@sst-provider/cloudflare5 5.16.0 → 5.18.0

package/bin/types/output.d.ts

@@ -248,7 +248,7 @@ export interface AccountUnit {
     /**
      * Tenant unit ID
      */
-    id?: string;
+    id: string;
 }
 export interface AddressMapMembership {
     /**
@@ -261,6 +261,99 @@ export interface AddressMapMembership {
      */
     kind?: string;
 }
+export interface AiSearchInstanceCustomMetadata {
+    /**
+     * Available values: "text", "number", "boolean".
+     */
+    dataType: string;
+    fieldName: string;
+}
+export interface AiSearchInstanceMetadata {
+    createdFromAisearchWizard?: boolean;
+    workerDomain?: string;
+}
+export interface AiSearchInstancePublicEndpointParams {
+    authorizedHosts?: string[];
+    chatCompletionsEndpoint: outputs.AiSearchInstancePublicEndpointParamsChatCompletionsEndpoint;
+    enabled: boolean;
+    mcp: outputs.AiSearchInstancePublicEndpointParamsMcp;
+    rateLimit?: outputs.AiSearchInstancePublicEndpointParamsRateLimit;
+    searchEndpoint: outputs.AiSearchInstancePublicEndpointParamsSearchEndpoint;
+}
+export interface AiSearchInstancePublicEndpointParamsChatCompletionsEndpoint {
+    /**
+     * Disable chat completions endpoint for this public endpoint
+     */
+    disabled: boolean;
+}
+export interface AiSearchInstancePublicEndpointParamsMcp {
+    description: string;
+    /**
+     * Disable MCP endpoint for this public endpoint
+     */
+    disabled: boolean;
+}
+export interface AiSearchInstancePublicEndpointParamsRateLimit {
+    periodMs?: number;
+    requests?: number;
+    /**
+     * Available values: "fixed", "sliding".
+     */
+    technique?: string;
+}
+export interface AiSearchInstancePublicEndpointParamsSearchEndpoint {
+    /**
+     * Disable search endpoint for this public endpoint
+     */
+    disabled: boolean;
+}
+export interface AiSearchInstanceRetrievalOptions {
+    /**
+     * Controls how keyword search terms are matched.<span pulumi-lang-nodejs=" exactMatch " pulumi-lang-dotnet=" ExactMatch " pulumi-lang-go=" exactMatch " pulumi-lang-python=" exact_match " pulumi-lang-yaml=" exactMatch " pulumi-lang-java=" exactMatch "> exact_match </span>requires all terms to appear (AND);<span pulumi-lang-nodejs=" fuzzyMatch " pulumi-lang-dotnet=" FuzzyMatch " pulumi-lang-go=" fuzzyMatch " pulumi-lang-python=" fuzzy_match " pulumi-lang-yaml=" fuzzyMatch " pulumi-lang-java=" fuzzyMatch "> fuzzy_match </span>returns results containing any term (OR). Defaults to exact_match.
+     * Available values: <span pulumi-lang-nodejs=""exactMatch"" pulumi-lang-dotnet=""ExactMatch"" pulumi-lang-go=""exactMatch"" pulumi-lang-python=""exact_match"" pulumi-lang-yaml=""exactMatch"" pulumi-lang-java=""exactMatch"">"exact_match"</span>, <span pulumi-lang-nodejs=""fuzzyMatch"" pulumi-lang-dotnet=""FuzzyMatch"" pulumi-lang-go=""fuzzyMatch"" pulumi-lang-python=""fuzzy_match"" pulumi-lang-yaml=""fuzzyMatch"" pulumi-lang-java=""fuzzyMatch"">"fuzzy_match"</span>.
+     */
+    keywordMatchMode: string;
+}
+export interface AiSearchInstanceSourceParams {
+    /**
+     * List of path patterns to exclude. Uses micromatch glob syntax: * matches within a path segment, ** matches across path segments (e.g., /admin/** matches /admin/users and /admin/settings/advanced)
+     */
+    excludeItems?: string[];
+    /**
+     * List of path patterns to include. Uses micromatch glob syntax: * matches within a path segment, ** matches across path segments (e.g., /blog/** matches /blog/post and /blog/2024/post)
+     */
+    includeItems?: string[];
+    prefix?: string;
+    r2Jurisdiction: string;
+    webCrawler: outputs.AiSearchInstanceSourceParamsWebCrawler;
+}
+export interface AiSearchInstanceSourceParamsWebCrawler {
+    parseOptions?: outputs.AiSearchInstanceSourceParamsWebCrawlerParseOptions;
+    /**
+     * Available values: "sitemap", "feed-rss".
+     */
+    parseType: string;
+    storeOptions?: outputs.AiSearchInstanceSourceParamsWebCrawlerStoreOptions;
+}
+export interface AiSearchInstanceSourceParamsWebCrawlerParseOptions {
+    includeHeaders?: {
+        [key: string]: string;
+    };
+    includeImages: boolean;
+    /**
+     * List of specific sitemap URLs to use for crawling. Only valid when<span pulumi-lang-nodejs=" parseType " pulumi-lang-dotnet=" ParseType " pulumi-lang-go=" parseType " pulumi-lang-python=" parse_type " pulumi-lang-yaml=" parseType " pulumi-lang-java=" parseType "> parse_type </span>is 'sitemap'.
+     */
+    specificSitemaps?: string[];
+    useBrowserRendering: boolean;
+}
+export interface AiSearchInstanceSourceParamsWebCrawlerStoreOptions {
+    r2Jurisdiction: string;
+    storageId: string;
+    /**
+     * Available values: "r2".
+     */
+    storageType?: string;
+}
 export interface ApiShieldAuthIdCharacteristic {
     /**
      * The name of the characteristic field, i.e., the header or cookie name. When using type "jwt", this must be a claim location expressed as `$(token_config_id):$(json_path)`, where <span pulumi-lang-nodejs="`tokenConfigId`" pulumi-lang-dotnet="`TokenConfigId`" pulumi-lang-go="`tokenConfigId`" pulumi-lang-python="`token_config_id`" pulumi-lang-yaml="`tokenConfigId`" pulumi-lang-java="`tokenConfigId`">`token_config_id`</span> is the ID of the token configuration used in validating the JWT, and <span pulumi-lang-nodejs="`jsonPath`" pulumi-lang-dotnet="`JsonPath`" pulumi-lang-go="`jsonPath`" pulumi-lang-python="`json_path`" pulumi-lang-yaml="`jsonPath`" pulumi-lang-java="`jsonPath`">`json_path`</span> is a RFC 9535 JSONPath expression.
@@ -607,6 +700,40 @@ export interface CertificatePackCertificateGeoRestrictions {
      */
     label: string;
 }
+export interface CertificatePackDcvDelegationRecord {
+    /**
+     * The CNAME record hostname for DCV delegation.
+     */
+    cname: string;
+    /**
+     * The CNAME record target value for DCV delegation.
+     */
+    cnameTarget: string;
+    /**
+     * The set of email addresses that the certificate authority (CA) will use to complete domain validation.
+     */
+    emails: string[];
+    /**
+     * The content that the certificate authority (CA) will expect to find at the<span pulumi-lang-nodejs=" httpUrl " pulumi-lang-dotnet=" HttpUrl " pulumi-lang-go=" httpUrl " pulumi-lang-python=" http_url " pulumi-lang-yaml=" httpUrl " pulumi-lang-java=" httpUrl "> http_url </span>during the domain validation.
+     */
+    httpBody: string;
+    /**
+     * The url that will be checked during domain validation.
+     */
+    httpUrl: string;
+    /**
+     * Status of the validation record.
+     */
+    status: string;
+    /**
+     * The hostname that the certificate authority (CA) will check for a TXT record during domain validation .
+     */
+    txtName: string;
+    /**
+     * The TXT record that the certificate authority (CA) will check during domain validation.
+     */
+    txtValue: string;
+}
 export interface CertificatePackValidationError {
     /**
      * A domain validation error.
@@ -614,6 +741,14 @@ export interface CertificatePackValidationError {
     message: string;
 }
 export interface CertificatePackValidationRecord {
+    /**
+     * The CNAME record hostname for DCV delegation.
+     */
+    cname: string;
+    /**
+     * The CNAME record target value for DCV delegation.
+     */
+    cnameTarget: string;
     /**
      * The set of email addresses that the certificate authority (CA) will use to complete domain validation.
      */
@@ -626,6 +761,10 @@ export interface CertificatePackValidationRecord {
      * The url that will be checked during domain validation.
      */
     httpUrl: string;
+    /**
+     * Status of the validation record.
+     */
+    status: string;
     /**
      * The hostname that the certificate authority (CA) will check for a TXT record during domain validation .
      */
@@ -635,6 +774,10 @@ export interface CertificatePackValidationRecord {
      */
     txtValue: string;
 }
+export interface ClientCertificateCertificateAuthority {
+    id: string;
+    name: string;
+}
 export interface CloudConnectorRulesRule {
     description?: string;
     enabled?: boolean;
@@ -1414,6 +1557,20 @@ export interface GetAccountApiTokenPermissionGroupsListResult {
      */
     scopes: string[];
 }
+export interface GetAccountApiTokenPermissionGroupsPermissionGroup {
+    /**
+     * Public ID.
+     */
+    id: string;
+    /**
+     * Permission Group Name
+     */
+    name: string;
+    /**
+     * Resources to which the Permission Group is scoped
+     */
+    scopes: string[];
+}
 export interface GetAccountDnsSettingsInternalViewFilter {
     /**
      * Direction to order DNS views in.
@@ -2451,6 +2608,269 @@ export interface GetAddressMapsResult {
     id: string;
     modifiedAt: string;
 }
+export interface GetAiSearchInstanceCustomMetadata {
+    /**
+     * Available values: "text", "number", "boolean".
+     */
+    dataType: string;
+    fieldName: string;
+}
+export interface GetAiSearchInstanceFilter {
+    /**
+     * Search by id
+     */
+    search?: string;
+}
+export interface GetAiSearchInstanceMetadata {
+    createdFromAisearchWizard: boolean;
+    workerDomain: string;
+}
+export interface GetAiSearchInstancePublicEndpointParams {
+    authorizedHosts: string[];
+    chatCompletionsEndpoint: outputs.GetAiSearchInstancePublicEndpointParamsChatCompletionsEndpoint;
+    enabled: boolean;
+    mcp: outputs.GetAiSearchInstancePublicEndpointParamsMcp;
+    rateLimit: outputs.GetAiSearchInstancePublicEndpointParamsRateLimit;
+    searchEndpoint: outputs.GetAiSearchInstancePublicEndpointParamsSearchEndpoint;
+}
+export interface GetAiSearchInstancePublicEndpointParamsChatCompletionsEndpoint {
+    /**
+     * Disable chat completions endpoint for this public endpoint
+     */
+    disabled: boolean;
+}
+export interface GetAiSearchInstancePublicEndpointParamsMcp {
+    description: string;
+    /**
+     * Disable MCP endpoint for this public endpoint
+     */
+    disabled: boolean;
+}
+export interface GetAiSearchInstancePublicEndpointParamsRateLimit {
+    periodMs: number;
+    requests: number;
+    /**
+     * Available values: "fixed", "sliding".
+     */
+    technique: string;
+}
+export interface GetAiSearchInstancePublicEndpointParamsSearchEndpoint {
+    /**
+     * Disable search endpoint for this public endpoint
+     */
+    disabled: boolean;
+}
+export interface GetAiSearchInstanceRetrievalOptions {
+    /**
+     * Controls how keyword search terms are matched.<span pulumi-lang-nodejs=" exactMatch " pulumi-lang-dotnet=" ExactMatch " pulumi-lang-go=" exactMatch " pulumi-lang-python=" exact_match " pulumi-lang-yaml=" exactMatch " pulumi-lang-java=" exactMatch "> exact_match </span>requires all terms to appear (AND);<span pulumi-lang-nodejs=" fuzzyMatch " pulumi-lang-dotnet=" FuzzyMatch " pulumi-lang-go=" fuzzyMatch " pulumi-lang-python=" fuzzy_match " pulumi-lang-yaml=" fuzzyMatch " pulumi-lang-java=" fuzzyMatch "> fuzzy_match </span>returns results containing any term (OR). Defaults to exact_match.
+     * Available values: <span pulumi-lang-nodejs=""exactMatch"" pulumi-lang-dotnet=""ExactMatch"" pulumi-lang-go=""exactMatch"" pulumi-lang-python=""exact_match"" pulumi-lang-yaml=""exactMatch"" pulumi-lang-java=""exactMatch"">"exact_match"</span>, <span pulumi-lang-nodejs=""fuzzyMatch"" pulumi-lang-dotnet=""FuzzyMatch"" pulumi-lang-go=""fuzzyMatch"" pulumi-lang-python=""fuzzy_match"" pulumi-lang-yaml=""fuzzyMatch"" pulumi-lang-java=""fuzzyMatch"">"fuzzy_match"</span>.
+     */
+    keywordMatchMode: string;
+}
+export interface GetAiSearchInstanceSourceParams {
+    /**
+     * List of path patterns to exclude. Uses micromatch glob syntax: * matches within a path segment, ** matches across path segments (e.g., /admin/** matches /admin/users and /admin/settings/advanced)
+     */
+    excludeItems: string[];
+    /**
+     * List of path patterns to include. Uses micromatch glob syntax: * matches within a path segment, ** matches across path segments (e.g., /blog/** matches /blog/post and /blog/2024/post)
+     */
+    includeItems: string[];
+    prefix: string;
+    r2Jurisdiction: string;
+    webCrawler: outputs.GetAiSearchInstanceSourceParamsWebCrawler;
+}
+export interface GetAiSearchInstanceSourceParamsWebCrawler {
+    parseOptions: outputs.GetAiSearchInstanceSourceParamsWebCrawlerParseOptions;
+    /**
+     * Available values: "sitemap", "feed-rss".
+     */
+    parseType: string;
+    storeOptions: outputs.GetAiSearchInstanceSourceParamsWebCrawlerStoreOptions;
+}
+export interface GetAiSearchInstanceSourceParamsWebCrawlerParseOptions {
+    includeHeaders: {
+        [key: string]: string;
+    };
+    includeImages: boolean;
+    /**
+     * List of specific sitemap URLs to use for crawling. Only valid when<span pulumi-lang-nodejs=" parseType " pulumi-lang-dotnet=" ParseType " pulumi-lang-go=" parseType " pulumi-lang-python=" parse_type " pulumi-lang-yaml=" parseType " pulumi-lang-java=" parseType "> parse_type </span>is 'sitemap'.
+     */
+    specificSitemaps: string[];
+    useBrowserRendering: boolean;
+}
+export interface GetAiSearchInstanceSourceParamsWebCrawlerStoreOptions {
+    r2Jurisdiction: string;
+    storageId: string;
+    /**
+     * Available values: "r2".
+     */
+    storageType: string;
+}
+export interface GetAiSearchInstancesResult {
+    aiGatewayId: string;
+    /**
+     * Available values: "@cf/meta/llama-3.3-70b-instruct-fp8-fast", "@cf/zai-org/glm-4.7-flash", "@cf/meta/llama-3.1-8b-instruct-fast", "@cf/meta/llama-3.1-8b-instruct-fp8", "@cf/meta/llama-4-scout-17b-16e-instruct", "@cf/qwen/qwen3-30b-a3b-fp8", "@cf/deepseek-ai/deepseek-r1-distill-qwen-32b", "@cf/moonshotai/kimi-k2-instruct", "@cf/google/gemma-3-12b-it", "anthropic/claude-3-7-sonnet", "anthropic/claude-sonnet-4", "anthropic/claude-opus-4", "anthropic/claude-3-5-haiku", "cerebras/qwen-3-235b-a22b-instruct", "cerebras/qwen-3-235b-a22b-thinking", "cerebras/llama-3.3-70b", "cerebras/llama-4-maverick-17b-128e-instruct", "cerebras/llama-4-scout-17b-16e-instruct", "cerebras/gpt-oss-120b", "google-ai-studio/gemini-2.5-flash", "google-ai-studio/gemini-2.5-pro", "grok/grok-4", "groq/llama-3.3-70b-versatile", "groq/llama-3.1-8b-instant", "openai/gpt-5", "openai/gpt-5-mini", "openai/gpt-5-nano", "".
+     */
+    aisearchModel: string;
+    cache: boolean;
+    /**
+     * Available values: <span pulumi-lang-nodejs=""superStrictMatch"" pulumi-lang-dotnet=""SuperStrictMatch"" pulumi-lang-go=""superStrictMatch"" pulumi-lang-python=""super_strict_match"" pulumi-lang-yaml=""superStrictMatch"" pulumi-lang-java=""superStrictMatch"">"super_strict_match"</span>, <span pulumi-lang-nodejs=""closeEnough"" pulumi-lang-dotnet=""CloseEnough"" pulumi-lang-go=""closeEnough"" pulumi-lang-python=""close_enough"" pulumi-lang-yaml=""closeEnough"" pulumi-lang-java=""closeEnough"">"close_enough"</span>, <span pulumi-lang-nodejs=""flexibleFriend"" pulumi-lang-dotnet=""FlexibleFriend"" pulumi-lang-go=""flexibleFriend"" pulumi-lang-python=""flexible_friend"" pulumi-lang-yaml=""flexibleFriend"" pulumi-lang-java=""flexibleFriend"">"flexible_friend"</span>, <span pulumi-lang-nodejs=""anythingGoes"" pulumi-lang-dotnet=""AnythingGoes"" pulumi-lang-go=""anythingGoes"" pulumi-lang-python=""anything_goes"" pulumi-lang-yaml=""anythingGoes"" pulumi-lang-java=""anythingGoes"">"anything_goes"</span>.
+     */
+    cacheThreshold: string;
+    chunkOverlap: number;
+    chunkSize: number;
+    createdAt: string;
+    createdBy: string;
+    customMetadatas: outputs.GetAiSearchInstancesResultCustomMetadata[];
+    /**
+     * Available values: "@cf/qwen/qwen3-embedding-0.6b", "@cf/baai/bge-m3", "@cf/baai/bge-large-en-v1.5", "@cf/google/embeddinggemma-300m", "google-ai-studio/gemini-embedding-001", "openai/text-embedding-3-small", "openai/text-embedding-3-large", "".
+     */
+    embeddingModel: string;
+    enable: boolean;
+    /**
+     * Available values: "max", "rrf".
+     */
+    fusionMethod: string;
+    hybridSearchEnabled: boolean;
+    /**
+     * Use your AI Search ID.
+     */
+    id: string;
+    lastActivity: string;
+    maxNumResults: number;
+    metadata: outputs.GetAiSearchInstancesResultMetadata;
+    modifiedAt: string;
+    modifiedBy: string;
+    paused: boolean;
+    publicEndpointId: string;
+    publicEndpointParams: outputs.GetAiSearchInstancesResultPublicEndpointParams;
+    reranking: boolean;
+    /**
+     * Available values: "@cf/baai/bge-reranker-base", "".
+     */
+    rerankingModel: string;
+    retrievalOptions: outputs.GetAiSearchInstancesResultRetrievalOptions;
+    /**
+     * Available values: "@cf/meta/llama-3.3-70b-instruct-fp8-fast", "@cf/zai-org/glm-4.7-flash", "@cf/meta/llama-3.1-8b-instruct-fast", "@cf/meta/llama-3.1-8b-instruct-fp8", "@cf/meta/llama-4-scout-17b-16e-instruct", "@cf/qwen/qwen3-30b-a3b-fp8", "@cf/deepseek-ai/deepseek-r1-distill-qwen-32b", "@cf/moonshotai/kimi-k2-instruct", "@cf/google/gemma-3-12b-it", "anthropic/claude-3-7-sonnet", "anthropic/claude-sonnet-4", "anthropic/claude-opus-4", "anthropic/claude-3-5-haiku", "cerebras/qwen-3-235b-a22b-instruct", "cerebras/qwen-3-235b-a22b-thinking", "cerebras/llama-3.3-70b", "cerebras/llama-4-maverick-17b-128e-instruct", "cerebras/llama-4-scout-17b-16e-instruct", "cerebras/gpt-oss-120b", "google-ai-studio/gemini-2.5-flash", "google-ai-studio/gemini-2.5-pro", "grok/grok-4", "groq/llama-3.3-70b-versatile", "groq/llama-3.1-8b-instant", "openai/gpt-5", "openai/gpt-5-mini", "openai/gpt-5-nano", "".
+     */
+    rewriteModel: string;
+    rewriteQuery: boolean;
+    scoreThreshold: number;
+    source: string;
+    sourceParams: outputs.GetAiSearchInstancesResultSourceParams;
+    status: string;
+    tokenId: string;
+    /**
+     * Available values: "r2", "web-crawler".
+     */
+    type: string;
+    vectorizeName: string;
+}
+export interface GetAiSearchInstancesResultCustomMetadata {
+    /**
+     * Available values: "text", "number", "boolean".
+     */
+    dataType: string;
+    fieldName: string;
+}
+export interface GetAiSearchInstancesResultMetadata {
+    createdFromAisearchWizard: boolean;
+    workerDomain: string;
+}
+export interface GetAiSearchInstancesResultPublicEndpointParams {
+    authorizedHosts: string[];
+    chatCompletionsEndpoint: outputs.GetAiSearchInstancesResultPublicEndpointParamsChatCompletionsEndpoint;
+    enabled: boolean;
+    mcp: outputs.GetAiSearchInstancesResultPublicEndpointParamsMcp;
+    rateLimit: outputs.GetAiSearchInstancesResultPublicEndpointParamsRateLimit;
+    searchEndpoint: outputs.GetAiSearchInstancesResultPublicEndpointParamsSearchEndpoint;
+}
+export interface GetAiSearchInstancesResultPublicEndpointParamsChatCompletionsEndpoint {
+    /**
+     * Disable chat completions endpoint for this public endpoint
+     */
+    disabled: boolean;
+}
+export interface GetAiSearchInstancesResultPublicEndpointParamsMcp {
+    description: string;
+    /**
+     * Disable MCP endpoint for this public endpoint
+     */
+    disabled: boolean;
+}
+export interface GetAiSearchInstancesResultPublicEndpointParamsRateLimit {
+    periodMs: number;
+    requests: number;
+    /**
+     * Available values: "fixed", "sliding".
+     */
+    technique: string;
+}
+export interface GetAiSearchInstancesResultPublicEndpointParamsSearchEndpoint {
+    /**
+     * Disable search endpoint for this public endpoint
+     */
+    disabled: boolean;
+}
+export interface GetAiSearchInstancesResultRetrievalOptions {
+    /**
+     * Controls how keyword search terms are matched.<span pulumi-lang-nodejs=" exactMatch " pulumi-lang-dotnet=" ExactMatch " pulumi-lang-go=" exactMatch " pulumi-lang-python=" exact_match " pulumi-lang-yaml=" exactMatch " pulumi-lang-java=" exactMatch "> exact_match </span>requires all terms to appear (AND);<span pulumi-lang-nodejs=" fuzzyMatch " pulumi-lang-dotnet=" FuzzyMatch " pulumi-lang-go=" fuzzyMatch " pulumi-lang-python=" fuzzy_match " pulumi-lang-yaml=" fuzzyMatch " pulumi-lang-java=" fuzzyMatch "> fuzzy_match </span>returns results containing any term (OR). Defaults to exact_match.
+     * Available values: <span pulumi-lang-nodejs=""exactMatch"" pulumi-lang-dotnet=""ExactMatch"" pulumi-lang-go=""exactMatch"" pulumi-lang-python=""exact_match"" pulumi-lang-yaml=""exactMatch"" pulumi-lang-java=""exactMatch"">"exact_match"</span>, <span pulumi-lang-nodejs=""fuzzyMatch"" pulumi-lang-dotnet=""FuzzyMatch"" pulumi-lang-go=""fuzzyMatch"" pulumi-lang-python=""fuzzy_match"" pulumi-lang-yaml=""fuzzyMatch"" pulumi-lang-java=""fuzzyMatch"">"fuzzy_match"</span>.
