@pulumi/cloudflare 6.12.0-alpha.1766556630 → 6.12.0

package/types/input.d.ts

@@ -2684,10 +2684,6 @@ export interface AccountMemberPolicy {
      * Available values: "allow", "deny".
      */
     access: pulumi.Input<string>;
-    /**
-     * Policy identifier.
-     */
-    id?: pulumi.Input<string>;
     /**
      * A set of permission groups that are specified to the policy.
      */
@@ -2753,7 +2749,6 @@ export interface AccountSubscriptionRatePlan {
     externallyManaged?: pulumi.Input<boolean>;
     /**
      * The ID of the rate plan.
-     * Available values: "free", "lite", "pro", "pro*plus", "business", "enterprise", "partners*free", "partners*pro", "partners*business", "partnersEnterprise".
      */
     id?: pulumi.Input<string>;
     /**
@@ -2795,38 +2790,20 @@ export interface AccountTokenPolicy {
      * Available values: "allow", "deny".
      */
     effect: pulumi.Input<string>;
-    /**
-     * Policy identifier.
-     */
-    id?: pulumi.Input<string>;
     /**
      * A set of permission groups that are specified to the policy.
      */
     permissionGroups: pulumi.Input<pulumi.Input<inputs.AccountTokenPolicyPermissionGroup>[]>;
     /**
-     * A list of resource names that the policy applies to.
+     * A json object representing the resources that are specified to the policy.
      */
-    resources: pulumi.Input<{
-        [key: string]: pulumi.Input<string>;
-    }>;
+    resources: pulumi.Input<string>;
 }
 export interface AccountTokenPolicyPermissionGroup {
     /**
      * Identifier of the permission group.
      */
     id: pulumi.Input<string>;
-    /**
-     * Attributes associated to the permission group.
-     */
-    meta?: pulumi.Input<inputs.AccountTokenPolicyPermissionGroupMeta>;
-    /**
-     * Name of the permission group.
-     */
-    name?: pulumi.Input<string>;
-}
-export interface AccountTokenPolicyPermissionGroupMeta {
-    key?: pulumi.Input<string>;
-    value?: pulumi.Input<string>;
 }
 export interface AccountUnit {
     /**
@@ -3076,38 +3053,20 @@ export interface ApiTokenPolicy {
      * Available values: "allow", "deny".
      */
     effect: pulumi.Input<string>;
-    /**
-     * Policy identifier.
-     */
-    id?: pulumi.Input<string>;
     /**
      * A set of permission groups that are specified to the policy.
      */
     permissionGroups: pulumi.Input<pulumi.Input<inputs.ApiTokenPolicyPermissionGroup>[]>;
     /**
-     * A list of resource names that the policy applies to.
+     * A json object representing the resources that are specified to the policy.
      */
-    resources: pulumi.Input<{
-        [key: string]: pulumi.Input<string>;
-    }>;
+    resources: pulumi.Input<string>;
 }
 export interface ApiTokenPolicyPermissionGroup {
     /**
      * Identifier of the permission group.
      */
     id: pulumi.Input<string>;
-    /**
-     * Attributes associated to the permission group.
-     */
-    meta?: pulumi.Input<inputs.ApiTokenPolicyPermissionGroupMeta>;
-    /**
-     * Name of the permission group.
-     */
-    name?: pulumi.Input<string>;
-}
-export interface ApiTokenPolicyPermissionGroupMeta {
-    key?: pulumi.Input<string>;
-    value?: pulumi.Input<string>;
 }
 export interface AuthenticatedOriginPullsConfig {
     /**
@@ -3153,6 +3112,62 @@ export interface BotManagementStaleZoneConfiguration {
      */
     suppressSessionScore?: pulumi.Input<boolean>;
 }
+export interface CertificatePackCertificate {
+    /**
+     * Certificate bundle method.
+     */
+    bundleMethod?: pulumi.Input<string>;
+    /**
+     * When the certificate from the authority expires.
+     */
+    expiresOn?: pulumi.Input<string>;
+    /**
+     * Specify the region where your private key can be held locally.
+     */
+    geoRestrictions?: pulumi.Input<inputs.CertificatePackCertificateGeoRestrictions>;
+    /**
+     * Hostnames covered by this certificate.
+     */
+    hosts?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Certificate identifier.
+     */
+    id?: pulumi.Input<string>;
+    /**
+     * The certificate authority that issued the certificate.
+     */
+    issuer?: pulumi.Input<string>;
+    /**
+     * When the certificate was last modified.
+     */
+    modifiedOn?: pulumi.Input<string>;
+    /**
+     * The order/priority in which the certificate will be used.
+     */
+    priority?: pulumi.Input<number>;
+    /**
+     * The type of hash used for the certificate.
+     */
+    signature?: pulumi.Input<string>;
+    /**
+     * Certificate status.
+     */
+    status?: pulumi.Input<string>;
+    /**
+     * When the certificate was uploaded to Cloudflare.
+     */
+    uploadedOn?: pulumi.Input<string>;
+    /**
+     * Identifier.
+     */
+    zoneId?: pulumi.Input<string>;
+}
+export interface CertificatePackCertificateGeoRestrictions {
+    /**
+     * Available values: "us", "eu", "highestSecurity".
+     */
+    label?: pulumi.Input<string>;
+}
 export interface CertificatePackValidationError {
     /**
      * A domain validation error.
@@ -3202,6 +3217,20 @@ export interface CloudConnectorRulesRuleParameters {
      */
     host?: pulumi.Input<string>;
 }
+export interface ConnectivityDirectoryServiceHost {
+    hostname?: pulumi.Input<string>;
+    ipv4?: pulumi.Input<string>;
+    ipv6?: pulumi.Input<string>;
+    network?: pulumi.Input<inputs.ConnectivityDirectoryServiceHostNetwork>;
+    resolverNetwork?: pulumi.Input<inputs.ConnectivityDirectoryServiceHostResolverNetwork>;
+}
+export interface ConnectivityDirectoryServiceHostNetwork {
+    tunnelId: pulumi.Input<string>;
+}
+export interface ConnectivityDirectoryServiceHostResolverNetwork {
+    resolverIps?: pulumi.Input<pulumi.Input<string>[]>;
+    tunnelId: pulumi.Input<string>;
+}
 export interface ContentScanningExpressionBody {
     /**
      * Defines the ruleset expression to use in matching content objects.
