@oneuptime/common 10.3.0 → 10.4.1

package/Server/Services/OnCallDutyPolicyScheduleOwnerRuleEngineService.ts

@@ -0,0 +1,223 @@
+import Label from "../../Models/DatabaseModels/Label";
+import OnCallDutyPolicySchedule from "../../Models/DatabaseModels/OnCallDutyPolicySchedule";
+import OnCallDutyPolicyScheduleOwnerRule from "../../Models/DatabaseModels/OnCallDutyPolicyScheduleOwnerRule";
+import OnCallDutyPolicyScheduleOwnerUser from "../../Models/DatabaseModels/OnCallDutyPolicyScheduleOwnerUser";
+import OnCallDutyPolicyScheduleOwnerTeam from "../../Models/DatabaseModels/OnCallDutyPolicyScheduleOwnerTeam";
+import OnCallDutyPolicyScheduleOwnerRuleService from "./OnCallDutyPolicyScheduleOwnerRuleService";
+import OnCallDutyPolicyScheduleOwnerUserService from "./OnCallDutyPolicyScheduleOwnerUserService";
+import OnCallDutyPolicyScheduleOwnerTeamService from "./OnCallDutyPolicyScheduleOwnerTeamService";
+import OnCallDutyPolicyScheduleService from "./OnCallDutyPolicyScheduleService";
+import ObjectID from "../../Types/ObjectID";
+import CaptureSpan from "../Utils/Telemetry/CaptureSpan";
+import logger, { LogAttributes } from "../Utils/Logger";
+
+class OnCallDutyPolicyScheduleOwnerRuleEngineServiceClass {
+  @CaptureSpan()
+  public async applyRulesToSchedule(
+    schedule: OnCallDutyPolicySchedule,
+  ): Promise<void> {
+    if (!schedule.id || !schedule.projectId) {
+      return;
+    }
+
+    try {
+      const rules: Array<OnCallDutyPolicyScheduleOwnerRule> =
+        await OnCallDutyPolicyScheduleOwnerRuleService.findBy({
+          query: {
+            projectId: schedule.projectId,
+            isEnabled: true,
+          },
+          props: { isRoot: true },
+          select: {
+            _id: true,
+            name: true,
+            notifyOwners: true,
+            onCallDutyPolicyScheduleLabels: { _id: true },
+            onCallDutyPolicyScheduleNamePattern: true,
+            onCallDutyPolicyScheduleDescriptionPattern: true,
+            ownerUsers: { _id: true },
+            ownerTeams: { _id: true },
+          },
+          limit: 100,
+          skip: 0,
+        });
+
+      if (rules.length === 0) {
+        return;
+      }
+
+      const scheduleWithDetails: OnCallDutyPolicySchedule | null =
+        await OnCallDutyPolicyScheduleService.findOneById({
+          id: schedule.id,
+          select: {
+            name: true,
+            description: true,
+            labels: { _id: true },
+          },
+          props: { isRoot: true },
+        });
+
+      if (!scheduleWithDetails) {
+        return;
+      }
+
+      const usersByNotify: Map<boolean, Set<string>> = new Map([
+        [true, new Set()],
+        [false, new Set()],
+      ]);
+      const teamsByNotify: Map<boolean, Set<string>> = new Map([
+        [true, new Set()],
+        [false, new Set()],
+      ]);
+
+      const matchedRules: Array<OnCallDutyPolicyScheduleOwnerRule> = [];
+
+      for (const rule of rules) {
+        const matches: boolean = this.doesScheduleMatchRule(
+          scheduleWithDetails,
+          rule,
+        );
+        if (!matches) {
+          continue;
+        }
+        let ruleAddedAny: boolean = false;
+        const notify: boolean = rule.notifyOwners !== false;
+        for (const user of rule.ownerUsers || []) {
+          if (user.id) {
+            usersByNotify.get(notify)!.add(user.id.toString());
+            ruleAddedAny = true;
+          }
+        }
+        for (const team of rule.ownerTeams || []) {
+          if (team.id) {
+            teamsByNotify.get(notify)!.add(team.id.toString());
+            ruleAddedAny = true;
+          }
+        }
+        if (ruleAddedAny) {
