@pulumi/cloudflare 6.7.0-alpha.1756491364 → 6.7.0

package/types/output.d.ts

@@ -3163,6 +3163,34 @@ export interface BotManagementStaleZoneConfiguration {
      */
     suppressSessionScore: boolean;
 }
+export interface CertificatePackValidationError {
+    /**
+     * A domain validation error.
+     */
+    message: string;
+}
+export interface CertificatePackValidationRecord {
+    /**
+     * The set of email addresses that the certificate authority (CA) will use to complete domain validation.
+     */
+    emails: string[];
+    /**
+     * The content that the certificate authority (CA) will expect to find at the httpUrl during the domain validation.
+     */
+    httpBody: string;
+    /**
+     * The url that will be checked during domain validation.
+     */
+    httpUrl: string;
+    /**
+     * The hostname that the certificate authority (CA) will check for a TXT record during domain validation .
+     */
+    txtName: string;
+    /**
+     * The TXT record that the certificate authority (CA) will check during domain validation.
+     */
+    txtValue: string;
+}
 export interface CloudConnectorRulesRule {
     description?: string;
     enabled?: boolean;
@@ -3687,13 +3715,13 @@ export interface DnsRecordData {
      */
     digestType?: number;
     /**
-     * fingerprint.
+     * Fingerprint.
      */
     fingerprint?: string;
     /**
      * Flags for the CAA record.
      */
-    flags?: number;
+    flags?: any;
     /**
      * Key Tag.
      */
@@ -3757,7 +3785,7 @@ export interface DnsRecordData {
      */
     preference?: number;
     /**
-     * priority.
+     * Priority.
      */
     priority?: number;
     /**
@@ -3793,7 +3821,7 @@ export interface DnsRecordData {
      */
     tag?: string;
     /**
-     * target.
+     * Target.
      */
     target?: string;
     /**
@@ -3996,6 +4024,28 @@ export interface EmailSecurityTrustedDomainsBody {
     isSimilarity: boolean;
     pattern: string;
 }
+export interface FilterBody {
+    /**
+     * An informative summary of the filter.
+     */
+    description?: string;
+    /**
+     * The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/).
+     */
+    expression?: string;
+    /**
+     * The unique identifier of the filter.
+     */
+    id: string;
+    /**
+     * When true, indicates that the filter is currently paused.
+     */
+    paused?: boolean;
+    /**
+     * A short reference tag. Allows you to select related filters.
+     */
+    ref?: string;
+}
 export interface FirewallRuleAction {
     /**
      * The action to perform.
@@ -6797,7 +6847,7 @@ export interface GetDnsRecordData {
      */
     digestType: number;
     /**
-     * fingerprint.
+     * Fingerprint.
      */
     fingerprint: string;
     /**
@@ -6867,7 +6917,7 @@ export interface GetDnsRecordData {
      */
     preference: number;
     /**
-     * priority.
+     * Priority.
      */
     priority: number;
     /**
@@ -6903,7 +6953,7 @@ export interface GetDnsRecordData {
      */
     tag: string;
     /**
-     * target.
+     * Target.
      */
     target: string;
     /**
@@ -7219,7 +7269,7 @@ export interface GetDnsRecordsResultData {
      */
     digestType: number;
     /**
-     * fingerprint.
+     * Fingerprint.
      */
     fingerprint: string;
     /**
@@ -7289,7 +7339,7 @@ export interface GetDnsRecordsResultData {
      */
     preference: number;
     /**
-     * priority.
+     * Priority.
      */
     priority: number;
     /**
@@ -7325,7 +7375,7 @@ export interface GetDnsRecordsResultData {
      */
     tag: string;
     /**
-     * target.
+     * Target.
      */
     target: string;
     /**
@@ -8363,7 +8413,77 @@ export interface GetLeakedCredentialCheckRulesResult {
      */
     username: string;
 }
+export interface GetListItemHostname {
+    /**
+     * Only applies to wildcard hostnames (e.g., *.example.com). When true (default), only subdomains are blocked. When false, both the root domain and subdomains are blocked.
+     */
+    excludeExactHostname: boolean;
+    urlHostname: string;
+}
+export interface GetListItemRedirect {
+    includeSubdomains: boolean;
+    preservePathSuffix: boolean;
+    preserveQueryString: boolean;
+    sourceUrl: string;
+    /**
+     * Available values: 301, 302, 307, 308.
+     */
+    statusCode: number;
+    subpathMatching: boolean;
+    targetUrl: string;
+}
 export interface GetListItemsResult {
+    /**
+     * Defines a non-negative 32 bit integer.
+     */
+    asn: number;
+    /**
+     * Defines	an informative summary of the list item.
+     */
+    comment: string;
+    /**
+     * The RFC 3339 timestamp of when the item was created.
+     */
+    createdOn: string;
+    /**
+     * Valid characters for hostnames are ASCII(7) letters from a to z, the digits from 0 to 9, wildcards (*), and the hyphen (-).
+     */
+    hostname: outputs.GetListItemsResultHostname;
+    /**
+     * Defines the unique ID of the item in the List.
+     */
+    id: string;
+    /**
+     * An IPv4 address, an IPv4 CIDR, an IPv6 address, or an IPv6 CIDR.
+     */
+    ip: string;
+    /**
+     * The RFC 3339 timestamp of when the item was last modified.
+     */
+    modifiedOn: string;
+    /**
+     * The definition of the redirect.
+     */
+    redirect: outputs.GetListItemsResultRedirect;
+}
+export interface GetListItemsResultHostname {
+    /**
+     * Only applies to wildcard hostnames (e.g., *.example.com). When true (default), only subdomains are blocked. When false, both the root domain and subdomains are blocked.
+     */
+    excludeExactHostname: boolean;
+    urlHostname: string;
+}
+export interface GetListItemsResultRedirect {
+    includeSubdomains: boolean;
+    preservePathSuffix: boolean;
+    preserveQueryString: boolean;
+    sourceUrl: string;
+    /**
+     * Available values: 301, 302, 307, 308.
+     */
+    statusCode: number;
+    subpathMatching: boolean;
+    targetUrl: string;
 }
 export interface GetListsResult {
     /**
@@ -8835,7 +8955,7 @@ export interface GetLoadBalancerRuleOverrides {
      */
     locationStrategy: outputs.GetLoadBalancerRuleOverridesLocationStrategy;
     /**
-     * (Enterprise only): A mapping of Cloudflare PoP identifiers to a list of pool IDs (ordered by their failover priority) for the PoP (datacenter). Any PoPs not explicitly defined will fall back to using the corresponding country*pool, then region*pool mapping if it exists else to default_pools.
+     * Enterprise only: A mapping of Cloudflare PoP identifiers to a list of pool IDs (ordered by their failover priority) for the PoP (datacenter). Any PoPs not explicitly defined will fall back to using the corresponding country*pool, then region*pool mapping if it exists else to default_pools.
      */
     popPools: {
         [key: string]: string[];
@@ -8851,7 +8971,8 @@ export interface GetLoadBalancerRuleOverrides {
         [key: string]: string[];
     };
     /**
-     * Specifies the type of session affinity the load balancer should use unless specified as `"none"`. The supported types are:
+     * Specifies the type of session affinity the load balancer should use unless specified as `"none"`. The supported types are: - `"cookie"`: On the first request to a proxied load balancer, a cookie is generated, encoding information of which origin the request will be forwarded to. Subsequent requests, by the same client to the same load balancer, will be sent to the origin server the cookie encodes, for the duration of the cookie and as long as the origin server remains healthy. If the cookie has expired or the origin server is unhealthy, then a new origin server is calculated and used. - `"ipCookie"`: Behaves the same as `"cookie"` except the initial origin selection is stable and based on the client's ip address. - `"header"`: On the first request to a proxied load balancer, a session key based on the configured HTTP headers (see `session_affinity_attributes.headers`) is generated, encoding the request headers used for storing in the load balancer session state which origin the request will be forwarded to. Subsequent requests to the load balancer with the same headers will be sent to the same origin server, for the duration of the session and as long as the origin server remains healthy. If the session has been idle for the duration of `sessionAffinityTtl` seconds or the origin server is unhealthy, then a new origin server is calculated and used. See `headers` in `sessionAffinityAttributes` for additional required configuration.
+     * Available values: "none", "cookie", "ipCookie", "header".
      */
     sessionAffinity: string;
     /**
@@ -8859,7 +8980,7 @@ export interface GetLoadBalancerRuleOverrides {
      */
     sessionAffinityAttributes: outputs.GetLoadBalancerRuleOverridesSessionAffinityAttributes;
     /**
-     * Time, in seconds, until a client's session expires after being created. Once the expiry time has been reached, subsequent requests may get sent to a different origin server. The accepted ranges per `sessionAffinity` policy are:
+     * Time, in seconds, until a client's session expires after being created. Once the expiry time has been reached, subsequent requests may get sent to a different origin server. The accepted ranges per `sessionAffinity` policy are: - `"cookie"` / `"ipCookie"`: The current default of 23 hours will be used unless explicitly set. The accepted range of values is between [1800, 604800]. - `"header"`: The current default of 1800 seconds will be used unless explicitly set. The accepted range of values is between [30, 3600]. Note: With session affinity by header, sessions only expire after they haven't been used for the number of seconds specified.