@@ -3534,7 +3563,7 @@ export interface DevicePostureRuleInput {
      */
     osDistroRevision?: pulumi.Input<string>;
     /**
-     * Additional version data. For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. (Mac, iOS, and Linux only).
+     * Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version.
      */
     osVersionExtra?: pulumi.Input<string>;
     /**
@@ -3588,6 +3617,10 @@ export interface DevicePostureRuleInput {
      * For more details on total score, refer to the Tanium documentation.
      */
     totalScore?: pulumi.Input<number>;
+    /**
+     * Number of days that the antivirus should be updated within.
+     */
+    updateWindowDays?: pulumi.Input<number>;
     /**
      * Version of OS.
      */
@@ -3653,22 +3686,6 @@ export interface DlpCustomProfileSharedEntry {
      */
     entryType: pulumi.Input<string>;
 }
-export interface DlpPredefinedProfileContextAwareness {
-    /**
-     * If true, scan the context of predefined entries to only return matches surrounded by keywords.
-     */
-    enabled: pulumi.Input<boolean>;
-    /**
-     * Content types to exclude from context analysis and return all matches.
-     */
-    skip: pulumi.Input<inputs.DlpPredefinedProfileContextAwarenessSkip>;
-}
-export interface DlpPredefinedProfileContextAwarenessSkip {
-    /**
-     * If the content type is a file, skip context analysis and return all matches.
-     */
-    files: pulumi.Input<boolean>;
-}
 export interface DlpPredefinedProfileEntry {
     enabled: pulumi.Input<boolean>;
     id: pulumi.Input<string>;
@@ -3937,7 +3954,7 @@ export interface EmailRoutingDnsResultInfo {
     /**
      * Total number of results for the requested service.
      */
-    count?: pulumi.Input<number>;
+    emailRoutingDnsCount?: pulumi.Input<number>;
     /**
      * Current page within paginated list of results.
      */
@@ -4453,6 +4470,20 @@ export interface GetApiTokenFilterArgs {
      */
     direction?: pulumi.Input<string>;
 }
+export interface GetCertificatePackFilter {
+    /**
+     * Include Certificate Packs of all statuses, not just active ones.
+     * Available values: "all".
+     */
+    status?: string;
+}
+export interface GetCertificatePackFilterArgs {
+    /**
+     * Include Certificate Packs of all statuses, not just active ones.
+     * Available values: "all".
+     */
+    status?: pulumi.Input<string>;
+}
 export interface GetCloudforceOneRequestFilter {
     /**
      * Retrieve requests completed after this time.
@@ -4541,6 +4572,18 @@ export interface GetCloudforceOneRequestFilterArgs {
      */
     status?: pulumi.Input<string>;
 }
+export interface GetConnectivityDirectoryServiceFilter {
+    /**
+     * Available values: "http".
+     */
+    type?: string;
+}
+export interface GetConnectivityDirectoryServiceFilterArgs {
+    /**
+     * Available values: "http".
+     */
+    type?: pulumi.Input<string>;
+}
 export interface GetCustomHostnameFilter {
     /**
      * Direction to order hostnames.
@@ -5528,25 +5571,95 @@ export interface GetOriginCaCertificateFilterArgs {
     zoneId: pulumi.Input<string>;
 }
 export interface GetSchemaValidationSchemasFilter {
-    /**
-     * Omit the source-files of schemas and only retrieve their meta-data.
-     */
-    omitSource?: boolean;
     /**
      * Filter for enabled schemas
      */
     validationEnabled?: boolean;
 }
 export interface GetSchemaValidationSchemasFilterArgs {
-    /**
-     * Omit the source-files of schemas and only retrieve their meta-data.
-     */
-    omitSource?: pulumi.Input<boolean>;
     /**
      * Filter for enabled schemas
      */
     validationEnabled?: pulumi.Input<boolean>;
 }
+export interface GetSpectrumApplicationFilter {
+    /**
+     * Sets the direction by which results are ordered.
+     * Available values: "asc", "desc".
+     */
+    direction?: string;
+    /**
+     * Application field by which results are ordered.
+     * Available values: "protocol", "app*id", "created*on", "modifiedOn", "dns".
+     */
+    order?: string;
+}
+export interface GetSpectrumApplicationFilterArgs {
+    /**
+     * Sets the direction by which results are ordered.
+     * Available values: "asc", "desc".
+     */
+    direction?: pulumi.Input<string>;
+    /**
+     * Application field by which results are ordered.
+     * Available values: "protocol", "app*id", "created*on", "modifiedOn", "dns".
+     */
+    order?: pulumi.Input<string>;
+}
+export interface GetTokenValidationRulesFilter {
+    /**
+     * Action to take on requests that match operations included in `selector` and fail `expression`.
+     * Available values: "log", "block".
+     */
+    action?: string;
+    /**
+     * Toggle rule on or off.
+     */
+    enabled?: boolean;
+    /**
+     * Select rules with this host in `include`.
+     */
+    host?: string;
+    /**
+     * Select rules with this host in `include`.
+     */
+    hostname?: string;
+    /**
+     * Select rules with these IDs.
+     */
+    id?: string;
+    /**
+     * Select rules using any of these token configurations.
+     */
+    tokenConfigurations?: string[];
+}
+export interface GetTokenValidationRulesFilterArgs {
+    /**
+     * Action to take on requests that match operations included in `selector` and fail `expression`.
+     * Available values: "log", "block".
+     */
+    action?: pulumi.Input<string>;
+    /**
+     * Toggle rule on or off.
+     */
+    enabled?: pulumi.Input<boolean>;
+    /**
+     * Select rules with this host in `include`.
+     */
+    host?: pulumi.Input<string>;
+    /**
+     * Select rules with this host in `include`.
+     */
+    hostname?: pulumi.Input<string>;
+    /**
+     * Select rules with these IDs.
+     */
+    id?: pulumi.Input<string>;
+    /**
+     * Select rules using any of these token configurations.
+     */
+    tokenConfigurations?: pulumi.Input<pulumi.Input<string>[]>;
+}
 export interface GetTurnstileWidgetFilter {
     /**
      * Direction to order widgets.
