From 8f14ab9808daeaf0603756082fbd19463f7f42f1 Mon Sep 17 00:00:00 2001 From: Haim Kastner Date: Thu, 9 Apr 2026 18:21:41 +0300 Subject: [PATCH 1/5] Add browse + complete support of async APIS --- .gitignore | 4 + README.md | 129 ++++-- chkp_ai_security_sdk/__init__.py | 4 + chkp_ai_security_sdk/__init__template.py | 4 + .../core/async_ai_security.py | 62 +-- .../core/async_browse_security.py | 50 +++ chkp_ai_security_sdk/core/browse_security.py | 40 ++ chkp_ai_security_sdk/core/session_manager.py | 10 +- examples/async_usage.py | 51 ++- examples/basic_usage.py | 58 ++- sdk_generator/generate_sdk.py | 73 +++- sdk_generator/resources/specs/browse/spec | 1 + .../resources/specs/browse/swagger.json | 1 + .../resources/specs/main/swagger.json | 2 +- sdk_generator/scripts/fetch_api.py | 53 ++- sdk_generator/scripts/post_build.py | 118 ++++-- setup.py | 6 +- tests/test_async_api.py | 378 +++++++++++++++++ tests/test_async_browse_api.py | 116 +++++ tests/test_browse_api.py | 82 ++++ tests/test_unit_sdk.py | 397 ++++++++++++++++++ 21 files changed, 1470 insertions(+), 169 deletions(-) create mode 100644 chkp_ai_security_sdk/core/async_browse_security.py create mode 100644 chkp_ai_security_sdk/core/browse_security.py create mode 100644 sdk_generator/resources/specs/browse/spec create mode 100644 sdk_generator/resources/specs/browse/swagger.json create mode 100644 tests/test_async_api.py create mode 100644 tests/test_async_browse_api.py create mode 100644 tests/test_browse_api.py create mode 100644 tests/test_unit_sdk.py diff --git a/.gitignore b/.gitignore index a11c4b3..731db59 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,10 @@ /build/ /*.egg-info/ chkp_ai_security_sdk/generated/ +chkp_ai_security_sdk/generated_browse/ +chkp_ai_security_sdk/generated_async/ +chkp_ai_security_sdk/generated_browse_async/ +chkp_ai_security_sdk/*_README.md *.env __pycache__/ /dist/ diff --git a/README.md b/README.md index 398396b..e646870 100644 --- a/README.md +++ b/README.md @@ -1,21 +1,19 @@ -# Check Point - AI Security Python SDK +# Check Point - AI Security Python SDK (Workforce AI + Browse Security) [![License](https://img.shields.io/github/license/CheckPointSW/ai-security-py-sdk.svg?style=plastic)](https://github.com/CheckPointSW/ai-security-py-sdk/blob/release/LICENSE) [![Latest Release](https://img.shields.io/github/v/release/CheckPointSW/ai-security-py-sdk?style=plastic)](https://github.com/CheckPointSW/ai-security-py-sdk/releases) [![PyPI version](https://img.shields.io/pypi/v/chkp-ai-security-sdk.svg?style=plastic)](https://pypi.org/project/chkp-ai-security-sdk/) [![Build SDK Package](https://github.com/CheckPointSW/ai-security-py-sdk/actions/workflows/build.yml/badge.svg)](https://github.com/CheckPointSW/ai-security-py-sdk/actions/workflows/build.yml) [![Publish package to PyPI](https://github.com/CheckPointSW/ai-security-py-sdk/actions/workflows/release.yml/badge.svg)](https://github.com/CheckPointSW/ai-security-py-sdk/actions/workflows/release.yml) -This is the AI Security SDK for Python ecosystem. +This is the official Check Point AI Security SDK for Python, covering both **Workforce AI** and **Browse Security** products. -The SDK is based on the public [AI Security OpenAPI](https://app.swaggerhub.com/apis/Check-Point/checkpoint-ai-security) specifications. +The SDK is based on the public [AI Security OpenAPI](https://app.swaggerhub.com/apis/Check-Point/checkpoint-ai-security) and [Browse Security OpenAPI](https://app.swaggerhub.com/apis/Check-Point/checkpoint-browse-security) specifications. With the SDK, you do not have to manage log in, send keep alive requests, or worry about session expiration. -> The AI Security SDK supports simultaneous instances with different tenants. +> The SDK supports simultaneous instances with different tenants, and both products can be used independently or together. ## SDK installation -To start using this SDK, add the SDK package to your project - Via PIP (PyPi registry) ```bash pip install chkp-ai-security-sdk @@ -23,19 +21,24 @@ pip install chkp-ai-security-sdk ## Getting started -First, import the `AISecurity` object from the package. +Import the SDK classes for the product(s) you need: ```python -from chkp_ai_security_sdk import AISecurity +from chkp_ai_security_sdk import AISecurity, BrowseSecurity ``` -Then, create a new instance of `AISecurity`, which provides CloudInfra API credentials and a gateway to connect to. +- **`AISecurity`** — Workforce AI Security (Chats policy, Access policy, Agents policy, etc.) +- **`BrowseSecurity`** — Browse Security (Secure Browsing policy, DLP policy, web access policy, etc.) + +Each class manages its own session independently. Create an instance and provide CloudInfra API credentials to connect. ### Obtaining API credentials 1. Go to the [Infinity Portal API Keys page](https://portal.checkpoint.com/dashboard/settings/api-keys). 2. Click **New** > **New Account API Key**. -3. In the **Service** dropdown select **Workforce AI Security** and create the key. +3. In the **Service** dropdown select: + - **Workforce AI Security** for `AISecurity` + - **Browser Security** for `BrowseSecurity` 4. Copy the **Client ID**, **Secret Key**, and **Authentication URL** (gateway). For more information, see [Infinity Portal Administration Guide](https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Infinity-Portal-Admin-Guide/Content/Topics-Infinity-Portal/API-Keys.htm?tocpath=Global%20Settings%7C_____7#API_Keys). @@ -47,68 +50,112 @@ For more information, see [Infinity Portal Administration Guide](https://sc1.che | Europe | `https://cloudinfra-gw.portal.checkpoint.com` | | United States | `https://cloudinfra-gw-us.portal.checkpoint.com` | -Once the Client ID, Secret Key, and Authentication URL are obtained, AI Security SDK can be used. +Once the Client ID, Secret Key, and Authentication URL are obtained, the SDK can be used. -All API operations can be explored with the `AISecurity` instance, notice to the documentation on each API operation, what and where are the arguments it requires. +All API operations can be explored on SwaggerHub: +- [Workforce AI Security APIs](https://app.swaggerhub.com/apis/Check-Point/checkpoint-ai-security) +- [Browse Security APIs](https://app.swaggerhub.com/apis/Check-Point/checkpoint-browse-security) -All APIs can be also explored in [SwaggerHub](https://app.swaggerhub.com/apis/Check-Point/checkpoint-ai-security) - -A complete example: +### Workforce AI Security example ```python from chkp_ai_security_sdk import AISecurity, InfinityPortalAuth -# Create a new instance of AISecurity (we do support multiple instances in parallel) ai = AISecurity() - -# Connect to AI Security service using CloudInfra API credentials ai.connect(infinity_portal_auth=InfinityPortalAuth( - client_id="place here your CI client-id", # The "Client ID" - access_key="place here your CI access-key", # The "Secret Key" - gateway="https://cloudinfra-gw-us.portal.checkpoint.com" # The "Authentication URL" (without /auth/external) - )) + client_id="your-client-id", + access_key="your-secret-key", + gateway="https://cloudinfra-gw-us.portal.checkpoint.com", +)) -# Query the API operations rulebase = ai.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get() print(rulebase) -# Once finish, disconnect to stop all background session management. ai.disconnect() ``` +### Browse Security example + +```python +from chkp_ai_security_sdk import BrowseSecurity, InfinityPortalAuth + +browse = BrowseSecurity() +browse.connect(infinity_portal_auth=InfinityPortalAuth( + client_id="your-client-id", + access_key="your-secret-key", + gateway="https://cloudinfra-gw-us.portal.checkpoint.com", +)) + +rulebase = browse.dlp_policy_api.get_dlp_rulebase_external_v1_dlp_rulebase_get() +print(rulebase) + +browse.disconnect() +``` + +### Using both products together + +```python +from chkp_ai_security_sdk import AISecurity, BrowseSecurity, InfinityPortalAuth + +auth = InfinityPortalAuth( + client_id="your-client-id", + access_key="your-secret-key", + gateway="https://cloudinfra-gw-us.portal.checkpoint.com", +) + +ai = AISecurity() +browse = BrowseSecurity() + +ai.connect(infinity_portal_auth=auth) +browse.connect(infinity_portal_auth=auth) + +# Workforce AI +chats = ai.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get() + +# Browse Security +dlp = browse.dlp_policy_api.get_dlp_rulebase_external_v1_dlp_rulebase_get() + +ai.disconnect() +browse.disconnect() +``` + ### Async support -The SDK also provides an async variant for use in async Python applications: +The SDK provides async variants for both products: ```python import asyncio -from chkp_ai_security_sdk import AsyncAISecurity, InfinityPortalAuth +from chkp_ai_security_sdk import AsyncAISecurity, AsyncBrowseSecurity, InfinityPortalAuth async def main(): - ai = AsyncAISecurity() - await ai.connect(infinity_portal_auth=InfinityPortalAuth( + auth = InfinityPortalAuth( client_id="your-client-id", access_key="your-secret-key", gateway="https://cloudinfra-gw-us.portal.checkpoint.com", - )) + ) + + ai = AsyncAISecurity() + browse = AsyncBrowseSecurity() + + await asyncio.gather(ai.connect(auth), browse.connect(auth)) - # API calls are awaitable and run without blocking the event loop - rulebase = await ai.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get() - print(rulebase) + # All API calls are awaitable + chats = await ai.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get() + dlp = await browse.dlp_policy_api.get_dlp_rulebase_external_v1_dlp_rulebase_get() - await ai.disconnect() + await asyncio.gather(ai.disconnect(), browse.disconnect()) asyncio.run(main()) ``` ## Troubleshooting and logging -The full version and build info of the SDK is available by `AISecurity.info()` see example: +The full version and build info of the SDK is available via the `info()` static method on each class: ```python -from chkp_ai_security_sdk import AISecurity, WorkforceAISDKInfo +from chkp_ai_security_sdk import AISecurity, BrowseSecurity -sdk_info: WorkforceAISDKInfo = AISecurity.info() -print(sdk_info) # sdk_build:"9728283", sdk_version:"1.0.0", spec:"checkpoint-ai-security", spec_version:"1.0.0", released_on:"2024-01-01T00:00:00" +print(AISecurity.info()) # Workforce AI build info +print(BrowseSecurity.info()) # Browse Security build info ``` AI Security SDK uses the official python logger package for logging. @@ -135,14 +182,6 @@ activate_error_logger() # Will activate the error logger only activate_network_logger() # Will activate the network logger only ``` -## All Check Point AI Security API tools - -| Tool | Package | -|---|---| -| Python SDK | [`chkp-ai-security-sdk`](https://pypi.org/project/chkp-ai-security-sdk/) | -| JS/TS SDK | [`@chkp/ai-security-sdk`](https://www.npmjs.com/package/@chkp/ai-security-sdk) | -| OpenAPI Spec | [SwaggerHub](https://app.swaggerhub.com/apis/Check-Point/checkpoint-ai-security) | - ## Report Bug In case of an issue or a bug found in the SDK, please open an [issue](https://github.com/CheckPointSW/ai-security-py-sdk/issues). diff --git a/chkp_ai_security_sdk/__init__.py b/chkp_ai_security_sdk/__init__.py index dc7ba09..4b73529 100644 --- a/chkp_ai_security_sdk/__init__.py +++ b/chkp_ai_security_sdk/__init__.py @@ -1,5 +1,7 @@ from chkp_ai_security_sdk.core.ai_security import AISecurity from chkp_ai_security_sdk.core.async_ai_security import AsyncAISecurity +from chkp_ai_security_sdk.core.browse_security import BrowseSecurity +from chkp_ai_security_sdk.core.async_browse_security import AsyncBrowseSecurity from chkp_ai_security_sdk.classes.infinity_portal_auth import InfinityPortalAuth from chkp_ai_security_sdk.classes.workforceai_sdk_info import WorkforceAISDKInfo from chkp_ai_security_sdk.classes.sdk_connection_state import SDKConnectionState @@ -9,6 +11,8 @@ __all__ = [ 'AISecurity', 'AsyncAISecurity', + 'BrowseSecurity', + 'AsyncBrowseSecurity', 'InfinityPortalAuth', 'WorkforceAISDKInfo', 'SDKConnectionState', diff --git a/chkp_ai_security_sdk/__init__template.py b/chkp_ai_security_sdk/__init__template.py index dc7ba09..4b73529 100644 --- a/chkp_ai_security_sdk/__init__template.py +++ b/chkp_ai_security_sdk/__init__template.py @@ -1,5 +1,7 @@ from chkp_ai_security_sdk.core.ai_security import AISecurity from chkp_ai_security_sdk.core.async_ai_security import AsyncAISecurity +from chkp_ai_security_sdk.core.browse_security import BrowseSecurity +from chkp_ai_security_sdk.core.async_browse_security import AsyncBrowseSecurity from chkp_ai_security_sdk.classes.infinity_portal_auth import InfinityPortalAuth from chkp_ai_security_sdk.classes.workforceai_sdk_info import WorkforceAISDKInfo from chkp_ai_security_sdk.classes.sdk_connection_state import SDKConnectionState @@ -9,6 +11,8 @@ __all__ = [ 'AISecurity', 'AsyncAISecurity', + 'BrowseSecurity', + 'AsyncBrowseSecurity', 'InfinityPortalAuth', 'WorkforceAISDKInfo', 'SDKConnectionState', diff --git a/chkp_ai_security_sdk/core/async_ai_security.py b/chkp_ai_security_sdk/core/async_ai_security.py index b9b14cf..21fa650 100644 --- a/chkp_ai_security_sdk/core/async_ai_security.py +++ b/chkp_ai_security_sdk/core/async_ai_security.py @@ -1,46 +1,50 @@ import asyncio -from typing import Any from chkp_ai_security_sdk.classes.infinity_portal_auth import InfinityPortalAuth from chkp_ai_security_sdk.classes.sdk_connection_state import SDKConnectionState -from chkp_ai_security_sdk.core.ai_security import AISecurity +from chkp_ai_security_sdk.core.session_manager import SessionManager +from chkp_ai_security_sdk.generated_async.api_mixin import _AsyncApiMixin -class _AsyncApiProxy: - """Wraps a synchronous API instance, making all public methods awaitable.""" - - def __init__(self, sync_api: Any): - self._sync = sync_api - - def __getattr__(self, name: str): - attr = getattr(self._sync, name) - if callable(attr): - async def _async_wrapper(*args, **kwargs): - return await asyncio.to_thread(attr, *args, **kwargs) - return _async_wrapper - return attr - - -class AsyncAISecurity: +class AsyncAISecurity(_AsyncApiMixin): """Check Point AI Security SDK (async) - manage AI Security policies and assets.""" def __init__(self): - self._sync = AISecurity() + self._session_manager = SessionManager() + self._api_client = None async def connect(self, infinity_portal_auth: InfinityPortalAuth): - await asyncio.to_thread(self._sync.connect, infinity_portal_auth) + """Connect to AI Security service using CloudInfra API credentials.""" + await asyncio.to_thread(self._session_manager.connect, infinity_portal_auth) async def disconnect(self): - await asyncio.to_thread(self._sync.disconnect) + """Disconnect and stop all background session management.""" + if self._api_client is not None: + await self._api_client.close() + self._api_client = None + await asyncio.to_thread(self._session_manager.disconnect) def connection_state(self) -> SDKConnectionState: - return self._sync.connection_state() + """Returns the current connection state.""" + return self._session_manager.connection_state() @staticmethod def info() -> str: - return AISecurity.info() - - def __getattr__(self, name: str): - """Dynamically proxy any API property from the sync SDK through _AsyncApiProxy.""" - # Delegate to the sync instance — if it's an API object, wrap it - attr = getattr(self._sync, name) - return _AsyncApiProxy(attr) + """Returns SDK build and spec information.""" + try: + from chkp_ai_security_sdk.generated_async.sdk_build import sdk_build_info + return str(sdk_build_info()) + except Exception: + return 'SDK info not available (run sdk_generator/generate_sdk.py first)' + + def _get_api_client(self): + sync_cfg = self._session_manager.client_configuration + if self._api_client is None: + from chkp_ai_security_sdk.generated_async.api_client import ApiClient + from chkp_ai_security_sdk.generated_async.configuration import Configuration + cfg = Configuration() + cfg.host = sync_cfg.host + cfg.access_token = sync_cfg.access_token + self._api_client = ApiClient(cfg) + else: + self._api_client.configuration.access_token = sync_cfg.access_token + return self._api_client diff --git a/chkp_ai_security_sdk/core/async_browse_security.py b/chkp_ai_security_sdk/core/async_browse_security.py new file mode 100644 index 0000000..61a8010 --- /dev/null +++ b/chkp_ai_security_sdk/core/async_browse_security.py @@ -0,0 +1,50 @@ +import asyncio +from chkp_ai_security_sdk.classes.infinity_portal_auth import InfinityPortalAuth +from chkp_ai_security_sdk.classes.sdk_connection_state import SDKConnectionState +from chkp_ai_security_sdk.core.session_manager import SessionManager +from chkp_ai_security_sdk.generated_browse_async.api_mixin import _AsyncBrowseApiMixin + + +class AsyncBrowseSecurity(_AsyncBrowseApiMixin): + """Check Point Browse Security SDK (async) - manage Browse Security policies and assets.""" + + def __init__(self): + self._session_manager = SessionManager() + self._api_client = None + + async def connect(self, infinity_portal_auth: InfinityPortalAuth): + """Connect to Browse Security service using CloudInfra API credentials.""" + await asyncio.to_thread(self._session_manager.connect, infinity_portal_auth) + + async def disconnect(self): + """Disconnect and stop all background session management.""" + if self._api_client is not None: + await self._api_client.close() + self._api_client = None + await asyncio.to_thread(self._session_manager.disconnect) + + def connection_state(self) -> SDKConnectionState: + """Returns the current connection state.""" + return self._session_manager.connection_state() + + @staticmethod + def info() -> str: + """Returns SDK build and spec information.""" + try: + from chkp_ai_security_sdk.generated_browse_async.sdk_build import sdk_build_info + return str(sdk_build_info()) + except Exception: + return 'SDK info not available (run sdk_generator/generate_sdk.py first)' + + def _get_api_client(self): + sync_cfg = self._session_manager.client_configuration + if self._api_client is None: + from chkp_ai_security_sdk.generated_browse_async.api_client import ApiClient + from chkp_ai_security_sdk.generated_browse_async.configuration import Configuration + cfg = Configuration() + cfg.host = sync_cfg.host + cfg.access_token = sync_cfg.access_token + self._api_client = ApiClient(cfg) + else: + self._api_client.configuration.access_token = sync_cfg.access_token + return self._api_client diff --git a/chkp_ai_security_sdk/core/browse_security.py b/chkp_ai_security_sdk/core/browse_security.py new file mode 100644 index 0000000..7e94dd8 --- /dev/null +++ b/chkp_ai_security_sdk/core/browse_security.py @@ -0,0 +1,40 @@ +from chkp_ai_security_sdk.classes.infinity_portal_auth import InfinityPortalAuth +from chkp_ai_security_sdk.classes.sdk_connection_state import SDKConnectionState +from chkp_ai_security_sdk.core.session_manager import SessionManager +from chkp_ai_security_sdk.generated_browse.api_mixin import _BrowseApiMixin + +print_message = True + + +class BrowseSecurity(_BrowseApiMixin): + """Check Point Browse Security SDK - manage Browse Security policies and assets.""" + + def __init__(self): + self._session_manager = SessionManager() + if print_message: + print('Check Point Browse Security SDK - https://github.com/CheckPointSW/ai-security-py-sdk') + + def connect(self, infinity_portal_auth: InfinityPortalAuth): + """Connect to Browse Security service using CloudInfra API credentials.""" + self._session_manager.connect(infinity_portal_auth) + + def disconnect(self): + """Disconnect and stop all background session management.""" + self._session_manager.disconnect() + + def connection_state(self) -> SDKConnectionState: + """Returns the current connection state.""" + return self._session_manager.connection_state() + + @staticmethod + def info() -> str: + """Returns SDK build and spec information.""" + try: + from chkp_ai_security_sdk.generated_browse.sdk_build import sdk_build_info + return str(sdk_build_info()) + except Exception: + return 'SDK info not available (run sdk_generator/generate_sdk.py first)' + + def _get_api_client(self): + from chkp_ai_security_sdk.generated_browse.api_client import ApiClient + return ApiClient(self._session_manager.client_configuration) diff --git a/chkp_ai_security_sdk/core/session_manager.py b/chkp_ai_security_sdk/core/session_manager.py index 3597a36..4bbdbce 100644 --- a/chkp_ai_security_sdk/core/session_manager.py +++ b/chkp_ai_security_sdk/core/session_manager.py @@ -29,10 +29,7 @@ def __init__(self): @property def client_configuration(self) -> Any: - if self.__sdk_connection_state == SDKConnectionState.DISCONNECTED: - error_logger('Unable to process operation call, no session configured, connect first') - raise WorkforceAIApiException(error_scope=WorkforceAIErrorScope.SESSION, message='No session configured, connect first') - + self.__check_connected() from chkp_ai_security_sdk.generated.configuration import Configuration configuration = Configuration() configuration.host = self.__url @@ -146,3 +143,8 @@ def disconnect(self): def connection_state(self) -> SDKConnectionState: return self.__sdk_connection_state + + def __check_connected(self): + if self.__sdk_connection_state == SDKConnectionState.DISCONNECTED: + error_logger('Unable to process operation call, no session configured, connect first') + raise WorkforceAIApiException(error_scope=WorkforceAIErrorScope.SESSION, message='No session configured, connect first') diff --git a/examples/async_usage.py b/examples/async_usage.py index eedb0dd..0ed25fa 100644 --- a/examples/async_usage.py +++ b/examples/async_usage.py @@ -1,5 +1,8 @@ """AI Security SDK - async/await usage example. +Demonstrates both AsyncAISecurity and AsyncBrowseSecurity instances +sharing the same credentials but managing independent sessions. + Setup: cp .env.example .env # fill in your credentials pip install chkp-ai-security-sdk python-dotenv @@ -13,40 +16,66 @@ import os from dotenv import load_dotenv +from chkp_ai_security_sdk.generated import CommonSetActiveRequest + load_dotenv() -from chkp_ai_security_sdk import AsyncAISecurity, InfinityPortalAuth +from chkp_ai_security_sdk import AsyncAISecurity, AsyncBrowseSecurity, InfinityPortalAuth async def main(): - sdk = AsyncAISecurity() - auth = InfinityPortalAuth( client_id=os.environ['CP_CI_CLIENT_ID'], access_key=os.environ['CP_CI_ACCESS_KEY'], gateway=os.environ['CP_CI_GATEWAY'], ) + ai = AsyncAISecurity() + browse = AsyncBrowseSecurity() + print('Connecting...') - await sdk.connect(auth) + await asyncio.gather(ai.connect(auth), browse.connect(auth)) print('Connected!') try: - # All API calls are awaitable + # ── AI Security APIs ── + + print('\n=== AI Security ===') + print('\n--- Chats Policy Rulebase ---') - result = await sdk.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get() + result = await ai.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get() print(result) - # Run multiple API calls concurrently - print('\n--- Concurrent API calls ---') + + # Run multiple AI Security calls concurrently + print('\n--- Concurrent AI Security calls ---') access, dlp = await asyncio.gather( - sdk.ai_access_policy_api.get_ai_access_rulebase_external_v1_ai_access_rulebase_get(), - sdk.dlp_datatypes_api.get_predefined_datatypes_external_v1_dlp_datatypes_predefined_get(), + ai.ai_access_policy_api.get_ai_access_rulebase_external_v1_ai_access_rulebase_get(), + ai.dlp_datatypes_api.get_predefined_datatypes_external_v1_dlp_datatypes_predefined_get(), ) print(f'Access rules: {access}') print(f'DLP datatypes: {dlp}') + + # ── Browse Security APIs ── + + print('\n=== Browse Security ===') + + print('\n--- DLP Policy Rulebase ---') + result = await browse.dlp_policy_api.get_dlp_rulebase_external_v1_dlp_rulebase_get() + print(result) + + # Run multiple Browse Security calls concurrently + print('\n--- Concurrent Browse Security calls ---') + web_access, secure_browsing, objects = await asyncio.gather( + browse.web_access_policy_api.get_web_access_rulebase_external_v1_web_access_rulebase_get(), + browse.secure_browsing_policy_api.get_secure_browsing_rulebase_external_v1_secure_browsing_rulebase_get(), + browse.objects_api.get_file_protection_objects_external_v1_objects_file_protection_get(), + ) + print(f'Web access rules: {web_access}') + print(f'Secure browsing rules: {secure_browsing}') + print(f'File protection objects: {objects}') finally: - await sdk.disconnect() + await asyncio.gather(ai.disconnect(), browse.disconnect()) print('\nDisconnected.') diff --git a/examples/basic_usage.py b/examples/basic_usage.py index 0b0141f..5bae0f2 100644 --- a/examples/basic_usage.py +++ b/examples/basic_usage.py @@ -1,5 +1,8 @@ """AI Security SDK - basic synchronous usage example. +Demonstrates both AISecurity (Workforce AI) and BrowseSecurity instances +sharing the same credentials but managing independent sessions. + Setup: cp .env.example .env # fill in your credentials pip install chkp-ai-security-sdk python-dotenv @@ -10,11 +13,11 @@ import os from dotenv import load_dotenv -load_dotenv() +from chkp_ai_security_sdk.generated import CommonSetActiveRequest -from chkp_ai_security_sdk import AISecurity, InfinityPortalAuth +load_dotenv() -sdk = AISecurity() +from chkp_ai_security_sdk import AISecurity, BrowseSecurity, InfinityPortalAuth auth = InfinityPortalAuth( client_id=os.environ['CP_CI_CLIENT_ID'], @@ -22,26 +25,57 @@ gateway=os.environ['CP_CI_GATEWAY'], ) +ai = AISecurity() +browse = BrowseSecurity() + print('Connecting...') -sdk.connect(auth) +ai.connect(auth) +browse.connect(auth) print('Connected!') -print(f'SDK info: {AISecurity.info()}') +print(f'AI Security info: {AISecurity.info()}') +print(f'Browse Security info: {BrowseSecurity.info()}') try: - # Get chats policy rulebase + # ── AI Security APIs ── + + print('\n=== AI Security ===') + print('\n--- Chats Policy Rulebase ---') - result = sdk.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get() + result = ai.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get() print(result) - # Get access policy rulebase + ai.rulebase_api.set_active_external_v1_rules_set_active_put(CommonSetActiveRequest( + rule_id=result.rules[0].rule_id, + active=True, + )) print('\n--- Access Policy Rulebase ---') - result = sdk.ai_access_policy_api.get_ai_access_rulebase_external_v1_ai_access_rulebase_get() + result = ai.ai_access_policy_api.get_ai_access_rulebase_external_v1_ai_access_rulebase_get() print(result) - # Get predefined DLP datatypes print('\n--- Predefined DLP Datatypes ---') - result = sdk.dlp_datatypes_api.get_predefined_datatypes_external_v1_dlp_datatypes_predefined_get() + result = ai.dlp_datatypes_api.get_predefined_datatypes_external_v1_dlp_datatypes_predefined_get() + print(result) + + # ── Browse Security APIs ── + + print('\n=== Browse Security ===') + + print('\n--- DLP Policy Rulebase ---') + result = browse.dlp_policy_api.get_dlp_rulebase_external_v1_dlp_rulebase_get() + print(result) + + print('\n--- Web Access Rulebase ---') + result = browse.web_access_policy_api.get_web_access_rulebase_external_v1_web_access_rulebase_get() + print(result) + + print('\n--- Secure Browsing Rulebase ---') + result = browse.secure_browsing_policy_api.get_secure_browsing_rulebase_external_v1_secure_browsing_rulebase_get() + print(result) + + print('\n--- File Protection Objects ---') + result = browse.objects_api.get_file_protection_objects_external_v1_objects_file_protection_get() print(result) finally: - sdk.disconnect() + ai.disconnect() + browse.disconnect() print('\nDisconnected.') diff --git a/sdk_generator/generate_sdk.py b/sdk_generator/generate_sdk.py index bf6390a..88ca996 100644 --- a/sdk_generator/generate_sdk.py +++ b/sdk_generator/generate_sdk.py @@ -11,22 +11,53 @@ from dotenv import load_dotenv load_dotenv() +# (spec subdir, generated package name, generated output path) +PRODUCTS = [ + # ── Sync (urllib3) ── + { + 'spec_dir': 'main', + 'package_name': 'chkp_ai_security_sdk.generated', + 'generated_rel': 'chkp_ai_security_sdk/generated', + }, + { + 'spec_dir': 'browse', + 'package_name': 'chkp_ai_security_sdk.generated_browse', + 'generated_rel': 'chkp_ai_security_sdk/generated_browse', + }, + # ── Async (aiohttp) ── + { + 'spec_dir': 'main', + 'package_name': 'chkp_ai_security_sdk.generated_async', + 'generated_rel': 'chkp_ai_security_sdk/generated_async', + 'library': 'asyncio', + }, + { + 'spec_dir': 'browse', + 'package_name': 'chkp_ai_security_sdk.generated_browse_async', + 'generated_rel': 'chkp_ai_security_sdk/generated_browse_async', + 'library': 'asyncio', + }, +] -def generate(spec: str = 'main'): - log_prefix = '[generate]' + +def generate(product: dict): + log_prefix = f'[generate:{product["spec_dir"]}]' this_dir_path = os.path.dirname(__file__) project_dir = Path(this_dir_path, '../') - specs_path = os.path.join(project_dir, 'resources', 'specs', spec, 'swagger.json') + specs_path = os.path.join(project_dir, 'resources', 'specs', product['spec_dir'], 'swagger.json') generator_path = os.path.join(this_dir_path, 'open_api_tool', 'openapi-generator-cli-7.12.0.jar') jre_path = os.getenv('JRE_PATH', 'java') - generated_path = os.path.join(project_dir, 'chkp_ai_security_sdk', 'generated') + generated_path = os.path.join(project_dir, product['generated_rel']) + + library = product.get('library', '') + library_prop = f',library={library}' if library else '' try: if os.path.exists(generated_path): shutil.rmtree( generated_path, ignore_errors=True, - onerror=lambda err: print(f'[generate] Error cleaning generated dir: {err}'), + onerror=lambda err: print(f'{log_prefix} Error cleaning generated dir: {err}'), ) cmd_line = ( @@ -35,31 +66,39 @@ def generate(spec: str = 'main'): f' --input-spec {specs_path}' f' --output {project_dir}' f' --global-property modelDocs=false,modelTests=false' - f' --additional-properties=generateSourceCodeOnly=true,packageName=chkp_ai_security_sdk.generated' + f' --additional-properties=generateSourceCodeOnly=true,packageName={product["package_name"]}{library_prop}' f' --skip-validate-spec' ) print(f'{log_prefix} Invoking generator:\n{cmd_line}') subprocess.run(cmd_line, shell=True, check=True, stdout=sys.stdout) except subprocess.CalledProcessError as e: - print(f'[generate] Generator error:\n\t{e}') + print(f'{log_prefix} Generator error:\n\t{e}') raise def start_generate_process(): this_dir_path = os.path.dirname(__file__) project_dir = Path(this_dir_path, '../') - spec_path = os.path.join(project_dir, 'resources', 'specs', 'main', 'swagger.json') + + # Step 1: Fetch all specs fetch_api_specs() - # Copy spec files from CWD-relative path to project root if needed - cwd_spec_dir = os.path.join('resources', 'specs', 'main') - dest_spec_dir = os.path.join(project_dir, 'resources', 'specs', 'main') - if os.path.exists(cwd_spec_dir) and os.path.abspath(cwd_spec_dir) != os.path.abspath(str(dest_spec_dir)): - os.makedirs(str(dest_spec_dir), exist_ok=True) - for fname in os.listdir(cwd_spec_dir): - shutil.copy2(os.path.join(cwd_spec_dir, fname), os.path.join(str(dest_spec_dir), fname)) - normalize_spec(spec_path) - generate() + + for product in PRODUCTS: + spec_dir = product['spec_dir'] + # Copy spec files from CWD-relative path to project root if needed + cwd_spec_dir = os.path.join('resources', 'specs', spec_dir) + dest_spec_dir = os.path.join(project_dir, 'resources', 'specs', spec_dir) + if os.path.exists(cwd_spec_dir) and os.path.abspath(cwd_spec_dir) != os.path.abspath(str(dest_spec_dir)): + os.makedirs(str(dest_spec_dir), exist_ok=True) + for fname in os.listdir(cwd_spec_dir): + shutil.copy2(os.path.join(cwd_spec_dir, fname), os.path.join(str(dest_spec_dir), fname)) + + spec_path = os.path.join(project_dir, 'resources', 'specs', spec_dir, 'swagger.json') + normalize_spec(spec_path) + generate(product) + + # Step 3: Post-build for both products post_build_process() diff --git a/sdk_generator/resources/specs/browse/spec b/sdk_generator/resources/specs/browse/spec new file mode 100644 index 0000000..e39b1c0 --- /dev/null +++ b/sdk_generator/resources/specs/browse/spec @@ -0,0 +1 @@ +checkpoint-browse-security \ No newline at end of file diff --git a/sdk_generator/resources/specs/browse/swagger.json b/sdk_generator/resources/specs/browse/swagger.json new file mode 100644 index 0000000..87c27f4 --- /dev/null +++ b/sdk_generator/resources/specs/browse/swagger.json @@ -0,0 +1 @@ +{"openapi": "3.1.0", "info": {"title": "Check Point Browse Security API", "description": "Unified API for Check Point Browse Security \u2014 policy management and asset visibility.\n\n## Authentication\nAll endpoints require a valid CloudInfra JWT token passed as a Bearer token in the `Authorization` header.\n\n### Obtaining a JWT Token\n1. Go to the [Infinity Portal API Keys page](https://portal.checkpoint.com/dashboard/settings/api-keys).\n2. Click **New** \u2192 **New Account API Key**.\n3. In the **Service** dropdown select **Browser Security** and create the key.\n4. Use the generated API key to obtain a JWT token from CloudInfra.\n5. Include the JWT in every request:\n ```\n Authorization: Bearer \n ```\n\n## Rate Limiting\nDefault limits vary per endpoint group. Exceeding any limit results in a 5-minute block period.\n", "version": "1.0.2"}, "servers": [{"url": "https://cloudinfra-gw.portal.checkpoint.com", "description": "Europe Region"}, {"url": "https://cloudinfra-gw-us.portal.checkpoint.com", "description": "United States Region"}], "paths": {"/app/browse-protect-policy/external/v1/objects/file-protection": {"get": {"tags": ["Objects"], "summary": "List all file-protection objects", "operationId": "get_file_protection_objects_external_v1_objects_file_protection_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetFileProtectionObjectsResponse"}}}}}, "security": [{"HTTPBearer": []}]}, "put": {"tags": ["Objects"], "summary": "Update a file protection object", "operationId": "update_file_protection_object_external_v1_objects_file_protection_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UpdateFileProtectionObjectRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UpdateObjectResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}, "post": {"tags": ["Objects"], "summary": "Create a file protection object", "operationId": "create_file_protection_object_external_v1_objects_file_protection_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CreateFileProtectionObjectRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CreateObjectResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/objects/domains": {"get": {"tags": ["Objects"], "summary": "List all domains objects", "operationId": "get_domains_objects_external_v1_objects_domains_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDomainsObjectsResponse"}}}}}, "security": [{"HTTPBearer": []}]}, "put": {"tags": ["Objects"], "summary": "Update a domains object", "operationId": "update_domains_object_external_v1_objects_domains_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UpdateDomainsObjectRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UpdateObjectResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}, "post": {"tags": ["Objects"], "summary": "Create a domains object", "operationId": "create_domains_object_external_v1_objects_domains_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CreateDomainsObjectRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CreateObjectResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/objects/delete": {"delete": {"tags": ["Objects"], "summary": "Delete an object (fails if attached to rules)", "operationId": "delete_object_external_v1_objects_delete_delete", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/DeleteObjectRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Delete Object External V1 Objects Delete Delete"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rulebase": {"get": {"tags": ["DLP Policy"], "summary": "Get the DLP rulebase with all rules and version", "operationId": "get_dlp_rulebase_external_v1_dlp_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rule": {"post": {"tags": ["DLP Policy"], "summary": "Create a DLP rule", "operationId": "add_dlp_rule_external_v1_dlp_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddChatsRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rule/set-policy": {"put": {"tags": ["DLP Policy"], "summary": "Replace the entire policy of a DLP rule", "operationId": "set_dlp_policy_external_v1_dlp_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetChatsPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Dlp Policy External V1 Dlp Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rule/patch-policy": {"patch": {"tags": ["DLP Policy"], "summary": "Partially update the policy of a DLP rule (deep merge)", "operationId": "patch_dlp_policy_external_v1_dlp_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchChatsPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Dlp Policy External V1 Dlp Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rule/attach-objects": {"post": {"tags": ["DLP Policy"], "summary": "Attach objects to a DLP rule", "operationId": "attach_dlp_rule_objects_external_v1_dlp_rule_attach_objects_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AttachChatsObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Attach Dlp Rule Objects External V1 Dlp Rule Attach Objects Post"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rule/detach-objects": {"post": {"tags": ["DLP Policy"], "summary": "Detach objects from a DLP rule", "operationId": "detach_dlp_rule_objects_external_v1_dlp_rule_detach_objects_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/DetachObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Detach Dlp Rule Objects External V1 Dlp Rule Detach Objects Post"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rule/set-objects": {"put": {"tags": ["DLP Policy"], "summary": "Set (replace) all objects of a DLP rule for a feature", "operationId": "set_dlp_rule_objects_external_v1_dlp_rule_set_objects_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetChatsObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Dlp Rule Objects External V1 Dlp Rule Set Objects Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rulebase": {"get": {"tags": ["Web Access Policy"], "summary": "Get the Web Access rulebase with all rules and version", "operationId": "get_web_access_rulebase_external_v1_web_access_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rule": {"post": {"tags": ["Web Access Policy"], "summary": "Create a Web Access rule", "operationId": "add_web_access_rule_external_v1_web_access_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddAccessRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rule/set-policy": {"put": {"tags": ["Web Access Policy"], "summary": "Replace the entire Web Access policy of a rule", "operationId": "set_web_access_policy_external_v1_web_access_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetAccessPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Web Access Policy External V1 Web Access Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rule/patch-policy": {"patch": {"tags": ["Web Access Policy"], "summary": "Partially update the Web Access policy of a rule (deep merge)", "operationId": "patch_web_access_policy_external_v1_web_access_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchAccessPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Web Access Policy External V1 Web Access Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rule/attach-objects": {"post": {"tags": ["Web Access Policy"], "summary": "Attach objects to a Web Access rule", "operationId": "attach_web_access_rule_objects_external_v1_web_access_rule_attach_objects_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AttachAccessObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Attach Web Access Rule Objects External V1 Web Access Rule Attach Objects Post"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rule/detach-objects": {"post": {"tags": ["Web Access Policy"], "summary": "Detach objects from a Web Access rule", "operationId": "detach_web_access_rule_objects_external_v1_web_access_rule_detach_objects_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/DetachObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Detach Web Access Rule Objects External V1 Web Access Rule Detach Objects Post"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rule/set-objects": {"put": {"tags": ["Web Access Policy"], "summary": "Set (replace) all objects of a Web Access rule for a feature", "operationId": "set_web_access_rule_objects_external_v1_web_access_rule_set_objects_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetAccessObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Web Access Rule Objects External V1 Web Access Rule Set Objects Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rulebase": {"get": {"tags": ["Secure Browsing Policy"], "summary": "Get the Secure Browsing rulebase with all rules and version", "operationId": "get_secure_browsing_rulebase_external_v1_secure_browsing_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rule": {"post": {"tags": ["Secure Browsing Policy"], "summary": "Create a Secure Browsing rule", "operationId": "add_secure_browsing_rule_external_v1_secure_browsing_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddSecureBrowsingRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rule/set-policy": {"put": {"tags": ["Secure Browsing Policy"], "summary": "Replace the entire policy of a Secure Browsing rule", "operationId": "set_secure_browsing_policy_external_v1_secure_browsing_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetSecureBrowsingPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Secure Browsing Policy External V1 Secure Browsing Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rule/patch-policy": {"patch": {"tags": ["Secure Browsing Policy"], "summary": "Partially update the policy of a Secure Browsing rule (deep merge)", "operationId": "patch_secure_browsing_policy_external_v1_secure_browsing_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchSecureBrowsingPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Secure Browsing Policy External V1 Secure Browsing Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rule/attach-objects": {"post": {"tags": ["Secure Browsing Policy"], "summary": "Attach objects to a Secure Browsing rule", "operationId": "attach_secure_browsing_rule_objects_external_v1_secure_browsing_rule_attach_objects_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AttachSecureBrowsingObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Attach Secure Browsing Rule Objects External V1 Secure Browsing Rule Attach Objects Post"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rule/detach-objects": {"post": {"tags": ["Secure Browsing Policy"], "summary": "Detach objects from a Secure Browsing rule", "operationId": "detach_secure_browsing_rule_objects_external_v1_secure_browsing_rule_detach_objects_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/DetachObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Detach Secure Browsing Rule Objects External V1 Secure Browsing Rule Detach Objects Post"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rule/set-objects": {"put": {"tags": ["Secure Browsing Policy"], "summary": "Set (replace) all objects of a Secure Browsing rule for a feature", "operationId": "set_secure_browsing_rule_objects_external_v1_secure_browsing_rule_set_objects_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetSecureBrowsingObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Secure Browsing Rule Objects External V1 Secure Browsing Rule Set Objects Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/rules/set-info": {"put": {"tags": ["Rulebase"], "summary": "Update rule display info (name, description)", "operationId": "set_rule_info_external_v1_rules_set_info_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetInfoRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Rule Info External V1 Rules Set Info Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/rules/reorder": {"put": {"tags": ["Rulebase"], "summary": "Change a rule's priority position in the rulebase", "operationId": "reorder_rule_external_v1_rules_reorder_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonReorderRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Reorder Rule External V1 Rules Reorder Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/rules/set-source": {"put": {"tags": ["Rulebase"], "summary": "Replace the user/group source of a rule", "operationId": "set_source_external_v1_rules_set_source_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetSourceRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Source External V1 Rules Set Source Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/rules/set-active": {"put": {"tags": ["Rulebase"], "summary": "Enable or disable a rule without deleting it", "operationId": "set_active_external_v1_rules_set_active_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetActiveRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Active External V1 Rules Set Active Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/rules/{rule_id}": {"delete": {"tags": ["Rulebase"], "summary": "Permanently delete a rule from the rulebase", "operationId": "delete_rule_external_v1_rules__rule_id__delete", "security": [{"HTTPBearer": []}], "parameters": [{"name": "rule_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Rule Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonDeleteRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/app/browse-protect-policy/external/v1/dlp-datatypes/predefined": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all predefined DLP datatypes", "operationId": "get_predefined_datatypes_external_v1_dlp_datatypes_predefined_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp-datatypes/custom": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all custom DLP datatypes", "operationId": "get_custom_datatypes_external_v1_dlp_datatypes_custom_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp-datatypes/all": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all DLP datatypes (predefined and custom)", "operationId": "get_all_datatypes_external_v1_dlp_datatypes_all_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp-datatypes": {"get": {"tags": ["DLP Datatypes"], "summary": "Get DLP datatypes for tenant", "operationId": "get_datatypes_external_v1_dlp_datatypes_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpTenantDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}, "post": {"tags": ["DLP Datatypes"], "summary": "Set DLP datatypes for tenant", "operationId": "set_datatypes_external_v1_dlp_datatypes_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetDlpTenantDataTypesRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetDlpTenantDataTypesResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp-datatypes/installation/status": {"get": {"tags": ["DLP Datatypes"], "summary": "Get data type installation status", "operationId": "get_installation_status_route_external_v1_dlp_datatypes_installation_status_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DataTypeInstallationResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp-datatypes/installation/retry": {"post": {"tags": ["DLP Datatypes"], "summary": "Retry data type installation", "operationId": "retry_installation_route_external_v1_dlp_datatypes_installation_retry_post", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DataTypeInstallationResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-assets/external/v1/assets": {"post": {"tags": ["Deployment Status"], "summary": "Query assets with domain joins, filters and pagination", "operationId": "query_assets_external_v1_assets_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-assets/external/v1/assets/count": {"post": {"tags": ["Deployment Status"], "summary": "Get count of assets matching filters", "operationId": "get_assets_count_external_v1_assets_count_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsCountRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsCountResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-assets/external/v1/users": {"post": {"tags": ["Users"], "summary": "Query users with pagination and search", "operationId": "query_users_external_v1_users_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-assets/external/v1/users/by-ids": {"post": {"tags": ["Users"], "summary": "Get users by array of IDs", "operationId": "get_users_by_ids_endpoint_external_v1_users_by_ids_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersByIdsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersByIdsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-apps/external/v1/apps/search": {"post": {"tags": ["Apps Catalog"], "summary": "Search GenAI apps by name, name, description, or URL", "operationId": "search_apps_external_v1_apps_search_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppSearchRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppSearchResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-apps/external/v1/apps/by-ids": {"post": {"tags": ["Apps Catalog"], "summary": "Get GenAI apps by array of IDs", "operationId": "get_apps_by_ids_external_v1_apps_by_ids_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppsByIdsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppsByIdsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}}, "components": {"schemas": {"AccessPolicy": {"properties": {"services_and_application": {"anyOf": [{"$ref": "#/components/schemas/ServicesAndApplication"}, {"type": "null"}], "description": "Services and application configuration"}, "action": {"anyOf": [{"type": "string", "enum": ["block", "allow", "ask"]}, {"type": "null"}], "title": "Action", "description": "Action to take for access control"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}, "download_file_protection": {"anyOf": [{"$ref": "#/components/schemas/FileDownloadActionSupported"}, {"type": "null"}], "description": "File download protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules."}, "upload_file_protection": {"anyOf": [{"$ref": "#/components/schemas/FileUploadActionSupported"}, {"type": "null"}], "description": "File upload protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules."}}, "type": "object", "title": "AccessPolicy"}, "Account": {"properties": {"account_id": {"type": "string", "title": "Account Id", "description": "Account identifier"}}, "type": "object", "required": ["account_id"], "title": "Account", "description": "External-safe twin of Account."}, "AccountSelectionMode": {"type": "string", "enum": ["all", "selected_account"], "title": "AccountSelectionMode", "description": "Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."}, "AddAccessRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Access control policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddAccessRuleRequest", "description": "Create a new Access rule.\n\nAccess rules control which AI services and applications users are allowed\nto interact with, including allow/block decisions per service."}, "AddChatsRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Chats policy configuration for chat interactions"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddChatsRuleRequest", "description": "Create a new Chats rule.\n\nChats rules control data-loss-prevention for AI chat interactions:\nprompt/response inspection, sensitive-data detection, and file transfer policies."}, "AddMCPServerRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Agents policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddMCPServerRuleRequest", "description": "Create a new Agents rule.\n\nAgents rules govern agent interactions, including which tools\nagents can invoke and what access controls apply to agent operations."}, "AddRuleResponse": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "The UUID of the newly created rule"}, "name": {"type": "string", "title": "Name", "description": "The name of the newly created rule"}}, "type": "object", "required": ["rule_id", "name"], "title": "AddRuleResponse", "description": "Response returned after creating a rule."}, "AddSecureBrowsingRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Secure Browsing policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddSecureBrowsingRuleRequest", "description": "Create a new Secure Browsing rule.\n\nSecure Browsing rules define threat-prevention policies for web browsing:\nphishing protection, password-reuse detection, and domain-based filtering."}, "AgentsPolicy": {"properties": {"action": {"anyOf": [{"type": "string", "enum": ["block", "allow", "ask"]}, {"type": "null"}], "title": "Action", "description": "Action to take for MCP server"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}, "clients": {"anyOf": [{"$ref": "#/components/schemas/MCPClients"}, {"type": "null"}], "description": "Desktop clients selection"}, "servers": {"anyOf": [{"$ref": "#/components/schemas/MCPServers"}, {"type": "null"}], "description": "MCP servers configuration"}, "tooling": {"anyOf": [{"$ref": "#/components/schemas/Tooling"}, {"type": "null"}], "description": "Tooling configuration for MCP"}}, "type": "object", "title": "AgentsPolicy"}, "Assignment": {"properties": {"assignment_id": {"type": "string", "format": "uuid", "title": "Assignment Id", "description": "ID of the user or group. Ignored when assignment_type is ENTIRE_ORG (auto-set to 00000000-0000-0000-0000-000000000000)."}, "display_name": {"type": "string", "title": "Display Name", "description": "Human-readable name of the user or group"}, "assignment_type": {"$ref": "#/components/schemas/AssignmentType", "description": "Whether this is a user, group, or entire-org assignment"}}, "type": "object", "required": ["assignment_id", "display_name", "assignment_type"], "title": "Assignment", "description": "External-safe twin of Assignment."}, "AssignmentType": {"type": "string", "enum": ["ASSIGNMENT_TYPE_USER", "ASSIGNMENT_TYPE_GROUP", "ASSIGNMENT_TYPE_ENTIRE_ORG"], "title": "AssignmentType"}, "AttachAccessObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "enum": ["FILE_EMULATION", "DOMAIN_SERVICES"], "title": "Feature", "description": "Object feature type; Access rules support FILE_EMULATION and DOMAIN_SERVICES"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachAccessObjectsRequest", "description": "Attach reusable objects to an Access rule.\n\nAccess rules support FILE_EMULATION objects (file scanning/emulation settings)\nand DOMAIN_SERVICES objects (domain allow/block lists)."}, "AttachChatsObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "const": "DOMAIN_SERVICES", "title": "Feature", "description": "Object feature type; Chats rules only support DOMAIN_SERVICES"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachChatsObjectsRequest", "description": "Attach reusable objects to a Chats rule.\n\nChats rules support DOMAIN_SERVICES objects (domain allow/block lists\napplied during chat interactions)."}, "AttachSecureBrowsingObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "enum": ["PROTECTED_DOMAINS", "EXCLUDE_DOMAINS"], "title": "Feature", "description": "Object feature type; Secure Browsing supports PROTECTED_DOMAINS and EXCLUDE_DOMAINS"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachSecureBrowsingObjectsRequest", "description": "Attach reusable objects to a Secure Browsing rule.\n\nSecure Browsing rules support PROTECTED_DOMAINS (domains where threat\nprevention is enforced) and EXCLUDE_DOMAINS (domains exempted from scanning)."}, "CategoryItem": {"properties": {"category_id": {"$ref": "#/components/schemas/URLFCategory", "description": "Category ID from the supported URLF categories. The following categories are available:\n\n| Category | ID |\n|---|---|\n| Uncategorized | 0 |\n| Computers & Internet | 1 |\n| Education | 3 |\n| Entertainment | 5 |\n| Financial Services | 7 |\n| Gambling | 9 |\n| Government / Military | 11 |\n| Greeting Cards | 12 |\n| Hacking | 13 |\n| Hate / Racism | 14 |\n| Health | 15 |\n| Illegal / Questionable | 17 |\n| Illegal Drugs | 18 |\n| Job Search / Careers | 21 |\n| Media Streams | 23 |\n| News / Media | 24 |\n| Newsgroups / Forums | 25 |\n| Nudity | 26 |\n| Personals / Dating | 30 |\n| Phishing | 31 |\n| Political / Legal | 32 |\n| Pornography | 33 |\n| Real Estate | 34 |\n| Recreation | 35 |\n| Religion | 37 |\n| Restaurants / Dining / Food | 39 |\n| Sex Education | 41 |\n| Shopping | 42 |\n| Alcohol / Tobacco | 45 |\n| Art / Culture | 47 |\n| Blogs / Personal Pages | 49 |\n| Business / Economy | 51 |\n| Software Downloads | 53 |\n| Sports | 54 |\n| Spyware / Malicious Sites | 55 |\n| Tasteless | 56 |\n| Translation | 58 |\n| Travel | 59 |\n| Vehicles | 60 |\n| Violence | 61 |\n| Weapons | 62 |\n| Botnets | 65 |\n| Spam | 66 |\n| Inactive Sites | 67 |\n| Fashion | 68 |\n| Non-Profits / NGOs | 69 |\n| Sex | 70 |\n| General | 71 |\n| Nature / Conservation | 72 |\n| Child Abuse | 73 |\n| URL Filtering | 74 |\n| Lifestyle | 75 |\n| Lingerie / Swimsuit / Suggestive | 76 |\n| Suspicious Content | 77 |\n| Marijuana | 78 |\n| Web Advertisements | 50000032 |\n| Instant Chat | 50000086 |\n| Very Low Risk | 51000001 |\n| Low Risk | 51000002 |\n| Medium Risk | 51000003 |\n| High Risk | 51000004 |\n| Critical Risk | 51000005 |\n| Anonymizer | 52000038 |\n| P2P File Sharing | 52000046 |\n| Instant Messaging | 52000047 |\n| Media Sharing | 52000051 |\n| Games | 52000058 |\n| Social Networking | 52000069 |\n| Email | 52000130 |\n| Search Engines / Portals | 52000132 |\n| File Storage / Sharing | 52000136 |\n| Keyloggers | 60530540 |\n| Occult | 60530541 |\n| Hosting Sites | 60530542 |\n| DDNS / Dynamic DNS | 60530648 |\n| Artificial Intelligence (AI) | 60517663 |\n| Generative AI Tools | 60531762 |\n\n**Note:** GenAI rules only allow category 60531762 (Generative AI Tools), used as \"Any AI tool\". Browse rules can use any *other* category."}}, "type": "object", "required": ["category_id"], "title": "CategoryItem"}, "ChatsPolicy": {"properties": {"event_type": {"anyOf": [{"$ref": "#/components/schemas/DLPEventType"}, {"type": "null"}], "description": "Type of event to apply DLP policy on"}, "services_and_application": {"anyOf": [{"$ref": "#/components/schemas/ServicesAndApplication"}, {"type": "null"}], "description": "Services and application configuration"}, "data_types": {"anyOf": [{"items": {"$ref": "#/components/schemas/DataType"}, "type": "array"}, {"type": "null"}], "title": "Data Types", "description": "DLP Data types"}, "action": {"anyOf": [{"type": "string", "enum": ["prevent", "ask", "redact", "detect", "allow", "block"]}, {"type": "null"}], "title": "Action", "description": "Action to take when DLP rule is triggered"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}}, "type": "object", "title": "ChatsPolicy"}, "ClaudeExtensionsConfig": {"properties": {"extension_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Extension Name", "description": "Extension name from manifest.json", "default": "", "examples": ["chrome-control"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for extension_name matching", "default": "exact"}}, "type": "object", "title": "ClaudeExtensionsConfig"}, "CommonDeleteRuleResponse": {"properties": {"message": {"type": "string", "title": "Message"}, "rule_id": {"type": "string", "title": "Rule Id"}, "name": {"type": "string", "title": "Name"}}, "type": "object", "required": ["message", "rule_id", "name"], "title": "CommonDeleteRuleResponse", "description": "Confirmation of rule deletion."}, "CommonReorderRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to reorder"}, "new_order": {"type": "integer", "title": "New Order", "description": "Target position in the rulebase (1-based). Lower values = higher priority = evaluated first"}}, "type": "object", "required": ["rule_id", "new_order"], "title": "CommonReorderRequest", "description": "Move a rule to a new position in the rulebase.\n\nOther rules in the same rulebase are shifted automatically to accommodate."}, "CommonSetActiveRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "active": {"type": "boolean", "title": "Active", "description": "True to enforce the rule, false to skip it during evaluation"}}, "type": "object", "required": ["rule_id", "active"], "title": "CommonSetActiveRequest", "description": "Enable or disable a rule without deleting it.\n\nInactive rules remain in the rulebase but are skipped during policy evaluation."}, "CommonSetInfoRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "name": {"type": "string", "title": "Name", "description": "New human-readable name for the rule"}, "description": {"type": "string", "title": "Description", "description": "New description of the rule's purpose"}}, "type": "object", "required": ["rule_id", "name", "description"], "title": "CommonSetInfoRequest", "description": "Update a rule's display information without changing its policy or assignments."}, "CommonSetSourceRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Complete list of user/group source entries; replaces all existing entries"}}, "type": "object", "required": ["rule_id", "source"], "title": "CommonSetSourceRequest", "description": "Replace the full source list of a rule.\n\nSource entries determine which users or groups the rule applies to.\nAn empty list means the rule applies to everyone in the tenant."}, "CreateDomainsObjectRequest": {"properties": {"name": {"type": "string", "maxLength": 255, "minLength": 1, "title": "Name", "description": "Display name for the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Explanation of what this object is used for", "default": ""}, "object_data": {"$ref": "#/components/schemas/DomainsObject", "description": "Domain list configuration (up to 200 domain entries)"}}, "type": "object", "required": ["name", "object_data"], "title": "CreateDomainsObjectRequest", "description": "Create a new domains object.\n\nDomains objects contain a list of domain entries used for domain-based\nfiltering in rules (e.g. protected domains, excluded domains, service domains)."}, "CreateFileProtectionObjectRequest": {"properties": {"name": {"type": "string", "maxLength": 255, "minLength": 1, "title": "Name", "description": "Display name for the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Explanation of what this object is used for", "default": ""}, "object_data": {"$ref": "#/components/schemas/FileProtectionObject", "description": "File protection settings: upload/download actions, size limits, fail-close behavior, and per-file-type overrides"}}, "type": "object", "required": ["name", "object_data"], "title": "CreateFileProtectionObjectRequest", "description": "Create a new file-protection object.\n\nFile-protection objects define scanning and emulation behavior for file\nuploads and downloads, including per-file-type action overrides and size limits."}, "CreateObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "The UUID of the newly created object"}}, "type": "object", "required": ["object_id"], "title": "CreateObjectResponse", "description": "Response returned after creating an object."}, "DLPEventType": {"type": "string", "enum": ["file_upload", "file_download", "paste", "prompt", "copy"], "title": "DLPEventType"}, "DLPType": {"type": "string", "enum": ["PRE_DEFINED", "CUSTOM"], "title": "DLPType"}, "DataType": {"properties": {"id": {"type": "string", "format": "uuid", "title": "Id", "description": "UUID of the data type", "default": "", "examples": ["cf0523c1-537e-4a4b-8bb8-084b7b9e0b45"]}, "name": {"type": "string", "title": "Name", "description": "Display name of the data type", "default": "", "examples": ["American Express Travelers Cheques Number"]}, "type": {"$ref": "#/components/schemas/DLPType", "description": "Type of the data type", "default": "PRE_DEFINED"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel", "description": "Matching level for the data type"}}, "type": "object", "title": "DataType"}, "DataTypeInstallationResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "status": {"$ref": "#/components/schemas/InstallationStatus"}, "data_types_count": {"type": "integer", "title": "Data Types Count"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At"}}, "type": "object", "required": ["tenant_id", "status", "data_types_count", "updated_at"], "title": "DataTypeInstallationResponse", "description": "Response model for data type installation status."}, "DeleteObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to delete"}}, "type": "object", "required": ["object_id"], "title": "DeleteObjectRequest", "description": "Delete a policy object.\n\nDeletion will fail with 409 Conflict if the object is currently attached\nto one or more rules. Detach it from all rules first."}, "DetachObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to detach objects from"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to remove from the rule"}}, "type": "object", "required": ["rule_id", "object_ids"], "title": "DetachObjectsRequest", "description": "Remove objects from a rule. Works across all rule types that support objects."}, "DlpCreateType": {"type": "string", "enum": ["PRE_DEFINED", "CUSTOM"], "title": "DlpCreateType"}, "DlpDataType": {"properties": {"id": {"type": "string", "title": "Id"}, "assetId": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Assetid"}, "objectStatus": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Objectstatus"}, "name": {"type": "string", "title": "Name"}, "type": {"type": "string", "title": "Type"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "creationTime": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Creationtime"}, "lastUpdateTime": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Lastupdatetime"}, "dataTypeTags": {"anyOf": [{"items": {"$ref": "#/components/schemas/DlpDataTypeTag"}, "type": "array"}, {"type": "null"}], "title": "Datatypetags"}, "redactSupported": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Redactsupported"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel"}, "content": {"anyOf": [{"additionalProperties": true, "type": "object"}, {"type": "null"}], "title": "Content"}, "comment": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Comment"}}, "additionalProperties": true, "type": "object", "required": ["id", "name", "type", "createType"], "title": "DlpDataType", "example": {"assetId": "3e2ed446-5d2e-4091-b561-2db1458f9791", "createType": "PRE_DEFINED", "creationTime": "2023-02-22T15:23:55.446Z", "dataTypeTags": [{"isCategory": false, "name": "Financial & Business"}], "description": "Matches American Bankers Association (ABA) Routing Transit Numbers", "id": "3e2ed446-5d2e-4091-b561-2db1458f9791", "lastUpdateTime": "2023-02-22T15:23:56.317Z", "matchingLevel": 1, "name": "ABA Transit Numbers", "objectStatus": "Normal", "redactSupported": false, "type": "PATTERN"}}, "DlpDataTypeReference": {"properties": {"id": {"type": "string", "title": "Id"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}}, "type": "object", "required": ["id", "createType"], "title": "DlpDataTypeReference", "example": {"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90"}}, "DlpDataTypeTag": {"properties": {"name": {"type": "string", "title": "Name"}, "data": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "title": "Data"}, "isCategory": {"type": "boolean", "title": "Iscategory"}}, "type": "object", "required": ["name", "isCategory"], "title": "DlpDataTypeTag", "example": {"data": ["Other"], "isCategory": true, "name": "Regulation"}}, "DlpTenantDataType": {"properties": {"id": {"type": "string", "title": "Id"}, "name": {"type": "string", "title": "Name"}, "type": {"type": "string", "title": "Type"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}, "internal": {"type": "boolean", "title": "Internal"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel"}}, "type": "object", "required": ["id", "name", "type", "createType", "internal"], "title": "DlpTenantDataType", "example": {"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90", "internal": false, "matchingLevel": 1, "name": "IP Address", "type": "GROUP"}}, "DockerGatewayConfig": {"properties": {}, "type": "object", "title": "DockerGatewayConfig"}, "DockerRunnerConfig": {"properties": {"image_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Image Name", "description": "Docker image name", "default": "", "examples": ["modelcontextprotocol/server-github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for image_name matching", "default": "exact"}}, "type": "object", "title": "DockerRunnerConfig"}, "DomainConfig": {"properties": {"domain_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Domain Name", "description": "Domain name of the remote server", "default": "", "examples": ["mcp-server.example.com", "example.com"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/DomainMatchMode"}, {"type": "null"}], "description": "Match mode for domain matching (exact_host or any_subdomain)", "default": "exact_host"}}, "type": "object", "title": "DomainConfig"}, "DomainItem": {"properties": {"domain": {"type": "string", "format": "hostname", "title": "Domain", "description": "Valid domain name or IPv4 address"}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/DomainMatchMode"}, {"type": "null"}], "description": "Match mode for domain matching (exact_host or any_subdomain)", "default": "exact_host"}}, "type": "object", "required": ["domain"], "title": "DomainItem"}, "DomainMatchMode": {"type": "string", "enum": ["exact_host", "any_subdomain"], "title": "DomainMatchMode", "description": "Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."}, "DomainsObject": {"properties": {"domains": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "maxItems": 200, "title": "Domains", "description": "List of domains"}}, "type": "object", "title": "DomainsObject", "description": "External-safe twin of DomainsObject."}, "DomainsObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/DomainsObject"}, {"type": "null"}], "description": "The domain list entries"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "DomainsObjectResponse", "description": "A domains object with its full configuration."}, "ExecutableServerConfig": {"properties": {"executable_path": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Executable Path", "description": "Path to the executable", "default": "", "examples": ["/path/to/executable"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for executable_path matching", "default": "exact"}}, "type": "object", "title": "ExecutableServerConfig"}, "FileActionUnsupported": {"type": "string", "enum": ["Block", "Allow"], "title": "FileActionUnsupported"}, "FileDownloadActionSupported": {"type": "string", "enum": ["na", "Block", "Allow", "EmulateInBackground", "WaitForEmulation", "Detect", "Extract"], "title": "FileDownloadActionSupported"}, "FileFailClose": {"type": "string", "enum": ["FailClose", "FailOpen"], "title": "FileFailClose"}, "FileProtectionObject": {"properties": {"file_download_action_unsupported": {"anyOf": [{"$ref": "#/components/schemas/FileActionUnsupported"}, {"type": "null"}]}, "file_upload_action_unsupported": {"anyOf": [{"$ref": "#/components/schemas/FileActionUnsupported"}, {"type": "null"}]}, "file_download_size_limit_mb": {"anyOf": [{"type": "integer", "maximum": 100.0, "minimum": 1.0}, {"type": "null"}], "title": "File Download Size Limit Mb"}, "file_upload_size_limit_mb": {"anyOf": [{"type": "integer", "maximum": 100.0, "minimum": 1.0}, {"type": "null"}], "title": "File Upload Size Limit Mb"}, "file_download_error_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_download_size_limit_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_upload_error_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_upload_size_limit_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_download_action_per_supported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileDownloadActionSupported"}, "propertyNames": {"$ref": "#/components/schemas/SupportedFileType"}, "type": "object"}, {"type": "null"}], "title": "File Download Action Per Supported File"}, "file_download_action_per_unsupported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileActionUnsupported"}, "type": "object", "maxProperties": 1000}, {"type": "null"}], "title": "File Download Action Per Unsupported File"}, "file_upload_action_per_supported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileUploadActionSupported"}, "propertyNames": {"$ref": "#/components/schemas/SupportedFileType"}, "type": "object"}, {"type": "null"}], "title": "File Upload Action Per Supported File"}, "file_upload_action_per_unsupported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileActionUnsupported"}, "type": "object", "maxProperties": 1000}, {"type": "null"}], "title": "File Upload Action Per Unsupported File"}}, "type": "object", "title": "FileProtectionObject", "description": "External-safe twin of FileProtectionObject."}, "FileProtectionObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/FileProtectionObject"}, {"type": "null"}], "description": "File protection settings: upload/download actions, size limits, fail-close behavior, and per-file-type overrides"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "FileProtectionObjectResponse", "description": "A file-protection object with its full configuration."}, "FileUploadActionSupported": {"type": "string", "enum": ["na", "Block", "Allow", "EmulateInBackground", "WaitForEmulation", "Detect"], "title": "FileUploadActionSupported"}, "GenAIApp": {"properties": {"id": {"type": "integer", "exclusiveMinimum": 0.0, "title": "Id", "description": "GenAI application ID"}, "mode": {"anyOf": [{"$ref": "#/components/schemas/AccountSelectionMode"}, {"type": "null"}], "description": "Account selection mode: 'all' or 'selected_account'", "default": "all"}, "accounts": {"items": {"$ref": "#/components/schemas/Account"}, "type": "array", "title": "Accounts", "description": "List of selected accounts (used when mode='selected_account')"}}, "type": "object", "required": ["id"], "title": "GenAIApp"}, "GetDlpDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "dataTypes": {"items": {"$ref": "#/components/schemas/DlpDataType"}, "type": "array", "title": "Datatypes"}}, "type": "object", "required": ["status", "dataTypes"], "title": "GetDlpDataTypesResponse", "example": {"dataTypes": [{"assetId": "3e2ed446-5d2e-4091-b561-2db1458f9791", "createType": "PRE_DEFINED", "creationTime": "2023-02-22T15:23:55.446Z", "description": "Matches ABA Routing Transit Numbers", "id": "3e2ed446-5d2e-4091-b561-2db1458f9791", "lastUpdateTime": "2023-02-22T15:23:56.317Z", "name": "ABA Transit Numbers", "objectStatus": "Normal", "redactSupported": false, "type": "PATTERN"}], "status": "SUCCESS"}}, "GetDlpTenantDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "id": {"type": "string", "title": "Id"}, "dataTypes": {"items": {"$ref": "#/components/schemas/DlpTenantDataType"}, "type": "array", "title": "Datatypes"}}, "type": "object", "required": ["status", "id", "dataTypes"], "title": "GetDlpTenantDataTypesResponse", "example": {"dataTypes": [{"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90", "internal": false, "name": "IP Address", "type": "GROUP"}, {"createType": "PRE_DEFINED", "id": "d2c4411f-dd0e-495b-b856-5686e68892b4", "internal": false, "name": "PCI - Credit Card Numbers", "type": "PATTERN"}], "id": "bb47587c-fda0-4cb3-896e-1d359d0e3f9d", "status": "SUCCESS"}}, "GetDomainsObjectsResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/DomainsObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "GetDomainsObjectsResponse", "description": "All domains objects for the tenant, including their full configuration."}, "GetFileProtectionObjectsResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/FileProtectionObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "GetFileProtectionObjectsResponse", "description": "All file-protection objects for the tenant, including their full configuration."}, "GetRulebaseResponse": {"properties": {"rulebase_version": {"type": "integer", "title": "Rulebase Version", "description": "Monotonically increasing version of this rulebase. Incremented whenever any rule in the rulebase is created, modified, or deleted. Compare with a previously stored value to detect whether the rulebase has changed (useful for caching or polling)"}, "rules": {"items": {"$ref": "#/components/schemas/RuleResponse"}, "type": "array", "title": "Rules", "description": "All rules in the rulebase, ordered by priority (ascending)"}}, "type": "object", "required": ["rulebase_version", "rules"], "title": "GetRulebaseResponse", "description": "Full rulebase for a given policy type, including its version for change detection."}, "HTTPValidationError": {"properties": {"detail": {"items": {"$ref": "#/components/schemas/ValidationError"}, "type": "array", "title": "Detail"}}, "type": "object", "title": "HTTPValidationError"}, "InstallationStatus": {"type": "string", "enum": ["pending", "success", "failed"], "title": "InstallationStatus", "description": "Status of DLP Next data type installation."}, "LoggingStatus": {"type": "string", "enum": ["enabled", "disabled"], "title": "LoggingStatus", "description": "Logging status enumeration."}, "MCPClient": {"properties": {"os": {"anyOf": [{"$ref": "#/components/schemas/OSType"}, {"type": "null"}], "description": "Operating system for the client"}, "name_id": {"anyOf": [{"$ref": "#/components/schemas/MCPClientNameId"}, {"type": "null"}], "description": "Client name identifier e.g. 'claude_desktop', 'docker_desktop'", "examples": ["claude_desktop", "docker_desktop"]}}, "type": "object", "title": "MCPClient"}, "MCPClientNameId": {"type": "string", "enum": ["claude_desktop", "vscode", "cursor", "windsurf", "zed", "perplexity", "antigravity", "jetbrains", "roo", "cline", "docker_desktop"], "title": "MCPClientNameId", "description": "MCP Client name identifier enumeration."}, "MCPClients": {"properties": {"mode": {"anyOf": [{"$ref": "#/components/schemas/SelectionMode"}, {"type": "null"}], "description": "Mode for client selection"}, "selected": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPClient"}, "type": "array"}, {"type": "null"}], "title": "Selected", "description": "List of selected clients"}}, "type": "object", "title": "MCPClients"}, "MCPIds": {"properties": {"name_id": {"anyOf": [{"type": "string", "minLength": 1}, {"type": "null"}], "title": "Name Id", "description": "Name of the managed MCP", "default": "", "examples": ["jira", "github"]}}, "type": "object", "title": "MCPIds"}, "MCPRiskLevel": {"properties": {"use_min": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Use Min", "description": "Whether to use minimum risk level limit", "default": false}, "use_max": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Use Max", "description": "Whether to use maximum risk level limit", "default": false}, "min": {"anyOf": [{"type": "integer", "minimum": 0.0}, {"type": "null"}], "title": "Min", "description": "Minimum risk level"}, "max": {"anyOf": [{"type": "integer", "minimum": 0.0}, {"type": "null"}], "title": "Max", "description": "Maximum risk level"}}, "type": "object", "title": "MCPRiskLevel"}, "MCPServer": {"properties": {"server_type": {"anyOf": [{"type": "string", "enum": ["all", "node_server", "python_server", "claude_extensions", "executable_server", "unknown_server", "docker_gateway", "docker_runner", "remote_server"]}, {"type": "null"}], "title": "Server Type", "description": "Type of the MCP server"}, "node_server": {"anyOf": [{"$ref": "#/components/schemas/NodeServerConfig"}, {"type": "null"}], "description": "Node server configuration"}, "python_server": {"anyOf": [{"$ref": "#/components/schemas/PythonServerConfig"}, {"type": "null"}], "description": "Python server configuration"}, "claude_extensions": {"anyOf": [{"$ref": "#/components/schemas/ClaudeExtensionsConfig"}, {"type": "null"}], "description": "Claude extensions configuration"}, "executable_server": {"anyOf": [{"$ref": "#/components/schemas/ExecutableServerConfig"}, {"type": "null"}], "description": "Executable server configuration"}, "unknown_server": {"anyOf": [{"$ref": "#/components/schemas/UnknownServerConfig"}, {"type": "null"}], "description": "Unknown server configuration"}, "docker_gateway": {"anyOf": [{"$ref": "#/components/schemas/DockerGatewayConfig"}, {"type": "null"}], "description": "Docker gateway configuration"}, "docker_runner": {"anyOf": [{"$ref": "#/components/schemas/DockerRunnerConfig"}, {"type": "null"}], "description": "Docker runner configuration"}, "remote_server": {"anyOf": [{"$ref": "#/components/schemas/RemoteServerConfig"}, {"type": "null"}], "description": "Remote server configuration"}}, "type": "object", "title": "MCPServer"}, "MCPServers": {"properties": {"mcp_servers_mode": {"anyOf": [{"$ref": "#/components/schemas/MCPServersMode"}, {"type": "null"}], "description": "Mode for MCP servers selection: all, risk_level, managed, manual"}, "risk_level": {"anyOf": [{"$ref": "#/components/schemas/MCPRiskLevel"}, {"type": "null"}], "description": "Risk level configuration for MCP servers"}, "managed": {"anyOf": [{"$ref": "#/components/schemas/ManagedMCP"}, {"type": "null"}], "description": "Managed MCP configuration"}, "manual": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPServer"}, "type": "array"}, {"type": "null"}], "title": "Manual", "description": "List of manual MCP servers"}}, "type": "object", "title": "MCPServers"}, "MCPServersMode": {"type": "string", "enum": ["all", "risk_level", "manual", "managed"], "title": "MCPServersMode", "description": "MCP Servers mode enumeration."}, "MCPToolItem": {"properties": {"tool_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Tool Name", "description": "Name of a tool e.g. 'create_issue', 'update_issue'", "default": "", "examples": ["create_issue", "update_issue"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for tool name matching", "default": "exact"}}, "type": "object", "title": "MCPToolItem"}, "ManagedMCP": {"properties": {"name_ids": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPIds"}, "type": "array"}, {"type": "null"}], "title": "Name Ids", "description": "List of managed MCP identifiers"}}, "type": "object", "title": "ManagedMCP"}, "MatchMode": {"type": "string", "enum": ["exact", "contains"], "title": "MatchMode", "description": "Matching mode enumeration."}, "MatchToolsMode": {"type": "string", "enum": ["tools_include", "tools_exclude", "operations", "all"], "title": "MatchToolsMode", "description": "Match mode for tools enumeration."}, "NodeServerConfig": {"properties": {"package_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Package Name", "description": "NPM package name e.g. '@modelcontextprotocol/server-github'", "default": "", "examples": ["@modelcontextprotocol/server-github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for package_name matching", "default": "exact"}}, "type": "object", "title": "NodeServerConfig"}, "OSType": {"type": "string", "enum": ["windows", "macos", "all"], "title": "OSType", "description": "Operating system enumeration."}, "ObjectFeature": {"type": "string", "enum": ["FILE_EMULATION", "PROTECTED_DOMAINS", "DOMAIN_SERVICES", "EXCLUDE_DOMAINS"], "title": "ObjectFeature"}, "ObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "ObjectResponse", "description": "Object metadata without the full configuration payload (used in update responses)."}, "OnOff": {"type": "string", "enum": ["on", "off"], "title": "OnOff", "description": "Simple on/off toggle."}, "OperationMatch": {"type": "string", "enum": ["match", "unmatch"], "title": "OperationMatch", "description": "Operation match enumeration."}, "PatchAccessPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Partial access policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchAccessPolicyRequest", "description": "Partially update an Access rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PatchChatsPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Partial Chats policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchChatsPolicyRequest", "description": "Partially update a Chats rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged. Useful for toggling a single setting\nwithout resending the full configuration."