diff --git a/.release-please-manifest.json b/.release-please-manifest.json
index 8032c17..ed21d28 100644
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@@ -1,3 +1,3 @@
{
- ".": "0.12.0"
+ ".": "0.13.0"
}
diff --git a/.stats.yml b/.stats.yml
index cca37c7..f91b512 100644
--- a/.stats.yml
+++ b/.stats.yml
@@ -1,4 +1,4 @@
configured_endpoints: 175
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/gitpod%2Fgitpod-8f6ee769411e2d21a2f437d49eb2f16880fcef0db52ac1985f2a3963af45f6a0.yml
-openapi_spec_hash: 28f2d9d7e36f1f0ecd13052054449249
-config_hash: 3f1278a7a2a9285f57e81f148743e99e
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/gitpod%2Fgitpod-1923b5d3865532d64d80c22746aa63991bbf227cf1cbefc8cdb14a374c4c5b89.yml
+openapi_spec_hash: 304200ebfa8622f5f6846895528f06e3
+config_hash: 469d30a2d44895c8c53a5aac370a56f1
diff --git a/CHANGELOG.md b/CHANGELOG.md
index cd75877..6590a4f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,25 @@
# Changelog
+## 0.13.0 (2026-02-18)
+
+Full Changelog: [v0.12.0...v0.13.0](https://github.com/gitpod-io/gitpod-sdk-typescript/compare/v0.12.0...v0.13.0)
+
+### Features
+
+* **api:** add auditOnly field to Veto.Exec and ExecutableDenyList ([08f9dd2](https://github.com/gitpod-io/gitpod-sdk-typescript/commit/08f9dd245a02ef2d831521a86cf72bbb5bdab963))
+* **api:** add runner_side_agent capability to runners ([1451c46](https://github.com/gitpod-io/gitpod-sdk-typescript/commit/1451c466af8c2f1a3b098090a98b958d94eb9024))
+* **api:** add WARMPOOL_ADMIN/WARMPOOL_VIEWER to ResourceRole ([04969a3](https://github.com/gitpod-io/gitpod-sdk-typescript/commit/04969a38173ca22010780ab4b41b0bb8a4414eb7))
+
+
+### Bug Fixes
+
+* **types:** rename ExecutableDenyList to VetoExecPolicy in organization policies ([0ff5595](https://github.com/gitpod-io/gitpod-sdk-typescript/commit/0ff5595a54b7f2cf3a16a49957686b4ed30891c5))
+
+
+### Chores
+
+* **internal/client:** fix form-urlencoded requests ([fd12303](https://github.com/gitpod-io/gitpod-sdk-typescript/commit/fd12303e87a280fda1e2f8d84bf328b941393405))
+
## 0.12.0 (2026-02-11)
Full Changelog: [v0.11.0...v0.12.0](https://github.com/gitpod-io/gitpod-sdk-typescript/compare/v0.11.0...v0.12.0)
diff --git a/api.md b/api.md
index 1adbdf7..fedc040 100644
--- a/api.md
+++ b/api.md
@@ -428,9 +428,10 @@ Types:
- AgentPolicy
- CrowdStrikeConfig
-- ExecutableDenyList
+- KernelControlsAction
- OrganizationPolicies
- SecurityAgentPolicy
+- VetoExecPolicy
- PolicyRetrieveResponse
- PolicyUpdateResponse
diff --git a/package.json b/package.json
index 90ab367..0be4380 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "@gitpod/sdk",
- "version": "0.12.0",
+ "version": "0.13.0",
"description": "The official TypeScript library for the Gitpod API",
"author": "Gitpod ",
"types": "dist/index.d.ts",
diff --git a/src/client.ts b/src/client.ts
index 4ea1bc7..4c6c90a 100644
--- a/src/client.ts
+++ b/src/client.ts
@@ -1076,6 +1076,14 @@ export class Gitpod {
(Symbol.iterator in body && 'next' in body && typeof body.next === 'function'))
) {
return { bodyHeaders: undefined, body: Shims.ReadableStreamFrom(body as AsyncIterable) };
+ } else if (
+ typeof body === 'object' &&
+ headers.values.get('content-type') === 'application/x-www-form-urlencoded'
+ ) {
+ return {
+ bodyHeaders: { 'content-type': 'application/x-www-form-urlencoded' },
+ body: this.stringifyQuery(body as Record),
+ };
} else {
return this.#encoder({ body, headers });
}
diff --git a/src/resources/environments/environments.ts b/src/resources/environments/environments.ts
index 2e45ab7..4475f7e 100644
--- a/src/resources/environments/environments.ts
+++ b/src/resources/environments/environments.ts
@@ -5,6 +5,7 @@ import * as EnvironmentsAPI from './environments';
import * as Shared from '../shared';
import * as ClassesAPI from './classes';
import { ClassListParams, Classes } from './classes';