@@ -5681,6 +5794,18 @@ export interface GetWorkersKvNamespaceFilterArgs {
      */
     order?: pulumi.Input<string>;
 }
+export interface GetWorkersScriptFilter {
+    /**
+     * Filter scripts by tags. Format: comma-separated list of tag:allowed pairs where allowed is 'yes' or 'no'.
+     */
+    tags?: string;
+}
+export interface GetWorkersScriptFilterArgs {
+    /**
+     * Filter scripts by tags. Format: comma-separated list of tag:allowed pairs where allowed is 'yes' or 'no'.
+     */
+    tags?: pulumi.Input<string>;
+}
 export interface GetWorkflowFilter {
     /**
      * Allows filtering workflows` name.
@@ -5693,6 +5818,30 @@ export interface GetWorkflowFilterArgs {
      */
     search?: pulumi.Input<string>;
 }
+export interface GetZeroTrustAccessAiControlsMcpPortalFilter {
+    /**
+     * Search by id, name, hostname
+     */
+    search?: string;
+}
+export interface GetZeroTrustAccessAiControlsMcpPortalFilterArgs {
+    /**
+     * Search by id, name, hostname
+     */
+    search?: pulumi.Input<string>;
+}
+export interface GetZeroTrustAccessAiControlsMcpServerFilter {
+    /**
+     * Search by id, name
+     */
+    search?: string;
+}
+export interface GetZeroTrustAccessAiControlsMcpServerFilterArgs {
+    /**
+     * Search by id, name
+     */
+    search?: pulumi.Input<string>;
+}
 export interface GetZeroTrustAccessApplicationFilter {
     /**
      * The aud of the app.
@@ -5988,14 +6137,14 @@ export interface GetZeroTrustDexTestTargetPolicyArgs {
 export interface GetZeroTrustListFilter {
     /**
      * Specify the list type.
-     * Available values: "SERIAL", "URL", "DOMAIN", "EMAIL", "IP".
+     * Available values: "SERIAL", "URL", "DOMAIN", "EMAIL", "IP", "CATEGORY", "LOCATION", "DEVICE".
      */
     type?: string;
 }
 export interface GetZeroTrustListFilterArgs {
     /**
      * Specify the list type.
-     * Available values: "SERIAL", "URL", "DOMAIN", "EMAIL", "IP".
+     * Available values: "SERIAL", "URL", "DOMAIN", "EMAIL", "IP", "CATEGORY", "LOCATION", "DEVICE".
      */
     type?: pulumi.Input<string>;
 }
@@ -6126,10 +6275,6 @@ export interface GetZeroTrustTunnelCloudflaredRouteFilter {
      * If set, only list routes that contain this IP range.
      */
     networkSuperset?: string;
-    /**
-     * UUID of the route.
-     */
-    routeId?: string;
     /**
      * The types of tunnels to filter by, separated by commas.
      */
@@ -6164,10 +6309,6 @@ export interface GetZeroTrustTunnelCloudflaredRouteFilterArgs {
      * If set, only list routes that contain this IP range.
      */
     networkSuperset?: pulumi.Input<string>;
-    /**
-     * UUID of the route.
-     */
-    routeId?: pulumi.Input<string>;
     /**
      * The types of tunnels to filter by, separated by commas.
      */
@@ -7097,6 +7238,10 @@ export interface MagicNetworkMonitoringConfigurationWarpDevice {
 }
 export interface MagicTransitConnectorDevice {
     id?: pulumi.Input<string>;
+    /**
+     * Set to true to provision a license key for this connector. Only used during resource creation. This is a write-only field that will not be stored in state.
+     */
+    provisionLicense?: pulumi.Input<boolean>;
     serialNumber?: pulumi.Input<string>;
 }
 export interface MagicTransitSiteAclLan1 {
@@ -7933,6 +8078,9 @@ export interface PagesProjectCanonicalDeployment {
      * Short Id (8 character) of the deployment.
      */
     shortId?: pulumi.Input<string>;
+    /**
+     * Configs for the project source control.
+     */
     source?: pulumi.Input<inputs.PagesProjectCanonicalDeploymentSource>;
     /**
      * List of past stages.
@@ -7942,6 +8090,10 @@ export interface PagesProjectCanonicalDeployment {
      * The live URL to view this deployment.
      */
     url?: pulumi.Input<string>;
+    /**
+     * Whether the deployment uses functions.
+     */
+    usesFunctions?: pulumi.Input<boolean>;
 }
 export interface PagesProjectCanonicalDeploymentBuildConfig {
     /**
@@ -7953,7 +8105,7 @@ export interface PagesProjectCanonicalDeploymentBuildConfig {
      */
     buildCommand?: pulumi.Input<string>;
     /**
-     * Output directory of the build.
+     * Assets output directory of the build.
      */
     destinationDir?: pulumi.Input<string>;
     /**
@@ -7976,7 +8128,7 @@ export interface PagesProjectCanonicalDeploymentDeploymentTrigger {
     metadata?: pulumi.Input<inputs.PagesProjectCanonicalDeploymentDeploymentTriggerMetadata>;
     /**
      * What caused the deployment.
-     * Available values: "push", "adHoc".
+     * Available values: "github:push", "ad*hoc", "deploy*hook".
      */
     type?: pulumi.Input<string>;
 }
@@ -7985,6 +8137,10 @@ export interface PagesProjectCanonicalDeploymentDeploymentTriggerMetadata {
      * Where the trigger happened.
      */
     branch?: pulumi.Input<string>;
+    /**
+     * Whether the deployment trigger commit was dirty.
+     */
+    commitDirty?: pulumi.Input<boolean>;
     /**
      * Hash of the deployment trigger commit.
      */
@@ -8044,6 +8200,10 @@ export interface PagesProjectCanonicalDeploymentSourceConfig {
      * The owner of the repository.
      */
     owner?: pulumi.Input<string>;
+    /**
+     * The owner ID of the repository.
+     */
+    ownerId?: pulumi.Input<string>;
     /**
      * A list of paths that should be excluded from triggering a preview deployment. Wildcard syntax (`*`) is supported.
      */
@@ -8077,6 +8237,10 @@ export interface PagesProjectCanonicalDeploymentSourceConfig {
      * Whether to trigger a production deployment on commits to the production branch.
      */
     productionDeploymentsEnabled?: pulumi.Input<boolean>;
+    /**
+     * The ID of the repository.
+     */
+    repoId?: pulumi.Input<string>;
     /**
      * The name of the repository.