      */
     sessionAffinityTtl: number;
     /**
@@ -8909,7 +9030,7 @@ export interface GetLoadBalancerRuleOverridesSessionAffinityAttributes {
      */
     headers: string[];
     /**
-     * When header `sessionAffinity` is enabled, this option can be used to specify how HTTP headers on load balancing requests will be used. The supported values are:
+     * When header `sessionAffinity` is enabled, this option can be used to specify how HTTP headers on load balancing requests will be used. The supported values are: - `"true"`: Load balancing requests must contain *all* of the HTTP headers specified by the `headers` session affinity attribute, otherwise sessions aren't created. - `"false"`: Load balancing requests must contain *at least one* of the HTTP headers specified by the `headers` session affinity attribute, otherwise sessions aren't created.
      */
     requireAllHeaders: boolean;
     /**
@@ -8923,7 +9044,8 @@ export interface GetLoadBalancerRuleOverridesSessionAffinityAttributes {
      */
     secure: string;
     /**
-     * Configures the zero-downtime failover between origins within a pool when session affinity is enabled. This feature is currently incompatible with Argo, Tiered Cache, and Bandwidth Alliance. The supported values are:
+     * Configures the zero-downtime failover between origins within a pool when session affinity is enabled. This feature is currently incompatible with Argo, Tiered Cache, and Bandwidth Alliance. The supported values are: - `"none"`: No failover takes place for sessions pinned to the origin (default). - `"temporary"`: Traffic will be sent to another other healthy origin until the originally pinned origin is available; note that this can potentially result in heavy origin flapping. - `"sticky"`: The session affinity cookie is updated and subsequent requests are sent to the new origin. Note: Zero-downtime failover with sticky sessions is currently not supported for session affinity by header.
+     * Available values: "none", "temporary", "sticky".
      */
     zeroDowntimeFailover: string;
 }
@@ -8937,7 +9059,7 @@ export interface GetLoadBalancerSessionAffinityAttributes {
      */
     headers: string[];
     /**
-     * When header `sessionAffinity` is enabled, this option can be used to specify how HTTP headers on load balancing requests will be used. The supported values are:
+     * When header `sessionAffinity` is enabled, this option can be used to specify how HTTP headers on load balancing requests will be used. The supported values are: - `"true"`: Load balancing requests must contain *all* of the HTTP headers specified by the `headers` session affinity attribute, otherwise sessions aren't created. - `"false"`: Load balancing requests must contain *at least one* of the HTTP headers specified by the `headers` session affinity attribute, otherwise sessions aren't created.
      */
     requireAllHeaders: boolean;
     /**
@@ -8951,7 +9073,8 @@ export interface GetLoadBalancerSessionAffinityAttributes {
      */
     secure: string;
     /**
-     * Configures the zero-downtime failover between origins within a pool when session affinity is enabled. This feature is currently incompatible with Argo, Tiered Cache, and Bandwidth Alliance. The supported values are:
+     * Configures the zero-downtime failover between origins within a pool when session affinity is enabled. This feature is currently incompatible with Argo, Tiered Cache, and Bandwidth Alliance. The supported values are: - `"none"`: No failover takes place for sessions pinned to the origin (default). - `"temporary"`: Traffic will be sent to another other healthy origin until the originally pinned origin is available; note that this can potentially result in heavy origin flapping. - `"sticky"`: The session affinity cookie is updated and subsequent requests are sent to the new origin. Note: Zero-downtime failover with sticky sessions is currently not supported for session affinity by header.
+     * Available values: "none", "temporary", "sticky".
      */
     zeroDowntimeFailover: string;
 }
@@ -8998,7 +9121,7 @@ export interface GetLoadBalancersResult {
      */
     networks: string[];
     /**
-     * (Enterprise only): A mapping of Cloudflare PoP identifiers to a list of pool IDs (ordered by their failover priority) for the PoP (datacenter). Any PoPs not explicitly defined will fall back to using the corresponding country*pool, then region*pool mapping if it exists else to default_pools.
+     * Enterprise only: A mapping of Cloudflare PoP identifiers to a list of pool IDs (ordered by their failover priority) for the PoP (datacenter). Any PoPs not explicitly defined will fall back to using the corresponding country*pool, then region*pool mapping if it exists else to default_pools.
      */
     popPools: {
         [key: string]: string[];
@@ -9022,7 +9145,8 @@ export interface GetLoadBalancersResult {
      */
     rules: outputs.GetLoadBalancersResultRule[];
     /**
-     * Specifies the type of session affinity the load balancer should use unless specified as `"none"`. The supported types are:
+     * Specifies the type of session affinity the load balancer should use unless specified as `"none"`. The supported types are: - `"cookie"`: On the first request to a proxied load balancer, a cookie is generated, encoding information of which origin the request will be forwarded to. Subsequent requests, by the same client to the same load balancer, will be sent to the origin server the cookie encodes, for the duration of the cookie and as long as the origin server remains healthy. If the cookie has expired or the origin server is unhealthy, then a new origin server is calculated and used. - `"ipCookie"`: Behaves the same as `"cookie"` except the initial origin selection is stable and based on the client's ip address. - `"header"`: On the first request to a proxied load balancer, a session key based on the configured HTTP headers (see `session_affinity_attributes.headers`) is generated, encoding the request headers used for storing in the load balancer session state which origin the request will be forwarded to. Subsequent requests to the load balancer with the same headers will be sent to the same origin server, for the duration of the session and as long as the origin server remains healthy. If the session has been idle for the duration of `sessionAffinityTtl` seconds or the origin server is unhealthy, then a new origin server is calculated and used. See `headers` in `sessionAffinityAttributes` for additional required configuration.
+     * Available values: "none", "cookie", "ipCookie", "header".
      */
     sessionAffinity: string;
     /**
@@ -9030,7 +9154,7 @@ export interface GetLoadBalancersResult {
      */
     sessionAffinityAttributes: outputs.GetLoadBalancersResultSessionAffinityAttributes;
     /**
-     * Time, in seconds, until a client's session expires after being created. Once the expiry time has been reached, subsequent requests may get sent to a different origin server. The accepted ranges per `sessionAffinity` policy are:
+     * Time, in seconds, until a client's session expires after being created. Once the expiry time has been reached, subsequent requests may get sent to a different origin server. The accepted ranges per `sessionAffinity` policy are: - `"cookie"` / `"ipCookie"`: The current default of 23 hours will be used unless explicitly set. The accepted range of values is between [1800, 604800]. - `"header"`: The current default of 1800 seconds will be used unless explicitly set. The accepted range of values is between [30, 3600]. Note: With session affinity by header, sessions only expire after they haven't been used for the number of seconds specified.
      */
     sessionAffinityTtl: number;
     /**
@@ -9143,7 +9267,7 @@ export interface GetLoadBalancersResultRuleOverrides {
      */
     locationStrategy: outputs.GetLoadBalancersResultRuleOverridesLocationStrategy;
     /**
-     * (Enterprise only): A mapping of Cloudflare PoP identifiers to a list of pool IDs (ordered by their failover priority) for the PoP (datacenter). Any PoPs not explicitly defined will fall back to using the corresponding country*pool, then region*pool mapping if it exists else to default_pools.
+     * Enterprise only: A mapping of Cloudflare PoP identifiers to a list of pool IDs (ordered by their failover priority) for the PoP (datacenter). Any PoPs not explicitly defined will fall back to using the corresponding country*pool, then region*pool mapping if it exists else to default_pools.
      */
     popPools: {
         [key: string]: string[];
@@ -9159,7 +9283,8 @@ export interface GetLoadBalancersResultRuleOverrides {
         [key: string]: string[];
     };
     /**
-     * Specifies the type of session affinity the load balancer should use unless specified as `"none"`. The supported types are:
+     * Specifies the type of session affinity the load balancer should use unless specified as `"none"`. The supported types are: - `"cookie"`: On the first request to a proxied load balancer, a cookie is generated, encoding information of which origin the request will be forwarded to. Subsequent requests, by the same client to the same load balancer, will be sent to the origin server the cookie encodes, for the duration of the cookie and as long as the origin server remains healthy. If the cookie has expired or the origin server is unhealthy, then a new origin server is calculated and used. - `"ipCookie"`: Behaves the same as `"cookie"` except the initial origin selection is stable and based on the client's ip address. - `"header"`: On the first request to a proxied load balancer, a session key based on the configured HTTP headers (see `session_affinity_attributes.headers`) is generated, encoding the request headers used for storing in the load balancer session state which origin the request will be forwarded to. Subsequent requests to the load balancer with the same headers will be sent to the same origin server, for the duration of the session and as long as the origin server remains healthy. If the session has been idle for the duration of `sessionAffinityTtl` seconds or the origin server is unhealthy, then a new origin server is calculated and used. See `headers` in `sessionAffinityAttributes` for additional required configuration.
+     * Available values: "none", "cookie", "ipCookie", "header".
      */
     sessionAffinity: string;
     /**
@@ -9167,7 +9292,7 @@ export interface GetLoadBalancersResultRuleOverrides {
      */
     sessionAffinityAttributes: outputs.GetLoadBalancersResultRuleOverridesSessionAffinityAttributes;
     /**
-     * Time, in seconds, until a client's session expires after being created. Once the expiry time has been reached, subsequent requests may get sent to a different origin server. The accepted ranges per `sessionAffinity` policy are:
+     * Time, in seconds, until a client's session expires after being created. Once the expiry time has been reached, subsequent requests may get sent to a different origin server. The accepted ranges per `sessionAffinity` policy are: - `"cookie"` / `"ipCookie"`: The current default of 23 hours will be used unless explicitly set. The accepted range of values is between [1800, 604800]. - `"header"`: The current default of 1800 seconds will be used unless explicitly set. The accepted range of values is between [30, 3600]. Note: With session affinity by header, sessions only expire after they haven't been used for the number of seconds specified.
