diff --git a/README.md b/README.md index fa2ffd0..d91e63e 100644 --- a/README.md +++ b/README.md @@ -169,6 +169,14 @@ To enable write operations, set `WRITE_MODE=true`. This unlocks tools that modif | `search_users` | Search users in the organization with optional text search and pagination. | read | | `search_apps` | Search the GenAI apps catalog by name, description, or URL. | read | | `get_apps_by_ids` | Get specific GenAI apps from the catalog by their numeric IDs. | read | +| `get_discovered_applications` | List the GenAI applications (e.g. | read | +| `get_top_discovered_applications` | Return the top_n GenAI applications by session count between from_date and to_date. | read | +| `get_agents_overview` | High-level summary of agentic (MCP) activity for the tenant between from_date and to_date: the number of active AI agents and the number of discovered MCP servers, each with the absolute and percentage change vs the previous period. | read | +| `get_agents_top_platforms` | Return the top_n agent platforms (MCP hosts such as Claude Code or Cursor) by tool-invocation count between from_date and to_date. | read | +| `get_active_mcp_servers` | List MCP servers that were active (invoked at least once) between from_date and to_date. | read | +| `get_inactive_mcp_servers` | List MCP servers that are known to the tenant but had no activity between from_date and to_date. | read | +| `get_agents_tool_usage` | Break down MCP tool usage by operation type (Create/Read/Update/Delete/Unknown) between from_date and to_date. | read | +| `get_agents_invocations_overtime` | Return a time series of total MCP tool invocations between from_date and to_date — one point per time bucket ({time, invocations}). | read | ## Report Bug diff --git a/TOOLS.md b/TOOLS.md index 2471654..79490e9 100644 --- a/TOOLS.md +++ b/TOOLS.md @@ -45,3 +45,11 @@ | `search_users` | Search users in the organization with optional text search and pagination. | read | | `search_apps` | Search the GenAI apps catalog by name, description, or URL. | read | | `get_apps_by_ids` | Get specific GenAI apps from the catalog by their numeric IDs. | read | +| `get_discovered_applications` | List the GenAI applications (e.g. | read | +| `get_top_discovered_applications` | Return the top_n GenAI applications by session count between from_date and to_date. | read | +| `get_agents_overview` | High-level summary of agentic (MCP) activity for the tenant between from_date and to_date: the number of active AI agents and the number of discovered MCP servers, each with the absolute and percentage change vs the previous period. | read | +| `get_agents_top_platforms` | Return the top_n agent platforms (MCP hosts such as Claude Code or Cursor) by tool-invocation count between from_date and to_date. | read | +| `get_active_mcp_servers` | List MCP servers that were active (invoked at least once) between from_date and to_date. | read | +| `get_inactive_mcp_servers` | List MCP servers that are known to the tenant but had no activity between from_date and to_date. | read | +| `get_agents_tool_usage` | Break down MCP tool usage by operation type (Create/Read/Update/Delete/Unknown) between from_date and to_date. | read | +| `get_agents_invocations_overtime` | Return a time series of total MCP tool invocations between from_date and to_date — one point per time bucket ({time, invocations}). | read | diff --git a/specs/openapi-mcp.json b/specs/openapi-mcp.json index 18d5e75..e7504db 100644 --- a/specs/openapi-mcp.json +++ b/specs/openapi-mcp.json @@ -1795,10 +1795,10 @@ "type": "null" } ], - "description": "DLP event type. Required for POLICY_TYPE_DLP. Values: file_upload, file_download, paste, prompt, copy.", + "description": "DLP event type. Required for POLICY_TYPE_DLP. Concrete values only: file_upload, file_download, paste, prompt, copy. 'any' is rule-side only and is rejected for simulation targets.", "title": "Dlp Event Type" }, - "description": "DLP event type. Required for POLICY_TYPE_DLP. Values: file_upload, file_download, paste, prompt, copy." + "description": "DLP event type. Required for POLICY_TYPE_DLP. Concrete values only: file_upload, file_download, paste, prompt, copy. 'any' is rule-side only and is rejected for simulation targets." }, { "name": "dlp_data_type_ids", @@ -1888,10 +1888,10 @@ "type": "null" } ], - "description": "Account/org ID within the GenAI app. Optional, only used together with genai_app_id.", + "description": "Account/org ID within the GenAI app. Optional, only used together with genai_app_id. DLP only — not supported for Access policies.", "title": "Genai App Account Id" }, - "description": "Account/org ID within the GenAI app. Optional, only used together with genai_app_id." + "description": "Account/org ID within the GenAI app. Optional, only used together with genai_app_id. DLP only — not supported for Access policies." }, { "name": "category_id", @@ -2061,7 +2061,7 @@ } }, "x-tool-name": "resolve_matching_rule", - "x-tool-description": "Given a user and target, determine which rule in the rulebase would apply. Simulates policy evaluation to find the single winning rule.\n\nPolicy type name mapping (UI name → API value):\n- 'Chats' (AI Security DLP) → POLICY_TYPE_DLP\n- 'AI Access' / 'Web Access' → POLICY_TYPE_ACCESS\n- 'Agents' → POLICY_TYPE_MCP_SERVER\n- 'PaaS' → POLICY_TYPE_PAAS\n- 'Secure Browsing' → POLICY_TYPE_THREAT_PREVENTION\n\nRequired params per policy_type:\n- POLICY_TYPE_DLP (Chats): user_id, tag, dlp_event_type, dlp_data_type_ids, and ONE of domain/url/genai_app_id/category_id\n- POLICY_TYPE_ACCESS: user_id, tag, and ONE of domain/url/genai_app_id/category_id\n- POLICY_TYPE_MCP_SERVER (Agents): user_id, and optionally mcp_client_name_id/mcp_server_type/mcp_server_identifier/mcp_tool_name/mcp_operation\n- POLICY_TYPE_PAAS: environment_id only (no user_id)\n- POLICY_TYPE_THREAT_PREVENTION (Secure Browsing): user_id only\n\nReturns the matched rule's ID, name, and priority order, or null if no rule matches.", + "x-tool-description": "Given a user and target, determine which rule in the rulebase would apply. Simulates policy evaluation to find the single winning rule.\n\nPolicy type name mapping (UI name → API value):\n- 'Chats' (AI Security DLP) → POLICY_TYPE_DLP\n- 'AI Access' / 'Web Access' → POLICY_TYPE_ACCESS\n- 'Agents' → POLICY_TYPE_MCP_SERVER\n- 'PaaS' → POLICY_TYPE_PAAS\n- 'Secure Browsing' → POLICY_TYPE_THREAT_PREVENTION\n\nRequired params per policy_type:\n- POLICY_TYPE_DLP (Chats): user_id, tag, dlp_event_type, dlp_data_type_ids, and ONE of domain/url/genai_app_id/category_id. genai_app_account_id is optional (DLP only).\n- POLICY_TYPE_ACCESS: user_id, tag, and ONE of domain/url/genai_app_id/category_id. NOTE: genai_app_account_id is NOT supported for Access.\n- POLICY_TYPE_MCP_SERVER (Agents): user_id, and optionally mcp_client_name_id/mcp_server_type/mcp_server_identifier/mcp_tool_name/mcp_operation\n- POLICY_TYPE_PAAS: environment_id only (no user_id)\n- POLICY_TYPE_THREAT_PREVENTION (Secure Browsing): user_id only\n\nReturns the matched rule's ID, name, and priority order, or null if no rule matches.", "x-access-mode": "read" } }, @@ -2109,10 +2109,10 @@ "type": "null" } ], - "description": "Comma-separated field names to filter on. Options: device_name, device_sid, device_created_at, device_updated_at, user_name, user_display_name, user_samname, user_created_at, user_updated_at, last_connected, os, os_version, device_type, ip, installer_version, chrome_extension_version, firefox_extension_version, edge_extension_version, brave_extension_version, mcp_version, proxy_version", + "description": "Comma-separated field names to filter on. Options: device_name, device_sid, device_state, device_uninstall_time, device_created_at, device_updated_at, user_name, user_display_name, user_samname, user_created_at, user_updated_at, last_connected, os, os_version, device_type, ip, installer_version, chrome_extension_version, firefox_extension_version, edge_extension_version, brave_extension_version, mcp_version, proxy_version", "title": "Filter Field" }, - "description": "Comma-separated field names to filter on. Options: device_name, device_sid, device_created_at, device_updated_at, user_name, user_display_name, user_samname, user_created_at, user_updated_at, last_connected, os, os_version, device_type, ip, installer_version, chrome_extension_version, firefox_extension_version, edge_extension_version, brave_extension_version, mcp_version, proxy_version" + "description": "Comma-separated field names to filter on. Options: device_name, device_sid, device_state, device_uninstall_time, device_created_at, device_updated_at, user_name, user_display_name, user_samname, user_created_at, user_updated_at, last_connected, os, os_version, device_type, ip, installer_version, chrome_extension_version, firefox_extension_version, edge_extension_version, brave_extension_version, mcp_version, proxy_version" }, { "name": "filter_operator", @@ -2273,7 +2273,7 @@ } }, "x-tool-name": "search_assets", - "x-tool-description": "Search deployed assets (endpoints/devices) with optional filtering, sorting, text search, and pagination. Returns device info, user, deployment status, health, and policy versions.\n\n**Filtering:** Use filter_field, filter_operator, and filter_value as comma-separated lists (positionally matched). For multi-value operators (in, between) use filter_values with semicolons between filters and commas between values.\n\nAvailable fields: device_name, device_sid, device_created_at, device_updated_at, user_name, user_display_name, user_samname, user_created_at, user_updated_at, last_connected, os, os_version, device_type, ip, installer_version, chrome_extension_version, firefox_extension_version, edge_extension_version, brave_extension_version, mcp_version, proxy_version.\n\nOperators: equals, in, contains (text fields), gte, lte, between (date fields).\n\n**Sorting:** Use sort_field and sort_order as comma-separated lists.\n\n**Search:** Free text search across device name and user name.\n\nExamples:\n- Filter by OS: filter_field=os&filter_operator=equals&filter_value=windows\n- Multiple filters: filter_field=os,device_name&filter_operator=equals,contains&filter_value=windows,laptop\n- Sort by name: sort_field=device_name&sort_order=asc\n- Text search: search=john", + "x-tool-description": "Search deployed assets (endpoints/devices) with optional filtering, sorting, text search, and pagination. Returns device info, user, deployment status, health, and policy versions.\n\n**Filtering:** Use filter_field, filter_operator, and filter_value as comma-separated lists (positionally matched). For multi-value operators (in, between) use filter_values with semicolons between filters and commas between values.\n\nAvailable fields: device_name, device_sid, device_state, device_uninstall_time, device_created_at, device_updated_at, user_name, user_display_name, user_samname, user_created_at, user_updated_at, last_connected, os, os_version, device_type, ip, installer_version, chrome_extension_version, firefox_extension_version, edge_extension_version, brave_extension_version, mcp_version, proxy_version.\n\nOperators: equals, not_equals, in, not_in, contains (text fields), gte, lte, between (date fields). Enum fields (device_state): equals, not_equals, in, not_in. Values: valid, deleted. Use not_equals / not_in to exclude specific values (e.g. filter_operator=not_in&filter_values=Windows,macOS).\n\n**Sorting:** Use sort_field and sort_order as comma-separated lists.\n\n**Search:** Free text search across device name and user name.\n\nExamples:\n- Filter by OS: filter_field=os&filter_operator=equals&filter_value=windows\n- Multiple filters: filter_field=os,device_name&filter_operator=equals,contains&filter_value=windows,laptop\n- Sort by name: sort_field=device_name&sort_order=asc\n- Text search: search=john", "x-access-mode": "read" } }, @@ -2610,6 +2610,568 @@ "x-tool-description": "Get specific GenAI apps from the catalog by their numeric IDs. Pass a comma-separated list of app IDs. Returns app details including name, description, and page URL.", "x-access-mode": "read" } + }, + "/app/genai-protect-discovery/mcp/v1/discovery/applications": { + "get": { + "tags": [ + "MCP Application Discovery" + ], + "summary": "List discovered GenAI applications", + "operationId": "get_discovered_applications_mcp_v1_discovery_applications_get", + "security": [ + { + "HTTPBearer": [] + } + ], + "parameters": [ + { + "name": "from_date", + "in": "query", + "required": true, + "schema": { + "type": "string", + "format": "date-time", + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z).", + "title": "From Date" + }, + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z)." + }, + { + "name": "to_date", + "in": "query", + "required": true, + "schema": { + "type": "string", + "format": "date-time", + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).", + "title": "To Date" + }, + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z)." + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DiscoveredApplicationsResponse" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + }, + "x-tool-name": "get_discovered_applications", + "x-tool-description": "List the GenAI applications (e.g. ChatGPT, Claude, Gemini) that users in the tenant were seen using between from_date and to_date. For each app returns aggregated usage: total sessions, sessions with risk, distinct users, sensitive-content detections, use-case count, app type (Web/Desktop), and the catalog app id when known. Use this to inventory Shadow-AI application usage.", + "x-access-mode": "read" + } + }, + "/app/genai-protect-discovery/mcp/v1/discovery/applications/top": { + "get": { + "tags": [ + "MCP Application Discovery" + ], + "summary": "Get top discovered applications by sessions", + "operationId": "get_top_discovered_applications_mcp_v1_discovery_applications_top_get", + "security": [ + { + "HTTPBearer": [] + } + ], + "parameters": [ + { + "name": "from_date", + "in": "query", + "required": true, + "schema": { + "type": "string", + "format": "date-time", + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z).", + "title": "From Date" + }, + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z)." + }, + { + "name": "to_date", + "in": "query", + "required": true, + "schema": { + "type": "string", + "format": "date-time", + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).", + "title": "To Date" + }, + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z)." + }, + { + "name": "top_n", + "in": "query", + "required": false, + "schema": { + "type": "integer", + "maximum": 50, + "minimum": 1, + "description": "How many top applications to return.", + "default": 5, + "title": "Top N" + }, + "description": "How many top applications to return." + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TopDiscoveredApplicationsResponse" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + }, + "x-tool-name": "get_top_discovered_applications", + "x-tool-description": "Return the top_n GenAI applications by session count between from_date and to_date. Each entry includes a per-bucket session sparkline (the 'trends' array of {time_bucket, sessions}) and the change vs the previous equal-length period. Use this to see the most-used apps and whether usage is rising or falling.", + "x-access-mode": "read" + } + }, + "/app/genai-protect-discovery/mcp/v1/discovery/agents/overview": { + "get": { + "tags": [ + "MCP Application Discovery" + ], + "summary": "Get agents overview", + "operationId": "get_agents_overview_mcp_v1_discovery_agents_overview_get", + "security": [ + { + "HTTPBearer": [] + } + ], + "parameters": [ + { + "name": "from_date", + "in": "query", + "required": true, + "schema": { + "type": "string", + "format": "date-time", + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z).", + "title": "From Date" + }, + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z)." + }, + { + "name": "to_date", + "in": "query", + "required": true, + "schema": { + "type": "string", + "format": "date-time", + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).", + "title": "To Date" + }, + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z)." + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AgentsOverviewResponse" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + }, + "x-tool-name": "get_agents_overview", + "x-tool-description": "High-level summary of agentic (MCP) activity for the tenant between from_date and to_date: the number of active AI agents and the number of discovered MCP servers, each with the absolute and percentage change vs the previous period. Use this for a quick view of MCP adoption and its trend.", + "x-access-mode": "read" + } + }, + "/app/genai-protect-discovery/mcp/v1/discovery/agents/top-platforms": { + "get": { + "tags": [ + "MCP Application Discovery" + ], + "summary": "Get top MCP platforms by invocations", + "operationId": "get_agents_top_platforms_mcp_v1_discovery_agents_top_platforms_get", + "security": [ + { + "HTTPBearer": [] + } + ], + "parameters": [ + { + "name": "from_date", + "in": "query", + "required": true, + "schema": { + "type": "string", + "format": "date-time", + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z).", + "title": "From Date" + }, + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z)." + }, + { + "name": "to_date", + "in": "query", + "required": true, + "schema": { + "type": "string", + "format": "date-time", + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).", + "title": "To Date" + }, + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z)." + }, + { + "name": "top_n", + "in": "query", + "required": false, + "schema": { + "type": "integer", + "maximum": 50, + "minimum": 1, + "description": "How many top platforms to return.", + "default": 5, + "title": "Top N" + }, + "description": "How many top platforms to return." + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AgentsTopPlatformsResponse" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + }, + "x-tool-name": "get_agents_top_platforms", + "x-tool-description": "Return the top_n agent platforms (MCP hosts such as Claude Code or Cursor) by tool-invocation count between from_date and to_date. Each entry is a platform name and its total invocations. Platforms are identified by name only (no id).", + "x-access-mode": "read" + } + }, + "/app/genai-protect-discovery/mcp/v1/discovery/agents/active-servers": { + "get": { + "tags": [ + "MCP Application Discovery" + ], + "summary": "List active MCP servers", + "operationId": "get_active_mcp_servers_mcp_v1_discovery_agents_active_servers_get", + "security": [ + { + "HTTPBearer": [] + } + ], + "parameters": [ + { + "name": "from_date", + "in": "query", + "required": true, + "schema": { + "type": "string", + "format": "date-time", + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z).", + "title": "From Date" + }, + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z)." + }, + { + "name": "to_date", + "in": "query", + "required": true, + "schema": { + "type": "string", + "format": "date-time", + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).", + "title": "To Date" + }, + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z)." + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ActiveMcpServersResponse" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + }, + "x-tool-name": "get_active_mcp_servers", + "x-tool-description": "List MCP servers that were active (invoked at least once) between from_date and to_date. For each server returns its platform, server type and identifier, distinct users, capabilities, most-used tools, operation types (Create/Read/Update/Delete), invocation count, operating systems, tool count, and last-used time. A server's identity is the (server_type, server_identifier) pair.", + "x-access-mode": "read" + } + }, + "/app/genai-protect-discovery/mcp/v1/discovery/agents/inactive-servers": { + "get": { + "tags": [ + "MCP Application Discovery" + ], + "summary": "List inactive MCP servers", + "operationId": "get_inactive_mcp_servers_mcp_v1_discovery_agents_inactive_servers_get", + "security": [ + { + "HTTPBearer": [] + } + ], + "parameters": [ + { + "name": "from_date", + "in": "query", + "required": true, + "schema": { + "type": "string", + "format": "date-time", + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z).", + "title": "From Date" + }, + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z)." + }, + { + "name": "to_date", + "in": "query", + "required": true, + "schema": { + "type": "string", + "format": "date-time", + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).", + "title": "To Date" + }, + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z)." + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/InactiveMcpServersResponse" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + }, + "x-tool-name": "get_inactive_mcp_servers", + "x-tool-description": "List MCP servers that are known to the tenant but had no activity between from_date and to_date. Returns platform, server type and identifier, and distinct users. Use this to find unused or stale MCP servers.", + "x-access-mode": "read" + } + }, + "/app/genai-protect-discovery/mcp/v1/discovery/agents/tool-usage": { + "get": { + "tags": [ + "MCP Application Discovery" + ], + "summary": "Get MCP tool usage statistics", + "operationId": "get_agents_tool_usage_mcp_v1_discovery_agents_tool_usage_get", + "security": [ + { + "HTTPBearer": [] + } + ], + "parameters": [ + { + "name": "from_date", + "in": "query", + "required": true, + "schema": { + "type": "string", + "format": "date-time", + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z).", + "title": "From Date" + }, + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z)." + }, + { + "name": "to_date", + "in": "query", + "required": true, + "schema": { + "type": "string", + "format": "date-time", + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).", + "title": "To Date" + }, + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z)." + }, + { + "name": "top_n", + "in": "query", + "required": false, + "schema": { + "type": "integer", + "maximum": 50, + "minimum": 1, + "description": "How many top platforms to break down per operation.", + "default": 5, + "title": "Top N" + }, + "description": "How many top platforms to break down per operation." + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AgentsToolUsageResponse" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + }, + "x-tool-name": "get_agents_tool_usage", + "x-tool-description": "Break down MCP tool usage by operation type (Create/Read/Update/Delete/Unknown) between from_date and to_date. For each operation returns the current invocation count, the number of platforms, a per-platform breakdown, and the change vs the previous period. top_n limits the per-operation platform breakdown.", + "x-access-mode": "read" + } + }, + "/app/genai-protect-discovery/mcp/v1/discovery/agents/invocations-overtime": { + "get": { + "tags": [ + "MCP Application Discovery" + ], + "summary": "Get MCP invocations over time", + "operationId": "get_agents_invocations_overtime_mcp_v1_discovery_agents_invocations_overtime_get", + "security": [ + { + "HTTPBearer": [] + } + ], + "parameters": [ + { + "name": "from_date", + "in": "query", + "required": true, + "schema": { + "type": "string", + "format": "date-time", + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z).", + "title": "From Date" + }, + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z)." + }, + { + "name": "to_date", + "in": "query", + "required": true, + "schema": { + "type": "string", + "format": "date-time", + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).", + "title": "To Date" + }, + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z)." + } + ], + "responses": { + "200": { + "description": "Successful Response", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AgentsInvocationsOvertimeResponse" + } + } + } + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + } + } + }, + "x-tool-name": "get_agents_invocations_overtime", + "x-tool-description": "Return a time series of total MCP tool invocations between from_date and to_date — one point per time bucket ({time, invocations}). Use this to chart agentic activity over time.", + "x-access-mode": "read" + } } }, "components": { @@ -2886,6 +3448,30 @@ "title": "AddSecureBrowsingRuleRequest", "description": "Create a new Secure Browsing rule.\n\nSecure Browsing rules define threat-prevention policies for web browsing:\nphishing protection, password-reuse detection, and domain-based filtering." }, + "AddressRange": { + "properties": { + "ip_ranges": { + "items": { + "$ref": "#/components/schemas/IPRangeItem" + }, + "type": "array", + "maxItems": 200, + "title": "Ip Ranges", + "description": "List of IPv4 ranges" + }, + "cidrs": { + "items": { + "$ref": "#/components/schemas/CIDRItem" + }, + "type": "array", + "maxItems": 200, + "title": "Cidrs", + "description": "List of IPv4 CIDR blocks" + } + }, + "type": "object", + "title": "AddressRange" + }, "AgentsPolicy": { "properties": { "action": { @@ -2989,6 +3575,21 @@ ], "title": "AssignmentType" }, + "CIDRItem": { + "properties": { + "cidr": { + "type": "string", + "format": "cidr", + "title": "Cidr", + "description": "IPv4 CIDR block (e.g. '10.0.0.0/24')" + } + }, + "type": "object", + "required": [ + "cidr" + ], + "title": "CIDRItem" + }, "CategoryItem": { "properties": { "category_id": { @@ -3004,16 +3605,14 @@ }, "ChatsPolicy": { "properties": { - "event_type": { - "anyOf": [ - { - "$ref": "#/components/schemas/DLPEventType" - }, - { - "type": "null" - } - ], - "description": "Type of event to apply DLP policy on" + "event_types": { + "items": { + "$ref": "#/components/schemas/DLPEventType" + }, + "type": "array", + "minItems": 1, + "title": "Event Types", + "description": "Event types this rule applies to. Use [any] (or omit) to match every event; combine specific values (e.g. [file_upload, paste]). 