@zuplo/runtime 6.71.23 → 6.71.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/out/esm/{chunk-5CYWMN74.js → chunk-MJWTZPC2.js} +90 -90
- package/out/esm/chunk-MJWTZPC2.js.map +1 -0
- package/out/esm/index.js +1 -1
- package/out/esm/index.js.map +1 -1
- package/out/esm/mcp-gateway/index.js +1 -1
- package/out/types/index.d.ts +154 -0
- package/package.json +1 -1
- package/out/esm/chunk-5CYWMN74.js.map +0 -1
- /package/out/esm/{chunk-5CYWMN74.js.LEGAL.txt → chunk-MJWTZPC2.js.LEGAL.txt} +0 -0
package/out/types/index.d.ts
CHANGED
|
@@ -1350,6 +1350,150 @@ declare interface AuditLogEntry {
|
|
|
1350
1350
|
};
|
|
1351
1351
|
}
|
|
1352
1352
|
|
|
1353
|
+
/**
|
|
1354
|
+
* A CloudEvent 1.0 audit log entry. Most fields are auto-populated by the
|
|
1355
|
+
* runtime; user code only supplies the type/subject/resources/data fields when
|
|
1356
|
+
* calling `AuditLogInboundPolicy.log()`.
|
|
1357
|
+
*
|
|
1358
|
+
* @public
|
|
1359
|
+
*/
|
|
1360
|
+
export declare interface AuditLogEvent {
|
|
1361
|
+
specversion: "1.0";
|
|
1362
|
+
id: string;
|
|
1363
|
+
source: string;
|
|
1364
|
+
type: string;
|
|
1365
|
+
time: string;
|
|
1366
|
+
datacontenttype?: "application/json";
|
|
1367
|
+
subject?: string;
|
|
1368
|
+
bucketid: string;
|
|
1369
|
+
actorsub?: string;
|
|
1370
|
+
actortype?: "user" | "service" | "apikey" | "anonymous";
|
|
1371
|
+
actoremail?: string;
|
|
1372
|
+
actorconnection?: string;
|
|
1373
|
+
resources?: AuditLogResource[];
|
|
1374
|
+
requestid?: string;
|
|
1375
|
+
success?: boolean;
|
|
1376
|
+
httpmethod?: string;
|
|
1377
|
+
httpurl?: string;
|
|
1378
|
+
httpstatus?: number;
|
|
1379
|
+
ipaddress?: string;
|
|
1380
|
+
useragent?: string;
|
|
1381
|
+
country?: string;
|
|
1382
|
+
region?: string;
|
|
1383
|
+
city?: string;
|
|
1384
|
+
mcpserver?: string;
|
|
1385
|
+
mcpvirtualserver?: string;
|
|
1386
|
+
mcptool?: string;
|
|
1387
|
+
data?: Record<string, unknown>;
|
|
1388
|
+
extensions?: Record<string, unknown>;
|
|
1389
|
+
}
|
|
1390
|
+
|
|
1391
|
+
/**
|
|
1392
|
+
* Fields a caller may supply when emitting a custom audit event via
|
|
1393
|
+
* `AuditLogInboundPolicy.log()`. Everything else is filled in by the runtime
|
|
1394
|
+
* from the request context.
|
|
1395
|
+
*
|
|
1396
|
+
* @public
|
|
1397
|
+
*/
|
|
1398
|
+
export declare interface AuditLogEventInput {
|
|
1399
|
+
type: string;
|
|
1400
|
+
subject?: string;
|
|
1401
|
+
resources?: AuditLogResource[];
|
|
1402
|
+
success?: boolean;
|
|
1403
|
+
data?: Record<string, unknown>;
|
|
1404
|
+
/**
|
|
1405
|
+
* Geolocation of the caller. When omitted, these default to the current
|
|
1406
|
+
* request's geo data (from the request context), so custom events carry the
|
|
1407
|
+
* same location information as the auto-emitted per-request event.
|
|
1408
|
+
*/
|
|
1409
|
+
country?: string;
|
|
1410
|
+
region?: string;
|
|
1411
|
+
city?: string;
|
|
1412
|
+
/** Override the auto-derived actor (rare). */
|
|
1413
|
+
actor?: {
|
|
1414
|
+
sub?: string;
|
|
1415
|
+
type?: "user" | "service" | "apikey" | "anonymous";
|
|
1416
|
+
email?: string;
|
|
1417
|
+
connection?: string;
|
|
1418
|
+
};
|
|
1419
|
+
/** MCP-specific helpers. */
|
|
1420
|
+
mcp?: {
|
|
1421
|
+
server?: string;
|
|
1422
|
+
virtualServer?: string;
|
|
1423
|
+
tool?: string;
|
|
1424
|
+
};
|
|
1425
|
+
}
|
|
1426
|
+
|
|
1427
|
+
/**
|
|
1428
|
+
* Capture detailed logs of requests for auditing purposes. The policy emits
|
|
1429
|
+
* one structured CloudEvent per request, and user code can emit additional
|
|
1430
|
+
* events via the static `log()` method.