      */
     sessionAffinityTtl: number;
     /**
@@ -9217,7 +9342,7 @@ export interface GetLoadBalancersResultRuleOverridesSessionAffinityAttributes {
      */
     headers: string[];
     /**
-     * When header `sessionAffinity` is enabled, this option can be used to specify how HTTP headers on load balancing requests will be used. The supported values are:
+     * When header `sessionAffinity` is enabled, this option can be used to specify how HTTP headers on load balancing requests will be used. The supported values are: - `"true"`: Load balancing requests must contain *all* of the HTTP headers specified by the `headers` session affinity attribute, otherwise sessions aren't created. - `"false"`: Load balancing requests must contain *at least one* of the HTTP headers specified by the `headers` session affinity attribute, otherwise sessions aren't created.
      */
     requireAllHeaders: boolean;
     /**
@@ -9231,7 +9356,8 @@ export interface GetLoadBalancersResultRuleOverridesSessionAffinityAttributes {
      */
     secure: string;
     /**
-     * Configures the zero-downtime failover between origins within a pool when session affinity is enabled. This feature is currently incompatible with Argo, Tiered Cache, and Bandwidth Alliance. The supported values are:
+     * Configures the zero-downtime failover between origins within a pool when session affinity is enabled. This feature is currently incompatible with Argo, Tiered Cache, and Bandwidth Alliance. The supported values are: - `"none"`: No failover takes place for sessions pinned to the origin (default). - `"temporary"`: Traffic will be sent to another other healthy origin until the originally pinned origin is available; note that this can potentially result in heavy origin flapping. - `"sticky"`: The session affinity cookie is updated and subsequent requests are sent to the new origin. Note: Zero-downtime failover with sticky sessions is currently not supported for session affinity by header.
+     * Available values: "none", "temporary", "sticky".
      */
     zeroDowntimeFailover: string;
 }
@@ -9245,7 +9371,7 @@ export interface GetLoadBalancersResultSessionAffinityAttributes {
      */
     headers: string[];
     /**
-     * When header `sessionAffinity` is enabled, this option can be used to specify how HTTP headers on load balancing requests will be used. The supported values are:
+     * When header `sessionAffinity` is enabled, this option can be used to specify how HTTP headers on load balancing requests will be used. The supported values are: - `"true"`: Load balancing requests must contain *all* of the HTTP headers specified by the `headers` session affinity attribute, otherwise sessions aren't created. - `"false"`: Load balancing requests must contain *at least one* of the HTTP headers specified by the `headers` session affinity attribute, otherwise sessions aren't created.
      */
     requireAllHeaders: boolean;
     /**
@@ -9259,7 +9385,8 @@ export interface GetLoadBalancersResultSessionAffinityAttributes {
      */
     secure: string;
     /**
-     * Configures the zero-downtime failover between origins within a pool when session affinity is enabled. This feature is currently incompatible with Argo, Tiered Cache, and Bandwidth Alliance. The supported values are:
+     * Configures the zero-downtime failover between origins within a pool when session affinity is enabled. This feature is currently incompatible with Argo, Tiered Cache, and Bandwidth Alliance. The supported values are: - `"none"`: No failover takes place for sessions pinned to the origin (default). - `"temporary"`: Traffic will be sent to another other healthy origin until the originally pinned origin is available; note that this can potentially result in heavy origin flapping. - `"sticky"`: The session affinity cookie is updated and subsequent requests are sent to the new origin. Note: Zero-downtime failover with sticky sessions is currently not supported for session affinity by header.
+     * Available values: "none", "temporary", "sticky".
      */
     zeroDowntimeFailover: string;
 }
@@ -9370,11 +9497,11 @@ export interface GetLogpushJobOutputOptions {
 export interface GetLogpushJobsResult {
     /**
      * Name of the dataset. A list of supported datasets can be found on the [Developer Docs](https://developers.cloudflare.com/logs/reference/log-fields/).
-     * Available values: "access*requests", "audit*logs", "biso*user*actions", "casb*findings", "device*posture*results", "dlp*forensic*copies", "dns*firewall*logs", "dns*logs", "email*security*alerts", "firewall*events", "gateway*dns", "gateway*http", "gateway*network", "http*requests", "magic*ids*detections", "nel*reports", "network*analytics*logs", "page*shield*events", "sinkhole*http*logs", "spectrum*events", "ssh*logs", "workers*trace*events", "zaraz*events", "zero*trust*network*sessions".
+     * Available values: "access*requests", "audit*logs", "audit*logs*v2", "biso*user*actions", "casb*findings", "device*posture*results", "dlp*forensic*copies", "dns*firewall*logs", "dns*logs", "email*security*alerts", "firewall*events", "gateway*dns", "gateway*http", "gateway*network", "http*requests", "magic*ids*detections", "nel*reports", "network*analytics*logs", "page*shield*events", "sinkhole*http*logs", "spectrum*events", "ssh*logs", "workers*trace*events", "zaraz*events", "zero*trust*network*sessions".
      */
     dataset: string;
     /**
-     * Uniquely identifies a resource (such as an s3 bucket) where data will be pushed. Additional configuration parameters supported by the destination may be included.
+     * Uniquely identifies a resource (such as an s3 bucket) where data. will be pushed. Additional configuration parameters supported by the destination may be included.
      */
     destinationConf: string;
     /**
@@ -9382,11 +9509,11 @@ export interface GetLogpushJobsResult {
      */
     enabled: boolean;
     /**
-     * If not null, the job is currently failing. Failures are usually repetitive (example: no permissions to write to destination bucket). Only the last failure is recorded. On successful execution of a job the error*message and last*error are set to null.
+     * If not null, the job is currently failing. Failures are usually. repetitive (example: no permissions to write to destination bucket). Only the last failure is recorded. On successful execution of a job the error*message and last*error are set to null.
      */
     errorMessage: string;
     /**
-     * This field is deprecated. Please use `max_upload_*` parameters instead. The frequency at which Cloudflare sends batches of logs to your destination. Setting frequency to high sends your logs in larger quantities of smaller files. Setting frequency to low sends logs in smaller quantities of larger files.
+     * This field is deprecated. Please use `max_upload_*` parameters instead. . The frequency at which Cloudflare sends batches of logs to your destination. Setting frequency to high sends your logs in larger quantities of smaller files. Setting frequency to low sends logs in smaller quantities of larger files.
      * Available values: "high", "low".
      *
      * @deprecated This attribute is deprecated.
@@ -9406,7 +9533,7 @@ export interface GetLogpushJobsResult {
      */
     lastComplete: string;
     /**
-     * Records the last time the job failed. If not null, the job is currently failing. If null, the job has either never failed or has run successfully at least once since last failure. See also the errorMessage field.
+     * Records the last time the job failed. If not null, the job is currently. failing. If null, the job has either never failed or has run successfully at least once since last failure. See also the errorMessage field.
      */
     lastError: string;
     /**
@@ -9428,7 +9555,7 @@ export interface GetLogpushJobsResult {
      */
     maxUploadRecords: number;
     /**
-     * Optional human readable job name. Not unique. Cloudflare suggests that you set this to a meaningful string, like the domain name, to make it easier to identify your job.
+     * Optional human readable job name. Not unique. Cloudflare suggests. that you set this to a meaningful string, like the domain name, to make it easier to identify your job.
      */
     name: string;
     /**
@@ -10174,36 +10301,20 @@ export interface GetMagicWanStaticRouteRouteScope {
     coloRegions: string[];
 }
 export interface GetManagedTransformsManagedRequestHeader {
-    /**
-     * The Managed Transforms that this Managed Transform conflicts with.
-     */
-    conflictsWiths: string[];
     /**
      * Whether the Managed Transform is enabled.
      */
     enabled: boolean;
-    /**
-     * Whether the Managed Transform conflicts with the currently-enabled Managed Transforms.
-     */
-    hasConflict: boolean;
     /**
      * The human-readable identifier of the Managed Transform.
      */
     id: string;
 }
 export interface GetManagedTransformsManagedResponseHeader {
-    /**
-     * The Managed Transforms that this Managed Transform conflicts with.
-     */
-    conflictsWiths: string[];
     /**
      * Whether the Managed Transform is enabled.
      */
     enabled: boolean;
-    /**
-     * Whether the Managed Transform conflicts with the currently-enabled Managed Transforms.
-     */
-    hasConflict: boolean;
     /**
      * The human-readable identifier of the Managed Transform.
      */
@@ -13561,6 +13672,20 @@ export interface GetSchemaValidationSchemasListResult {
      */
     validationEnabled: boolean;
 }
+export interface GetSnippetListResult {
+    /**
+     * The timestamp of when the snippet was created.
+     */
+    createdOn: string;
+    /**
+     * The timestamp of when the snippet was last modified.
+     */
+    modifiedOn: string;
+    /**
+     * The identifying name of the snippet.
+     */
+    snippetName: string;
+}
 export interface GetSnippetRulesListResult {
     /**
      * An informative description of the rule.
@@ -14721,6 +14846,10 @@ export interface GetWorkersForPlatformsDispatchNamespacesResult {
      * The current number of scripts in this Dispatch Namespace.
