Update API types to latest

libs/i18n/locales/en/translation.json

@@ -879,6 +879,11 @@
   "Device specification is invalid": "Device specification is invalid",
   "Device is paused after database restore": "Device is paused after database restore",
   "Device conflict has been resolved": "Device conflict has been resolved",
+  "DeviceOS image changed": "DeviceOS image changed",
+  "Dependency change detected": "Dependency change detected",
+  "Critical vulnerability detected": "Critical vulnerability detected",
+  "Vulnerability resolved": "Vulnerability resolved",
+  "Moderate vulnerability detected": "Moderate vulnerability detected",
   "Enrollment request was approved": "Enrollment request was approved",
   "Enrollment request approval failed": "Enrollment request approval failed",
   "Internal task failed": "Internal task failed",

libs/types/alpha/index.ts

@@ -3,6 +3,7 @@
 /* tslint:disable */
 /* eslint-disable */
 
+export type { AffectedFleet } from './models/AffectedFleet';
 export { ApiVersion } from './models/ApiVersion';
 export type { Catalog } from './models/Catalog';
 export type { CatalogItem } from './models/CatalogItem';
@@ -19,4 +20,20 @@ export type { CatalogItemVersion } from './models/CatalogItemVersion';
 export type { CatalogList } from './models/CatalogList';
 export type { CatalogSpec } from './models/CatalogSpec';
 export type { CatalogStatus } from './models/CatalogStatus';
+export type { CveCountsBySeverity } from './models/CveCountsBySeverity';
+export type { DeviceCountsBySeverity } from './models/DeviceCountsBySeverity';
+export type { DeviceVulnerabilitySummaryResponse } from './models/DeviceVulnerabilitySummaryResponse';
+export type { FleetVulnerabilitySummary } from './models/FleetVulnerabilitySummary';
+export type { FleetVulnerabilitySummaryResponse } from './models/FleetVulnerabilitySummaryResponse';
+export type { SemVer } from './models/SemVer';
+export type { SemVerRange } from './models/SemVerRange';
 export type { Status } from './models/Status';
+export { Vulnerability } from './models/Vulnerability';
+export { VulnerabilityGroup } from './models/VulnerabilityGroup';
+export { VulnerabilityGroupItem } from './models/VulnerabilityGroupItem';
+export type { VulnerabilityGroupList } from './models/VulnerabilityGroupList';
+export type { VulnerabilityImageRef } from './models/VulnerabilityImageRef';
+export { VulnerabilityImpact } from './models/VulnerabilityImpact';
+export type { VulnerabilityList } from './models/VulnerabilityList';
+export type { VulnerabilitySeveritySummary } from './models/VulnerabilitySeveritySummary';
+export type { VulnerabilitySummaryResponse } from './models/VulnerabilitySummaryResponse';

libs/types/alpha/models/AffectedFleet.ts

@@ -0,0 +1,27 @@
+/* generated using openapi-typescript-codegen -- do no edit */
+/* istanbul ignore file */
+/* tslint:disable */
+/* eslint-disable */
+import type { VulnerabilityGroupItem } from './VulnerabilityGroupItem';
+/**
+ * One fleet or the fleetless aggregate with device and image counts for a CVE.
+ */
+export type AffectedFleet = {
+  /**
+   * Fleet metadata.name, empty for the fleetless aggregate.
+   */
+  fleetName: string;
+  /**
+   * True when this row represents devices not owned by a fleet.
+   */
+  fleetless: boolean;
+  /**
+   * Devices in this fleet or fleetless group affected by the CVE.
+   */
+  affectedDevices: number;
+  /**
+   * Per-digest findings within this fleet or fleetless group.
+   */
+  findings: Array<VulnerabilityGroupItem>;
+};
+

