@zuplo/runtime 6.71.22 → 6.71.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -22,5 +22,5 @@
22
22
  * DEALINGS IN THE SOFTWARE.
23
23
  *--------------------------------------------------------------------------------------------*/
24
24
 
25
- import{b as l}from"../chunk-54PA7VDV.js";import{a as o,da as n}from"../chunk-DSZS6PZJ.js";function g(u={request:new Request("https://api.example.com")}){let e=[];function t(i){e.push(Promise.resolve(i))}return o(t,"waitUntil"),{context:new s({event:{waitUntil:t},route:u.route}),invokeResponse:o(async()=>{await Promise.all(e)},"invokeResponse")}}o(g,"createMockContext");var p={path:"/",methods:["GET"],handler:{module:{},export:"default"},raw:o(()=>({}),"raw")},s=class extends EventTarget{static{o(this,"MockZuploContext")}#e;contextId;requestId;log;route;custom;incomingRequestProperties;parentContext;analyticsContext;constructor({event:e,route:t=p,parentContext:r}){super(),this.requestId=crypto.randomUUID(),this.contextId=crypto.randomUUID(),this.log={info:n.console.info,log:n.console.log,debug:n.console.debug,warn:n.console.warn,error:n.console.error,setLogProperties:o(()=>{},"setLogProperties")},this.custom={},this.route=t,this.incomingRequestProperties={asn:1234,asOrganization:"ORGANIZATION",city:"Seattle",region:"Washington",regionCode:"WA",colo:"SEA",continent:"NA",country:"US",postalCode:"98004",metroCode:"SEA",latitude:void 0,longitude:void 0,timezone:void 0,httpProtocol:void 0,clientCert:void 0,clientMtlsVerificationStatus:void 0,clientMtlsVerificationReason:void 0,clientCertFingerprintSha256:void 0,clientCertNotBefore:void 0,clientCertNotAfter:void 0,clientCertIssuerDn:void 0,clientCertSubjectDn:void 0},this.parentContext=r,this.#e=e,this.analyticsContext=new l(this.requestId)}waitUntil(e){this.#e.waitUntil(e)}invokeInboundPolicy(e,t){throw new Error("Not implemented")}invokeOutboundPolicy(e,t,r){throw new Error("Not implemented")}invokeRoute(e,t){throw new Error("Not implemented")}addResponseSendingHook(e){throw new Error("Not implemented")}addResponseSendingFinalHook(e){throw new Error("Not implemented")}addEventListener(e,t,r){let d=o(i=>{try{typeof t=="function"?t(i):t.handleEvent(i)}catch(a){throw this.log.error(`Error invoking event ${e}. See following logs for details.`),a}},"wrapped");super.addEventListener(e,d,r)}};export{s as MockZuploContext,g as createMockContext};
25
+ import{b as l}from"../chunk-4QJJMELB.js";import{a as o,da as n}from"../chunk-DSZS6PZJ.js";function g(u={request:new Request("https://api.example.com")}){let e=[];function t(i){e.push(Promise.resolve(i))}return o(t,"waitUntil"),{context:new s({event:{waitUntil:t},route:u.route}),invokeResponse:o(async()=>{await Promise.all(e)},"invokeResponse")}}o(g,"createMockContext");var p={path:"/",methods:["GET"],handler:{module:{},export:"default"},raw:o(()=>({}),"raw")},s=class extends