@zuplo/cli 6.71.21 → 6.71.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (109) hide show
  1. package/node_modules/@posthog/core/dist/error-tracking/exception-steps.d.ts.map +1 -1
  2. package/node_modules/@posthog/core/dist/error-tracking/exception-steps.js +6 -24
  3. package/node_modules/@posthog/core/dist/error-tracking/exception-steps.mjs +7 -25
  4. package/node_modules/@posthog/core/dist/posthog-core-stateless.d.ts +6 -0
  5. package/node_modules/@posthog/core/dist/posthog-core-stateless.d.ts.map +1 -1
  6. package/node_modules/@posthog/core/dist/posthog-core-stateless.js +75 -17
  7. package/node_modules/@posthog/core/dist/posthog-core-stateless.mjs +73 -18
  8. package/node_modules/@posthog/core/dist/posthog-core.d.ts +2 -2
  9. package/node_modules/@posthog/core/dist/posthog-core.d.ts.map +1 -1
  10. package/node_modules/@posthog/core/dist/posthog-core.js +10 -6
  11. package/node_modules/@posthog/core/dist/posthog-core.mjs +11 -7
  12. package/node_modules/@posthog/core/dist/testing/PostHogCoreTestClient.d.ts +1 -0
  13. package/node_modules/@posthog/core/dist/testing/PostHogCoreTestClient.d.ts.map +1 -1
  14. package/node_modules/@posthog/core/dist/testing/PostHogCoreTestClient.js +3 -0
  15. package/node_modules/@posthog/core/dist/testing/PostHogCoreTestClient.mjs +3 -0
  16. package/node_modules/@posthog/core/dist/utils/promise-queue.d.ts +3 -0
  17. package/node_modules/@posthog/core/dist/utils/promise-queue.d.ts.map +1 -1
  18. package/node_modules/@posthog/core/dist/utils/promise-queue.js +15 -3
  19. package/node_modules/@posthog/core/dist/utils/promise-queue.mjs +15 -3
  20. package/node_modules/@posthog/core/dist/utils/string-utils.d.ts +1 -0
  21. package/node_modules/@posthog/core/dist/utils/string-utils.d.ts.map +1 -1
  22. package/node_modules/@posthog/core/dist/utils/string-utils.js +21 -0
  23. package/node_modules/@posthog/core/dist/utils/string-utils.mjs +19 -1
  24. package/node_modules/@posthog/core/package.json +1 -1
  25. package/node_modules/@posthog/core/src/error-tracking/exception-steps.ts +5 -42
  26. package/node_modules/@posthog/core/src/posthog-core-stateless.ts +118 -23
  27. package/node_modules/@posthog/core/src/posthog-core.ts +18 -7
  28. package/node_modules/@posthog/core/src/testing/PostHogCoreTestClient.ts +4 -0
  29. package/node_modules/@posthog/core/src/utils/promise-queue.ts +17 -4
  30. package/node_modules/@posthog/core/src/utils/string-utils.spec.ts +38 -1
  31. package/node_modules/@posthog/core/src/utils/string-utils.ts +42 -0
  32. package/node_modules/@posthog/types/dist/posthog.d.ts +12 -0
  33. package/node_modules/@posthog/types/dist/posthog.d.ts.map +1 -1
  34. package/node_modules/@posthog/types/package.json +1 -1
  35. package/node_modules/@posthog/types/src/posthog.ts +13 -0
  36. package/node_modules/@types/node/README.md +1 -1
  37. package/node_modules/@types/node/buffer.d.ts +64 -25
  38. package/node_modules/@types/node/crypto.d.ts +18 -5
  39. package/node_modules/@types/node/diagnostics_channel.d.ts +237 -3
  40. package/node_modules/@types/node/dns.d.ts +1 -1
  41. package/node_modules/@types/node/ffi.d.ts +486 -0
  42. package/node_modules/@types/node/fs/promises.d.ts +3 -0
  43. package/node_modules/@types/node/fs.d.ts +21 -6
  44. package/node_modules/@types/node/http.d.ts +25 -0
  45. package/node_modules/@types/node/index.d.ts +1 -0
  46. package/node_modules/@types/node/package.json +2 -2
  47. package/node_modules/@types/node/process.d.ts +14 -1
  48. package/node_modules/@types/node/quic.d.ts +92 -11
  49. package/node_modules/@types/node/sqlite.d.ts +55 -0
  50. package/node_modules/@types/node/stream/iter.d.ts +150 -0
  51. package/node_modules/@types/node/stream.d.ts +32 -0
  52. package/node_modules/@types/node/test.d.ts +112 -2
  53. package/node_modules/@types/node/ts5.6/index.d.ts +1 -0
  54. package/node_modules/@types/node/ts5.7/index.d.ts +1 -0
  55. package/node_modules/@types/node/util.d.ts +19 -2
  56. package/node_modules/@types/node/v8.d.ts +84 -2
  57. package/node_modules/@types/node/worker_threads.d.ts +8 -7
  58. package/node_modules/@zuplo/core/customer.cli.minified.js +2 -2
  59. package/node_modules/@zuplo/core/index.minified.js +2 -2
  60. package/node_modules/@zuplo/core/package.json +1 -1
  61. package/node_modules/@zuplo/graphql/out/esm/index.js +11 -11
  62. package/node_modules/@zuplo/graphql/out/esm/index.js.map +1 -1
  63. package/node_modules/@zuplo/graphql/package.json +1 -1
  64. package/node_modules/@zuplo/openapi-tools/package.json +1 -1
  65. package/node_modules/@zuplo/otel/package.json +1 -1
  66. package/node_modules/@zuplo/runtime/out/esm/{chunk-DQ4ANJLR.js → chunk-4MNJC7E2.js} +2 -2
  67. package/node_modules/@zuplo/runtime/out/esm/chunk-4MNJC7E2.js.map +1 -0
  68. package/node_modules/@zuplo/runtime/out/esm/{chunk-2Y72LML3.js → chunk-4QJJMELB.js} +2 -2
  69. package/node_modules/@zuplo/runtime/out/esm/{chunk-2Y72LML3.js.map → chunk-4QJJMELB.js.map} +1 -1
  70. package/node_modules/@zuplo/runtime/out/esm/chunk-5CYWMN74.js +402 -0
  71. package/node_modules/@zuplo/runtime/out/esm/chunk-5CYWMN74.js.map +1 -0
  72. package/node_modules/@zuplo/runtime/out/esm/{chunk-L3MZGNQA.js → chunk-DSZS6PZJ.js} +10 -10
  73. package/node_modules/@zuplo/runtime/out/esm/chunk-DSZS6PZJ.js.map +1 -0
  74. package/node_modules/@zuplo/runtime/out/esm/index.js +1 -1
  75. package/node_modules/@zuplo/runtime/out/esm/index.js.map +1 -1
  76. package/node_modules/@zuplo/runtime/out/esm/internal/index.js +1 -1
  77. package/node_modules/@zuplo/runtime/out/esm/mcp-gateway/index.js +7 -7
  78. package/node_modules/@zuplo/runtime/out/esm/mcp-gateway/index.js.map +1 -1
  79. package/node_modules/@zuplo/runtime/out/esm/mocks/index.js +1 -1
  80. package/node_modules/@zuplo/runtime/out/types/index.d.ts +1050 -18
  81. package/node_modules/@zuplo/runtime/out/types/mcp-gateway/index.d.ts +33 -7
  82. package/node_modules/@zuplo/runtime/package.json +1 -1
  83. package/node_modules/iconv-lite/encodings/sbcs-data.js +2 -0
  84. package/node_modules/iconv-lite/encodings/utf32.js +10 -3
  85. package/node_modules/iconv-lite/package.json +2 -2
  86. package/node_modules/iconv-lite/types/encodings.d.ts +2 -0
  87. package/node_modules/protobufjs/dist/light/protobuf.js +2 -2
  88. package/node_modules/protobufjs/dist/light/protobuf.min.js +2 -2
  89. package/node_modules/protobufjs/dist/minimal/protobuf.js +2 -2
  90. package/node_modules/protobufjs/dist/minimal/protobuf.min.js +2 -2
  91. package/node_modules/protobufjs/dist/protobuf.js +5 -2
  92. package/node_modules/protobufjs/dist/protobuf.js.map +1 -1
  93. package/node_modules/protobufjs/dist/protobuf.min.js +3 -3
  94. package/node_modules/protobufjs/dist/protobuf.min.js.map +1 -1
  95. package/node_modules/protobufjs/package.json +1 -1
  96. package/node_modules/protobufjs/src/parse.js +3 -0
  97. package/node_modules/toad-cache/README.md +10 -9
  98. package/node_modules/toad-cache/dist/toad-cache.cjs +139 -139
  99. package/node_modules/toad-cache/dist/toad-cache.mjs +136 -140
  100. package/node_modules/toad-cache/package.json +8 -8
  101. package/node_modules/toad-cache/toad-cache.d.cts +20 -14
  102. package/node_modules/toad-cache/toad-cache.d.ts +18 -14
  103. package/package.json +6 -6
  104. package/node_modules/@zuplo/runtime/out/esm/chunk-DQ4ANJLR.js.map +0 -1
  105. package/node_modules/@zuplo/runtime/out/esm/chunk-I5HLAHUY.js +0 -357
  106. package/node_modules/@zuplo/runtime/out/esm/chunk-I5HLAHUY.js.map +0 -1
  107. package/node_modules/@zuplo/runtime/out/esm/chunk-L3MZGNQA.js.map +0 -1
  108. /package/node_modules/@zuplo/runtime/out/esm/{chunk-I5HLAHUY.js.LEGAL.txt → chunk-5CYWMN74.js.LEGAL.txt} +0 -0
  109. /package/node_modules/@zuplo/runtime/out/esm/{chunk-L3MZGNQA.js.LEGAL.txt → chunk-DSZS6PZJ.js.LEGAL.txt} +0 -0
@@ -1,11 +1,28 @@
1
1
  import { Attributes } from "@opentelemetry/api";
2
2
  import { CallToolRequest } from "@zuplo/mcp/types";
3
3
  import { CallToolResult } from "@zuplo/mcp/types";
4
+ import { InboundPolicyHandler as InboundPolicyHandler_2 } from "../../policies.js";
4
5
  import { KeyLike } from "jose";
5
6
  import { RequestGeneric as RequestGeneric_2 } from "../../request.js";
6
7
  import type { ValidateFunction } from "ajv";
7
8
  import { z } from "zod/v4";
8
9
 