+     */
+    keywordMatchMode: string;
+}
+export interface GetAiSearchInstancesResultSourceParams {
+    /**
+     * List of path patterns to exclude. Uses micromatch glob syntax: * matches within a path segment, ** matches across path segments (e.g., /admin/** matches /admin/users and /admin/settings/advanced)
+     */
+    excludeItems: string[];
+    /**
+     * List of path patterns to include. Uses micromatch glob syntax: * matches within a path segment, ** matches across path segments (e.g., /blog/** matches /blog/post and /blog/2024/post)
+     */
+    includeItems: string[];
+    prefix: string;
+    r2Jurisdiction: string;
+    webCrawler: outputs.GetAiSearchInstancesResultSourceParamsWebCrawler;
+}
+export interface GetAiSearchInstancesResultSourceParamsWebCrawler {
+    parseOptions: outputs.GetAiSearchInstancesResultSourceParamsWebCrawlerParseOptions;
+    /**
+     * Available values: "sitemap", "feed-rss".
+     */
+    parseType: string;
+    storeOptions: outputs.GetAiSearchInstancesResultSourceParamsWebCrawlerStoreOptions;
+}
+export interface GetAiSearchInstancesResultSourceParamsWebCrawlerParseOptions {
+    includeHeaders: {
+        [key: string]: string;
+    };
+    includeImages: boolean;
+    /**
+     * List of specific sitemap URLs to use for crawling. Only valid when<span pulumi-lang-nodejs=" parseType " pulumi-lang-dotnet=" ParseType " pulumi-lang-go=" parseType " pulumi-lang-python=" parse_type " pulumi-lang-yaml=" parseType " pulumi-lang-java=" parseType "> parse_type </span>is 'sitemap'.
+     */
+    specificSitemaps: string[];
+    useBrowserRendering: boolean;
+}
+export interface GetAiSearchInstancesResultSourceParamsWebCrawlerStoreOptions {
+    r2Jurisdiction: string;
+    storageId: string;
+    /**
+     * Available values: "r2".
+     */
+    storageType: string;
+}
+export interface GetAiSearchTokensResult {
+    cfApiId: string;
+    createdAt: string;
+    createdBy: string;
+    enabled: boolean;
+    id: string;
+    legacy: boolean;
+    modifiedAt: string;
+    modifiedBy: string;
+    name: string;
+}
 export interface GetApiShieldAuthIdCharacteristic {
     /**
      * The name of the characteristic field, i.e., the header or cookie name.
@@ -3070,10 +3490,6 @@ export interface GetAuthenticatedOriginPullsCertificatesResult {
      * The zone's leaf certificate.
      */
     certificate: string;
-    /**
-     * Indicates whether zone-level authenticated origin pulls is enabled.
-     */
-    enabled: boolean;
     /**
      * When the certificate from the authority expires.
      */
@@ -3087,9 +3503,9 @@ export interface GetAuthenticatedOriginPullsCertificatesResult {
      */
     issuer: string;
     /**
-     * The zone's private key.
+     * The serial number on the uploaded certificate.
      */
-    privateKey: string;
+    serialNumber: string;
     /**
      * The type of hash used for the certificate.
      */
@@ -3104,6 +3520,41 @@ export interface GetAuthenticatedOriginPullsCertificatesResult {
      */
     uploadedOn: string;
 }
+export interface GetAuthenticatedOriginPullsHostnameCertificatesResult {
+    /**
+     * The hostname certificate.
+     */
+    certificate: string;
+    /**
+     * The date when the certificate expires.
+     */
+    expiresOn: string;
+    /**
+     * Identifier.
+     */
+    id: string;
+    /**
+     * The certificate authority that issued the certificate.
+     */
+    issuer: string;
+    /**
+     * The serial number on the uploaded certificate.
+     */
+    serialNumber: string;
+    /**
+     * The type of hash used for the certificate.
+     */
+    signature: string;
+    /**
+     * Status of the certificate or the association.
+     * Available values: "initializing", <span pulumi-lang-nodejs=""pendingDeployment"" pulumi-lang-dotnet=""PendingDeployment"" pulumi-lang-go=""pendingDeployment"" pulumi-lang-python=""pending_deployment"" pulumi-lang-yaml=""pendingDeployment"" pulumi-lang-java=""pendingDeployment"">"pending_deployment"</span>, <span pulumi-lang-nodejs=""pendingDeletion"" pulumi-lang-dotnet=""PendingDeletion"" pulumi-lang-go=""pendingDeletion"" pulumi-lang-python=""pending_deletion"" pulumi-lang-yaml=""pendingDeletion"" pulumi-lang-java=""pendingDeletion"">"pending_deletion"</span>, "active", "deleted", <span pulumi-lang-nodejs=""deploymentTimedOut"" pulumi-lang-dotnet=""DeploymentTimedOut"" pulumi-lang-go=""deploymentTimedOut"" pulumi-lang-python=""deployment_timed_out"" pulumi-lang-yaml=""deploymentTimedOut"" pulumi-lang-java=""deploymentTimedOut"">"deployment_timed_out"</span>, <span pulumi-lang-nodejs=""deletionTimedOut"" pulumi-lang-dotnet=""DeletionTimedOut"" pulumi-lang-go=""deletionTimedOut"" pulumi-lang-python=""deletion_timed_out"" pulumi-lang-yaml=""deletionTimedOut"" pulumi-lang-java=""deletionTimedOut"">"deletion_timed_out"</span>.
+     */
+    status: string;
+    /**
+     * The time when the certificate was uploaded.
+     */
+    uploadedOn: string;
+}
 export interface GetBotManagementStaleZoneConfiguration {
     /**
      * Indicates that the zone's Bot Fight Mode is turned on.
@@ -3302,7 +3753,46 @@ export interface GetCertificatePackCertificateGeoRestrictions {
      */
     label: string;
 }
+export interface GetCertificatePackDcvDelegationRecord {
+    /**
+     * The CNAME record hostname for DCV delegation.
+     */
+    cname: string;
+    /**
+     * The CNAME record target value for DCV delegation.
+     */
+    cnameTarget: string;
+    /**
+     * The set of email addresses that the certificate authority (CA) will use to complete domain validation.
+     */
+    emails: string[];
+    /**
+     * The content that the certificate authority (CA) will expect to find at the<span pulumi-lang-nodejs=" httpUrl " pulumi-lang-dotnet=" HttpUrl " pulumi-lang-go=" httpUrl " pulumi-lang-python=" http_url " pulumi-lang-yaml=" httpUrl " pulumi-lang-java=" httpUrl "> http_url </span>during the domain validation.
+     */
+    httpBody: string;
+    /**
+     * The url that will be checked during domain validation.
+     */
+    httpUrl: string;
+    /**
+     * Status of the validation record.
+     */
+    status: string;
+    /**
+     * The hostname that the certificate authority (CA) will check for a TXT record during domain validation .
+     */
+    txtName: string;
+    /**
+     * The TXT record that the certificate authority (CA) will check during domain validation.
+     */
+    txtValue: string;
+}
 export interface GetCertificatePackFilter {
+    /**
+     * Specify the deployment environment for the certificate packs.
+     * Available values: "staging", "production".
+     */
+    deploy?: string;
     /**
      * Include Certificate Packs of all statuses, not just active ones.
      * Available values: "all".
@@ -3316,6 +3806,14 @@ export interface GetCertificatePackValidationError {
     message: string;
 }
 export interface GetCertificatePackValidationRecord {
+    /**
+     * The CNAME record hostname for DCV delegation.
+     */
+    cname: string;
+    /**
+     * The CNAME record target value for DCV delegation.
+     */
+    cnameTarget: string;
     /**
      * The set of email addresses that the certificate authority (CA) will use to complete domain validation.
      */
@@ -3328,6 +3826,10 @@ export interface GetCertificatePackValidationRecord {
      * The url that will be checked during domain validation.
      */
     httpUrl: string;
+    /**
+     * Status of the validation record.
+     */
+    status: string;
     /**
      * The hostname that the certificate authority (CA) will check for a TXT record during domain validation .
      */
@@ -3351,6 +3853,10 @@ export interface GetCertificatePacksResult {
      * Whether or not to add Cloudflare Branding for the order.  This will add a subdomain of sni.cloudflaressl.com as the Common Name if set to true.
      */
     cloudflareBranding: boolean;
+    /**
+     * DCV Delegation records for domain validation.
+     */
+    dcvDelegationRecords: outputs.GetCertificatePacksResultDcvDelegationRecord[];
     /**
      * Comma separated list of valid host names for the certificate packs. Must contain the zone apex, may not contain more than 50 hosts, and may not be empty.
      */
@@ -3448,6 +3954,40 @@ export interface GetCertificatePacksResultCertificateGeoRestrictions {
      */
     label: string;
 }
+export interface GetCertificatePacksResultDcvDelegationRecord {
+    /**
+     * The CNAME record hostname for DCV delegation.
+     */
+    cname: string;
+    /**
+     * The CNAME record target value for DCV delegation.
+     */
+    cnameTarget: string;
+    /**
+     * The set of email addresses that the certificate authority (CA) will use to complete domain validation.
+     */
+    emails: string[];
+    /**
+     * The content that the certificate authority (CA) will expect to find at the<span pulumi-lang-nodejs=" httpUrl " pulumi-lang-dotnet=" HttpUrl " pulumi-lang-go=" httpUrl " pulumi-lang-python=" http_url " pulumi-lang-yaml=" httpUrl " pulumi-lang-java=" httpUrl "> http_url </span>during the domain validation.
+     */
+    httpBody: string;
+    /**
+     * The url that will be checked during domain validation.
+     */
+    httpUrl: string;
+    /**
+     * Status of the validation record.
+     */
+    status: string;
+    /**
+     * The hostname that the certificate authority (CA) will check for a TXT record during domain validation .
+     */
+    txtName: string;
+    /**
+     * The TXT record that the certificate authority (CA) will check during domain validation.
+     */
+    txtValue: string;
+}
 export interface GetCertificatePacksResultValidationError {
     /**
      * A domain validation error.
@@ -3455,6 +3995,14 @@ export interface GetCertificatePacksResultValidationError {
     message: string;
 }
 export interface GetCertificatePacksResultValidationRecord {
+    /**
+     * The CNAME record hostname for DCV delegation.
+     */
+    cname: string;
+    /**
+     * The CNAME record target value for DCV delegation.
+     */
+    cnameTarget: string;
     /**
      * The set of email addresses that the certificate authority (CA) will use to complete domain validation.
      */
@@ -3467,6 +4015,10 @@ export interface GetCertificatePacksResultValidationRecord {
      * The url that will be checked during domain validation.
      */
     httpUrl: string;
+    /**
+     * Status of the validation record.
+     */
+    status: string;
     /**
      * The hostname that the certificate authority (CA) will check for a TXT record during domain validation .
      */
@@ -3476,6 +4028,104 @@ export interface GetCertificatePacksResultValidationRecord {
      */
     txtValue: string;
 }
+export interface GetClientCertificateCertificateAuthority {
+    id: string;
+    name: string;
+}
+export interface GetClientCertificateFilter {
+    /**
+     * Limit to the number of records returned.
+     */
+    limit?: number;
+    /**
+     * Offset the results
+     */
+    offset?: number;
+    /**
+     * Client Certitifcate Status to filter results by.
+     * Available values: "all", "active", <span pulumi-lang-nodejs=""pendingReactivation"" pulumi-lang-dotnet=""PendingReactivation"" pulumi-lang-go=""pendingReactivation"" pulumi-lang-python=""pending_reactivation"" pulumi-lang-yaml=""pendingReactivation"" pulumi-lang-java=""pendingReactivation"">"pending_reactivation"</span>, <span pulumi-lang-nodejs=""pendingRevocation"" pulumi-lang-dotnet=""PendingRevocation"" pulumi-lang-go=""pendingRevocation"" pulumi-lang-python=""pending_revocation"" pulumi-lang-yaml=""pendingRevocation"" pulumi-lang-java=""pendingRevocation"">"pending_revocation"</span>, "revoked".
+     */
+    status?: string;
+}
+export interface GetClientCertificatesResult {
+    /**
+     * The Client Certificate PEM
+     */
+    certificate: string;
+    /**
+     * Certificate Authority used to issue the Client Certificate
+     */
+    certificateAuthority: outputs.GetClientCertificatesResultCertificateAuthority;
+    /**
+     * Common Name of the Client Certificate
+     */
+    commonName: string;
+    /**
+     * Country, provided by the CSR
+     */
+    country: string;
+    /**
+     * The Certificate Signing Request (CSR). Must be newline-encoded.
+     */
+    csr: string;
+    /**
+     * Date that the Client Certificate expires
+     */
+    expiresOn: string;
+    /**
+     * Unique identifier of the Client Certificate
+     */
+    fingerprintSha256: string;
+    /**
+     * Identifier.
+     */
+    id: string;
+    /**
+     * Date that the Client Certificate was issued by the Certificate Authority
+     */
+    issuedOn: string;
+    /**
+     * Location, provided by the CSR
+     */
+    location: string;
+    /**
+     * Organization, provided by the CSR
+     */
+    organization: string;
+    /**
+     * Organizational Unit, provided by the CSR
+     */
+    organizationalUnit: string;
+    /**
+     * The serial number on the created Client Certificate.
+     */
+    serialNumber: string;
+    /**
+     * The type of hash used for the Client Certificate..
+     */
+    signature: string;
+    /**
+     * Subject Key Identifier
+     */
+    ski: string;
+    /**
+     * State, provided by the CSR
+     */
+    state: string;
+    /**
+     * Client Certificates may be active or revoked, and the<span pulumi-lang-nodejs=" pendingReactivation " pulumi-lang-dotnet=" PendingReactivation " pulumi-lang-go=" pendingReactivation " pulumi-lang-python=" pending_reactivation " pulumi-lang-yaml=" pendingReactivation " pulumi-lang-java=" pendingReactivation "> pending_reactivation </span>or<span pulumi-lang-nodejs=" pendingRevocation " pulumi-lang-dotnet=" PendingRevocation " pulumi-lang-go=" pendingRevocation " pulumi-lang-python=" pending_revocation " pulumi-lang-yaml=" pendingRevocation " pulumi-lang-java=" pendingRevocation "> pending_revocation </span>represent in-progress asynchronous transitions
+     * Available values: "active", <span pulumi-lang-nodejs=""pendingReactivation"" pulumi-lang-dotnet=""PendingReactivation"" pulumi-lang-go=""pendingReactivation"" pulumi-lang-python=""pending_reactivation"" pulumi-lang-yaml=""pendingReactivation"" pulumi-lang-java=""pendingReactivation"">"pending_reactivation"</span>, <span pulumi-lang-nodejs=""pendingRevocation"" pulumi-lang-dotnet=""PendingRevocation"" pulumi-lang-go=""pendingRevocation"" pulumi-lang-python=""pending_revocation"" pulumi-lang-yaml=""pendingRevocation"" pulumi-lang-java=""pendingRevocation"">"pending_revocation"</span>, "revoked".
+     */
+    status: string;
+    /**
+     * The number of days the Client Certificate will be valid after the<span pulumi-lang-nodejs=" issuedOn " pulumi-lang-dotnet=" IssuedOn " pulumi-lang-go=" issuedOn " pulumi-lang-python=" issued_on " pulumi-lang-yaml=" issuedOn " pulumi-lang-java=" issuedOn "> issued_on </span>date
+     */
+    validityDays: number;
+}
+export interface GetClientCertificatesResultCertificateAuthority {
+    id: string;
+    name: string;
+}
 export interface GetCloudConnectorRulesRule {
     description: string;
     enabled: boolean;
@@ -3724,6 +4374,10 @@ export interface GetCustomHostnameSsl {
      * The key for a custom uploaded certificate.
      */
     customKey: string;
+    /**
+     * DCV Delegation records for domain validation.
+     */
+    dcvDelegationRecords: outputs.GetCustomHostnameSslDcvDelegationRecord[];
     /**
      * The time the custom certificate expires on.
      */
@@ -3778,6 +4432,40 @@ export interface GetCustomHostnameSsl {
      */
     wildcard: boolean;
 }
+export interface GetCustomHostnameSslDcvDelegationRecord {
+    /**
+     * The CNAME record hostname for DCV delegation.
+     */
+    cname: string;
+    /**
+     * The CNAME record target value for DCV delegation.
+     */
+    cnameTarget: string;
+    /**
+     * The set of email addresses that the certificate authority (CA) will use to complete domain validation.
+     */
+    emails: string[];
+    /**
+     * The content that the certificate authority (CA) will expect to find at the<span pulumi-lang-nodejs=" httpUrl " pulumi-lang-dotnet=" HttpUrl " pulumi-lang-go=" httpUrl " pulumi-lang-python=" http_url " pulumi-lang-yaml=" httpUrl " pulumi-lang-java=" httpUrl "> http_url </span>during the domain validation.
+     */
+    httpBody: string;
+    /**
+     * The url that will be checked during domain validation.
+     */
+    httpUrl: string;
+    /**
+     * Status of the validation record.
+     */
+    status: string;
+    /**
+     * The hostname that the certificate authority (CA) will check for a TXT record during domain validation .
+     */
+    txtName: string;
+    /**
+     * The TXT record that the certificate authority (CA) will check during domain validation.
+     */
+    txtValue: string;
+}
 export interface GetCustomHostnameSslSettings {
     /**
      * An allowlist of ciphers for TLS termination. These ciphers must be in the BoringSSL format.
@@ -3811,6 +4499,14 @@ export interface GetCustomHostnameSslValidationError {
     message: string;
 }
 export interface GetCustomHostnameSslValidationRecord {
+    /**
+     * The CNAME record hostname for DCV delegation.
+     */
+    cname: string;
+    /**
+     * The CNAME record target value for DCV delegation.
+     */
+    cnameTarget: string;
     /**
      * The set of email addresses that the certificate authority (CA) will use to complete domain validation.
      */
@@ -3823,6 +4519,10 @@ export interface GetCustomHostnameSslValidationRecord {
      * The url that will be checked during domain validation.
      */
     httpUrl: string;
+    /**
+     * Status of the validation record.
+     */
+    status: string;
     /**
      * The hostname that the certificate authority (CA) will check for a TXT record during domain validation .
      */
@@ -3926,6 +4626,10 @@ export interface GetCustomHostnamesResultSsl {
      * The key for a custom uploaded certificate.
      */
     customKey: string;
+    /**
+     * DCV Delegation records for domain validation.
+     */
+    dcvDelegationRecords: outputs.GetCustomHostnamesResultSslDcvDelegationRecord[];
     /**
      * The time the custom certificate expires on.
      */
@@ -3980,6 +4684,40 @@ export interface GetCustomHostnamesResultSsl {
      */
     wildcard: boolean;
 }
+export interface GetCustomHostnamesResultSslDcvDelegationRecord {
+    /**
+     * The CNAME record hostname for DCV delegation.
+     */
+    cname: string;
+    /**
+     * The CNAME record target value for DCV delegation.
+     */
+    cnameTarget: string;
+    /**
+     * The set of email addresses that the certificate authority (CA) will use to complete domain validation.
+     */
+    emails: string[];
+    /**
+     * The content that the certificate authority (CA) will expect to find at the<span pulumi-lang-nodejs=" httpUrl " pulumi-lang-dotnet=" HttpUrl " pulumi-lang-go=" httpUrl " pulumi-lang-python=" http_url " pulumi-lang-yaml=" httpUrl " pulumi-lang-java=" httpUrl "> http_url </span>during the domain validation.
+     */
+    httpBody: string;
+    /**
+     * The url that will be checked during domain validation.
+     */
+    httpUrl: string;
+    /**
+     * Status of the validation record.
+     */
+    status: string;
+    /**
+     * The hostname that the certificate authority (CA) will check for a TXT record during domain validation .
+     */
+    txtName: string;
+    /**
+     * The TXT record that the certificate authority (CA) will check during domain validation.
+     */
+    txtValue: string;
+}
 export interface GetCustomHostnamesResultSslSettings {
     /**
      * An allowlist of ciphers for TLS termination. These ciphers must be in the BoringSSL format.
@@ -4013,6 +4751,14 @@ export interface GetCustomHostnamesResultSslValidationError {
     message: string;
 }
 export interface GetCustomHostnamesResultSslValidationRecord {
+    /**
+     * The CNAME record hostname for DCV delegation.
+     */
+    cname: string;
+    /**
+     * The CNAME record target value for DCV delegation.
+     */
+    cnameTarget: string;
     /**
      * The set of email addresses that the certificate authority (CA) will use to complete domain validation.
      */
@@ -4025,6 +4771,10 @@ export interface GetCustomHostnamesResultSslValidationRecord {
      * The url that will be checked during domain validation.
      */
     httpUrl: string;
+    /**
+     * Status of the validation record.
+     */
+    status: string;
     /**
      * The hostname that the certificate authority (CA) will check for a TXT record during domain validation .
      */
@@ -4034,6 +4784,51 @@ export interface GetCustomHostnamesResultSslValidationRecord {
      */
     txtValue: string;
 }
+export interface GetCustomOriginTrustStoreFilter {
+    /**
+     * Limit to the number of records returned.
+     */
+    limit?: number;
+    /**
+     * Offset the results
+     */
+    offset?: number;
+}
+export interface GetCustomOriginTrustStoresResult {
+    /**
+     * The zone's SSL certificate or certificate and the intermediate(s).
+     */
+    certificate: string;
+    /**
+     * When the certificate expires.
+     */
+    expiresOn: string;
+    /**
+     * Identifier.
+     */
+    id: string;
+    /**
+     * The certificate authority that issued the certificate.
+     */
+    issuer: string;
+    /**
+     * The type of hash used for the certificate.
+     */
+    signature: string;
+    /**
+     * Status of the zone's custom SSL.
+     * Available values: "initializing", <span pulumi-lang-nodejs=""pendingDeployment"" pulumi-lang-dotnet=""PendingDeployment"" pulumi-lang-go=""pendingDeployment"" pulumi-lang-python=""pending_deployment"" pulumi-lang-yaml=""pendingDeployment"" pulumi-lang-java=""pendingDeployment"">"pending_deployment"</span>, "active", <span pulumi-lang-nodejs=""pendingDeletion"" pulumi-lang-dotnet=""PendingDeletion"" pulumi-lang-go=""pendingDeletion"" pulumi-lang-python=""pending_deletion"" pulumi-lang-yaml=""pendingDeletion"" pulumi-lang-java=""pendingDeletion"">"pending_deletion"</span>, "deleted", "expired".
+     */
+    status: string;
+    /**
+     * When the certificate was last modified.
+     */
+    updatedAt: string;
+    /**
+     * When the certificate was uploaded to Cloudflare.
+     */
+    uploadedOn: string;
+}
 export interface GetCustomPagesListResult {
     createdOn: string;
     description: string;
@@ -4151,9 +4946,15 @@ export interface GetCustomSslsResult {
      */
     modifiedOn: string;
     /**
-     * Specify the policy that determines the region where your private key will be held locally. HTTPS connections to any excluded data center will still be fully encrypted, but will incur some latency while Keyless SSL is used to complete the handshake with the nearest allowed data center. Any combination of countries, specified by their two letter country code (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements) can be chosen, such as 'country: IN', as well as 'region: EU' which refers to the EU region. If there are too few data centers satisfying the policy, it will be rejected.
+     * The policy restrictions returned by the API. This field is returned in responses
+     * when a policy has been set. The API accepts the "policy" field in requests but
+     * returns this field as <span pulumi-lang-nodejs=""policyRestrictions"" pulumi-lang-dotnet=""PolicyRestrictions"" pulumi-lang-go=""policyRestrictions"" pulumi-lang-python=""policy_restrictions"" pulumi-lang-yaml=""policyRestrictions"" pulumi-lang-java=""policyRestrictions"">"policy_restrictions"</span> in responses.