'any' may NOT be combined with specific values. The legacy singular 'event_type' is still accepted as input for backward compatibility." }, "services_and_application": { "anyOf": [ @@ -3246,6 +3845,7 @@ "DLPEventType": { "type": "string", "enum": [ + "any", "file_upload", "file_download", "paste", @@ -3564,6 +4164,19 @@ "maxItems": 200, "title": "Domains", "description": "List of domains" + }, + "urls": { + "items": { + "$ref": "#/components/schemas/URLItem" + }, + "type": "array", + "maxItems": 200, + "title": "Urls", + "description": "List of URLs" + }, + "address_range": { + "$ref": "#/components/schemas/AddressRange", + "description": "IPv4 address ranges and CIDR blocks" } }, "type": "object", @@ -4100,6 +4713,38 @@ "type": "object", "title": "HTTPValidationError" }, + "IPRangeItem": { + "properties": { + "start_ip": { + "type": "string", + "format": "ipv4", + "title": "Start Ip", + "description": "First IPv4 address of the range (inclusive)" + }, + "end_ip": { + "type": "string", + "format": "ipv4", + "title": "End Ip", + "description": "Last IPv4 address of the range (inclusive)" + } + }, + "type": "object", + "required": [ + "start_ip", + "end_ip" + ], + "title": "IPRangeItem" + }, + "IncognitoAction": { + "type": "string", + "enum": [ + "block", + "allow", + "ignore" + ], + "title": "IncognitoAction", + "description": "Actions for incognito mode control." + }, "LoggingStatus": { "type": "string", "enum": [ @@ -4581,7 +5226,9 @@ "FILE_EMULATION", "PROTECTED_DOMAINS", "DOMAIN_SERVICES", - "EXCLUDE_DOMAINS" + "EXCLUDE_DOMAINS", + "USE_PAC", + "CUSTOM_AI_APPS" ], "title": "ObjectFeature" }, @@ -4755,7 +5402,11 @@ "POLICY_TYPE_PAAS", "POLICY_TYPE_DEPLOYMENT", "POLICY_TYPE_THREAT_PREVENTION", - "POLICY_TYPE_STRONG_AUTH" + "POLICY_TYPE_STRONG_AUTH", + "POLICY_TYPE_PROXY_CONFIG", + "POLICY_TYPE_PRODUCT_DEPLOYMENT", + "POLICY_TYPE_INTERNAL_SETTINGS", + "POLICY_TYPE_USER_DEPLOYMENT" ], "title": "PolicyType" }, @@ -5022,6 +5673,26 @@ } ] }, + "clickfix": { + "anyOf": [ + { + "$ref": "#/components/schemas/ThreatPreventionAction" + }, + { + "type": "null" + } + ] + }, + "incognito": { + "anyOf": [ + { + "$ref": "#/components/schemas/IncognitoAction" + }, + { + "type": "null" + } + ] + }, "safe_search": { "anyOf": [ { @@ -5032,288 +5703,761 @@ } ] }, - "search_reputation": { - "anyOf": [ - { - "$ref": "#/components/schemas/OnOff" - }, - { - "type": "null" - } - ] + "search_reputation": { + "anyOf": [ + { + "$ref": "#/components/schemas/OnOff" + }, + { + "type": "null" + } + ] + }, + "domain_exclusions": { + "items": { + "$ref": "#/components/schemas/DomainItem" + }, + "type": "array", + "title": "Domain Exclusions", + "description": "List of excluded domains" + }, + "protected_domains": { + "items": { + "$ref": "#/components/schemas/DomainItem" + }, + "type": "array", + "title": "Protected Domains", + "description": "List of protected domains" + }, + "url_exclusions": { + "items": { + "$ref": "#/components/schemas/URLItem" + }, + "type": "array", + "title": "Url Exclusions", + "description": "List of excluded URLs" + }, + "protected_urls": { + "items": { + "$ref": "#/components/schemas/URLItem" + }, + "type": "array", + "title": "Protected Urls", + "description": "List of protected URLs" + }, + "address_range_exclusions": { + "$ref": "#/components/schemas/AddressRange", + "description": "IPv4 address ranges and CIDR blocks excluded from threat prevention" + }, + "protected_address_range": { + "$ref": "#/components/schemas/AddressRange", + "description": "IPv4 address ranges and CIDR blocks protected by threat prevention" + }, + "logging": { + "anyOf": [ + { + "$ref": "#/components/schemas/LoggingStatus" + }, + { + "type": "null" + } + ], + "description": "Whether logging is enabled" + } + }, + "type": "object", + "title": "SecureBrowsingPolicy" + }, + "SelectionMode": { + "type": "string", + "enum": [ + "selected", + "all" + ], + "title": "SelectionMode", + "description": "Selection mode enumeration." + }, + "ServerOperations": { + "properties": { + "CREATE": { + "anyOf": [ + { + "$ref": "#/components/schemas/OperationMatch" + }, + { + "type": "null" + } + ], + "description": "Match or unmatch CREATE operation" + }, + "READ": { + "anyOf": [ + { + "$ref": "#/components/schemas/OperationMatch" + }, + { + "type": "null" + } + ], + "description": "Match or unmatch READ operation" + }, + "UPDATE": { + "anyOf": [ + { + "$ref": "#/components/schemas/OperationMatch" + }, + { + "type": "null" + } + ], + "description": "Match or unmatch UPDATE operation" + }, + "DELETE": { + "anyOf": [ + { + "$ref": "#/components/schemas/OperationMatch" + }, + { + "type": "null" + } + ], + "description": "Match or unmatch DELETE operation" + }, + "OTHER": { + "anyOf": [ + { + "$ref": "#/components/schemas/OperationMatch" + }, + { + "type": "null" + } + ], + "description": "Match or unmatch OTHER operation (those not detected)" + } + }, + "type": "object", + "title": "ServerOperations" + }, + "ServicesAndApplication": { + "properties": { + "domain": { + "items": { + "$ref": "#/components/schemas/DomainItem" + }, + "type": "array", + "title": "Domain", + "description": "List of domains" + }, + "url": { + "items": { + "$ref": "#/components/schemas/URLItem" + }, + "type": "array", + "title": "Url", + "description": "List of URLs" + }, + "address_range": { + "$ref": "#/components/schemas/AddressRange", + "description": "IPv4 address ranges and CIDR blocks" + }, + "genai_application": { + "items": { + "$ref": "#/components/schemas/GenAIApp" + }, + "type": "array", + "title": "Genai Application", + "description": "List of GenAI applications" + }, + "web_application": { + "items": { + "$ref": "#/components/schemas/WebApp" + }, + "type": "array", + "title": "Web Application", + "description": "List of web applications" + }, + "category": { + "items": { + "$ref": "#/components/schemas/CategoryItem" + }, + "type": "array", + "title": "Category", + "description": "List of URLF categories" + }, + "mode": { + "anyOf": [ + { + "$ref": "#/components/schemas/SelectionMode" + }, + { + "type": "null" + } + ], + "description": "Whether to apply to all services and applications or to only selected ones" + } + }, + "type": "object", + "title": "ServicesAndApplication" + }, + "SetAccessPolicyRequest": { + "properties": { + "rule_id": { + "type": "string", + "title": "Rule Id", + "description": "UUID of the rule to update" + }, + "policy": { + "$ref": "#/components/schemas/AccessPolicy", + "description": "Complete access policy; replaces the existing configuration entirely" + } + }, + "type": "object", + "required": [ + "rule_id", + "policy" + ], + "title": "SetAccessPolicyRequest", + "description": "Replace the entire Access policy of a rule (full overwrite)." + }, + "SetChatsPolicyRequest": { + "properties": { + "rule_id": { + "type": "string", + "title": "Rule Id", + "description": "UUID of the rule to update" + }, + "policy": { + "$ref": "#/components/schemas/ChatsPolicy", + "description": "Complete Chats policy; replaces the existing configuration entirely" + } + }, + "type": "object", + "required": [ + "rule_id", + "policy" + ], + "title": "SetChatsPolicyRequest", + "description": "Replace the entire Chats policy of a rule (full overwrite)." + }, + "SetMCPServerPolicyRequest": { + "properties": { + "rule_id": { + "type": "string", + "title": "Rule Id", + "description": "UUID of the rule to update" + }, + "policy": { + "$ref": "#/components/schemas/AgentsPolicy", + "description": "Complete Agents policy; replaces the existing configuration entirely" + } + }, + "type": "object", + "required": [ + "rule_id", + "policy" + ], + "title": "SetMCPServerPolicyRequest", + "description": "Replace the entire Agents policy of a rule (full overwrite)." + }, + "SetSecureBrowsingPolicyRequest": { + "properties": { + "rule_id": { + "type": "string", + "title": "Rule Id", + "description": "UUID of the rule to update" + }, + "policy": { + "$ref": "#/components/schemas/SecureBrowsingPolicy", + "description": "Complete Secure Browsing policy; replaces the existing configuration entirely" + } + }, + "type": "object", + "required": [ + "rule_id", + "policy" + ], + "title": "SetSecureBrowsingPolicyRequest", + "description": "Replace the entire Secure Browsing policy of a rule (full overwrite)." + }, + "ShadowAnalysisResponse": { + "properties": { + "policy_type": { + "$ref": "#/components/schemas/PolicyType" }, - "domain_exclusions": { - "items": { - "$ref": "#/components/schemas/DomainItem" - }, - "type": "array", - "title": "Domain Exclusions", - "description": "List of excluded domains" + "total_rules": { + "type": "integer", + "title": "Total Rules", + "description": "Total number of active rules evaluated" }, - "protected_domains": { + "shadowed_rules": { "items": { - "$ref": "#/components/schemas/DomainItem" + "$ref": "#/components/schemas/ShadowedRule" }, "type": "array", - "title": "Protected Domains", - "description": "List of protected domains" + "title": "Shadowed Rules" } }, "type": "object", - "title": "SecureBrowsingPolicy" - }, - "SelectionMode": { - "type": "string", - "enum": [ - "selected", - "all" + "required": [ + "policy_type", + "total_rules", + "shadowed_rules" ], - "title": "SelectionMode", - "description": "Selection mode enumeration." + "title": "ShadowAnalysisResponse", + "description": "Response for the shadow analysis API." }, - "ServerOperations": { + "ShadowedRule": { "properties": { - "CREATE": { - "anyOf": [ - { - "$ref": "#/components/schemas/OperationMatch" - }, - { - "type": "null" - } - ], - "description": "Match or unmatch CREATE operation" + "rule_id": { + "type": "string", + "title": "Rule Id" }, - "READ": { + "rule_name": { + "type": "string", + "title": "Rule Name" + }, + "order": { + "type": "integer", + "title": "Order" + }, + "shadowed_by_rule_id": { "anyOf": [ { - "$ref": "#/components/schemas/OperationMatch" + "type": "string" }, { "type": "null" } ], - "description": "Match or unmatch READ operation" + "title": "Shadowed By Rule Id" }, - "UPDATE": { + "shadowed_by_rule_name": { "anyOf": [ { - "$ref": "#/components/schemas/OperationMatch" + "type": "string" }, { "type": "null" } ], - "description": "Match or unmatch UPDATE operation" + "title": "Shadowed By Rule Name" }, - "DELETE": { + "shadowed_by_order": { "anyOf": [ { - "$ref": "#/components/schemas/OperationMatch" + "type": "integer" }, { "type": "null" } ], - "description": "Match or unmatch DELETE operation" + "title": "Shadowed By Order" }, - "OTHER": { + "reason": { + "type": "string", + "title": "Reason", + "description": "Human-readable verdict explaining WHY this rule is shadowed" + } + }, + "type": "object", + "required": [ + "rule_id", + "rule_name", + "order", + "reason" + ], + "title": "ShadowedRule", + "description": "A rule that is fully shadowed by an earlier rule, or unreachable." + }, + "SupportedFileType": { + "type": "string", + "enum": [ + "pdf", + "doc", + "docx", + "xls", + "xlsx", + "ppt", + "pptx", + "exe", + "tar", + "zip", + "rar", + "7z", + "rtf", + "dot", + "docm", + "dotx", + "dotm", + "xlt", + "xlm", + "xltx", + "xlsm", + "xltm", + "xlsb", + "xla", + "xlam", + "xll", + "xlw", + "pps", + "pptm", + "potx", + "potm", + "ppam", + "ppsx", + "ppsm", + "sldx", + "sldm", + "csv", + "scr", + "swf", + "jar", + "cab", + "tgz", + "pif", + "gz", + "bz2", + "tbz2", + "tb2", + "tbz", + "com", + "xz", + "cpl", + "dll", + "lnk", + "img", + "iso", + "wim", + "arj", + "bat", + "ps1", + "hwp", + "iqy", + "slk", + "udf", + "uue", + "pkg", + "msi", + "msg", + "o", + "dylib", + "app", + "dmg", + "qcow2", + "sh", + "one", + "xar", + "wsf", + "aspx" + ], + "title": "SupportedFileType" + }, + "ThreatPreventionAction": { + "type": "string", + "enum": [ + "detect", + "prevent", + "ask", + "off" + ], + "title": "ThreatPreventionAction", + "description": "Actions for threat prevention features." + }, + "Tooling": { + "properties": { + "match_mode": { "anyOf": [ { - "$ref": "#/components/schemas/OperationMatch" + "$ref": "#/components/schemas/MatchToolsMode" }, { "type": "null" } ], - "description": "Match or unmatch OTHER operation (those not detected)" - } - }, - "type": "object", - "title": "ServerOperations" - }, - "ServicesAndApplication": { - "properties": { - "domain": { - "items": { - "$ref": "#/components/schemas/DomainItem" - }, - "type": "array", - "title": "Domain", - "description": "List of domains" - }, - "url": { - "items": { - "$ref": "#/components/schemas/URLItem" - }, - "type": "array", - "title": "Url", - "description": "List of URLs" - }, - "genai_application": { - "items": { - "$ref": "#/components/schemas/GenAIApp" - }, - "type": "array", - "title": "Genai Application", - "description": "List of GenAI applications" + "description": "Match mode for tools: tools_include, tools_exclude, operations, all" }, - "category": { - "items": { - "$ref": "#/components/schemas/CategoryItem" - }, - "type": "array", - "title": "Category", - "description": "List of URLF categories" + "tools": { + "anyOf": [ + { + "items": { + "$ref": "#/components/schemas/MCPToolItem" + }, + "type": "array" + }, + { + "type": "null" + } + ], + "title": "Tools", + "description": "List of tools for matching" }, - "mode": { + "operations": { "anyOf": [ { - "$ref": "#/components/schemas/SelectionMode" + "$ref": "#/components/schemas/ServerOperations" }, { "type": "null" } ], - "description": "Whether to apply to all services and applications or to only selected ones" + "description": "Operations match configuration" } }, "type": "object", - "title": "ServicesAndApplication" + "title": "Tooling" }, - "SetAccessPolicyRequest": { + "URLConfig": { "properties": { - "rule_id": { - "type": "string", - "title": "Rule Id", - "description": "UUID of the rule to update" + "url": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Url", + "description": "URL of the remote server", + "default": "", + "examples": [ + "https://mcp-server.example.com/path" + ] }, - "policy": { - "$ref": "#/components/schemas/AccessPolicy", - "description": "Complete access policy; replaces the existing configuration entirely" + "match_mode": { + "anyOf": [ + { + "$ref": "#/components/schemas/URLMatchMode" + }, + { + "type": "null" + } + ], + "description": "Match mode for URL matching (exact_url or url_contains)", + "default": "exact_url" } }, "type": "object", - "required": [ - "rule_id", - "policy" + "title": "URLConfig" + }, + "URLFCategory": { + "type": "integer", + "enum": [ + 1, + 3, + 5, + 7, + 11, + 12, + 15, + 32, + 21, + 24, + 25, + 0, + 34, + 35, + 37, + 39, + 41, + 42, + 45, + 47, + 49, + 51, + 53, + 54, + 58, + 59, + 60, + 68, + 69, + 71, + 72, + 74, + 75, + 76, + 51000001, + 51000002, + 52000130, + 50000032, + 52000132, + 60517663, + 60530541, + 60530542, + 60530648, + 31, + 55, + 65, + 66, + 67, + 77, + 51000003, + 51000004, + 51000005, + 52000038, + 60530540, + 9, + 13, + 14, + 17, + 18, + 26, + 33, + 56, + 61, + 62, + 70, + 73, + 78, + 30, + 52000047, + 52000058, + 52000069, + 50000086, + 23, + 52000136, + 52000046, + 52000051, + 60531762 ], - "title": "SetAccessPolicyRequest", - "description": "Replace the entire Access policy of a rule (full overwrite)." + "title": "URLFCategory", + "description": "URLF Category enumeration with display names as keys and category IDs as values." }, - "SetChatsPolicyRequest": { + "URLItem": { "properties": { - "rule_id": { + "url": { "type": "string", - "title": "Rule Id", - "description": "UUID of the rule to update" - }, - "policy": { - "$ref": "#/components/schemas/ChatsPolicy", - "description": "Complete Chats policy; replaces the existing configuration entirely" + "format": "uri", + "title": "Url", + "description": "Valid URL" } }, "type": "object", "required": [ - "rule_id", - "policy" + "url" ], - "title": "SetChatsPolicyRequest", - "description": "Replace the entire Chats policy of a rule (full overwrite)." + "title": "URLItem" }, - "SetMCPServerPolicyRequest": { - "properties": { - "rule_id": { - "type": "string", - "title": "Rule Id", - "description": "UUID of the rule to update" - }, - "policy": { - "$ref": "#/components/schemas/AgentsPolicy", - "description": "Complete Agents policy; replaces the existing configuration entirely" - } - }, - "type": "object", - "required": [ - "rule_id", - "policy" + "URLMatchMode": { + "type": "string", + "enum": [ + "exact_url", + "url_contains" ], - "title": "SetMCPServerPolicyRequest", - "description": "Replace the entire Agents policy of a rule (full overwrite)." + "title": "URLMatchMode", + "description": "URL matching mode enumeration for remote server URL matching.\n\nMatching modes:\n- EXACT_URL: Matches the exact full URL\n e.g., \"http://sub1.sub2.something.com/alsohere/something\"\n- URL_CONTAINS: Matches if the URL contains the specified string\n e.g., \"alsohere\" matches any URL containing \"alsohere\"" }, - "SetSecureBrowsingPolicyRequest": { + "UnknownServerConfig": { "properties": { - "rule_id": { - "type": "string", - "title": "Rule Id", - "description": "UUID of the rule to update" + "args": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Args", + "description": "Arguments for unknown server types", + "default": "", + "examples": [ + "--default-arg" + ] }, - "policy": { - "$ref": "#/components/schemas/SecureBrowsingPolicy", - "description": "Complete Secure Browsing policy; replaces the existing configuration entirely" + "match_mode": { + "anyOf": [ + { + "$ref": "#/components/schemas/MatchMode" + }, + { + "type": "null" + } + ], + "description": "Match mode for args matching", + "default": "exact" } }, "type": "object", - "required": [ - "rule_id", - "policy" - ], - "title": "SetSecureBrowsingPolicyRequest", - "description": "Replace the entire Secure Browsing policy of a rule (full overwrite)." + "title": "UnknownServerConfig" }, - "ShadowAnalysisResponse": { + "UpdateDomainsObjectRequest": { "properties": { - "policy_type": { - "$ref": "#/components/schemas/PolicyType" + "object_id": { + "type": "string", + "format": "uuid", + "title": "Object Id", + "description": "ID of the object to update" + }, + "name": { + "anyOf": [ + { + "type": "string", + "maxLength": 255, + "minLength": 1 + }, + { + "type": "null" + } + ], + "title": "Name", + "description": "New display name" }, - "total_rules": { - "type": "integer", - "title": "Total Rules", - "description": "Total number of active rules evaluated" + "description": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Description", + "description": "New description" }, - "shadowed_rules": { - "items": { - "$ref": "#/components/schemas/ShadowedRule" - }, - "type": "array", - "title": "Shadowed Rules" + "object_data": { + "anyOf": [ + { + "$ref": "#/components/schemas/DomainsObject" + }, + { + "type": "null" + } + ], + "description": "New domain list; replaces the existing list entirely" } }, "type": "object", "required": [ - "policy_type", - "total_rules", - "shadowed_rules" + "object_id" ], - "title": "ShadowAnalysisResponse", - "description": "Response for the shadow analysis API." + "title": "UpdateDomainsObjectRequest", + "description": "Update an existing domains object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing domain list entirely." }, - "ShadowedRule": { + "UpdateFileProtectionObjectRequest": { "properties": { - "rule_id": { - "type": "string", - "title": "Rule Id" - }, - "rule_name": { + "object_id": { "type": "string", - "title": "Rule Name" - }, - "order": { - "type": "integer", - "title": "Order" + "format": "uuid", + "title": "Object Id", + "description": "ID of the object to update" }, - "shadowed_by_rule_id": { + "name": { "anyOf": [ { - "type": "string" + "type": "string", + "maxLength": 255, + "minLength": 1 }, { "type": "null" } ], - "title": "Shadowed By Rule Id" + "title": "Name", + "description": "New display name" }, - "shadowed_by_rule_name": { + "description": { "anyOf": [ { "type": "string" @@ -5322,317 +6466,375 @@ "type": "null" } ], - "title": "Shadowed By Rule Name" + "title": "Description", + "description": "New description" }, - "shadowed_by_order": { + "object_data": { "anyOf": [ { - "type": "integer" + "$ref": "#/components/schemas/FileProtectionObject" }, { "type": "null" } ], - "title": "Shadowed By Order" - }, - "reason": { - "type": "string", - "title": "Reason", - "description": "Human-readable verdict explaining WHY this rule is shadowed" + "description": "New file protection configuration; replaces the existing settings entirely" } }, "type": "object", "required": [ - "rule_id", - "rule_name", - "order", - "reason" + "object_id" ], - "title": "ShadowedRule", - "description": "A rule that is fully shadowed by an earlier rule, or unreachable." + "title": "UpdateFileProtectionObjectRequest", + "description": "Update an existing file-protection object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing configuration entirely." }, - "SupportedFileType": { - "type": "string", - "enum": [ - "pdf", - "doc", - "docx", - "xls", - "xlsx", - "ppt", - "pptx", - "exe", - "tar", - "zip", - "rar", - "7z", - "rtf", - "dot", - "docm", - "dotx", - "dotm", - "xlt", - "xlm", - "xltx", - "xlsm", - "xltm", - "xlsb", - "xla", - "xlam", - "xll", - "xlw", - "pps", - "pptm", - "potx", - "potm", - "ppam", - "ppsx", - "ppsm", - "sldx", - "sldm", - "csv", - "scr", - "swf", - "jar", - "cab", - "tgz", - "pif", - "gz", - "bz2", - "tbz2", - "tb2", - "tbz", - "com", - "xz", - "cpl", - "dll", - "lnk", - "img", - "iso", - "wim", - "arj", - "bat", - "ps1", - "hwp", - "iqy", - "slk", - "udf", - "uue", - "pkg", - "msi", + "UpdateObjectResponse": { + "properties": { + "objects": { + "items": { + "$ref": "#/components/schemas/ObjectResponse" + }, + "type": "array", + "title": "Objects" + } + }, + "type": "object", + "required": [ + "objects" + ], + "title": "UpdateObjectResponse", + "description": "Response after updating an object (returns metadata only)." + }, + "ValidationError": { + "properties": { + "loc": { + "items": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "integer" + } + ] + }, + "type": "array", + "title": "Location" + }, + "msg": { + "type": "string", + "title": "Message" + }, + "type": { + "type": "string", + "title": "Error Type" + }, + "input": { + "title": "Input" + }, + "ctx": { + "type": "object", + "title": "Context" + } + }, + "type": "object", + "required": [ + "loc", "msg", - "o", - "dylib", - "app", - "dmg", - "qcow2", - "sh", - "one", - "xar", - "wsf", - "aspx" + "type" ], - "title": "SupportedFileType" + "title": "ValidationError" }, - "ThreatPreventionAction": { - "type": "string", - "enum": [ - "detect", - "prevent", - "ask", - "off" + "WebApp": { + "properties": { + "id": { + "type": "integer", + "exclusiveMinimum": 0, + "title": "Id", + "description": "Web application ID" + }, + "mode": { + "anyOf": [ + { + "$ref": "#/components/schemas/SelectionMode" + }, + { + "type": "null" + } + ], + "description": "Selection mode: 'all' or 'selected'", + "default": "all" + } + }, + "type": "object", + "required": [ + "id" ], - "title": "ThreatPreventionAction", - "description": "Actions for threat prevention features." + "title": "WebApp" }, - "Tooling": { + "Asset": { "properties": { - "match_mode": { + "device": { + "$ref": "#/components/schemas/Device" + }, + "user": { "anyOf": [ { - "$ref": "#/components/schemas/MatchToolsMode" + "$ref": "#/components/schemas/User" }, { "type": "null" } - ], - "description": "Match mode for tools: tools_include, tools_exclude, operations, all" + ] }, - "tools": { + "ping": { "anyOf": [ { - "items": { - "$ref": "#/components/schemas/MCPToolItem" + "$ref": "#/components/schemas/Ping" + }, + { + "type": "null" + } + ] + }, + "deployment": { + "anyOf": [ + { + "additionalProperties": { + "$ref": "#/components/schemas/ModuleDeploymentData" }, - "type": "array" + "propertyNames": { + "$ref": "#/components/schemas/ModuleEnum" + }, + "type": "object" }, { "type": "null" } ], - "title": "Tools", - "description": "List of tools for matching" + "title": "Deployment" }, - "operations": { + "policy": { "anyOf": [ { - "$ref": "#/components/schemas/ServerOperations" + "additionalProperties": { + "additionalProperties": { + "$ref": "#/components/schemas/PolicyTypeData" + }, + "propertyNames": { + "$ref": "#/components/schemas/PolicyTypeExternal" + }, + "type": "object" + }, + "propertyNames": { + "$ref": "#/components/schemas/RequestSource" + }, + "type": "object" }, { "type": "null" } ], - "description": "Operations match configuration" - } - }, - "type": "object", - "title": "Tooling" - }, - "URLConfig": { - "properties": { - "url": { + "title": "Policy" + }, + "status": { "anyOf": [ { - "type": "string" + "additionalProperties": { + "$ref": "#/components/schemas/HealthStatus" + }, + "propertyNames": { + "$ref": "#/components/schemas/StatusComponent" + }, + "type": "object" }, { "type": "null" } ], - "title": "Url", - "description": "URL of the remote server", - "default": "", - "examples": [ - "https://mcp-server.example.com/path" - ] + "title": "Status" }, - "match_mode": { + "environment": { "anyOf": [ { - "$ref": "#/components/schemas/URLMatchMode" + "$ref": "#/components/schemas/EnvironmentData" }, { "type": "null" } - ], - "description": "Match mode for URL matching (exact_url or url_contains)", - "default": "exact_url" + ] } }, "type": "object", - "title": "URLConfig" + "required": [ + "device" + ], + "title": "Asset", + "description": "Complete asset with optional joined domains." }, - "URLFCategory": { - "type": "integer", - "enum": [ - 1, - 3, - 5, - 7, - 11, - 12, - 15, - 32, - 21, - 24, - 25, - 0, - 34, - 35, - 37, - 39, - 41, - 42, - 45, - 47, - 49, - 51, - 53, - 54, - 58, - 59, - 60, - 68, - 69, - 71, - 72, - 74, - 75, - 76, - 51000001, - 51000002, - 52000130, - 50000032, - 52000132, - 60517663, - 60530541, - 60530542, - 60530648, - 31, - 55, - 65, - 66, - 67, - 77, - 51000003, - 51000004, - 51000005, - 52000038, - 60530540, - 9, - 13, - 14, - 17, - 18, - 26, - 33, - 56, - 61, - 62, - 70, - 73, - 78, - 30, - 52000047, - 52000058, - 52000069, - 50000086, - 23, - 52000136, - 52000046, - 52000051, - 60531762 + "AssetsCountResponse": { + "properties": { + "tenant_id": { + "type": "string", + "format": "uuid", + "title": "Tenant Id" + }, + "count": { + "type": "integer", + "title": "Count" + }, + "filters_applied": { + "type": "integer", + "title": "Filters Applied", + "description": "Number of filters that were applied" + } + }, + "type": "object", + "required": [ + "tenant_id", + "count", + "filters_applied" ], - "title": "URLFCategory", - "description": "URLF Category enumeration with display names as keys and category IDs as values." + "title": "AssetsCountResponse", + "description": "Response for count queries." }, - "URLItem": { + "AssetsResponse": { "properties": { - "url": { + "tenant_id": { + "type": "string", + "format": "uuid", + "title": "Tenant Id" + }, + "assets": { + "items": { + "$ref": "#/components/schemas/Asset" + }, + "type": "array", + "title": "Assets" + }, + "limit": { + "type": "integer", + "title": "Limit" + }, + "offset": { + "type": "integer", + "title": "Offset" + } + }, + "type": "object", + "required": [ + "tenant_id", + "assets", + "limit", + "offset" + ], + "title": "AssetsResponse", + "description": "Response with assets and pagination metadata." + }, + "Device": { + "properties": { + "device_unique_id": { + "type": "string", + "format": "uuid", + "title": "Device Unique Id", + "description": "Unique device identifier" + }, + "name": { + "type": "string", + "title": "Name", + "description": "Device name (unique per tenant)" + }, + "device_sid": { + "type": "string", + "title": "Device Sid", + "description": "Device SID" + }, + "state": { + "$ref": "#/components/schemas/DeviceStatus", + "description": "Device state (valid or deleted)" + }, + "uninstall_time": { + "anyOf": [ + { + "type": "string", + "format": "date-time" + }, + { + "type": "null" + } + ], + "title": "Uninstall Time", + "description": "When device was uninstalled" + }, + "created_at": { "type": "string", - "format": "uri", - "title": "Url", - "description": "Valid URL" + "format": "date-time", + "title": "Created At", + "description": "Created timestamp" + }, + "updated_at": { + "type": "string", + "format": "date-time", + "title": "Updated At", + "description": "Updated timestamp" } }, "type": "object", "required": [ - "url" + "device_unique_id", + "name", + "device_sid", + "state", + "created_at", + "updated_at" ], - "title": "URLItem" + "title": "Device", + "description": "External-safe twin of GlobalDevice." }, - "URLMatchMode": { + "DeviceStatus": { "type": "string", "enum": [ - "exact_url", - "url_contains" + "valid", + "deleted" ], - "title": "URLMatchMode", - "description": "URL matching mode enumeration for remote server URL matching.