description":"Target for MCP_SERVER rules — all applicable dimensions."},"MCPToolItem":{"properties":{"tool_name":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Tool Name","description":"Name of a tool e.g. 'create_issue', 'update_issue'","default":"","examples":["create_issue","update_issue"]},"match_mode":{"anyOf":[{"$ref":"#/components/schemas/MatchMode"},{"type":"null"}],"description":"Match mode for tool name matching","default":"exact"}},"type":"object","title":"MCPToolItem"},"ManagedMCP":{"properties":{"name_ids":{"anyOf":[{"items":{"$ref":"#/components/schemas/MCPIds"},"type":"array"},{"type":"null"}],"title":"Name Ids","description":"List of managed MCP identifiers"}},"type":"object","title":"ManagedMCP"},"MatchMode":{"type":"string","enum":["exact","contains"],"title":"MatchMode","description":"Matching mode enumeration."},"MatchToolsMode":{"type":"string","enum":["tools_include","tools_exclude","operations","all"],"title":"MatchToolsMode","description":"Match mode for tools enumeration."},"NodeServerConfig":{"properties":{"package_name":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Package Name","description":"NPM package name e.g. '@modelcontextprotocol/server-github'","default":"","examples":["@modelcontextprotocol/server-github"]},"match_mode":{"anyOf":[{"$ref":"#/components/schemas/MatchMode"},{"type":"null"}],"description":"Match mode for package_name matching","default":"exact"}},"type":"object","title":"NodeServerConfig"},"OSType":{"type":"string","enum":["windows","macos","all"],"title":"OSType","description":"Operating system enumeration."},"ObjectFeature":{"type":"string","enum":["FILE_EMULATION","PROTECTED_DOMAINS","DOMAIN_SERVICES","EXCLUDE_DOMAINS"],"title":"ObjectFeature"},"OnOff":{"type":"string","enum":["on","off"],"title":"OnOff","description":"Simple on/off toggle."},"OperationMatch":{"type":"string","enum":["match","unmatch"],"title":"OperationMatch","description":"Operation match enumeration."},"PaaSTarget":{"properties":{"environment_id":{"type":"string","minLength":1,"title":"Environment Id","description":"PaaS environment identifier"}},"type":"object","required":["environment_id"],"title":"PaaSTarget","description":"Target for PAAS rules — environment ID only."},"PolicyType":{"type":"string","enum":["POLICY_TYPE_DLP","POLICY_TYPE_ACCESS","POLICY_TYPE_USER_INTERACTION","POLICY_TYPE_MCP_SERVER","POLICY_TYPE_PAAS","POLICY_TYPE_DEPLOYMENT","POLICY_TYPE_THREAT_PREVENTION","POLICY_TYPE_STRONG_AUTH"],"title":"PolicyType"},"PythonServerConfig":{"properties":{"module_name":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Module Name","description":"Python module name e.g. 'modelcontextprotocol_server_github'","default":"","examples":["modelcontextprotocol_server_github"]},"match_mode":{"anyOf":[{"$ref":"#/components/schemas/MatchMode"},{"type":"null"}],"description":"Match mode for module_name matching","default":"exact"}},"type":"object","title":"PythonServerConfig"},"RemoteServerConfig":{"properties":{"match_mode":{"anyOf":[{"type":"string","enum":["url","domain"]},{"type":"null"}],"title":"Match Mode","description":"Match mode type: 'url' for URL-based matching or 'domain' for domain-based matching"},"url":{"anyOf":[{"$ref":"#/components/schemas/URLConfig"},{"type":"null"}],"description":"URL configuration for remote server (used when match_mode='url')"},"domain":{"anyOf":[{"$ref":"#/components/schemas/DomainConfig"},{"type":"null"}],"description":"Domain configuration for remote server (used when match_mode='domain')"}},"type":"object","title":"RemoteServerConfig"},"ResolveAccessRequest":{"properties":{"policy_type":{"type":"string","const":"POLICY_TYPE_ACCESS","title":"Policy Type","default":"POLICY_TYPE_ACCESS"},"user_id":{"type":"string","title":"User Id","description":"User ID to simulate"},"tag":{"type":"string","enum":["genai","browsing"],"title":"Tag","description":"Rule tag context: 'genai' evaluates only genai rules, 'browsing' evaluates both genai and browsing rules"},"target":{"$ref":"#/components/schemas/AccessTarget"}},"type":"object","required":["user_id","tag","target"],"title":"ResolveAccessRequest","description":"Resolve for ACCESS — user + access target."