10
+ /**
11
+ * The request/response **schema dialect** a policy is dealing with — named after
12
+ * the schema, not the provider or the URL path. `openai-chat` is the OpenAI Chat
13
+ * Completions schema regardless of the downstream provider (Zuplo translates
14
+ * chat↔provider underneath); `openai-responses` and `anthropic-messages` are
15
+ * pass-through schemas whose native shape reaches the provider unchanged.
16
+ *
17
+ * Determined by the route, never sniffed from the body. New dialects
18
+ * (`openai-embeddings`, `openai-images`, …) extend this union.
19
+ * @public
20
+ */
21
+ export declare type AiFormat =
22
+ | "openai-chat"
23
+ | "openai-responses"
24
+ | "anthropic-messages";
25
+
9
26
  /**
10
27
  * Converts Anthropic Messages API format requests to OpenAI Chat Completions format.
11
28
  * This policy translates between the two formats to allow seamless routing to different providers.
@@ -165,6 +182,7 @@ export declare function aiGatewayHandler(
165
182
  * @returns A Request or a Response
166
183
  */
167
184
  export declare class AIGatewayMeteringInboundPolicy extends InboundPolicy<AIGatewayMeteringInboundPolicyOptions> {
185
+ static readonly policyType = "ai-gateway-metering";
168
186
  /**
169
187
  * Set the meter increments for the current request.
170
188
  *
@@ -192,10 +210,6 @@ export declare class AIGatewayMeteringInboundPolicy extends InboundPolicy<AIGate
192
210
  static getQuotaFallback(
193
211
  context: ZuploContext
194
212
  ): QuotaFallbackModels | undefined;
195
- constructor(
196
- options: AIGatewayMeteringInboundPolicyOptions,
197
- policyName: string
198
- );
199
213
  handler(
200
214
  request: ZuploRequest,
201
215
  context: ZuploContext
@@ -333,6 +347,47 @@ export declare function AIGatewaySemanticCacheOutboundPolicy(
333
347
  */
334
348
  export declare interface AIGatewaySemanticCacheOutboundPolicyOptions {}
335
349
 
350
+ /**
351
+ * AI Gateway Semantic Cache policy (AI Gateway v2). A single inbound policy that
352
+ * looks up the semantic cache on entry and, on a miss, registers a
353
+ * response-sending hook to write the upstream response back into the cache —
354
+ * matching the firewall's single-policy shape (no separate outbound policy).
355
+ *
356
+ * Caching parameters (semanticTolerance, expirationSecondsTtl, namespace) come
357
+ * from the policy options — the policy reads nothing from
358
+ * `request.user.configuration` to decide whether to cache, and presence in the
359
+ * route's chain is what enables it. `namespace` defaults to the AI Gateway
360
+ * configuration id when omitted so caching stays scoped per tenant.
361
+ *
362
+ * @title AI Gateway Semantic Cache (v2)
363
+ * @product ai-gateway
364
+ * @hidden
365
+ * @requiresAI
366
+ * @param request - The ZuploRequest
367
+ * @param context - The ZuploContext
368
+ * @param options - The policy options set in policies.json
369
+ * @param policyName - The name of the policy as set in policies.json
370
+ * @returns A Request or a Response
371
+ */
372
+ export declare function AIGatewaySemanticCacheV2InboundPolicy(
373
+ request: ZuploRequest,
374
+ context: ZuploContext,
375
+ options: AIGatewaySemanticCacheV2InboundPolicyOptions,
376
+ policyName: string
377
+ ): Promise<Response | ZuploRequest<RequestGeneric_2>>;
378
+
379
+ /**
380
+ * Options for the AI Gateway Semantic Cache (v2) policy. Configured inline in policies.json; the policy reads nothing from the AI Gateway configuration to decide whether to cache.
381
+ * @public
382
+ */
383
+ export declare interface AIGatewaySemanticCacheV2InboundPolicyOptions {
384
+ semanticTolerance?: SemanticTolerance;
385
+ expirationSecondsTtl?: CacheTTLSeconds;
386
+ namespace?: CacheNamespace;
387
+ endpoints?: ApplicableEndpoints;
388
+ onUnknownShape?: OnUnknownShape;
389
+ }
390
+
336
391
  /**
337
392
  * The options for this policy.
338
393
  * @public
@@ -381,6 +436,96 @@ export declare function AIGatewayUsageTrackerPolicy(
381
436
  _policyName: string
382
437
  ): Promise<Response>;
383
438
 
439
+ /**
440
+ * Common options every AI Gateway policy understands for scoping itself across
441
+ * the multi-endpoint surface. A policy reads these from its own `options`.
442
+ * @public
443
+ */
444
+ export declare interface AiPolicyScopeOptions {
445
+ /**
446
+ * The endpoint shapes this policy applies to. When set, the policy is inert on
447
+ * any other shape. Omit to apply to all shapes.
448
+ */
449
+ endpoints?: AiFormat[];
450
+ /**
451
+ * What to do when the policy meets a shape it cannot read. `skip` (the default
452
+ * for observers) passes through; guardrails MUST use `deny` so uninspectable
453
+ * content is never served.
454
+ */
455
+ onUnknownShape?: "deny" | "skip";
456
+ }
457
+
458
+ /**
459
+ * The request body for an AI Gateway endpoint, discriminated by {@link AiFormat}.
460
+ * A policy reads `getFormat(request)` and then narrows to the matching member —
461
+ * no field is normalized away, so tool calls, content blocks, images, and
462
+ * thinking are all preserved.
463
+ * @public
464
+ */
465
+ export declare type AiRequestBody =
466
+ | {
467
+ format: "openai-chat";
468
+ body: ChatCompletionRequest;
469
+ }
470
+ | {
471
+ format: "openai-responses";
472
+ body: ResponsesRequest;
473
+ }
474
+ | {
475
+ format: "anthropic-messages";
476
+ body: AnthropicMessagesRequest;
477
+ };
478
+
479
+ /**
480
+ * The response body for an AI Gateway endpoint, discriminated by {@link AiFormat}.
481
+ * For the Anthropic Messages pass-through the native response is returned as an
482
+ * opaque record (the runtime has no dedicated Anthropic response interface).
483
+ * @public
484
+ */
485
+ export declare type AiResponseBody =
486
+ | {
487
+ format: "openai-chat";
488
+ body: ChatCompletionResponse;
489
+ }
490
+ | {
491
+ format: "openai-responses";
492
+ body: ResponsesResponse;
493
+ }
494
+ | {
495
+ format: "anthropic-messages";
496
+ body: Record<string, unknown>;
497
+ };
498
+
499
+ /**
500
+ * A decoded streaming event, normalized just enough for an observer or guardrail
501
+ * to act without re-implementing per-dialect SSE parsing. `textDelta` is the
502
+ * incremental text in this event (if any); `usage` appears on the terminal
503
+ * event(s); `done` marks the end of the stream.
504
+ * @public
505
+ */
506
+ export declare interface AiStreamEvent {
507
+ /** The raw SSE `data:` payload, parsed from JSON when possible. */
508
+ raw: unknown;
509
+ /** Incremental assistant text carried by this event, if any. */
510
+ textDelta?: string;
511
+ /** Usage totals, present on the terminal event(s) for the shape. */
512
+ usage?: AiUsage;
513
+ /** True for the stream-terminating event (`[DONE]` or shape equivalent). */
514
+ done?: boolean;
515
+ }
516
+
517
+ /**
518
+ * A normalized usage record. Consolidates the per-shape token field names
519
+ * (`prompt_tokens`/`completion_tokens` for chat, `input_tokens`/`output_tokens`
520
+ * for responses and Anthropic) into one set.
521
+ * @public
522
+ */
523
+ export declare interface AiUsage {
524
+ promptTokens: number;
525
+ completionTokens: number;
526
+ totalTokens: number;
527
+ }
528
+
384
529
  /**
385
530
  * Akamai AI Firewall Inbound Policy
386
531
  * @title Akamai AI Firewall
@@ -418,6 +563,48 @@ export declare interface AkamaiAIFirewallPolicyOptions {
418
563
  streamingAccumulation?: StreamingAccumulationSettings;
419
564
  }
420
565
 