\n\nMatching modes:\n- EXACT_URL: Matches the exact full URL\n e.g., \"http://sub1.sub2.something.com/alsohere/something\"\n- URL_CONTAINS: Matches if the URL contains the specified string\n e.g., \"alsohere\" matches any URL containing \"alsohere\"" + "title": "DeviceStatus", + "description": "External-facing device lifecycle status." }, - "UnknownServerConfig": { + "DeviceTypeEnum": { + "type": "string", + "enum": [ + "Laptop", + "Desktop", + "Workstation", + "unknown" + ], + "title": "DeviceTypeEnum" + }, + "EnvironmentData": { "properties": { - "args": { + "device_type": { + "anyOf": [ + { + "$ref": "#/components/schemas/DeviceTypeEnum" + }, + { + "type": "null" + } + ], + "description": "Device type (laptop, desktop, etc.)" + }, + "os": { + "anyOf": [ + { + "$ref": "#/components/schemas/OSEnum" + }, + { + "type": "null" + } + ], + "description": "Operating system" + }, + "os_version": { "anyOf": [ { "type": "string" @@ -5641,103 +6843,273 @@ "type": "null" } ], - "title": "Args", - "description": "Arguments for unknown server types", - "default": "", - "examples": [ - "--default-arg" - ] + "title": "Os Version", + "description": "Operating system version" }, - "match_mode": { + "ip": { "anyOf": [ { - "$ref": "#/components/schemas/MatchMode" + "type": "string" }, { "type": "null" } ], - "description": "Match mode for args matching", - "default": "exact" + "title": "Ip", + "description": "Device IP address (IPv4 or IPv6)" } }, "type": "object", - "title": "UnknownServerConfig" + "title": "EnvironmentData", + "description": "External-safe twin of EnvironmentData." + }, + "HealthStatus": { + "type": "string", + "enum": [ + "healthy", + "unhealthy" + ], + "title": "HealthStatus", + "description": "Component health derived from status code: healthy when code == 0, unhealthy otherwise." + }, + "ModuleDeploymentData": { + "properties": { + "version": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Version", + "description": "Current version" + } + }, + "type": "object", + "title": "ModuleDeploymentData", + "description": "External-safe twin of ModuleDeploymentData — exposes version only." + }, + "ModuleEnum": { + "type": "string", + "enum": [ + "chrome", + "firefox", + "edge", + "brave", + "comet", + "safari", + "surf", + "mcp", + "proxy", + "da" + ], + "title": "ModuleEnum" + }, + "OSEnum": { + "type": "string", + "enum": [ + "Windows", + "macOS", + "Linux", + "ChromeOS" + ], + "title": "OSEnum", + "description": "Operating system enumeration" + }, + "Ping": { + "properties": { + "last_connected": { + "type": "string", + "format": "date-time", + "title": "Last Connected", + "description": "Last connection timestamp" + } + }, + "type": "object", + "required": [ + "last_connected" + ], + "title": "Ping", + "description": "External-safe twin of PingData." + }, + "PolicyTypeData": { + "properties": { + "rulebase_version": { + "type": "integer", + "title": "Rulebase Version", + "description": "Version of the rulebase" + } + }, + "type": "object", + "required": [ + "rulebase_version" + ], + "title": "PolicyTypeData", + "description": "Policy rulebase version for a given policy type." + }, + "PolicyTypeExternal": { + "type": "string", + "enum": [ + "chats", + "access", + "agents", + "browse_securing" + ], + "title": "PolicyTypeExternal", + "description": "External-facing policy types with consumer-friendly names." + }, + "RequestSource": { + "type": "string", + "enum": [ + "device", + "edge", + "chrome", + "firefox", + "brave", + "comet", + "safari", + "surf", + "na" + ], + "title": "RequestSource" + }, + "StatusComponent": { + "type": "string", + "enum": [ + "proxy_health", + "mcp_health" + ], + "title": "StatusComponent", + "description": "External-facing subset of status components exposed to API consumers." + }, + "User": { + "properties": { + "user_unique_id": { + "type": "string", + "format": "uuid", + "title": "User Unique Id", + "description": "Unique user identifier" + }, + "name": { + "type": "string", + "title": "Name", + "description": "User name" + }, + "display_name": { + "type": "string", + "title": "Display Name", + "description": "Display name" + }, + "samname": { + "type": "string", + "title": "Samname", + "description": "SAM account name (unique per tenant)" + }, + "created_at": { + "type": "string", + "format": "date-time", + "title": "Created At", + "description": "Created timestamp" + }, + "updated_at": { + "type": "string", + "format": "date-time", + "title": "Updated At", + "description": "Updated timestamp" + } + }, + "type": "object", + "required": [ + "user_unique_id", + "name", + "display_name", + "samname", + "created_at", + "updated_at" + ], + "title": "User", + "description": "External-safe twin of GlobalUser." }, - "UpdateDomainsObjectRequest": { + "UserItem": { "properties": { - "object_id": { + "user_unique_id": { "type": "string", "format": "uuid", - "title": "Object Id", - "description": "ID of the object to update" + "title": "User Unique Id", + "description": "Unique user identifier" }, "name": { - "anyOf": [ - { - "type": "string", - "maxLength": 255, - "minLength": 1 - }, - { - "type": "null" - } - ], + "type": "string", "title": "Name", - "description": "New display name" + "description": "User name (CN path)" }, - "description": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "null" - } - ], - "title": "Description", - "description": "New description" + "display_name": { + "type": "string", + "title": "Display Name", + "description": "Display name" }, - "object_data": { - "anyOf": [ - { - "$ref": "#/components/schemas/DomainsObject" - }, - { - "type": "null" - } - ], - "description": "New domain list; replaces the existing list entirely" + "samname": { + "type": "string", + "title": "Samname", + "description": "SAM account name" } }, "type": "object", "required": [ - "object_id" + "user_unique_id", + "name", + "display_name", + "samname" ], - "title": "UpdateDomainsObjectRequest", - "description": "Update an existing domains object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing domain list entirely." + "title": "UserItem", + "description": "External-safe user item." }, - "UpdateFileProtectionObjectRequest": { + "UsersResponse": { "properties": { - "object_id": { + "tenant_id": { "type": "string", "format": "uuid", - "title": "Object Id", - "description": "ID of the object to update" + "title": "Tenant Id" + }, + "users": { + "items": { + "$ref": "#/components/schemas/UserItem" + }, + "type": "array", + "title": "Users" + }, + "limit": { + "type": "integer", + "title": "Limit" + }, + "offset": { + "type": "integer", + "title": "Offset" + } + }, + "type": "object", + "required": [ + "tenant_id", + "users", + "limit", + "offset" + ], + "title": "UsersResponse", + "description": "Response with users and pagination metadata." + }, + "AppResult": { + "properties": { + "app_id": { + "type": "integer", + "title": "App Id", + "description": "Unique app identifier" }, "name": { - "anyOf": [ - { - "type": "string", - "maxLength": 255, - "minLength": 1 - }, - { - "type": "null" - } - ], + "type": "string", "title": "Name", - "description": "New display name" + "description": "App name" }, "description": { "anyOf": [ @@ -5749,666 +7121,667 @@ } ], "title": "Description", - "description": "New description" + "description": "App description" }, - "object_data": { + "page_url": { "anyOf": [ { - "$ref": "#/components/schemas/FileProtectionObject" + "type": "string" }, { "type": "null" } ], - "description": "New file protection configuration; replaces the existing settings entirely" + "title": "Page Url", + "description": "App page URL" } }, "type": "object", "required": [ - "object_id" + "app_id", + "name" ], - "title": "UpdateFileProtectionObjectRequest", - "description": "Update an existing file-protection object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing configuration entirely." + "title": "AppResult", + "description": "A single app result with minimal fields." }, - "UpdateObjectResponse": { + "AppSearchResponse": { "properties": { - "objects": { + "results": { "items": { - "$ref": "#/components/schemas/ObjectResponse" + "$ref": "#/components/schemas/AppResult" }, "type": "array", - "title": "Objects" + "title": "Results", + "description": "Matching apps (max 10)" } }, "type": "object", - "required": [ - "objects" - ], - "title": "UpdateObjectResponse", - "description": "Response after updating an object (returns metadata only)." + "title": "AppSearchResponse", + "description": "Response with matching apps (max 10)." }, - "ValidationError": { + "AppsByIdsResponse": { "properties": { - "loc": { + "results": { "items": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "integer" - } - ] + "$ref": "#/components/schemas/AppResult" }, "type": "array", - "title": "Location" - }, - "msg": { - "type": "string", - "title": "Message" - }, - "type": { - "type": "string", - "title": "Error Type" - }, - "input": { - "title": "Input" - }, - "ctx": { - "type": "object", - "title": "Context" + "title": "Results", + "description": "Matching apps" } }, "type": "object", - "required": [ - "loc", - "msg", - "type" + "title": "AppsByIdsResponse", + "description": "Response with apps by IDs." + }, + "SearchBy": { + "type": "string", + "enum": [ + "name", + "name_and_description", + "url" ], - "title": "ValidationError" + "title": "SearchBy" }, - "Asset": { + "ActiveMcpServer": { "properties": { - "device": { - "$ref": "#/components/schemas/Device" - }, - "user": { - "anyOf": [ - { - "$ref": "#/components/schemas/User" - }, - { - "type": "null" - } - ] + "platform": { + "type": "string", + "title": "Platform", + "description": "Platform name" }, - "ping": { - "anyOf": [ - { - "$ref": "#/components/schemas/Ping" - }, - { - "type": "null" - } - ] + "server_type": { + "$ref": "#/components/schemas/McpServerType", + "description": "MCP server type" }, - "deployment": { - "anyOf": [ - { - "additionalProperties": { - "$ref": "#/components/schemas/ModuleDeploymentData" - }, - "propertyNames": { - "$ref": "#/components/schemas/ModuleEnum" - }, - "type": "object" - }, - { - "type": "null" - } - ], - "title": "Deployment" + "server_identifier": { + "type": "string", + "title": "Server Identifier", + "description": "Server identifier" }, - "policy": { - "anyOf": [ - { - "additionalProperties": { - "additionalProperties": { - "$ref": "#/components/schemas/PolicyTypeData" - }, - "propertyNames": { - "$ref": "#/components/schemas/PolicyTypeExternal" - }, - "type": "object" - }, - "propertyNames": { - "$ref": "#/components/schemas/RequestSource" - }, - "type": "object" - }, - { - "type": "null" - } - ], - "title": "Policy" + "mcps_server": { + "type": "string", + "title": "Mcps Server", + "description": "MCP server name" }, - "status": { + "users": { + "type": "integer", + "title": "Users", + "description": "Number of users" + }, + "capabilities": { + "items": { + "type": "string" + }, + "type": "array", + "title": "Capabilities", + "description": "Server capabilities" + }, + "top_tools": { + "items": { + "type": "string" + }, + "type": "array", + "title": "Top Tools", + "description": "Most used tools" + }, + "operations": { + "items": { + "$ref": "#/components/schemas/McpOperation" + }, + "type": "array", + "title": "Operations", + "description": "Operation types" + }, + "invocations": { + "type": "integer", + "title": "Invocations", + "description": "Total invocations" + }, + "last_used": { "anyOf": [ { - "additionalProperties": { - "$ref": "#/components/schemas/HealthStatus" - }, - "propertyNames": { - "$ref": "#/components/schemas/StatusComponent" - }, - "type": "object" + "type": "string", + "format": "date-time" }, { "type": "null" } ], - "title": "Status" + "title": "Last Used", + "description": "Last usage timestamp (ISO 8601)" }, - "environment": { - "anyOf": [ - { - "$ref": "#/components/schemas/EnvironmentData" - }, - { - "type": "null" - } - ] + "os": { + "items": { + "$ref": "#/components/schemas/McpServerOs" + }, + "type": "array", + "title": "Os", + "description": "Operating systems the server was seen on" + }, + "tools": { + "type": "integer", + "title": "Tools", + "description": "Total tools count" } }, "type": "object", "required": [ - "device" + "platform", + "server_type", + "server_identifier", + "mcps_server", + "users", + "invocations", + "tools" ], - "title": "Asset", - "description": "Complete asset with optional joined domains." + "title": "ActiveMcpServer" }, - "AssetsCountResponse": { + "ActiveMcpServersResponse": { "properties": { - "tenant_id": { - "type": "string", - "format": "uuid", - "title": "Tenant Id" - }, - "count": { - "type": "integer", - "title": "Count" + "servers": { + "items": { + "$ref": "#/components/schemas/ActiveMcpServer" + }, + "type": "array", + "title": "Servers" + } + }, + "type": "object", + "title": "ActiveMcpServersResponse" + }, + "AgentsInvocationsOvertimeResponse": { + "properties": { + "invocations": { + "items": { + "$ref": "#/components/schemas/InvocationPoint" + }, + "type": "array", + "title": "Invocations" + } + }, + "type": "object", + "title": "AgentsInvocationsOvertimeResponse" + }, + "AgentsOverviewResponse": { + "properties": { + "active_agents": { + "$ref": "#/components/schemas/TrendMetric" }, - "filters_applied": { - "type": "integer", - "title": "Filters Applied", - "description": "Number of filters that were applied" + "discovered_mcps": { + "$ref": "#/components/schemas/TrendMetric" } }, "type": "object", "required": [ - "tenant_id", - "count", - "filters_applied" + "active_agents", + "discovered_mcps" ], - "title": "AssetsCountResponse", - "description": "Response for count queries." + "title": "AgentsOverviewResponse" }, - "AssetsResponse": { + "AgentsToolUsageResponse": { "properties": { - "tenant_id": { - "type": "string", - "format": "uuid", - "title": "Tenant Id" - }, - "assets": { + "tools": { "items": { - "$ref": "#/components/schemas/Asset" + "$ref": "#/components/schemas/ToolUsage" }, "type": "array", - "title": "Assets" - }, - "limit": { - "type": "integer", - "title": "Limit" - }, - "offset": { - "type": "integer", - "title": "Offset" + "title": "Tools" } }, "type": "object", - "required": [ - "tenant_id", - "assets", - "limit", - "offset" + "title": "AgentsToolUsageResponse" + }, + "AgentsTopPlatformsResponse": { + "properties": { + "platforms": { + "items": { + "$ref": "#/components/schemas/TopPlatform" + }, + "type": "array", + "title": "Platforms" + } + }, + "type": "object", + "title": "AgentsTopPlatformsResponse" + }, + "AppType": { + "type": "string", + "enum": [ + "Web", + "Desktop" ], - "title": "AssetsResponse", - "description": "Response with assets and pagination metadata." + "title": "AppType", + "description": "Discovered-application type (from the ADX applications table).\n\nKnown values today. New values (e.g. a future \"Extension\") that aren't\nlisted here will cause the record to be skipped-with-warning rather than\ncrashing the response — extend this enum to surface them." }, - "Device": { + "ApplicationTrend": { "properties": { - "device_unique_id": { + "app_name": { "type": "string", - "format": "uuid", - "title": "Device Unique Id", - "description": "Unique device identifier" + "title": "App Name", + "description": "Application name" }, - "name": { - "type": "string", - "title": "Name", - "description": "Device name (unique per tenant)" + "sessions_current": { + "type": "integer", + "title": "Sessions Current", + "description": "Total sessions in the current period" }, - "device_sid": { - "type": "string", - "title": "Device Sid", - "description": "Device SID" + "absolute_change": { + "type": "integer", + "title": "Absolute Change", + "description": "Change in total sessions vs the previous equal-length period" }, - "created_at": { - "type": "string", - "format": "date-time", - "title": "Created At", - "description": "Created timestamp" + "relative_change_percent": { + "type": "number", + "title": "Relative Change Percent", + "description": "Change in total sessions vs the previous period, as a percentage" }, - "updated_at": { - "type": "string", - "format": "date-time", - "title": "Updated At", - "description": "Updated timestamp" + "trends": { + "items": { + "$ref": "#/components/schemas/SessionTrendPoint" + }, + "type": "array", + "title": "Trends", + "description": "Usage sparkline: per-bucket session counts over the period, oldest bucket first" } }, "type": "object", "required": [ - "device_unique_id", - "name", - "device_sid", - "created_at", - "updated_at" - ], - "title": "Device", - "description": "External-safe twin of GlobalDevice." - }, - "DeviceTypeEnum": { - "type": "string", - "enum": [ - "Laptop", - "Desktop", - "Workstation", - "unknown" + "app_name", + "sessions_current", + "absolute_change", + "relative_change_percent" ], - "title": "DeviceTypeEnum" + "title": "ApplicationTrend" }, - "EnvironmentData": { + "DiscoveredApplication": { "properties": { - "device_type": { - "anyOf": [ - { - "$ref": "#/components/schemas/DeviceTypeEnum" - }, - { - "type": "null" - } - ], - "description": "Device type (laptop, desktop, etc.)" + "app_name": { + "type": "string", + "title": "App Name", + "description": "Application name" }, - "os": { + "app_type": { + "$ref": "#/components/schemas/AppType", + "description": "Application type" + }, + "first_used": { "anyOf": [ { - "$ref": "#/components/schemas/OSEnum" + "type": "string", + "format": "date-time" }, { "type": "null" } ], - "description": "Operating system" + "title": "First Used", + "description": "First usage timestamp (ISO 8601)" }, - "os_version": { + "last_used": { "anyOf": [ { - "type": "string" + "type": "string", + "format": "date-time" }, { "type": "null" } ], - "title": "Os Version", - "description": "Operating system version" + "title": "Last Used", + "description": "Last usage timestamp (ISO 8601)" }, - "ip": { + "sessions": { + "type": "integer", + "title": "Sessions", + "description": "Total sessions" + }, + "sessions_with_risk": { + "type": "integer", + "title": "Sessions With Risk", + "description": "Sessions with risk detected" + }, + "users": { + "type": "integer", + "title": "Users", + "description": "Distinct users" + }, + "sensitive_contents": { + "type": "integer", + "title": "Sensitive Contents", + "description": "Sensitive content detections" + }, + "use_cases": { + "type": "integer", + "title": "Use Cases", + "description": "Distinct use cases" + }, + "app_id": { "anyOf": [ { - "type": "string" + "type": "integer" }, { "type": "null" } ], - "title": "Ip", - "description": "Device IP address (IPv4 or IPv6)" - } - }, - "type": "object", - "title": "EnvironmentData", - "description": "External-safe twin of EnvironmentData." - }, - "HealthStatus": { - "type": "string", - "enum": [ - "healthy", - "unhealthy" - ], - "title": "HealthStatus", - "description": "Component health derived from status code: healthy when code == 0, unhealthy otherwise." - }, - "ModuleDeploymentData": { - "properties": { - "version": { + "title": "App Id", + "description": "Catalog app ID" + }, + "managed": { "anyOf": [ { - "type": "string" + "type": "boolean" }, { "type": "null" } ], - "title": "Version", - "description": "Current version" + "title": "Managed", + "description": "Whether app is managed" } }, "type": "object", - "title": "ModuleDeploymentData", - "description": "External-safe twin of ModuleDeploymentData — exposes version only." - }, - "ModuleEnum": { - "type": "string", - "enum": [ - "chrome", - "firefox", - "edge", - "brave", - "comet", - "safari", - "surf", - "mcp", - "proxy", - "da" - ], - "title": "ModuleEnum" - }, - "OSEnum": { - "type": "string", - "enum": [ - "Windows", - "macOS", - "Linux" + "required": [ + "app_name", + "app_type", + "sessions", + "sessions_with_risk", + "users", + "sensitive_contents", + "use_cases" ], - "title": "OSEnum", - "description": "Operating system enumeration" + "title": "DiscoveredApplication" }, - "Ping": { + "DiscoveredApplicationsResponse": { "properties": { - "last_connected": { + "applications": { + "items": { + "$ref": "#/components/schemas/DiscoveredApplication" + }, + "type": "array", + "title": "Applications" + } + }, + "type": "object", + "title": "DiscoveredApplicationsResponse" + }, + "InactiveMcpServer": { + "properties": { + "platform": { "type": "string", - "format": "date-time", - "title": "Last Connected", - "description": "Last connection timestamp" + "title": "Platform", + "description": "Platform name" + }, + "mcps_server": { + "type": "string", + "title": "Mcps Server", + "description": "MCP server name" + }, + "server_type": { + "$ref": "#/components/schemas/McpServerType", + "description": "MCP server type" + }, + "server_identifier": { + "type": "string", + "title": "Server Identifier", + "description": "Server identifier" + }, + "users": { + "type": "integer", + "title": "Users", + "description": "Number of users" } }, "type": "object", "required": [ - "last_connected" + "platform", + "mcps_server", + "server_type", + "server_identifier", + "users" ], - "title": "Ping", - "description": "External-safe twin of PingData." + "title": "InactiveMcpServer" }, - "PolicyTypeData": { + "InactiveMcpServersResponse": { "properties": { - "rulebase_version": { + "servers": { + "items": { + "$ref": "#/components/schemas/InactiveMcpServer" + }, + "type": "array", + "title": "Servers" + } + }, + "type": "object", + "title": "InactiveMcpServersResponse" + }, + "InvocationPoint": { + "properties": { + "time": { + "anyOf": [ + { + "type": "string", + "format": "date-time" + }, + { + "type": "null" + } + ], + "title": "Time", + "description": "Time bucket (ISO 8601)" + }, + "invocations": { "type": "integer", - "title": "Rulebase Version", - "description": "Version of the rulebase" + "title": "Invocations", + "description": "Invocations in this bucket" } }, "type": "object", "required": [ - "rulebase_version" + "invocations" ], - "title": "PolicyTypeData", - "description": "Policy rulebase version for a given policy type." + "title": "InvocationPoint" }, - "PolicyTypeExternal": { + "McpOperation": { "type": "string", "enum": [ - "chats", - "access", - "agents", - "browse_securing" + "Create", + "Read", + "Update", + "Delete", + "Unknown" ], - "title": "PolicyTypeExternal", - "description": "External-facing policy types with consumer-friendly names." + "title": "McpOperation" }, - "RequestSource": { + "McpServerOs": { "type": "string", "enum": [ - "device", - "edge", - "chrome", - "firefox", - "brave", - "comet", - "safari", - "surf", - "na" + "Windows", + "macOS", + "Linux", + "ChromeOS" ], - "title": "RequestSource" + "title": "McpServerOs", + "description": "Operating system reported by MCP client telemetry.\n\nMirrors the telemetry source of truth ``asset.schemas.assets.OSEnum``.\nNamed ``McpServerOs`` (not ``OsType``) to avoid colliding with policy's\n``OSType`` enum in the combined OpenAPI spec — the Python SDK generator\nsnake-cases both to ``os_type`` and one clobbers the other.\nThere is no \"unknown\" member: unrecognized values are filtered out (and\nlogged) per element rather than failing the record — extend this enum to\nsurface a new OS." }, - "StatusComponent": { + "McpServerType": { "type": "string", "enum": [ - "proxy_health", - "mcp_health" - ], - "title": "StatusComponent", - "description": "External-facing subset of status components exposed to API consumers." + "node_server", + "python_server", + "claude_extensions", + "executable_server", + "unknown_server", + "docker_gateway", + "docker_runner", + "remote_server" + ], + "title": "McpServerType" }, - "User": { + "PlatformInvocations": { "properties": { - "user_unique_id": { - "type": "string", - "format": "uuid", - "title": "User Unique Id", - "description": "Unique user identifier" - }, - "name": { - "type": "string", - "title": "Name", - "description": "User name" - }, - "display_name": { - "type": "string", - "title": "Display Name", - "description": "Display name" - }, - "samname": { - "type": "string", - "title": "Samname", - "description": "SAM account name (unique per tenant)" - }, - "created_at": { + "platform": { "type": "string", - "format": "date-time", - "title": "Created At", - "description": "Created timestamp" + "title": "Platform", + "description": "Platform name" }, - "updated_at": { - "type": "string", - "format": "date-time", - "title": "Updated At", - "description": "Updated timestamp" + "invocations": { + "type": "integer", + "title": "Invocations", + "description": "Invocation count" } }, "type": "object", "required": [ - "user_unique_id", - "name", - "display_name", - "samname", - "created_at", - "updated_at" + "platform", + "invocations" ], - "title": "User", - "description": "External-safe twin of GlobalUser." + "title": "PlatformInvocations" }, - "UserItem": { + "SessionTrendPoint": { "properties": { - "user_unique_id": { - "type": "string", - "format": "uuid", - "title": "User Unique Id", - "description": "Unique user identifier" - }, - "name": { - "type": "string", - "title": "Name", - "description": "User name (CN path)" - }, - "display_name": { - "type": "string", - "title": "Display Name", - "description": "Display name" + "time_bucket": { + "anyOf": [ + { + "type": "string", + "format": "date-time" + }, + { + "type": "null" + } + ], + "title": "Time Bucket", + "description": "Start of the time bucket (ISO 8601). Bucket width is derived from the query range (e.g. weekly)." }, - "samname": { - "type": "string", - "title": "Samname", - "description": "SAM account name" + "sessions": { + "type": "integer", + "title": "Sessions", + "description": "Number of sessions for the application in this bucket" } }, "type": "object", "required": [ - "user_unique_id", - "name", - "display_name", - "samname" + "sessions" ], - "title": "UserItem", - "description": "External-safe user item." + "title": "SessionTrendPoint", + "description": "One bucket of an application's usage sparkline." }, - "UsersResponse": { + "ToolUsage": { "properties": { - "tenant_id": { - "type": "string", - "format": "uuid", - "title": "Tenant Id" + "operation": { + "$ref": "#/components/schemas/McpOperation", + "description": "Operation type" }, - "users": { + "current_invocations": { + "type": "integer", + "title": "Current Invocations", + "description": "Current period invocations" + }, + "platforms": { + "type": "integer", + "title": "Platforms", + "description": "Number of platforms" + }, + "platforms_stats": { "items": { - "$ref": "#/components/schemas/UserItem" + "$ref": "#/components/schemas/PlatformInvocations" }, "type": "array", - "title": "Users" - }, - "limit": { - "type": "integer", - "title": "Limit" + "title": "Platforms Stats", + "description": "Per-platform stats" }, - "offset": { - "type": "integer", - "title": "Offset" + "trend": { + "$ref": "#/components/schemas/ToolUsageTrend" } }, "type": "object", "required": [ - "tenant_id", - "users", - "limit", - "offset" + "operation", + "current_invocations", + "platforms", + "trend" ], - "title": "UsersResponse", - "description": "Response with users and pagination metadata." + "title": "ToolUsage" }, - "AppResult": { + "ToolUsageTrend": { "properties": { - "app_id": { + "absolute_change": { "type": "integer", - "title": "App Id", - "description": "Unique app identifier" - }, - "name": { - "type": "string", - "title": "Name", - "description": "App name" - }, - "description": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "null" - } - ], - "title": "Description", - "description": "App description" + "title": "Absolute Change", + "description": "Absolute change from previous period" }, - "page_url": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "null" - } - ], - "title": "Page Url", - "description": "App page URL" + "relative_change_percent": { + "type": "number", + "title": "Relative Change Percent", + "description": "Relative change percentage" } }, "type": "object", "required": [ - "app_id", - "name" + "absolute_change", + "relative_change_percent" ], - "title": "AppResult", - "description": "A single app result with minimal fields." + "title": "ToolUsageTrend" }, - "AppSearchResponse": { + "TopDiscoveredApplicationsResponse": { "properties": { - "results": { + "top_applications": { "items": { - "$ref": "#/components/schemas/AppResult" + "$ref": "#/components/schemas/ApplicationTrend" }, "type": "array", - "title": "Results", - "description": "Matching apps (max 10)" + "title": "Top Applications" } }, "type": "object", - "title": "AppSearchResponse", - "description": "Response with matching apps (max 10)." + "title": "TopDiscoveredApplicationsResponse" }, - "AppsByIdsResponse": { + "TopPlatform": { "properties": { - "results": { - "items": { - "$ref": "#/components/schemas/AppResult" - }, - "type": "array", - "title": "Results", - "description": "Matching apps" + "platform": { + "type": "string", + "title": "Platform", + "description": "Platform name" + }, + "invocations": { + "type": "integer", + "title": "Invocations", + "description": "Total invocations" } }, "type": "object", - "title": "AppsByIdsResponse", - "description": "Response with apps by IDs." + "required": [ + "platform", + "invocations" + ], + "title": "TopPlatform" }, - "SearchBy": { - "type": "string", - "enum": [ - "name", - "name_and_description", - "url" + "TrendMetric": { + "properties": { + "value": { + "type": "integer", + "title": "Value", + "description": "Current value" + }, + "absolute_change": { + "type": "integer", + "title": "Absolute Change", + "description": "Absolute change from previous period" + }, + "relative_change_percent": { + "type": "number", + "title": "Relative Change Percent", + "description": "Relative change percentage" + } + }, + "type": "object", + "required": [ + "value", + "absolute_change", + "relative_change_percent" ], - "title": "SearchBy" + "title": "TrendMetric" } }, "securitySchemes": { diff --git a/src/tools/tools.g.ts b/src/tools/tools.g.ts index d350e97..49bda53 100644 --- a/src/tools/tools.g.ts +++ b/src/tools/tools.g.ts @@ -281,24 +281,23 @@ export const toolDefinitionMap: Map = new Map([ }, "policy": { "properties": { - "event_type": { - "anyOf": [ - { - "type": "string", - "enum": [ - "file_upload", - "file_download", - "paste", - "prompt", - "copy" - ], - "title": "DLPEventType" - }, - { - "type": "null" - } - ], - "description": "Type of event to apply DLP policy on" + "event_types": { + "items": { + "type": "string", + "enum": [ + "any", + "file_upload", + "file_download", + "paste", + "prompt", + "copy" + ], + "title": "DLPEventType" + }, + "type": "array", + "minItems": 1, + "title": "Event Types", + "description": "Event types this rule applies to. Use [any] (or omit) to match every event; combine specific values (e.g. [file_upload, paste]). 