+          matchedRules.push(rule);
+        }
+      }
+
+      if (matchedRules.length === 0) {
+        return;
+      }
+
+      for (const notify of [true, false]) {
+        const userIds: Set<string> = usersByNotify.get(notify)!;
+        const teamIds: Set<string> = teamsByNotify.get(notify)!;
+
+        for (const userId of userIds) {
+          const owner: OnCallDutyPolicyScheduleOwnerUser =
+            new OnCallDutyPolicyScheduleOwnerUser();
+          owner.onCallDutyPolicyScheduleId = schedule.id;
+          owner.projectId = schedule.projectId;
+          owner.userId = new ObjectID(userId);
+          owner.isOwnerNotified = !notify;
+          await OnCallDutyPolicyScheduleOwnerUserService.create({
+            data: owner,
+            props: { isRoot: true },
+          });
+        }
+
+        for (const teamId of teamIds) {
+          const owner: OnCallDutyPolicyScheduleOwnerTeam =
+            new OnCallDutyPolicyScheduleOwnerTeam();
+          owner.onCallDutyPolicyScheduleId = schedule.id;
+          owner.projectId = schedule.projectId;
+          owner.teamId = new ObjectID(teamId);
+          owner.isOwnerNotified = !notify;
+          await OnCallDutyPolicyScheduleOwnerTeamService.create({
+            data: owner,
+            props: { isRoot: true },
+          });
+        }
+      }
+
+      logger.debug(
+        `OnCallDutyPolicyScheduleOwnerRuleEngine added owners to schedule ${schedule.id}`,
+        { projectId: schedule.projectId.toString() } as LogAttributes,
+      );
+    } catch (error) {
+      logger.error(
+        `Error applying on-call duty schedule owner rules: ${error}`,
+        {
+          projectId: schedule.projectId?.toString(),
+          onCallDutyPolicyScheduleId: schedule.id?.toString(),
+        } as LogAttributes,
+      );
+    }
+  }
+
+  private doesScheduleMatchRule(
+    schedule: OnCallDutyPolicySchedule,
+    rule: OnCallDutyPolicyScheduleOwnerRule,
+  ): boolean {
+    if (
+      rule.onCallDutyPolicyScheduleLabels &&
+      rule.onCallDutyPolicyScheduleLabels.length > 0
+    ) {
+      if (!schedule.labels || schedule.labels.length === 0) {
+        return false;
+      }
+      const ruleLabelIds: Array<string> =
+        rule.onCallDutyPolicyScheduleLabels.map((l: Label) => {
+          return l.id?.toString() || "";
+        });
+      const labelIds: Array<string> = schedule.labels.map((l: Label) => {
+        return l.id?.toString() || "";
+      });
+      if (
+        !ruleLabelIds.some((id: string) => {
+          return labelIds.includes(id);
+        })
+      ) {
+        return false;
+      }
+    }
+
+    if (
+      rule.onCallDutyPolicyScheduleNamePattern &&
+      (!schedule.name ||
+        !this.testRegex(
+          rule.onCallDutyPolicyScheduleNamePattern,
+          schedule.name,
+          rule,
+        ))
+    ) {
+      return false;
+    }
+
+    if (
+      rule.onCallDutyPolicyScheduleDescriptionPattern &&
+      (!schedule.description ||
+        !this.testRegex(
+          rule.onCallDutyPolicyScheduleDescriptionPattern,
+          schedule.description,
+          rule,
+        ))
+    ) {
+      return false;
+    }
+
+    return true;
+  }
+
+  private testRegex(
+    pattern: string,
+    value: string,
+    rule: OnCallDutyPolicyScheduleOwnerRule,
+  ): boolean {
+    try {
+      const regex: RegExp = new RegExp(pattern, "i");
+      return regex.test(value);
+    } catch {
+      logger.warn(
+        `Invalid regex in on-call duty schedule owner rule ${rule.id}: ${pattern}`,
+      );
+      return false;
+    }
+  }
+}
+
+export default new OnCallDutyPolicyScheduleOwnerRuleEngineServiceClass();