libs/types/alpha/models/CatalogItemVersion.ts

@@ -4,6 +4,8 @@
 /* eslint-disable */
 import type { CatalogItemConfigurable } from './CatalogItemConfigurable';
 import type { CatalogItemDeprecation } from './CatalogItemDeprecation';
+import type { SemVer } from './SemVer';
+import type { SemVerRange } from './SemVerRange';
 /**
  * A version of a catalog item following the Cincinnati model where versions
  * are nodes in an upgrade graph and channels are labels on those nodes.
@@ -16,7 +18,7 @@ export type CatalogItemVersion = (CatalogItemConfigurable & {
   /**
    * Semantic version identifier (e.g., 1.2.3, 2.0.0-rc1). Required for version ordering and upgrade graph.
    */
-  version: string;
+  version: SemVer;
   /**
    * Map of artifact type to image tag or digest. Keys must match a type in spec.artifacts. Only keyed artifacts are available for this version.
    */
@@ -28,15 +30,15 @@ export type CatalogItemVersion = (CatalogItemConfigurable & {
   /**
    * The single version this one replaces, defining the primary upgrade edge.
    */
-  replaces?: string;
+  replaces?: SemVer;
   /**
    * Additional versions that can upgrade directly to this one. Use when stable channel skips intermediate fast-only versions.
    */
-  skips?: Array<string>;
+  skips?: Array<SemVer>;
   /**
    * Semver range of versions that can upgrade directly to this one. Use for z-stream updates or hotfixes.
    */
-  skipRange?: string;
+  skipRange?: SemVerRange;
   deprecation?: CatalogItemDeprecation;
 });
 

libs/types/alpha/models/CveCountsBySeverity.ts

@@ -0,0 +1,38 @@
+/* generated using openapi-typescript-codegen -- do no edit */
+/* istanbul ignore file */
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * Counts of distinct CVEs in the organization by highest severity.
+ */
+export type CveCountsBySeverity = {
+  /**
+   * Total distinct CVEs across the organization.
+   */
+  total: number;
+  /**
+   * Count of distinct Critical CVEs.
+   */
+  critical: number;
+  /**
+   * Count of distinct High CVEs.
+   */
+  high: number;
+  /**
+   * Count of distinct Medium CVEs.
+   */
+  medium: number;
+  /**
+   * Count of distinct Low CVEs.
+   */
+  low: number;
+  /**
+   * Count of distinct CVEs with no exploitable impact (CVSS score 0).
+   */
+  none: number;
+  /**
+   * Count of distinct CVEs with unknown or unscored severity.
+   */
+  unknown: number;
+};
+

libs/types/alpha/models/DeviceCountsBySeverity.ts

@@ -0,0 +1,38 @@
+/* generated using openapi-typescript-codegen -- do no edit */
+/* istanbul ignore file */
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * Counts of distinct devices affected in the organization, grouped by vulnerability severity.
+ */
+export type DeviceCountsBySeverity = {
+  /**
+   * Number of distinct devices with at least one vulnerability finding in the organization.
+   */
+  total: number;
+  /**
+   * Number of devices whose highest severity finding is critical.
+   */
+  critical: number;
+  /**
+   * Number of devices whose highest severity finding is high.
+   */
+  high: number;
+  /**
+   * Number of devices whose highest severity finding is medium.
+   */
+  medium: number;
+  /**
+   * Number of devices whose highest severity finding is low.
+   */
+  low: number;
+  /**
+   * Number of devices whose highest severity finding is none.
+   */
+  none: number;
+  /**
+   * Number of devices whose highest severity finding is unknown.
+   */
+  unknown: number;
+};
+

libs/types/alpha/models/DeviceVulnerabilitySummaryResponse.ts

@@ -0,0 +1,26 @@
+/* generated using openapi-typescript-codegen -- do no edit */
+/* istanbul ignore file */
+/* tslint:disable */
+/* eslint-disable */
+import type { ApiVersion } from './ApiVersion';
+import type { VulnerabilitySeveritySummary } from './VulnerabilitySeveritySummary';
+/**
+ * Severity summary for a single device.
+ */
+export type DeviceVulnerabilitySummaryResponse = {
+  apiVersion: ApiVersion;
+  /**
+   * Resource kind; always DeviceVulnerabilitySummary.
+   */
+  kind: string;
+  /**
+   * Image reference from device status. Absent when the device has no rendered OS image.
+   */
+  image?: string;
+  /**
+   * Image digest from device status. Absent when the device has no rendered OS image.
+   */
+  imageDigest?: string;
+  summary: VulnerabilitySeveritySummary;
+};
+