},"ResolveDLPRequest":{"properties":{"policy_type":{"type":"string","const":"POLICY_TYPE_DLP","title":"Policy Type","default":"POLICY_TYPE_DLP"},"user_id":{"type":"string","title":"User Id","description":"User ID to simulate"},"tag":{"type":"string","enum":["genai","browsing"],"title":"Tag","description":"Rule tag context: 'genai' evaluates only genai rules, 'browsing' evaluates both genai and browsing rules"},"target":{"$ref":"#/components/schemas/DLPTarget"}},"type":"object","required":["user_id","tag","target"],"title":"ResolveDLPRequest","description":"Resolve for DLP — user + DLP target."},"ResolveMCPRequest":{"properties":{"policy_type":{"type":"string","const":"POLICY_TYPE_MCP_SERVER","title":"Policy Type","default":"POLICY_TYPE_MCP_SERVER"},"user_id":{"type":"string","title":"User Id","description":"User ID to simulate"},"tag":{"type":"string","const":"genai","title":"Tag","default":"genai"},"target":{"$ref":"#/components/schemas/MCPTarget"}},"type":"object","required":["user_id","target"],"title":"ResolveMCPRequest","description":"Resolve for MCP_SERVER — user + MCP target."},"ResolvePaaSRequest":{"properties":{"policy_type":{"type":"string","const":"POLICY_TYPE_PAAS","title":"Policy Type","default":"POLICY_TYPE_PAAS"},"tag":{"type":"string","const":"genai","title":"Tag","default":"genai"},"target":{"$ref":"#/components/schemas/PaaSTarget"}},"type":"object","required":["target"],"title":"ResolvePaaSRequest","description":"Resolve for PAAS — no user, only environment target."},"ResolveResponse":{"properties":{"rule_id":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Rule Id","description":"Matched rule UUID (None if no rule matches)"},"rule_name":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Rule Name","description":"Matched rule name"},"order":{"anyOf":[{"type":"integer"},{"type":"null"}],"title":"Order","description":"Matched rule order"},"policy_type":{"$ref":"#/components/schemas/PolicyType"}},"type":"object","required":["policy_type"],"title":"ResolveResponse","description":"Response for the resolve API — the single rule that would apply."},"ResolveTPRequest":{"properties":{"policy_type":{"type":"string","const":"POLICY_TYPE_THREAT_PREVENTION","title":"Policy Type","default":"POLICY_TYPE_THREAT_PREVENTION"},"user_id":{"type":"string","title":"User Id","description":"User ID to simulate"},"tag":{"type":"string","const":"browsing","title":"Tag","default":"browsing"}},"type":"object","required":["user_id"],"title":"ResolveTPRequest","description":"Resolve for THREAT_PREVENTION — user only, no target."},"RuleResponse":{"properties":{"rule_id":{"type":"string","title":"Rule Id","description":"Unique identifier of the rule"},"name":{"type":"string","title":"Name","description":"Human-readable rule name"},"description":{"type":"string","title":"Description","description":"Explanation of the rule's purpose","default":""},"version":{"type":"integer","title":"Version","description":"Incremented on every modification; can be used for optimistic concurrency checks"},"order":{"type":"integer","title":"Order","description":"Position in the rulebase that determines evaluation priority. Lower values are evaluated first; when two rules match the same request, the lower-order rule takes precedence"},"active":{"type":"boolean","title":"Active","description":"Whether the rule is currently enforced; inactive rules are skipped"},"created_at":{"type":"string","format":"date-time","title":"Created