566
+ /**
567
+ * Akamai AI Firewall Inbound Policy (AI Gateway v2)
568
+ * @title Akamai AI Firewall (v2)
569
+ * @product ai-gateway
570
+ * @hidden
571
+ * @requiresAI
572
+ *
573
+ * Detects and blocks malicious AI inputs and outputs via Akamai's AI Firewall
574
+ * service. Settings come from the policy options (configurationId, api-key,
575
+ * applicationId, streamingAccumulation) — the policy reads nothing from
576
+ * `request.user.configuration`, and presence in the route's `inbound[]` chain is
577
+ * what enables it.
578
+ *
579
+ * For streaming responses it uses a transform stream that can block content
580
+ * mid-stream if harmful content is detected.
581
+ *
582
+ * @param request - The ZuploRequest
583
+ * @param context - The ZuploContext
584
+ * @param options - The policy options set in policies.json
585
+ * @param policyName - The name of the policy as set in policies.json
586
+ * @returns A Request or a Response
587
+ */
588
+ export declare function AkamaiAIFirewallV2InboundPolicy(
589
+ request: ZuploRequest,
590
+ context: ZuploContext,
591
+ options: AkamaiAIFirewallV2PolicyOptions,
592
+ _policyName: string
593
+ ): Promise<ZuploRequest | Response>;
594
+
595
+ /**
596
+ * The options for the Akamai AI Firewall policy.
597
+ * @public
598
+ */
599
+ export declare interface AkamaiAIFirewallV2PolicyOptions {
600
+ configurationId: ConfigurationID_2;
601
+ "api-key": APIKey_2;
602
+ applicationId?: ApplicationID_2;
603
+ streamingAccumulation?: StreamingAccumulationSettings_2;
604
+ endpoints?: ApplicableEndpoints_2;
605
+ onUnknownShape?: OnUnknownShape_2;
606
+ }
607
+
421
608
  /**
422
609
  * Entry format for Akamai API Security logger
423
610
  * @public
@@ -697,6 +884,39 @@ declare interface AmberfloMeteringProperties extends Omit<
697
884
  customerId: string;
698
885
  }
699
886
 
887
+ declare interface AnthropicMessage {
888
+ role: "user" | "assistant";
889
+ content:
890
+ | string
891
+ | Array<{
892
+ type: "text" | "image";
893
+ text?: string;
894
+ source?: unknown;
895
+ }>;
896
+ }
897
+
898
+ /**
899
+ * A request to the Anthropic Messages API (`/v1/messages`).
900
+ *
901
+ * The gateway forwards this body to Anthropic verbatim on the native passthrough
902
+ * path, so the shape mirrors Anthropic's API rather than an internal contract.
903
+ * The index signature carries evolving Anthropic fields (`thinking`,
904
+ * `tool_choice`, `top_k`, structured `system` blocks, …) through unchanged.
905
+ */
906
+ declare interface AnthropicMessagesRequest {
907
+ model: string;
908
+ messages: AnthropicMessage[];
909
+ max_tokens: number;
910
+ system?: string;
911
+ temperature?: number;
912
+ top_p?: number;
913
+ stop_sequences?: string[];
914
+ stream?: boolean;
915
+ metadata?: Record<string, unknown>;
916
+ tools?: unknown[];
917
+ [key: string]: unknown;
918
+ }
919
+
700
920
  /**
701
921
  * Authenticates requests based on API Keys using Zuplo API Management.
702
922
  *
@@ -733,6 +953,12 @@ export declare interface ApiAuthKeyInboundPolicyOptions {
733
953
  */
734
954
  declare type APIKey = string;
735
955
 
956
+ /**
957
+ * The API key for the AI Firewall.
958
+ * @public
959
+ */
960
+ declare type APIKey_2 = string;
961
+
736
962
  /**
737
963
  * Represents a consumer in the API Key service.
738
964
  * @public
@@ -976,12 +1202,58 @@ declare interface APITokenCredentialConfig {
976
1202
  headerValuePrefix?: string;
977
1203
  }
978
1204
 
1205
+ /**
1206
+ * The endpoint shapes to cache. Defaults to ['openai-chat'] — the cache keys off chat `messages` and skips other shapes.
1207
+ * @public
1208
+ */
1209
+ declare type ApplicableEndpoints = (
1210
+ | "openai-chat"
1211
+ | "openai-responses"
1212
+ | "anthropic-messages"
1213
+ )[];
1214
+
1215
+ /**
1216
+ * The endpoint shapes this policy applies to. Omit to apply to all (openai-chat, openai-responses, anthropic-messages).
1217
+ * @public
1218
+ */
1219
+ declare type ApplicableEndpoints_2 = (
1220
+ | "openai-chat"
1221
+ | "openai-responses"
1222
+ | "anthropic-messages"
1223
+ )[];
1224
+
1225
+ /**
1226
+ * The endpoint shapes this policy applies to. Omit to apply to all (openai-chat, openai-responses, anthropic-messages).
1227
+ * @public
1228
+ */
1229
+ declare type ApplicableEndpoints_3 = (
1230
+ | "openai-chat"
1231
+ | "openai-responses"
1232
+ | "anthropic-messages"
1233
+ )[];
1234
+
1235
+ /**
1236
+ * The endpoint shapes this policy applies to. Omit to apply to all (openai-chat, openai-responses, anthropic-messages).
1237
+ * @public
1238
+ */
1239
+ declare type ApplicableEndpoints_4 = (
1240
+ | "openai-chat"
1241
+ | "openai-responses"
1242
+ | "anthropic-messages"
1243
+ )[];
1244
+
979
1245
  /**
980
1246
  * The application ID to identify this usage of the AI Firewall (optional).
981
1247
  * @public
982
1248
  */
983
1249
  declare type ApplicationID = string;
984
1250
 
1251
+ /**
1252
+ * The application ID to identify this usage of the AI Firewall (optional).
1253
+ * @public
1254
+ */
1255
+ declare type ApplicationID_2 = string;
1256
+
985
1257
  /**
986
1258
  * A list of attributes that will be included in the authorization request.
987
1259
  * @public
@@ -1174,6 +1446,7 @@ export declare interface Auth0JwtInboundPolicyOptions {
1174
1446
  */
1175
1447
  export declare class AuthZenInboundPolicy extends InboundPolicy<AuthZenInboundPolicyOptions> {
1176
1448
  #private;
1449
+ static readonly policyType = "authzen";
1177
1450
  constructor(options: AuthZenInboundPolicyOptions, policyName: string);
1178
1451
  /**
1179
1452
  * The handler that is called each time this policy is invoked
@@ -1494,6 +1767,7 @@ export declare class AWSLoggingPlugin extends LogPlugin {
1494
1767
  */
1495
1768
  export declare class AxiomaticsAuthZInboundPolicy extends InboundPolicy<AxiomaticsAuthZInboundPolicyOptions> {
1496
1769
  #private;
1770
+ static readonly policyType = "axiomatics-authz";
1497
1771
  private pdpService;
1498
1772
  static setAuthAttributes(
1499
1773
  context: ZuploContext,
@@ -1861,6 +2135,7 @@ declare interface BatchDispatcherOptions {
1861
2135
  * @returns A Request or a Response
1862
2136
  */
1863
2137
  export declare class BrownoutInboundPolicy extends InboundPolicy<BrownoutInboundPolicyOptions> {
2138
+ static readonly policyType = "brownout";
1864
2139
  crons: Cron[];
1865
2140
  constructor(options: BrownoutInboundPolicyOptions, policyName: string);
1866
2141
  handler(
@@ -1948,6 +2223,12 @@ declare interface BuildRouteConfiguration {
1948
2223
  /* Excluded from this release type: raw */
1949
2224
  }
1950
2225
 
2226
+ /**
2227
+ * Partitions the cache. Omit to default to the AI Gateway configuration id, which keeps caching scoped per tenant.
2228
+ * @public
2229
+ */
2230
+ declare type CacheNamespace = string;
2231
+
1951
2232
  /**
1952
2233
  * Internal
1953
2234
  */
@@ -1955,6 +2236,12 @@ declare interface CacheOptions {
1955
2236
  logger?: Logger;
1956
2237
  }
1957
2238
 
2239
+ /**
2240
+ * How long a cached response lives, in seconds. Defaults to 3600 (1 hour).
2241
+ * @public
2242
+ */
2243
+ declare type CacheTTLSeconds = number;
2244
+
1958
2245
  /**
1959
2246
  * Respond to matched incoming requests with cached content
1960
2247
  *
@@ -2099,12 +2386,112 @@ export declare interface ChangeMethodInboundPolicyOptions {
2099
2386
  method: string;
2100
2387
  }
2101
2388
 
2389
+ declare interface ChatCompletionChoice {
2390
+ index: number;
2391
+ message: ChatCompletionMessage;
2392
+ logprobs?: {
2393
+ content: Array<{
2394
+ token: string;
2395
+ logprob: number;
2396
+ bytes?: number[];
2397
+ top_logprobs?: Array<{
2398
+ token: string;
2399
+ logprob: number;
2400
+ bytes?: number[];
2401
+ }>;
2402
+ }> | null;
2403
+ } | null;
2404
+ finish_reason:
2405
+ | "stop"
2406
+ | "length"
2407
+ | "function_call"
2408
+ | "tool_calls"
2409
+ | "content_filter";
2410
+ }
2411
+
2412
+ declare interface ChatCompletionMessage {
2413
+ role: "system" | "user" | "assistant" | "function" | "tool";
2414
+ content: string;
2415
+ name?: string;
2416
+ function_call?: {
2417
+ name: string;
2418
+ arguments: string;
2419
+ };
2420
+ tool_calls?: Array<{
2421
+ id: string;
2422
+ type: "function";
2423
+ function: {
2424
+ name: string;
2425
+ arguments: string;
2426
+ };
2427
+ }>;
2428
+ tool_call_id?: string;
2429
+ }
2430
+
2431
+ declare interface ChatCompletionRequest {
2432
+ model: string;
2433
+ messages: ChatCompletionMessage[];
2434
+ temperature?: number;
2435
+ top_p?: number;
2436
+ n?: number;
2437
+ stream?: boolean;
2438
+ stop?: string | string[];
2439
+ max_tokens?: number;
2440
+ presence_penalty?: number;
2441
+ frequency_penalty?: number;
2442
+ user?: string;
2443
+ seed?: number;
2444
+ functions?: FunctionDefinition[];
2445
+ function_call?:
2446
+ | string
2447
+ | {
2448
+ name: string;
2449
+ };
2450
+ tools?: ToolDefinition[];
2451
+ tool_choice?: string | ToolChoice;
2452
+ parallel_tool_calls?: boolean;
2453
+ response_format?: {
2454
+ type: "text" | "json_object" | "json_schema";
2455
+ json_schema?: {
2456
+ name: string;
2457
+ strict?: boolean;
2458
+ schema: Record<string, unknown>;
2459
+ };
2460
+ };
2461
+ logit_bias?: Record<string, number>;
2462
+ logprobs?: boolean;
2463
+ top_logprobs?: number;
2464
+ max_completion_tokens?: number;
2465
+ service_tier?: "auto" | "default";
2466
+ stream_options?: {
2467
+ include_usage?: boolean;
2468
+ };
2469
+ }
2470
+
2471
+ declare interface ChatCompletionResponse {
2472
+ id: string;
2473
+ object: "chat.completion";
2474
+ created: number;
2475
+ model: string;
2476
+ system_fingerprint?: string;
2477
+ choices: ChatCompletionChoice[];
2478
+ usage: Usage;
2479
+ service_tier?: string;
2480
+ provider?: string;
2481
+ }
2482
+
2102
2483
  /**
2103
2484
  * Time interval in milliseconds for periodic checks (alternative to chunk count).
2104
2485
  * @public
2105
2486
  */
2106
2487
  declare type CheckIntervalMs = number;
2107
2488
 