}, "PatchMCPServerPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Partial Agents policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchMCPServerPolicyRequest", "description": "Partially update an Agents rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PatchSecureBrowsingPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Partial Secure Browsing policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchSecureBrowsingPolicyRequest", "description": "Partially update a Secure Browsing rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PythonServerConfig": {"properties": {"module_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Module Name", "description": "Python module name e.g. 'modelcontextprotocol_server_github'", "default": "", "examples": ["modelcontextprotocol_server_github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for module_name matching", "default": "exact"}}, "type": "object", "title": "PythonServerConfig"}, "RemoteServerConfig": {"properties": {"match_mode": {"anyOf": [{"type": "string", "enum": ["url", "domain"]}, {"type": "null"}], "title": "Match Mode", "description": "Match mode type: 'url' for URL-based matching or 'domain' for domain-based matching"}, "url": {"anyOf": [{"$ref": "#/components/schemas/URLConfig"}, {"type": "null"}], "description": "URL configuration for remote server (used when match_mode='url')"}, "domain": {"anyOf": [{"$ref": "#/components/schemas/DomainConfig"}, {"type": "null"}], "description": "Domain configuration for remote server (used when match_mode='domain')"}}, "type": "object", "title": "RemoteServerConfig"}, "RuleResponse": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "Unique identifier of the rule"}, "name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every modification; can be used for optimistic concurrency checks"}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase that determines evaluation priority. Lower values are evaluated first; when two rules match the same request, the lower-order rule takes precedence"}, "active": {"type": "boolean", "title": "Active", "description": "Whether the rule is currently enforced; inactive rules are skipped"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At"}, "policy": {"anyOf": [{"$ref": "#/components/schemas/ChatsPolicy"}, {"$ref": "#/components/schemas/AccessPolicy"}, {"$ref": "#/components/schemas/AgentsPolicy"}, {"$ref": "#/components/schemas/SecureBrowsingPolicy"}], "title": "Policy", "description": "The enforcement configuration for this rule. Structure varies by rulebase type (Chats, Access, Agents, Secure Browsing)"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to (source entries). An empty list means the rule matches all users in the tenant"}, "objects": {"anyOf": [{"additionalProperties": {"items": {"type": "string"}, "type": "array"}, "propertyNames": {"$ref": "#/components/schemas/ObjectFeature"}, "type": "object"}, {"type": "null"}], "title": "Objects", "description": "Reusable policy objects attached to this rule, keyed by feature (e.g. FILE_EMULATION, DOMAIN_SERVICES). Values are lists of object IDs. Objects allow sharing configuration (domain lists, file-protection settings) across rules"}}, "type": "object", "required": ["rule_id", "name", "version", "order", "active", "created_at", "updated_at", "policy"], "title": "RuleResponse", "description": "A single rule within a rulebase."}, "SecureBrowsingPolicy": {"properties": {"password_reuse": {"anyOf": [{"$ref": "#/components/schemas/ThreatPreventionAction"}, {"type": "null"}]}, "zero_phishing": {"anyOf": [{"$ref": "#/components/schemas/ThreatPreventionAction"}, {"type": "null"}]}, "safe_search": {"anyOf": [{"$ref": "#/components/schemas/OnOff"}, {"type": "null"}]}, "search_reputation": {"anyOf": [{"$ref": "#/components/schemas/OnOff"}, {"type": "null"}]}, "domain_exclusions": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Domain Exclusions", "description": "List of excluded domains"}, "protected_domains": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Protected Domains", "description": "List of protected domains"}}, "type": "object", "title": "SecureBrowsingPolicy"}, "SelectionMode": {"type": "string", "enum": ["selected", "all"], "title": "SelectionMode", "description": "Selection mode enumeration."}, "ServerOperations": {"properties": {"CREATE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch CREATE operation"}, "READ": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch READ operation"}, "UPDATE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch UPDATE operation"}, "DELETE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch DELETE operation"}, "OTHER": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch OTHER operation (those not detected)"}}, "type": "object", "title": "ServerOperations"}, "ServicesAndApplication": {"properties": {"domain": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Domain", "description": "List of domains"}, "url": {"items": {"$ref": "#/components/schemas/URLItem"}, "type": "array", "title": "Url", "description": "List of URLs"}, "genai_application": {"items": {"$ref": "#/components/schemas/GenAIApp"}, "type": "array", "title": "Genai Application", "description": "List of GenAI applications"}, "category": {"items": {"$ref": "#/components/schemas/CategoryItem"}, "type": "array", "title": "Category", "description": "List of URLF categories"}, "mode": {"anyOf": [{"$ref": "#/components/schemas/SelectionMode"}, {"type": "null"}], "description": "Whether to apply to all services and applications or to only selected ones"}}, "type": "object", "title": "ServicesAndApplication"}, "SetAccessObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "enum": ["FILE_EMULATION", "DOMAIN_SERVICES"], "title": "Feature"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetAccessObjectsRequest", "description": "Set (replace) all objects for an Access rule for a given feature."}, "SetAccessPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Complete access policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetAccessPolicyRequest", "description": "Replace the entire Access policy of a rule (full overwrite)."}, "SetChatsObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "const": "DOMAIN_SERVICES", "title": "Feature", "description": "Object feature type"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetChatsObjectsRequest", "description": "Set (replace) all objects for a Chats rule for a given feature."}, "SetChatsPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Complete Chats policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetChatsPolicyRequest", "description": "Replace the entire Chats policy of a rule (full overwrite)."}, "SetDlpTenantDataTypesRequest": {"properties": {"dataTypes": {"items": {"$ref": "#/components/schemas/DlpDataTypeReference"}, "type": "array", "title": "Datatypes", "example": [{"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90"}, {"createType": "PRE_DEFINED", "id": "d2c4411f-dd0e-495b-b856-5686e68892b4"}]}}, "type": "object", "required": ["dataTypes"], "title": "SetDlpTenantDataTypesRequest"}, "SetDlpTenantDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "id": {"type": "string", "title": "Id"}, "dataSetStatus": {"type": "string", "title": "Datasetstatus"}}, "type": "object", "required": ["status", "id", "dataSetStatus"], "title": "SetDlpTenantDataTypesResponse", "example": {"dataSetStatus": "IN_PROGRESS", "id": "bb47587c-fda0-4cb3-896e-1d359d0e3f9d", "status": "SUCCESS"}}, "SetMCPServerPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Complete Agents policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetMCPServerPolicyRequest", "description": "Replace the entire Agents policy of a rule (full overwrite)."}, "SetSecureBrowsingObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "enum": ["PROTECTED_DOMAINS", "EXCLUDE_DOMAINS"], "title": "Feature"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetSecureBrowsingObjectsRequest", "description": "Set (replace) all objects for a Secure Browsing rule for a given feature."}, "SetSecureBrowsingPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Complete Secure Browsing policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetSecureBrowsingPolicyRequest", "description": "Replace the entire Secure Browsing policy of a rule (full overwrite)."}, "SupportedFileType": {"type": "string", "enum": ["pdf", "doc", "docx", "xls", "xlsx", "ppt", "pptx", "exe", "tar", "zip", "rar", "7z", "rtf", "dot", "docm", "dotx", "dotm", "xlt", "xlm", "xltx", "xlsm", "xltm", "xlsb", "xla", "xlam", "xll", "xlw", "pps", "pptm", "potx", "potm", "ppam", "ppsx", "ppsm", "sldx", "sldm", "csv", "scr", "swf", "jar", "cab", "tgz", "pif", "gz", "bz2", "tbz2", "tb2", "tbz", "com", "xz", "cpl", "dll", "lnk", "img", "iso", "wim", "arj", "bat", "ps1", "hwp", "iqy", "slk", "udf", "uue", "pkg", "msi", "msg", "o", "dylib", "app", "dmg", "qcow2", "sh", "one", "xar", "wsf", "aspx"], "title": "SupportedFileType"}, "ThreatPreventionAction": {"type": "string", "enum": ["detect", "prevent", "ask", "off"], "title": "ThreatPreventionAction", "description": "Actions for threat prevention features."}, "Tooling": {"properties": {"match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchToolsMode"}, {"type": "null"}], "description": "Match mode for tools: tools_include, tools_exclude, operations, all"}, "tools": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPToolItem"}, "type": "array"}, {"type": "null"}], "title": "Tools", "description": "List of tools for matching"}, "operations": {"anyOf": [{"$ref": "#/components/schemas/ServerOperations"}, {"type": "null"}], "description": "Operations match configuration"}}, "type": "object", "title": "Tooling"}, "URLConfig": {"properties": {"url": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Url", "description": "URL of the remote server", "default": "", "examples": ["https://mcp-server.example.com/path"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/URLMatchMode"}, {"type": "null"}], "description": "Match mode for URL matching (exact_url or url_contains)", "default": "exact_url"}}, "type": "object", "title": "URLConfig"}, "URLFCategory": {"type": "integer", "enum": [1, 3, 5, 7, 11, 12, 15, 32, 21, 24, 25, 0, 34, 35, 37, 39, 41, 42, 45, 47, 49, 51, 53, 54, 58, 59, 60, 68, 69, 71, 72, 74, 75, 76, 51000001, 51000002, 52000130, 50000032, 52000132, 60517663, 60530541, 60530542, 60530648, 31, 55, 65, 66, 67, 77, 51000003, 51000004, 51000005, 52000038, 60530540, 9, 13, 14, 17, 18, 26, 33, 56, 61, 62, 70, 73, 78, 30, 52000047, 52000058, 52000069, 50000086, 23, 52000136, 52000046, 52000051, 60531762], "title": "URLFCategory", "description": "URLF Category enumeration with display names as keys and category IDs as values."}, "URLItem": {"properties": {"url": {"type": "string", "format": "uri", "title": "Url", "description": "Valid URL"}}, "type": "object", "required": ["url"], "title": "URLItem"}, "URLMatchMode": {"type": "string", "enum": ["exact_url", "url_contains"], "title": "URLMatchMode", "description": "URL matching mode enumeration for remote server URL matching.\n\nMatching modes:\n- EXACT_URL: Matches the exact full URL\n e.g., \"http://sub1.sub2.something.com/alsohere/something\"\n- URL_CONTAINS: Matches if the URL contains the specified string\n e.g., \"alsohere\" matches any URL containing \"alsohere\""}, "UnknownServerConfig": {"properties": {"args": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Args", "description": "Arguments for unknown server types", "default": "", "examples": ["--default-arg"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for args matching", "default": "exact"}}, "type": "object", "title": "UnknownServerConfig"}, "UpdateDomainsObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to update"}, "name": {"anyOf": [{"type": "string", "maxLength": 255, "minLength": 1}, {"type": "null"}], "title": "Name", "description": "New display name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "New description"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/DomainsObject"}, {"type": "null"}], "description": "New domain list; replaces the existing list entirely"}}, "type": "object", "required": ["object_id"], "title": "UpdateDomainsObjectRequest", "description": "Update an existing domains object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing domain list entirely."}, "UpdateFileProtectionObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to update"}, "name": {"anyOf": [{"type": "string", "maxLength": 255, "minLength": 1}, {"type": "null"}], "title": "Name", "description": "New display name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "New description"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/FileProtectionObject"}, {"type": "null"}], "description": "New file protection configuration; replaces the existing settings entirely"}}, "type": "object", "required": ["object_id"], "title": "UpdateFileProtectionObjectRequest", "description": "Update an existing file-protection object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing configuration entirely."}, "UpdateObjectResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/ObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "UpdateObjectResponse", "description": "Response after updating an object (returns metadata only)."}, "ValidationError": {"properties": {"loc": {"items": {"anyOf": [{"type": "string"}, {"type": "integer"}]}, "type": "array", "title": "Location"}, "msg": {"type": "string", "title": "Message"}, "type": {"type": "string", "title": "Error Type"}, "input": {"title": "Input"}, "ctx": {"type": "object", "title": "Context"}}, "type": "object", "required": ["loc", "msg", "type"], "title": "ValidationError"}, "Asset": {"properties": {"device": {"$ref": "#/components/schemas/Device"}, "user": {"anyOf": [{"$ref": "#/components/schemas/User"}, {"type": "null"}]}, "ping": {"anyOf": [{"$ref": "#/components/schemas/Ping"}, {"type": "null"}]}, "deployment": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/ModuleDeploymentData"}, "propertyNames": {"$ref": "#/components/schemas/ModuleEnum"}, "type": "object"}, {"type": "null"}], "title": "Deployment"}, "policy": {"anyOf": [{"additionalProperties": {"additionalProperties": {"$ref": "#/components/schemas/PolicyTypeData"}, "propertyNames": {"$ref": "#/components/schemas/PolicyType"}, "type": "object"}, "propertyNames": {"$ref": "#/components/schemas/RequestSource"}, "type": "object"}, {"type": "null"}], "title": "Policy"}, "status": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/HealthStatus"}, "propertyNames": {"$ref": "#/components/schemas/StatusComponent"}, "type": "object"}, {"type": "null"}], "title": "Status"}, "environment": {"anyOf": [{"$ref": "#/components/schemas/EnvironmentData"}, {"type": "null"}]}}, "type": "object", "required": ["device"], "title": "Asset", "description": "Complete asset with optional joined domains."}, "AssetsCountRequest": {"properties": {"filters": {"items": {"$ref": "#/components/schemas/FilterCondition"}, "type": "array", "title": "Filters", "description": "Filter conditions"}, "search": {"anyOf": [{"$ref": "#/components/schemas/SearchParams"}, {"type": "null"}], "description": "Free text search for device name or user name"}}, "type": "object", "title": "AssetsCountRequest", "description": "Request for querying assets count with optional filters."}, "AssetsCountResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "count": {"type": "integer", "title": "Count"}, "filters_applied": {"type": "integer", "title": "Filters Applied", "description": "Number of filters that were applied"}}, "type": "object", "required": ["tenant_id", "count", "filters_applied"], "title": "AssetsCountResponse", "description": "Response for count queries."}, "AssetsPagination": {"properties": {"limit": {"type": "integer", "maximum": 1000.0, "minimum": 1.0, "title": "Limit", "description": "Number of items per page (max: 1000)", "default": 50}, "offset": {"type": "integer", "minimum": 0.0, "title": "Offset", "description": "Number of items to skip", "default": 0}}, "type": "object", "title": "AssetsPagination", "description": "Pagination parameters."}, "AssetsRequest": {"properties": {"joins": {"items": {"$ref": "#/components/schemas/JoinDomain"}, "type": "array", "title": "Joins", "description": "Domains to join"}, "filters": {"items": {"$ref": "#/components/schemas/FilterCondition"}, "type": "array", "title": "Filters", "description": "Filter conditions"}, "sort": {"items": {"$ref": "#/components/schemas/SortCondition"}, "type": "array", "title": "Sort", "description": "Sort conditions"}, "pagination": {"$ref": "#/components/schemas/AssetsPagination", "description": "Pagination parameters"}, "search": {"anyOf": [{"$ref": "#/components/schemas/SearchParams"}, {"type": "null"}], "description": "Free text search for device name or user name"}}, "type": "object", "title": "AssetsRequest", "description": "Request for querying assets with explicit joins."}, "AssetsResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "assets": {"items": {"$ref": "#/components/schemas/Asset"}, "type": "array", "title": "Assets"}, "limit": {"type": "integer", "title": "Limit"}, "offset": {"type": "integer", "title": "Offset"}}, "type": "object", "required": ["tenant_id", "assets", "limit", "offset"], "title": "AssetsResponse", "description": "Response with assets and pagination metadata."}, "Device": {"properties": {"device_unique_id": {"type": "string", "format": "uuid", "title": "Device Unique Id", "description": "Unique device identifier"}, "name": {"type": "string", "title": "Name", "description": "Device name (unique per tenant)"}, "device_sid": {"type": "string", "title": "Device Sid", "description": "Device SID"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Created timestamp"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Updated timestamp"}}, "type": "object", "required": ["device_unique_id", "name", "device_sid", "created_at", "updated_at"], "title": "Device", "description": "External-safe twin of GlobalDevice."}, "DeviceTypeEnum": {"type": "string", "enum": ["Laptop", "Desktop", "Workstation", "unknown"], "title": "DeviceTypeEnum"}, "EnvironmentData": {"properties": {"device_type": {"anyOf": [{"$ref": "#/components/schemas/DeviceTypeEnum"}, {"type": "null"}], "description": "Device type (laptop, desktop, etc.)"}, "os": {"anyOf": [{"$ref": "#/components/schemas/OSEnum"}, {"type": "null"}], "description": "Operating system"}, "os_version": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Os Version", "description": "Operating system version"}, "ip": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Ip", "description": "Device IP address (IPv4 or IPv6)"}}, "type": "object", "title": "EnvironmentData", "description": "External-safe twin of EnvironmentData."}, "FilterCondition": {"properties": {"field": {"$ref": "#/components/schemas/FilterableField", "description": "Field to filter on"}, "operator": {"$ref": "#/components/schemas/FilterOperator", "description": "Filter operator"}, "value": {"anyOf": [{}, {"type": "null"}], "title": "Value", "description": "Single value (for equals, contains, gte, lte)"}, "values": {"anyOf": [{"items": {}, "type": "array"}, {"type": "null"}], "title": "Values", "description": "List of values (for in, between)"}}, "type": "object", "required": ["field", "operator"], "title": "FilterCondition", "description": "Filter condition on a single asset field."}, "FilterOperator": {"type": "string", "enum": ["equals", "in", "contains", "gte", "lte", "between"], "title": "FilterOperator", "description": "Filter operators for different field types."}, "FilterableField": {"type": "string", "enum": ["device_name", "device_sid", "device_created_at", "device_updated_at", "user_name", "user_display_name", "user_samname", "user_created_at", "user_updated_at", "last_connected", "os", "os_version", "device_type", "ip", "installer_version", "chrome_extension_version", "firefox_extension_version", "edge_extension_version", "brave_extension_version", "mcp_version", "proxy_version"], "title": "FilterableField", "description": "Fields available for filtering and sorting assets.\n\nEach value maps to an internal DB field path (see FIELD_TO_INTERNAL_PATH).\nOnly the listed fields can be used in filter/sort conditions."}, "HealthStatus": {"type": "string", "enum": ["healthy", "unhealthy"], "title": "HealthStatus", "description": "Component health derived from status code: healthy when code == 0, unhealthy otherwise."}, "JoinDomain": {"type": "string", "enum": ["users", "pings", "deployment", "policy", "status", "environment"], "title": "JoinDomain", "description": "Available domains to join with devices table."}, "ModuleDeploymentData": {"properties": {"version": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Version", "description": "Current version"}}, "type": "object", "title": "ModuleDeploymentData", "description": "External-safe twin of ModuleDeploymentData \u2014 exposes version only."}, "ModuleEnum": {"type": "string", "enum": ["chrome", "firefox", "edge", "brave", "comet", "safari", "surf", "mcp", "proxy", "da"], "title": "ModuleEnum"}, "OSEnum": {"type": "string", "enum": ["Windows", "macOS", "Linux"], "title": "OSEnum", "description": "Operating system enumeration"}, "Ping": {"properties": {"last_connected": {"type": "string", "format": "date-time", "title": "Last Connected", "description": "Last connection timestamp"}}, "type": "object", "required": ["last_connected"], "title": "Ping", "description": "External-safe twin of PingData."}, "PolicyTypeData": {"properties": {"rulebase_version": {"type": "integer", "title": "Rulebase Version", "description": "Version of the rulebase"}}, "type": "object", "required": ["rulebase_version"], "title": "PolicyTypeData", "description": "Policy rulebase version for a given policy type."}, "PolicyType": {"type": "string", "enum": ["chats", "access", "agents", "browse_securing"], "title": "PolicyType", "description": "External-facing policy types with consumer-friendly names."}, "RequestSource": {"type": "string", "enum": ["device", "edge", "chrome", "firefox", "brave", "comet", "safari", "surf", "na"], "title": "RequestSource"}, "SearchParams": {"properties": {"term": {"type": "string", "title": "Term", "description": "Search term to match"}, "case_sensitive": {"type": "boolean", "title": "Case Sensitive", "description": "Whether search is case-sensitive (default: False for case-insensitive)", "default": false}, "match_anywhere": {"type": "boolean", "title": "Match Anywhere", "description": "Whether to match anywhere in text (True) or only at the beginning (False, default)", "default": false}}, "type": "object", "required": ["term"], "title": "SearchParams", "description": "Free text search parameters for device name and user name."}, "SortCondition": {"properties": {"field": {"$ref": "#/components/schemas/FilterableField", "description": "Field to sort by"}, "order": {"$ref": "#/components/schemas/SortOrder", "description": "Sort order", "default": "desc"}}, "type": "object", "required": ["field"], "title": "SortCondition", "description": "Sort condition on a single asset field."}, "SortOrder": {"type": "string", "enum": ["asc", "desc"], "title": "SortOrder"}, "StatusComponent": {"type": "string", "enum": ["proxy_health", "mcp_health"], "title": "StatusComponent", "description": "External-facing subset of status components exposed to API consumers."}, "User": {"properties": {"user_unique_id": {"type": "string", "format": "uuid", "title": "User Unique Id", "description": "Unique user identifier"}, "name": {"type": "string", "title": "Name", "description": "User name"}, "display_name": {"type": "string", "title": "Display Name", "description": "Display name"}, "samname": {"type": "string", "title": "Samname", "description": "SAM account name (unique per tenant)"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Created timestamp"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Updated timestamp"}}, "type": "object", "required": ["user_unique_id", "name", "display_name", "samname", "created_at", "updated_at"], "title": "User", "description": "External-safe twin of GlobalUser."}, "UserItem": {"properties": {"user_unique_id": {"type": "string", "format": "uuid", "title": "User Unique Id", "description": "Unique user identifier"}, "name": {"type": "string", "title": "Name", "description": "User name (CN path)"}, "display_name": {"type": "string", "title": "Display Name", "description": "Display name"}, "samname": {"type": "string", "title": "Samname", "description": "SAM account name"}}, "type": "object", "required": ["user_unique_id", "name", "display_name", "samname"], "title": "UserItem", "description": "External-safe user item."}, "UsersByIdsRequest": {"properties": {"user_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "maxItems": 500, "minItems": 1, "title": "User Ids", "description": "Array of user unique IDs (max: 500)"}}, "type": "object", "required": ["user_ids"], "title": "UsersByIdsRequest", "description": "Request for getting users by an array of IDs."}, "UsersByIdsResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "users": {"items": {"$ref": "#/components/schemas/UserItem"}, "type": "array", "title": "Users"}}, "type": "object", "required": ["tenant_id", "users"], "title": "UsersByIdsResponse", "description": "Response with users by IDs."}, "UsersPagination": {"properties": {"limit": {"type": "integer", "maximum": 100.0, "minimum": 1.0, "title": "Limit", "description": "Number of items per page (max: 100)", "default": 50}, "offset": {"type": "integer", "minimum": 0.0, "title": "Offset", "description": "Number of items to skip", "default": 0}}, "type": "object", "title": "UsersPagination", "description": "Pagination parameters for users (max 100 per page)."}, "UsersRequest": {"properties": {"search": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Search", "description": "Search term for case-insensitive match on user name and display name"}, "pagination": {"$ref": "#/components/schemas/UsersPagination", "description": "Pagination parameters"}}, "type": "object", "title": "UsersRequest", "description": "Request for querying users."}, "UsersResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "users": {"items": {"$ref": "#/components/schemas/UserItem"}, "type": "array", "title": "Users"}, "limit": {"type": "integer", "title": "Limit"}, "offset": {"type": "integer", "title": "Offset"}}, "type": "object", "required": ["tenant_id", "users", "limit", "offset"], "title": "UsersResponse", "description": "Response with users and pagination metadata."}, "AppResult": {"properties": {"app_id": {"type": "integer", "title": "App Id", "description": "Unique app identifier"}, "name": {"type": "string", "title": "Name", "description": "App name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "App description"}, "page_url": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Page Url", "description": "App page URL"}}, "type": "object", "required": ["app_id", "name"], "title": "AppResult", "description": "A single app result with minimal fields."}, "AppSearchRequest": {"properties": {"search": {"type": "string", "maxLength": 200, "minLength": 1, "title": "Search", "description": "Search term"}, "search_by": {"$ref": "#/components/schemas/SearchBy", "description": "Search mode: name, name_and_description, or url", "default": "name"}}, "type": "object", "required": ["search"], "title": "AppSearchRequest", "description": "Request for searching GenAI apps."}, "AppSearchResponse": {"properties": {"results": {"items": {"$ref": "#/components/schemas/AppResult"}, "type": "array", "title": "Results", "description": "Matching apps (max 10)"}}, "type": "object", "title": "AppSearchResponse", "description": "Response with matching apps (max 10)."}, "AppsByIdsRequest": {"properties": {"ids": {"items": {"type": "integer"}, "type": "array", "maxItems": 100, "minItems": 1, "title": "Ids", "description": "Array of app IDs (max: 100)"}}, "type": "object", "required": ["ids"], "title": "AppsByIdsRequest", "description": "Request for getting apps by an array of IDs."}, "AppsByIdsResponse": {"properties": {"results": {"items": {"$ref": "#/components/schemas/AppResult"}, "type": "array", "title": "Results", "description": "Matching apps"}}, "type": "object", "title": "AppsByIdsResponse", "description": "Response with apps by IDs."}, "SearchBy": {"type": "string", "enum": ["name", "name_and_description", "url"], "title": "SearchBy"}}, "securitySchemes": {"HTTPBearer": {"type": "http", "scheme": "bearer"}}}} \ No newline at end of file diff --git a/sdk_generator/resources/specs/main/swagger.json b/sdk_generator/resources/specs/main/swagger.json index 624f054..9d7f5ec 100644 --- a/sdk_generator/resources/specs/main/swagger.json +++ b/sdk_generator/resources/specs/main/swagger.json @@ -1 +1 @@ -{"openapi": "3.1.0", "info": {"title": "Check Point AI Security API", "description": "Unified API for Check Point AI Security \u2014 policy management and asset visibility.\n\n## Authentication\nAll endpoints require a valid CloudInfra JWT token passed as a Bearer token in the `Authorization` header.\n\n### Obtaining a JWT Token\n1. Go to the [Infinity Portal API Keys page](https://portal.checkpoint.com/dashboard/settings/api-keys).\n2. Click **New** \u2192 **New Account API Key**.\n3. In the **Service** dropdown select **Workforce AI Security** and create the key.\n4. Use the generated API key to obtain a JWT token from CloudInfra.\n5. Include the JWT in every request:\n ```\n Authorization: Bearer \n ```\n\n## Rate Limiting\nDefault limits vary per endpoint group. Exceeding any limit results in a 5-minute block period.\n", "version": "1.0.1"}, "servers": [{"url": "https://cloudinfra-gw.portal.checkpoint.com", "description": "Europe Region"}, {"url": "https://cloudinfra-gw-us.portal.checkpoint.com", "description": "United States Region"}], "paths": {"/app/genai-protect-policy/external/v1/chats/rulebase": {"get": {"tags": ["Chats Policy"], "summary": "Get the Chats rulebase with all rules and version", "operationId": "get_chats_rulebase_external_v1_chats_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/chats/rule": {"post": {"tags": ["Chats Policy"], "summary": "Create a Chats rule", "operationId": "add_chats_rule_external_v1_chats_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddChatsRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/chats/rule/set-policy": {"put": {"tags": ["Chats Policy"], "summary": "Replace the entire policy of a Chats rule", "operationId": "set_chats_policy_external_v1_chats_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetChatsPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Chats Policy External V1 Chats Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/chats/rule/patch-policy": {"patch": {"tags": ["Chats Policy"], "summary": "Partially update the policy of a Chats rule (deep merge)", "operationId": "patch_chats_policy_external_v1_chats_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchChatsPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Chats Policy External V1 Chats Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/ai-access/rulebase": {"get": {"tags": ["AI Access Policy"], "summary": "Get the AI Access rulebase with all rules and version", "operationId": "get_ai_access_rulebase_external_v1_ai_access_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/ai-access/rule": {"post": {"tags": ["AI Access Policy"], "summary": "Create an AI Access rule", "operationId": "add_ai_access_rule_external_v1_ai_access_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddAccessRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/ai-access/rule/set-policy": {"put": {"tags": ["AI Access Policy"], "summary": "Replace the entire AI Access policy of a rule", "operationId": "set_ai_access_policy_external_v1_ai_access_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetAccessPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Ai Access Policy External V1 Ai Access Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/ai-access/rule/patch-policy": {"patch": {"tags": ["AI Access Policy"], "summary": "Partially update the AI Access policy of a rule (deep merge)", "operationId": "patch_ai_access_policy_external_v1_ai_access_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchAccessPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Ai Access Policy External V1 Ai Access Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/agents/rulebase": {"get": {"tags": ["Agents Policy"], "summary": "Get the Agents rulebase with all rules and version", "operationId": "get_agents_rulebase_external_v1_agents_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/agents/rule": {"post": {"tags": ["Agents Policy"], "summary": "Create an Agents rule", "operationId": "add_agents_rule_external_v1_agents_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddMCPServerRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/agents/rule/set-policy": {"put": {"tags": ["Agents Policy"], "summary": "Replace the entire policy of an Agents rule", "operationId": "set_agents_policy_external_v1_agents_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetMCPServerPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Agents Policy External V1 Agents Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/agents/rule/patch-policy": {"patch": {"tags": ["Agents Policy"], "summary": "Partially update the policy of an Agents rule (deep merge)", "operationId": "patch_agents_policy_external_v1_agents_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchMCPServerPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Agents Policy External V1 Agents Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/set-info": {"put": {"tags": ["Rulebase"], "summary": "Update rule display info (name, description)", "operationId": "set_rule_info_external_v1_rules_set_info_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetInfoRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Rule Info External V1 Rules Set Info Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/reorder": {"put": {"tags": ["Rulebase"], "summary": "Change a rule's priority position in the rulebase", "operationId": "reorder_rule_external_v1_rules_reorder_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonReorderRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Reorder Rule External V1 Rules Reorder Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/set-source": {"put": {"tags": ["Rulebase"], "summary": "Replace the user/group source of a rule", "operationId": "set_source_external_v1_rules_set_source_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetSourceRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Source External V1 Rules Set Source Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/set-active": {"put": {"tags": ["Rulebase"], "summary": "Enable or disable a rule without deleting it", "operationId": "set_active_external_v1_rules_set_active_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetActiveRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Active External V1 Rules Set Active Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/{rule_id}": {"delete": {"tags": ["Rulebase"], "summary": "Permanently delete a rule from the rulebase", "operationId": "delete_rule_external_v1_rules__rule_id__delete", "security": [{"HTTPBearer": []}], "parameters": [{"name": "rule_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Rule Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonDeleteRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/predefined": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all predefined DLP datatypes", "operationId": "get_predefined_datatypes_external_v1_dlp_datatypes_predefined_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/custom": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all custom DLP datatypes", "operationId": "get_custom_datatypes_external_v1_dlp_datatypes_custom_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/all": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all DLP datatypes (predefined and custom)", "operationId": "get_all_datatypes_external_v1_dlp_datatypes_all_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes": {"get": {"tags": ["DLP Datatypes"], "summary": "Get DLP datatypes for tenant", "operationId": "get_datatypes_external_v1_dlp_datatypes_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpTenantDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}, "post": {"tags": ["DLP Datatypes"], "summary": "Set DLP datatypes for tenant", "operationId": "set_datatypes_external_v1_dlp_datatypes_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetDlpTenantDataTypesRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetDlpTenantDataTypesResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/installation/status": {"get": {"tags": ["DLP Datatypes"], "summary": "Get data type installation status", "operationId": "get_installation_status_route_external_v1_dlp_datatypes_installation_status_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DataTypeInstallationResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/installation/retry": {"post": {"tags": ["DLP Datatypes"], "summary": "Retry data type installation", "operationId": "retry_installation_route_external_v1_dlp_datatypes_installation_retry_post", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DataTypeInstallationResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-assets/external/v1/assets": {"post": {"tags": ["Deployment Status"], "summary": "Query assets with domain joins, filters and pagination", "operationId": "query_assets_external_v1_assets_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-assets/external/v1/assets/count": {"post": {"tags": ["Deployment Status"], "summary": "Get count of assets matching filters", "operationId": "get_assets_count_external_v1_assets_count_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsCountRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsCountResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-assets/external/v1/users": {"post": {"tags": ["Users"], "summary": "Query users with pagination and search", "operationId": "query_users_external_v1_users_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-assets/external/v1/users/by-ids": {"post": {"tags": ["Users"], "summary": "Get users by array of IDs", "operationId": "get_users_by_ids_endpoint_external_v1_users_by_ids_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersByIdsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersByIdsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-apps/external/v1/apps/search": {"post": {"tags": ["Apps Catalog"], "summary": "Search GenAI apps by name, name, description, or URL", "operationId": "search_apps_external_v1_apps_search_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppSearchRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppSearchResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-apps/external/v1/apps/by-ids": {"post": {"tags": ["Apps Catalog"], "summary": "Get GenAI apps by array of IDs", "operationId": "get_apps_by_ids_external_v1_apps_by_ids_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppsByIdsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppsByIdsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}}, "components": {"schemas": {"AccessPolicy": {"properties": {"services_and_application": {"anyOf": [{"$ref": "#/components/schemas/ServicesAndApplication"}, {"type": "null"}], "description": "Services and application configuration"}, "action": {"anyOf": [{"type": "string", "enum": ["block", "allow", "ask"]}, {"type": "null"}], "title": "Action", "description": "Action to take for access control"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}, "download_file_protection": {"anyOf": [{"$ref": "#/components/schemas/FileDownloadActionSupported"}, {"type": "null"}], "description": "File download protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules."}, "upload_file_protection": {"anyOf": [{"$ref": "#/components/schemas/FileUploadActionSupported"}, {"type": "null"}], "description": "File upload protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules."}}, "type": "object", "title": "AccessPolicy"}, "Account": {"properties": {"account_id": {"type": "string", "title": "Account Id", "description": "Account identifier"}}, "type": "object", "required": ["account_id"], "title": "Account", "description": "External-safe twin of Account."}, "AccountSelectionMode": {"type": "string", "enum": ["all", "selected_account"], "title": "AccountSelectionMode", "description": "Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."}, "AddAccessRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Access control policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddAccessRuleRequest", "description": "Create a new Access rule.\n\nAccess rules control which AI services and applications users are allowed\nto interact with, including allow/block decisions per service."}, "AddChatsRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Chats policy configuration for chat interactions"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddChatsRuleRequest", "description": "Create a new Chats rule.\n\nChats rules control data-loss-prevention for AI chat interactions:\nprompt/response inspection, sensitive-data detection, and file transfer policies."}, "AddMCPServerRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Agents policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddMCPServerRuleRequest", "description": "Create a new Agents rule.\n\nAgents rules govern agent interactions, including which tools\nagents can invoke and what access controls apply to agent operations."}, "AddRuleResponse": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "The UUID of the newly created rule"}}, "type": "object", "required": ["rule_id"], "title": "AddRuleResponse", "description": "Response returned after creating a rule."}, "AddSecureBrowsingRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Secure Browsing policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddSecureBrowsingRuleRequest", "description": "Create a new Secure Browsing rule.\n\nSecure Browsing rules define threat-prevention policies for web browsing:\nphishing protection, password-reuse detection, and domain-based filtering."}, "AgentsPolicy": {"properties": {"action": {"anyOf": [{"type": "string", "enum": ["block", "allow", "ask"]}, {"type": "null"}], "title": "Action", "description": "Action to take for MCP server"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}, "clients": {"anyOf": [{"$ref": "#/components/schemas/MCPClients"}, {"type": "null"}], "description": "Desktop clients selection"}, "servers": {"anyOf": [{"$ref": "#/components/schemas/MCPServers"}, {"type": "null"}], "description": "MCP servers configuration"}, "tooling": {"anyOf": [{"$ref": "#/components/schemas/Tooling"}, {"type": "null"}], "description": "Tooling configuration for MCP"}}, "type": "object", "title": "AgentsPolicy"}, "Assignment": {"properties": {"assignment_id": {"type": "string", "format": "uuid", "title": "Assignment Id", "description": "ID of the user or group"}, "display_name": {"type": "string", "title": "Display Name", "description": "Human-readable name of the user or group"}, "assignment_type": {"$ref": "#/components/schemas/AssignmentType", "description": "Whether this is a user, group, or entire-org assignment"}}, "type": "object", "required": ["assignment_id", "display_name", "assignment_type"], "title": "Assignment", "description": "External-safe twin of Assignment."}, "AssignmentType": {"type": "string", "enum": ["ASSIGNMENT_TYPE_USER", "ASSIGNMENT_TYPE_GROUP", "ASSIGNMENT_TYPE_ENTIRE_ORG"], "title": "AssignmentType"}, "AttachAccessObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "enum": ["FILE_EMULATION", "DOMAIN_SERVICES"], "title": "Feature", "description": "Object feature type; Access rules support FILE_EMULATION and DOMAIN_SERVICES"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachAccessObjectsRequest", "description": "Attach reusable objects to an Access rule.\n\nAccess rules support FILE_EMULATION objects (file scanning/emulation settings)\nand DOMAIN_SERVICES objects (domain allow/block lists)."}, "AttachChatsObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "const": "DOMAIN_SERVICES", "title": "Feature", "description": "Object feature type; Chats rules only support DOMAIN_SERVICES"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachChatsObjectsRequest", "description": "Attach reusable objects to a Chats rule.\n\nChats rules support DOMAIN_SERVICES objects (domain allow/block lists\napplied during chat interactions)."}, "AttachSecureBrowsingObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "enum": ["PROTECTED_DOMAINS", "EXCLUDE_DOMAINS"], "title": "Feature", "description": "Object feature type; Secure Browsing supports PROTECTED_DOMAINS and EXCLUDE_DOMAINS"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachSecureBrowsingObjectsRequest", "description": "Attach reusable objects to a Secure Browsing rule.\n\nSecure Browsing rules support PROTECTED_DOMAINS (domains where threat\nprevention is enforced) and EXCLUDE_DOMAINS (domains exempted from scanning)."}, "CategoryItem": {"properties": {"category_id": {"$ref": "#/components/schemas/URLFCategory", "description": "Category ID from the supported URLF categories. The following categories are available:\n\n| Category | ID |\n|---|---|\n| Uncategorized | 0 |\n| Computers & Internet | 1 |\n| Education | 3 |\n| Entertainment | 5 |\n| Financial Services | 7 |\n| Gambling | 9 |\n| Government / Military | 11 |\n| Greeting Cards | 12 |\n| Hacking | 13 |\n| Hate / Racism | 14 |\n| Health | 15 |\n| Illegal / Questionable | 17 |\n| Illegal Drugs | 18 |\n| Job Search / Careers | 21 |\n| Media Streams | 23 |\n| News / Media | 24 |\n| Newsgroups / Forums | 25 |\n| Nudity | 26 |\n| Personals / Dating | 30 |\n| Phishing | 31 |\n| Political / Legal | 32 |\n| Pornography | 33 |\n| Real Estate | 34 |\n| Recreation | 35 |\n| Religion | 37 |\n| Restaurants / Dining / Food | 39 |\n| Sex Education | 41 |\n| Shopping | 42 |\n| Alcohol / Tobacco | 45 |\n| Art / Culture | 47 |\n| Blogs / Personal Pages | 49 |\n| Business / Economy | 51 |\n| Software Downloads | 53 |\n| Sports | 54 |\n| Spyware / Malicious Sites | 55 |\n| Tasteless | 56 |\n| Translation | 58 |\n| Travel | 59 |\n| Vehicles | 60 |\n| Violence | 61 |\n| Weapons | 62 |\n| Botnets | 65 |\n| Spam | 66 |\n| Inactive Sites | 67 |\n| Fashion | 68 |\n| Non-Profits / NGOs | 69 |\n| Sex | 70 |\n| General | 71 |\n| Nature / Conservation | 72 |\n| Child Abuse | 73 |\n| URL Filtering | 74 |\n| Lifestyle | 75 |\n| Lingerie / Swimsuit / Suggestive | 76 |\n| Suspicious Content | 77 |\n| Marijuana | 78 |\n| Web Advertisements | 50000032 |\n| Instant Chat | 50000086 |\n| Very Low Risk | 51000001 |\n| Low Risk | 51000002 |\n| Medium Risk | 51000003 |\n| High Risk | 51000004 |\n| Critical Risk | 51000005 |\n| Anonymizer | 52000038 |\n| P2P File Sharing | 52000046 |\n| Instant Messaging | 52000047 |\n| Media Sharing | 52000051 |\n| Games | 52000058 |\n| Social Networking | 52000069 |\n| Email | 52000130 |\n| Search Engines / Portals | 52000132 |\n| File Storage / Sharing | 52000136 |\n| Keyloggers | 60530540 |\n| Occult | 60530541 |\n| Hosting Sites | 60530542 |\n| DDNS / Dynamic DNS | 60530648 |\n| Artificial Intelligence (AI) | 60517663 |\n| Generative AI Tools | 60531762 |\n\n**Note:** GenAI rules only allow category 60531762 (Generative AI Tools), used as \"Any AI tool\". Browse rules can use any *other* category."}}, "type": "object", "required": ["category_id"], "title": "CategoryItem"}, "ChatsPolicy": {"properties": {"event_type": {"anyOf": [{"$ref": "#/components/schemas/DLPEventType"}, {"type": "null"}], "description": "Type of event to apply DLP policy on"}, "services_and_application": {"anyOf": [{"$ref": "#/components/schemas/ServicesAndApplication"}, {"type": "null"}], "description": "Services and application configuration"}, "data_types": {"anyOf": [{"items": {"$ref": "#/components/schemas/DataType"}, "type": "array"}, {"type": "null"}], "title": "Data Types", "description": "DLP Data types"}, "action": {"anyOf": [{"type": "string", "enum": ["prevent", "ask", "redact", "detect", "allow", "block"]}, {"type": "null"}], "title": "Action", "description": "Action to take when DLP rule is triggered"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}}, "type": "object", "title": "ChatsPolicy"}, "ClaudeExtensionsConfig": {"properties": {"extension_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Extension Name", "description": "Extension name from manifest.json", "default": "", "examples": ["chrome-control"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for extension_name matching", "default": "exact"}}, "type": "object", "title": "ClaudeExtensionsConfig"}, "CommonDeleteRuleResponse": {"properties": {"message": {"type": "string", "title": "Message"}, "rule_id": {"type": "string", "title": "Rule Id"}}, "type": "object", "required": ["message", "rule_id"], "title": "CommonDeleteRuleResponse", "description": "Confirmation of rule deletion."}, "CommonReorderRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to reorder"}, "new_order": {"type": "integer", "title": "New Order", "description": "Target position in the rulebase (1-based). Lower values = higher priority = evaluated first"}}, "type": "object", "required": ["rule_id", "new_order"], "title": "CommonReorderRequest", "description": "Move a rule to a new position in the rulebase.\n\nOther rules in the same rulebase are shifted automatically to accommodate."}, "CommonSetActiveRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "active": {"type": "boolean", "title": "Active", "description": "True to enforce the rule, false to skip it during evaluation"}}, "type": "object", "required": ["rule_id", "active"], "title": "CommonSetActiveRequest", "description": "Enable or disable a rule without deleting it.\n\nInactive rules remain in the rulebase but are skipped during policy evaluation."}, "CommonSetInfoRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "name": {"type": "string", "title": "Name", "description": "New human-readable name for the rule"}, "description": {"type": "string", "title": "Description", "description": "New description of the rule's purpose"}}, "type": "object", "required": ["rule_id", "name", "description"], "title": "CommonSetInfoRequest", "description": "Update a rule's display information without changing its policy or assignments."}, "CommonSetSourceRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Complete list of user/group source entries; replaces all existing entries"}}, "type": "object", "required": ["rule_id", "source"], "title": "CommonSetSourceRequest", "description": "Replace the full source list of a rule.\n\nSource entries determine which users or groups the rule applies to.\nAn empty list means the rule applies to everyone in the tenant."}, "CreateDomainsObjectRequest": {"properties": {"name": {"type": "string", "maxLength": 255, "minLength": 1, "title": "Name", "description": "Display name for the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Explanation of what this object is used for", "default": ""}, "object_data": {"$ref": "#/components/schemas/DomainsObject", "description": "Domain list configuration (up to 200 domain entries)"}}, "type": "object", "required": ["name", "object_data"], "title": "CreateDomainsObjectRequest", "description": "Create a new domains object.\n\nDomains objects contain a list of domain entries used for domain-based\nfiltering in rules (e.g. protected domains, excluded domains, service domains)."}, "CreateFileProtectionObjectRequest": {"properties": {"name": {"type": "string", "maxLength": 255, "minLength": 1, "title": "Name", "description": "Display name for the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Explanation of what this object is used for", "default": ""}, "object_data": {"$ref": "#/components/schemas/FileProtectionObject", "description": "File protection settings: upload/download actions, size limits, fail-close behavior, and per-file-type overrides"}}, "type": "object", "required": ["name", "object_data"], "title": "CreateFileProtectionObjectRequest", "description": "Create a new file-protection object.\n\nFile-protection objects define scanning and emulation behavior for file\nuploads and downloads, including per-file-type action overrides and size limits."}, "CreateObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "The UUID of the newly created object"}}, "type": "object", "required": ["object_id"], "title": "CreateObjectResponse", "description": "Response returned after creating an object."}, "DLPEventType": {"type": "string", "enum": ["file_upload", "file_download", "paste", "prompt", "copy"], "title": "DLPEventType"}, "DLPType": {"type": "string", "enum": ["PRE_DEFINED", "CUSTOM"], "title": "DLPType"}, "DataType": {"properties": {"id": {"type": "string", "format": "uuid", "title": "Id", "description": "UUID of the data type", "default": "", "examples": ["cf0523c1-537e-4a4b-8bb8-084b7b9e0b45"]}, "name": {"type": "string", "title": "Name", "description": "Display name of the data type", "default": "", "examples": ["American Express Travelers Cheques Number"]}, "type": {"$ref": "#/components/schemas/DLPType", "description": "Type of the data type", "default": "PRE_DEFINED"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel", "description": "Matching level for the data type"}}, "type": "object", "title": "DataType"}, "DataTypeInstallationResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "status": {"$ref": "#/components/schemas/InstallationStatus"}, "data_types_count": {"type": "integer", "title": "Data Types Count"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At"}}, "type": "object", "required": ["tenant_id", "status", "data_types_count", "updated_at"], "title": "DataTypeInstallationResponse", "description": "Response model for data type installation status."}, "DeleteObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to delete"}}, "type": "object", "required": ["object_id"], "title": "DeleteObjectRequest", "description": "Delete a policy object.\n\nDeletion will fail with 409 Conflict if the object is currently attached\nto one or more rules. Detach it from all rules first."}, "DetachObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to detach objects from"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to remove from the rule"}}, "type": "object", "required": ["rule_id", "object_ids"], "title": "DetachObjectsRequest", "description": "Remove objects from a rule. Works across all rule types that support objects."}, "DlpCreateType": {"type": "string", "enum": ["PRE_DEFINED", "CUSTOM"], "title": "DlpCreateType"}, "DlpDataType": {"properties": {"id": {"type": "string", "title": "Id"}, "assetId": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Assetid"}, "objectStatus": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Objectstatus"}, "name": {"type": "string", "title": "Name"}, "type": {"type": "string", "title": "Type"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "creationTime": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Creationtime"}, "lastUpdateTime": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Lastupdatetime"}, "dataTypeTags": {"anyOf": [{"items": {"$ref": "#/components/schemas/DlpDataTypeTag"}, "type": "array"}, {"type": "null"}], "title": "Datatypetags"}, "redactSupported": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Redactsupported"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel"}, "content": {"anyOf": [{"additionalProperties": true, "type": "object"}, {"type": "null"}], "title": "Content"}, "comment": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Comment"}}, "additionalProperties": true, "type": "object", "required": ["id", "name", "type", "createType"], "title": "DlpDataType", "example": {"assetId": "3e2ed446-5d2e-4091-b561-2db1458f9791", "createType": "PRE_DEFINED", "creationTime": "2023-02-22T15:23:55.446Z", "dataTypeTags": [{"isCategory": false, "name": "Financial & Business"}], "description": "Matches American Bankers Association (ABA) Routing Transit Numbers", "id": "3e2ed446-5d2e-4091-b561-2db1458f9791", "lastUpdateTime": "2023-02-22T15:23:56.317Z", "matchingLevel": 1, "name": "ABA Transit Numbers", "objectStatus": "Normal", "redactSupported": false, "type": "PATTERN"}}, "DlpDataTypeReference": {"properties": {"id": {"type": "string", "title": "Id"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}}, "type": "object", "required": ["id", "createType"], "title": "DlpDataTypeReference", "example": {"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90"}}, "DlpDataTypeTag": {"properties": {"name": {"type": "string", "title": "Name"}, "data": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "title": "Data"}, "isCategory": {"type": "boolean", "title": "Iscategory"}}, "type": "object", "required": ["name", "isCategory"], "title": "DlpDataTypeTag", "example": {"data": ["Other"], "isCategory": true, "name": "Regulation"}}, "DlpTenantDataType": {"properties": {"id": {"type": "string", "title": "Id"}, "name": {"type": "string", "title": "Name"}, "type": {"type": "string", "title": "Type"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}, "internal": {"type": "boolean", "title": "Internal"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel"}}, "type": "object", "required": ["id", "name", "type", "createType", "internal"], "title": "DlpTenantDataType", "example": {"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90", "internal": false, "matchingLevel": 1, "name": "IP Address", "type": "GROUP"}}, "DockerGatewayConfig": {"properties": {}, "type": "object", "title": "DockerGatewayConfig"}, "DockerRunnerConfig": {"properties": {"image_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Image Name", "description": "Docker image name", "default": "", "examples": ["modelcontextprotocol/server-github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for image_name matching", "default": "exact"}}, "type": "object", "title": "DockerRunnerConfig"}, "DomainConfig": {"properties": {"domain_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Domain Name", "description": "Domain name of the remote server", "default": "", "examples": ["mcp-server.example.com", "example.com"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/DomainMatchMode"}, {"type": "null"}], "description": "Match mode for domain matching (exact_host or any_subdomain)", "default": "exact_host"}}, "type": "object", "title": "DomainConfig"}, "DomainItem": {"properties": {"domain": {"type": "string", "format": "hostname", "title": "Domain", "description": "Valid domain name or IPv4 address"}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/DomainMatchMode"}, {"type": "null"}], "description": "Match mode for domain matching (exact_host or any_subdomain)", "default": "exact_host"}}, "type": "object", "required": ["domain"], "title": "DomainItem"}, "DomainMatchMode": {"type": "string", "enum": ["exact_host", "any_subdomain"], "title": "DomainMatchMode", "description": "Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."}, "DomainsObject": {"properties": {"domains": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "maxItems": 200, "title": "Domains", "description": "List of domains"}}, "type": "object", "title": "DomainsObject", "description": "External-safe twin of DomainsObject."}, "DomainsObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/DomainsObject"}, {"type": "null"}], "description": "The domain list entries"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "DomainsObjectResponse", "description": "A domains object with its full configuration."}, "ExecutableServerConfig": {"properties": {"executable_path": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Executable Path", "description": "Path to the executable", "default": "", "examples": ["/path/to/executable"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for executable_path matching", "default": "exact"}}, "type": "object", "title": "ExecutableServerConfig"}, "FileActionUnsupported": {"type": "string", "enum": ["Block", "Allow"], "title": "FileActionUnsupported"}, "FileDownloadActionSupported": {"type": "string", "enum": ["na", "Block", "Allow", "EmulateInBackground", "WaitForEmulation", "Detect", "Extract"], "title": "FileDownloadActionSupported"}, "FileFailClose": {"type": "string", "enum": ["FailClose", "FailOpen"], "title": "FileFailClose"}, "FileProtectionObject": {"properties": {"file_download_action_unsupported": {"anyOf": [{"$ref": "#/components/schemas/FileActionUnsupported"}, {"type": "null"}]}, "file_upload_action_unsupported": {"anyOf": [{"$ref": "#/components/schemas/FileActionUnsupported"}, {"type": "null"}]}, "file_download_size_limit_mb": {"anyOf": [{"type": "integer", "maximum": 100.0, "minimum": 1.0}, {"type": "null"}], "title": "File Download Size Limit Mb"}, "file_upload_size_limit_mb": {"anyOf": [{"type": "integer", "maximum": 100.0, "minimum": 1.0}, {"type": "null"}], "title": "File Upload Size Limit Mb"}, "file_download_error_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_download_size_limit_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_upload_error_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_upload_size_limit_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_download_action_per_supported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileDownloadActionSupported"}, "propertyNames": {"$ref": "#/components/schemas/SupportedFileType"}, "type": "object"}, {"type": "null"}], "title": "File Download Action Per Supported File"}, "file_download_action_per_unsupported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileActionUnsupported"}, "type": "object", "maxProperties": 1000}, {"type": "null"}], "title": "File Download Action Per Unsupported File"}, "file_upload_action_per_supported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileUploadActionSupported"}, "propertyNames": {"$ref": "#/components/schemas/SupportedFileType"}, "type": "object"}, {"type": "null"}], "title": "File Upload Action Per Supported File"}, "file_upload_action_per_unsupported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileActionUnsupported"}, "type": "object", "maxProperties": 1000}, {"type": "null"}], "title": "File Upload Action Per Unsupported File"}}, "type": "object", "title": "FileProtectionObject", "description": "External-safe twin of FileProtectionObject."}, "FileProtectionObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/FileProtectionObject"}, {"type": "null"}], "description": "File protection settings: upload/download actions, size limits, fail-close behavior, and per-file-type overrides"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "FileProtectionObjectResponse", "description": "A file-protection object with its full configuration."}, "FileUploadActionSupported": {"type": "string", "enum": ["na", "Block", "Allow", "EmulateInBackground", "WaitForEmulation", "Detect"], "title": "FileUploadActionSupported"}, "GenAIApp": {"properties": {"id": {"type": "integer", "exclusiveMinimum": 0.0, "title": "Id", "description": "GenAI application ID"}, "mode": {"anyOf": [{"$ref": "#/components/schemas/AccountSelectionMode"}, {"type": "null"}], "description": "Account selection mode: 'all' or 'selected_account'", "default": "all"}, "accounts": {"items": {"$ref": "#/components/schemas/Account"}, "type": "array", "title": "Accounts", "description": "List of selected accounts (used when mode='selected_account')"}}, "type": "object", "required": ["id"], "title": "GenAIApp"}, "GetDlpDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "dataTypes": {"items": {"$ref": "#/components/schemas/DlpDataType"}, "type": "array", "title": "Datatypes"}}, "type": "object", "required": ["status", "dataTypes"], "title": "GetDlpDataTypesResponse", "example": {"dataTypes": [{"assetId": "3e2ed446-5d2e-4091-b561-2db1458f9791", "createType": "PRE_DEFINED", "creationTime": "2023-02-22T15:23:55.446Z", "description": "Matches ABA Routing Transit Numbers", "id": "3e2ed446-5d2e-4091-b561-2db1458f9791", "lastUpdateTime": "2023-02-22T15:23:56.317Z", "name": "ABA Transit Numbers", "objectStatus": "Normal", "redactSupported": false, "type": "PATTERN"}], "status": "SUCCESS"}}, "GetDlpTenantDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "id": {"type": "string", "title": "Id"}, "dataTypes": {"items": {"$ref": "#/components/schemas/DlpTenantDataType"}, "type": "array", "title": "Datatypes"}}, "type": "object", "required": ["status", "id", "dataTypes"], "title": "GetDlpTenantDataTypesResponse", "example": {"dataTypes": [{"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90", "internal": false, "name": "IP Address", "type": "GROUP"}, {"createType": "PRE_DEFINED", "id": "d2c4411f-dd0e-495b-b856-5686e68892b4", "internal": false, "name": "PCI - Credit Card Numbers", "type": "PATTERN"}], "id": "bb47587c-fda0-4cb3-896e-1d359d0e3f9d", "status": "SUCCESS"}}, "GetDomainsObjectsResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/DomainsObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "GetDomainsObjectsResponse", "description": "All domains objects for the tenant, including their full configuration."}, "GetFileProtectionObjectsResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/FileProtectionObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "GetFileProtectionObjectsResponse", "description": "All file-protection objects for the tenant, including their full configuration."}, "GetRulebaseResponse": {"properties": {"rulebase_version": {"type": "integer", "title": "Rulebase Version", "description": "Monotonically increasing version of this rulebase. Incremented whenever any rule in the rulebase is created, modified, or deleted. Compare with a previously stored value to detect whether the rulebase has changed (useful for caching or polling)"}, "rules": {"items": {"$ref": "#/components/schemas/RuleResponse"}, "type": "array", "title": "Rules", "description": "All rules in the rulebase, ordered by priority (ascending)"}}, "type": "object", "required": ["rulebase_version", "rules"], "title": "GetRulebaseResponse", "description": "Full rulebase for a given policy type, including its version for change detection."}, "HTTPValidationError": {"properties": {"detail": {"items": {"$ref": "#/components/schemas/ValidationError"}, "type": "array", "title": "Detail"}}, "type": "object", "title": "HTTPValidationError"}, "InstallationStatus": {"type": "string", "enum": ["pending", "success", "failed"], "title": "InstallationStatus", "description": "Status of DLP Next data type installation."}, "LoggingStatus": {"type": "string", "enum": ["enabled", "disabled"], "title": "LoggingStatus", "description": "Logging status enumeration."}, "MCPClient": {"properties": {"os": {"anyOf": [{"$ref": "#/components/schemas/OSType"}, {"type": "null"}], "description": "Operating system for the client"}, "name_id": {"anyOf": [{"$ref": "#/components/schemas/MCPClientNameId"}, {"type": "null"}], "description": "Client name identifier e.g. 'claude_desktop', 'docker_desktop'", "examples": ["claude_desktop", "docker_desktop"]}}, "type": "object", "title": "MCPClient"}, "MCPClientNameId": {"type": "string", "enum": ["claude_desktop", "vscode", "cursor", "windsurf", "zed", "perplexity", "antigravity", "jetbrains", "roo", "cline", "docker_desktop"], "title": "MCPClientNameId", "description": "MCP Client name identifier enumeration."}, "MCPClients": {"properties": {"mode": {"anyOf": [{"$ref": "#/components/schemas/SelectionMode"}, {"type": "null"}], "description": "Mode for client selection"}, "selected": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPClient"}, "type": "array"}, {"type": "null"}], "title": "Selected", "description": "List of selected clients"}}, "type": "object", "title": "MCPClients"}, "MCPIds": {"properties": {"name_id": {"anyOf": [{"type": "string", "minLength": 1}, {"type": "null"}], "title": "Name Id", "description": "Name of the managed MCP", "default": "", "examples": ["jira", "github"]}}, "type": "object", "title": "MCPIds"}, "MCPRiskLevel": {"properties": {"use_min": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Use Min", "description": "Whether to use minimum risk level limit", "default": false}, "use_max": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Use Max", "description": "Whether to use maximum risk level limit", "default": false}, "min": {"anyOf": [{"type": "integer", "minimum": 0.0}, {"type": "null"}], "title": "Min", "description": "Minimum risk level"}, "max": {"anyOf": [{"type": "integer", "minimum": 0.0}, {"type": "null"}], "title": "Max", "description": "Maximum risk level"}}, "type": "object", "title": "MCPRiskLevel"}, "MCPServer": {"properties": {"server_type": {"anyOf": [{"type": "string", "enum": ["all", "node_server", "python_server", "claude_extensions", "executable_server", "unknown_server", "docker_gateway", "docker_runner", "remote_server"]}, {"type": "null"}], "title": "Server Type", "description": "Type of the MCP server"}, "node_server": {"anyOf": [{"$ref": "#/components/schemas/NodeServerConfig"}, {"type": "null"}], "description": "Node server configuration"}, "python_server": {"anyOf": [{"$ref": "#/components/schemas/PythonServerConfig"}, {"type": "null"}], "description": "Python server configuration"}, "claude_extensions": {"anyOf": [{"$ref": "#/components/schemas/ClaudeExtensionsConfig"}, {"type": "null"}], "description": "Claude extensions configuration"}, "executable_server": {"anyOf": [{"$ref": "#/components/schemas/ExecutableServerConfig"}, {"type": "null"}], "description": "Executable server configuration"}, "unknown_server": {"anyOf": [{"$ref": "#/components/schemas/UnknownServerConfig"}, {"type": "null"}], "description": "Unknown server configuration"}, "docker_gateway": {"anyOf": [{"$ref": "#/components/schemas/DockerGatewayConfig"}, {"type": "null"}], "description": "Docker gateway configuration"}, "docker_runner": {"anyOf": [{"$ref": "#/components/schemas/DockerRunnerConfig"}, {"type": "null"}], "description": "Docker runner configuration"}, "remote_server": {"anyOf": [{"$ref": "#/components/schemas/RemoteServerConfig"}, {"type": "null"}], "description": "Remote server configuration"}}, "type": "object", "title": "MCPServer"}, "MCPServers": {"properties": {"mcp_servers_mode": {"anyOf": [{"$ref": "#/components/schemas/MCPServersMode"}, {"type": "null"}], "description": "Mode for MCP servers selection: all, risk_level, managed, manual"}, "risk_level": {"anyOf": [{"$ref": "#/components/schemas/MCPRiskLevel"}, {"type": "null"}], "description": "Risk level configuration for MCP servers"}, "managed": {"anyOf": [{"$ref": "#/components/schemas/ManagedMCP"}, {"type": "null"}], "description": "Managed MCP configuration"}, "manual": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPServer"}, "type": "array"}, {"type": "null"}], "title": "Manual", "description": "List of manual MCP servers"}}, "type": "object", "title": "MCPServers"}, "MCPServersMode": {"type": "string", "enum": ["all", "risk_level", "manual", "managed"], "title": "MCPServersMode", "description": "MCP Servers mode enumeration."}, "MCPToolItem": {"properties": {"tool_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Tool Name", "description": "Name of a tool e.g. 'create_issue', 'update_issue'", "default": "", "examples": ["create_issue", "update_issue"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for tool name matching", "default": "exact"}}, "type": "object", "title": "MCPToolItem"}, "ManagedMCP": {"properties": {"name_ids": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPIds"}, "type": "array"}, {"type": "null"}], "title": "Name Ids", "description": "List of managed MCP identifiers"}}, "type": "object", "title": "ManagedMCP"}, "MatchMode": {"type": "string", "enum": ["exact", "contains"], "title": "MatchMode", "description": "Matching mode enumeration."}, "MatchToolsMode": {"type": "string", "enum": ["tools_include", "tools_exclude", "operations", "all"], "title": "MatchToolsMode", "description": "Match mode for tools enumeration."}, "NodeServerConfig": {"properties": {"package_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Package Name", "description": "NPM package name e.g. '@modelcontextprotocol/server-github'", "default": "", "examples": ["@modelcontextprotocol/server-github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for package_name matching", "default": "exact"}}, "type": "object", "title": "NodeServerConfig"}, "OSType": {"type": "string", "enum": ["windows", "macos", "all"], "title": "OSType", "description": "Operating system enumeration."}, "ObjectFeature": {"type": "string", "enum": ["FILE_EMULATION", "PROTECTED_DOMAINS", "DOMAIN_SERVICES", "EXCLUDE_DOMAINS"], "title": "ObjectFeature"}, "ObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "ObjectResponse", "description": "Object metadata without the full configuration payload (used in update responses)."}, "OnOff": {"type": "string", "enum": ["on", "off"], "title": "OnOff", "description": "Simple on/off toggle."}, "OperationMatch": {"type": "string", "enum": ["match", "unmatch"], "title": "OperationMatch", "description": "Operation match enumeration."}, "PatchAccessPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Partial access policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchAccessPolicyRequest", "description": "Partially update an Access rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PatchChatsPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Partial Chats policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchChatsPolicyRequest", "description": "Partially update a Chats rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged. Useful for toggling a single setting\nwithout resending the full configuration."}, "PatchMCPServerPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Partial Agents policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchMCPServerPolicyRequest", "description": "Partially update an Agents rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PatchSecureBrowsingPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Partial Secure Browsing policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchSecureBrowsingPolicyRequest", "description": "Partially update a Secure Browsing rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PythonServerConfig": {"properties": {"module_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Module Name", "description": "Python module name e.g. 'modelcontextprotocol_server_github'", "default": "", "examples": ["modelcontextprotocol_server_github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for module_name matching", "default": "exact"}}, "type": "object", "title": "PythonServerConfig"}, "RemoteServerConfig": {"properties": {"match_mode": {"anyOf": [{"type": "string", "enum": ["url", "domain"]}, {"type": "null"}], "title": "Match Mode", "description": "Match mode type: 'url' for URL-based matching or 'domain' for domain-based matching"}, "url": {"anyOf": [{"$ref": "#/components/schemas/URLConfig"}, {"type": "null"}], "description": "URL configuration for remote server (used when match_mode='url')"}, "domain": {"anyOf": [{"$ref": "#/components/schemas/DomainConfig"}, {"type": "null"}], "description": "Domain configuration for remote server (used when match_mode='domain')"}}, "type": "object", "title": "RemoteServerConfig"}, "RuleResponse": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "Unique identifier of the rule"}, "name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every modification; can be used for optimistic concurrency checks"}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase that determines evaluation priority. Lower values are evaluated first; when two rules match the same request, the lower-order rule takes precedence"}, "active": {"type": "boolean", "title": "Active", "description": "Whether the rule is currently enforced; inactive rules are skipped"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At"}, "policy": {"anyOf": [{"$ref": "#/components/schemas/ChatsPolicy"}, {"$ref": "#/components/schemas/AccessPolicy"}, {"$ref": "#/components/schemas/AgentsPolicy"}, {"$ref": "#/components/schemas/SecureBrowsingPolicy"}], "title": "Policy", "description": "The enforcement configuration for this rule. Structure varies by rulebase type (Chats, Access, Agents, Secure Browsing)"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to (source entries). An empty list means the rule matches all users in the tenant"}, "objects": {"anyOf": [{"additionalProperties": {"items": {"type": "string"}, "type": "array"}, "propertyNames": {"$ref": "#/components/schemas/ObjectFeature"}, "type": "object"}, {"type": "null"}], "title": "Objects", "description": "Reusable policy objects attached to this rule, keyed by feature (e.g. FILE_EMULATION, DOMAIN_SERVICES). Values are lists of object IDs. Objects allow sharing configuration (domain lists, file-protection settings) across rules"}}, "type": "object", "required": ["rule_id", "name", "version", "order", "active", "created_at", "updated_at", "policy"], "title": "RuleResponse", "description": "A single rule within a rulebase."}, "SecureBrowsingPolicy": {"properties": {"password_reuse": {"anyOf": [{"$ref": "#/components/schemas/ThreatPreventionAction"}, {"type": "null"}]}, "zero_phishing": {"anyOf": [{"$ref": "#/components/schemas/ThreatPreventionAction"}, {"type": "null"}]}, "safe_search": {"anyOf": [{"$ref": "#/components/schemas/OnOff"}, {"type": "null"}]}, "search_reputation": {"anyOf": [{"$ref": "#/components/schemas/OnOff"}, {"type": "null"}]}, "domain_exclusions": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Domain Exclusions", "description": "List of excluded domains"}, "protected_domains": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Protected Domains", "description": "List of protected domains"}}, "type": "object", "title": "SecureBrowsingPolicy"}, "SelectionMode": {"type": "string", "enum": ["selected", "all"], "title": "SelectionMode", "description": "Selection mode enumeration."}, "ServerOperations": {"properties": {"CREATE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch CREATE operation"}, "READ": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch READ operation"}, "UPDATE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch UPDATE operation"}, "DELETE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch DELETE operation"}, "OTHER": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch OTHER operation (those not detected)"}}, "type": "object", "title": "ServerOperations"}, "ServicesAndApplication": {"properties": {"domain": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Domain", "description": "List of domains"}, "url": {"items": {"$ref": "#/components/schemas/URLItem"}, "type": "array", "title": "Url", "description": "List of URLs"}, "genai_application": {"items": {"$ref": "#/components/schemas/GenAIApp"}, "type": "array", "title": "Genai Application", "description": "List of GenAI applications"}, "category": {"items": {"$ref": "#/components/schemas/CategoryItem"}, "type": "array", "title": "Category", "description": "List of URLF categories"}, "mode": {"anyOf": [{"$ref": "#/components/schemas/SelectionMode"}, {"type": "null"}], "description": "Whether to apply to all services and applications or to only selected ones"}}, "type": "object", "title": "ServicesAndApplication"}, "SetAccessObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "enum": ["FILE_EMULATION", "DOMAIN_SERVICES"], "title": "Feature"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetAccessObjectsRequest", "description": "Set (replace) all objects for an Access rule for a given feature."}, "SetAccessPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Complete access policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetAccessPolicyRequest", "description": "Replace the entire Access policy of a rule (full overwrite)."}, "SetChatsObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "const": "DOMAIN_SERVICES", "title": "Feature", "description": "Object feature type"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetChatsObjectsRequest", "description": "Set (replace) all objects for a Chats rule for a given feature."}, "SetChatsPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Complete Chats policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetChatsPolicyRequest", "description": "Replace the entire Chats policy of a rule (full overwrite)."}, "SetDlpTenantDataTypesRequest": {"properties": {"dataTypes": {"items": {"$ref": "#/components/schemas/DlpDataTypeReference"}, "type": "array", "title": "Datatypes", "example": [{"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90"}, {"createType": "PRE_DEFINED", "id": "d2c4411f-dd0e-495b-b856-5686e68892b4"}]}}, "type": "object", "required": ["dataTypes"], "title": "SetDlpTenantDataTypesRequest"}, "SetDlpTenantDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "id": {"type": "string", "title": "Id"}, "dataSetStatus": {"type": "string", "title": "Datasetstatus"}}, "type": "object", "required": ["status", "id", "dataSetStatus"], "title": "SetDlpTenantDataTypesResponse", "example": {"dataSetStatus": "IN_PROGRESS", "id": "bb47587c-fda0-4cb3-896e-1d359d0e3f9d", "status": "SUCCESS"}}, "SetMCPServerPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Complete Agents policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetMCPServerPolicyRequest", "description": "Replace the entire Agents policy of a rule (full overwrite)."}, "SetSecureBrowsingObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "enum": ["PROTECTED_DOMAINS", "EXCLUDE_DOMAINS"], "title": "Feature"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetSecureBrowsingObjectsRequest", "description": "Set (replace) all objects for a Secure Browsing rule for a given feature."}, "SetSecureBrowsingPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Complete Secure Browsing policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetSecureBrowsingPolicyRequest", "description": "Replace the entire Secure Browsing policy of a rule (full overwrite)."}, "SupportedFileType": {"type": "string", "enum": ["pdf", "doc", "docx", "xls", "xlsx", "ppt", "pptx", "exe", "tar", "zip", "rar", "7z", "rtf", "dot", "docm", "dotx", "dotm", "xlt", "xlm", "xltx", "xlsm", "xltm", "xlsb", "xla", "xlam", "xll", "xlw", "pps", "pptm", "potx", "potm", "ppam", "ppsx", "ppsm", "sldx", "sldm", "csv", "scr", "swf", "jar", "cab", "tgz", "pif", "gz", "bz2", "tbz2", "tb2", "tbz", "com", "xz", "cpl", "dll", "lnk", "img", "iso", "wim", "arj", "bat", "ps1", "hwp", "iqy", "slk", "udf", "uue", "pkg", "msi", "msg", "o", "dylib", "app", "dmg", "qcow2", "sh", "one", "xar", "wsf", "aspx"], "title": "SupportedFileType"}, "ThreatPreventionAction": {"type": "string", "enum": ["detect", "prevent", "ask", "off"], "title": "ThreatPreventionAction", "description": "Actions for threat prevention features."