cloudflare
diff --git a/‎.stats.yml‎
Lines changed: 2 additions & 2 deletions b/‎.stats.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/cloudflare/resources/zero_trust/access/applications/applications.py‎
Lines changed: 128 additions & 0 deletions b/‎src/cloudflare/resources/zero_trust/access/applications/applications.py‎
Lines changed: 128 additions & 0 deletions
diff --git a/‎src/cloudflare/types/zero_trust/access/application_create_params.py‎
Lines changed: 103 additions & 3 deletions b/‎src/cloudflare/types/zero_trust/access/application_create_params.py‎
Lines changed: 103 additions & 3 deletions
diff --git a/‎src/cloudflare/types/zero_trust/access/application_create_response.py‎
Lines changed: 106 additions & 0 deletions b/‎src/cloudflare/types/zero_trust/access/application_create_response.py‎
Lines changed: 106 additions & 0 deletions
@@ -1,4 +1,4 @@
 configured_endpoints: 1996
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-ed290d9fcbc15c748f092a47b3c4cb4c88cd68de7050c7a8d0574c27b80585a4.yml
-openapi_spec_hash: 18e1e8a258084ca0e5a9199b03bb9aa8
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/cloudflare%2Fcloudflare-8d1c797be2f62cfe7299595bbd18a1b3761024b586866b48be9e0f27d54ace89.yml
+openapi_spec_hash: 46a8341906b1026e5a969579c8a10b14
 config_hash: d1101915de2a8b526a1fe20a9f7314ca
@@ -89,7 +89,10 @@
     "GatewayIdentityProxyEndpointApplicationPolicy",
     "GatewayIdentityProxyEndpointApplicationPolicyAccessAppPolicyLink",
     "GatewayIdentityProxyEndpointApplicationPolicyUnionMember2",
-    "AccessBookmarkProps",
+    "BookmarkApplication",
+    "BookmarkApplicationPolicy",
+    "BookmarkApplicationPolicyAccessAppPolicyLink",
+    "BookmarkApplicationPolicyUnionMember2",
     "InfrastructureApplication",
     "InfrastructureApplicationTargetCriterion",
     "InfrastructureApplicationPolicy",
@@ -274,6 +277,14 @@ class SelfHostedApplication(TypedDict, total=False):
     Tags are used to filter applications in the App Launcher dashboard.
     """
 
+    use_clientless_isolation_app_launcher_url: bool
+    """
+    Determines if users can access this application via a clientless browser
+    isolation URL. This allows users to access private domains without connecting to
+    Gateway. The option requires Clientless Browser Isolation to be set up with
+    policies that allow users of this application.
+    """
+
 
 class SelfHostedApplicationDestinationPublicDestination(TypedDict, total=False):
     """A public hostname that Access will secure.
@@ -888,6 +899,14 @@ class BrowserSSHApplication(TypedDict, total=False):
     Tags are used to filter applications in the App Launcher dashboard.
     """
 
+    use_clientless_isolation_app_launcher_url: bool
+    """
+    Determines if users can access this application via a clientless browser
+    isolation URL. This allows users to access private domains without connecting to
+    Gateway. The option requires Clientless Browser Isolation to be set up with
+    policies that allow users of this application.
+    """
+
 
 class BrowserSSHApplicationDestinationPublicDestination(TypedDict, total=False):
     """A public hostname that Access will secure.
@@ -1286,6 +1305,14 @@ class BrowserVNCApplication(TypedDict, total=False):
     Tags are used to filter applications in the App Launcher dashboard.
     """
 
+    use_clientless_isolation_app_launcher_url: bool
+    """
+    Determines if users can access this application via a clientless browser
+    isolation URL. This allows users to access private domains without connecting to
+    Gateway. The option requires Clientless Browser Isolation to be set up with
+    policies that allow users of this application.
+    """
+
 
 class BrowserVNCApplicationDestinationPublicDestination(TypedDict, total=False):
     """A public hostname that Access will secure.
@@ -2030,7 +2057,7 @@ class GatewayIdentityProxyEndpointApplicationPolicyUnionMember2(TypedDict, total
 ]
 
 
-class AccessBookmarkProps(TypedDict, total=False):
+class BookmarkApplication(TypedDict, total=False):
     account_id: str
     """The Account ID to use for this endpoint. Mutually exclusive with the Zone ID."""
 