+     *
+     * Specifies the region(s) where your private key can be held locally for optimal
+     * TLS performance. Format is a boolean expression, for example:
+     * "(country: US) or (region: EU)"
      */
-    policy: string;
+    policyRestrictions: string;
     /**
      * The order/priority in which the certificate will be used in a request. The higher priority will break ties across overlapping 'legacy_custom' certificates, but 'legacy_custom' certificates will always supercede 'sni_custom' certificates.
      */
@@ -7529,6 +8330,7 @@ export interface GetMagicTransitSiteLanStaticAddressingDhcpServer {
     };
 }
 export interface GetMagicTransitSiteLansResult {
+    bondId: number;
     /**
      * mark true to use this LAN for HA probing. only works for site with HA turned on. only one LAN can be set as the ha_link.
      */
@@ -8786,7 +9588,8 @@ export interface GetOriginCaCertificatesResult {
      */
     expiresOn: string;
     /**
-     * Array of hostnames or wildcard names (e.g., *.example.com) bound to the certificate.
+     * Array of hostnames or wildcard names bound to the certificate.
+     * Hostnames must be fully qualified domain names (FQDNs) belonging to zones on your account (e.g., `example.com` or `sub.example.com`). Wildcards are supported only as a `*.` prefix for a single level (e.g., `*.example.com`). Double wildcards (`*.*.example.com`) and interior wildcards (`foo.*.example.com`) are not allowed. The wildcard suffix must be a multi-label domain (`*.example.com` is valid, but `*.com` is not). Unicode/IDN hostnames are accepted and automatically converted to punycode.
      */
     hostnames: string[];
     /**
@@ -8850,7 +9653,7 @@ export interface GetPageShieldCookiesListResult {
 export interface GetPageShieldPoliciesResult {
     /**
      * The action to take if the expression matches
-     * Available values: "allow", "log".
+     * Available values: "allow", "log", <span pulumi-lang-nodejs=""addReportingDirectives"" pulumi-lang-dotnet=""AddReportingDirectives"" pulumi-lang-go=""addReportingDirectives"" pulumi-lang-python=""add_reporting_directives"" pulumi-lang-yaml=""addReportingDirectives"" pulumi-lang-java=""addReportingDirectives"">"add_reporting_directives"</span>.
      */
     action: string;
     /**
@@ -11107,13 +11910,10 @@ export interface GetQueueConsumer {
     consumerId: string;
     createdOn: string;
     /**
-     * A Resource identifier.
-     */
-    queueId: string;
-    /**
-     * Name of a Worker
+     * Name of the dead letter queue, or empty string if not configured
      */
-    script: string;
+    deadLetterQueue: string;
+    queueName: string;
     /**
      * Name of a Worker
      */
@@ -11157,13 +11957,10 @@ export interface GetQueueConsumersResult {
     consumerId: string;
     createdOn: string;
     /**
-     * A Resource identifier.
-     */
-    queueId: string;
-    /**
-     * Name of a Worker
+     * Name of the dead letter queue, or empty string if not configured
      */
-    script: string;
+    deadLetterQueue: string;
+    queueName: string;
     /**
      * Name of a Worker
      */
@@ -11241,13 +12038,10 @@ export interface GetQueuesResultConsumer {
     consumerId: string;
     createdOn: string;
     /**
-     * A Resource identifier.
-     */
-    queueId: string;
-    /**
-     * Name of a Worker
+     * Name of the dead letter queue, or empty string if not configured
      */
-    script: string;
+    deadLetterQueue: string;
+    queueName: string;
     /**
      * Name of a Worker
      */
@@ -11921,7 +12715,7 @@ export interface GetResourceGroupsResultScopeObject {
 export interface GetRulesetRule {
     /**
      * The action to perform when the rule matches.
-     * Available values: "block", "challenge", <span pulumi-lang-nodejs=""compressResponse"" pulumi-lang-dotnet=""CompressResponse"" pulumi-lang-go=""compressResponse"" pulumi-lang-python=""compress_response"" pulumi-lang-yaml=""compressResponse"" pulumi-lang-java=""compressResponse"">"compress_response"</span>, <span pulumi-lang-nodejs=""ddosDynamic"" pulumi-lang-dotnet=""DdosDynamic"" pulumi-lang-go=""ddosDynamic"" pulumi-lang-python=""ddos_dynamic"" pulumi-lang-yaml=""ddosDynamic"" pulumi-lang-java=""ddosDynamic"">"ddos_dynamic"</span>, "execute", <span pulumi-lang-nodejs=""forceConnectionClose"" pulumi-lang-dotnet=""ForceConnectionClose"" pulumi-lang-go=""forceConnectionClose"" pulumi-lang-python=""force_connection_close"" pulumi-lang-yaml=""forceConnectionClose"" pulumi-lang-java=""forceConnectionClose"">"force_connection_close"</span>, <span pulumi-lang-nodejs=""jsChallenge"" pulumi-lang-dotnet=""JsChallenge"" pulumi-lang-go=""jsChallenge"" pulumi-lang-python=""js_challenge"" pulumi-lang-yaml=""jsChallenge"" pulumi-lang-java=""jsChallenge"">"js_challenge"</span>, "log", <span pulumi-lang-nodejs=""logCustomField"" pulumi-lang-dotnet=""LogCustomField"" pulumi-lang-go=""logCustomField"" pulumi-lang-python=""log_custom_field"" pulumi-lang-yaml=""logCustomField"" pulumi-lang-java=""logCustomField"">"log_custom_field"</span>, <span pulumi-lang-nodejs=""managedChallenge"" pulumi-lang-dotnet=""ManagedChallenge"" pulumi-lang-go=""managedChallenge"" pulumi-lang-python=""managed_challenge"" pulumi-lang-yaml=""managedChallenge"" pulumi-lang-java=""managedChallenge"">"managed_challenge"</span>, "redirect", "rewrite", "route", "score", <span pulumi-lang-nodejs=""serveError"" pulumi-lang-dotnet=""ServeError"" pulumi-lang-go=""serveError"" pulumi-lang-python=""serve_error"" pulumi-lang-yaml=""serveError"" pulumi-lang-java=""serveError"">"serve_error"</span>, <span pulumi-lang-nodejs=""setCacheSettings"" pulumi-lang-dotnet=""SetCacheSettings"" pulumi-lang-go=""setCacheSettings"" pulumi-lang-python=""set_cache_settings"" pulumi-lang-yaml=""setCacheSettings"" pulumi-lang-java=""setCacheSettings"">"set_cache_settings"</span>, <span pulumi-lang-nodejs=""setConfig"" pulumi-lang-dotnet=""SetConfig"" pulumi-lang-go=""setConfig"" pulumi-lang-python=""set_config"" pulumi-lang-yaml=""setConfig"" pulumi-lang-java=""setConfig"">"set_config"</span>, "skip".
+     * Available values: "block", "challenge", <span pulumi-lang-nodejs=""compressResponse"" pulumi-lang-dotnet=""CompressResponse"" pulumi-lang-go=""compressResponse"" pulumi-lang-python=""compress_response"" pulumi-lang-yaml=""compressResponse"" pulumi-lang-java=""compressResponse"">"compress_response"</span>, <span pulumi-lang-nodejs=""ddosDynamic"" pulumi-lang-dotnet=""DdosDynamic"" pulumi-lang-go=""ddosDynamic"" pulumi-lang-python=""ddos_dynamic"" pulumi-lang-yaml=""ddosDynamic"" pulumi-lang-java=""ddosDynamic"">"ddos_dynamic"</span>, "execute", <span pulumi-lang-nodejs=""forceConnectionClose"" pulumi-lang-dotnet=""ForceConnectionClose"" pulumi-lang-go=""forceConnectionClose"" pulumi-lang-python=""force_connection_close"" pulumi-lang-yaml=""forceConnectionClose"" pulumi-lang-java=""forceConnectionClose"">"force_connection_close"</span>, <span pulumi-lang-nodejs=""jsChallenge"" pulumi-lang-dotnet=""JsChallenge"" pulumi-lang-go=""jsChallenge"" pulumi-lang-python=""js_challenge"" pulumi-lang-yaml=""jsChallenge"" pulumi-lang-java=""jsChallenge"">"js_challenge"</span>, "log", <span pulumi-lang-nodejs=""logCustomField"" pulumi-lang-dotnet=""LogCustomField"" pulumi-lang-go=""logCustomField"" pulumi-lang-python=""log_custom_field"" pulumi-lang-yaml=""logCustomField"" pulumi-lang-java=""logCustomField"">"log_custom_field"</span>, <span pulumi-lang-nodejs=""managedChallenge"" pulumi-lang-dotnet=""ManagedChallenge"" pulumi-lang-go=""managedChallenge"" pulumi-lang-python=""managed_challenge"" pulumi-lang-yaml=""managedChallenge"" pulumi-lang-java=""managedChallenge"">"managed_challenge"</span>, "redirect", "rewrite", "route", "score", <span pulumi-lang-nodejs=""serveError"" pulumi-lang-dotnet=""ServeError"" pulumi-lang-go=""serveError"" pulumi-lang-python=""serve_error"" pulumi-lang-yaml=""serveError"" pulumi-lang-java=""serveError"">"serve_error"</span>, <span pulumi-lang-nodejs=""setCacheControl"" pulumi-lang-dotnet=""SetCacheControl"" pulumi-lang-go=""setCacheControl"" pulumi-lang-python=""set_cache_control"" pulumi-lang-yaml=""setCacheControl"" pulumi-lang-java=""setCacheControl"">"set_cache_control"</span>, <span pulumi-lang-nodejs=""setCacheSettings"" pulumi-lang-dotnet=""SetCacheSettings"" pulumi-lang-go=""setCacheSettings"" pulumi-lang-python=""set_cache_settings"" pulumi-lang-yaml=""setCacheSettings"" pulumi-lang-java=""setCacheSettings"">"set_cache_settings"</span>, <span pulumi-lang-nodejs=""setCacheTags"" pulumi-lang-dotnet=""SetCacheTags"" pulumi-lang-go=""setCacheTags"" pulumi-lang-python=""set_cache_tags"" pulumi-lang-yaml=""setCacheTags"" pulumi-lang-java=""setCacheTags"">"set_cache_tags"</span>, <span pulumi-lang-nodejs=""setConfig"" pulumi-lang-dotnet=""SetConfig"" pulumi-lang-go=""setConfig"" pulumi-lang-python=""set_config"" pulumi-lang-yaml=""setConfig"" pulumi-lang-java=""setConfig"">"set_config"</span>, "skip".
      */
     action: string;
     /**
@@ -12039,6 +12833,10 @@ export interface GetRulesetRuleActionParameters {
      * Whether to enable Email Obfuscation.
      */
     emailObfuscation: boolean;
+    /**
+     * An expression to generate cache tags for<span pulumi-lang-nodejs=" setCacheTags " pulumi-lang-dotnet=" SetCacheTags " pulumi-lang-go=" setCacheTags " pulumi-lang-python=" set_cache_tags " pulumi-lang-yaml=" setCacheTags " pulumi-lang-java=" setCacheTags "> set_cache_tags </span>action.
+     */
+    expression: string;
     /**
      * Whether to enable Cloudflare Fonts.
      */
@@ -12069,6 +12867,10 @@ export interface GetRulesetRuleActionParameters {
      * The ID of the ruleset to execute.
      */
     id: string;
+    /**
+     * Set the immutable cache control directive.
+     */
+    immutable: outputs.GetRulesetRuleActionParametersImmutable;
     /**
      * A delta to change the score by, which can be either positive or negative.
      */
@@ -12077,10 +12879,39 @@ export interface GetRulesetRuleActionParameters {
      * The configuration to use for matched data logging.
      */
     matchedData: outputs.GetRulesetRuleActionParametersMatchedData;
+    /**
+     * Set the max-age cache control directive.
+     */
+    maxAge: outputs.GetRulesetRuleActionParametersMaxAge;
     /**
      * Whether to enable Mirage.
      */
     mirage: boolean;
+    /**
+     * Set the must-revalidate cache control directive.
+     */
+    mustRevalidate: outputs.GetRulesetRuleActionParametersMustRevalidate;
+    /**
+     * Set the must-understand cache control directive.
+     */
+    mustUnderstand: outputs.GetRulesetRuleActionParametersMustUnderstand;
+    /**
+     * Set the no-cache cache control directive.
+     */
+    noCache: outputs.GetRulesetRuleActionParametersNoCache;
+    /**
+     * Set the no-store cache control directive.
+     */
+    noStore: outputs.GetRulesetRuleActionParametersNoStore;
+    /**
+     * Set the no-transform cache control directive.
+     */
+    noTransform: outputs.GetRulesetRuleActionParametersNoTransform;
+    /**
+     * The operation to perform for<span pulumi-lang-nodejs=" setCacheTags " pulumi-lang-dotnet=" SetCacheTags " pulumi-lang-go=" setCacheTags " pulumi-lang-python=" set_cache_tags " pulumi-lang-yaml=" setCacheTags " pulumi-lang-java=" setCacheTags "> set_cache_tags </span>action.
+     * Available values: "set", "add", "remove".
+     */
+    operation: string;
     /**
      * Whether to enable Opportunistic Encryption.
      */
@@ -12103,7 +12934,7 @@ export interface GetRulesetRuleActionParameters {
     overrides: outputs.GetRulesetRuleActionParametersOverrides;
     /**
      * A list of phases to skip the execution of. This option is incompatible with the rulesets option.
-     * Available values: <span pulumi-lang-nodejs=""ddosL4"" pulumi-lang-dotnet=""DdosL4"" pulumi-lang-go=""ddosL4"" pulumi-lang-python=""ddos_l4"" pulumi-lang-yaml=""ddosL4"" pulumi-lang-java=""ddosL4"">"ddos_l4"</span>, <span pulumi-lang-nodejs=""ddosL7"" pulumi-lang-dotnet=""DdosL7"" pulumi-lang-go=""ddosL7"" pulumi-lang-python=""ddos_l7"" pulumi-lang-yaml=""ddosL7"" pulumi-lang-java=""ddosL7"">"ddos_l7"</span>, <span pulumi-lang-nodejs=""httpConfigSettings"" pulumi-lang-dotnet=""HttpConfigSettings"" pulumi-lang-go=""httpConfigSettings"" pulumi-lang-python=""http_config_settings"" pulumi-lang-yaml=""httpConfigSettings"" pulumi-lang-java=""httpConfigSettings"">"http_config_settings"</span>, <span pulumi-lang-nodejs=""httpCustomErrors"" pulumi-lang-dotnet=""HttpCustomErrors"" pulumi-lang-go=""httpCustomErrors"" pulumi-lang-python=""http_custom_errors"" pulumi-lang-yaml=""httpCustomErrors"" pulumi-lang-java=""httpCustomErrors"">"http_custom_errors"</span>, <span pulumi-lang-nodejs=""httpLogCustomFields"" pulumi-lang-dotnet=""HttpLogCustomFields"" pulumi-lang-go=""httpLogCustomFields"" pulumi-lang-python=""http_log_custom_fields"" pulumi-lang-yaml=""httpLogCustomFields"" pulumi-lang-java=""httpLogCustomFields"">"http_log_custom_fields"</span>, <span pulumi-lang-nodejs=""httpRatelimit"" pulumi-lang-dotnet=""HttpRatelimit"" pulumi-lang-go=""httpRatelimit"" pulumi-lang-python=""http_ratelimit"" pulumi-lang-yaml=""httpRatelimit"" pulumi-lang-java=""httpRatelimit"">"http_ratelimit"</span>, <span pulumi-lang-nodejs=""httpRequestCacheSettings"" pulumi-lang-dotnet=""HttpRequestCacheSettings"" pulumi-lang-go=""httpRequestCacheSettings"" pulumi-lang-python=""http_request_cache_settings"" pulumi-lang-yaml=""httpRequestCacheSettings"" pulumi-lang-java=""httpRequestCacheSettings"">"http_request_cache_settings"</span>, <span pulumi-lang-nodejs=""httpRequestDynamicRedirect"" pulumi-lang-dotnet=""HttpRequestDynamicRedirect"" pulumi-lang-go=""httpRequestDynamicRedirect"" pulumi-lang-python=""http_request_dynamic_redirect"" pulumi-lang-yaml=""httpRequestDynamicRedirect"" pulumi-lang-java=""httpRequestDynamicRedirect"">"http_request_dynamic_redirect"</span>, <span pulumi-lang-nodejs=""httpRequestFirewallCustom"" pulumi-lang-dotnet=""HttpRequestFirewallCustom"" pulumi-lang-go=""httpRequestFirewallCustom"" pulumi-lang-python=""http_request_firewall_custom"" pulumi-lang-yaml=""httpRequestFirewallCustom"" pulumi-lang-java=""httpRequestFirewallCustom"">"http_request_firewall_custom"</span>, <span pulumi-lang-nodejs=""httpRequestFirewallManaged"" pulumi-lang-dotnet=""HttpRequestFirewallManaged"" pulumi-lang-go=""httpRequestFirewallManaged"" pulumi-lang-python=""http_request_firewall_managed"" pulumi-lang-yaml=""httpRequestFirewallManaged"" pulumi-lang-java=""httpRequestFirewallManaged"">"http_request_firewall_managed"</span>, <span pulumi-lang-nodejs=""httpRequestLateTransform"" pulumi-lang-dotnet=""HttpRequestLateTransform"" pulumi-lang-go=""httpRequestLateTransform"" pulumi-lang-python=""http_request_late_transform"" pulumi-lang-yaml=""httpRequestLateTransform"" pulumi-lang-java=""httpRequestLateTransform"">"http_request_late_transform"</span>, <span pulumi-lang-nodejs=""httpRequestOrigin"" pulumi-lang-dotnet=""HttpRequestOrigin"" pulumi-lang-go=""httpRequestOrigin"" pulumi-lang-python=""http_request_origin"" pulumi-lang-yaml=""httpRequestOrigin"" pulumi-lang-java=""httpRequestOrigin"">"http_request_origin"</span>, <span pulumi-lang-nodejs=""httpRequestRedirect"" pulumi-lang-dotnet=""HttpRequestRedirect"" pulumi-lang-go=""httpRequestRedirect"" pulumi-lang-python=""http_request_redirect"" pulumi-lang-yaml=""httpRequestRedirect"" pulumi-lang-java=""httpRequestRedirect"">"http_request_redirect"</span>, <span pulumi-lang-nodejs=""httpRequestSanitize"" pulumi-lang-dotnet=""HttpRequestSanitize"" pulumi-lang-go=""httpRequestSanitize"" pulumi-lang-python=""http_request_sanitize"" pulumi-lang-yaml=""httpRequestSanitize"" pulumi-lang-java=""httpRequestSanitize"">"http_request_sanitize"</span>, <span pulumi-lang-nodejs=""httpRequestSbfm"" pulumi-lang-dotnet=""HttpRequestSbfm"" pulumi-lang-go=""httpRequestSbfm"" pulumi-lang-python=""http_request_sbfm"" pulumi-lang-yaml=""httpRequestSbfm"" pulumi-lang-java=""httpRequestSbfm"">"http_request_sbfm"</span>, <span pulumi-lang-nodejs=""httpRequestTransform"" pulumi-lang-dotnet=""HttpRequestTransform"" pulumi-lang-go=""httpRequestTransform"" pulumi-lang-python=""http_request_transform"" pulumi-lang-yaml=""httpRequestTransform"" pulumi-lang-java=""httpRequestTransform"">"http_request_transform"</span>, <span pulumi-lang-nodejs=""httpResponseCompression"" pulumi-lang-dotnet=""HttpResponseCompression"" pulumi-lang-go=""httpResponseCompression"" pulumi-lang-python=""http_response_compression"" pulumi-lang-yaml=""httpResponseCompression"" pulumi-lang-java=""httpResponseCompression"">"http_response_compression"</span>, <span pulumi-lang-nodejs=""httpResponseFirewallManaged"" pulumi-lang-dotnet=""HttpResponseFirewallManaged"" pulumi-lang-go=""httpResponseFirewallManaged"" pulumi-lang-python=""http_response_firewall_managed"" pulumi-lang-yaml=""httpResponseFirewallManaged"" pulumi-lang-java=""httpResponseFirewallManaged"">"http_response_firewall_managed"</span>, <span pulumi-lang-nodejs=""httpResponseHeadersTransform"" pulumi-lang-dotnet=""HttpResponseHeadersTransform"" pulumi-lang-go=""httpResponseHeadersTransform"" pulumi-lang-python=""http_response_headers_transform"" pulumi-lang-yaml=""httpResponseHeadersTransform"" pulumi-lang-java=""httpResponseHeadersTransform"">"http_response_headers_transform"</span>, <span pulumi-lang-nodejs=""magicTransit"" pulumi-lang-dotnet=""MagicTransit"" pulumi-lang-go=""magicTransit"" pulumi-lang-python=""magic_transit"" pulumi-lang-yaml=""magicTransit"" pulumi-lang-java=""magicTransit"">"magic_transit"</span>, <span pulumi-lang-nodejs=""magicTransitIdsManaged"" pulumi-lang-dotnet=""MagicTransitIdsManaged"" pulumi-lang-go=""magicTransitIdsManaged"" pulumi-lang-python=""magic_transit_ids_managed"" pulumi-lang-yaml=""magicTransitIdsManaged"" pulumi-lang-java=""magicTransitIdsManaged"">"magic_transit_ids_managed"</span>, <span pulumi-lang-nodejs=""magicTransitManaged"" pulumi-lang-dotnet=""MagicTransitManaged"" pulumi-lang-go=""magicTransitManaged"" pulumi-lang-python=""magic_transit_managed"" pulumi-lang-yaml=""magicTransitManaged"" pulumi-lang-java=""magicTransitManaged"">"magic_transit_managed"</span>, <span pulumi-lang-nodejs=""magicTransitRatelimit"" pulumi-lang-dotnet=""MagicTransitRatelimit"" pulumi-lang-go=""magicTransitRatelimit"" pulumi-lang-python=""magic_transit_ratelimit"" pulumi-lang-yaml=""magicTransitRatelimit"" pulumi-lang-java=""magicTransitRatelimit"">"magic_transit_ratelimit"</span>.