}, "Tooling": {"properties": {"match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchToolsMode"}, {"type": "null"}], "description": "Match mode for tools: tools_include, tools_exclude, operations, all"}, "tools": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPToolItem"}, "type": "array"}, {"type": "null"}], "title": "Tools", "description": "List of tools for matching"}, "operations": {"anyOf": [{"$ref": "#/components/schemas/ServerOperations"}, {"type": "null"}], "description": "Operations match configuration"}}, "type": "object", "title": "Tooling"}, "URLConfig": {"properties": {"url": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Url", "description": "URL of the remote server", "default": "", "examples": ["https://mcp-server.example.com/path"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/URLMatchMode"}, {"type": "null"}], "description": "Match mode for URL matching (exact_url or url_contains)", "default": "exact_url"}}, "type": "object", "title": "URLConfig"}, "URLFCategory": {"type": "integer", "enum": [1, 3, 5, 7, 11, 12, 15, 32, 21, 24, 25, 0, 34, 35, 37, 39, 41, 42, 45, 47, 49, 51, 53, 54, 58, 59, 60, 68, 69, 71, 72, 74, 75, 76, 51000001, 51000002, 52000130, 50000032, 52000132, 60517663, 60530541, 60530542, 60530648, 31, 55, 65, 66, 67, 77, 51000003, 51000004, 51000005, 52000038, 60530540, 9, 13, 14, 17, 18, 26, 33, 56, 61, 62, 70, 73, 78, 30, 52000047, 52000058, 52000069, 50000086, 23, 52000136, 52000046, 52000051, 60531762], "title": "URLFCategory", "description": "URLF Category enumeration with display names as keys and category IDs as values."}, "URLItem": {"properties": {"url": {"type": "string", "format": "uri", "title": "Url", "description": "Valid URL"}}, "type": "object", "required": ["url"], "title": "URLItem"}, "URLMatchMode": {"type": "string", "enum": ["exact_url", "url_contains"], "title": "URLMatchMode", "description": "URL matching mode enumeration for remote server URL matching.\n\nMatching modes:\n- EXACT_URL: Matches the exact full URL\n e.g., \"http://sub1.sub2.something.com/alsohere/something\"\n- URL_CONTAINS: Matches if the URL contains the specified string\n e.g., \"alsohere\" matches any URL containing \"alsohere\""}, "UnknownServerConfig": {"properties": {"args": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Args", "description": "Arguments for unknown server types", "default": "", "examples": ["--default-arg"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for args matching", "default": "exact"}}, "type": "object", "title": "UnknownServerConfig"}, "UpdateDomainsObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to update"}, "name": {"anyOf": [{"type": "string", "maxLength": 255, "minLength": 1}, {"type": "null"}], "title": "Name", "description": "New display name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "New description"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/DomainsObject"}, {"type": "null"}], "description": "New domain list; replaces the existing list entirely"}}, "type": "object", "required": ["object_id"], "title": "UpdateDomainsObjectRequest", "description": "Update an existing domains object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing domain list entirely."}, "UpdateFileProtectionObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to update"}, "name": {"anyOf": [{"type": "string", "maxLength": 255, "minLength": 1}, {"type": "null"}], "title": "Name", "description": "New display name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "New description"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/FileProtectionObject"}, {"type": "null"}], "description": "New file protection configuration; replaces the existing settings entirely"}}, "type": "object", "required": ["object_id"], "title": "UpdateFileProtectionObjectRequest", "description": "Update an existing file-protection object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing configuration entirely."}, "UpdateObjectResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/ObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "UpdateObjectResponse", "description": "Response after updating an object (returns metadata only)."}, "ValidationError": {"properties": {"loc": {"items": {"anyOf": [{"type": "string"}, {"type": "integer"}]}, "type": "array", "title": "Location"}, "msg": {"type": "string", "title": "Message"}, "type": {"type": "string", "title": "Error Type"}, "input": {"title": "Input"}, "ctx": {"type": "object", "title": "Context"}}, "type": "object", "required": ["loc", "msg", "type"], "title": "ValidationError"}, "Asset": {"properties": {"device": {"$ref": "#/components/schemas/Device"}, "user": {"anyOf": [{"$ref": "#/components/schemas/User"}, {"type": "null"}]}, "ping": {"anyOf": [{"$ref": "#/components/schemas/Ping"}, {"type": "null"}]}, "deployment": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/ModuleDeploymentData"}, "propertyNames": {"$ref": "#/components/schemas/ModuleEnum"}, "type": "object"}, {"type": "null"}], "title": "Deployment"}, "policy": {"anyOf": [{"additionalProperties": {"additionalProperties": {"$ref": "#/components/schemas/PolicyTypeData"}, "propertyNames": {"$ref": "#/components/schemas/PolicyType"}, "type": "object"}, "propertyNames": {"$ref": "#/components/schemas/RequestSource"}, "type": "object"}, {"type": "null"}], "title": "Policy"}, "status": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/HealthStatus"}, "propertyNames": {"$ref": "#/components/schemas/StatusComponent"}, "type": "object"}, {"type": "null"}], "title": "Status"}, "environment": {"anyOf": [{"$ref": "#/components/schemas/EnvironmentData"}, {"type": "null"}]}}, "type": "object", "required": ["device"], "title": "Asset", "description": "Complete asset with optional joined domains."}, "AssetsCountRequest": {"properties": {"filters": {"items": {"$ref": "#/components/schemas/FilterCondition"}, "type": "array", "title": "Filters", "description": "Filter conditions"}, "search": {"anyOf": [{"$ref": "#/components/schemas/SearchParams"}, {"type": "null"}], "description": "Free text search for device name or user name"}}, "type": "object", "title": "AssetsCountRequest", "description": "Request for querying assets count with optional filters."}, "AssetsCountResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "count": {"type": "integer", "title": "Count"}, "filters_applied": {"type": "integer", "title": "Filters Applied", "description": "Number of filters that were applied"}}, "type": "object", "required": ["tenant_id", "count", "filters_applied"], "title": "AssetsCountResponse", "description": "Response for count queries."}, "AssetsPagination": {"properties": {"limit": {"type": "integer", "maximum": 1000.0, "minimum": 1.0, "title": "Limit", "description": "Number of items per page (max: 1000)", "default": 50}, "offset": {"type": "integer", "minimum": 0.0, "title": "Offset", "description": "Number of items to skip", "default": 0}}, "type": "object", "title": "AssetsPagination", "description": "Pagination parameters."}, "AssetsRequest": {"properties": {"joins": {"items": {"$ref": "#/components/schemas/JoinDomain"}, "type": "array", "title": "Joins", "description": "Domains to join"}, "filters": {"items": {"$ref": "#/components/schemas/FilterCondition"}, "type": "array", "title": "Filters", "description": "Filter conditions"}, "sort": {"items": {"$ref": "#/components/schemas/SortCondition"}, "type": "array", "title": "Sort", "description": "Sort conditions"}, "pagination": {"$ref": "#/components/schemas/AssetsPagination", "description": "Pagination parameters"}, "search": {"anyOf": [{"$ref": "#/components/schemas/SearchParams"}, {"type": "null"}], "description": "Free text search for device name or user name"}}, "type": "object", "title": "AssetsRequest", "description": "Request for querying assets with explicit joins."}, "AssetsResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "assets": {"items": {"$ref": "#/components/schemas/Asset"}, "type": "array", "title": "Assets"}, "limit": {"type": "integer", "title": "Limit"}, "offset": {"type": "integer", "title": "Offset"}}, "type": "object", "required": ["tenant_id", "assets", "limit", "offset"], "title": "AssetsResponse", "description": "Response with assets and pagination metadata."}, "Device": {"properties": {"device_unique_id": {"type": "string", "format": "uuid", "title": "Device Unique Id", "description": "Unique device identifier"}, "name": {"type": "string", "title": "Name", "description": "Device name (unique per tenant)"}, "device_sid": {"type": "string", "title": "Device Sid", "description": "Device SID"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Created timestamp"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Updated timestamp"}}, "type": "object", "required": ["device_unique_id", "name", "device_sid", "created_at", "updated_at"], "title": "Device", "description": "External-safe twin of GlobalDevice."}, "DeviceTypeEnum": {"type": "string", "enum": ["Laptop", "Desktop", "Workstation", "unknown"], "title": "DeviceTypeEnum"}, "EnvironmentData": {"properties": {"device_type": {"anyOf": [{"$ref": "#/components/schemas/DeviceTypeEnum"}, {"type": "null"}], "description": "Device type (laptop, desktop, etc.)"}, "os": {"anyOf": [{"$ref": "#/components/schemas/OSEnum"}, {"type": "null"}], "description": "Operating system"}, "os_version": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Os Version", "description": "Operating system version"}, "ip": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Ip", "description": "Device IP address (IPv4 or IPv6)"}}, "type": "object", "title": "EnvironmentData", "description": "External-safe twin of EnvironmentData."}, "FilterCondition": {"properties": {"field": {"$ref": "#/components/schemas/FilterableField", "description": "Field to filter on"}, "operator": {"$ref": "#/components/schemas/FilterOperator", "description": "Filter operator"}, "value": {"anyOf": [{}, {"type": "null"}], "title": "Value", "description": "Single value (for equals, contains, gte, lte)"}, "values": {"anyOf": [{"items": {}, "type": "array"}, {"type": "null"}], "title": "Values", "description": "List of values (for in, between)"}}, "type": "object", "required": ["field", "operator"], "title": "FilterCondition", "description": "Filter condition on a single asset field."}, "FilterOperator": {"type": "string", "enum": ["equals", "in", "contains", "gte", "lte", "between"], "title": "FilterOperator", "description": "Filter operators for different field types."}, "FilterableField": {"type": "string", "enum": ["device_name", "device_sid", "device_created_at", "device_updated_at", "user_name", "user_display_name", "user_samname", "user_created_at", "user_updated_at", "last_connected", "os", "os_version", "device_type", "ip", "installer_version", "chrome_extension_version", "firefox_extension_version", "edge_extension_version", "brave_extension_version", "mcp_version", "proxy_version"], "title": "FilterableField", "description": "Fields available for filtering and sorting assets.\n\nEach value maps to an internal DB field path (see FIELD_TO_INTERNAL_PATH).\nOnly the listed fields can be used in filter/sort conditions."}, "HealthStatus": {"type": "string", "enum": ["healthy", "unhealthy"], "title": "HealthStatus", "description": "Component health derived from status code: healthy when code == 0, unhealthy otherwise."}, "JoinDomain": {"type": "string", "enum": ["users", "pings", "deployment", "policy", "status", "environment"], "title": "JoinDomain", "description": "Available domains to join with devices table."}, "ModuleDeploymentData": {"properties": {"version": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Version", "description": "Current version"}}, "type": "object", "title": "ModuleDeploymentData", "description": "External-safe twin of ModuleDeploymentData \u2014 exposes version only."}, "ModuleEnum": {"type": "string", "enum": ["chrome", "firefox", "edge", "brave", "comet", "safari", "surf", "mcp", "proxy", "da"], "title": "ModuleEnum"}, "OSEnum": {"type": "string", "enum": ["Windows", "macOS", "Linux"], "title": "OSEnum", "description": "Operating system enumeration"}, "Ping": {"properties": {"last_connected": {"type": "string", "format": "date-time", "title": "Last Connected", "description": "Last connection timestamp"}}, "type": "object", "required": ["last_connected"], "title": "Ping", "description": "External-safe twin of PingData."}, "PolicyTypeData": {"properties": {"rulebase_version": {"type": "integer", "title": "Rulebase Version", "description": "Version of the rulebase"}}, "type": "object", "required": ["rulebase_version"], "title": "PolicyTypeData", "description": "Policy rulebase version for a given policy type."}, "PolicyType": {"type": "string", "enum": ["chats", "access", "agents", "browse_securing"], "title": "PolicyType", "description": "External-facing policy types with consumer-friendly names."}, "RequestSource": {"type": "string", "enum": ["device", "edge", "chrome", "firefox", "brave", "comet", "safari", "surf", "na"], "title": "RequestSource"}, "SearchParams": {"properties": {"term": {"type": "string", "title": "Term", "description": "Search term to match"}, "case_sensitive": {"type": "boolean", "title": "Case Sensitive", "description": "Whether search is case-sensitive (default: False for case-insensitive)", "default": false}, "match_anywhere": {"type": "boolean", "title": "Match Anywhere", "description": "Whether to match anywhere in text (True) or only at the beginning (False, default)", "default": false}}, "type": "object", "required": ["term"], "title": "SearchParams", "description": "Free text search parameters for device name and user name."}, "SortCondition": {"properties": {"field": {"$ref": "#/components/schemas/FilterableField", "description": "Field to sort by"}, "order": {"$ref": "#/components/schemas/SortOrder", "description": "Sort order", "default": "desc"}}, "type": "object", "required": ["field"], "title": "SortCondition", "description": "Sort condition on a single asset field."}, "SortOrder": {"type": "string", "enum": ["asc", "desc"], "title": "SortOrder"}, "StatusComponent": {"type": "string", "enum": ["proxy_health", "mcp_health"], "title": "StatusComponent", "description": "External-facing subset of status components exposed to API consumers."}, "User": {"properties": {"user_unique_id": {"type": "string", "format": "uuid", "title": "User Unique Id", "description": "Unique user identifier"}, "name": {"type": "string", "title": "Name", "description": "User name"}, "display_name": {"type": "string", "title": "Display Name", "description": "Display name"}, "samname": {"type": "string", "title": "Samname", "description": "SAM account name (unique per tenant)"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Created timestamp"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Updated timestamp"}}, "type": "object", "required": ["user_unique_id", "name", "display_name", "samname", "created_at", "updated_at"], "title": "User", "description": "External-safe twin of GlobalUser."}, "UserItem": {"properties": {"user_unique_id": {"type": "string", "format": "uuid", "title": "User Unique Id", "description": "Unique user identifier"}, "name": {"type": "string", "title": "Name", "description": "User name (CN path)"}, "display_name": {"type": "string", "title": "Display Name", "description": "Display name"}, "samname": {"type": "string", "title": "Samname", "description": "SAM account name"}}, "type": "object", "required": ["user_unique_id", "name", "display_name", "samname"], "title": "UserItem", "description": "External-safe user item."}, "UsersByIdsRequest": {"properties": {"user_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "maxItems": 500, "minItems": 1, "title": "User Ids", "description": "Array of user unique IDs (max: 500)"}}, "type": "object", "required": ["user_ids"], "title": "UsersByIdsRequest", "description": "Request for getting users by an array of IDs."}, "UsersByIdsResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "users": {"items": {"$ref": "#/components/schemas/UserItem"}, "type": "array", "title": "Users"}}, "type": "object", "required": ["tenant_id", "users"], "title": "UsersByIdsResponse", "description": "Response with users by IDs."}, "UsersPagination": {"properties": {"limit": {"type": "integer", "maximum": 100.0, "minimum": 1.0, "title": "Limit", "description": "Number of items per page (max: 100)", "default": 50}, "offset": {"type": "integer", "minimum": 0.0, "title": "Offset", "description": "Number of items to skip", "default": 0}}, "type": "object", "title": "UsersPagination", "description": "Pagination parameters for users (max 100 per page)."}, "UsersRequest": {"properties": {"search": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Search", "description": "Search term for case-insensitive match on user name and display name"}, "pagination": {"$ref": "#/components/schemas/UsersPagination", "description": "Pagination parameters"}}, "type": "object", "title": "UsersRequest", "description": "Request for querying users."}, "UsersResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "users": {"items": {"$ref": "#/components/schemas/UserItem"}, "type": "array", "title": "Users"}, "limit": {"type": "integer", "title": "Limit"}, "offset": {"type": "integer", "title": "Offset"}}, "type": "object", "required": ["tenant_id", "users", "limit", "offset"], "title": "UsersResponse", "description": "Response with users and pagination metadata."}, "AppResult": {"properties": {"app_id": {"type": "integer", "title": "App Id", "description": "Unique app identifier"}, "name": {"type": "string", "title": "Name", "description": "App name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "App description"}, "page_url": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Page Url", "description": "App page URL"}}, "type": "object", "required": ["app_id", "name"], "title": "AppResult", "description": "A single app result with minimal fields."}, "AppSearchRequest": {"properties": {"search": {"type": "string", "maxLength": 200, "minLength": 1, "title": "Search", "description": "Search term"}, "search_by": {"$ref": "#/components/schemas/SearchBy", "description": "Search mode: name, name_and_description, or url", "default": "name"}}, "type": "object", "required": ["search"], "title": "AppSearchRequest", "description": "Request for searching GenAI apps."}, "AppSearchResponse": {"properties": {"results": {"items": {"$ref": "#/components/schemas/AppResult"}, "type": "array", "title": "Results", "description": "Matching apps (max 10)"}}, "type": "object", "title": "AppSearchResponse", "description": "Response with matching apps (max 10)."}, "AppsByIdsRequest": {"properties": {"ids": {"items": {"type": "integer"}, "type": "array", "maxItems": 100, "minItems": 1, "title": "Ids", "description": "Array of app IDs (max: 100)"}}, "type": "object", "required": ["ids"], "title": "AppsByIdsRequest", "description": "Request for getting apps by an array of IDs."}, "AppsByIdsResponse": {"properties": {"results": {"items": {"$ref": "#/components/schemas/AppResult"}, "type": "array", "title": "Results", "description": "Matching apps"}}, "type": "object", "title": "AppsByIdsResponse", "description": "Response with apps by IDs."}, "SearchBy": {"type": "string", "enum": ["name", "name_and_description", "url"], "title": "SearchBy"}}, "securitySchemes": {"HTTPBearer": {"type": "http", "scheme": "bearer"}}}} \ No newline at end of file +{"openapi": "3.1.0", "info": {"title": "Check Point AI Security API", "description": "Unified API for Check Point AI Security \u2014 policy management and asset visibility.\n\n## Authentication\nAll endpoints require a valid CloudInfra JWT token passed as a Bearer token in the `Authorization` header.\n\n### Obtaining a JWT Token\n1. Go to the [Infinity Portal API Keys page](https://portal.checkpoint.com/dashboard/settings/api-keys).\n2. Click **New** \u2192 **New Account API Key**.\n3. In the **Service** dropdown select **Workforce AI Security** and create the key.\n4. Use the generated API key to obtain a JWT token from CloudInfra.\n5. Include the JWT in every request:\n ```\n Authorization: Bearer \n ```\n\n## Rate Limiting\nDefault limits vary per endpoint group. Exceeding any limit results in a 5-minute block period.\n", "version": "1.0.2"}, "servers": [{"url": "https://cloudinfra-gw.portal.checkpoint.com", "description": "Europe Region"}, {"url": "https://cloudinfra-gw-us.portal.checkpoint.com", "description": "United States Region"}], "paths": {"/app/genai-protect-policy/external/v1/chats/rulebase": {"get": {"tags": ["Chats Policy"], "summary": "Get the Chats rulebase with all rules and version", "operationId": "get_chats_rulebase_external_v1_chats_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/chats/rule": {"post": {"tags": ["Chats Policy"], "summary": "Create a Chats rule", "operationId": "add_chats_rule_external_v1_chats_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddChatsRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/chats/rule/set-policy": {"put": {"tags": ["Chats Policy"], "summary": "Replace the entire policy of a Chats rule", "operationId": "set_chats_policy_external_v1_chats_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetChatsPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Chats Policy External V1 Chats Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/chats/rule/patch-policy": {"patch": {"tags": ["Chats Policy"], "summary": "Partially update the policy of a Chats rule (deep merge)", "operationId": "patch_chats_policy_external_v1_chats_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchChatsPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Chats Policy External V1 Chats Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/ai-access/rulebase": {"get": {"tags": ["AI Access Policy"], "summary": "Get the AI Access rulebase with all rules and version", "operationId": "get_ai_access_rulebase_external_v1_ai_access_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/ai-access/rule": {"post": {"tags": ["AI Access Policy"], "summary": "Create an AI Access rule", "operationId": "add_ai_access_rule_external_v1_ai_access_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddAccessRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/ai-access/rule/set-policy": {"put": {"tags": ["AI Access Policy"], "summary": "Replace the entire AI Access policy of a rule", "operationId": "set_ai_access_policy_external_v1_ai_access_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetAccessPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Ai Access Policy External V1 Ai Access Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/ai-access/rule/patch-policy": {"patch": {"tags": ["AI Access Policy"], "summary": "Partially update the AI Access policy of a rule (deep merge)", "operationId": "patch_ai_access_policy_external_v1_ai_access_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchAccessPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Ai Access Policy External V1 Ai Access Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/agents/rulebase": {"get": {"tags": ["Agents Policy"], "summary": "Get the Agents rulebase with all rules and version", "operationId": "get_agents_rulebase_external_v1_agents_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/agents/rule": {"post": {"tags": ["Agents Policy"], "summary": "Create an Agents rule", "operationId": "add_agents_rule_external_v1_agents_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddMCPServerRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/agents/rule/set-policy": {"put": {"tags": ["Agents Policy"], "summary": "Replace the entire policy of an Agents rule", "operationId": "set_agents_policy_external_v1_agents_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetMCPServerPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Agents Policy External V1 Agents Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/agents/rule/patch-policy": {"patch": {"tags": ["Agents Policy"], "summary": "Partially update the policy of an Agents rule (deep merge)", "operationId": "patch_agents_policy_external_v1_agents_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchMCPServerPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Agents Policy External V1 Agents Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/set-info": {"put": {"tags": ["Rulebase"], "summary": "Update rule display info (name, description)", "operationId": "set_rule_info_external_v1_rules_set_info_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetInfoRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Rule Info External V1 Rules Set Info Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/reorder": {"put": {"tags": ["Rulebase"], "summary": "Change a rule's priority position in the rulebase", "operationId": "reorder_rule_external_v1_rules_reorder_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonReorderRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Reorder Rule External V1 Rules Reorder Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/set-source": {"put": {"tags": ["Rulebase"], "summary": "Replace the user/group source of a rule", "operationId": "set_source_external_v1_rules_set_source_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetSourceRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Source External V1 Rules Set Source Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/set-active": {"put": {"tags": ["Rulebase"], "summary": "Enable or disable a rule without deleting it", "operationId": "set_active_external_v1_rules_set_active_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetActiveRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Active External V1 Rules Set Active Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/{rule_id}": {"delete": {"tags": ["Rulebase"], "summary": "Permanently delete a rule from the rulebase", "operationId": "delete_rule_external_v1_rules__rule_id__delete", "security": [{"HTTPBearer": []}], "parameters": [{"name": "rule_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Rule Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonDeleteRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/predefined": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all predefined DLP datatypes", "operationId": "get_predefined_datatypes_external_v1_dlp_datatypes_predefined_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/custom": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all custom DLP datatypes", "operationId": "get_custom_datatypes_external_v1_dlp_datatypes_custom_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/all": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all DLP datatypes (predefined and custom)", "operationId": "get_all_datatypes_external_v1_dlp_datatypes_all_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes": {"get": {"tags": ["DLP Datatypes"], "summary": "Get DLP datatypes for tenant", "operationId": "get_datatypes_external_v1_dlp_datatypes_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpTenantDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}, "post": {"tags": ["DLP Datatypes"], "summary": "Set DLP datatypes for tenant", "operationId": "set_datatypes_external_v1_dlp_datatypes_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetDlpTenantDataTypesRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetDlpTenantDataTypesResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/installation/status": {"get": {"tags": ["DLP Datatypes"], "summary": "Get data type installation status", "operationId": "get_installation_status_route_external_v1_dlp_datatypes_installation_status_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DataTypeInstallationResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/installation/retry": {"post": {"tags": ["DLP Datatypes"], "summary": "Retry data type installation", "operationId": "retry_installation_route_external_v1_dlp_datatypes_installation_retry_post", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DataTypeInstallationResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-assets/external/v1/assets": {"post": {"tags": ["Deployment Status"], "summary": "Query assets with domain joins, filters and pagination", "operationId": "query_assets_external_v1_assets_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-assets/external/v1/assets/count": {"post": {"tags": ["Deployment Status"], "summary": "Get count of assets matching filters", "operationId": "get_assets_count_external_v1_assets_count_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsCountRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsCountResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-assets/external/v1/users": {"post": {"tags": ["Users"], "summary": "Query users with pagination and search", "operationId": "query_users_external_v1_users_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-assets/external/v1/users/by-ids": {"post": {"tags": ["Users"], "summary": "Get users by array of IDs", "operationId": "get_users_by_ids_endpoint_external_v1_users_by_ids_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersByIdsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersByIdsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-apps/external/v1/apps/search": {"post": {"tags": ["Apps Catalog"], "summary": "Search GenAI apps by name, name, description, or URL", "operationId": "search_apps_external_v1_apps_search_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppSearchRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppSearchResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-apps/external/v1/apps/by-ids": {"post": {"tags": ["Apps Catalog"], "summary": "Get GenAI apps by array of IDs", "operationId": "get_apps_by_ids_external_v1_apps_by_ids_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppsByIdsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppsByIdsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}}, "components": {"schemas": {"AccessPolicy": {"properties": {"services_and_application": {"anyOf": [{"$ref": "#/components/schemas/ServicesAndApplication"}, {"type": "null"}], "description": "Services and application configuration"}, "action": {"anyOf": [{"type": "string", "enum": ["block", "allow", "ask"]}, {"type": "null"}], "title": "Action", "description": "Action to take for access control"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}, "download_file_protection": {"anyOf": [{"$ref": "#/components/schemas/FileDownloadActionSupported"}, {"type": "null"}], "description": "File download protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules."}, "upload_file_protection": {"anyOf": [{"$ref": "#/components/schemas/FileUploadActionSupported"}, {"type": "null"}], "description": "File upload protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules."}}, "type": "object", "title": "AccessPolicy"}, "Account": {"properties": {"account_id": {"type": "string", "title": "Account Id", "description": "Account identifier"}}, "type": "object", "required": ["account_id"], "title": "Account", "description": "External-safe twin of Account."}, "AccountSelectionMode": {"type": "string", "enum": ["all", "selected_account"], "title": "AccountSelectionMode", "description": "Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."}, "AddAccessRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Access control policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddAccessRuleRequest", "description": "Create a new Access rule.\n\nAccess rules control which AI services and applications users are allowed\nto interact with, including allow/block decisions per service."}, "AddChatsRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Chats policy configuration for chat interactions"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddChatsRuleRequest", "description": "Create a new Chats rule.\n\nChats rules control data-loss-prevention for AI chat interactions:\nprompt/response inspection, sensitive-data detection, and file transfer policies."}, "AddMCPServerRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Agents policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddMCPServerRuleRequest", "description": "Create a new Agents rule.\n\nAgents rules govern agent interactions, including which tools\nagents can invoke and what access controls apply to agent operations."}, "AddRuleResponse": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "The UUID of the newly created rule"}, "name": {"type": "string", "title": "Name", "description": "The name of the newly created rule"}}, "type": "object", "required": ["rule_id", "name"], "title": "AddRuleResponse", "description": "Response returned after creating a rule."}, "AddSecureBrowsingRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Secure Browsing policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddSecureBrowsingRuleRequest", "description": "Create a new Secure Browsing rule.\n\nSecure Browsing rules define threat-prevention policies for web browsing:\nphishing protection, password-reuse detection, and domain-based filtering."}, "AgentsPolicy": {"properties": {"action": {"anyOf": [{"type": "string", "enum": ["block", "allow", "ask"]}, {"type": "null"}], "title": "Action", "description": "Action to take for MCP server"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}, "clients": {"anyOf": [{"$ref": "#/components/schemas/MCPClients"}, {"type": "null"}], "description": "Desktop clients selection"}, "servers": {"anyOf": [{"$ref": "#/components/schemas/MCPServers"}, {"type": "null"}], "description": "MCP servers configuration"}, "tooling": {"anyOf": [{"$ref": "#/components/schemas/Tooling"}, {"type": "null"}], "description": "Tooling configuration for MCP"}}, "type": "object", "title": "AgentsPolicy"}, "Assignment": {"properties": {"assignment_id": {"type": "string", "format": "uuid", "title": "Assignment Id", "description": "ID of the user or group. Ignored when assignment_type is ENTIRE_ORG (auto-set to 00000000-0000-0000-0000-000000000000)."}, "display_name": {"type": "string", "title": "Display Name", "description": "Human-readable name of the user or group"}, "assignment_type": {"$ref": "#/components/schemas/AssignmentType", "description": "Whether this is a user, group, or entire-org assignment"}}, "type": "object", "required": ["assignment_id", "display_name", "assignment_type"], "title": "Assignment", "description": "External-safe twin of Assignment."}, "AssignmentType": {"type": "string", "enum": ["ASSIGNMENT_TYPE_USER", "ASSIGNMENT_TYPE_GROUP", "ASSIGNMENT_TYPE_ENTIRE_ORG"], "title": "AssignmentType"}, "AttachAccessObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "enum": ["FILE_EMULATION", "DOMAIN_SERVICES"], "title": "Feature", "description": "Object feature type; Access rules support FILE_EMULATION and DOMAIN_SERVICES"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachAccessObjectsRequest", "description": "Attach reusable objects to an Access rule.\n\nAccess rules support FILE_EMULATION objects (file scanning/emulation settings)\nand DOMAIN_SERVICES objects (domain allow/block lists)."}, "AttachChatsObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "const": "DOMAIN_SERVICES", "title": "Feature", "description": "Object feature type; Chats rules only support DOMAIN_SERVICES"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachChatsObjectsRequest", "description": "Attach reusable objects to a Chats rule.\n\nChats rules support DOMAIN_SERVICES objects (domain allow/block lists\napplied during chat interactions)."}, "AttachSecureBrowsingObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "enum": ["PROTECTED_DOMAINS", "EXCLUDE_DOMAINS"], "title": "Feature", "description": "Object feature type; Secure Browsing supports PROTECTED_DOMAINS and EXCLUDE_DOMAINS"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachSecureBrowsingObjectsRequest", "description": "Attach reusable objects to a Secure Browsing rule.\n\nSecure Browsing rules support PROTECTED_DOMAINS (domains where threat\nprevention is enforced) and EXCLUDE_DOMAINS (domains exempted from scanning)."}, "CategoryItem": {"properties": {"category_id": {"$ref": "#/components/schemas/URLFCategory", "description": "Category ID from the supported URLF categories. The following categories are available:\n\n| Category | ID |\n|---|---|\n| Uncategorized | 0 |\n| Computers & Internet | 1 |\n| Education | 3 |\n| Entertainment | 5 |\n| Financial Services | 7 |\n| Gambling | 9 |\n| Government / Military | 11 |\n| Greeting Cards | 12 |\n| Hacking | 13 |\n| Hate / Racism | 14 |\n| Health | 15 |\n| Illegal / Questionable | 17 |\n| Illegal Drugs | 18 |\n| Job Search / Careers | 21 |\n| Media Streams | 23 |\n| News / Media | 24 |\n| Newsgroups / Forums | 25 |\n| Nudity | 26 |\n| Personals / Dating | 30 |\n| Phishing | 31 |\n| Political / Legal | 32 |\n| Pornography | 33 |\n| Real Estate | 34 |\n| Recreation | 35 |\n| Religion | 37 |\n| Restaurants / Dining / Food | 39 |\n| Sex Education | 41 |\n| Shopping | 42 |\n| Alcohol / Tobacco | 45 |\n| Art / Culture | 47 |\n| Blogs / Personal Pages | 49 |\n| Business / Economy | 51 |\n| Software Downloads | 53 |\n| Sports | 54 |\n| Spyware / Malicious Sites | 55 |\n| Tasteless | 56 |\n| Translation | 58 |\n| Travel | 59 |\n| Vehicles | 60 |\n| Violence | 61 |\n| Weapons | 62 |\n| Botnets | 65 |\n| Spam | 66 |\n| Inactive Sites | 67 |\n| Fashion | 68 |\n| Non-Profits / NGOs | 69 |\n| Sex | 70 |\n| General | 71 |\n| Nature / Conservation | 72 |\n| Child Abuse | 73 |\n| URL Filtering | 74 |\n| Lifestyle | 75 |\n| Lingerie / Swimsuit / Suggestive | 76 |\n| Suspicious Content | 77 |\n| Marijuana | 78 |\n| Web Advertisements | 50000032 |\n| Instant Chat | 50000086 |\n| Very Low Risk | 51000001 |\n| Low Risk | 51000002 |\n| Medium Risk | 51000003 |\n| High Risk | 51000004 |\n| Critical Risk | 51000005 |\n| Anonymizer | 52000038 |\n| P2P File Sharing | 52000046 |\n| Instant Messaging | 52000047 |\n| Media Sharing | 52000051 |\n| Games | 52000058 |\n| Social Networking | 52000069 |\n| Email | 52000130 |\n| Search Engines / Portals | 52000132 |\n| File Storage / Sharing | 52000136 |\n| Keyloggers | 60530540 |\n| Occult | 60530541 |\n| Hosting Sites | 60530542 |\n| DDNS / Dynamic DNS | 60530648 |\n| Artificial Intelligence (AI) | 60517663 |\n| Generative AI Tools | 60531762 |\n\n**Note:** GenAI rules only allow category 60531762 (Generative AI Tools), used as \"Any AI tool\". Browse rules can use any *other* category."}}, "type": "object", "required": ["category_id"], "title": "CategoryItem"}, "ChatsPolicy": {"properties": {"event_type": {"anyOf": [{"$ref": "#/components/schemas/DLPEventType"}, {"type": "null"}], "description": "Type of event to apply DLP policy on"}, "services_and_application": {"anyOf": [{"$ref": "#/components/schemas/ServicesAndApplication"}, {"type": "null"}], "description": "Services and application configuration"}, "data_types": {"anyOf": [{"items": {"$ref": "#/components/schemas/DataType"}, "type": "array"}, {"type": "null"}], "title": "Data Types", "description": "DLP Data types"}, "action": {"anyOf": [{"type": "string", "enum": ["prevent", "ask", "redact", "detect", "allow", "block"]}, {"type": "null"}], "title": "Action", "description": "Action to take when DLP rule is triggered"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}}, "type": "object", "title": "ChatsPolicy"}, "ClaudeExtensionsConfig": {"properties": {"extension_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Extension Name", "description": "Extension name from manifest.json", "default": "", "examples": ["chrome-control"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for extension_name matching", "default": "exact"}}, "type": "object", "title": "ClaudeExtensionsConfig"}, "CommonDeleteRuleResponse": {"properties": {"message": {"type": "string", "title": "Message"}, "rule_id": {"type": "string", "title": "Rule Id"}, "name": {"type": "string", "title": "Name"}}, "type": "object", "required": ["message", "rule_id", "name"], "title": "CommonDeleteRuleResponse", "description": "Confirmation of rule deletion."}, "CommonReorderRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to reorder"}, "new_order": {"type": "integer", "title": "New Order", "description": "Target position in the rulebase (1-based). Lower values = higher priority = evaluated first"}}, "type": "object", "required": ["rule_id", "new_order"], "title": "CommonReorderRequest", "description": "Move a rule to a new position in the rulebase.\n\nOther rules in the same rulebase are shifted automatically to accommodate."}, "CommonSetActiveRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "active": {"type": "boolean", "title": "Active", "description": "True to enforce the rule, false to skip it during evaluation"}}, "type": "object", "required": ["rule_id", "active"], "title": "CommonSetActiveRequest", "description": "Enable or disable a rule without deleting it.\n\nInactive rules remain in the rulebase but are skipped during policy evaluation."}, "CommonSetInfoRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "name": {"type": "string", "title": "Name", "description": "New human-readable name for the rule"}, "description": {"type": "string", "title": "Description", "description": "New description of the rule's purpose"}}, "type": "object", "required": ["rule_id", "name", "description"], "title": "CommonSetInfoRequest", "description": "Update a rule's display information without changing its policy or assignments."}, "CommonSetSourceRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Complete list of user/group source entries; replaces all existing entries"}}, "type": "object", "required": ["rule_id", "source"], "title": "CommonSetSourceRequest", "description": "Replace the full source list of a rule.\n\nSource entries determine which users or groups the rule applies to.\nAn empty list means the rule applies to everyone in the tenant."}, "CreateDomainsObjectRequest": {"properties": {"name": {"type": "string", "maxLength": 255, "minLength": 1, "title": "Name", "description": "Display name for the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Explanation of what this object is used for", "default": ""}, "object_data": {"$ref": "#/components/schemas/DomainsObject", "description": "Domain list configuration (up to 200 domain entries)"}}, "type": "object", "required": ["name", "object_data"], "title": "CreateDomainsObjectRequest", "description": "Create a new domains object.\n\nDomains objects contain a list of domain entries used for domain-based\nfiltering in rules (e.g. protected domains, excluded domains, service domains)."}, "CreateFileProtectionObjectRequest": {"properties": {"name": {"type": "string", "maxLength": 255, "minLength": 1, "title": "Name", "description": "Display name for the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Explanation of what this object is used for", "default": ""}, "object_data": {"$ref": "#/components/schemas/FileProtectionObject", "description": "File protection settings: upload/download actions, size limits, fail-close behavior, and per-file-type overrides"}}, "type": "object", "required": ["name", "object_data"], "title": "CreateFileProtectionObjectRequest", "description": "Create a new file-protection object.\n\nFile-protection objects define scanning and emulation behavior for file\nuploads and downloads, including per-file-type action overrides and size limits."}, "CreateObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "The UUID of the newly created object"}}, "type": "object", "required": ["object_id"], "title": "CreateObjectResponse", "description": "Response returned after creating an object."}, "DLPEventType": {"type": "string", "enum": ["file_upload", "file_download", "paste", "prompt", "copy"], "title": "DLPEventType"}, "DLPType": {"type": "string", "enum": ["PRE_DEFINED", "CUSTOM"], "title": "DLPType"}, "DataType": {"properties": {"id": {"type": "string", "format": "uuid", "title": "Id", "description": "UUID of the data type", "default": "", "examples": ["cf0523c1-537e-4a4b-8bb8-084b7b9e0b45"]}, "name": {"type": "string", "title": "Name", "description": "Display name of the data type", "default": "", "examples": ["American Express Travelers Cheques Number"]}, "type": {"$ref": "#/components/schemas/DLPType", "description": "Type of the data type", "default": "PRE_DEFINED"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel", "description": "Matching level for the data type"}}, "type": "object", "title": "DataType"}, "DataTypeInstallationResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "status": {"$ref": "#/components/schemas/InstallationStatus"}, "data_types_count": {"type": "integer", "title": "Data Types Count"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At"}}, "type": "object", "required": ["tenant_id", "status", "data_types_count", "updated_at"], "title": "DataTypeInstallationResponse", "description": "Response model for data type installation status."}, "DeleteObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to delete"}}, "type": "object", "required": ["object_id"], "title": "DeleteObjectRequest", "description": "Delete a policy object.\n\nDeletion will fail with 409 Conflict if the object is currently attached\nto one or more rules. Detach it from all rules first."}, "DetachObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to detach objects from"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to remove from the rule"}}, "type": "object", "required": ["rule_id", "object_ids"], "title": "DetachObjectsRequest", "description": "Remove objects from a rule. Works across all rule types that support objects."}, "DlpCreateType": {"type": "string", "enum": ["PRE_DEFINED", "CUSTOM"], "title": "DlpCreateType"}, "DlpDataType": {"properties": {"id": {"type": "string", "title": "Id"}, "assetId": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Assetid"}, "objectStatus": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Objectstatus"}, "name": {"type": "string", "title": "Name"}, "type": {"type": "string", "title": "Type"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "creationTime": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Creationtime"}, "lastUpdateTime": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Lastupdatetime"}, "dataTypeTags": {"anyOf": [{"items": {"$ref": "#/components/schemas/DlpDataTypeTag"}, "type": "array"}, {"type": "null"}], "title": "Datatypetags"}, "redactSupported": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Redactsupported"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel"}, "content": {"anyOf": [{"additionalProperties": true, "type": "object"}, {"type": "null"}], "title": "Content"}, "comment": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Comment"}}, "additionalProperties": true, "type": "object", "required": ["id", "name", "type", "createType"], "title": "DlpDataType", "example": {"assetId": "3e2ed446-5d2e-4091-b561-2db1458f9791", "createType": "PRE_DEFINED", "creationTime": "2023-02-22T15:23:55.446Z", "dataTypeTags": [{"isCategory": false, "name": "Financial & Business"}], "description": "Matches American Bankers Association (ABA) Routing Transit Numbers", "id": "3e2ed446-5d2e-4091-b561-2db1458f9791", "lastUpdateTime": "2023-02-22T15:23:56.317Z", "matchingLevel": 1, "name": "ABA Transit Numbers", "objectStatus": "Normal", "redactSupported": false, "type": "PATTERN"}}, "DlpDataTypeReference": {"properties": {"id": {"type": "string", "title": "Id"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}}, "type": "object", "required": ["id", "createType"], "title": "DlpDataTypeReference", "example": {"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90"}}, "DlpDataTypeTag": {"properties": {"name": {"type": "string", "title": "Name"}, "data": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "title": "Data"}, "isCategory": {"type": "boolean", "title": "Iscategory"}}, "type": "object", "required": ["name", "isCategory"], "title": "DlpDataTypeTag", "example": {"data": ["Other"], "isCategory": true, "name": "Regulation"}}, "DlpTenantDataType": {"properties": {"id": {"type": "string", "title": "Id"}, "name": {"type": "string", "title": "Name"}, "type": {"type": "string", "title": "Type"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}, "internal": {"type": "boolean", "title": "Internal"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel"}}, "type": "object", "required": ["id", "name", "type", "createType", "internal"], "title": "DlpTenantDataType", "example": {"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90", "internal": false, "matchingLevel": 1, "name": "IP Address", "type": "GROUP"}}, "DockerGatewayConfig": {"properties": {}, "type": "object", "title": "DockerGatewayConfig"}, "DockerRunnerConfig": {"properties": {"image_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Image Name", "description": "Docker image name", "default": "", "examples": ["modelcontextprotocol/server-github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for image_name matching", "default": "exact"}}, "type": "object", "title": "DockerRunnerConfig"}, "DomainConfig": {"properties": {"domain_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Domain Name", "description": "Domain name of the remote server", "default": "", "examples": ["mcp-server.example.com", "example.com"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/DomainMatchMode"}, {"type": "null"}], "description": "Match mode for domain matching (exact_host or any_subdomain)", "default": "exact_host"}}, "type": "object", "title": "DomainConfig"}, "DomainItem": {"properties": {"domain": {"type": "string", "format": "hostname", "title": "Domain", "description": "Valid domain name or IPv4 address"}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/DomainMatchMode"}, {"type": "null"}], "description": "Match mode for domain matching (exact_host or any_subdomain)", "default": "exact_host"}}, "type": "object", "required": ["domain"], "title": "DomainItem"}, "DomainMatchMode": {"type": "string", "enum": ["exact_host", "any_subdomain"], "title": "DomainMatchMode", "description": "Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."}, "DomainsObject": {"properties": {"domains": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "maxItems": 200, "title": "Domains", "description": "List of domains"}}, "type": "object", "title": "DomainsObject", "description": "External-safe twin of DomainsObject."}, "DomainsObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/DomainsObject"}, {"type": "null"}], "description": "The domain list entries"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "DomainsObjectResponse", "description": "A domains object with its full configuration."}, "ExecutableServerConfig": {"properties": {"executable_path": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Executable Path", "description": "Path to the executable", "default": "", "examples": ["/path/to/executable"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for executable_path matching", "default": "exact"}}, "type": "object", "title": "ExecutableServerConfig"}, "FileActionUnsupported": {"type": "string", "enum": ["Block", "Allow"], "title": "FileActionUnsupported"}, "FileDownloadActionSupported": {"type": "string", "enum": ["na", "Block", "Allow", "EmulateInBackground", "WaitForEmulation", "Detect", "Extract"], "title": "FileDownloadActionSupported"}, "FileFailClose": {"type": "string", "enum": ["FailClose", "FailOpen"], "title": "FileFailClose"}, "FileProtectionObject": {"properties": {"file_download_action_unsupported": {"anyOf": [{"$ref": "#/components/schemas/FileActionUnsupported"}, {"type": "null"}]}, "file_upload_action_unsupported": {"anyOf": [{"$ref": "#/components/schemas/FileActionUnsupported"}, {"type": "null"}]}, "file_download_size_limit_mb": {"anyOf": [{"type": "integer", "maximum": 100.0, "minimum": 1.0}, {"type": "null"}], "title": "File Download Size Limit Mb"}, "file_upload_size_limit_mb": {"anyOf": [{"type": "integer", "maximum": 100.0, "minimum": 1.0}, {"type": "null"}], "title": "File Upload Size Limit Mb"}, "file_download_error_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_download_size_limit_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_upload_error_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_upload_size_limit_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_download_action_per_supported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileDownloadActionSupported"}, "propertyNames": {"$ref": "#/components/schemas/SupportedFileType"}, "type": "object"}, {"type": "null"}], "title": "File Download Action Per Supported File"}, "file_download_action_per_unsupported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileActionUnsupported"}, "type": "object", "maxProperties": 1000}, {"type": "null"}], "title": "File Download Action Per Unsupported File"}, "file_upload_action_per_supported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileUploadActionSupported"}, "propertyNames": {"$ref": "#/components/schemas/SupportedFileType"}, "type": "object"}, {"type": "null"}], "title": "File Upload Action Per Supported File"}, "file_upload_action_per_unsupported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileActionUnsupported"}, "type": "object", "maxProperties": 1000}, {"type": "null"}], "title": "File Upload Action Per Unsupported File"}}, "type": "object", "title": "FileProtectionObject", "description": "External-safe twin of FileProtectionObject."}, "FileProtectionObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/FileProtectionObject"}, {"type": "null"}], "description": "File protection settings: upload/download actions, size limits, fail-close behavior, and per-file-type overrides"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "FileProtectionObjectResponse", "description": "A file-protection object with its full configuration."}, "FileUploadActionSupported": {"type": "string", "enum": ["na", "Block", "Allow", "EmulateInBackground", "WaitForEmulation", "Detect"], "title": "FileUploadActionSupported"}, "GenAIApp": {"properties": {"id": {"type": "integer", "exclusiveMinimum": 0.0, "title": "Id", "description": "GenAI application ID"}, "mode": {"anyOf": [{"$ref": "#/components/schemas/AccountSelectionMode"}, {"type": "null"}], "description": "Account selection mode: 'all' or 'selected_account'", "default": "all"}, "accounts": {"items": {"$ref": "#/components/schemas/Account"}, "type": "array", "title": "Accounts", "description": "List of selected accounts (used when mode='selected_account')"}}, "type": "object", "required": ["id"], "title": "GenAIApp"}, "GetDlpDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "dataTypes": {"items": {"$ref": "#/components/schemas/DlpDataType"}, "type": "array", "title": "Datatypes"}}, "type": "object", "required": ["status", "dataTypes"], "title": "GetDlpDataTypesResponse", "example": {"dataTypes": [{"assetId": "3e2ed446-5d2e-4091-b561-2db1458f9791", "createType": "PRE_DEFINED", "creationTime": "2023-02-22T15:23:55.446Z", "description": "Matches ABA Routing Transit Numbers", "id": "3e2ed446-5d2e-4091-b561-2db1458f9791", "lastUpdateTime": "2023-02-22T15:23:56.317Z", "name": "ABA Transit Numbers", "objectStatus": "Normal", "redactSupported": false, "type": "PATTERN"}], "status": "SUCCESS"}}, "GetDlpTenantDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "id": {"type": "string", "title": "Id"}, "dataTypes": {"items": {"$ref": "#/components/schemas/DlpTenantDataType"}, "type": "array", "title": "Datatypes"}}, "type": "object", "required": ["status", "id", "dataTypes"], "title": "GetDlpTenantDataTypesResponse", "example": {"dataTypes": [{"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90", "internal": false, "name": "IP Address", "type": "GROUP"}, {"createType": "PRE_DEFINED", "id": "d2c4411f-dd0e-495b-b856-5686e68892b4", "internal": false, "name": "PCI - Credit Card Numbers", "type": "PATTERN"}], "id": "bb47587c-fda0-4cb3-896e-1d359d0e3f9d", "status": "SUCCESS"}}, "GetDomainsObjectsResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/DomainsObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "GetDomainsObjectsResponse", "description": "All domains objects for the tenant, including their full configuration."}, "GetFileProtectionObjectsResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/FileProtectionObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "GetFileProtectionObjectsResponse", "description": "All file-protection objects for the tenant, including their full configuration."}, "GetRulebaseResponse": {"properties": {"rulebase_version": {"type": "integer", "title": "Rulebase Version", "description": "Monotonically increasing version of this rulebase. Incremented whenever any rule in the rulebase is created, modified, or deleted. Compare with a previously stored value to detect whether the rulebase has changed (useful for caching or polling)"}, "rules": {"items": {"$ref": "#/components/schemas/RuleResponse"}, "type": "array", "title": "Rules", "description": "All rules in the rulebase, ordered by priority (ascending)"}}, "type": "object", "required": ["rulebase_version", "rules"], "title": "GetRulebaseResponse", "description": "Full rulebase for a given policy type, including its version for change detection."}, "HTTPValidationError": {"properties": {"detail": {"items": {"$ref": "#/components/schemas/ValidationError"}, "type": "array", "title": "Detail"}}, "type": "object", "title": "HTTPValidationError"}, "InstallationStatus": {"type": "string", "enum": ["pending", "success", "failed"], "title": "InstallationStatus", "description": "Status of DLP Next data type installation."}, "LoggingStatus": {"type": "string", "enum": ["enabled", "disabled"], "title": "LoggingStatus", "description": "Logging status enumeration."}, "MCPClient": {"properties": {"os": {"anyOf": [{"$ref": "#/components/schemas/OSType"}, {"type": "null"}], "description": "Operating system for the client"}, "name_id": {"anyOf": [{"$ref": "#/components/schemas/MCPClientNameId"}, {"type": "null"}], "description": "Client name identifier e.g. 'claude_desktop', 'docker_desktop'", "examples": ["claude_desktop", "docker_desktop"]}}, "type": "object", "title": "MCPClient"}, "MCPClientNameId": {"type": "string", "enum": ["claude_desktop", "vscode", "cursor", "windsurf", "zed", "perplexity", "antigravity", "jetbrains", "roo", "cline", "docker_desktop"], "title": "MCPClientNameId", "description": "MCP Client name identifier enumeration."}, "MCPClients": {"properties": {"mode": {"anyOf": [{"$ref": "#/components/schemas/SelectionMode"}, {"type": "null"}], "description": "Mode for client selection"}, "selected": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPClient"}, "type": "array"}, {"type": "null"}], "title": "Selected", "description": "List of selected clients"}}, "type": "object", "title": "MCPClients"}, "MCPIds": {"properties": {"name_id": {"anyOf": [{"type": "string", "minLength": 1}, {"type": "null"}], "title": "Name Id", "description": "Name of the managed MCP", "default": "", "examples": ["jira", "github"]}}, "type": "object", "title": "MCPIds"}, "MCPRiskLevel": {"properties": {"use_min": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Use Min", "description": "Whether to use minimum risk level limit", "default": false}, "use_max": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Use Max", "description": "Whether to use maximum risk level limit", "default": false}, "min": {"anyOf": [{"type": "integer", "minimum": 0.0}, {"type": "null"}], "title": "Min", "description": "Minimum risk level"}, "max": {"anyOf": [{"type": "integer", "minimum": 0.0}, {"type": "null"}], "title": "Max", "description": "Maximum risk level"}}, "type": "object", "title": "MCPRiskLevel"}, "MCPServer": {"properties": {"server_type": {"anyOf": [{"type": "string", "enum": ["all", "node_server", "python_server", "claude_extensions", "executable_server", "unknown_server", "docker_gateway", "docker_runner", "remote_server"]}, {"type": "null"}], "title": "Server Type", "description": "Type of the MCP server"}, "node_server": {"anyOf": [{"$ref": "#/components/schemas/NodeServerConfig"}, {"type": "null"}], "description": "Node server configuration"}, "python_server": {"anyOf": [{"$ref": "#/components/schemas/PythonServerConfig"}, {"type": "null"}], "description": "Python server configuration"}, "claude_extensions": {"anyOf": [{"$ref": "#/components/schemas/ClaudeExtensionsConfig"}, {"type": "null"}], "description": "Claude extensions configuration"}, "executable_server": {"anyOf": [{"$ref": "#/components/schemas/ExecutableServerConfig"}, {"type": "null"}], "description": "Executable server configuration"}, "unknown_server": {"anyOf": [{"$ref": "#/components/schemas/UnknownServerConfig"}, {"type": "null"}], "description": "Unknown server configuration"}, "docker_gateway": {"anyOf": [{"$ref": "#/components/schemas/DockerGatewayConfig"}, {"type": "null"}], "description": "Docker gateway configuration"}, "docker_runner": {"anyOf": [{"$ref": "#/components/schemas/DockerRunnerConfig"}, {"type": "null"}], "description": "Docker runner configuration"}, "remote_server": {"anyOf": [{"$ref": "#/components/schemas/RemoteServerConfig"}, {"type": "null"}], "description": "Remote server configuration"}}, "type": "object", "title": "MCPServer"}, "MCPServers": {"properties": {"mcp_servers_mode": {"anyOf": [{"$ref": "#/components/schemas/MCPServersMode"}, {"type": "null"}], "description": "Mode for MCP servers selection: all, risk_level, managed, manual"}, "risk_level": {"anyOf": [{"$ref": "#/components/schemas/MCPRiskLevel"}, {"type": "null"}], "description": "Risk level configuration for MCP servers"}, "managed": {"anyOf": [{"$ref": "#/components/schemas/ManagedMCP"}, {"type": "null"}], "description": "Managed MCP configuration"}, "manual": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPServer"}, "type": "array"}, {"type": "null"}], "title": "Manual", "description": "List of manual MCP servers"}}, "type": "object", "title": "MCPServers"}, "MCPServersMode": {"type": "string", "enum": ["all", "risk_level", "manual", "managed"], "title": "MCPServersMode", "description": "MCP Servers mode enumeration."}, "MCPToolItem": {"properties": {"tool_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Tool Name", "description": "Name of a tool e.g. 'create_issue', 'update_issue'", "default": "", "examples": ["create_issue", "update_issue"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for tool name matching", "default": "exact"}}, "type": "object", "title": "MCPToolItem"}, "ManagedMCP": {"properties": {"name_ids": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPIds"}, "type": "array"}, {"type": "null"}], "title": "Name Ids", "description": "List of managed MCP identifiers"}}, "type": "object", "title": "ManagedMCP"}, "MatchMode": {"type": "string", "enum": ["exact", "contains"], "title": "MatchMode", "description": "Matching mode enumeration."}, "MatchToolsMode": {"type": "string", "enum": ["tools_include", "tools_exclude", "operations", "all"], "title": "MatchToolsMode", "description": "Match mode for tools enumeration."}, "NodeServerConfig": {"properties": {"package_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Package Name", "description": "NPM package name e.g. '@modelcontextprotocol/server-github'", "default": "", "examples": ["@modelcontextprotocol/server-github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for package_name matching", "default": "exact"}}, "type": "object", "title": "NodeServerConfig"}, "OSType": {"type": "string", "enum": ["windows", "macos", "all"], "title": "OSType", "description": "Operating system enumeration."}, "ObjectFeature": {"type": "string", "enum": ["FILE_EMULATION", "PROTECTED_DOMAINS", "DOMAIN_SERVICES", "EXCLUDE_DOMAINS"], "title": "ObjectFeature"}, "ObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "ObjectResponse", "description": "Object metadata without the full configuration payload (used in update responses)."}, "OnOff": {"type": "string", "enum": ["on", "off"], "title": "OnOff", "description": "Simple on/off toggle."}, "OperationMatch": {"type": "string", "enum": ["match", "unmatch"], "title": "OperationMatch", "description": "Operation match enumeration."}, "PatchAccessPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Partial access policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchAccessPolicyRequest", "description": "Partially update an Access rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PatchChatsPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Partial Chats policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchChatsPolicyRequest", "description": "Partially update a Chats rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged. Useful for toggling a single setting\nwithout resending the full configuration."}, "PatchMCPServerPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Partial Agents policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchMCPServerPolicyRequest", "description": "Partially update an Agents rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PatchSecureBrowsingPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Partial Secure Browsing policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchSecureBrowsingPolicyRequest", "description": "Partially update a Secure Browsing rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PythonServerConfig": {"properties": {"module_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Module Name", "description": "Python module name e.g. 'modelcontextprotocol_server_github'", "default": "", "examples": ["modelcontextprotocol_server_github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for module_name matching", "default": "exact"}}, "type": "object", "title": "PythonServerConfig"}, "RemoteServerConfig": {"properties": {"match_mode": {"anyOf": [{"type": "string", "enum": ["url", "domain"]}, {"type": "null"}], "title": "Match Mode", "description": "Match mode type: 'url' for URL-based matching or 'domain' for domain-based matching"}, "url": {"anyOf": [{"$ref": "#/components/schemas/URLConfig"}, {"type": "null"}], "description": "URL configuration for remote server (used when match_mode='url')"}, "domain": {"anyOf": [{"$ref": "#/components/schemas/DomainConfig"}, {"type": "null"}], "description": "Domain configuration for remote server (used when match_mode='domain')"}}, "type": "object", "title": "RemoteServerConfig"}, "RuleResponse": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "Unique identifier of the rule"}, "name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every modification; can be used for optimistic concurrency checks"}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase that determines evaluation priority. Lower values are evaluated first; when two rules match the same request, the lower-order rule takes precedence"}, "active": {"type": "boolean", "title": "Active", "description": "Whether the rule is currently enforced; inactive rules are skipped"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At"}, "policy": {"anyOf": [{"$ref": "#/components/schemas/ChatsPolicy"}, {"$ref": "#/components/schemas/AccessPolicy"}, {"$ref": "#/components/schemas/AgentsPolicy"}, {"$ref": "#/components/schemas/SecureBrowsingPolicy"}], "title": "Policy", "description": "The enforcement configuration for this rule. Structure varies by rulebase type (Chats, Access, Agents, Secure Browsing)"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to (source entries). An empty list means the rule matches all users in the tenant"}, "objects": {"anyOf": [{"additionalProperties": {"items": {"type": "string"}, "type": "array"}, "propertyNames": {"$ref": "#/components/schemas/ObjectFeature"}, "type": "object"}, {"type": "null"}], "title": "Objects", "description": "Reusable policy objects attached to this rule, keyed by feature (e.g. FILE_EMULATION, DOMAIN_SERVICES). Values are lists of object IDs. Objects allow sharing configuration (domain lists, file-protection settings) across rules"}}, "type": "object", "required": ["rule_id", "name", "version", "order", "active", "created_at", "updated_at", "policy"], "title": "RuleResponse", "description": "A single rule within a rulebase."}, "SecureBrowsingPolicy": {"properties": {"password_reuse": {"anyOf": [{"$ref": "#/components/schemas/ThreatPreventionAction"}, {"type": "null"}]}, "zero_phishing": {"anyOf": [{"$ref": "#/components/schemas/ThreatPreventionAction"}, {"type": "null"}]}, "safe_search": {"anyOf": [{"$ref": "#/components/schemas/OnOff"}, {"type": "null"}]}, "search_reputation": {"anyOf": [{"$ref": "#/components/schemas/OnOff"}, {"type": "null"}]}, "domain_exclusions": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Domain Exclusions", "description": "List of excluded domains"}, "protected_domains": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Protected Domains", "description": "List of protected domains"}}, "type": "object", "title": "SecureBrowsingPolicy"}, "SelectionMode": {"type": "string", "enum": ["selected", "all"], "title": "SelectionMode", "description": "Selection mode enumeration."}, "ServerOperations": {"properties": {"CREATE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch CREATE operation"}, "READ": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch READ operation"}, "UPDATE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch UPDATE operation"}, "DELETE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch DELETE operation"}, "OTHER": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch OTHER operation (those not detected)"}}, "type": "object", "title": "ServerOperations"}, "ServicesAndApplication": {"properties": {"domain": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Domain", "description": "List of domains"}, "url": {"items": {"$ref": "#/components/schemas/URLItem"}, "type": "array", "title": "Url", "description": "List of URLs"}, "genai_application": {"items": {"$ref": "#/components/schemas/GenAIApp"}, "type": "array", "title": "Genai Application", "description": "List of GenAI applications"}, "category": {"items": {"$ref": "#/components/schemas/CategoryItem"}, "type": "array", "title": "Category", "description": "List of URLF categories"}, "mode": {"anyOf": [{"$ref": "#/components/schemas/SelectionMode"}, {"type": "null"}], "description": "Whether to apply to all services and applications or to only selected ones"}}, "type": "object", "title": "ServicesAndApplication"}, "SetAccessObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "enum": ["FILE_EMULATION", "DOMAIN_SERVICES"], "title": "Feature"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetAccessObjectsRequest", "description": "Set (replace) all objects for an Access rule for a given feature."}, "SetAccessPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Complete access policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetAccessPolicyRequest", "description": "Replace the entire Access policy of a rule (full overwrite)."}, "SetChatsObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "const": "DOMAIN_SERVICES", "title": "Feature", "description": "Object feature type"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetChatsObjectsRequest", "description": "Set (replace) all objects for a Chats rule for a given feature."}, "SetChatsPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Complete Chats policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetChatsPolicyRequest", "description": "Replace the entire Chats policy of a rule (full overwrite)."}, "SetDlpTenantDataTypesRequest": {"properties": {"dataTypes": {"items": {"$ref": "#/components/schemas/DlpDataTypeReference"}, "type": "array", "title": "Datatypes", "example": [{"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90"}, {"createType": "PRE_DEFINED", "id": "d2c4411f-dd0e-495b-b856-5686e68892b4"}]}}, "type": "object", "required": ["dataTypes"], "title": "SetDlpTenantDataTypesRequest"}, "SetDlpTenantDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "id": {"type": "string", "title": "Id"}, "dataSetStatus": {"type": "string", "title": "Datasetstatus"}}, "type": "object", "required": ["status", "id", "dataSetStatus"], "title": "SetDlpTenantDataTypesResponse", "example": {"dataSetStatus": "IN_PROGRESS", "id": "bb47587c-fda0-4cb3-896e-1d359d0e3f9d", "status": "SUCCESS"}}, "SetMCPServerPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Complete Agents policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetMCPServerPolicyRequest", "description": "Replace the entire Agents policy of a rule (full overwrite)."}, "SetSecureBrowsingObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "enum": ["PROTECTED_DOMAINS", "EXCLUDE_DOMAINS"], "title": "Feature"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetSecureBrowsingObjectsRequest", "description": "Set (replace) all objects for a Secure Browsing rule for a given feature."}, "SetSecureBrowsingPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Complete Secure Browsing policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetSecureBrowsingPolicyRequest", "description": "Replace the entire Secure Browsing policy of a rule (full overwrite)."}, "SupportedFileType": {"type": "string", "enum": ["pdf", "doc", "docx", "xls", "xlsx", "ppt", "pptx", "exe", "tar", "zip", "rar", "7z", "rtf", "dot", "docm", "dotx", "dotm", "xlt", "xlm", "xltx", "xlsm", "xltm", "xlsb", "xla", "xlam", "xll", "xlw", "pps", "pptm", "potx", "potm", "ppam", "ppsx", "ppsm", "sldx", "sldm", "csv", "scr", "swf", "jar", "cab", "tgz", "pif", "gz", "bz2", "tbz2", "tb2", "tbz", "com", "xz", "cpl", "dll", "lnk", "img", "iso", "wim", "arj", "bat", "ps1", "hwp", "iqy", "slk", "udf", "uue", "pkg", "msi", "msg", "o", "dylib", "app", "dmg", "qcow2", "sh", "one", "xar", "wsf", "aspx"], "title": "SupportedFileType"}, "ThreatPreventionAction": {"type": "string", "enum": ["detect", "prevent", "ask", "off"], "title": "ThreatPreventionAction", "description": "Actions for threat prevention features."}, "Tooling": {"properties": {"match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchToolsMode"}, {"type": "null"}], "description": "Match mode for tools: tools_include, tools_exclude, operations, all"}, "tools": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPToolItem"}, "type": "array"}, {"type": "null"}], "title": "Tools", "description": "List of tools for matching"}, "operations": {"anyOf": [{"$ref": "#/components/schemas/ServerOperations"}, {"type": "null"}], "description": "Operations match configuration"}}, "type": "object", "title": "Tooling"}, "URLConfig": {"properties": {"url": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Url", "description": "URL of the remote server", "default": "", "examples": ["https://mcp-server.example.com/path"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/URLMatchMode"}, {"type": "null"}], "description": "Match mode for URL matching (exact_url or url_contains)", "default": "exact_url"}}, "type": "object", "title": "URLConfig"}, "URLFCategory": {"type": "integer", "enum": [1, 3, 5, 7, 11, 12, 15, 32, 21, 24, 25, 0, 34, 35, 37, 39, 41, 42, 45, 47, 49, 51, 53, 54, 58, 59, 60, 68, 69, 71, 72, 74, 75, 76, 51000001, 51000002, 52000130, 50000032, 52000132, 60517663, 60530541, 60530542, 60530648, 31, 55, 65, 66, 67, 77, 51000003, 51000004, 51000005, 52000038, 60530540, 9, 13, 14, 17, 18, 26, 33, 56, 61, 62, 70, 73, 78, 30, 52000047, 52000058, 52000069, 50000086, 23, 52000136, 52000046, 52000051, 60531762], "title": "URLFCategory", "description": "URLF Category enumeration with display names as keys and category IDs as values."}, "URLItem": {"properties": {"url": {"type": "string", "format": "uri", "title": "Url", "description": "Valid URL"}}, "type": "object", "required": ["url"], "title": "URLItem"}, "URLMatchMode": {"type": "string", "enum": ["exact_url", "url_contains"], "title": "URLMatchMode", "description": "URL matching mode enumeration for remote server URL matching.\n\nMatching modes:\n- EXACT_URL: Matches the exact full URL\n e.g., \"http://sub1.sub2.something.com/alsohere/something\"\n- URL_CONTAINS: Matches if the URL contains the specified string\n e.g., \"alsohere\" matches any URL containing \"alsohere\""}, "UnknownServerConfig": {"properties": {"args": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Args", "description": "Arguments for unknown server types", "default": "", "examples": ["--default-arg"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for args matching", "default": "exact"}}, "type": "object", "title": "UnknownServerConfig"}, "UpdateDomainsObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to update"}, "name": {"anyOf": [{"type": "string", "maxLength": 255, "minLength": 1}, {"type": "null"}], "title": "Name", "description": "New display name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "New description"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/DomainsObject"}, {"type": "null"}], "description": "New domain list; replaces the existing list entirely"}}, "type": "object", "required": ["object_id"], "title": "UpdateDomainsObjectRequest", "description": "Update an existing domains object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing domain list entirely."}, "UpdateFileProtectionObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to update"}, "name": {"anyOf": [{"type": "string", "maxLength": 255, "minLength": 1}, {"type": "null"}], "title": "Name", "description": "New display name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "New description"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/FileProtectionObject"}, {"type": "null"}], "description": "New file protection configuration; replaces the existing settings entirely"}}, "type": "object", "required": ["object_id"], "title": "UpdateFileProtectionObjectRequest", "description": "Update an existing file-protection object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing configuration entirely."}, "UpdateObjectResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/ObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "UpdateObjectResponse", "description": "Response after updating an object (returns metadata only)."}, "ValidationError": {"properties": {"loc": {"items": {"anyOf": [{"type": "string"}, {"type": "integer"}]}, "type": "array", "title": "Location"}, "msg": {"type": "string", "title": "Message"}, "type": {"type": "string", "title": "Error Type"}, "input": {"title": "Input"}, "ctx": {"type": "object", "title": "Context"}}, "type": "object", "required": ["loc", "msg", "type"], "title": "ValidationError"}, "Asset": {"properties": {"device": {"$ref": "#/components/schemas/Device"}, "user": {"anyOf": [{"$ref": "#/components/schemas/User"}, {"type": "null"}]}, "ping": {"anyOf": [{"$ref": "#/components/schemas/Ping"}, {"type": "null"}]}, "deployment": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/ModuleDeploymentData"}, "propertyNames": {"$ref": "#/components/schemas/ModuleEnum"}, "type": "object"}, {"type": "null"}], "title": "Deployment"}, "policy": {"anyOf": [{"additionalProperties": {"additionalProperties": {"$ref": "#/components/schemas/PolicyTypeData"}, "propertyNames": {"$ref": "#/components/schemas/PolicyType"}, "type": "object"}, "propertyNames": {"$ref": "#/components/schemas/RequestSource"}, "type": "object"}, {"type": "null"}], "title": "Policy"}, "status": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/HealthStatus"}, "propertyNames": {"$ref": "#/components/schemas/StatusComponent"}, "type": "object"}, {"type": "null"}], "title": "Status"}, "environment": {"anyOf": [{"$ref": "#/components/schemas/EnvironmentData"}, {"type": "null"}]}}, "type": "object", "required": ["device"], "title": "Asset", "description": "Complete asset with optional joined domains."}, "AssetsCountRequest": {"properties": {"filters": {"items": {"$ref": "#/components/schemas/FilterCondition"}, "type": "array", "title": "Filters", "description": "Filter conditions"}, "search": {"anyOf": [{"$ref": "#/components/schemas/SearchParams"}, {"type": "null"}], "description": "Free text search for device name or user name"}}, "type": "object", "title": "AssetsCountRequest", "description": "Request for querying assets count with optional filters."}, "AssetsCountResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "count": {"type": "integer", "title": "Count"}, "filters_applied": {"type": "integer", "title": "Filters Applied", "description": "Number of filters that were applied"}}, "type": "object", "required": ["tenant_id", "count", "filters_applied"], "title": "AssetsCountResponse", "description": "Response for count queries."}, "AssetsPagination": {"properties": {"limit": {"type": "integer", "maximum": 1000.0, "minimum": 1.0, "title": "Limit", "description": "Number of items per page (max: 1000)", "default": 50}, "offset": {"type": "integer", "minimum": 0.0, "title": "Offset", "description": "Number of items to skip", "default": 0}}, "type": "object", "title": "AssetsPagination", "description": "Pagination parameters."}, "AssetsRequest": {"properties": {"joins": {"items": {"$ref": "#/components/schemas/JoinDomain"}, "type": "array", "title": "Joins", "description": "Domains to join"}, "filters": {"items": {"$ref": "#/components/schemas/FilterCondition"}, "type": "array", "title": "Filters", "description": "Filter conditions"}, "sort": {"items": {"$ref": "#/components/schemas/SortCondition"}, "type": "array", "title": "Sort", "description": "Sort conditions"}, "pagination": {"$ref": "#/components/schemas/AssetsPagination", "description": "Pagination parameters"}, "search": {"anyOf": [{"$ref": "#/components/schemas/SearchParams"}, {"type": "null"}], "description": "Free text search for device name or user name"}}, "type": "object", "title": "AssetsRequest", "description": "Request for querying assets with explicit joins."}, "AssetsResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "assets": {"items": {"$ref": "#/components/schemas/Asset"}, "type": "array", "title": "Assets"}, "limit": {"type": "integer", "title": "Limit"}, "offset": {"type": "integer", "title": "Offset"}}, "type": "object", "required": ["tenant_id", "assets", "limit", "offset"], "title": "AssetsResponse", "description": "Response with assets and pagination metadata."}, "Device": {"properties": {"device_unique_id": {"type": "string", "format": "uuid", "title": "Device Unique Id", "description": "Unique device identifier"}, "name": {"type": "string", "title": "Name", "description": "Device name (unique per tenant)"}, "device_sid": {"type": "string", "title": "Device Sid", "description": "Device SID"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Created timestamp"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Updated timestamp"}}, "type": "object", "required": ["device_unique_id", "name", "device_sid", "created_at", "updated_at"], "title": "Device", "description": "External-safe twin of GlobalDevice."}, "DeviceTypeEnum": {"type": "string", "enum": ["Laptop", "Desktop", "Workstation", "unknown"], "title": "DeviceTypeEnum"}, "EnvironmentData": {"properties": {"device_type": {"anyOf": [{"$ref": "#/components/schemas/DeviceTypeEnum"}, {"type": "null"}], "description": "Device type (laptop, desktop, etc.)"}, "os": {"anyOf": [{"$ref": "#/components/schemas/OSEnum"}, {"type": "null"}], "description": "Operating system"}, "os_version": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Os Version", "description": "Operating system version"}, "ip": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Ip", "description": "Device IP address (IPv4 or IPv6)"}}, "type": "object", "title": "EnvironmentData", "description": "External-safe twin of EnvironmentData."}, "FilterCondition": {"properties": {"field": {"$ref": "#/components/schemas/FilterableField", "description": "Field to filter on"}, "operator": {"$ref": "#/components/schemas/FilterOperator", "description": "Filter operator"}, "value": {"anyOf": [{}, {"type": "null"}], "title": "Value", "description": "Single value (for equals, contains, gte, lte)"}, "values": {"anyOf": [{"items": {}, "type": "array"}, {"type": "null"}], "title": "Values", "description": "List of values (for in, between)"}}, "type": "object", "required": ["field", "operator"], "title": "FilterCondition", "description": "Filter condition on a single asset field."