package/Server/Services/OnCallDutyPolicyScheduleOwnerRuleService.ts

@@ -0,0 +1,10 @@
+import DatabaseService from "./DatabaseService";
+import Model from "../../Models/DatabaseModels/OnCallDutyPolicyScheduleOwnerRule";
+
+export class Service extends DatabaseService<Model> {
+  public constructor() {
+    super(Model);
+  }
+}
+
+export default new Service();

package/Server/Services/OnCallDutyPolicyScheduleOwnerTeamService.ts

@@ -0,0 +1,9 @@
+import DatabaseService from "./DatabaseService";
+import Model from "../../Models/DatabaseModels/OnCallDutyPolicyScheduleOwnerTeam";
+
+export class Service extends DatabaseService<Model> {
+  public constructor() {
+    super(Model);
+  }
+}
+export default new Service();

package/Server/Services/OnCallDutyPolicyScheduleOwnerUserService.ts

@@ -0,0 +1,9 @@
+import DatabaseService from "./DatabaseService";
+import Model from "../../Models/DatabaseModels/OnCallDutyPolicyScheduleOwnerUser";
+
+export class Service extends DatabaseService<Model> {
+  public constructor() {
+    super(Model);
+  }
+}
+export default new Service();

package/Server/Services/OnCallDutyPolicyScheduleService.ts

@@ -38,8 +38,10 @@ import OnCallDutyPolicyFeedService from "./OnCallDutyPolicyFeedService";
 import { OnCallDutyPolicyFeedEventType } from "../../Models/DatabaseModels/OnCallDutyPolicyFeed";
 import { Green500 } from "../../Types/BrandColors";
 import OnCallDutyPolicyTimeLogService from "./OnCallDutyPolicyTimeLogService";
+import OnCallDutyPolicyScheduleLabelRuleEngineService from "./OnCallDutyPolicyScheduleLabelRuleEngineService";
+import OnCallDutyPolicyScheduleOwnerRuleEngineService from "./OnCallDutyPolicyScheduleOwnerRuleEngineService";
 import DeleteBy from "../Types/Database/DeleteBy";
-import { OnDelete } from "../Types/Database/Hooks";
+import { OnCreate, OnDelete } from "../Types/Database/Hooks";
 import PushNotificationMessage from "../../Types/PushNotification/PushNotificationMessage";
 import PushNotificationUtil from "../Utils/PushNotificationUtil";
 import { createWhatsAppMessageFromTemplate } from "../Utils/WhatsAppTemplateUtil";
@@ -52,6 +54,35 @@ export class Service extends DatabaseService<OnCallDutyPolicySchedule> {
     super(OnCallDutyPolicySchedule);
   }
 
+  protected override async onCreateSuccess(
+    _onCreate: OnCreate<OnCallDutyPolicySchedule>,
+    createdItem: OnCallDutyPolicySchedule,
+  ): Promise<OnCallDutyPolicySchedule> {
+    if (createdItem.projectId && createdItem.id) {
+      Promise.resolve()
+        .then(async () => {
+          await OnCallDutyPolicyScheduleLabelRuleEngineService.applyRulesToSchedule(
+            createdItem,
+          );
+        })
+        .then(async () => {
+          await OnCallDutyPolicyScheduleOwnerRuleEngineService.applyRulesToSchedule(
+            createdItem,
+          );
+        })
+        .catch((error: Error) => {
+          logger.error(
+            `Error applying on-call schedule rules in OnCallDutyPolicyScheduleService.onCreateSuccess: ${error}`,
+            {
+              projectId: createdItem.projectId?.toString(),
+              onCallDutyPolicyScheduleId: createdItem.id?.toString(),
+            } as LogAttributes,
+          );
+        });
+    }
+    return createdItem;
+  }
+
   protected override async onBeforeDelete(
     deleteBy: DeleteBy<OnCallDutyPolicySchedule>,
   ): Promise<OnDelete<OnCallDutyPolicySchedule>> {

package/Server/Services/OnCallDutyPolicyService.ts

@@ -35,6 +35,8 @@ import OnCallDutyPolicyWorkspaceMessages from "../Utils/Workspace/WorkspaceMessa
 import OnCallDutyPolicyFeedService from "./OnCallDutyPolicyFeedService";
 import { OnCallDutyPolicyFeedEventType } from "../../Models/DatabaseModels/OnCallDutyPolicyFeed";
 import { Green500 } from "../../Types/BrandColors";
+import OnCallDutyPolicyLabelRuleEngineService from "./OnCallDutyPolicyLabelRuleEngineService";
+import OnCallDutyPolicyOwnerRuleEngineService from "./OnCallDutyPolicyOwnerRuleEngineService";
 
 export class Service extends DatabaseService<OnCallDutyPolicy> {
   public constructor() {
@@ -49,6 +51,25 @@ export class Service extends DatabaseService<OnCallDutyPolicy> {
       throw new BadDataException("On Call Policy id not found.");
     }
 