+import * as PoliciesAPI from '../organizations/policies';
import * as ProjectsAPI from '../projects/projects';
import * as RunnersAPI from '../runners/runners';
import * as AutomationsAPI from './automations/automations';
@@ -1517,6 +1518,11 @@ export namespace Veto {
* exec controls executable blocking
*/
export interface Exec {
+ /**
+ * action specifies what action kernel-level controls take on policy violations
+ */
+ action?: PoliciesAPI.KernelControlsAction;
+
/**
* denylist is the list of executable paths or names to block
*/
diff --git a/src/resources/organizations/index.ts b/src/resources/organizations/index.ts
index 4832a94..82cec16 100644
--- a/src/resources/organizations/index.ts
+++ b/src/resources/organizations/index.ts
@@ -72,9 +72,10 @@ export {
Policies,
type AgentPolicy,
type CrowdStrikeConfig,
- type ExecutableDenyList,
+ type KernelControlsAction,
type OrganizationPolicies,
type SecurityAgentPolicy,
+ type VetoExecPolicy,
type PolicyRetrieveResponse,
type PolicyUpdateResponse,
type PolicyRetrieveParams,
diff --git a/src/resources/organizations/organizations.ts b/src/resources/organizations/organizations.ts
index 3379e5f..9860548 100644
--- a/src/resources/organizations/organizations.ts
+++ b/src/resources/organizations/organizations.ts
@@ -56,7 +56,7 @@ import * as PoliciesAPI from './policies';
import {
AgentPolicy,
CrowdStrikeConfig,
- ExecutableDenyList,
+ KernelControlsAction,
OrganizationPolicies,
Policies,
PolicyRetrieveParams,
@@ -64,6 +64,7 @@ import {
PolicyUpdateParams,
PolicyUpdateResponse,
SecurityAgentPolicy,
+ VetoExecPolicy,
} from './policies';
import * as ScimConfigurationsAPI from './scim-configurations';
import {
@@ -1048,9 +1049,10 @@ export declare namespace Organizations {
Policies as Policies,
type AgentPolicy as AgentPolicy,
type CrowdStrikeConfig as CrowdStrikeConfig,
- type ExecutableDenyList as ExecutableDenyList,
+ type KernelControlsAction as KernelControlsAction,
type OrganizationPolicies as OrganizationPolicies,
type SecurityAgentPolicy as SecurityAgentPolicy,
+ type VetoExecPolicy as VetoExecPolicy,
type PolicyRetrieveResponse as PolicyRetrieveResponse,
type PolicyUpdateResponse as PolicyUpdateResponse,
type PolicyRetrieveParams as PolicyRetrieveParams,
diff --git a/src/resources/organizations/policies.ts b/src/resources/organizations/policies.ts
index 99a1f94..62c3924 100644
--- a/src/resources/organizations/policies.ts
+++ b/src/resources/organizations/policies.ts
@@ -152,20 +152,12 @@ export interface CrowdStrikeConfig {
}
/**
- * ExecutableDenyList contains executables that are blocked from execution in
- * environments.
+ * KernelControlsAction defines how a kernel-level policy violation is handled.
*/
-export interface ExecutableDenyList {
- /**
- * enabled controls whether executable blocking is active
- */
- enabled?: boolean;
-
- /**
- * executables is the list of executable paths or names to block
- */
- executables?: Array;
-}
+export type KernelControlsAction =
+ | 'KERNEL_CONTROLS_ACTION_UNSPECIFIED'
+ | 'KERNEL_CONTROLS_ACTION_BLOCK'
+ | 'KERNEL_CONTROLS_ACTION_AUDIT';
export interface OrganizationPolicies {
/**
@@ -261,10 +253,9 @@ export interface OrganizationPolicies {
editorVersionRestrictions?: { [key: string]: OrganizationPolicies.EditorVersionRestrictions };
/**
- * executable_deny_list contains executables that are blocked from execution in
- * environments.
+ * executable_deny_list contains the veto exec policy for environments.
*/
- executableDenyList?: ExecutableDenyList;
+ executableDenyList?: VetoExecPolicy;
/**
* maximum_environment_lifetime controls for how long environments are allowed to
@@ -314,6 +305,27 @@ export interface SecurityAgentPolicy {
crowdstrike?: CrowdStrikeConfig;
}
+/**
+ * VetoExecPolicy defines the policy for blocking or auditing executable execution
+ * in environments.