EventTarget{static{o(this,"MockZuploContext")}#e;contextId;requestId;log;route;custom;incomingRequestProperties;parentContext;analyticsContext;constructor({event:e,route:t=p,parentContext:r}){super(),this.requestId=crypto.randomUUID(),this.contextId=crypto.randomUUID(),this.log={info:n.console.info,log:n.console.log,debug:n.console.debug,warn:n.console.warn,error:n.console.error,setLogProperties:o(()=>{},"setLogProperties")},this.custom={},this.route=t,this.incomingRequestProperties={asn:1234,asOrganization:"ORGANIZATION",city:"Seattle",region:"Washington",regionCode:"WA",colo:"SEA",continent:"NA",country:"US",postalCode:"98004",metroCode:"SEA",latitude:void 0,longitude:void 0,timezone:void 0,httpProtocol:void 0,clientCert:void 0,clientMtlsVerificationStatus:void 0,clientMtlsVerificationReason:void 0,clientCertFingerprintSha256:void 0,clientCertNotBefore:void 0,clientCertNotAfter:void 0,clientCertIssuerDn:void 0,clientCertSubjectDn:void 0},this.parentContext=r,this.#e=e,this.analyticsContext=new l(this.requestId)}waitUntil(e){this.#e.waitUntil(e)}invokeInboundPolicy(e,t){throw new Error("Not implemented")}invokeOutboundPolicy(e,t,r){throw new Error("Not implemented")}invokeRoute(e,t){throw new Error("Not implemented")}addResponseSendingHook(e){throw new Error("Not implemented")}addResponseSendingFinalHook(e){throw new Error("Not implemented")}addEventListener(e,t,r){let d=o(i=>{try{typeof t=="function"?t(i):t.handleEvent(i)}catch(a){throw this.log.error(`Error invoking event ${e}. See following logs for details.`),a}},"wrapped");super.addEventListener(e,d,r)}};export{s as MockZuploContext,g as createMockContext};
26
26
  //# sourceMappingURL=index.js.map
@@ -1,6 +1,7 @@
1
1
  import { Attributes } from "@opentelemetry/api";
2
2
  import { CallToolRequest } from "@zuplo/mcp/types";
3
3
  import { CallToolResult } from "@zuplo/mcp/types";
4
+ import { InboundPolicyHandler as InboundPolicyHandler_2 } from "../../policies.js";
4
5
  import { KeyLike } from "jose";
5
6
  import { RequestGeneric as RequestGeneric_2 } from "../../request.js";
6
7
  import type { ValidateFunction } from "ajv";
@@ -181,6 +182,7 @@ export declare function aiGatewayHandler(
181
182
  * @returns A Request or a Response
182
183
  */
183
184
  export declare class AIGatewayMeteringInboundPolicy extends InboundPolicy<AIGatewayMeteringInboundPolicyOptions> {
185
+ static readonly policyType = "ai-gateway-metering";
184
186
  /**
185
187
  * Set the meter increments for the current request.
186
188
  *
@@ -208,10 +210,6 @@ export declare class AIGatewayMeteringInboundPolicy extends InboundPolicy<AIGate
208
210
  static getQuotaFallback(
209
211
  context: ZuploContext
210
212
  ): QuotaFallbackModels | undefined;
211
- constructor(
212
- options: AIGatewayMeteringInboundPolicyOptions,
213
- policyName: string
214
- );
215
213
  handler(
216
214
  request: ZuploRequest,
217
215
  context: ZuploContext
@@ -897,6 +895,14 @@ declare interface AnthropicMessage {
897
895
  }>;
898
896
  }
899
897
 