}, "FilterOperator": {"type": "string", "enum": ["equals", "in", "contains", "gte", "lte", "between"], "title": "FilterOperator", "description": "Filter operators for different field types."}, "FilterableField": {"type": "string", "enum": ["device_name", "device_sid", "device_created_at", "device_updated_at", "user_name", "user_display_name", "user_samname", "user_created_at", "user_updated_at", "last_connected", "os", "os_version", "device_type", "ip", "installer_version", "chrome_extension_version", "firefox_extension_version", "edge_extension_version", "brave_extension_version", "mcp_version", "proxy_version"], "title": "FilterableField", "description": "Fields available for filtering and sorting assets.\n\nEach value maps to an internal DB field path (see FIELD_TO_INTERNAL_PATH).\nOnly the listed fields can be used in filter/sort conditions."}, "HealthStatus": {"type": "string", "enum": ["healthy", "unhealthy"], "title": "HealthStatus", "description": "Component health derived from status code: healthy when code == 0, unhealthy otherwise."}, "JoinDomain": {"type": "string", "enum": ["users", "pings", "deployment", "policy", "status", "environment"], "title": "JoinDomain", "description": "Available domains to join with devices table."}, "ModuleDeploymentData": {"properties": {"version": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Version", "description": "Current version"}}, "type": "object", "title": "ModuleDeploymentData", "description": "External-safe twin of ModuleDeploymentData \u2014 exposes version only."}, "ModuleEnum": {"type": "string", "enum": ["chrome", "firefox", "edge", "brave", "comet", "safari", "surf", "mcp", "proxy", "da"], "title": "ModuleEnum"}, "OSEnum": {"type": "string", "enum": ["Windows", "macOS", "Linux"], "title": "OSEnum", "description": "Operating system enumeration"}, "Ping": {"properties": {"last_connected": {"type": "string", "format": "date-time", "title": "Last Connected", "description": "Last connection timestamp"}}, "type": "object", "required": ["last_connected"], "title": "Ping", "description": "External-safe twin of PingData."}, "PolicyTypeData": {"properties": {"rulebase_version": {"type": "integer", "title": "Rulebase Version", "description": "Version of the rulebase"}}, "type": "object", "required": ["rulebase_version"], "title": "PolicyTypeData", "description": "Policy rulebase version for a given policy type."}, "PolicyType": {"type": "string", "enum": ["chats", "access", "agents", "browse_securing"], "title": "PolicyType", "description": "External-facing policy types with consumer-friendly names."}, "RequestSource": {"type": "string", "enum": ["device", "edge", "chrome", "firefox", "brave", "comet", "safari", "surf", "na"], "title": "RequestSource"}, "SearchParams": {"properties": {"term": {"type": "string", "title": "Term", "description": "Search term to match"}, "case_sensitive": {"type": "boolean", "title": "Case Sensitive", "description": "Whether search is case-sensitive (default: False for case-insensitive)", "default": false}, "match_anywhere": {"type": "boolean", "title": "Match Anywhere", "description": "Whether to match anywhere in text (True) or only at the beginning (False, default)", "default": false}}, "type": "object", "required": ["term"], "title": "SearchParams", "description": "Free text search parameters for device name and user name."}, "SortCondition": {"properties": {"field": {"$ref": "#/components/schemas/FilterableField", "description": "Field to sort by"}, "order": {"$ref": "#/components/schemas/SortOrder", "description": "Sort order", "default": "desc"}}, "type": "object", "required": ["field"], "title": "SortCondition", "description": "Sort condition on a single asset field."}, "SortOrder": {"type": "string", "enum": ["asc", "desc"], "title": "SortOrder"}, "StatusComponent": {"type": "string", "enum": ["proxy_health", "mcp_health"], "title": "StatusComponent", "description": "External-facing subset of status components exposed to API consumers."}, "User": {"properties": {"user_unique_id": {"type": "string", "format": "uuid", "title": "User Unique Id", "description": "Unique user identifier"}, "name": {"type": "string", "title": "Name", "description": "User name"}, "display_name": {"type": "string", "title": "Display Name", "description": "Display name"}, "samname": {"type": "string", "title": "Samname", "description": "SAM account name (unique per tenant)"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Created timestamp"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Updated timestamp"}}, "type": "object", "required": ["user_unique_id", "name", "display_name", "samname", "created_at", "updated_at"], "title": "User", "description": "External-safe twin of GlobalUser."}, "UserItem": {"properties": {"user_unique_id": {"type": "string", "format": "uuid", "title": "User Unique Id", "description": "Unique user identifier"}, "name": {"type": "string", "title": "Name", "description": "User name (CN path)"}, "display_name": {"type": "string", "title": "Display Name", "description": "Display name"}, "samname": {"type": "string", "title": "Samname", "description": "SAM account name"}}, "type": "object", "required": ["user_unique_id", "name", "display_name", "samname"], "title": "UserItem", "description": "External-safe user item."}, "UsersByIdsRequest": {"properties": {"user_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "maxItems": 500, "minItems": 1, "title": "User Ids", "description": "Array of user unique IDs (max: 500)"}}, "type": "object", "required": ["user_ids"], "title": "UsersByIdsRequest", "description": "Request for getting users by an array of IDs."}, "UsersByIdsResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "users": {"items": {"$ref": "#/components/schemas/UserItem"}, "type": "array", "title": "Users"}}, "type": "object", "required": ["tenant_id", "users"], "title": "UsersByIdsResponse", "description": "Response with users by IDs."}, "UsersPagination": {"properties": {"limit": {"type": "integer", "maximum": 100.0, "minimum": 1.0, "title": "Limit", "description": "Number of items per page (max: 100)", "default": 50}, "offset": {"type": "integer", "minimum": 0.0, "title": "Offset", "description": "Number of items to skip", "default": 0}}, "type": "object", "title": "UsersPagination", "description": "Pagination parameters for users (max 100 per page)."}, "UsersRequest": {"properties": {"search": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Search", "description": "Search term for case-insensitive match on user name and display name"}, "pagination": {"$ref": "#/components/schemas/UsersPagination", "description": "Pagination parameters"}}, "type": "object", "title": "UsersRequest", "description": "Request for querying users."}, "UsersResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "users": {"items": {"$ref": "#/components/schemas/UserItem"}, "type": "array", "title": "Users"}, "limit": {"type": "integer", "title": "Limit"}, "offset": {"type": "integer", "title": "Offset"}}, "type": "object", "required": ["tenant_id", "users", "limit", "offset"], "title": "UsersResponse", "description": "Response with users and pagination metadata."}, "AppResult": {"properties": {"app_id": {"type": "integer", "title": "App Id", "description": "Unique app identifier"}, "name": {"type": "string", "title": "Name", "description": "App name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "App description"}, "page_url": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Page Url", "description": "App page URL"}}, "type": "object", "required": ["app_id", "name"], "title": "AppResult", "description": "A single app result with minimal fields."}, "AppSearchRequest": {"properties": {"search": {"type": "string", "maxLength": 200, "minLength": 1, "title": "Search", "description": "Search term"}, "search_by": {"$ref": "#/components/schemas/SearchBy", "description": "Search mode: name, name_and_description, or url", "default": "name"}}, "type": "object", "required": ["search"], "title": "AppSearchRequest", "description": "Request for searching GenAI apps."}, "AppSearchResponse": {"properties": {"results": {"items": {"$ref": "#/components/schemas/AppResult"}, "type": "array", "title": "Results", "description": "Matching apps (max 10)"}}, "type": "object", "title": "AppSearchResponse", "description": "Response with matching apps (max 10)."}, "AppsByIdsRequest": {"properties": {"ids": {"items": {"type": "integer"}, "type": "array", "maxItems": 100, "minItems": 1, "title": "Ids", "description": "Array of app IDs (max: 100)"}}, "type": "object", "required": ["ids"], "title": "AppsByIdsRequest", "description": "Request for getting apps by an array of IDs."}, "AppsByIdsResponse": {"properties": {"results": {"items": {"$ref": "#/components/schemas/AppResult"}, "type": "array", "title": "Results", "description": "Matching apps"}}, "type": "object", "title": "AppsByIdsResponse", "description": "Response with apps by IDs."}, "SearchBy": {"type": "string", "enum": ["name", "name_and_description", "url"], "title": "SearchBy"}}, "securitySchemes": {"HTTPBearer": {"type": "http", "scheme": "bearer"}}}} \ No newline at end of file diff --git a/sdk_generator/scripts/fetch_api.py b/sdk_generator/scripts/fetch_api.py index 5c9fe30..ee6aa2a 100644 --- a/sdk_generator/scripts/fetch_api.py +++ b/sdk_generator/scripts/fetch_api.py @@ -4,13 +4,10 @@ import requests API_SPEC_OWNER = 'Check-Point' -SPEC_NAME = os.environ.get('SPEC_NAME', 'checkpoint-ai-security') -LOCAL_SPEC_PATH = os.environ.get('LOCAL_GENERATED_API_PATH') SWAGGERHUB_API_KEY = os.environ.get('SWAGGERHUB_API_KEY') BRANCH_NAME = os.environ.get('CI_COMMIT_REF_NAME') or os.environ.get('BRANCH_NAME') print(f'[fetch-api] Branch: {BRANCH_NAME}, Build: {os.environ.get("BUILD_JOB_ID")}') -print(f'[fetch-api] Using spec: {SPEC_NAME}') swagger_headers = {'Content-Type': 'application/json'} if SWAGGERHUB_API_KEY: @@ -19,6 +16,20 @@ OUTPUT_BASE_PATH = 'resources/specs' SWAGGER_CONF = 'swagger.json' +# Specs to fetch: (env var for local override, spec name, output subdir) +SPECS = [ + { + 'name': os.environ.get('SPEC_NAME', 'checkpoint-ai-security'), + 'local_path_env': 'LOCAL_GENERATED_API_PATH', + 'output_dir': 'main', + }, + { + 'name': os.environ.get('BROWSE_SPEC_NAME', 'checkpoint-browse-security'), + 'local_path_env': 'LOCAL_BROWSE_SPEC_PATH', + 'output_dir': 'browse', + }, +] + def __mkdir_recursive(dir_path): if not os.path.exists(dir_path): @@ -30,9 +41,9 @@ def __deposit_file(path, filename, content): f.write(content) -def __download_spec(): - print('[fetch-api] Fetching spec from SwaggerHub...') - res = requests.get(f'https://api.swaggerhub.com/apis/{API_SPEC_OWNER}/{SPEC_NAME}', headers=swagger_headers) +def __download_spec(spec_name): + print(f'[fetch-api] Fetching spec "{spec_name}" from SwaggerHub...') + res = requests.get(f'https://api.swaggerhub.com/apis/{API_SPEC_OWNER}/{spec_name}', headers=swagger_headers) all_specs = res.json() latest = all_specs['apis'][-1] url = next((p['url'] for p in latest['properties'] if p['type'] == 'Swagger'), None) @@ -43,15 +54,21 @@ def __download_spec(): def fetch_api_specs(): __mkdir_recursive(OUTPUT_BASE_PATH) - out_dir = os.path.join(OUTPUT_BASE_PATH, 'main') - __mkdir_recursive(out_dir) - - if LOCAL_SPEC_PATH: - print(f'[fetch-api] Using local spec from: {LOCAL_SPEC_PATH}') - shutil.copy(LOCAL_SPEC_PATH, os.path.join(out_dir, SWAGGER_CONF)) - else: - spec = __download_spec() - __deposit_file(out_dir, SWAGGER_CONF, json.dumps(spec)) - - __deposit_file(out_dir, 'spec', SPEC_NAME) - print('[fetch-api] Spec ready.') + + for spec_cfg in SPECS: + spec_name = spec_cfg['name'] + out_dir = os.path.join(OUTPUT_BASE_PATH, spec_cfg['output_dir']) + __mkdir_recursive(out_dir) + + local_path = os.environ.get(spec_cfg['local_path_env']) + + print(f'[fetch-api] Processing spec: {spec_name}') + if local_path: + print(f'[fetch-api] Using local spec from: {local_path}') + shutil.copy(local_path, os.path.join(out_dir, SWAGGER_CONF)) + else: + spec = __download_spec(spec_name) + __deposit_file(out_dir, SWAGGER_CONF, json.dumps(spec)) + + __deposit_file(out_dir, 'spec', spec_name) + print(f'[fetch-api] Spec "{spec_name}" ready.') diff --git a/sdk_generator/scripts/post_build.py b/sdk_generator/scripts/post_build.py index a9a3268..d227d7f 100644 --- a/sdk_generator/scripts/post_build.py +++ b/sdk_generator/scripts/post_build.py @@ -7,17 +7,51 @@ PROJECT_DIR = str(Path(os.path.dirname(__file__), '..', '..')) BASE_PATH = os.path.join(PROJECT_DIR, 'chkp_ai_security_sdk') -OUTPUT_PATH = os.path.join(BASE_PATH, 'generated') -SPEC_PATH = os.path.join(PROJECT_DIR, 'resources', 'specs', 'main') -# SDK configuration +# SDK configuration — one entry per product PKG_NAME = 'chkp_ai_security_sdk' - -def __prepare_build_info(): - with open(os.path.join(SPEC_PATH, 'swagger.json'), 'r') as f: +PRODUCTS = [ + # ── Sync ── + { + 'label': 'ai-security', + 'generated_dir': os.path.join(BASE_PATH, 'generated'), + 'spec_dir': os.path.join(PROJECT_DIR, 'resources', 'specs', 'main'), + 'pkg_prefix': f'{PKG_NAME}.generated', + 'mixin_class': '_ApiMixin', + }, + { + 'label': 'browse-security', + 'generated_dir': os.path.join(BASE_PATH, 'generated_browse'), + 'spec_dir': os.path.join(PROJECT_DIR, 'resources', 'specs', 'browse'), + 'pkg_prefix': f'{PKG_NAME}.generated_browse', + 'mixin_class': '_BrowseApiMixin', + }, + # ── Async ── + { + 'label': 'ai-security-async', + 'generated_dir': os.path.join(BASE_PATH, 'generated_async'), + 'spec_dir': os.path.join(PROJECT_DIR, 'resources', 'specs', 'main'), + 'pkg_prefix': f'{PKG_NAME}.generated_async', + 'mixin_class': '_AsyncApiMixin', + }, + { + 'label': 'browse-security-async', + 'generated_dir': os.path.join(BASE_PATH, 'generated_browse_async'), + 'spec_dir': os.path.join(PROJECT_DIR, 'resources', 'specs', 'browse'), + 'pkg_prefix': f'{PKG_NAME}.generated_browse_async', + 'mixin_class': '_AsyncBrowseApiMixin', + }, +] + + +def __prepare_build_info(product): + output_path = product['generated_dir'] + spec_path = product['spec_dir'] + + with open(os.path.join(spec_path, 'swagger.json'), 'r') as f: swagger_spec = json.load(f) - with open(os.path.join(SPEC_PATH, 'spec'), 'r') as f: + with open(os.path.join(spec_path, 'spec'), 'r') as f: spec_name = f.readline().strip() sdk_build = os.environ.get('BUILD_JOB_ID', '') @@ -37,14 +71,14 @@ def sdk_build_info() -> WorkforceAISDKInfo: released_on="{released_on}", ) ''' - with open(os.path.join(OUTPUT_PATH, 'sdk_build.py'), 'w') as f: + with open(os.path.join(output_path, 'sdk_build.py'), 'w') as f: f.write(content) - print('[post-build] sdk_build.py written') + print(f'[post-build:{product["label"]}] sdk_build.py written') -def __discover_apis(): +def __discover_apis(product): """Scan generated api/__init__.py to discover all API classes.""" - init_path = os.path.join(OUTPUT_PATH, 'api', '__init__.py') + init_path = os.path.join(product['generated_dir'], 'api', '__init__.py') apis = [] with open(init_path, 'r') as f: for line in f: @@ -54,40 +88,44 @@ def __discover_apis(): return sorted(apis, key=lambda x: x[0]) -def __generate_api_mixin(apis): +def __generate_api_mixin(product, apis): """Generate generated/api_mixin.py with API property accessors.""" + pkg_prefix = product['pkg_prefix'] + mixin_class = product['mixin_class'] + props = '' for module_name, class_name in apis: props += f''' @property def {module_name}(self): - from {PKG_NAME}.generated.api.{module_name} import {class_name} + from {pkg_prefix}.api.{module_name} import {class_name} return {class_name}(self._get_api_client()) ''' content = f'''"""Auto-generated API mixin — do not edit manually. Provides property accessors for all generated API classes. -Inherit from _ApiMixin in your SDK class and implement _get_api_client(). +Inherit from {mixin_class} in your SDK class and implement _get_api_client(). """ -class _ApiMixin: +class {mixin_class}: def _get_api_client(self): raise NotImplementedError {props}''' - with open(os.path.join(OUTPUT_PATH, 'api_mixin.py'), 'w') as f: + with open(os.path.join(product['generated_dir'], 'api_mixin.py'), 'w') as f: f.write(content) - print(f'[post-build] api_mixin.py generated with {len(apis)} APIs') + print(f'[post-build:{product["label"]}] api_mixin.py generated with {len(apis)} APIs') -def __cleanup_generated(): +def __cleanup_generated(product): + output_path = product['generated_dir'] for dirname in ['test', 'docs']: - path = os.path.join(OUTPUT_PATH, dirname) + path = os.path.join(output_path, dirname) if os.path.exists(path): shutil.rmtree(path) - print(f'[post-build] Removed {path}') + print(f'[post-build:{product["label"]}] Removed {path}') # Clean test dir at project root if generator created one test_root = os.path.join(PROJECT_DIR, 'test') if os.path.exists(test_root): @@ -97,19 +135,39 @@ def __cleanup_generated(): readme_path = os.path.join(BASE_PATH, readme_name) if os.path.exists(readme_path): os.remove(readme_path) - print(f'[post-build] Removed {readme_path}') + print(f'[post-build:{product["label"]}] Removed {readme_path}') + + +def __inject_api_source_header(product): + """Inject x-api-source default header into generated api_client.py.""" + api_client_path = os.path.join(product['generated_dir'], 'api_client.py') + if not os.path.exists(api_client_path): + return + with open(api_client_path, 'r') as f: + content = f.read() + needle = "self.default_headers = {}" + if needle in content and 'x-api-source' not in content: + content = content.replace(needle, "self.default_headers = {'x-api-source': 'py_sdk'}") + with open(api_client_path, 'w') as f: + f.write(content) + print(f'[post-build:{product["label"]}] Injected x-api-source header into api_client.py') def post_build_process(): - print('[post-build] Preparing build info...') - __prepare_build_info() - print('[post-build] Cleaning up generated files...') - __cleanup_generated() - print('[post-build] Discovering APIs...') - apis = __discover_apis() - print(f'[post-build] Found {len(apis)} APIs: {", ".join(c for _, c in apis)}') - print('[post-build] Generating API mixin...') - __generate_api_mixin(apis) + for product in PRODUCTS: + label = product['label'] + print(f'[post-build:{label}] Preparing build info...') + __prepare_build_info(product) + print(f'[post-build:{label}] Cleaning up generated files...') + __cleanup_generated(product) + print(f'[post-build:{label}] Injecting x-api-source header...') + __inject_api_source_header(product) + print(f'[post-build:{label}] Discovering APIs...') + apis = __discover_apis(product) + print(f'[post-build:{label}] Found {len(apis)} APIs: {", ".join(c for _, c in apis)}') + print(f'[post-build:{label}] Generating API mixin...') + __generate_api_mixin(product, apis) + print('[post-build] Setting __init__ export...') shutil.copy( os.path.join(BASE_PATH, '__init__template.py'), diff --git a/setup.py b/setup.py index cc160eb..4c50ca8 100644 --- a/setup.py +++ b/setup.py @@ -19,14 +19,16 @@ 'pyjwt~=2.8', 'unitsnet-py>=0.1.82', 'urllib3~=2.2', + 'aiohttp~=3.9', + 'aiohttp-retry~=2.8', ] setup( name='chkp-ai-security-sdk', version='1.0.0', - keywords='python, ai, security, sdk, checkpoint, genai, workforce ai, ai security', + keywords='python, ai, security, sdk, checkpoint, genai, workforce ai, ai security, browse security', license='MIT', - description='Check Point Workforce AI Security Official Python SDK', + description='Check Point AI Security Official Python SDK (Workforce AI + Browse Security)', long_description=long_description, long_description_content_type='text/markdown', author='Haim Kastner', diff --git a/tests/test_async_api.py b/tests/test_async_api.py new file mode 100644 index 0000000..08fb0de --- /dev/null +++ b/tests/test_async_api.py @@ -0,0 +1,378 @@ +import asyncio +import unittest +import os + +import pytest + +CLIENT_ID = os.environ.get('CP_CI_CLIENT_ID', '') +ACCESS_KEY = os.environ.get('CP_CI_ACCESS_KEY', '') +GATEWAY = os.environ.get('CP_CI_GATEWAY', '') + +CREDS_AVAILABLE = bool(CLIENT_ID and ACCESS_KEY and GATEWAY) + + +def skip_without_creds(cls): + if not CREDS_AVAILABLE: + return unittest.skip('CP_CI_* credentials not set')(cls) + return cls + + +@skip_without_creds +class TestAsyncIntegration(unittest.TestCase): + + @classmethod + def setUpClass(cls): + from chkp_ai_security_sdk import AsyncAISecurity, InfinityPortalAuth + cls.ai = AsyncAISecurity() + asyncio.get_event_loop().run_until_complete( + cls.ai.connect(InfinityPortalAuth( + client_id=CLIENT_ID, + access_key=ACCESS_KEY, + gateway=GATEWAY, + )) + ) + asyncio.get_event_loop().run_until_complete(cls._async_cleanup_all()) + + @classmethod + def tearDownClass(cls): + if hasattr(cls, 'ai'): + asyncio.get_event_loop().run_until_complete(cls._async_cleanup_all()) + asyncio.get_event_loop().run_until_complete(cls.ai.disconnect()) + + @classmethod + async def _async_cleanup_all(cls): + import time + for get_rulebase in [ + cls.ai.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get, + cls.ai.ai_access_policy_api.get_ai_access_rulebase_external_v1_ai_access_rulebase_get, + cls.ai.agents_policy_api.get_agents_rulebase_external_v1_agents_rulebase_get, + ]: + try: + rb = await get_rulebase() + for rule in rb.rules: + try: + await cls.ai.rulebase_api.delete_rule_external_v1_rules_rule_id_delete(rule.rule_id) + except Exception: + pass + except Exception: + pass + + await asyncio.sleep(2) + + def _run(self, coro): + return asyncio.get_event_loop().run_until_complete(coro) + + # ── GenAI Chats Rule CRUD ── + + def test_genai_chats_rule_crud(self): + async def _test(): + from chkp_ai_security_sdk.generated_async.models.add_chats_rule_request import AddChatsRuleRequest + from chkp_ai_security_sdk.generated_async.models.chats_policy import ChatsPolicy + from chkp_ai_security_sdk.generated_async.models.services_and_application import ServicesAndApplication + from chkp_ai_security_sdk.generated_async.models.selection_mode import SelectionMode + from chkp_ai_security_sdk.generated_async.models.data_type import DataType + from chkp_ai_security_sdk.generated_async.models.dlp_type import DLPType + from chkp_ai_security_sdk.generated_async.models.dlp_event_type import DLPEventType + from chkp_ai_security_sdk.generated_async.models.logging_status import LoggingStatus + from chkp_ai_security_sdk.generated_async.models.assignment import Assignment + from chkp_ai_security_sdk.generated_async.models.assignment_type import AssignmentType + from chkp_ai_security_sdk.generated_async.models.common_set_info_request import CommonSetInfoRequest + from chkp_ai_security_sdk.generated_async.models.common_set_active_request import CommonSetActiveRequest + from chkp_ai_security_sdk.generated_async.models.patch_chats_policy_request import PatchChatsPolicyRequest + + # CREATE + result = await self.ai.chats_policy_api.add_chats_rule_external_v1_chats_rule_post( + add_chats_rule_request=AddChatsRuleRequest( + name='Async Test DLP Rule', + description='Async integration test', + order=0, + policy=ChatsPolicy( + event_type=DLPEventType.FILE_UPLOAD, + action='prevent', + logging=LoggingStatus.ENABLED, + services_and_application=ServicesAndApplication(mode=SelectionMode.ALL), + data_types=[DataType( + id='cf0523c1-537e-4a4b-8bb8-084b7b9e0b45', + name='Credit Card Number', + type=DLPType.PRE_DEFINED, + )], + ), + source=[Assignment( + assignment_id='entire-org', + display_name='Entire Organization', + assignment_type=AssignmentType.ASSIGNMENT_TYPE_ENTIRE_ORG, + )], + ), + ) + rule_id = result.rule_id + self.assertTrue(rule_id) + + # READ + rb = await self.ai.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get() + rule = next(r for r in rb.rules if r.rule_id == rule_id) + self.assertEqual(rule.name, 'Async Test DLP Rule') + self.assertTrue(rule.active) + + # UPDATE info + await self.ai.rulebase_api.set_rule_info_external_v1_rules_set_info_put( + CommonSetInfoRequest( + rule_id=rule_id, + name='Async Test DLP Rule Updated', + description='Updated', + ), + ) + rb2 = await self.ai.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get() + rule2 = next(r for r in rb2.rules if r.rule_id == rule_id) + self.assertEqual(rule2.name, 'Async Test DLP Rule Updated') + self.assertEqual(rule2.description, 'Updated') + + # PATCH policy + await self.ai.chats_policy_api.patch_chats_policy_external_v1_chats_rule_patch_policy_patch( + PatchChatsPolicyRequest( + rule_id=rule_id, + policy=ChatsPolicy(action='detect'), + ), + ) + rb3 = await self.ai.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get() + rule3 = next(r for r in rb3.rules if r.rule_id == rule_id) + self.assertEqual(rule3.policy.actual_instance.action, 'detect') + + # DISABLE + await self.ai.rulebase_api.set_active_external_v1_rules_set_active_put( + CommonSetActiveRequest(rule_id=rule_id, active=False), + ) + rb4 = await self.ai.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get() + rule4 = next(r for r in rb4.rules if r.rule_id == rule_id) + self.assertFalse(rule4.active) + + # DELETE + await self.ai.rulebase_api.delete_rule_external_v1_rules_rule_id_delete(rule_id) + rb5 = await self.ai.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get() + self.assertFalse(any(r.rule_id == rule_id for r in rb5.rules)) + + self._run(_test()) + + # ── GenAI Access Rule CRUD ── + + def test_genai_access_rule_crud(self): + async def _test(): + from chkp_ai_security_sdk.generated_async.models.add_access_rule_request import AddAccessRuleRequest + from chkp_ai_security_sdk.generated_async.models.access_policy import AccessPolicy + from chkp_ai_security_sdk.generated_async.models.services_and_application import ServicesAndApplication + from chkp_ai_security_sdk.generated_async.models.selection_mode import SelectionMode + from chkp_ai_security_sdk.generated_async.models.gen_ai_app import GenAIApp + from chkp_ai_security_sdk.generated_async.models.account_selection_mode import AccountSelectionMode + from chkp_ai_security_sdk.generated_async.models.logging_status import LoggingStatus + from chkp_ai_security_sdk.generated_async.models.assignment import Assignment + from chkp_ai_security_sdk.generated_async.models.assignment_type import AssignmentType + from chkp_ai_security_sdk.generated_async.models.common_set_info_request import CommonSetInfoRequest + + # CREATE + result = await self.ai.ai_access_policy_api.add_ai_access_rule_external_v1_ai_access_rule_post( + add_access_rule_request=AddAccessRuleRequest( + name='Async Test Access Rule', + description='Async integration test', + order=0, + policy=AccessPolicy( + action='block', + logging=LoggingStatus.ENABLED, + services_and_application=ServicesAndApplication( + mode=SelectionMode.SELECTED, + genai_application=[GenAIApp(id=1, mode=AccountSelectionMode.ALL)], + ), + ), + source=[Assignment( + assignment_id='entire-org', + display_name='Entire Organization', + assignment_type=AssignmentType.ASSIGNMENT_TYPE_ENTIRE_ORG, + )], + ), + ) + rule_id = result.rule_id + self.assertTrue(rule_id) + + # READ + rb = await self.ai.ai_access_policy_api.get_ai_access_rulebase_external_v1_ai_access_rulebase_get() + rule = next(r for r in rb.rules if r.rule_id == rule_id) + self.assertEqual(rule.name, 'Async Test Access Rule') + + # UPDATE info + await self.ai.rulebase_api.set_rule_info_external_v1_rules_set_info_put( + CommonSetInfoRequest( + rule_id=rule_id, + name='Async Test Access Rule v2', + description='v2', + ), + ) + rb2 = await self.ai.ai_access_policy_api.get_ai_access_rulebase_external_v1_ai_access_rulebase_get() + rule2 = next(r for r in rb2.rules if r.rule_id == rule_id) + self.assertEqual(rule2.name, 'Async Test Access Rule v2') + + # DELETE + await self.ai.rulebase_api.delete_rule_external_v1_rules_rule_id_delete(rule_id) + rb3 = await self.ai.ai_access_policy_api.get_ai_access_rulebase_external_v1_ai_access_rulebase_get() + self.assertFalse(any(r.rule_id == rule_id for r in rb3.rules)) + + self._run(_test()) + + # ── GenAI Agents Rule CRUD ── + + def test_genai_agents_rule_crud(self): + async def _test(): + from chkp_ai_security_sdk.generated_async.models.add_mcp_server_rule_request import AddMCPServerRuleRequest + from chkp_ai_security_sdk.generated_async.models.agents_policy import AgentsPolicy + from chkp_ai_security_sdk.generated_async.models.mcp_clients import MCPClients + from chkp_ai_security_sdk.generated_async.models.mcp_servers import MCPServers + from chkp_ai_security_sdk.generated_async.models.mcp_servers_mode import MCPServersMode + from chkp_ai_security_sdk.generated_async.models.tooling import Tooling + from chkp_ai_security_sdk.generated_async.models.match_tools_mode import MatchToolsMode + from chkp_ai_security_sdk.generated_async.models.selection_mode import SelectionMode + from chkp_ai_security_sdk.generated_async.models.logging_status import LoggingStatus + from chkp_ai_security_sdk.generated_async.models.assignment import Assignment + from chkp_ai_security_sdk.generated_async.models.assignment_type import AssignmentType + + # CREATE + result = await self.ai.agents_policy_api.add_agents_rule_external_v1_agents_rule_post( + add_mcp_server_rule_request=AddMCPServerRuleRequest( + name='Async Test Agents Rule', + description='Async integration test', + order=0, + policy=AgentsPolicy( + action='allow', + logging=LoggingStatus.ENABLED, + clients=MCPClients(mode=SelectionMode.ALL), + servers=MCPServers(mcp_servers_mode=MCPServersMode.ALL), + tooling=Tooling(match_mode=MatchToolsMode.TOOLS_INCLUDE), + ), + source=[Assignment( + assignment_id='entire-org', + display_name='Entire Organization', + assignment_type=AssignmentType.ASSIGNMENT_TYPE_ENTIRE_ORG, + )], + ), + ) + rule_id = result.rule_id + self.assertTrue(rule_id) + + # READ + rb = await self.ai.agents_policy_api.get_agents_rulebase_external_v1_agents_rulebase_get() + rule = next(r for r in rb.rules if r.rule_id == rule_id) + self.assertEqual(rule.name, 'Async Test Agents Rule') + + # DELETE + await self.ai.rulebase_api.delete_rule_external_v1_rules_rule_id_delete(rule_id) + + self._run(_test()) + + # ── Get Rulebase ── + + def test_get_chats_rulebase(self): + async def _test(): + rb = await self.ai.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get() + self.assertIsNotNone(rb) + self.assertIsInstance(rb.rules, list) + self.assertIsInstance(rb.rulebase_version, int) + self._run(_test()) + + def test_get_access_rulebase(self): + async def _test(): + rb = await self.ai.ai_access_policy_api.get_ai_access_rulebase_external_v1_ai_access_rulebase_get() + self.assertIsNotNone(rb) + self.assertIsInstance(rb.rules, list) + self._run(_test()) + + def test_get_agents_rulebase(self): + async def _test(): + rb = await self.ai.agents_policy_api.get_agents_rulebase_external_v1_agents_rulebase_get() + self.assertIsNotNone(rb) + self.assertIsInstance(rb.rules, list) + self._run(_test()) + + # ── DLP Datatypes ── + + def test_get_predefined_dlp_datatypes(self): + async def _test(): + datatypes = await self.ai.dlp_datatypes_api.get_predefined_datatypes_external_v1_dlp_datatypes_predefined_get() + self.assertIsNotNone(datatypes) + self._run(_test()) + + def test_get_all_dlp_datatypes(self): + async def _test(): + datatypes = await self.ai.dlp_datatypes_api.get_all_datatypes_external_v1_dlp_datatypes_all_get() + self.assertIsNotNone(datatypes) + self._run(_test()) + + # ── SetActive Toggle ── + + def test_set_active_toggle(self): + async def _test(): + from chkp_ai_security_sdk.generated_async.models.add_chats_rule_request import AddChatsRuleRequest + from chkp_ai_security_sdk.generated_async.models.chats_policy import ChatsPolicy + from chkp_ai_security_sdk.generated_async.models.services_and_application import ServicesAndApplication + from chkp_ai_security_sdk.generated_async.models.selection_mode import SelectionMode + from chkp_ai_security_sdk.generated_async.models.dlp_event_type import DLPEventType + from chkp_ai_security_sdk.generated_async.models.logging_status import LoggingStatus + from chkp_ai_security_sdk.generated_async.models.common_set_active_request import CommonSetActiveRequest + + result = await self.ai.chats_policy_api.add_chats_rule_external_v1_chats_rule_post( + add_chats_rule_request=AddChatsRuleRequest( + name='Async Toggle Test Rule', + order=0, + policy=ChatsPolicy( + event_type=DLPEventType.PROMPT, + action='detect', + logging=LoggingStatus.ENABLED, + services_and_application=ServicesAndApplication(mode=SelectionMode.ALL), + ), + ), + ) + rule_id = result.rule_id + + try: + # Disable + await self.ai.rulebase_api.set_active_external_v1_rules_set_active_put( + CommonSetActiveRequest(rule_id=rule_id, active=False), + ) + rb = await self.ai.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get() + rule = next(r for r in rb.rules if r.rule_id == rule_id) + self.assertFalse(rule.active) + + # Re-enable + await self.ai.rulebase_api.set_active_external_v1_rules_set_active_put( + CommonSetActiveRequest(rule_id=rule_id, active=True), + ) + rb2 = await self.ai.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get() + rule2 = next(r for r in rb2.rules if r.rule_id == rule_id) + self.assertTrue(rule2.active) + finally: + await self.ai.rulebase_api.delete_rule_external_v1_rules_rule_id_delete(rule_id) + + self._run(_test()) + + # ── Connection State ── + + def test_connection_state(self): + from chkp_ai_security_sdk import SDKConnectionState + state = self.ai.connection_state() + self.assertEqual(state, SDKConnectionState.CONNECTED) + + # ── Concurrent Requests ── + + def test_concurrent_requests(self): + async def _test(): + chats_rb, access_rb, agents_rb = await asyncio.gather( + self.ai.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get(), + self.ai.ai_access_policy_api.get_ai_access_rulebase_external_v1_ai_access_rulebase_get(), + self.ai.agents_policy_api.get_agents_rulebase_external_v1_agents_rulebase_get(), + ) + self.assertIsNotNone(chats_rb) + self.assertIsNotNone(access_rb) + self.assertIsNotNone(agents_rb) + self.assertIsInstance(chats_rb.rules, list) + self.assertIsInstance(access_rb.rules, list) + self.assertIsInstance(agents_rb.rules, list) + self._run(_test()) + + +if __name__ == '__main__': + unittest.main() diff --git a/tests/test_async_browse_api.py b/tests/test_async_browse_api.py new file mode 100644 index 0000000..f9c59c1 --- /dev/null +++ b/tests/test_async_browse_api.py @@ -0,0 +1,116 @@ +import asyncio +import unittest +import os + +CLIENT_ID = os.environ.get('CP_CI_CLIENT_ID', '') +ACCESS_KEY = os.environ.get('CP_CI_ACCESS_KEY', '') +GATEWAY = os.environ.get('CP_CI_GATEWAY', '') + +CREDS_AVAILABLE = bool(CLIENT_ID and ACCESS_KEY and GATEWAY) + + +def skip_without_creds(cls): + if not CREDS_AVAILABLE: + return unittest.skip('CP_CI_* credentials not set')(cls) + return cls + + +@skip_without_creds +class TestAsyncBrowseIntegration(unittest.TestCase): + + @classmethod + def setUpClass(cls): + from chkp_ai_security_sdk import AsyncBrowseSecurity, InfinityPortalAuth + cls.browse = AsyncBrowseSecurity() + asyncio.get_event_loop().run_until_complete( + cls.browse.connect(InfinityPortalAuth( + client_id=CLIENT_ID, + access_key=ACCESS_KEY, + gateway=GATEWAY, + )) + ) + + @classmethod + def tearDownClass(cls): + if hasattr(cls, 'browse'): + asyncio.get_event_loop().run_until_complete(cls.browse.disconnect()) + + def _run(self, coro): + return asyncio.get_event_loop().run_until_complete(coro) + + # ── DLP Policy Rulebase ── + + def test_get_dlp_rulebase(self): + async def _test(): + rb = await self.browse.dlp_policy_api.get_dlp_rulebase_external_v1_dlp_rulebase_get() + self.assertIsNotNone(rb) + self._run(_test()) + + # ── Web Access Rulebase ── + + def test_get_web_access_rulebase(self): + async def _test(): + rb = await self.browse.web_access_policy_api.get_web_access_rulebase_external_v1_web_access_rulebase_get() + self.assertIsNotNone(rb) + self._run(_test()) + + # ── Secure Browsing Rulebase ── + + def test_get_secure_browsing_rulebase(self): + async def _test(): + rb = await self.browse.secure_browsing_policy_api.get_secure_browsing_rulebase_external_v1_secure_browsing_rulebase_get() + self.assertIsNotNone(rb) + self._run(_test()) + + # ── DLP Datatypes ── + + def test_get_predefined_dlp_datatypes(self): + async def _test(): + datatypes = await self.browse.dlp_datatypes_api.get_predefined_datatypes_external_v1_dlp_datatypes_predefined_get() + self.assertIsNotNone(datatypes) + self._run(_test()) + + def test_get_all_dlp_datatypes(self): + async def _test(): + datatypes = await self.browse.dlp_datatypes_api.get_all_datatypes_external_v1_dlp_datatypes_all_get() + self.assertIsNotNone(datatypes) + self._run(_test()) + + # ── Objects ── + + def test_get_file_protection_objects(self): + async def _test(): + objects = await self.browse.objects_api.get_file_protection_objects_external_v1_objects_file_protection_get() + self.assertIsNotNone(objects) + self._run(_test()) + + def test_get_domains_objects(self): + async def _test(): + objects = await self.browse.objects_api.get_domains_objects_external_v1_objects_domains_get() + self.assertIsNotNone(objects) + self._run(_test()) + + # ── Connection State ── + + def test_connection_state(self): + from chkp_ai_security_sdk import SDKConnectionState + state = self.browse.connection_state() + self.assertEqual(state, SDKConnectionState.CONNECTED) + + # ── Concurrent Requests ── + + def test_concurrent_requests(self): + async def _test(): + dlp_rb, web_rb, sb_rb = await asyncio.gather( + self.browse.dlp_policy_api.get_dlp_rulebase_external_v1_dlp_rulebase_get(), + self.browse.web_access_policy_api.get_web_access_rulebase_external_v1_web_access_rulebase_get(), + self.browse.secure_browsing_policy_api.get_secure_browsing_rulebase_external_v1_secure_browsing_rulebase_get(), + ) + self.assertIsNotNone(dlp_rb) + self.assertIsNotNone(web_rb) + self.assertIsNotNone(sb_rb) + self._run(_test()) + + +if __name__ == '__main__': + unittest.main() diff --git a/tests/test_browse_api.py b/tests/test_browse_api.py new file mode 100644 index 0000000..7101a9d --- /dev/null +++ b/tests/test_browse_api.py @@ -0,0 +1,82 @@ +import unittest +import os + +CLIENT_ID = os.environ.get('CP_CI_CLIENT_ID', '') +ACCESS_KEY = os.environ.get('CP_CI_ACCESS_KEY', '') +GATEWAY = os.environ.get('CP_CI_GATEWAY', '') + +CREDS_AVAILABLE = bool(CLIENT_ID and ACCESS_KEY and GATEWAY) + + +def skip_without_creds(cls): + if not CREDS_AVAILABLE: + return unittest.skip('CP_CI_* credentials not set')(cls) + return cls + + +@skip_without_creds +class TestBrowseIntegration(unittest.TestCase): + + @classmethod + def setUpClass(cls): + from chkp_ai_security_sdk import BrowseSecurity, InfinityPortalAuth + cls.browse = BrowseSecurity() + cls.browse.connect(InfinityPortalAuth( + client_id=CLIENT_ID, + access_key=ACCESS_KEY, + gateway=GATEWAY, + )) + + @classmethod + def tearDownClass(cls): + if hasattr(cls, 'browse'): + cls.browse.disconnect() + + # ── DLP Policy Rulebase ── + + def test_get_dlp_rulebase(self): + rb = self.browse.dlp_policy_api.get_dlp_rulebase_external_v1_dlp_rulebase_get() + self.assertIsNotNone(rb) + + # ── Web Access Rulebase ── + + def test_get_web_access_rulebase(self): + rb = self.browse.web_access_policy_api.get_web_access_rulebase_external_v1_web_access_rulebase_get() + self.assertIsNotNone(rb) + + # ── Secure Browsing Rulebase ── + + def test_get_secure_browsing_rulebase(self): + rb = self.browse.secure_browsing_policy_api.get_secure_browsing_rulebase_external_v1_secure_browsing_rulebase_get() + self.assertIsNotNone(rb) + + # ── DLP Datatypes ── + + def test_get_predefined_dlp_datatypes(self): + datatypes = self.browse.dlp_datatypes_api.get_predefined_datatypes_external_v1_dlp_datatypes_predefined_get() + self.assertIsNotNone(datatypes) + + def test_get_all_dlp_datatypes(self): + datatypes = self.browse.dlp_datatypes_api.get_all_datatypes_external_v1_dlp_datatypes_all_get() + self.assertIsNotNone(datatypes) + + # ── Objects ── + + def test_get_file_protection_objects(self): + objects = self.browse.objects_api.get_file_protection_objects_external_v1_objects_file_protection_get() + self.assertIsNotNone(objects) + + def test_get_domains_objects(self): + objects = self.browse.objects_api.get_domains_objects_external_v1_objects_domains_get() + self.assertIsNotNone(objects) + + # ── Connection State ── + + def test_connection_state(self): + from chkp_ai_security_sdk import SDKConnectionState + state = self.browse.connection_state() + self.assertEqual(state, SDKConnectionState.CONNECTED) + + +if __name__ == '__main__': + unittest.main() diff --git a/tests/test_unit_sdk.py b/tests/test_unit_sdk.py new file mode 100644 index 0000000..b4180f5 --- /dev/null +++ b/tests/test_unit_sdk.py @@ -0,0 +1,397 @@ +"""Unit tests for SDK classes — no credentials required. + +Tests cover: +- SDK instantiation (sync + async, both products) +- Connection state lifecycle +- InfinityPortalAuth validation +- SessionManager error handling +- Info / build info +- Disconnect idempotency +- API property access before connect raises +""" +import asyncio +import unittest +from unittest.mock import patch, MagicMock + +from chkp_ai_security_sdk import ( + AISecurity, + AsyncAISecurity, + BrowseSecurity, + AsyncBrowseSecurity, + InfinityPortalAuth, + SDKConnectionState, + WorkforceAIApiException, + WorkforceAIErrorScope, +) + + +def _mock_successful_login(session_manager): + """Patch perform_ci_login to set CONNECTED state without real HTTP.""" + original_login = session_manager._SessionManager__perform_ci_login + + def fake_login(): + session_manager._SessionManager__sdk_connection_state = SDKConnectionState.CONNECTED + session_manager._SessionManager__jwt_token = 'fake-jwt-token' + + return patch.object( + session_manager, '_SessionManager__perform_ci_login', side_effect=fake_login + ) + + +# ──────────────────────────────────────────── +# InfinityPortalAuth +# ──────────────────────────────────────────── + +class TestInfinityPortalAuth(unittest.TestCase): + + def test_stores_credentials(self): + auth = InfinityPortalAuth(client_id='cid', access_key='key', gateway='https://gw.example.com') + self.assertEqual(auth.client_id, 'cid') + self.assertEqual(auth.access_key, 'key') + self.assertEqual(auth.gateway, 'https://gw.example.com') + + +# ──────────────────────────────────────────── +# SessionManager validation +# ──────────────────────────────────────────── + +class TestSessionManagerValidation(unittest.TestCase): + + def _make_auth(self, **overrides): + defaults = dict(client_id='cid', access_key='key', gateway='https://gw.example.com') + defaults.update(overrides) + return InfinityPortalAuth(**defaults) + + def test_missing_gateway(self): + from chkp_ai_security_sdk.core.session_manager import SessionManager + sm = SessionManager() + with self.assertRaises(WorkforceAIApiException) as ctx: + sm.connect(self._make_auth(gateway='')) + self.assertEqual(ctx.exception.error_scope, WorkforceAIErrorScope.INVALID_PARAMS) + + def test_missing_client_id(self): + from chkp_ai_security_sdk.core.session_manager import SessionManager + sm = SessionManager() + with self.assertRaises(WorkforceAIApiException) as ctx: + sm.connect(self._make_auth(client_id='')) + self.assertEqual(ctx.exception.error_scope, WorkforceAIErrorScope.INVALID_PARAMS) + + def test_missing_access_key(self): + from chkp_ai_security_sdk.core.session_manager import SessionManager + sm = SessionManager() + with self.assertRaises(WorkforceAIApiException) as ctx: + sm.connect(self._make_auth(access_key='')) + self.assertEqual(ctx.exception.error_scope, WorkforceAIErrorScope.INVALID_PARAMS) + + def test_non_https_gateway(self): + from chkp_ai_security_sdk.core.session_manager import SessionManager + sm = SessionManager() + with self.assertRaises(WorkforceAIApiException) as ctx: + sm.connect(self._make_auth(gateway='http://gw.example.com')) + self.assertEqual(ctx.exception.error_scope, WorkforceAIErrorScope.INVALID_PARAMS) + + def test_gateway_strips_path(self): + from chkp_ai_security_sdk.core.session_manager import SessionManager + auth = self._make_auth(gateway='https://gw.example.com/some/path') + sm = SessionManager() + # validate_params mutates auth.gateway, but connect will fail on CI login + # We just verify validation passes for the gateway format + with patch.object(sm, '_SessionManager__perform_ci_login'): + with patch.object(sm, '_SessionManager__activate_keep_alive'): + sm.connect(auth) + self.assertEqual(auth.gateway, 'https://gw.example.com') + + +# ──────────────────────────────────────────── +# Sync SDK classes — AISecurity +# ──────────────────────────────────────────── + +class TestAISecurity(unittest.TestCase): + + def test_initial_state_disconnected(self): + ai = AISecurity() + self.assertEqual(ai.connection_state(), SDKConnectionState.DISCONNECTED) + + def test_info_returns_string(self): + info = AISecurity.info() + self.assertIsInstance(info, str) + self.assertTrue(len(info) > 0) + + def test_api_property_before_connect_raises(self): + ai = AISecurity() + with self.assertRaises(WorkforceAIApiException) as ctx: + _ = ai.chats_policy_api + self.assertEqual(ctx.exception.error_scope, WorkforceAIErrorScope.SESSION) + + def test_connect_and_disconnect(self): + ai = AISecurity() + auth = InfinityPortalAuth(client_id='cid', access_key='key', gateway='https://gw.example.com') + with _mock_successful_login(ai._session_manager): + with patch.object(ai._session_manager, '_SessionManager__activate_keep_alive'): + ai.connect(auth) + self.assertEqual(ai.connection_state(), SDKConnectionState.CONNECTED) + ai.disconnect() + self.assertEqual(ai.connection_state(), SDKConnectionState.DISCONNECTED) + + def test_disconnect_idempotent(self): + ai = AISecurity() + ai.disconnect() + ai.disconnect() + self.assertEqual(ai.connection_state(), SDKConnectionState.DISCONNECTED) + + def test_has_all_api_properties(self): + expected = [ + 'agents_policy_api', 'ai_access_policy_api', 'apps_catalog_api', + 'chats_policy_api', 'deployment_status_api', 'dlp_datatypes_api', + 'rulebase_api', 'users_api', + ] + for prop in expected: + self.assertTrue(hasattr(AISecurity, prop), f'Missing property: {prop}') + + +# ──────────────────────────────────────────── +# Sync SDK classes — BrowseSecurity +# ──────────────────────────────────────────── + +class TestBrowseSecurity(unittest.TestCase): + + def test_initial_state_disconnected(self): + browse = BrowseSecurity() + self.assertEqual(browse.connection_state(), SDKConnectionState.DISCONNECTED) + + def test_info_returns_string(self): + info = BrowseSecurity.info() + self.assertIsInstance(info, str) + self.assertTrue(len(info) > 0) + + def test_api_property_before_connect_raises(self): + browse = BrowseSecurity() + with self.assertRaises(WorkforceAIApiException) as ctx: + _ = browse.dlp_policy_api + self.assertEqual(ctx.exception.error_scope, WorkforceAIErrorScope.SESSION) + + def test_connect_and_disconnect(self): + browse = BrowseSecurity() + auth = InfinityPortalAuth(client_id='cid', access_key='key', gateway='https://gw.example.com') + with _mock_successful_login(browse._session_manager): + with patch.object(browse._session_manager, '_SessionManager__activate_keep_alive'): + browse.connect(auth) + self.assertEqual(browse.connection_state(), SDKConnectionState.CONNECTED) + browse.disconnect() + self.assertEqual(browse.connection_state(), SDKConnectionState.DISCONNECTED) + + def test_has_all_api_properties(self): + expected = [ + 'apps_catalog_api', 'deployment_status_api', 'dlp_datatypes_api', + 'dlp_policy_api', 'objects_api', 'rulebase_api', + 'secure_browsing_policy_api', 'users_api', 'web_access_policy_api', + ] + for prop in expected: + self.assertTrue(hasattr(BrowseSecurity, prop), f'Missing property: {prop}') + + +# ──────────────────────────────────────────── +# Async SDK classes — AsyncAISecurity +# ──────────────────────────────────────────── + +class TestAsyncAISecurity(unittest.TestCase): + + def _run(self, coro): + return asyncio.get_event_loop().run_until_complete(coro) + + def test_initial_state_disconnected(self): + ai = AsyncAISecurity() + self.assertEqual(ai.connection_state(), SDKConnectionState.DISCONNECTED) + + def test_info_returns_string(self): + info = AsyncAISecurity.info() + self.assertIsInstance(info, str) + self.assertTrue(len(info) > 0) + + def test_api_property_before_connect_raises(self): + ai = AsyncAISecurity() + with self.assertRaises(WorkforceAIApiException) as ctx: + _ = ai.chats_policy_api + self.assertEqual(ctx.exception.error_scope, WorkforceAIErrorScope.SESSION) + + def test_connect_and_disconnect(self): + ai = AsyncAISecurity() + auth = InfinityPortalAuth(client_id='cid', access_key='key', gateway='https://gw.example.com') + + async def _test(): + with _mock_successful_login(ai._session_manager): + with patch.object(ai._session_manager, '_SessionManager__activate_keep_alive'): + await ai.connect(auth) + self.assertEqual(ai.connection_state(), SDKConnectionState.CONNECTED) + await ai.disconnect() + self.assertEqual(ai.connection_state(), SDKConnectionState.DISCONNECTED) + + self._run(_test()) + + def test_disconnect_idempotent(self): + ai = AsyncAISecurity() + + async def _test(): + await ai.disconnect() + await ai.disconnect() + self.assertEqual(ai.connection_state(), SDKConnectionState.DISCONNECTED) + + self._run(_test()) + + def test_has_all_api_properties(self): + expected = [ + 'agents_policy_api', 'ai_access_policy_api', 'apps_catalog_api', + 'chats_policy_api', 'deployment_status_api', 'dlp_datatypes_api', + 'rulebase_api', 'users_api', + ] + for prop in expected: + self.assertTrue(hasattr(AsyncAISecurity, prop), f'Missing property: {prop}') + + +# ──────────────────────────────────────────── +# Async SDK classes — AsyncBrowseSecurity +# ──────────────────────────────────────────── + +class TestAsyncBrowseSecurity(unittest.TestCase): + + def _run(self, coro): + return asyncio.get_event_loop().run_until_complete(coro) + + def test_initial_state_disconnected(self): + browse = AsyncBrowseSecurity() + self.assertEqual(browse.connection_state(), SDKConnectionState.DISCONNECTED) + + def test_info_returns_string(self): + info = AsyncBrowseSecurity.info() + self.assertIsInstance(info, str) + self.assertTrue(len(info) > 0) + + def test_api_property_before_connect_raises(self): + browse = AsyncBrowseSecurity() + with self.assertRaises(WorkforceAIApiException) as ctx: + _ = browse.dlp_policy_api + self.assertEqual(ctx.exception.error_scope, WorkforceAIErrorScope.SESSION) + + def test_connect_and_disconnect(self): + browse = AsyncBrowseSecurity() + auth = InfinityPortalAuth(client_id='cid', access_key='key', gateway='https://gw.example.com') + + async def _test(): + with _mock_successful_login(browse._session_manager): + with patch.object(browse._session_manager, '_SessionManager__activate_keep_alive'): + await browse.connect(auth) + self.assertEqual(browse.connection_state(), SDKConnectionState.CONNECTED) + await browse.disconnect() + self.assertEqual(browse.connection_state(), SDKConnectionState.DISCONNECTED) + + self._run(_test()) + + def test_has_all_api_properties(self): + expected = [ + 'apps_catalog_api', 'deployment_status_api', 'dlp_datatypes_api', + 'dlp_policy_api', 'objects_api', 'rulebase_api', + 'secure_browsing_policy_api', 'users_api', 'web_access_policy_api', + ] + for prop in expected: + self.assertTrue(hasattr(AsyncBrowseSecurity, prop), f'Missing property: {prop}') + + +# ──────────────────────────────────────────── +# WorkforceAIApiException +# ──────────────────────────────────────────── + +class TestWorkforceAIApiException(unittest.TestCase): + + def test_exception_fields(self): + exc = WorkforceAIApiException( + error_scope=WorkforceAIErrorScope.SERVICE, + message='test error', + url='https://example.com', + status_code=403, + payload_error='forbidden', + ) + self.assertEqual(exc.error_scope, WorkforceAIErrorScope.SERVICE) + self.assertEqual(exc.message, 'test error') + self.assertEqual(exc.url, 'https://example.com') + self.assertEqual(exc.status_code, 403) + self.assertEqual(exc.payload_error, 'forbidden') + + def test_exception_str(self): + exc = WorkforceAIApiException( + error_scope=WorkforceAIErrorScope.NETWORKING, + message='timeout', + ) + s = str(exc) + self.assertIn('NETWORKING', s) + self.assertIn('timeout', s) + + def test_error_scopes(self): + self.assertEqual(WorkforceAIErrorScope.NETWORKING.value, 'NETWORKING') + self.assertEqual(WorkforceAIErrorScope.SERVICE.value, 'SERVICE') + self.assertEqual(WorkforceAIErrorScope.SESSION.value, 'SESSION') + self.assertEqual(WorkforceAIErrorScope.INVALID_PARAMS.value, 'INVALID_PARAMS') + + +# ──────────────────────────────────────────── +# SDKConnectionState +# ──────────────────────────────────────────── + +class TestSDKConnectionState(unittest.TestCase): + + def test_all_states_exist(self): + self.assertEqual(SDKConnectionState.CONNECTED.value, 'CONNECTED') + self.assertEqual(SDKConnectionState.CONNECTING.value, 'CONNECTING') + self.assertEqual(SDKConnectionState.DISCONNECTED.value, 'DISCONNECTED') + self.assertEqual(SDKConnectionState.CONNECTION_ISSUE.value, 'CONNECTION_ISSUE') + + +# ──────────────────────────────────────────── +# SessionManager connect failure handling +# ──────────────────────────────────────────── + +class TestSessionManagerConnectFailure(unittest.TestCase): + + def test_network_error_sets_connection_issue(self): + from chkp_ai_security_sdk.core.session_manager import SessionManager + sm = SessionManager() + auth = InfinityPortalAuth(client_id='cid', access_key='key', gateway='https://nonexistent.invalid') + with self.assertRaises(WorkforceAIApiException) as ctx: + sm.connect(auth) + self.assertEqual(ctx.exception.error_scope, WorkforceAIErrorScope.NETWORKING) + self.assertEqual(sm.connection_state(), SDKConnectionState.CONNECTION_ISSUE) + + def test_bad_response_sets_connection_issue(self): + from chkp_ai_security_sdk.core.session_manager import SessionManager + sm = SessionManager() + auth = InfinityPortalAuth(client_id='bad', access_key='bad', gateway='https://portal.checkpoint.com') + + mock_response = MagicMock() + mock_response.status_code = 401 + mock_response.text = 'Unauthorized' + + with patch('chkp_ai_security_sdk.core.session_manager.requests.post', return_value=mock_response): + with self.assertRaises(WorkforceAIApiException) as ctx: + sm.connect(auth) + self.assertEqual(ctx.exception.error_scope, WorkforceAIErrorScope.SERVICE) + self.assertEqual(ctx.exception.status_code, 401) + self.assertEqual(sm.connection_state(), SDKConnectionState.CONNECTION_ISSUE) + + def test_unsuccessful_login_response(self): + from chkp_ai_security_sdk.core.session_manager import SessionManager + sm = SessionManager() + auth = InfinityPortalAuth(client_id='cid', access_key='key', gateway='https://portal.checkpoint.com') + + mock_response = MagicMock() + mock_response.status_code = 200 + mock_response.text = '{"success": false}' + mock_response.json.return_value = {'success': False} + + with patch('chkp_ai_security_sdk.core.session_manager.requests.post', return_value=mock_response): + with self.assertRaises(WorkforceAIApiException) as ctx: + sm.connect(auth) + self.assertEqual(ctx.exception.error_scope, WorkforceAIErrorScope.SERVICE) + self.assertEqual(sm.connection_state(), SDKConnectionState.CONNECTION_ISSUE) + + +if __name__ == '__main__': + unittest.main() From 3dff38a2ad714545e8760e99c15f096e5ddc7ac7 Mon Sep 17 00:00:00 2001 From: Haim Kastner Date: Thu, 9 Apr 2026 18:24:49 +0300 Subject: [PATCH 2/5] Align to Actions hash --- .github/workflows/build.yml | 20 ++++++++++---------- .github/workflows/release.yml | 8 ++++---- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 42e5f26..3685776 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,13 +15,13 @@ jobs: name: Build SDK runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: '3.9' - - uses: actions/setup-java@v3 + - uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3 with: distribution: 'zulu' java-version: '11' @@ -42,7 +42,7 @@ jobs: env: SWAGGERHUB_API_KEY: ${{ secrets.SWAGGERHUB_API_KEY }} - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: name: chkp_ai_security_sdk path: chkp_ai_security_sdk @@ -52,13 +52,13 @@ jobs: runs-on: ubuntu-latest needs: build steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: '3.9' - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: chkp_ai_security_sdk path: chkp_ai_security_sdk @@ -85,13 +85,13 @@ jobs: CP_CI_ACCESS_KEY: ${{ secrets.CP_CI_ACCESS_KEY }} CP_CI_GATEWAY: ${{ secrets.CP_CI_GATEWAY }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: '3.9' - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4 with: name: chkp_ai_security_sdk path: chkp_ai_security_sdk diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 83f2a31..ea1e782 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,12 +9,12 @@ jobs: name: Build and publish Python distributions to PyPI runs-on: ubuntu-latest steps: - - uses: actions/checkout@master + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Set up Python 3.9 - uses: actions/setup-python@v5 + uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: '3.9' - - uses: actions/setup-java@v3 + - uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3 with: distribution: 'zulu' java-version: '8' @@ -38,6 +38,6 @@ jobs: run: python -m build --sdist --wheel --outdir dist/ . - name: Publish to PyPI if: startsWith(github.ref, 'refs/tags') - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # release/v1 with: password: ${{ secrets.PYPI_API_TOKEN }} From c54fcb51b4f7600fb1f16ec38f738899538fabc2 Mon Sep 17 00:00:00 2001 From: Haim Kastner Date: Thu, 9 Apr 2026 18:32:58 +0300 Subject: [PATCH 3/5] Fix tests --- .github/workflows/build.yml | 2 +- tests/test_async_api.py | 6 ++---- tests/test_unit_api.py | 3 ++- tests/test_unit_sdk.py | 1 - 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3685776..6881191 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -70,7 +70,7 @@ jobs: pip install flake8 - name: Flake8 - run: flake8 chkp_ai_security_sdk/ tests/ + run: flake8 chkp_ai_security_sdk/ tests/ --exclude=chkp_ai_security_sdk/generated,chkp_ai_security_sdk/generated_browse,chkp_ai_security_sdk/generated_async,chkp_ai_security_sdk/generated_browse_async integration: name: Integration Tests diff --git a/tests/test_async_api.py b/tests/test_async_api.py index 08fb0de..f257a0c 100644 --- a/tests/test_async_api.py +++ b/tests/test_async_api.py @@ -2,8 +2,6 @@ import unittest import os -import pytest - CLIENT_ID = os.environ.get('CP_CI_CLIENT_ID', '') ACCESS_KEY = os.environ.get('CP_CI_ACCESS_KEY', '') GATEWAY = os.environ.get('CP_CI_GATEWAY', '') @@ -41,7 +39,6 @@ def tearDownClass(cls): @classmethod async def _async_cleanup_all(cls): - import time for get_rulebase in [ cls.ai.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get, cls.ai.ai_access_policy_api.get_ai_access_rulebase_external_v1_ai_access_rulebase_get, @@ -317,10 +314,11 @@ async def _test(): result = await self.ai.chats_policy_api.add_chats_rule_external_v1_chats_rule_post( add_chats_rule_request=AddChatsRuleRequest( name='Async Toggle Test Rule', + description='Async toggle test', order=0, policy=ChatsPolicy( event_type=DLPEventType.PROMPT, - action='detect', + action='block', logging=LoggingStatus.ENABLED, services_and_application=ServicesAndApplication(mode=SelectionMode.ALL), ), diff --git a/tests/test_unit_api.py b/tests/test_unit_api.py index 19b9a59..f327ca7 100644 --- a/tests/test_unit_api.py +++ b/tests/test_unit_api.py @@ -289,10 +289,11 @@ def test_set_active_toggle(self): result = self.ai.chats_policy_api.add_chats_rule_external_v1_chats_rule_post( add_chats_rule_request=AddChatsRuleRequest( name='Toggle Test Rule', + description='Toggle test', order=0, policy=ChatsPolicy( event_type=DLPEventType.PROMPT, - action='detect', + action='block', logging=LoggingStatus.ENABLED, services_and_application=ServicesAndApplication(mode=SelectionMode.ALL), ), diff --git a/tests/test_unit_sdk.py b/tests/test_unit_sdk.py index b4180f5..2f0b73d 100644 --- a/tests/test_unit_sdk.py +++ b/tests/test_unit_sdk.py @@ -27,7 +27,6 @@ def _mock_successful_login(session_manager): """Patch perform_ci_login to set CONNECTED state without real HTTP.""" - original_login = session_manager._SessionManager__perform_ci_login def fake_login(): session_manager._SessionManager__sdk_connection_state = SDKConnectionState.CONNECTED From ac80a720ef2fa9e7f5c3ef78750cbdad2b472d5f Mon Sep 17 00:00:00 2001 From: Haim Kastner Date: Thu, 9 Apr 2026 19:45:57 +0300 Subject: [PATCH 4/5] Fix tests --- tests/test_async_api.py | 4 ++-- tests/test_unit_api.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/test_async_api.py b/tests/test_async_api.py index f257a0c..de5eea8 100644 --- a/tests/test_async_api.py +++ b/tests/test_async_api.py @@ -127,12 +127,12 @@ async def _test(): await self.ai.chats_policy_api.patch_chats_policy_external_v1_chats_rule_patch_policy_patch( PatchChatsPolicyRequest( rule_id=rule_id, - policy=ChatsPolicy(action='detect'), + policy=ChatsPolicy(action='block'), ), ) rb3 = await self.ai.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get() rule3 = next(r for r in rb3.rules if r.rule_id == rule_id) - self.assertEqual(rule3.policy.actual_instance.action, 'detect') + self.assertEqual(rule3.policy.actual_instance.action, 'block') # DISABLE await self.ai.rulebase_api.set_active_external_v1_rules_set_active_put( diff --git a/tests/test_unit_api.py b/tests/test_unit_api.py index f327ca7..8fa9269 100644 --- a/tests/test_unit_api.py +++ b/tests/test_unit_api.py @@ -121,12 +121,12 @@ def test_genai_chats_rule_crud(self): self.ai.chats_policy_api.patch_chats_policy_external_v1_chats_rule_patch_policy_patch( PatchChatsPolicyRequest( rule_id=rule_id, - policy=ChatsPolicy(action='detect'), + policy=ChatsPolicy(action='block'), ), ) rb3 = self.ai.chats_policy_api.get_chats_rulebase_external_v1_chats_rulebase_get() rule3 = next(r for r in rb3.rules if r.rule_id == rule_id) - self.assertEqual(rule3.policy.actual_instance.action, 'detect') + self.assertEqual(rule3.policy.actual_instance.action, 'block') # DISABLE self.ai.rulebase_api.set_active_external_v1_rules_set_active_put( From 78a4deefd275d97a2880c2a3bdf7a25d01727291 Mon Sep 17 00:00:00 2001 From: Haim Kastner Date: Fri, 10 Apr 2026 14:48:04 +0300 Subject: [PATCH 5/5] Support generate & logging --- chkp_ai_security_sdk/core/ai_security.py | 2 +- .../core/async_ai_security.py | 5 +- .../core/async_browse_security.py | 5 +- chkp_ai_security_sdk/core/browse_security.py | 4 +- chkp_ai_security_sdk/core/session_manager.py | 1 + .../templates/python/__init__api.mustache | 19 + resources/templates/python/api.mustache | 280 ++++++ .../templates/python/api_client.mustache | 815 ++++++++++++++++++ sdk_generator/generate_sdk.py | 2 + .../resources/specs/browse/swagger.json | 2 +- .../resources/specs/main/swagger.json | 2 +- sdk_generator/scripts/post_build.py | 85 +- 12 files changed, 1138 insertions(+), 84 deletions(-) create mode 100644 resources/templates/python/__init__api.mustache create mode 100644 resources/templates/python/api.mustache create mode 100644 resources/templates/python/api_client.mustache diff --git a/chkp_ai_security_sdk/core/ai_security.py b/chkp_ai_security_sdk/core/ai_security.py index bb75f3f..004ad48 100644 --- a/chkp_ai_security_sdk/core/ai_security.py +++ b/chkp_ai_security_sdk/core/ai_security.py @@ -1,7 +1,7 @@ from chkp_ai_security_sdk.classes.infinity_portal_auth import InfinityPortalAuth from chkp_ai_security_sdk.classes.sdk_connection_state import SDKConnectionState from chkp_ai_security_sdk.core.session_manager import SessionManager -from chkp_ai_security_sdk.generated.api_mixin import _ApiMixin +from chkp_ai_security_sdk.generated.api import _ApiMixin print_message = True diff --git a/chkp_ai_security_sdk/core/async_ai_security.py b/chkp_ai_security_sdk/core/async_ai_security.py index 21fa650..53a4ad4 100644 --- a/chkp_ai_security_sdk/core/async_ai_security.py +++ b/chkp_ai_security_sdk/core/async_ai_security.py @@ -2,10 +2,10 @@ from chkp_ai_security_sdk.classes.infinity_portal_auth import InfinityPortalAuth from chkp_ai_security_sdk.classes.sdk_connection_state import SDKConnectionState from chkp_ai_security_sdk.core.session_manager import SessionManager -from chkp_ai_security_sdk.generated_async.api_mixin import _AsyncApiMixin +from chkp_ai_security_sdk.generated_async.api import _ApiMixin -class AsyncAISecurity(_AsyncApiMixin): +class AsyncAISecurity(_ApiMixin): """Check Point AI Security SDK (async) - manage AI Security policies and assets.""" def __init__(self): @@ -44,6 +44,7 @@ def _get_api_client(self): cfg = Configuration() cfg.host = sync_cfg.host cfg.access_token = sync_cfg.access_token + cfg.client_id = getattr(sync_cfg, 'client_id', None) self._api_client = ApiClient(cfg) else: self._api_client.configuration.access_token = sync_cfg.access_token diff --git a/chkp_ai_security_sdk/core/async_browse_security.py b/chkp_ai_security_sdk/core/async_browse_security.py index 61a8010..e454bae 100644 --- a/chkp_ai_security_sdk/core/async_browse_security.py +++ b/chkp_ai_security_sdk/core/async_browse_security.py @@ -2,10 +2,10 @@ from chkp_ai_security_sdk.classes.infinity_portal_auth import InfinityPortalAuth from chkp_ai_security_sdk.classes.sdk_connection_state import SDKConnectionState from chkp_ai_security_sdk.core.session_manager import SessionManager -from chkp_ai_security_sdk.generated_browse_async.api_mixin import _AsyncBrowseApiMixin +from chkp_ai_security_sdk.generated_browse_async.api import _ApiMixin -class AsyncBrowseSecurity(_AsyncBrowseApiMixin): +class AsyncBrowseSecurity(_ApiMixin): """Check Point Browse Security SDK (async) - manage Browse Security policies and assets.""" def __init__(self): @@ -44,6 +44,7 @@ def _get_api_client(self): cfg = Configuration() cfg.host = sync_cfg.host cfg.access_token = sync_cfg.access_token + cfg.client_id = getattr(sync_cfg, 'client_id', None) self._api_client = ApiClient(cfg) else: self._api_client.configuration.access_token = sync_cfg.access_token diff --git a/chkp_ai_security_sdk/core/browse_security.py b/chkp_ai_security_sdk/core/browse_security.py index 7e94dd8..e2bd46c 100644 --- a/chkp_ai_security_sdk/core/browse_security.py +++ b/chkp_ai_security_sdk/core/browse_security.py @@ -1,12 +1,12 @@ from chkp_ai_security_sdk.classes.infinity_portal_auth import InfinityPortalAuth from chkp_ai_security_sdk.classes.sdk_connection_state import SDKConnectionState from chkp_ai_security_sdk.core.session_manager import SessionManager -from chkp_ai_security_sdk.generated_browse.api_mixin import _BrowseApiMixin +from chkp_ai_security_sdk.generated_browse.api import _ApiMixin print_message = True -class BrowseSecurity(_BrowseApiMixin): +class BrowseSecurity(_ApiMixin): """Check Point Browse Security SDK - manage Browse Security policies and assets.""" def __init__(self): diff --git a/chkp_ai_security_sdk/core/session_manager.py b/chkp_ai_security_sdk/core/session_manager.py index 4bbdbce..cc801fe 100644 --- a/chkp_ai_security_sdk/core/session_manager.py +++ b/chkp_ai_security_sdk/core/session_manager.py @@ -34,6 +34,7 @@ def client_configuration(self) -> Any: configuration = Configuration() configuration.host = self.__url configuration.access_token = self.__jwt_token + configuration.client_id = self.__infinity_portal_auth.client_id if self.__infinity_portal_auth else None return configuration def __perform_ci_login(self): diff --git a/resources/templates/python/__init__api.mustache b/resources/templates/python/__init__api.mustache new file mode 100644 index 0000000..8ba2260 --- /dev/null +++ b/resources/templates/python/__init__api.mustache @@ -0,0 +1,19 @@ +# flake8: noqa + +# import apis into api package +{{#apiInfo}}{{#apis}}from {{apiPackage}}.{{classFilename}} import {{classname}} +{{/apis}}{{/apiInfo}} + +# TEMPLATE EDIT: Generate API mixin class (replaces post-build api_mixin.py hack) +class _ApiMixin: + """Auto-generated API mixin — provides property accessors for all generated API classes.""" + + def _get_api_client(self): + raise NotImplementedError + +{{#apiInfo}}{{#apis}} + @property + def {{classFilename}}(self): + return {{classname}}(self._get_api_client()) + +{{/apis}}{{/apiInfo}} diff --git a/resources/templates/python/api.mustache b/resources/templates/python/api.mustache new file mode 100644 index 0000000..4ce0a74 --- /dev/null +++ b/resources/templates/python/api.mustache @@ -0,0 +1,280 @@ +# coding: utf-8 + +{{>partial_header}} +import warnings +from pydantic import validate_call, Field, StrictFloat, StrictStr, StrictInt +from typing import Any, Dict, List, Optional, Tuple, Union +from typing_extensions import Annotated + +{{#imports}} +{{import}} +{{/imports}} + +from {{packageName}}.api_client import ApiClient, RequestSerialized +from {{packageName}}.api_response import ApiResponse +from {{packageName}}.rest import RESTResponseType +# TEMPLATE EDIT: import SDK logger +from chkp_ai_security_sdk.core.logger import logger, error_logger, network_logger + + +{{#operations}} +class {{classname}}: + """NOTE: This class is auto generated by OpenAPI Generator + Ref: https://openapi-generator.tech + + Do not edit the class manually. + """ + + def __init__(self, api_client=None) -> None: + if api_client is None: + api_client = ApiClient.get_default() + self.api_client = api_client +{{#operation}} + + + @validate_call + {{#asyncio}}async {{/asyncio}}def {{operationId}}{{>partial_api_args}} -> {{{returnType}}}{{^returnType}}None{{/returnType}}: +{{>partial_api}} + # TEMPLATE EDIT: log outgoing request + _client_id = getattr(self.api_client.configuration, 'client_id', None) or 'N/A' + logger(f'Sending operation "{{operationId}}"...') + network_logger(f'Sending "{{operationId}}" {{httpMethod}} "{{{path}}}" | clientId={_client_id[:8]}...') + try: + response_data = {{#asyncio}}await {{/asyncio}}self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + {{#asyncio}}await {{/asyncio}}response_data.read() + _result = self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ) + # TEMPLATE EDIT: log response with backend headers + _resp_headers = getattr(response_data, 'getheader', None) + _logger_token = _resp_headers('logger-token') if _resp_headers else 'N/A' + _correlation_id = _resp_headers('x-correlation-id') if _resp_headers else 'N/A' + logger(f'Received operation "{{operationId}}" with status {response_data.status}') + network_logger(f'Received "{{operationId}}": status={response_data.status}, logger-token={_logger_token or "N/A"}, x-correlation-id={_correlation_id or "N/A"}') + return _result.data + except Exception as _e: + # TEMPLATE EDIT: log error with backend headers + _err_headers = getattr(_e, 'headers', None) + _err_logger_token = _err_headers.get('logger-token') if _err_headers else 'N/A' + _err_correlation_id = _err_headers.get('x-correlation-id') if _err_headers else 'N/A' + error_logger(f'Error in operation "{{operationId}}": {_e}, logger-token={_err_logger_token or "N/A"}, x-correlation-id={_err_correlation_id or "N/A"}') + raise + + + @validate_call + {{#asyncio}}async {{/asyncio}}def {{operationId}}_with_http_info{{>partial_api_args}} -> ApiResponse[{{{returnType}}}{{^returnType}}None{{/returnType}}]: +{{>partial_api}} + # TEMPLATE EDIT: log outgoing request + _client_id = getattr(self.api_client.configuration, 'client_id', None) or 'N/A' + logger(f'Sending operation "{{operationId}}_with_http_info"...') + network_logger(f'Sending "{{operationId}}" {{httpMethod}} "{{{path}}}" | clientId={_client_id[:8]}...') + try: + response_data = {{#asyncio}}await {{/asyncio}}self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + {{#asyncio}}await {{/asyncio}}response_data.read() + _result = self.api_client.response_deserialize( + response_data=response_data, + response_types_map=_response_types_map, + ) + # TEMPLATE EDIT: log response with backend headers + _resp_headers = getattr(response_data, 'getheader', None) + _logger_token = _resp_headers('logger-token') if _resp_headers else 'N/A' + _correlation_id = _resp_headers('x-correlation-id') if _resp_headers else 'N/A' + logger(f'Received operation "{{operationId}}" with status {response_data.status}') + network_logger(f'Received "{{operationId}}": status={response_data.status}, logger-token={_logger_token or "N/A"}, x-correlation-id={_correlation_id or "N/A"}') + return _result + except Exception as _e: + # TEMPLATE EDIT: log error with backend headers + _err_headers = getattr(_e, 'headers', None) + _err_logger_token = _err_headers.get('logger-token') if _err_headers else 'N/A' + _err_correlation_id = _err_headers.get('x-correlation-id') if _err_headers else 'N/A' + error_logger(f'Error in operation "{{operationId}}": {_e}, logger-token={_err_logger_token or "N/A"}, x-correlation-id={_err_correlation_id or "N/A"}') + raise + + + @validate_call + {{#asyncio}}async {{/asyncio}}def {{operationId}}_without_preload_content{{>partial_api_args}} -> RESTResponseType: +{{>partial_api}} + response_data = {{#asyncio}}await {{/asyncio}}self.api_client.call_api( + *_param, + _request_timeout=_request_timeout + ) + return response_data.response + + + def _{{operationId}}_serialize( + self, + {{#allParams}} + {{paramName}}, + {{/allParams}} + _request_auth, + _content_type, + _headers, + _host_index, + ) -> RequestSerialized: + + {{#servers.0}} + _hosts = [{{#servers}} + '{{{url}}}'{{^-last}},{{/-last}}{{/servers}} + ] + _host = _hosts[_host_index] + {{/servers.0}} + {{^servers.0}} + _host = None + {{/servers.0}} + + _collection_formats: Dict[str, str] = { + {{#allParams}} + {{#isArray}} + '{{baseName}}': '{{collectionFormat}}', + {{/isArray}} + {{/allParams}} + } + + _path_params: Dict[str, str] = {} + _query_params: List[Tuple[str, str]] = [] + _header_params: Dict[str, Optional[str]] = _headers or {} + _form_params: List[Tuple[str, str]] = [] + _files: Dict[ + str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]] + ] = {} + _body_params: Optional[bytes] = None + + # process the path parameters +{{#pathParams}} + if {{paramName}} is not None: + _path_params['{{baseName}}'] = {{paramName}}{{#isEnumRef}}.value{{/isEnumRef}} +{{/pathParams}} + # process the query parameters +{{#queryParams}} + if {{paramName}} is not None: + {{#isDateTime}} + if isinstance({{paramName}}, datetime): + _query_params.append( + ( + '{{baseName}}', + {{paramName}}.strftime( + self.api_client.configuration.datetime_format + ) + ) + ) + else: + _query_params.append(('{{baseName}}', {{paramName}})) + {{/isDateTime}} + {{#isDate}} + if isinstance({{paramName}}, date): + _query_params.append( + ( + '{{baseName}}', + {{paramName}}.strftime( + self.api_client.configuration.date_format + ) + ) + ) + else: + _query_params.append(('{{baseName}}', {{paramName}})) + {{/isDate}} + {{^isDateTime}}{{^isDate}} + _query_params.append(('{{baseName}}', {{paramName}}{{#isEnumRef}}.value{{/isEnumRef}})) + {{/isDate}}{{/isDateTime}} +{{/queryParams}} + # process the header parameters +{{#headerParams}} + if {{paramName}} is not None: + _header_params['{{baseName}}'] = {{paramName}} +{{/headerParams}} + # process the form parameters +{{#formParams}} + if {{paramName}} is not None: + {{#isFile}} + _files['{{{baseName}}}'] = {{paramName}} + {{/isFile}} + {{^isFile}} + _form_params.append(('{{{baseName}}}', {{paramName}})) + {{/isFile}} +{{/formParams}} + # process the body parameter +{{#bodyParam}} + if {{paramName}} is not None: + {{#isBinary}} + # convert to byte array if the input is a file name (str) + if isinstance({{paramName}}, str): + with open({{paramName}}, "rb") as _fp: + _body_params = _fp.read() + elif isinstance({{paramName}}, tuple): + # drop the filename from the tuple + _body_params = {{paramName}}[1] + else: + _body_params = {{paramName}} + {{/isBinary}} + {{^isBinary}} + _body_params = {{paramName}} + {{/isBinary}} +{{/bodyParam}} + + {{#constantParams}} + {{#isQueryParam}} + # Set client side default value of Query Param "{{baseName}}". + _query_params.append(('{{baseName}}', {{#_enum}}'{{{.}}}'{{/_enum}})) + {{/isQueryParam}} + {{#isHeaderParam}} + # Set client side default value of Header Param "{{baseName}}". + _header_params['{{baseName}}'] = {{#_enum}}'{{{.}}}'{{/_enum}} + {{/isHeaderParam}} + {{/constantParams}} + + {{#hasProduces}} + # set the HTTP header `Accept` + if 'Accept' not in _header_params: + _header_params['Accept'] = self.api_client.select_header_accept( + [{{#produces}} + '{{{mediaType}}}'{{^-last}}, {{/-last}}{{/produces}} + ] + ) + {{/hasProduces}} + + {{#hasConsumes}} + # set the HTTP header `Content-Type` + if _content_type: + _header_params['Content-Type'] = _content_type + else: + _default_content_type = ( + self.api_client.select_header_content_type( + [{{#consumes}} + '{{{mediaType}}}'{{^-last}}, {{/-last}}{{/consumes}} + ] + ) + ) + if _default_content_type is not None: + _header_params['Content-Type'] = _default_content_type + {{/hasConsumes}} + + # authentication setting + _auth_settings: List[str] = [{{#authMethods}} + '{{name}}'{{^-last}}, {{/-last}}{{/authMethods}} + ] + + return self.api_client.param_serialize( + method='{{httpMethod}}', + resource_path='{{{path}}}', + path_params=_path_params, + query_params=_query_params, + header_params=_header_params, + body=_body_params, + post_params=_form_params, + files=_files, + auth_settings=_auth_settings, + collection_formats=_collection_formats, + _host=_host, + _request_auth=_request_auth + ) + + +{{/operation}} +{{/operations}} diff --git a/resources/templates/python/api_client.mustache b/resources/templates/python/api_client.mustache new file mode 100644 index 0000000..e249611 --- /dev/null +++ b/resources/templates/python/api_client.mustache @@ -0,0 +1,815 @@ +# coding: utf-8 + +{{>partial_header}} + +import datetime +from dateutil.parser import parse +from enum import Enum +import decimal +import json +import mimetypes +import os +import re +import tempfile + +from urllib.parse import quote +from typing import Tuple, Optional, List, Dict, Union +from pydantic import SecretStr +{{#tornado}} +import tornado.gen +{{/tornado}} + +from {{packageName}}.configuration import Configuration +from {{packageName}}.api_response import ApiResponse, T as ApiResponseT +import {{modelPackage}} +from {{packageName}} import rest +from {{packageName}}.exceptions import ( + ApiValueError, + ApiException, + BadRequestException, + UnauthorizedException, + ForbiddenException, + NotFoundException, + ServiceException +) + +RequestSerialized = Tuple[str, str, Dict[str, str], Optional[str], List[str]] + +class ApiClient: + """Generic API client for OpenAPI client library builds. + + OpenAPI generic API client. This client handles the client- + server communication, and is invariant across implementations. Specifics of + the methods and models for each application are generated from the OpenAPI + templates. + + :param configuration: .Configuration object for this client + :param header_name: a header to pass when making calls to the API. + :param header_value: a header value to pass when making calls to + the API. + :param cookie: a cookie to include in the header when making calls + to the API + """ + + PRIMITIVE_TYPES = (float, bool, bytes, str, int) + NATIVE_TYPES_MAPPING = { + 'int': int, + 'long': int, # TODO remove as only py3 is supported? + 'float': float, + 'str': str, + 'bool': bool, + 'date': datetime.date, + 'datetime': datetime.datetime, + 'decimal': decimal.Decimal, + 'object': object, + } + _pool = None + + def __init__( + self, + configuration=None, + header_name=None, + header_value=None, + cookie=None + ) -> None: + # use default configuration if none is provided + if configuration is None: + configuration = Configuration.get_default() + self.configuration = configuration + + self.rest_client = rest.RESTClientObject(configuration) + # TEMPLATE EDIT: inject x-api-source header (replaces post-build hack) + self.default_headers = {'x-api-source': 'py_sdk'} + if header_name is not None: + self.default_headers[header_name] = header_value + self.cookie = cookie + # Set default User-Agent. + self.user_agent = '{{{httpUserAgent}}}{{^httpUserAgent}}OpenAPI-Generator/{{{packageVersion}}}/python{{/httpUserAgent}}' + self.client_side_validation = configuration.client_side_validation + +{{#asyncio}} + async def __aenter__(self): + return self + + async def __aexit__(self, exc_type, exc_value, traceback): + await self.close() + + async def close(self): + await self.rest_client.close() +{{/asyncio}} +{{^asyncio}} + def __enter__(self): + return self + + def __exit__(self, exc_type, exc_value, traceback): + pass +{{/asyncio}} + + @property + def user_agent(self): + """User agent for this API client""" + return self.default_headers['User-Agent'] + + @user_agent.setter + def user_agent(self, value): + self.default_headers['User-Agent'] = value + + def set_default_header(self, header_name, header_value): + self.default_headers[header_name] = header_value + + + _default = None + + @classmethod + def get_default(cls): + """Return new instance of ApiClient. + + This method returns newly created, based on default constructor, + object of ApiClient class or returns a copy of default + ApiClient. + + :return: The ApiClient object. + """ + if cls._default is None: + cls._default = ApiClient() + return cls._default + + @classmethod + def set_default(cls, default): + """Set default instance of ApiClient. + + It stores default ApiClient. + + :param default: object of ApiClient. + """ + cls._default = default + + def param_serialize( + self, + method, + resource_path, + path_params=None, + query_params=None, + header_params=None, + body=None, + post_params=None, + files=None, auth_settings=None, + collection_formats=None, + _host=None, + _request_auth=None + ) -> RequestSerialized: + + """Builds the HTTP request params needed by the request. + :param method: Method to call. + :param resource_path: Path to method endpoint. + :param path_params: Path parameters in the url. + :param query_params: Query parameters in the url. + :param header_params: Header parameters to be + placed in the request header. + :param body: Request body. + :param post_params dict: Request post form parameters, + for `application/x-www-form-urlencoded`, `multipart/form-data`. + :param auth_settings list: Auth Settings names for the request. + :param files dict: key -> filename, value -> filepath, + for `multipart/form-data`. + :param collection_formats: dict of collection formats for path, query, + header, and post parameters. + :param _request_auth: set to override the auth_settings for an a single + request; this effectively ignores the authentication + in the spec for a single request. + :return: tuple of form (path, http_method, query_params, header_params, + body, post_params, files) + """ + + config = self.configuration + + # header parameters + header_params = header_params or {} + header_params.update(self.default_headers) + if self.cookie: + header_params['Cookie'] = self.cookie + if header_params: + header_params = self.sanitize_for_serialization(header_params) + header_params = dict( + self.parameters_to_tuples(header_params,collection_formats) + ) + + # path parameters + if path_params: + path_params = self.sanitize_for_serialization(path_params) + path_params = self.parameters_to_tuples( + path_params, + collection_formats + ) + for k, v in path_params: + # specified safe chars, encode everything + resource_path = resource_path.replace( + '{%s}' % k, + quote(str(v), safe=config.safe_chars_for_path_param) + ) + + # post parameters + if post_params or files: + post_params = post_params if post_params else [] + post_params = self.sanitize_for_serialization(post_params) + post_params = self.parameters_to_tuples( + post_params, + collection_formats + ) + if files: + post_params.extend(self.files_parameters(files)) + + # auth setting + self.update_params_for_auth( + header_params, + query_params, + auth_settings, + resource_path, + method, + body, + request_auth=_request_auth + ) + + # body + if body: + body = self.sanitize_for_serialization(body) + + # request url + if _host is None or self.configuration.ignore_operation_servers: + url = self.configuration.host + resource_path + else: + # use server/host defined in path or operation instead + url = _host + resource_path + + # query parameters + if query_params: + query_params = self.sanitize_for_serialization(query_params) + url_query = self.parameters_to_url_query( + query_params, + collection_formats + ) + url += "?" + url_query + + return method, url, header_params, body, post_params + + + {{#tornado}} + @tornado.gen.coroutine + {{/tornado}} + {{#asyncio}}async {{/asyncio}}def call_api( + self, + method, + url, + header_params=None, + body=None, + post_params=None, + _request_timeout=None + ) -> rest.RESTResponse: + """Makes the HTTP request (synchronous) + :param method: Method to call. + :param url: Path to method endpoint. + :param header_params: Header parameters to be + placed in the request header. + :param body: Request body. + :param post_params dict: Request post form parameters, + for `application/x-www-form-urlencoded`, `multipart/form-data`. + :param _request_timeout: timeout setting for this request. + :return: RESTResponse + """ + + try: + # perform request and return response + response_data = {{#asyncio}}await {{/asyncio}}{{#tornado}}yield {{/tornado}}self.rest_client.request( + method, url, + headers=header_params, + body=body, post_params=post_params, + _request_timeout=_request_timeout + ) + + except ApiException as e: + raise e + + return response_data + + def response_deserialize( + self, + response_data: rest.RESTResponse, + response_types_map: Optional[Dict[str, ApiResponseT]]=None + ) -> ApiResponse[ApiResponseT]: + """Deserializes response into an object. + :param response_data: RESTResponse object to be deserialized. + :param response_types_map: dict of response types. + :return: ApiResponse + """ + + msg = "RESTResponse.read() must be called before passing it to response_deserialize()" + assert response_data.data is not None, msg + + response_type = response_types_map.get(str(response_data.status), None) + if not response_type and isinstance(response_data.status, int) and 100 <= response_data.status <= 599: + # if not found, look for '1XX', '2XX', etc. + response_type = response_types_map.get(str(response_data.status)[0] + "XX", None) + + # deserialize response data + response_text = None + return_data = None + try: + if response_type == "bytearray": + return_data = response_data.data + elif response_type == "file": + return_data = self.