'any' may NOT be combined with specific values. The legacy singular 'event_type' is still accepted as input for backward compatibility." }, "services_and_application": { "anyOf": [ @@ -362,6 +361,61 @@ export const toolDefinitionMap: Map = new Map([ "title": "Url", "description": "List of URLs" }, + "address_range": { + "properties": { + "ip_ranges": { + "items": { + "properties": { + "start_ip": { + "type": "string", + "format": "ipv4", + "title": "Start Ip", + "description": "First IPv4 address of the range (inclusive)" + }, + "end_ip": { + "type": "string", + "format": "ipv4", + "title": "End Ip", + "description": "Last IPv4 address of the range (inclusive)" + } + }, + "type": "object", + "required": [ + "start_ip", + "end_ip" + ], + "title": "IPRangeItem" + }, + "type": "array", + "maxItems": 200, + "title": "Ip Ranges", + "description": "List of IPv4 ranges" + }, + "cidrs": { + "items": { + "properties": { + "cidr": { + "type": "string", + "format": "cidr", + "title": "Cidr", + "description": "IPv4 CIDR block (e.g. '10.0.0.0/24')" + } + }, + "type": "object", + "required": [ + "cidr" + ], + "title": "CIDRItem" + }, + "type": "array", + "maxItems": 200, + "title": "Cidrs", + "description": "List of IPv4 CIDR blocks" + } + }, + "type": "object", + "title": "AddressRange" + }, "genai_application": { "items": { "properties": { @@ -420,6 +474,44 @@ export const toolDefinitionMap: Map = new Map([ "title": "Genai Application", "description": "List of GenAI applications" }, + "web_application": { + "items": { + "properties": { + "id": { + "type": "integer", + "exclusiveMinimum": 0, + "title": "Id", + "description": "Web application ID" + }, + "mode": { + "anyOf": [ + { + "type": "string", + "enum": [ + "selected", + "all" + ], + "title": "SelectionMode", + "description": "Selection mode enumeration." + }, + { + "type": "null" + } + ], + "description": "Selection mode: 'all' or 'selected'", + "default": "all" + } + }, + "type": "object", + "required": [ + "id" + ], + "title": "WebApp" + }, + "type": "array", + "title": "Web Application", + "description": "List of web applications" + }, "category": { "items": { "properties": { @@ -700,7 +792,7 @@ export const toolDefinitionMap: Map = new Map([ executionParameters: [], requestBodyContentType: 'application/json', securityRequirements: [{"HTTPBearer":[]}], - zodValidationSchema: z.object({ "requestBody": z.object({ "name": z.string().describe("Human-readable rule name"), "description": z.string().describe("Explanation of the rule's purpose").default(""), "order": z.number().int().describe("Position in the rulebase; lower values are evaluated first and take precedence"), "policy": z.object({ "event_type": z.union([z.enum(["file_upload","file_download","paste","prompt","copy"]), z.null()]).describe("Type of event to apply DLP policy on").optional(), "services_and_application": z.union([z.object({ "domain": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of domains").optional(), "url": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of URLs").optional(), "genai_application": z.array(z.object({ "id": z.number().int().gt(0).describe("GenAI application ID"), "mode": z.union([z.enum(["all","selected_account"]).describe("Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."), z.null()]).describe("Account selection mode: 'all' or 'selected_account'").default("all"), "accounts": z.array(z.object({ "account_id": z.string().describe("Account identifier") }).describe("External-safe twin of Account.")).describe("List of selected accounts (used when mode='selected_account')").optional() })).describe("List of GenAI applications").optional(), "category": z.array(z.object({ "category_id": z.union([z.literal(1), z.literal(3), z.literal(5), z.literal(7), z.literal(11), z.literal(12), z.literal(15), z.literal(32), z.literal(21), z.literal(24), z.literal(25), z.literal(0), z.literal(34), z.literal(35), z.literal(37), z.literal(39), z.literal(41), z.literal(42), z.literal(45), z.literal(47), z.literal(49), z.literal(51), z.literal(53), z.literal(54), z.literal(58), z.literal(59), z.literal(60), z.literal(68), z.literal(69), z.literal(71), z.literal(72), z.literal(74), z.literal(75), z.literal(76), z.literal(51000001), z.literal(51000002), z.literal(52000130), z.literal(50000032), z.literal(52000132), z.literal(60517663), z.literal(60530541), z.literal(60530542), z.literal(60530648), z.literal(31), z.literal(55), z.literal(65), z.literal(66), z.literal(67), z.literal(77), z.literal(51000003), z.literal(51000004), z.literal(51000005), z.literal(52000038), z.literal(60530540), z.literal(9), z.literal(13), z.literal(14), z.literal(17), z.literal(18), z.literal(26), z.literal(33), z.literal(56), z.literal(61), z.literal(62), z.literal(70), z.literal(73), z.literal(78), z.literal(30), z.literal(52000047), z.literal(52000058), z.literal(52000069), z.literal(50000086), z.literal(23), z.literal(52000136), z.literal(52000046), z.literal(52000051), z.literal(60531762)]).describe("URLF Category enumeration with display names as keys and category IDs as values.") })).describe("List of URLF categories").optional(), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Whether to apply to all services and applications or to only selected ones").optional() }), z.null()]).describe("Services and application configuration").optional(), "data_types": z.union([z.array(z.object({ "id": z.string().uuid().describe("UUID of the data type").default(""), "name": z.string().describe("Display name of the data type").default(""), "type": z.enum(["PRE_DEFINED","CUSTOM"]).optional(), "matchingLevel": z.union([z.number().int(), z.null()]).describe("Matching level for the data type").optional() })), z.null()]).describe("DLP Data types").optional(), "action": z.union([z.enum(["prevent","ask","redact","detect","allow","block"]), z.null()]).describe("Action to take when DLP rule is triggered").optional(), "logging": z.union([z.enum(["enabled","disabled"]).describe("Logging status enumeration."), z.null()]).describe("Whether logging is enabled").optional() }), "source": z.array(z.object({ "assignment_id": z.string().uuid().describe("ID of the user or group. Ignored when assignment_type is ENTIRE_ORG (auto-set to 00000000-0000-0000-0000-000000000000)."), "display_name": z.string().describe("Human-readable name of the user or group"), "assignment_type": z.enum(["ASSIGNMENT_TYPE_USER","ASSIGNMENT_TYPE_GROUP","ASSIGNMENT_TYPE_ENTIRE_ORG"]) }).describe("External-safe twin of Assignment.")).describe("Users or groups this rule applies to; empty means all users").optional() }).describe("Create a new Chats rule.\n\nChats rules control data-loss-prevention for AI chat interactions:\nprompt/response inspection, sensitive-data detection, and file transfer policies.") }), + zodValidationSchema: z.object({ "requestBody": z.object({ "name": z.string().describe("Human-readable rule name"), "description": z.string().describe("Explanation of the rule's purpose").default(""), "order": z.number().int().describe("Position in the rulebase; lower values are evaluated first and take precedence"), "policy": z.object({ "event_types": z.array(z.enum(["any","file_upload","file_download","paste","prompt","copy"])).min(1).describe("Event types this rule applies to. Use [any] (or omit) to match every event; combine specific values (e.g. [file_upload, paste]). 'any' may NOT be combined with specific values. The legacy singular 'event_type' is still accepted as input for backward compatibility.").optional(), "services_and_application": z.union([z.object({ "domain": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of domains").optional(), "url": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of URLs").optional(), "address_range": z.object({ "ip_ranges": z.array(z.object({ "start_ip": z.string().ip({ version: "v4" }).describe("First IPv4 address of the range (inclusive)"), "end_ip": z.string().ip({ version: "v4" }).describe("Last IPv4 address of the range (inclusive)") })).max(200).describe("List of IPv4 ranges").optional(), "cidrs": z.array(z.object({ "cidr": z.string().describe("IPv4 CIDR block (e.g. '10.0.0.0/24')") })).max(200).describe("List of IPv4 CIDR blocks").optional() }).optional(), "genai_application": z.array(z.object({ "id": z.number().int().gt(0).describe("GenAI application ID"), "mode": z.union([z.enum(["all","selected_account"]).describe("Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."), z.null()]).describe("Account selection mode: 'all' or 'selected_account'").default("all"), "accounts": z.array(z.object({ "account_id": z.string().describe("Account identifier") }).describe("External-safe twin of Account.")).describe("List of selected accounts (used when mode='selected_account')").optional() })).describe("List of GenAI applications").optional(), "web_application": z.array(z.object({ "id": z.number().int().gt(0).describe("Web application ID"), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Selection mode: 'all' or 'selected'").default("all") })).describe("List of web applications").optional(), "category": z.array(z.object({ "category_id": z.union([z.literal(1), z.literal(3), z.literal(5), z.literal(7), z.literal(11), z.literal(12), z.literal(15), z.literal(32), z.literal(21), z.literal(24), z.literal(25), z.literal(0), z.literal(34), z.literal(35), z.literal(37), z.literal(39), z.literal(41), z.literal(42), z.literal(45), z.literal(47), z.literal(49), z.literal(51), z.literal(53), z.literal(54), z.literal(58), z.literal(59), z.literal(60), z.literal(68), z.literal(69), z.literal(71), z.literal(72), z.literal(74), z.literal(75), z.literal(76), z.literal(51000001), z.literal(51000002), z.literal(52000130), z.literal(50000032), z.literal(52000132), z.literal(60517663), z.literal(60530541), z.literal(60530542), z.literal(60530648), z.literal(31), z.literal(55), z.literal(65), z.literal(66), z.literal(67), z.literal(77), z.literal(51000003), z.literal(51000004), z.literal(51000005), z.literal(52000038), z.literal(60530540), z.literal(9), z.literal(13), z.literal(14), z.literal(17), z.literal(18), z.literal(26), z.literal(33), z.literal(56), z.literal(61), z.literal(62), z.literal(70), z.literal(73), z.literal(78), z.literal(30), z.literal(52000047), z.literal(52000058), z.literal(52000069), z.literal(50000086), z.literal(23), z.literal(52000136), z.literal(52000046), z.literal(52000051), z.literal(60531762)]).describe("URLF Category enumeration with display names as keys and category IDs as values.") })).describe("List of URLF categories").optional(), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Whether to apply to all services and applications or to only selected ones").optional() }), z.null()]).describe("Services and application configuration").optional(), "data_types": z.union([z.array(z.object({ "id": z.string().uuid().describe("UUID of the data type").default(""), "name": z.string().describe("Display name of the data type").default(""), "type": z.enum(["PRE_DEFINED","CUSTOM"]).optional(), "matchingLevel": z.union([z.number().int(), z.null()]).describe("Matching level for the data type").optional() })), z.null()]).describe("DLP Data types").optional(), "action": z.union([z.enum(["prevent","ask","redact","detect","allow","block"]), z.null()]).describe("Action to take when DLP rule is triggered").optional(), "logging": z.union([z.enum(["enabled","disabled"]).describe("Logging status enumeration."), z.null()]).describe("Whether logging is enabled").optional() }), "source": z.array(z.object({ "assignment_id": z.string().uuid().describe("ID of the user or group. Ignored when assignment_type is ENTIRE_ORG (auto-set to 00000000-0000-0000-0000-000000000000)."), "display_name": z.string().describe("Human-readable name of the user or group"), "assignment_type": z.enum(["ASSIGNMENT_TYPE_USER","ASSIGNMENT_TYPE_GROUP","ASSIGNMENT_TYPE_ENTIRE_ORG"]) }).describe("External-safe twin of Assignment.")).describe("Users or groups this rule applies to; empty means all users").optional() }).describe("Create a new Chats rule.\n\nChats rules control data-loss-prevention for AI chat interactions:\nprompt/response inspection, sensitive-data detection, and file transfer policies.") }), }, ], @@ -794,6 +886,61 @@ export const toolDefinitionMap: Map = new Map([ "title": "Url", "description": "List of URLs" }, + "address_range": { + "properties": { + "ip_ranges": { + "items": { + "properties": { + "start_ip": { + "type": "string", + "format": "ipv4", + "title": "Start Ip", + "description": "First IPv4 address of the range (inclusive)" + }, + "end_ip": { + "type": "string", + "format": "ipv4", + "title": "End Ip", + "description": "Last IPv4 address of the range (inclusive)" + } + }, + "type": "object", + "required": [ + "start_ip", + "end_ip" + ], + "title": "IPRangeItem" + }, + "type": "array", + "maxItems": 200, + "title": "Ip Ranges", + "description": "List of IPv4 ranges" + }, + "cidrs": { + "items": { + "properties": { + "cidr": { + "type": "string", + "format": "cidr", + "title": "Cidr", + "description": "IPv4 CIDR block (e.g. '10.0.0.0/24')" + } + }, + "type": "object", + "required": [ + "cidr" + ], + "title": "CIDRItem" + }, + "type": "array", + "maxItems": 200, + "title": "Cidrs", + "description": "List of IPv4 CIDR blocks" + } + }, + "type": "object", + "title": "AddressRange" + }, "genai_application": { "items": { "properties": { @@ -852,6 +999,44 @@ export const toolDefinitionMap: Map = new Map([ "title": "Genai Application", "description": "List of GenAI applications" }, + "web_application": { + "items": { + "properties": { + "id": { + "type": "integer", + "exclusiveMinimum": 0, + "title": "Id", + "description": "Web application ID" + }, + "mode": { + "anyOf": [ + { + "type": "string", + "enum": [ + "selected", + "all" + ], + "title": "SelectionMode", + "description": "Selection mode enumeration." + }, + { + "type": "null" + } + ], + "description": "Selection mode: 'all' or 'selected'", + "default": "all" + } + }, + "type": "object", + "required": [ + "id" + ], + "title": "WebApp" + }, + "type": "array", + "title": "Web Application", + "description": "List of web applications" + }, "category": { "items": { "properties": { @@ -1113,7 +1298,7 @@ export const toolDefinitionMap: Map = new Map([ executionParameters: [], requestBodyContentType: 'application/json', securityRequirements: [{"HTTPBearer":[]}], - zodValidationSchema: z.object({ "requestBody": z.object({ "name": z.string().describe("Human-readable rule name"), "description": z.string().describe("Explanation of the rule's purpose").default(""), "order": z.number().int().describe("Position in the rulebase; lower values are evaluated first and take precedence"), "policy": z.object({ "services_and_application": z.union([z.object({ "domain": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of domains").optional(), "url": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of URLs").optional(), "genai_application": z.array(z.object({ "id": z.number().int().gt(0).describe("GenAI application ID"), "mode": z.union([z.enum(["all","selected_account"]).describe("Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."), z.null()]).describe("Account selection mode: 'all' or 'selected_account'").default("all"), "accounts": z.array(z.object({ "account_id": z.string().describe("Account identifier") }).describe("External-safe twin of Account.")).describe("List of selected accounts (used when mode='selected_account')").optional() })).describe("List of GenAI applications").optional(), "category": z.array(z.object({ "category_id": z.union([z.literal(1), z.literal(3), z.literal(5), z.literal(7), z.literal(11), z.literal(12), z.literal(15), z.literal(32), z.literal(21), z.literal(24), z.literal(25), z.literal(0), z.literal(34), z.literal(35), z.literal(37), z.literal(39), z.literal(41), z.literal(42), z.literal(45), z.literal(47), z.literal(49), z.literal(51), z.literal(53), z.literal(54), z.literal(58), z.literal(59), z.literal(60), z.literal(68), z.literal(69), z.literal(71), z.literal(72), z.literal(74), z.literal(75), z.literal(76), z.literal(51000001), z.literal(51000002), z.literal(52000130), z.literal(50000032), z.literal(52000132), z.literal(60517663), z.literal(60530541), z.literal(60530542), z.literal(60530648), z.literal(31), z.literal(55), z.literal(65), z.literal(66), z.literal(67), z.literal(77), z.literal(51000003), z.literal(51000004), z.literal(51000005), z.literal(52000038), z.literal(60530540), z.literal(9), z.literal(13), z.literal(14), z.literal(17), z.literal(18), z.literal(26), z.literal(33), z.literal(56), z.literal(61), z.literal(62), z.literal(70), z.literal(73), z.literal(78), z.literal(30), z.literal(52000047), z.literal(52000058), z.literal(52000069), z.literal(50000086), z.literal(23), z.literal(52000136), z.literal(52000046), z.literal(52000051), z.literal(60531762)]).describe("URLF Category enumeration with display names as keys and category IDs as values.") })).describe("List of URLF categories").optional(), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Whether to apply to all services and applications or to only selected ones").optional() }), z.null()]).describe("Services and application configuration").optional(), "action": z.union([z.enum(["block","allow","ask"]), z.null()]).describe("Action to take for access control").optional(), "logging": z.union([z.enum(["enabled","disabled"]).describe("Logging status enumeration."), z.null()]).describe("Whether logging is enabled").optional(), "download_file_protection": z.union([z.enum(["na","Block","Allow","EmulateInBackground","WaitForEmulation","Detect","Extract"]), z.null()]).describe("File download protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules.").optional(), "upload_file_protection": z.union([z.enum(["na","Block","Allow","EmulateInBackground","WaitForEmulation","Detect"]), z.null()]).describe("File upload protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules.").optional() }), "source": z.array(z.object({ "assignment_id": z.string().uuid().describe("ID of the user or group. Ignored when assignment_type is ENTIRE_ORG (auto-set to 00000000-0000-0000-0000-000000000000)."), "display_name": z.string().describe("Human-readable name of the user or group"), "assignment_type": z.enum(["ASSIGNMENT_TYPE_USER","ASSIGNMENT_TYPE_GROUP","ASSIGNMENT_TYPE_ENTIRE_ORG"]) }).describe("External-safe twin of Assignment.")).describe("Users or groups this rule applies to; empty means all users").optional() }).describe("Create a new Access rule.\n\nAccess rules control which AI services and applications users are allowed\nto interact with, including allow/block decisions per service.") }), + zodValidationSchema: z.object({ "requestBody": z.object({ "name": z.string().describe("Human-readable rule name"), "description": z.string().describe("Explanation of the rule's purpose").default(""), "order": z.number().int().describe("Position in the rulebase; lower values are evaluated first and take precedence"), "policy": z.object({ "services_and_application": z.union([z.object({ "domain": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of domains").optional(), "url": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of URLs").optional(), "address_range": z.object({ "ip_ranges": z.array(z.object({ "start_ip": z.string().ip({ version: "v4" }).describe("First IPv4 address of the range (inclusive)"), "end_ip": z.string().ip({ version: "v4" }).describe("Last IPv4 address of the range (inclusive)") })).max(200).describe("List of IPv4 ranges").optional(), "cidrs": z.array(z.object({ "cidr": z.string().describe("IPv4 CIDR block (e.g. '10.0.0.0/24')") })).max(200).describe("List of IPv4 CIDR blocks").optional() }).optional(), "genai_application": z.array(z.object({ "id": z.number().int().gt(0).describe("GenAI application ID"), "mode": z.union([z.enum(["all","selected_account"]).describe("Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."), z.null()]).describe("Account selection mode: 'all' or 'selected_account'").default("all"), "accounts": z.array(z.object({ "account_id": z.string().describe("Account identifier") }).describe("External-safe twin of Account.")).describe("List of selected accounts (used when mode='selected_account')").optional() })).describe("List of GenAI applications").optional(), "web_application": z.array(z.object({ "id": z.number().int().gt(0).describe("Web application ID"), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Selection mode: 'all' or 'selected'").default("all") })).describe("List of web applications").optional(), "category": z.array(z.object({ "category_id": z.union([z.literal(1), z.literal(3), z.literal(5), z.literal(7), z.literal(11), z.literal(12), z.literal(15), z.literal(32), z.literal(21), z.literal(24), z.literal(25), z.literal(0), z.literal(34), z.literal(35), z.literal(37), z.literal(39), z.literal(41), z.literal(42), z.literal(45), z.literal(47), z.literal(49), z.literal(51), z.literal(53), z.literal(54), z.literal(58), z.literal(59), z.literal(60), z.literal(68), z.literal(69), z.literal(71), z.literal(72), z.literal(74), z.literal(75), z.literal(76), z.literal(51000001), z.literal(51000002), z.literal(52000130), z.literal(50000032), z.literal(52000132), z.literal(60517663), z.literal(60530541), z.literal(60530542), z.literal(60530648), z.literal(31), z.literal(55), z.literal(65), z.literal(66), z.literal(67), z.literal(77), z.literal(51000003), z.literal(51000004), z.literal(51000005), z.literal(52000038), z.literal(60530540), z.literal(9), z.literal(13), z.literal(14), z.literal(17), z.literal(18), z.literal(26), z.literal(33), z.literal(56), z.literal(61), z.literal(62), z.literal(70), z.literal(73), z.literal(78), z.literal(30), z.literal(52000047), z.literal(52000058), z.literal(52000069), z.literal(50000086), z.literal(23), z.literal(52000136), z.literal(52000046), z.literal(52000051), z.literal(60531762)]).describe("URLF Category enumeration with display names as keys and category IDs as values.") })).describe("List of URLF categories").optional(), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Whether to apply to all services and applications or to only selected ones").optional() }), z.null()]).describe("Services and application configuration").optional(), "action": z.union([z.enum(["block","allow","ask"]), z.null()]).describe("Action to take for access control").optional(), "logging": z.union([z.enum(["enabled","disabled"]).describe("Logging status enumeration."), z.null()]).describe("Whether logging is enabled").optional(), "download_file_protection": z.union([z.enum(["na","Block","Allow","EmulateInBackground","WaitForEmulation","Detect","Extract"]), z.null()]).describe("File download protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules.").optional(), "upload_file_protection": z.union([z.enum(["na","Block","Allow","EmulateInBackground","WaitForEmulation","Detect"]), z.null()]).describe("File upload protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules.").optional() }), "source": z.array(z.object({ "assignment_id": z.string().uuid().describe("ID of the user or group. Ignored when assignment_type is ENTIRE_ORG (auto-set to 00000000-0000-0000-0000-000000000000)."), "display_name": z.string().describe("Human-readable name of the user or group"), "assignment_type": z.enum(["ASSIGNMENT_TYPE_USER","ASSIGNMENT_TYPE_GROUP","ASSIGNMENT_TYPE_ENTIRE_ORG"]) }).describe("External-safe twin of Assignment.")).describe("Users or groups this rule applies to; empty means all users").optional() }).describe("Create a new Access rule.\n\nAccess rules control which AI services and applications users are allowed\nto interact with, including allow/block decisions per service.") }), }, ], @@ -2172,24 +2357,23 @@ export const toolDefinitionMap: Map = new Map([ }, "policy": { "properties": { - "event_type": { - "anyOf": [ - { - "type": "string", - "enum": [ - "file_upload", - "file_download", - "paste", - "prompt", - "copy" - ], - "title": "DLPEventType" - }, - { - "type": "null" - } - ], - "description": "Type of event to apply DLP policy on" + "event_types": { + "items": { + "type": "string", + "enum": [ + "any", + "file_upload", + "file_download", + "paste", + "prompt", + "copy" + ], + "title": "DLPEventType" + }, + "type": "array", + "minItems": 1, + "title": "Event Types", + "description": "Event types this rule applies to. Use [any] (or omit) to match every event; combine specific values (e.g. [file_upload, paste]). 'any' may NOT be combined with specific values. The legacy singular 'event_type' is still accepted as input for backward compatibility." }, "services_and_application": { "anyOf": [ @@ -2253,6 +2437,61 @@ export const toolDefinitionMap: Map = new Map([ "title": "Url", "description": "List of URLs" }, + "address_range": { + "properties": { + "ip_ranges": { + "items": { + "properties": { + "start_ip": { + "type": "string", + "format": "ipv4", + "title": "Start Ip", + "description": "First IPv4 address of the range (inclusive)" + }, + "end_ip": { + "type": "string", + "format": "ipv4", + "title": "End Ip", + "description": "Last IPv4 address of the range (inclusive)" + } + }, + "type": "object", + "required": [ + "start_ip", + "end_ip" + ], + "title": "IPRangeItem" + }, + "type": "array", + "maxItems": 200, + "title": "Ip Ranges", + "description": "List of IPv4 ranges" + }, + "cidrs": { + "items": { + "properties": { + "cidr": { + "type": "string", + "format": "cidr", + "title": "Cidr", + "description": "IPv4 CIDR block (e.g. '10.0.0.0/24')" + } + }, + "type": "object", + "required": [ + "cidr" + ], + "title": "CIDRItem" + }, + "type": "array", + "maxItems": 200, + "title": "Cidrs", + "description": "List of IPv4 CIDR blocks" + } + }, + "type": "object", + "title": "AddressRange" + }, "genai_application": { "items": { "properties": { @@ -2311,6 +2550,44 @@ export const toolDefinitionMap: Map = new Map([ "title": "Genai Application", "description": "List of GenAI applications" }, + "web_application": { + "items": { + "properties": { + "id": { + "type": "integer", + "exclusiveMinimum": 0, + "title": "Id", + "description": "Web application ID" + }, + "mode": { + "anyOf": [ + { + "type": "string", + "enum": [ + "selected", + "all" + ], + "title": "SelectionMode", + "description": "Selection mode enumeration." + }, + { + "type": "null" + } + ], + "description": "Selection mode: 'all' or 'selected'", + "default": "all" + } + }, + "type": "object", + "required": [ + "id" + ], + "title": "WebApp" + }, + "type": "array", + "title": "Web Application", + "description": "List of web applications" + }, "category": { "items": { "properties": { @@ -2591,7 +2868,7 @@ export const toolDefinitionMap: Map = new Map([ executionParameters: [], requestBodyContentType: 'application/json', securityRequirements: [{"HTTPBearer":[]}], - zodValidationSchema: z.object({ "requestBody": z.object({ "name": z.string().describe("Human-readable rule name"), "description": z.string().describe("Explanation of the rule's purpose").default(""), "order": z.number().int().describe("Position in the rulebase; lower values are evaluated first and take precedence"), "policy": z.object({ "event_type": z.union([z.enum(["file_upload","file_download","paste","prompt","copy"]), z.null()]).describe("Type of event to apply DLP policy on").optional(), "services_and_application": z.union([z.object({ "domain": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of domains").optional(), "url": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of URLs").optional(), "genai_application": z.array(z.object({ "id": z.number().int().gt(0).describe("GenAI application ID"), "mode": z.union([z.enum(["all","selected_account"]).describe("Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."), z.null()]).describe("Account selection mode: 'all' or 'selected_account'").default("all"), "accounts": z.array(z.object({ "account_id": z.string().describe("Account identifier") }).describe("External-safe twin of Account.")).describe("List of selected accounts (used when mode='selected_account')").optional() })).describe("List of GenAI applications").optional(), "category": z.array(z.object({ "category_id": z.union([z.literal(1), z.literal(3), z.literal(5), z.literal(7), z.literal(11), z.literal(12), z.literal(15), z.literal(32), z.literal(21), z.literal(24), z.literal(25), z.literal(0), z.literal(34), z.literal(35), z.literal(37), z.literal(39), z.literal(41), z.literal(42), z.literal(45), z.literal(47), z.literal(49), z.literal(51), z.literal(53), z.literal(54), z.literal(58), z.literal(59), z.literal(60), z.literal(68), z.literal(69), z.literal(71), z.literal(72), z.literal(74), z.literal(75), z.literal(76), z.literal(51000001), z.literal(51000002), z.literal(52000130), z.literal(50000032), z.literal(52000132), z.literal(60517663), z.literal(60530541), z.literal(60530542), z.literal(60530648), z.literal(31), z.literal(55), z.literal(65), z.literal(66), z.literal(67), z.literal(77), z.literal(51000003), z.literal(51000004), z.literal(51000005), z.literal(52000038), z.literal(60530540), z.literal(9), z.literal(13), z.literal(14), z.literal(17), z.literal(18), z.literal(26), z.literal(33), z.literal(56), z.literal(61), z.literal(62), z.literal(70), z.literal(73), z.literal(78), z.literal(30), z.literal(52000047), z.literal(52000058), z.literal(52000069), z.literal(50000086), z.literal(23), z.literal(52000136), z.literal(52000046), z.literal(52000051), z.literal(60531762)]).describe("URLF Category enumeration with display names as keys and category IDs as values.") })).describe("List of URLF categories").optional(), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Whether to apply to all services and applications or to only selected ones").optional() }), z.null()]).describe("Services and application configuration").optional(), "data_types": z.union([z.array(z.object({ "id": z.string().uuid().describe("UUID of the data type").default(""), "name": z.string().describe("Display name of the data type").default(""), "type": z.enum(["PRE_DEFINED","CUSTOM"]).optional(), "matchingLevel": z.union([z.number().int(), z.null()]).describe("Matching level for the data type").optional() })), z.null()]).describe("DLP Data types").optional(), "action": z.union([z.enum(["prevent","ask","redact","detect","allow","block"]), z.null()]).describe("Action to take when DLP rule is triggered").optional(), "logging": z.union([z.enum(["enabled","disabled"]).describe("Logging status enumeration."), z.null()]).describe("Whether logging is enabled").optional() }), "source": z.array(z.object({ "assignment_id": z.string().uuid().describe("ID of the user or group. Ignored when assignment_type is ENTIRE_ORG (auto-set to 00000000-0000-0000-0000-000000000000)."), "display_name": z.string().describe("Human-readable name of the user or group"), "assignment_type": z.enum(["ASSIGNMENT_TYPE_USER","ASSIGNMENT_TYPE_GROUP","ASSIGNMENT_TYPE_ENTIRE_ORG"]) }).describe("External-safe twin of Assignment.")).describe("Users or groups this rule applies to; empty means all users").optional() }).describe("Create a new Chats rule.