2489
+ /**
2490
+ * Time interval in milliseconds for periodic checks (alternative to chunk count).
2491
+ * @public
2492
+ */
2493
+ declare type CheckIntervalMs_2 = number;
2494
+
2108
2495
  /**
2109
2496
  * Removes all headers from the incoming request except for those in the exclude list.
2110
2497
  *
@@ -2215,6 +2602,19 @@ declare interface ClientCredentialsConfig {
2215
2602
  apiAudience?: string;
2216
2603
  }
2217
2604
 
2605
+ /**
2606
+ * Code interpreter tool
2607
+ */
2608
+ declare interface CodeInterpreterTool {
2609
+ type: "code_interpreter";
2610
+ container:
2611
+ | string
2612
+ | {
2613
+ type: "auto";
2614
+ file_ids?: string[];
2615
+ };
2616
+ }
2617
+
2218
2618
  /**
2219
2619
  * Authenticate requests with JWT tokens issued by AWS Cognito.
2220
2620
  *
@@ -2301,6 +2701,61 @@ export declare interface CometOpikTracingPolicyOptions {
2301
2701
  baseUrl?: string;
2302
2702
  }
2303
2703
 
2704
+ /**
2705
+ * Comet Opik Tracing Inbound Policy (AI Gateway v2)
2706
+ * @title Comet Opik Tracing (v2)
2707
+ * @product ai-gateway
2708
+ * @hidden
2709
+ * @requiresAI
2710
+ *
2711
+ * Traces both streaming and non-streaming AI Gateway responses to Comet Opik,
2712
+ * creating traces when requests start and spans when responses complete.
2713
+ * Credentials (apiKey, projectName, workspace, baseUrl) come from the policy
2714
+ * options — the policy reads nothing from `request.user.configuration` to decide
2715
+ * whether to run, and presence in the route's chain is what enables it.
2716
+ *
2717
+ * For streaming responses, it clones the response stream and processes it in
2718
+ * the background using `waitUntil`, allowing the original stream to pass through
2719
+ * unmodified while still capturing the complete content for tracing.
2720
+ *
2721
+ * @param request - The ZuploRequest
2722
+ * @param context - The ZuploContext
2723
+ * @param options - The policy options set in policies.json
2724
+ * @param policyName - The name of the policy as set in policies.json
2725
+ * @returns A Request or a Response
2726
+ */
2727
+ export declare function CometOpikTracingV2InboundPolicy(
2728
+ request: ZuploRequest,
2729
+ context: ZuploContext,
2730
+ options: CometOpikTracingV2PolicyOptions,
2731
+ _policyName: string
2732
+ ): Promise<ZuploRequest | Response>;
2733
+
2734
+ /**
2735
+ * Track AI Gateway requests and responses using Comet Opik's LLM observability platform.
2736
+ * @public
2737
+ */
2738
+ export declare interface CometOpikTracingV2PolicyOptions {
2739
+ /**
2740
+ * The Comet Opik API key for authentication.
2741
+ */
2742
+ apiKey: string;
2743
+ /**
2744
+ * The Comet Opik project name for organizing traces.
2745
+ */
2746
+ projectName: string;
2747
+ /**
2748
+ * The Comet Opik workspace name.
2749
+ */
2750
+ workspace: string;
2751
+ /**
2752
+ * The base URL for the Comet Opik API (optional, defaults to https://www.comet.com/opik/api).
2753
+ */
2754
+ baseUrl?: string;
2755
+ endpoints?: ApplicableEndpoints_3;
2756
+ onUnknownShape?: OnUnknownShape_3;
2757
+ }
2758
+
2304
2759
  /**
2305
2760
  * The compatibility date on which to run the gateway
2306
2761
  */
@@ -2411,6 +2866,7 @@ export declare type ComplexRateLimitFunction =
2411
2866
  * @returns A Request or a Response
2412
2867
  */
2413
2868
  export declare class ComplexRateLimitInboundPolicy extends InboundPolicy<ComplexRateLimitInboundPolicyOptions> {
2869
+ static readonly policyType = "complex-rate-limit";
2414
2870
  /**
2415
2871
  * Override the increments for a limit in the current request.
2416
2872
  *
@@ -2519,6 +2975,16 @@ export declare interface CompositeOutboundPolicyOptions {
2519
2975
  policies?: string[];
2520
2976
  }
2521
2977
 
2978
+ /**
2979
+ * Computer use tool (preview)
2980
+ */
2981
+ declare interface ComputerUseTool {
2982
+ type: "computer_use_preview";
2983
+ display_height: number;
2984
+ display_width: number;
2985
+ environment: "windows" | "mac" | "linux" | "ubuntu" | "browser";
2986
+ }
2987
+
2522
2988
  /**
2523
2989
  * Errors caused by invalid user configuration such as invalid parameters on policies,
2524
2990
  * handlers that are not functions, or missing required configuration values.
@@ -2556,6 +3022,12 @@ export declare class ConfigurationError extends RuntimeError {
2556
3022
  */
2557
3023
  declare type ConfigurationID = string;
2558
3024
 
3025
+ /**
3026
+ * The configuration ID of the AI Firewall.
3027
+ * @public
3028
+ */
3029
+ declare type ConfigurationID_2 = string;
3030
+
2559
3031
  /* Excluded from this release type: ContentTypes */
2560
3032
 
2561
3033
  /**
@@ -2848,6 +3320,16 @@ declare interface CustomRateLimitDetailsBase {
2848
3320
  export declare type CustomRateLimitFunction =
2849
3321
  RateLimitFunction<CustomRateLimitDetails>;
2850
3322
 
3323
+ /**
3324
+ * Custom tool
3325
+ */
3326
+ declare interface CustomTool {
3327
+ name: string;
3328
+ type: "custom";
3329
+ description?: string;
3330
+ format?: Record<string, unknown>;
3331
+ }
3332
+
2851
3333
  declare interface DataDogLoggingOptions {
2852
3334
  url?: string;
2853
3335
  apiKey: string;
@@ -3295,6 +3777,12 @@ export declare class DynatraceMetricsPlugin extends MetricsPlugin {
3295
3777
  */
3296
3778
  declare type EnableStreamingAccumulation = boolean;
3297
3779
 
3780
+ /**
3781
+ * Enable accumulation and validation of streaming responses.
3782
+ * @public
3783
+ */
3784
+ declare type EnableStreamingAccumulation_2 = boolean;
3785
+
3298
3786
  /**
3299
3787
  * @beta
3300
3788
  * Object exposing environment variables
@@ -3318,6 +3806,12 @@ export declare interface ErrorHandler {
3318
3806
  */
3319
3807
  declare type EventsInterval = number;
3320
3808
 
3809
+ /**
3810
+ * Number of SSE events to accumulate before checking with Akamai (default: 5).
3811
+ * @public
3812
+ */
3813
+ declare type EventsInterval_2 = number;
3814
+
3321
3815
  declare const EventType: {
3322
3816
  readonly AI_GATEWAY_COST_SUM: "ai_gateway_cost_sum";
3323
3817
  readonly AI_GATEWAY_REQUEST_COUNT: "ai_gateway_request_count";
@@ -3357,6 +3851,16 @@ declare const EventType: {
3357
3851
 
3358
3852
  declare type EventType = (typeof EventType)[keyof typeof EventType];
3359
3853
 
3854
+ /**
3855
+ * Best-effort flatten of ALL human/assistant text in a request OR response body,
3856
+ * across every shape — the one sanctioned cross-shape helper. Intended for
3857
+ * guardrails that just need "all the text to scan/moderate"; it is deliberately
3858
+ * lossy (drops roles, structure, tool calls). Everything else should read the
3859
+ * typed body via {@link getRequestBody} / {@link getResponseBody}.
3860
+ * @public
3861
+ */
3862
+ export declare function extractAllText(body: unknown): string;
3863
+
3360
3864
  /**
3361
3865
  * Parse a response body and extract its GraphQL `errors[]`, including
3362
3866
  * across an Apollo-style batched (array) response.
@@ -3370,12 +3874,40 @@ export declare function extractGraphqlErrors(
3370
3874
  bodyText: string
3371
3875
  ): GraphqlResponseError[] | null;
3372
3876
 
3877
+ /**
3878
+ * Pull the incremental ASSISTANT TEXT from a parsed stream event per shape. The
3879
+ * single source of truth for "is this delta assistant text" — chat
3880
+ * `choices[].delta.content`, Responses `response.output_text.delta` only (NOT
3881
+ * tool-args / audio / refusal / code deltas), Anthropic `content_block_delta`.
3882
+ * Stream-scanning policies (e.g. the firewall accumulator) should call this
3883
+ * rather than re-deriving the per-shape extraction.
3884
+ * @public
3885
+ */
3886
+ export declare function extractStreamTextDelta(
3887
+ parsed: unknown,
3888
+ format: AiFormat
3889
+ ): string | undefined;
3890
+
3373
3891
  declare interface FetchOptions<T> {
3374
3892
  method?: HttpMethod_2;
3375
3893
  data?: T;
3376
3894
  headers?: Record<string, string>;
3377
3895
  }
3378
3896
 