__deserialize_file(response_data) + elif response_type is not None: + match = None + content_type = response_data.getheader('content-type') + if content_type is not None: + match = re.search(r"charset=([a-zA-Z\-\d]+)[\s;]?", content_type) + encoding = match.group(1) if match else "utf-8" + response_text = response_data.data.decode(encoding) + return_data = self.deserialize(response_text, response_type, content_type) + finally: + if not 200 <= response_data.status <= 299: + raise ApiException.from_response( + http_resp=response_data, + body=response_text, + data=return_data, + ) + + return ApiResponse( + status_code = response_data.status, + data = return_data, + headers = response_data.getheaders(), + raw_data = response_data.data + ) + + def sanitize_for_serialization(self, obj): + """Builds a JSON POST object. + + If obj is None, return None. + If obj is SecretStr, return obj.get_secret_value() + If obj is str, int, long, float, bool, return directly. + If obj is datetime.datetime, datetime.date + convert to string in iso8601 format. + If obj is decimal.Decimal return string representation. + If obj is list, sanitize each element in the list. + If obj is dict, return the dict. + If obj is OpenAPI model, return the properties dict. + + :param obj: The data to serialize. + :return: The serialized form of data. + """ + if obj is None: + return None + elif isinstance(obj, Enum): + return obj.value + elif isinstance(obj, SecretStr): + return obj.get_secret_value() + elif isinstance(obj, self.PRIMITIVE_TYPES): + return obj + elif isinstance(obj, list): + return [ + self.sanitize_for_serialization(sub_obj) for sub_obj in obj + ] + elif isinstance(obj, tuple): + return tuple( + self.sanitize_for_serialization(sub_obj) for sub_obj in obj + ) + elif isinstance(obj, (datetime.datetime, datetime.date)): + return obj.isoformat() + elif isinstance(obj, decimal.Decimal): + return str(obj) + + elif isinstance(obj, dict): + obj_dict = obj + else: + # Convert model obj to dict except + # attributes `openapi_types`, `attribute_map` + # and attributes which value is not None. + # Convert attribute name to json key in + # model definition for request. + if hasattr(obj, 'to_dict') and callable(getattr(obj, 'to_dict')): + obj_dict = obj.to_dict() + else: + obj_dict = obj.__dict__ + + return { + key: self.sanitize_for_serialization(val) + for key, val in obj_dict.items() + } + + def deserialize(self, response_text: str, response_type: str, content_type: Optional[str]): + """Deserializes response into an object. + + :param response: RESTResponse object to be deserialized. + :param response_type: class literal for + deserialized object, or string of class name. + :param content_type: content type of response. + + :return: deserialized object. + """ + + # fetch data from response object + if content_type is None: + try: + data = json.loads(response_text) + except ValueError: + data = response_text + elif re.match(r'^application/(json|[\w!#$&.+-^_]+\+json)\s*(;|$)', content_type, re.IGNORECASE): + if response_text == "": + data = "" + else: + data = json.loads(response_text) + elif re.match(r'^text\/[a-z.+-]+\s*(;|$)', content_type, re.IGNORECASE): + data = response_text + else: + raise ApiException( + status=0, + reason="Unsupported content type: {0}".format(content_type) + ) + + return self.__deserialize(data, response_type) + + def __deserialize(self, data, klass): + """Deserializes dict, list, str into an object. + + :param data: dict, list or str. + :param klass: class literal, or string of class name. + + :return: object. + """ + if data is None: + return None + + if isinstance(klass, str): + if klass.startswith('List['): + m = re.match(r'List\[(.*)]', klass) + assert m is not None, "Malformed List type definition" + sub_kls = m.group(1) + return [self.__deserialize(sub_data, sub_kls) + for sub_data in data] + + if klass.startswith('Dict['): + m = re.match(r'Dict\[([^,]*), (.*)]', klass) + assert m is not None, "Malformed Dict type definition" + sub_kls = m.group(2) + return {k: self.__deserialize(v, sub_kls) + for k, v in data.items()} + + # convert str to class + if klass in self.NATIVE_TYPES_MAPPING: + klass = self.NATIVE_TYPES_MAPPING[klass] + else: + klass = getattr({{modelPackage}}, klass) + + if klass in self.PRIMITIVE_TYPES: + return self.__deserialize_primitive(data, klass) + elif klass == object: + return self.__deserialize_object(data) + elif klass == datetime.date: + return self.__deserialize_date(data) + elif klass == datetime.datetime: + return self.__deserialize_datetime(data) + elif klass == decimal.Decimal: + return decimal.Decimal(data) + elif issubclass(klass, Enum): + return self.__deserialize_enum(data, klass) + else: + return self.__deserialize_model(data, klass) + + def parameters_to_tuples(self, params, collection_formats): + """Get parameters as list of tuples, formatting collections. + + :param params: Parameters as dict or list of two-tuples + :param dict collection_formats: Parameter collection formats + :return: Parameters as list of tuples, collections formatted + """ + new_params: List[Tuple[str, str]] = [] + if collection_formats is None: + collection_formats = {} + for k, v in params.items() if isinstance(params, dict) else params: + if k in collection_formats: + collection_format = collection_formats[k] + if collection_format == 'multi': + new_params.extend((k, value) for value in v) + else: + if collection_format == 'ssv': + delimiter = ' ' + elif collection_format == 'tsv': + delimiter = '\t' + elif collection_format == 'pipes': + delimiter = '|' + else: # csv is the default + delimiter = ',' + new_params.append( + (k, delimiter.join(str(value) for value in v))) + else: + new_params.append((k, v)) + return new_params + + def parameters_to_url_query(self, params, collection_formats): + """Get parameters as list of tuples, formatting collections. + + :param params: Parameters as dict or list of two-tuples + :param dict collection_formats: Parameter collection formats + :return: URL query string (e.g. a=Hello%20World&b=123) + """ + new_params: List[Tuple[str, str]] = [] + if collection_formats is None: + collection_formats = {} + for k, v in params.items() if isinstance(params, dict) else params: + if isinstance(v, bool): + v = str(v).lower() + if isinstance(v, (int, float)): + v = str(v) + if isinstance(v, dict): + v = json.dumps(v) + + if k in collection_formats: + collection_format = collection_formats[k] + if collection_format == 'multi': + new_params.extend((k, quote(str(value))) for value in v) + else: + if collection_format == 'ssv': + delimiter = ' ' + elif collection_format == 'tsv': + delimiter = '\t' + elif collection_format == 'pipes': + delimiter = '|' + else: # csv is the default + delimiter = ',' + new_params.append( + (k, delimiter.join(quote(str(value)) for value in v)) + ) + else: + new_params.append((k, quote(str(v)))) + + return "&".join(["=".join(map(str, item)) for item in new_params]) + + def files_parameters( + self, + files: Dict[str, Union[str, bytes, List[str], List[bytes], Tuple[str, bytes]]], + ): + """Builds form parameters. + + :param files: File parameters. + :return: Form parameters with files. + """ + params = [] + for k, v in files.items(): + if isinstance(v, str): + with open(v, 'rb') as f: + filename = os.path.basename(f.name) + filedata = f.read() + elif isinstance(v, bytes): + filename = k + filedata = v + elif isinstance(v, tuple): + filename, filedata = v + elif isinstance(v, list): + for file_param in v: + params.extend(self.files_parameters({k: file_param})) + continue + else: + raise ValueError("Unsupported file value") + mimetype = ( + mimetypes.guess_type(filename)[0] + or 'application/octet-stream' + ) + params.append( + tuple([k, tuple([filename, filedata, mimetype])]) + ) + return params + + def select_header_accept(self, accepts: List[str]) -> Optional[str]: + """Returns `Accept` based on an array of accepts provided. + + :param accepts: List of headers. + :return: Accept (e.g. application/json). + """ + if not accepts: + return None + + for accept in accepts: + if re.search('json', accept, re.IGNORECASE): + return accept + + return accepts[0] + + def select_header_content_type(self, content_types): + """Returns `Content-Type` based on an array of content_types provided. + + :param content_types: List of content-types. + :return: Content-Type (e.g. application/json). + """ + if not content_types: + return None + + for content_type in content_types: + if re.search('json', content_type, re.IGNORECASE): + return content_type + + return content_types[0] + + def update_params_for_auth( + self, + headers, + queries, + auth_settings, + resource_path, + method, + body, + request_auth=None + ) -> None: + """Updates header and query params based on authentication setting. + + :param headers: Header parameters dict to be updated. + :param queries: Query parameters tuple list to be updated. + :param auth_settings: Authentication setting identifiers list. + :resource_path: A string representation of the HTTP request resource path. + :method: A string representation of the HTTP request method. + :body: A object representing the body of the HTTP request. + The object type is the return value of sanitize_for_serialization(). + :param request_auth: if set, the provided settings will + override the token in the configuration. + """ + if not auth_settings: + return + + if request_auth: + self._apply_auth_params( + headers, + queries, + resource_path, + method, + body, + request_auth + ) + else: + for auth in auth_settings: + auth_setting = self.configuration.auth_settings().get(auth) + if auth_setting: + self._apply_auth_params( + headers, + queries, + resource_path, + method, + body, + auth_setting + ) + + def _apply_auth_params( + self, + headers, + queries, + resource_path, + method, + body, + auth_setting + ) -> None: + """Updates the request parameters based on a single auth_setting + + :param headers: Header parameters dict to be updated. + :param queries: Query parameters tuple list to be updated. + :resource_path: A string representation of the HTTP request resource path. + :method: A string representation of the HTTP request method. + :body: A object representing the body of the HTTP request. + The object type is the return value of sanitize_for_serialization(). + :param auth_setting: auth settings for the endpoint + """ + if auth_setting['in'] == 'cookie': + headers['Cookie'] = auth_setting['value'] + elif auth_setting['in'] == 'header': + if auth_setting['type'] != 'http-signature': + headers[auth_setting['key']] = auth_setting['value'] + {{#hasHttpSignatureMethods}} + else: + # The HTTP signature scheme requires multiple HTTP headers + # that are calculated dynamically. + signing_info = self.configuration.signing_info + auth_headers = signing_info.get_http_signature_headers( + resource_path, method, headers, body, queries) + headers.update(auth_headers) + {{/hasHttpSignatureMethods}} + elif auth_setting['in'] == 'query': + queries.append((auth_setting['key'], auth_setting['value'])) + else: + raise ApiValueError( + 'Authentication token must be in `query` or `header`' + ) + + def __deserialize_file(self, response): + """Deserializes body to file + + Saves response body into a file in a temporary folder, + using the filename from the `Content-Disposition` header if provided. + + handle file downloading + save response body into a tmp file and return the instance + + :param response: RESTResponse. + :return: file path. + """ + fd, path = tempfile.mkstemp(dir=self.configuration.temp_folder_path) + os.close(fd) + os.remove(path) + + content_disposition = response.getheader("Content-Disposition") + if content_disposition: + m = re.search( + r'filename=[\'"]?([^\'"\s]+)[\'"]?', + content_disposition + ) + assert m is not None, "Unexpected 'content-disposition' header value" + filename = m.group(1) + path = os.path.join(os.path.dirname(path), filename) + + with open(path, "wb") as f: + f.write(response.data) + + return path + + def __deserialize_primitive(self, data, klass): + """Deserializes string to primitive type. + + :param data: str. + :param klass: class literal. + + :return: int, long, float, str, bool. + """ + try: + return klass(data) + except UnicodeEncodeError: + return str(data) + except TypeError: + return data + + def __deserialize_object(self, value): + """Return an original value. + + :return: object. + """ + return value + + def __deserialize_date(self, string): + """Deserializes string to date. + + :param string: str. + :return: date. + """ + try: + return parse(string).date() + except ImportError: + return string + except ValueError: + raise rest.ApiException( + status=0, + reason="Failed to parse `{0}` as date object".format(string) + ) + + def __deserialize_datetime(self, string): + """Deserializes string to datetime. + + The string should be in iso8601 datetime format. + + :param string: str. + :return: datetime. + """ + try: + return parse(string) + except ImportError: + return string + except ValueError: + raise rest.ApiException( + status=0, + reason=( + "Failed to parse `{0}` as datetime object" + .format(string) + ) + ) + + def __deserialize_enum(self, data, klass): + """Deserializes primitive type to enum. + + :param data: primitive type. + :param klass: class literal. + :return: enum value. + """ + try: + return klass(data) + except ValueError: + raise rest.ApiException( + status=0, + reason=( + "Failed to parse `{0}` as `{1}`" + .format(data, klass) + ) + ) + + def __deserialize_model(self, data, klass): + """Deserializes list or dict to model. + + :param data: dict, list. + :param klass: class literal. + :return: model object. + """ + + return klass.from_dict(data) diff --git a/sdk_generator/generate_sdk.py b/sdk_generator/generate_sdk.py index 88ca996..cf3193d 100644 --- a/sdk_generator/generate_sdk.py +++ b/sdk_generator/generate_sdk.py @@ -51,6 +51,7 @@ def generate(product: dict): library = product.get('library', '') library_prop = f',library={library}' if library else '' + template_dir = os.path.join(project_dir, 'resources', 'templates', 'python') try: if os.path.exists(generated_path): @@ -65,6 +66,7 @@ def generate(product: dict): f' --generator-name python' f' --input-spec {specs_path}' f' --output {project_dir}' + f' --template-dir {template_dir}' f' --global-property modelDocs=false,modelTests=false' f' --additional-properties=generateSourceCodeOnly=true,packageName={product["package_name"]}{library_prop}' f' --skip-validate-spec' diff --git a/sdk_generator/resources/specs/browse/swagger.json b/sdk_generator/resources/specs/browse/swagger.json index 87c27f4..1b68d2b 100644 --- a/sdk_generator/resources/specs/browse/swagger.json +++ b/sdk_generator/resources/specs/browse/swagger.json @@ -1 +1 @@ -{"openapi": "3.1.0", "info": {"title": "Check Point Browse Security API", "description": "Unified API for Check Point Browse Security \u2014 policy management and asset visibility.\n\n## Authentication\nAll endpoints require a valid CloudInfra JWT token passed as a Bearer token in the `Authorization` header.\n\n### Obtaining a JWT Token\n1. Go to the [Infinity Portal API Keys page](https://portal.checkpoint.com/dashboard/settings/api-keys).\n2. Click **New** \u2192 **New Account API Key**.\n3. In the **Service** dropdown select **Browser Security** and create the key.\n4. Use the generated API key to obtain a JWT token from CloudInfra.\n5. Include the JWT in every request:\n ```\n Authorization: Bearer \n ```\n\n## Rate Limiting\nDefault limits vary per endpoint group. Exceeding any limit results in a 5-minute block period.\n", "version": "1.0.2"}, "servers": [{"url": "https://cloudinfra-gw.portal.checkpoint.com", "description": "Europe Region"}, {"url": "https://cloudinfra-gw-us.portal.checkpoint.com", "description": "United States Region"}], "paths": {"/app/browse-protect-policy/external/v1/objects/file-protection": {"get": {"tags": ["Objects"], "summary": "List all file-protection objects", "operationId": "get_file_protection_objects_external_v1_objects_file_protection_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetFileProtectionObjectsResponse"}}}}}, "security": [{"HTTPBearer": []}]}, "put": {"tags": ["Objects"], "summary": "Update a file protection object", "operationId": "update_file_protection_object_external_v1_objects_file_protection_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UpdateFileProtectionObjectRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UpdateObjectResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}, "post": {"tags": ["Objects"], "summary": "Create a file protection object", "operationId": "create_file_protection_object_external_v1_objects_file_protection_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CreateFileProtectionObjectRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CreateObjectResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/objects/domains": {"get": {"tags": ["Objects"], "summary": "List all domains objects", "operationId": "get_domains_objects_external_v1_objects_domains_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDomainsObjectsResponse"}}}}}, "security": [{"HTTPBearer": []}]}, "put": {"tags": ["Objects"], "summary": "Update a domains object", "operationId": "update_domains_object_external_v1_objects_domains_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UpdateDomainsObjectRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UpdateObjectResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}, "post": {"tags": ["Objects"], "summary": "Create a domains object", "operationId": "create_domains_object_external_v1_objects_domains_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CreateDomainsObjectRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CreateObjectResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/objects/delete": {"delete": {"tags": ["Objects"], "summary": "Delete an object (fails if attached to rules)", "operationId": "delete_object_external_v1_objects_delete_delete", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/DeleteObjectRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Delete Object External V1 Objects Delete Delete"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rulebase": {"get": {"tags": ["DLP Policy"], "summary": "Get the DLP rulebase with all rules and version", "operationId": "get_dlp_rulebase_external_v1_dlp_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rule": {"post": {"tags": ["DLP Policy"], "summary": "Create a DLP rule", "operationId": "add_dlp_rule_external_v1_dlp_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddChatsRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rule/set-policy": {"put": {"tags": ["DLP Policy"], "summary": "Replace the entire policy of a DLP rule", "operationId": "set_dlp_policy_external_v1_dlp_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetChatsPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Dlp Policy External V1 Dlp Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rule/patch-policy": {"patch": {"tags": ["DLP Policy"], "summary": "Partially update the policy of a DLP rule (deep merge)", "operationId": "patch_dlp_policy_external_v1_dlp_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchChatsPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Dlp Policy External V1 Dlp Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rule/attach-objects": {"post": {"tags": ["DLP Policy"], "summary": "Attach objects to a DLP rule", "operationId": "attach_dlp_rule_objects_external_v1_dlp_rule_attach_objects_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AttachChatsObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Attach Dlp Rule Objects External V1 Dlp Rule Attach Objects Post"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rule/detach-objects": {"post": {"tags": ["DLP Policy"], "summary": "Detach objects from a DLP rule", "operationId": "detach_dlp_rule_objects_external_v1_dlp_rule_detach_objects_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/DetachObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Detach Dlp Rule Objects External V1 Dlp Rule Detach Objects Post"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rule/set-objects": {"put": {"tags": ["DLP Policy"], "summary": "Set (replace) all objects of a DLP rule for a feature", "operationId": "set_dlp_rule_objects_external_v1_dlp_rule_set_objects_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetChatsObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Dlp Rule Objects External V1 Dlp Rule Set Objects Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rulebase": {"get": {"tags": ["Web Access Policy"], "summary": "Get the Web Access rulebase with all rules and version", "operationId": "get_web_access_rulebase_external_v1_web_access_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rule": {"post": {"tags": ["Web Access Policy"], "summary": "Create a Web Access rule", "operationId": "add_web_access_rule_external_v1_web_access_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddAccessRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rule/set-policy": {"put": {"tags": ["Web Access Policy"], "summary": "Replace the entire Web Access policy of a rule", "operationId": "set_web_access_policy_external_v1_web_access_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetAccessPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Web Access Policy External V1 Web Access Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rule/patch-policy": {"patch": {"tags": ["Web Access Policy"], "summary": "Partially update the Web Access policy of a rule (deep merge)", "operationId": "patch_web_access_policy_external_v1_web_access_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchAccessPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Web Access Policy External V1 Web Access Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rule/attach-objects": {"post": {"tags": ["Web Access Policy"], "summary": "Attach objects to a Web Access rule", "operationId": "attach_web_access_rule_objects_external_v1_web_access_rule_attach_objects_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AttachAccessObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Attach Web Access Rule Objects External V1 Web Access Rule Attach Objects Post"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rule/detach-objects": {"post": {"tags": ["Web Access Policy"], "summary": "Detach objects from a Web Access rule", "operationId": "detach_web_access_rule_objects_external_v1_web_access_rule_detach_objects_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/DetachObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Detach Web Access Rule Objects External V1 Web Access Rule Detach Objects Post"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rule/set-objects": {"put": {"tags": ["Web Access Policy"], "summary": "Set (replace) all objects of a Web Access rule for a feature", "operationId": "set_web_access_rule_objects_external_v1_web_access_rule_set_objects_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetAccessObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Web Access Rule Objects External V1 Web Access Rule Set Objects Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rulebase": {"get": {"tags": ["Secure Browsing Policy"], "summary": "Get the Secure Browsing rulebase with all rules and version", "operationId": "get_secure_browsing_rulebase_external_v1_secure_browsing_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rule": {"post": {"tags": ["Secure Browsing Policy"], "summary": "Create a Secure Browsing rule", "operationId": "add_secure_browsing_rule_external_v1_secure_browsing_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddSecureBrowsingRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rule/set-policy": {"put": {"tags": ["Secure Browsing Policy"], "summary": "Replace the entire policy of a Secure Browsing rule", "operationId": "set_secure_browsing_policy_external_v1_secure_browsing_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetSecureBrowsingPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Secure Browsing Policy External V1 Secure Browsing Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rule/patch-policy": {"patch": {"tags": ["Secure Browsing Policy"], "summary": "Partially update the policy of a Secure Browsing rule (deep merge)", "operationId": "patch_secure_browsing_policy_external_v1_secure_browsing_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchSecureBrowsingPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Secure Browsing Policy External V1 Secure Browsing Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rule/attach-objects": {"post": {"tags": ["Secure Browsing Policy"], "summary": "Attach objects to a Secure Browsing rule", "operationId": "attach_secure_browsing_rule_objects_external_v1_secure_browsing_rule_attach_objects_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AttachSecureBrowsingObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Attach Secure Browsing Rule Objects External V1 Secure Browsing Rule Attach Objects Post"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rule/detach-objects": {"post": {"tags": ["Secure Browsing Policy"], "summary": "Detach objects from a Secure Browsing rule", "operationId": "detach_secure_browsing_rule_objects_external_v1_secure_browsing_rule_detach_objects_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/DetachObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Detach Secure Browsing Rule Objects External V1 Secure Browsing Rule Detach Objects Post"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rule/set-objects": {"put": {"tags": ["Secure Browsing Policy"], "summary": "Set (replace) all objects of a Secure Browsing rule for a feature", "operationId": "set_secure_browsing_rule_objects_external_v1_secure_browsing_rule_set_objects_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetSecureBrowsingObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Secure Browsing Rule Objects External V1 Secure Browsing Rule Set Objects Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/rules/set-info": {"put": {"tags": ["Rulebase"], "summary": "Update rule display info (name, description)", "operationId": "set_rule_info_external_v1_rules_set_info_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetInfoRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Rule Info External V1 Rules Set Info Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/rules/reorder": {"put": {"tags": ["Rulebase"], "summary": "Change a rule's priority position in the rulebase", "operationId": "reorder_rule_external_v1_rules_reorder_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonReorderRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Reorder Rule External V1 Rules Reorder Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/rules/set-source": {"put": {"tags": ["Rulebase"], "summary": "Replace the user/group source of a rule", "operationId": "set_source_external_v1_rules_set_source_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetSourceRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Source External V1 Rules Set Source Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/rules/set-active": {"put": {"tags": ["Rulebase"], "summary": "Enable or disable a rule without deleting it", "operationId": "set_active_external_v1_rules_set_active_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetActiveRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Active External V1 Rules Set Active Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/rules/{rule_id}": {"delete": {"tags": ["Rulebase"], "summary": "Permanently delete a rule from the rulebase", "operationId": "delete_rule_external_v1_rules__rule_id__delete", "security": [{"HTTPBearer": []}], "parameters": [{"name": "rule_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Rule Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonDeleteRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/app/browse-protect-policy/external/v1/dlp-datatypes/predefined": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all predefined DLP datatypes", "operationId": "get_predefined_datatypes_external_v1_dlp_datatypes_predefined_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp-datatypes/custom": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all custom DLP datatypes", "operationId": "get_custom_datatypes_external_v1_dlp_datatypes_custom_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp-datatypes/all": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all DLP datatypes (predefined and custom)", "operationId": "get_all_datatypes_external_v1_dlp_datatypes_all_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp-datatypes": {"get": {"tags": ["DLP Datatypes"], "summary": "Get DLP datatypes for tenant", "operationId": "get_datatypes_external_v1_dlp_datatypes_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpTenantDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}, "post": {"tags": ["DLP Datatypes"], "summary": "Set DLP datatypes for tenant", "operationId": "set_datatypes_external_v1_dlp_datatypes_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetDlpTenantDataTypesRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetDlpTenantDataTypesResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp-datatypes/installation/status": {"get": {"tags": ["DLP Datatypes"], "summary": "Get data type installation status", "operationId": "get_installation_status_route_external_v1_dlp_datatypes_installation_status_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DataTypeInstallationResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp-datatypes/installation/retry": {"post": {"tags": ["DLP Datatypes"], "summary": "Retry data type installation", "operationId": "retry_installation_route_external_v1_dlp_datatypes_installation_retry_post", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DataTypeInstallationResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-assets/external/v1/assets": {"post": {"tags": ["Deployment Status"], "summary": "Query assets with domain joins, filters and pagination", "operationId": "query_assets_external_v1_assets_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-assets/external/v1/assets/count": {"post": {"tags": ["Deployment Status"], "summary": "Get count of assets matching filters", "operationId": "get_assets_count_external_v1_assets_count_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsCountRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsCountResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-assets/external/v1/users": {"post": {"tags": ["Users"], "summary": "Query users with pagination and search", "operationId": "query_users_external_v1_users_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-assets/external/v1/users/by-ids": {"post": {"tags": ["Users"], "summary": "Get users by array of IDs", "operationId": "get_users_by_ids_endpoint_external_v1_users_by_ids_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersByIdsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersByIdsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-apps/external/v1/apps/search": {"post": {"tags": ["Apps Catalog"], "summary": "Search GenAI apps by name, name, description, or URL", "operationId": "search_apps_external_v1_apps_search_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppSearchRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppSearchResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-apps/external/v1/apps/by-ids": {"post": {"tags": ["Apps Catalog"], "summary": "Get GenAI apps by array of IDs", "operationId": "get_apps_by_ids_external_v1_apps_by_ids_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppsByIdsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppsByIdsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}}, "components": {"schemas": {"AccessPolicy": {"properties": {"services_and_application": {"anyOf": [{"$ref": "#/components/schemas/ServicesAndApplication"}, {"type": "null"}], "description": "Services and application configuration"}, "action": {"anyOf": [{"type": "string", "enum": ["block", "allow", "ask"]}, {"type": "null"}], "title": "Action", "description": "Action to take for access control"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}, "download_file_protection": {"anyOf": [{"$ref": "#/components/schemas/FileDownloadActionSupported"}, {"type": "null"}], "description": "File download protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules."}, "upload_file_protection": {"anyOf": [{"$ref": "#/components/schemas/FileUploadActionSupported"}, {"type": "null"}], "description": "File upload protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules."}}, "type": "object", "title": "AccessPolicy"}, "Account": {"properties": {"account_id": {"type": "string", "title": "Account Id", "description": "Account identifier"}}, "type": "object", "required": ["account_id"], "title": "Account", "description": "External-safe twin of Account."}, "AccountSelectionMode": {"type": "string", "enum": ["all", "selected_account"], "title": "AccountSelectionMode", "description": "Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."}, "AddAccessRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Access control policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddAccessRuleRequest", "description": "Create a new Access rule.\n\nAccess rules control which AI services and applications users are allowed\nto interact with, including allow/block decisions per service."}, "AddChatsRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Chats policy configuration for chat interactions"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddChatsRuleRequest", "description": "Create a new Chats rule.\n\nChats rules control data-loss-prevention for AI chat interactions:\nprompt/response inspection, sensitive-data detection, and file transfer policies."}, "AddMCPServerRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Agents policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddMCPServerRuleRequest", "description": "Create a new Agents rule.\n\nAgents rules govern agent interactions, including which tools\nagents can invoke and what access controls apply to agent operations."}, "AddRuleResponse": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "The UUID of the newly created rule"}, "name": {"type": "string", "title": "Name", "description": "The name of the newly created rule"}}, "type": "object", "required": ["rule_id", "name"], "title": "AddRuleResponse", "description": "Response returned after creating a rule."}, "AddSecureBrowsingRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Secure Browsing policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddSecureBrowsingRuleRequest", "description": "Create a new Secure Browsing rule.\n\nSecure Browsing rules define threat-prevention policies for web browsing:\nphishing protection, password-reuse detection, and domain-based filtering."}, "AgentsPolicy": {"properties": {"action": {"anyOf": [{"type": "string", "enum": ["block", "allow", "ask"]}, {"type": "null"}], "title": "Action", "description": "Action to take for MCP server"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}, "clients": {"anyOf": [{"$ref": "#/components/schemas/MCPClients"}, {"type": "null"}], "description": "Desktop clients selection"}, "servers": {"anyOf": [{"$ref": "#/components/schemas/MCPServers"}, {"type": "null"}], "description": "MCP servers configuration"}, "tooling": {"anyOf": [{"$ref": "#/components/schemas/Tooling"}, {"type": "null"}], "description": "Tooling configuration for MCP"}}, "type": "object", "title": "AgentsPolicy"}, "Assignment": {"properties": {"assignment_id": {"type": "string", "format": "uuid", "title": "Assignment Id", "description": "ID of the user or group. Ignored when assignment_type is ENTIRE_ORG (auto-set to 00000000-0000-0000-0000-000000000000)."}, "display_name": {"type": "string", "title": "Display Name", "description": "Human-readable name of the user or group"}, "assignment_type": {"$ref": "#/components/schemas/AssignmentType", "description": "Whether this is a user, group, or entire-org assignment"}}, "type": "object", "required": ["assignment_id", "display_name", "assignment_type"], "title": "Assignment", "description": "External-safe twin of Assignment."}, "AssignmentType": {"type": "string", "enum": ["ASSIGNMENT_TYPE_USER", "ASSIGNMENT_TYPE_GROUP", "ASSIGNMENT_TYPE_ENTIRE_ORG"], "title": "AssignmentType"}, "AttachAccessObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "enum": ["FILE_EMULATION", "DOMAIN_SERVICES"], "title": "Feature", "description": "Object feature type; Access rules support FILE_EMULATION and DOMAIN_SERVICES"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachAccessObjectsRequest", "description": "Attach reusable objects to an Access rule.\n\nAccess rules support FILE_EMULATION objects (file scanning/emulation settings)\nand DOMAIN_SERVICES objects (domain allow/block lists)."}, "AttachChatsObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "const": "DOMAIN_SERVICES", "title": "Feature", "description": "Object feature type; Chats rules only support DOMAIN_SERVICES"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachChatsObjectsRequest", "description": "Attach reusable objects to a Chats rule.\n\nChats rules support DOMAIN_SERVICES objects (domain allow/block lists\napplied during chat interactions)."}, "AttachSecureBrowsingObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "enum": ["PROTECTED_DOMAINS", "EXCLUDE_DOMAINS"], "title": "Feature", "description": "Object feature type; Secure Browsing supports PROTECTED_DOMAINS and EXCLUDE_DOMAINS"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachSecureBrowsingObjectsRequest", "description": "Attach reusable objects to a Secure Browsing rule.\n\nSecure Browsing rules support PROTECTED_DOMAINS (domains where threat\nprevention is enforced) and EXCLUDE_DOMAINS (domains exempted from scanning)."}, "CategoryItem": {"properties": {"category_id": {"$ref": "#/components/schemas/URLFCategory", "description": "Category ID from the supported URLF categories. The following categories are available:\n\n| Category | ID |\n|---|---|\n| Uncategorized | 0 |\n| Computers & Internet | 1 |\n| Education | 3 |\n| Entertainment | 5 |\n| Financial Services | 7 |\n| Gambling | 9 |\n| Government / Military | 11 |\n| Greeting Cards | 12 |\n| Hacking | 13 |\n| Hate / Racism | 14 |\n| Health | 15 |\n| Illegal / Questionable | 17 |\n| Illegal Drugs | 18 |\n| Job Search / Careers | 21 |\n| Media Streams | 23 |\n| News / Media | 24 |\n| Newsgroups / Forums | 25 |\n| Nudity | 26 |\n| Personals / Dating | 30 |\n| Phishing | 31 |\n| Political / Legal | 32 |\n| Pornography | 33 |\n| Real Estate | 34 |\n| Recreation | 35 |\n| Religion | 37 |\n| Restaurants / Dining / Food | 39 |\n| Sex Education | 41 |\n| Shopping | 42 |\n| Alcohol / Tobacco | 45 |\n| Art / Culture | 47 |\n| Blogs / Personal Pages | 49 |\n| Business / Economy | 51 |\n| Software Downloads | 53 |\n| Sports | 54 |\n| Spyware / Malicious Sites | 55 |\n| Tasteless | 56 |\n| Translation | 58 |\n| Travel | 59 |\n| Vehicles | 60 |\n| Violence | 61 |\n| Weapons | 62 |\n| Botnets | 65 |\n| Spam | 66 |\n| Inactive Sites | 67 |\n| Fashion | 68 |\n| Non-Profits / NGOs | 69 |\n| Sex | 70 |\n| General | 71 |\n| Nature / Conservation | 72 |\n| Child Abuse | 73 |\n| URL Filtering | 74 |\n| Lifestyle | 75 |\n| Lingerie / Swimsuit / Suggestive | 76 |\n| Suspicious Content | 77 |\n| Marijuana | 78 |\n| Web Advertisements | 50000032 |\n| Instant Chat | 50000086 |\n| Very Low Risk | 51000001 |\n| Low Risk | 51000002 |\n| Medium Risk | 51000003 |\n| High Risk | 51000004 |\n| Critical Risk | 51000005 |\n| Anonymizer | 52000038 |\n| P2P File Sharing | 52000046 |\n| Instant Messaging | 52000047 |\n| Media Sharing | 52000051 |\n| Games | 52000058 |\n| Social Networking | 52000069 |\n| Email | 52000130 |\n| Search Engines / Portals | 52000132 |\n| File Storage / Sharing | 52000136 |\n| Keyloggers | 60530540 |\n| Occult | 60530541 |\n| Hosting Sites | 60530542 |\n| DDNS / Dynamic DNS | 60530648 |\n| Artificial Intelligence (AI) | 60517663 |\n| Generative AI Tools | 60531762 |\n\n**Note:** GenAI rules only allow category 60531762 (Generative AI Tools), used as \"Any AI tool\". Browse rules can use any *other* category."}}, "type": "object", "required": ["category_id"], "title": "CategoryItem"}, "ChatsPolicy": {"properties": {"event_type": {"anyOf": [{"$ref": "#/components/schemas/DLPEventType"}, {"type": "null"}], "description": "Type of event to apply DLP policy on"}, "services_and_application": {"anyOf": [{"$ref": "#/components/schemas/ServicesAndApplication"}, {"type": "null"}], "description": "Services and application configuration"}, "data_types": {"anyOf": [{"items": {"$ref": "#/components/schemas/DataType"}, "type": "array"}, {"type": "null"}], "title": "Data Types", "description": "DLP Data types"}, "action": {"anyOf": [{"type": "string", "enum": ["prevent", "ask", "redact", "detect", "allow", "block"]}, {"type": "null"}], "title": "Action", "description": "Action to take when DLP rule is triggered"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}}, "type": "object", "title": "ChatsPolicy"}, "ClaudeExtensionsConfig": {"properties": {"extension_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Extension Name", "description": "Extension name from manifest.json", "default": "", "examples": ["chrome-control"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for extension_name matching", "default": "exact"}}, "type": "object", "title": "ClaudeExtensionsConfig"}, "CommonDeleteRuleResponse": {"properties": {"message": {"type": "string", "title": "Message"}, "rule_id": {"type": "string", "title": "Rule Id"}, "name": {"type": "string", "title": "Name"}}, "type": "object", "required": ["message", "rule_id", "name"], "title": "CommonDeleteRuleResponse", "description": "Confirmation of rule deletion."}, "CommonReorderRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to reorder"}, "new_order": {"type": "integer", "title": "New Order", "description": "Target position in the rulebase (1-based). Lower values = higher priority = evaluated first"}}, "type": "object", "required": ["rule_id", "new_order"], "title": "CommonReorderRequest", "description": "Move a rule to a new position in the rulebase.\n\nOther rules in the same rulebase are shifted automatically to accommodate."}, "CommonSetActiveRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "active": {"type": "boolean", "title": "Active", "description": "True to enforce the rule, false to skip it during evaluation"}}, "type": "object", "required": ["rule_id", "active"], "title": "CommonSetActiveRequest", "description": "Enable or disable a rule without deleting it.\n\nInactive rules remain in the rulebase but are skipped during policy evaluation."}, "CommonSetInfoRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "name": {"type": "string", "title": "Name", "description": "New human-readable name for the rule"}, "description": {"type": "string", "title": "Description", "description": "New description of the rule's purpose"}}, "type": "object", "required": ["rule_id", "name", "description"], "title": "CommonSetInfoRequest", "description": "Update a rule's display information without changing its policy or assignments."}, "CommonSetSourceRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Complete list of user/group source entries; replaces all existing entries"}}, "type": "object", "required": ["rule_id", "source"], "title": "CommonSetSourceRequest", "description": "Replace the full source list of a rule.\n\nSource entries determine which users or groups the rule applies to.\nAn empty list means the rule applies to everyone in the tenant."}, "CreateDomainsObjectRequest": {"properties": {"name": {"type": "string", "maxLength": 255, "minLength": 1, "title": "Name", "description": "Display name for the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Explanation of what this object is used for", "default": ""}, "object_data": {"$ref": "#/components/schemas/DomainsObject", "description": "Domain list configuration (up to 200 domain entries)"}}, "type": "object", "required": ["name", "object_data"], "title": "CreateDomainsObjectRequest", "description": "Create a new domains object.\n\nDomains objects contain a list of domain entries used for domain-based\nfiltering in rules (e.g. protected domains, excluded domains, service domains)."}, "CreateFileProtectionObjectRequest": {"properties": {"name": {"type": "string", "maxLength": 255, "minLength": 1, "title": "Name", "description": "Display name for the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Explanation of what this object is used for", "default": ""}, "object_data": {"$ref": "#/components/schemas/FileProtectionObject", "description": "File protection settings: upload/download actions, size limits, fail-close behavior, and per-file-type overrides"}}, "type": "object", "required": ["name", "object_data"], "title": "CreateFileProtectionObjectRequest", "description": "Create a new file-protection object.\n\nFile-protection objects define scanning and emulation behavior for file\nuploads and downloads, including per-file-type action overrides and size limits."}, "CreateObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "The UUID of the newly created object"}}, "type": "object", "required": ["object_id"], "title": "CreateObjectResponse", "description": "Response returned after creating an object."}, "DLPEventType": {"type": "string", "enum": ["file_upload", "file_download", "paste", "prompt", "copy"], "title": "DLPEventType"}, "DLPType": {"type": "string", "enum": ["PRE_DEFINED", "CUSTOM"], "title": "DLPType"}, "DataType": {"properties": {"id": {"type": "string", "format": "uuid", "title": "Id", "description": "UUID of the data type", "default": "", "examples": ["cf0523c1-537e-4a4b-8bb8-084b7b9e0b45"]}, "name": {"type": "string", "title": "Name", "description": "Display name of the data type", "default": "", "examples": ["American Express Travelers Cheques Number"]}, "type": {"$ref": "#/components/schemas/DLPType", "description": "Type of the data type", "default": "PRE_DEFINED"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel", "description": "Matching level for the data type"}}, "type": "object", "title": "DataType"}, "DataTypeInstallationResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "status": {"$ref": "#/components/schemas/InstallationStatus"}, "data_types_count": {"type": "integer", "title": "Data Types Count"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At"}}, "type": "object", "required": ["tenant_id", "status", "data_types_count", "updated_at"], "title": "DataTypeInstallationResponse", "description": "Response model for data type installation status."}, "DeleteObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to delete"}}, "type": "object", "required": ["object_id"], "title": "DeleteObjectRequest", "description": "Delete a policy object.\n\nDeletion will fail with 409 Conflict if the object is currently attached\nto one or more rules. Detach it from all rules first."}, "DetachObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to detach objects from"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to remove from the rule"}}, "type": "object", "required": ["rule_id", "object_ids"], "title": "DetachObjectsRequest", "description": "Remove objects from a rule. Works across all rule types that support objects."}, "DlpCreateType": {"type": "string", "enum": ["PRE_DEFINED", "CUSTOM"], "title": "DlpCreateType"}, "DlpDataType": {"properties": {"id": {"type": "string", "title": "Id"}, "assetId": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Assetid"}, "objectStatus": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Objectstatus"}, "name": {"type": "string", "title": "Name"}, "type": {"type": "string", "title": "Type"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "creationTime": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Creationtime"}, "lastUpdateTime": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Lastupdatetime"}, "dataTypeTags": {"anyOf": [{"items": {"$ref": "#/components/schemas/DlpDataTypeTag"}, "type": "array"}, {"type": "null"}], "title": "Datatypetags"}, "redactSupported": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Redactsupported"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel"}, "content": {"anyOf": [{"additionalProperties": true, "type": "object"}, {"type": "null"}], "title": "Content"}, "comment": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Comment"}}, "additionalProperties": true, "type": "object", "required": ["id", "name", "type", "createType"], "title": "DlpDataType", "example": {"assetId": "3e2ed446-5d2e-4091-b561-2db1458f9791", "createType": "PRE_DEFINED", "creationTime": "2023-02-22T15:23:55.446Z", "dataTypeTags": [{"isCategory": false, "name": "Financial & Business"}], "description": "Matches American Bankers Association (ABA) Routing Transit Numbers", "id": "3e2ed446-5d2e-4091-b561-2db1458f9791", "lastUpdateTime": "2023-02-22T15:23:56.317Z", "matchingLevel": 1, "name": "ABA Transit Numbers", "objectStatus": "Normal", "redactSupported": false, "type": "PATTERN"}}, "DlpDataTypeReference": {"properties": {"id": {"type": "string", "title": "Id"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}}, "type": "object", "required": ["id", "createType"], "title": "DlpDataTypeReference", "example": {"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90"}}, "DlpDataTypeTag": {"properties": {"name": {"type": "string", "title": "Name"}, "data": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "title": "Data"}, "isCategory": {"type": "boolean", "title": "Iscategory"}}, "type": "object", "required": ["name", "isCategory"], "title": "DlpDataTypeTag", "example": {"data": ["Other"], "isCategory": true, "name": "Regulation"}}, "DlpTenantDataType": {"properties": {"id": {"type": "string", "title": "Id"}, "name": {"type": "string", "title": "Name"}, "type": {"type": "string", "title": "Type"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}, "internal": {"type": "boolean", "title": "Internal"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel"}}, "type": "object", "required": ["id", "name", "type", "createType", "internal"], "title": "DlpTenantDataType", "example": {"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90", "internal": false, "matchingLevel": 1, "name": "IP Address", "type": "GROUP"}}, "DockerGatewayConfig": {"properties": {}, "type": "object", "title": "DockerGatewayConfig"}, "DockerRunnerConfig": {"properties": {"image_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Image Name", "description": "Docker image name", "default": "", "examples": ["modelcontextprotocol/server-github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for image_name matching", "default": "exact"}}, "type": "object", "title": "DockerRunnerConfig"}, "DomainConfig": {"properties": {"domain_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Domain Name", "description": "Domain name of the remote server", "default": "", "examples": ["mcp-server.example.com", "example.com"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/DomainMatchMode"}, {"type": "null"}], "description": "Match mode for domain matching (exact_host or any_subdomain)", "default": "exact_host"}}, "type": "object", "title": "DomainConfig"}, "DomainItem": {"properties": {"domain": {"type": "string", "format": "hostname", "title": "Domain", "description": "Valid domain name or IPv4 address"}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/DomainMatchMode"}, {"type": "null"}], "description": "Match mode for domain matching (exact_host or any_subdomain)", "default": "exact_host"}}, "type": "object", "required": ["domain"], "title": "DomainItem"}, "DomainMatchMode": {"type": "string", "enum": ["exact_host", "any_subdomain"], "title": "DomainMatchMode", "description": "Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."}, "DomainsObject": {"properties": {"domains": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "maxItems": 200, "title": "Domains", "description": "List of domains"}}, "type": "object", "title": "DomainsObject", "description": "External-safe twin of DomainsObject."}, "DomainsObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/DomainsObject"}, {"type": "null"}], "description": "The domain list entries"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "DomainsObjectResponse", "description": "A domains object with its full configuration."}, "ExecutableServerConfig": {"properties": {"executable_path": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Executable Path", "description": "Path to the executable", "default": "", "examples": ["/path/to/executable"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for executable_path matching", "default": "exact"}}, "type": "object", "title": "ExecutableServerConfig"}, "FileActionUnsupported": {"type": "string", "enum": ["Block", "Allow"], "title": "FileActionUnsupported"}, "FileDownloadActionSupported": {"type": "string", "enum": ["na", "Block", "Allow", "EmulateInBackground", "WaitForEmulation", "Detect", "Extract"], "title": "FileDownloadActionSupported"}, "FileFailClose": {"type": "string", "enum": ["FailClose", "FailOpen"], "title": "FileFailClose"}, "FileProtectionObject": {"properties": {"file_download_action_unsupported": {"anyOf": [{"$ref": "#/components/schemas/FileActionUnsupported"}, {"type": "null"}]}, "file_upload_action_unsupported": {"anyOf": [{"$ref": "#/components/schemas/FileActionUnsupported"}, {"type": "null"}]}, "file_download_size_limit_mb": {"anyOf": [{"type": "integer", "maximum": 100.0, "minimum": 1.0}, {"type": "null"}], "title": "File Download Size Limit Mb"}, "file_upload_size_limit_mb": {"anyOf": [{"type": "integer", "maximum": 100.0, "minimum": 1.0}, {"type": "null"}], "title": "File Upload Size Limit Mb"}, "file_download_error_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_download_size_limit_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_upload_error_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_upload_size_limit_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_download_action_per_supported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileDownloadActionSupported"}, "propertyNames": {"$ref": "#/components/schemas/SupportedFileType"}, "type": "object"}, {"type": "null"}], "title": "File Download Action Per Supported File"}, "file_download_action_per_unsupported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileActionUnsupported"}, "type": "object", "maxProperties": 1000}, {"type": "null"}], "title": "File Download Action Per Unsupported File"}, "file_upload_action_per_supported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileUploadActionSupported"}, "propertyNames": {"$ref": "#/components/schemas/SupportedFileType"}, "type": "object"}, {"type": "null"}], "title": "File Upload Action Per Supported File"}, "file_upload_action_per_unsupported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileActionUnsupported"}, "type": "object", "maxProperties": 1000}, {"type": "null"}], "title": "File Upload Action Per Unsupported File"}}, "type": "object", "title": "FileProtectionObject", "description": "External-safe twin of FileProtectionObject."}, "FileProtectionObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/FileProtectionObject"}, {"type": "null"}], "description": "File protection settings: upload/download actions, size limits, fail-close behavior, and per-file-type overrides"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "FileProtectionObjectResponse", "description": "A file-protection object with its full configuration."}, "FileUploadActionSupported": {"type": "string", "enum": ["na", "Block", "Allow", "EmulateInBackground", "WaitForEmulation", "Detect"], "title": "FileUploadActionSupported"}, "GenAIApp": {"properties": {"id": {"type": "integer", "exclusiveMinimum": 0.0, "title": "Id", "description": "GenAI application ID"}, "mode": {"anyOf": [{"$ref": "#/components/schemas/AccountSelectionMode"}, {"type": "null"}], "description": "Account selection mode: 'all' or 'selected_account'", "default": "all"}, "accounts": {"items": {"$ref": "#/components/schemas/Account"}, "type": "array", "title": "Accounts", "description": "List of selected accounts (used when mode='selected_account')"}}, "type": "object", "required": ["id"], "title": "GenAIApp"}, "GetDlpDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "dataTypes": {"items": {"$ref": "#/components/schemas/DlpDataType"}, "type": "array", "title": "Datatypes"}}, "type": "object", "required": ["status", "dataTypes"], "title": "GetDlpDataTypesResponse", "example": {"dataTypes": [{"assetId": "3e2ed446-5d2e-4091-b561-2db1458f9791", "createType": "PRE_DEFINED", "creationTime": "2023-02-22T15:23:55.446Z", "description": "Matches ABA Routing Transit Numbers", "id": "3e2ed446-5d2e-4091-b561-2db1458f9791", "lastUpdateTime": "2023-02-22T15:23:56.317Z", "name": "ABA Transit Numbers", "objectStatus": "Normal", "redactSupported": false, "type": "PATTERN"}], "status": "SUCCESS"}}, "GetDlpTenantDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "id": {"type": "string", "title": "Id"}, "dataTypes": {"items": {"$ref": "#/components/schemas/DlpTenantDataType"}, "type": "array", "title": "Datatypes"}}, "type": "object", "required": ["status", "id", "dataTypes"], "title": "GetDlpTenantDataTypesResponse", "example": {"dataTypes": [{"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90", "internal": false, "name": "IP Address", "type": "GROUP"}, {"createType": "PRE_DEFINED", "id": "d2c4411f-dd0e-495b-b856-5686e68892b4", "internal": false, "name": "PCI - Credit Card Numbers", "type": "PATTERN"}], "id": "bb47587c-fda0-4cb3-896e-1d359d0e3f9d", "status": "SUCCESS"}}, "GetDomainsObjectsResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/DomainsObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "GetDomainsObjectsResponse", "description": "All domains objects for the tenant, including their full configuration."}, "GetFileProtectionObjectsResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/FileProtectionObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "GetFileProtectionObjectsResponse", "description": "All file-protection objects for the tenant, including their full configuration."}, "GetRulebaseResponse": {"properties": {"rulebase_version": {"type": "integer", "title": "Rulebase Version", "description": "Monotonically increasing version of this rulebase. Incremented whenever any rule in the rulebase is created, modified, or deleted. Compare with a previously stored value to detect whether the rulebase has changed (useful for caching or polling)"}, "rules": {"items": {"$ref": "#/components/schemas/RuleResponse"}, "type": "array", "title": "Rules", "description": "All rules in the rulebase, ordered by priority (ascending)"}}, "type": "object", "required": ["rulebase_version", "rules"], "title": "GetRulebaseResponse", "description": "Full rulebase for a given policy type, including its version for change detection."}, "HTTPValidationError": {"properties": {"detail": {"items": {"$ref": "#/components/schemas/ValidationError"}, "type": "array", "title": "Detail"}}, "type": "object", "title": "HTTPValidationError"}, "InstallationStatus": {"type": "string", "enum": ["pending", "success", "failed"], "title": "InstallationStatus", "description": "Status of DLP Next data type installation."}, "LoggingStatus": {"type": "string", "enum": ["enabled", "disabled"], "title": "LoggingStatus", "description": "Logging status enumeration."}, "MCPClient": {"properties": {"os": {"anyOf": [{"$ref": "#/components/schemas/OSType"}, {"type": "null"}], "description": "Operating system for the client"}, "name_id": {"anyOf": [{"$ref": "#/components/schemas/MCPClientNameId"}, {"type": "null"}], "description": "Client name identifier e.g. 'claude_desktop', 'docker_desktop'", "examples": ["claude_desktop", "docker_desktop"]}}, "type": "object", "title": "MCPClient"}, "MCPClientNameId": {"type": "string", "enum": ["claude_desktop", "vscode", "cursor", "windsurf", "zed", "perplexity", "antigravity", "jetbrains", "roo", "cline", "docker_desktop"], "title": "MCPClientNameId", "description": "MCP Client name identifier enumeration."}, "MCPClients": {"properties": {"mode": {"anyOf": [{"$ref": "#/components/schemas/SelectionMode"}, {"type": "null"}], "description": "Mode for client selection"}, "selected": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPClient"}, "type": "array"}, {"type": "null"}], "title": "Selected", "description": "List of selected clients"}}, "type": "object", "title": "MCPClients"}, "MCPIds": {"properties": {"name_id": {"anyOf": [{"type": "string", "minLength": 1}, {"type": "null"}], "title": "Name Id", "description": "Name of the managed MCP", "default": "", "examples": ["jira", "github"]}}, "type": "object", "title": "MCPIds"}, "MCPRiskLevel": {"properties": {"use_min": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Use Min", "description": "Whether to use minimum risk level limit", "default": false}, "use_max": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Use Max", "description": "Whether to use maximum risk level limit", "default": false}, "min": {"anyOf": [{"type": "integer", "minimum": 0.0}, {"type": "null"}], "title": "Min", "description": "Minimum risk level"}, "max": {"anyOf": [{"type": "integer", "minimum": 0.0}, {"type": "null"}], "title": "Max", "description": "Maximum risk level"}}, "type": "object", "title": "MCPRiskLevel"}, "MCPServer": {"properties": {"server_type": {"anyOf": [{"type": "string", "enum": ["all", "node_server", "python_server", "claude_extensions", "executable_server", "unknown_server", "docker_gateway", "docker_runner", "remote_server"]}, {"type": "null"}], "title": "Server Type", "description": "Type of the MCP server"}, "node_server": {"anyOf": [{"$ref": "#/components/schemas/NodeServerConfig"}, {"type": "null"}], "description": "Node server configuration"}, "python_server": {"anyOf": [{"$ref": "#/components/schemas/PythonServerConfig"}, {"type": "null"}], "description": "Python server configuration"}, "claude_extensions": {"anyOf": [{"$ref": "#/components/schemas/ClaudeExtensionsConfig"}, {"type": "null"}], "description": "Claude extensions configuration"}, "executable_server": {"anyOf": [{"$ref": "#/components/schemas/ExecutableServerConfig"}, {"type": "null"}], "description": "Executable server configuration"}, "unknown_server": {"anyOf": [{"$ref": "#/components/schemas/UnknownServerConfig"}, {"type": "null"}], "description": "Unknown server configuration"}, "docker_gateway": {"anyOf": [{"$ref": "#/components/schemas/DockerGatewayConfig"}, {"type": "null"}], "description": "Docker gateway configuration"}, "docker_runner": {"anyOf": [{"$ref": "#/components/schemas/DockerRunnerConfig"}, {"type": "null"}], "description": "Docker runner configuration"}, "remote_server": {"anyOf": [{"$ref": "#/components/schemas/RemoteServerConfig"}, {"type": "null"}], "description": "Remote server configuration"}}, "type": "object", "title": "MCPServer"}, "MCPServers": {"properties": {"mcp_servers_mode": {"anyOf": [{"$ref": "#/components/schemas/MCPServersMode"}, {"type": "null"}], "description": "Mode for MCP servers selection: all, risk_level, managed, manual"}, "risk_level": {"anyOf": [{"$ref": "#/components/schemas/MCPRiskLevel"}, {"type": "null"}], "description": "Risk level configuration for MCP servers"}, "managed": {"anyOf": [{"$ref": "#/components/schemas/ManagedMCP"}, {"type": "null"}], "description": "Managed MCP configuration"}, "manual": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPServer"}, "type": "array"}, {"type": "null"}], "title": "Manual", "description": "List of manual MCP servers"}}, "type": "object", "title": "MCPServers"}, "MCPServersMode": {"type": "string", "enum": ["all", "risk_level", "manual", "managed"], "title": "MCPServersMode", "description": "MCP Servers mode enumeration."}, "MCPToolItem": {"properties": {"tool_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Tool Name", "description": "Name of a tool e.g. 'create_issue', 'update_issue'", "default": "", "examples": ["create_issue", "update_issue"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for tool name matching", "default": "exact"}}, "type": "object", "title": "MCPToolItem"}, "ManagedMCP": {"properties": {"name_ids": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPIds"}, "type": "array"}, {"type": "null"}], "title": "Name Ids", "description": "List of managed MCP identifiers"}}, "type": "object", "title": "ManagedMCP"}, "MatchMode": {"type": "string", "enum": ["exact", "contains"], "title": "MatchMode", "description": "Matching mode enumeration."}, "MatchToolsMode": {"type": "string", "enum": ["tools_include", "tools_exclude", "operations", "all"], "title": "MatchToolsMode", "description": "Match mode for tools enumeration."}, "NodeServerConfig": {"properties": {"package_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Package Name", "description": "NPM package name e.g. '@modelcontextprotocol/server-github'", "default": "", "examples": ["@modelcontextprotocol/server-github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for package_name matching", "default": "exact"}}, "type": "object", "title": "NodeServerConfig"}, "OSType": {"type": "string", "enum": ["windows", "macos", "all"], "title": "OSType", "description": "Operating system enumeration."}, "ObjectFeature": {"type": "string", "enum": ["FILE_EMULATION", "PROTECTED_DOMAINS", "DOMAIN_SERVICES", "EXCLUDE_DOMAINS"], "title": "ObjectFeature"}, "ObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "ObjectResponse", "description": "Object metadata without the full configuration payload (used in update responses)."}, "OnOff": {"type": "string", "enum": ["on", "off"], "title": "OnOff", "description": "Simple on/off toggle."}, "OperationMatch": {"type": "string", "enum": ["match", "unmatch"], "title": "OperationMatch", "description": "Operation match enumeration."}, "PatchAccessPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Partial access policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchAccessPolicyRequest", "description": "Partially update an Access rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PatchChatsPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Partial Chats policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchChatsPolicyRequest", "description": "Partially update a Chats rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged. Useful for toggling a single setting\nwithout resending the full configuration."}, "PatchMCPServerPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Partial Agents policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchMCPServerPolicyRequest", "description": "Partially update an Agents rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PatchSecureBrowsingPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Partial Secure Browsing policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchSecureBrowsingPolicyRequest", "description": "Partially update a Secure Browsing rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PythonServerConfig": {"properties": {"module_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Module Name", "description": "Python module name e.g. 'modelcontextprotocol_server_github'", "default": "", "examples": ["modelcontextprotocol_server_github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for module_name matching", "default": "exact"}}, "type": "object", "title": "PythonServerConfig"}, "RemoteServerConfig": {"properties": {"match_mode": {"anyOf": [{"type": "string", "enum": ["url", "domain"]}, {"type": "null"}], "title": "Match Mode", "description": "Match mode type: 'url' for URL-based matching or 'domain' for domain-based matching"}, "url": {"anyOf": [{"$ref": "#/components/schemas/URLConfig"}, {"type": "null"}], "description": "URL configuration for remote server (used when match_mode='url')"}, "domain": {"anyOf": [{"$ref": "#/components/schemas/DomainConfig"}, {"type": "null"}], "description": "Domain configuration for remote server (used when match_mode='domain')"}}, "type": "object", "title": "RemoteServerConfig"}, "RuleResponse": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "Unique identifier of the rule"}, "name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every modification; can be used for optimistic concurrency checks"}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase that determines evaluation priority. Lower values are evaluated first; when two rules match the same request, the lower-order rule takes precedence"}, "active": {"type": "boolean", "title": "Active", "description": "Whether the rule is currently enforced; inactive rules are skipped"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At"}, "policy": {"anyOf": [{"$ref": "#/components/schemas/ChatsPolicy"}, {"$ref": "#/components/schemas/AccessPolicy"}, {"$ref": "#/components/schemas/AgentsPolicy"}, {"$ref": "#/components/schemas/SecureBrowsingPolicy"}], "title": "Policy", "description": "The enforcement configuration for this rule. Structure varies by rulebase type (Chats, Access, Agents, Secure Browsing)"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to (source entries). An empty list means the rule matches all users in the tenant"}, "objects": {"anyOf": [{"additionalProperties": {"items": {"type": "string"}, "type": "array"}, "propertyNames": {"$ref": "#/components/schemas/ObjectFeature"}, "type": "object"}, {"type": "null"}], "title": "Objects", "description": "Reusable policy objects attached to this rule, keyed by feature (e.g. FILE_EMULATION, DOMAIN_SERVICES). Values are lists of object IDs. Objects allow sharing configuration (domain lists, file-protection settings) across rules"}}, "type": "object", "required": ["rule_id", "name", "version", "order", "active", "created_at", "updated_at", "policy"], "title": "RuleResponse", "description": "A single rule within a rulebase."}, "SecureBrowsingPolicy": {"properties": {"password_reuse": {"anyOf": [{"$ref": "#/components/schemas/ThreatPreventionAction"}, {"type": "null"}]}, "zero_phishing": {"anyOf": [{"$ref": "#/components/schemas/ThreatPreventionAction"}, {"type": "null"}]}, "safe_search": {"anyOf": [{"$ref": "#/components/schemas/OnOff"}, {"type": "null"}]}, "search_reputation": {"anyOf": [{"$ref": "#/components/schemas/OnOff"}, {"type": "null"}]}, "domain_exclusions": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Domain Exclusions", "description": "List of excluded domains"}, "protected_domains": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Protected Domains", "description": "List of protected domains"}}, "type": "object", "title": "SecureBrowsingPolicy"}, "SelectionMode": {"type": "string", "enum": ["selected", "all"], "title": "SelectionMode", "description": "Selection mode enumeration."}, "ServerOperations": {"properties": {"CREATE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch CREATE operation"}, "READ": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch READ operation"}, "UPDATE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch UPDATE operation"}, "DELETE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch DELETE operation"}, "OTHER": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch OTHER operation (those not detected)"}}, "type": "object", "title": "ServerOperations"}, "ServicesAndApplication": {"properties": {"domain": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Domain", "description": "List of domains"}, "url": {"items": {"$ref": "#/components/schemas/URLItem"}, "type": "array", "title": "Url", "description": "List of URLs"}, "genai_application": {"items": {"$ref": "#/components/schemas/GenAIApp"}, "type": "array", "title": "Genai Application", "description": "List of GenAI applications"}, "category": {"items": {"$ref": "#/components/schemas/CategoryItem"}, "type": "array", "title": "Category", "description": "List of URLF categories"}, "mode": {"anyOf": [{"$ref": "#/components/schemas/SelectionMode"}, {"type": "null"}], "description": "Whether to apply to all services and applications or to only selected ones"}}, "type": "object", "title": "ServicesAndApplication"}, "SetAccessObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "enum": ["FILE_EMULATION", "DOMAIN_SERVICES"], "title": "Feature"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetAccessObjectsRequest", "description": "Set (replace) all objects for an Access rule for a given feature."}, "SetAccessPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Complete access policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetAccessPolicyRequest", "description": "Replace the entire Access policy of a rule (full overwrite)."}, "SetChatsObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "const": "DOMAIN_SERVICES", "title": "Feature", "description": "Object feature type"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetChatsObjectsRequest", "description": "Set (replace) all objects for a Chats rule for a given feature."}, "SetChatsPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Complete Chats policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetChatsPolicyRequest", "description": "Replace the entire Chats policy of a rule (full overwrite)."}, "SetDlpTenantDataTypesRequest": {"properties": {"dataTypes": {"items": {"$ref": "#/components/schemas/DlpDataTypeReference"}, "type": "array", "title": "Datatypes", "example": [{"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90"}, {"createType": "PRE_DEFINED", "id": "d2c4411f-dd0e-495b-b856-5686e68892b4"}]}}, "type": "object", "required": ["dataTypes"], "title": "SetDlpTenantDataTypesRequest"}, "SetDlpTenantDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "id": {"type": "string", "title": "Id"}, "dataSetStatus": {"type": "string", "title": "Datasetstatus"}}, "type": "object", "required": ["status", "id", "dataSetStatus"], "title": "SetDlpTenantDataTypesResponse", "example": {"dataSetStatus": "IN_PROGRESS", "id": "bb47587c-fda0-4cb3-896e-1d359d0e3f9d", "status": "SUCCESS"}}, "SetMCPServerPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Complete Agents policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetMCPServerPolicyRequest", "description": "Replace the entire Agents policy of a rule (full overwrite)."}, "SetSecureBrowsingObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "enum": ["PROTECTED_DOMAINS", "EXCLUDE_DOMAINS"], "title": "Feature"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetSecureBrowsingObjectsRequest", "description": "Set (replace) all objects for a Secure Browsing rule for a given feature."}, "SetSecureBrowsingPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Complete Secure Browsing policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetSecureBrowsingPolicyRequest", "description": "Replace the entire Secure Browsing policy of a rule (full overwrite)."}, "SupportedFileType": {"type": "string", "enum": ["pdf", "doc", "docx", "xls", "xlsx", "ppt", "pptx", "exe", "tar", "zip", "rar", "7z", "rtf", "dot", "docm", "dotx", "dotm", "xlt", "xlm", "xltx", "xlsm", "xltm", "xlsb", "xla", "xlam", "xll", "xlw", "pps", "pptm", "potx", "potm", "ppam", "ppsx", "ppsm", "sldx", "sldm", "csv", "scr", "swf", "jar", "cab", "tgz", "pif", "gz", "bz2", "tbz2", "tb2", "tbz", "com", "xz", "cpl", "dll", "lnk", "img", "iso", "wim", "arj", "bat", "ps1", "hwp", "iqy", "slk", "udf", "uue", "pkg", "msi", "msg", "o", "dylib", "app", "dmg", "qcow2", "sh", "one", "xar", "wsf", "aspx"], "title": "SupportedFileType"}, "ThreatPreventionAction": {"type": "string", "enum": ["detect", "prevent", "ask", "off"], "title": "ThreatPreventionAction", "description": "Actions for threat prevention features."}, "Tooling": {"properties": {"match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchToolsMode"}, {"type": "null"}], "description": "Match mode for tools: tools_include, tools_exclude, operations, all"}, "tools": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPToolItem"}, "type": "array"}, {"type": "null"}], "title": "Tools", "description": "List of tools for matching"}, "operations": {"anyOf": [{"$ref": "#/components/schemas/ServerOperations"}, {"type": "null"}], "description": "Operations match configuration"}}, "type": "object", "title": "Tooling"}, "URLConfig": {"properties": {"url": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Url", "description": "URL of the remote server", "default": "", "examples": ["https://mcp-server.example.com/path"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/URLMatchMode"}, {"type": "null"}], "description": "Match mode for URL matching (exact_url or url_contains)", "default": "exact_url"}}, "type": "object", "title": "URLConfig"}, "URLFCategory": {"type": "integer", "enum": [1, 3, 5, 7, 11, 12, 15, 32, 21, 24, 25, 0, 34, 35, 37, 39, 41, 42, 45, 47, 49, 51, 53, 54, 58, 59, 60, 68, 69, 71, 72, 74, 75, 76, 51000001, 51000002, 52000130, 50000032, 52000132, 60517663, 60530541, 60530542, 60530648, 31, 55, 65, 66, 67, 77, 51000003, 51000004, 51000005, 52000038, 60530540, 9, 13, 14, 17, 18, 26, 33, 56, 61, 62, 70, 73, 78, 30, 52000047, 52000058, 52000069, 50000086, 23, 52000136, 52000046, 52000051, 60531762], "title": "URLFCategory", "description": "URLF Category enumeration with display names as keys and category IDs as values."}, "URLItem": {"properties": {"url": {"type": "string", "format": "uri", "title": "Url", "description": "Valid URL"}}, "type": "object", "required": ["url"], "title": "URLItem"}, "URLMatchMode": {"type": "string", "enum": ["exact_url", "url_contains"], "title": "URLMatchMode", "description": "URL matching mode enumeration for remote server URL matching.\n\nMatching modes:\n- EXACT_URL: Matches the exact full URL\n e.g., \"http://sub1.sub2.something.com/alsohere/something\"\n- URL_CONTAINS: Matches if the URL contains the specified string\n e.g., \"alsohere\" matches any URL containing \"alsohere\""}, "UnknownServerConfig": {"properties": {"args": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Args", "description": "Arguments for unknown server types", "default": "", "examples": ["--default-arg"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for args matching", "default": "exact"}}, "type": "object", "title": "UnknownServerConfig"}, "UpdateDomainsObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to update"}, "name": {"anyOf": [{"type": "string", "maxLength": 255, "minLength": 1}, {"type": "null"}], "title": "Name", "description": "New display name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "New description"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/DomainsObject"}, {"type": "null"}], "description": "New domain list; replaces the existing list entirely"}}, "type": "object", "required": ["object_id"], "title": "UpdateDomainsObjectRequest", "description": "Update an existing domains object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing domain list entirely."}, "UpdateFileProtectionObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to update"}, "name": {"anyOf": [{"type": "string", "maxLength": 255, "minLength": 1}, {"type": "null"}], "title": "Name", "description": "New display name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "New description"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/FileProtectionObject"}, {"type": "null"}], "description": "New file protection configuration; replaces the existing settings entirely"}}, "type": "object", "required": ["object_id"], "title": "UpdateFileProtectionObjectRequest", "description": "Update an existing file-protection object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing configuration entirely."}, "UpdateObjectResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/ObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "UpdateObjectResponse", "description": "Response after updating an object (returns metadata only)."}, "ValidationError": {"properties": {"loc": {"items": {"anyOf": [{"type": "string"}, {"type": "integer"}]}, "type": "array", "title": "Location"}, "msg": {"type": "string", "title": "Message"}, "type": {"type": "string", "title": "Error Type"}, "input": {"title": "Input"}, "ctx": {"type": "object", "title": "Context"}}, "type": "object", "required": ["loc", "msg", "type"], "title": "ValidationError"}, "Asset": {"properties": {"device": {"$ref": "#/components/schemas/Device"}, "user": {"anyOf": [{"$ref": "#/components/schemas/User"}, {"type": "null"}]}, "ping": {"anyOf": [{"$ref": "#/components/schemas/Ping"}, {"type": "null"}]}, "deployment": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/ModuleDeploymentData"}, "propertyNames": {"$ref": "#/components/schemas/ModuleEnum"}, "type": "object"}, {"type": "null"}], "title": "Deployment"}, "policy": {"anyOf": [{"additionalProperties": {"additionalProperties": {"$ref": "#/components/schemas/PolicyTypeData"}, "propertyNames": {"$ref": "#/components/schemas/PolicyType"}, "type": "object"}, "propertyNames": {"$ref": "#/components/schemas/RequestSource"}, "type": "object"}, {"type": "null"}], "title": "Policy"}, "status": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/HealthStatus"}, "propertyNames": {"$ref": "#/components/schemas/StatusComponent"}, "type": "object"}, {"type": "null"}], "title": "Status"}, "environment": {"anyOf": [{"$ref": "#/components/schemas/EnvironmentData"}, {"type": "null"}]}}, "type": "object", "required": ["device"], "title": "Asset", "description": "Complete asset with optional joined domains."