      */
@@ -8232,13 +8396,13 @@ export interface PagesProjectDeploymentConfigsPreview {
     wranglerConfigHash?: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsPreviewAiBindings {
-    projectId?: pulumi.Input<string>;
+    projectId: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsPreviewAnalyticsEngineDatasets {
     /**
      * Name of the dataset.
      */
-    dataset?: pulumi.Input<string>;
+    dataset: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsPreviewBrowsers {
 }
@@ -8246,13 +8410,13 @@ export interface PagesProjectDeploymentConfigsPreviewD1Databases {
     /**
      * UUID of the D1 database.
      */
-    id?: pulumi.Input<string>;
+    id: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsPreviewDurableObjectNamespaces {
     /**
      * ID of the Durable Object namespace.
      */
-    namespaceId?: pulumi.Input<string>;
+    namespaceId: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsPreviewEnvVars {
     /**
@@ -8265,22 +8429,22 @@ export interface PagesProjectDeploymentConfigsPreviewEnvVars {
     value: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsPreviewHyperdriveBindings {
-    id?: pulumi.Input<string>;
+    id: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsPreviewKvNamespaces {
     /**
      * ID of the KV namespace.
      */
-    namespaceId?: pulumi.Input<string>;
+    namespaceId: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsPreviewLimits {
     /**
      * CPU time limit in milliseconds.
      */
-    cpuMs?: pulumi.Input<number>;
+    cpuMs: pulumi.Input<number>;
 }
 export interface PagesProjectDeploymentConfigsPreviewMtlsCertificates {
-    certificateId?: pulumi.Input<string>;
+    certificateId: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsPreviewPlacement {
     /**
@@ -8292,7 +8456,7 @@ export interface PagesProjectDeploymentConfigsPreviewQueueProducers {
     /**
      * Name of the Queue.
      */
-    name?: pulumi.Input<string>;
+    name: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsPreviewR2Buckets {
     /**
@@ -8302,7 +8466,7 @@ export interface PagesProjectDeploymentConfigsPreviewR2Buckets {
     /**
      * Name of the R2 bucket.
      */
-    name?: pulumi.Input<string>;
+    name: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsPreviewServices {
     /**
@@ -8316,10 +8480,10 @@ export interface PagesProjectDeploymentConfigsPreviewServices {
     /**
      * The Service name.
      */
-    service?: pulumi.Input<string>;
+    service: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsPreviewVectorizeBindings {
-    indexName?: pulumi.Input<string>;
+    indexName: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsProduction {
     /**
@@ -8441,13 +8605,13 @@ export interface PagesProjectDeploymentConfigsProduction {
     wranglerConfigHash?: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsProductionAiBindings {
-    projectId?: pulumi.Input<string>;
+    projectId: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsProductionAnalyticsEngineDatasets {
     /**
      * Name of the dataset.
      */
-    dataset?: pulumi.Input<string>;
+    dataset: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsProductionBrowsers {
 }
@@ -8455,13 +8619,13 @@ export interface PagesProjectDeploymentConfigsProductionD1Databases {
     /**
      * UUID of the D1 database.
      */
-    id?: pulumi.Input<string>;
+    id: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsProductionDurableObjectNamespaces {
     /**
      * ID of the Durable Object namespace.
      */
-    namespaceId?: pulumi.Input<string>;
+    namespaceId: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsProductionEnvVars {
     /**
@@ -8474,22 +8638,22 @@ export interface PagesProjectDeploymentConfigsProductionEnvVars {
     value: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsProductionHyperdriveBindings {
-    id?: pulumi.Input<string>;
+    id: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsProductionKvNamespaces {
     /**
      * ID of the KV namespace.
      */
-    namespaceId?: pulumi.Input<string>;
+    namespaceId: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsProductionLimits {
     /**
      * CPU time limit in milliseconds.
      */
-    cpuMs?: pulumi.Input<number>;
+    cpuMs: pulumi.Input<number>;
 }
 export interface PagesProjectDeploymentConfigsProductionMtlsCertificates {
-    certificateId?: pulumi.Input<string>;
+    certificateId: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsProductionPlacement {
     /**
@@ -8501,7 +8665,7 @@ export interface PagesProjectDeploymentConfigsProductionQueueProducers {
     /**
      * Name of the Queue.
      */
-    name?: pulumi.Input<string>;
+    name: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsProductionR2Buckets {
     /**
@@ -8511,7 +8675,7 @@ export interface PagesProjectDeploymentConfigsProductionR2Buckets {
     /**
      * Name of the R2 bucket.
      */
-    name?: pulumi.Input<string>;
+    name: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsProductionServices {
     /**
@@ -8525,10 +8689,10 @@ export interface PagesProjectDeploymentConfigsProductionServices {
     /**
      * The Service name.
      */
-    service?: pulumi.Input<string>;
+    service: pulumi.Input<string>;
 }
 export interface PagesProjectDeploymentConfigsProductionVectorizeBindings {
-    indexName?: pulumi.Input<string>;
+    indexName: pulumi.Input<string>;
 }
 export interface PagesProjectLatestDeployment {
     /**
@@ -8586,6 +8750,9 @@ export interface PagesProjectLatestDeployment {
      * Short Id (8 character) of the deployment.
      */
     shortId?: pulumi.Input<string>;
+    /**
+     * Configs for the project source control.
+     */
     source?: pulumi.Input<inputs.PagesProjectLatestDeploymentSource>;
     /**
      * List of past stages.
@@ -8595,6 +8762,10 @@ export interface PagesProjectLatestDeployment {
      * The live URL to view this deployment.
      */
     url?: pulumi.Input<string>;
+    /**
+     * Whether the deployment uses functions.
+     */
+    usesFunctions?: pulumi.Input<boolean>;
 }
 export interface PagesProjectLatestDeploymentBuildConfig {
     /**
@@ -8606,7 +8777,7 @@ export interface PagesProjectLatestDeploymentBuildConfig {
      */
     buildCommand?: pulumi.Input<string>;
     /**
-     * Output directory of the build.
+     * Assets output directory of the build.
      */
     destinationDir?: pulumi.Input<string>;
     /**
@@ -8629,7 +8800,7 @@ export interface PagesProjectLatestDeploymentDeploymentTrigger {
     metadata?: pulumi.Input<inputs.PagesProjectLatestDeploymentDeploymentTriggerMetadata>;
     /**
      * What caused the deployment.