+    if (createdItem.projectId) {
+      try {
+        await OnCallDutyPolicyLabelRuleEngineService.applyRulesToOnCallDutyPolicy(
+          createdItem,
+        );
+        await OnCallDutyPolicyOwnerRuleEngineService.applyRulesToOnCallDutyPolicy(
+          createdItem,
+        );
+      } catch (error) {
+        logger.error(
+          `Error applying on-call duty policy rules in OnCallDutyPolicyService.onCreateSuccess: ${error}`,
+          {
+            projectId: createdItem.projectId?.toString(),
+            onCallDutyPolicyId: createdItem.id?.toString(),
+          } as LogAttributes,
+        );
+      }
+    }
+
     const onCallPolicy: OnCallDutyPolicy | null = await this.findOneById({
       id: createdItem.id,
       select: {

package/Server/Services/ProfileAggregationService.ts

@@ -59,6 +59,30 @@ export interface FunctionListRequest {
   sortBy?: "selfValue" | "totalValue" | "sampleCount";
 }
 
+export interface ServiceActivityRequest {
+  projectId: ObjectID;
+  startTime: Date;
+  endTime: Date;
+  /**
+   * Single profile type to filter on. Kept for backwards compat. When
+   * `profileTypes` is also supplied, `profileTypes` wins.
+   */
+  profileType?: string;
+  /**
+   * Multiple raw profile-type strings to OR together. The UI maps a
+   * user-facing category (e.g. "CPU") to all the raw type strings real
+   * agents actually emit (e.g. ["cpu", "samples"]).
+   */
+  profileTypes?: Array<string>;
+}
+
+export interface ServiceActivityItem {
+  serviceId: string;
+  sampleCount: number;
+  profileCount: number;
+  totalValue: number;
+}
+
 export interface DiffFlamegraphRequest {
   projectId: ObjectID;
   baselineStartTime: Date;
@@ -417,6 +441,42 @@ export class ProfileAggregationService {
     return node;
   }
 
+  /**
+   * Aggregate sample / profile counts per serviceId for a time window.
+   * Drives the "loudest services first" sort on the Profiles dashboard
+   * so a developer opening the page lands on the workloads that are
+   * actually doing work rather than scrolling past kernel-thread noise.
+   */
+  @CaptureSpan()
+  public static async getServiceActivity(
+    request: ServiceActivityRequest,
+  ): Promise<Array<ServiceActivityItem>> {
+    const statement: Statement =
+      ProfileAggregationService.buildServiceActivityQuery(request);
+
+    const dbResult: Results =
+      await ProfileSampleDatabaseService.executeQuery(statement);
+    const response: DbJSONResponse = await dbResult.json<{
+      data?: Array<JSONObject>;
+    }>();
+
+    const rows: Array<JSONObject> = response.data || [];
+    const out: Array<ServiceActivityItem> = [];
+    for (const row of rows) {
+      const serviceId: string = String(row["serviceId"] || "");
+      if (!serviceId) {
+        continue;
+      }
+      out.push({
+        serviceId,
+        sampleCount: Number(row["sampleCount"] || 0),
+        profileCount: Number(row["profileCount"] || 0),
+        totalValue: Number(row["totalValue"] || 0),
+      });
+    }
+    return out;
+  }
+
   // --- Query builders ---
 
   private static buildFlamegraphQuery(request: FlamegraphRequest): Statement {
@@ -506,6 +566,65 @@ export class ProfileAggregationService {
     return statement;
   }
 
+  private static buildServiceActivityQuery(
+    request: ServiceActivityRequest,
+  ): Statement {
+    /*
+     * sum(value) directly — value is stored as Int128 in ClickHouse, so
+     * toFloat64OrZero would fail ("Illegal type Int128"); a plain sum is
+     * the right idiom here, and we coerce to Number when serialising in
+     * getServiceActivity.
+     */
+    const statement: Statement = SQL`
+      SELECT
+        toString(serviceId) AS serviceId,
+        count() AS sampleCount,
+        uniqExact(profileId) AS profileCount,
+        toFloat64(sum(value)) AS totalValue
+      FROM ${ProfileAggregationService.TABLE_NAME}
+      WHERE projectId = ${{
+        type: TableColumnType.ObjectID,
+        value: request.projectId,
+      }}
+        AND time >= ${{
+          type: TableColumnType.Date,
+          value: request.startTime,
+        }}
+        AND time <= ${{
+          type: TableColumnType.Date,
+          value: request.endTime,
+        }}
+    `;
+
+    /*
+     * profileTypes (array) wins over profileType (single) so the UI
+     * can OR together every raw type string in a category.
+     */
+    if (request.profileTypes && request.profileTypes.length > 0) {
+      statement.append(
+        SQL` AND profileType IN (${{
+          type: TableColumnType.Text,
+          value: new Includes(request.profileTypes),
+        }})`,
+      );
+    } else if (request.profileType) {
+      statement.append(
+        SQL` AND profileType = ${{
+          type: TableColumnType.Text,
+          value: request.profileType,
+        }}`,
+      );
+    }
+
+    statement.append(
+      SQL` GROUP BY serviceId
+           ORDER BY sampleCount DESC
+           LIMIT 10000`,
+    );
+
+    return statement;
+  }
+
   private static appendCommonFilters(
     statement: Statement,
     request: Pick<