898
+ /**
899
+ * A request to the Anthropic Messages API (`/v1/messages`).
900
+ *
901
+ * The gateway forwards this body to Anthropic verbatim on the native passthrough
902
+ * path, so the shape mirrors Anthropic's API rather than an internal contract.
903
+ * The index signature carries evolving Anthropic fields (`thinking`,
904
+ * `tool_choice`, `top_k`, structured `system` blocks, …) through unchanged.
905
+ */
900
906
  declare interface AnthropicMessagesRequest {
901
907
  model: string;
902
908
  messages: AnthropicMessage[];
@@ -908,6 +914,7 @@ declare interface AnthropicMessagesRequest {
908
914
  stream?: boolean;
909
915
  metadata?: Record<string, unknown>;
910
916
  tools?: unknown[];
917
+ [key: string]: unknown;
911
918
  }
912
919
 
913
920
  /**
@@ -1343,6 +1350,150 @@ declare interface AuditLogEntry {
1343
1350
  };
1344
1351
  }
1345
1352
 
1353
+ /**
1354
+ * A CloudEvent 1.0 audit log entry. Most fields are auto-populated by the
1355
+ * runtime; user code only supplies the type/subject/resources/data fields when
1356
+ * calling `AuditLogInboundPolicy.log()`.
1357
+ *
1358
+ * @public
1359
+ */
1360
+ export declare interface AuditLogEvent {
1361
+ specversion: "1.0";
1362
+ id: string;
1363
+ source: string;
1364
+ type: string;
1365
+ time: string;
1366
+ datacontenttype?: "application/json";
1367
+ subject?: string;
1368
+ bucketid: string;
1369
+ actorsub?: string;
1370
+ actortype?: "user" | "service" | "apikey" | "anonymous";
1371
+ actoremail?: string;
1372
+ actorconnection?: string;
1373
+ resources?: AuditLogResource[];
1374
+ requestid?: string;
1375
+ success?: boolean;
1376
+ httpmethod?: string;
1377
+ httpurl?: string;
1378
+ httpstatus?: number;
1379
+ ipaddress?: string;
1380
+ useragent?: string;
1381
+ country?: string;
1382
+ region?: string;
1383
+ city?: string;
1384
+ mcpserver?: string;
1385
+ mcpvirtualserver?: string;
1386
+ mcptool?: string;
1387
+ data?: Record<string, unknown>;
1388
+ extensions?: Record<string, unknown>;
1389
+ }
1390
+
1391
+ /**
1392
+ * Fields a caller may supply when emitting a custom audit event via
1393
+ * `AuditLogInboundPolicy.log()`. Everything else is filled in by the runtime
1394
+ * from the request context.
1395
+ *
1396
+ * @public
1397
+ */
1398
+ export declare interface AuditLogEventInput {
1399
+ type: string;
1400
+ subject?: string;
1401
+ resources?: AuditLogResource[];
1402
+ success?: boolean;
1403
+ data?: Record<string, unknown>;
1404
+ /**
1405
+ * Geolocation of the caller. When omitted, these default to the current
1406
+ * request's geo data (from the request context), so custom events carry the
1407
+ * same location information as the auto-emitted per-request event.
1408
+ */
1409
+ country?: string;
1410
+ region?: string;
1411
+ city?: string;
1412
+ /** Override the auto-derived actor (rare). */
1413
+ actor?: {
1414
+ sub?: string;
1415
+ type?: "user" | "service" | "apikey" | "anonymous";
1416
+ email?: string;
1417
+ connection?: string;
1418
+ };
1419
+ /** MCP-specific helpers. */
1420
+ mcp?: {
1421
+ server?: string;
1422
+ virtualServer?: string;
1423
+ tool?: string;
1424
+ };
1425
+ }
1426
+
1427
+ /**
1428
+ * Capture detailed logs of requests for auditing purposes. The policy emits
1429
+ * one structured CloudEvent per request, and user code can emit additional
1430
+ * events via the static `log()` method.
1431
+ *
1432
+ * @title Audit Logs
1433
+ * @product api-gateway
1434
+ * @public
1435
+ * @enterprise
1436
+ */
1437
+ export declare class AuditLogInboundPolicy extends InboundPolicy<AuditLogInboundPolicyOptions> {
1438
+ #private;
1439
+ static readonly policyType = "audit-logs";
1440
+ /**
1441
+ * Emit an audit event for the current request.
1442
+ *
1443
+ * Fields not provided are filled in from the request context (bucket id,
1444
+ * request id, time, actor, IP, user agent, etc).
1445
+ *
1446
+ * @param context - The current ZuploContext.
1447
+ * @param event - The event details to record.
1448
+ */
1449
+ static log(context: ZuploContext, event: AuditLogEventInput): void;
1450
+ constructor(options: AuditLogInboundPolicyOptions, policyName: string);
1451
+ handler(
1452
+ request: ZuploRequest,
1453
+ context: ZuploContext
1454
+ ): Promise<ZuploRequest | Response>;
1455
+ }
1456
+
1457
+ /**
1458
+ * The options for the Audit Log Inbound policy.
1459
+ * @public
1460
+ */
1461
+ export declare interface AuditLogInboundPolicyOptions {
1462
+ /**
1463
+ * Reverse-DNS prefix used for the auto-emitted request event type. Defaults to 'com.zuplo.api'.
1464
+ */
1465
+ eventTypeBase?: string;
1466
+ /**
1467
+ * Override the bucket id this policy emits events for. Defaults to the bucket id from the runtime environment.
1468
+ */
1469
+ bucketId?: string;
1470
+ /**
1471
+ * Fraction of requests to capture, between 0 (none) and 1 (all). Defaults to 1.
1472
+ */
1473
+ samplingRate?: number;
1474
+ /**
1475
+ * Controls which potentially-sensitive parts of each request are captured in the auto-emitted audit event. Disable fields to satisfy your own data-handling and PII policies. All are enabled by default.
1476
+ */
1477
+ include?: {
1478
+ /**
1479
+ * Include the request's query-string parameters in the logged URL. Disable if query strings may contain sensitive data.
1480
+ */
1481
+ queryParams?: boolean;
1482
+ /**
1483
+ * Include the authenticated user / actor identity (subject, email, connection).
1484
+ */
1485
+ user?: boolean;
1486
+ /**
1487
+ * Include the caller's IP address.
1488
+ */
1489
+ ipAddress?: boolean;
1490
+ /**
1491
+ * Include the caller's geolocation (country, region, city).
1492
+ */
1493
+ geolocation?: boolean;
1494
+ };
1495
+ }
1496
+
1346
1497
  /**
1347
1498
  * Configuration options for audit logging
1348
1499
  * @public
@@ -1387,6 +1538,16 @@ declare interface AuditLogRequestFilter {
1387
1538
  (request: ZuploRequest, context: ZuploContext): Promise<boolean>;
1388
1539
  }
1389
1540
 