At"},"updated_at":{"type":"string","format":"date-time","title":"Updated At"},"policy":{"anyOf":[{"$ref":"#/components/schemas/ChatsPolicy"},{"$ref":"#/components/schemas/AccessPolicy"},{"$ref":"#/components/schemas/AgentsPolicy"},{"$ref":"#/components/schemas/SecureBrowsingPolicy"}],"title":"Policy","description":"The enforcement configuration for this rule. Structure varies by rulebase type (Chats, Access, Agents, Secure Browsing)"},"source":{"items":{"$ref":"#/components/schemas/Assignment"},"type":"array","title":"Source","description":"Users or groups this rule applies to (source entries). An empty list means the rule matches all users in the tenant"},"objects":{"anyOf":[{"additionalProperties":{"items":{"type":"string"},"type":"array"},"propertyNames":{"$ref":"#/components/schemas/ObjectFeature"},"type":"object"},{"type":"null"}],"title":"Objects","description":"Reusable policy objects attached to this rule, keyed by feature (e.g. FILE_EMULATION, DOMAIN_SERVICES). Values are lists of object IDs. Objects allow sharing configuration (domain lists, file-protection settings) across rules"}},"type":"object","required":["rule_id","name","version","order","active","created_at","updated_at","policy"],"title":"RuleResponse","description":"A single rule within a rulebase."},"RuleTag":{"type":"string","enum":["genai","browsing","general"],"title":"RuleTag"},"SecureBrowsingPolicy":{"properties":{"password_reuse":{"anyOf":[{"$ref":"#/components/schemas/ThreatPreventionAction"},{"type":"null"}]},"zero_phishing":{"anyOf":[{"$ref":"#/components/schemas/ThreatPreventionAction"},{"type":"null"}]},"safe_search":{"anyOf":[{"$ref":"#/components/schemas/OnOff"},{"type":"null"}]},"search_reputation":{"anyOf":[{"$ref":"#/components/schemas/OnOff"},{"type":"null"}]},"domain_exclusions":{"items":{"$ref":"#/components/schemas/DomainItem"},"type":"array","title":"Domain Exclusions","description":"List of excluded domains"},"protected_domains":{"items":{"$ref":"#/components/schemas/DomainItem"},"type":"array","title":"Protected Domains","description":"List of protected domains"}},"type":"object","title":"SecureBrowsingPolicy"},"SelectionMode":{"type":"string","enum":["selected","all"],"title":"SelectionMode","description":"Selection mode enumeration."},"ServerOperations":{"properties":{"CREATE":{"anyOf":[{"$ref":"#/components/schemas/OperationMatch"},{"type":"null"}],"description":"Match or unmatch CREATE operation"},"READ":{"anyOf":[{"$ref":"#/components/schemas/OperationMatch"},{"type":"null"}],"description":"Match or unmatch READ operation"},"UPDATE":{"anyOf":[{"$ref":"#/components/schemas/OperationMatch"},{"type":"null"}],"description":"Match or unmatch UPDATE operation"},"DELETE":{"anyOf":[{"$ref":"#/components/schemas/OperationMatch"},{"type":"null"}],"description":"Match or unmatch DELETE operation"},"OTHER":{"anyOf":[{"$ref":"#/components/schemas/OperationMatch"},{"type":"null"}],"description":"Match or unmatch OTHER operation (those not detected)"}},"type":"object","title":"ServerOperations"},"ServicesAndApplication":{"properties":{"domain":{"items":{"$ref":"#/components/schemas/DomainItem"},"type":"array","title":"Domain","description":"List of domains"},"url":{"items":{"$ref":"#/components/schemas/URLItem"},"type":"array","title":"Url","description":"List of URLs"},"genai_application":{"items":{"$ref":"#/components/schemas/GenAIApp"},"type":"array","title":"Genai Application","description":"List of GenAI applications"},"category":{"items":{"$ref":"#/components/schemas/CategoryItem"},"type":"array","title":"Category","description":"List of URLF categories"},"mode":{"anyOf":[{"$ref":"#/components/schemas/SelectionMode"},{"type":"null"}],"description":"Whether to apply to all services and applications or to only selected ones"}},"type":"object","title":"ServicesAndApplication"},"ShadowAnalysisResponse":{"properties":{"policy_type":{"$ref":"#/components/schemas/PolicyType"},"total_rules":{"type":"integer","title":"Total Rules","description":"Total number of active rules evaluated"},"shadowed_rules":{"items":{"$ref":"#/components/schemas/ShadowedRule"},"type":"array","title":"Shadowed Rules"}},"type":"object","required":["policy_type","total_rules","shadowed_rules"],"title":"ShadowAnalysisResponse","description":"Response for the shadow analysis API."