package/Server/Types/Database/Permissions/QueryPermission.ts

@@ -9,6 +9,7 @@ import DatabaseCommonInteractionProps from "../../../../Types/BaseDatabase/Datab
 import DatabaseCommonInteractionPropsUtil, {
   PermissionType,
 } from "../../../../Types/BaseDatabase/DatabaseCommonInteractionPropsUtil";
+import MultiSearch from "../../../../Types/BaseDatabase/MultiSearch";
 import Columns from "../../../../Types/Database/Columns";
 import { TableColumnMetadata } from "../../../../Types/Database/TableColumn";
 import TableColumnType from "../../../../Types/Database/TableColumnType";
@@ -156,6 +157,41 @@ export default class QueryPermission {
         continue;
       }
 
+      /*
+       * MultiSearch is a synthetic operator: the key itself is not a column,
+       * but the operator carries the list of fields it will ILIKE against
+       * (QueryUtil.serializeQuery expands it into an OR over those fields).
+       * Validate each inner field the same way we validate any other queried
+       * column so a client can't search across columns the user can't read.
+       */
+      if (query[key] instanceof MultiSearch) {
+        const multiSearch: MultiSearch = query[key] as unknown as MultiSearch;
+
+        for (const field of multiSearch.fields) {
+          if (excludedColumnNames.includes(field)) {
+            continue;
+          }
+
+          if (!tableColumns.includes(field)) {
+            throw new BadDataException(
+              `Invalid column on ${model.singularName} - ${field}. Column does not exist.`,
+            );
+          }
+
+          if (!canReadOnTheseColumns.columns.includes(field)) {
+            throw new NotAuthorizedException(
+              `You do not have permissions to query on - ${field}. You need any one of these permissions: ${PermissionHelper.getPermissionTitles(
+                model.getColumnAccessControlFor(field)
+                  ? model.getColumnAccessControlFor(field)!.read
+                  : [],
+              ).join(", ")}`,
+            );
+          }
+        }
+
+        continue;
+      }
+
       if (!canReadOnTheseColumns.columns.includes(key)) {
         if (!tableColumns.includes(key)) {
           throw new BadDataException(

package/Types/Monitor/MonitorStep.ts

@@ -64,6 +64,14 @@ export interface MonitorStepType {
   doNotFollowRedirects?: boolean | undefined;
   allowSelfSignedCertificates?: boolean | undefined;
 
+  /*
+   * mTLS / client certificate authentication (API and Website monitors).
+   * Values can be raw PEM strings or {{monitorSecrets.name}} references.
+   */
+  tlsClientCertificate?: string | undefined;
+  tlsClientKey?: string | undefined;
+  tlsClientKeyPassphrase?: string | undefined;
+
   // this is for port monitors.
   monitorDestinationPort?: Port | undefined;
 
@@ -122,6 +130,9 @@ export default class MonitorStep extends DatabaseProperty {
       monitorDestination: undefined,
       doNotFollowRedirects: undefined,
       allowSelfSignedCertificates: undefined,
+      tlsClientCertificate: undefined,
+      tlsClientKey: undefined,
+      tlsClientKeyPassphrase: undefined,
       monitorDestinationPort: undefined,
       monitorCriteria: new MonitorCriteria(),
       requestType: HTTPMethod.GET,
@@ -160,6 +171,9 @@ export default class MonitorStep extends DatabaseProperty {
       monitorDestination: undefined,
       doNotFollowRedirects: undefined,
       allowSelfSignedCertificates: undefined,
+      tlsClientCertificate: undefined,
+      tlsClientKey: undefined,
+      tlsClientKeyPassphrase: undefined,
       monitorDestinationPort: undefined,
       monitorCriteria: MonitorCriteria.getDefaultMonitorCriteria(arg),
       requestType: HTTPMethod.GET,
@@ -231,6 +245,25 @@ export default class MonitorStep extends DatabaseProperty {
     return this;
   }
 