}, "AssetsCountRequest": {"properties": {"filters": {"items": {"$ref": "#/components/schemas/FilterCondition"}, "type": "array", "title": "Filters", "description": "Filter conditions"}, "search": {"anyOf": [{"$ref": "#/components/schemas/SearchParams"}, {"type": "null"}], "description": "Free text search for device name or user name"}}, "type": "object", "title": "AssetsCountRequest", "description": "Request for querying assets count with optional filters."}, "AssetsCountResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "count": {"type": "integer", "title": "Count"}, "filters_applied": {"type": "integer", "title": "Filters Applied", "description": "Number of filters that were applied"}}, "type": "object", "required": ["tenant_id", "count", "filters_applied"], "title": "AssetsCountResponse", "description": "Response for count queries."}, "AssetsPagination": {"properties": {"limit": {"type": "integer", "maximum": 1000.0, "minimum": 1.0, "title": "Limit", "description": "Number of items per page (max: 1000)", "default": 50}, "offset": {"type": "integer", "minimum": 0.0, "title": "Offset", "description": "Number of items to skip", "default": 0}}, "type": "object", "title": "AssetsPagination", "description": "Pagination parameters."}, "AssetsRequest": {"properties": {"joins": {"items": {"$ref": "#/components/schemas/JoinDomain"}, "type": "array", "title": "Joins", "description": "Domains to join"}, "filters": {"items": {"$ref": "#/components/schemas/FilterCondition"}, "type": "array", "title": "Filters", "description": "Filter conditions"}, "sort": {"items": {"$ref": "#/components/schemas/SortCondition"}, "type": "array", "title": "Sort", "description": "Sort conditions"}, "pagination": {"$ref": "#/components/schemas/AssetsPagination", "description": "Pagination parameters"}, "search": {"anyOf": [{"$ref": "#/components/schemas/SearchParams"}, {"type": "null"}], "description": "Free text search for device name or user name"}}, "type": "object", "title": "AssetsRequest", "description": "Request for querying assets with explicit joins."}, "AssetsResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "assets": {"items": {"$ref": "#/components/schemas/Asset"}, "type": "array", "title": "Assets"}, "limit": {"type": "integer", "title": "Limit"}, "offset": {"type": "integer", "title": "Offset"}}, "type": "object", "required": ["tenant_id", "assets", "limit", "offset"], "title": "AssetsResponse", "description": "Response with assets and pagination metadata."}, "Device": {"properties": {"device_unique_id": {"type": "string", "format": "uuid", "title": "Device Unique Id", "description": "Unique device identifier"}, "name": {"type": "string", "title": "Name", "description": "Device name (unique per tenant)"}, "device_sid": {"type": "string", "title": "Device Sid", "description": "Device SID"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Created timestamp"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Updated timestamp"}}, "type": "object", "required": ["device_unique_id", "name", "device_sid", "created_at", "updated_at"], "title": "Device", "description": "External-safe twin of GlobalDevice."}, "DeviceTypeEnum": {"type": "string", "enum": ["Laptop", "Desktop", "Workstation", "unknown"], "title": "DeviceTypeEnum"}, "EnvironmentData": {"properties": {"device_type": {"anyOf": [{"$ref": "#/components/schemas/DeviceTypeEnum"}, {"type": "null"}], "description": "Device type (laptop, desktop, etc.)"}, "os": {"anyOf": [{"$ref": "#/components/schemas/OSEnum"}, {"type": "null"}], "description": "Operating system"}, "os_version": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Os Version", "description": "Operating system version"}, "ip": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Ip", "description": "Device IP address (IPv4 or IPv6)"}}, "type": "object", "title": "EnvironmentData", "description": "External-safe twin of EnvironmentData."}, "FilterCondition": {"properties": {"field": {"$ref": "#/components/schemas/FilterableField", "description": "Field to filter on"}, "operator": {"$ref": "#/components/schemas/FilterOperator", "description": "Filter operator"}, "value": {"anyOf": [{}, {"type": "null"}], "title": "Value", "description": "Single value (for equals, contains, gte, lte)"}, "values": {"anyOf": [{"items": {}, "type": "array"}, {"type": "null"}], "title": "Values", "description": "List of values (for in, between)"}}, "type": "object", "required": ["field", "operator"], "title": "FilterCondition", "description": "Filter condition on a single asset field."}, "FilterOperator": {"type": "string", "enum": ["equals", "in", "contains", "gte", "lte", "between"], "title": "FilterOperator", "description": "Filter operators for different field types."}, "FilterableField": {"type": "string", "enum": ["device_name", "device_sid", "device_created_at", "device_updated_at", "user_name", "user_display_name", "user_samname", "user_created_at", "user_updated_at", "last_connected", "os", "os_version", "device_type", "ip", "installer_version", "chrome_extension_version", "firefox_extension_version", "edge_extension_version", "brave_extension_version", "mcp_version", "proxy_version"], "title": "FilterableField", "description": "Fields available for filtering and sorting assets.\n\nEach value maps to an internal DB field path (see FIELD_TO_INTERNAL_PATH).\nOnly the listed fields can be used in filter/sort conditions."}, "HealthStatus": {"type": "string", "enum": ["healthy", "unhealthy"], "title": "HealthStatus", "description": "Component health derived from status code: healthy when code == 0, unhealthy otherwise."}, "JoinDomain": {"type": "string", "enum": ["users", "pings", "deployment", "policy", "status", "environment"], "title": "JoinDomain", "description": "Available domains to join with devices table."}, "ModuleDeploymentData": {"properties": {"version": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Version", "description": "Current version"}}, "type": "object", "title": "ModuleDeploymentData", "description": "External-safe twin of ModuleDeploymentData \u2014 exposes version only."}, "ModuleEnum": {"type": "string", "enum": ["chrome", "firefox", "edge", "brave", "comet", "safari", "surf", "mcp", "proxy", "da"], "title": "ModuleEnum"}, "OSEnum": {"type": "string", "enum": ["Windows", "macOS", "Linux"], "title": "OSEnum", "description": "Operating system enumeration"}, "Ping": {"properties": {"last_connected": {"type": "string", "format": "date-time", "title": "Last Connected", "description": "Last connection timestamp"}}, "type": "object", "required": ["last_connected"], "title": "Ping", "description": "External-safe twin of PingData."}, "PolicyTypeData": {"properties": {"rulebase_version": {"type": "integer", "title": "Rulebase Version", "description": "Version of the rulebase"}}, "type": "object", "required": ["rulebase_version"], "title": "PolicyTypeData", "description": "Policy rulebase version for a given policy type."}, "PolicyType": {"type": "string", "enum": ["chats", "access", "agents", "browse_securing"], "title": "PolicyType", "description": "External-facing policy types with consumer-friendly names."}, "RequestSource": {"type": "string", "enum": ["device", "edge", "chrome", "firefox", "brave", "comet", "safari", "surf", "na"], "title": "RequestSource"}, "SearchParams": {"properties": {"term": {"type": "string", "title": "Term", "description": "Search term to match"}, "case_sensitive": {"type": "boolean", "title": "Case Sensitive", "description": "Whether search is case-sensitive (default: False for case-insensitive)", "default": false}, "match_anywhere": {"type": "boolean", "title": "Match Anywhere", "description": "Whether to match anywhere in text (True) or only at the beginning (False, default)", "default": false}}, "type": "object", "required": ["term"], "title": "SearchParams", "description": "Free text search parameters for device name and user name."}, "SortCondition": {"properties": {"field": {"$ref": "#/components/schemas/FilterableField", "description": "Field to sort by"}, "order": {"$ref": "#/components/schemas/SortOrder", "description": "Sort order", "default": "desc"}}, "type": "object", "required": ["field"], "title": "SortCondition", "description": "Sort condition on a single asset field."}, "SortOrder": {"type": "string", "enum": ["asc", "desc"], "title": "SortOrder"}, "StatusComponent": {"type": "string", "enum": ["proxy_health", "mcp_health"], "title": "StatusComponent", "description": "External-facing subset of status components exposed to API consumers."}, "User": {"properties": {"user_unique_id": {"type": "string", "format": "uuid", "title": "User Unique Id", "description": "Unique user identifier"}, "name": {"type": "string", "title": "Name", "description": "User name"}, "display_name": {"type": "string", "title": "Display Name", "description": "Display name"}, "samname": {"type": "string", "title": "Samname", "description": "SAM account name (unique per tenant)"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Created timestamp"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Updated timestamp"}}, "type": "object", "required": ["user_unique_id", "name", "display_name", "samname", "created_at", "updated_at"], "title": "User", "description": "External-safe twin of GlobalUser."}, "UserItem": {"properties": {"user_unique_id": {"type": "string", "format": "uuid", "title": "User Unique Id", "description": "Unique user identifier"}, "name": {"type": "string", "title": "Name", "description": "User name (CN path)"}, "display_name": {"type": "string", "title": "Display Name", "description": "Display name"}, "samname": {"type": "string", "title": "Samname", "description": "SAM account name"}}, "type": "object", "required": ["user_unique_id", "name", "display_name", "samname"], "title": "UserItem", "description": "External-safe user item."}, "UsersByIdsRequest": {"properties": {"user_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "maxItems": 500, "minItems": 1, "title": "User Ids", "description": "Array of user unique IDs (max: 500)"}}, "type": "object", "required": ["user_ids"], "title": "UsersByIdsRequest", "description": "Request for getting users by an array of IDs."}, "UsersByIdsResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "users": {"items": {"$ref": "#/components/schemas/UserItem"}, "type": "array", "title": "Users"}}, "type": "object", "required": ["tenant_id", "users"], "title": "UsersByIdsResponse", "description": "Response with users by IDs."}, "UsersPagination": {"properties": {"limit": {"type": "integer", "maximum": 100.0, "minimum": 1.0, "title": "Limit", "description": "Number of items per page (max: 100)", "default": 50}, "offset": {"type": "integer", "minimum": 0.0, "title": "Offset", "description": "Number of items to skip", "default": 0}}, "type": "object", "title": "UsersPagination", "description": "Pagination parameters for users (max 100 per page)."}, "UsersRequest": {"properties": {"search": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Search", "description": "Search term for case-insensitive match on user name and display name"}, "pagination": {"$ref": "#/components/schemas/UsersPagination", "description": "Pagination parameters"}}, "type": "object", "title": "UsersRequest", "description": "Request for querying users."}, "UsersResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "users": {"items": {"$ref": "#/components/schemas/UserItem"}, "type": "array", "title": "Users"}, "limit": {"type": "integer", "title": "Limit"}, "offset": {"type": "integer", "title": "Offset"}}, "type": "object", "required": ["tenant_id", "users", "limit", "offset"], "title": "UsersResponse", "description": "Response with users and pagination metadata."}, "AppResult": {"properties": {"app_id": {"type": "integer", "title": "App Id", "description": "Unique app identifier"}, "name": {"type": "string", "title": "Name", "description": "App name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "App description"}, "page_url": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Page Url", "description": "App page URL"}}, "type": "object", "required": ["app_id", "name"], "title": "AppResult", "description": "A single app result with minimal fields."}, "AppSearchRequest": {"properties": {"search": {"type": "string", "maxLength": 200, "minLength": 1, "title": "Search", "description": "Search term"}, "search_by": {"$ref": "#/components/schemas/SearchBy", "description": "Search mode: name, name_and_description, or url", "default": "name"}}, "type": "object", "required": ["search"], "title": "AppSearchRequest", "description": "Request for searching GenAI apps."}, "AppSearchResponse": {"properties": {"results": {"items": {"$ref": "#/components/schemas/AppResult"}, "type": "array", "title": "Results", "description": "Matching apps (max 10)"}}, "type": "object", "title": "AppSearchResponse", "description": "Response with matching apps (max 10)."}, "AppsByIdsRequest": {"properties": {"ids": {"items": {"type": "integer"}, "type": "array", "maxItems": 100, "minItems": 1, "title": "Ids", "description": "Array of app IDs (max: 100)"}}, "type": "object", "required": ["ids"], "title": "AppsByIdsRequest", "description": "Request for getting apps by an array of IDs."}, "AppsByIdsResponse": {"properties": {"results": {"items": {"$ref": "#/components/schemas/AppResult"}, "type": "array", "title": "Results", "description": "Matching apps"}}, "type": "object", "title": "AppsByIdsResponse", "description": "Response with apps by IDs."}, "SearchBy": {"type": "string", "enum": ["name", "name_and_description", "url"], "title": "SearchBy"}}, "securitySchemes": {"HTTPBearer": {"type": "http", "scheme": "bearer"}}}} \ No newline at end of file +{"openapi": "3.1.0", "info": {"title": "Check Point Browse Security API", "description": "Unified API for Check Point Browse Security \u2014 policy management and asset visibility.\n\n## Authentication\nAll endpoints require a valid CloudInfra JWT token passed as a Bearer token in the `Authorization` header.\n\n### Obtaining a JWT Token\n1. Go to the [Infinity Portal API Keys page](https://portal.checkpoint.com/dashboard/settings/api-keys).\n2. Click **New** \u2192 **New Account API Key**.\n3. In the **Service** dropdown select **Browser Security** and create the key.\n4. Use the generated API key to obtain a JWT token from CloudInfra.\n5. Include the JWT in every request:\n ```\n Authorization: Bearer \n ```\n\n## Rate Limiting\nDefault limits vary per endpoint group. Exceeding any limit results in a 5-minute block period.\n", "version": "1.0.1"}, "servers": [{"url": "https://cloudinfra-gw.portal.checkpoint.com", "description": "Europe Region"}, {"url": "https://cloudinfra-gw-us.portal.checkpoint.com", "description": "United States Region"}], "paths": {"/app/browse-protect-policy/external/v1/objects/file-protection": {"get": {"tags": ["Objects"], "summary": "List all file-protection objects", "operationId": "get_file_protection_objects_external_v1_objects_file_protection_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetFileProtectionObjectsResponse"}}}}}, "security": [{"HTTPBearer": []}]}, "put": {"tags": ["Objects"], "summary": "Update a file protection object", "operationId": "update_file_protection_object_external_v1_objects_file_protection_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UpdateFileProtectionObjectRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UpdateObjectResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}, "post": {"tags": ["Objects"], "summary": "Create a file protection object", "operationId": "create_file_protection_object_external_v1_objects_file_protection_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CreateFileProtectionObjectRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CreateObjectResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/objects/domains": {"get": {"tags": ["Objects"], "summary": "List all domains objects", "operationId": "get_domains_objects_external_v1_objects_domains_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDomainsObjectsResponse"}}}}}, "security": [{"HTTPBearer": []}]}, "put": {"tags": ["Objects"], "summary": "Update a domains object", "operationId": "update_domains_object_external_v1_objects_domains_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UpdateDomainsObjectRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UpdateObjectResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}, "post": {"tags": ["Objects"], "summary": "Create a domains object", "operationId": "create_domains_object_external_v1_objects_domains_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CreateDomainsObjectRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CreateObjectResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/objects/delete": {"delete": {"tags": ["Objects"], "summary": "Delete an object (fails if attached to rules)", "operationId": "delete_object_external_v1_objects_delete_delete", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/DeleteObjectRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Delete Object External V1 Objects Delete Delete"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rulebase": {"get": {"tags": ["DLP Policy"], "summary": "Get the DLP rulebase with all rules and version", "operationId": "get_dlp_rulebase_external_v1_dlp_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rule": {"post": {"tags": ["DLP Policy"], "summary": "Create a DLP rule", "operationId": "add_dlp_rule_external_v1_dlp_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddChatsRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rule/set-policy": {"put": {"tags": ["DLP Policy"], "summary": "Replace the entire policy of a DLP rule", "operationId": "set_dlp_policy_external_v1_dlp_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetChatsPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Dlp Policy External V1 Dlp Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rule/patch-policy": {"patch": {"tags": ["DLP Policy"], "summary": "Partially update the policy of a DLP rule (deep merge)", "operationId": "patch_dlp_policy_external_v1_dlp_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchChatsPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Dlp Policy External V1 Dlp Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rule/attach-objects": {"post": {"tags": ["DLP Policy"], "summary": "Attach objects to a DLP rule", "operationId": "attach_dlp_rule_objects_external_v1_dlp_rule_attach_objects_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AttachChatsObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Attach Dlp Rule Objects External V1 Dlp Rule Attach Objects Post"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rule/detach-objects": {"post": {"tags": ["DLP Policy"], "summary": "Detach objects from a DLP rule", "operationId": "detach_dlp_rule_objects_external_v1_dlp_rule_detach_objects_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/DetachObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Detach Dlp Rule Objects External V1 Dlp Rule Detach Objects Post"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp/rule/set-objects": {"put": {"tags": ["DLP Policy"], "summary": "Set (replace) all objects of a DLP rule for a feature", "operationId": "set_dlp_rule_objects_external_v1_dlp_rule_set_objects_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetChatsObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Dlp Rule Objects External V1 Dlp Rule Set Objects Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rulebase": {"get": {"tags": ["Web Access Policy"], "summary": "Get the Web Access rulebase with all rules and version", "operationId": "get_web_access_rulebase_external_v1_web_access_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rule": {"post": {"tags": ["Web Access Policy"], "summary": "Create a Web Access rule", "operationId": "add_web_access_rule_external_v1_web_access_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddAccessRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rule/set-policy": {"put": {"tags": ["Web Access Policy"], "summary": "Replace the entire Web Access policy of a rule", "operationId": "set_web_access_policy_external_v1_web_access_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetAccessPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Web Access Policy External V1 Web Access Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rule/patch-policy": {"patch": {"tags": ["Web Access Policy"], "summary": "Partially update the Web Access policy of a rule (deep merge)", "operationId": "patch_web_access_policy_external_v1_web_access_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchAccessPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Web Access Policy External V1 Web Access Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rule/attach-objects": {"post": {"tags": ["Web Access Policy"], "summary": "Attach objects to a Web Access rule", "operationId": "attach_web_access_rule_objects_external_v1_web_access_rule_attach_objects_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AttachAccessObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Attach Web Access Rule Objects External V1 Web Access Rule Attach Objects Post"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rule/detach-objects": {"post": {"tags": ["Web Access Policy"], "summary": "Detach objects from a Web Access rule", "operationId": "detach_web_access_rule_objects_external_v1_web_access_rule_detach_objects_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/DetachObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Detach Web Access Rule Objects External V1 Web Access Rule Detach Objects Post"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/web-access/rule/set-objects": {"put": {"tags": ["Web Access Policy"], "summary": "Set (replace) all objects of a Web Access rule for a feature", "operationId": "set_web_access_rule_objects_external_v1_web_access_rule_set_objects_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetAccessObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Web Access Rule Objects External V1 Web Access Rule Set Objects Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rulebase": {"get": {"tags": ["Secure Browsing Policy"], "summary": "Get the Secure Browsing rulebase with all rules and version", "operationId": "get_secure_browsing_rulebase_external_v1_secure_browsing_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rule": {"post": {"tags": ["Secure Browsing Policy"], "summary": "Create a Secure Browsing rule", "operationId": "add_secure_browsing_rule_external_v1_secure_browsing_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddSecureBrowsingRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rule/set-policy": {"put": {"tags": ["Secure Browsing Policy"], "summary": "Replace the entire policy of a Secure Browsing rule", "operationId": "set_secure_browsing_policy_external_v1_secure_browsing_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetSecureBrowsingPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Secure Browsing Policy External V1 Secure Browsing Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rule/patch-policy": {"patch": {"tags": ["Secure Browsing Policy"], "summary": "Partially update the policy of a Secure Browsing rule (deep merge)", "operationId": "patch_secure_browsing_policy_external_v1_secure_browsing_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchSecureBrowsingPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Secure Browsing Policy External V1 Secure Browsing Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rule/attach-objects": {"post": {"tags": ["Secure Browsing Policy"], "summary": "Attach objects to a Secure Browsing rule", "operationId": "attach_secure_browsing_rule_objects_external_v1_secure_browsing_rule_attach_objects_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AttachSecureBrowsingObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Attach Secure Browsing Rule Objects External V1 Secure Browsing Rule Attach Objects Post"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rule/detach-objects": {"post": {"tags": ["Secure Browsing Policy"], "summary": "Detach objects from a Secure Browsing rule", "operationId": "detach_secure_browsing_rule_objects_external_v1_secure_browsing_rule_detach_objects_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/DetachObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Detach Secure Browsing Rule Objects External V1 Secure Browsing Rule Detach Objects Post"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/secure-browsing/rule/set-objects": {"put": {"tags": ["Secure Browsing Policy"], "summary": "Set (replace) all objects of a Secure Browsing rule for a feature", "operationId": "set_secure_browsing_rule_objects_external_v1_secure_browsing_rule_set_objects_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetSecureBrowsingObjectsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Secure Browsing Rule Objects External V1 Secure Browsing Rule Set Objects Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/rules/set-info": {"put": {"tags": ["Rulebase"], "summary": "Update rule display info (name, description)", "operationId": "set_rule_info_external_v1_rules_set_info_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetInfoRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Rule Info External V1 Rules Set Info Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/rules/reorder": {"put": {"tags": ["Rulebase"], "summary": "Change a rule's priority position in the rulebase", "operationId": "reorder_rule_external_v1_rules_reorder_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonReorderRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Reorder Rule External V1 Rules Reorder Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/rules/set-source": {"put": {"tags": ["Rulebase"], "summary": "Replace the user/group source of a rule", "operationId": "set_source_external_v1_rules_set_source_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetSourceRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Source External V1 Rules Set Source Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/rules/set-active": {"put": {"tags": ["Rulebase"], "summary": "Enable or disable a rule without deleting it", "operationId": "set_active_external_v1_rules_set_active_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetActiveRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Active External V1 Rules Set Active Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/rules/{rule_id}": {"delete": {"tags": ["Rulebase"], "summary": "Permanently delete a rule from the rulebase", "operationId": "delete_rule_external_v1_rules__rule_id__delete", "security": [{"HTTPBearer": []}], "parameters": [{"name": "rule_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Rule Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonDeleteRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/app/browse-protect-policy/external/v1/dlp-datatypes/predefined": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all predefined DLP datatypes", "operationId": "get_predefined_datatypes_external_v1_dlp_datatypes_predefined_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp-datatypes/custom": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all custom DLP datatypes", "operationId": "get_custom_datatypes_external_v1_dlp_datatypes_custom_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp-datatypes/all": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all DLP datatypes (predefined and custom)", "operationId": "get_all_datatypes_external_v1_dlp_datatypes_all_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp-datatypes": {"get": {"tags": ["DLP Datatypes"], "summary": "Get DLP datatypes for tenant", "operationId": "get_datatypes_external_v1_dlp_datatypes_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpTenantDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}, "post": {"tags": ["DLP Datatypes"], "summary": "Set DLP datatypes for tenant", "operationId": "set_datatypes_external_v1_dlp_datatypes_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetDlpTenantDataTypesRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetDlpTenantDataTypesResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp-datatypes/installation/status": {"get": {"tags": ["DLP Datatypes"], "summary": "Get data type installation status", "operationId": "get_installation_status_route_external_v1_dlp_datatypes_installation_status_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DataTypeInstallationResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-policy/external/v1/dlp-datatypes/installation/retry": {"post": {"tags": ["DLP Datatypes"], "summary": "Retry data type installation", "operationId": "retry_installation_route_external_v1_dlp_datatypes_installation_retry_post", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DataTypeInstallationResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-assets/external/v1/assets": {"post": {"tags": ["Deployment Status"], "summary": "Query assets with domain joins, filters and pagination", "operationId": "query_assets_external_v1_assets_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-assets/external/v1/assets/count": {"post": {"tags": ["Deployment Status"], "summary": "Get count of assets matching filters", "operationId": "get_assets_count_external_v1_assets_count_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsCountRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsCountResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-assets/external/v1/users": {"post": {"tags": ["Users"], "summary": "Query users with pagination and search", "operationId": "query_users_external_v1_users_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-assets/external/v1/users/by-ids": {"post": {"tags": ["Users"], "summary": "Get users by array of IDs", "operationId": "get_users_by_ids_endpoint_external_v1_users_by_ids_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersByIdsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersByIdsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-apps/external/v1/apps/search": {"post": {"tags": ["Apps Catalog"], "summary": "Search GenAI apps by name, name, description, or URL", "operationId": "search_apps_external_v1_apps_search_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppSearchRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppSearchResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/browse-protect-apps/external/v1/apps/by-ids": {"post": {"tags": ["Apps Catalog"], "summary": "Get GenAI apps by array of IDs", "operationId": "get_apps_by_ids_external_v1_apps_by_ids_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppsByIdsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppsByIdsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}}, "components": {"schemas": {"AccessPolicy": {"properties": {"services_and_application": {"anyOf": [{"$ref": "#/components/schemas/ServicesAndApplication"}, {"type": "null"}], "description": "Services and application configuration"}, "action": {"anyOf": [{"type": "string", "enum": ["block", "allow", "ask"]}, {"type": "null"}], "title": "Action", "description": "Action to take for access control"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}, "download_file_protection": {"anyOf": [{"$ref": "#/components/schemas/FileDownloadActionSupported"}, {"type": "null"}], "description": "File download protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules."}, "upload_file_protection": {"anyOf": [{"$ref": "#/components/schemas/FileUploadActionSupported"}, {"type": "null"}], "description": "File upload protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules."}}, "type": "object", "title": "AccessPolicy"}, "Account": {"properties": {"account_id": {"type": "string", "title": "Account Id", "description": "Account identifier"}}, "type": "object", "required": ["account_id"], "title": "Account", "description": "External-safe twin of Account."}, "AccountSelectionMode": {"type": "string", "enum": ["all", "selected_account"], "title": "AccountSelectionMode", "description": "Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."}, "AddAccessRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Access control policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddAccessRuleRequest", "description": "Create a new Access rule.\n\nAccess rules control which AI services and applications users are allowed\nto interact with, including allow/block decisions per service."}, "AddChatsRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Chats policy configuration for chat interactions"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddChatsRuleRequest", "description": "Create a new Chats rule.\n\nChats rules control data-loss-prevention for AI chat interactions:\nprompt/response inspection, sensitive-data detection, and file transfer policies."}, "AddMCPServerRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Agents policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddMCPServerRuleRequest", "description": "Create a new Agents rule.\n\nAgents rules govern agent interactions, including which tools\nagents can invoke and what access controls apply to agent operations."}, "AddRuleResponse": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "The UUID of the newly created rule"}}, "type": "object", "required": ["rule_id"], "title": "AddRuleResponse", "description": "Response returned after creating a rule."}, "AddSecureBrowsingRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Secure Browsing policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddSecureBrowsingRuleRequest", "description": "Create a new Secure Browsing rule.\n\nSecure Browsing rules define threat-prevention policies for web browsing:\nphishing protection, password-reuse detection, and domain-based filtering."}, "AgentsPolicy": {"properties": {"action": {"anyOf": [{"type": "string", "enum": ["block", "allow", "ask"]}, {"type": "null"}], "title": "Action", "description": "Action to take for MCP server"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}, "clients": {"anyOf": [{"$ref": "#/components/schemas/MCPClients"}, {"type": "null"}], "description": "Desktop clients selection"}, "servers": {"anyOf": [{"$ref": "#/components/schemas/MCPServers"}, {"type": "null"}], "description": "MCP servers configuration"}, "tooling": {"anyOf": [{"$ref": "#/components/schemas/Tooling"}, {"type": "null"}], "description": "Tooling configuration for MCP"}}, "type": "object", "title": "AgentsPolicy"}, "Assignment": {"properties": {"assignment_id": {"type": "string", "format": "uuid", "title": "Assignment Id", "description": "ID of the user or group"}, "display_name": {"type": "string", "title": "Display Name", "description": "Human-readable name of the user or group"}, "assignment_type": {"$ref": "#/components/schemas/AssignmentType", "description": "Whether this is a user, group, or entire-org assignment"}}, "type": "object", "required": ["assignment_id", "display_name", "assignment_type"], "title": "Assignment", "description": "External-safe twin of Assignment."}, "AssignmentType": {"type": "string", "enum": ["ASSIGNMENT_TYPE_USER", "ASSIGNMENT_TYPE_GROUP", "ASSIGNMENT_TYPE_ENTIRE_ORG"], "title": "AssignmentType"}, "AttachAccessObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "enum": ["FILE_EMULATION", "DOMAIN_SERVICES"], "title": "Feature", "description": "Object feature type; Access rules support FILE_EMULATION and DOMAIN_SERVICES"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachAccessObjectsRequest", "description": "Attach reusable objects to an Access rule.\n\nAccess rules support FILE_EMULATION objects (file scanning/emulation settings)\nand DOMAIN_SERVICES objects (domain allow/block lists)."}, "AttachChatsObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "const": "DOMAIN_SERVICES", "title": "Feature", "description": "Object feature type; Chats rules only support DOMAIN_SERVICES"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachChatsObjectsRequest", "description": "Attach reusable objects to a Chats rule.\n\nChats rules support DOMAIN_SERVICES objects (domain allow/block lists\napplied during chat interactions)."}, "AttachSecureBrowsingObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "enum": ["PROTECTED_DOMAINS", "EXCLUDE_DOMAINS"], "title": "Feature", "description": "Object feature type; Secure Browsing supports PROTECTED_DOMAINS and EXCLUDE_DOMAINS"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachSecureBrowsingObjectsRequest", "description": "Attach reusable objects to a Secure Browsing rule.\n\nSecure Browsing rules support PROTECTED_DOMAINS (domains where threat\nprevention is enforced) and EXCLUDE_DOMAINS (domains exempted from scanning)."}, "CategoryItem": {"properties": {"category_id": {"$ref": "#/components/schemas/URLFCategory", "description": "Category ID from the supported URLF categories. The following categories are available:\n\n| Category | ID |\n|---|---|\n| Uncategorized | 0 |\n| Computers & Internet | 1 |\n| Education | 3 |\n| Entertainment | 5 |\n| Financial Services | 7 |\n| Gambling | 9 |\n| Government / Military | 11 |\n| Greeting Cards | 12 |\n| Hacking | 13 |\n| Hate / Racism | 14 |\n| Health | 15 |\n| Illegal / Questionable | 17 |\n| Illegal Drugs | 18 |\n| Job Search / Careers | 21 |\n| Media Streams | 23 |\n| News / Media | 24 |\n| Newsgroups / Forums | 25 |\n| Nudity | 26 |\n| Personals / Dating | 30 |\n| Phishing | 31 |\n| Political / Legal | 32 |\n| Pornography | 33 |\n| Real Estate | 34 |\n| Recreation | 35 |\n| Religion | 37 |\n| Restaurants / Dining / Food | 39 |\n| Sex Education | 41 |\n| Shopping | 42 |\n| Alcohol / Tobacco | 45 |\n| Art / Culture | 47 |\n| Blogs / Personal Pages | 49 |\n| Business / Economy | 51 |\n| Software Downloads | 53 |\n| Sports | 54 |\n| Spyware / Malicious Sites | 55 |\n| Tasteless | 56 |\n| Translation | 58 |\n| Travel | 59 |\n| Vehicles | 60 |\n| Violence | 61 |\n| Weapons | 62 |\n| Botnets | 65 |\n| Spam | 66 |\n| Inactive Sites | 67 |\n| Fashion | 68 |\n| Non-Profits / NGOs | 69 |\n| Sex | 70 |\n| General | 71 |\n| Nature / Conservation | 72 |\n| Child Abuse | 73 |\n| URL Filtering | 74 |\n| Lifestyle | 75 |\n| Lingerie / Swimsuit / Suggestive | 76 |\n| Suspicious Content | 77 |\n| Marijuana | 78 |\n| Web Advertisements | 50000032 |\n| Instant Chat | 50000086 |\n| Very Low Risk | 51000001 |\n| Low Risk | 51000002 |\n| Medium Risk | 51000003 |\n| High Risk | 51000004 |\n| Critical Risk | 51000005 |\n| Anonymizer | 52000038 |\n| P2P File Sharing | 52000046 |\n| Instant Messaging | 52000047 |\n| Media Sharing | 52000051 |\n| Games | 52000058 |\n| Social Networking | 52000069 |\n| Email | 52000130 |\n| Search Engines / Portals | 52000132 |\n| File Storage / Sharing | 52000136 |\n| Keyloggers | 60530540 |\n| Occult | 60530541 |\n| Hosting Sites | 60530542 |\n| DDNS / Dynamic DNS | 60530648 |\n| Artificial Intelligence (AI) | 60517663 |\n| Generative AI Tools | 60531762 |\n\n**Note:** GenAI rules only allow category 60531762 (Generative AI Tools), used as \"Any AI tool\". Browse rules can use any *other* category."}}, "type": "object", "required": ["category_id"], "title": "CategoryItem"}, "ChatsPolicy": {"properties": {"event_type": {"anyOf": [{"$ref": "#/components/schemas/DLPEventType"}, {"type": "null"}], "description": "Type of event to apply DLP policy on"}, "services_and_application": {"anyOf": [{"$ref": "#/components/schemas/ServicesAndApplication"}, {"type": "null"}], "description": "Services and application configuration"}, "data_types": {"anyOf": [{"items": {"$ref": "#/components/schemas/DataType"}, "type": "array"}, {"type": "null"}], "title": "Data Types", "description": "DLP Data types"}, "action": {"anyOf": [{"type": "string", "enum": ["prevent", "ask", "redact", "detect", "allow", "block"]}, {"type": "null"}], "title": "Action", "description": "Action to take when DLP rule is triggered"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}}, "type": "object", "title": "ChatsPolicy"}, "ClaudeExtensionsConfig": {"properties": {"extension_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Extension Name", "description": "Extension name from manifest.json", "default": "", "examples": ["chrome-control"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for extension_name matching", "default": "exact"}}, "type": "object", "title": "ClaudeExtensionsConfig"}, "CommonDeleteRuleResponse": {"properties": {"message": {"type": "string", "title": "Message"}, "rule_id": {"type": "string", "title": "Rule Id"}}, "type": "object", "required": ["message", "rule_id"], "title": "CommonDeleteRuleResponse", "description": "Confirmation of rule deletion."}, "CommonReorderRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to reorder"}, "new_order": {"type": "integer", "title": "New Order", "description": "Target position in the rulebase (1-based). Lower values = higher priority = evaluated first"}}, "type": "object", "required": ["rule_id", "new_order"], "title": "CommonReorderRequest", "description": "Move a rule to a new position in the rulebase.\n\nOther rules in the same rulebase are shifted automatically to accommodate."}, "CommonSetActiveRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "active": {"type": "boolean", "title": "Active", "description": "True to enforce the rule, false to skip it during evaluation"}}, "type": "object", "required": ["rule_id", "active"], "title": "CommonSetActiveRequest", "description": "Enable or disable a rule without deleting it.\n\nInactive rules remain in the rulebase but are skipped during policy evaluation."}, "CommonSetInfoRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "name": {"type": "string", "title": "Name", "description": "New human-readable name for the rule"}, "description": {"type": "string", "title": "Description", "description": "New description of the rule's purpose"}}, "type": "object", "required": ["rule_id", "name", "description"], "title": "CommonSetInfoRequest", "description": "Update a rule's display information without changing its policy or assignments."}, "CommonSetSourceRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Complete list of user/group source entries; replaces all existing entries"}}, "type": "object", "required": ["rule_id", "source"], "title": "CommonSetSourceRequest", "description": "Replace the full source list of a rule.\n\nSource entries determine which users or groups the rule applies to.\nAn empty list means the rule applies to everyone in the tenant."}, "CreateDomainsObjectRequest": {"properties": {"name": {"type": "string", "maxLength": 255, "minLength": 1, "title": "Name", "description": "Display name for the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Explanation of what this object is used for", "default": ""}, "object_data": {"$ref": "#/components/schemas/DomainsObject", "description": "Domain list configuration (up to 200 domain entries)"}}, "type": "object", "required": ["name", "object_data"], "title": "CreateDomainsObjectRequest", "description": "Create a new domains object.\n\nDomains objects contain a list of domain entries used for domain-based\nfiltering in rules (e.g. protected domains, excluded domains, service domains)."}, "CreateFileProtectionObjectRequest": {"properties": {"name": {"type": "string", "maxLength": 255, "minLength": 1, "title": "Name", "description": "Display name for the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Explanation of what this object is used for", "default": ""}, "object_data": {"$ref": "#/components/schemas/FileProtectionObject", "description": "File protection settings: upload/download actions, size limits, fail-close behavior, and per-file-type overrides"}}, "type": "object", "required": ["name", "object_data"], "title": "CreateFileProtectionObjectRequest", "description": "Create a new file-protection object.\n\nFile-protection objects define scanning and emulation behavior for file\nuploads and downloads, including per-file-type action overrides and size limits."}, "CreateObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "The UUID of the newly created object"}}, "type": "object", "required": ["object_id"], "title": "CreateObjectResponse", "description": "Response returned after creating an object."}, "DLPEventType": {"type": "string", "enum": ["file_upload", "file_download", "paste", "prompt", "copy"], "title": "DLPEventType"}, "DLPType": {"type": "string", "enum": ["PRE_DEFINED", "CUSTOM"], "title": "DLPType"}, "DataType": {"properties": {"id": {"type": "string", "format": "uuid", "title": "Id", "description": "UUID of the data type", "default": "", "examples": ["cf0523c1-537e-4a4b-8bb8-084b7b9e0b45"]}, "name": {"type": "string", "title": "Name", "description": "Display name of the data type", "default": "", "examples": ["American Express Travelers Cheques Number"]}, "type": {"$ref": "#/components/schemas/DLPType", "description": "Type of the data type", "default": "PRE_DEFINED"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel", "description": "Matching level for the data type"}}, "type": "object", "title": "DataType"}, "DataTypeInstallationResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "status": {"$ref": "#/components/schemas/InstallationStatus"}, "data_types_count": {"type": "integer", "title": "Data Types Count"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At"}}, "type": "object", "required": ["tenant_id", "status", "data_types_count", "updated_at"], "title": "DataTypeInstallationResponse", "description": "Response model for data type installation status."}, "DeleteObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to delete"}}, "type": "object", "required": ["object_id"], "title": "DeleteObjectRequest", "description": "Delete a policy object.\n\nDeletion will fail with 409 Conflict if the object is currently attached\nto one or more rules. Detach it from all rules first."}, "DetachObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to detach objects from"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to remove from the rule"}}, "type": "object", "required": ["rule_id", "object_ids"], "title": "DetachObjectsRequest", "description": "Remove objects from a rule. Works across all rule types that support objects."}, "DlpCreateType": {"type": "string", "enum": ["PRE_DEFINED", "CUSTOM"], "title": "DlpCreateType"}, "DlpDataType": {"properties": {"id": {"type": "string", "title": "Id"}, "assetId": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Assetid"}, "objectStatus": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Objectstatus"}, "name": {"type": "string", "title": "Name"}, "type": {"type": "string", "title": "Type"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "creationTime": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Creationtime"}, "lastUpdateTime": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Lastupdatetime"}, "dataTypeTags": {"anyOf": [{"items": {"$ref": "#/components/schemas/DlpDataTypeTag"}, "type": "array"}, {"type": "null"}], "title": "Datatypetags"}, "redactSupported": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Redactsupported"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel"}, "content": {"anyOf": [{"additionalProperties": true, "type": "object"}, {"type": "null"}], "title": "Content"}, "comment": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Comment"}}, "additionalProperties": true, "type": "object", "required": ["id", "name", "type", "createType"], "title": "DlpDataType", "example": {"assetId": "3e2ed446-5d2e-4091-b561-2db1458f9791", "createType": "PRE_DEFINED", "creationTime": "2023-02-22T15:23:55.446Z", "dataTypeTags": [{"isCategory": false, "name": "Financial & Business"}], "description": "Matches American Bankers Association (ABA) Routing Transit Numbers", "id": "3e2ed446-5d2e-4091-b561-2db1458f9791", "lastUpdateTime": "2023-02-22T15:23:56.317Z", "matchingLevel": 1, "name": "ABA Transit Numbers", "objectStatus": "Normal", "redactSupported": false, "type": "PATTERN"}}, "DlpDataTypeReference": {"properties": {"id": {"type": "string", "title": "Id"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}}, "type": "object", "required": ["id", "createType"], "title": "DlpDataTypeReference", "example": {"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90"}}, "DlpDataTypeTag": {"properties": {"name": {"type": "string", "title": "Name"}, "data": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "title": "Data"}, "isCategory": {"type": "boolean", "title": "Iscategory"}}, "type": "object", "required": ["name", "isCategory"], "title": "DlpDataTypeTag", "example": {"data": ["Other"], "isCategory": true, "name": "Regulation"}}, "DlpTenantDataType": {"properties": {"id": {"type": "string", "title": "Id"}, "name": {"type": "string", "title": "Name"}, "type": {"type": "string", "title": "Type"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}, "internal": {"type": "boolean", "title": "Internal"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel"}}, "type": "object", "required": ["id", "name", "type", "createType", "internal"], "title": "DlpTenantDataType", "example": {"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90", "internal": false, "matchingLevel": 1, "name": "IP Address", "type": "GROUP"}}, "DockerGatewayConfig": {"properties": {}, "type": "object", "title": "DockerGatewayConfig"}, "DockerRunnerConfig": {"properties": {"image_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Image Name", "description": "Docker image name", "default": "", "examples": ["modelcontextprotocol/server-github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for image_name matching", "default": "exact"}}, "type": "object", "title": "DockerRunnerConfig"}, "DomainConfig": {"properties": {"domain_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Domain Name", "description": "Domain name of the remote server", "default": "", "examples": ["mcp-server.example.com", "example.com"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/DomainMatchMode"}, {"type": "null"}], "description": "Match mode for domain matching (exact_host or any_subdomain)", "default": "exact_host"}}, "type": "object", "title": "DomainConfig"}, "DomainItem": {"properties": {"domain": {"type": "string", "format": "hostname", "title": "Domain", "description": "Valid domain name or IPv4 address"}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/DomainMatchMode"}, {"type": "null"}], "description": "Match mode for domain matching (exact_host or any_subdomain)", "default": "exact_host"}}, "type": "object", "required": ["domain"], "title": "DomainItem"}, "DomainMatchMode": {"type": "string", "enum": ["exact_host", "any_subdomain"], "title": "DomainMatchMode", "description": "Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."}, "DomainsObject": {"properties": {"domains": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "maxItems": 200, "title": "Domains", "description": "List of domains"}}, "type": "object", "title": "DomainsObject", "description": "External-safe twin of DomainsObject."}, "DomainsObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/DomainsObject"}, {"type": "null"}], "description": "The domain list entries"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "DomainsObjectResponse", "description": "A domains object with its full configuration."}, "ExecutableServerConfig": {"properties": {"executable_path": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Executable Path", "description": "Path to the executable", "default": "", "examples": ["/path/to/executable"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for executable_path matching", "default": "exact"}}, "type": "object", "title": "ExecutableServerConfig"}, "FileActionUnsupported": {"type": "string", "enum": ["Block", "Allow"], "title": "FileActionUnsupported"}, "FileDownloadActionSupported": {"type": "string", "enum": ["na", "Block", "Allow", "EmulateInBackground", "WaitForEmulation", "Detect", "Extract"], "title": "FileDownloadActionSupported"}, "FileFailClose": {"type": "string", "enum": ["FailClose", "FailOpen"], "title": "FileFailClose"}, "FileProtectionObject": {"properties": {"file_download_action_unsupported": {"anyOf": [{"$ref": "#/components/schemas/FileActionUnsupported"}, {"type": "null"}]}, "file_upload_action_unsupported": {"anyOf": [{"$ref": "#/components/schemas/FileActionUnsupported"}, {"type": "null"}]}, "file_download_size_limit_mb": {"anyOf": [{"type": "integer", "maximum": 100.0, "minimum": 1.0}, {"type": "null"}], "title": "File Download Size Limit Mb"}, "file_upload_size_limit_mb": {"anyOf": [{"type": "integer", "maximum": 100.0, "minimum": 1.0}, {"type": "null"}], "title": "File Upload Size Limit Mb"}, "file_download_error_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_download_size_limit_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_upload_error_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_upload_size_limit_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_download_action_per_supported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileDownloadActionSupported"}, "propertyNames": {"$ref": "#/components/schemas/SupportedFileType"}, "type": "object"}, {"type": "null"}], "title": "File Download Action Per Supported File"}, "file_download_action_per_unsupported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileActionUnsupported"}, "type": "object", "maxProperties": 1000}, {"type": "null"}], "title": "File Download Action Per Unsupported File"}, "file_upload_action_per_supported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileUploadActionSupported"}, "propertyNames": {"$ref": "#/components/schemas/SupportedFileType"}, "type": "object"}, {"type": "null"}], "title": "File Upload Action Per Supported File"}, "file_upload_action_per_unsupported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileActionUnsupported"}, "type": "object", "maxProperties": 1000}, {"type": "null"}], "title": "File Upload Action Per Unsupported File"}}, "type": "object", "title": "FileProtectionObject", "description": "External-safe twin of FileProtectionObject."}, "FileProtectionObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/FileProtectionObject"}, {"type": "null"}], "description": "File protection settings: upload/download actions, size limits, fail-close behavior, and per-file-type overrides"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "FileProtectionObjectResponse", "description": "A file-protection object with its full configuration."}, "FileUploadActionSupported": {"type": "string", "enum": ["na", "Block", "Allow", "EmulateInBackground", "WaitForEmulation", "Detect"], "title": "FileUploadActionSupported"}, "GenAIApp": {"properties": {"id": {"type": "integer", "exclusiveMinimum": 0.0, "title": "Id", "description": "GenAI application ID"}, "mode": {"anyOf": [{"$ref": "#/components/schemas/AccountSelectionMode"}, {"type": "null"}], "description": "Account selection mode: 'all' or 'selected_account'", "default": "all"}, "accounts": {"items": {"$ref": "#/components/schemas/Account"}, "type": "array", "title": "Accounts", "description": "List of selected accounts (used when mode='selected_account')"}}, "type": "object", "required": ["id"], "title": "GenAIApp"}, "GetDlpDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "dataTypes": {"items": {"$ref": "#/components/schemas/DlpDataType"}, "type": "array", "title": "Datatypes"}}, "type": "object", "required": ["status", "dataTypes"], "title": "GetDlpDataTypesResponse", "example": {"dataTypes": [{"assetId": "3e2ed446-5d2e-4091-b561-2db1458f9791", "createType": "PRE_DEFINED", "creationTime": "2023-02-22T15:23:55.446Z", "description": "Matches ABA Routing Transit Numbers", "id": "3e2ed446-5d2e-4091-b561-2db1458f9791", "lastUpdateTime": "2023-02-22T15:23:56.317Z", "name": "ABA Transit Numbers", "objectStatus": "Normal", "redactSupported": false, "type": "PATTERN"}], "status": "SUCCESS"}}, "GetDlpTenantDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "id": {"type": "string", "title": "Id"}, "dataTypes": {"items": {"$ref": "#/components/schemas/DlpTenantDataType"}, "type": "array", "title": "Datatypes"}}, "type": "object", "required": ["status", "id", "dataTypes"], "title": "GetDlpTenantDataTypesResponse", "example": {"dataTypes": [{"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90", "internal": false, "name": "IP Address", "type": "GROUP"}, {"createType": "PRE_DEFINED", "id": "d2c4411f-dd0e-495b-b856-5686e68892b4", "internal": false, "name": "PCI - Credit Card Numbers", "type": "PATTERN"}], "id": "bb47587c-fda0-4cb3-896e-1d359d0e3f9d", "status": "SUCCESS"}}, "GetDomainsObjectsResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/DomainsObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "GetDomainsObjectsResponse", "description": "All domains objects for the tenant, including their full configuration."}, "GetFileProtectionObjectsResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/FileProtectionObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "GetFileProtectionObjectsResponse", "description": "All file-protection objects for the tenant, including their full configuration."}, "GetRulebaseResponse": {"properties": {"rulebase_version": {"type": "integer", "title": "Rulebase Version", "description": "Monotonically increasing version of this rulebase. Incremented whenever any rule in the rulebase is created, modified, or deleted. Compare with a previously stored value to detect whether the rulebase has changed (useful for caching or polling)"}, "rules": {"items": {"$ref": "#/components/schemas/RuleResponse"}, "type": "array", "title": "Rules", "description": "All rules in the rulebase, ordered by priority (ascending)"}}, "type": "object", "required": ["rulebase_version", "rules"], "title": "GetRulebaseResponse", "description": "Full rulebase for a given policy type, including its version for change detection."}, "HTTPValidationError": {"properties": {"detail": {"items": {"$ref": "#/components/schemas/ValidationError"}, "type": "array", "title": "Detail"}}, "type": "object", "title": "HTTPValidationError"}, "InstallationStatus": {"type": "string", "enum": ["pending", "success", "failed"], "title": "InstallationStatus", "description": "Status of DLP Next data type installation."}, "LoggingStatus": {"type": "string", "enum": ["enabled", "disabled"], "title": "LoggingStatus", "description": "Logging status enumeration."}, "MCPClient": {"properties": {"os": {"anyOf": [{"$ref": "#/components/schemas/OSType"}, {"type": "null"}], "description": "Operating system for the client"}, "name_id": {"anyOf": [{"$ref": "#/components/schemas/MCPClientNameId"}, {"type": "null"}], "description": "Client name identifier e.g. 'claude_desktop', 'docker_desktop'", "examples": ["claude_desktop", "docker_desktop"]}}, "type": "object", "title": "MCPClient"}, "MCPClientNameId": {"type": "string", "enum": ["claude_desktop", "vscode", "cursor", "windsurf", "zed", "perplexity", "antigravity", "jetbrains", "roo", "cline", "docker_desktop"], "title": "MCPClientNameId", "description": "MCP Client name identifier enumeration."}, "MCPClients": {"properties": {"mode": {"anyOf": [{"$ref": "#/components/schemas/SelectionMode"}, {"type": "null"}], "description": "Mode for client selection"}, "selected": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPClient"}, "type": "array"}, {"type": "null"}], "title": "Selected", "description": "List of selected clients"}}, "type": "object", "title": "MCPClients"}, "MCPIds": {"properties": {"name_id": {"anyOf": [{"type": "string", "minLength": 1}, {"type": "null"}], "title": "Name Id", "description": "Name of the managed MCP", "default": "", "examples": ["jira", "github"]}}, "type": "object", "title": "MCPIds"}, "MCPRiskLevel": {"properties": {"use_min": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Use Min", "description": "Whether to use minimum risk level limit", "default": false}, "use_max": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Use Max", "description": "Whether to use maximum risk level limit", "default": false}, "min": {"anyOf": [{"type": "integer", "minimum": 0.0}, {"type": "null"}], "title": "Min", "description": "Minimum risk level"}, "max": {"anyOf": [{"type": "integer", "minimum": 0.0}, {"type": "null"}], "title": "Max", "description": "Maximum risk level"}}, "type": "object", "title": "MCPRiskLevel"}, "MCPServer": {"properties": {"server_type": {"anyOf": [{"type": "string", "enum": ["all", "node_server", "python_server", "claude_extensions", "executable_server", "unknown_server", "docker_gateway", "docker_runner", "remote_server"]}, {"type": "null"}], "title": "Server Type", "description": "Type of the MCP server"}, "node_server": {"anyOf": [{"$ref": "#/components/schemas/NodeServerConfig"}, {"type": "null"}], "description": "Node server configuration"}, "python_server": {"anyOf": [{"$ref": "#/components/schemas/PythonServerConfig"}, {"type": "null"}], "description": "Python server configuration"}, "claude_extensions": {"anyOf": [{"$ref": "#/components/schemas/ClaudeExtensionsConfig"}, {"type": "null"}], "description": "Claude extensions configuration"}, "executable_server": {"anyOf": [{"$ref": "#/components/schemas/ExecutableServerConfig"}, {"type": "null"}], "description": "Executable server configuration"}, "unknown_server": {"anyOf": [{"$ref": "#/components/schemas/UnknownServerConfig"}, {"type": "null"}], "description": "Unknown server configuration"}, "docker_gateway": {"anyOf": [{"$ref": "#/components/schemas/DockerGatewayConfig"}, {"type": "null"}], "description": "Docker gateway configuration"}, "docker_runner": {"anyOf": [{"$ref": "#/components/schemas/DockerRunnerConfig"}, {"type": "null"}], "description": "Docker runner configuration"}, "remote_server": {"anyOf": [{"$ref": "#/components/schemas/RemoteServerConfig"}, {"type": "null"}], "description": "Remote server configuration"}}, "type": "object", "title": "MCPServer"}, "MCPServers": {"properties": {"mcp_servers_mode": {"anyOf": [{"$ref": "#/components/schemas/MCPServersMode"}, {"type": "null"}], "description": "Mode for MCP servers selection: all, risk_level, managed, manual"}, "risk_level": {"anyOf": [{"$ref": "#/components/schemas/MCPRiskLevel"}, {"type": "null"}], "description": "Risk level configuration for MCP servers"}, "managed": {"anyOf": [{"$ref": "#/components/schemas/ManagedMCP"}, {"type": "null"}], "description": "Managed MCP configuration"}, "manual": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPServer"}, "type": "array"}, {"type": "null"}], "title": "Manual", "description": "List of manual MCP servers"}}, "type": "object", "title": "MCPServers"}, "MCPServersMode": {"type": "string", "enum": ["all", "risk_level", "manual", "managed"], "title": "MCPServersMode", "description": "MCP Servers mode enumeration."}, "MCPToolItem": {"properties": {"tool_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Tool Name", "description": "Name of a tool e.g. 'create_issue', 'update_issue'", "default": "", "examples": ["create_issue", "update_issue"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for tool name matching", "default": "exact"}}, "type": "object", "title": "MCPToolItem"}, "ManagedMCP": {"properties": {"name_ids": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPIds"}, "type": "array"}, {"type": "null"}], "title": "Name Ids", "description": "List of managed MCP identifiers"}}, "type": "object", "title": "ManagedMCP"}, "MatchMode": {"type": "string", "enum": ["exact", "contains"], "title": "MatchMode", "description": "Matching mode enumeration."}, "MatchToolsMode": {"type": "string", "enum": ["tools_include", "tools_exclude", "operations", "all"], "title": "MatchToolsMode", "description": "Match mode for tools enumeration."}, "NodeServerConfig": {"properties": {"package_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Package Name", "description": "NPM package name e.g. '@modelcontextprotocol/server-github'", "default": "", "examples": ["@modelcontextprotocol/server-github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for package_name matching", "default": "exact"}}, "type": "object", "title": "NodeServerConfig"}, "OSType": {"type": "string", "enum": ["windows", "macos", "all"], "title": "OSType", "description": "Operating system enumeration."}, "ObjectFeature": {"type": "string", "enum": ["FILE_EMULATION", "PROTECTED_DOMAINS", "DOMAIN_SERVICES", "EXCLUDE_DOMAINS"], "title": "ObjectFeature"}, "ObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "ObjectResponse", "description": "Object metadata without the full configuration payload (used in update responses)."}, "OnOff": {"type": "string", "enum": ["on", "off"], "title": "OnOff", "description": "Simple on/off toggle."}, "OperationMatch": {"type": "string", "enum": ["match", "unmatch"], "title": "OperationMatch", "description": "Operation match enumeration."}, "PatchAccessPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Partial access policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchAccessPolicyRequest", "description": "Partially update an Access rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PatchChatsPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Partial Chats policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchChatsPolicyRequest", "description": "Partially update a Chats rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged. Useful for toggling a single setting\nwithout resending the full configuration."}, "PatchMCPServerPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Partial Agents policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchMCPServerPolicyRequest", "description": "Partially update an Agents rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PatchSecureBrowsingPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Partial Secure Browsing policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchSecureBrowsingPolicyRequest", "description": "Partially update a Secure Browsing rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PythonServerConfig": {"properties": {"module_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Module Name", "description": "Python module name e.g. 'modelcontextprotocol_server_github'", "default": "", "examples": ["modelcontextprotocol_server_github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for module_name matching", "default": "exact"}}, "type": "object", "title": "PythonServerConfig"}, "RemoteServerConfig": {"properties": {"match_mode": {"anyOf": [{"type": "string", "enum": ["url", "domain"]}, {"type": "null"}], "title": "Match Mode", "description": "Match mode type: 'url' for URL-based matching or 'domain' for domain-based matching"}, "url": {"anyOf": [{"$ref": "#/components/schemas/URLConfig"}, {"type": "null"}], "description": "URL configuration for remote server (used when match_mode='url')"}, "domain": {"anyOf": [{"$ref": "#/components/schemas/DomainConfig"}, {"type": "null"}], "description": "Domain configuration for remote server (used when match_mode='domain')"}}, "type": "object", "title": "RemoteServerConfig"}, "RuleResponse": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "Unique identifier of the rule"}, "name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every modification; can be used for optimistic concurrency checks"}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase that determines evaluation priority. Lower values are evaluated first; when two rules match the same request, the lower-order rule takes precedence"}, "active": {"type": "boolean", "title": "Active", "description": "Whether the rule is currently enforced; inactive rules are skipped"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At"}, "policy": {"anyOf": [{"$ref": "#/components/schemas/ChatsPolicy"}, {"$ref": "#/components/schemas/AccessPolicy"}, {"$ref": "#/components/schemas/AgentsPolicy"}, {"$ref": "#/components/schemas/SecureBrowsingPolicy"}], "title": "Policy", "description": "The enforcement configuration for this rule. Structure varies by rulebase type (Chats, Access, Agents, Secure Browsing)"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to (source entries). An empty list means the rule matches all users in the tenant"}, "objects": {"anyOf": [{"additionalProperties": {"items": {"type": "string"}, "type": "array"}, "propertyNames": {"$ref": "#/components/schemas/ObjectFeature"}, "type": "object"}, {"type": "null"}], "title": "Objects", "description": "Reusable policy objects attached to this rule, keyed by feature (e.g. FILE_EMULATION, DOMAIN_SERVICES). Values are lists of object IDs. Objects allow sharing configuration (domain lists, file-protection settings) across rules"}}, "type": "object", "required": ["rule_id", "name", "version", "order", "active", "created_at", "updated_at", "policy"], "title": "RuleResponse", "description": "A single rule within a rulebase."}, "SecureBrowsingPolicy": {"properties": {"password_reuse": {"anyOf": [{"$ref": "#/components/schemas/ThreatPreventionAction"}, {"type": "null"}]}, "zero_phishing": {"anyOf": [{"$ref": "#/components/schemas/ThreatPreventionAction"}, {"type": "null"}]}, "safe_search": {"anyOf": [{"$ref": "#/components/schemas/OnOff"}, {"type": "null"}]}, "search_reputation": {"anyOf": [{"$ref": "#/components/schemas/OnOff"}, {"type": "null"}]}, "domain_exclusions": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Domain Exclusions", "description": "List of excluded domains"}, "protected_domains": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Protected Domains", "description": "List of protected domains"}}, "type": "object", "title": "SecureBrowsingPolicy"}, "SelectionMode": {"type": "string", "enum": ["selected", "all"], "title": "SelectionMode", "description": "Selection mode enumeration."}, "ServerOperations": {"properties": {"CREATE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch CREATE operation"}, "READ": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch READ operation"}, "UPDATE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch UPDATE operation"}, "DELETE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch DELETE operation"}, "OTHER": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch OTHER operation (those not detected)"}}, "type": "object", "title": "ServerOperations"}, "ServicesAndApplication": {"properties": {"domain": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Domain", "description": "List of domains"}, "url": {"items": {"$ref": "#/components/schemas/URLItem"}, "type": "array", "title": "Url", "description": "List of URLs"}, "genai_application": {"items": {"$ref": "#/components/schemas/GenAIApp"}, "type": "array", "title": "Genai Application", "description": "List of GenAI applications"}, "category": {"items": {"$ref": "#/components/schemas/CategoryItem"}, "type": "array", "title": "Category", "description": "List of URLF categories"}, "mode": {"anyOf": [{"$ref": "#/components/schemas/SelectionMode"}, {"type": "null"}], "description": "Whether to apply to all services and applications or to only selected ones"}}, "type": "object", "title": "ServicesAndApplication"}, "SetAccessObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "enum": ["FILE_EMULATION", "DOMAIN_SERVICES"], "title": "Feature"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetAccessObjectsRequest", "description": "Set (replace) all objects for an Access rule for a given feature."}, "SetAccessPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Complete access policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetAccessPolicyRequest", "description": "Replace the entire Access policy of a rule (full overwrite)."}, "SetChatsObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "const": "DOMAIN_SERVICES", "title": "Feature", "description": "Object feature type"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetChatsObjectsRequest", "description": "Set (replace) all objects for a Chats rule for a given feature."}, "SetChatsPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Complete Chats policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetChatsPolicyRequest", "description": "Replace the entire Chats policy of a rule (full overwrite)."}, "SetDlpTenantDataTypesRequest": {"properties": {"dataTypes": {"items": {"$ref": "#/components/schemas/DlpDataTypeReference"}, "type": "array", "title": "Datatypes", "example": [{"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90"}, {"createType": "PRE_DEFINED", "id": "d2c4411f-dd0e-495b-b856-5686e68892b4"}]}}, "type": "object", "required": ["dataTypes"], "title": "SetDlpTenantDataTypesRequest"}, "SetDlpTenantDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "id": {"type": "string", "title": "Id"}, "dataSetStatus": {"type": "string", "title": "Datasetstatus"}}, "type": "object", "required": ["status", "id", "dataSetStatus"], "title": "SetDlpTenantDataTypesResponse", "example": {"dataSetStatus": "IN_PROGRESS", "id": "bb47587c-fda0-4cb3-896e-1d359d0e3f9d", "status": "SUCCESS"}}, "SetMCPServerPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Complete Agents policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetMCPServerPolicyRequest", "description": "Replace the entire Agents policy of a rule (full overwrite)."}, "SetSecureBrowsingObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "enum": ["PROTECTED_DOMAINS", "EXCLUDE_DOMAINS"], "title": "Feature"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetSecureBrowsingObjectsRequest", "description": "Set (replace) all objects for a Secure Browsing rule for a given feature."}, "SetSecureBrowsingPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Complete Secure Browsing policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetSecureBrowsingPolicyRequest", "description": "Replace the entire Secure Browsing policy of a rule (full overwrite)."}, "SupportedFileType": {"type": "string", "enum": ["pdf", "doc", "docx", "xls", "xlsx", "ppt", "pptx", "exe", "tar", "zip", "rar", "7z", "rtf", "dot", "docm", "dotx", "dotm", "xlt", "xlm", "xltx", "xlsm", "xltm", "xlsb", "xla", "xlam", "xll", "xlw", "pps", "pptm", "potx", "potm", "ppam", "ppsx", "ppsm", "sldx", "sldm", "csv", "scr", "swf", "jar", "cab", "tgz", "pif", "gz", "bz2", "tbz2", "tb2", "tbz", "com", "xz", "cpl", "dll", "lnk", "img", "iso", "wim", "arj", "bat", "ps1", "hwp", "iqy", "slk", "udf", "uue", "pkg", "msi", "msg", "o", "dylib", "app", "dmg", "qcow2", "sh", "one", "xar", "wsf", "aspx"], "title": "SupportedFileType"}, "ThreatPreventionAction": {"type": "string", "enum": ["detect", "prevent", "ask", "off"], "title": "ThreatPreventionAction", "description": "Actions for threat prevention features."}, "Tooling": {"properties": {"match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchToolsMode"}, {"type": "null"}], "description": "Match mode for tools: tools_include, tools_exclude, operations, all"}, "tools": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPToolItem"}, "type": "array"}, {"type": "null"}], "title": "Tools", "description": "List of tools for matching"}, "operations": {"anyOf": [{"$ref": "#/components/schemas/ServerOperations"}, {"type": "null"}], "description": "Operations match configuration"}}, "type": "object", "title": "Tooling"}, "URLConfig": {"properties": {"url": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Url", "description": "URL of the remote server", "default": "", "examples": ["https://mcp-server.example.com/path"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/URLMatchMode"}, {"type": "null"}], "description": "Match mode for URL matching (exact_url or url_contains)", "default": "exact_url"}}, "type": "object", "title": "URLConfig"}, "URLFCategory": {"type": "integer", "enum": [1, 3, 5, 7, 11, 12, 15, 32, 21, 24, 25, 0, 34, 35, 37, 39, 41, 42, 45, 47, 49, 51, 53, 54, 58, 59, 60, 68, 69, 71, 72, 74, 75, 76, 51000001, 51000002, 52000130, 50000032, 52000132, 60517663, 60530541, 60530542, 60530648, 31, 55, 65, 66, 67, 77, 51000003, 51000004, 51000005, 52000038, 60530540, 9, 13, 14, 17, 18, 26, 33, 56, 61, 62, 70, 73, 78, 30, 52000047, 52000058, 52000069, 50000086, 23, 52000136, 52000046, 52000051, 60531762], "title": "URLFCategory", "description": "URLF Category enumeration with display names as keys and category IDs as values."}, "URLItem": {"properties": {"url": {"type": "string", "format": "uri", "title": "Url", "description": "Valid URL"}}, "type": "object", "required": ["url"], "title": "URLItem"}, "URLMatchMode": {"type": "string", "enum": ["exact_url", "url_contains"], "title": "URLMatchMode", "description": "URL matching mode enumeration for remote server URL matching.\n\nMatching modes:\n- EXACT_URL: Matches the exact full URL\n e.g., \"http://sub1.sub2.something.com/alsohere/something\"\n- URL_CONTAINS: Matches if the URL contains the specified string\n e.g., \"alsohere\" matches any URL containing \"alsohere\""}, "UnknownServerConfig": {"properties": {"args": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Args", "description": "Arguments for unknown server types", "default": "", "examples": ["--default-arg"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for args matching", "default": "exact"}}, "type": "object", "title": "UnknownServerConfig"}, "UpdateDomainsObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to update"}, "name": {"anyOf": [{"type": "string", "maxLength": 255, "minLength": 1}, {"type": "null"}], "title": "Name", "description": "New display name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "New description"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/DomainsObject"}, {"type": "null"}], "description": "New domain list; replaces the existing list entirely"}}, "type": "object", "required": ["object_id"], "title": "UpdateDomainsObjectRequest", "description": "Update an existing domains object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing domain list entirely."}, "UpdateFileProtectionObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to update"}, "name": {"anyOf": [{"type": "string", "maxLength": 255, "minLength": 1}, {"type": "null"}], "title": "Name", "description": "New display name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "New description"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/FileProtectionObject"}, {"type": "null"}], "description": "New file protection configuration; replaces the existing settings entirely"}}, "type": "object", "required": ["object_id"], "title": "UpdateFileProtectionObjectRequest", "description": "Update an existing file-protection object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing configuration entirely."}, "UpdateObjectResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/ObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "UpdateObjectResponse", "description": "Response after updating an object (returns metadata only)."}, "ValidationError": {"properties": {"loc": {"items": {"anyOf": [{"type": "string"}, {"type": "integer"}]}, "type": "array", "title": "Location"}, "msg": {"type": "string", "title": "Message"}, "type": {"type": "string", "title": "Error Type"}, "input": {"title": "Input"}, "ctx": {"type": "object", "title": "Context"}}, "type": "object", "required": ["loc", "msg", "type"], "title": "ValidationError"}, "Asset": {"properties": {"device": {"$ref": "#/components/schemas/Device"}, "user": {"anyOf": [{"$ref": "#/components/schemas/User"}, {"type": "null"}]}, "ping": {"anyOf": [{"$ref": "#/components/schemas/Ping"}, {"type": "null"}]}, "deployment": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/ModuleDeploymentData"}, "propertyNames": {"$ref": "#/components/schemas/ModuleEnum"}, "type": "object"}, {"type": "null"}], "title": "Deployment"}, "policy": {"anyOf": [{"additionalProperties": {"additionalProperties": {"$ref": "#/components/schemas/PolicyTypeData"}, "propertyNames": {"$ref": "#/components/schemas/PolicyType"}, "type": "object"}, "propertyNames": {"$ref": "#/components/schemas/RequestSource"}, "type": "object"}, {"type": "null"}], "title": "Policy"}, "status": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/HealthStatus"}, "propertyNames": {"$ref": "#/components/schemas/StatusComponent"}, "type": "object"}, {"type": "null"}], "title": "Status"}, "environment": {"anyOf": [{"$ref": "#/components/schemas/EnvironmentData"}, {"type": "null"}]}}, "type": "object", "required": ["device"], "title": "Asset", "description": "Complete asset with optional joined domains."}, "AssetsCountRequest": {"properties": {"filters": {"items": {"$ref": "#/components/schemas/FilterCondition"}, "type": "array", "title": "Filters", "description": "Filter conditions"}, "search": {"anyOf": [{"$ref": "#/components/schemas/SearchParams"}, {"type": "null"}], "description": "Free text search for device name or user name"}}, "type": "object", "title": "AssetsCountRequest", "description": "Request for querying assets count with optional filters."}, "AssetsCountResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "count": {"type": "integer", "title": "Count"}, "filters_applied": {"type": "integer", "title": "Filters Applied", "description": "Number of filters that were applied"}}, "type": "object", "required": ["tenant_id", "count", "filters_applied"], "title": "AssetsCountResponse", "description": "Response for count queries."}, "AssetsPagination": {"properties": {"limit": {"type": "integer", "maximum": 1000.0, "minimum": 1.0, "title": "Limit", "description": "Number of items per page (max: 1000)", "default": 50}, "offset": {"type": "integer", "minimum": 0.0, "title": "Offset", "description": "Number of items to skip", "default": 0}}, "type": "object", "title": "AssetsPagination", "description": "Pagination parameters."}, "AssetsRequest": {"properties": {"joins": {"items": {"$ref": "#/components/schemas/JoinDomain"}, "type": "array", "title": "Joins", "description": "Domains to join"}, "filters": {"items": {"$ref": "#/components/schemas/FilterCondition"}, "type": "array", "title": "Filters", "description": "Filter conditions"}, "sort": {"items": {"$ref": "#/components/schemas/SortCondition"}, "type": "array", "title": "Sort", "description": "Sort conditions"}, "pagination": {"$ref": "#/components/schemas/AssetsPagination", "description": "Pagination parameters"}, "search": {"anyOf": [{"$ref": "#/components/schemas/SearchParams"}, {"type": "null"}], "description": "Free text search for device name or user name"}}, "type": "object", "title": "AssetsRequest", "description": "Request for querying assets with explicit joins."}, "AssetsResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "assets": {"items": {"$ref": "#/components/schemas/Asset"}, "type": "array", "title": "Assets"}, "limit": {"type": "integer", "title": "Limit"}, "offset": {"type": "integer", "title": "Offset"}}, "type": "object", "required": ["tenant_id", "assets", "limit", "offset"], "title": "AssetsResponse", "description": "Response with assets and pagination metadata."}, "Device": {"properties": {"device_unique_id": {"type": "string", "format": "uuid", "title": "Device Unique Id", "description": "Unique device identifier"}, "name": {"type": "string", "title": "Name", "description": "Device name (unique per tenant)"}, "device_sid": {"type": "string", "title": "Device Sid", "description": "Device SID"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Created timestamp"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Updated timestamp"}}, "type": "object", "required": ["device_unique_id", "name", "device_sid", "created_at", "updated_at"], "title": "Device", "description": "External-safe twin of GlobalDevice."}, "DeviceTypeEnum": {"type": "string", "enum": ["Laptop", "Desktop", "Workstation", "unknown"], "title": "DeviceTypeEnum"}, "EnvironmentData": {"properties": {"device_type": {"anyOf": [{"$ref": "#/components/schemas/DeviceTypeEnum"}, {"type": "null"}], "description": "Device type (laptop, desktop, etc.)"