3897
+ /**
3898
+ * File search tool
3899
+ */
3900
+ declare interface FileSearchTool {
3901
+ type: "file_search";
3902
+ vector_store_ids: string[];
3903
+ filters?: Record<string, unknown> | null;
3904
+ max_num_results?: number;
3905
+ ranking_options?: {
3906
+ ranker?: "auto" | "default-2024-11-15";
3907
+ score_threshold?: number;
3908
+ };
3909
+ }
3910
+
3379
3911
  /**
3380
3912
  * Authenticate users using Firebase issued JWT tokens.
3381
3913
  *
@@ -3409,6 +3941,17 @@ export declare interface FirebaseJwtInboundPolicyOptions {
3409
3941
  oAuthResourceMetadataEnabled?: boolean;
3410
3942
  }
3411
3943
 
3944
+ /**
3945
+ * Flatten a single message's `content` field to plain text. Content may be a
3946
+ * string (OpenAI chat / simple Anthropic) or an array of content blocks
3947
+ * (Anthropic Messages, OpenAI multi-modal vision, Responses input items). Use
3948
+ * this anywhere a policy needs the text of one message without assuming the
3949
+ * content is a string — a bare `${msg.content}` stringifies array content to
3950
+ * `[object Object]`.
3951
+ * @public
3952
+ */
3953
+ export declare function flattenMessageContent(content: unknown): string;
3954
+
3412
3955
  /**
3413
3956
  * Converts form data in the incoming request to JSON.
3414
3957
  *
@@ -3438,6 +3981,23 @@ export declare interface FormDataToJsonInboundPolicyOptions {
3438
3981
  optionalHoneypotName?: string;
3439
3982
  }
3440
3983
 
3984
+ declare interface FunctionDefinition {
3985
+ name: string;
3986
+ description?: string;
3987
+ parameters: Record<string, unknown>;
3988
+ }
3989
+
3990
+ /**
3991
+ * Function tool for Responses API
3992
+ */
3993
+ declare interface FunctionTool {
3994
+ name: string;
3995
+ type: "function";
3996
+ parameters: Record<string, unknown> | null;
3997
+ strict: boolean | null;
3998
+ description?: string | null;
3999
+ }
4000
+
3441
4001
  /**
3442
4002
  * Galileo Tracing Inbound Policy
3443
4003
  * @title Galileo Tracing
@@ -3487,6 +4047,62 @@ export declare interface GalileoTracingPolicyOptions {
3487
4047
  baseUrl?: string;
3488
4048
  }
3489
4049
 
4050
+ /**
4051
+ * Galileo Tracing Inbound Policy (AI Gateway v2)
4052
+ * @title Galileo Tracing (v2)
4053
+ * @product ai-gateway
4054
+ * @hidden
4055
+ * @requiresAI
4056
+ *
4057
+ * Traces both streaming and non-streaming AI Gateway responses to Galileo's LLM
4058
+ * observability platform, creating complete traces with workflow and LLM spans
4059
+ * when responses complete. Credentials (apiKey, projectId, logStreamId, baseUrl)
4060
+ * come from the policy options — the policy reads nothing from
4061
+ * `request.user.configuration` to decide whether to run, and presence in the
4062
+ * route's chain is what enables it.
4063
+ *
4064
+ * For streaming responses, it clones the response stream and processes it in
4065
+ * the background using `waitUntil`, allowing the original stream to pass through
4066
+ * unmodified while still capturing the complete content for tracing.
4067
+ *
4068
+ * @param request - The ZuploRequest
4069
+ * @param context - The ZuploContext
4070
+ * @param options - The policy options set in policies.json
4071
+ * @param policyName - The name of the policy as set in policies.json
4072
+ * @returns A Request or a Response
4073
+ */
4074
+ export declare function GalileoTracingV2InboundPolicy(
4075
+ request: ZuploRequest,
4076
+ context: ZuploContext,
4077
+ options: GalileoTracingV2PolicyOptions,
4078
+ _policyName: string
4079
+ ): Promise<ZuploRequest | Response>;
4080
+
4081
+ /**
4082
+ * Track AI Gateway requests and responses using Galileo's LLM observability platform.
4083
+ * @public
4084
+ */
4085
+ export declare interface GalileoTracingV2PolicyOptions {
4086
+ /**
4087
+ * The Galileo API key for authentication.
4088
+ */
4089
+ apiKey: string;
4090
+ /**
4091
+ * The Galileo project ID (UUID) for organizing traces.
4092
+ */
4093
+ projectId: string;
4094
+ /**
4095
+ * The Galileo log stream ID (UUID) for organizing traces.
4096
+ */
4097
+ logStreamId: string;
4098
+ /**
4099
+ * The base URL for the Galileo API (optional, defaults to https://api.galileo.ai).
4100
+ */
4101
+ baseUrl?: string;
4102
+ endpoints?: ApplicableEndpoints_4;
4103
+ onUnknownShape?: OnUnknownShape_4;
4104
+ }
4105
+
3490
4106
  /**
3491
4107
  * Function to generate request logger entries
3492
4108
  * @public
@@ -3542,6 +4158,18 @@ declare interface GeoSpec {
3542
4158
  asns?: string;
3543
4159
  }
3544
4160
 
4161
+ /**
4162
+ * Resolve the AI shape for a request from its endpoint. Mirrors the handler's
4163
+ * base-path resolution so routes mounted under a prefix
4164
+ * (`/{prefix}/v1/chat/completions`) classify the same as the bare path. Returns
4165
+ * `null` for an endpoint that carries no AI body shape (e.g. `/v1/embeddings`).
4166
+ *
4167
+ * The shape is NEVER sniffed from the body — sniffing `!!body.input` misclassifies
4168
+ * an Anthropic body as chat.
4169
+ * @public
4170
+ */
4171
+ export declare function getFormat(request: ZuploRequest): AiFormat | null;
4172
+
3545
4173
  /* Excluded from this release type: getIdForParameterSchema */
3546
4174
 
3547
4175
  /* Excluded from this release type: getIdForRefSchema */
@@ -3576,6 +4204,49 @@ declare interface GetQuotaResult {
3576
4204
 
3577
4205
  /* Excluded from this release type: getRawOperationDataIdentifierName */
3578
4206
 
4207
+ /**
4208
+ * Read the request body, typed and discriminated by endpoint shape. Returns
4209
+ * `null` for a non-AI endpoint. The body is the native shape — no field is
4210
+ * flattened away.
4211
+ * @public
4212
+ */
4213
+ export declare function getRequestBody(
4214
+ request: ZuploRequest
4215
+ ): Promise<AiRequestBody | null>;
4216
+
4217
+ /**
4218
+ * Read the response body, typed and discriminated by endpoint shape. Returns
4219
+ * `null` for a non-AI endpoint or an unparseable body.
4220
+ * @public
4221
+ */
4222
+ export declare function getResponseBody(
4223
+ request: ZuploRequest,
4224
+ response: Response
4225
+ ): Promise<AiResponseBody | null>;
4226
+
4227
+ /**
4228
+ * Decode a streamed AI response into normalized {@link AiStreamEvent}s, hiding
4229
+ * the per-shape SSE dialect. A `post_call`-style streaming hook reads
4230
+ * `textDelta` / `usage` / `done` without re-writing SSE parsing per endpoint.
4231
+ * Reads a `clone()` of the response, so the original stream is untouched (the
4232
+ * caller can still return/pipe `response` as-is) — the same observe-via-clone
4233
+ * pattern the tracing policies use.
4234
+ * @public
4235
+ */
4236
+ export declare function getStreamEvents(
4237
+ request: ZuploRequest,
4238
+ response: Response
4239
+ ): AsyncIterable<AiStreamEvent>;
4240
+
4241
+ /**
4242
+ * Normalize the usage record from a (non-streaming) response body, regardless of
4243
+ * shape. Chat reports `prompt_tokens`/`completion_tokens`; responses and
4244
+ * Anthropic report `input_tokens`/`output_tokens`. Returns `undefined` when no
4245
+ * usage is present.
4246
+ * @public
4247
+ */
4248
+ export declare function getUsage(body: unknown): AiUsage | undefined;
4249
+
3579
4250
  declare interface GoogleCloudLoggingOptions {
3580
4251
  serviceAccountJson: string;
3581
4252
  logName: string;
@@ -3659,6 +4330,21 @@ export declare interface GraphqlAnalyticsOutboundPolicyOptions {
3659
4330
  maxScanBytes?: number;
3660
4331
  }
3661
4332
 
4333
+ /**
4334
+ * GraphQL response-cache outcome, as decided by the Zuplo-provided GraphQL
4335
+ * Cache policy (`graphql-cache-inbound`) and reported on its `x-cache`
4336
+ * response header:
4337
+ * - `"hit"` — the response was served from cache.
4338
+ * - `"miss"` — a cache-eligible query that was not in cache (forwarded to
4339
+ * the origin).
4340
+ *
4341
+ * Operations that are not cache-eligible (mutations, subscriptions,
4342
+ * uncacheable/credentialed requests) — or that ran on a route without the
4343
+ * GraphQL Cache policy — carry no cache state (`null`), and are excluded
4344
+ * from the cache-hit-rate denominator.
4345
+ */
4346
+ export declare type GraphqlCacheState = "hit" | "miss";
4347
+
3662
4348
  /**
3663
4349
  * One GraphQL error extracted from a response body, reduced to the
3664
4350
  * fields the GraphQL Analytics outbound policy consumes for
@@ -5318,6 +6004,26 @@ export declare interface HydrolixRequestLoggerPluginOptions<T> {
5318
6004
  batchPeriodSeconds?: number;
5319
6005
  }
5320
6006
 