+  public setTlsClientCertificate(
+    tlsClientCertificate: string | undefined,
+  ): MonitorStep {
+    this.data!.tlsClientCertificate = tlsClientCertificate || undefined;
+    return this;
+  }
+
+  public setTlsClientKey(tlsClientKey: string | undefined): MonitorStep {
+    this.data!.tlsClientKey = tlsClientKey || undefined;
+    return this;
+  }
+
+  public setTlsClientKeyPassphrase(
+    tlsClientKeyPassphrase: string | undefined,
+  ): MonitorStep {
+    this.data!.tlsClientKeyPassphrase = tlsClientKeyPassphrase || undefined;
+    return this;
+  }
+
   public setPort(monitorDestinationPort: Port): MonitorStep {
     this.data!.monitorDestinationPort = monitorDestinationPort;
     return this;
@@ -340,6 +373,9 @@ export default class MonitorStep extends DatabaseProperty {
         monitorDestination: undefined,
         doNotFollowRedirects: undefined,
         allowSelfSignedCertificates: undefined,
+        tlsClientCertificate: undefined,
+        tlsClientKey: undefined,
+        tlsClientKeyPassphrase: undefined,
         monitorDestinationPort: undefined,
         monitorCriteria: MonitorCriteria.getNewMonitorCriteriaAsJSON(),
         requestType: HTTPMethod.GET,
@@ -409,6 +445,25 @@ export default class MonitorStep extends DatabaseProperty {
       return "Request Type is required";
     }
 
+    if (
+      monitorType === MonitorType.API ||
+      monitorType === MonitorType.Website
+    ) {
+      const hasCert: boolean = Boolean(
+        value.data.tlsClientCertificate &&
+          value.data.tlsClientCertificate.trim(),
+      );
+      const hasKey: boolean = Boolean(
+        value.data.tlsClientKey && value.data.tlsClientKey.trim(),
+      );
+      if (hasCert && !hasKey) {
+        return "Client private key is required when a client certificate is provided";
+      }
+      if (hasKey && !hasCert) {
+        return "Client certificate is required when a client private key is provided";
+      }
+    }
+
     if (
       monitorType === MonitorType.Port &&
       !value.data.monitorDestinationPort
@@ -497,6 +552,9 @@ export default class MonitorStep extends DatabaseProperty {
           doNotFollowRedirects: this.data.doNotFollowRedirects || undefined,
           allowSelfSignedCertificates:
             this.data.allowSelfSignedCertificates || undefined,
+          tlsClientCertificate: this.data.tlsClientCertificate || undefined,
+          tlsClientKey: this.data.tlsClientKey || undefined,
+          tlsClientKeyPassphrase: this.data.tlsClientKeyPassphrase || undefined,
           monitorDestinationPort:
             this.data?.monitorDestinationPort?.toJSON() || undefined,
           monitorCriteria: this.data.monitorCriteria.toJSON(),
@@ -634,6 +692,11 @@ export default class MonitorStep extends DatabaseProperty {
       doNotFollowRedirects: json["doNotFollowRedirects"] || undefined,
       allowSelfSignedCertificates:
         json["allowSelfSignedCertificates"] || undefined,
+      tlsClientCertificate:
+        (json["tlsClientCertificate"] as string) || undefined,
+      tlsClientKey: (json["tlsClientKey"] as string) || undefined,
+      tlsClientKeyPassphrase:
+        (json["tlsClientKeyPassphrase"] as string) || undefined,
       monitorDestinationPort: monitorDestinationPort || undefined,
       monitorCriteria: MonitorCriteria.fromJSON(
         json["monitorCriteria"] as JSONObject,
@@ -697,6 +760,9 @@ export default class MonitorStep extends DatabaseProperty {
         requestBody: Zod.string().optional(),
         doNotFollowRedirects: Zod.boolean().optional(),
         allowSelfSignedCertificates: Zod.boolean().optional(),
+        tlsClientCertificate: Zod.string().optional(),
+        tlsClientKey: Zod.string().optional(),
+        tlsClientKeyPassphrase: Zod.string().optional(),
         monitorDestinationPort: Zod.any().optional(),
         customCode: Zod.string().optional(),
         screenSizeTypes: Zod.any().optional(),