      */
     scriptCount: number;
+    /**
+     * Whether the Workers in the namespace are executed in a "trusted" manner. When a Worker is trusted, it has access to the shared caches for the zone in the Cache API, and has access to the `request.cf` object on incoming Requests. When a Worker is untrusted, caches are not shared across the zone, and `request.cf` is undefined. By default, Workers in a namespace are "untrusted".
+     */
+    trustedWorkers: boolean;
 }
 export interface GetWorkersKvNamespaceFilter {
     /**
@@ -22298,18 +22427,18 @@ export interface GetZeroTrustGatewayCategoriesListResultSubcategory {
 }
 export interface GetZeroTrustGatewayCertificatesResult {
     /**
-     * The deployment status of the certificate on Cloudflare's edge. Certificates in the 'available' (previously called 'active') state may be used for Gateway TLS interception.
+     * The read only deployment status of the certificate on Cloudflare's edge. Certificates in the 'available' (previously called 'active') state may be used for Gateway TLS interception.
      * Available values: "pending*deployment", "available", "pending*deletion", "inactive".
      */
     bindingStatus: string;
     /**
-     * The CA certificate
+     * The CA certificate(read only).
      */
     certificate: string;
     createdAt: string;
     expiresOn: string;
     /**
-     * The SHA256 fingerprint of the certificate.
+     * The SHA256 fingerprint of the certificate(read only).
      */
     fingerprint: string;
     /**
@@ -22317,19 +22446,19 @@ export interface GetZeroTrustGatewayCertificatesResult {
      */
     id: string;
     /**
-     * Use this certificate for Gateway TLS interception
+     * Read-only field that shows whether Gateway TLS interception is using this certificate. This value cannot be set directly. To configure the certificate for interception, use the Gateway configuration setting named certificate.
      */
     inUse: boolean;
     /**
-     * The organization that issued the certificate.
+     * The organization that issued the certificate(read only).
      */
     issuerOrg: string;
     /**
-     * The entire issuer field of the certificate.
+     * The entire issuer field of the certificate(read only).
      */
     issuerRaw: string;
     /**
-     * The type of certificate, either BYO-PKI (custom) or Gateway-managed.
+     * The type of certificate, either BYO-PKI (custom) or Gateway-managed(read only).
      * Available values: "custom", "gatewayManaged".
      */
     type: string;
@@ -22386,9 +22515,6 @@ export interface GetZeroTrustGatewayPoliciesResult {
      * The description of the rule.
      */
     description: string;
-    /**
-     * The wirefilter expression used for device posture check matching.
-     */
     devicePosture: string;
     /**
      * True if the rule is enabled.
@@ -22407,9 +22533,6 @@ export interface GetZeroTrustGatewayPoliciesResult {
      * The API resource UUID.
      */
     id: string;
-    /**
-     * The wirefilter expression used for identity matching.
-     */
     identity: string;
     /**
      * The name of the rule.
@@ -22436,9 +22559,6 @@ export interface GetZeroTrustGatewayPoliciesResult {
      * account tag of account that created the rule
      */
     sourceAccount: string;
-    /**
-     * The wirefilter expression used for traffic matching.
-     */
     traffic: string;
     updatedAt: string;
     /**
@@ -22643,9 +22763,6 @@ export interface GetZeroTrustGatewayPoliciesResultRuleSettingsBlockPage {
     targetUri: string;
 }
 export interface GetZeroTrustGatewayPoliciesResultRuleSettingsCheckSession {
-    /**
-     * Configure how fresh the session needs to be to be considered valid.
-     */
     duration: string;
     /**
      * Set to true to enable session enforcement.
@@ -23005,9 +23122,6 @@ export interface GetZeroTrustGatewayPolicyRuleSettingsBlockPage {
     targetUri: string;
 }
 export interface GetZeroTrustGatewayPolicyRuleSettingsCheckSession {
-    /**
-     * Configure how fresh the session needs to be to be considered valid.
-     */
     duration: string;
     /**
      * Set to true to enable session enforcement.
@@ -23311,7 +23425,7 @@ export interface GetZeroTrustGatewaySettingsSettingsBlockPage {
     mailtoSubject: string;
     /**
      * Controls whether the user is redirected to a Cloudflare-hosted block page or to a customer-provided URI.
-     * Available values: "customizedBlockPage", "redirectUri".
+     * Available values: "", "customizedBlockPage", "redirectUri".
      */
     mode: string;
     /**
@@ -23812,7 +23926,7 @@ export interface GetZeroTrustTunnelCloudflaredRouteFilter {
     /**
      * Optional remark describing the route.
      */
-    comment?: string;
+    comment: string;
     /**
      * If provided, include only resources that were created (and not deleted) before this time. URL encoded.
      */
@@ -23938,6 +24052,11 @@ export interface GetZeroTrustTunnelCloudflaredsResult {
      * Cloudflare account ID
      */
     accountTag: string;
+    /**
+     * Indicates if this is a locally or remotely configured tunnel. If `local`, manage the tunnel using a YAML file on the origin machine. If `cloudflare`, manage the tunnel on the Zero Trust dashboard.
+     * Available values: "local", "cloudflare".
+     */
+    configSrc: string;
     /**
      * The Cloudflare Tunnel connections between your origin and Cloudflare's edge.
      *
@@ -23974,6 +24093,8 @@ export interface GetZeroTrustTunnelCloudflaredsResult {
     name: string;
     /**
      * If `true`, the tunnel can be configured remotely from the Zero Trust dashboard. If `false`, the tunnel must be configured locally on the origin machine.
+     *
+     * @deprecated Use the configSrc field instead.
      */
     remoteConfig: boolean;
     /**
@@ -24087,6 +24208,11 @@ export interface GetZeroTrustTunnelWarpConnectorsResult {
      * Cloudflare account ID
      */
     accountTag: string;
+    /**
+     * Indicates if this is a locally or remotely configured tunnel. If `local`, manage the tunnel using a YAML file on the origin machine. If `cloudflare`, manage the tunnel on the Zero Trust dashboard.
+     * Available values: "local", "cloudflare".
+     */
+    configSrc: string;
     /**
      * The Cloudflare Tunnel connections between your origin and Cloudflare's edge.
      *
@@ -24123,6 +24249,8 @@ export interface GetZeroTrustTunnelWarpConnectorsResult {
     name: string;
     /**
      * If `true`, the tunnel can be configured remotely from the Zero Trust dashboard. If `false`, the tunnel must be configured locally on the origin machine.
+     *
+     * @deprecated Use the configSrc field instead.
      */
     remoteConfig: boolean;
     /**
@@ -25121,7 +25249,7 @@ export interface LoadBalancerRuleOverrides {
      */
     locationStrategy: outputs.LoadBalancerRuleOverridesLocationStrategy;
     /**
-     * (Enterprise only): A mapping of Cloudflare PoP identifiers to a list of pool IDs (ordered by their failover priority) for the PoP (datacenter). Any PoPs not explicitly defined will fall back to using the corresponding country*pool, then region*pool mapping if it exists else to default_pools.
+     * Enterprise only: A mapping of Cloudflare PoP identifiers to a list of pool IDs (ordered by their failover priority) for the PoP (datacenter). Any PoPs not explicitly defined will fall back to using the corresponding country*pool, then region*pool mapping if it exists else to default_pools.
      */
     popPools: {
         [key: string]: string[];
@@ -25137,7 +25265,8 @@ export interface LoadBalancerRuleOverrides {
         [key: string]: string[];
     };
     /**
-     * Specifies the type of session affinity the load balancer should use unless specified as `"none"`. The supported types are:
+     * Specifies the type of session affinity the load balancer should use unless specified as `"none"`. The supported types are: - `"cookie"`: On the first request to a proxied load balancer, a cookie is generated, encoding information of which origin the request will be forwarded to. Subsequent requests, by the same client to the same load balancer, will be sent to the origin server the cookie encodes, for the duration of the cookie and as long as the origin server remains healthy. If the cookie has expired or the origin server is unhealthy, then a new origin server is calculated and used. - `"ipCookie"`: Behaves the same as `"cookie"` except the initial origin selection is stable and based on the client's ip address. - `"header"`: On the first request to a proxied load balancer, a session key based on the configured HTTP headers (see `session_affinity_attributes.headers`) is generated, encoding the request headers used for storing in the load balancer session state which origin the request will be forwarded to. Subsequent requests to the load balancer with the same headers will be sent to the same origin server, for the duration of the session and as long as the origin server remains healthy. If the session has been idle for the duration of `sessionAffinityTtl` seconds or the origin server is unhealthy, then a new origin server is calculated and used. See `headers` in `sessionAffinityAttributes` for additional required configuration.
+     * Available values: "none", "cookie", "ipCookie", "header".
      */
     sessionAffinity: string;
     /**
@@ -25145,7 +25274,7 @@ export interface LoadBalancerRuleOverrides {
      */
     sessionAffinityAttributes: outputs.LoadBalancerRuleOverridesSessionAffinityAttributes;
     /**
-     * Time, in seconds, until a client's session expires after being created. Once the expiry time has been reached, subsequent requests may get sent to a different origin server. The accepted ranges per `sessionAffinity` policy are:
+     * Time, in seconds, until a client's session expires after being created. Once the expiry time has been reached, subsequent requests may get sent to a different origin server. The accepted ranges per `sessionAffinity` policy are: - `"cookie"` / `"ipCookie"`: The current default of 23 hours will be used unless explicitly set. The accepted range of values is between [1800, 604800]. - `"header"`: The current default of 1800 seconds will be used unless explicitly set. The accepted range of values is between [30, 3600]. Note: With session affinity by header, sessions only expire after they haven't been used for the number of seconds specified.