6007
+ /**
6008
+ * Image generation tool
6009
+ */
6010
+ declare interface ImageGenerationTool {
6011
+ type: "image_generation";
6012
+ model?: "gpt-image-1" | "gpt-image-1-mini";
6013
+ background?: "transparent" | "opaque" | "auto";
6014
+ input_fidelity?: "high" | "low" | null;
6015
+ input_image_mask?: {
6016
+ file_id?: string;
6017
+ image_url?: string;
6018
+ };
6019
+ moderation?: "auto" | "low";
6020
+ output_compression?: number;
6021
+ output_format?: "png" | "webp" | "jpeg";
6022
+ partial_images?: number;
6023
+ quality?: "low" | "medium" | "high" | "auto";
6024
+ size?: "1024x1024" | "1024x1536" | "1536x1024" | "auto";
6025
+ }
6026
+
5321
6027
  /**
5322
6028
  * A policy that can modify the incoming HTTP request before it is sent to
5323
6029
  * the handler. If a response is returned, the request is short-circuited and
@@ -5365,6 +6071,7 @@ export declare interface HydrolixRequestLoggerPluginOptions<T> {
5365
6071
  export declare abstract class InboundPolicy<
5366
6072
  TOptions = any,
5367
6073
  > extends PolicyBase<TOptions> {
6074
+ readonly direction: PolicyDirection;
5368
6075
  /**
5369
6076
  * The handler that is called each time this policy is invoked
5370
6077
  *
@@ -5942,6 +6649,13 @@ export declare const legacyDevPortalHandler: (
5942
6649
  context: ZuploContext
5943
6650
  ) => Response | Promise<Response>;
5944
6651
 
6652
+ /**
6653
+ * Local shell tool
6654
+ */
6655
+ declare interface LocalShellTool {
6656
+ type: "local_shell";
6657
+ }
6658
+
5945
6659
  /**
5946
6660
  * @beta
5947
6661
  */
@@ -6116,6 +6830,7 @@ declare type LokiTransportVersion = 1 | 2;
6116
6830
  */
6117
6831
  export declare class McpAuth0OAuthInboundPolicy extends InboundPolicy<ValidatedAuth0OAuthOptions> {
6118
6832
  #private;
6833
+ static readonly policyType = "mcp-auth0-oauth";
6119
6834
  constructor(rawOptions: unknown, policyName: string);
6120
6835
  handler(
6121
6836
  request: ZuploRequest,
@@ -6294,6 +7009,7 @@ declare const mcpAuth0OAuthOptionsSchema: z.ZodObject<
6294
7009
  */
6295
7010
  export declare class McpClerkOAuthInboundPolicy extends InboundPolicy<McpClerkOAuthInboundPolicyOptions> {
6296
7011
  #private;
7012
+ static readonly policyType = "mcp-clerk-oauth";
6297
7013
  constructor(rawOptions: unknown, policyName: string);
6298
7014
  handler(
6299
7015
  request: ZuploRequest,
@@ -6364,6 +7080,7 @@ export declare interface McpClerkOAuthInboundPolicyOptions {
6364
7080
  */
6365
7081
  export declare class McpCognitoOAuthInboundPolicy extends InboundPolicy<McpCognitoOAuthInboundPolicyOptions> {
6366
7082
  #private;
7083
+ static readonly policyType = "mcp-cognito-oauth";
6367
7084
  constructor(rawOptions: unknown, policyName: string);
6368
7085
  handler(
6369
7086
  request: ZuploRequest,
@@ -6445,6 +7162,7 @@ export declare interface McpCognitoOAuthInboundPolicyOptions {
6445
7162
  */
6446
7163
  export declare class McpEntraOAuthInboundPolicy extends InboundPolicy<McpEntraOAuthInboundPolicyOptions> {
6447
7164
  #private;
7165
+ static readonly policyType = "mcp-entra-oauth";
6448
7166
  constructor(rawOptions: unknown, policyName: string);
6449
7167
  handler(
6450
7168
  request: ZuploRequest,
@@ -6521,6 +7239,7 @@ export declare interface McpEntraOAuthInboundPolicyOptions {
6521
7239
  */
6522
7240
  export declare class McpGoogleOAuthInboundPolicy extends InboundPolicy<McpGoogleOAuthInboundPolicyOptions> {
6523
7241
  #private;
7242
+ static readonly policyType = "mcp-google-oauth";
6524
7243
  constructor(rawOptions: unknown, policyName: string);
6525
7244
  handler(
6526
7245
  request: ZuploRequest,
@@ -6591,6 +7310,7 @@ export declare interface McpGoogleOAuthInboundPolicyOptions {
6591
7310
  */
6592
7311
  export declare class McpKeycloakOAuthInboundPolicy extends InboundPolicy<McpKeycloakOAuthInboundPolicyOptions> {
6593
7312
  #private;
7313
+ static readonly policyType = "mcp-keycloak-oauth";
6594
7314
  constructor(rawOptions: unknown, policyName: string);
6595
7315
  handler(
6596
7316
  request: ZuploRequest,
@@ -6668,6 +7388,7 @@ export declare interface McpKeycloakOAuthInboundPolicyOptions {
6668
7388
  */
6669
7389
  export declare class McpLogtoOAuthInboundPolicy extends InboundPolicy<McpLogtoOAuthInboundPolicyOptions> {
6670
7390
  #private;
7391
+ static readonly policyType = "mcp-logto-oauth";
6671
7392
  constructor(rawOptions: unknown, policyName: string);
6672
7393
  handler(
6673
7394
  request: ZuploRequest,
@@ -6746,6 +7467,7 @@ export declare interface McpLogtoOAuthInboundPolicyOptions {
6746
7467
  * @product mcp-gateway
6747
7468
  */
6748
7469
  export declare class McpOAuthInboundPolicy extends InboundPolicy<McpOAuthRuntimeConfig> {
7470
+ static readonly policyType = "mcp-oauth";
6749
7471
  constructor(rawOptions: unknown, policyName: string);
6750
7472
  handler(
6751
7473
  request: ZuploRequest,
@@ -7022,6 +7744,7 @@ declare const mcpOAuthRuntimeConfigSchema: z.ZodObject<
7022
7744
  */
7023
7745
  export declare class McpOktaOAuthInboundPolicy extends InboundPolicy<McpOktaOAuthInboundPolicyOptions> {
7024
7746
  #private;
7747
+ static readonly policyType = "mcp-okta-oauth";
7025
7748
  constructor(rawOptions: unknown, policyName: string);
7026
7749
  handler(
7027
7750
  request: ZuploRequest,
@@ -7099,6 +7822,7 @@ export declare interface McpOktaOAuthInboundPolicyOptions {
7099
7822
  */
7100
7823
  export declare class McpOneLoginOAuthInboundPolicy extends InboundPolicy<McpOneLoginOAuthInboundPolicyOptions> {
7101
7824
  #private;
7825
+ static readonly policyType = "mcp-onelogin-oauth";
7102
7826
  constructor(rawOptions: unknown, policyName: string);
7103
7827
  handler(
7104
7828
  request: ZuploRequest,
@@ -7169,6 +7893,7 @@ export declare interface McpOneLoginOAuthInboundPolicyOptions {
7169
7893
  */
7170
7894
  export declare class McpPingOAuthInboundPolicy extends InboundPolicy<McpPingOAuthInboundPolicyOptions> {
7171
7895
  #private;
7896
+ static readonly policyType = "mcp-ping-oauth";
7172
7897
  constructor(rawOptions: unknown, policyName: string);
7173
7898
  handler(
7174
7899
  request: ZuploRequest,
@@ -7256,6 +7981,29 @@ export declare function mcpServerHandler(
7256
7981
  context: ZuploContext
7257
7982
  ): Promise<Response>;
7258
7983
 
7984
+ /**
7985
+ * MCP (Model Context Protocol) tool
7986
+ */
7987
+ declare interface McpTool {
7988
+ server_label: string;
7989
+ type: "mcp";
7990
+ allowed_tools?: string[] | Record<string, unknown> | null;
7991
+ authorization?: string;
7992
+ connector_id?:
7993
+ | "connector_dropbox"
7994
+ | "connector_gmail"
7995
+ | "connector_googlecalendar"
7996
+ | "connector_googledrive"
7997
+ | "connector_microsoftteams"
7998
+ | "connector_outlookcalendar"
7999
+ | "connector_outlookemail"
8000
+ | "connector_sharepoint";
8001
+ headers?: Record<string, string> | null;
8002
+ require_approval?: Record<string, unknown> | "always" | "never" | null;
8003
+ server_description?: string;
8004
+ server_url?: string;
8005
+ }
8006
+
7259
8007
  /**
7260
8008
  * Authenticate MCP gateway requests using a gateway-issued OAuth access token,
7261
8009
  * with browser login delegated to WorkOS.
@@ -7271,6 +8019,7 @@ export declare function mcpServerHandler(
7271
8019
  */
7272
8020
  export declare class McpWorkosOAuthInboundPolicy extends InboundPolicy<McpWorkosOAuthInboundPolicyOptions> {
7273
8021
  #private;
8022
+ static readonly policyType = "mcp-workos-oauth";
7274
8023
  constructor(rawOptions: unknown, policyName: string);
7275
8024
  handler(
7276
8025
  request: ZuploRequest,
@@ -7614,6 +8363,7 @@ export declare interface MoesifInboundPolicyOptions {
7614
8363
  */
7615
8364
  export declare class MonetizationInboundPolicy extends InboundPolicy<MonetizationInboundPolicyOptions> {
7616
8365
  #private;
8366
+ static readonly policyType = "monetization";
7617
8367
  /**
7618
8368
  * Set the monetization subscription data for the current request.
7619
8369
  *
@@ -7936,6 +8686,7 @@ export declare interface OAuthProtectedResourcePluginOptions {
7936
8686
  * @returns A Request or a Response
7937
8687
  */
7938
8688
  export declare class OktaFGAAuthZInboundPolicy extends BaseOpenFGAAuthZInboundPolicy {
8689
+ static readonly policyType = "oktafga-authz";
7939
8690
  constructor(options: OktaFGAAuthZInboundPolicyOptions, policyName: string);
7940
8691
  }
7941
8692
 