+ */
+export interface VetoExecPolicy {
+ /**
+ * action specifies what action kernel-level controls take on policy violations
+ */
+ action?: KernelControlsAction;
+
+ /**
+ * enabled controls whether executable blocking is active
+ */
+ enabled?: boolean;
+
+ /**
+ * executables is the list of executable paths or names to block
+ */
+ executables?: Array;
+}
+
export interface PolicyRetrieveResponse {
policies: OrganizationPolicies;
}
@@ -376,10 +388,9 @@ export interface PolicyUpdateParams {
editorVersionRestrictions?: { [key: string]: PolicyUpdateParams.EditorVersionRestrictions };
/**
- * executable_deny_list contains executables that are blocked from execution in
- * environments.
+ * executable_deny_list contains the veto exec policy for environments.
*/
- executableDenyList?: ExecutableDenyList | null;
+ executableDenyList?: VetoExecPolicy | null;
/**
* maximum_environment_lifetime controls for how long environments are allowed to
@@ -535,9 +546,10 @@ export declare namespace Policies {
export {
type AgentPolicy as AgentPolicy,
type CrowdStrikeConfig as CrowdStrikeConfig,
- type ExecutableDenyList as ExecutableDenyList,
+ type KernelControlsAction as KernelControlsAction,
type OrganizationPolicies as OrganizationPolicies,
type SecurityAgentPolicy as SecurityAgentPolicy,
+ type VetoExecPolicy as VetoExecPolicy,
type PolicyRetrieveResponse as PolicyRetrieveResponse,
type PolicyUpdateResponse as PolicyUpdateResponse,
type PolicyRetrieveParams as PolicyRetrieveParams,
diff --git a/src/resources/runners/runners.ts b/src/resources/runners/runners.ts
index 2e8ebd6..31deff2 100644
--- a/src/resources/runners/runners.ts
+++ b/src/resources/runners/runners.ts
@@ -622,7 +622,8 @@ export type RunnerCapability =
| 'RUNNER_CAPABILITY_ENVIRONMENT_SNAPSHOT'
| 'RUNNER_CAPABILITY_PREBUILDS_BEFORE_SNAPSHOT_TRIGGER'
| 'RUNNER_CAPABILITY_LIST_SCM_ORGANIZATIONS'
- | 'RUNNER_CAPABILITY_CHECK_REPOSITORY_ACCESS';
+ | 'RUNNER_CAPABILITY_CHECK_REPOSITORY_ACCESS'
+ | 'RUNNER_CAPABILITY_RUNNER_SIDE_AGENT';
export interface RunnerConfiguration {
/**
diff --git a/src/resources/shared.ts b/src/resources/shared.ts
index 54fc29f..536a56d 100644
--- a/src/resources/shared.ts
+++ b/src/resources/shared.ts
@@ -252,7 +252,9 @@ export type ResourceRole =
| 'RESOURCE_ROLE_SNAPSHOT_RUNNER'
| 'RESOURCE_ROLE_WEBHOOK_ADMIN'
| 'RESOURCE_ROLE_WEBHOOK_VIEWER'
- | 'RESOURCE_ROLE_WARMPOOL_RUNNER';
+ | 'RESOURCE_ROLE_WARMPOOL_RUNNER'
+ | 'RESOURCE_ROLE_WARMPOOL_ADMIN'
+ | 'RESOURCE_ROLE_WARMPOOL_VIEWER';
export type ResourceType =
| 'RESOURCE_TYPE_UNSPECIFIED'
diff --git a/src/version.ts b/src/version.ts
index ce6b899..9d013cc 100644
--- a/src/version.ts
+++ b/src/version.ts
@@ -1 +1 @@
-export const VERSION = '0.12.0'; // x-release-please-version
+export const VERSION = '0.13.0'; // x-release-please-version
diff --git a/tests/api-resources/organizations/policies.test.ts b/tests/api-resources/organizations/policies.test.ts
index 0aaa75f..1cdd350 100644
--- a/tests/api-resources/organizations/policies.test.ts
+++ b/tests/api-resources/organizations/policies.test.ts
@@ -59,7 +59,11 @@ describe('resource policies', () => {
defaultEnvironmentImage: 'defaultEnvironmentImage',
deleteArchivedEnvironmentsAfter: '+9125115.360s',
editorVersionRestrictions: { foo: { allowedVersions: ['string'] } },
- executableDenyList: { enabled: true, executables: ['string'] },
+ executableDenyList: {
+ action: 'KERNEL_CONTROLS_ACTION_UNSPECIFIED',
+ enabled: true,
+ executables: ['string'],
+ },
maximumEnvironmentLifetime: '+9125115.360s',
maximumEnvironmentsPerUser: '20',
maximumEnvironmentTimeout: '3600s',