@@ -2049,6 +2076,13 @@ class AccessBookmarkProps(TypedDict, total=False):
     name: str
     """The name of the application."""
 
+    policies: SequenceNotStr[BookmarkApplicationPolicy]
+    """
+    The policies that Access applies to the application, in ascending order of
+    precedence. Items can reference existing policies or create new policies
+    exclusive to the application.
+    """
+
     tags: SequenceNotStr[str]
     """The tags you want assigned to an application.
 
@@ -2059,6 +2093,64 @@ class AccessBookmarkProps(TypedDict, total=False):
     """The application type."""
 
 
+class BookmarkApplicationPolicyAccessAppPolicyLink(TypedDict, total=False):
+    """A JSON that links a reusable policy to an application."""
+
+    id: str
+    """The UUID of the policy"""
+
+    precedence: int
+    """The order of execution for this policy.
+
+    Must be unique for each policy within an app.
+    """
+
+
+class BookmarkApplicationPolicyUnionMember2(TypedDict, total=False):
+    id: str
+    """The UUID of the policy"""
+
+    approval_groups: Iterable[ApprovalGroupParam]
+    """Administrators who can approve a temporary authentication request."""
+
+    approval_required: bool
+    """
+    Requires the user to request access from an administrator at the start of each
+    session.
+    """
+
+    isolation_required: bool
+    """
+    Require this application to be served in an isolated browser for users matching
+    this policy. 'Client Web Isolation' must be on for the account in order to use
+    this feature.
+    """
+
+    precedence: int
+    """The order of execution for this policy.
+
+    Must be unique for each policy within an app.
+    """
+
+    purpose_justification_prompt: str
+    """A custom message that will appear on the purpose justification screen."""
+
+    purpose_justification_required: bool
+    """Require users to enter a justification when they log in to the application."""
+
+    session_duration: str
+    """The amount of time that tokens issued for the application will be valid.
+
+    Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs),
+    ms, s, m, h.
+    """
+
+
+BookmarkApplicationPolicy: TypeAlias = Union[
+    BookmarkApplicationPolicyAccessAppPolicyLink, str, BookmarkApplicationPolicyUnionMember2
+]
+
+
 class InfrastructureApplication(TypedDict, total=False):
     target_criteria: Required[Iterable[InfrastructureApplicationTargetCriterion]]
 
@@ -2315,6 +2407,14 @@ class BrowserRdpApplication(TypedDict, total=False):
     Tags are used to filter applications in the App Launcher dashboard.
     """
 
+    use_clientless_isolation_app_launcher_url: bool
+    """
+    Determines if users can access this application via a clientless browser
+    isolation URL. This allows users to access private domains without connecting to
+    Gateway. The option requires Clientless Browser Isolation to be set up with
+    policies that allow users of this application.
+    """
+
 
 class BrowserRdpApplicationTargetCriterion(TypedDict, total=False):
     port: Required[int]
@@ -2557,7 +2657,7 @@ class BrowserRdpApplicationSCIMConfig(TypedDict, total=False):
     DeviceEnrollmentPermissionsApplication,
     BrowserIsolationPermissionsApplication,
     GatewayIdentityProxyEndpointApplication,
-    AccessBookmarkProps,
+    BookmarkApplication,
     InfrastructureApplication,
     BrowserRdpApplication,
 ]
@@ -73,6 +73,7 @@
     "GatewayIdentityProxyEndpointApplication",
     "GatewayIdentityProxyEndpointApplicationPolicy",
     "BookmarkApplication",
+    "BookmarkApplicationPolicy",
     "InfrastructureApplication",
     "InfrastructureApplicationTargetCriterion",
     "InfrastructureApplicationPolicy",
@@ -479,6 +480,14 @@ class SelfHostedApplication(BaseModel):
     Tags are used to filter applications in the App Launcher dashboard.
     """
 
+    use_clientless_isolation_app_launcher_url: Optional[bool] = None
+    """
+    Determines if users can access this application via a clientless browser
+    isolation URL. This allows users to access private domains without connecting to
+    Gateway. The option requires Clientless Browser Isolation to be set up with
+    policies that allow users of this application.
+    """
+
 
 class SaaSApplicationPolicy(BaseModel):
     id: Optional[str] = None
@@ -1106,6 +1115,14 @@ class BrowserSSHApplication(BaseModel):
     Tags are used to filter applications in the App Launcher dashboard.
     """
 