},"ShadowedRule":{"properties":{"rule_id":{"type":"string","title":"Rule Id"},"rule_name":{"type":"string","title":"Rule Name"},"order":{"type":"integer","title":"Order"},"shadowed_by_rule_id":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Shadowed By Rule Id"},"shadowed_by_rule_name":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Shadowed By Rule Name"},"shadowed_by_order":{"anyOf":[{"type":"integer"},{"type":"null"}],"title":"Shadowed By Order"},"reason":{"type":"string","title":"Reason","description":"Human-readable verdict explaining WHY this rule is shadowed"}},"type":"object","required":["rule_id","rule_name","order","reason"],"title":"ShadowedRule","description":"A rule that is fully shadowed by an earlier rule, or unreachable."},"SimulationGenAIApp":{"properties":{"app_id":{"type":"integer","exclusiveMinimum":0.0,"title":"App Id","description":"GenAI application ID"},"account_id":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Account Id","description":"Account/organization ID within the GenAI app (optional)"}},"type":"object","required":["app_id"],"title":"SimulationGenAIApp","description":"GenAI application target — app_id is mandatory, account_id is optional."},"SimulationMCPClient":{"properties":{"name_id":{"$ref":"#/components/schemas/MCPClientNameId","description":"MCP client name identifier"},"os":{"anyOf":[{"$ref":"#/components/schemas/OSType"},{"type":"null"}],"description":"Operating system filter"}},"type":"object","required":["name_id"],"title":"SimulationMCPClient","description":"MCP client target with all client identification options."},"SupportedFileType":{"type":"string","enum":["pdf","doc","docx","xls","xlsx","ppt","pptx","exe","tar","zip","rar","7z","rtf","dot","docm","dotx","dotm","xlt","xlm","xltx","xlsm","xltm","xlsb","xla","xlam","xll","xlw","pps","pptm","potx","potm","ppam","ppsx","ppsm","sldx","sldm","csv","scr","swf","jar","cab","tgz","pif","gz","bz2","tbz2","tb2","tbz","com","xz","cpl","dll","lnk","img","iso","wim","arj","bat","ps1","hwp","iqy","slk","udf","uue","pkg","msi","msg","o","dylib","app","dmg","qcow2","sh","one","xar","wsf","aspx"],"title":"SupportedFileType"},"ThreatPreventionAction":{"type":"string","enum":["detect","prevent","ask","off"],"title":"ThreatPreventionAction","description":"Actions for threat prevention features."},"Tooling":{"properties":{"match_mode":{"anyOf":[{"$ref":"#/components/schemas/MatchToolsMode"},{"type":"null"}],"description":"Match mode for tools: tools_include, tools_exclude, operations, all"},"tools":{"anyOf":[{"items":{"$ref":"#/components/schemas/MCPToolItem"},"type":"array"},{"type":"null"}],"title":"Tools","description":"List of tools for matching"},"operations":{"anyOf":[{"$ref":"#/components/schemas/ServerOperations"},{"type":"null"}],"description":"Operations match configuration"}},"type":"object","title":"Tooling"},"URLConfig":{"properties":{"url":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Url","description":"URL of the remote server","default":"","examples":["https://mcp-server.example.com/path"]},"match_mode":{"anyOf":[{"$ref":"#/components/schemas/URLMatchMode"},{"type":"null"}],"description":"Match mode for URL matching (exact_url or url_contains)","default":"exact_url"}},"type":"object","title":"URLConfig"},"URLFCategory":{"type":"integer","enum":[1,3,5,7,11,12,15,32,21,24,25,0,34,35,37,39,41,42,45,47,49,51,53,54,58,59,60,68,69,71,72,74,75,76,51000001,51000002,52000130,50000032,52000132,60517663,60530541,60530542,60530648,31,55,65,66,67,77,51000003,51000004,51000005,52000038,60530540,9,13,14,17,18,26,33,56,61,62,70,73,78,30,52000047,52000058,52000069,50000086,23,52000136,52000046,52000051,60531762],"title":"URLFCategory","description":"URLF Category enumeration with display names as keys and category IDs as values."