|
|
1431
|
+
*
|
|
1432
|
+
* @title Audit Logs
|
|
1433
|
+
* @product api-gateway
|
|
1434
|
+
* @public
|
|
1435
|
+
* @enterprise
|
|
1436
|
+
*/
|
|
1437
|
+
export declare class AuditLogInboundPolicy extends InboundPolicy<AuditLogInboundPolicyOptions> {
|
|
1438
|
+
#private;
|
|
1439
|
+
static readonly policyType = "audit-logs";
|
|
1440
|
+
/**
|
|
1441
|
+
* Emit an audit event for the current request.
|
|
1442
|
+
*
|
|
1443
|
+
* Fields not provided are filled in from the request context (bucket id,
|
|
1444
|
+
* request id, time, actor, IP, user agent, etc).
|
|
1445
|
+
*
|
|
1446
|
+
* @param context - The current ZuploContext.
|
|
1447
|
+
* @param event - The event details to record.
|
|
1448
|
+
*/
|
|
1449
|
+
static log(context: ZuploContext, event: AuditLogEventInput): void;
|
|
1450
|
+
constructor(options: AuditLogInboundPolicyOptions, policyName: string);
|
|
1451
|
+
handler(
|
|
1452
|
+
request: ZuploRequest,
|
|
1453
|
+
context: ZuploContext
|
|
1454
|
+
): Promise<ZuploRequest | Response>;
|
|
1455
|
+
}
|
|
1456
|
+
|
|
1457
|
+
/**
|
|
1458
|
+
* The options for the Audit Log Inbound policy.
|
|
1459
|
+
* @public
|
|
1460
|
+
*/
|
|
1461
|
+
export declare interface AuditLogInboundPolicyOptions {
|
|
1462
|
+
/**
|
|
1463
|
+
* Reverse-DNS prefix used for the auto-emitted request event type. Defaults to 'com.zuplo.api'.
|
|
1464
|
+
*/
|
|
1465
|
+
eventTypeBase?: string;
|
|
1466
|
+
/**
|
|
1467
|
+
* Override the bucket id this policy emits events for. Defaults to the bucket id from the runtime environment.
|
|
1468
|
+
*/
|
|
1469
|
+
bucketId?: string;
|
|
1470
|
+
/**
|
|
1471
|
+
* Fraction of requests to capture, between 0 (none) and 1 (all). Defaults to 1.
|
|
1472
|
+
*/
|
|
1473
|
+
samplingRate?: number;
|
|
1474
|
+
/**
|
|
1475
|
+
* Controls which potentially-sensitive parts of each request are captured in the auto-emitted audit event. Disable fields to satisfy your own data-handling and PII policies. All are enabled by default.
|
|
1476
|
+
*/
|
|
1477
|
+
include?: {
|
|
1478
|
+
/**
|
|
1479
|
+
* Include the request's query-string parameters in the logged URL. Disable if query strings may contain sensitive data.
|
|
1480
|
+
*/
|
|
1481
|
+
queryParams?: boolean;
|
|
1482
|
+
/**
|
|
1483
|
+
* Include the authenticated user / actor identity (subject, email, connection).
|
|
1484
|
+
*/
|
|
1485
|
+
user?: boolean;
|
|
1486
|
+
/**
|
|
1487
|
+
* Include the caller's IP address.
|
|
1488
|
+
*/
|
|
1489
|
+
ipAddress?: boolean;
|
|
1490
|
+
/**
|
|
1491
|
+
* Include the caller's geolocation (country, region, city).
|
|
1492
|
+
*/
|
|
1493
|
+
geolocation?: boolean;
|
|
1494
|
+
};
|
|
1495
|
+
}
|
|
1496
|
+
|
|
1353
1497
|
/**
|
|
1354
1498
|
* Configuration options for audit logging
|
|
1355
1499
|
* @public
|
|
@@ -1394,6 +1538,16 @@ declare interface AuditLogRequestFilter {
|
|
|
1394
1538
|
(request: ZuploRequest, context: ZuploContext): Promise<boolean>;
|
|
1395
1539
|
}
|
|
1396
1540
|
|
|
1541
|
+
/**
|
|
1542
|
+
* A resource affected by an audit event.
|
|
1543
|
+
* @public
|
|
1544
|
+
*/
|
|
1545
|
+
export declare interface AuditLogResource {
|
|
1546
|
+
type: string;
|
|
1547
|
+
id: string;
|
|
1548
|
+
metadata?: Record<string, unknown>;
|
|
1549
|
+
}
|
|
1550
|
+
|
|
1397
1551
|
/**
|
|
1398
1552
|
* Authenticate users using Auth0 issued JWT tokens.
|
|
1399
1553
|
*
|