1541
+ /**
1542
+ * A resource affected by an audit event.
1543
+ * @public
1544
+ */
1545
+ export declare interface AuditLogResource {
1546
+ type: string;
1547
+ id: string;
1548
+ metadata?: Record<string, unknown>;
1549
+ }
1550
+
1390
1551
  /**
1391
1552
  * Authenticate users using Auth0 issued JWT tokens.
1392
1553
  *
@@ -1439,6 +1600,7 @@ export declare interface Auth0JwtInboundPolicyOptions {
1439
1600
  */
1440
1601
  export declare class AuthZenInboundPolicy extends InboundPolicy<AuthZenInboundPolicyOptions> {
1441
1602
  #private;
1603
+ static readonly policyType = "authzen";
1442
1604
  constructor(options: AuthZenInboundPolicyOptions, policyName: string);
1443
1605
  /**
1444
1606
  * The handler that is called each time this policy is invoked
@@ -1759,6 +1921,7 @@ export declare class AWSLoggingPlugin extends LogPlugin {
1759
1921
  */
1760
1922
  export declare class AxiomaticsAuthZInboundPolicy extends InboundPolicy<AxiomaticsAuthZInboundPolicyOptions> {
1761
1923
  #private;
1924
+ static readonly policyType = "axiomatics-authz";
1762
1925
  private pdpService;
1763
1926
  static setAuthAttributes(
1764
1927
  context: ZuploContext,
@@ -2126,6 +2289,7 @@ declare interface BatchDispatcherOptions {
2126
2289
  * @returns A Request or a Response
2127
2290
  */
2128
2291
  export declare class BrownoutInboundPolicy extends InboundPolicy<BrownoutInboundPolicyOptions> {
2292
+ static readonly policyType = "brownout";
2129
2293
  crons: Cron[];
2130
2294
  constructor(options: BrownoutInboundPolicyOptions, policyName: string);
2131
2295
  handler(
@@ -2856,6 +3020,7 @@ export declare type ComplexRateLimitFunction =
2856
3020
  * @returns A Request or a Response
2857
3021
  */
2858
3022
  export declare class ComplexRateLimitInboundPolicy extends InboundPolicy<ComplexRateLimitInboundPolicyOptions> {
3023
+ static readonly policyType = "complex-rate-limit";
2859
3024
  /**
2860
3025
  * Override the increments for a limit in the current request.
2861
3026
  *
@@ -3863,6 +4028,20 @@ export declare function extractGraphqlErrors(
3863
4028
  bodyText: string
3864
4029
  ): GraphqlResponseError[] | null;
3865
4030
 
4031
+ /**
4032
+ * Pull the incremental ASSISTANT TEXT from a parsed stream event per shape. The
4033
+ * single source of truth for "is this delta assistant text" — chat
4034
+ * `choices[].delta.content`, Responses `response.output_text.delta` only (NOT
4035
+ * tool-args / audio / refusal / code deltas), Anthropic `content_block_delta`.
4036
+ * Stream-scanning policies (e.g. the firewall accumulator) should call this
4037
+ * rather than re-deriving the per-shape extraction.
4038
+ * @public
4039
+ */
4040
+ export declare function extractStreamTextDelta(
4041
+ parsed: unknown,
4042
+ format: AiFormat
4043
+ ): string | undefined;
4044
+
3866
4045
  declare interface FetchOptions<T> {
3867
4046
  method?: HttpMethod_2;
3868
4047
  data?: T;
@@ -4305,6 +4484,21 @@ export declare interface GraphqlAnalyticsOutboundPolicyOptions {
4305
4484
  maxScanBytes?: number;
4306
4485
  }
4307
4486
 