}, "os": {"anyOf": [{"$ref": "#/components/schemas/OSEnum"}, {"type": "null"}], "description": "Operating system"}, "os_version": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Os Version", "description": "Operating system version"}, "ip": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Ip", "description": "Device IP address (IPv4 or IPv6)"}}, "type": "object", "title": "EnvironmentData", "description": "External-safe twin of EnvironmentData."}, "FilterCondition": {"properties": {"field": {"$ref": "#/components/schemas/FilterableField", "description": "Field to filter on"}, "operator": {"$ref": "#/components/schemas/FilterOperator", "description": "Filter operator"}, "value": {"anyOf": [{}, {"type": "null"}], "title": "Value", "description": "Single value (for equals, contains, gte, lte)"}, "values": {"anyOf": [{"items": {}, "type": "array"}, {"type": "null"}], "title": "Values", "description": "List of values (for in, between)"}}, "type": "object", "required": ["field", "operator"], "title": "FilterCondition", "description": "Filter condition on a single asset field."}, "FilterOperator": {"type": "string", "enum": ["equals", "in", "contains", "gte", "lte", "between"], "title": "FilterOperator", "description": "Filter operators for different field types."}, "FilterableField": {"type": "string", "enum": ["device_name", "device_sid", "device_created_at", "device_updated_at", "user_name", "user_display_name", "user_samname", "user_created_at", "user_updated_at", "last_connected", "os", "os_version", "device_type", "ip", "installer_version", "chrome_extension_version", "firefox_extension_version", "edge_extension_version", "brave_extension_version", "mcp_version", "proxy_version"], "title": "FilterableField", "description": "Fields available for filtering and sorting assets.\n\nEach value maps to an internal DB field path (see FIELD_TO_INTERNAL_PATH).\nOnly the listed fields can be used in filter/sort conditions."}, "HealthStatus": {"type": "string", "enum": ["healthy", "unhealthy"], "title": "HealthStatus", "description": "Component health derived from status code: healthy when code == 0, unhealthy otherwise."}, "JoinDomain": {"type": "string", "enum": ["users", "pings", "deployment", "policy", "status", "environment"], "title": "JoinDomain", "description": "Available domains to join with devices table."}, "ModuleDeploymentData": {"properties": {"version": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Version", "description": "Current version"}}, "type": "object", "title": "ModuleDeploymentData", "description": "External-safe twin of ModuleDeploymentData \u2014 exposes version only."}, "ModuleEnum": {"type": "string", "enum": ["chrome", "firefox", "edge", "brave", "comet", "safari", "surf", "mcp", "proxy", "da"], "title": "ModuleEnum"}, "OSEnum": {"type": "string", "enum": ["Windows", "macOS", "Linux"], "title": "OSEnum", "description": "Operating system enumeration"}, "Ping": {"properties": {"last_connected": {"type": "string", "format": "date-time", "title": "Last Connected", "description": "Last connection timestamp"}}, "type": "object", "required": ["last_connected"], "title": "Ping", "description": "External-safe twin of PingData."}, "PolicyTypeData": {"properties": {"rulebase_version": {"type": "integer", "title": "Rulebase Version", "description": "Version of the rulebase"}}, "type": "object", "required": ["rulebase_version"], "title": "PolicyTypeData", "description": "Policy rulebase version for a given policy type."}, "PolicyType": {"type": "string", "enum": ["chats", "access", "agents", "browse_securing"], "title": "PolicyType", "description": "External-facing policy types with consumer-friendly names."}, "RequestSource": {"type": "string", "enum": ["device", "edge", "chrome", "firefox", "brave", "comet", "safari", "surf", "na"], "title": "RequestSource"}, "SearchParams": {"properties": {"term": {"type": "string", "title": "Term", "description": "Search term to match"}, "case_sensitive": {"type": "boolean", "title": "Case Sensitive", "description": "Whether search is case-sensitive (default: False for case-insensitive)", "default": false}, "match_anywhere": {"type": "boolean", "title": "Match Anywhere", "description": "Whether to match anywhere in text (True) or only at the beginning (False, default)", "default": false}}, "type": "object", "required": ["term"], "title": "SearchParams", "description": "Free text search parameters for device name and user name."}, "SortCondition": {"properties": {"field": {"$ref": "#/components/schemas/FilterableField", "description": "Field to sort by"}, "order": {"$ref": "#/components/schemas/SortOrder", "description": "Sort order", "default": "desc"}}, "type": "object", "required": ["field"], "title": "SortCondition", "description": "Sort condition on a single asset field."}, "SortOrder": {"type": "string", "enum": ["asc", "desc"], "title": "SortOrder"}, "StatusComponent": {"type": "string", "enum": ["proxy_health", "mcp_health"], "title": "StatusComponent", "description": "External-facing subset of status components exposed to API consumers."}, "User": {"properties": {"user_unique_id": {"type": "string", "format": "uuid", "title": "User Unique Id", "description": "Unique user identifier"}, "name": {"type": "string", "title": "Name", "description": "User name"}, "display_name": {"type": "string", "title": "Display Name", "description": "Display name"}, "samname": {"type": "string", "title": "Samname", "description": "SAM account name (unique per tenant)"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Created timestamp"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Updated timestamp"}}, "type": "object", "required": ["user_unique_id", "name", "display_name", "samname", "created_at", "updated_at"], "title": "User", "description": "External-safe twin of GlobalUser."}, "UserItem": {"properties": {"user_unique_id": {"type": "string", "format": "uuid", "title": "User Unique Id", "description": "Unique user identifier"}, "name": {"type": "string", "title": "Name", "description": "User name (CN path)"}, "display_name": {"type": "string", "title": "Display Name", "description": "Display name"}, "samname": {"type": "string", "title": "Samname", "description": "SAM account name"}}, "type": "object", "required": ["user_unique_id", "name", "display_name", "samname"], "title": "UserItem", "description": "External-safe user item."}, "UsersByIdsRequest": {"properties": {"user_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "maxItems": 500, "minItems": 1, "title": "User Ids", "description": "Array of user unique IDs (max: 500)"}}, "type": "object", "required": ["user_ids"], "title": "UsersByIdsRequest", "description": "Request for getting users by an array of IDs."}, "UsersByIdsResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "users": {"items": {"$ref": "#/components/schemas/UserItem"}, "type": "array", "title": "Users"}}, "type": "object", "required": ["tenant_id", "users"], "title": "UsersByIdsResponse", "description": "Response with users by IDs."}, "UsersPagination": {"properties": {"limit": {"type": "integer", "maximum": 100.0, "minimum": 1.0, "title": "Limit", "description": "Number of items per page (max: 100)", "default": 50}, "offset": {"type": "integer", "minimum": 0.0, "title": "Offset", "description": "Number of items to skip", "default": 0}}, "type": "object", "title": "UsersPagination", "description": "Pagination parameters for users (max 100 per page)."}, "UsersRequest": {"properties": {"search": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Search", "description": "Search term for case-insensitive match on user name and display name"}, "pagination": {"$ref": "#/components/schemas/UsersPagination", "description": "Pagination parameters"}}, "type": "object", "title": "UsersRequest", "description": "Request for querying users."}, "UsersResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "users": {"items": {"$ref": "#/components/schemas/UserItem"}, "type": "array", "title": "Users"}, "limit": {"type": "integer", "title": "Limit"}, "offset": {"type": "integer", "title": "Offset"}}, "type": "object", "required": ["tenant_id", "users", "limit", "offset"], "title": "UsersResponse", "description": "Response with users and pagination metadata."}, "AppResult": {"properties": {"app_id": {"type": "integer", "title": "App Id", "description": "Unique app identifier"}, "name": {"type": "string", "title": "Name", "description": "App name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "App description"}, "page_url": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Page Url", "description": "App page URL"}}, "type": "object", "required": ["app_id", "name"], "title": "AppResult", "description": "A single app result with minimal fields."}, "AppSearchRequest": {"properties": {"search": {"type": "string", "maxLength": 200, "minLength": 1, "title": "Search", "description": "Search term"}, "search_by": {"$ref": "#/components/schemas/SearchBy", "description": "Search mode: name, name_and_description, or url", "default": "name"}}, "type": "object", "required": ["search"], "title": "AppSearchRequest", "description": "Request for searching GenAI apps."}, "AppSearchResponse": {"properties": {"results": {"items": {"$ref": "#/components/schemas/AppResult"}, "type": "array", "title": "Results", "description": "Matching apps (max 10)"}}, "type": "object", "title": "AppSearchResponse", "description": "Response with matching apps (max 10)."}, "AppsByIdsRequest": {"properties": {"ids": {"items": {"type": "integer"}, "type": "array", "maxItems": 100, "minItems": 1, "title": "Ids", "description": "Array of app IDs (max: 100)"}}, "type": "object", "required": ["ids"], "title": "AppsByIdsRequest", "description": "Request for getting apps by an array of IDs."}, "AppsByIdsResponse": {"properties": {"results": {"items": {"$ref": "#/components/schemas/AppResult"}, "type": "array", "title": "Results", "description": "Matching apps"}}, "type": "object", "title": "AppsByIdsResponse", "description": "Response with apps by IDs."}, "SearchBy": {"type": "string", "enum": ["name", "name_and_description", "url"], "title": "SearchBy"}}, "securitySchemes": {"HTTPBearer": {"type": "http", "scheme": "bearer"}}}} \ No newline at end of file diff --git a/sdk_generator/resources/specs/main/swagger.json b/sdk_generator/resources/specs/main/swagger.json index 9d7f5ec..624f054 100644 --- a/sdk_generator/resources/specs/main/swagger.json +++ b/sdk_generator/resources/specs/main/swagger.json @@ -1 +1 @@ -{"openapi": "3.1.0", "info": {"title": "Check Point AI Security API", "description": "Unified API for Check Point AI Security \u2014 policy management and asset visibility.\n\n## Authentication\nAll endpoints require a valid CloudInfra JWT token passed as a Bearer token in the `Authorization` header.\n\n### Obtaining a JWT Token\n1. Go to the [Infinity Portal API Keys page](https://portal.checkpoint.com/dashboard/settings/api-keys).\n2. Click **New** \u2192 **New Account API Key**.\n3. In the **Service** dropdown select **Workforce AI Security** and create the key.\n4. Use the generated API key to obtain a JWT token from CloudInfra.\n5. Include the JWT in every request:\n ```\n Authorization: Bearer \n ```\n\n## Rate Limiting\nDefault limits vary per endpoint group. Exceeding any limit results in a 5-minute block period.\n", "version": "1.0.2"}, "servers": [{"url": "https://cloudinfra-gw.portal.checkpoint.com", "description": "Europe Region"}, {"url": "https://cloudinfra-gw-us.portal.checkpoint.com", "description": "United States Region"}], "paths": {"/app/genai-protect-policy/external/v1/chats/rulebase": {"get": {"tags": ["Chats Policy"], "summary": "Get the Chats rulebase with all rules and version", "operationId": "get_chats_rulebase_external_v1_chats_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/chats/rule": {"post": {"tags": ["Chats Policy"], "summary": "Create a Chats rule", "operationId": "add_chats_rule_external_v1_chats_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddChatsRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/chats/rule/set-policy": {"put": {"tags": ["Chats Policy"], "summary": "Replace the entire policy of a Chats rule", "operationId": "set_chats_policy_external_v1_chats_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetChatsPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Chats Policy External V1 Chats Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/chats/rule/patch-policy": {"patch": {"tags": ["Chats Policy"], "summary": "Partially update the policy of a Chats rule (deep merge)", "operationId": "patch_chats_policy_external_v1_chats_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchChatsPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Chats Policy External V1 Chats Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/ai-access/rulebase": {"get": {"tags": ["AI Access Policy"], "summary": "Get the AI Access rulebase with all rules and version", "operationId": "get_ai_access_rulebase_external_v1_ai_access_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/ai-access/rule": {"post": {"tags": ["AI Access Policy"], "summary": "Create an AI Access rule", "operationId": "add_ai_access_rule_external_v1_ai_access_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddAccessRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/ai-access/rule/set-policy": {"put": {"tags": ["AI Access Policy"], "summary": "Replace the entire AI Access policy of a rule", "operationId": "set_ai_access_policy_external_v1_ai_access_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetAccessPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Ai Access Policy External V1 Ai Access Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/ai-access/rule/patch-policy": {"patch": {"tags": ["AI Access Policy"], "summary": "Partially update the AI Access policy of a rule (deep merge)", "operationId": "patch_ai_access_policy_external_v1_ai_access_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchAccessPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Ai Access Policy External V1 Ai Access Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/agents/rulebase": {"get": {"tags": ["Agents Policy"], "summary": "Get the Agents rulebase with all rules and version", "operationId": "get_agents_rulebase_external_v1_agents_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/agents/rule": {"post": {"tags": ["Agents Policy"], "summary": "Create an Agents rule", "operationId": "add_agents_rule_external_v1_agents_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddMCPServerRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/agents/rule/set-policy": {"put": {"tags": ["Agents Policy"], "summary": "Replace the entire policy of an Agents rule", "operationId": "set_agents_policy_external_v1_agents_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetMCPServerPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Agents Policy External V1 Agents Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/agents/rule/patch-policy": {"patch": {"tags": ["Agents Policy"], "summary": "Partially update the policy of an Agents rule (deep merge)", "operationId": "patch_agents_policy_external_v1_agents_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchMCPServerPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Agents Policy External V1 Agents Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/set-info": {"put": {"tags": ["Rulebase"], "summary": "Update rule display info (name, description)", "operationId": "set_rule_info_external_v1_rules_set_info_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetInfoRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Rule Info External V1 Rules Set Info Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/reorder": {"put": {"tags": ["Rulebase"], "summary": "Change a rule's priority position in the rulebase", "operationId": "reorder_rule_external_v1_rules_reorder_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonReorderRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Reorder Rule External V1 Rules Reorder Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/set-source": {"put": {"tags": ["Rulebase"], "summary": "Replace the user/group source of a rule", "operationId": "set_source_external_v1_rules_set_source_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetSourceRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Source External V1 Rules Set Source Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/set-active": {"put": {"tags": ["Rulebase"], "summary": "Enable or disable a rule without deleting it", "operationId": "set_active_external_v1_rules_set_active_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetActiveRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Active External V1 Rules Set Active Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/{rule_id}": {"delete": {"tags": ["Rulebase"], "summary": "Permanently delete a rule from the rulebase", "operationId": "delete_rule_external_v1_rules__rule_id__delete", "security": [{"HTTPBearer": []}], "parameters": [{"name": "rule_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Rule Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonDeleteRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/predefined": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all predefined DLP datatypes", "operationId": "get_predefined_datatypes_external_v1_dlp_datatypes_predefined_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/custom": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all custom DLP datatypes", "operationId": "get_custom_datatypes_external_v1_dlp_datatypes_custom_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/all": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all DLP datatypes (predefined and custom)", "operationId": "get_all_datatypes_external_v1_dlp_datatypes_all_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes": {"get": {"tags": ["DLP Datatypes"], "summary": "Get DLP datatypes for tenant", "operationId": "get_datatypes_external_v1_dlp_datatypes_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpTenantDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}, "post": {"tags": ["DLP Datatypes"], "summary": "Set DLP datatypes for tenant", "operationId": "set_datatypes_external_v1_dlp_datatypes_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetDlpTenantDataTypesRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetDlpTenantDataTypesResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/installation/status": {"get": {"tags": ["DLP Datatypes"], "summary": "Get data type installation status", "operationId": "get_installation_status_route_external_v1_dlp_datatypes_installation_status_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DataTypeInstallationResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/installation/retry": {"post": {"tags": ["DLP Datatypes"], "summary": "Retry data type installation", "operationId": "retry_installation_route_external_v1_dlp_datatypes_installation_retry_post", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DataTypeInstallationResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-assets/external/v1/assets": {"post": {"tags": ["Deployment Status"], "summary": "Query assets with domain joins, filters and pagination", "operationId": "query_assets_external_v1_assets_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-assets/external/v1/assets/count": {"post": {"tags": ["Deployment Status"], "summary": "Get count of assets matching filters", "operationId": "get_assets_count_external_v1_assets_count_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsCountRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsCountResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-assets/external/v1/users": {"post": {"tags": ["Users"], "summary": "Query users with pagination and search", "operationId": "query_users_external_v1_users_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-assets/external/v1/users/by-ids": {"post": {"tags": ["Users"], "summary": "Get users by array of IDs", "operationId": "get_users_by_ids_endpoint_external_v1_users_by_ids_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersByIdsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersByIdsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-apps/external/v1/apps/search": {"post": {"tags": ["Apps Catalog"], "summary": "Search GenAI apps by name, name, description, or URL", "operationId": "search_apps_external_v1_apps_search_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppSearchRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppSearchResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-apps/external/v1/apps/by-ids": {"post": {"tags": ["Apps Catalog"], "summary": "Get GenAI apps by array of IDs", "operationId": "get_apps_by_ids_external_v1_apps_by_ids_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppsByIdsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppsByIdsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}}, "components": {"schemas": {"AccessPolicy": {"properties": {"services_and_application": {"anyOf": [{"$ref": "#/components/schemas/ServicesAndApplication"}, {"type": "null"}], "description": "Services and application configuration"}, "action": {"anyOf": [{"type": "string", "enum": ["block", "allow", "ask"]}, {"type": "null"}], "title": "Action", "description": "Action to take for access control"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}, "download_file_protection": {"anyOf": [{"$ref": "#/components/schemas/FileDownloadActionSupported"}, {"type": "null"}], "description": "File download protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules."}, "upload_file_protection": {"anyOf": [{"$ref": "#/components/schemas/FileUploadActionSupported"}, {"type": "null"}], "description": "File upload protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules."}}, "type": "object", "title": "AccessPolicy"}, "Account": {"properties": {"account_id": {"type": "string", "title": "Account Id", "description": "Account identifier"}}, "type": "object", "required": ["account_id"], "title": "Account", "description": "External-safe twin of Account."}, "AccountSelectionMode": {"type": "string", "enum": ["all", "selected_account"], "title": "AccountSelectionMode", "description": "Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."}, "AddAccessRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Access control policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddAccessRuleRequest", "description": "Create a new Access rule.\n\nAccess rules control which AI services and applications users are allowed\nto interact with, including allow/block decisions per service."}, "AddChatsRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Chats policy configuration for chat interactions"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddChatsRuleRequest", "description": "Create a new Chats rule.\n\nChats rules control data-loss-prevention for AI chat interactions:\nprompt/response inspection, sensitive-data detection, and file transfer policies."}, "AddMCPServerRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Agents policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddMCPServerRuleRequest", "description": "Create a new Agents rule.\n\nAgents rules govern agent interactions, including which tools\nagents can invoke and what access controls apply to agent operations."}, "AddRuleResponse": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "The UUID of the newly created rule"}, "name": {"type": "string", "title": "Name", "description": "The name of the newly created rule"}}, "type": "object", "required": ["rule_id", "name"], "title": "AddRuleResponse", "description": "Response returned after creating a rule."}, "AddSecureBrowsingRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Secure Browsing policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddSecureBrowsingRuleRequest", "description": "Create a new Secure Browsing rule.\n\nSecure Browsing rules define threat-prevention policies for web browsing:\nphishing protection, password-reuse detection, and domain-based filtering."}, "AgentsPolicy": {"properties": {"action": {"anyOf": [{"type": "string", "enum": ["block", "allow", "ask"]}, {"type": "null"}], "title": "Action", "description": "Action to take for MCP server"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}, "clients": {"anyOf": [{"$ref": "#/components/schemas/MCPClients"}, {"type": "null"}], "description": "Desktop clients selection"}, "servers": {"anyOf": [{"$ref": "#/components/schemas/MCPServers"}, {"type": "null"}], "description": "MCP servers configuration"}, "tooling": {"anyOf": [{"$ref": "#/components/schemas/Tooling"}, {"type": "null"}], "description": "Tooling configuration for MCP"}}, "type": "object", "title": "AgentsPolicy"}, "Assignment": {"properties": {"assignment_id": {"type": "string", "format": "uuid", "title": "Assignment Id", "description": "ID of the user or group. Ignored when assignment_type is ENTIRE_ORG (auto-set to 00000000-0000-0000-0000-000000000000)."}, "display_name": {"type": "string", "title": "Display Name", "description": "Human-readable name of the user or group"}, "assignment_type": {"$ref": "#/components/schemas/AssignmentType", "description": "Whether this is a user, group, or entire-org assignment"}}, "type": "object", "required": ["assignment_id", "display_name", "assignment_type"], "title": "Assignment", "description": "External-safe twin of Assignment."}, "AssignmentType": {"type": "string", "enum": ["ASSIGNMENT_TYPE_USER", "ASSIGNMENT_TYPE_GROUP", "ASSIGNMENT_TYPE_ENTIRE_ORG"], "title": "AssignmentType"}, "AttachAccessObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "enum": ["FILE_EMULATION", "DOMAIN_SERVICES"], "title": "Feature", "description": "Object feature type; Access rules support FILE_EMULATION and DOMAIN_SERVICES"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachAccessObjectsRequest", "description": "Attach reusable objects to an Access rule.\n\nAccess rules support FILE_EMULATION objects (file scanning/emulation settings)\nand DOMAIN_SERVICES objects (domain allow/block lists)."}, "AttachChatsObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "const": "DOMAIN_SERVICES", "title": "Feature", "description": "Object feature type; Chats rules only support DOMAIN_SERVICES"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachChatsObjectsRequest", "description": "Attach reusable objects to a Chats rule.\n\nChats rules support DOMAIN_SERVICES objects (domain allow/block lists\napplied during chat interactions)."}, "AttachSecureBrowsingObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "enum": ["PROTECTED_DOMAINS", "EXCLUDE_DOMAINS"], "title": "Feature", "description": "Object feature type; Secure Browsing supports PROTECTED_DOMAINS and EXCLUDE_DOMAINS"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachSecureBrowsingObjectsRequest", "description": "Attach reusable objects to a Secure Browsing rule.\n\nSecure Browsing rules support PROTECTED_DOMAINS (domains where threat\nprevention is enforced) and EXCLUDE_DOMAINS (domains exempted from scanning)."}, "CategoryItem": {"properties": {"category_id": {"$ref": "#/components/schemas/URLFCategory", "description": "Category ID from the supported URLF categories. The following categories are available:\n\n| Category | ID |\n|---|---|\n| Uncategorized | 0 |\n| Computers & Internet | 1 |\n| Education | 3 |\n| Entertainment | 5 |\n| Financial Services | 7 |\n| Gambling | 9 |\n| Government / Military | 11 |\n| Greeting Cards | 12 |\n| Hacking | 13 |\n| Hate / Racism | 14 |\n| Health | 15 |\n| Illegal / Questionable | 17 |\n| Illegal Drugs | 18 |\n| Job Search / Careers | 21 |\n| Media Streams | 23 |\n| News / Media | 24 |\n| Newsgroups / Forums | 25 |\n| Nudity | 26 |\n| Personals / Dating | 30 |\n| Phishing | 31 |\n| Political / Legal | 32 |\n| Pornography | 33 |\n| Real Estate | 34 |\n| Recreation | 35 |\n| Religion | 37 |\n| Restaurants / Dining / Food | 39 |\n| Sex Education | 41 |\n| Shopping | 42 |\n| Alcohol / Tobacco | 45 |\n| Art / Culture | 47 |\n| Blogs / Personal Pages | 49 |\n| Business / Economy | 51 |\n| Software Downloads | 53 |\n| Sports | 54 |\n| Spyware / Malicious Sites | 55 |\n| Tasteless | 56 |\n| Translation | 58 |\n| Travel | 59 |\n| Vehicles | 60 |\n| Violence | 61 |\n| Weapons | 62 |\n| Botnets | 65 |\n| Spam | 66 |\n| Inactive Sites | 67 |\n| Fashion | 68 |\n| Non-Profits / NGOs | 69 |\n| Sex | 70 |\n| General | 71 |\n| Nature / Conservation | 72 |\n| Child Abuse | 73 |\n| URL Filtering | 74 |\n| Lifestyle | 75 |\n| Lingerie / Swimsuit / Suggestive | 76 |\n| Suspicious Content | 77 |\n| Marijuana | 78 |\n| Web Advertisements | 50000032 |\n| Instant Chat | 50000086 |\n| Very Low Risk | 51000001 |\n| Low Risk | 51000002 |\n| Medium Risk | 51000003 |\n| High Risk | 51000004 |\n| Critical Risk | 51000005 |\n| Anonymizer | 52000038 |\n| P2P File Sharing | 52000046 |\n| Instant Messaging | 52000047 |\n| Media Sharing | 52000051 |\n| Games | 52000058 |\n| Social Networking | 52000069 |\n| Email | 52000130 |\n| Search Engines / Portals | 52000132 |\n| File Storage / Sharing | 52000136 |\n| Keyloggers | 60530540 |\n| Occult | 60530541 |\n| Hosting Sites | 60530542 |\n| DDNS / Dynamic DNS | 60530648 |\n| Artificial Intelligence (AI) | 60517663 |\n| Generative AI Tools | 60531762 |\n\n**Note:** GenAI rules only allow category 60531762 (Generative AI Tools), used as \"Any AI tool\". Browse rules can use any *other* category."}}, "type": "object", "required": ["category_id"], "title": "CategoryItem"}, "ChatsPolicy": {"properties": {"event_type": {"anyOf": [{"$ref": "#/components/schemas/DLPEventType"}, {"type": "null"}], "description": "Type of event to apply DLP policy on"}, "services_and_application": {"anyOf": [{"$ref": "#/components/schemas/ServicesAndApplication"}, {"type": "null"}], "description": "Services and application configuration"}, "data_types": {"anyOf": [{"items": {"$ref": "#/components/schemas/DataType"}, "type": "array"}, {"type": "null"}], "title": "Data Types", "description": "DLP Data types"}, "action": {"anyOf": [{"type": "string", "enum": ["prevent", "ask", "redact", "detect", "allow", "block"]}, {"type": "null"}], "title": "Action", "description": "Action to take when DLP rule is triggered"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}}, "type": "object", "title": "ChatsPolicy"}, "ClaudeExtensionsConfig": {"properties": {"extension_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Extension Name", "description": "Extension name from manifest.json", "default": "", "examples": ["chrome-control"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for extension_name matching", "default": "exact"}}, "type": "object", "title": "ClaudeExtensionsConfig"}, "CommonDeleteRuleResponse": {"properties": {"message": {"type": "string", "title": "Message"}, "rule_id": {"type": "string", "title": "Rule Id"}, "name": {"type": "string", "title": "Name"}}, "type": "object", "required": ["message", "rule_id", "name"], "title": "CommonDeleteRuleResponse", "description": "Confirmation of rule deletion."}, "CommonReorderRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to reorder"}, "new_order": {"type": "integer", "title": "New Order", "description": "Target position in the rulebase (1-based). Lower values = higher priority = evaluated first"}}, "type": "object", "required": ["rule_id", "new_order"], "title": "CommonReorderRequest", "description": "Move a rule to a new position in the rulebase.\n\nOther rules in the same rulebase are shifted automatically to accommodate."}, "CommonSetActiveRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "active": {"type": "boolean", "title": "Active", "description": "True to enforce the rule, false to skip it during evaluation"}}, "type": "object", "required": ["rule_id", "active"], "title": "CommonSetActiveRequest", "description": "Enable or disable a rule without deleting it.\n\nInactive rules remain in the rulebase but are skipped during policy evaluation."}, "CommonSetInfoRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "name": {"type": "string", "title": "Name", "description": "New human-readable name for the rule"}, "description": {"type": "string", "title": "Description", "description": "New description of the rule's purpose"}}, "type": "object", "required": ["rule_id", "name", "description"], "title": "CommonSetInfoRequest", "description": "Update a rule's display information without changing its policy or assignments."}, "CommonSetSourceRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Complete list of user/group source entries; replaces all existing entries"}}, "type": "object", "required": ["rule_id", "source"], "title": "CommonSetSourceRequest", "description": "Replace the full source list of a rule.\n\nSource entries determine which users or groups the rule applies to.\nAn empty list means the rule applies to everyone in the tenant."}, "CreateDomainsObjectRequest": {"properties": {"name": {"type": "string", "maxLength": 255, "minLength": 1, "title": "Name", "description": "Display name for the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Explanation of what this object is used for", "default": ""}, "object_data": {"$ref": "#/components/schemas/DomainsObject", "description": "Domain list configuration (up to 200 domain entries)"}}, "type": "object", "required": ["name", "object_data"], "title": "CreateDomainsObjectRequest", "description": "Create a new domains object.\n\nDomains objects contain a list of domain entries used for domain-based\nfiltering in rules (e.g. protected domains, excluded domains, service domains)."}, "CreateFileProtectionObjectRequest": {"properties": {"name": {"type": "string", "maxLength": 255, "minLength": 1, "title": "Name", "description": "Display name for the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Explanation of what this object is used for", "default": ""}, "object_data": {"$ref": "#/components/schemas/FileProtectionObject", "description": "File protection settings: upload/download actions, size limits, fail-close behavior, and per-file-type overrides"}}, "type": "object", "required": ["name", "object_data"], "title": "CreateFileProtectionObjectRequest", "description": "Create a new file-protection object.\n\nFile-protection objects define scanning and emulation behavior for file\nuploads and downloads, including per-file-type action overrides and size limits."}, "CreateObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "The UUID of the newly created object"}}, "type": "object", "required": ["object_id"], "title": "CreateObjectResponse", "description": "Response returned after creating an object."}, "DLPEventType": {"type": "string", "enum": ["file_upload", "file_download", "paste", "prompt", "copy"], "title": "DLPEventType"}, "DLPType": {"type": "string", "enum": ["PRE_DEFINED", "CUSTOM"], "title": "DLPType"}, "DataType": {"properties": {"id": {"type": "string", "format": "uuid", "title": "Id", "description": "UUID of the data type", "default": "", "examples": ["cf0523c1-537e-4a4b-8bb8-084b7b9e0b45"]}, "name": {"type": "string", "title": "Name", "description": "Display name of the data type", "default": "", "examples": ["American Express Travelers Cheques Number"]}, "type": {"$ref": "#/components/schemas/DLPType", "description": "Type of the data type", "default": "PRE_DEFINED"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel", "description": "Matching level for the data type"}}, "type": "object", "title": "DataType"}, "DataTypeInstallationResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "status": {"$ref": "#/components/schemas/InstallationStatus"}, "data_types_count": {"type": "integer", "title": "Data Types Count"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At"}}, "type": "object", "required": ["tenant_id", "status", "data_types_count", "updated_at"], "title": "DataTypeInstallationResponse", "description": "Response model for data type installation status."}, "DeleteObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to delete"}}, "type": "object", "required": ["object_id"], "title": "DeleteObjectRequest", "description": "Delete a policy object.\n\nDeletion will fail with 409 Conflict if the object is currently attached\nto one or more rules. Detach it from all rules first."}, "DetachObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to detach objects from"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to remove from the rule"}}, "type": "object", "required": ["rule_id", "object_ids"], "title": "DetachObjectsRequest", "description": "Remove objects from a rule. Works across all rule types that support objects."}, "DlpCreateType": {"type": "string", "enum": ["PRE_DEFINED", "CUSTOM"], "title": "DlpCreateType"}, "DlpDataType": {"properties": {"id": {"type": "string", "title": "Id"}, "assetId": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Assetid"}, "objectStatus": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Objectstatus"}, "name": {"type": "string", "title": "Name"}, "type": {"type": "string", "title": "Type"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "creationTime": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Creationtime"}, "lastUpdateTime": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Lastupdatetime"}, "dataTypeTags": {"anyOf": [{"items": {"$ref": "#/components/schemas/DlpDataTypeTag"}, "type": "array"}, {"type": "null"}], "title": "Datatypetags"}, "redactSupported": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Redactsupported"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel"}, "content": {"anyOf": [{"additionalProperties": true, "type": "object"}, {"type": "null"}], "title": "Content"}, "comment": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Comment"}}, "additionalProperties": true, "type": "object", "required": ["id", "name", "type", "createType"], "title": "DlpDataType", "example": {"assetId": "3e2ed446-5d2e-4091-b561-2db1458f9791", "createType": "PRE_DEFINED", "creationTime": "2023-02-22T15:23:55.446Z", "dataTypeTags": [{"isCategory": false, "name": "Financial & Business"}], "description": "Matches American Bankers Association (ABA) Routing Transit Numbers", "id": "3e2ed446-5d2e-4091-b561-2db1458f9791", "lastUpdateTime": "2023-02-22T15:23:56.317Z", "matchingLevel": 1, "name": "ABA Transit Numbers", "objectStatus": "Normal", "redactSupported": false, "type": "PATTERN"}}, "DlpDataTypeReference": {"properties": {"id": {"type": "string", "title": "Id"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}}, "type": "object", "required": ["id", "createType"], "title": "DlpDataTypeReference", "example": {"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90"}}, "DlpDataTypeTag": {"properties": {"name": {"type": "string", "title": "Name"}, "data": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "title": "Data"}, "isCategory": {"type": "boolean", "title": "Iscategory"}}, "type": "object", "required": ["name", "isCategory"], "title": "DlpDataTypeTag", "example": {"data": ["Other"], "isCategory": true, "name": "Regulation"}}, "DlpTenantDataType": {"properties": {"id": {"type": "string", "title": "Id"}, "name": {"type": "string", "title": "Name"}, "type": {"type": "string", "title": "Type"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}, "internal": {"type": "boolean", "title": "Internal"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel"}}, "type": "object", "required": ["id", "name", "type", "createType", "internal"], "title": "DlpTenantDataType", "example": {"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90", "internal": false, "matchingLevel": 1, "name": "IP Address", "type": "GROUP"}}, "DockerGatewayConfig": {"properties": {}, "type": "object", "title": "DockerGatewayConfig"}, "DockerRunnerConfig": {"properties": {"image_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Image Name", "description": "Docker image name", "default": "", "examples": ["modelcontextprotocol/server-github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for image_name matching", "default": "exact"}}, "type": "object", "title": "DockerRunnerConfig"}, "DomainConfig": {"properties": {"domain_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Domain Name", "description": "Domain name of the remote server", "default": "", "examples": ["mcp-server.example.com", "example.com"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/DomainMatchMode"}, {"type": "null"}], "description": "Match mode for domain matching (exact_host or any_subdomain)", "default": "exact_host"}}, "type": "object", "title": "DomainConfig"}, "DomainItem": {"properties": {"domain": {"type": "string", "format": "hostname", "title": "Domain", "description": "Valid domain name or IPv4 address"}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/DomainMatchMode"}, {"type": "null"}], "description": "Match mode for domain matching (exact_host or any_subdomain)", "default": "exact_host"}}, "type": "object", "required": ["domain"], "title": "DomainItem"}, "DomainMatchMode": {"type": "string", "enum": ["exact_host", "any_subdomain"], "title": "DomainMatchMode", "description": "Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."}, "DomainsObject": {"properties": {"domains": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "maxItems": 200, "title": "Domains", "description": "List of domains"}}, "type": "object", "title": "DomainsObject", "description": "External-safe twin of DomainsObject."}, "DomainsObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/DomainsObject"}, {"type": "null"}], "description": "The domain list entries"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "DomainsObjectResponse", "description": "A domains object with its full configuration."}, "ExecutableServerConfig": {"properties": {"executable_path": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Executable Path", "description": "Path to the executable", "default": "", "examples": ["/path/to/executable"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for executable_path matching", "default": "exact"}}, "type": "object", "title": "ExecutableServerConfig"}, "FileActionUnsupported": {"type": "string", "enum": ["Block", "Allow"], "title": "FileActionUnsupported"}, "FileDownloadActionSupported": {"type": "string", "enum": ["na", "Block", "Allow", "EmulateInBackground", "WaitForEmulation", "Detect", "Extract"], "title": "FileDownloadActionSupported"}, "FileFailClose": {"type": "string", "enum": ["FailClose", "FailOpen"], "title": "FileFailClose"}, "FileProtectionObject": {"properties": {"file_download_action_unsupported": {"anyOf": [{"$ref": "#/components/schemas/FileActionUnsupported"}, {"type": "null"}]}, "file_upload_action_unsupported": {"anyOf": [{"$ref": "#/components/schemas/FileActionUnsupported"}, {"type": "null"}]}, "file_download_size_limit_mb": {"anyOf": [{"type": "integer", "maximum": 100.0, "minimum": 1.0}, {"type": "null"}], "title": "File Download Size Limit Mb"}, "file_upload_size_limit_mb": {"anyOf": [{"type": "integer", "maximum": 100.0, "minimum": 1.0}, {"type": "null"}], "title": "File Upload Size Limit Mb"}, "file_download_error_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_download_size_limit_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_upload_error_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_upload_size_limit_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_download_action_per_supported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileDownloadActionSupported"}, "propertyNames": {"$ref": "#/components/schemas/SupportedFileType"}, "type": "object"}, {"type": "null"}], "title": "File Download Action Per Supported File"}, "file_download_action_per_unsupported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileActionUnsupported"}, "type": "object", "maxProperties": 1000}, {"type": "null"}], "title": "File Download Action Per Unsupported File"}, "file_upload_action_per_supported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileUploadActionSupported"}, "propertyNames": {"$ref": "#/components/schemas/SupportedFileType"}, "type": "object"}, {"type": "null"}], "title": "File Upload Action Per Supported File"}, "file_upload_action_per_unsupported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileActionUnsupported"}, "type": "object", "maxProperties": 1000}, {"type": "null"}], "title": "File Upload Action Per Unsupported File"}}, "type": "object", "title": "FileProtectionObject", "description": "External-safe twin of FileProtectionObject."}, "FileProtectionObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/FileProtectionObject"}, {"type": "null"}], "description": "File protection settings: upload/download actions, size limits, fail-close behavior, and per-file-type overrides"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "FileProtectionObjectResponse", "description": "A file-protection object with its full configuration."}, "FileUploadActionSupported": {"type": "string", "enum": ["na", "Block", "Allow", "EmulateInBackground", "WaitForEmulation", "Detect"], "title": "FileUploadActionSupported"}, "GenAIApp": {"properties": {"id": {"type": "integer", "exclusiveMinimum": 0.0, "title": "Id", "description": "GenAI application ID"}, "mode": {"anyOf": [{"$ref": "#/components/schemas/AccountSelectionMode"}, {"type": "null"}], "description": "Account selection mode: 'all' or 'selected_account'", "default": "all"}, "accounts": {"items": {"$ref": "#/components/schemas/Account"}, "type": "array", "title": "Accounts", "description": "List of selected accounts (used when mode='selected_account')"}}, "type": "object", "required": ["id"], "title": "GenAIApp"}, "GetDlpDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "dataTypes": {"items": {"$ref": "#/components/schemas/DlpDataType"}, "type": "array", "title": "Datatypes"}}, "type": "object", "required": ["status", "dataTypes"], "title": "GetDlpDataTypesResponse", "example": {"dataTypes": [{"assetId": "3e2ed446-5d2e-4091-b561-2db1458f9791", "createType": "PRE_DEFINED", "creationTime": "2023-02-22T15:23:55.446Z", "description": "Matches ABA Routing Transit Numbers", "id": "3e2ed446-5d2e-4091-b561-2db1458f9791", "lastUpdateTime": "2023-02-22T15:23:56.317Z", "name": "ABA Transit Numbers", "objectStatus": "Normal", "redactSupported": false, "type": "PATTERN"}], "status": "SUCCESS"}}, "GetDlpTenantDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "id": {"type": "string", "title": "Id"}, "dataTypes": {"items": {"$ref": "#/components/schemas/DlpTenantDataType"}, "type": "array", "title": "Datatypes"}}, "type": "object", "required": ["status", "id", "dataTypes"], "title": "GetDlpTenantDataTypesResponse", "example": {"dataTypes": [{"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90", "internal": false, "name": "IP Address", "type": "GROUP"}, {"createType": "PRE_DEFINED", "id": "d2c4411f-dd0e-495b-b856-5686e68892b4", "internal": false, "name": "PCI - Credit Card Numbers", "type": "PATTERN"}], "id": "bb47587c-fda0-4cb3-896e-1d359d0e3f9d", "status": "SUCCESS"}}, "GetDomainsObjectsResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/DomainsObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "GetDomainsObjectsResponse", "description": "All domains objects for the tenant, including their full configuration."}, "GetFileProtectionObjectsResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/FileProtectionObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "GetFileProtectionObjectsResponse", "description": "All file-protection objects for the tenant, including their full configuration."}, "GetRulebaseResponse": {"properties": {"rulebase_version": {"type": "integer", "title": "Rulebase Version", "description": "Monotonically increasing version of this rulebase. Incremented whenever any rule in the rulebase is created, modified, or deleted. Compare with a previously stored value to detect whether the rulebase has changed (useful for caching or polling)"}, "rules": {"items": {"$ref": "#/components/schemas/RuleResponse"}, "type": "array", "title": "Rules", "description": "All rules in the rulebase, ordered by priority (ascending)"}}, "type": "object", "required": ["rulebase_version", "rules"], "title": "GetRulebaseResponse", "description": "Full rulebase for a given policy type, including its version for change detection."}, "HTTPValidationError": {"properties": {"detail": {"items": {"$ref": "#/components/schemas/ValidationError"}, "type": "array", "title": "Detail"}}, "type": "object", "title": "HTTPValidationError"}, "InstallationStatus": {"type": "string", "enum": ["pending", "success", "failed"], "title": "InstallationStatus", "description": "Status of DLP Next data type installation."}, "LoggingStatus": {"type": "string", "enum": ["enabled", "disabled"], "title": "LoggingStatus", "description": "Logging status enumeration."}, "MCPClient": {"properties": {"os": {"anyOf": [{"$ref": "#/components/schemas/OSType"}, {"type": "null"}], "description": "Operating system for the client"}, "name_id": {"anyOf": [{"$ref": "#/components/schemas/MCPClientNameId"}, {"type": "null"}], "description": "Client name identifier e.g. 'claude_desktop', 'docker_desktop'", "examples": ["claude_desktop", "docker_desktop"]}}, "type": "object", "title": "MCPClient"}, "MCPClientNameId": {"type": "string", "enum": ["claude_desktop", "vscode", "cursor", "windsurf", "zed", "perplexity", "antigravity", "jetbrains", "roo", "cline", "docker_desktop"], "title": "MCPClientNameId", "description": "MCP Client name identifier enumeration."}, "MCPClients": {"properties": {"mode": {"anyOf": [{"$ref": "#/components/schemas/SelectionMode"}, {"type": "null"}], "description": "Mode for client selection"}, "selected": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPClient"}, "type": "array"}, {"type": "null"}], "title": "Selected", "description": "List of selected clients"}}, "type": "object", "title": "MCPClients"}, "MCPIds": {"properties": {"name_id": {"anyOf": [{"type": "string", "minLength": 1}, {"type": "null"}], "title": "Name Id", "description": "Name of the managed MCP", "default": "", "examples": ["jira", "github"]}}, "type": "object", "title": "MCPIds"}, "MCPRiskLevel": {"properties": {"use_min": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Use Min", "description": "Whether to use minimum risk level limit", "default": false}, "use_max": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Use Max", "description": "Whether to use maximum risk level limit", "default": false}, "min": {"anyOf": [{"type": "integer", "minimum": 0.0}, {"type": "null"}], "title": "Min", "description": "Minimum risk level"}, "max": {"anyOf": [{"type": "integer", "minimum": 0.0}, {"type": "null"}], "title": "Max", "description": "Maximum risk level"}}, "type": "object", "title": "MCPRiskLevel"}, "MCPServer": {"properties": {"server_type": {"anyOf": [{"type": "string", "enum": ["all", "node_server", "python_server", "claude_extensions", "executable_server", "unknown_server", "docker_gateway", "docker_runner", "remote_server"]}, {"type": "null"}], "title": "Server Type", "description": "Type of the MCP server"}, "node_server": {"anyOf": [{"$ref": "#/components/schemas/NodeServerConfig"}, {"type": "null"}], "description": "Node server configuration"}, "python_server": {"anyOf": [{"$ref": "#/components/schemas/PythonServerConfig"}, {"type": "null"}], "description": "Python server configuration"}, "claude_extensions": {"anyOf": [{"$ref": "#/components/schemas/ClaudeExtensionsConfig"}, {"type": "null"}], "description": "Claude extensions configuration"}, "executable_server": {"anyOf": [{"$ref": "#/components/schemas/ExecutableServerConfig"}, {"type": "null"}], "description": "Executable server configuration"}, "unknown_server": {"anyOf": [{"$ref": "#/components/schemas/UnknownServerConfig"}, {"type": "null"}], "description": "Unknown server configuration"}, "docker_gateway": {"anyOf": [{"$ref": "#/components/schemas/DockerGatewayConfig"}, {"type": "null"}], "description": "Docker gateway configuration"}, "docker_runner": {"anyOf": [{"$ref": "#/components/schemas/DockerRunnerConfig"}, {"type": "null"}], "description": "Docker runner configuration"}, "remote_server": {"anyOf": [{"$ref": "#/components/schemas/RemoteServerConfig"}, {"type": "null"}], "description": "Remote server configuration"}}, "type": "object", "title": "MCPServer"}, "MCPServers": {"properties": {"mcp_servers_mode": {"anyOf": [{"$ref": "#/components/schemas/MCPServersMode"}, {"type": "null"}], "description": "Mode for MCP servers selection: all, risk_level, managed, manual"}, "risk_level": {"anyOf": [{"$ref": "#/components/schemas/MCPRiskLevel"}, {"type": "null"}], "description": "Risk level configuration for MCP servers"}, "managed": {"anyOf": [{"$ref": "#/components/schemas/ManagedMCP"}, {"type": "null"}], "description": "Managed MCP configuration"}, "manual": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPServer"}, "type": "array"}, {"type": "null"}], "title": "Manual", "description": "List of manual MCP servers"}}, "type": "object", "title": "MCPServers"}, "MCPServersMode": {"type": "string", "enum": ["all", "risk_level", "manual", "managed"], "title": "MCPServersMode", "description": "MCP Servers mode enumeration."}, "MCPToolItem": {"properties": {"tool_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Tool Name", "description": "Name of a tool e.g. 'create_issue', 'update_issue'", "default": "", "examples": ["create_issue", "update_issue"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for tool name matching", "default": "exact"}}, "type": "object", "title": "MCPToolItem"}, "ManagedMCP": {"properties": {"name_ids": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPIds"}, "type": "array"}, {"type": "null"}], "title": "Name Ids", "description": "List of managed MCP identifiers"}}, "type": "object", "title": "ManagedMCP"}, "MatchMode": {"type": "string", "enum": ["exact", "contains"], "title": "MatchMode", "description": "Matching mode enumeration."}, "MatchToolsMode": {"type": "string", "enum": ["tools_include", "tools_exclude", "operations", "all"], "title": "MatchToolsMode", "description": "Match mode for tools enumeration."}, "NodeServerConfig": {"properties": {"package_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Package Name", "description": "NPM package name e.g. '@modelcontextprotocol/server-github'", "default": "", "examples": ["@modelcontextprotocol/server-github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for package_name matching", "default": "exact"}}, "type": "object", "title": "NodeServerConfig"}, "OSType": {"type": "string", "enum": ["windows", "macos", "all"], "title": "OSType", "description": "Operating system enumeration."}, "ObjectFeature": {"type": "string", "enum": ["FILE_EMULATION", "PROTECTED_DOMAINS", "DOMAIN_SERVICES", "EXCLUDE_DOMAINS"], "title": "ObjectFeature"}, "ObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "ObjectResponse", "description": "Object metadata without the full configuration payload (used in update responses)."}, "OnOff": {"type": "string", "enum": ["on", "off"], "title": "OnOff", "description": "Simple on/off toggle."}, "OperationMatch": {"type": "string", "enum": ["match", "unmatch"], "title": "OperationMatch", "description": "Operation match enumeration."}, "PatchAccessPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Partial access policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchAccessPolicyRequest", "description": "Partially update an Access rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PatchChatsPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Partial Chats policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchChatsPolicyRequest", "description": "Partially update a Chats rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged. Useful for toggling a single setting\nwithout resending the full configuration."}, "PatchMCPServerPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Partial Agents policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchMCPServerPolicyRequest", "description": "Partially update an Agents rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PatchSecureBrowsingPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Partial Secure Browsing policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchSecureBrowsingPolicyRequest", "description": "Partially update a Secure Browsing rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PythonServerConfig": {"properties": {"module_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Module Name", "description": "Python module name e.g. 'modelcontextprotocol_server_github'", "default": "", "examples": ["modelcontextprotocol_server_github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for module_name matching", "default": "exact"}}, "type": "object", "title": "PythonServerConfig"}, "RemoteServerConfig": {"properties": {"match_mode": {"anyOf": [{"type": "string", "enum": ["url", "domain"]}, {"type": "null"}], "title": "Match Mode", "description": "Match mode type: 'url' for URL-based matching or 'domain' for domain-based matching"}, "url": {"anyOf": [{"$ref": "#/components/schemas/URLConfig"}, {"type": "null"}], "description": "URL configuration for remote server (used when match_mode='url')"}, "domain": {"anyOf": [{"$ref": "#/components/schemas/DomainConfig"}, {"type": "null"}], "description": "Domain configuration for remote server (used when match_mode='domain')"}}, "type": "object", "title": "RemoteServerConfig"}, "RuleResponse": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "Unique identifier of the rule"}, "name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every modification; can be used for optimistic concurrency checks"}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase that determines evaluation priority. Lower values are evaluated first; when two rules match the same request, the lower-order rule takes precedence"}, "active": {"type": "boolean", "title": "Active", "description": "Whether the rule is currently enforced; inactive rules are skipped"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At"}, "policy": {"anyOf": [{"$ref": "#/components/schemas/ChatsPolicy"}, {"$ref": "#/components/schemas/AccessPolicy"}, {"$ref": "#/components/schemas/AgentsPolicy"}, {"$ref": "#/components/schemas/SecureBrowsingPolicy"}], "title": "Policy", "description": "The enforcement configuration for this rule. Structure varies by rulebase type (Chats, Access, Agents, Secure Browsing)"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to (source entries). An empty list means the rule matches all users in the tenant"}, "objects": {"anyOf": [{"additionalProperties": {"items": {"type": "string"}, "type": "array"}, "propertyNames": {"$ref": "#/components/schemas/ObjectFeature"}, "type": "object"}, {"type": "null"}], "title": "Objects", "description": "Reusable policy objects attached to this rule, keyed by feature (e.g. FILE_EMULATION, DOMAIN_SERVICES). Values are lists of object IDs. Objects allow sharing configuration (domain lists, file-protection settings) across rules"}}, "type": "object", "required": ["rule_id", "name", "version", "order", "active", "created_at", "updated_at", "policy"], "title": "RuleResponse", "description": "A single rule within a rulebase."}, "SecureBrowsingPolicy": {"properties": {"password_reuse": {"anyOf": [{"$ref": "#/components/schemas/ThreatPreventionAction"}, {"type": "null"}]}, "zero_phishing": {"anyOf": [{"$ref": "#/components/schemas/ThreatPreventionAction"}, {"type": "null"}]}, "safe_search": {"anyOf": [{"$ref": "#/components/schemas/OnOff"}, {"type": "null"}]}, "search_reputation": {"anyOf": [{"$ref": "#/components/schemas/OnOff"}, {"type": "null"}]}, "domain_exclusions": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Domain Exclusions", "description": "List of excluded domains"}, "protected_domains": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Protected Domains", "description": "List of protected domains"}}, "type": "object", "title": "SecureBrowsingPolicy"}, "SelectionMode": {"type": "string", "enum": ["selected", "all"], "title": "SelectionMode", "description": "Selection mode enumeration."}, "ServerOperations": {"properties": {"CREATE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch CREATE operation"}, "READ": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch READ operation"}, "UPDATE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch UPDATE operation"}, "DELETE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch DELETE operation"}, "OTHER": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch OTHER operation (those not detected)"}}, "type": "object", "title": "ServerOperations"}, "ServicesAndApplication": {"properties": {"domain": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Domain", "description": "List of domains"}, "url": {"items": {"$ref": "#/components/schemas/URLItem"}, "type": "array", "title": "Url", "description": "List of URLs"}, "genai_application": {"items": {"$ref": "#/components/schemas/GenAIApp"}, "type": "array", "title": "Genai Application", "description": "List of GenAI applications"}, "category": {"items": {"$ref": "#/components/schemas/CategoryItem"}, "type": "array", "title": "Category", "description": "List of URLF categories"}, "mode": {"anyOf": [{"$ref": "#/components/schemas/SelectionMode"}, {"type": "null"}], "description": "Whether to apply to all services and applications or to only selected ones"}}, "type": "object", "title": "ServicesAndApplication"}, "SetAccessObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "enum": ["FILE_EMULATION", "DOMAIN_SERVICES"], "title": "Feature"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetAccessObjectsRequest", "description": "Set (replace) all objects for an Access rule for a given feature."}, "SetAccessPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Complete access policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetAccessPolicyRequest", "description": "Replace the entire Access policy of a rule (full overwrite)."}, "SetChatsObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "const": "DOMAIN_SERVICES", "title": "Feature", "description": "Object feature type"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetChatsObjectsRequest", "description": "Set (replace) all objects for a Chats rule for a given feature."}, "SetChatsPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Complete Chats policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetChatsPolicyRequest", "description": "Replace the entire Chats policy of a rule (full overwrite)."}, "SetDlpTenantDataTypesRequest": {"properties": {"dataTypes": {"items": {"$ref": "#/components/schemas/DlpDataTypeReference"}, "type": "array", "title": "Datatypes", "example": [{"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90"}, {"createType": "PRE_DEFINED", "id": "d2c4411f-dd0e-495b-b856-5686e68892b4"}]}}, "type": "object", "required": ["dataTypes"], "title": "SetDlpTenantDataTypesRequest"}, "SetDlpTenantDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "id": {"type": "string", "title": "Id"}, "dataSetStatus": {"type": "string", "title": "Datasetstatus"}}, "type": "object", "required": ["status", "id", "dataSetStatus"], "title": "SetDlpTenantDataTypesResponse", "example": {"dataSetStatus": "IN_PROGRESS", "id": "bb47587c-fda0-4cb3-896e-1d359d0e3f9d", "status": "SUCCESS"}}, "SetMCPServerPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Complete Agents policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetMCPServerPolicyRequest", "description": "Replace the entire Agents policy of a rule (full overwrite)."}, "SetSecureBrowsingObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "enum": ["PROTECTED_DOMAINS", "EXCLUDE_DOMAINS"], "title": "Feature"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetSecureBrowsingObjectsRequest", "description": "Set (replace) all objects for a Secure Browsing rule for a given feature."}, "SetSecureBrowsingPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Complete Secure Browsing policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetSecureBrowsingPolicyRequest", "description": "Replace the entire Secure Browsing policy of a rule (full overwrite)."}, "SupportedFileType": {"type": "string", "enum": ["pdf", "doc", "docx", "xls", "xlsx", "ppt", "pptx", "exe", "tar", "zip", "rar", "7z", "rtf", "dot", "docm", "dotx", "dotm", "xlt", "xlm", "xltx", "xlsm", "xltm", "xlsb", "xla", "xlam", "xll", "xlw", "pps", "pptm", "potx", "potm", "ppam", "ppsx", "ppsm", "sldx", "sldm", "csv", "scr", "swf", "jar", "cab", "tgz", "pif", "gz", "bz2", "tbz2", "tb2", "tbz", "com", "xz", "cpl", "dll", "lnk", "img", "iso", "wim", "arj", "bat", "ps1", "hwp", "iqy", "slk", "udf", "uue", "pkg", "msi", "msg", "o", "dylib", "app", "dmg", "qcow2", "sh", "one", "xar", "wsf", "aspx"], "title": "SupportedFileType"}, "ThreatPreventionAction": {"type": "string", "enum": ["detect", "prevent", "ask", "off"], "title": "ThreatPreventionAction", "description": "Actions for threat prevention features."}, "Tooling": {"properties": {"match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchToolsMode"}, {"type": "null"}], "description": "Match mode for tools: tools_include, tools_exclude, operations, all"}, "tools": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPToolItem"}, "type": "array"}, {"type": "null"}], "title": "Tools", "description": "List of tools for matching"}, "operations": {"anyOf": [{"$ref": "#/components/schemas/ServerOperations"}, {"type": "null"}], "description": "Operations match configuration"}}, "type": "object", "title": "Tooling"}, "URLConfig": {"properties": {"url": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Url", "description": "URL of the remote server", "default": "", "examples": ["https://mcp-server.example.com/path"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/URLMatchMode"}, {"type": "null"}], "description": "Match mode for URL matching (exact_url or url_contains)", "default": "exact_url"}}, "type": "object", "title": "URLConfig"}, "URLFCategory": {"type": "integer", "enum": [1, 3, 5, 7, 11, 12, 15, 32, 21, 24, 25, 0, 34, 35, 37, 39, 41, 42, 45, 47, 49, 51, 53, 54, 58, 59, 60, 68, 69, 71, 72, 74, 75, 76, 51000001, 51000002, 52000130, 50000032, 52000132, 60517663, 60530541, 60530542, 60530648, 31, 55, 65, 66, 67, 77, 51000003, 51000004, 51000005, 52000038, 60530540, 9, 13, 14, 17, 18, 26, 33, 56, 61, 62, 70, 73, 78, 30, 52000047, 52000058, 52000069, 50000086, 23, 52000136, 52000046, 52000051, 60531762], "title": "URLFCategory", "description": "URLF Category enumeration with display names as keys and category IDs as values."}, "URLItem": {"properties": {"url": {"type": "string", "format": "uri", "title": "Url", "description": "Valid URL"}}, "type": "object", "required": ["url"], "title": "URLItem"}, "URLMatchMode": {"type": "string", "enum": ["exact_url", "url_contains"], "title": "URLMatchMode", "description": "URL matching mode enumeration for remote server URL matching.\n\nMatching modes:\n- EXACT_URL: Matches the exact full URL\n e.g., \"http://sub1.sub2.something.com/alsohere/something\"\n- URL_CONTAINS: Matches if the URL contains the specified string\n e.g., \"alsohere\" matches any URL containing \"alsohere\""}, "UnknownServerConfig": {"properties": {"args": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Args", "description": "Arguments for unknown server types", "default": "", "examples": ["--default-arg"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for args matching", "default": "exact"}}, "type": "object", "title": "UnknownServerConfig"}, "UpdateDomainsObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to update"}, "name": {"anyOf": [{"type": "string", "maxLength": 255, "minLength": 1}, {"type": "null"}], "title": "Name", "description": "New display name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "New description"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/DomainsObject"}, {"type": "null"}], "description": "New domain list; replaces the existing list entirely"}}, "type": "object", "required": ["object_id"], "title": "UpdateDomainsObjectRequest", "description": "Update an existing domains object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing domain list entirely."}, "UpdateFileProtectionObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to update"}, "name": {"anyOf": [{"type": "string", "maxLength": 255, "minLength": 1}, {"type": "null"}], "title": "Name", "description": "New display name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "New description"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/FileProtectionObject"}, {"type": "null"}], "description": "New file protection configuration; replaces the existing settings entirely"}}, "type": "object", "required": ["object_id"], "title": "UpdateFileProtectionObjectRequest", "description": "Update an existing file-protection object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing configuration entirely."}, "UpdateObjectResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/ObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "UpdateObjectResponse", "description": "Response after updating an object (returns metadata only)."}, "ValidationError": {"properties": {"loc": {"items": {"anyOf": [{"type": "string"}, {"type": "integer"}]}, "type": "array", "title": "Location"}, "msg": {"type": "string", "title": "Message"}, "type": {"type": "string", "title": "Error Type"}, "input": {"title": "Input"}, "ctx": {"type": "object", "title": "Context"}}, "type": "object", "required": ["loc", "msg", "type"], "title": "ValidationError"}, "Asset": {"properties": {"device": {"$ref": "#/components/schemas/Device"}, "user": {"anyOf": [{"$ref": "#/components/schemas/User"}, {"type": "null"}]}, "ping": {"anyOf": [{"$ref": "#/components/schemas/Ping"}, {"type": "null"}]}, "deployment": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/ModuleDeploymentData"}, "propertyNames": {"$ref": "#/components/schemas/ModuleEnum"}, "type": "object"}, {"type": "null"}], "title": "Deployment"}, "policy": {"anyOf": [{"additionalProperties": {"additionalProperties": {"$ref": "#/components/schemas/PolicyTypeData"}, "propertyNames": {"$ref": "#/components/schemas/PolicyType"}, "type": "object"}, "propertyNames": {"$ref": "#/components/schemas/RequestSource"}, "type": "object"}, {"type": "null"}], "title": "Policy"}, "status": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/HealthStatus"}, "propertyNames": {"$ref": "#/components/schemas/StatusComponent"}, "type": "object"}, {"type": "null"}], "title": "Status"}, "environment": {"anyOf": [{"$ref": "#/components/schemas/EnvironmentData"}, {"type": "null"}]}}, "type": "object", "required": ["device"], "title": "Asset", "description": "Complete asset with optional joined domains."}, "AssetsCountRequest": {"properties": {"filters": {"items": {"$ref": "#/components/schemas/FilterCondition"}, "type": "array", "title": "Filters", "description": "Filter conditions"}, "search": {"anyOf": [{"$ref": "#/components/schemas/SearchParams"}, {"type": "null"}], "description": "Free text search for device name or user name"}}, "type": "object", "title": "AssetsCountRequest", "description": "Request for querying assets count with optional filters."}, "AssetsCountResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "count": {"type": "integer", "title": "Count"}, "filters_applied": {"type": "integer", "title": "Filters Applied", "description": "Number of filters that were applied"}}, "type": "object", "required": ["tenant_id", "count", "filters_applied"], "title": "AssetsCountResponse", "description": "Response for count queries."}, "AssetsPagination": {"properties": {"limit": {"type": "integer", "maximum": 1000.0, "minimum": 1.0, "title": "Limit", "description": "Number of items per page (max: 1000)", "default": 50}, "offset": {"type": "integer", "minimum": 0.0, "title": "Offset", "description": "Number of items to skip", "default": 0}}, "type": "object", "title": "AssetsPagination", "description": "Pagination parameters."}, "AssetsRequest": {"properties": {"joins": {"items": {"$ref": "#/components/schemas/JoinDomain"}, "type": "array", "title": "Joins", "description": "Domains to join"}, "filters": {"items": {"$ref": "#/components/schemas/FilterCondition"}, "type": "array", "title": "Filters", "description": "Filter conditions"}, "sort": {"items": {"$ref": "#/components/schemas/SortCondition"}, "type": "array", "title": "Sort", "description": "Sort conditions"}, "pagination": {"$ref": "#/components/schemas/AssetsPagination", "description": "Pagination parameters"}, "search": {"anyOf": [{"$ref": "#/components/schemas/SearchParams"}, {"type": "null"}], "description": "Free text search for device name or user name"}}, "type": "object", "title": "AssetsRequest", "description": "Request for querying assets with explicit joins."}, "AssetsResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "assets": {"items": {"$ref": "#/components/schemas/Asset"}, "type": "array", "title": "Assets"}, "limit": {"type": "integer", "title": "Limit"}, "offset": {"type": "integer", "title": "Offset"}}, "type": "object", "required": ["tenant_id", "assets", "limit", "offset"], "title": "AssetsResponse", "description": "Response with assets and pagination metadata."}, "Device": {"properties": {"device_unique_id": {"type": "string", "format": "uuid", "title": "Device Unique Id", "description": "Unique device identifier"}, "name": {"type": "string", "title": "Name", "description": "Device name (unique per tenant)"}, "device_sid": {"type": "string", "title": "Device Sid", "description": "Device SID"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Created timestamp"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Updated timestamp"}}, "type": "object", "required": ["device_unique_id", "name", "device_sid", "created_at", "updated_at"], "title": "Device", "description": "External-safe twin of GlobalDevice."}, "DeviceTypeEnum": {"type": "string", "enum": ["Laptop", "Desktop", "Workstation", "unknown"], "title": "DeviceTypeEnum"}, "EnvironmentData": {"properties": {"device_type": {"anyOf": [{"$ref": "#/components/schemas/DeviceTypeEnum"}, {"type": "null"}], "description": "Device type (laptop, desktop, etc.)"}, "os": {"anyOf": [{"$ref": "#/components/schemas/OSEnum"}, {"type": "null"}], "description": "Operating system"}, "os_version": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Os Version", "description": "Operating system version"}, "ip": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Ip", "description": "Device IP address (IPv4 or IPv6)"}}, "type": "object", "title": "EnvironmentData", "description": "External-safe twin of EnvironmentData."}, "FilterCondition": {"properties": {"field": {"$ref": "#/components/schemas/FilterableField", "description": "Field to filter on"}, "operator": {"$ref": "#/components/schemas/FilterOperator", "description": "Filter operator"}, "value": {"anyOf": [{}, {"type": "null"}], "title": "Value", "description": "Single value (for equals, contains, gte, lte)"}, "values": {"anyOf": [{"items": {}, "type": "array"}, {"type": "null"}], "title": "Values", "description": "List of values (for in, between)"}}, "type": "object", "required": ["field", "operator"], "title": "FilterCondition", "description": "Filter condition on a single asset field."}, "FilterOperator": {"type": "string", "enum": ["equals", "in", "contains", "gte", "lte", "between"], "title": "FilterOperator", "description": "Filter operators for different field types."}, "FilterableField": {"type": "string", "enum": ["device_name", "device_sid", "device_created_at", "device_updated_at", "user_name", "user_display_name", "user_samname", "user_created_at", "user_updated_at", "last_connected", "os", "os_version", "device_type", "ip", "installer_version", "chrome_extension_version", "firefox_extension_version", "edge_extension_version", "brave_extension_version", "mcp_version", "proxy_version"], "title": "FilterableField", "description": "Fields available for filtering and sorting assets.\n\nEach value maps to an internal DB field path (see FIELD_TO_INTERNAL_PATH).\nOnly the listed fields can be used in filter/sort conditions."}, "HealthStatus": {"type": "string", "enum": ["healthy", "unhealthy"], "title": "HealthStatus", "description": "Component health derived from status code: healthy when code == 0, unhealthy otherwise."}, "JoinDomain": {"type": "string", "enum": ["users", "pings", "deployment", "policy", "status", "environment"], "title": "JoinDomain", "description": "Available domains to join with devices table."}, "ModuleDeploymentData": {"properties": {"version": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Version", "description": "Current version"}}, "type": "object", "title": "ModuleDeploymentData", "description": "External-safe twin of ModuleDeploymentData \u2014 exposes version only."}, "ModuleEnum": {"type": "string", "enum": ["chrome", "firefox", "edge", "brave", "comet", "safari", "surf", "mcp", "proxy", "da"], "title": "ModuleEnum"}, "OSEnum": {"type": "string", "enum": ["Windows", "macOS", "Linux"], "title": "OSEnum", "description": "Operating system enumeration"}, "Ping": {"properties": {"last_connected": {"type": "string", "format": "date-time", "title": "Last Connected", "description": "Last connection timestamp"}}, "type": "object", "required": ["last_connected"], "title": "Ping", "description": "External-safe twin of PingData."}, "PolicyTypeData": {"properties": {"rulebase_version": {"type": "integer", "title": "Rulebase Version", "description": "Version of the rulebase"}}, "type": "object", "required": ["rulebase_version"], "title": "PolicyTypeData", "description": "Policy rulebase version for a given policy type."}, "PolicyType": {"type": "string", "enum": ["chats", "access", "agents", "browse_securing"], "title": "PolicyType", "description": "External-facing policy types with consumer-friendly names."}, "RequestSource": {"type": "string", "enum": ["device", "edge", "chrome", "firefox", "brave", "comet", "safari", "surf", "na"], "title": "RequestSource"}, "SearchParams": {"properties": {"term": {"type": "string", "title": "Term", "description": "Search term to match"}, "case_sensitive": {"type": "boolean", "title": "Case Sensitive", "description": "Whether search is case-sensitive (default: False for case-insensitive)", "default": false}, "match_anywhere": {"type": "boolean", "title": "Match Anywhere", "description": "Whether to match anywhere in text (True) or only at the beginning (False, default)", "default": false}}, "type": "object", "required": ["term"], "title": "SearchParams", "description": "Free text search parameters for device name and user name."}, "SortCondition": {"properties": {"field": {"$ref": "#/components/schemas/FilterableField", "description": "Field to sort by"}, "order": {"$ref": "#/components/schemas/SortOrder", "description": "Sort order", "default": "desc"}}, "type": "object", "required": ["field"], "title": "SortCondition", "description": "Sort condition on a single asset field."}, "SortOrder": {"type": "string", "enum": ["asc", "desc"], "title": "SortOrder"}, "StatusComponent": {"type": "string", "enum": ["proxy_health", "mcp_health"], "title": "StatusComponent", "description": "External-facing subset of status components exposed to API consumers."}, "User": {"properties": {"user_unique_id": {"type": "string", "format": "uuid", "title": "User Unique Id", "description": "Unique user identifier"}, "name": {"type": "string", "title": "Name", "description": "User name"}, "display_name": {"type": "string", "title": "Display Name", "description": "Display name"}, "samname": {"type": "string", "title": "Samname", "description": "SAM account name (unique per tenant)"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Created timestamp"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Updated timestamp"}}, "type": "object", "required": ["user_unique_id", "name", "display_name", "samname", "created_at", "updated_at"], "title": "User", "description": "External-safe twin of GlobalUser."}, "UserItem": {"properties": {"user_unique_id": {"type": "string", "format": "uuid", "title": "User Unique Id", "description": "Unique user identifier"}, "name": {"type": "string", "title": "Name", "description": "User name (CN path)"}, "display_name": {"type": "string", "title": "Display Name", "description": "Display name"}, "samname": {"type": "string", "title": "Samname", "description": "SAM account name"}}, "type": "object", "required": ["user_unique_id", "name", "display_name", "samname"], "title": "UserItem", "description": "External-safe user item."}, "UsersByIdsRequest": {"properties": {"user_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "maxItems": 500, "minItems": 1, "title": "User Ids", "description": "Array of user unique IDs (max: 500)"}}, "type": "object", "required": ["user_ids"], "title": "UsersByIdsRequest", "description": "Request for getting users by an array of IDs."}, "UsersByIdsResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "users": {"items": {"$ref": "#/components/schemas/UserItem"}, "type": "array", "title": "Users"}}, "type": "object", "required": ["tenant_id", "users"], "title": "UsersByIdsResponse", "description": "Response with users by IDs."}, "UsersPagination": {"properties": {"limit": {"type": "integer", "maximum": 100.0, "minimum": 1.0, "title": "Limit", "description": "Number of items per page (max: 100)", "default": 50}, "offset": {"type": "integer", "minimum": 0.0, "title": "Offset", "description": "Number of items to skip", "default": 0}}, "type": "object", "title": "UsersPagination", "description": "Pagination parameters for users (max 100 per page)."}, "UsersRequest": {"properties": {"search": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Search", "description": "Search term for case-insensitive match on user name and display name"}, "pagination": {"$ref": "#/components/schemas/UsersPagination", "description": "Pagination parameters"}}, "type": "object", "title": "UsersRequest", "description": "Request for querying users."}, "UsersResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "users": {"items": {"$ref": "#/components/schemas/UserItem"}, "type": "array", "title": "Users"}, "limit": {"type": "integer", "title": "Limit"}, "offset": {"type": "integer", "title": "Offset"}}, "type": "object", "required": ["tenant_id", "users", "limit", "offset"], "title": "UsersResponse", "description": "Response with users and pagination metadata."}, "AppResult": {"properties": {"app_id": {"type": "integer", "title": "App Id", "description": "Unique app identifier"}, "name": {"type": "string", "title": "Name", "description": "App name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "App description"}, "page_url": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Page Url", "description": "App page URL"}}, "type": "object", "required": ["app_id", "name"], "title": "AppResult", "description": "A single app result with minimal fields."}, "AppSearchRequest": {"properties": {"search": {"type": "string", "maxLength": 200, "minLength": 1, "title": "Search", "description": "Search term"}, "search_by": {"$ref": "#/components/schemas/SearchBy", "description": "Search mode: name, name_and_description, or url", "default": "name"}}, "type": "object", "required": ["search"], "title": "AppSearchRequest", "description": "Request for searching GenAI apps."}, "AppSearchResponse": {"properties": {"results": {"items": {"$ref": "#/components/schemas/AppResult"}, "type": "array", "title": "Results", "description": "Matching apps (max 10)"}}, "type": "object", "title": "AppSearchResponse", "description": "Response with matching apps (max 10)."}, "AppsByIdsRequest": {"properties": {"ids": {"items": {"type": "integer"}, "type": "array", "maxItems": 100, "minItems": 1, "title": "Ids", "description": "Array of app IDs (max: 100)"}}, "type": "object", "required": ["ids"], "title": "AppsByIdsRequest", "description": "Request for getting apps by an array of IDs."