\n\nChats rules control data-loss-prevention for AI chat interactions:\nprompt/response inspection, sensitive-data detection, and file transfer policies.") }), + zodValidationSchema: z.object({ "requestBody": z.object({ "name": z.string().describe("Human-readable rule name"), "description": z.string().describe("Explanation of the rule's purpose").default(""), "order": z.number().int().describe("Position in the rulebase; lower values are evaluated first and take precedence"), "policy": z.object({ "event_types": z.array(z.enum(["any","file_upload","file_download","paste","prompt","copy"])).min(1).describe("Event types this rule applies to. Use [any] (or omit) to match every event; combine specific values (e.g. [file_upload, paste]). 'any' may NOT be combined with specific values. The legacy singular 'event_type' is still accepted as input for backward compatibility.").optional(), "services_and_application": z.union([z.object({ "domain": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of domains").optional(), "url": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of URLs").optional(), "address_range": z.object({ "ip_ranges": z.array(z.object({ "start_ip": z.string().ip({ version: "v4" }).describe("First IPv4 address of the range (inclusive)"), "end_ip": z.string().ip({ version: "v4" }).describe("Last IPv4 address of the range (inclusive)") })).max(200).describe("List of IPv4 ranges").optional(), "cidrs": z.array(z.object({ "cidr": z.string().describe("IPv4 CIDR block (e.g. '10.0.0.0/24')") })).max(200).describe("List of IPv4 CIDR blocks").optional() }).optional(), "genai_application": z.array(z.object({ "id": z.number().int().gt(0).describe("GenAI application ID"), "mode": z.union([z.enum(["all","selected_account"]).describe("Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."), z.null()]).describe("Account selection mode: 'all' or 'selected_account'").default("all"), "accounts": z.array(z.object({ "account_id": z.string().describe("Account identifier") }).describe("External-safe twin of Account.")).describe("List of selected accounts (used when mode='selected_account')").optional() })).describe("List of GenAI applications").optional(), "web_application": z.array(z.object({ "id": z.number().int().gt(0).describe("Web application ID"), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Selection mode: 'all' or 'selected'").default("all") })).describe("List of web applications").optional(), "category": z.array(z.object({ "category_id": z.union([z.literal(1), z.literal(3), z.literal(5), z.literal(7), z.literal(11), z.literal(12), z.literal(15), z.literal(32), z.literal(21), z.literal(24), z.literal(25), z.literal(0), z.literal(34), z.literal(35), z.literal(37), z.literal(39), z.literal(41), z.literal(42), z.literal(45), z.literal(47), z.literal(49), z.literal(51), z.literal(53), z.literal(54), z.literal(58), z.literal(59), z.literal(60), z.literal(68), z.literal(69), z.literal(71), z.literal(72), z.literal(74), z.literal(75), z.literal(76), z.literal(51000001), z.literal(51000002), z.literal(52000130), z.literal(50000032), z.literal(52000132), z.literal(60517663), z.literal(60530541), z.literal(60530542), z.literal(60530648), z.literal(31), z.literal(55), z.literal(65), z.literal(66), z.literal(67), z.literal(77), z.literal(51000003), z.literal(51000004), z.literal(51000005), z.literal(52000038), z.literal(60530540), z.literal(9), z.literal(13), z.literal(14), z.literal(17), z.literal(18), z.literal(26), z.literal(33), z.literal(56), z.literal(61), z.literal(62), z.literal(70), z.literal(73), z.literal(78), z.literal(30), z.literal(52000047), z.literal(52000058), z.literal(52000069), z.literal(50000086), z.literal(23), z.literal(52000136), z.literal(52000046), z.literal(52000051), z.literal(60531762)]).describe("URLF Category enumeration with display names as keys and category IDs as values.") })).describe("List of URLF categories").optional(), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Whether to apply to all services and applications or to only selected ones").optional() }), z.null()]).describe("Services and application configuration").optional(), "data_types": z.union([z.array(z.object({ "id": z.string().uuid().describe("UUID of the data type").default(""), "name": z.string().describe("Display name of the data type").default(""), "type": z.enum(["PRE_DEFINED","CUSTOM"]).optional(), "matchingLevel": z.union([z.number().int(), z.null()]).describe("Matching level for the data type").optional() })), z.null()]).describe("DLP Data types").optional(), "action": z.union([z.enum(["prevent","ask","redact","detect","allow","block"]), z.null()]).describe("Action to take when DLP rule is triggered").optional(), "logging": z.union([z.enum(["enabled","disabled"]).describe("Logging status enumeration."), z.null()]).describe("Whether logging is enabled").optional() }), "source": z.array(z.object({ "assignment_id": z.string().uuid().describe("ID of the user or group. Ignored when assignment_type is ENTIRE_ORG (auto-set to 00000000-0000-0000-0000-000000000000)."), "display_name": z.string().describe("Human-readable name of the user or group"), "assignment_type": z.enum(["ASSIGNMENT_TYPE_USER","ASSIGNMENT_TYPE_GROUP","ASSIGNMENT_TYPE_ENTIRE_ORG"]) }).describe("External-safe twin of Assignment.")).describe("Users or groups this rule applies to; empty means all users").optional() }).describe("Create a new Chats rule.\n\nChats rules control data-loss-prevention for AI chat interactions:\nprompt/response inspection, sensitive-data detection, and file transfer policies.") }), }, ], @@ -2659,6 +2936,41 @@ export const toolDefinitionMap: Map = new Map([ } ] }, + "clickfix": { + "anyOf": [ + { + "type": "string", + "enum": [ + "detect", + "prevent", + "ask", + "off" + ], + "title": "ThreatPreventionAction", + "description": "Actions for threat prevention features." + }, + { + "type": "null" + } + ] + }, + "incognito": { + "anyOf": [ + { + "type": "string", + "enum": [ + "block", + "allow", + "ignore" + ], + "title": "IncognitoAction", + "description": "Actions for incognito mode control." + }, + { + "type": "null" + } + ] + }, "safe_search": { "anyOf": [ { @@ -2766,39 +3078,206 @@ export const toolDefinitionMap: Map = new Map([ "type": "array", "title": "Protected Domains", "description": "List of protected domains" - } - }, - "type": "object", - "title": "SecureBrowsingPolicy" - }, - "source": { - "items": { - "properties": { - "assignment_id": { - "type": "string", - "format": "uuid", - "title": "Assignment Id", - "description": "ID of the user or group. Ignored when assignment_type is ENTIRE_ORG (auto-set to 00000000-0000-0000-0000-000000000000)." - }, - "display_name": { - "type": "string", - "title": "Display Name", - "description": "Human-readable name of the user or group" - }, - "assignment_type": { - "type": "string", - "enum": [ - "ASSIGNMENT_TYPE_USER", - "ASSIGNMENT_TYPE_GROUP", - "ASSIGNMENT_TYPE_ENTIRE_ORG" + }, + "url_exclusions": { + "items": { + "properties": { + "url": { + "type": "string", + "format": "uri", + "title": "Url", + "description": "Valid URL" + } + }, + "type": "object", + "required": [ + "url" ], - "title": "AssignmentType" - } + "title": "URLItem" + }, + "type": "array", + "title": "Url Exclusions", + "description": "List of excluded URLs" }, - "type": "object", - "required": [ - "assignment_id", - "display_name", + "protected_urls": { + "items": { + "properties": { + "url": { + "type": "string", + "format": "uri", + "title": "Url", + "description": "Valid URL" + } + }, + "type": "object", + "required": [ + "url" + ], + "title": "URLItem" + }, + "type": "array", + "title": "Protected Urls", + "description": "List of protected URLs" + }, + "address_range_exclusions": { + "properties": { + "ip_ranges": { + "items": { + "properties": { + "start_ip": { + "type": "string", + "format": "ipv4", + "title": "Start Ip", + "description": "First IPv4 address of the range (inclusive)" + }, + "end_ip": { + "type": "string", + "format": "ipv4", + "title": "End Ip", + "description": "Last IPv4 address of the range (inclusive)" + } + }, + "type": "object", + "required": [ + "start_ip", + "end_ip" + ], + "title": "IPRangeItem" + }, + "type": "array", + "maxItems": 200, + "title": "Ip Ranges", + "description": "List of IPv4 ranges" + }, + "cidrs": { + "items": { + "properties": { + "cidr": { + "type": "string", + "format": "cidr", + "title": "Cidr", + "description": "IPv4 CIDR block (e.g. '10.0.0.0/24')" + } + }, + "type": "object", + "required": [ + "cidr" + ], + "title": "CIDRItem" + }, + "type": "array", + "maxItems": 200, + "title": "Cidrs", + "description": "List of IPv4 CIDR blocks" + } + }, + "type": "object", + "title": "AddressRange" + }, + "protected_address_range": { + "properties": { + "ip_ranges": { + "items": { + "properties": { + "start_ip": { + "type": "string", + "format": "ipv4", + "title": "Start Ip", + "description": "First IPv4 address of the range (inclusive)" + }, + "end_ip": { + "type": "string", + "format": "ipv4", + "title": "End Ip", + "description": "Last IPv4 address of the range (inclusive)" + } + }, + "type": "object", + "required": [ + "start_ip", + "end_ip" + ], + "title": "IPRangeItem" + }, + "type": "array", + "maxItems": 200, + "title": "Ip Ranges", + "description": "List of IPv4 ranges" + }, + "cidrs": { + "items": { + "properties": { + "cidr": { + "type": "string", + "format": "cidr", + "title": "Cidr", + "description": "IPv4 CIDR block (e.g. '10.0.0.0/24')" + } + }, + "type": "object", + "required": [ + "cidr" + ], + "title": "CIDRItem" + }, + "type": "array", + "maxItems": 200, + "title": "Cidrs", + "description": "List of IPv4 CIDR blocks" + } + }, + "type": "object", + "title": "AddressRange" + }, + "logging": { + "anyOf": [ + { + "type": "string", + "enum": [ + "enabled", + "disabled" + ], + "title": "LoggingStatus", + "description": "Logging status enumeration." + }, + { + "type": "null" + } + ], + "description": "Whether logging is enabled" + } + }, + "type": "object", + "title": "SecureBrowsingPolicy" + }, + "source": { + "items": { + "properties": { + "assignment_id": { + "type": "string", + "format": "uuid", + "title": "Assignment Id", + "description": "ID of the user or group. Ignored when assignment_type is ENTIRE_ORG (auto-set to 00000000-0000-0000-0000-000000000000)." + }, + "display_name": { + "type": "string", + "title": "Display Name", + "description": "Human-readable name of the user or group" + }, + "assignment_type": { + "type": "string", + "enum": [ + "ASSIGNMENT_TYPE_USER", + "ASSIGNMENT_TYPE_GROUP", + "ASSIGNMENT_TYPE_ENTIRE_ORG" + ], + "title": "AssignmentType" + } + }, + "type": "object", + "required": [ + "assignment_id", + "display_name", "assignment_type" ], "title": "Assignment", @@ -2828,7 +3307,7 @@ export const toolDefinitionMap: Map = new Map([ executionParameters: [], requestBodyContentType: 'application/json', securityRequirements: [{"HTTPBearer":[]}], - zodValidationSchema: z.object({ "requestBody": z.object({ "name": z.string().describe("Human-readable rule name"), "description": z.string().describe("Explanation of the rule's purpose").default(""), "order": z.number().int().describe("Position in the rulebase; lower values are evaluated first and take precedence"), "policy": z.object({ "password_reuse": z.union([z.enum(["detect","prevent","ask","off"]).describe("Actions for threat prevention features."), z.null()]).optional(), "zero_phishing": z.union([z.enum(["detect","prevent","ask","off"]).describe("Actions for threat prevention features."), z.null()]).optional(), "safe_search": z.union([z.enum(["on","off"]).describe("Simple on/off toggle."), z.null()]).optional(), "search_reputation": z.union([z.enum(["on","off"]).describe("Simple on/off toggle."), z.null()]).optional(), "domain_exclusions": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of excluded domains").optional(), "protected_domains": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of protected domains").optional() }), "source": z.array(z.object({ "assignment_id": z.string().uuid().describe("ID of the user or group. Ignored when assignment_type is ENTIRE_ORG (auto-set to 00000000-0000-0000-0000-000000000000)."), "display_name": z.string().describe("Human-readable name of the user or group"), "assignment_type": z.enum(["ASSIGNMENT_TYPE_USER","ASSIGNMENT_TYPE_GROUP","ASSIGNMENT_TYPE_ENTIRE_ORG"]) }).describe("External-safe twin of Assignment.")).describe("Users or groups this rule applies to; empty means all users").optional() }).describe("Create a new Secure Browsing rule.\n\nSecure Browsing rules define threat-prevention policies for web browsing:\nphishing protection, password-reuse detection, and domain-based filtering.") }), + zodValidationSchema: z.object({ "requestBody": z.object({ "name": z.string().describe("Human-readable rule name"), "description": z.string().describe("Explanation of the rule's purpose").default(""), "order": z.number().int().describe("Position in the rulebase; lower values are evaluated first and take precedence"), "policy": z.object({ "password_reuse": z.union([z.enum(["detect","prevent","ask","off"]).describe("Actions for threat prevention features."), z.null()]).optional(), "zero_phishing": z.union([z.enum(["detect","prevent","ask","off"]).describe("Actions for threat prevention features."), z.null()]).optional(), "clickfix": z.union([z.enum(["detect","prevent","ask","off"]).describe("Actions for threat prevention features."), z.null()]).optional(), "incognito": z.union([z.enum(["block","allow","ignore"]).describe("Actions for incognito mode control."), z.null()]).optional(), "safe_search": z.union([z.enum(["on","off"]).describe("Simple on/off toggle."), z.null()]).optional(), "search_reputation": z.union([z.enum(["on","off"]).describe("Simple on/off toggle."), z.null()]).optional(), "domain_exclusions": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of excluded domains").optional(), "protected_domains": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of protected domains").optional(), "url_exclusions": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of excluded URLs").optional(), "protected_urls": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of protected URLs").optional(), "address_range_exclusions": z.object({ "ip_ranges": z.array(z.object({ "start_ip": z.string().ip({ version: "v4" }).describe("First IPv4 address of the range (inclusive)"), "end_ip": z.string().ip({ version: "v4" }).describe("Last IPv4 address of the range (inclusive)") })).max(200).describe("List of IPv4 ranges").optional(), "cidrs": z.array(z.object({ "cidr": z.string().describe("IPv4 CIDR block (e.g. '10.0.0.0/24')") })).max(200).describe("List of IPv4 CIDR blocks").optional() }).optional(), "protected_address_range": z.object({ "ip_ranges": z.array(z.object({ "start_ip": z.string().ip({ version: "v4" }).describe("First IPv4 address of the range (inclusive)"), "end_ip": z.string().ip({ version: "v4" }).describe("Last IPv4 address of the range (inclusive)") })).max(200).describe("List of IPv4 ranges").optional(), "cidrs": z.array(z.object({ "cidr": z.string().describe("IPv4 CIDR block (e.g. '10.0.0.0/24')") })).max(200).describe("List of IPv4 CIDR blocks").optional() }).optional(), "logging": z.union([z.enum(["enabled","disabled"]).describe("Logging status enumeration."), z.null()]).describe("Whether logging is enabled").optional() }), "source": z.array(z.object({ "assignment_id": z.string().uuid().describe("ID of the user or group. Ignored when assignment_type is ENTIRE_ORG (auto-set to 00000000-0000-0000-0000-000000000000)."), "display_name": z.string().describe("Human-readable name of the user or group"), "assignment_type": z.enum(["ASSIGNMENT_TYPE_USER","ASSIGNMENT_TYPE_GROUP","ASSIGNMENT_TYPE_ENTIRE_ORG"]) }).describe("External-safe twin of Assignment.")).describe("Users or groups this rule applies to; empty means all users").optional() }).describe("Create a new Secure Browsing rule.\n\nSecure Browsing rules define threat-prevention policies for web browsing:\nphishing protection, password-reuse detection, and domain-based filtering.") }), }, ], @@ -2849,24 +3328,23 @@ export const toolDefinitionMap: Map = new Map([ }, "policy": { "properties": { - "event_type": { - "anyOf": [ - { - "type": "string", - "enum": [ - "file_upload", - "file_download", - "paste", - "prompt", - "copy" - ], - "title": "DLPEventType" - }, - { - "type": "null" - } - ], - "description": "Type of event to apply DLP policy on" + "event_types": { + "items": { + "type": "string", + "enum": [ + "any", + "file_upload", + "file_download", + "paste", + "prompt", + "copy" + ], + "title": "DLPEventType" + }, + "type": "array", + "minItems": 1, + "title": "Event Types", + "description": "Event types this rule applies to. Use [any] (or omit) to match every event; combine specific values (e.g. [file_upload, paste]). 'any' may NOT be combined with specific values. The legacy singular 'event_type' is still accepted as input for backward compatibility." }, "services_and_application": { "anyOf": [ @@ -2930,6 +3408,61 @@ export const toolDefinitionMap: Map = new Map([ "title": "Url", "description": "List of URLs" }, + "address_range": { + "properties": { + "ip_ranges": { + "items": { + "properties": { + "start_ip": { + "type": "string", + "format": "ipv4", + "title": "Start Ip", + "description": "First IPv4 address of the range (inclusive)" + }, + "end_ip": { + "type": "string", + "format": "ipv4", + "title": "End Ip", + "description": "Last IPv4 address of the range (inclusive)" + } + }, + "type": "object", + "required": [ + "start_ip", + "end_ip" + ], + "title": "IPRangeItem" + }, + "type": "array", + "maxItems": 200, + "title": "Ip Ranges", + "description": "List of IPv4 ranges" + }, + "cidrs": { + "items": { + "properties": { + "cidr": { + "type": "string", + "format": "cidr", + "title": "Cidr", + "description": "IPv4 CIDR block (e.g. '10.0.0.0/24')" + } + }, + "type": "object", + "required": [ + "cidr" + ], + "title": "CIDRItem" + }, + "type": "array", + "maxItems": 200, + "title": "Cidrs", + "description": "List of IPv4 CIDR blocks" + } + }, + "type": "object", + "title": "AddressRange" + }, "genai_application": { "items": { "properties": { @@ -2988,6 +3521,44 @@ export const toolDefinitionMap: Map = new Map([ "title": "Genai Application", "description": "List of GenAI applications" }, + "web_application": { + "items": { + "properties": { + "id": { + "type": "integer", + "exclusiveMinimum": 0, + "title": "Id", + "description": "Web application ID" + }, + "mode": { + "anyOf": [ + { + "type": "string", + "enum": [ + "selected", + "all" + ], + "title": "SelectionMode", + "description": "Selection mode enumeration." + }, + { + "type": "null" + } + ], + "description": "Selection mode: 'all' or 'selected'", + "default": "all" + } + }, + "type": "object", + "required": [ + "id" + ], + "title": "WebApp" + }, + "type": "array", + "title": "Web Application", + "description": "List of web applications" + }, "category": { "items": { "properties": { @@ -3230,7 +3801,7 @@ export const toolDefinitionMap: Map = new Map([ executionParameters: [], requestBodyContentType: 'application/json', securityRequirements: [{"HTTPBearer":[]}], - zodValidationSchema: z.object({ "requestBody": z.object({ "rule_id": z.string().describe("UUID of the rule to update"), "policy": z.object({ "event_type": z.union([z.enum(["file_upload","file_download","paste","prompt","copy"]), z.null()]).describe("Type of event to apply DLP policy on").optional(), "services_and_application": z.union([z.object({ "domain": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of domains").optional(), "url": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of URLs").optional(), "genai_application": z.array(z.object({ "id": z.number().int().gt(0).describe("GenAI application ID"), "mode": z.union([z.enum(["all","selected_account"]).describe("Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."), z.null()]).describe("Account selection mode: 'all' or 'selected_account'").default("all"), "accounts": z.array(z.object({ "account_id": z.string().describe("Account identifier") }).describe("External-safe twin of Account.")).describe("List of selected accounts (used when mode='selected_account')").optional() })).describe("List of GenAI applications").optional(), "category": z.array(z.object({ "category_id": z.union([z.literal(1), z.literal(3), z.literal(5), z.literal(7), z.literal(11), z.literal(12), z.literal(15), z.literal(32), z.literal(21), z.literal(24), z.literal(25), z.literal(0), z.literal(34), z.literal(35), z.literal(37), z.literal(39), z.literal(41), z.literal(42), z.literal(45), z.literal(47), z.literal(49), z.literal(51), z.literal(53), z.literal(54), z.literal(58), z.literal(59), z.literal(60), z.literal(68), z.literal(69), z.literal(71), z.literal(72), z.literal(74), z.literal(75), z.literal(76), z.literal(51000001), z.literal(51000002), z.literal(52000130), z.literal(50000032), z.literal(52000132), z.literal(60517663), z.literal(60530541), z.literal(60530542), z.literal(60530648), z.literal(31), z.literal(55), z.literal(65), z.literal(66), z.literal(67), z.literal(77), z.literal(51000003), z.literal(51000004), z.literal(51000005), z.literal(52000038), z.literal(60530540), z.literal(9), z.literal(13), z.literal(14), z.literal(17), z.literal(18), z.literal(26), z.literal(33), z.literal(56), z.literal(61), z.literal(62), z.literal(70), z.literal(73), z.literal(78), z.literal(30), z.literal(52000047), z.literal(52000058), z.literal(52000069), z.literal(50000086), z.literal(23), z.literal(52000136), z.literal(52000046), z.literal(52000051), z.literal(60531762)]).describe("URLF Category enumeration with display names as keys and category IDs as values.") })).describe("List of URLF categories").optional(), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Whether to apply to all services and applications or to only selected ones").optional() }), z.null()]).describe("Services and application configuration").optional(), "data_types": z.union([z.array(z.object({ "id": z.string().uuid().describe("UUID of the data type").default(""), "name": z.string().describe("Display name of the data type").default(""), "type": z.enum(["PRE_DEFINED","CUSTOM"]).optional(), "matchingLevel": z.union([z.number().int(), z.null()]).describe("Matching level for the data type").optional() })), z.null()]).describe("DLP Data types").optional(), "action": z.union([z.enum(["prevent","ask","redact","detect","allow","block"]), z.null()]).describe("Action to take when DLP rule is triggered").optional(), "logging": z.union([z.enum(["enabled","disabled"]).describe("Logging status enumeration."), z.null()]).describe("Whether logging is enabled").optional() }) }).describe("Replace the entire Chats policy of a rule (full overwrite).") }), + zodValidationSchema: z.object({ "requestBody": z.object({ "rule_id": z.string().describe("UUID of the rule to update"), "policy": z.object({ "event_types": z.array(z.enum(["any","file_upload","file_download","paste","prompt","copy"])).min(1).describe("Event types this rule applies to. Use [any] (or omit) to match every event; combine specific values (e.g. [file_upload, paste]). 'any' may NOT be combined with specific values. The legacy singular 'event_type' is still accepted as input for backward compatibility.").optional(), "services_and_application": z.union([z.object({ "domain": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of domains").optional(), "url": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of URLs").optional(), "address_range": z.object({ "ip_ranges": z.array(z.object({ "start_ip": z.string().ip({ version: "v4" }).describe("First IPv4 address of the range (inclusive)"), "end_ip": z.string().ip({ version: "v4" }).describe("Last IPv4 address of the range (inclusive)") })).max(200).describe("List of IPv4 ranges").optional(), "cidrs": z.array(z.object({ "cidr": z.string().describe("IPv4 CIDR block (e.g. '10.0.0.0/24')") })).max(200).describe("List of IPv4 CIDR blocks").optional() }).optional(), "genai_application": z.array(z.object({ "id": z.number().int().gt(0).describe("GenAI application ID"), "mode": z.union([z.enum(["all","selected_account"]).describe("Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."), z.null()]).describe("Account selection mode: 'all' or 'selected_account'").default("all"), "accounts": z.array(z.object({ "account_id": z.string().describe("Account identifier") }).describe("External-safe twin of Account.")).describe("List of selected accounts (used when mode='selected_account')").optional() })).describe("List of GenAI applications").optional(), "web_application": z.array(z.object({ "id": z.number().int().gt(0).describe("Web application ID"), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Selection mode: 'all' or 'selected'").default("all") })).describe("List of web applications").optional(), "category": z.array(z.object({ "category_id": z.union([z.literal(1), z.literal(3), z.literal(5), z.literal(7), z.literal(11), z.literal(12), z.literal(15), z.literal(32), z.literal(21), z.literal(24), z.literal(25), z.literal(0), z.literal(34), z.literal(35), z.literal(37), z.literal(39), z.literal(41), z.literal(42), z.literal(45), z.literal(47), z.literal(49), z.literal(51), z.literal(53), z.literal(54), z.literal(58), z.literal(59), z.literal(60), z.literal(68), z.literal(69), z.literal(71), z.literal(72), z.literal(74), z.literal(75), z.literal(76), z.literal(51000001), z.literal(51000002), z.literal(52000130), z.literal(50000032), z.literal(52000132), z.literal(60517663), z.literal(60530541), z.literal(60530542), z.literal(60530648), z.literal(31), z.literal(55), z.literal(65), z.literal(66), z.literal(67), z.literal(77), z.literal(51000003), z.literal(51000004), z.literal(51000005), z.literal(52000038), z.literal(60530540), z.literal(9), z.literal(13), z.literal(14), z.literal(17), z.literal(18), z.literal(26), z.literal(33), z.literal(56), z.literal(61), z.literal(62), z.literal(70), z.literal(73), z.literal(78), z.literal(30), z.literal(52000047), z.literal(52000058), z.literal(52000069), z.literal(50000086), z.literal(23), z.literal(52000136), z.literal(52000046), z.literal(52000051), z.literal(60531762)]).describe("URLF Category enumeration with display names as keys and category IDs as values.") })).describe("List of URLF categories").optional(), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Whether to apply to all services and applications or to only selected ones").optional() }), z.null()]).describe("Services and application configuration").optional(), "data_types": z.union([z.array(z.object({ "id": z.string().uuid().describe("UUID of the data type").default(""), "name": z.string().describe("Display name of the data type").default(""), "type": z.enum(["PRE_DEFINED","CUSTOM"]).optional(), "matchingLevel": z.union([z.number().int(), z.null()]).describe("Matching level for the data type").optional() })), z.null()]).describe("DLP Data types").optional(), "action": z.union([z.enum(["prevent","ask","redact","detect","allow","block"]), z.null()]).describe("Action to take when DLP rule is triggered").optional(), "logging": z.union([z.enum(["enabled","disabled"]).describe("Logging status enumeration."), z.null()]).describe("Whether logging is enabled").optional() }) }).describe("Replace the entire Chats policy of a rule (full overwrite).") }), }, ], @@ -3251,24 +3822,23 @@ export const toolDefinitionMap: Map = new Map([ }, "policy": { "properties": { - "event_type": { - "anyOf": [ - { - "type": "string", - "enum": [ - "file_upload", - "file_download", - "paste", - "prompt", - "copy" - ], - "title": "DLPEventType" - }, - { - "type": "null" - } - ], - "description": "Type of event to apply DLP policy on" + "event_types": { + "items": { + "type": "string", + "enum": [ + "any", + "file_upload", + "file_download", + "paste", + "prompt", + "copy" + ], + "title": "DLPEventType" + }, + "type": "array", + "minItems": 1, + "title": "Event Types", + "description": "Event types this rule applies to. Use [any] (or omit) to match every event; combine specific values (e.g. [file_upload, paste]). 