4487
+ /**
4488
+ * GraphQL response-cache outcome, as decided by the Zuplo-provided GraphQL
4489
+ * Cache policy (`graphql-cache-inbound`) and reported on its `x-cache`
4490
+ * response header:
4491
+ * - `"hit"` — the response was served from cache.
4492
+ * - `"miss"` — a cache-eligible query that was not in cache (forwarded to
4493
+ * the origin).
4494
+ *
4495
+ * Operations that are not cache-eligible (mutations, subscriptions,
4496
+ * uncacheable/credentialed requests) — or that ran on a route without the
4497
+ * GraphQL Cache policy — carry no cache state (`null`), and are excluded
4498
+ * from the cache-hit-rate denominator.
4499
+ */
4500
+ export declare type GraphqlCacheState = "hit" | "miss";
4501
+
4308
4502
  /**
4309
4503
  * One GraphQL error extracted from a response body, reduced to the
4310
4504
  * fields the GraphQL Analytics outbound policy consumes for
@@ -6031,6 +6225,7 @@ declare interface ImageGenerationTool {
6031
6225
  export declare abstract class InboundPolicy<
6032
6226
  TOptions = any,
6033
6227
  > extends PolicyBase<TOptions> {
6228
+ readonly direction: PolicyDirection;
6034
6229
  /**
6035
6230
  * The handler that is called each time this policy is invoked
6036
6231
  *
@@ -6789,6 +6984,7 @@ declare type LokiTransportVersion = 1 | 2;
6789
6984
  */
6790
6985
  export declare class McpAuth0OAuthInboundPolicy extends InboundPolicy<ValidatedAuth0OAuthOptions> {
6791
6986
  #private;
6987
+ static readonly policyType = "mcp-auth0-oauth";
6792
6988
  constructor(rawOptions: unknown, policyName: string);
6793
6989
  handler(
6794
6990
  request: ZuploRequest,
@@ -6967,6 +7163,7 @@ declare const mcpAuth0OAuthOptionsSchema: z.ZodObject<
6967
7163
  */
6968
7164
  export declare class McpClerkOAuthInboundPolicy extends InboundPolicy<McpClerkOAuthInboundPolicyOptions> {
6969
7165
  #private;
7166
+ static readonly policyType = "mcp-clerk-oauth";
6970
7167
  constructor(rawOptions: unknown, policyName: string);
6971
7168
  handler(
6972
7169
  request: ZuploRequest,
@@ -7037,6 +7234,7 @@ export declare interface McpClerkOAuthInboundPolicyOptions {
7037
7234
  */
7038
7235
  export declare class McpCognitoOAuthInboundPolicy extends InboundPolicy<McpCognitoOAuthInboundPolicyOptions> {
7039
7236
  #private;
7237
+ static readonly policyType = "mcp-cognito-oauth";
7040
7238
  constructor(rawOptions: unknown, policyName: string);
7041
7239
  handler(
7042
7240
  request: ZuploRequest,
@@ -7118,6 +7316,7 @@ export declare interface McpCognitoOAuthInboundPolicyOptions {
7118
7316
  */
7119
7317
  export declare class McpEntraOAuthInboundPolicy extends InboundPolicy<McpEntraOAuthInboundPolicyOptions> {
7120
7318
  #private;
7319
+ static readonly policyType = "mcp-entra-oauth";
7121
7320
  constructor(rawOptions: unknown, policyName: string);
7122
7321
  handler(
7123
7322
  request: ZuploRequest,
@@ -7194,6 +7393,7 @@ export declare interface McpEntraOAuthInboundPolicyOptions {
7194
7393
  */
7195
7394
  export declare class McpGoogleOAuthInboundPolicy extends InboundPolicy<McpGoogleOAuthInboundPolicyOptions> {
7196
7395
  #private;
7396
+ static readonly policyType = "mcp-google-oauth";
7197
7397
  constructor(rawOptions: unknown, policyName: string);
7198
7398
  handler(
7199
7399
  request: ZuploRequest,
@@ -7264,6 +7464,7 @@ export declare interface McpGoogleOAuthInboundPolicyOptions {
7264
7464
  */
7265
7465
  export declare class McpKeycloakOAuthInboundPolicy extends InboundPolicy<McpKeycloakOAuthInboundPolicyOptions> {