      */
     sessionAffinityTtl: number;
     /**
@@ -25195,7 +25324,7 @@ export interface LoadBalancerRuleOverridesSessionAffinityAttributes {
      */
     headers?: string[];
     /**
-     * When header `sessionAffinity` is enabled, this option can be used to specify how HTTP headers on load balancing requests will be used. The supported values are:
+     * When header `sessionAffinity` is enabled, this option can be used to specify how HTTP headers on load balancing requests will be used. The supported values are: - `"true"`: Load balancing requests must contain *all* of the HTTP headers specified by the `headers` session affinity attribute, otherwise sessions aren't created. - `"false"`: Load balancing requests must contain *at least one* of the HTTP headers specified by the `headers` session affinity attribute, otherwise sessions aren't created.
      */
     requireAllHeaders: boolean;
     /**
@@ -25209,7 +25338,8 @@ export interface LoadBalancerRuleOverridesSessionAffinityAttributes {
      */
     secure: string;
     /**
-     * Configures the zero-downtime failover between origins within a pool when session affinity is enabled. This feature is currently incompatible with Argo, Tiered Cache, and Bandwidth Alliance. The supported values are:
+     * Configures the zero-downtime failover between origins within a pool when session affinity is enabled. This feature is currently incompatible with Argo, Tiered Cache, and Bandwidth Alliance. The supported values are: - `"none"`: No failover takes place for sessions pinned to the origin (default). - `"temporary"`: Traffic will be sent to another other healthy origin until the originally pinned origin is available; note that this can potentially result in heavy origin flapping. - `"sticky"`: The session affinity cookie is updated and subsequent requests are sent to the new origin. Note: Zero-downtime failover with sticky sessions is currently not supported for session affinity by header.
+     * Available values: "none", "temporary", "sticky".
      */
     zeroDowntimeFailover: string;
 }
@@ -25223,7 +25353,7 @@ export interface LoadBalancerSessionAffinityAttributes {
      */
     headers?: string[];
     /**
-     * When header `sessionAffinity` is enabled, this option can be used to specify how HTTP headers on load balancing requests will be used. The supported values are:
+     * When header `sessionAffinity` is enabled, this option can be used to specify how HTTP headers on load balancing requests will be used. The supported values are: - `"true"`: Load balancing requests must contain *all* of the HTTP headers specified by the `headers` session affinity attribute, otherwise sessions aren't created. - `"false"`: Load balancing requests must contain *at least one* of the HTTP headers specified by the `headers` session affinity attribute, otherwise sessions aren't created.
      */
     requireAllHeaders: boolean;
     /**
@@ -25237,7 +25367,8 @@ export interface LoadBalancerSessionAffinityAttributes {
      */
     secure: string;
     /**
-     * Configures the zero-downtime failover between origins within a pool when session affinity is enabled. This feature is currently incompatible with Argo, Tiered Cache, and Bandwidth Alliance. The supported values are:
+     * Configures the zero-downtime failover between origins within a pool when session affinity is enabled. This feature is currently incompatible with Argo, Tiered Cache, and Bandwidth Alliance. The supported values are: - `"none"`: No failover takes place for sessions pinned to the origin (default). - `"temporary"`: Traffic will be sent to another other healthy origin until the originally pinned origin is available; note that this can potentially result in heavy origin flapping. - `"sticky"`: The session affinity cookie is updated and subsequent requests are sent to the new origin. Note: Zero-downtime failover with sticky sessions is currently not supported for session affinity by header.
+     * Available values: "none", "temporary", "sticky".
      */
     zeroDowntimeFailover: string;
 }
@@ -25532,72 +25663,40 @@ export interface MagicWanStaticRouteScope {
     coloRegions?: string[];
 }
 export interface ManagedHeadersManagedRequestHeader {
-    /**
-     * The Managed Transforms that this Managed Transform conflicts with.
-     */
-    conflictsWiths: string[];
     /**
      * Whether the Managed Transform is enabled.
      */
     enabled: boolean;
-    /**
-     * Whether the Managed Transform conflicts with the currently-enabled Managed Transforms.
-     */
-    hasConflict: boolean;
     /**
      * The human-readable identifier of the Managed Transform.
      */
     id: string;
 }
 export interface ManagedHeadersManagedResponseHeader {
-    /**
-     * The Managed Transforms that this Managed Transform conflicts with.
-     */
-    conflictsWiths: string[];
     /**
      * Whether the Managed Transform is enabled.
      */
     enabled: boolean;
-    /**
-     * Whether the Managed Transform conflicts with the currently-enabled Managed Transforms.
-     */
-    hasConflict: boolean;
     /**
      * The human-readable identifier of the Managed Transform.
      */
     id: string;
 }
 export interface ManagedTransformsManagedRequestHeader {
-    /**
-     * The Managed Transforms that this Managed Transform conflicts with.
-     */
-    conflictsWiths: string[];
     /**
      * Whether the Managed Transform is enabled.
      */
     enabled: boolean;
-    /**
-     * Whether the Managed Transform conflicts with the currently-enabled Managed Transforms.
-     */
-    hasConflict: boolean;
     /**
      * The human-readable identifier of the Managed Transform.
      */
     id: string;
 }
 export interface ManagedTransformsManagedResponseHeader {
-    /**
-     * The Managed Transforms that this Managed Transform conflicts with.
-     */
-    conflictsWiths: string[];
     /**
      * Whether the Managed Transform is enabled.
      */
     enabled: boolean;
-    /**
-     * Whether the Managed Transform conflicts with the currently-enabled Managed Transforms.
-     */
-    hasConflict: boolean;
     /**
      * The human-readable identifier of the Managed Transform.
      */
@@ -27236,13 +27335,13 @@ export interface RecordData {
      */
     digestType?: number;
     /**
-     * fingerprint.
+     * Fingerprint.
      */
     fingerprint?: string;
     /**
      * Flags for the CAA record.
      */
-    flags?: number;
+    flags?: any;
     /**
      * Key Tag.
      */
@@ -27306,7 +27405,7 @@ export interface RecordData {
      */
     preference?: number;
     /**
-     * priority.
+     * Priority.
      */
     priority?: number;
     /**
@@ -27342,7 +27441,7 @@ export interface RecordData {
      */
     tag?: string;
     /**
-     * target.
+     * Target.
      */
     target?: string;
     /**
@@ -27386,33 +27485,29 @@ export interface RiskBehaviorBehaviors {
 export interface RulesetRule {
     /**
      * The action to perform when the rule matches.
-     * Available values: "block", "challenge", "compress*response", "execute", "js*challenge", "log", "managed*challenge", "redirect", "rewrite", "route", "score", "serve*error", "set*config", "skip", "set*cache*settings", "log*custom*field", "ddos*dynamic", "force*connection*close".
+     * Available values: "block", "challenge", "compress*response", "ddos*dynamic", "execute", "force*connection*close", "js*challenge", "log", "log*custom*field", "managed*challenge", "redirect", "rewrite", "route", "score", "serve*error", "set*cache*settings", "set*config", "skip".
      */
-    action?: string;
+    action: string;
     /**
      * The parameters configuring the rule's action.
      */
-    actionParameters?: outputs.RulesetRuleActionParameters;
-    /**
-     * The categories of the rule.
-     */
-    categories?: string[];
+    actionParameters: outputs.RulesetRuleActionParameters;
     /**
      * An informative description of the rule.
      */
-    description?: string;
+    description: string;
     /**
      * Whether the rule should be executed.
      */
     enabled: boolean;
     /**
-     * Configure checks for exposed credentials.
+     * Configuration for exposed credential checking.
      */
     exposedCredentialCheck?: outputs.RulesetRuleExposedCredentialCheck;
     /**
      * The expression defining which traffic will match the rule.
      */
-    expression?: string;
+    expression: string;
     /**
      * The unique ID of the rule.
      */
@@ -27420,19 +27515,19 @@ export interface RulesetRule {
     /**
      * An object configuring the rule's logging behavior.
      */
-    logging?: outputs.RulesetRuleLogging;
+    logging: outputs.RulesetRuleLogging;
     /**
-     * An object configuring the rule's ratelimit behavior.
+     * An object configuring the rule's rate limit behavior.
      */
     ratelimit?: outputs.RulesetRuleRatelimit;
     /**
-     * The reference of the rule (the rule ID by default).
+     * The reference of the rule (the rule's ID by default).
      */
     ref: string;
 }
 export interface RulesetRuleActionParameters {
     /**
-     * List of additional ports that caching can be enabled on.
+     * A list of additional ports that caching should be enabled on.
      */
     additionalCacheablePorts?: number[];
     /**
@@ -27440,40 +27535,44 @@ export interface RulesetRuleActionParameters {
      */
     algorithms?: outputs.RulesetRuleActionParametersAlgorithm[];
     /**
-     * Turn on or off Automatic HTTPS Rewrites.
+     * The name of a custom asset to serve as the response.
+     */
+    assetName?: string;
+    /**
+     * Whether to enable Automatic HTTPS Rewrites.
      */
     automaticHttpsRewrites?: boolean;
     /**
-     * Select which file extensions to minify automatically.