-     * Available values: "push", "adHoc".
+     * Available values: "github:push", "ad*hoc", "deploy*hook".
      */
     type?: pulumi.Input<string>;
 }
@@ -8638,6 +8809,10 @@ export interface PagesProjectLatestDeploymentDeploymentTriggerMetadata {
      * Where the trigger happened.
      */
     branch?: pulumi.Input<string>;
+    /**
+     * Whether the deployment trigger commit was dirty.
+     */
+    commitDirty?: pulumi.Input<boolean>;
     /**
      * Hash of the deployment trigger commit.
      */
@@ -8697,6 +8872,10 @@ export interface PagesProjectLatestDeploymentSourceConfig {
      * The owner of the repository.
      */
     owner?: pulumi.Input<string>;
+    /**
+     * The owner ID of the repository.
+     */
+    ownerId?: pulumi.Input<string>;
     /**
      * A list of paths that should be excluded from triggering a preview deployment. Wildcard syntax (`*`) is supported.
      */
@@ -8730,6 +8909,10 @@ export interface PagesProjectLatestDeploymentSourceConfig {
      * Whether to trigger a production deployment on commits to the production branch.
      */
     productionDeploymentsEnabled?: pulumi.Input<boolean>;
+    /**
+     * The ID of the repository.
+     */
+    repoId?: pulumi.Input<string>;
     /**
      * The name of the repository.
      */
@@ -8756,12 +8939,12 @@ export interface PagesProjectLatestDeploymentStage {
     status?: pulumi.Input<string>;
 }
 export interface PagesProjectSource {
-    config?: pulumi.Input<inputs.PagesProjectSourceConfig>;
+    config: pulumi.Input<inputs.PagesProjectSourceConfig>;
     /**
      * The source control management provider.
      * Available values: "github", "gitlab".
      */
-    type?: pulumi.Input<string>;
+    type: pulumi.Input<string>;
 }
 export interface PagesProjectSourceConfig {
     /**
@@ -8775,6 +8958,10 @@ export interface PagesProjectSourceConfig {
      * The owner of the repository.
      */
     owner?: pulumi.Input<string>;
+    /**
+     * The owner ID of the repository.
+     */
+    ownerId?: pulumi.Input<string>;
     /**
      * A list of paths that should be excluded from triggering a preview deployment. Wildcard syntax (`*`) is supported.
      */
@@ -8808,6 +8995,10 @@ export interface PagesProjectSourceConfig {
      * Whether to trigger a production deployment on commits to the production branch.
      */
     productionDeploymentsEnabled?: pulumi.Input<boolean>;
+    /**
+     * The ID of the repository.
+     */
+    repoId?: pulumi.Input<string>;
     /**
      * The name of the repository.
      */
@@ -9068,12 +9259,16 @@ export interface R2BucketSippySource {
      * Name of the AWS S3 bucket.
      */
     bucket?: pulumi.Input<string>;
+    /**
+     * URL to the S3-compatible API of the bucket.
+     */
+    bucketUrl?: pulumi.Input<string>;
     /**
      * Client email of an IAM credential (ideally scoped to a single GCS bucket).
      */
     clientEmail?: pulumi.Input<string>;
     /**
-     * Available values: "aws", "gcs".
+     * Available values: "aws", "gcs", "s3".
      */
     cloudProvider?: pulumi.Input<string>;
     /**
@@ -10183,6 +10378,17 @@ export interface SpectrumApplicationOriginDns {
      */
     type?: pulumi.Input<string>;
 }
+export interface SsoConnectorVerification {
+    /**
+     * DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership.
+     */
+    code?: pulumi.Input<string>;
+    /**
+     * The status of the verification code from the verification process.
+     * Available values: "awaiting", "pending", "failed", "verified".
+     */
+    status?: pulumi.Input<string>;
+}
 export interface StaticRouteScope {
     /**
      * List of colo names for the ECMP scope.
@@ -10765,6 +10971,10 @@ export interface TeamsRuleRuleSettings {
      * Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs. Settable only for `egress` rules.
      */
     egress?: pulumi.Input<inputs.TeamsRuleRuleSettingsEgress>;
+    /**
+     * Configure whether a copy of the HTTP request will be sent to storage when the rule matches.
+     */
+    forensicCopy?: pulumi.Input<inputs.TeamsRuleRuleSettingsForensicCopy>;
     /**
      * Ignore category matches at CNAME domains in a response. When off, evaluate categories in this rule against all CNAME domain categories in the response. Settable only for `dns` and `dnsResolver` rules.
      */
@@ -10959,6 +11169,12 @@ export interface TeamsRuleRuleSettingsEgress {
      */
     ipv6?: pulumi.Input<string>;
 }
+export interface TeamsRuleRuleSettingsForensicCopy {
+    /**
+     * Enable sending the copy to storage.
+     */
+    enabled?: pulumi.Input<boolean>;
+}
 export interface TeamsRuleRuleSettingsL4override {
     /**
      * Defines the IPv4 or IPv6 address.
@@ -11044,6 +11260,82 @@ export interface TeamsRuleSchedule {
     tue?: pulumi.Input<string>;
     wed?: pulumi.Input<string>;
 }
+export interface TokenValidationConfigCredentials {
+    keys: pulumi.Input<pulumi.Input<inputs.TokenValidationConfigCredentialsKey>[]>;
+}
+export interface TokenValidationConfigCredentialsKey {
+    /**
+     * Algorithm
+     * Available values: "RS256", "RS384", "RS512", "PS256", "PS384", "PS512", "ES256", "ES384".
+     */
+    alg: pulumi.Input<string>;
+    /**
+     * Curve
+     * Available values: "P-256", "P-384".
+     */
+    crv?: pulumi.Input<string>;
+    /**
+     * RSA exponent
+     */
+    e?: pulumi.Input<string>;
+    /**
+     * Key ID
+     */
+    kid: pulumi.Input<string>;
+    /**
+     * Key Type
+     * Available values: "RSA", "EC".
+     */
+    kty: pulumi.Input<string>;
+    /**
+     * RSA modulus
+     */
+    n?: pulumi.Input<string>;
+    /**
+     * X EC coordinate
+     */
+    x?: pulumi.Input<string>;
+    /**
+     * Y EC coordinate
+     */
+    y?: pulumi.Input<string>;
+}
+export interface TokenValidationRulesPosition {
+    /**
+     * Move rule to after rule with this ID.