},"URLItem":{"properties":{"url":{"type":"string","format":"uri","title":"Url","description":"Valid URL"}},"type":"object","required":["url"],"title":"URLItem"},"URLMatchMode":{"type":"string","enum":["exact_url","url_contains"],"title":"URLMatchMode","description":"URL matching mode enumeration for remote server URL matching.\n\nMatching modes:\n- EXACT_URL: Matches the exact full URL\n e.g., \"http://sub1.sub2.something.com/alsohere/something\"\n- URL_CONTAINS: Matches if the URL contains the specified string\n e.g., \"alsohere\" matches any URL containing \"alsohere\""},"UnknownServerConfig":{"properties":{"args":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Args","description":"Arguments for unknown server types","default":"","examples":["--default-arg"]},"match_mode":{"anyOf":[{"$ref":"#/components/schemas/MatchMode"},{"type":"null"}],"description":"Match mode for args matching","default":"exact"}},"type":"object","title":"UnknownServerConfig"},"ValidationError":{"properties":{"loc":{"items":{"anyOf":[{"type":"string"},{"type":"integer"}]},"type":"array","title":"Location"},"msg":{"type":"string","title":"Message"},"type":{"type":"string","title":"Error Type"},"input":{"title":"Input"},"ctx":{"type":"object","title":"Context"}},"type":"object","required":["loc","msg","type"],"title":"ValidationError"},"Asset":{"properties":{"device":{"$ref":"#/components/schemas/Device"},"user":{"anyOf":[{"$ref":"#/components/schemas/User"},{"type":"null"}]},"ping":{"anyOf":[{"$ref":"#/components/schemas/Ping"},{"type":"null"}]},"deployment":{"anyOf":[{"additionalProperties":{"$ref":"#/components/schemas/ModuleDeploymentData"},"propertyNames":{"$ref":"#/components/schemas/ModuleEnum"},"type":"object"},{"type":"null"}],"title":"Deployment"},"policy":{"anyOf":[{"additionalProperties":{"additionalProperties":{"$ref":"#/components/schemas/PolicyTypeData"},"propertyNames":{"$ref":"#/components/schemas/PolicyTypeExternal"},"type":"object"},"propertyNames":{"$ref":"#/components/schemas/RequestSource"},"type":"object"},{"type":"null"}],"title":"Policy"},"status":{"anyOf":[{"additionalProperties":{"$ref":"#/components/schemas/HealthStatus"},"propertyNames":{"$ref":"#/components/schemas/StatusComponent"},"type":"object"},{"type":"null"}],"title":"Status"},"environment":{"anyOf":[{"$ref":"#/components/schemas/EnvironmentData"},{"type":"null"}]}},"type":"object","required":["device"],"title":"Asset","description":"Complete asset with optional joined domains."},"AssetsCountResponse":{"properties":{"tenant_id":{"type":"string","format":"uuid","title":"Tenant Id"},"count":{"type":"integer","title":"Count"},"filters_applied":{"type":"integer","title":"Filters Applied","description":"Number of filters that were applied"}},"type":"object","required":["tenant_id","count","filters_applied"],"title":"AssetsCountResponse","description":"Response for count queries."},"AssetsResponse":{"properties":{"tenant_id":{"type":"string","format":"uuid","title":"Tenant Id"},"assets":{"items":{"$ref":"#/components/schemas/Asset"},"type":"array","title":"Assets"},"limit":{"type":"integer","title":"Limit"},"offset":{"type":"integer","title":"Offset"}},"type":"object","required":["tenant_id","assets","limit","offset"],"title":"AssetsResponse","description":"Response with assets and pagination metadata."