+     * Available values: <span pulumi-lang-nodejs=""ddosL4"" pulumi-lang-dotnet=""DdosL4"" pulumi-lang-go=""ddosL4"" pulumi-lang-python=""ddos_l4"" pulumi-lang-yaml=""ddosL4"" pulumi-lang-java=""ddosL4"">"ddos_l4"</span>, <span pulumi-lang-nodejs=""ddosL7"" pulumi-lang-dotnet=""DdosL7"" pulumi-lang-go=""ddosL7"" pulumi-lang-python=""ddos_l7"" pulumi-lang-yaml=""ddosL7"" pulumi-lang-java=""ddosL7"">"ddos_l7"</span>, <span pulumi-lang-nodejs=""httpConfigSettings"" pulumi-lang-dotnet=""HttpConfigSettings"" pulumi-lang-go=""httpConfigSettings"" pulumi-lang-python=""http_config_settings"" pulumi-lang-yaml=""httpConfigSettings"" pulumi-lang-java=""httpConfigSettings"">"http_config_settings"</span>, <span pulumi-lang-nodejs=""httpCustomErrors"" pulumi-lang-dotnet=""HttpCustomErrors"" pulumi-lang-go=""httpCustomErrors"" pulumi-lang-python=""http_custom_errors"" pulumi-lang-yaml=""httpCustomErrors"" pulumi-lang-java=""httpCustomErrors"">"http_custom_errors"</span>, <span pulumi-lang-nodejs=""httpLogCustomFields"" pulumi-lang-dotnet=""HttpLogCustomFields"" pulumi-lang-go=""httpLogCustomFields"" pulumi-lang-python=""http_log_custom_fields"" pulumi-lang-yaml=""httpLogCustomFields"" pulumi-lang-java=""httpLogCustomFields"">"http_log_custom_fields"</span>, <span pulumi-lang-nodejs=""httpRatelimit"" pulumi-lang-dotnet=""HttpRatelimit"" pulumi-lang-go=""httpRatelimit"" pulumi-lang-python=""http_ratelimit"" pulumi-lang-yaml=""httpRatelimit"" pulumi-lang-java=""httpRatelimit"">"http_ratelimit"</span>, <span pulumi-lang-nodejs=""httpRequestCacheSettings"" pulumi-lang-dotnet=""HttpRequestCacheSettings"" pulumi-lang-go=""httpRequestCacheSettings"" pulumi-lang-python=""http_request_cache_settings"" pulumi-lang-yaml=""httpRequestCacheSettings"" pulumi-lang-java=""httpRequestCacheSettings"">"http_request_cache_settings"</span>, <span pulumi-lang-nodejs=""httpRequestDynamicRedirect"" pulumi-lang-dotnet=""HttpRequestDynamicRedirect"" pulumi-lang-go=""httpRequestDynamicRedirect"" pulumi-lang-python=""http_request_dynamic_redirect"" pulumi-lang-yaml=""httpRequestDynamicRedirect"" pulumi-lang-java=""httpRequestDynamicRedirect"">"http_request_dynamic_redirect"</span>, <span pulumi-lang-nodejs=""httpRequestFirewallCustom"" pulumi-lang-dotnet=""HttpRequestFirewallCustom"" pulumi-lang-go=""httpRequestFirewallCustom"" pulumi-lang-python=""http_request_firewall_custom"" pulumi-lang-yaml=""httpRequestFirewallCustom"" pulumi-lang-java=""httpRequestFirewallCustom"">"http_request_firewall_custom"</span>, <span pulumi-lang-nodejs=""httpRequestFirewallManaged"" pulumi-lang-dotnet=""HttpRequestFirewallManaged"" pulumi-lang-go=""httpRequestFirewallManaged"" pulumi-lang-python=""http_request_firewall_managed"" pulumi-lang-yaml=""httpRequestFirewallManaged"" pulumi-lang-java=""httpRequestFirewallManaged"">"http_request_firewall_managed"</span>, <span pulumi-lang-nodejs=""httpRequestLateTransform"" pulumi-lang-dotnet=""HttpRequestLateTransform"" pulumi-lang-go=""httpRequestLateTransform"" pulumi-lang-python=""http_request_late_transform"" pulumi-lang-yaml=""httpRequestLateTransform"" pulumi-lang-java=""httpRequestLateTransform"">"http_request_late_transform"</span>, <span pulumi-lang-nodejs=""httpRequestOrigin"" pulumi-lang-dotnet=""HttpRequestOrigin"" pulumi-lang-go=""httpRequestOrigin"" pulumi-lang-python=""http_request_origin"" pulumi-lang-yaml=""httpRequestOrigin"" pulumi-lang-java=""httpRequestOrigin"">"http_request_origin"</span>, <span pulumi-lang-nodejs=""httpRequestRedirect"" pulumi-lang-dotnet=""HttpRequestRedirect"" pulumi-lang-go=""httpRequestRedirect"" pulumi-lang-python=""http_request_redirect"" pulumi-lang-yaml=""httpRequestRedirect"" pulumi-lang-java=""httpRequestRedirect"">"http_request_redirect"</span>, <span pulumi-lang-nodejs=""httpRequestSanitize"" pulumi-lang-dotnet=""HttpRequestSanitize"" pulumi-lang-go=""httpRequestSanitize"" pulumi-lang-python=""http_request_sanitize"" pulumi-lang-yaml=""httpRequestSanitize"" pulumi-lang-java=""httpRequestSanitize"">"http_request_sanitize"</span>, <span pulumi-lang-nodejs=""httpRequestSbfm"" pulumi-lang-dotnet=""HttpRequestSbfm"" pulumi-lang-go=""httpRequestSbfm"" pulumi-lang-python=""http_request_sbfm"" pulumi-lang-yaml=""httpRequestSbfm"" pulumi-lang-java=""httpRequestSbfm"">"http_request_sbfm"</span>, <span pulumi-lang-nodejs=""httpRequestTransform"" pulumi-lang-dotnet=""HttpRequestTransform"" pulumi-lang-go=""httpRequestTransform"" pulumi-lang-python=""http_request_transform"" pulumi-lang-yaml=""httpRequestTransform"" pulumi-lang-java=""httpRequestTransform"">"http_request_transform"</span>, <span pulumi-lang-nodejs=""httpResponseCacheSettings"" pulumi-lang-dotnet=""HttpResponseCacheSettings"" pulumi-lang-go=""httpResponseCacheSettings"" pulumi-lang-python=""http_response_cache_settings"" pulumi-lang-yaml=""httpResponseCacheSettings"" pulumi-lang-java=""httpResponseCacheSettings"">"http_response_cache_settings"</span>, <span pulumi-lang-nodejs=""httpResponseCompression"" pulumi-lang-dotnet=""HttpResponseCompression"" pulumi-lang-go=""httpResponseCompression"" pulumi-lang-python=""http_response_compression"" pulumi-lang-yaml=""httpResponseCompression"" pulumi-lang-java=""httpResponseCompression"">"http_response_compression"</span>, <span pulumi-lang-nodejs=""httpResponseFirewallManaged"" pulumi-lang-dotnet=""HttpResponseFirewallManaged"" pulumi-lang-go=""httpResponseFirewallManaged"" pulumi-lang-python=""http_response_firewall_managed"" pulumi-lang-yaml=""httpResponseFirewallManaged"" pulumi-lang-java=""httpResponseFirewallManaged"">"http_response_firewall_managed"</span>, <span pulumi-lang-nodejs=""httpResponseHeadersTransform"" pulumi-lang-dotnet=""HttpResponseHeadersTransform"" pulumi-lang-go=""httpResponseHeadersTransform"" pulumi-lang-python=""http_response_headers_transform"" pulumi-lang-yaml=""httpResponseHeadersTransform"" pulumi-lang-java=""httpResponseHeadersTransform"">"http_response_headers_transform"</span>, <span pulumi-lang-nodejs=""magicTransit"" pulumi-lang-dotnet=""MagicTransit"" pulumi-lang-go=""magicTransit"" pulumi-lang-python=""magic_transit"" pulumi-lang-yaml=""magicTransit"" pulumi-lang-java=""magicTransit"">"magic_transit"</span>, <span pulumi-lang-nodejs=""magicTransitIdsManaged"" pulumi-lang-dotnet=""MagicTransitIdsManaged"" pulumi-lang-go=""magicTransitIdsManaged"" pulumi-lang-python=""magic_transit_ids_managed"" pulumi-lang-yaml=""magicTransitIdsManaged"" pulumi-lang-java=""magicTransitIdsManaged"">"magic_transit_ids_managed"</span>, <span pulumi-lang-nodejs=""magicTransitManaged"" pulumi-lang-dotnet=""MagicTransitManaged"" pulumi-lang-go=""magicTransitManaged"" pulumi-lang-python=""magic_transit_managed"" pulumi-lang-yaml=""magicTransitManaged"" pulumi-lang-java=""magicTransitManaged"">"magic_transit_managed"</span>, <span pulumi-lang-nodejs=""magicTransitRatelimit"" pulumi-lang-dotnet=""MagicTransitRatelimit"" pulumi-lang-go=""magicTransitRatelimit"" pulumi-lang-python=""magic_transit_ratelimit"" pulumi-lang-yaml=""magicTransitRatelimit"" pulumi-lang-java=""magicTransitRatelimit"">"magic_transit_ratelimit"</span>.
      */
     phases: string[];
     /**
@@ -12111,11 +12942,23 @@ export interface GetRulesetRuleActionParameters {
      * Available values: "off", "lossless", "lossy", "webp".
      */
     polish: string;
+    /**
+     * Set the private cache control directive.
+     */
+    private: outputs.GetRulesetRuleActionParametersPrivate;
     /**
      * A list of legacy security products to skip the execution of.
      * Available values: "bic", "hot", "rateLimit", "securityLevel", "uaBlock", "waf", "zoneLockdown".
      */
     products: string[];
+    /**
+     * Set the proxy-revalidate cache control directive.
+     */
+    proxyRevalidate: outputs.GetRulesetRuleActionParametersProxyRevalidate;
+    /**
+     * Set the public cache control directive.
+     */
+    public: outputs.GetRulesetRuleActionParametersPublic;
     /**
      * The raw response fields to log.
      */
@@ -12169,6 +13012,10 @@ export interface GetRulesetRuleActionParameters {
      * A list of ruleset IDs to skip the execution of. This option is incompatible with the ruleset and phases options.
      */
     rulesets: string[];
+    /**
+     * Set the s-maxage cache control directive.
+     */
+    sMaxage: outputs.GetRulesetRuleActionParametersSMaxage;
     /**
      * The Security Level to configure.
      * Available values: "off", <span pulumi-lang-nodejs=""essentiallyOff"" pulumi-lang-dotnet=""EssentiallyOff"" pulumi-lang-go=""essentiallyOff"" pulumi-lang-python=""essentially_off"" pulumi-lang-yaml=""essentiallyOff"" pulumi-lang-java=""essentiallyOff"">"essentially_off"</span>, "low", "medium", "high", <span pulumi-lang-nodejs=""underAttack"" pulumi-lang-dotnet=""UnderAttack"" pulumi-lang-go=""underAttack"" pulumi-lang-python=""under_attack"" pulumi-lang-yaml=""underAttack"" pulumi-lang-java=""underAttack"">"under_attack"</span>.
@@ -12191,10 +13038,30 @@ export interface GetRulesetRuleActionParameters {
      * Available values: "off", "flexible", "full", "strict", <span pulumi-lang-nodejs=""originPull"" pulumi-lang-dotnet=""OriginPull"" pulumi-lang-go=""originPull"" pulumi-lang-python=""origin_pull"" pulumi-lang-yaml=""originPull"" pulumi-lang-java=""originPull"">"origin_pull"</span>.
      */
     ssl: string;
+    /**
+     * Set the stale-if-error cache control directive.
+     */
+    staleIfError: outputs.GetRulesetRuleActionParametersStaleIfError;
+    /**
+     * Set the stale-while-revalidate cache control directive.
+     */
+    staleWhileRevalidate: outputs.GetRulesetRuleActionParametersStaleWhileRevalidate;
     /**
      * The status code to use for the error.
      */
     statusCode: number;
+    /**
+     * Whether to strip the ETag header from the response.
+     */
+    stripEtags: boolean;
+    /**
+     * Whether to strip the Last-Modified header from the response.
+     */
+    stripLastModified: boolean;
+    /**
+     * Whether to strip the Set-Cookie header from the response.
+     */
+    stripSetCookie: boolean;
     /**
      * Whether to enable Signed Exchanges (SXG).
      */
@@ -12207,6 +13074,10 @@ export interface GetRulesetRuleActionParameters {
      * A URI rewrite.
      */
     uri: outputs.GetRulesetRuleActionParametersUri;
+    /**
+     * The cache tag values for<span pulumi-lang-nodejs=" setCacheTags " pulumi-lang-dotnet=" SetCacheTags " pulumi-lang-go=" setCacheTags " pulumi-lang-python=" set_cache_tags " pulumi-lang-yaml=" setCacheTags " pulumi-lang-java=" setCacheTags "> set_cache_tags </span>action.
+     */
+    values: string[];
 }
 export interface GetRulesetRuleActionParametersAlgorithm {
     /**
@@ -12464,12 +13335,97 @@ export interface GetRulesetRuleActionParametersHeaders {
      */
     value: string;
 }
+export interface GetRulesetRuleActionParametersImmutable {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+}
 export interface GetRulesetRuleActionParametersMatchedData {
     /**
      * The public key to encrypt matched data logs with.
      */
     publicKey: string;
 }
+export interface GetRulesetRuleActionParametersMaxAge {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+    /**
+     * The value for the directive in seconds.
+     */
+    value: number;
+}
+export interface GetRulesetRuleActionParametersMustRevalidate {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+}
+export interface GetRulesetRuleActionParametersMustUnderstand {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+}
+export interface GetRulesetRuleActionParametersNoCache {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+    /**
+     * The qualifiers for the directive.
+     */
+    qualifiers: string[];
+}
+export interface GetRulesetRuleActionParametersNoStore {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+}
+export interface GetRulesetRuleActionParametersNoTransform {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+}
 export interface GetRulesetRuleActionParametersOrigin {
     /**
      * A resolved host to route to.
@@ -12545,6 +13501,43 @@ export interface GetRulesetRuleActionParametersOverridesRule {
      */
     sensitivityLevel: string;
 }
+export interface GetRulesetRuleActionParametersPrivate {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+    /**
+     * The qualifiers for the directive.
+     */
+    qualifiers: string[];
+}
+export interface GetRulesetRuleActionParametersProxyRevalidate {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+}
+export interface GetRulesetRuleActionParametersPublic {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+}
 export interface GetRulesetRuleActionParametersRawResponseField {
     /**
      * The name of the response header.
@@ -12585,6 +13578,21 @@ export interface GetRulesetRuleActionParametersResponseField {
      */
     preserveDuplicates: boolean;
 }
+export interface GetRulesetRuleActionParametersSMaxage {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+    /**
+     * The value for the directive in seconds.
+     */
+    value: number;
+}
 export interface GetRulesetRuleActionParametersServeStale {
     /**
      * Whether Cloudflare should disable serving stale content while getting the latest content from the origin.
@@ -12597,6 +13605,36 @@ export interface GetRulesetRuleActionParametersSni {
      */
     value: string;
 }
+export interface GetRulesetRuleActionParametersStaleIfError {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+    /**
+     * The value for the directive in seconds.
+     */
+    value: number;
+}
+export interface GetRulesetRuleActionParametersStaleWhileRevalidate {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+    /**
+     * The value for the directive in seconds.
+     */
+    value: number;
+}
 export interface GetRulesetRuleActionParametersTransformedRequestField {
     /**
      * The name of the header.
@@ -12812,15 +13850,15 @@ export interface GetSchemaValidationSchemasListResult {
 }
 export interface GetSnippetListResult {
     /**
-     * The timestamp of when the snippet was created.
+     * Indicates when the snippet was created.
      */
     createdOn: string;
     /**
-     * The timestamp of when the snippet was last modified.
+     * Indicates when the snippet was last modified.
      */
     modifiedOn: string;
     /**
-     * The identifying name of the snippet.
+     * Identify the snippet.
      */
     snippetName: string;
 }
@@ -13661,6 +14699,18 @@ export interface GetTurnstileWidgetFilter {
      * Available values: "asc", "desc".
      */
     direction?: string;
+    /**
+     * Filter widgets by field using case-insensitive substring matching.
+     * Format: `field:value`
+     *
+     * Supported fields:
+     * - <span pulumi-lang-nodejs="`name`" pulumi-lang-dotnet="`Name`" pulumi-lang-go="`name`" pulumi-lang-python="`name`" pulumi-lang-yaml="`name`" pulumi-lang-java="`name`">`name`</span> - Filter by widget name (e.g., `filter=name:login-form`)
+     * - <span pulumi-lang-nodejs="`sitekey`" pulumi-lang-dotnet="`Sitekey`" pulumi-lang-go="`sitekey`" pulumi-lang-python="`sitekey`" pulumi-lang-yaml="`sitekey`" pulumi-lang-java="`sitekey`">`sitekey`</span> - Filter by sitekey (e.g., `filter=sitekey:0x4AAA`)
+     *
+     * Returns 400 Bad Request if the field is unsupported or format is invalid.
+     * An empty filter value returns all results.
+     */
+    filter?: string;
     /**
      * Field to order widgets by.
      * Available values: "id", "sitekey", "name", <span pulumi-lang-nodejs=""createdOn"" pulumi-lang-dotnet=""CreatedOn"" pulumi-lang-go=""createdOn"" pulumi-lang-python=""created_on"" pulumi-lang-yaml=""createdOn"" pulumi-lang-java=""createdOn"">"created_on"</span>, <span pulumi-lang-nodejs=""modifiedOn"" pulumi-lang-dotnet=""ModifiedOn"" pulumi-lang-go=""modifiedOn"" pulumi-lang-python=""modified_on"" pulumi-lang-yaml=""modifiedOn"" pulumi-lang-java=""modifiedOn"">"modified_on"</span>.
@@ -14566,6 +15616,10 @@ export interface GetWorkerVersionBinding {
      * Name of Worker to bind to.
      */
     service: string;
+    /**
+     * The rate limit configuration.
+     */
+    simple: outputs.GetWorkerVersionBindingSimple;
     /**
      * ID of the store containing the secret.
      */
@@ -14576,7 +15630,7 @@ export interface GetWorkerVersionBinding {
     text: string;
     /**
      * The kind of resource that the binding provides.
-     * Available values: "ai", <span pulumi-lang-nodejs=""analyticsEngine"" pulumi-lang-dotnet=""AnalyticsEngine"" pulumi-lang-go=""analyticsEngine"" pulumi-lang-python=""analytics_engine"" pulumi-lang-yaml=""analyticsEngine"" pulumi-lang-java=""analyticsEngine"">"analytics_engine"</span>, "assets", "browser", "d1", <span pulumi-lang-nodejs=""dataBlob"" pulumi-lang-dotnet=""DataBlob"" pulumi-lang-go=""dataBlob"" pulumi-lang-python=""data_blob"" pulumi-lang-yaml=""dataBlob"" pulumi-lang-java=""dataBlob"">"data_blob"</span>, <span pulumi-lang-nodejs=""dispatchNamespace"" pulumi-lang-dotnet=""DispatchNamespace"" pulumi-lang-go=""dispatchNamespace"" pulumi-lang-python=""dispatch_namespace"" pulumi-lang-yaml=""dispatchNamespace"" pulumi-lang-java=""dispatchNamespace"">"dispatch_namespace"</span>, <span pulumi-lang-nodejs=""durableObjectNamespace"" pulumi-lang-dotnet=""DurableObjectNamespace"" pulumi-lang-go=""durableObjectNamespace"" pulumi-lang-python=""durable_object_namespace"" pulumi-lang-yaml=""durableObjectNamespace"" pulumi-lang-java=""durableObjectNamespace"">"durable_object_namespace"</span>, "hyperdrive", "inherit", "images", "json", <span pulumi-lang-nodejs=""kvNamespace"" pulumi-lang-dotnet=""KvNamespace"" pulumi-lang-go=""kvNamespace"" pulumi-lang-python=""kv_namespace"" pulumi-lang-yaml=""kvNamespace"" pulumi-lang-java=""kvNamespace"">"kv_namespace"</span>, <span pulumi-lang-nodejs=""mtlsCertificate"" pulumi-lang-dotnet=""MtlsCertificate"" pulumi-lang-go=""mtlsCertificate"" pulumi-lang-python=""mtls_certificate"" pulumi-lang-yaml=""mtlsCertificate"" pulumi-lang-java=""mtlsCertificate"">"mtls_certificate"</span>, <span pulumi-lang-nodejs=""plainText"" pulumi-lang-dotnet=""PlainText"" pulumi-lang-go=""plainText"" pulumi-lang-python=""plain_text"" pulumi-lang-yaml=""plainText"" pulumi-lang-java=""plainText"">"plain_text"</span>, "pipelines", "queue", <span pulumi-lang-nodejs=""r2Bucket"" pulumi-lang-dotnet=""R2Bucket"" pulumi-lang-go=""r2Bucket"" pulumi-lang-python=""r2_bucket"" pulumi-lang-yaml=""r2Bucket"" pulumi-lang-java=""r2Bucket"">"r2_bucket"</span>, <span pulumi-lang-nodejs=""secretText"" pulumi-lang-dotnet=""SecretText"" pulumi-lang-go=""secretText"" pulumi-lang-python=""secret_text"" pulumi-lang-yaml=""secretText"" pulumi-lang-java=""secretText"">"secret_text"</span>, <span pulumi-lang-nodejs=""sendEmail"" pulumi-lang-dotnet=""SendEmail"" pulumi-lang-go=""sendEmail"" pulumi-lang-python=""send_email"" pulumi-lang-yaml=""sendEmail"" pulumi-lang-java=""sendEmail"">"send_email"</span>, "service", <span pulumi-lang-nodejs=""textBlob"" pulumi-lang-dotnet=""TextBlob"" pulumi-lang-go=""textBlob"" pulumi-lang-python=""text_blob"" pulumi-lang-yaml=""textBlob"" pulumi-lang-java=""textBlob"">"text_blob"</span>, "vectorize", <span pulumi-lang-nodejs=""versionMetadata"" pulumi-lang-dotnet=""VersionMetadata"" pulumi-lang-go=""versionMetadata"" pulumi-lang-python=""version_metadata"" pulumi-lang-yaml=""versionMetadata"" pulumi-lang-java=""versionMetadata"">"version_metadata"</span>, <span pulumi-lang-nodejs=""secretsStoreSecret"" pulumi-lang-dotnet=""SecretsStoreSecret"" pulumi-lang-go=""secretsStoreSecret"" pulumi-lang-python=""secrets_store_secret"" pulumi-lang-yaml=""secretsStoreSecret"" pulumi-lang-java=""secretsStoreSecret"">"secrets_store_secret"</span>, <span pulumi-lang-nodejs=""secretKey"" pulumi-lang-dotnet=""SecretKey"" pulumi-lang-go=""secretKey"" pulumi-lang-python=""secret_key"" pulumi-lang-yaml=""secretKey"" pulumi-lang-java=""secretKey"">"secret_key"</span>, "workflow", <span pulumi-lang-nodejs=""wasmModule"" pulumi-lang-dotnet=""WasmModule"" pulumi-lang-go=""wasmModule"" pulumi-lang-python=""wasm_module"" pulumi-lang-yaml=""wasmModule"" pulumi-lang-java=""wasmModule"">"wasm_module"</span>.