'any' may NOT be combined with specific values. The legacy singular 'event_type' is still accepted as input for backward compatibility." }, "services_and_application": { "anyOf": [ @@ -3332,6 +3902,61 @@ export const toolDefinitionMap: Map = new Map([ "title": "Url", "description": "List of URLs" }, + "address_range": { + "properties": { + "ip_ranges": { + "items": { + "properties": { + "start_ip": { + "type": "string", + "format": "ipv4", + "title": "Start Ip", + "description": "First IPv4 address of the range (inclusive)" + }, + "end_ip": { + "type": "string", + "format": "ipv4", + "title": "End Ip", + "description": "Last IPv4 address of the range (inclusive)" + } + }, + "type": "object", + "required": [ + "start_ip", + "end_ip" + ], + "title": "IPRangeItem" + }, + "type": "array", + "maxItems": 200, + "title": "Ip Ranges", + "description": "List of IPv4 ranges" + }, + "cidrs": { + "items": { + "properties": { + "cidr": { + "type": "string", + "format": "cidr", + "title": "Cidr", + "description": "IPv4 CIDR block (e.g. '10.0.0.0/24')" + } + }, + "type": "object", + "required": [ + "cidr" + ], + "title": "CIDRItem" + }, + "type": "array", + "maxItems": 200, + "title": "Cidrs", + "description": "List of IPv4 CIDR blocks" + } + }, + "type": "object", + "title": "AddressRange" + }, "genai_application": { "items": { "properties": { @@ -3390,6 +4015,44 @@ export const toolDefinitionMap: Map = new Map([ "title": "Genai Application", "description": "List of GenAI applications" }, + "web_application": { + "items": { + "properties": { + "id": { + "type": "integer", + "exclusiveMinimum": 0, + "title": "Id", + "description": "Web application ID" + }, + "mode": { + "anyOf": [ + { + "type": "string", + "enum": [ + "selected", + "all" + ], + "title": "SelectionMode", + "description": "Selection mode enumeration." + }, + { + "type": "null" + } + ], + "description": "Selection mode: 'all' or 'selected'", + "default": "all" + } + }, + "type": "object", + "required": [ + "id" + ], + "title": "WebApp" + }, + "type": "array", + "title": "Web Application", + "description": "List of web applications" + }, "category": { "items": { "properties": { @@ -3632,7 +4295,7 @@ export const toolDefinitionMap: Map = new Map([ executionParameters: [], requestBodyContentType: 'application/json', securityRequirements: [{"HTTPBearer":[]}], - zodValidationSchema: z.object({ "requestBody": z.object({ "rule_id": z.string().describe("UUID of the rule to patch"), "policy": z.object({ "event_type": z.union([z.enum(["file_upload","file_download","paste","prompt","copy"]), z.null()]).describe("Type of event to apply DLP policy on").optional(), "services_and_application": z.union([z.object({ "domain": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of domains").optional(), "url": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of URLs").optional(), "genai_application": z.array(z.object({ "id": z.number().int().gt(0).describe("GenAI application ID"), "mode": z.union([z.enum(["all","selected_account"]).describe("Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."), z.null()]).describe("Account selection mode: 'all' or 'selected_account'").default("all"), "accounts": z.array(z.object({ "account_id": z.string().describe("Account identifier") }).describe("External-safe twin of Account.")).describe("List of selected accounts (used when mode='selected_account')").optional() })).describe("List of GenAI applications").optional(), "category": z.array(z.object({ "category_id": z.union([z.literal(1), z.literal(3), z.literal(5), z.literal(7), z.literal(11), z.literal(12), z.literal(15), z.literal(32), z.literal(21), z.literal(24), z.literal(25), z.literal(0), z.literal(34), z.literal(35), z.literal(37), z.literal(39), z.literal(41), z.literal(42), z.literal(45), z.literal(47), z.literal(49), z.literal(51), z.literal(53), z.literal(54), z.literal(58), z.literal(59), z.literal(60), z.literal(68), z.literal(69), z.literal(71), z.literal(72), z.literal(74), z.literal(75), z.literal(76), z.literal(51000001), z.literal(51000002), z.literal(52000130), z.literal(50000032), z.literal(52000132), z.literal(60517663), z.literal(60530541), z.literal(60530542), z.literal(60530648), z.literal(31), z.literal(55), z.literal(65), z.literal(66), z.literal(67), z.literal(77), z.literal(51000003), z.literal(51000004), z.literal(51000005), z.literal(52000038), z.literal(60530540), z.literal(9), z.literal(13), z.literal(14), z.literal(17), z.literal(18), z.literal(26), z.literal(33), z.literal(56), z.literal(61), z.literal(62), z.literal(70), z.literal(73), z.literal(78), z.literal(30), z.literal(52000047), z.literal(52000058), z.literal(52000069), z.literal(50000086), z.literal(23), z.literal(52000136), z.literal(52000046), z.literal(52000051), z.literal(60531762)]).describe("URLF Category enumeration with display names as keys and category IDs as values.") })).describe("List of URLF categories").optional(), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Whether to apply to all services and applications or to only selected ones").optional() }), z.null()]).describe("Services and application configuration").optional(), "data_types": z.union([z.array(z.object({ "id": z.string().uuid().describe("UUID of the data type").default(""), "name": z.string().describe("Display name of the data type").default(""), "type": z.enum(["PRE_DEFINED","CUSTOM"]).optional(), "matchingLevel": z.union([z.number().int(), z.null()]).describe("Matching level for the data type").optional() })), z.null()]).describe("DLP Data types").optional(), "action": z.union([z.enum(["prevent","ask","redact","detect","allow","block"]), z.null()]).describe("Action to take when DLP rule is triggered").optional(), "logging": z.union([z.enum(["enabled","disabled"]).describe("Logging status enumeration."), z.null()]).describe("Whether logging is enabled").optional() }) }).describe("Partially update a Chats rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged. Useful for toggling a single setting\nwithout resending the full configuration.") }), + zodValidationSchema: z.object({ "requestBody": z.object({ "rule_id": z.string().describe("UUID of the rule to patch"), "policy": z.object({ "event_types": z.array(z.enum(["any","file_upload","file_download","paste","prompt","copy"])).min(1).describe("Event types this rule applies to. Use [any] (or omit) to match every event; combine specific values (e.g. [file_upload, paste]). 'any' may NOT be combined with specific values. The legacy singular 'event_type' is still accepted as input for backward compatibility.").optional(), "services_and_application": z.union([z.object({ "domain": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of domains").optional(), "url": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of URLs").optional(), "address_range": z.object({ "ip_ranges": z.array(z.object({ "start_ip": z.string().ip({ version: "v4" }).describe("First IPv4 address of the range (inclusive)"), "end_ip": z.string().ip({ version: "v4" }).describe("Last IPv4 address of the range (inclusive)") })).max(200).describe("List of IPv4 ranges").optional(), "cidrs": z.array(z.object({ "cidr": z.string().describe("IPv4 CIDR block (e.g. '10.0.0.0/24')") })).max(200).describe("List of IPv4 CIDR blocks").optional() }).optional(), "genai_application": z.array(z.object({ "id": z.number().int().gt(0).describe("GenAI application ID"), "mode": z.union([z.enum(["all","selected_account"]).describe("Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."), z.null()]).describe("Account selection mode: 'all' or 'selected_account'").default("all"), "accounts": z.array(z.object({ "account_id": z.string().describe("Account identifier") }).describe("External-safe twin of Account.")).describe("List of selected accounts (used when mode='selected_account')").optional() })).describe("List of GenAI applications").optional(), "web_application": z.array(z.object({ "id": z.number().int().gt(0).describe("Web application ID"), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Selection mode: 'all' or 'selected'").default("all") })).describe("List of web applications").optional(), "category": z.array(z.object({ "category_id": z.union([z.literal(1), z.literal(3), z.literal(5), z.literal(7), z.literal(11), z.literal(12), z.literal(15), z.literal(32), z.literal(21), z.literal(24), z.literal(25), z.literal(0), z.literal(34), z.literal(35), z.literal(37), z.literal(39), z.literal(41), z.literal(42), z.literal(45), z.literal(47), z.literal(49), z.literal(51), z.literal(53), z.literal(54), z.literal(58), z.literal(59), z.literal(60), z.literal(68), z.literal(69), z.literal(71), z.literal(72), z.literal(74), z.literal(75), z.literal(76), z.literal(51000001), z.literal(51000002), z.literal(52000130), z.literal(50000032), z.literal(52000132), z.literal(60517663), z.literal(60530541), z.literal(60530542), z.literal(60530648), z.literal(31), z.literal(55), z.literal(65), z.literal(66), z.literal(67), z.literal(77), z.literal(51000003), z.literal(51000004), z.literal(51000005), z.literal(52000038), z.literal(60530540), z.literal(9), z.literal(13), z.literal(14), z.literal(17), z.literal(18), z.literal(26), z.literal(33), z.literal(56), z.literal(61), z.literal(62), z.literal(70), z.literal(73), z.literal(78), z.literal(30), z.literal(52000047), z.literal(52000058), z.literal(52000069), z.literal(50000086), z.literal(23), z.literal(52000136), z.literal(52000046), z.literal(52000051), z.literal(60531762)]).describe("URLF Category enumeration with display names as keys and category IDs as values.") })).describe("List of URLF categories").optional(), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Whether to apply to all services and applications or to only selected ones").optional() }), z.null()]).describe("Services and application configuration").optional(), "data_types": z.union([z.array(z.object({ "id": z.string().uuid().describe("UUID of the data type").default(""), "name": z.string().describe("Display name of the data type").default(""), "type": z.enum(["PRE_DEFINED","CUSTOM"]).optional(), "matchingLevel": z.union([z.number().int(), z.null()]).describe("Matching level for the data type").optional() })), z.null()]).describe("DLP Data types").optional(), "action": z.union([z.enum(["prevent","ask","redact","detect","allow","block"]), z.null()]).describe("Action to take when DLP rule is triggered").optional(), "logging": z.union([z.enum(["enabled","disabled"]).describe("Logging status enumeration."), z.null()]).describe("Whether logging is enabled").optional() }) }).describe("Partially update a Chats rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged. Useful for toggling a single setting\nwithout resending the full configuration.") }), }, ], @@ -3715,6 +4378,61 @@ export const toolDefinitionMap: Map = new Map([ "title": "Url", "description": "List of URLs" }, + "address_range": { + "properties": { + "ip_ranges": { + "items": { + "properties": { + "start_ip": { + "type": "string", + "format": "ipv4", + "title": "Start Ip", + "description": "First IPv4 address of the range (inclusive)" + }, + "end_ip": { + "type": "string", + "format": "ipv4", + "title": "End Ip", + "description": "Last IPv4 address of the range (inclusive)" + } + }, + "type": "object", + "required": [ + "start_ip", + "end_ip" + ], + "title": "IPRangeItem" + }, + "type": "array", + "maxItems": 200, + "title": "Ip Ranges", + "description": "List of IPv4 ranges" + }, + "cidrs": { + "items": { + "properties": { + "cidr": { + "type": "string", + "format": "cidr", + "title": "Cidr", + "description": "IPv4 CIDR block (e.g. '10.0.0.0/24')" + } + }, + "type": "object", + "required": [ + "cidr" + ], + "title": "CIDRItem" + }, + "type": "array", + "maxItems": 200, + "title": "Cidrs", + "description": "List of IPv4 CIDR blocks" + } + }, + "type": "object", + "title": "AddressRange" + }, "genai_application": { "items": { "properties": { @@ -3773,6 +4491,44 @@ export const toolDefinitionMap: Map = new Map([ "title": "Genai Application", "description": "List of GenAI applications" }, + "web_application": { + "items": { + "properties": { + "id": { + "type": "integer", + "exclusiveMinimum": 0, + "title": "Id", + "description": "Web application ID" + }, + "mode": { + "anyOf": [ + { + "type": "string", + "enum": [ + "selected", + "all" + ], + "title": "SelectionMode", + "description": "Selection mode enumeration." + }, + { + "type": "null" + } + ], + "description": "Selection mode: 'all' or 'selected'", + "default": "all" + } + }, + "type": "object", + "required": [ + "id" + ], + "title": "WebApp" + }, + "type": "array", + "title": "Web Application", + "description": "List of web applications" + }, "category": { "items": { "properties": { @@ -3996,7 +4752,7 @@ export const toolDefinitionMap: Map = new Map([ executionParameters: [], requestBodyContentType: 'application/json', securityRequirements: [{"HTTPBearer":[]}], - zodValidationSchema: z.object({ "requestBody": z.object({ "rule_id": z.string().describe("UUID of the rule to update"), "policy": z.object({ "services_and_application": z.union([z.object({ "domain": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of domains").optional(), "url": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of URLs").optional(), "genai_application": z.array(z.object({ "id": z.number().int().gt(0).describe("GenAI application ID"), "mode": z.union([z.enum(["all","selected_account"]).describe("Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."), z.null()]).describe("Account selection mode: 'all' or 'selected_account'").default("all"), "accounts": z.array(z.object({ "account_id": z.string().describe("Account identifier") }).describe("External-safe twin of Account.")).describe("List of selected accounts (used when mode='selected_account')").optional() })).describe("List of GenAI applications").optional(), "category": z.array(z.object({ "category_id": z.union([z.literal(1), z.literal(3), z.literal(5), z.literal(7), z.literal(11), z.literal(12), z.literal(15), z.literal(32), z.literal(21), z.literal(24), z.literal(25), z.literal(0), z.literal(34), z.literal(35), z.literal(37), z.literal(39), z.literal(41), z.literal(42), z.literal(45), z.literal(47), z.literal(49), z.literal(51), z.literal(53), z.literal(54), z.literal(58), z.literal(59), z.literal(60), z.literal(68), z.literal(69), z.literal(71), z.literal(72), z.literal(74), z.literal(75), z.literal(76), z.literal(51000001), z.literal(51000002), z.literal(52000130), z.literal(50000032), z.literal(52000132), z.literal(60517663), z.literal(60530541), z.literal(60530542), z.literal(60530648), z.literal(31), z.literal(55), z.literal(65), z.literal(66), z.literal(67), z.literal(77), z.literal(51000003), z.literal(51000004), z.literal(51000005), z.literal(52000038), z.literal(60530540), z.literal(9), z.literal(13), z.literal(14), z.literal(17), z.literal(18), z.literal(26), z.literal(33), z.literal(56), z.literal(61), z.literal(62), z.literal(70), z.literal(73), z.literal(78), z.literal(30), z.literal(52000047), z.literal(52000058), z.literal(52000069), z.literal(50000086), z.literal(23), z.literal(52000136), z.literal(52000046), z.literal(52000051), z.literal(60531762)]).describe("URLF Category enumeration with display names as keys and category IDs as values.") })).describe("List of URLF categories").optional(), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Whether to apply to all services and applications or to only selected ones").optional() }), z.null()]).describe("Services and application configuration").optional(), "action": z.union([z.enum(["block","allow","ask"]), z.null()]).describe("Action to take for access control").optional(), "logging": z.union([z.enum(["enabled","disabled"]).describe("Logging status enumeration."), z.null()]).describe("Whether logging is enabled").optional(), "download_file_protection": z.union([z.enum(["na","Block","Allow","EmulateInBackground","WaitForEmulation","Detect","Extract"]), z.null()]).describe("File download protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules.").optional(), "upload_file_protection": z.union([z.enum(["na","Block","Allow","EmulateInBackground","WaitForEmulation","Detect"]), z.null()]).describe("File upload protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules.").optional() }) }).describe("Replace the entire Access policy of a rule (full overwrite).") }), + zodValidationSchema: z.object({ "requestBody": z.object({ "rule_id": z.string().describe("UUID of the rule to update"), "policy": z.object({ "services_and_application": z.union([z.object({ "domain": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of domains").optional(), "url": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of URLs").optional(), "address_range": z.object({ "ip_ranges": z.array(z.object({ "start_ip": z.string().ip({ version: "v4" }).describe("First IPv4 address of the range (inclusive)"), "end_ip": z.string().ip({ version: "v4" }).describe("Last IPv4 address of the range (inclusive)") })).max(200).describe("List of IPv4 ranges").optional(), "cidrs": z.array(z.object({ "cidr": z.string().describe("IPv4 CIDR block (e.g. '10.0.0.0/24')") })).max(200).describe("List of IPv4 CIDR blocks").optional() }).optional(), "genai_application": z.array(z.object({ "id": z.number().int().gt(0).describe("GenAI application ID"), "mode": z.union([z.enum(["all","selected_account"]).describe("Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."), z.null()]).describe("Account selection mode: 'all' or 'selected_account'").default("all"), "accounts": z.array(z.object({ "account_id": z.string().describe("Account identifier") }).describe("External-safe twin of Account.")).describe("List of selected accounts (used when mode='selected_account')").optional() })).describe("List of GenAI applications").optional(), "web_application": z.array(z.object({ "id": z.number().int().gt(0).describe("Web application ID"), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Selection mode: 'all' or 'selected'").default("all") })).describe("List of web applications").optional(), "category": z.array(z.object({ "category_id": z.union([z.literal(1), z.literal(3), z.literal(5), z.literal(7), z.literal(11), z.literal(12), z.literal(15), z.literal(32), z.literal(21), z.literal(24), z.literal(25), z.literal(0), z.literal(34), z.literal(35), z.literal(37), z.literal(39), z.literal(41), z.literal(42), z.literal(45), z.literal(47), z.literal(49), z.literal(51), z.literal(53), z.literal(54), z.literal(58), z.literal(59), z.literal(60), z.literal(68), z.literal(69), z.literal(71), z.literal(72), z.literal(74), z.literal(75), z.literal(76), z.literal(51000001), z.literal(51000002), z.literal(52000130), z.literal(50000032), z.literal(52000132), z.literal(60517663), z.literal(60530541), z.literal(60530542), z.literal(60530648), z.literal(31), z.literal(55), z.literal(65), z.literal(66), z.literal(67), z.literal(77), z.literal(51000003), z.literal(51000004), z.literal(51000005), z.literal(52000038), z.literal(60530540), z.literal(9), z.literal(13), z.literal(14), z.literal(17), z.literal(18), z.literal(26), z.literal(33), z.literal(56), z.literal(61), z.literal(62), z.literal(70), z.literal(73), z.literal(78), z.literal(30), z.literal(52000047), z.literal(52000058), z.literal(52000069), z.literal(50000086), z.literal(23), z.literal(52000136), z.literal(52000046), z.literal(52000051), z.literal(60531762)]).describe("URLF Category enumeration with display names as keys and category IDs as values.") })).describe("List of URLF categories").optional(), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Whether to apply to all services and applications or to only selected ones").optional() }), z.null()]).describe("Services and application configuration").optional(), "action": z.union([z.enum(["block","allow","ask"]), z.null()]).describe("Action to take for access control").optional(), "logging": z.union([z.enum(["enabled","disabled"]).describe("Logging status enumeration."), z.null()]).describe("Whether logging is enabled").optional(), "download_file_protection": z.union([z.enum(["na","Block","Allow","EmulateInBackground","WaitForEmulation","Detect","Extract"]), z.null()]).describe("File download protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules.").optional(), "upload_file_protection": z.union([z.enum(["na","Block","Allow","EmulateInBackground","WaitForEmulation","Detect"]), z.null()]).describe("File upload protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules.").optional() }) }).describe("Replace the entire Access policy of a rule (full overwrite).") }), }, ], @@ -4079,6 +4835,61 @@ export const toolDefinitionMap: Map = new Map([ "title": "Url", "description": "List of URLs" }, + "address_range": { + "properties": { + "ip_ranges": { + "items": { + "properties": { + "start_ip": { + "type": "string", + "format": "ipv4", + "title": "Start Ip", + "description": "First IPv4 address of the range (inclusive)" + }, + "end_ip": { + "type": "string", + "format": "ipv4", + "title": "End Ip", + "description": "Last IPv4 address of the range (inclusive)" + } + }, + "type": "object", + "required": [ + "start_ip", + "end_ip" + ], + "title": "IPRangeItem" + }, + "type": "array", + "maxItems": 200, + "title": "Ip Ranges", + "description": "List of IPv4 ranges" + }, + "cidrs": { + "items": { + "properties": { + "cidr": { + "type": "string", + "format": "cidr", + "title": "Cidr", + "description": "IPv4 CIDR block (e.g. '10.0.0.0/24')" + } + }, + "type": "object", + "required": [ + "cidr" + ], + "title": "CIDRItem" + }, + "type": "array", + "maxItems": 200, + "title": "Cidrs", + "description": "List of IPv4 CIDR blocks" + } + }, + "type": "object", + "title": "AddressRange" + }, "genai_application": { "items": { "properties": { @@ -4131,11 +4942,49 @@ export const toolDefinitionMap: Map = new Map([ "required": [ "id" ], - "title": "GenAIApp" + "title": "GenAIApp" + }, + "type": "array", + "title": "Genai Application", + "description": "List of GenAI applications" + }, + "web_application": { + "items": { + "properties": { + "id": { + "type": "integer", + "exclusiveMinimum": 0, + "title": "Id", + "description": "Web application ID" + }, + "mode": { + "anyOf": [ + { + "type": "string", + "enum": [ + "selected", + "all" + ], + "title": "SelectionMode", + "description": "Selection mode enumeration." + }, + { + "type": "null" + } + ], + "description": "Selection mode: 'all' or 'selected'", + "default": "all" + } + }, + "type": "object", + "required": [ + "id" + ], + "title": "WebApp" }, "type": "array", - "title": "Genai Application", - "description": "List of GenAI applications" + "title": "Web Application", + "description": "List of web applications" }, "category": { "items": { @@ -4360,7 +5209,7 @@ export const toolDefinitionMap: Map = new Map([ executionParameters: [], requestBodyContentType: 'application/json', securityRequirements: [{"HTTPBearer":[]}], - zodValidationSchema: z.object({ "requestBody": z.object({ "rule_id": z.string().describe("UUID of the rule to patch"), "policy": z.object({ "services_and_application": z.union([z.object({ "domain": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of domains").optional(), "url": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of URLs").optional(), "genai_application": z.array(z.object({ "id": z.number().int().gt(0).describe("GenAI application ID"), "mode": z.union([z.enum(["all","selected_account"]).describe("Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."), z.null()]).describe("Account selection mode: 'all' or 'selected_account'").default("all"), "accounts": z.array(z.object({ "account_id": z.string().describe("Account identifier") }).describe("External-safe twin of Account.")).describe("List of selected accounts (used when mode='selected_account')").optional() })).describe("List of GenAI applications").optional(), "category": z.array(z.object({ "category_id": z.union([z.literal(1), z.literal(3), z.literal(5), z.literal(7), z.literal(11), z.literal(12), z.literal(15), z.literal(32), z.literal(21), z.literal(24), z.literal(25), z.literal(0), z.literal(34), z.literal(35), z.literal(37), z.literal(39), z.literal(41), z.literal(42), z.literal(45), z.literal(47), z.literal(49), z.literal(51), z.literal(53), z.literal(54), z.literal(58), z.literal(59), z.literal(60), z.literal(68), z.literal(69), z.literal(71), z.literal(72), z.literal(74), z.literal(75), z.literal(76), z.literal(51000001), z.literal(51000002), z.literal(52000130), z.literal(50000032), z.literal(52000132), z.literal(60517663), z.literal(60530541), z.literal(60530542), z.literal(60530648), z.literal(31), z.literal(55), z.literal(65), z.literal(66), z.literal(67), z.literal(77), z.literal(51000003), z.literal(51000004), z.literal(51000005), z.literal(52000038), z.literal(60530540), z.literal(9), z.literal(13), z.literal(14), z.literal(17), z.literal(18), z.literal(26), z.literal(33), z.literal(56), z.literal(61), z.literal(62), z.literal(70), z.literal(73), z.literal(78), z.literal(30), z.literal(52000047), z.literal(52000058), z.literal(52000069), z.literal(50000086), z.literal(23), z.literal(52000136), z.literal(52000046), z.literal(52000051), z.literal(60531762)]).describe("URLF Category enumeration with display names as keys and category IDs as values.") })).describe("List of URLF categories").optional(), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Whether to apply to all services and applications or to only selected ones").optional() }), z.null()]).describe("Services and application configuration").optional(), "action": z.union([z.enum(["block","allow","ask"]), z.null()]).describe("Action to take for access control").optional(), "logging": z.union([z.enum(["enabled","disabled"]).describe("Logging status enumeration."), z.null()]).describe("Whether logging is enabled").optional(), "download_file_protection": z.union([z.enum(["na","Block","Allow","EmulateInBackground","WaitForEmulation","Detect","Extract"]), z.null()]).describe("File download protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules.").optional(), "upload_file_protection": z.union([z.enum(["na","Block","Allow","EmulateInBackground","WaitForEmulation","Detect"]), z.null()]).describe("File upload protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules.").optional() }) }).describe("Partially update an Access rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged.") }), + zodValidationSchema: z.object({ "requestBody": z.object({ "rule_id": z.string().describe("UUID of the rule to patch"), "policy": z.object({ "services_and_application": z.union([z.object({ "domain": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of domains").optional(), "url": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of URLs").optional(), "address_range": z.object({ "ip_ranges": z.array(z.object({ "start_ip": z.string().ip({ version: "v4" }).describe("First IPv4 address of the range (inclusive)"), "end_ip": z.string().ip({ version: "v4" }).describe("Last IPv4 address of the range (inclusive)") })).max(200).describe("List of IPv4 ranges").optional(), "cidrs": z.array(z.object({ "cidr": z.string().describe("IPv4 CIDR block (e.g. '10.0.0.0/24')") })).max(200).describe("List of IPv4 CIDR blocks").optional() }).optional(), "genai_application": z.array(z.object({ "id": z.number().int().gt(0).describe("GenAI application ID"), "mode": z.union([z.enum(["all","selected_account"]).describe("Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."), z.null()]).describe("Account selection mode: 'all' or 'selected_account'").default("all"), "accounts": z.array(z.object({ "account_id": z.string().describe("Account identifier") }).describe("External-safe twin of Account.")).describe("List of selected accounts (used when mode='selected_account')").optional() })).describe("List of GenAI applications").optional(), "web_application": z.array(z.object({ "id": z.number().int().gt(0).describe("Web application ID"), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Selection mode: 'all' or 'selected'").default("all") })).describe("List of web applications").optional(), "category": z.array(z.object({ "category_id": z.union([z.literal(1), z.literal(3), z.literal(5), z.literal(7), z.literal(11), z.literal(12), z.literal(15), z.literal(32), z.literal(21), z.literal(24), z.literal(25), z.literal(0), z.literal(34), z.literal(35), z.literal(37), z.literal(39), z.literal(41), z.literal(42), z.literal(45), z.literal(47), z.literal(49), z.literal(51), z.literal(53), z.literal(54), z.literal(58), z.literal(59), z.literal(60), z.literal(68), z.literal(69), z.literal(71), z.literal(72), z.literal(74), z.literal(75), z.literal(76), z.literal(51000001), z.literal(51000002), z.literal(52000130), z.literal(50000032), z.literal(52000132), z.literal(60517663), z.literal(60530541), z.literal(60530542), z.literal(60530648), z.literal(31), z.literal(55), z.literal(65), z.literal(66), z.literal(67), z.literal(77), z.literal(51000003), z.literal(51000004), z.literal(51000005), z.literal(52000038), z.literal(60530540), z.literal(9), z.literal(13), z.literal(14), z.literal(17), z.literal(18), z.literal(26), z.literal(33), z.literal(56), z.literal(61), z.literal(62), z.literal(70), z.literal(73), z.literal(78), z.literal(30), z.literal(52000047), z.literal(52000058), z.literal(52000069), z.literal(50000086), z.literal(23), z.literal(52000136), z.literal(52000046), z.literal(52000051), z.literal(60531762)]).describe("URLF Category enumeration with display names as keys and category IDs as values.") })).describe("List of URLF categories").optional(), "mode": z.union([z.enum(["selected","all"]).describe("Selection mode enumeration."), z.null()]).describe("Whether to apply to all services and applications or to only selected ones").optional() }), z.null()]).describe("Services and application configuration").optional(), "action": z.union([z.enum(["block","allow","ask"]), z.null()]).describe("Action to take for access control").optional(), "logging": z.union([z.enum(["enabled","disabled"]).describe("Logging status enumeration."), z.null()]).describe("Whether logging is enabled").optional(), "download_file_protection": z.union([z.enum(["na","Block","Allow","EmulateInBackground","WaitForEmulation","Detect","Extract"]), z.null()]).describe("File download protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules.").optional(), "upload_file_protection": z.union([z.enum(["na","Block","Allow","EmulateInBackground","WaitForEmulation","Detect"]), z.null()]).describe("File upload protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules.").optional() }) }).describe("Partially update an Access rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged.") }), }, ], @@ -6373,6 +7222,41 @@ export const toolDefinitionMap: Map = new Map([ } ] }, + "clickfix": { + "anyOf": [ + { + "type": "string", + "enum": [ + "detect", + "prevent", + "ask", + "off" + ], + "title": "ThreatPreventionAction", + "description": "Actions for threat prevention features." + }, + { + "type": "null" + } + ] + }, + "incognito": { + "anyOf": [ + { + "type": "string", + "enum": [ + "block", + "allow", + "ignore" + ], + "title": "IncognitoAction", + "description": "Actions for incognito mode control." + }, + { + "type": "null" + } + ] + }, "safe_search": { "anyOf": [ { @@ -6480,6 +7364,173 @@ export const toolDefinitionMap: Map = new Map([ "type": "array", "title": "Protected Domains", "description": "List of protected domains" + }, + "url_exclusions": { + "items": { + "properties": { + "url": { + "type": "string", + "format": "uri", + "title": "Url", + "description": "Valid URL" + } + }, + "type": "object", + "required": [ + "url" + ], + "title": "URLItem" + }, + "type": "array", + "title": "Url Exclusions", + "description": "List of excluded URLs" + }, + "protected_urls": { + "items": { + "properties": { + "url": { + "type": "string", + "format": "uri", + "title": "Url", + "description": "Valid URL" + } + }, + "type": "object", + "required": [ + "url" + ], + "title": "URLItem" + }, + "type": "array", + "title": "Protected Urls", + "description": "List of protected URLs" + }, + "address_range_exclusions": { + "properties": { + "ip_ranges": { + "items": { + "properties": { + "start_ip": { + "type": "string", + "format": "ipv4", + "title": "Start Ip", + "description": "First IPv4 address of the range (inclusive)" + }, + "end_ip": { + "type": "string", + "format": "ipv4", + "title": "End Ip", + "description": "Last IPv4 address of the range (inclusive)" + } + }, + "type": "object", + "required": [ + "start_ip", + "end_ip" + ], + "title": "IPRangeItem" + }, + "type": "array", + "maxItems": 200, + "title": "Ip Ranges", + "description": "List of IPv4 ranges" + }, + "cidrs": { + "items": { + "properties": { + "cidr": { + "type": "string", + "format": "cidr", + "title": "Cidr", + "description": "IPv4 CIDR block (e.g. '10.0.0.0/24')" + } + }, + "type": "object", + "required": [ + "cidr" + ], + "title": "CIDRItem" + }, + "type": "array", + "maxItems": 200, + "title": "Cidrs", + "description": "List of IPv4 CIDR blocks" + } + }, + "type": "object", + "title": "AddressRange" + }, + "protected_address_range": { + "properties": { + "ip_ranges": { + "items": { + "properties": { + "start_ip": { + "type": "string", + "format": "ipv4", + "title": "Start Ip", + "description": "First IPv4 address of the range (inclusive)" + }, + "end_ip": { + "type": "string", + "format": "ipv4", + "title": "End Ip", + "description": "Last IPv4 address of the range (inclusive)" + } + }, + "type": "object", + "required": [ + "start_ip", + "end_ip" + ], + "title": "IPRangeItem" + }, + "type": "array", + "maxItems": 200, + "title": "Ip Ranges", + "description": "List of IPv4 ranges" + }, + "cidrs": { + "items": { + "properties": { + "cidr": { + "type": "string", + "format": "cidr", + "title": "Cidr", + "description": "IPv4 CIDR block (e.g. '10.0.0.0/24')" + } + }, + "type": "object", + "required": [ + "cidr" + ], + "title": "CIDRItem" + }, + "type": "array", + "maxItems": 200, + "title": "Cidrs", + "description": "List of IPv4 CIDR blocks" + } + }, + "type": "object", + "title": "AddressRange" + }, + "logging": { + "anyOf": [ + { + "type": "string", + "enum": [ + "enabled", + "disabled" + ], + "title": "LoggingStatus", + "description": "Logging status enumeration." + }, + { + "type": "null" + } + ], + "description": "Whether logging is enabled" } }, "type": "object", @@ -6504,7 +7555,7 @@ export const toolDefinitionMap: Map = new Map([ executionParameters: [], requestBodyContentType: 'application/json', securityRequirements: [{"HTTPBearer":[]}], - zodValidationSchema: z.object({ "requestBody": z.object({ "rule_id": z.string().describe("UUID of the rule to update"), "policy": z.object({ "password_reuse": z.union([z.enum(["detect","prevent","ask","off"]).describe("Actions for threat prevention features."), z.null()]).optional(), "zero_phishing": z.union([z.enum(["detect","prevent","ask","off"]).describe("Actions for threat prevention features."), z.null()]).optional(), "safe_search": z.union([z.enum(["on","off"]).describe("Simple on/off toggle."), z.null()]).optional(), "search_reputation": z.union([z.enum(["on","off"]).describe("Simple on/off toggle."), z.null()]).optional(), "domain_exclusions": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of excluded domains").optional(), "protected_domains": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of protected domains").optional() }) }).describe("Replace the entire Secure Browsing policy of a rule (full overwrite).") }), + zodValidationSchema: z.object({ "requestBody": z.object({ "rule_id": z.string().describe("UUID of the rule to update"), "policy": z.object({ "password_reuse": z.union([z.enum(["detect","prevent","ask","off"]).describe("Actions for threat prevention features."), z.null()]).optional(), "zero_phishing": z.union([z.enum(["detect","prevent","ask","off"]).describe("Actions for threat prevention features."), z.null()]).optional(), "clickfix": z.union([z.enum(["detect","prevent","ask","off"]).describe("Actions for threat prevention features."), z.null()]).optional(), "incognito": z.union([z.enum(["block","allow","ignore"]).describe("Actions for incognito mode control."), z.null()]).optional(), "safe_search": z.union([z.enum(["on","off"]).describe("Simple on/off toggle."), z.null()]).optional(), "search_reputation": z.union([z.enum(["on","off"]).describe("Simple on/off toggle."), z.null()]).optional(), "domain_exclusions": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of excluded domains").optional(), "protected_domains": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of protected domains").optional(), "url_exclusions": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of excluded URLs").optional(), "protected_urls": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of protected URLs").optional(), "address_range_exclusions": z.object({ "ip_ranges": z.array(z.object({ "start_ip": z.string().ip({ version: "v4" }).describe("First IPv4 address of the range (inclusive)"), "end_ip": z.string().ip({ version: "v4" }).describe("Last IPv4 address of the range (inclusive)") })).max(200).describe("List of IPv4 ranges").optional(), "cidrs": z.array(z.object({ "cidr": z.string().describe("IPv4 CIDR block (e.g. '10.0.0.0/24')") })).max(200).describe("List of IPv4 CIDR blocks").optional() }).optional(), "protected_address_range": z.object({ "ip_ranges": z.array(z.object({ "start_ip": z.string().ip({ version: "v4" }).describe("First IPv4 address of the range (inclusive)"), "end_ip": z.string().ip({ version: "v4" }).describe("Last IPv4 address of the range (inclusive)") })).max(200).describe("List of IPv4 ranges").optional(), "cidrs": z.array(z.object({ "cidr": z.string().describe("IPv4 CIDR block (e.g. '10.0.0.0/24')") })).max(200).describe("List of IPv4 CIDR blocks").optional() }).optional(), "logging": z.union([z.enum(["enabled","disabled"]).describe("Logging status enumeration."), z.null()]).describe("Whether logging is enabled").optional() }) }).describe("Replace the entire Secure Browsing policy of a rule (full overwrite).") }), }, ], @@ -6561,6 +7612,41 @@ export const toolDefinitionMap: Map = new Map([ } ] }, + "clickfix": { + "anyOf": [ + { + "type": "string", + "enum": [ + "detect", + "prevent", + "ask", + "off" + ], + "title": "ThreatPreventionAction", + "description": "Actions for threat prevention features." + }, + { + "type": "null" + } + ] + }, + "incognito": { + "anyOf": [ + { + "type": "string", + "enum": [ + "block", + "allow", + "ignore" + ], + "title": "IncognitoAction", + "description": "Actions for incognito mode control." + }, + { + "type": "null" + } + ] + }, "safe_search": { "anyOf": [ { @@ -6668,6 +7754,173 @@ export const toolDefinitionMap: Map = new Map([ "type": "array", "title": "Protected Domains", "description": "List of protected domains" + }, + "url_exclusions": { + "items": { + "properties": { + "url": { + "type": "string", + "format": "uri", + "title": "Url", + "description": "Valid URL" + } + }, + "type": "object", + "required": [ + "url" + ], + "title": "URLItem" + }, + "type": "array", + "title": "Url Exclusions", + "description": "List of excluded URLs" + }, + "protected_urls": { + "items": { + "properties": { + "url": { + "type": "string", + "format": "uri", + "title": "Url", + "description": "Valid URL" + } + }, + "type": "object", + "required": [ + "url" + ], + "title": "URLItem" + }, + "type": "array", + "title": "Protected Urls", + "description": "List of protected URLs" + }, + "address_range_exclusions": { + "properties": { + "ip_ranges": { + "items": { + "properties": { + "start_ip": { + "type": "string", + "format": "ipv4", + "title": "Start Ip", + "description": "First IPv4 address of the range (inclusive)" + }, + "end_ip": { + "type": "string", + "format": "ipv4", + "title": "End Ip", + "description": "Last IPv4 address of the range (inclusive)" + } + }, + "type": "object", + "required": [ + "start_ip", + "end_ip" + ], + "title": "IPRangeItem" + }, + "type": "array", + "maxItems": 200, + "title": "Ip Ranges", + "description": "List of IPv4 ranges" + }, + "cidrs": { + "items": { + "properties": { + "cidr": { + "type": "string", + "format": "cidr", + "title": "Cidr", + "description": "IPv4 CIDR block (e.g. '10.0.0.0/24')" + } + }, + "type": "object", + "required": [ + "cidr" + ], + "title": "CIDRItem" + }, + "type": "array", + "maxItems": 200, + "title": "Cidrs", + "description": "List of IPv4 CIDR blocks" + } + }, + "type": "object", + "title": "AddressRange" + }, + "protected_address_range": { + "properties": { + "ip_ranges": { + "items": { + "properties": { + "start_ip": { + "type": "string", + "format": "ipv4", + "title": "Start Ip", + "description": "First IPv4 address of the range (inclusive)" + }, + "end_ip": { + "type": "string", + "format": "ipv4", + "title": "End Ip", + "description": "Last IPv4 address of the range (inclusive)" + } + }, + "type": "object", + "required": [ + "start_ip", + "end_ip" + ], + "title": "IPRangeItem" + }, + "type": "array", + "maxItems": 200, + "title": "Ip Ranges", + "description": "List of IPv4 ranges" + }, + "cidrs": { + "items": { + "properties": { + "cidr": { + "type": "string", + "format": "cidr", + "title": "Cidr", + "description": "IPv4 CIDR block (e.g. '10.0.0.0/24')" + } + }, + "type": "object", + "required": [ + "cidr" + ], + "title": "CIDRItem" + }, + "type": "array", + "maxItems": 200, + "title": "Cidrs", + "description": "List of IPv4 CIDR blocks" + } + }, + "type": "object", + "title": "AddressRange" + }, + "logging": { + "anyOf": [ + { + "type": "string", + "enum": [ + "enabled", + "disabled" + ], + "title": "LoggingStatus", + "description": "Logging status enumeration." + }, + { + "type": "null" + } + ], + "description": "Whether logging is enabled" } }, "type": "object", @@ -6692,7 +7945,7 @@ export const toolDefinitionMap: Map = new Map([ executionParameters: [], requestBodyContentType: 'application/json', securityRequirements: [{"HTTPBearer":[]}], - zodValidationSchema: z.object({ "requestBody": z.object({ "rule_id": z.string().describe("UUID of the rule to patch"), "policy": z.object({ "password_reuse": z.union([z.enum(["detect","prevent","ask","off"]).describe("Actions for threat prevention features."), z.null()]).optional(), "zero_phishing": z.union([z.enum(["detect","prevent","ask","off"]).describe("Actions for threat prevention features."), z.null()]).optional(), "safe_search": z.union([z.enum(["on","off"]).describe("Simple on/off toggle."), z.null()]).optional(), "search_reputation": z.union([z.enum(["on","off"]).describe("Simple on/off toggle."), z.null()]).optional(), "domain_exclusions": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of excluded domains").optional(), "protected_domains": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of protected domains").optional() }) }).describe("Partially update a Secure Browsing rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged.") }), + zodValidationSchema: z.object({ "requestBody": z.object({ "rule_id": z.string().describe("UUID of the rule to patch"), "policy": z.object({ "password_reuse": z.union([z.enum(["detect","prevent","ask","off"]).describe("Actions for threat prevention features."), z.null()]).optional(), "zero_phishing": z.union([z.enum(["detect","prevent","ask","off"]).describe("Actions for threat prevention features."), z.null()]).optional(), "clickfix": z.union([z.enum(["detect","prevent","ask","off"]).describe("Actions for threat prevention features."), z.null()]).optional(), "incognito": z.union([z.enum(["block","allow","ignore"]).describe("Actions for incognito mode control."), z.null()]).optional(), "safe_search": z.union([z.enum(["on","off"]).describe("Simple on/off toggle."), z.null()]).optional(), "search_reputation": z.union([z.enum(["on","off"]).describe("Simple on/off toggle."), z.null()]).optional(), "domain_exclusions": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of excluded domains").optional(), "protected_domains": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).describe("List of protected domains").optional(), "url_exclusions": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of excluded URLs").optional(), "protected_urls": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).describe("List of protected URLs").optional(), "address_range_exclusions": z.object({ "ip_ranges": z.array(z.object({ "start_ip": z.string().ip({ version: "v4" }).describe("First IPv4 address of the range (inclusive)"), "end_ip": z.string().ip({ version: "v4" }).describe("Last IPv4 address of the range (inclusive)") })).max(200).describe("List of IPv4 ranges").optional(), "cidrs": z.array(z.object({ "cidr": z.string().describe("IPv4 CIDR block (e.g. '10.0.0.0/24')") })).max(200).describe("List of IPv4 CIDR blocks").optional() }).optional(), "protected_address_range": z.object({ "ip_ranges": z.array(z.object({ "start_ip": z.string().ip({ version: "v4" }).describe("First IPv4 address of the range (inclusive)"), "end_ip": z.string().ip({ version: "v4" }).describe("Last IPv4 address of the range (inclusive)") })).max(200).describe("List of IPv4 ranges").optional(), "cidrs": z.array(z.object({ "cidr": z.string().describe("IPv4 CIDR block (e.g. '10.0.0.0/24')") })).max(200).describe("List of IPv4 CIDR blocks").optional() }).optional(), "logging": z.union([z.enum(["enabled","disabled"]).describe("Logging status enumeration."), z.null()]).describe("Whether logging is enabled").optional() }) }).describe("Partially update a Secure Browsing rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged.") }), }, ], @@ -6796,7 +8049,9 @@ Supported features per rule type: "FILE_EMULATION", "PROTECTED_DOMAINS", "DOMAIN_SERVICES", - "EXCLUDE_DOMAINS" + "EXCLUDE_DOMAINS", + "USE_PAC", + "CUSTOM_AI_APPS" ], "title": "ObjectFeature", "description": "Object feature type. Allowed per rule type: DOMAIN_SERVICES (Chats, AI Access), FILE_EMULATION (AI Access), PROTECTED_DOMAINS (Secure Browsing), EXCLUDE_DOMAINS (Secure Browsing)" @@ -6820,7 +8075,7 @@ Supported features per rule type: executionParameters: [{"name":"rule_id","in":"query"},{"name":"feature","in":"query"},{"name":"object_ids","in":"query"}], requestBodyContentType: undefined, securityRequirements: [{"HTTPBearer":[]}], - zodValidationSchema: z.object({ "rule_id": z.string().describe("UUID of the rule to update"), "feature": z.enum(["FILE_EMULATION","PROTECTED_DOMAINS","DOMAIN_SERVICES","EXCLUDE_DOMAINS"]).describe("Object feature type. Allowed per rule type: DOMAIN_SERVICES (Chats, AI Access), FILE_EMULATION (AI Access), PROTECTED_DOMAINS (Secure Browsing), EXCLUDE_DOMAINS (Secure Browsing)"), "object_ids": z.array(z.string()).describe("Object UUIDs to attach. Pass empty list to clear all objects for this feature.").optional() }), + zodValidationSchema: z.object({ "rule_id": z.string().describe("UUID of the rule to update"), "feature": z.enum(["FILE_EMULATION","PROTECTED_DOMAINS","DOMAIN_SERVICES","EXCLUDE_DOMAINS","USE_PAC","CUSTOM_AI_APPS"]).describe("Object feature type. Allowed per rule type: DOMAIN_SERVICES (Chats, AI Access), FILE_EMULATION (AI Access), PROTECTED_DOMAINS (Secure Browsing), EXCLUDE_DOMAINS (Secure Browsing)"), "object_ids": z.array(z.string()).describe("Object UUIDs to attach. Pass empty list to clear all objects for this feature.").optional() }), }, ], @@ -7821,6 +9076,82 @@ Supported features per rule type: "maxItems": 200, "title": "Domains", "description": "List of domains" + }, + "urls": { + "items": { + "properties": { + "url": { + "type": "string", + "format": "uri", + "title": "Url", + "description": "Valid URL" + } + }, + "type": "object", + "required": [ + "url" + ], + "title": "URLItem" + }, + "type": "array", + "maxItems": 200, + "title": "Urls", + "description": "List of URLs" + }, + "address_range": { + "properties": { + "ip_ranges": { + "items": { + "properties": { + "start_ip": { + "type": "string", + "format": "ipv4", + "title": "Start Ip", + "description": "First IPv4 address of the range (inclusive)" + }, + "end_ip": { + "type": "string", + "format": "ipv4", + "title": "End Ip", + "description": "Last IPv4 address of the range (inclusive)" + } + }, + "type": "object", + "required": [ + "start_ip", + "end_ip" + ], + "title": "IPRangeItem" + }, + "type": "array", + "maxItems": 200, + "title": "Ip Ranges", + "description": "List of IPv4 ranges" + }, + "cidrs": { + "items": { + "properties": { + "cidr": { + "type": "string", + "format": "cidr", + "title": "Cidr", + "description": "IPv4 CIDR block (e.g. '10.0.0.0/24')" + } + }, + "type": "object", + "required": [ + "cidr" + ], + "title": "CIDRItem" + }, + "type": "array", + "maxItems": 200, + "title": "Cidrs", + "description": "List of IPv4 CIDR blocks" + } + }, + "type": "object", + "title": "AddressRange" } }, "type": "object", @@ -7851,7 +9182,7 @@ Supported features per rule type: executionParameters: [], requestBodyContentType: 'application/json', securityRequirements: [{"HTTPBearer":[]}], - zodValidationSchema: z.object({ "requestBody": z.object({ "object_id": z.string().uuid().describe("ID of the object to update"), "name": z.union([z.string().min(1).max(255), z.null()]).describe("New display name").optional(), "description": z.union([z.string(), z.null()]).describe("New description").optional(), "object_data": z.union([z.object({ "domains": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).max(200).describe("List of domains").optional() }).describe("External-safe twin of DomainsObject."), z.null()]).describe("New domain list; replaces the existing list entirely").optional() }).describe("Update an existing domains object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing domain list entirely.") }), + zodValidationSchema: z.object({ "requestBody": z.object({ "object_id": z.string().uuid().describe("ID of the object to update"), "name": z.union([z.string().min(1).max(255), z.null()]).describe("New display name").optional(), "description": z.union([z.string(), z.null()]).describe("New description").optional(), "object_data": z.union([z.object({ "domains": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).max(200).describe("List of domains").optional(), "urls": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).max(200).describe("List of URLs").optional(), "address_range": z.object({ "ip_ranges": z.array(z.object({ "start_ip": z.string().ip({ version: "v4" }).describe("First IPv4 address of the range (inclusive)"), "end_ip": z.string().ip({ version: "v4" }).describe("Last IPv4 address of the range (inclusive)") })).max(200).describe("List of IPv4 ranges").optional(), "cidrs": z.array(z.object({ "cidr": z.string().describe("IPv4 CIDR block (e.g. '10.0.0.0/24')") })).max(200).describe("List of IPv4 CIDR blocks").optional() }).optional() }).describe("External-safe twin of DomainsObject."), z.null()]).describe("New domain list; replaces the existing list entirely").optional() }).describe("Update an existing domains object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing domain list entirely.") }), }, ], @@ -7925,6 +9256,82 @@ Supported features per rule type: "maxItems": 200, "title": "Domains", "description": "List of domains" + }, + "urls": { + "items": { + "properties": { + "url": { + "type": "string", + "format": "uri", + "title": "Url", + "description": "Valid URL" + } + }, + "type": "object", + "required": [ + "url" + ], + "title": "URLItem" + }, + "type": "array", + "maxItems": 200, + "title": "Urls", + "description": "List of URLs" + }, + "address_range": { + "properties": { + "ip_ranges": { + "items": { + "properties": { + "start_ip": { + "type": "string", + "format": "ipv4", + "title": "Start Ip", + "description": "First IPv4 address of the range (inclusive)" + }, + "end_ip": { + "type": "string", + "format": "ipv4", + "title": "End Ip", + "description": "Last IPv4 address of the range (inclusive)" + } + }, + "type": "object", + "required": [ + "start_ip", + "end_ip" + ], + "title": "IPRangeItem" + }, + "type": "array", + "maxItems": 200, + "title": "Ip Ranges", + "description": "List of IPv4 ranges" + }, + "cidrs": { + "items": { + "properties": { + "cidr": { + "type": "string", + "format": "cidr", + "title": "Cidr", + "description": "IPv4 CIDR block (e.g. '10.0.0.0/24')" + } + }, + "type": "object", + "required": [ + "cidr" + ], + "title": "CIDRItem" + }, + "type": "array", + "maxItems": 200, + "title": "Cidrs", + "description": "List of IPv4 CIDR blocks" + } + }, + "type": "object", + "title": "AddressRange" } }, "type": "object", @@ -7950,7 +9357,7 @@ Supported features per rule type: executionParameters: [], requestBodyContentType: 'application/json', securityRequirements: [{"HTTPBearer":[]}], - zodValidationSchema: z.object({ "requestBody": z.object({ "name": z.string().min(1).max(255).describe("Display name for the object"), "description": z.union([z.string(), z.null()]).describe("Explanation of what this object is used for").default(""), "object_data": z.object({ "domains": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).max(200).describe("List of domains").optional() }).describe("External-safe twin of DomainsObject.") }).describe("Create a new domains object.\n\nDomains objects contain a list of domain entries used for domain-based\nfiltering in rules (e.g. protected domains, excluded domains, service domains).") }), + zodValidationSchema: z.object({ "requestBody": z.object({ "name": z.string().min(1).max(255).describe("Display name for the object"), "description": z.union([z.string(), z.null()]).describe("Explanation of what this object is used for").default(""), "object_data": z.object({ "domains": z.array(z.object({ "domain": z.string().describe("Valid domain name or IPv4 address"), "match_mode": z.union([z.enum(["exact_host","any_subdomain"]).describe("Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."), z.null()]).describe("Match mode for domain matching (exact_host or any_subdomain)").default("exact_host") })).max(200).describe("List of domains").optional(), "urls": z.array(z.object({ "url": z.string().url().describe("Valid URL") })).max(200).describe("List of URLs").optional(), "address_range": z.object({ "ip_ranges": z.array(z.object({ "start_ip": z.string().ip({ version: "v4" }).describe("First IPv4 address of the range (inclusive)"), "end_ip": z.string().ip({ version: "v4" }).describe("Last IPv4 address of the range (inclusive)") })).max(200).describe("List of IPv4 ranges").optional(), "cidrs": z.array(z.object({ "cidr": z.string().describe("IPv4 CIDR block (e.g. '10.0.0.0/24')") })).max(200).describe("List of IPv4 CIDR blocks").optional() }).optional() }).describe("External-safe twin of DomainsObject.") }).describe("Create a new domains object.\n\nDomains objects contain a list of domain entries used for domain-based\nfiltering in rules (e.g. protected domains, excluded domains, service domains).") }), }, ], @@ -8111,8 +9518,8 @@ Policy type name mapping (UI name → API value): - 'Secure Browsing' → POLICY_TYPE_THREAT_PREVENTION Required params per policy_type: -- POLICY_TYPE_DLP (Chats): user_id, tag, dlp_event_type, dlp_data_type_ids, and ONE of domain/url/genai_app_id/category_id -- POLICY_TYPE_ACCESS: user_id, tag, and ONE of domain/url/genai_app_id/category_id +- POLICY_TYPE_DLP (Chats): user_id, tag, dlp_event_type, dlp_data_type_ids, and ONE of domain/url/genai_app_id/category_id. genai_app_account_id is optional (DLP only). +- POLICY_TYPE_ACCESS: user_id, tag, and ONE of domain/url/genai_app_id/category_id. NOTE: genai_app_account_id is NOT supported for Access. - POLICY_TYPE_MCP_SERVER (Agents): user_id, and optionally mcp_client_name_id/mcp_server_type/mcp_server_identifier/mcp_tool_name/mcp_operation - POLICY_TYPE_PAAS: environment_id only (no user_id) - POLICY_TYPE_THREAT_PREVENTION (Secure Browsing): user_id only @@ -8168,6 +9575,7 @@ Returns the matched rule's ID, name, and priority order, or null if no rule matc { "type": "string", "enum": [ + "any", "file_upload", "file_download", "paste", @@ -8180,7 +9588,7 @@ Returns the matched rule's ID, name, and priority order, or null if no rule matc "type": "null" } ], - "description": "DLP event type. Required for POLICY_TYPE_DLP. Values: file_upload, file_download, paste, prompt, copy.", + "description": "DLP event type. Required for POLICY_TYPE_DLP. Concrete values only: file_upload, file_download, paste, prompt, copy. 