},"Device":{"properties":{"device_unique_id":{"type":"string","format":"uuid","title":"Device Unique Id","description":"Unique device identifier"},"name":{"type":"string","title":"Name","description":"Device name (unique per tenant)"},"device_sid":{"type":"string","title":"Device Sid","description":"Device SID"},"created_at":{"type":"string","format":"date-time","title":"Created At","description":"Created timestamp"},"updated_at":{"type":"string","format":"date-time","title":"Updated At","description":"Updated timestamp"}},"type":"object","required":["device_unique_id","name","device_sid","created_at","updated_at"],"title":"Device","description":"External-safe twin of GlobalDevice."},"DeviceTypeEnum":{"type":"string","enum":["Laptop","Desktop","Workstation","unknown"],"title":"DeviceTypeEnum"},"EnvironmentData":{"properties":{"device_type":{"anyOf":[{"$ref":"#/components/schemas/DeviceTypeEnum"},{"type":"null"}],"description":"Device type (laptop, desktop, etc.)"},"os":{"anyOf":[{"$ref":"#/components/schemas/OSEnum"},{"type":"null"}],"description":"Operating system"},"os_version":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Os Version","description":"Operating system version"},"ip":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Ip","description":"Device IP address (IPv4 or IPv6)"}},"type":"object","title":"EnvironmentData","description":"External-safe twin of EnvironmentData."},"HealthStatus":{"type":"string","enum":["healthy","unhealthy"],"title":"HealthStatus","description":"Component health derived from status code: healthy when code == 0, unhealthy otherwise."},"ModuleDeploymentData":{"properties":{"version":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Version","description":"Current version"}},"type":"object","title":"ModuleDeploymentData","description":"External-safe twin of ModuleDeploymentData — exposes version only."},"ModuleEnum":{"type":"string","enum":["chrome","firefox","edge","brave","comet","safari","surf","mcp","proxy","da"],"title":"ModuleEnum"},"OSEnum":{"type":"string","enum":["Windows","macOS","Linux"],"title":"OSEnum","description":"Operating system enumeration"},"Ping":{"properties":{"last_connected":{"type":"string","format":"date-time","title":"Last Connected","description":"Last connection timestamp"}},"type":"object","required":["last_connected"],"title":"Ping","description":"External-safe twin of PingData."},"PolicyTypeData":{"properties":{"rulebase_version":{"type":"integer","title":"Rulebase Version","description":"Version of the rulebase"}},"type":"object","required":["rulebase_version"],"title":"PolicyTypeData","description":"Policy rulebase version for a given policy type."},"PolicyTypeExternal":{"type":"string","enum":["chats","access","agents","browse_securing"],"title":"PolicyTypeExternal","description":"External-facing policy types with consumer-friendly names."},"RequestSource":{"type":"string","enum":["device","edge","chrome","firefox","brave","comet","safari","surf","na"],"title":"RequestSource"},"StatusComponent":{"type":"string","enum":["proxy_health","mcp_health"],"title":"StatusComponent","description":"External-facing subset of status components exposed to API consumers."},"User":{"properties":{"user_unique_id":{"type":"string","format":"uuid","title":"User Unique Id","description":"Unique user identifier"},"name":{"type":"string","title":"Name","description":"User name"},"display_name":{"type":"string","title":"Display Name","description":"Display name"},"samname":{"type":"string","title":"Samname","description":"SAM account name (unique per tenant)"},"created_at":{"type":"string","format":"date-time","title":"Created At","description":"Created timestamp"},"updated_at":{"type":"string","format":"date-time","title":"Updated At","description":"Updated timestamp"}},"type":"object","required":["user_unique_id","name","display_name","samname","created_at","updated_at"],"title":"User","description":"External-safe twin of GlobalUser."