7266
7466
  #private;
7467
+ static readonly policyType = "mcp-keycloak-oauth";
7267
7468
  constructor(rawOptions: unknown, policyName: string);
7268
7469
  handler(
7269
7470
  request: ZuploRequest,
@@ -7341,6 +7542,7 @@ export declare interface McpKeycloakOAuthInboundPolicyOptions {
7341
7542
  */
7342
7543
  export declare class McpLogtoOAuthInboundPolicy extends InboundPolicy<McpLogtoOAuthInboundPolicyOptions> {
7343
7544
  #private;
7545
+ static readonly policyType = "mcp-logto-oauth";
7344
7546
  constructor(rawOptions: unknown, policyName: string);
7345
7547
  handler(
7346
7548
  request: ZuploRequest,
@@ -7419,6 +7621,7 @@ export declare interface McpLogtoOAuthInboundPolicyOptions {
7419
7621
  * @product mcp-gateway
7420
7622
  */
7421
7623
  export declare class McpOAuthInboundPolicy extends InboundPolicy<McpOAuthRuntimeConfig> {
7624
+ static readonly policyType = "mcp-oauth";
7422
7625
  constructor(rawOptions: unknown, policyName: string);
7423
7626
  handler(
7424
7627
  request: ZuploRequest,
@@ -7695,6 +7898,7 @@ declare const mcpOAuthRuntimeConfigSchema: z.ZodObject<
7695
7898
  */
7696
7899
  export declare class McpOktaOAuthInboundPolicy extends InboundPolicy<McpOktaOAuthInboundPolicyOptions> {
7697
7900
  #private;
7901
+ static readonly policyType = "mcp-okta-oauth";
7698
7902
  constructor(rawOptions: unknown, policyName: string);
7699
7903
  handler(
7700
7904
  request: ZuploRequest,
@@ -7772,6 +7976,7 @@ export declare interface McpOktaOAuthInboundPolicyOptions {
7772
7976
  */
7773
7977
  export declare class McpOneLoginOAuthInboundPolicy extends InboundPolicy<McpOneLoginOAuthInboundPolicyOptions> {
7774
7978
  #private;
7979
+ static readonly policyType = "mcp-onelogin-oauth";
7775
7980
  constructor(rawOptions: unknown, policyName: string);
7776
7981
  handler(
7777
7982
  request: ZuploRequest,
@@ -7842,6 +8047,7 @@ export declare interface McpOneLoginOAuthInboundPolicyOptions {
7842
8047
  */
7843
8048
  export declare class McpPingOAuthInboundPolicy extends InboundPolicy<McpPingOAuthInboundPolicyOptions> {
7844
8049
  #private;
8050
+ static readonly policyType = "mcp-ping-oauth";
7845
8051
  constructor(rawOptions: unknown, policyName: string);
7846
8052
  handler(
7847
8053
  request: ZuploRequest,
@@ -7967,6 +8173,7 @@ declare interface McpTool {
7967
8173
  */
7968
8174
  export declare class McpWorkosOAuthInboundPolicy extends InboundPolicy<McpWorkosOAuthInboundPolicyOptions> {
7969
8175
  #private;
8176
+ static readonly policyType = "mcp-workos-oauth";
7970
8177
  constructor(rawOptions: unknown, policyName: string);
7971
8178
  handler(
7972
8179
  request: ZuploRequest,
@@ -8310,6 +8517,7 @@ export declare interface MoesifInboundPolicyOptions {
8310
8517
  */
8311
8518
  export declare class MonetizationInboundPolicy extends InboundPolicy<MonetizationInboundPolicyOptions> {
8312
8519
  #private;
8520
+ static readonly policyType = "monetization";
8313
8521
  /**
8314
8522
  * Set the monetization subscription data for the current request.
8315
8523
  *
@@ -8632,6 +8840,7 @@ export declare interface OAuthProtectedResourcePluginOptions {
8632
8840
  * @returns A Request or a Response
8633
8841
  */
8634
8842
  export declare class OktaFGAAuthZInboundPolicy extends BaseOpenFGAAuthZInboundPolicy {
8843
+ static readonly policyType = "oktafga-authz";
8635
8844
  constructor(options: OktaFGAAuthZInboundPolicyOptions, policyName: string);
8636
8845
  }
8637
8846
 