+     */
+    after?: pulumi.Input<string>;
+    /**
+     * Move rule to before rule with this ID.
+     */
+    before?: pulumi.Input<string>;
+    /**
+     * Move rule to this position
+     */
+    index?: pulumi.Input<number>;
+}
+export interface TokenValidationRulesSelector {
+    /**
+     * Ignore operations that were otherwise included by `include`.
+     */
+    excludes?: pulumi.Input<pulumi.Input<inputs.TokenValidationRulesSelectorExclude>[]>;
+    /**
+     * Select all matching operations.
+     */
+    includes?: pulumi.Input<pulumi.Input<inputs.TokenValidationRulesSelectorInclude>[]>;
+}
+export interface TokenValidationRulesSelectorExclude {
+    /**
+     * Excluded operation IDs.
+     */
+    operationIds?: pulumi.Input<pulumi.Input<string>[]>;
+}
+export interface TokenValidationRulesSelectorInclude {
+    /**
+     * Included hostnames.
+     */
+    hosts?: pulumi.Input<pulumi.Input<string>[]>;
+}
 export interface TunnelConfigConfig {
     /**
      * List of public hostname definitions. At least one ingress rule needs to be defined for the tunnel.
@@ -11105,6 +11397,10 @@ export interface TunnelConfigConfigIngressOriginRequest {
      * Timeout after which an idle keepalive connection can be discarded.
      */
     keepAliveTimeout?: pulumi.Input<number>;
+    /**
+     * Auto configure the Hostname on the origin server certificate.
+     */
+    matchSnItoHost?: pulumi.Input<boolean>;
     /**
      * Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
      */
@@ -11174,6 +11470,10 @@ export interface TunnelConfigConfigOriginRequest {
      * Timeout after which an idle keepalive connection can be discarded.
      */
     keepAliveTimeout?: pulumi.Input<number>;
+    /**
+     * Auto configure the Hostname on the origin server certificate.
+     */
+    matchSnItoHost?: pulumi.Input<boolean>;
     /**
      * Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
      */
@@ -11533,9 +11833,9 @@ export interface WorkerScriptAssetsConfig {
      */
     redirects?: pulumi.Input<string>;
     /**
-     * When true, requests will always invoke the Worker script. Otherwise, attempt to serve an asset matching the request, falling back to the Worker script.
+     * When a boolean true, requests will always invoke the Worker script. Otherwise, attempt to serve an asset matching the request, falling back to the Worker script. When a list of strings, contains path rules to control routing to either the Worker or assets. Glob (*) and negative (!) rules are supported. Rules must start with either '/' or '!/'. At least one non-negative rule must be provided, and negative rules have higher precedence than non-negative rules.
      */
-    runWorkerFirst?: pulumi.Input<boolean>;
+    runWorkerFirst?: any;
     /**
      * When true and the incoming request matches an asset, that will be served instead of invoking the Worker script. When false, requests will always invoke the Worker script.
      *
@@ -11708,119 +12008,76 @@ export interface WorkerScriptLimits {
 }
 export interface WorkerScriptMigrations {
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of classes to delete Durable Object namespaces from.
      */
     deletedClasses?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of classes to create Durable Object namespaces from.
      */
     newClasses?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of classes to create Durable Object namespaces with SQLite from.
      */
     newSqliteClasses?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * Tag to set as the latest migration tag.
      */
     newTag?: pulumi.Input<string>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * Tag used to verify against the latest migration tag for this Worker. If they don't match, the upload is rejected.
      */
     oldTag?: pulumi.Input<string>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of classes with Durable Object namespaces that were renamed.
      */
     renamedClasses?: pulumi.Input<pulumi.Input<inputs.WorkerScriptMigrationsRenamedClass>[]>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * Migrations to apply in order.
      */
     steps?: pulumi.Input<pulumi.Input<inputs.WorkerScriptMigrationsStep>[]>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of transfers for Durable Object namespaces from a different Worker and class to a class defined in this Worker.
      */
     transferredClasses?: pulumi.Input<pulumi.Input<inputs.WorkerScriptMigrationsTransferredClass>[]>;
 }
 export interface WorkerScriptMigrationsRenamedClass {
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     from?: pulumi.Input<string>;
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     to?: pulumi.Input<string>;
 }
 export interface WorkerScriptMigrationsStep {
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of classes to delete Durable Object namespaces from.
      */
     deletedClasses?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of classes to create Durable Object namespaces from.
      */
     newClasses?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of classes to create Durable Object namespaces with SQLite from.
      */
     newSqliteClasses?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of classes with Durable Object namespaces that were renamed.
      */
     renamedClasses?: pulumi.Input<pulumi.Input<inputs.WorkerScriptMigrationsStepRenamedClass>[]>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of transfers for Durable Object namespaces from a different Worker and class to a class defined in this Worker.
      */
     transferredClasses?: pulumi.Input<pulumi.Input<inputs.WorkerScriptMigrationsStepTransferredClass>[]>;
 }
 export interface WorkerScriptMigrationsStepRenamedClass {
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     from?: pulumi.Input<string>;
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     to?: pulumi.Input<string>;
 }
 export interface WorkerScriptMigrationsStepTransferredClass {
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     from?: pulumi.Input<string>;
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     fromScript?: pulumi.Input<string>;
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     to?: pulumi.Input<string>;
 }
 export interface WorkerScriptMigrationsTransferredClass {
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     from?: pulumi.Input<string>;
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     fromScript?: pulumi.Input<string>;
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     to?: pulumi.Input<string>;
 }
 export interface WorkerScriptNamedHandler {
@@ -11959,9 +12216,9 @@ export interface WorkerVersionAssetsConfig {
      */
     notFoundHandling?: pulumi.Input<string>;
     /**
-     * Contains a list path rules to control routing to either the Worker or assets. Glob (*) and negative (!) rules are supported. Rules must start with either '/' or '!/'. At least one non-negative rule must be provided, and negative rules have higher precedence than non-negative rules.