},"UserItem":{"properties":{"user_unique_id":{"type":"string","format":"uuid","title":"User Unique Id","description":"Unique user identifier"},"name":{"type":"string","title":"Name","description":"User name (CN path)"},"display_name":{"type":"string","title":"Display Name","description":"Display name"},"samname":{"type":"string","title":"Samname","description":"SAM account name"}},"type":"object","required":["user_unique_id","name","display_name","samname"],"title":"UserItem","description":"External-safe user item."},"UsersResponse":{"properties":{"tenant_id":{"type":"string","format":"uuid","title":"Tenant Id"},"users":{"items":{"$ref":"#/components/schemas/UserItem"},"type":"array","title":"Users"},"limit":{"type":"integer","title":"Limit"},"offset":{"type":"integer","title":"Offset"}},"type":"object","required":["tenant_id","users","limit","offset"],"title":"UsersResponse","description":"Response with users and pagination metadata."},"AppResult":{"properties":{"app_id":{"type":"integer","title":"App Id","description":"Unique app identifier"},"name":{"type":"string","title":"Name","description":"App name"},"description":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Description","description":"App description"},"page_url":{"anyOf":[{"type":"string"},{"type":"null"}],"title":"Page Url","description":"App page URL"}},"type":"object","required":["app_id","name"],"title":"AppResult","description":"A single app result with minimal fields."},"AppSearchResponse":{"properties":{"results":{"items":{"$ref":"#/components/schemas/AppResult"},"type":"array","title":"Results","description":"Matching apps (max 10)"}},"type":"object","title":"AppSearchResponse","description":"Response with matching apps (max 10)."},"AppsByIdsResponse":{"properties":{"results":{"items":{"$ref":"#/components/schemas/AppResult"},"type":"array","title":"Results","description":"Matching apps"}},"type":"object","title":"AppsByIdsResponse","description":"Response with apps by IDs."},"SearchBy":{"type":"string","enum":["name","name_and_description","url"],"title":"SearchBy"}},"securitySchemes":{"HTTPBearer":{"type":"http","scheme":"bearer"}}}}
|
package/package.json
ADDED
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@haimkastner/workforce-ai-mcp",
|
|
3
|
+
"version": "1.0.0-rc.0",
|
|
4
|
+
"description": "MCP server for Workforce AI — policy management, asset visibility, and apps catalog via LLM tool calls",
|
|
5
|
+
"license": "MIT",
|
|
6
|
+
"type": "module",
|
|
7
|
+
"main": "dist/index.js",
|
|
8
|
+
"bin": {
|
|
9
|
+
"workforce-ai-mcp": "dist/index.js"
|
|
10
|
+
},
|
|
11
|
+
"files": [
|
|
12
|
+
"dist",
|
|
13
|
+
"openapi-mcp.json",
|
|
14
|
+
"README.md",
|
|
15
|
+
"LICENSE"
|
|
16
|
+
],
|
|
17
|
+
"scripts": {
|
|
18
|
+
"build": "tsc",
|
|
19
|
+
"prepublishOnly": "npm run build",
|
|
20
|
+
"start": "node dist/index.js",
|
|
21
|
+
"dev": "tsx src/index.ts",
|
|
22
|
+
"spec:fetch": "tsx scripts/fetch-spec.ts",
|
|
23
|
+
"generate-tools": "tsx scripts/generate-tools.ts"
|
|
24
|
+
},
|
|
25
|
+
"dependencies": {
|
|
26
|
+
"@hono/node-server": "^1.14.1",
|
|
27
|
+
"@modelcontextprotocol/sdk": "^1.10.0",
|
|
28
|
+
"axios": "^1.9.0",
|
|
29
|
+
"dotenv": "^17.4.0",
|
|
30
|
+
"fetch-to-node": "^2.1.0",
|
|
31
|
+
"hono": "^4.7.7",
|
|
32
|
+
"uuid": "^11.1.0",
|
|
33
|
+
"zod": "^3.24.3"
|
|
34
|
+
},
|
|
35
|
+
"devDependencies": {
|
|
36
|
+
"@types/node": "^22.0.0",
|
|
37
|
+
"@types/uuid": "^10.0.0",
|
|
38
|
+
"json-schema-to-zod": "^2.6.1",
|
|
39
|
+
"tsx": "^4.0.0",
|
|
40
|
+
"typescript": "^5.7.0"
|
|
41
|
+
},
|
|
42
|
+
"engines": {
|
|
43
|
+
"node": ">=20"
|
|
44
|
+
}
|
|
45
|
+
}
|