@@ -9371,7 +9580,7 @@ declare namespace OpenAPIV3_1 {
9371
9580
  * @returns A Request or a Response
9372
9581
  */
9373
9582
  export declare class OpenFGAAuthZInboundPolicy extends BaseOpenFGAAuthZInboundPolicy {
9374
- constructor(options: OpenFGAAuthZInboundPolicyOptions, policyName: string);
9583
+ static readonly policyType = "openfga-authz";
9375
9584
  }
9376
9585
 
9377
9586
  /**
@@ -9507,6 +9716,7 @@ export declare interface OpenIdJwtInboundPolicyOptions {
9507
9716
  */
9508
9717
  export declare class OpenMeterInboundPolicy extends InboundPolicy<OpenMeterInboundPolicyOptions> {
9509
9718
  #private;
9719
+ static readonly policyType = "openmeter-metering";
9510
9720
  constructor(options: OpenMeterInboundPolicyOptions, policyName: string);
9511
9721
  handler(
9512
9722
  request: ZuploRequest<RequestGeneric>,
@@ -9692,6 +9902,7 @@ export declare class OTelMetricsPlugin extends MetricsPlugin {
9692
9902
  export declare abstract class OutboundPolicy<
9693
9903
  TOptions = any,
9694
9904
  > extends PolicyBase<TOptions> {
9905
+ readonly direction: PolicyDirection;
9695
9906
  /**
9696
9907
  * The handler that is called each time this policy is invoked
9697
9908
  *
@@ -9818,16 +10029,11 @@ declare interface ParsedRouteData extends Omit<RouteData, "corsPolicies"> {
9818
10029
  /* Excluded from this release type: getInboundPolicyInstance */
9819
10030
  }
9820
10031
 
9821
- /**
9822
- * The base class for inbound and outbound policies.
9823
- * Provides common functionality for all policy types.
9824
- *
9825
- * @public
9826
- */
9827
10032
  declare abstract class PolicyBase<TOptions = any> {
9828
10033
  options: TOptions;
9829
10034
  policyName: string;
9830
- policyType: string;
10035
+ /* Excluded from this release type: policyType */
10036
+ /* Excluded from this release type: direction */
9831
10037
  /* Excluded from this release type: __constructor */
9832
10038
  }
9833
10039
 
@@ -9841,6 +10047,22 @@ export declare interface PolicyConfiguration {
9841
10047
  options?: unknown;
9842
10048
  }
9843
10049
 
10050
+ /**
10051
+ * The base class for inbound and outbound policies.
10052
+ * Provides common functionality for all policy types.
10053
+ *
10054
+ * @public
10055
+ */
10056
+ /**
10057
+ * The pipeline phase a policy runs in. Inbound policies run on the request
10058
+ * before the handler; outbound policies run on the response after it. This is
10059
+ * determined structurally by whether a policy extends {@link InboundPolicy} or
10060
+ * {@link OutboundPolicy}, so it can never drift from the policy's real phase.
10061
+ *
10062
+ * @public
10063
+ */
10064
+ declare type PolicyDirection = "inbound" | "outbound";
10065
+
9844
10066
  /**
9845
10067
  * @public
9846
10068
  */
@@ -10118,7 +10340,7 @@ declare interface QuotaFallbackModels {
10118
10340
  */
10119
10341
  export declare class QuotaInboundPolicy extends InboundPolicy<QuotaInboundPolicyOptions> {
10120
10342
  #private;
10121
- constructor(options: QuotaInboundPolicyOptions, policyName: string);
10343
+ static readonly policyType = "quota";
10122
10344
  handler(
10123
10345
  request: ZuploRequest<RequestGeneric>,
10124
10346
  context: ZuploContext
@@ -10416,6 +10638,28 @@ export declare function ReadmeMetricsInboundPolicy(
10416
10638
  policyName: string
10417
10639
  ): Promise<ZuploRequest<RequestGeneric_2>>;
10418
10640
 