+    use_clientless_isolation_app_launcher_url: Optional[bool] = None
+    """
+    Determines if users can access this application via a clientless browser
+    isolation URL. This allows users to access private domains without connecting to
+    Gateway. The option requires Clientless Browser Isolation to be set up with
+    policies that allow users of this application.
+    """
+
 
 class BrowserVNCApplicationDestinationPublicDestination(BaseModel):
     """A public hostname that Access will secure.
@@ -1508,6 +1525,14 @@ class BrowserVNCApplication(BaseModel):
     Tags are used to filter applications in the App Launcher dashboard.
     """
 
+    use_clientless_isolation_app_launcher_url: Optional[bool] = None
+    """
+    Determines if users can access this application via a clientless browser
+    isolation URL. This allows users to access private domains without connecting to
+    Gateway. The option requires Clientless Browser Isolation to be set up with
+    policies that allow users of this application.
+    """
+
 
 class AppLauncherApplicationFooterLink(BaseModel):
     name: str
@@ -2085,6 +2110,77 @@ class GatewayIdentityProxyEndpointApplication(BaseModel):
     """
 
 
+class BookmarkApplicationPolicy(BaseModel):
+    id: Optional[str] = None
+    """The UUID of the policy"""
+
+    approval_groups: Optional[List[ApprovalGroup]] = None
+    """Administrators who can approve a temporary authentication request."""
+
+    approval_required: Optional[bool] = None
+    """
+    Requires the user to request access from an administrator at the start of each
+    session.
+    """
+
+    created_at: Optional[datetime] = None
+
+    decision: Optional[Decision] = None
+    """The action Access will take if a user matches this policy.
+
+    Infrastructure application policies can only use the Allow action.
+    """
+
+    exclude: Optional[List[AccessRule]] = None
+    """Rules evaluated with a NOT logical operator.
+
+    To match the policy, a user cannot meet any of the Exclude rules.
+    """
+
+    include: Optional[List[AccessRule]] = None
+    """Rules evaluated with an OR logical operator.
+
+    A user needs to meet only one of the Include rules.
+    """
+
+    isolation_required: Optional[bool] = None
+    """
+    Require this application to be served in an isolated browser for users matching
+    this policy. 'Client Web Isolation' must be on for the account in order to use
+    this feature.
+    """
+
+    name: Optional[str] = None
+    """The name of the Access policy."""
+
+    precedence: Optional[int] = None
+    """The order of execution for this policy.
+
+    Must be unique for each policy within an app.
+    """
+
+    purpose_justification_prompt: Optional[str] = None
+    """A custom message that will appear on the purpose justification screen."""
+
+    purpose_justification_required: Optional[bool] = None
+    """Require users to enter a justification when they log in to the application."""
+
+    require: Optional[List[AccessRule]] = None
+    """Rules evaluated with an AND logical operator.
+
+    To match the policy, a user must meet all of the Require rules.
+    """
+
+    session_duration: Optional[str] = None
+    """The amount of time that tokens issued for the application will be valid.
+
+    Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs),
+    ms, s, m, h.
+    """
+
+    updated_at: Optional[datetime] = None
+
+
 class BookmarkApplication(BaseModel):
     id: Optional[str] = None
     """UUID."""
@@ -2104,6 +2200,8 @@ class BookmarkApplication(BaseModel):
     name: Optional[str] = None
     """The name of the application."""
 
+    policies: Optional[List[BookmarkApplicationPolicy]] = None
+
     tags: Optional[List[str]] = None
     """The tags you want assigned to an application.
 
@@ -2614,6 +2712,14 @@ class BrowserRdpApplication(BaseModel):
     Tags are used to filter applications in the App Launcher dashboard.
     """
 
+    use_clientless_isolation_app_launcher_url: Optional[bool] = None
+    """
+    Determines if users can access this application via a clientless browser
+    isolation URL. This allows users to access private domains without connecting to
+    Gateway. The option requires Clientless Browser Isolation to be set up with
+    policies that allow users of this application.
+    """
+
 
 ApplicationCreateResponse: TypeAlias = Union[
     SelfHostedApplication,