@@ -8055,6 +8806,30 @@ declare interface OnSendingAwsLambdaEventHook {
8055
8806
  ): Promise<AwsLambdaEventV1 | AwsLambdaEventV2>;
8056
8807
  }
8057
8808
 
8809
+ /**
8810
+ * Unused by the cache (a cache miss is never unsafe, so it always fails open). Present for interface consistency.
8811
+ * @public
8812
+ */
8813
+ declare type OnUnknownShape = "deny" | "skip";
8814
+
8815
+ /**
8816
+ * What to do when the request shape cannot be inspected. As a guardrail, this policy defaults to 'deny' (fail closed) so uninspectable content is never served.
8817
+ * @public
8818
+ */
8819
+ declare type OnUnknownShape_2 = "deny" | "skip";
8820
+
8821
+ /**
8822
+ * What to do on a shape the policy cannot read. As an observer this defaults to 'skip' (fail open — pass through untraced).
8823
+ * @public
8824
+ */
8825
+ declare type OnUnknownShape_3 = "deny" | "skip";
8826
+
8827
+ /**
8828
+ * What to do on a shape the policy cannot read. As an observer this defaults to 'skip' (fail open — pass through untraced).
8829
+ * @public
8830
+ */
8831
+ declare type OnUnknownShape_4 = "deny" | "skip";
8832
+
8058
8833
  /**
8059
8834
  * Handler that serves OpenAPI specification files.
8060
8835
  * Use this to expose your API documentation in a standard format that can be
@@ -8651,7 +9426,7 @@ declare namespace OpenAPIV3_1 {
8651
9426
  * @returns A Request or a Response
8652
9427
  */
8653
9428
  export declare class OpenFGAAuthZInboundPolicy extends BaseOpenFGAAuthZInboundPolicy {
8654
- constructor(options: OpenFGAAuthZInboundPolicyOptions, policyName: string);
9429
+ static readonly policyType = "openfga-authz";
8655
9430
  }
8656
9431
 
8657
9432
  /**
@@ -8787,6 +9562,7 @@ export declare interface OpenIdJwtInboundPolicyOptions {
8787
9562
  */
8788
9563
  export declare class OpenMeterInboundPolicy extends InboundPolicy<OpenMeterInboundPolicyOptions> {
8789
9564
  #private;
9565
+ static readonly policyType = "openmeter-metering";
8790
9566
  constructor(options: OpenMeterInboundPolicyOptions, policyName: string);
8791
9567
  handler(
8792
9568
  request: ZuploRequest<RequestGeneric>,
@@ -8972,6 +9748,7 @@ export declare class OTelMetricsPlugin extends MetricsPlugin {
8972
9748
  export declare abstract class OutboundPolicy<
8973
9749
  TOptions = any,
8974
9750
  > extends PolicyBase<TOptions> {
9751
+ readonly direction: PolicyDirection;
8975
9752
  /**
8976
9753
  * The handler that is called each time this policy is invoked
8977
9754
  *
@@ -9098,16 +9875,11 @@ declare interface ParsedRouteData extends Omit<RouteData, "corsPolicies"> {
9098
9875
  /* Excluded from this release type: getInboundPolicyInstance */
9099
9876
  }
9100
9877
 
9101
- /**
9102
- * The base class for inbound and outbound policies.
9103
- * Provides common functionality for all policy types.
9104
- *
9105
- * @public
9106
- */
9107
9878
  declare abstract class PolicyBase<TOptions = any> {
9108
9879
  options: TOptions;
9109
9880
  policyName: string;
9110
- policyType: string;
9881
+ /* Excluded from this release type: policyType */
9882
+ /* Excluded from this release type: direction */
9111
9883
  /* Excluded from this release type: __constructor */
9112
9884
  }
9113
9885
 
@@ -9121,6 +9893,22 @@ export declare interface PolicyConfiguration {
9121
9893
  options?: unknown;
9122
9894
  }
9123
9895
 
9896
+ /**
9897
+ * The base class for inbound and outbound policies.
9898
+ * Provides common functionality for all policy types.
9899
+ *
9900
+ * @public
9901
+ */
9902
+ /**
9903
+ * The pipeline phase a policy runs in. Inbound policies run on the request
9904
+ * before the handler; outbound policies run on the response after it. This is
9905
+ * determined structurally by whether a policy extends {@link InboundPolicy} or
9906
+ * {@link OutboundPolicy}, so it can never drift from the policy's real phase.
9907
+ *
9908
+ * @public
9909
+ */
9910
+ declare type PolicyDirection = "inbound" | "outbound";
9911
+
9124
9912
  /**
9125
9913
  * @public
9126
9914
  */
@@ -9398,7 +10186,7 @@ declare interface QuotaFallbackModels {
9398
10186
  */
9399
10187
  export declare class QuotaInboundPolicy extends InboundPolicy<QuotaInboundPolicyOptions> {
9400
10188
  #private;
9401
- constructor(options: QuotaInboundPolicyOptions, policyName: string);
10189
+ static readonly policyType = "quota";
9402
10190
  handler(
9403
10191
  request: ZuploRequest<RequestGeneric>,
9404
10192
  context: ZuploContext
@@ -9696,6 +10484,28 @@ export declare function ReadmeMetricsInboundPolicy(
9696
10484
  policyName: string
9697
10485
  ): Promise<ZuploRequest<RequestGeneric_2>>;
9698
10486
 
10487
+ /**
10488
+ * Record the GraphQL response-cache outcome for the in-flight operation so
10489
+ * the analytics middleware can emit it as the `cacheState` dimension on the
10490
+ * `graphql_operation` event.
10491
+ *
10492
+ * Called by the Zuplo-provided GraphQL Cache policy (`graphql-cache-inbound`,
10493
+ * in the `@zuplo/graphql` package) the moment it resolves a cache hit or
10494
+ * miss — synchronously during inbound processing, before the analytics
10495
+ * middleware finalizes the event. Mirrors how the GraphQL Analytics outbound
10496
+ * policy feeds errors through {@link getOperationContext}.
10497
+ *
10498
+ * No-op when the request isn't running the GraphQL analytics middleware (the
10499
+ * route lacks the `x-graphql: true` marker, so there's no operation context to
10500
+ * write to), so it's always safe to call.
10501
+ *
10502
+ * @public
10503
+ */
10504
+ export declare function recordGraphqlCacheState(
10505
+ context: ZuploContext,
10506
+ cacheState: GraphqlCacheState
10507
+ ): void;
10508
+
9699
10509
  /**
9700
10510
  * Handler that returns HTTP redirects.
9701
10511
  * Useful for URL shortening, legacy URL handling, or routing to external services.
@@ -10187,6 +10997,43 @@ export declare function responseHasGraphqlErrors(
10187
10997
  maxScanBytes?: number
10188
10998
  ): Promise<boolean>;
10189
10999
 
11000
+ declare interface ResponseInputItem {
11001
+ type?: "message";
11002
+ role: "user" | "assistant" | "system" | "developer";
11003
+ content:
11004
+ | string
11005
+ | Array<{
11006
+ type: "text" | "image_url" | "audio";
11007
+ text?: string;
11008
+ image_url?: {
11009
+ url: string;
11010
+ };
11011
+ audio?: {
11012
+ data: string;
11013
+ format: string;
11014
+ };
11015
+ }>;
11016
+ }
11017
+
11018
+ declare interface ResponsesChoice {
11019
+ index: number;
11020
+ id?: string;
11021
+ type?: "message";
11022
+ role?: "assistant";
11023
+ content?: Array<{
11024
+ type: "output_text";
11025
+ text: string;
11026
+ annotations?: Array<unknown>;
11027
+ }>;
11028
+ status?: string | null;
11029
+ finish_reason?:
11030
+ | "stop"
11031
+ | "length"
11032
+ | "function_call"
11033
+ | "tool_calls"
11034
+ | "content_filter";
11035
+ }
11036
+
10190
11037
  /**
10191
11038
  * Definition of responses for a route
10192
11039
  * @public
@@ -10223,6 +11070,115 @@ export declare class ResponseSentEvent extends Event {
10223
11070
  readonly response: Response;
10224
11071
  }
10225
11072
 