10641
+ /**
10642
+ * Record the GraphQL response-cache outcome for the in-flight operation so
10643
+ * the analytics middleware can emit it as the `cacheState` dimension on the
10644
+ * `graphql_operation` event.
10645
+ *
10646
+ * Called by the Zuplo-provided GraphQL Cache policy (`graphql-cache-inbound`,
10647
+ * in the `@zuplo/graphql` package) the moment it resolves a cache hit or
10648
+ * miss — synchronously during inbound processing, before the analytics
10649
+ * middleware finalizes the event. Mirrors how the GraphQL Analytics outbound
10650
+ * policy feeds errors through {@link getOperationContext}.
10651
+ *
10652
+ * No-op when the request isn't running the GraphQL analytics middleware (the
10653
+ * route lacks the `x-graphql: true` marker, so there's no operation context to
10654
+ * write to), so it's always safe to call.
10655
+ *
10656
+ * @public
10657
+ */
10658
+ export declare function recordGraphqlCacheState(
10659
+ context: ZuploContext,
10660
+ cacheState: GraphqlCacheState
10661
+ ): void;
10662
+
10419
10663
  /**
10420
10664
  * Handler that returns HTTP redirects.
10421
10665
  * Useful for URL shortening, legacy URL handling, or routing to external services.
@@ -11367,7 +11611,7 @@ export declare type SemanticCacheInboundPolicyOptions = {
11367
11611
  };
11368
11612
 
11369
11613
  /**
11370
- * Similarity threshold (0-1) for a cache hit. Higher values require closer semantic matches. Defaults to 0.8.
11614
+ * The semantic similarity threshold for semantic cache matches. Values closer to 0 require closer similarity, while larger values allow more flexible matching. Default is 0.2.
11371
11615
  * @public
11372
11616
  */
11373
11617
  declare type SemanticTolerance = number;
@@ -11422,7 +11666,7 @@ export declare interface SetBodyInboundPolicyOptions {
11422
11666
  * @param policyName - The name of the policy as set in policies.json
11423
11667
  * @returns A Request or a Response
11424
11668
  */
11425
- export declare const SetHeadersInboundPolicy: InboundPolicyHandler<SetHeadersInboundPolicyOptions>;
11669
+ export declare const SetHeadersInboundPolicy: InboundPolicyHandler_2<SetHeadersInboundPolicyOptions>;
11426
11670
 
11427
11671
  /**
11428
11672
  * The options for this policy.
@@ -11810,10 +12054,7 @@ export declare class StreamingZoneCache {
11810
12054
  * @returns A Request or a Response
11811
12055
  */
11812
12056
  export declare class StripeWebhookVerificationInboundPolicy extends InboundPolicy<StripeWebhookVerificationInboundPolicyOptions> {
11813
- constructor(
11814
- options: StripeWebhookVerificationInboundPolicyOptions,
11815
- policyName: string
11816
- );
12057
+ static readonly policyType = "stripe-webhook-verification";
11817
12058
  handler(
11818
12059
  request: ZuploRequest,
11819
12060
  context: ZuploContext
@@ -12177,6 +12418,7 @@ export declare interface UpstreamFirebaseUserAuthInboundPolicyOptions {
12177
12418
  * @returns A Request or a Response
12178
12419
  */
12179
12420
  export declare class UpstreamGcpFederatedAuthInboundPolicy extends InboundPolicy<UpstreamGcpFederatedAuthInboundPolicyOptions> {
12421
+ static readonly policyType = "upstream-gcp-federated-auth";
12180
12422
  private cacheName;
12181
12423
  private normalizedWorkloadIdentityProvider;
12182
12424
  constructor(
@@ -12332,6 +12574,7 @@ export declare interface UpstreamGcpServiceAuthInboundPolicyOptions {
12332
12574
  * @returns A ZuploRequest
12333
12575
  */
12334
12576
  export declare class UpstreamZuploJwtAuthInboundPolicy extends InboundPolicy<UpstreamZuploJwtAuthInboundPolicyOptions> {
12577
+ static readonly policyType = "upstream-zuplo-jwt";
12335
12578
  constructor(
12336
12579
  options: UpstreamZuploJwtAuthInboundPolicyOptions,
12337
12580
  policyName: string
@@ -12833,6 +13076,7 @@ declare interface XacmlRequest {
12833
13076
  * @returns A Request or a Response
12834
13077
  */
12835
13078
  export declare class XmlToJsonOutboundPolicy extends OutboundPolicy<XmlToJsonPolicyOptions> {
13079
+ static readonly policyType = "xml-to-json";
12836
13080
  private parser;
12837
13081
  private parseOnStatusCodes;
12838
13082
  constructor(options: XmlToJsonPolicyOptions, policyName: string);