+     * Available values: "ai", <span pulumi-lang-nodejs=""analyticsEngine"" pulumi-lang-dotnet=""AnalyticsEngine"" pulumi-lang-go=""analyticsEngine"" pulumi-lang-python=""analytics_engine"" pulumi-lang-yaml=""analyticsEngine"" pulumi-lang-java=""analyticsEngine"">"analytics_engine"</span>, "assets", "browser", "d1", <span pulumi-lang-nodejs=""dataBlob"" pulumi-lang-dotnet=""DataBlob"" pulumi-lang-go=""dataBlob"" pulumi-lang-python=""data_blob"" pulumi-lang-yaml=""dataBlob"" pulumi-lang-java=""dataBlob"">"data_blob"</span>, <span pulumi-lang-nodejs=""dispatchNamespace"" pulumi-lang-dotnet=""DispatchNamespace"" pulumi-lang-go=""dispatchNamespace"" pulumi-lang-python=""dispatch_namespace"" pulumi-lang-yaml=""dispatchNamespace"" pulumi-lang-java=""dispatchNamespace"">"dispatch_namespace"</span>, <span pulumi-lang-nodejs=""durableObjectNamespace"" pulumi-lang-dotnet=""DurableObjectNamespace"" pulumi-lang-go=""durableObjectNamespace"" pulumi-lang-python=""durable_object_namespace"" pulumi-lang-yaml=""durableObjectNamespace"" pulumi-lang-java=""durableObjectNamespace"">"durable_object_namespace"</span>, "hyperdrive", "inherit", "images", "json", <span pulumi-lang-nodejs=""kvNamespace"" pulumi-lang-dotnet=""KvNamespace"" pulumi-lang-go=""kvNamespace"" pulumi-lang-python=""kv_namespace"" pulumi-lang-yaml=""kvNamespace"" pulumi-lang-java=""kvNamespace"">"kv_namespace"</span>, <span pulumi-lang-nodejs=""mtlsCertificate"" pulumi-lang-dotnet=""MtlsCertificate"" pulumi-lang-go=""mtlsCertificate"" pulumi-lang-python=""mtls_certificate"" pulumi-lang-yaml=""mtlsCertificate"" pulumi-lang-java=""mtlsCertificate"">"mtls_certificate"</span>, <span pulumi-lang-nodejs=""plainText"" pulumi-lang-dotnet=""PlainText"" pulumi-lang-go=""plainText"" pulumi-lang-python=""plain_text"" pulumi-lang-yaml=""plainText"" pulumi-lang-java=""plainText"">"plain_text"</span>, "pipelines", "queue", "ratelimit", <span pulumi-lang-nodejs=""r2Bucket"" pulumi-lang-dotnet=""R2Bucket"" pulumi-lang-go=""r2Bucket"" pulumi-lang-python=""r2_bucket"" pulumi-lang-yaml=""r2Bucket"" pulumi-lang-java=""r2Bucket"">"r2_bucket"</span>, <span pulumi-lang-nodejs=""secretText"" pulumi-lang-dotnet=""SecretText"" pulumi-lang-go=""secretText"" pulumi-lang-python=""secret_text"" pulumi-lang-yaml=""secretText"" pulumi-lang-java=""secretText"">"secret_text"</span>, <span pulumi-lang-nodejs=""sendEmail"" pulumi-lang-dotnet=""SendEmail"" pulumi-lang-go=""sendEmail"" pulumi-lang-python=""send_email"" pulumi-lang-yaml=""sendEmail"" pulumi-lang-java=""sendEmail"">"send_email"</span>, "service", <span pulumi-lang-nodejs=""textBlob"" pulumi-lang-dotnet=""TextBlob"" pulumi-lang-go=""textBlob"" pulumi-lang-python=""text_blob"" pulumi-lang-yaml=""textBlob"" pulumi-lang-java=""textBlob"">"text_blob"</span>, "vectorize", <span pulumi-lang-nodejs=""versionMetadata"" pulumi-lang-dotnet=""VersionMetadata"" pulumi-lang-go=""versionMetadata"" pulumi-lang-python=""version_metadata"" pulumi-lang-yaml=""versionMetadata"" pulumi-lang-java=""versionMetadata"">"version_metadata"</span>, <span pulumi-lang-nodejs=""secretsStoreSecret"" pulumi-lang-dotnet=""SecretsStoreSecret"" pulumi-lang-go=""secretsStoreSecret"" pulumi-lang-python=""secrets_store_secret"" pulumi-lang-yaml=""secretsStoreSecret"" pulumi-lang-java=""secretsStoreSecret"">"secrets_store_secret"</span>, <span pulumi-lang-nodejs=""secretKey"" pulumi-lang-dotnet=""SecretKey"" pulumi-lang-go=""secretKey"" pulumi-lang-python=""secret_key"" pulumi-lang-yaml=""secretKey"" pulumi-lang-java=""secretKey"">"secret_key"</span>, "workflow", <span pulumi-lang-nodejs=""wasmModule"" pulumi-lang-dotnet=""WasmModule"" pulumi-lang-go=""wasmModule"" pulumi-lang-python=""wasm_module"" pulumi-lang-yaml=""wasmModule"" pulumi-lang-java=""wasmModule"">"wasm_module"</span>.
      */
     type: string;
     /**
@@ -14596,13 +15650,23 @@ export interface GetWorkerVersionBindingOutbound {
     /**
      * Pass information from the Dispatch Worker to the Outbound Worker through the parameters.
      */
-    params: string[];
+    params: outputs.GetWorkerVersionBindingOutboundParam[];
     /**
      * Outbound worker.
      */
     worker: outputs.GetWorkerVersionBindingOutboundWorker;
 }
+export interface GetWorkerVersionBindingOutboundParam {
+    /**
+     * Name of the parameter.
+     */
+    name: string;
+}
 export interface GetWorkerVersionBindingOutboundWorker {
+    /**
+     * Entrypoint to invoke on the outbound worker.
+     */
+    entrypoint: string;
     /**
      * Environment of the outbound worker.
      */
@@ -14612,6 +15676,16 @@ export interface GetWorkerVersionBindingOutboundWorker {
      */
     service: string;
 }
+export interface GetWorkerVersionBindingSimple {
+    /**
+     * The limit (requests per period).
+     */
+    limit: number;
+    /**
+     * The period in seconds.
+     */
+    period: number;
+}
 export interface GetWorkerVersionLimits {
     /**
      * CPU time limit in milliseconds.
@@ -14708,10 +15782,40 @@ export interface GetWorkerVersionModule {
 }
 export interface GetWorkerVersionPlacement {
     /**
-     * Placement mode for the version.
-     * Available values: "smart".
+     * TCP host and port for targeted placement.
+     */
+    host: string;
+    /**
+     * HTTP hostname for targeted placement.
+     */
+    hostname: string;
+    /**
+     * Enables [Smart Placement](https://developers.cloudflare.com/workers/configuration/smart-placement).
+     * Available values: "smart", "targeted".
      */
     mode: string;
+    /**
+     * Cloud region for targeted placement in format 'provider:region'.
+     */
+    region: string;
+    /**
+     * Array of placement targets (currently limited to single target).
+     */
+    targets: outputs.GetWorkerVersionPlacementTarget[];
+}
+export interface GetWorkerVersionPlacementTarget {
+    /**
+     * TCP host:port for targeted placement.
+     */
+    host: string;
+    /**
+     * HTTP hostname for targeted placement.
+     */
+    hostname: string;
+    /**
+     * Cloud region in format 'provider:region'.
+     */
+    region: string;
 }
 export interface GetWorkerVersionsResult {
     /**
@@ -14776,7 +15880,7 @@ export interface GetWorkerVersionsResult {
      */
     number: number;
     /**
-     * Placement settings for the version.
+     * Configuration for [Smart Placement](https://developers.cloudflare.com/workers/configuration/smart-placement). Specify mode='smart' for Smart Placement, or one of region/hostname/host.
      */
     placement: outputs.GetWorkerVersionsResultPlacement;
     /**
@@ -14946,6 +16050,10 @@ export interface GetWorkerVersionsResultBinding {
      * Name of Worker to bind to.
      */
     service: string;
+    /**
+     * The rate limit configuration.
+     */
+    simple: outputs.GetWorkerVersionsResultBindingSimple;
     /**
      * ID of the store containing the secret.
      */
@@ -14956,7 +16064,7 @@ export interface GetWorkerVersionsResultBinding {
     text: string;
     /**
      * The kind of resource that the binding provides.
-     * Available values: "ai", <span pulumi-lang-nodejs=""analyticsEngine"" pulumi-lang-dotnet=""AnalyticsEngine"" pulumi-lang-go=""analyticsEngine"" pulumi-lang-python=""analytics_engine"" pulumi-lang-yaml=""analyticsEngine"" pulumi-lang-java=""analyticsEngine"">"analytics_engine"</span>, "assets", "browser", "d1", <span pulumi-lang-nodejs=""dataBlob"" pulumi-lang-dotnet=""DataBlob"" pulumi-lang-go=""dataBlob"" pulumi-lang-python=""data_blob"" pulumi-lang-yaml=""dataBlob"" pulumi-lang-java=""dataBlob"">"data_blob"</span>, <span pulumi-lang-nodejs=""dispatchNamespace"" pulumi-lang-dotnet=""DispatchNamespace"" pulumi-lang-go=""dispatchNamespace"" pulumi-lang-python=""dispatch_namespace"" pulumi-lang-yaml=""dispatchNamespace"" pulumi-lang-java=""dispatchNamespace"">"dispatch_namespace"</span>, <span pulumi-lang-nodejs=""durableObjectNamespace"" pulumi-lang-dotnet=""DurableObjectNamespace"" pulumi-lang-go=""durableObjectNamespace"" pulumi-lang-python=""durable_object_namespace"" pulumi-lang-yaml=""durableObjectNamespace"" pulumi-lang-java=""durableObjectNamespace"">"durable_object_namespace"</span>, "hyperdrive", "inherit", "images", "json", <span pulumi-lang-nodejs=""kvNamespace"" pulumi-lang-dotnet=""KvNamespace"" pulumi-lang-go=""kvNamespace"" pulumi-lang-python=""kv_namespace"" pulumi-lang-yaml=""kvNamespace"" pulumi-lang-java=""kvNamespace"">"kv_namespace"</span>, <span pulumi-lang-nodejs=""mtlsCertificate"" pulumi-lang-dotnet=""MtlsCertificate"" pulumi-lang-go=""mtlsCertificate"" pulumi-lang-python=""mtls_certificate"" pulumi-lang-yaml=""mtlsCertificate"" pulumi-lang-java=""mtlsCertificate"">"mtls_certificate"</span>, <span pulumi-lang-nodejs=""plainText"" pulumi-lang-dotnet=""PlainText"" pulumi-lang-go=""plainText"" pulumi-lang-python=""plain_text"" pulumi-lang-yaml=""plainText"" pulumi-lang-java=""plainText"">"plain_text"</span>, "pipelines", "queue", <span pulumi-lang-nodejs=""r2Bucket"" pulumi-lang-dotnet=""R2Bucket"" pulumi-lang-go=""r2Bucket"" pulumi-lang-python=""r2_bucket"" pulumi-lang-yaml=""r2Bucket"" pulumi-lang-java=""r2Bucket"">"r2_bucket"</span>, <span pulumi-lang-nodejs=""secretText"" pulumi-lang-dotnet=""SecretText"" pulumi-lang-go=""secretText"" pulumi-lang-python=""secret_text"" pulumi-lang-yaml=""secretText"" pulumi-lang-java=""secretText"">"secret_text"</span>, <span pulumi-lang-nodejs=""sendEmail"" pulumi-lang-dotnet=""SendEmail"" pulumi-lang-go=""sendEmail"" pulumi-lang-python=""send_email"" pulumi-lang-yaml=""sendEmail"" pulumi-lang-java=""sendEmail"">"send_email"</span>, "service", <span pulumi-lang-nodejs=""textBlob"" pulumi-lang-dotnet=""TextBlob"" pulumi-lang-go=""textBlob"" pulumi-lang-python=""text_blob"" pulumi-lang-yaml=""textBlob"" pulumi-lang-java=""textBlob"">"text_blob"</span>, "vectorize", <span pulumi-lang-nodejs=""versionMetadata"" pulumi-lang-dotnet=""VersionMetadata"" pulumi-lang-go=""versionMetadata"" pulumi-lang-python=""version_metadata"" pulumi-lang-yaml=""versionMetadata"" pulumi-lang-java=""versionMetadata"">"version_metadata"</span>, <span pulumi-lang-nodejs=""secretsStoreSecret"" pulumi-lang-dotnet=""SecretsStoreSecret"" pulumi-lang-go=""secretsStoreSecret"" pulumi-lang-python=""secrets_store_secret"" pulumi-lang-yaml=""secretsStoreSecret"" pulumi-lang-java=""secretsStoreSecret"">"secrets_store_secret"</span>, <span pulumi-lang-nodejs=""secretKey"" pulumi-lang-dotnet=""SecretKey"" pulumi-lang-go=""secretKey"" pulumi-lang-python=""secret_key"" pulumi-lang-yaml=""secretKey"" pulumi-lang-java=""secretKey"">"secret_key"</span>, "workflow", <span pulumi-lang-nodejs=""wasmModule"" pulumi-lang-dotnet=""WasmModule"" pulumi-lang-go=""wasmModule"" pulumi-lang-python=""wasm_module"" pulumi-lang-yaml=""wasmModule"" pulumi-lang-java=""wasmModule"">"wasm_module"</span>.
+     * Available values: "ai", <span pulumi-lang-nodejs=""analyticsEngine"" pulumi-lang-dotnet=""AnalyticsEngine"" pulumi-lang-go=""analyticsEngine"" pulumi-lang-python=""analytics_engine"" pulumi-lang-yaml=""analyticsEngine"" pulumi-lang-java=""analyticsEngine"">"analytics_engine"</span>, "assets", "browser", "d1", <span pulumi-lang-nodejs=""dataBlob"" pulumi-lang-dotnet=""DataBlob"" pulumi-lang-go=""dataBlob"" pulumi-lang-python=""data_blob"" pulumi-lang-yaml=""dataBlob"" pulumi-lang-java=""dataBlob"">"data_blob"</span>, <span pulumi-lang-nodejs=""dispatchNamespace"" pulumi-lang-dotnet=""DispatchNamespace"" pulumi-lang-go=""dispatchNamespace"" pulumi-lang-python=""dispatch_namespace"" pulumi-lang-yaml=""dispatchNamespace"" pulumi-lang-java=""dispatchNamespace"">"dispatch_namespace"</span>, <span pulumi-lang-nodejs=""durableObjectNamespace"" pulumi-lang-dotnet=""DurableObjectNamespace"" pulumi-lang-go=""durableObjectNamespace"" pulumi-lang-python=""durable_object_namespace"" pulumi-lang-yaml=""durableObjectNamespace"" pulumi-lang-java=""durableObjectNamespace"">"durable_object_namespace"</span>, "hyperdrive", "inherit", "images", "json", <span pulumi-lang-nodejs=""kvNamespace"" pulumi-lang-dotnet=""KvNamespace"" pulumi-lang-go=""kvNamespace"" pulumi-lang-python=""kv_namespace"" pulumi-lang-yaml=""kvNamespace"" pulumi-lang-java=""kvNamespace"">"kv_namespace"</span>, <span pulumi-lang-nodejs=""mtlsCertificate"" pulumi-lang-dotnet=""MtlsCertificate"" pulumi-lang-go=""mtlsCertificate"" pulumi-lang-python=""mtls_certificate"" pulumi-lang-yaml=""mtlsCertificate"" pulumi-lang-java=""mtlsCertificate"">"mtls_certificate"</span>, <span pulumi-lang-nodejs=""plainText"" pulumi-lang-dotnet=""PlainText"" pulumi-lang-go=""plainText"" pulumi-lang-python=""plain_text"" pulumi-lang-yaml=""plainText"" pulumi-lang-java=""plainText"">"plain_text"</span>, "pipelines", "queue", "ratelimit", <span pulumi-lang-nodejs=""r2Bucket"" pulumi-lang-dotnet=""R2Bucket"" pulumi-lang-go=""r2Bucket"" pulumi-lang-python=""r2_bucket"" pulumi-lang-yaml=""r2Bucket"" pulumi-lang-java=""r2Bucket"">"r2_bucket"</span>, <span pulumi-lang-nodejs=""secretText"" pulumi-lang-dotnet=""SecretText"" pulumi-lang-go=""secretText"" pulumi-lang-python=""secret_text"" pulumi-lang-yaml=""secretText"" pulumi-lang-java=""secretText"">"secret_text"</span>, <span pulumi-lang-nodejs=""sendEmail"" pulumi-lang-dotnet=""SendEmail"" pulumi-lang-go=""sendEmail"" pulumi-lang-python=""send_email"" pulumi-lang-yaml=""sendEmail"" pulumi-lang-java=""sendEmail"">"send_email"</span>, "service", <span pulumi-lang-nodejs=""textBlob"" pulumi-lang-dotnet=""TextBlob"" pulumi-lang-go=""textBlob"" pulumi-lang-python=""text_blob"" pulumi-lang-yaml=""textBlob"" pulumi-lang-java=""textBlob"">"text_blob"</span>, "vectorize", <span pulumi-lang-nodejs=""versionMetadata"" pulumi-lang-dotnet=""VersionMetadata"" pulumi-lang-go=""versionMetadata"" pulumi-lang-python=""version_metadata"" pulumi-lang-yaml=""versionMetadata"" pulumi-lang-java=""versionMetadata"">"version_metadata"</span>, <span pulumi-lang-nodejs=""secretsStoreSecret"" pulumi-lang-dotnet=""SecretsStoreSecret"" pulumi-lang-go=""secretsStoreSecret"" pulumi-lang-python=""secrets_store_secret"" pulumi-lang-yaml=""secretsStoreSecret"" pulumi-lang-java=""secretsStoreSecret"">"secrets_store_secret"</span>, <span pulumi-lang-nodejs=""secretKey"" pulumi-lang-dotnet=""SecretKey"" pulumi-lang-go=""secretKey"" pulumi-lang-python=""secret_key"" pulumi-lang-yaml=""secretKey"" pulumi-lang-java=""secretKey"">"secret_key"</span>, "workflow", <span pulumi-lang-nodejs=""wasmModule"" pulumi-lang-dotnet=""WasmModule"" pulumi-lang-go=""wasmModule"" pulumi-lang-python=""wasm_module"" pulumi-lang-yaml=""wasmModule"" pulumi-lang-java=""wasmModule"">"wasm_module"</span>.
      */
     type: string;
     /**
@@ -14976,13 +16084,23 @@ export interface GetWorkerVersionsResultBindingOutbound {
     /**
      * Pass information from the Dispatch Worker to the Outbound Worker through the parameters.
      */
-    params: string[];
+    params: outputs.GetWorkerVersionsResultBindingOutboundParam[];
     /**
      * Outbound worker.
      */
     worker: outputs.GetWorkerVersionsResultBindingOutboundWorker;
 }
+export interface GetWorkerVersionsResultBindingOutboundParam {
+    /**
+     * Name of the parameter.
+     */
+    name: string;
+}
 export interface GetWorkerVersionsResultBindingOutboundWorker {
+    /**
+     * Entrypoint to invoke on the outbound worker.
+     */
+    entrypoint: string;
     /**
      * Environment of the outbound worker.
      */
@@ -14992,6 +16110,16 @@ export interface GetWorkerVersionsResultBindingOutboundWorker {
      */
     service: string;
 }
+export interface GetWorkerVersionsResultBindingSimple {
+    /**
+     * The limit (requests per period).
+     */
+    limit: number;
+    /**
+     * The period in seconds.
+     */
+    period: number;
+}
 export interface GetWorkerVersionsResultLimits {
     /**
      * CPU time limit in milliseconds.
@@ -15088,10 +16216,40 @@ export interface GetWorkerVersionsResultModule {
 }
 export interface GetWorkerVersionsResultPlacement {
     /**
-     * Placement mode for the version.
-     * Available values: "smart".
+     * TCP host and port for targeted placement.
+     */
+    host: string;
+    /**
+     * HTTP hostname for targeted placement.
+     */
+    hostname: string;
+    /**
+     * Enables [Smart Placement](https://developers.cloudflare.com/workers/configuration/smart-placement).
+     * Available values: "smart", "targeted".
      */
     mode: string;
+    /**
+     * Cloud region for targeted placement in format 'provider:region'.
+     */
+    region: string;
+    /**
+     * Array of placement targets (currently limited to single target).
+     */
+    targets: outputs.GetWorkerVersionsResultPlacementTarget[];
+}
+export interface GetWorkerVersionsResultPlacementTarget {
+    /**
+     * TCP host:port for targeted placement.
+     */
+    host: string;
+    /**
+     * HTTP hostname for targeted placement.
+     */
+    hostname: string;
+    /**
+     * Cloud region in format 'provider:region'.
+     */
+    region: string;
 }
 export interface GetWorkersCronTriggerSchedule {
     createdOn: string;
@@ -15494,11 +16652,11 @@ export interface GetWorkersScriptsResult {
      */
     observability: outputs.GetWorkersScriptsResultObservability;
     /**
-     * Configuration for [Smart Placement](https://developers.cloudflare.com/workers/configuration/smart-placement). Specify either mode for Smart Placement, or one of region/hostname/host for targeted placement.
+     * Configuration for [Smart Placement](https://developers.cloudflare.com/workers/configuration/smart-placement). Specify mode='smart' for Smart Placement, or one of region/hostname/host.
      */
     placement: outputs.GetWorkersScriptsResultPlacement;
     /**
-     * Available values: "smart".
+     * Available values: "smart", "targeted".
      *
      * @deprecated Deprecated
      */
@@ -15592,7 +16750,7 @@ export interface GetWorkersScriptsResultPlacement {
     lastAnalyzedAt: string;
     /**
      * Enables [Smart Placement](https://developers.cloudflare.com/workers/configuration/smart-placement).
-     * Available values: "smart".
+     * Available values: "smart", "targeted".
      */
     mode: string;
     /**
@@ -15604,6 +16762,24 @@ export interface GetWorkersScriptsResultPlacement {
      * Available values: "SUCCESS", "UNSUPPORTED_APPLICATION", "INSUFFICIENT_INVOCATIONS".
      */
     status: string;
+    /**
+     * Array of placement targets (currently limited to single target).
+     */
+    targets: outputs.GetWorkersScriptsResultPlacementTarget[];
+}
+export interface GetWorkersScriptsResultPlacementTarget {
+    /**
+     * TCP host:port for targeted placement.
+     */
+    host: string;
+    /**
+     * HTTP hostname for targeted placement.
+     */
+    hostname: string;
+    /**
+     * Cloud region in format 'provider:region'.
+     */
+    region: string;
 }
 export interface GetWorkersScriptsResultRoute {
     /**
@@ -15690,6 +16866,7 @@ export interface GetZeroTrustAccessAiControlsMcpPortalServer {
      * server id
      */
     id: string;
+    lastSuccessfulSync: string;
     lastSynced: string;
     modifiedAt: string;
     modifiedBy: string;
@@ -15717,6 +16894,10 @@ export interface GetZeroTrustAccessAiControlsMcpPortalsResult {
     modifiedAt: string;
     modifiedBy: string;
     name: string;
+    /**
+     * Route outbound MCP traffic through Zero Trust Secure Web Gateway
+     */
+    secureWebGateway: boolean;
 }
 export interface GetZeroTrustAccessAiControlsMcpServerFilter {
     /**
@@ -15738,6 +16919,7 @@ export interface GetZeroTrustAccessAiControlsMcpServersResult {
      * server id
      */
     id: string;
+    lastSuccessfulSync: string;
     lastSynced: string;
     modifiedAt: string;
     modifiedBy: string;
@@ -20436,6 +21618,10 @@ export interface GetZeroTrustAccessPoliciesResult {
      * Requires the user to request access from an administrator at the start of each session.
      */
     approvalRequired: boolean;
+    /**
+     * The rules that define how users may connect to targets secured by your application.
+     */
+    connectionRules: outputs.GetZeroTrustAccessPoliciesResultConnectionRules;
     createdAt: string;
     /**
      * The action Access will take if a user matches this policy. Infrastructure application policies can only use the Allow action.
@@ -20458,6 +21644,10 @@ export interface GetZeroTrustAccessPoliciesResult {
      * Require this application to be served in an isolated browser for users matching this policy. 'Client Web Isolation' must be on for the account in order to use this feature.
      */
     isolationRequired: boolean;
+    /**
+     * Configures multi-factor authentication (MFA) settings.
+     */
+    mfaConfig: outputs.GetZeroTrustAccessPoliciesResultMfaConfig;
     /**
      * The name of the Access policy.
      */
@@ -20495,6 +21685,22 @@ export interface GetZeroTrustAccessPoliciesResultApprovalGroup {
      */
     emailListUuid: string;
 }
+export interface GetZeroTrustAccessPoliciesResultConnectionRules {
+    /**
+     * The RDP-specific rules that define clipboard behavior for RDP connections.
+     */
+    rdp: outputs.GetZeroTrustAccessPoliciesResultConnectionRulesRdp;
+}
+export interface GetZeroTrustAccessPoliciesResultConnectionRulesRdp {
+    /**
+     * Clipboard formats allowed when copying from local machine to remote RDP session.
+     */
+    allowedClipboardLocalToRemoteFormats: string[];
+    /**
+     * Clipboard formats allowed when copying from remote RDP session to local machine.
+     */
+    allowedClipboardRemoteToLocalFormats: string[];
+}
 export interface GetZeroTrustAccessPoliciesResultExclude {
     /**
      * An empty object which matches on all service tokens.
@@ -20919,6 +22125,20 @@ export interface GetZeroTrustAccessPoliciesResultIncludeServiceToken {
      */
     tokenId: string;
 }
+export interface GetZeroTrustAccessPoliciesResultMfaConfig {
+    /**
+     * Lists the MFA methods that users can authenticate with.
+     */
+    allowedAuthenticators: string[];
+    /**
+     * Indicates whether to bypass MFA for this resource. This option is available at the application and policy level.