'any' is rule-side only and is rejected for simulation targets.", "title": "Dlp Event Type" }, "dlp_data_type_ids": { @@ -8243,7 +9651,7 @@ Returns the matched rule's ID, name, and priority order, or null if no rule matc "type": "null" } ], - "description": "Account/org ID within the GenAI app. Optional, only used together with genai_app_id.", + "description": "Account/org ID within the GenAI app. Optional, only used together with genai_app_id. DLP only — not supported for Access policies.", "title": "Genai App Account Id" }, "category_id": { @@ -8374,7 +9782,7 @@ Returns the matched rule's ID, name, and priority order, or null if no rule matc executionParameters: [{"name":"policy_type","in":"query"},{"name":"user_id","in":"query"},{"name":"tag","in":"query"},{"name":"dlp_event_type","in":"query"},{"name":"dlp_data_type_ids","in":"query"},{"name":"domain","in":"query"},{"name":"url","in":"query"},{"name":"genai_app_id","in":"query"},{"name":"genai_app_account_id","in":"query"},{"name":"category_id","in":"query"},{"name":"environment_id","in":"query"},{"name":"mcp_client_name_id","in":"query"},{"name":"mcp_client_os","in":"query"},{"name":"mcp_server_type","in":"query"},{"name":"mcp_server_identifier","in":"query"},{"name":"mcp_tool_name","in":"query"},{"name":"mcp_operation","in":"query"}], requestBodyContentType: undefined, securityRequirements: [{"HTTPBearer":[]}], - zodValidationSchema: z.object({ "policy_type": z.enum(["POLICY_TYPE_DLP","POLICY_TYPE_ACCESS","POLICY_TYPE_MCP_SERVER","POLICY_TYPE_PAAS","POLICY_TYPE_THREAT_PREVENTION"]).describe("Policy type to resolve. Allowed: POLICY_TYPE_DLP (also known as 'Chats' in AI Security UI), POLICY_TYPE_ACCESS (also known as 'AI Access' or 'Web Access'), POLICY_TYPE_MCP_SERVER (also known as 'Agents'), POLICY_TYPE_PAAS (PaaS environment rules), POLICY_TYPE_THREAT_PREVENTION (also known as 'Secure Browsing')"), "user_id": z.union([z.string(), z.null()]).describe("User ID to simulate. Required for all types except POLICY_TYPE_PAAS.").optional(), "tag": z.union([z.enum(["genai","browsing","general"]), z.null()]).describe("Rule tag context. Required for DLP and ACCESS: 'genai' for AI Security rules, 'browsing' for Browse Security rules. Auto-set for other types.").optional(), "dlp_event_type": z.union([z.enum(["file_upload","file_download","paste","prompt","copy"]), z.null()]).describe("DLP event type. Required for POLICY_TYPE_DLP. Values: file_upload, file_download, paste, prompt, copy.").optional(), "dlp_data_type_ids": z.union([z.array(z.string()), z.null()]).describe("Data type UUIDs the text violates. Required for POLICY_TYPE_DLP. Pass empty list for 'any text' (no DLP violations). Pass multiple values for multiple IDs.").optional(), "domain": z.union([z.string(), z.null()]).describe("Domain name or IPv4 address. Used by DLP and ACCESS — provide exactly one of domain/url/genai_app_id/category_id.").optional(), "url": z.union([z.string(), z.null()]).describe("Full URL. Used by DLP and ACCESS — provide exactly one of domain/url/genai_app_id/category_id.").optional(), "genai_app_id": z.union([z.number().int(), z.null()]).describe("GenAI application ID. Used by DLP and ACCESS — provide exactly one of domain/url/genai_app_id/category_id.").optional(), "genai_app_account_id": z.union([z.string(), z.null()]).describe("Account/org ID within the GenAI app. Optional, only used together with genai_app_id.").optional(), "category_id": z.union([z.number().int(), z.null()]).describe("URLF category ID (integer). Used by DLP and ACCESS — provide exactly one of domain/url/genai_app_id/category_id.").optional(), "environment_id": z.union([z.string(), z.null()]).describe("PaaS environment identifier. Required for POLICY_TYPE_PAAS.").optional(), "mcp_client_name_id": z.union([z.enum(["claude_desktop","vscode","cursor","windsurf","zed","perplexity","antigravity","jetbrains","roo","cline","docker_desktop"]).describe("MCP Client name identifier enumeration."), z.null()]).describe("MCP client name identifier. Optional for POLICY_TYPE_MCP_SERVER.").optional(), "mcp_client_os": z.union([z.enum(["windows","macos","all"]).describe("Operating system enumeration."), z.null()]).describe("Operating system filter for MCP client. Optional, used with mcp_client_name_id.").optional(), "mcp_server_type": z.union([z.string(), z.null()]).describe("MCP server type (e.g. node_server, remote_server). Optional for POLICY_TYPE_MCP_SERVER.").optional(), "mcp_server_identifier": z.union([z.string(), z.null()]).describe("MCP server identifier (package/module/URL/domain/image). Optional for POLICY_TYPE_MCP_SERVER.").optional(), "mcp_tool_name": z.union([z.string(), z.null()]).describe("Tool name to simulate. Optional for POLICY_TYPE_MCP_SERVER.").optional(), "mcp_operation": z.union([z.string(), z.null()]).describe("CRUD operation (CREATE/READ/UPDATE/DELETE/OTHER). Optional for POLICY_TYPE_MCP_SERVER.").optional() }), + zodValidationSchema: z.object({ "policy_type": z.enum(["POLICY_TYPE_DLP","POLICY_TYPE_ACCESS","POLICY_TYPE_MCP_SERVER","POLICY_TYPE_PAAS","POLICY_TYPE_THREAT_PREVENTION"]).describe("Policy type to resolve. Allowed: POLICY_TYPE_DLP (also known as 'Chats' in AI Security UI), POLICY_TYPE_ACCESS (also known as 'AI Access' or 'Web Access'), POLICY_TYPE_MCP_SERVER (also known as 'Agents'), POLICY_TYPE_PAAS (PaaS environment rules), POLICY_TYPE_THREAT_PREVENTION (also known as 'Secure Browsing')"), "user_id": z.union([z.string(), z.null()]).describe("User ID to simulate. Required for all types except POLICY_TYPE_PAAS.").optional(), "tag": z.union([z.enum(["genai","browsing","general"]), z.null()]).describe("Rule tag context. Required for DLP and ACCESS: 'genai' for AI Security rules, 'browsing' for Browse Security rules. Auto-set for other types.").optional(), "dlp_event_type": z.union([z.enum(["any","file_upload","file_download","paste","prompt","copy"]), z.null()]).describe("DLP event type. Required for POLICY_TYPE_DLP. Concrete values only: file_upload, file_download, paste, prompt, copy. 'any' is rule-side only and is rejected for simulation targets.").optional(), "dlp_data_type_ids": z.union([z.array(z.string()), z.null()]).describe("Data type UUIDs the text violates. Required for POLICY_TYPE_DLP. Pass empty list for 'any text' (no DLP violations). Pass multiple values for multiple IDs.").optional(), "domain": z.union([z.string(), z.null()]).describe("Domain name or IPv4 address. Used by DLP and ACCESS — provide exactly one of domain/url/genai_app_id/category_id.").optional(), "url": z.union([z.string(), z.null()]).describe("Full URL. Used by DLP and ACCESS — provide exactly one of domain/url/genai_app_id/category_id.").optional(), "genai_app_id": z.union([z.number().int(), z.null()]).describe("GenAI application ID. Used by DLP and ACCESS — provide exactly one of domain/url/genai_app_id/category_id.").optional(), "genai_app_account_id": z.union([z.string(), z.null()]).describe("Account/org ID within the GenAI app. Optional, only used together with genai_app_id. DLP only — not supported for Access policies.").optional(), "category_id": z.union([z.number().int(), z.null()]).describe("URLF category ID (integer). Used by DLP and ACCESS — provide exactly one of domain/url/genai_app_id/category_id.").optional(), "environment_id": z.union([z.string(), z.null()]).describe("PaaS environment identifier. Required for POLICY_TYPE_PAAS.").optional(), "mcp_client_name_id": z.union([z.enum(["claude_desktop","vscode","cursor","windsurf","zed","perplexity","antigravity","jetbrains","roo","cline","docker_desktop"]).describe("MCP Client name identifier enumeration."), z.null()]).describe("MCP client name identifier. Optional for POLICY_TYPE_MCP_SERVER.").optional(), "mcp_client_os": z.union([z.enum(["windows","macos","all"]).describe("Operating system enumeration."), z.null()]).describe("Operating system filter for MCP client. Optional, used with mcp_client_name_id.").optional(), "mcp_server_type": z.union([z.string(), z.null()]).describe("MCP server type (e.g. node_server, remote_server). Optional for POLICY_TYPE_MCP_SERVER.").optional(), "mcp_server_identifier": z.union([z.string(), z.null()]).describe("MCP server identifier (package/module/URL/domain/image). Optional for POLICY_TYPE_MCP_SERVER.").optional(), "mcp_tool_name": z.union([z.string(), z.null()]).describe("Tool name to simulate. Optional for POLICY_TYPE_MCP_SERVER.").optional(), "mcp_operation": z.union([z.string(), z.null()]).describe("CRUD operation (CREATE/READ/UPDATE/DELETE/OTHER). Optional for POLICY_TYPE_MCP_SERVER.").optional() }), }, ], @@ -8386,9 +9794,9 @@ Returns the matched rule's ID, name, and priority order, or null if no rule matc **Filtering:** Use filter_field, filter_operator, and filter_value as comma-separated lists (positionally matched). For multi-value operators (in, between) use filter_values with semicolons between filters and commas between values. -Available fields: device_name, device_sid, device_created_at, device_updated_at, user_name, user_display_name, user_samname, user_created_at, user_updated_at, last_connected, os, os_version, device_type, ip, installer_version, chrome_extension_version, firefox_extension_version, edge_extension_version, brave_extension_version, mcp_version, proxy_version. +Available fields: device_name, device_sid, device_state, device_uninstall_time, device_created_at, device_updated_at, user_name, user_display_name, user_samname, user_created_at, user_updated_at, last_connected, os, os_version, device_type, ip, installer_version, chrome_extension_version, firefox_extension_version, edge_extension_version, brave_extension_version, mcp_version, proxy_version. -Operators: equals, in, contains (text fields), gte, lte, between (date fields). +Operators: equals, not_equals, in, not_in, contains (text fields), gte, lte, between (date fields). Enum fields (device_state): equals, not_equals, in, not_in. Values: valid, deleted. Use not_equals / not_in to exclude specific values (e.g. filter_operator=not_in&filter_values=Windows,macOS). **Sorting:** Use sort_field and sort_order as comma-separated lists. @@ -8423,7 +9831,7 @@ Examples: "type": "null" } ], - "description": "Comma-separated field names to filter on. Options: device_name, device_sid, device_created_at, device_updated_at, user_name, user_display_name, user_samname, user_created_at, user_updated_at, last_connected, os, os_version, device_type, ip, installer_version, chrome_extension_version, firefox_extension_version, edge_extension_version, brave_extension_version, mcp_version, proxy_version", + "description": "Comma-separated field names to filter on. Options: device_name, device_sid, device_state, device_uninstall_time, device_created_at, device_updated_at, user_name, user_display_name, user_samname, user_created_at, user_updated_at, last_connected, os, os_version, device_type, ip, installer_version, chrome_extension_version, firefox_extension_version, edge_extension_version, brave_extension_version, mcp_version, proxy_version", "title": "Filter Field" }, "filter_operator": { @@ -8520,7 +9928,7 @@ Examples: executionParameters: [{"name":"search","in":"query"},{"name":"filter_field","in":"query"},{"name":"filter_operator","in":"query"},{"name":"filter_value","in":"query"},{"name":"filter_values","in":"query"},{"name":"sort_field","in":"query"},{"name":"sort_order","in":"query"},{"name":"joins","in":"query"},{"name":"limit","in":"query"},{"name":"offset","in":"query"}], requestBodyContentType: undefined, securityRequirements: [{"HTTPBearer":[]}], - zodValidationSchema: z.object({ "search": z.union([z.string(), z.null()]).describe("Free text search across device name and user name").optional(), "filter_field": z.union([z.string(), z.null()]).describe("Comma-separated field names to filter on. Options: device_name, device_sid, device_created_at, device_updated_at, user_name, user_display_name, user_samname, user_created_at, user_updated_at, last_connected, os, os_version, device_type, ip, installer_version, chrome_extension_version, firefox_extension_version, edge_extension_version, brave_extension_version, mcp_version, proxy_version").optional(), "filter_operator": z.union([z.string(), z.null()]).describe("Comma-separated operators, one per filter_field. Text fields: equals, in, contains. Date fields: gte, lte, between. Enum fields (os, device_type): equals, in.").optional(), "filter_value": z.union([z.string(), z.null()]).describe("Comma-separated single values, one per filter_field. Used with equals, contains, gte, lte operators.").optional(), "filter_values": z.union([z.string(), z.null()]).describe("Multi-value filters for 'in' and 'between' operators. Semicolon-separated per filter, comma-separated per value within. Example for two filters: 'windows,linux;2024-01-01,2024-12-31'").optional(), "sort_field": z.union([z.string(), z.null()]).describe("Comma-separated field names to sort by (same options as filter_field)").optional(), "sort_order": z.union([z.string(), z.null()]).describe("Comma-separated sort orders, one per sort_field. Options: asc, desc (default: desc)").optional(), "joins": z.union([z.string(), z.null()]).describe("Comma-separated domains to include in the response. Options: users, pings, deployment, policy, status, environment. Omit to return device info only.").optional(), "limit": z.number().int().gte(1).lte(1000).describe("Number of results per page (max 1000)").default(50), "offset": z.number().int().gte(0).describe("Number of results to skip for pagination").default(0) }), + zodValidationSchema: z.object({ "search": z.union([z.string(), z.null()]).describe("Free text search across device name and user name").optional(), "filter_field": z.union([z.string(), z.null()]).describe("Comma-separated field names to filter on. Options: device_name, device_sid, device_state, device_uninstall_time, device_created_at, device_updated_at, user_name, user_display_name, user_samname, user_created_at, user_updated_at, last_connected, os, os_version, device_type, ip, installer_version, chrome_extension_version, firefox_extension_version, edge_extension_version, brave_extension_version, mcp_version, proxy_version").optional(), "filter_operator": z.union([z.string(), z.null()]).describe("Comma-separated operators, one per filter_field. Text fields: equals, in, contains. Date fields: gte, lte, between. Enum fields (os, device_type): equals, in.").optional(), "filter_value": z.union([z.string(), z.null()]).describe("Comma-separated single values, one per filter_field. Used with equals, contains, gte, lte operators.").optional(), "filter_values": z.union([z.string(), z.null()]).describe("Multi-value filters for 'in' and 'between' operators. Semicolon-separated per filter, comma-separated per value within. Example for two filters: 'windows,linux;2024-01-01,2024-12-31'").optional(), "sort_field": z.union([z.string(), z.null()]).describe("Comma-separated field names to sort by (same options as filter_field)").optional(), "sort_order": z.union([z.string(), z.null()]).describe("Comma-separated sort orders, one per sort_field. Options: asc, desc (default: desc)").optional(), "joins": z.union([z.string(), z.null()]).describe("Comma-separated domains to include in the response. Options: users, pings, deployment, policy, status, environment. Omit to return device info only.").optional(), "limit": z.number().int().gte(1).lte(1000).describe("Number of results per page (max 1000)").default(50), "offset": z.number().int().gte(0).describe("Number of results to skip for pagination").default(0) }), }, ], @@ -8713,5 +10121,309 @@ Examples: securityRequirements: [{"HTTPBearer":[]}], zodValidationSchema: z.object({ "ids": z.string().describe("Comma-separated list of app IDs (e.g. '123,456,789'). Max 100 IDs.") }), }, + ], + + [ + 'get_discovered_applications', + { + name: 'get_discovered_applications', + description: `List the GenAI applications (e.g. ChatGPT, Claude, Gemini) that users in the tenant were seen using between from_date and to_date. For each app returns aggregated usage: total sessions, sessions with risk, distinct users, sensitive-content detections, use-case count, app type (Web/Desktop), and the catalog app id when known. Use this to inventory Shadow-AI application usage.`, + inputSchema: { + "type": "object", + "properties": { + "from_date": { + "type": "string", + "format": "date-time", + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z).", + "title": "From Date" + }, + "to_date": { + "type": "string", + "format": "date-time", + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).", + "title": "To Date" + } + }, + "required": [ + "from_date", + "to_date" + ] + }, + method: 'get', + pathTemplate: '/app/genai-protect-discovery/mcp/v1/discovery/applications', + executionParameters: [{"name":"from_date","in":"query"},{"name":"to_date","in":"query"}], + requestBodyContentType: undefined, + securityRequirements: [{"HTTPBearer":[]}], + zodValidationSchema: z.object({ "from_date": z.string().datetime({ offset: true }).describe("Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z)."), "to_date": z.string().datetime({ offset: true }).describe("End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).") }), + }, + ], + + [ + 'get_top_discovered_applications', + { + name: 'get_top_discovered_applications', + description: `Return the top_n GenAI applications by session count between from_date and to_date. Each entry includes a per-bucket session sparkline (the 'trends' array of {time_bucket, sessions}) and the change vs the previous equal-length period. Use this to see the most-used apps and whether usage is rising or falling.`, + inputSchema: { + "type": "object", + "properties": { + "from_date": { + "type": "string", + "format": "date-time", + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z).", + "title": "From Date" + }, + "to_date": { + "type": "string", + "format": "date-time", + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).", + "title": "To Date" + }, + "top_n": { + "type": "integer", + "maximum": 50, + "minimum": 1, + "description": "How many top applications to return.", + "default": 5, + "title": "Top N" + } + }, + "required": [ + "from_date", + "to_date" + ] + }, + method: 'get', + pathTemplate: '/app/genai-protect-discovery/mcp/v1/discovery/applications/top', + executionParameters: [{"name":"from_date","in":"query"},{"name":"to_date","in":"query"},{"name":"top_n","in":"query"}], + requestBodyContentType: undefined, + securityRequirements: [{"HTTPBearer":[]}], + zodValidationSchema: z.object({ "from_date": z.string().datetime({ offset: true }).describe("Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z)."), "to_date": z.string().datetime({ offset: true }).describe("End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z)."), "top_n": z.number().int().gte(1).lte(50).describe("How many top applications to return.").default(5) }), + }, + ], + + [ + 'get_agents_overview', + { + name: 'get_agents_overview', + description: `High-level summary of agentic (MCP) activity for the tenant between from_date and to_date: the number of active AI agents and the number of discovered MCP servers, each with the absolute and percentage change vs the previous period. Use this for a quick view of MCP adoption and its trend.`, + inputSchema: { + "type": "object", + "properties": { + "from_date": { + "type": "string", + "format": "date-time", + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z).", + "title": "From Date" + }, + "to_date": { + "type": "string", + "format": "date-time", + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).", + "title": "To Date" + } + }, + "required": [ + "from_date", + "to_date" + ] + }, + method: 'get', + pathTemplate: '/app/genai-protect-discovery/mcp/v1/discovery/agents/overview', + executionParameters: [{"name":"from_date","in":"query"},{"name":"to_date","in":"query"}], + requestBodyContentType: undefined, + securityRequirements: [{"HTTPBearer":[]}], + zodValidationSchema: z.object({ "from_date": z.string().datetime({ offset: true }).describe("Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z)."), "to_date": z.string().datetime({ offset: true }).describe("End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).") }), + }, + ], + + [ + 'get_agents_top_platforms', + { + name: 'get_agents_top_platforms', + description: `Return the top_n agent platforms (MCP hosts such as Claude Code or Cursor) by tool-invocation count between from_date and to_date. Each entry is a platform name and its total invocations. Platforms are identified by name only (no id).`, + inputSchema: { + "type": "object", + "properties": { + "from_date": { + "type": "string", + "format": "date-time", + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z).", + "title": "From Date" + }, + "to_date": { + "type": "string", + "format": "date-time", + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).", + "title": "To Date" + }, + "top_n": { + "type": "integer", + "maximum": 50, + "minimum": 1, + "description": "How many top platforms to return.", + "default": 5, + "title": "Top N" + } + }, + "required": [ + "from_date", + "to_date" + ] + }, + method: 'get', + pathTemplate: '/app/genai-protect-discovery/mcp/v1/discovery/agents/top-platforms', + executionParameters: [{"name":"from_date","in":"query"},{"name":"to_date","in":"query"},{"name":"top_n","in":"query"}], + requestBodyContentType: undefined, + securityRequirements: [{"HTTPBearer":[]}], + zodValidationSchema: z.object({ "from_date": z.string().datetime({ offset: true }).describe("Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z)."), "to_date": z.string().datetime({ offset: true }).describe("End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z)."), "top_n": z.number().int().gte(1).lte(50).describe("How many top platforms to return.").default(5) }), + }, + ], + + [ + 'get_active_mcp_servers', + { + name: 'get_active_mcp_servers', + description: `List MCP servers that were active (invoked at least once) between from_date and to_date. For each server returns its platform, server type and identifier, distinct users, capabilities, most-used tools, operation types (Create/Read/Update/Delete), invocation count, operating systems, tool count, and last-used time. A server's identity is the (server_type, server_identifier) pair.`, + inputSchema: { + "type": "object", + "properties": { + "from_date": { + "type": "string", + "format": "date-time", + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z).", + "title": "From Date" + }, + "to_date": { + "type": "string", + "format": "date-time", + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).", + "title": "To Date" + } + }, + "required": [ + "from_date", + "to_date" + ] + }, + method: 'get', + pathTemplate: '/app/genai-protect-discovery/mcp/v1/discovery/agents/active-servers', + executionParameters: [{"name":"from_date","in":"query"},{"name":"to_date","in":"query"}], + requestBodyContentType: undefined, + securityRequirements: [{"HTTPBearer":[]}], + zodValidationSchema: z.object({ "from_date": z.string().datetime({ offset: true }).describe("Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z)."), "to_date": z.string().datetime({ offset: true }).describe("End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).") }), + }, + ], + + [ + 'get_inactive_mcp_servers', + { + name: 'get_inactive_mcp_servers', + description: `List MCP servers that are known to the tenant but had no activity between from_date and to_date. Returns platform, server type and identifier, and distinct users. Use this to find unused or stale MCP servers.`, + inputSchema: { + "type": "object", + "properties": { + "from_date": { + "type": "string", + "format": "date-time", + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z).", + "title": "From Date" + }, + "to_date": { + "type": "string", + "format": "date-time", + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).", + "title": "To Date" + } + }, + "required": [ + "from_date", + "to_date" + ] + }, + method: 'get', + pathTemplate: '/app/genai-protect-discovery/mcp/v1/discovery/agents/inactive-servers', + executionParameters: [{"name":"from_date","in":"query"},{"name":"to_date","in":"query"}], + requestBodyContentType: undefined, + securityRequirements: [{"HTTPBearer":[]}], + zodValidationSchema: z.object({ "from_date": z.string().datetime({ offset: true }).describe("Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z)."), "to_date": z.string().datetime({ offset: true }).describe("End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).") }), + }, + ], + + [ + 'get_agents_tool_usage', + { + name: 'get_agents_tool_usage', + description: `Break down MCP tool usage by operation type (Create/Read/Update/Delete/Unknown) between from_date and to_date. For each operation returns the current invocation count, the number of platforms, a per-platform breakdown, and the change vs the previous period. top_n limits the per-operation platform breakdown.`, + inputSchema: { + "type": "object", + "properties": { + "from_date": { + "type": "string", + "format": "date-time", + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z).", + "title": "From Date" + }, + "to_date": { + "type": "string", + "format": "date-time", + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).", + "title": "To Date" + }, + "top_n": { + "type": "integer", + "maximum": 50, + "minimum": 1, + "description": "How many top platforms to break down per operation.", + "default": 5, + "title": "Top N" + } + }, + "required": [ + "from_date", + "to_date" + ] + }, + method: 'get', + pathTemplate: '/app/genai-protect-discovery/mcp/v1/discovery/agents/tool-usage', + executionParameters: [{"name":"from_date","in":"query"},{"name":"to_date","in":"query"},{"name":"top_n","in":"query"}], + requestBodyContentType: undefined, + securityRequirements: [{"HTTPBearer":[]}], + zodValidationSchema: z.object({ "from_date": z.string().datetime({ offset: true }).describe("Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z)."), "to_date": z.string().datetime({ offset: true }).describe("End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z)."), "top_n": z.number().int().gte(1).lte(50).describe("How many top platforms to break down per operation.").default(5) }), + }, + ], + + [ + 'get_agents_invocations_overtime', + { + name: 'get_agents_invocations_overtime', + description: `Return a time series of total MCP tool invocations between from_date and to_date — one point per time bucket ({time, invocations}). Use this to chart agentic activity over time.`, + inputSchema: { + "type": "object", + "properties": { + "from_date": { + "type": "string", + "format": "date-time", + "description": "Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z).", + "title": "From Date" + }, + "to_date": { + "type": "string", + "format": "date-time", + "description": "End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).", + "title": "To Date" + } + }, + "required": [ + "from_date", + "to_date" + ] + }, + method: 'get', + pathTemplate: '/app/genai-protect-discovery/mcp/v1/discovery/agents/invocations-overtime', + executionParameters: [{"name":"from_date","in":"query"},{"name":"to_date","in":"query"}], + requestBodyContentType: undefined, + securityRequirements: [{"HTTPBearer":[]}], + zodValidationSchema: z.object({ "from_date": z.string().datetime({ offset: true }).describe("Start of the time range, ISO 8601 (e.g. 2026-05-01T00:00:00Z)."), "to_date": z.string().datetime({ offset: true }).describe("End of the time range, ISO 8601 (e.g. 2026-06-01T00:00:00Z).") }), + }, ] ]); diff --git a/test/integration.test.ts b/test/integration.test.ts index 1c117a2..42eab06 100644 --- a/test/integration.test.ts +++ b/test/integration.test.ts @@ -173,7 +173,7 @@ describe('GenAI Chats Rule CRUD', () => { description: 'Integration test', order: 0, policy: { - event_type: 'file_upload', + event_types: ['file_upload'], action: 'prevent', logging: 'enabled', services_and_application: { mode: 'all' }, @@ -371,7 +371,7 @@ describe('SetActive Toggle', () => { name: 'Toggle Test Rule', order: 0, policy: { - event_type: 'prompt', + event_types: ['prompt'], action: 'detect', logging: 'enabled', services_and_application: { mode: 'all' },