+     * Which file extensions to minify automatically.
      */
     autominify?: outputs.RulesetRuleActionParametersAutominify;
     /**
-     * Turn on or off Browser Integrity Check.
+     * Whether to enable Browser Integrity Check (BIC).
      */
     bic?: boolean;
     /**
-     * Specify how long client browsers should cache the response. Cloudflare cache purge will not purge content cached on client browsers, so high browser TTLs may lead to stale content.
+     * How long client browsers should cache the response. Cloudflare cache purge will not purge content cached on client browsers, so high browser TTLs may lead to stale content.
      */
     browserTtl?: outputs.RulesetRuleActionParametersBrowserTtl;
     /**
-     * Mark whether the request’s response from origin is eligible for caching. Caching itself will still depend on the cache-control header and your other caching configurations.
+     * Whether the request's response from the origin is eligible for caching. Caching itself will still depend on the cache control header and your other caching configurations.
      */
     cache?: boolean;
     /**
-     * Define which components of the request are included or excluded from the cache key Cloudflare uses to store the response in cache.
+     * Which components of the request are included in or excluded from the cache key Cloudflare uses to store the response in cache.
      */
     cacheKey?: outputs.RulesetRuleActionParametersCacheKey;
     /**
-     * Mark whether the request's response from origin is eligible for Cache Reserve (requires a Cache Reserve add-on plan).
+     * Settings to determine whether the request's response from origin is eligible for Cache Reserve (requires a Cache Reserve add-on plan).
      */
     cacheReserve?: outputs.RulesetRuleActionParametersCacheReserve;
     /**
-     * Error response content.
+     * The response content.
      */
     content?: string;
     /**
-     * Content-type header to set with the response.
-     * Available values: "application/json", "text/xml", "text/plain", "text/html".
+     * The content type header to set with the error response.
+     * Available values: "application/json", "text/html", "text/plain", "text/xml".
      */
     contentType?: string;
     /**
@@ -27481,49 +27580,49 @@ export interface RulesetRuleActionParameters {
      */
     cookieFields?: outputs.RulesetRuleActionParametersCookieField[];
     /**
-     * Turn off all active Cloudflare Apps.
+     * Whether to disable Cloudflare Apps.
      */
     disableApps?: boolean;
     /**
-     * Turn off Real User Monitoring (RUM).
+     * Whether to disable Real User Monitoring (RUM).
      */
     disableRum?: boolean;
     /**
-     * Turn off Zaraz.
+     * Whether to disable Zaraz.
      */
     disableZaraz?: boolean;
     /**
-     * TTL (Time to Live) specifies the maximum time to cache a resource in the Cloudflare edge network.
+     * How long the Cloudflare edge network should cache the response.
      */
     edgeTtl?: outputs.RulesetRuleActionParametersEdgeTtl;
     /**
-     * Turn on or off Email Obfuscation.
+     * Whether to enable Email Obfuscation.
      */
     emailObfuscation?: boolean;
     /**
-     * Turn on or off Cloudflare Fonts.
+     * Whether to enable Cloudflare Fonts.
      */
     fonts?: boolean;
     /**
-     * Serve a redirect based on a bulk list lookup.
+     * A redirect based on a bulk list lookup.
      */
     fromList?: outputs.RulesetRuleActionParametersFromList;
     /**
-     * Serve a redirect based on the request properties.
+     * A redirect based on the request properties.
      */
     fromValue?: outputs.RulesetRuleActionParametersFromValue;
     /**
-     * Map of request headers to modify.
+     * A map of headers to rewrite.
      */
     headers?: {
         [key: string]: outputs.RulesetRuleActionParametersHeaders;
     };
     /**
-     * Rewrite the HTTP Host header.
+     * A value to rewrite the HTTP host header to.
      */
     hostHeader?: string;
     /**
-     * Turn on or off the Hotlink Protection.
+     * Whether to enable Hotlink Protection.
      */
     hotlinkProtection?: boolean;
     /**
@@ -27531,7 +27630,7 @@ export interface RulesetRuleActionParameters {
      */
     id?: string;
     /**
-     * Increment contains the delta to change the score and can be either positive or negative.
+     * A delta to change the score by, which can be either positive or negative.
      */
     increment?: number;
     /**
@@ -27539,45 +27638,42 @@ export interface RulesetRuleActionParameters {
      */
     matchedData?: outputs.RulesetRuleActionParametersMatchedData;
     /**
-     * Turn on or off Mirage.
+     * Whether to enable Mirage.
      */
     mirage?: boolean;
     /**
-     * Turn on or off Opportunistic Encryption.
+     * Whether to enable Opportunistic Encryption.
      */
     opportunisticEncryption?: boolean;
     /**
-     * Override the IP/TCP destination.
+     * An origin to route to.
      */
     origin?: outputs.RulesetRuleActionParametersOrigin;
     /**
-     * When enabled, Cloudflare will aim to strictly adhere to RFC 7234.
+     * Whether Cloudflare will aim to strictly adhere to RFC 7234.
      */
     originCacheControl?: boolean;
     /**
-     * Generate Cloudflare error pages from issues sent from the origin server. When on, error pages will trigger for issues from the origin.
+     * Whether to generate Cloudflare error pages for issues from the origin server.
      */
     originErrorPagePassthru?: boolean;
     /**
      * A set of overrides to apply to the target ruleset.
      */
     overrides?: outputs.RulesetRuleActionParametersOverrides;
-    /**
-     * A phase to skip the execution of. This property is only compatible with products.
-     * Available values: "current".
-     */
-    phase?: string;
     /**
      * A list of phases to skip the execution of. This option is incompatible with the rulesets option.
+     * Available values: "ddos*l4", "ddos*l7", "http*config*settings", "http*custom*errors", "http*log*custom*fields", "http*ratelimit", "http*request*cache*settings", "http*request*dynamic*redirect", "http*request*firewall*custom", "http*request*firewall*managed", "http*request*late*transform", "http*request*origin", "http*request*redirect", "http*request*sanitize", "http*request*sbfm", "http*request*transform", "http*response*compression", "http*response*firewall*managed", "http*response*headers*transform", "magic*transit", "magic*transit*ids*managed", "magic*transit*managed", "magic*transit_ratelimit".
      */
     phases?: string[];
     /**
-     * Configure the Polish level.
+     * The Polish level to configure.
      * Available values: "off", "lossless", "lossy", "webp".
      */
     polish?: string;
     /**
      * A list of legacy security products to skip the execution of.
+     * Available values: "bic", "hot", "rateLimit", "securityLevel", "uaBlock", "waf", "zoneLockdown".
      */
     products?: string[];
     /**
@@ -27585,7 +27681,7 @@ export interface RulesetRuleActionParameters {
      */
     rawResponseFields?: outputs.RulesetRuleActionParametersRawResponseField[];
     /**
-     * Define a timeout value between two successive read operations to your origin server. Historically, the timeout value between two read options from Cloudflare to an origin server is 100 seconds. If you are attempting to reduce HTTP 524 errors because of timeouts from an origin server, try increasing this timeout value.
+     * A timeout value between two successive read operations to use for your origin server. Historically, the timeout value between two read options from Cloudflare to an origin server is 100 seconds. If you are attempting to reduce HTTP 524 errors because of timeouts from an origin server, try increasing this timeout value.
      */
     readTimeout?: number;
     /**
@@ -27593,7 +27689,7 @@ export interface RulesetRuleActionParameters {
      */
     requestFields?: outputs.RulesetRuleActionParametersRequestField[];
     /**
-     * Specify whether or not Cloudflare should respect strong ETag (entity tag) headers. When off, Cloudflare converts strong ETag headers to weak ETag headers.
+     * Whether Cloudflare should respect strong ETag (entity tag) headers. If false, Cloudflare converts strong ETag headers to weak ETag headers.
      */
     respectStrongEtags?: boolean;
     /**
@@ -27605,7 +27701,7 @@ export interface RulesetRuleActionParameters {
      */
     responseFields?: outputs.RulesetRuleActionParametersResponseField[];
     /**
-     * Turn on or off Rocket Loader.
+     * Whether to enable Rocket Loader.
      */
     rocketLoader?: boolean;
     /**
@@ -27624,24 +27720,24 @@ export interface RulesetRuleActionParameters {
      */
     rulesets?: string[];
     /**
-     * Configure the Security Level.
+     * The Security Level to configure.
      * Available values: "off", "essentially*off", "low", "medium", "high", "under*attack".
      */
     securityLevel?: string;
     /**
-     * Define if Cloudflare should serve stale content while getting the latest content from the origin. If on, Cloudflare will not serve stale content while getting the latest content from the origin.
+     * When to serve stale content from cache.
      */
     serveStale?: outputs.RulesetRuleActionParametersServeStale;
     /**
-     * Turn on or off Server Side Excludes.
+     * Whether to enable Server-Side Excludes.
      */
     serverSideExcludes?: boolean;
     /**
-     * Override the Server Name Indication (SNI).
+     * A Server Name Indication (SNI) override.
      */
     sni?: outputs.RulesetRuleActionParametersSni;
     /**
-     * Configure the SSL level.
+     * The SSL level to configure.
      * Available values: "off", "flexible", "full", "strict", "originPull".
      */
     ssl?: string;
@@ -27650,7 +27746,7 @@ export interface RulesetRuleActionParameters {
      */
     statusCode?: number;
     /**
-     * Turn on or off Signed Exchanges (SXG).