+     */
+    mfaBypass: boolean;
+    /**
+     * Defines the duration of an MFA session. Must be in minutes (m) or hours (h). Minimum: 0m. Maximum: 720h (30 days). Examples:<span pulumi-lang-nodejs="`5m`" pulumi-lang-dotnet="`5m`" pulumi-lang-go="`5m`" pulumi-lang-python="`5m`" pulumi-lang-yaml="`5m`" pulumi-lang-java="`5m`">`5m`</span> or <span pulumi-lang-nodejs="`24h`" pulumi-lang-dotnet="`24h`" pulumi-lang-go="`24h`" pulumi-lang-python="`24h`" pulumi-lang-yaml="`24h`" pulumi-lang-java="`24h`">`24h`</span>.
+     */
+    sessionDuration: string;
+}
 export interface GetZeroTrustAccessPoliciesResultRequire {
     /**
      * An empty object which matches on all service tokens.
@@ -21145,6 +22365,22 @@ export interface GetZeroTrustAccessPolicyApprovalGroup {
      */
     emailListUuid: string;
 }
+export interface GetZeroTrustAccessPolicyConnectionRules {
+    /**
+     * The RDP-specific rules that define clipboard behavior for RDP connections.
+     */
+    rdp: outputs.GetZeroTrustAccessPolicyConnectionRulesRdp;
+}
+export interface GetZeroTrustAccessPolicyConnectionRulesRdp {
+    /**
+     * Clipboard formats allowed when copying from local machine to remote RDP session.
+     */
+    allowedClipboardLocalToRemoteFormats: string[];
+    /**
+     * Clipboard formats allowed when copying from remote RDP session to local machine.
+     */
+    allowedClipboardRemoteToLocalFormats: string[];
+}
 export interface GetZeroTrustAccessPolicyExclude {
     /**
      * An empty object which matches on all service tokens.
@@ -21569,6 +22805,20 @@ export interface GetZeroTrustAccessPolicyIncludeServiceToken {
      */
     tokenId: string;
 }
+export interface GetZeroTrustAccessPolicyMfaConfig {
+    /**
+     * Lists the MFA methods that users can authenticate with.
+     */
+    allowedAuthenticators: string[];
+    /**
+     * Indicates whether to bypass MFA for this resource. This option is available at the application and policy level.
+     */
+    mfaBypass: boolean;
+    /**
+     * Defines the duration of an MFA session. Must be in minutes (m) or hours (h). Minimum: 0m. Maximum: 720h (30 days). Examples:<span pulumi-lang-nodejs="`5m`" pulumi-lang-dotnet="`5m`" pulumi-lang-go="`5m`" pulumi-lang-python="`5m`" pulumi-lang-yaml="`5m`" pulumi-lang-java="`5m`">`5m`</span> or <span pulumi-lang-nodejs="`24h`" pulumi-lang-dotnet="`24h`" pulumi-lang-go="`24h`" pulumi-lang-python="`24h`" pulumi-lang-yaml="`24h`" pulumi-lang-java="`24h`">`24h`</span>.
+     */
+    sessionDuration: string;
+}
 export interface GetZeroTrustAccessPolicyRequire {
     /**
      * An empty object which matches on all service tokens.
@@ -22621,6 +23871,71 @@ export interface GetZeroTrustDevicePostureRulesResultMatch {
      */
     platform: string;
 }
+export interface GetZeroTrustDexRuleTargetedTest {
+    /**
+     * The configuration object which contains the details for the WARP client to conduct the test.
+     */
+    data: outputs.GetZeroTrustDexRuleTargetedTestData;
+    enabled: boolean;
+    name: string;
+    testId: string;
+}
+export interface GetZeroTrustDexRuleTargetedTestData {
+    /**
+     * The desired endpoint to test.
+     */
+    host: string;
+    /**
+     * The type of test.
+     * Available values: "http", "traceroute".
+     */
+    kind: string;
+    /**
+     * The HTTP request method type.
+     * Available values: "GET".
+     */
+    method: string;
+}
+export interface GetZeroTrustDexRulesResult {
+    rules: outputs.GetZeroTrustDexRulesResultRule[];
+}
+export interface GetZeroTrustDexRulesResultRule {
+    createdAt: string;
+    description: string;
+    /**
+     * API Resource UUID tag.
+     */
+    id: string;
+    match: string;
+    name: string;
+    targetedTests: outputs.GetZeroTrustDexRulesResultRuleTargetedTest[];
+    updatedAt: string;
+}
+export interface GetZeroTrustDexRulesResultRuleTargetedTest {
+    /**
+     * The configuration object which contains the details for the WARP client to conduct the test.
+     */
+    data: outputs.GetZeroTrustDexRulesResultRuleTargetedTestData;
+    enabled: boolean;
+    name: string;
+    testId: string;
+}
+export interface GetZeroTrustDexRulesResultRuleTargetedTestData {
+    /**
+     * The desired endpoint to test.
+     */
+    host: string;
+    /**
+     * The type of test.
+     * Available values: "http", "traceroute".
+     */
+    kind: string;
+    /**
+     * The HTTP request method type.
+     * Available values: "GET".
+     */
+    method: string;
+}
 export interface GetZeroTrustDexTestData {
     /**
      * The desired endpoint to test.
@@ -22628,20 +23943,33 @@ export interface GetZeroTrustDexTestData {
     host: string;
     /**
      * The type of test.
+     * Available values: "http", "traceroute".
      */
     kind: string;
     /**
      * The HTTP request method type.
+     * Available values: "GET".
      */
     method: string;
 }
+export interface GetZeroTrustDexTestFilter {
+    /**
+     * Filter by test type
+     * Available values: "http", "traceroute".
+     */
+    kind?: string;
+    /**
+     * Filter by test name
+     */
+    testName?: string;
+}
 export interface GetZeroTrustDexTestTargetPolicy {
     /**
      * Whether the DEX rule is the account default
      */
     default: boolean;
     /**
-     * The id of the DEX rule
+     * API Resource UUID tag.
      */
     id: string;
     /**
@@ -22691,10 +24019,12 @@ export interface GetZeroTrustDexTestsResultData {
     host: string;
     /**
      * The type of test.
+     * Available values: "http", "traceroute".
      */
     kind: string;
     /**
      * The HTTP request method type.
+     * Available values: "GET".
      */
     method: string;
 }
@@ -22704,7 +24034,7 @@ export interface GetZeroTrustDexTestsResultTargetPolicy {
      */
     default: boolean;
     /**
-     * The id of the DEX rule
+     * API Resource UUID tag.
      */
     id: string;
     /**
@@ -22721,6 +24051,7 @@ export interface GetZeroTrustDlpCustomEntriesResult {
     caseSensitive: boolean;
     confidence: outputs.GetZeroTrustDlpCustomEntriesResultConfidence;
     createdAt: string;
+    description: string;
     enabled: boolean;
     id: string;
     name: string;
@@ -22828,6 +24159,7 @@ export interface GetZeroTrustDlpCustomProfileEntry {
     caseSensitive: boolean;
     confidence: outputs.GetZeroTrustDlpCustomProfileEntryConfidence;
     createdAt: string;
+    description: string;
     enabled: boolean;
     id: string;
     name: string;
@@ -22872,6 +24204,60 @@ export interface GetZeroTrustDlpCustomProfileEntryVariant {
      */
     type: string;
 }
+export interface GetZeroTrustDlpCustomProfileSharedEntry {
+    /**
+     * Only applies to custom word lists.
+     * Determines if the words should be matched in a case-sensitive manner
+     * Cannot be set to false if secret is true
+     */
+    caseSensitive: boolean;
+    confidence: outputs.GetZeroTrustDlpCustomProfileSharedEntryConfidence;
+    createdAt: string;
+    description: string;
+    enabled: boolean;
+    id: string;
+    name: string;
+    pattern: outputs.GetZeroTrustDlpCustomProfileSharedEntryPattern;
+    profileId: string;
+    secret: boolean;
+    /**
+     * Available values: "custom", "predefined", "integration", <span pulumi-lang-nodejs=""exactData"" pulumi-lang-dotnet=""ExactData"" pulumi-lang-go=""exactData"" pulumi-lang-python=""exact_data"" pulumi-lang-yaml=""exactData"" pulumi-lang-java=""exactData"">"exact_data"</span>, <span pulumi-lang-nodejs=""documentFingerprint"" pulumi-lang-dotnet=""DocumentFingerprint"" pulumi-lang-go=""documentFingerprint"" pulumi-lang-python=""document_fingerprint"" pulumi-lang-yaml=""documentFingerprint"" pulumi-lang-java=""documentFingerprint"">"document_fingerprint"</span>, <span pulumi-lang-nodejs=""wordList"" pulumi-lang-dotnet=""WordList"" pulumi-lang-go=""wordList"" pulumi-lang-python=""word_list"" pulumi-lang-yaml=""wordList"" pulumi-lang-java=""wordList"">"word_list"</span>.
+     */
+    type: string;
+    updatedAt: string;
+    variant: outputs.GetZeroTrustDlpCustomProfileSharedEntryVariant;
+    wordList: string;
+}
+export interface GetZeroTrustDlpCustomProfileSharedEntryConfidence {
+    /**
+     * Indicates whether this entry has AI remote service validation.
+     */
+    aiContextAvailable: boolean;
+    /**
+     * Indicates whether this entry has any form of validation that is not an AI remote service.
+     */
+    available: boolean;
+}
+export interface GetZeroTrustDlpCustomProfileSharedEntryPattern {
+    regex: string;
+    /**
+     * Available values: "luhn".
+     *
+     * @deprecated Deprecated
+     */
+    validation: string;
+}
+export interface GetZeroTrustDlpCustomProfileSharedEntryVariant {
+    description: string;
+    /**
+     * Available values: "Intent", "Content".
+     */
+    topicType: string;
+    /**
+     * Available values: "PromptTopic".
+     */
+    type: string;
+}
 export interface GetZeroTrustDlpDatasetColumn {
     entryId: string;
     headerName: string;
@@ -22940,6 +24326,7 @@ export interface GetZeroTrustDlpEntriesResult {
     caseSensitive: boolean;
     confidence: outputs.GetZeroTrustDlpEntriesResultConfidence;
     createdAt: string;
+    description: string;
     enabled: boolean;
     id: string;
     name: string;
@@ -23031,6 +24418,7 @@ export interface GetZeroTrustDlpIntegrationEntriesResult {
     caseSensitive: boolean;
     confidence: outputs.GetZeroTrustDlpIntegrationEntriesResultConfidence;
     createdAt: string;
+    description: string;
     enabled: boolean;
     id: string;
     name: string;
@@ -23122,6 +24510,7 @@ export interface GetZeroTrustDlpPredefinedEntriesResult {
     caseSensitive: boolean;
     confidence: outputs.GetZeroTrustDlpPredefinedEntriesResultConfidence;
     createdAt: string;
+    description: string;
     enabled: boolean;
     id: string;
     name: string;
@@ -23213,6 +24602,7 @@ export interface GetZeroTrustDlpPredefinedProfileEntry {
     caseSensitive: boolean;
     confidence: outputs.GetZeroTrustDlpPredefinedProfileEntryConfidence;
     createdAt: string;
+    description: string;
     enabled: boolean;
     id: string;
     name: string;
@@ -23599,6 +24989,27 @@ export interface GetZeroTrustGatewayLoggingSettingsByRuleTypeL4 {
      */
     logBlocks: boolean;
 }
+export interface GetZeroTrustGatewayPacfilesResult {
+    createdAt: string;
+    /**
+     * Detailed description of the PAC file.
+     */
+    description: string;
+    id: string;
+    /**
+     * Name of the PAC file.
+     */
+    name: string;
+    /**
+     * URL-friendly version of the PAC file name.
+     */
+    slug: string;
+    updatedAt: string;
+    /**
+     * Unique URL to download the PAC file.
+     */
+    url: string;
+}
 export interface GetZeroTrustGatewayPoliciesResult {
     /**
      * Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to <span pulumi-lang-nodejs="`true`" pulumi-lang-dotnet="`True`" pulumi-lang-go="`true`" pulumi-lang-python="`true`" pulumi-lang-yaml="`true`" pulumi-lang-java="`true`">`true`</span>.
@@ -24853,6 +26264,16 @@ export interface GetZeroTrustOrganizationLoginDesign {
      */
     textColor: string;
 }
+export interface GetZeroTrustOrganizationMfaConfig {
+    /**
+     * Lists the MFA methods that users can authenticate with.
+     */
+    allowedAuthenticators: string[];
+    /**
+     * Defines the duration of an MFA session. Must be in minutes (m) or hours (h). Minimum: 0m. Maximum: 720h (30 days). Examples:<span pulumi-lang-nodejs="`5m`" pulumi-lang-dotnet="`5m`" pulumi-lang-go="`5m`" pulumi-lang-python="`5m`" pulumi-lang-yaml="`5m`" pulumi-lang-java="`5m`">`5m`</span> or <span pulumi-lang-nodejs="`24h`" pulumi-lang-dotnet="`24h`" pulumi-lang-go="`24h`" pulumi-lang-python="`24h`" pulumi-lang-yaml="`24h`" pulumi-lang-java="`24h`">`24h`</span>.
+     */
+    sessionDuration: string;
+}
 export interface GetZeroTrustRiskBehaviorBehaviors {
     description: string;
     enabled: boolean;
@@ -25930,7 +27351,7 @@ export interface GetZonesResult {
      */
     modifiedOn: string;
     /**
-     * The domain name.
+     * The domain name. Per [RFC 1035](https://datatracker.ietf.org/doc/html/rfc1035#section-2.3.4) the overall zone name can be up to 253 characters, with each segment ("label") not exceeding 63 characters.
      */
     name: string;
     /**
@@ -26369,17 +27790,17 @@ export interface LoadBalancerPoolNotificationFilter {
     /**
      * Filter options for a particular resource type (pool or origin). Use null to reset.
      */
-    origin: outputs.LoadBalancerPoolNotificationFilterOrigin;
+    origin?: outputs.LoadBalancerPoolNotificationFilterOrigin;
     /**
      * Filter options for a particular resource type (pool or origin). Use null to reset.
      */
-    pool: outputs.LoadBalancerPoolNotificationFilterPool;
+    pool?: outputs.LoadBalancerPoolNotificationFilterPool;
 }
 export interface LoadBalancerPoolNotificationFilterOrigin {
     /**
      * If set true, disable notifications for this type of resource (pool or origin).
      */
-    disable: boolean;
+    disable?: boolean;
     /**
      * If present, send notifications only for this health status (e.g. false for only DOWN events). Use null to reset (all events).
      */
@@ -26389,7 +27810,7 @@ export interface LoadBalancerPoolNotificationFilterPool {
     /**
      * If set true, disable notifications for this type of resource (pool or origin).
      */
-    disable: boolean;
+    disable?: boolean;
     /**
      * If present, send notifications only for this health status (e.g. false for only DOWN events). Use null to reset (all events).
      */
@@ -28058,7 +29479,7 @@ export interface PagesProjectDeploymentConfigsPreviewServices {
     /**
      * The Service environment.
      */
-    environment?: string;
+    environment: string;
     /**
      * The Service name.
      */
@@ -28267,7 +29688,7 @@ export interface PagesProjectDeploymentConfigsProductionServices {
     /**
      * The Service environment.
      */
-    environment?: string;
+    environment: string;
     /**
      * The Service name.
      */
@@ -28593,13 +30014,10 @@ export interface QueueConsumer {
     consumerId: string;
     createdOn: string;
     /**
-     * A Resource identifier.
-     */
-    queueId: string;
-    /**
-     * Name of a Worker
+     * Name of the dead letter queue, or empty string if not configured
      */
-    script: string;
+    deadLetterQueue: string;
+    queueName: string;
     /**
      * Name of a Worker
      */
@@ -28962,7 +30380,7 @@ export interface RateLimitMatchResponse {
 export interface RulesetRule {
     /**
      * The action to perform when the rule matches.
-     * Available values: "block", "challenge", <span pulumi-lang-nodejs=""compressResponse"" pulumi-lang-dotnet=""CompressResponse"" pulumi-lang-go=""compressResponse"" pulumi-lang-python=""compress_response"" pulumi-lang-yaml=""compressResponse"" pulumi-lang-java=""compressResponse"">"compress_response"</span>, <span pulumi-lang-nodejs=""ddosDynamic"" pulumi-lang-dotnet=""DdosDynamic"" pulumi-lang-go=""ddosDynamic"" pulumi-lang-python=""ddos_dynamic"" pulumi-lang-yaml=""ddosDynamic"" pulumi-lang-java=""ddosDynamic"">"ddos_dynamic"</span>, "execute", <span pulumi-lang-nodejs=""forceConnectionClose"" pulumi-lang-dotnet=""ForceConnectionClose"" pulumi-lang-go=""forceConnectionClose"" pulumi-lang-python=""force_connection_close"" pulumi-lang-yaml=""forceConnectionClose"" pulumi-lang-java=""forceConnectionClose"">"force_connection_close"</span>, <span pulumi-lang-nodejs=""jsChallenge"" pulumi-lang-dotnet=""JsChallenge"" pulumi-lang-go=""jsChallenge"" pulumi-lang-python=""js_challenge"" pulumi-lang-yaml=""jsChallenge"" pulumi-lang-java=""jsChallenge"">"js_challenge"</span>, "log", <span pulumi-lang-nodejs=""logCustomField"" pulumi-lang-dotnet=""LogCustomField"" pulumi-lang-go=""logCustomField"" pulumi-lang-python=""log_custom_field"" pulumi-lang-yaml=""logCustomField"" pulumi-lang-java=""logCustomField"">"log_custom_field"</span>, <span pulumi-lang-nodejs=""managedChallenge"" pulumi-lang-dotnet=""ManagedChallenge"" pulumi-lang-go=""managedChallenge"" pulumi-lang-python=""managed_challenge"" pulumi-lang-yaml=""managedChallenge"" pulumi-lang-java=""managedChallenge"">"managed_challenge"</span>, "redirect", "rewrite", "route", "score", <span pulumi-lang-nodejs=""serveError"" pulumi-lang-dotnet=""ServeError"" pulumi-lang-go=""serveError"" pulumi-lang-python=""serve_error"" pulumi-lang-yaml=""serveError"" pulumi-lang-java=""serveError"">"serve_error"</span>, <span pulumi-lang-nodejs=""setCacheSettings"" pulumi-lang-dotnet=""SetCacheSettings"" pulumi-lang-go=""setCacheSettings"" pulumi-lang-python=""set_cache_settings"" pulumi-lang-yaml=""setCacheSettings"" pulumi-lang-java=""setCacheSettings"">"set_cache_settings"</span>, <span pulumi-lang-nodejs=""setConfig"" pulumi-lang-dotnet=""SetConfig"" pulumi-lang-go=""setConfig"" pulumi-lang-python=""set_config"" pulumi-lang-yaml=""setConfig"" pulumi-lang-java=""setConfig"">"set_config"</span>, "skip".
+     * Available values: "block", "challenge", <span pulumi-lang-nodejs=""compressResponse"" pulumi-lang-dotnet=""CompressResponse"" pulumi-lang-go=""compressResponse"" pulumi-lang-python=""compress_response"" pulumi-lang-yaml=""compressResponse"" pulumi-lang-java=""compressResponse"">"compress_response"</span>, <span pulumi-lang-nodejs=""ddosDynamic"" pulumi-lang-dotnet=""DdosDynamic"" pulumi-lang-go=""ddosDynamic"" pulumi-lang-python=""ddos_dynamic"" pulumi-lang-yaml=""ddosDynamic"" pulumi-lang-java=""ddosDynamic"">"ddos_dynamic"</span>, "execute", <span pulumi-lang-nodejs=""forceConnectionClose"" pulumi-lang-dotnet=""ForceConnectionClose"" pulumi-lang-go=""forceConnectionClose"" pulumi-lang-python=""force_connection_close"" pulumi-lang-yaml=""forceConnectionClose"" pulumi-lang-java=""forceConnectionClose"">"force_connection_close"</span>, <span pulumi-lang-nodejs=""jsChallenge"" pulumi-lang-dotnet=""JsChallenge"" pulumi-lang-go=""jsChallenge"" pulumi-lang-python=""js_challenge"" pulumi-lang-yaml=""jsChallenge"" pulumi-lang-java=""jsChallenge"">"js_challenge"</span>, "log", <span pulumi-lang-nodejs=""logCustomField"" pulumi-lang-dotnet=""LogCustomField"" pulumi-lang-go=""logCustomField"" pulumi-lang-python=""log_custom_field"" pulumi-lang-yaml=""logCustomField"" pulumi-lang-java=""logCustomField"">"log_custom_field"</span>, <span pulumi-lang-nodejs=""managedChallenge"" pulumi-lang-dotnet=""ManagedChallenge"" pulumi-lang-go=""managedChallenge"" pulumi-lang-python=""managed_challenge"" pulumi-lang-yaml=""managedChallenge"" pulumi-lang-java=""managedChallenge"">"managed_challenge"</span>, "redirect", "rewrite", "route", "score", <span pulumi-lang-nodejs=""serveError"" pulumi-lang-dotnet=""ServeError"" pulumi-lang-go=""serveError"" pulumi-lang-python=""serve_error"" pulumi-lang-yaml=""serveError"" pulumi-lang-java=""serveError"">"serve_error"</span>, <span pulumi-lang-nodejs=""setCacheControl"" pulumi-lang-dotnet=""SetCacheControl"" pulumi-lang-go=""setCacheControl"" pulumi-lang-python=""set_cache_control"" pulumi-lang-yaml=""setCacheControl"" pulumi-lang-java=""setCacheControl"">"set_cache_control"</span>, <span pulumi-lang-nodejs=""setCacheSettings"" pulumi-lang-dotnet=""SetCacheSettings"" pulumi-lang-go=""setCacheSettings"" pulumi-lang-python=""set_cache_settings"" pulumi-lang-yaml=""setCacheSettings"" pulumi-lang-java=""setCacheSettings"">"set_cache_settings"</span>, <span pulumi-lang-nodejs=""setCacheTags"" pulumi-lang-dotnet=""SetCacheTags"" pulumi-lang-go=""setCacheTags"" pulumi-lang-python=""set_cache_tags"" pulumi-lang-yaml=""setCacheTags"" pulumi-lang-java=""setCacheTags"">"set_cache_tags"</span>, <span pulumi-lang-nodejs=""setConfig"" pulumi-lang-dotnet=""SetConfig"" pulumi-lang-go=""setConfig"" pulumi-lang-python=""set_config"" pulumi-lang-yaml=""setConfig"" pulumi-lang-java=""setConfig"">"set_config"</span>, "skip".
      */
     action: string;
     /**
@@ -29076,6 +30494,10 @@ export interface RulesetRuleActionParameters {
      * Whether to enable Email Obfuscation.
      */
     emailObfuscation?: boolean;
+    /**
+     * An expression to generate cache tags for<span pulumi-lang-nodejs=" setCacheTags " pulumi-lang-dotnet=" SetCacheTags " pulumi-lang-go=" setCacheTags " pulumi-lang-python=" set_cache_tags " pulumi-lang-yaml=" setCacheTags " pulumi-lang-java=" setCacheTags "> set_cache_tags </span>action.
+     */
+    expression?: string;
     /**
      * Whether to enable Cloudflare Fonts.
      */
@@ -29106,6 +30528,10 @@ export interface RulesetRuleActionParameters {
      * The ID of the ruleset to execute.
      */
     id?: string;
+    /**
+     * Set the immutable cache control directive.
+     */
+    immutable?: outputs.RulesetRuleActionParametersImmutable;
     /**
      * A delta to change the score by, which can be either positive or negative.
      */
@@ -29114,10 +30540,39 @@ export interface RulesetRuleActionParameters {
      * The configuration to use for matched data logging.
      */
     matchedData?: outputs.RulesetRuleActionParametersMatchedData;
+    /**
+     * Set the max-age cache control directive.
+     */
+    maxAge?: outputs.RulesetRuleActionParametersMaxAge;
     /**
      * Whether to enable Mirage.
      */
     mirage?: boolean;
+    /**
+     * Set the must-revalidate cache control directive.
+     */
+    mustRevalidate?: outputs.RulesetRuleActionParametersMustRevalidate;
+    /**
+     * Set the must-understand cache control directive.