11073
+ declare interface ResponsesRequest {
11074
+ input?: string | ResponseInputItem[];
11075
+ model?: string;
11076
+ instructions?: string;
11077
+ previous_response_id?: string;
11078
+ temperature?: number;
11079
+ top_p?: number;
11080
+ stream?: boolean;
11081
+ max_output_tokens?: number;
11082
+ tools?: ResponsesToolDefinition[];
11083
+ tool_choice?: ResponsesToolChoice;
11084
+ parallel_tool_calls?: boolean;
11085
+ reasoning?: {
11086
+ effort: "low" | "medium" | "high";
11087
+ };
11088
+ service_tier?: "auto" | "default" | "flex" | "scale" | "priority";
11089
+ stream_options?: {
11090
+ include_usage?: boolean;
11091
+ };
11092
+ background?: boolean;
11093
+ conversation?: string;
11094
+ include?: string[];
11095
+ metadata?: Record<string, unknown>;
11096
+ store?: boolean;
11097
+ truncation?: "auto" | "disabled";
11098
+ prompt_cache_key?: string;
11099
+ safety_identifier?: string;
11100
+ }
11101
+
11102
+ declare interface ResponsesResponse {
11103
+ id: string;
11104
+ object: "response";
11105
+ created: number;
11106
+ model: string;
11107
+ status:
11108
+ | "queued"
11109
+ | "in_progress"
11110
+ | "completed"
11111
+ | "failed"
11112
+ | "cancelled"
11113
+ | "incomplete";
11114
+ system_fingerprint?: string;
11115
+ output?: ResponsesChoice[];
11116
+ usage?: ResponsesUsage;
11117
+ error?: {
11118
+ type: string;
11119
+ message: string;
11120
+ };
11121
+ service_tier?: string;
11122
+ provider?: string;
11123
+ }
11124
+
11125
+ declare type ResponsesToolChoice =
11126
+ | "none"
11127
+ | "auto"
11128
+ | "required"
11129
+ | {
11130
+ mode: "auto" | "required";
11131
+ tools: Array<Record<string, unknown>>;
11132
+ type: "allowed_tools";
11133
+ }
11134
+ | {
11135
+ name: string;
11136
+ type: "custom";
11137
+ }
11138
+ | {
11139
+ name: string;
11140
+ type: "function";
11141
+ }
11142
+ | {
11143
+ server_label: string;
11144
+ type: "mcp";
11145
+ name?: string | null;
11146
+ }
11147
+ | {
11148
+ type:
11149
+ | "file_search"
11150
+ | "web_search_preview"
11151
+ | "computer_use_preview"
11152
+ | "web_search_preview_2025_03_11"
11153
+ | "image_generation"
11154
+ | "code_interpreter"
11155
+ | "mcp";
11156
+ };
11157
+
11158
+ declare type ResponsesToolDefinition =
11159
+ | FunctionTool
11160
+ | WebSearchTool
11161
+ | WebSearchPreviewTool
11162
+ | CodeInterpreterTool
11163
+ | FileSearchTool
11164
+ | ComputerUseTool
11165
+ | ImageGenerationTool
11166
+ | LocalShellTool
11167
+ | CustomTool
11168
+ | McpTool;
11169
+
11170
+ declare interface ResponsesUsage {
11171
+ input_tokens: number;
11172
+ output_tokens: number;
11173
+ total_tokens: number;
11174
+ input_tokens_details?: {
11175
+ cached_tokens?: number;
11176
+ };
11177
+ output_tokens_details?: {
11178
+ reasoning_tokens?: number;
11179
+ };
11180
+ }
11181
+
10226
11182
  /**
10227
11183
  * @public
10228
11184
  */
@@ -10500,6 +11456,12 @@ export declare type SemanticCacheInboundPolicyOptions = {
10500
11456
  cacheStatusHeaderName?: string;
10501
11457
  };
10502
11458
 
11459
+ /**
11460
+ * The semantic similarity threshold for semantic cache matches. Values closer to 0 require closer similarity, while larger values allow more flexible matching. Default is 0.2.
11461
+ * @public
11462
+ */
11463
+ declare type SemanticTolerance = number;
11464
+
10503
11465
  /* Excluded from this release type: serialize */
10504
11466
 
10505
11467
  /**
@@ -10550,7 +11512,7 @@ export declare interface SetBodyInboundPolicyOptions {
10550
11512
  * @param policyName - The name of the policy as set in policies.json
10551
11513
  * @returns A Request or a Response
10552
11514
  */
10553
- export declare const SetHeadersInboundPolicy: InboundPolicyHandler<SetHeadersInboundPolicyOptions>;
11515
+ export declare const SetHeadersInboundPolicy: InboundPolicyHandler_2<SetHeadersInboundPolicyOptions>;
10554
11516
 
10555
11517
  /**
10556
11518
  * The options for this policy.
@@ -10823,6 +11785,16 @@ declare interface StreamingAccumulationSettings {
10823
11785
  checkIntervalMs?: CheckIntervalMs;
10824
11786
  }
10825
11787
 
11788
+ /**
11789
+ * Configuration for accumulating and validating streaming responses.
11790
+ * @public
11791
+ */
11792
+ declare interface StreamingAccumulationSettings_2 {
11793
+ enabled?: EnableStreamingAccumulation_2;
11794
+ eventsInterval?: EventsInterval_2;
11795
+ checkIntervalMs?: CheckIntervalMs_2;
11796
+ }
11797
+
10826
11798
  /**
10827
11799
  * A specialized zone cache for storing and retrieving ReadableStreams.
10828
11800
  * Unlike regular ZoneCache which serializes to JSON, this cache stores raw stream data,
@@ -10928,10 +11900,7 @@ export declare class StreamingZoneCache {
10928
11900
  * @returns A Request or a Response
10929
11901
  */
10930
11902
  export declare class StripeWebhookVerificationInboundPolicy extends InboundPolicy<StripeWebhookVerificationInboundPolicyOptions> {
10931
- constructor(
10932
- options: StripeWebhookVerificationInboundPolicyOptions,
10933
- policyName: string
10934
- );
11903
+ static readonly policyType = "stripe-webhook-verification";
10935
11904
  handler(
10936
11905
  request: ZuploRequest,
10937
11906
  context: ZuploContext
@@ -11048,6 +12017,18 @@ export declare abstract class TelemetryPlugin extends RuntimePlugin {
11048
12017
  /* Excluded from this release type: instrument */
11049
12018
  }
11050
12019
 
12020
+ declare interface ToolChoice {
12021
+ type: "function";
12022
+ function: {
12023
+ name: string;
12024
+ };
12025
+ }
12026
+
12027
+ declare interface ToolDefinition {
12028
+ type: "function";
12029
+ function: FunctionDefinition;
12030
+ }
12031
+
11051
12032
  /* Excluded from this release type: trackFeature */
11052
12033
 
11053
12034
  /**
@@ -11283,6 +12264,7 @@ export declare interface UpstreamFirebaseUserAuthInboundPolicyOptions {
11283
12264
  * @returns A Request or a Response
11284
12265
  */
11285
12266
  export declare class UpstreamGcpFederatedAuthInboundPolicy extends InboundPolicy<UpstreamGcpFederatedAuthInboundPolicyOptions> {
12267
+ static readonly policyType = "upstream-gcp-federated-auth";
11286
12268
  private cacheName;
11287
12269
  private normalizedWorkloadIdentityProvider;
11288
12270
  constructor(
@@ -11438,6 +12420,7 @@ export declare interface UpstreamGcpServiceAuthInboundPolicyOptions {
11438
12420
  * @returns A ZuploRequest
11439
12421
  */
11440
12422
  export declare class UpstreamZuploJwtAuthInboundPolicy extends InboundPolicy<UpstreamZuploJwtAuthInboundPolicyOptions> {
12423
+ static readonly policyType = "upstream-zuplo-jwt";
11441
12424
  constructor(
11442
12425
  options: UpstreamZuploJwtAuthInboundPolicyOptions,
11443
12426
  policyName: string
@@ -11622,6 +12605,22 @@ export declare function urlRewriteHandler(
11622
12605
  context: ZuploContext
11623
12606
  ): Promise<Response>;
11624
12607
 
12608
+ declare interface Usage {
12609
+ prompt_tokens: number;
12610
+ completion_tokens: number;
12611
+ total_tokens: number;
12612
+ prompt_tokens_details?: {
12613
+ cached_tokens?: number;
12614
+ audio_tokens?: number;
12615
+ };
12616
+ completion_tokens_details?: {
12617
+ reasoning_tokens?: number;
12618
+ audio_tokens?: number;
12619
+ accepted_prediction_tokens?: number;
12620
+ rejected_prediction_tokens?: number;
12621
+ };
12622
+ }
12623
+
11625
12624
  declare type UserDataDefault = any;
11626
12625
 
11627
12626
  declare type ValidatedAuth0OAuthOptions = z.infer<
@@ -11788,6 +12787,38 @@ export declare interface WebBotAuthInboundPolicyOptions {
11788
12787
  directoryUrl?: string;
11789
12788
  }
11790
12789
 
12790
+ /**
12791
+ * Web search tool (preview version)
12792
+ */
12793
+ declare interface WebSearchPreviewTool {
12794
+ type: "web_search_preview" | "web_search_preview_2025_03_11";
12795
+ search_context_size?: "low" | "medium" | "high";
12796
+ user_location?: {
12797
+ type: "approximate";
12798
+ city?: string | null;
12799
+ country?: string | null;
12800
+ region?: string | null;
12801
+ timezone?: string | null;
12802
+ } | null;
12803
+ }
12804
+
12805
+ /**
12806
+ * Web search tool (stable version)
12807
+ */
12808
+ declare interface WebSearchTool {
12809
+ type: "web_search" | "web_search_2025_08_26";
12810
+ filters?: {
12811
+ allowed_domains?: string[] | null;
12812
+ } | null;
12813
+ search_context_size?: "low" | "medium" | "high";
12814
+ user_location?: {
12815
+ city?: string | null;
12816
+ country?: string | null;
12817
+ region?: string | null;
12818
+ timezone?: string | null;
12819
+ } | null;
12820
+ }
12821
+
11791
12822
  /**
11792
12823
  * Handler that proxies WebSocket connections to a different URL.
11793
12824
  * Enables WebSocket support in your API gateway for real-time communication.
@@ -11891,6 +12922,7 @@ declare interface XacmlRequest {
11891
12922
  * @returns A Request or a Response
11892
12923
  */
11893
12924
  export declare class XmlToJsonOutboundPolicy extends OutboundPolicy<XmlToJsonPolicyOptions> {
12925
+ static readonly policyType = "xml-to-json";
11894
12926
  private parser;
11895
12927
  private parseOnStatusCodes;
11896
12928
  constructor(options: XmlToJsonPolicyOptions, policyName: string);