+     * Whether to enable Signed Exchanges (SXG).
      */
     sxg?: boolean;
     /**
@@ -27658,257 +27754,263 @@ export interface RulesetRuleActionParameters {
      */
     transformedRequestFields?: outputs.RulesetRuleActionParametersTransformedRequestField[];
     /**
-     * URI to rewrite the request to.
+     * A URI rewrite.
      */
     uri?: outputs.RulesetRuleActionParametersUri;
 }
 export interface RulesetRuleActionParametersAlgorithm {
     /**
-     * Name of compression algorithm to enable.
+     * Name of the compression algorithm to enable.
      * Available values: "none", "auto", "default", "gzip", "brotli", "zstd".
      */
     name?: string;
 }
 export interface RulesetRuleActionParametersAutominify {
     /**
-     * Minify CSS files.
+     * Whether to minify CSS files.
      */
-    css?: boolean;
+    css: boolean;
     /**
-     * Minify HTML files.
+     * Whether to minify HTML files.
      */
-    html?: boolean;
+    html: boolean;
     /**
-     * Minify JS files.
+     * Whether to minify JavaScript files.
      */
-    js?: boolean;
+    js: boolean;
 }
 export interface RulesetRuleActionParametersBrowserTtl {
     /**
-     * The TTL (in seconds) if you choose overrideOrigin mode.
+     * The browser TTL (in seconds) if you choose the "overrideOrigin" mode.
      */
     default?: number;
     /**
-     * Determines which browser ttl mode to use.
+     * The browser TTL mode.
      * Available values: "respect*origin", "bypass*by*default", "override*origin", "bypass".
      */
     mode: string;
 }
 export interface RulesetRuleActionParametersCacheKey {
     /**
-     * Separate cached content based on the visitor’s device type.
+     * Whether to separate cached content based on the visitor's device type.
      */
     cacheByDeviceType?: boolean;
     /**
-     * Protect from web cache deception attacks while allowing static assets to be cached.
+     * Whether to protect from web cache deception attacks, while allowing static assets to be cached.
      */
     cacheDeceptionArmor?: boolean;
     /**
-     * Customize which components of the request are included or excluded from the cache key.
+     * Which components of the request are included or excluded from the cache key.
      */
     customKey?: outputs.RulesetRuleActionParametersCacheKeyCustomKey;
     /**
-     * Treat requests with the same query parameters the same, regardless of the order those query parameters are in. A value of true ignores the query strings' order.
+     * Whether to treat requests with the same query parameters the same, regardless of the order those query parameters are in.
      */
     ignoreQueryStringsOrder?: boolean;
 }
 export interface RulesetRuleActionParametersCacheKeyCustomKey {
     /**
-     * The cookies to include in building the cache key.
+     * Which cookies to include in the cache key.
      */
     cookie?: outputs.RulesetRuleActionParametersCacheKeyCustomKeyCookie;
     /**
-     * The header names and values to include in building the cache key.
+     * Which headers to include in the cache key.
      */
     header?: outputs.RulesetRuleActionParametersCacheKeyCustomKeyHeader;
     /**
-     * Whether to use the original host or the resolved host in the cache key.
+     * How to use the host in the cache key.
      */
     host?: outputs.RulesetRuleActionParametersCacheKeyCustomKeyHost;
     /**
-     * Use the presence of parameters in the query string to build the cache key.
+     * Which query string parameters to include in or exclude from the cache key.
      */
     queryString?: outputs.RulesetRuleActionParametersCacheKeyCustomKeyQueryString;
     /**
-     * Characteristics of the request user agent used in building the cache key.
+     * How to use characteristics of the request user agent in the cache key.
      */
     user?: outputs.RulesetRuleActionParametersCacheKeyCustomKeyUser;
 }
 export interface RulesetRuleActionParametersCacheKeyCustomKeyCookie {
     /**
-     * Checks for the presence of these cookie names. The presence of these cookies is used in building the cache key.
+     * A list of cookies to check for the presence of. The presence of these cookies is included in the cache key.
      */
     checkPresences?: string[];
     /**
-     * Include these cookies' names and their values.
+     * A list of cookies to include in the cache key.
      */
     includes?: string[];
 }
 export interface RulesetRuleActionParametersCacheKeyCustomKeyHeader {
     /**
-     * Checks for the presence of these header names. The presence of these headers is used in building the cache key.
+     * A list of headers to check for the presence of. The presence of these headers is included in the cache key.
      */
     checkPresences?: string[];
     /**
-     * For each header name and list of values combination, check if the request header contains any of the values provided. The presence of the request header and whether any of the values provided are contained in the request header value is used in building the cache key.
+     * A mapping of header names to a list of values. If a header is present in the request and contains any of the values provided, its value is included in the cache key.
      */
     contains?: {
         [key: string]: string[];
     };
     /**
-     * Whether or not to include the origin header. A value of true will exclude the origin header in the cache key.
+     * Whether to exclude the origin header in the cache key.
      */
     excludeOrigin?: boolean;
     /**
-     * Include these headers' names and their values.
+     * A list of headers to include in the cache key.
      */
     includes?: string[];
 }
 export interface RulesetRuleActionParametersCacheKeyCustomKeyHost {
     /**
-     * Use the resolved host in the cache key. A value of true will use the resolved host, while a value or false will use the original host.
+     * Whether to use the resolved host in the cache key.
      */
     resolved?: boolean;
 }
 export interface RulesetRuleActionParametersCacheKeyCustomKeyQueryString {
     /**
-     * A list of query string parameters NOT used to build the cache key. All parameters present in the request but missing in this list will be used to build the cache key.
+     * Which query string parameters to exclude from the cache key.
      */
     exclude?: outputs.RulesetRuleActionParametersCacheKeyCustomKeyQueryStringExclude;
     /**
-     * A list of query string parameters used to build the cache key.
+     * Which query string parameters to include in the cache key.
      */
     include?: outputs.RulesetRuleActionParametersCacheKeyCustomKeyQueryStringInclude;
 }
 export interface RulesetRuleActionParametersCacheKeyCustomKeyQueryStringExclude {
     /**
-     * Determines whether to exclude all query string parameters from the cache key.
+     * Whether to exclude all query string parameters from the cache key.
      */
     all?: boolean;
+    /**
+     * A list of query string parameters to exclude from the cache key.
+     */
     lists?: string[];
 }
 export interface RulesetRuleActionParametersCacheKeyCustomKeyQueryStringInclude {
     /**
-     * Determines whether to include all query string parameters in the cache key.
+     * Whether to include all query string parameters in the cache key.
      */
     all?: boolean;
+    /**
+     * A list of query string parameters to include in the cache key.
+     */
     lists?: string[];
 }
 export interface RulesetRuleActionParametersCacheKeyCustomKeyUser {
     /**
-     * Use the user agent's device type in the cache key.
+     * Whether to use the user agent's device type in the cache key.
      */
     deviceType?: boolean;
     /**
-     * Use the user agents's country in the cache key.
+     * Whether to use the user agents's country in the cache key.
      */
     geo?: boolean;
     /**
-     * Use the user agent's language in the cache key.
+     * Whether to use the user agent's language in the cache key.
      */
     lang?: boolean;
 }
 export interface RulesetRuleActionParametersCacheReserve {
     /**
-     * Determines whether cache reserve is enabled. If this is true and a request meets eligibility criteria, Cloudflare will write the resource to cache reserve.
+     * Whether Cache Reserve is enabled. If this is true and a request meets eligibility criteria, Cloudflare will write the resource to Cache Reserve.
      */
     eligible: boolean;
     /**
-     * The minimum file size eligible for store in cache reserve.
+     * The minimum file size eligible for storage in Cache Reserve.
      */
-    minimumFileSize: number;
+    minimumFileSize?: number;
 }
 export interface RulesetRuleActionParametersCookieField {
     /**
-     * The name of the field.
+     * The name of the cookie.
      */
     name: string;
 }
 export interface RulesetRuleActionParametersEdgeTtl {
     /**
-     * The TTL (in seconds) if you choose overrideOrigin mode.
+     * The edge TTL (in seconds) if you choose the "overrideOrigin" mode.
      */
     default?: number;
     /**
-     * Edge TTL options.
+     * The edge TTL mode.
      * Available values: "respect*origin", "bypass*by*default", "override*origin".
      */
     mode: string;
     /**
-     * List of single status codes, or status code ranges to apply the selected mode.
+     * A list of TTLs to apply to specific status codes or status code ranges.
      */
     statusCodeTtls?: outputs.RulesetRuleActionParametersEdgeTtlStatusCodeTtl[];
 }
 export interface RulesetRuleActionParametersEdgeTtlStatusCodeTtl {
     /**
-     * Set the TTL for responses with this specific status code.
+     * A single status code to apply the TTL to.
      */
     statusCode?: number;
     /**
-     * The range of status codes used to apply the selected mode.
+     * A range of status codes to apply the TTL to.
      */
     statusCodeRange?: outputs.RulesetRuleActionParametersEdgeTtlStatusCodeTtlStatusCodeRange;
     /**
-     * Time to cache a response (in seconds). A value of 0 is equivalent to setting the Cache-Control header with the value "no-cache". A value of -1 is equivalent to setting Cache-Control header with the value of "no-store".
+     * The time to cache the response for (in seconds). A value of 0 is equivalent to setting the cache control header with the value "no-cache". A value of -1 is equivalent to setting the cache control header with the value of "no-store".
