gitpod-io · stainless-app · Feb 18, 2026 · Feb 12, 2026 · Feb 12, 2026 · Feb 12, 2026
diff --git a/.release-please-manifest.json b/.release-please-manifest.json
@@ -1,3 +1,3 @@
 {
-  ".": "0.12.0"
+  ".": "0.13.0"
 }
diff --git a/.stats.yml b/.stats.yml
@@ -1,4 +1,4 @@
 configured_endpoints: 175
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/gitpod%2Fgitpod-8f6ee769411e2d21a2f437d49eb2f16880fcef0db52ac1985f2a3963af45f6a0.yml
-openapi_spec_hash: 28f2d9d7e36f1f0ecd13052054449249
-config_hash: 3f1278a7a2a9285f57e81f148743e99e
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/gitpod%2Fgitpod-1923b5d3865532d64d80c22746aa63991bbf227cf1cbefc8cdb14a374c4c5b89.yml
+openapi_spec_hash: 304200ebfa8622f5f6846895528f06e3
+config_hash: 469d30a2d44895c8c53a5aac370a56f1
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,25 @@
 # Changelog
 
+## 0.13.0 (2026-02-18)
+
+Full Changelog: [v0.12.0...v0.13.0](https://github.com/gitpod-io/gitpod-sdk-typescript/compare/v0.12.0...v0.13.0)
+
+### Features
+
+* **api:** add auditOnly field to Veto.Exec and ExecutableDenyList ([08f9dd2](https://github.com/gitpod-io/gitpod-sdk-typescript/commit/08f9dd245a02ef2d831521a86cf72bbb5bdab963))
+* **api:** add runner_side_agent capability to runners ([1451c46](https://github.com/gitpod-io/gitpod-sdk-typescript/commit/1451c466af8c2f1a3b098090a98b958d94eb9024))
+* **api:** add WARMPOOL_ADMIN/WARMPOOL_VIEWER to ResourceRole ([04969a3](https://github.com/gitpod-io/gitpod-sdk-typescript/commit/04969a38173ca22010780ab4b41b0bb8a4414eb7))
+
+
+### Bug Fixes
+
+* **types:** rename ExecutableDenyList to VetoExecPolicy in organization policies ([0ff5595](https://github.com/gitpod-io/gitpod-sdk-typescript/commit/0ff5595a54b7f2cf3a16a49957686b4ed30891c5))
+
+
+### Chores
+
+* **internal/client:** fix form-urlencoded requests ([fd12303](https://github.com/gitpod-io/gitpod-sdk-typescript/commit/fd12303e87a280fda1e2f8d84bf328b941393405))
+
 ## 0.12.0 (2026-02-11)
 
 Full Changelog: [v0.11.0...v0.12.0](https://github.com/gitpod-io/gitpod-sdk-typescript/compare/v0.11.0...v0.12.0)

diff --git a/api.md b/api.md
@@ -428,9 +428,10 @@ Types:
 
 - <code><a href="./src/resources/organizations/policies.ts">AgentPolicy</a></code>
 - <code><a href="./src/resources/organizations/policies.ts">CrowdStrikeConfig</a></code>
-- <code><a href="./src/resources/organizations/policies.ts">ExecutableDenyList</a></code>
+- <code><a href="./src/resources/organizations/policies.ts">KernelControlsAction</a></code>
 - <code><a href="./src/resources/organizations/policies.ts">OrganizationPolicies</a></code>
 - <code><a href="./src/resources/organizations/policies.ts">SecurityAgentPolicy</a></code>
+- <code><a href="./src/resources/organizations/policies.ts">VetoExecPolicy</a></code>
 - <code><a href="./src/resources/organizations/policies.ts">PolicyRetrieveResponse</a></code>
 - <code><a href="./src/resources/organizations/policies.ts">PolicyUpdateResponse</a></code>
 

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@gitpod/sdk",
-  "version": "0.12.0",
+  "version": "0.13.0",
   "description": "The official TypeScript library for the Gitpod API",
   "author": "Gitpod <dev-feedback@gitpod.com>",
   "types": "dist/index.d.ts",

diff --git a/src/client.ts b/src/client.ts
@@ -1076,6 +1076,14 @@ export class Gitpod {
         (Symbol.iterator in body && 'next' in body && typeof body.next === 'function'))
     ) {
       return { bodyHeaders: undefined, body: Shims.ReadableStreamFrom(body as AsyncIterable<Uint8Array>) };
+    } else if (
+      typeof body === 'object' &&
+      headers.values.get('content-type') === 'application/x-www-form-urlencoded'
+    ) {
+      return {
+        bodyHeaders: { 'content-type': 'application/x-www-form-urlencoded' },
+        body: this.stringifyQuery(body as Record<string, unknown>),
+      };
     } else {
       return this.#encoder({ body, headers });
     }