}, "AppsByIdsResponse": {"properties": {"results": {"items": {"$ref": "#/components/schemas/AppResult"}, "type": "array", "title": "Results", "description": "Matching apps"}}, "type": "object", "title": "AppsByIdsResponse", "description": "Response with apps by IDs."}, "SearchBy": {"type": "string", "enum": ["name", "name_and_description", "url"], "title": "SearchBy"}}, "securitySchemes": {"HTTPBearer": {"type": "http", "scheme": "bearer"}}}} \ No newline at end of file +{"openapi": "3.1.0", "info": {"title": "Check Point AI Security API", "description": "Unified API for Check Point AI Security \u2014 policy management and asset visibility.\n\n## Authentication\nAll endpoints require a valid CloudInfra JWT token passed as a Bearer token in the `Authorization` header.\n\n### Obtaining a JWT Token\n1. Go to the [Infinity Portal API Keys page](https://portal.checkpoint.com/dashboard/settings/api-keys).\n2. Click **New** \u2192 **New Account API Key**.\n3. In the **Service** dropdown select **Workforce AI Security** and create the key.\n4. Use the generated API key to obtain a JWT token from CloudInfra.\n5. Include the JWT in every request:\n ```\n Authorization: Bearer \n ```\n\n## Rate Limiting\nDefault limits vary per endpoint group. Exceeding any limit results in a 5-minute block period.\n", "version": "1.0.1"}, "servers": [{"url": "https://cloudinfra-gw.portal.checkpoint.com", "description": "Europe Region"}, {"url": "https://cloudinfra-gw-us.portal.checkpoint.com", "description": "United States Region"}], "paths": {"/app/genai-protect-policy/external/v1/chats/rulebase": {"get": {"tags": ["Chats Policy"], "summary": "Get the Chats rulebase with all rules and version", "operationId": "get_chats_rulebase_external_v1_chats_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/chats/rule": {"post": {"tags": ["Chats Policy"], "summary": "Create a Chats rule", "operationId": "add_chats_rule_external_v1_chats_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddChatsRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/chats/rule/set-policy": {"put": {"tags": ["Chats Policy"], "summary": "Replace the entire policy of a Chats rule", "operationId": "set_chats_policy_external_v1_chats_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetChatsPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Chats Policy External V1 Chats Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/chats/rule/patch-policy": {"patch": {"tags": ["Chats Policy"], "summary": "Partially update the policy of a Chats rule (deep merge)", "operationId": "patch_chats_policy_external_v1_chats_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchChatsPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Chats Policy External V1 Chats Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/ai-access/rulebase": {"get": {"tags": ["AI Access Policy"], "summary": "Get the AI Access rulebase with all rules and version", "operationId": "get_ai_access_rulebase_external_v1_ai_access_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/ai-access/rule": {"post": {"tags": ["AI Access Policy"], "summary": "Create an AI Access rule", "operationId": "add_ai_access_rule_external_v1_ai_access_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddAccessRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/ai-access/rule/set-policy": {"put": {"tags": ["AI Access Policy"], "summary": "Replace the entire AI Access policy of a rule", "operationId": "set_ai_access_policy_external_v1_ai_access_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetAccessPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Ai Access Policy External V1 Ai Access Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/ai-access/rule/patch-policy": {"patch": {"tags": ["AI Access Policy"], "summary": "Partially update the AI Access policy of a rule (deep merge)", "operationId": "patch_ai_access_policy_external_v1_ai_access_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchAccessPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Ai Access Policy External V1 Ai Access Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/agents/rulebase": {"get": {"tags": ["Agents Policy"], "summary": "Get the Agents rulebase with all rules and version", "operationId": "get_agents_rulebase_external_v1_agents_rulebase_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetRulebaseResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/agents/rule": {"post": {"tags": ["Agents Policy"], "summary": "Create an Agents rule", "operationId": "add_agents_rule_external_v1_agents_rule_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddMCPServerRuleRequest"}}}, "required": true}, "responses": {"201": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AddRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/agents/rule/set-policy": {"put": {"tags": ["Agents Policy"], "summary": "Replace the entire policy of an Agents rule", "operationId": "set_agents_policy_external_v1_agents_rule_set_policy_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetMCPServerPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Agents Policy External V1 Agents Rule Set Policy Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/agents/rule/patch-policy": {"patch": {"tags": ["Agents Policy"], "summary": "Partially update the policy of an Agents rule (deep merge)", "operationId": "patch_agents_policy_external_v1_agents_rule_patch_policy_patch", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/PatchMCPServerPolicyRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Patch Agents Policy External V1 Agents Rule Patch Policy Patch"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/set-info": {"put": {"tags": ["Rulebase"], "summary": "Update rule display info (name, description)", "operationId": "set_rule_info_external_v1_rules_set_info_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetInfoRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Rule Info External V1 Rules Set Info Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/reorder": {"put": {"tags": ["Rulebase"], "summary": "Change a rule's priority position in the rulebase", "operationId": "reorder_rule_external_v1_rules_reorder_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonReorderRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Reorder Rule External V1 Rules Reorder Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/set-source": {"put": {"tags": ["Rulebase"], "summary": "Replace the user/group source of a rule", "operationId": "set_source_external_v1_rules_set_source_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetSourceRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Source External V1 Rules Set Source Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/set-active": {"put": {"tags": ["Rulebase"], "summary": "Enable or disable a rule without deleting it", "operationId": "set_active_external_v1_rules_set_active_put", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonSetActiveRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"additionalProperties": true, "type": "object", "title": "Response Set Active External V1 Rules Set Active Put"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/rules/{rule_id}": {"delete": {"tags": ["Rulebase"], "summary": "Permanently delete a rule from the rulebase", "operationId": "delete_rule_external_v1_rules__rule_id__delete", "security": [{"HTTPBearer": []}], "parameters": [{"name": "rule_id", "in": "path", "required": true, "schema": {"type": "string", "title": "Rule Id"}}], "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/CommonDeleteRuleResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/predefined": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all predefined DLP datatypes", "operationId": "get_predefined_datatypes_external_v1_dlp_datatypes_predefined_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/custom": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all custom DLP datatypes", "operationId": "get_custom_datatypes_external_v1_dlp_datatypes_custom_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/all": {"get": {"tags": ["DLP Datatypes"], "summary": "Get all DLP datatypes (predefined and custom)", "operationId": "get_all_datatypes_external_v1_dlp_datatypes_all_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes": {"get": {"tags": ["DLP Datatypes"], "summary": "Get DLP datatypes for tenant", "operationId": "get_datatypes_external_v1_dlp_datatypes_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/GetDlpTenantDataTypesResponse"}}}}}, "security": [{"HTTPBearer": []}]}, "post": {"tags": ["DLP Datatypes"], "summary": "Set DLP datatypes for tenant", "operationId": "set_datatypes_external_v1_dlp_datatypes_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetDlpTenantDataTypesRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/SetDlpTenantDataTypesResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/installation/status": {"get": {"tags": ["DLP Datatypes"], "summary": "Get data type installation status", "operationId": "get_installation_status_route_external_v1_dlp_datatypes_installation_status_get", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DataTypeInstallationResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-policy/external/v1/dlp-datatypes/installation/retry": {"post": {"tags": ["DLP Datatypes"], "summary": "Retry data type installation", "operationId": "retry_installation_route_external_v1_dlp_datatypes_installation_retry_post", "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/DataTypeInstallationResponse"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-assets/external/v1/assets": {"post": {"tags": ["Deployment Status"], "summary": "Query assets with domain joins, filters and pagination", "operationId": "query_assets_external_v1_assets_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-assets/external/v1/assets/count": {"post": {"tags": ["Deployment Status"], "summary": "Get count of assets matching filters", "operationId": "get_assets_count_external_v1_assets_count_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsCountRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AssetsCountResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-assets/external/v1/users": {"post": {"tags": ["Users"], "summary": "Query users with pagination and search", "operationId": "query_users_external_v1_users_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersRequest"}}}}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-assets/external/v1/users/by-ids": {"post": {"tags": ["Users"], "summary": "Get users by array of IDs", "operationId": "get_users_by_ids_endpoint_external_v1_users_by_ids_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersByIdsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/UsersByIdsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-apps/external/v1/apps/search": {"post": {"tags": ["Apps Catalog"], "summary": "Search GenAI apps by name, name, description, or URL", "operationId": "search_apps_external_v1_apps_search_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppSearchRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppSearchResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}, "/app/genai-protect-apps/external/v1/apps/by-ids": {"post": {"tags": ["Apps Catalog"], "summary": "Get GenAI apps by array of IDs", "operationId": "get_apps_by_ids_external_v1_apps_by_ids_post", "requestBody": {"content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppsByIdsRequest"}}}, "required": true}, "responses": {"200": {"description": "Successful Response", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/AppsByIdsResponse"}}}}, "422": {"description": "Validation Error", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/HTTPValidationError"}}}}}, "security": [{"HTTPBearer": []}]}}}, "components": {"schemas": {"AccessPolicy": {"properties": {"services_and_application": {"anyOf": [{"$ref": "#/components/schemas/ServicesAndApplication"}, {"type": "null"}], "description": "Services and application configuration"}, "action": {"anyOf": [{"type": "string", "enum": ["block", "allow", "ask"]}, {"type": "null"}], "title": "Action", "description": "Action to take for access control"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}, "download_file_protection": {"anyOf": [{"$ref": "#/components/schemas/FileDownloadActionSupported"}, {"type": "null"}], "description": "File download protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules."}, "upload_file_protection": {"anyOf": [{"$ref": "#/components/schemas/FileUploadActionSupported"}, {"type": "null"}], "description": "File upload protection action. Must be 'na' for GenAI rules; must not be 'na' for Browse rules."}}, "type": "object", "title": "AccessPolicy"}, "Account": {"properties": {"account_id": {"type": "string", "title": "Account Id", "description": "Account identifier"}}, "type": "object", "required": ["account_id"], "title": "Account", "description": "External-safe twin of Account."}, "AccountSelectionMode": {"type": "string", "enum": ["all", "selected_account"], "title": "AccountSelectionMode", "description": "Account selection mode enumeration.\n\nDetermines which accounts/organizations the policy applies to:\n\n- ALL: Policy applies to all tool instances (e.g., cloud desktop, ChatGPT desktop, etc.),\n regardless of whether they are connected to an account/organization or not.\n\n- SELECTED_ACCOUNT: Policy applies only to tool instances (e.g., cloud desktop, ChatGPT\n desktop, etc.) that are connected to one of the specified account IDs (organization IDs\n in some tools' terminology). Tool instances not connected to any account or connected\n to accounts not in the list will not be affected by this policy."}, "AddAccessRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Access control policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddAccessRuleRequest", "description": "Create a new Access rule.\n\nAccess rules control which AI services and applications users are allowed\nto interact with, including allow/block decisions per service."}, "AddChatsRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Chats policy configuration for chat interactions"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddChatsRuleRequest", "description": "Create a new Chats rule.\n\nChats rules control data-loss-prevention for AI chat interactions:\nprompt/response inspection, sensitive-data detection, and file transfer policies."}, "AddMCPServerRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Agents policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddMCPServerRuleRequest", "description": "Create a new Agents rule.\n\nAgents rules govern agent interactions, including which tools\nagents can invoke and what access controls apply to agent operations."}, "AddRuleResponse": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "The UUID of the newly created rule"}}, "type": "object", "required": ["rule_id"], "title": "AddRuleResponse", "description": "Response returned after creating a rule."}, "AddSecureBrowsingRuleRequest": {"properties": {"name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase; lower values are evaluated first and take precedence"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Secure Browsing policy configuration"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to; empty means all users"}}, "type": "object", "required": ["name", "order", "policy"], "title": "AddSecureBrowsingRuleRequest", "description": "Create a new Secure Browsing rule.\n\nSecure Browsing rules define threat-prevention policies for web browsing:\nphishing protection, password-reuse detection, and domain-based filtering."}, "AgentsPolicy": {"properties": {"action": {"anyOf": [{"type": "string", "enum": ["block", "allow", "ask"]}, {"type": "null"}], "title": "Action", "description": "Action to take for MCP server"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}, "clients": {"anyOf": [{"$ref": "#/components/schemas/MCPClients"}, {"type": "null"}], "description": "Desktop clients selection"}, "servers": {"anyOf": [{"$ref": "#/components/schemas/MCPServers"}, {"type": "null"}], "description": "MCP servers configuration"}, "tooling": {"anyOf": [{"$ref": "#/components/schemas/Tooling"}, {"type": "null"}], "description": "Tooling configuration for MCP"}}, "type": "object", "title": "AgentsPolicy"}, "Assignment": {"properties": {"assignment_id": {"type": "string", "format": "uuid", "title": "Assignment Id", "description": "ID of the user or group"}, "display_name": {"type": "string", "title": "Display Name", "description": "Human-readable name of the user or group"}, "assignment_type": {"$ref": "#/components/schemas/AssignmentType", "description": "Whether this is a user, group, or entire-org assignment"}}, "type": "object", "required": ["assignment_id", "display_name", "assignment_type"], "title": "Assignment", "description": "External-safe twin of Assignment."}, "AssignmentType": {"type": "string", "enum": ["ASSIGNMENT_TYPE_USER", "ASSIGNMENT_TYPE_GROUP", "ASSIGNMENT_TYPE_ENTIRE_ORG"], "title": "AssignmentType"}, "AttachAccessObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "enum": ["FILE_EMULATION", "DOMAIN_SERVICES"], "title": "Feature", "description": "Object feature type; Access rules support FILE_EMULATION and DOMAIN_SERVICES"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachAccessObjectsRequest", "description": "Attach reusable objects to an Access rule.\n\nAccess rules support FILE_EMULATION objects (file scanning/emulation settings)\nand DOMAIN_SERVICES objects (domain allow/block lists)."}, "AttachChatsObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "const": "DOMAIN_SERVICES", "title": "Feature", "description": "Object feature type; Chats rules only support DOMAIN_SERVICES"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachChatsObjectsRequest", "description": "Attach reusable objects to a Chats rule.\n\nChats rules support DOMAIN_SERVICES objects (domain allow/block lists\napplied during chat interactions)."}, "AttachSecureBrowsingObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to attach objects to"}, "feature": {"type": "string", "enum": ["PROTECTED_DOMAINS", "EXCLUDE_DOMAINS"], "title": "Feature", "description": "Object feature type; Secure Browsing supports PROTECTED_DOMAINS and EXCLUDE_DOMAINS"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to attach to the rule"}}, "type": "object", "required": ["rule_id", "feature", "object_ids"], "title": "AttachSecureBrowsingObjectsRequest", "description": "Attach reusable objects to a Secure Browsing rule.\n\nSecure Browsing rules support PROTECTED_DOMAINS (domains where threat\nprevention is enforced) and EXCLUDE_DOMAINS (domains exempted from scanning)."}, "CategoryItem": {"properties": {"category_id": {"$ref": "#/components/schemas/URLFCategory", "description": "Category ID from the supported URLF categories. The following categories are available:\n\n| Category | ID |\n|---|---|\n| Uncategorized | 0 |\n| Computers & Internet | 1 |\n| Education | 3 |\n| Entertainment | 5 |\n| Financial Services | 7 |\n| Gambling | 9 |\n| Government / Military | 11 |\n| Greeting Cards | 12 |\n| Hacking | 13 |\n| Hate / Racism | 14 |\n| Health | 15 |\n| Illegal / Questionable | 17 |\n| Illegal Drugs | 18 |\n| Job Search / Careers | 21 |\n| Media Streams | 23 |\n| News / Media | 24 |\n| Newsgroups / Forums | 25 |\n| Nudity | 26 |\n| Personals / Dating | 30 |\n| Phishing | 31 |\n| Political / Legal | 32 |\n| Pornography | 33 |\n| Real Estate | 34 |\n| Recreation | 35 |\n| Religion | 37 |\n| Restaurants / Dining / Food | 39 |\n| Sex Education | 41 |\n| Shopping | 42 |\n| Alcohol / Tobacco | 45 |\n| Art / Culture | 47 |\n| Blogs / Personal Pages | 49 |\n| Business / Economy | 51 |\n| Software Downloads | 53 |\n| Sports | 54 |\n| Spyware / Malicious Sites | 55 |\n| Tasteless | 56 |\n| Translation | 58 |\n| Travel | 59 |\n| Vehicles | 60 |\n| Violence | 61 |\n| Weapons | 62 |\n| Botnets | 65 |\n| Spam | 66 |\n| Inactive Sites | 67 |\n| Fashion | 68 |\n| Non-Profits / NGOs | 69 |\n| Sex | 70 |\n| General | 71 |\n| Nature / Conservation | 72 |\n| Child Abuse | 73 |\n| URL Filtering | 74 |\n| Lifestyle | 75 |\n| Lingerie / Swimsuit / Suggestive | 76 |\n| Suspicious Content | 77 |\n| Marijuana | 78 |\n| Web Advertisements | 50000032 |\n| Instant Chat | 50000086 |\n| Very Low Risk | 51000001 |\n| Low Risk | 51000002 |\n| Medium Risk | 51000003 |\n| High Risk | 51000004 |\n| Critical Risk | 51000005 |\n| Anonymizer | 52000038 |\n| P2P File Sharing | 52000046 |\n| Instant Messaging | 52000047 |\n| Media Sharing | 52000051 |\n| Games | 52000058 |\n| Social Networking | 52000069 |\n| Email | 52000130 |\n| Search Engines / Portals | 52000132 |\n| File Storage / Sharing | 52000136 |\n| Keyloggers | 60530540 |\n| Occult | 60530541 |\n| Hosting Sites | 60530542 |\n| DDNS / Dynamic DNS | 60530648 |\n| Artificial Intelligence (AI) | 60517663 |\n| Generative AI Tools | 60531762 |\n\n**Note:** GenAI rules only allow category 60531762 (Generative AI Tools), used as \"Any AI tool\". Browse rules can use any *other* category."}}, "type": "object", "required": ["category_id"], "title": "CategoryItem"}, "ChatsPolicy": {"properties": {"event_type": {"anyOf": [{"$ref": "#/components/schemas/DLPEventType"}, {"type": "null"}], "description": "Type of event to apply DLP policy on"}, "services_and_application": {"anyOf": [{"$ref": "#/components/schemas/ServicesAndApplication"}, {"type": "null"}], "description": "Services and application configuration"}, "data_types": {"anyOf": [{"items": {"$ref": "#/components/schemas/DataType"}, "type": "array"}, {"type": "null"}], "title": "Data Types", "description": "DLP Data types"}, "action": {"anyOf": [{"type": "string", "enum": ["prevent", "ask", "redact", "detect", "allow", "block"]}, {"type": "null"}], "title": "Action", "description": "Action to take when DLP rule is triggered"}, "logging": {"anyOf": [{"$ref": "#/components/schemas/LoggingStatus"}, {"type": "null"}], "description": "Whether logging is enabled"}}, "type": "object", "title": "ChatsPolicy"}, "ClaudeExtensionsConfig": {"properties": {"extension_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Extension Name", "description": "Extension name from manifest.json", "default": "", "examples": ["chrome-control"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for extension_name matching", "default": "exact"}}, "type": "object", "title": "ClaudeExtensionsConfig"}, "CommonDeleteRuleResponse": {"properties": {"message": {"type": "string", "title": "Message"}, "rule_id": {"type": "string", "title": "Rule Id"}}, "type": "object", "required": ["message", "rule_id"], "title": "CommonDeleteRuleResponse", "description": "Confirmation of rule deletion."}, "CommonReorderRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to reorder"}, "new_order": {"type": "integer", "title": "New Order", "description": "Target position in the rulebase (1-based). Lower values = higher priority = evaluated first"}}, "type": "object", "required": ["rule_id", "new_order"], "title": "CommonReorderRequest", "description": "Move a rule to a new position in the rulebase.\n\nOther rules in the same rulebase are shifted automatically to accommodate."}, "CommonSetActiveRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "active": {"type": "boolean", "title": "Active", "description": "True to enforce the rule, false to skip it during evaluation"}}, "type": "object", "required": ["rule_id", "active"], "title": "CommonSetActiveRequest", "description": "Enable or disable a rule without deleting it.\n\nInactive rules remain in the rulebase but are skipped during policy evaluation."}, "CommonSetInfoRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "name": {"type": "string", "title": "Name", "description": "New human-readable name for the rule"}, "description": {"type": "string", "title": "Description", "description": "New description of the rule's purpose"}}, "type": "object", "required": ["rule_id", "name", "description"], "title": "CommonSetInfoRequest", "description": "Update a rule's display information without changing its policy or assignments."}, "CommonSetSourceRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Complete list of user/group source entries; replaces all existing entries"}}, "type": "object", "required": ["rule_id", "source"], "title": "CommonSetSourceRequest", "description": "Replace the full source list of a rule.\n\nSource entries determine which users or groups the rule applies to.\nAn empty list means the rule applies to everyone in the tenant."}, "CreateDomainsObjectRequest": {"properties": {"name": {"type": "string", "maxLength": 255, "minLength": 1, "title": "Name", "description": "Display name for the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Explanation of what this object is used for", "default": ""}, "object_data": {"$ref": "#/components/schemas/DomainsObject", "description": "Domain list configuration (up to 200 domain entries)"}}, "type": "object", "required": ["name", "object_data"], "title": "CreateDomainsObjectRequest", "description": "Create a new domains object.\n\nDomains objects contain a list of domain entries used for domain-based\nfiltering in rules (e.g. protected domains, excluded domains, service domains)."}, "CreateFileProtectionObjectRequest": {"properties": {"name": {"type": "string", "maxLength": 255, "minLength": 1, "title": "Name", "description": "Display name for the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "Explanation of what this object is used for", "default": ""}, "object_data": {"$ref": "#/components/schemas/FileProtectionObject", "description": "File protection settings: upload/download actions, size limits, fail-close behavior, and per-file-type overrides"}}, "type": "object", "required": ["name", "object_data"], "title": "CreateFileProtectionObjectRequest", "description": "Create a new file-protection object.\n\nFile-protection objects define scanning and emulation behavior for file\nuploads and downloads, including per-file-type action overrides and size limits."}, "CreateObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "The UUID of the newly created object"}}, "type": "object", "required": ["object_id"], "title": "CreateObjectResponse", "description": "Response returned after creating an object."}, "DLPEventType": {"type": "string", "enum": ["file_upload", "file_download", "paste", "prompt", "copy"], "title": "DLPEventType"}, "DLPType": {"type": "string", "enum": ["PRE_DEFINED", "CUSTOM"], "title": "DLPType"}, "DataType": {"properties": {"id": {"type": "string", "format": "uuid", "title": "Id", "description": "UUID of the data type", "default": "", "examples": ["cf0523c1-537e-4a4b-8bb8-084b7b9e0b45"]}, "name": {"type": "string", "title": "Name", "description": "Display name of the data type", "default": "", "examples": ["American Express Travelers Cheques Number"]}, "type": {"$ref": "#/components/schemas/DLPType", "description": "Type of the data type", "default": "PRE_DEFINED"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel", "description": "Matching level for the data type"}}, "type": "object", "title": "DataType"}, "DataTypeInstallationResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "status": {"$ref": "#/components/schemas/InstallationStatus"}, "data_types_count": {"type": "integer", "title": "Data Types Count"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At"}}, "type": "object", "required": ["tenant_id", "status", "data_types_count", "updated_at"], "title": "DataTypeInstallationResponse", "description": "Response model for data type installation status."}, "DeleteObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to delete"}}, "type": "object", "required": ["object_id"], "title": "DeleteObjectRequest", "description": "Delete a policy object.\n\nDeletion will fail with 409 Conflict if the object is currently attached\nto one or more rules. Detach it from all rules first."}, "DetachObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule to detach objects from"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "minItems": 1, "title": "Object Ids", "description": "Object IDs to remove from the rule"}}, "type": "object", "required": ["rule_id", "object_ids"], "title": "DetachObjectsRequest", "description": "Remove objects from a rule. Works across all rule types that support objects."}, "DlpCreateType": {"type": "string", "enum": ["PRE_DEFINED", "CUSTOM"], "title": "DlpCreateType"}, "DlpDataType": {"properties": {"id": {"type": "string", "title": "Id"}, "assetId": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Assetid"}, "objectStatus": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Objectstatus"}, "name": {"type": "string", "title": "Name"}, "type": {"type": "string", "title": "Type"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "creationTime": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Creationtime"}, "lastUpdateTime": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Lastupdatetime"}, "dataTypeTags": {"anyOf": [{"items": {"$ref": "#/components/schemas/DlpDataTypeTag"}, "type": "array"}, {"type": "null"}], "title": "Datatypetags"}, "redactSupported": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Redactsupported"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel"}, "content": {"anyOf": [{"additionalProperties": true, "type": "object"}, {"type": "null"}], "title": "Content"}, "comment": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Comment"}}, "additionalProperties": true, "type": "object", "required": ["id", "name", "type", "createType"], "title": "DlpDataType", "example": {"assetId": "3e2ed446-5d2e-4091-b561-2db1458f9791", "createType": "PRE_DEFINED", "creationTime": "2023-02-22T15:23:55.446Z", "dataTypeTags": [{"isCategory": false, "name": "Financial & Business"}], "description": "Matches American Bankers Association (ABA) Routing Transit Numbers", "id": "3e2ed446-5d2e-4091-b561-2db1458f9791", "lastUpdateTime": "2023-02-22T15:23:56.317Z", "matchingLevel": 1, "name": "ABA Transit Numbers", "objectStatus": "Normal", "redactSupported": false, "type": "PATTERN"}}, "DlpDataTypeReference": {"properties": {"id": {"type": "string", "title": "Id"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}}, "type": "object", "required": ["id", "createType"], "title": "DlpDataTypeReference", "example": {"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90"}}, "DlpDataTypeTag": {"properties": {"name": {"type": "string", "title": "Name"}, "data": {"anyOf": [{"items": {"type": "string"}, "type": "array"}, {"type": "null"}], "title": "Data"}, "isCategory": {"type": "boolean", "title": "Iscategory"}}, "type": "object", "required": ["name", "isCategory"], "title": "DlpDataTypeTag", "example": {"data": ["Other"], "isCategory": true, "name": "Regulation"}}, "DlpTenantDataType": {"properties": {"id": {"type": "string", "title": "Id"}, "name": {"type": "string", "title": "Name"}, "type": {"type": "string", "title": "Type"}, "createType": {"$ref": "#/components/schemas/DlpCreateType"}, "internal": {"type": "boolean", "title": "Internal"}, "matchingLevel": {"anyOf": [{"type": "integer"}, {"type": "null"}], "title": "Matchinglevel"}}, "type": "object", "required": ["id", "name", "type", "createType", "internal"], "title": "DlpTenantDataType", "example": {"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90", "internal": false, "matchingLevel": 1, "name": "IP Address", "type": "GROUP"}}, "DockerGatewayConfig": {"properties": {}, "type": "object", "title": "DockerGatewayConfig"}, "DockerRunnerConfig": {"properties": {"image_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Image Name", "description": "Docker image name", "default": "", "examples": ["modelcontextprotocol/server-github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for image_name matching", "default": "exact"}}, "type": "object", "title": "DockerRunnerConfig"}, "DomainConfig": {"properties": {"domain_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Domain Name", "description": "Domain name of the remote server", "default": "", "examples": ["mcp-server.example.com", "example.com"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/DomainMatchMode"}, {"type": "null"}], "description": "Match mode for domain matching (exact_host or any_subdomain)", "default": "exact_host"}}, "type": "object", "title": "DomainConfig"}, "DomainItem": {"properties": {"domain": {"type": "string", "format": "hostname", "title": "Domain", "description": "Valid domain name or IPv4 address"}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/DomainMatchMode"}, {"type": "null"}], "description": "Match mode for domain matching (exact_host or any_subdomain)", "default": "exact_host"}}, "type": "object", "required": ["domain"], "title": "DomainItem"}, "DomainMatchMode": {"type": "string", "enum": ["exact_host", "any_subdomain"], "title": "DomainMatchMode", "description": "Domain matching mode enumeration for remote server domain matching.\n\nMatching modes:\n- EXACT_HOST: Matches the exact host/domain\n e.g., \"sub1.sub2.something.com\"\n- ANY_SUBDOMAIN: Matches any subdomain of the specified domain\n e.g., \"something.com\" matches \"sub1.something.com\", \"sub2.something.com\", etc."}, "DomainsObject": {"properties": {"domains": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "maxItems": 200, "title": "Domains", "description": "List of domains"}}, "type": "object", "title": "DomainsObject", "description": "External-safe twin of DomainsObject."}, "DomainsObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/DomainsObject"}, {"type": "null"}], "description": "The domain list entries"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "DomainsObjectResponse", "description": "A domains object with its full configuration."}, "ExecutableServerConfig": {"properties": {"executable_path": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Executable Path", "description": "Path to the executable", "default": "", "examples": ["/path/to/executable"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for executable_path matching", "default": "exact"}}, "type": "object", "title": "ExecutableServerConfig"}, "FileActionUnsupported": {"type": "string", "enum": ["Block", "Allow"], "title": "FileActionUnsupported"}, "FileDownloadActionSupported": {"type": "string", "enum": ["na", "Block", "Allow", "EmulateInBackground", "WaitForEmulation", "Detect", "Extract"], "title": "FileDownloadActionSupported"}, "FileFailClose": {"type": "string", "enum": ["FailClose", "FailOpen"], "title": "FileFailClose"}, "FileProtectionObject": {"properties": {"file_download_action_unsupported": {"anyOf": [{"$ref": "#/components/schemas/FileActionUnsupported"}, {"type": "null"}]}, "file_upload_action_unsupported": {"anyOf": [{"$ref": "#/components/schemas/FileActionUnsupported"}, {"type": "null"}]}, "file_download_size_limit_mb": {"anyOf": [{"type": "integer", "maximum": 100.0, "minimum": 1.0}, {"type": "null"}], "title": "File Download Size Limit Mb"}, "file_upload_size_limit_mb": {"anyOf": [{"type": "integer", "maximum": 100.0, "minimum": 1.0}, {"type": "null"}], "title": "File Upload Size Limit Mb"}, "file_download_error_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_download_size_limit_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_upload_error_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_upload_size_limit_fail_close": {"anyOf": [{"$ref": "#/components/schemas/FileFailClose"}, {"type": "null"}]}, "file_download_action_per_supported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileDownloadActionSupported"}, "propertyNames": {"$ref": "#/components/schemas/SupportedFileType"}, "type": "object"}, {"type": "null"}], "title": "File Download Action Per Supported File"}, "file_download_action_per_unsupported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileActionUnsupported"}, "type": "object", "maxProperties": 1000}, {"type": "null"}], "title": "File Download Action Per Unsupported File"}, "file_upload_action_per_supported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileUploadActionSupported"}, "propertyNames": {"$ref": "#/components/schemas/SupportedFileType"}, "type": "object"}, {"type": "null"}], "title": "File Upload Action Per Supported File"}, "file_upload_action_per_unsupported_file": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/FileActionUnsupported"}, "type": "object", "maxProperties": 1000}, {"type": "null"}], "title": "File Upload Action Per Unsupported File"}}, "type": "object", "title": "FileProtectionObject", "description": "External-safe twin of FileProtectionObject."}, "FileProtectionObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/FileProtectionObject"}, {"type": "null"}], "description": "File protection settings: upload/download actions, size limits, fail-close behavior, and per-file-type overrides"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "FileProtectionObjectResponse", "description": "A file-protection object with its full configuration."}, "FileUploadActionSupported": {"type": "string", "enum": ["na", "Block", "Allow", "EmulateInBackground", "WaitForEmulation", "Detect"], "title": "FileUploadActionSupported"}, "GenAIApp": {"properties": {"id": {"type": "integer", "exclusiveMinimum": 0.0, "title": "Id", "description": "GenAI application ID"}, "mode": {"anyOf": [{"$ref": "#/components/schemas/AccountSelectionMode"}, {"type": "null"}], "description": "Account selection mode: 'all' or 'selected_account'", "default": "all"}, "accounts": {"items": {"$ref": "#/components/schemas/Account"}, "type": "array", "title": "Accounts", "description": "List of selected accounts (used when mode='selected_account')"}}, "type": "object", "required": ["id"], "title": "GenAIApp"}, "GetDlpDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "dataTypes": {"items": {"$ref": "#/components/schemas/DlpDataType"}, "type": "array", "title": "Datatypes"}}, "type": "object", "required": ["status", "dataTypes"], "title": "GetDlpDataTypesResponse", "example": {"dataTypes": [{"assetId": "3e2ed446-5d2e-4091-b561-2db1458f9791", "createType": "PRE_DEFINED", "creationTime": "2023-02-22T15:23:55.446Z", "description": "Matches ABA Routing Transit Numbers", "id": "3e2ed446-5d2e-4091-b561-2db1458f9791", "lastUpdateTime": "2023-02-22T15:23:56.317Z", "name": "ABA Transit Numbers", "objectStatus": "Normal", "redactSupported": false, "type": "PATTERN"}], "status": "SUCCESS"}}, "GetDlpTenantDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "id": {"type": "string", "title": "Id"}, "dataTypes": {"items": {"$ref": "#/components/schemas/DlpTenantDataType"}, "type": "array", "title": "Datatypes"}}, "type": "object", "required": ["status", "id", "dataTypes"], "title": "GetDlpTenantDataTypesResponse", "example": {"dataTypes": [{"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90", "internal": false, "name": "IP Address", "type": "GROUP"}, {"createType": "PRE_DEFINED", "id": "d2c4411f-dd0e-495b-b856-5686e68892b4", "internal": false, "name": "PCI - Credit Card Numbers", "type": "PATTERN"}], "id": "bb47587c-fda0-4cb3-896e-1d359d0e3f9d", "status": "SUCCESS"}}, "GetDomainsObjectsResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/DomainsObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "GetDomainsObjectsResponse", "description": "All domains objects for the tenant, including their full configuration."}, "GetFileProtectionObjectsResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/FileProtectionObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "GetFileProtectionObjectsResponse", "description": "All file-protection objects for the tenant, including their full configuration."}, "GetRulebaseResponse": {"properties": {"rulebase_version": {"type": "integer", "title": "Rulebase Version", "description": "Monotonically increasing version of this rulebase. Incremented whenever any rule in the rulebase is created, modified, or deleted. Compare with a previously stored value to detect whether the rulebase has changed (useful for caching or polling)"}, "rules": {"items": {"$ref": "#/components/schemas/RuleResponse"}, "type": "array", "title": "Rules", "description": "All rules in the rulebase, ordered by priority (ascending)"}}, "type": "object", "required": ["rulebase_version", "rules"], "title": "GetRulebaseResponse", "description": "Full rulebase for a given policy type, including its version for change detection."}, "HTTPValidationError": {"properties": {"detail": {"items": {"$ref": "#/components/schemas/ValidationError"}, "type": "array", "title": "Detail"}}, "type": "object", "title": "HTTPValidationError"}, "InstallationStatus": {"type": "string", "enum": ["pending", "success", "failed"], "title": "InstallationStatus", "description": "Status of DLP Next data type installation."}, "LoggingStatus": {"type": "string", "enum": ["enabled", "disabled"], "title": "LoggingStatus", "description": "Logging status enumeration."}, "MCPClient": {"properties": {"os": {"anyOf": [{"$ref": "#/components/schemas/OSType"}, {"type": "null"}], "description": "Operating system for the client"}, "name_id": {"anyOf": [{"$ref": "#/components/schemas/MCPClientNameId"}, {"type": "null"}], "description": "Client name identifier e.g. 'claude_desktop', 'docker_desktop'", "examples": ["claude_desktop", "docker_desktop"]}}, "type": "object", "title": "MCPClient"}, "MCPClientNameId": {"type": "string", "enum": ["claude_desktop", "vscode", "cursor", "windsurf", "zed", "perplexity", "antigravity", "jetbrains", "roo", "cline", "docker_desktop"], "title": "MCPClientNameId", "description": "MCP Client name identifier enumeration."}, "MCPClients": {"properties": {"mode": {"anyOf": [{"$ref": "#/components/schemas/SelectionMode"}, {"type": "null"}], "description": "Mode for client selection"}, "selected": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPClient"}, "type": "array"}, {"type": "null"}], "title": "Selected", "description": "List of selected clients"}}, "type": "object", "title": "MCPClients"}, "MCPIds": {"properties": {"name_id": {"anyOf": [{"type": "string", "minLength": 1}, {"type": "null"}], "title": "Name Id", "description": "Name of the managed MCP", "default": "", "examples": ["jira", "github"]}}, "type": "object", "title": "MCPIds"}, "MCPRiskLevel": {"properties": {"use_min": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Use Min", "description": "Whether to use minimum risk level limit", "default": false}, "use_max": {"anyOf": [{"type": "boolean"}, {"type": "null"}], "title": "Use Max", "description": "Whether to use maximum risk level limit", "default": false}, "min": {"anyOf": [{"type": "integer", "minimum": 0.0}, {"type": "null"}], "title": "Min", "description": "Minimum risk level"}, "max": {"anyOf": [{"type": "integer", "minimum": 0.0}, {"type": "null"}], "title": "Max", "description": "Maximum risk level"}}, "type": "object", "title": "MCPRiskLevel"}, "MCPServer": {"properties": {"server_type": {"anyOf": [{"type": "string", "enum": ["all", "node_server", "python_server", "claude_extensions", "executable_server", "unknown_server", "docker_gateway", "docker_runner", "remote_server"]}, {"type": "null"}], "title": "Server Type", "description": "Type of the MCP server"}, "node_server": {"anyOf": [{"$ref": "#/components/schemas/NodeServerConfig"}, {"type": "null"}], "description": "Node server configuration"}, "python_server": {"anyOf": [{"$ref": "#/components/schemas/PythonServerConfig"}, {"type": "null"}], "description": "Python server configuration"}, "claude_extensions": {"anyOf": [{"$ref": "#/components/schemas/ClaudeExtensionsConfig"}, {"type": "null"}], "description": "Claude extensions configuration"}, "executable_server": {"anyOf": [{"$ref": "#/components/schemas/ExecutableServerConfig"}, {"type": "null"}], "description": "Executable server configuration"}, "unknown_server": {"anyOf": [{"$ref": "#/components/schemas/UnknownServerConfig"}, {"type": "null"}], "description": "Unknown server configuration"}, "docker_gateway": {"anyOf": [{"$ref": "#/components/schemas/DockerGatewayConfig"}, {"type": "null"}], "description": "Docker gateway configuration"}, "docker_runner": {"anyOf": [{"$ref": "#/components/schemas/DockerRunnerConfig"}, {"type": "null"}], "description": "Docker runner configuration"}, "remote_server": {"anyOf": [{"$ref": "#/components/schemas/RemoteServerConfig"}, {"type": "null"}], "description": "Remote server configuration"}}, "type": "object", "title": "MCPServer"}, "MCPServers": {"properties": {"mcp_servers_mode": {"anyOf": [{"$ref": "#/components/schemas/MCPServersMode"}, {"type": "null"}], "description": "Mode for MCP servers selection: all, risk_level, managed, manual"}, "risk_level": {"anyOf": [{"$ref": "#/components/schemas/MCPRiskLevel"}, {"type": "null"}], "description": "Risk level configuration for MCP servers"}, "managed": {"anyOf": [{"$ref": "#/components/schemas/ManagedMCP"}, {"type": "null"}], "description": "Managed MCP configuration"}, "manual": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPServer"}, "type": "array"}, {"type": "null"}], "title": "Manual", "description": "List of manual MCP servers"}}, "type": "object", "title": "MCPServers"}, "MCPServersMode": {"type": "string", "enum": ["all", "risk_level", "manual", "managed"], "title": "MCPServersMode", "description": "MCP Servers mode enumeration."}, "MCPToolItem": {"properties": {"tool_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Tool Name", "description": "Name of a tool e.g. 'create_issue', 'update_issue'", "default": "", "examples": ["create_issue", "update_issue"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for tool name matching", "default": "exact"}}, "type": "object", "title": "MCPToolItem"}, "ManagedMCP": {"properties": {"name_ids": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPIds"}, "type": "array"}, {"type": "null"}], "title": "Name Ids", "description": "List of managed MCP identifiers"}}, "type": "object", "title": "ManagedMCP"}, "MatchMode": {"type": "string", "enum": ["exact", "contains"], "title": "MatchMode", "description": "Matching mode enumeration."}, "MatchToolsMode": {"type": "string", "enum": ["tools_include", "tools_exclude", "operations", "all"], "title": "MatchToolsMode", "description": "Match mode for tools enumeration."}, "NodeServerConfig": {"properties": {"package_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Package Name", "description": "NPM package name e.g. '@modelcontextprotocol/server-github'", "default": "", "examples": ["@modelcontextprotocol/server-github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for package_name matching", "default": "exact"}}, "type": "object", "title": "NodeServerConfig"}, "OSType": {"type": "string", "enum": ["windows", "macos", "all"], "title": "OSType", "description": "Operating system enumeration."}, "ObjectFeature": {"type": "string", "enum": ["FILE_EMULATION", "PROTECTED_DOMAINS", "DOMAIN_SERVICES", "EXCLUDE_DOMAINS"], "title": "ObjectFeature"}, "ObjectResponse": {"properties": {"object_id": {"type": "string", "title": "Object Id", "description": "Unique identifier of the object"}, "name": {"type": "string", "title": "Name", "description": "Display name of the object"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description"}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every update"}, "created_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Created At"}, "updated_at": {"anyOf": [{"type": "string", "format": "date-time"}, {"type": "null"}], "title": "Updated At"}}, "type": "object", "required": ["object_id", "name", "version"], "title": "ObjectResponse", "description": "Object metadata without the full configuration payload (used in update responses)."}, "OnOff": {"type": "string", "enum": ["on", "off"], "title": "OnOff", "description": "Simple on/off toggle."}, "OperationMatch": {"type": "string", "enum": ["match", "unmatch"], "title": "OperationMatch", "description": "Operation match enumeration."}, "PatchAccessPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Partial access policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchAccessPolicyRequest", "description": "Partially update an Access rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PatchChatsPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Partial Chats policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchChatsPolicyRequest", "description": "Partially update a Chats rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged. Useful for toggling a single setting\nwithout resending the full configuration."}, "PatchMCPServerPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Partial Agents policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchMCPServerPolicyRequest", "description": "Partially update an Agents rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PatchSecureBrowsingPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to patch"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Partial Secure Browsing policy fields to merge into the existing configuration"}}, "type": "object", "required": ["rule_id", "policy"], "title": "PatchSecureBrowsingPolicyRequest", "description": "Partially update a Secure Browsing rule's policy.\n\nOnly the provided fields are deep-merged into the existing policy;\nomitted fields remain unchanged."}, "PythonServerConfig": {"properties": {"module_name": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Module Name", "description": "Python module name e.g. 'modelcontextprotocol_server_github'", "default": "", "examples": ["modelcontextprotocol_server_github"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for module_name matching", "default": "exact"}}, "type": "object", "title": "PythonServerConfig"}, "RemoteServerConfig": {"properties": {"match_mode": {"anyOf": [{"type": "string", "enum": ["url", "domain"]}, {"type": "null"}], "title": "Match Mode", "description": "Match mode type: 'url' for URL-based matching or 'domain' for domain-based matching"}, "url": {"anyOf": [{"$ref": "#/components/schemas/URLConfig"}, {"type": "null"}], "description": "URL configuration for remote server (used when match_mode='url')"}, "domain": {"anyOf": [{"$ref": "#/components/schemas/DomainConfig"}, {"type": "null"}], "description": "Domain configuration for remote server (used when match_mode='domain')"}}, "type": "object", "title": "RemoteServerConfig"}, "RuleResponse": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "Unique identifier of the rule"}, "name": {"type": "string", "title": "Name", "description": "Human-readable rule name"}, "description": {"type": "string", "title": "Description", "description": "Explanation of the rule's purpose", "default": ""}, "version": {"type": "integer", "title": "Version", "description": "Incremented on every modification; can be used for optimistic concurrency checks"}, "order": {"type": "integer", "title": "Order", "description": "Position in the rulebase that determines evaluation priority. Lower values are evaluated first; when two rules match the same request, the lower-order rule takes precedence"}, "active": {"type": "boolean", "title": "Active", "description": "Whether the rule is currently enforced; inactive rules are skipped"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At"}, "policy": {"anyOf": [{"$ref": "#/components/schemas/ChatsPolicy"}, {"$ref": "#/components/schemas/AccessPolicy"}, {"$ref": "#/components/schemas/AgentsPolicy"}, {"$ref": "#/components/schemas/SecureBrowsingPolicy"}], "title": "Policy", "description": "The enforcement configuration for this rule. Structure varies by rulebase type (Chats, Access, Agents, Secure Browsing)"}, "source": {"items": {"$ref": "#/components/schemas/Assignment"}, "type": "array", "title": "Source", "description": "Users or groups this rule applies to (source entries). An empty list means the rule matches all users in the tenant"}, "objects": {"anyOf": [{"additionalProperties": {"items": {"type": "string"}, "type": "array"}, "propertyNames": {"$ref": "#/components/schemas/ObjectFeature"}, "type": "object"}, {"type": "null"}], "title": "Objects", "description": "Reusable policy objects attached to this rule, keyed by feature (e.g. FILE_EMULATION, DOMAIN_SERVICES). Values are lists of object IDs. Objects allow sharing configuration (domain lists, file-protection settings) across rules"}}, "type": "object", "required": ["rule_id", "name", "version", "order", "active", "created_at", "updated_at", "policy"], "title": "RuleResponse", "description": "A single rule within a rulebase."}, "SecureBrowsingPolicy": {"properties": {"password_reuse": {"anyOf": [{"$ref": "#/components/schemas/ThreatPreventionAction"}, {"type": "null"}]}, "zero_phishing": {"anyOf": [{"$ref": "#/components/schemas/ThreatPreventionAction"}, {"type": "null"}]}, "safe_search": {"anyOf": [{"$ref": "#/components/schemas/OnOff"}, {"type": "null"}]}, "search_reputation": {"anyOf": [{"$ref": "#/components/schemas/OnOff"}, {"type": "null"}]}, "domain_exclusions": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Domain Exclusions", "description": "List of excluded domains"}, "protected_domains": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Protected Domains", "description": "List of protected domains"}}, "type": "object", "title": "SecureBrowsingPolicy"}, "SelectionMode": {"type": "string", "enum": ["selected", "all"], "title": "SelectionMode", "description": "Selection mode enumeration."}, "ServerOperations": {"properties": {"CREATE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch CREATE operation"}, "READ": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch READ operation"}, "UPDATE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch UPDATE operation"}, "DELETE": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch DELETE operation"}, "OTHER": {"anyOf": [{"$ref": "#/components/schemas/OperationMatch"}, {"type": "null"}], "description": "Match or unmatch OTHER operation (those not detected)"}}, "type": "object", "title": "ServerOperations"}, "ServicesAndApplication": {"properties": {"domain": {"items": {"$ref": "#/components/schemas/DomainItem"}, "type": "array", "title": "Domain", "description": "List of domains"}, "url": {"items": {"$ref": "#/components/schemas/URLItem"}, "type": "array", "title": "Url", "description": "List of URLs"}, "genai_application": {"items": {"$ref": "#/components/schemas/GenAIApp"}, "type": "array", "title": "Genai Application", "description": "List of GenAI applications"}, "category": {"items": {"$ref": "#/components/schemas/CategoryItem"}, "type": "array", "title": "Category", "description": "List of URLF categories"}, "mode": {"anyOf": [{"$ref": "#/components/schemas/SelectionMode"}, {"type": "null"}], "description": "Whether to apply to all services and applications or to only selected ones"}}, "type": "object", "title": "ServicesAndApplication"}, "SetAccessObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "enum": ["FILE_EMULATION", "DOMAIN_SERVICES"], "title": "Feature"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetAccessObjectsRequest", "description": "Set (replace) all objects for an Access rule for a given feature."}, "SetAccessPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/AccessPolicy", "description": "Complete access policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetAccessPolicyRequest", "description": "Replace the entire Access policy of a rule (full overwrite)."}, "SetChatsObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "const": "DOMAIN_SERVICES", "title": "Feature", "description": "Object feature type"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetChatsObjectsRequest", "description": "Set (replace) all objects for a Chats rule for a given feature."}, "SetChatsPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/ChatsPolicy", "description": "Complete Chats policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetChatsPolicyRequest", "description": "Replace the entire Chats policy of a rule (full overwrite)."}, "SetDlpTenantDataTypesRequest": {"properties": {"dataTypes": {"items": {"$ref": "#/components/schemas/DlpDataTypeReference"}, "type": "array", "title": "Datatypes", "example": [{"createType": "PRE_DEFINED", "id": "73e1e0b1-1d23-4281-9ca7-8e64aa2b9e90"}, {"createType": "PRE_DEFINED", "id": "d2c4411f-dd0e-495b-b856-5686e68892b4"}]}}, "type": "object", "required": ["dataTypes"], "title": "SetDlpTenantDataTypesRequest"}, "SetDlpTenantDataTypesResponse": {"properties": {"status": {"type": "string", "title": "Status"}, "id": {"type": "string", "title": "Id"}, "dataSetStatus": {"type": "string", "title": "Datasetstatus"}}, "type": "object", "required": ["status", "id", "dataSetStatus"], "title": "SetDlpTenantDataTypesResponse", "example": {"dataSetStatus": "IN_PROGRESS", "id": "bb47587c-fda0-4cb3-896e-1d359d0e3f9d", "status": "SUCCESS"}}, "SetMCPServerPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/AgentsPolicy", "description": "Complete Agents policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetMCPServerPolicyRequest", "description": "Replace the entire Agents policy of a rule (full overwrite)."}, "SetSecureBrowsingObjectsRequest": {"properties": {"rule_id": {"type": "string", "format": "uuid", "title": "Rule Id", "description": "UUID of the rule"}, "feature": {"type": "string", "enum": ["PROTECTED_DOMAINS", "EXCLUDE_DOMAINS"], "title": "Feature"}, "object_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "title": "Object Ids", "description": "Complete set of object IDs; replaces all existing for this feature"}}, "type": "object", "required": ["rule_id", "feature"], "title": "SetSecureBrowsingObjectsRequest", "description": "Set (replace) all objects for a Secure Browsing rule for a given feature."}, "SetSecureBrowsingPolicyRequest": {"properties": {"rule_id": {"type": "string", "title": "Rule Id", "description": "UUID of the rule to update"}, "policy": {"$ref": "#/components/schemas/SecureBrowsingPolicy", "description": "Complete Secure Browsing policy; replaces the existing configuration entirely"}}, "type": "object", "required": ["rule_id", "policy"], "title": "SetSecureBrowsingPolicyRequest", "description": "Replace the entire Secure Browsing policy of a rule (full overwrite)."}, "SupportedFileType": {"type": "string", "enum": ["pdf", "doc", "docx", "xls", "xlsx", "ppt", "pptx", "exe", "tar", "zip", "rar", "7z", "rtf", "dot", "docm", "dotx", "dotm", "xlt", "xlm", "xltx", "xlsm", "xltm", "xlsb", "xla", "xlam", "xll", "xlw", "pps", "pptm", "potx", "potm", "ppam", "ppsx", "ppsm", "sldx", "sldm", "csv", "scr", "swf", "jar", "cab", "tgz", "pif", "gz", "bz2", "tbz2", "tb2", "tbz", "com", "xz", "cpl", "dll", "lnk", "img", "iso", "wim", "arj", "bat", "ps1", "hwp", "iqy", "slk", "udf", "uue", "pkg", "msi", "msg", "o", "dylib", "app", "dmg", "qcow2", "sh", "one", "xar", "wsf", "aspx"], "title": "SupportedFileType"}, "ThreatPreventionAction": {"type": "string", "enum": ["detect", "prevent", "ask", "off"], "title": "ThreatPreventionAction", "description": "Actions for threat prevention features."}, "Tooling": {"properties": {"match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchToolsMode"}, {"type": "null"}], "description": "Match mode for tools: tools_include, tools_exclude, operations, all"}, "tools": {"anyOf": [{"items": {"$ref": "#/components/schemas/MCPToolItem"}, "type": "array"}, {"type": "null"}], "title": "Tools", "description": "List of tools for matching"}, "operations": {"anyOf": [{"$ref": "#/components/schemas/ServerOperations"}, {"type": "null"}], "description": "Operations match configuration"}}, "type": "object", "title": "Tooling"}, "URLConfig": {"properties": {"url": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Url", "description": "URL of the remote server", "default": "", "examples": ["https://mcp-server.example.com/path"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/URLMatchMode"}, {"type": "null"}], "description": "Match mode for URL matching (exact_url or url_contains)", "default": "exact_url"}}, "type": "object", "title": "URLConfig"}, "URLFCategory": {"type": "integer", "enum": [1, 3, 5, 7, 11, 12, 15, 32, 21, 24, 25, 0, 34, 35, 37, 39, 41, 42, 45, 47, 49, 51, 53, 54, 58, 59, 60, 68, 69, 71, 72, 74, 75, 76, 51000001, 51000002, 52000130, 50000032, 52000132, 60517663, 60530541, 60530542, 60530648, 31, 55, 65, 66, 67, 77, 51000003, 51000004, 51000005, 52000038, 60530540, 9, 13, 14, 17, 18, 26, 33, 56, 61, 62, 70, 73, 78, 30, 52000047, 52000058, 52000069, 50000086, 23, 52000136, 52000046, 52000051, 60531762], "title": "URLFCategory", "description": "URLF Category enumeration with display names as keys and category IDs as values."}, "URLItem": {"properties": {"url": {"type": "string", "format": "uri", "title": "Url", "description": "Valid URL"}}, "type": "object", "required": ["url"], "title": "URLItem"}, "URLMatchMode": {"type": "string", "enum": ["exact_url", "url_contains"], "title": "URLMatchMode", "description": "URL matching mode enumeration for remote server URL matching.\n\nMatching modes:\n- EXACT_URL: Matches the exact full URL\n e.g., \"http://sub1.sub2.something.com/alsohere/something\"\n- URL_CONTAINS: Matches if the URL contains the specified string\n e.g., \"alsohere\" matches any URL containing \"alsohere\""}, "UnknownServerConfig": {"properties": {"args": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Args", "description": "Arguments for unknown server types", "default": "", "examples": ["--default-arg"]}, "match_mode": {"anyOf": [{"$ref": "#/components/schemas/MatchMode"}, {"type": "null"}], "description": "Match mode for args matching", "default": "exact"}}, "type": "object", "title": "UnknownServerConfig"}, "UpdateDomainsObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to update"}, "name": {"anyOf": [{"type": "string", "maxLength": 255, "minLength": 1}, {"type": "null"}], "title": "Name", "description": "New display name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "New description"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/DomainsObject"}, {"type": "null"}], "description": "New domain list; replaces the existing list entirely"}}, "type": "object", "required": ["object_id"], "title": "UpdateDomainsObjectRequest", "description": "Update an existing domains object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing domain list entirely."}, "UpdateFileProtectionObjectRequest": {"properties": {"object_id": {"type": "string", "format": "uuid", "title": "Object Id", "description": "ID of the object to update"}, "name": {"anyOf": [{"type": "string", "maxLength": 255, "minLength": 1}, {"type": "null"}], "title": "Name", "description": "New display name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "New description"}, "object_data": {"anyOf": [{"$ref": "#/components/schemas/FileProtectionObject"}, {"type": "null"}], "description": "New file protection configuration; replaces the existing settings entirely"}}, "type": "object", "required": ["object_id"], "title": "UpdateFileProtectionObjectRequest", "description": "Update an existing file-protection object.\n\nAll fields are optional; only provided fields are updated.\nIf object_data is provided, it replaces the existing configuration entirely."}, "UpdateObjectResponse": {"properties": {"objects": {"items": {"$ref": "#/components/schemas/ObjectResponse"}, "type": "array", "title": "Objects"}}, "type": "object", "required": ["objects"], "title": "UpdateObjectResponse", "description": "Response after updating an object (returns metadata only)."}, "ValidationError": {"properties": {"loc": {"items": {"anyOf": [{"type": "string"}, {"type": "integer"}]}, "type": "array", "title": "Location"}, "msg": {"type": "string", "title": "Message"}, "type": {"type": "string", "title": "Error Type"}, "input": {"title": "Input"}, "ctx": {"type": "object", "title": "Context"}}, "type": "object", "required": ["loc", "msg", "type"], "title": "ValidationError"}, "Asset": {"properties": {"device": {"$ref": "#/components/schemas/Device"}, "user": {"anyOf": [{"$ref": "#/components/schemas/User"}, {"type": "null"}]}, "ping": {"anyOf": [{"$ref": "#/components/schemas/Ping"}, {"type": "null"}]}, "deployment": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/ModuleDeploymentData"}, "propertyNames": {"$ref": "#/components/schemas/ModuleEnum"}, "type": "object"}, {"type": "null"}], "title": "Deployment"}, "policy": {"anyOf": [{"additionalProperties": {"additionalProperties": {"$ref": "#/components/schemas/PolicyTypeData"}, "propertyNames": {"$ref": "#/components/schemas/PolicyType"}, "type": "object"}, "propertyNames": {"$ref": "#/components/schemas/RequestSource"}, "type": "object"}, {"type": "null"}], "title": "Policy"}, "status": {"anyOf": [{"additionalProperties": {"$ref": "#/components/schemas/HealthStatus"}, "propertyNames": {"$ref": "#/components/schemas/StatusComponent"}, "type": "object"}, {"type": "null"}], "title": "Status"}, "environment": {"anyOf": [{"$ref": "#/components/schemas/EnvironmentData"}, {"type": "null"}]}}, "type": "object", "required": ["device"], "title": "Asset", "description": "Complete asset with optional joined domains."}, "AssetsCountRequest": {"properties": {"filters": {"items": {"$ref": "#/components/schemas/FilterCondition"}, "type": "array", "title": "Filters", "description": "Filter conditions"}, "search": {"anyOf": [{"$ref": "#/components/schemas/SearchParams"}, {"type": "null"}], "description": "Free text search for device name or user name"}}, "type": "object", "title": "AssetsCountRequest", "description": "Request for querying assets count with optional filters."}, "AssetsCountResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "count": {"type": "integer", "title": "Count"}, "filters_applied": {"type": "integer", "title": "Filters Applied", "description": "Number of filters that were applied"}}, "type": "object", "required": ["tenant_id", "count", "filters_applied"], "title": "AssetsCountResponse", "description": "Response for count queries."}, "AssetsPagination": {"properties": {"limit": {"type": "integer", "maximum": 1000.0, "minimum": 1.0, "title": "Limit", "description": "Number of items per page (max: 1000)", "default": 50}, "offset": {"type": "integer", "minimum": 0.0, "title": "Offset", "description": "Number of items to skip", "default": 0}}, "type": "object", "title": "AssetsPagination", "description": "Pagination parameters."}, "AssetsRequest": {"properties": {"joins": {"items": {"$ref": "#/components/schemas/JoinDomain"}, "type": "array", "title": "Joins", "description": "Domains to join"}, "filters": {"items": {"$ref": "#/components/schemas/FilterCondition"}, "type": "array", "title": "Filters", "description": "Filter conditions"}, "sort": {"items": {"$ref": "#/components/schemas/SortCondition"}, "type": "array", "title": "Sort", "description": "Sort conditions"}, "pagination": {"$ref": "#/components/schemas/AssetsPagination", "description": "Pagination parameters"}, "search": {"anyOf": [{"$ref": "#/components/schemas/SearchParams"}, {"type": "null"}], "description": "Free text search for device name or user name"}}, "type": "object", "title": "AssetsRequest", "description": "Request for querying assets with explicit joins."}, "AssetsResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "assets": {"items": {"$ref": "#/components/schemas/Asset"}, "type": "array", "title": "Assets"}, "limit": {"type": "integer", "title": "Limit"}, "offset": {"type": "integer", "title": "Offset"}}, "type": "object", "required": ["tenant_id", "assets", "limit", "offset"], "title": "AssetsResponse", "description": "Response with assets and pagination metadata."}, "Device": {"properties": {"device_unique_id": {"type": "string", "format": "uuid", "title": "Device Unique Id", "description": "Unique device identifier"}, "name": {"type": "string", "title": "Name", "description": "Device name (unique per tenant)"}, "device_sid": {"type": "string", "title": "Device Sid", "description": "Device SID"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Created timestamp"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Updated timestamp"}}, "type": "object", "required": ["device_unique_id", "name", "device_sid", "created_at", "updated_at"], "title": "Device", "description": "External-safe twin of GlobalDevice."}, "DeviceTypeEnum": {"type": "string", "enum": ["Laptop", "Desktop", "Workstation", "unknown"], "title": "DeviceTypeEnum"}, "EnvironmentData": {"properties": {"device_type": {"anyOf": [{"$ref": "#/components/schemas/DeviceTypeEnum"}, {"type": "null"}], "description": "Device type (laptop, desktop, etc.)"}, "os": {"anyOf": [{"$ref": "#/components/schemas/OSEnum"}, {"type": "null"}], "description": "Operating system"}, "os_version": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Os Version", "description": "Operating system version"}, "ip": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Ip", "description": "Device IP address (IPv4 or IPv6)"}}, "type": "object", "title": "EnvironmentData", "description": "External-safe twin of EnvironmentData."}, "FilterCondition": {"properties": {"field": {"$ref": "#/components/schemas/FilterableField", "description": "Field to filter on"}, "operator": {"$ref": "#/components/schemas/FilterOperator", "description": "Filter operator"}, "value": {"anyOf": [{}, {"type": "null"}], "title": "Value", "description": "Single value (for equals, contains, gte, lte)"}, "values": {"anyOf": [{"items": {}, "type": "array"}, {"type": "null"}], "title": "Values", "description": "List of values (for in, between)"}}, "type": "object", "required": ["field", "operator"], "title": "FilterCondition", "description": "Filter condition on a single asset field."}, "FilterOperator": {"type": "string", "enum": ["equals", "in", "contains", "gte", "lte", "between"], "title": "FilterOperator", "description": "Filter operators for different field types."}, "FilterableField": {"type": "string", "enum": ["device_name", "device_sid", "device_created_at", "device_updated_at", "user_name", "user_display_name", "user_samname", "user_created_at", "user_updated_at", "last_connected", "os", "os_version", "device_type", "ip", "installer_version", "chrome_extension_version", "firefox_extension_version", "edge_extension_version", "brave_extension_version", "mcp_version", "proxy_version"], "title": "FilterableField", "description": "Fields available for filtering and sorting assets.\n\nEach value maps to an internal DB field path (see FIELD_TO_INTERNAL_PATH).\nOnly the listed fields can be used in filter/sort conditions."}, "HealthStatus": {"type": "string", "enum": ["healthy", "unhealthy"], "title": "HealthStatus", "description": "Component health derived from status code: healthy when code == 0, unhealthy otherwise."}, "JoinDomain": {"type": "string", "enum": ["users", "pings", "deployment", "policy", "status", "environment"], "title": "JoinDomain", "description": "Available domains to join with devices table."}, "ModuleDeploymentData": {"properties": {"version": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Version", "description": "Current version"}}, "type": "object", "title": "ModuleDeploymentData", "description": "External-safe twin of ModuleDeploymentData \u2014 exposes version only."}, "ModuleEnum": {"type": "string", "enum": ["chrome", "firefox", "edge", "brave", "comet", "safari", "surf", "mcp", "proxy", "da"], "title": "ModuleEnum"}, "OSEnum": {"type": "string", "enum": ["Windows", "macOS", "Linux"], "title": "OSEnum", "description": "Operating system enumeration"}, "Ping": {"properties": {"last_connected": {"type": "string", "format": "date-time", "title": "Last Connected", "description": "Last connection timestamp"}}, "type": "object", "required": ["last_connected"], "title": "Ping", "description": "External-safe twin of PingData."}, "PolicyTypeData": {"properties": {"rulebase_version": {"type": "integer", "title": "Rulebase Version", "description": "Version of the rulebase"}}, "type": "object", "required": ["rulebase_version"], "title": "PolicyTypeData", "description": "Policy rulebase version for a given policy type."}, "PolicyType": {"type": "string", "enum": ["chats", "access", "agents", "browse_securing"], "title": "PolicyType", "description": "External-facing policy types with consumer-friendly names."}, "RequestSource": {"type": "string", "enum": ["device", "edge", "chrome", "firefox", "brave", "comet", "safari", "surf", "na"], "title": "RequestSource"}, "SearchParams": {"properties": {"term": {"type": "string", "title": "Term", "description": "Search term to match"}, "case_sensitive": {"type": "boolean", "title": "Case Sensitive", "description": "Whether search is case-sensitive (default: False for case-insensitive)", "default": false}, "match_anywhere": {"type": "boolean", "title": "Match Anywhere", "description": "Whether to match anywhere in text (True) or only at the beginning (False, default)", "default": false}}, "type": "object", "required": ["term"], "title": "SearchParams", "description": "Free text search parameters for device name and user name."}, "SortCondition": {"properties": {"field": {"$ref": "#/components/schemas/FilterableField", "description": "Field to sort by"}, "order": {"$ref": "#/components/schemas/SortOrder", "description": "Sort order", "default": "desc"}}, "type": "object", "required": ["field"], "title": "SortCondition", "description": "Sort condition on a single asset field."}, "SortOrder": {"type": "string", "enum": ["asc", "desc"], "title": "SortOrder"}, "StatusComponent": {"type": "string", "enum": ["proxy_health", "mcp_health"], "title": "StatusComponent", "description": "External-facing subset of status components exposed to API consumers."}, "User": {"properties": {"user_unique_id": {"type": "string", "format": "uuid", "title": "User Unique Id", "description": "Unique user identifier"}, "name": {"type": "string", "title": "Name", "description": "User name"}, "display_name": {"type": "string", "title": "Display Name", "description": "Display name"}, "samname": {"type": "string", "title": "Samname", "description": "SAM account name (unique per tenant)"}, "created_at": {"type": "string", "format": "date-time", "title": "Created At", "description": "Created timestamp"}, "updated_at": {"type": "string", "format": "date-time", "title": "Updated At", "description": "Updated timestamp"}}, "type": "object", "required": ["user_unique_id", "name", "display_name", "samname", "created_at", "updated_at"], "title": "User", "description": "External-safe twin of GlobalUser."}, "UserItem": {"properties": {"user_unique_id": {"type": "string", "format": "uuid", "title": "User Unique Id", "description": "Unique user identifier"}, "name": {"type": "string", "title": "Name", "description": "User name (CN path)"}, "display_name": {"type": "string", "title": "Display Name", "description": "Display name"}, "samname": {"type": "string", "title": "Samname", "description": "SAM account name"}}, "type": "object", "required": ["user_unique_id", "name", "display_name", "samname"], "title": "UserItem", "description": "External-safe user item."}, "UsersByIdsRequest": {"properties": {"user_ids": {"items": {"type": "string", "format": "uuid"}, "type": "array", "maxItems": 500, "minItems": 1, "title": "User Ids", "description": "Array of user unique IDs (max: 500)"}}, "type": "object", "required": ["user_ids"], "title": "UsersByIdsRequest", "description": "Request for getting users by an array of IDs."}, "UsersByIdsResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "users": {"items": {"$ref": "#/components/schemas/UserItem"}, "type": "array", "title": "Users"}}, "type": "object", "required": ["tenant_id", "users"], "title": "UsersByIdsResponse", "description": "Response with users by IDs."}, "UsersPagination": {"properties": {"limit": {"type": "integer", "maximum": 100.0, "minimum": 1.0, "title": "Limit", "description": "Number of items per page (max: 100)", "default": 50}, "offset": {"type": "integer", "minimum": 0.0, "title": "Offset", "description": "Number of items to skip", "default": 0}}, "type": "object", "title": "UsersPagination", "description": "Pagination parameters for users (max 100 per page)."}, "UsersRequest": {"properties": {"search": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Search", "description": "Search term for case-insensitive match on user name and display name"}, "pagination": {"$ref": "#/components/schemas/UsersPagination", "description": "Pagination parameters"}}, "type": "object", "title": "UsersRequest", "description": "Request for querying users."}, "UsersResponse": {"properties": {"tenant_id": {"type": "string", "format": "uuid", "title": "Tenant Id"}, "users": {"items": {"$ref": "#/components/schemas/UserItem"}, "type": "array", "title": "Users"}, "limit": {"type": "integer", "title": "Limit"}, "offset": {"type": "integer", "title": "Offset"}}, "type": "object", "required": ["tenant_id", "users", "limit", "offset"], "title": "UsersResponse", "description": "Response with users and pagination metadata."}, "AppResult": {"properties": {"app_id": {"type": "integer", "title": "App Id", "description": "Unique app identifier"}, "name": {"type": "string", "title": "Name", "description": "App name"}, "description": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Description", "description": "App description"}, "page_url": {"anyOf": [{"type": "string"}, {"type": "null"}], "title": "Page Url", "description": "App page URL"}}, "type": "object", "required": ["app_id", "name"], "title": "AppResult", "description": "A single app result with minimal fields."}, "AppSearchRequest": {"properties": {"search": {"type": "string", "maxLength": 200, "minLength": 1, "title": "Search", "description": "Search term"}, "search_by": {"$ref": "#/components/schemas/SearchBy", "description": "Search mode: name, name_and_description, or url", "default": "name"}}, "type": "object", "required": ["search"], "title": "AppSearchRequest", "description": "Request for searching GenAI apps."}, "AppSearchResponse": {"properties": {"results": {"items": {"$ref": "#/components/schemas/AppResult"}, "type": "array", "title": "Results", "description": "Matching apps (max 10)"}}, "type": "object", "title": "AppSearchResponse", "description": "Response with matching apps (max 10)."}, "AppsByIdsRequest": {"properties": {"ids": {"items": {"type": "integer"}, "type": "array", "maxItems": 100, "minItems": 1, "title": "Ids", "description": "Array of app IDs (max: 100)"}}, "type": "object", "required": ["ids"], "title": "AppsByIdsRequest", "description": "Request for getting apps by an array of IDs."}, "AppsByIdsResponse": {"properties": {"results": {"items": {"$ref": "#/components/schemas/AppResult"}, "type": "array", "title": "Results", "description": "Matching apps"}}, "type": "object", "title": "AppsByIdsResponse", "description": "Response with apps by IDs."}, "SearchBy": {"type": "string", "enum": ["name", "name_and_description", "url"], "title": "SearchBy"}}, "securitySchemes": {"HTTPBearer": {"type": "http", "scheme": "bearer"}}}} \ No newline at end of file diff --git a/sdk_generator/scripts/post_build.py b/sdk_generator/scripts/post_build.py index d227d7f..2a80503 100644 --- a/sdk_generator/scripts/post_build.py +++ b/sdk_generator/scripts/post_build.py @@ -1,14 +1,17 @@ import os -import re import shutil import json from datetime import datetime from pathlib import Path +""" +Post-generation script — only creates sdk_build.py and cleans up. + +""" + PROJECT_DIR = str(Path(os.path.dirname(__file__), '..', '..')) BASE_PATH = os.path.join(PROJECT_DIR, 'chkp_ai_security_sdk') -# SDK configuration — one entry per product PKG_NAME = 'chkp_ai_security_sdk' PRODUCTS = [ @@ -17,30 +20,22 @@ 'label': 'ai-security', 'generated_dir': os.path.join(BASE_PATH, 'generated'), 'spec_dir': os.path.join(PROJECT_DIR, 'resources', 'specs', 'main'), - 'pkg_prefix': f'{PKG_NAME}.generated', - 'mixin_class': '_ApiMixin', }, { 'label': 'browse-security', 'generated_dir': os.path.join(BASE_PATH, 'generated_browse'), 'spec_dir': os.path.join(PROJECT_DIR, 'resources', 'specs', 'browse'), - 'pkg_prefix': f'{PKG_NAME}.generated_browse', - 'mixin_class': '_BrowseApiMixin', }, # ── Async ── { 'label': 'ai-security-async', 'generated_dir': os.path.join(BASE_PATH, 'generated_async'), 'spec_dir': os.path.join(PROJECT_DIR, 'resources', 'specs', 'main'), - 'pkg_prefix': f'{PKG_NAME}.generated_async', - 'mixin_class': '_AsyncApiMixin', }, { 'label': 'browse-security-async', 'generated_dir': os.path.join(BASE_PATH, 'generated_browse_async'), 'spec_dir': os.path.join(PROJECT_DIR, 'resources', 'specs', 'browse'), - 'pkg_prefix': f'{PKG_NAME}.generated_browse_async', - 'mixin_class': '_AsyncBrowseApiMixin', }, ] @@ -76,49 +71,6 @@ def sdk_build_info() -> WorkforceAISDKInfo: print(f'[post-build:{product["label"]}] sdk_build.py written') -def __discover_apis(product): - """Scan generated api/__init__.py to discover all API classes.""" - init_path = os.path.join(product['generated_dir'], 'api', '__init__.py') - apis = [] - with open(init_path, 'r') as f: - for line in f: - m = re.match(r'from \S+\.api\.(\w+) import (\w+)', line) - if m: - apis.append((m.group(1), m.group(2))) - return sorted(apis, key=lambda x: x[0]) - - -def __generate_api_mixin(product, apis): - """Generate generated/api_mixin.py with API property accessors.""" - pkg_prefix = product['pkg_prefix'] - mixin_class = product['mixin_class'] - - props = '' - for module_name, class_name in apis: - props += f''' - @property - def {module_name}(self): - from {pkg_prefix}.api.{module_name} import {class_name} - return {class_name}(self._get_api_client()) -''' - - content = f'''"""Auto-generated API mixin — do not edit manually. - -Provides property accessors for all generated API classes. -Inherit from {mixin_class} in your SDK class and implement _get_api_client(). -""" - - -class {mixin_class}: - def _get_api_client(self): - raise NotImplementedError -{props}''' - - with open(os.path.join(product['generated_dir'], 'api_mixin.py'), 'w') as f: - f.write(content) - print(f'[post-build:{product["label"]}] api_mixin.py generated with {len(apis)} APIs') - - def __cleanup_generated(product): output_path = product['generated_dir'] for dirname in ['test', 'docs']: @@ -136,21 +88,11 @@ def __cleanup_generated(product): if os.path.exists(readme_path): os.remove(readme_path) print(f'[post-build:{product["label"]}] Removed {readme_path}') - - -def __inject_api_source_header(product): - """Inject x-api-source default header into generated api_client.py.""" - api_client_path = os.path.join(product['generated_dir'], 'api_client.py') - if not os.path.exists(api_client_path): - return - with open(api_client_path, 'r') as f: - content = f.read() - needle = "self.default_headers = {}" - if needle in content and 'x-api-source' not in content: - content = content.replace(needle, "self.default_headers = {'x-api-source': 'py_sdk'}") - with open(api_client_path, 'w') as f: - f.write(content) - print(f'[post-build:{product["label"]}] Injected x-api-source header into api_client.py') + # Remove legacy api_mixin.py if it exists (now generated by template) + legacy = os.path.join(output_path, 'api_mixin.py') + if os.path.exists(legacy): + os.remove(legacy) + print(f'[post-build:{product["label"]}] Removed legacy api_mixin.py') def post_build_process(): @@ -160,13 +102,6 @@ def post_build_process(): __prepare_build_info(product) print(f'[post-build:{label}] Cleaning up generated files...') __cleanup_generated(product) - print(f'[post-build:{label}] Injecting x-api-source header...') - __inject_api_source_header(product) - print(f'[post-build:{label}] Discovering APIs...') - apis = __discover_apis(product) - print(f'[post-build:{label}] Found {len(apis)} APIs: {", ".join(c for _, c in apis)}') - print(f'[post-build:{label}] Generating API mixin...') - __generate_api_mixin(product, apis) print('[post-build] Setting __init__ export...') shutil.copy(