      */
     value: number;
 }
 export interface RulesetRuleActionParametersEdgeTtlStatusCodeTtlStatusCodeRange {
     /**
-     * Response status code lower bound.
+     * The lower bound of the range.
      */
     from?: number;
     /**
-     * Response status code upper bound.
+     * The upper bound of the range.
      */
     to?: number;
 }
 export interface RulesetRuleActionParametersFromList {
     /**
-     * Expression that evaluates to the list lookup key.
+     * An expression that evaluates to the list lookup key.
      */
-    key?: string;
+    key: string;
     /**
      * The name of the list to match against.
      */
-    name?: string;
+    name: string;
 }
 export interface RulesetRuleActionParametersFromValue {
     /**
-     * Keep the query string of the original request.
+     * Whether to keep the query string of the original request.
      */
-    preserveQueryString?: boolean;
+    preserveQueryString: boolean;
     /**
-     * The status code to be used for the redirect.
-     * Available values: 301, 302, 303, 307, 308.
+     * The status code to use for the redirect.
      */
     statusCode?: number;
     /**
-     * The URL to redirect the request to.
+     * A URL to redirect the request to.
      */
-    targetUrl?: outputs.RulesetRuleActionParametersFromValueTargetUrl;
+    targetUrl: outputs.RulesetRuleActionParametersFromValueTargetUrl;
 }
 export interface RulesetRuleActionParametersFromValueTargetUrl {
     /**
-     * An expression to evaluate to get the URL to redirect the request to.
+     * An expression that evaluates to a URL to redirect the request to.
      */
     expression?: string;
     /**
-     * The URL to redirect the request to.
+     * A URL to redirect the request to.
      */
     value?: string;
 }
 export interface RulesetRuleActionParametersHeaders {
     /**
-     * Expression for the header value.
+     * An expression that evaluates to a value for the header.
      */
     expression?: string;
     /**
-     * Available values: "remove", "add", "set".
+     * The operation to perform on the header.
+     * Available values: "add", "set", "remove".
      */
     operation: string;
     /**
-     * Static value for the header.
+     * A static value for the header.
      */
     value?: string;
 }
@@ -27920,11 +28022,11 @@ export interface RulesetRuleActionParametersMatchedData {
 }
 export interface RulesetRuleActionParametersOrigin {
     /**
-     * Override the resolved hostname.
+     * A resolved host to route to.
      */
     host?: string;
     /**
-     * Override the destination port.
+     * A destination port to route to.
      */
     port?: number;
 }
@@ -27965,7 +28067,7 @@ export interface RulesetRuleActionParametersOverridesCategory {
      */
     enabled?: boolean;
     /**
-     * The sensitivity level to use for rules in the category.
+     * The sensitivity level to use for rules in the category. This option is only applicable for DDoS phases.
      * Available values: "default", "medium", "low", "eoff".
      */
     sensitivityLevel?: string;
@@ -27988,24 +28090,24 @@ export interface RulesetRuleActionParametersOverridesRule {
      */
     scoreThreshold?: number;
     /**
-     * The sensitivity level to use for the rule.
+     * The sensitivity level to use for the rule. This option is only applicable for DDoS phases.
      * Available values: "default", "medium", "low", "eoff".
      */
     sensitivityLevel?: string;
 }
 export interface RulesetRuleActionParametersRawResponseField {
     /**
-     * The name of the field.
+     * The name of the response header.
      */
     name: string;
     /**
      * Whether to log duplicate values of the same header.
      */
-    preserveDuplicates?: boolean;
+    preserveDuplicates: boolean;
 }
 export interface RulesetRuleActionParametersRequestField {
     /**
-     * The name of the field.
+     * The name of the header.
      */
     name: string;
 }
@@ -28025,69 +28127,69 @@ export interface RulesetRuleActionParametersResponse {
 }
 export interface RulesetRuleActionParametersResponseField {
     /**
-     * The name of the field.
+     * The name of the response header.
      */
     name: string;
     /**
      * Whether to log duplicate values of the same header.
      */
-    preserveDuplicates?: boolean;
+    preserveDuplicates: boolean;
 }
 export interface RulesetRuleActionParametersServeStale {
     /**
-     * Defines whether Cloudflare should serve stale content while updating. If true, Cloudflare will not serve stale content while getting the latest content from the origin.
+     * Whether Cloudflare should disable serving stale content while getting the latest content from the origin.
      */
-    disableStaleWhileUpdating: boolean;
+    disableStaleWhileUpdating?: boolean;
 }
 export interface RulesetRuleActionParametersSni {
     /**
-     * The SNI override.
+     * A value to override the SNI to.
      */
     value: string;
 }
 export interface RulesetRuleActionParametersTransformedRequestField {
     /**
-     * The name of the field.
+     * The name of the header.
      */
     name: string;
 }
 export interface RulesetRuleActionParametersUri {
     /**
-     * Path portion rewrite.
+     * A URI path rewrite.
      */
     path?: outputs.RulesetRuleActionParametersUriPath;
     /**
-     * Query portion rewrite.
+     * A URI query rewrite.
      */
     query?: outputs.RulesetRuleActionParametersUriQuery;
 }
 export interface RulesetRuleActionParametersUriPath {
     /**
-     * Expression to evaluate for the replacement value.
+     * An expression that evaluates to a value to rewrite the URI path to.
      */
     expression?: string;
     /**
-     * Predefined replacement value.
+     * A value to rewrite the URI path to.
      */
     value?: string;
 }
 export interface RulesetRuleActionParametersUriQuery {
     /**
-     * Expression to evaluate for the replacement value.
+     * An expression that evaluates to a value to rewrite the URI query to.
      */
     expression?: string;
     /**
-     * Predefined replacement value.
+     * A value to rewrite the URI query to.
      */
     value?: string;
 }
 export interface RulesetRuleExposedCredentialCheck {
     /**
-     * Expression that selects the password used in the credentials check.
+     * An expression that selects the password used in the credentials check.
      */
     passwordExpression: string;
     /**
-     * Expression that selects the user ID used in the credentials check.
+     * An expression that selects the user ID used in the credentials check.
      */
     usernameExpression: string;
 }
@@ -28099,17 +28201,17 @@ export interface RulesetRuleLogging {
 }
 export interface RulesetRuleRatelimit {
     /**
-     * Characteristics of the request on which the ratelimiter counter will be incremented.
+     * Characteristics of the request on which the rate limit counter will be incremented.
      */
     characteristics: string[];
     /**
-     * Defines when the ratelimit counter should be incremented. It is optional and defaults to the same as the rule's expression.
+     * An expression that defines when the rate limit counter should be incremented. It defaults to the same as the rule's expression.
      */
     countingExpression?: string;
     /**
      * Period of time in seconds after which the action will be disabled following its first execution.
      */
-    mitigationTimeout?: number;
+    mitigationTimeout: number;
     /**
      * Period in seconds over which the counter is being incremented.
      */
@@ -28119,18 +28221,28 @@ export interface RulesetRuleRatelimit {
      */
     requestsPerPeriod?: number;
     /**
-     * Defines if ratelimit counting is only done when an origin is reached.
+     * Whether counting is only performed when an origin is reached.
      */
-    requestsToOrigin?: boolean;
+    requestsToOrigin: boolean;
     /**
      * The score threshold per period for which the action will be executed the first time.
      */
     scorePerPeriod?: number;
     /**
-     * The response header name provided by the origin which should contain the score to increment ratelimit counter on.
+     * A response header name provided by the origin, which contains the score to increment rate limit counter with.
      */
     scoreResponseHeaderName?: string;
 }
+export interface SnippetFile {
+    content: string;
+    name: string;
+}
+export interface SnippetMetadata {
+    /**
+     * Name of the file that contains the main module of the snippet.
+     */
+    mainModule: string;
+}
 export interface SnippetRulesRule {
     /**
      * An informative description of the rule.
@@ -28520,7 +28632,7 @@ export interface TeamsAccountSettingsBlockPage {
     mailtoSubject?: string;
     /**
      * Controls whether the user is redirected to a Cloudflare-hosted block page or to a customer-provided URI.
-     * Available values: "customizedBlockPage", "redirectUri".
+     * Available values: "", "customizedBlockPage", "redirectUri".
      */
     mode?: string;
     /**
@@ -28921,9 +29033,6 @@ export interface TeamsRuleRuleSettingsBlockPage {
     targetUri: string;
 }
 export interface TeamsRuleRuleSettingsCheckSession {
-    /**
-     * Configure how fresh the session needs to be to be considered valid.
-     */
     duration?: string;
     /**
      * Set to true to enable session enforcement.
@@ -33308,9 +33417,6 @@ export interface ZeroTrustGatewayPolicyRuleSettingsBlockPage {
     targetUri: string;
 }
 export interface ZeroTrustGatewayPolicyRuleSettingsCheckSession {
-    /**
-     * Configure how fresh the session needs to be to be considered valid.
-     */
     duration?: string;
     /**
      * Set to true to enable session enforcement.
@@ -33614,7 +33720,7 @@ export interface ZeroTrustGatewaySettingsSettingsBlockPage {
     mailtoSubject?: string;
     /**
      * Controls whether the user is redirected to a Cloudflare-hosted block page or to a customer-provided URI.
-     * Available values: "customizedBlockPage", "redirectUri".
+     * Available values: "", "customizedBlockPage", "redirectUri".
      */
     mode?: string;
     /**