diff --git a/src/resources/environments/environments.ts b/src/resources/environments/environments.ts
@@ -5,6 +5,7 @@ import * as EnvironmentsAPI from './environments';
 import * as Shared from '../shared';
 import * as ClassesAPI from './classes';
 import { ClassListParams, Classes } from './classes';
+import * as PoliciesAPI from '../organizations/policies';
 import * as ProjectsAPI from '../projects/projects';
 import * as RunnersAPI from '../runners/runners';
 import * as AutomationsAPI from './automations/automations';
@@ -1517,6 +1518,11 @@ export namespace Veto {
    * exec controls executable blocking
    */
   export interface Exec {
+    /**
+     * action specifies what action kernel-level controls take on policy violations
+     */
+    action?: PoliciesAPI.KernelControlsAction;
+
     /**
      * denylist is the list of executable paths or names to block
      */

diff --git a/src/resources/organizations/index.ts b/src/resources/organizations/index.ts
@@ -72,9 +72,10 @@ export {
   Policies,
   type AgentPolicy,
   type CrowdStrikeConfig,
-  type ExecutableDenyList,
+  type KernelControlsAction,
   type OrganizationPolicies,
   type SecurityAgentPolicy,
+  type VetoExecPolicy,
   type PolicyRetrieveResponse,
   type PolicyUpdateResponse,
   type PolicyRetrieveParams,

diff --git a/src/resources/organizations/organizations.ts b/src/resources/organizations/organizations.ts
@@ -56,14 +56,15 @@ import * as PoliciesAPI from './policies';
 import {
   AgentPolicy,
   CrowdStrikeConfig,
-  ExecutableDenyList,
+  KernelControlsAction,
   OrganizationPolicies,
   Policies,
   PolicyRetrieveParams,
   PolicyRetrieveResponse,
   PolicyUpdateParams,
   PolicyUpdateResponse,
   SecurityAgentPolicy,
+  VetoExecPolicy,
 } from './policies';
 import * as ScimConfigurationsAPI from './scim-configurations';
 import {
@@ -1048,9 +1049,10 @@ export declare namespace Organizations {
     Policies as Policies,
     type AgentPolicy as AgentPolicy,
     type CrowdStrikeConfig as CrowdStrikeConfig,
-    type ExecutableDenyList as ExecutableDenyList,
+    type KernelControlsAction as KernelControlsAction,
     type OrganizationPolicies as OrganizationPolicies,
     type SecurityAgentPolicy as SecurityAgentPolicy,
+    type VetoExecPolicy as VetoExecPolicy,
     type PolicyRetrieveResponse as PolicyRetrieveResponse,
     type PolicyUpdateResponse as PolicyUpdateResponse,
     type PolicyRetrieveParams as PolicyRetrieveParams,

diff --git a/src/resources/organizations/policies.ts b/src/resources/organizations/policies.ts
@@ -152,20 +152,12 @@ export interface CrowdStrikeConfig {
 }
 
 /**
- * ExecutableDenyList contains executables that are blocked from execution in
- * environments.
+ * KernelControlsAction defines how a kernel-level policy violation is handled.
  */
-export interface ExecutableDenyList {
-  /**
-   * enabled controls whether executable blocking is active
-   */
-  enabled?: boolean;
-
-  /**
-   * executables is the list of executable paths or names to block
-   */
-  executables?: Array<string>;
-}
+export type KernelControlsAction =
+  | 'KERNEL_CONTROLS_ACTION_UNSPECIFIED'
+  | 'KERNEL_CONTROLS_ACTION_BLOCK'
+  | 'KERNEL_CONTROLS_ACTION_AUDIT';
 
 export interface OrganizationPolicies {
   /**
@@ -261,10 +253,9 @@ export interface OrganizationPolicies {
   editorVersionRestrictions?: { [key: string]: OrganizationPolicies.EditorVersionRestrictions };
 
   /**
-   * executable_deny_list contains executables that are blocked from execution in
-   * environments.
+   * executable_deny_list contains the veto exec policy for environments.
    */
-  executableDenyList?: ExecutableDenyList;
+  executableDenyList?: VetoExecPolicy;
 
   /**
    * maximum_environment_lifetime controls for how long environments are allowed to
@@ -314,6 +305,27 @@ export interface SecurityAgentPolicy {
   crowdstrike?: CrowdStrikeConfig;
 }
 