+     */
+    mustUnderstand?: outputs.RulesetRuleActionParametersMustUnderstand;
+    /**
+     * Set the no-cache cache control directive.
+     */
+    noCache?: outputs.RulesetRuleActionParametersNoCache;
+    /**
+     * Set the no-store cache control directive.
+     */
+    noStore?: outputs.RulesetRuleActionParametersNoStore;
+    /**
+     * Set the no-transform cache control directive.
+     */
+    noTransform?: outputs.RulesetRuleActionParametersNoTransform;
+    /**
+     * The operation to perform for<span pulumi-lang-nodejs=" setCacheTags " pulumi-lang-dotnet=" SetCacheTags " pulumi-lang-go=" setCacheTags " pulumi-lang-python=" set_cache_tags " pulumi-lang-yaml=" setCacheTags " pulumi-lang-java=" setCacheTags "> set_cache_tags </span>action.
+     * Available values: "set", "add", "remove".
+     */
+    operation?: string;
     /**
      * Whether to enable Opportunistic Encryption.
      */
@@ -29140,7 +30595,7 @@ export interface RulesetRuleActionParameters {
     overrides?: outputs.RulesetRuleActionParametersOverrides;
     /**
      * A list of phases to skip the execution of. This option is incompatible with the rulesets option.
-     * Available values: <span pulumi-lang-nodejs=""ddosL4"" pulumi-lang-dotnet=""DdosL4"" pulumi-lang-go=""ddosL4"" pulumi-lang-python=""ddos_l4"" pulumi-lang-yaml=""ddosL4"" pulumi-lang-java=""ddosL4"">"ddos_l4"</span>, <span pulumi-lang-nodejs=""ddosL7"" pulumi-lang-dotnet=""DdosL7"" pulumi-lang-go=""ddosL7"" pulumi-lang-python=""ddos_l7"" pulumi-lang-yaml=""ddosL7"" pulumi-lang-java=""ddosL7"">"ddos_l7"</span>, <span pulumi-lang-nodejs=""httpConfigSettings"" pulumi-lang-dotnet=""HttpConfigSettings"" pulumi-lang-go=""httpConfigSettings"" pulumi-lang-python=""http_config_settings"" pulumi-lang-yaml=""httpConfigSettings"" pulumi-lang-java=""httpConfigSettings"">"http_config_settings"</span>, <span pulumi-lang-nodejs=""httpCustomErrors"" pulumi-lang-dotnet=""HttpCustomErrors"" pulumi-lang-go=""httpCustomErrors"" pulumi-lang-python=""http_custom_errors"" pulumi-lang-yaml=""httpCustomErrors"" pulumi-lang-java=""httpCustomErrors"">"http_custom_errors"</span>, <span pulumi-lang-nodejs=""httpLogCustomFields"" pulumi-lang-dotnet=""HttpLogCustomFields"" pulumi-lang-go=""httpLogCustomFields"" pulumi-lang-python=""http_log_custom_fields"" pulumi-lang-yaml=""httpLogCustomFields"" pulumi-lang-java=""httpLogCustomFields"">"http_log_custom_fields"</span>, <span pulumi-lang-nodejs=""httpRatelimit"" pulumi-lang-dotnet=""HttpRatelimit"" pulumi-lang-go=""httpRatelimit"" pulumi-lang-python=""http_ratelimit"" pulumi-lang-yaml=""httpRatelimit"" pulumi-lang-java=""httpRatelimit"">"http_ratelimit"</span>, <span pulumi-lang-nodejs=""httpRequestCacheSettings"" pulumi-lang-dotnet=""HttpRequestCacheSettings"" pulumi-lang-go=""httpRequestCacheSettings"" pulumi-lang-python=""http_request_cache_settings"" pulumi-lang-yaml=""httpRequestCacheSettings"" pulumi-lang-java=""httpRequestCacheSettings"">"http_request_cache_settings"</span>, <span pulumi-lang-nodejs=""httpRequestDynamicRedirect"" pulumi-lang-dotnet=""HttpRequestDynamicRedirect"" pulumi-lang-go=""httpRequestDynamicRedirect"" pulumi-lang-python=""http_request_dynamic_redirect"" pulumi-lang-yaml=""httpRequestDynamicRedirect"" pulumi-lang-java=""httpRequestDynamicRedirect"">"http_request_dynamic_redirect"</span>, <span pulumi-lang-nodejs=""httpRequestFirewallCustom"" pulumi-lang-dotnet=""HttpRequestFirewallCustom"" pulumi-lang-go=""httpRequestFirewallCustom"" pulumi-lang-python=""http_request_firewall_custom"" pulumi-lang-yaml=""httpRequestFirewallCustom"" pulumi-lang-java=""httpRequestFirewallCustom"">"http_request_firewall_custom"</span>, <span pulumi-lang-nodejs=""httpRequestFirewallManaged"" pulumi-lang-dotnet=""HttpRequestFirewallManaged"" pulumi-lang-go=""httpRequestFirewallManaged"" pulumi-lang-python=""http_request_firewall_managed"" pulumi-lang-yaml=""httpRequestFirewallManaged"" pulumi-lang-java=""httpRequestFirewallManaged"">"http_request_firewall_managed"</span>, <span pulumi-lang-nodejs=""httpRequestLateTransform"" pulumi-lang-dotnet=""HttpRequestLateTransform"" pulumi-lang-go=""httpRequestLateTransform"" pulumi-lang-python=""http_request_late_transform"" pulumi-lang-yaml=""httpRequestLateTransform"" pulumi-lang-java=""httpRequestLateTransform"">"http_request_late_transform"</span>, <span pulumi-lang-nodejs=""httpRequestOrigin"" pulumi-lang-dotnet=""HttpRequestOrigin"" pulumi-lang-go=""httpRequestOrigin"" pulumi-lang-python=""http_request_origin"" pulumi-lang-yaml=""httpRequestOrigin"" pulumi-lang-java=""httpRequestOrigin"">"http_request_origin"</span>, <span pulumi-lang-nodejs=""httpRequestRedirect"" pulumi-lang-dotnet=""HttpRequestRedirect"" pulumi-lang-go=""httpRequestRedirect"" pulumi-lang-python=""http_request_redirect"" pulumi-lang-yaml=""httpRequestRedirect"" pulumi-lang-java=""httpRequestRedirect"">"http_request_redirect"</span>, <span pulumi-lang-nodejs=""httpRequestSanitize"" pulumi-lang-dotnet=""HttpRequestSanitize"" pulumi-lang-go=""httpRequestSanitize"" pulumi-lang-python=""http_request_sanitize"" pulumi-lang-yaml=""httpRequestSanitize"" pulumi-lang-java=""httpRequestSanitize"">"http_request_sanitize"</span>, <span pulumi-lang-nodejs=""httpRequestSbfm"" pulumi-lang-dotnet=""HttpRequestSbfm"" pulumi-lang-go=""httpRequestSbfm"" pulumi-lang-python=""http_request_sbfm"" pulumi-lang-yaml=""httpRequestSbfm"" pulumi-lang-java=""httpRequestSbfm"">"http_request_sbfm"</span>, <span pulumi-lang-nodejs=""httpRequestTransform"" pulumi-lang-dotnet=""HttpRequestTransform"" pulumi-lang-go=""httpRequestTransform"" pulumi-lang-python=""http_request_transform"" pulumi-lang-yaml=""httpRequestTransform"" pulumi-lang-java=""httpRequestTransform"">"http_request_transform"</span>, <span pulumi-lang-nodejs=""httpResponseCompression"" pulumi-lang-dotnet=""HttpResponseCompression"" pulumi-lang-go=""httpResponseCompression"" pulumi-lang-python=""http_response_compression"" pulumi-lang-yaml=""httpResponseCompression"" pulumi-lang-java=""httpResponseCompression"">"http_response_compression"</span>, <span pulumi-lang-nodejs=""httpResponseFirewallManaged"" pulumi-lang-dotnet=""HttpResponseFirewallManaged"" pulumi-lang-go=""httpResponseFirewallManaged"" pulumi-lang-python=""http_response_firewall_managed"" pulumi-lang-yaml=""httpResponseFirewallManaged"" pulumi-lang-java=""httpResponseFirewallManaged"">"http_response_firewall_managed"</span>, <span pulumi-lang-nodejs=""httpResponseHeadersTransform"" pulumi-lang-dotnet=""HttpResponseHeadersTransform"" pulumi-lang-go=""httpResponseHeadersTransform"" pulumi-lang-python=""http_response_headers_transform"" pulumi-lang-yaml=""httpResponseHeadersTransform"" pulumi-lang-java=""httpResponseHeadersTransform"">"http_response_headers_transform"</span>, <span pulumi-lang-nodejs=""magicTransit"" pulumi-lang-dotnet=""MagicTransit"" pulumi-lang-go=""magicTransit"" pulumi-lang-python=""magic_transit"" pulumi-lang-yaml=""magicTransit"" pulumi-lang-java=""magicTransit"">"magic_transit"</span>, <span pulumi-lang-nodejs=""magicTransitIdsManaged"" pulumi-lang-dotnet=""MagicTransitIdsManaged"" pulumi-lang-go=""magicTransitIdsManaged"" pulumi-lang-python=""magic_transit_ids_managed"" pulumi-lang-yaml=""magicTransitIdsManaged"" pulumi-lang-java=""magicTransitIdsManaged"">"magic_transit_ids_managed"</span>, <span pulumi-lang-nodejs=""magicTransitManaged"" pulumi-lang-dotnet=""MagicTransitManaged"" pulumi-lang-go=""magicTransitManaged"" pulumi-lang-python=""magic_transit_managed"" pulumi-lang-yaml=""magicTransitManaged"" pulumi-lang-java=""magicTransitManaged"">"magic_transit_managed"</span>, <span pulumi-lang-nodejs=""magicTransitRatelimit"" pulumi-lang-dotnet=""MagicTransitRatelimit"" pulumi-lang-go=""magicTransitRatelimit"" pulumi-lang-python=""magic_transit_ratelimit"" pulumi-lang-yaml=""magicTransitRatelimit"" pulumi-lang-java=""magicTransitRatelimit"">"magic_transit_ratelimit"</span>.
+     * Available values: <span pulumi-lang-nodejs=""ddosL4"" pulumi-lang-dotnet=""DdosL4"" pulumi-lang-go=""ddosL4"" pulumi-lang-python=""ddos_l4"" pulumi-lang-yaml=""ddosL4"" pulumi-lang-java=""ddosL4"">"ddos_l4"</span>, <span pulumi-lang-nodejs=""ddosL7"" pulumi-lang-dotnet=""DdosL7"" pulumi-lang-go=""ddosL7"" pulumi-lang-python=""ddos_l7"" pulumi-lang-yaml=""ddosL7"" pulumi-lang-java=""ddosL7"">"ddos_l7"</span>, <span pulumi-lang-nodejs=""httpConfigSettings"" pulumi-lang-dotnet=""HttpConfigSettings"" pulumi-lang-go=""httpConfigSettings"" pulumi-lang-python=""http_config_settings"" pulumi-lang-yaml=""httpConfigSettings"" pulumi-lang-java=""httpConfigSettings"">"http_config_settings"</span>, <span pulumi-lang-nodejs=""httpCustomErrors"" pulumi-lang-dotnet=""HttpCustomErrors"" pulumi-lang-go=""httpCustomErrors"" pulumi-lang-python=""http_custom_errors"" pulumi-lang-yaml=""httpCustomErrors"" pulumi-lang-java=""httpCustomErrors"">"http_custom_errors"</span>, <span pulumi-lang-nodejs=""httpLogCustomFields"" pulumi-lang-dotnet=""HttpLogCustomFields"" pulumi-lang-go=""httpLogCustomFields"" pulumi-lang-python=""http_log_custom_fields"" pulumi-lang-yaml=""httpLogCustomFields"" pulumi-lang-java=""httpLogCustomFields"">"http_log_custom_fields"</span>, <span pulumi-lang-nodejs=""httpRatelimit"" pulumi-lang-dotnet=""HttpRatelimit"" pulumi-lang-go=""httpRatelimit"" pulumi-lang-python=""http_ratelimit"" pulumi-lang-yaml=""httpRatelimit"" pulumi-lang-java=""httpRatelimit"">"http_ratelimit"</span>, <span pulumi-lang-nodejs=""httpRequestCacheSettings"" pulumi-lang-dotnet=""HttpRequestCacheSettings"" pulumi-lang-go=""httpRequestCacheSettings"" pulumi-lang-python=""http_request_cache_settings"" pulumi-lang-yaml=""httpRequestCacheSettings"" pulumi-lang-java=""httpRequestCacheSettings"">"http_request_cache_settings"</span>, <span pulumi-lang-nodejs=""httpRequestDynamicRedirect"" pulumi-lang-dotnet=""HttpRequestDynamicRedirect"" pulumi-lang-go=""httpRequestDynamicRedirect"" pulumi-lang-python=""http_request_dynamic_redirect"" pulumi-lang-yaml=""httpRequestDynamicRedirect"" pulumi-lang-java=""httpRequestDynamicRedirect"">"http_request_dynamic_redirect"</span>, <span pulumi-lang-nodejs=""httpRequestFirewallCustom"" pulumi-lang-dotnet=""HttpRequestFirewallCustom"" pulumi-lang-go=""httpRequestFirewallCustom"" pulumi-lang-python=""http_request_firewall_custom"" pulumi-lang-yaml=""httpRequestFirewallCustom"" pulumi-lang-java=""httpRequestFirewallCustom"">"http_request_firewall_custom"</span>, <span pulumi-lang-nodejs=""httpRequestFirewallManaged"" pulumi-lang-dotnet=""HttpRequestFirewallManaged"" pulumi-lang-go=""httpRequestFirewallManaged"" pulumi-lang-python=""http_request_firewall_managed"" pulumi-lang-yaml=""httpRequestFirewallManaged"" pulumi-lang-java=""httpRequestFirewallManaged"">"http_request_firewall_managed"</span>, <span pulumi-lang-nodejs=""httpRequestLateTransform"" pulumi-lang-dotnet=""HttpRequestLateTransform"" pulumi-lang-go=""httpRequestLateTransform"" pulumi-lang-python=""http_request_late_transform"" pulumi-lang-yaml=""httpRequestLateTransform"" pulumi-lang-java=""httpRequestLateTransform"">"http_request_late_transform"</span>, <span pulumi-lang-nodejs=""httpRequestOrigin"" pulumi-lang-dotnet=""HttpRequestOrigin"" pulumi-lang-go=""httpRequestOrigin"" pulumi-lang-python=""http_request_origin"" pulumi-lang-yaml=""httpRequestOrigin"" pulumi-lang-java=""httpRequestOrigin"">"http_request_origin"</span>, <span pulumi-lang-nodejs=""httpRequestRedirect"" pulumi-lang-dotnet=""HttpRequestRedirect"" pulumi-lang-go=""httpRequestRedirect"" pulumi-lang-python=""http_request_redirect"" pulumi-lang-yaml=""httpRequestRedirect"" pulumi-lang-java=""httpRequestRedirect"">"http_request_redirect"</span>, <span pulumi-lang-nodejs=""httpRequestSanitize"" pulumi-lang-dotnet=""HttpRequestSanitize"" pulumi-lang-go=""httpRequestSanitize"" pulumi-lang-python=""http_request_sanitize"" pulumi-lang-yaml=""httpRequestSanitize"" pulumi-lang-java=""httpRequestSanitize"">"http_request_sanitize"</span>, <span pulumi-lang-nodejs=""httpRequestSbfm"" pulumi-lang-dotnet=""HttpRequestSbfm"" pulumi-lang-go=""httpRequestSbfm"" pulumi-lang-python=""http_request_sbfm"" pulumi-lang-yaml=""httpRequestSbfm"" pulumi-lang-java=""httpRequestSbfm"">"http_request_sbfm"</span>, <span pulumi-lang-nodejs=""httpRequestTransform"" pulumi-lang-dotnet=""HttpRequestTransform"" pulumi-lang-go=""httpRequestTransform"" pulumi-lang-python=""http_request_transform"" pulumi-lang-yaml=""httpRequestTransform"" pulumi-lang-java=""httpRequestTransform"">"http_request_transform"</span>, <span pulumi-lang-nodejs=""httpResponseCacheSettings"" pulumi-lang-dotnet=""HttpResponseCacheSettings"" pulumi-lang-go=""httpResponseCacheSettings"" pulumi-lang-python=""http_response_cache_settings"" pulumi-lang-yaml=""httpResponseCacheSettings"" pulumi-lang-java=""httpResponseCacheSettings"">"http_response_cache_settings"</span>, <span pulumi-lang-nodejs=""httpResponseCompression"" pulumi-lang-dotnet=""HttpResponseCompression"" pulumi-lang-go=""httpResponseCompression"" pulumi-lang-python=""http_response_compression"" pulumi-lang-yaml=""httpResponseCompression"" pulumi-lang-java=""httpResponseCompression"">"http_response_compression"</span>, <span pulumi-lang-nodejs=""httpResponseFirewallManaged"" pulumi-lang-dotnet=""HttpResponseFirewallManaged"" pulumi-lang-go=""httpResponseFirewallManaged"" pulumi-lang-python=""http_response_firewall_managed"" pulumi-lang-yaml=""httpResponseFirewallManaged"" pulumi-lang-java=""httpResponseFirewallManaged"">"http_response_firewall_managed"</span>, <span pulumi-lang-nodejs=""httpResponseHeadersTransform"" pulumi-lang-dotnet=""HttpResponseHeadersTransform"" pulumi-lang-go=""httpResponseHeadersTransform"" pulumi-lang-python=""http_response_headers_transform"" pulumi-lang-yaml=""httpResponseHeadersTransform"" pulumi-lang-java=""httpResponseHeadersTransform"">"http_response_headers_transform"</span>, <span pulumi-lang-nodejs=""magicTransit"" pulumi-lang-dotnet=""MagicTransit"" pulumi-lang-go=""magicTransit"" pulumi-lang-python=""magic_transit"" pulumi-lang-yaml=""magicTransit"" pulumi-lang-java=""magicTransit"">"magic_transit"</span>, <span pulumi-lang-nodejs=""magicTransitIdsManaged"" pulumi-lang-dotnet=""MagicTransitIdsManaged"" pulumi-lang-go=""magicTransitIdsManaged"" pulumi-lang-python=""magic_transit_ids_managed"" pulumi-lang-yaml=""magicTransitIdsManaged"" pulumi-lang-java=""magicTransitIdsManaged"">"magic_transit_ids_managed"</span>, <span pulumi-lang-nodejs=""magicTransitManaged"" pulumi-lang-dotnet=""MagicTransitManaged"" pulumi-lang-go=""magicTransitManaged"" pulumi-lang-python=""magic_transit_managed"" pulumi-lang-yaml=""magicTransitManaged"" pulumi-lang-java=""magicTransitManaged"">"magic_transit_managed"</span>, <span pulumi-lang-nodejs=""magicTransitRatelimit"" pulumi-lang-dotnet=""MagicTransitRatelimit"" pulumi-lang-go=""magicTransitRatelimit"" pulumi-lang-python=""magic_transit_ratelimit"" pulumi-lang-yaml=""magicTransitRatelimit"" pulumi-lang-java=""magicTransitRatelimit"">"magic_transit_ratelimit"</span>.
      */
     phases?: string[];
     /**
@@ -29148,11 +30603,23 @@ export interface RulesetRuleActionParameters {
      * Available values: "off", "lossless", "lossy", "webp".
      */
     polish?: string;
+    /**
+     * Set the private cache control directive.
+     */
+    private?: outputs.RulesetRuleActionParametersPrivate;
     /**
      * A list of legacy security products to skip the execution of.
      * Available values: "bic", "hot", "rateLimit", "securityLevel", "uaBlock", "waf", "zoneLockdown".
      */
     products?: string[];
+    /**
+     * Set the proxy-revalidate cache control directive.
+     */
+    proxyRevalidate?: outputs.RulesetRuleActionParametersProxyRevalidate;
+    /**
+     * Set the public cache control directive.
+     */
+    public?: outputs.RulesetRuleActionParametersPublic;
     /**
      * The raw response fields to log.
      */
@@ -29206,6 +30673,10 @@ export interface RulesetRuleActionParameters {
      * A list of ruleset IDs to skip the execution of. This option is incompatible with the ruleset and phases options.
      */
     rulesets?: string[];
+    /**
+     * Set the s-maxage cache control directive.
+     */
+    sMaxage?: outputs.RulesetRuleActionParametersSMaxage;
     /**
      * The Security Level to configure.
      * Available values: "off", <span pulumi-lang-nodejs=""essentiallyOff"" pulumi-lang-dotnet=""EssentiallyOff"" pulumi-lang-go=""essentiallyOff"" pulumi-lang-python=""essentially_off"" pulumi-lang-yaml=""essentiallyOff"" pulumi-lang-java=""essentiallyOff"">"essentially_off"</span>, "low", "medium", "high", <span pulumi-lang-nodejs=""underAttack"" pulumi-lang-dotnet=""UnderAttack"" pulumi-lang-go=""underAttack"" pulumi-lang-python=""under_attack"" pulumi-lang-yaml=""underAttack"" pulumi-lang-java=""underAttack"">"under_attack"</span>.
@@ -29228,10 +30699,30 @@ export interface RulesetRuleActionParameters {
      * Available values: "off", "flexible", "full", "strict", <span pulumi-lang-nodejs=""originPull"" pulumi-lang-dotnet=""OriginPull"" pulumi-lang-go=""originPull"" pulumi-lang-python=""origin_pull"" pulumi-lang-yaml=""originPull"" pulumi-lang-java=""originPull"">"origin_pull"</span>.
      */
     ssl?: string;
+    /**
+     * Set the stale-if-error cache control directive.
+     */
+    staleIfError?: outputs.RulesetRuleActionParametersStaleIfError;
+    /**
+     * Set the stale-while-revalidate cache control directive.
+     */
+    staleWhileRevalidate?: outputs.RulesetRuleActionParametersStaleWhileRevalidate;
     /**
      * The status code to use for the error.
      */
     statusCode?: number;
+    /**
+     * Whether to strip the ETag header from the response.
+     */
+    stripEtags?: boolean;
+    /**
+     * Whether to strip the Last-Modified header from the response.
+     */
+    stripLastModified?: boolean;
+    /**
+     * Whether to strip the Set-Cookie header from the response.
+     */
+    stripSetCookie?: boolean;
     /**
      * Whether to enable Signed Exchanges (SXG).
      */
@@ -29244,6 +30735,10 @@ export interface RulesetRuleActionParameters {
      * A URI rewrite.
      */
     uri?: outputs.RulesetRuleActionParametersUri;
+    /**
+     * The cache tag values for<span pulumi-lang-nodejs=" setCacheTags " pulumi-lang-dotnet=" SetCacheTags " pulumi-lang-go=" setCacheTags " pulumi-lang-python=" set_cache_tags " pulumi-lang-yaml=" setCacheTags " pulumi-lang-java=" setCacheTags "> set_cache_tags </span>action.
+     */
+    values?: string[];
 }
 export interface RulesetRuleActionParametersAlgorithm {
     /**
@@ -29501,12 +30996,97 @@ export interface RulesetRuleActionParametersHeaders {
      */
     value?: string;
 }
+export interface RulesetRuleActionParametersImmutable {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+}
 export interface RulesetRuleActionParametersMatchedData {
     /**
      * The public key to encrypt matched data logs with.
      */
     publicKey: string;
 }
+export interface RulesetRuleActionParametersMaxAge {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+    /**
+     * The value for the directive in seconds.
+     */
+    value?: number;
+}
+export interface RulesetRuleActionParametersMustRevalidate {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+}
+export interface RulesetRuleActionParametersMustUnderstand {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+}
+export interface RulesetRuleActionParametersNoCache {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+    /**
+     * The qualifiers for the directive.