+     * When a boolean true, requests will always invoke the Worker script. Otherwise, attempt to serve an asset matching the request, falling back to the Worker script. When a list of strings, contains path rules to control routing to either the Worker or assets. Glob (*) and negative (!) rules are supported. Rules must start with either '/' or '!/'. At least one non-negative rule must be provided, and negative rules have higher precedence than non-negative rules.
      */
-    runWorkerFirsts?: pulumi.Input<pulumi.Input<string>[]>;
+    runWorkerFirst?: any;
 }
 export interface WorkerVersionBinding {
     /**
@@ -12201,10 +12458,14 @@ export interface WorkerVersionMigrationsTransferredClass {
     to?: pulumi.Input<string>;
 }
 export interface WorkerVersionModule {
+    /**
+     * The base64-encoded module content.
+     */
+    contentBase64?: pulumi.Input<string>;
     /**
      * The file path of the module content.
      */
-    contentFile: pulumi.Input<string>;
+    contentFile?: pulumi.Input<string>;
     /**
      * The SHA-256 hash of the module content.
      */
@@ -12282,9 +12543,9 @@ export interface WorkersScriptAssetsConfig {
      */
     redirects?: pulumi.Input<string>;
     /**
-     * When true, requests will always invoke the Worker script. Otherwise, attempt to serve an asset matching the request, falling back to the Worker script.
+     * When a boolean true, requests will always invoke the Worker script. Otherwise, attempt to serve an asset matching the request, falling back to the Worker script. When a list of strings, contains path rules to control routing to either the Worker or assets. Glob (*) and negative (!) rules are supported. Rules must start with either '/' or '!/'. At least one non-negative rule must be provided, and negative rules have higher precedence than non-negative rules.
      */
-    runWorkerFirst?: pulumi.Input<boolean>;
+    runWorkerFirst?: any;
     /**
      * When true and the incoming request matches an asset, that will be served instead of invoking the Worker script. When false, requests will always invoke the Worker script.
      *
@@ -12457,119 +12718,76 @@ export interface WorkersScriptLimits {
 }
 export interface WorkersScriptMigrations {
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of classes to delete Durable Object namespaces from.
      */
     deletedClasses?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of classes to create Durable Object namespaces from.
      */
     newClasses?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of classes to create Durable Object namespaces with SQLite from.
      */
     newSqliteClasses?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * Tag to set as the latest migration tag.
      */
     newTag?: pulumi.Input<string>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * Tag used to verify against the latest migration tag for this Worker. If they don't match, the upload is rejected.
      */
     oldTag?: pulumi.Input<string>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of classes with Durable Object namespaces that were renamed.
      */
     renamedClasses?: pulumi.Input<pulumi.Input<inputs.WorkersScriptMigrationsRenamedClass>[]>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * Migrations to apply in order.
      */
     steps?: pulumi.Input<pulumi.Input<inputs.WorkersScriptMigrationsStep>[]>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of transfers for Durable Object namespaces from a different Worker and class to a class defined in this Worker.
      */
     transferredClasses?: pulumi.Input<pulumi.Input<inputs.WorkersScriptMigrationsTransferredClass>[]>;
 }
 export interface WorkersScriptMigrationsRenamedClass {
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     from?: pulumi.Input<string>;
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     to?: pulumi.Input<string>;
 }
 export interface WorkersScriptMigrationsStep {
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of classes to delete Durable Object namespaces from.
      */
     deletedClasses?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of classes to create Durable Object namespaces from.
      */
     newClasses?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of classes to create Durable Object namespaces with SQLite from.
      */
     newSqliteClasses?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of classes with Durable Object namespaces that were renamed.
      */
     renamedClasses?: pulumi.Input<pulumi.Input<inputs.WorkersScriptMigrationsStepRenamedClass>[]>;
     /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
      * A list of transfers for Durable Object namespaces from a different Worker and class to a class defined in this Worker.
      */
     transferredClasses?: pulumi.Input<pulumi.Input<inputs.WorkersScriptMigrationsStepTransferredClass>[]>;
 }
 export interface WorkersScriptMigrationsStepRenamedClass {
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     from?: pulumi.Input<string>;
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     to?: pulumi.Input<string>;
 }
 export interface WorkersScriptMigrationsStepTransferredClass {
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     from?: pulumi.Input<string>;
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     fromScript?: pulumi.Input<string>;
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     to?: pulumi.Input<string>;
 }
 export interface WorkersScriptMigrationsTransferredClass {
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     from?: pulumi.Input<string>;
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     fromScript?: pulumi.Input<string>;
-    /**
-     * **NOTE:** This field is write-only and its value will not be updated in state as part of read operations.
-     */
     to?: pulumi.Input<string>;
 }
 export interface WorkersScriptNamedHandler {
@@ -12658,6 +12876,26 @@ export interface WorkflowInstances {
     waiting?: pulumi.Input<number>;
     waitingForPause?: pulumi.Input<number>;
 }
+export interface ZeroTrustAccessAiControlsMcpPortalServer {
+    defaultDisabled?: pulumi.Input<boolean>;
+    onBehalf?: pulumi.Input<boolean>;
+    /**
+     * server id
+     */
+    serverId: pulumi.Input<string>;
+    updatedPrompts?: pulumi.Input<pulumi.Input<inputs.ZeroTrustAccessAiControlsMcpPortalServerUpdatedPrompt>[]>;
+    updatedTools?: pulumi.Input<pulumi.Input<inputs.ZeroTrustAccessAiControlsMcpPortalServerUpdatedTool>[]>;
+}
+export interface ZeroTrustAccessAiControlsMcpPortalServerUpdatedPrompt {
+    description?: pulumi.Input<string>;
+    enabled?: pulumi.Input<boolean>;
+    name: pulumi.Input<string>;
+}
+export interface ZeroTrustAccessAiControlsMcpPortalServerUpdatedTool {
+    description?: pulumi.Input<string>;
+    enabled?: pulumi.Input<boolean>;
+    name: pulumi.Input<string>;
+}
 export interface ZeroTrustAccessApplicationCorsHeaders {
     /**
      * Allows all HTTP request headers.
@@ -15511,7 +15749,7 @@ export interface ZeroTrustDevicePostureRuleInput {
      */
     osDistroRevision?: pulumi.Input<string>;
     /**
-     * Additional version data. For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version. (Mac, iOS, and Linux only).
+     * Additional operating system version details. For Windows, the UBR (Update Build Revision). For Mac or iOS, the Product Version Extra. For Linux, the distribution name and version.