+/**
+ * VetoExecPolicy defines the policy for blocking or auditing executable execution
+ * in environments.
+ */
+export interface VetoExecPolicy {
+  /**
+   * action specifies what action kernel-level controls take on policy violations
+   */
+  action?: KernelControlsAction;
+
+  /**
+   * enabled controls whether executable blocking is active
+   */
+  enabled?: boolean;
+
+  /**
+   * executables is the list of executable paths or names to block
+   */
+  executables?: Array<string>;
+}
+
 export interface PolicyRetrieveResponse {
   policies: OrganizationPolicies;
 }
@@ -376,10 +388,9 @@ export interface PolicyUpdateParams {
   editorVersionRestrictions?: { [key: string]: PolicyUpdateParams.EditorVersionRestrictions };
 
   /**
-   * executable_deny_list contains executables that are blocked from execution in
-   * environments.
+   * executable_deny_list contains the veto exec policy for environments.
    */
-  executableDenyList?: ExecutableDenyList | null;
+  executableDenyList?: VetoExecPolicy | null;
 
   /**
    * maximum_environment_lifetime controls for how long environments are allowed to
@@ -535,9 +546,10 @@ export declare namespace Policies {
   export {
     type AgentPolicy as AgentPolicy,
     type CrowdStrikeConfig as CrowdStrikeConfig,
-    type ExecutableDenyList as ExecutableDenyList,
+    type KernelControlsAction as KernelControlsAction,
     type OrganizationPolicies as OrganizationPolicies,
     type SecurityAgentPolicy as SecurityAgentPolicy,
+    type VetoExecPolicy as VetoExecPolicy,
     type PolicyRetrieveResponse as PolicyRetrieveResponse,
     type PolicyUpdateResponse as PolicyUpdateResponse,
     type PolicyRetrieveParams as PolicyRetrieveParams,

diff --git a/src/resources/runners/runners.ts b/src/resources/runners/runners.ts
@@ -622,7 +622,8 @@ export type RunnerCapability =
   | 'RUNNER_CAPABILITY_ENVIRONMENT_SNAPSHOT'
   | 'RUNNER_CAPABILITY_PREBUILDS_BEFORE_SNAPSHOT_TRIGGER'
   | 'RUNNER_CAPABILITY_LIST_SCM_ORGANIZATIONS'
-  | 'RUNNER_CAPABILITY_CHECK_REPOSITORY_ACCESS';
+  | 'RUNNER_CAPABILITY_CHECK_REPOSITORY_ACCESS'
+  | 'RUNNER_CAPABILITY_RUNNER_SIDE_AGENT';
 
 export interface RunnerConfiguration {
   /**

diff --git a/src/resources/shared.ts b/src/resources/shared.ts
@@ -252,7 +252,9 @@ export type ResourceRole =
   | 'RESOURCE_ROLE_SNAPSHOT_RUNNER'
   | 'RESOURCE_ROLE_WEBHOOK_ADMIN'
   | 'RESOURCE_ROLE_WEBHOOK_VIEWER'
-  | 'RESOURCE_ROLE_WARMPOOL_RUNNER';
+  | 'RESOURCE_ROLE_WARMPOOL_RUNNER'
+  | 'RESOURCE_ROLE_WARMPOOL_ADMIN'
+  | 'RESOURCE_ROLE_WARMPOOL_VIEWER';
 
 export type ResourceType =
   | 'RESOURCE_TYPE_UNSPECIFIED'

diff --git a/src/version.ts b/src/version.ts
@@ -1 +1 @@
-export const VERSION = '0.12.0'; // x-release-please-version
+export const VERSION = '0.13.0'; // x-release-please-version
diff --git a/tests/api-resources/organizations/policies.test.ts b/tests/api-resources/organizations/policies.test.ts
@@ -59,7 +59,11 @@ describe('resource policies', () => {
       defaultEnvironmentImage: 'defaultEnvironmentImage',
       deleteArchivedEnvironmentsAfter: '+9125115.360s',
       editorVersionRestrictions: { foo: { allowedVersions: ['string'] } },
-      executableDenyList: { enabled: true, executables: ['string'] },
+      executableDenyList: {
+        action: 'KERNEL_CONTROLS_ACTION_UNSPECIFIED',
+        enabled: true,
+        executables: ['string'],
+      },
       maximumEnvironmentLifetime: '+9125115.360s',
       maximumEnvironmentsPerUser: '20',
       maximumEnvironmentTimeout: '3600s',
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		export const VERSION = '0.12.0'; // x-release-please-version
		export const VERSION = '0.13.0'; // x-release-please-version