+     */
+    qualifiers?: string[];
+}
+export interface RulesetRuleActionParametersNoStore {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+}
+export interface RulesetRuleActionParametersNoTransform {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+}
 export interface RulesetRuleActionParametersOrigin {
     /**
      * A resolved host to route to.
@@ -29582,6 +31162,43 @@ export interface RulesetRuleActionParametersOverridesRule {
      */
     sensitivityLevel?: string;
 }
+export interface RulesetRuleActionParametersPrivate {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+    /**
+     * The qualifiers for the directive.
+     */
+    qualifiers?: string[];
+}
+export interface RulesetRuleActionParametersProxyRevalidate {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+}
+export interface RulesetRuleActionParametersPublic {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+}
 export interface RulesetRuleActionParametersRawResponseField {
     /**
      * The name of the response header.
@@ -29622,6 +31239,21 @@ export interface RulesetRuleActionParametersResponseField {
      */
     preserveDuplicates: boolean;
 }
+export interface RulesetRuleActionParametersSMaxage {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+    /**
+     * The value for the directive in seconds.
+     */
+    value?: number;
+}
 export interface RulesetRuleActionParametersServeStale {
     /**
      * Whether Cloudflare should disable serving stale content while getting the latest content from the origin.
@@ -29634,6 +31266,36 @@ export interface RulesetRuleActionParametersSni {
      */
     value: string;
 }
+export interface RulesetRuleActionParametersStaleIfError {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+    /**
+     * The value for the directive in seconds.
+     */
+    value?: number;
+}
+export interface RulesetRuleActionParametersStaleWhileRevalidate {
+    /**
+     * Whether to apply the directive only to Cloudflare's cache.
+     */
+    cloudflareOnly: boolean;
+    /**
+     * The operation to perform.
+     * Available values: "set", "remove".
+     */
+    operation: string;
+    /**
+     * The value for the directive in seconds.
+     */
+    value?: number;
+}
 export interface RulesetRuleActionParametersTransformedRequestField {
     /**
      * The name of the header.
@@ -29726,33 +31388,33 @@ export interface SnippetFile {
 }
 export interface SnippetMetadata {
     /**
-     * Name of the file that contains the main module of the snippet.
+     * Specify the name of the file that contains the main module of the snippet.
      */
     mainModule: string;
 }
 export interface SnippetRulesRule {
     /**
-     * An informative description of the rule.
+     * Provide an informative description of the rule.
      */
     description: string;
     /**
-     * Whether the rule should be executed.
+     * Indicate whether to execute the rule.
      */
     enabled: boolean;
     /**
-     * The expression defining which traffic will match the rule.
+     * Define the expression that determines which traffic matches the rule.
      */
     expression: string;
     /**
-     * The unique ID of the rule.
+     * Specify the unique ID of the rule.
      */
     id: string;
     /**
-     * The timestamp of when the rule was last modified.
+     * Specify the timestamp of when the rule was last modified.
      */
     lastUpdated: string;
     /**
-     * The identifying name of the snippet.
+     * Identify the snippet.
      */
     snippetName: string;
 }
@@ -29782,7 +31444,7 @@ export interface SpectrumApplicationEdgeIps {
     /**
      * The array of customer owned IPs we broadcast via anycast for this hostname and application.
      */
-    ips?: string[];
+    ips: string[];
     /**
      * The type of edge IP configuration specified. Dynamically allocated edge IPs use Spectrum anycast IPs in accordance with the connectivity you specify. Only valid with CNAME DNS names.
      * Available values: "dynamic", "static".
@@ -30480,6 +32142,10 @@ export interface WorkerVersionBinding {
      * Name of Worker to bind to.
      */
     service?: string;
+    /**
+     * The rate limit configuration.
+     */
+    simple?: outputs.WorkerVersionBindingSimple;
     /**
      * ID of the store containing the secret.
      */
@@ -30490,7 +32156,7 @@ export interface WorkerVersionBinding {
     text?: string;
     /**
      * The kind of resource that the binding provides.
-     * Available values: "ai", <span pulumi-lang-nodejs=""analyticsEngine"" pulumi-lang-dotnet=""AnalyticsEngine"" pulumi-lang-go=""analyticsEngine"" pulumi-lang-python=""analytics_engine"" pulumi-lang-yaml=""analyticsEngine"" pulumi-lang-java=""analyticsEngine"">"analytics_engine"</span>, "assets", "browser", "d1", <span pulumi-lang-nodejs=""dataBlob"" pulumi-lang-dotnet=""DataBlob"" pulumi-lang-go=""dataBlob"" pulumi-lang-python=""data_blob"" pulumi-lang-yaml=""dataBlob"" pulumi-lang-java=""dataBlob"">"data_blob"</span>, <span pulumi-lang-nodejs=""dispatchNamespace"" pulumi-lang-dotnet=""DispatchNamespace"" pulumi-lang-go=""dispatchNamespace"" pulumi-lang-python=""dispatch_namespace"" pulumi-lang-yaml=""dispatchNamespace"" pulumi-lang-java=""dispatchNamespace"">"dispatch_namespace"</span>, <span pulumi-lang-nodejs=""durableObjectNamespace"" pulumi-lang-dotnet=""DurableObjectNamespace"" pulumi-lang-go=""durableObjectNamespace"" pulumi-lang-python=""durable_object_namespace"" pulumi-lang-yaml=""durableObjectNamespace"" pulumi-lang-java=""durableObjectNamespace"">"durable_object_namespace"</span>, "hyperdrive", "inherit", "images", "json", <span pulumi-lang-nodejs=""kvNamespace"" pulumi-lang-dotnet=""KvNamespace"" pulumi-lang-go=""kvNamespace"" pulumi-lang-python=""kv_namespace"" pulumi-lang-yaml=""kvNamespace"" pulumi-lang-java=""kvNamespace"">"kv_namespace"</span>, <span pulumi-lang-nodejs=""mtlsCertificate"" pulumi-lang-dotnet=""MtlsCertificate"" pulumi-lang-go=""mtlsCertificate"" pulumi-lang-python=""mtls_certificate"" pulumi-lang-yaml=""mtlsCertificate"" pulumi-lang-java=""mtlsCertificate"">"mtls_certificate"</span>, <span pulumi-lang-nodejs=""plainText"" pulumi-lang-dotnet=""PlainText"" pulumi-lang-go=""plainText"" pulumi-lang-python=""plain_text"" pulumi-lang-yaml=""plainText"" pulumi-lang-java=""plainText"">"plain_text"</span>, "pipelines", "queue", <span pulumi-lang-nodejs=""r2Bucket"" pulumi-lang-dotnet=""R2Bucket"" pulumi-lang-go=""r2Bucket"" pulumi-lang-python=""r2_bucket"" pulumi-lang-yaml=""r2Bucket"" pulumi-lang-java=""r2Bucket"">"r2_bucket"</span>, <span pulumi-lang-nodejs=""secretText"" pulumi-lang-dotnet=""SecretText"" pulumi-lang-go=""secretText"" pulumi-lang-python=""secret_text"" pulumi-lang-yaml=""secretText"" pulumi-lang-java=""secretText"">"secret_text"</span>, <span pulumi-lang-nodejs=""sendEmail"" pulumi-lang-dotnet=""SendEmail"" pulumi-lang-go=""sendEmail"" pulumi-lang-python=""send_email"" pulumi-lang-yaml=""sendEmail"" pulumi-lang-java=""sendEmail"">"send_email"</span>, "service", <span pulumi-lang-nodejs=""textBlob"" pulumi-lang-dotnet=""TextBlob"" pulumi-lang-go=""textBlob"" pulumi-lang-python=""text_blob"" pulumi-lang-yaml=""textBlob"" pulumi-lang-java=""textBlob"">"text_blob"</span>, "vectorize", <span pulumi-lang-nodejs=""versionMetadata"" pulumi-lang-dotnet=""VersionMetadata"" pulumi-lang-go=""versionMetadata"" pulumi-lang-python=""version_metadata"" pulumi-lang-yaml=""versionMetadata"" pulumi-lang-java=""versionMetadata"">"version_metadata"</span>, <span pulumi-lang-nodejs=""secretsStoreSecret"" pulumi-lang-dotnet=""SecretsStoreSecret"" pulumi-lang-go=""secretsStoreSecret"" pulumi-lang-python=""secrets_store_secret"" pulumi-lang-yaml=""secretsStoreSecret"" pulumi-lang-java=""secretsStoreSecret"">"secrets_store_secret"</span>, <span pulumi-lang-nodejs=""secretKey"" pulumi-lang-dotnet=""SecretKey"" pulumi-lang-go=""secretKey"" pulumi-lang-python=""secret_key"" pulumi-lang-yaml=""secretKey"" pulumi-lang-java=""secretKey"">"secret_key"</span>, "workflow", <span pulumi-lang-nodejs=""wasmModule"" pulumi-lang-dotnet=""WasmModule"" pulumi-lang-go=""wasmModule"" pulumi-lang-python=""wasm_module"" pulumi-lang-yaml=""wasmModule"" pulumi-lang-java=""wasmModule"">"wasm_module"</span>.
+     * Available values: "ai", <span pulumi-lang-nodejs=""analyticsEngine"" pulumi-lang-dotnet=""AnalyticsEngine"" pulumi-lang-go=""analyticsEngine"" pulumi-lang-python=""analytics_engine"" pulumi-lang-yaml=""analyticsEngine"" pulumi-lang-java=""analyticsEngine"">"analytics_engine"</span>, "assets", "browser", "d1", <span pulumi-lang-nodejs=""dataBlob"" pulumi-lang-dotnet=""DataBlob"" pulumi-lang-go=""dataBlob"" pulumi-lang-python=""data_blob"" pulumi-lang-yaml=""dataBlob"" pulumi-lang-java=""dataBlob"">"data_blob"</span>, <span pulumi-lang-nodejs=""dispatchNamespace"" pulumi-lang-dotnet=""DispatchNamespace"" pulumi-lang-go=""dispatchNamespace"" pulumi-lang-python=""dispatch_namespace"" pulumi-lang-yaml=""dispatchNamespace"" pulumi-lang-java=""dispatchNamespace"">"dispatch_namespace"</span>, <span pulumi-lang-nodejs=""durableObjectNamespace"" pulumi-lang-dotnet=""DurableObjectNamespace"" pulumi-lang-go=""durableObjectNamespace"" pulumi-lang-python=""durable_object_namespace"" pulumi-lang-yaml=""durableObjectNamespace"" pulumi-lang-java=""durableObjectNamespace"">"durable_object_namespace"</span>, "hyperdrive", "inherit", "images", "json", <span pulumi-lang-nodejs=""kvNamespace"" pulumi-lang-dotnet=""KvNamespace"" pulumi-lang-go=""kvNamespace"" pulumi-lang-python=""kv_namespace"" pulumi-lang-yaml=""kvNamespace"" pulumi-lang-java=""kvNamespace"">"kv_namespace"</span>, <span pulumi-lang-nodejs=""mtlsCertificate"" pulumi-lang-dotnet=""MtlsCertificate"" pulumi-lang-go=""mtlsCertificate"" pulumi-lang-python=""mtls_certificate"" pulumi-lang-yaml=""mtlsCertificate"" pulumi-lang-java=""mtlsCertificate"">"mtls_certificate"</span>, <span pulumi-lang-nodejs=""plainText"" pulumi-lang-dotnet=""PlainText"" pulumi-lang-go=""plainText"" pulumi-lang-python=""plain_text"" pulumi-lang-yaml=""plainText"" pulumi-lang-java=""plainText"">"plain_text"</span>, "pipelines", "queue", "ratelimit", <span pulumi-lang-nodejs=""r2Bucket"" pulumi-lang-dotnet=""R2Bucket"" pulumi-lang-go=""r2Bucket"" pulumi-lang-python=""r2_bucket"" pulumi-lang-yaml=""r2Bucket"" pulumi-lang-java=""r2Bucket"">"r2_bucket"</span>, <span pulumi-lang-nodejs=""secretText"" pulumi-lang-dotnet=""SecretText"" pulumi-lang-go=""secretText"" pulumi-lang-python=""secret_text"" pulumi-lang-yaml=""secretText"" pulumi-lang-java=""secretText"">"secret_text"</span>, <span pulumi-lang-nodejs=""sendEmail"" pulumi-lang-dotnet=""SendEmail"" pulumi-lang-go=""sendEmail"" pulumi-lang-python=""send_email"" pulumi-lang-yaml=""sendEmail"" pulumi-lang-java=""sendEmail"">"send_email"</span>, "service", <span pulumi-lang-nodejs=""textBlob"" pulumi-lang-dotnet=""TextBlob"" pulumi-lang-go=""textBlob"" pulumi-lang-python=""text_blob"" pulumi-lang-yaml=""textBlob"" pulumi-lang-java=""textBlob"">"text_blob"</span>, "vectorize", <span pulumi-lang-nodejs=""versionMetadata"" pulumi-lang-dotnet=""VersionMetadata"" pulumi-lang-go=""versionMetadata"" pulumi-lang-python=""version_metadata"" pulumi-lang-yaml=""versionMetadata"" pulumi-lang-java=""versionMetadata"">"version_metadata"</span>, <span pulumi-lang-nodejs=""secretsStoreSecret"" pulumi-lang-dotnet=""SecretsStoreSecret"" pulumi-lang-go=""secretsStoreSecret"" pulumi-lang-python=""secrets_store_secret"" pulumi-lang-yaml=""secretsStoreSecret"" pulumi-lang-java=""secretsStoreSecret"">"secrets_store_secret"</span>, <span pulumi-lang-nodejs=""secretKey"" pulumi-lang-dotnet=""SecretKey"" pulumi-lang-go=""secretKey"" pulumi-lang-python=""secret_key"" pulumi-lang-yaml=""secretKey"" pulumi-lang-java=""secretKey"">"secret_key"</span>, "workflow", <span pulumi-lang-nodejs=""wasmModule"" pulumi-lang-dotnet=""WasmModule"" pulumi-lang-go=""wasmModule"" pulumi-lang-python=""wasm_module"" pulumi-lang-yaml=""wasmModule"" pulumi-lang-java=""wasmModule"">"wasm_module"</span>.
      */
     type: string;
     /**
@@ -30510,13 +32176,23 @@ export interface WorkerVersionBindingOutbound {
     /**
      * Pass information from the Dispatch Worker to the Outbound Worker through the parameters.
      */
-    params?: string[];
+    params?: outputs.WorkerVersionBindingOutboundParam[];
     /**
      * Outbound worker.
      */
     worker?: outputs.WorkerVersionBindingOutboundWorker;
 }
+export interface WorkerVersionBindingOutboundParam {
+    /**
+     * Name of the parameter.
+     */
+    name: string;
+}
 export interface WorkerVersionBindingOutboundWorker {
+    /**
+     * Entrypoint to invoke on the outbound worker.
+     */
+    entrypoint?: string;
     /**
      * Environment of the outbound worker.
      */
@@ -30526,6 +32202,16 @@ export interface WorkerVersionBindingOutboundWorker {
      */
     service?: string;
 }
+export interface WorkerVersionBindingSimple {
+    /**
+     * The limit (requests per period).
+     */
+    limit: number;
+    /**
+     * The period in seconds.
+     */
+    period: number;
+}
 export interface WorkerVersionLimits {
     /**
      * CPU time limit in milliseconds.
@@ -30630,10 +32316,40 @@ export interface WorkerVersionModule {
 }
 export interface WorkerVersionPlacement {
     /**
-     * Placement mode for the version.
-     * Available values: "smart".
+     * TCP host and port for targeted placement.
+     */
+    host?: string;
+    /**
+     * HTTP hostname for targeted placement.
+     */
+    hostname?: string;
+    /**
+     * Enables [Smart Placement](https://developers.cloudflare.com/workers/configuration/smart-placement).
+     * Available values: "smart", "targeted".
      */
     mode?: string;
+    /**
+     * Cloud region for targeted placement in format 'provider:region'.
+     */
+    region?: string;
+    /**
+     * Array of placement targets (currently limited to single target).
+     */
+    targets?: outputs.WorkerVersionPlacementTarget[];
+}
+export interface WorkerVersionPlacementTarget {
+    /**
+     * TCP host:port for targeted placement.
+     */
+    host?: string;
+    /**
+     * HTTP hostname for targeted placement.
+     */
+    hostname?: string;
+    /**
+     * Cloud region in format 'provider:region'.
+     */
+    region?: string;
 }
 export interface WorkersCronTriggerSchedule {
     createdOn: string;
@@ -30813,6 +32529,10 @@ export interface WorkersScriptBinding {
      * Name of Worker to bind to.
      */
     service?: string;
+    /**
+     * A simple rate limit.
+     */
+    simple?: outputs.WorkersScriptBindingSimple;
     /**
      * ID of the store containing the secret.
      */
@@ -30859,6 +32579,16 @@ export interface WorkersScriptBindingOutboundWorker {
      */
     service?: string;
 }
+export interface WorkersScriptBindingSimple {
+    /**
+     * The rate limit value.
+     */
+    limit: number;
+    /**
+     * The rate limit period in seconds.
+     */
+    period: number;
+}
 export interface WorkersScriptLimits {
     /**
      * The amount of CPU time this Worker can use in milliseconds.
@@ -31000,7 +32730,7 @@ export interface WorkersScriptPlacement {
     lastAnalyzedAt: string;
     /**
      * Enables [Smart Placement](https://developers.cloudflare.com/workers/configuration/smart-placement).
-     * Available values: "smart".
+     * Available values: "smart", "targeted".
      */
     mode?: string;
     /**
@@ -31012,6 +32742,24 @@ export interface WorkersScriptPlacement {
      * Available values: "SUCCESS", "UNSUPPORTED_APPLICATION", "INSUFFICIENT_INVOCATIONS".
      */
     status: string;
+    /**
+     * Array of placement targets (currently limited to single target).
+     */
+    targets: outputs.WorkersScriptPlacementTarget[];
+}
+export interface WorkersScriptPlacementTarget {
+    /**
+     * TCP host:port for targeted placement.
+     */
+    host: string;
+    /**
+     * HTTP hostname for targeted placement.
+     */
+    hostname: string;
+    /**
+     * Cloud region in format 'provider:region'.
+     */
+    region: string;
 }
 export interface WorkersScriptTailConsumer {
     /**
@@ -31194,11 +32942,25 @@ export interface ZeroTrustAccessApplicationPolicy {
     requires?: outputs.ZeroTrustAccessApplicationPolicyRequire[];
 }
 export interface ZeroTrustAccessApplicationPolicyConnectionRules {
+    /**
+     * The RDP-specific rules that define clipboard behavior for RDP connections.
+     */
+    rdp?: outputs.ZeroTrustAccessApplicationPolicyConnectionRulesRdp;
     /**
      * The SSH-specific rules that define how users may connect to the targets secured by your application.
      */
     ssh?: outputs.ZeroTrustAccessApplicationPolicyConnectionRulesSsh;
 }
+export interface ZeroTrustAccessApplicationPolicyConnectionRulesRdp {
+    /**
+     * Clipboard formats allowed when copying from local machine to remote RDP session.
+     */
+    allowedClipboardLocalToRemoteFormats?: string[];
+    /**
+     * Clipboard formats allowed when copying from remote RDP session to local machine.
+     */
+    allowedClipboardRemoteToLocalFormats?: string[];
+}
 export interface ZeroTrustAccessApplicationPolicyConnectionRulesSsh {
     /**
      * Enables using Identity Provider email alias as SSH username.
@@ -32979,6 +34741,22 @@ export interface ZeroTrustAccessPolicyApprovalGroup {
      */
     emailListUuid?: string;
 }
+export interface ZeroTrustAccessPolicyConnectionRules {
+    /**
+     * The RDP-specific rules that define clipboard behavior for RDP connections.
+     */
+    rdp?: outputs.ZeroTrustAccessPolicyConnectionRulesRdp;
+}
+export interface ZeroTrustAccessPolicyConnectionRulesRdp {
+    /**
+     * Clipboard formats allowed when copying from local machine to remote RDP session.
+     */
+    allowedClipboardLocalToRemoteFormats?: string[];
+    /**
+     * Clipboard formats allowed when copying from remote RDP session to local machine.
+     */
+    allowedClipboardRemoteToLocalFormats?: string[];
+}
 export interface ZeroTrustAccessPolicyExclude {
     /**
      * An empty object which matches on all service tokens.
@@ -33403,6 +35181,20 @@ export interface ZeroTrustAccessPolicyIncludeServiceToken {
      */
     tokenId: string;
 }
+export interface ZeroTrustAccessPolicyMfaConfig {
+    /**
+     * Lists the MFA methods that users can authenticate with.
+     */
+    allowedAuthenticators?: string[];
+    /**
+     * Indicates whether to bypass MFA for this resource. This option is available at the application and policy level.
+     */
+    mfaBypass?: boolean;
+    /**
+     * Defines the duration of an MFA session. Must be in minutes (m) or hours (h). Minimum: 0m. Maximum: 720h (30 days). Examples:<span pulumi-lang-nodejs="`5m`" pulumi-lang-dotnet="`5m`" pulumi-lang-go="`5m`" pulumi-lang-python="`5m`" pulumi-lang-yaml="`5m`" pulumi-lang-java="`5m`">`5m`</span> or <span pulumi-lang-nodejs="`24h`" pulumi-lang-dotnet="`24h`" pulumi-lang-go="`24h`" pulumi-lang-python="`24h`" pulumi-lang-yaml="`24h`" pulumi-lang-java="`24h`">`24h`</span>.
+     */
+    sessionDuration?: string;
+}
 export interface ZeroTrustAccessPolicyRequire {
     /**
      * An empty object which matches on all service tokens.
@@ -33994,6 +35786,31 @@ export interface ZeroTrustDevicePostureRuleMatch {
      */
     platform?: string;
 }
+export interface ZeroTrustDexRuleTargetedTest {
+    /**
+     * The configuration object which contains the details for the WARP client to conduct the test.
+     */
+    data: outputs.ZeroTrustDexRuleTargetedTestData;
+    enabled: boolean;
+    name: string;
+    testId: string;
+}
+export interface ZeroTrustDexRuleTargetedTestData {
+    /**
+     * The desired endpoint to test.
+     */
+    host: string;
+    /**
+     * The type of test.
+     * Available values: "http", "traceroute".
+     */
+    kind: string;
+    /**
+     * The HTTP request method type.
+     * Available values: "GET".
+     */
+    method: string;
+}
 export interface ZeroTrustDexTestData {
     /**
      * The desired endpoint to test.
@@ -34073,6 +35890,7 @@ export interface ZeroTrustDlpCustomProfileContextAwarenessSkip {
     files: boolean;
 }
 export interface ZeroTrustDlpCustomProfileEntry {
+    description?: string;
     enabled: boolean;
     entryId?: string;
     name: string;
@@ -35050,6 +36868,16 @@ export interface ZeroTrustOrganizationLoginDesign {
      */
     textColor?: string;
 }
+export interface ZeroTrustOrganizationMfaConfig {
+    /**
+     * Lists the MFA methods that users can authenticate with.
+     */
+    allowedAuthenticators?: string[];
+    /**
+     * Defines the duration of an MFA session. Must be in minutes (m) or hours (h). Minimum: 0m. Maximum: 720h (30 days). Examples:<span pulumi-lang-nodejs="`5m`" pulumi-lang-dotnet="`5m`" pulumi-lang-go="`5m`" pulumi-lang-python="`5m`" pulumi-lang-yaml="`5m`" pulumi-lang-java="`5m`">`5m`</span> or <span pulumi-lang-nodejs="`24h`" pulumi-lang-dotnet="`24h`" pulumi-lang-go="`24h`" pulumi-lang-python="`24h`" pulumi-lang-yaml="`24h`" pulumi-lang-java="`24h`">`24h`</span>.
+     */
+    sessionDuration?: string;
+}
 export interface ZeroTrustRiskBehaviorBehaviors {
     enabled: boolean;
     /**
@@ -35539,3 +37367,4 @@ export interface ZoneTenantUnit {
      */
     id: string;
 }
+//# sourceMappingURL=output.d.ts.map