      */
     osVersionExtra?: pulumi.Input<string>;
     /**
@@ -15565,6 +15803,10 @@ export interface ZeroTrustDevicePostureRuleInput {
      * For more details on total score, refer to the Tanium documentation.
      */
     totalScore?: pulumi.Input<number>;
+    /**
+     * Number of days that the antivirus should be updated within.
+     */
+    updateWindowDays?: pulumi.Input<number>;
     /**
      * Version of OS.
      */
@@ -15638,6 +15880,10 @@ export interface ZeroTrustDlpCustomEntryPattern {
      */
     validation?: pulumi.Input<string>;
 }
+export interface ZeroTrustDlpCustomEntryProfile {
+    id?: pulumi.Input<string>;
+    name?: pulumi.Input<string>;
+}
 export interface ZeroTrustDlpCustomEntryVariant {
     description?: pulumi.Input<string>;
     /**
@@ -15715,7 +15961,7 @@ export interface ZeroTrustDlpDatasetDataset {
      */
     status?: pulumi.Input<string>;
     /**
-     * When the dataset was last updated.
+     * Stores when the dataset was last updated.
      */
     updatedAt?: pulumi.Input<string>;
     uploads?: pulumi.Input<pulumi.Input<inputs.ZeroTrustDlpDatasetDatasetUpload>[]>;
@@ -15764,6 +16010,10 @@ export interface ZeroTrustDlpEntryPattern {
      */
     validation?: pulumi.Input<string>;
 }
+export interface ZeroTrustDlpEntryProfile {
+    id?: pulumi.Input<string>;
+    name?: pulumi.Input<string>;
+}
 export interface ZeroTrustDlpEntryVariant {
     description?: pulumi.Input<string>;
     /**
@@ -15794,6 +16044,10 @@ export interface ZeroTrustDlpIntegrationEntryPattern {
      */
     validation?: pulumi.Input<string>;
 }
+export interface ZeroTrustDlpIntegrationEntryProfile {
+    id?: pulumi.Input<string>;
+    name?: pulumi.Input<string>;
+}
 export interface ZeroTrustDlpIntegrationEntryVariant {
     description?: pulumi.Input<string>;
     /**
@@ -15824,6 +16078,10 @@ export interface ZeroTrustDlpPredefinedEntryPattern {
      */
     validation?: pulumi.Input<string>;
 }
+export interface ZeroTrustDlpPredefinedEntryProfile {
+    id?: pulumi.Input<string>;
+    name?: pulumi.Input<string>;
+}
 export interface ZeroTrustDlpPredefinedEntryVariant {
     description?: pulumi.Input<string>;
     /**
@@ -15835,22 +16093,6 @@ export interface ZeroTrustDlpPredefinedEntryVariant {
      */
     type?: pulumi.Input<string>;
 }
-export interface ZeroTrustDlpPredefinedProfileContextAwareness {
-    /**
-     * If true, scan the context of predefined entries to only return matches surrounded by keywords.
-     */
-    enabled: pulumi.Input<boolean>;
-    /**
-     * Content types to exclude from context analysis and return all matches.
-     */
-    skip: pulumi.Input<inputs.ZeroTrustDlpPredefinedProfileContextAwarenessSkip>;
-}
-export interface ZeroTrustDlpPredefinedProfileContextAwarenessSkip {
-    /**
-     * If the content type is a file, skip context analysis and return all matches.
-     */
-    files: pulumi.Input<boolean>;
-}
 export interface ZeroTrustDlpPredefinedProfileEntry {
     enabled: pulumi.Input<boolean>;
     id: pulumi.Input<string>;
@@ -16030,6 +16272,10 @@ export interface ZeroTrustGatewayPolicyRuleSettings {
      * Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs. Settable only for `egress` rules.
      */
     egress?: pulumi.Input<inputs.ZeroTrustGatewayPolicyRuleSettingsEgress>;
+    /**
+     * Configure whether a copy of the HTTP request will be sent to storage when the rule matches.
+     */
+    forensicCopy?: pulumi.Input<inputs.ZeroTrustGatewayPolicyRuleSettingsForensicCopy>;
     /**
      * Ignore category matches at CNAME domains in a response. When off, evaluate categories in this rule against all CNAME domain categories in the response. Settable only for `dns` and `dnsResolver` rules.
      */
@@ -16224,6 +16470,12 @@ export interface ZeroTrustGatewayPolicyRuleSettingsEgress {
      */
     ipv6?: pulumi.Input<string>;
 }
+export interface ZeroTrustGatewayPolicyRuleSettingsForensicCopy {
+    /**
+     * Enable sending the copy to storage.
+     */
+    enabled?: pulumi.Input<boolean>;
+}
 export interface ZeroTrustGatewayPolicyRuleSettingsL4override {
     /**
      * Defines the IPv4 or IPv6 address.
@@ -16696,6 +16948,10 @@ export interface ZeroTrustTunnelCloudflaredConfigConfigIngressOriginRequest {
      * Timeout after which an idle keepalive connection can be discarded.
      */
     keepAliveTimeout?: pulumi.Input<number>;
+    /**
+     * Auto configure the Hostname on the origin server certificate.
+     */
+    matchSnItoHost?: pulumi.Input<boolean>;
     /**
      * Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
      */
@@ -16765,6 +17021,10 @@ export interface ZeroTrustTunnelCloudflaredConfigConfigOriginRequest {
      * Timeout after which an idle keepalive connection can be discarded.
      */
     keepAliveTimeout?: pulumi.Input<number>;
+    /**
+     * Auto configure the Hostname on the origin server certificate.
+     */
+    matchSnItoHost?: pulumi.Input<boolean>;
     /**
      * Disable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
      */
@@ -17073,7 +17333,7 @@ export interface ZoneSubscriptionRatePlan {
     externallyManaged?: pulumi.Input<boolean>;
     /**
      * The ID of the rate plan.
-     * Available values: "free", "lite", "pro", "pro*plus", "business", "enterprise", "partners*free", "partners*pro", "partners*business", "partnersEnterprise".
+     * Available values: "free", "lite", "pro", "pro*plus", "business", "enterprise", "partners*free", "partners*pro", "partners*business", "partners*enterprise", "partners*ent".
      */
     id?: pulumi.Input<string>;
     /**