libs/types/alpha/models/FleetVulnerabilitySummary.ts

@@ -0,0 +1,15 @@
+/* generated using openapi-typescript-codegen -- do no edit */
+/* istanbul ignore file */
+/* tslint:disable */
+/* eslint-disable */
+import type { VulnerabilitySeveritySummary } from './VulnerabilitySeveritySummary';
+/**
+ * Fleet vulnerability totals including unique digest count.
+ */
+export type FleetVulnerabilitySummary = (VulnerabilitySeveritySummary & {
+  /**
+   * Distinct image digests observed in the fleet.
+   */
+  uniqueDigests: number;
+});
+

libs/types/alpha/models/FleetVulnerabilitySummaryResponse.ts

@@ -0,0 +1,18 @@
+/* generated using openapi-typescript-codegen -- do no edit */
+/* istanbul ignore file */
+/* tslint:disable */
+/* eslint-disable */
+import type { ApiVersion } from './ApiVersion';
+import type { FleetVulnerabilitySummary } from './FleetVulnerabilitySummary';
+/**
+ * Severity summary for a single fleet.
+ */
+export type FleetVulnerabilitySummaryResponse = {
+  apiVersion: ApiVersion;
+  /**
+   * Resource kind; always FleetVulnerabilitySummary.
+   */
+  kind: string;
+  summary: FleetVulnerabilitySummary;
+};
+

libs/types/alpha/models/SemVer.ts

@@ -0,0 +1,8 @@
+/* generated using openapi-typescript-codegen -- do no edit */
+/* istanbul ignore file */
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * Semantic version identifier (e.g., 1.2.3, 2.0.0-rc1)
+ */
+export type SemVer = string;

libs/types/alpha/models/SemVerRange.ts

@@ -0,0 +1,8 @@
+/* generated using openapi-typescript-codegen -- do no edit */
+/* istanbul ignore file */
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * Semver range constraint (e.g., >=1.0.0 <2.0.0). Space-separated terms, each with optional operator (>=, <=, >, <, =, ~, ^) followed by a version.
+ */
+export type SemVerRange = string;

libs/types/alpha/models/Vulnerability.ts

@@ -0,0 +1,65 @@
+/* generated using openapi-typescript-codegen -- do no edit */
+/* istanbul ignore file */
+/* tslint:disable */
+/* eslint-disable */
+import type { ApiVersion } from './ApiVersion';
+/**
+ * A single vulnerability (CVE) finding. Vulnerabilities are global CVE records from Trustify; they are not tenant-owned resources. Tenancy is determined by the device or fleet context through which they are queried.
+ */
+export type Vulnerability = {
+  apiVersion: ApiVersion;
+  /**
+   * Kind is a string value representing the REST resource this object represents. Always Vulnerability.
+   */
+  kind: string;
+  /**
+   * CVE identifier (e.g. CVE-2024-1234).
+   */
+  cveId: string;
+  /**
+   * Vendor advisory identifier when available.
+   */
+  advisoryId?: string;
+  /**
+   * Normalized severity label.
+   */
+  severity: Vulnerability.severity;
+  /**
+   * CVSS base score when available.
+   */
+  cvssScore?: number;
+  /**
+   * Short summary of the vulnerability.
+   */
+  description?: string;
+  /**
+   * Advisory publish time when known.
+   */
+  publishedAt?: string;
+  /**
+   * Image reference (name or URL) from the device context.
+   */
+  image?: string;
+  /**
+   * Immutable image digest from the device context.
+   */
+  imageDigest?: string;
+  /**
+   * Distinct devices affected by this CVE. For device context this is always 1; for fleet context it is the number of devices in the fleet running an image with this CVE; for organization-wide context it is the count across the whole organization.
+   */
+  affectedDevices?: number;
+};
+export namespace Vulnerability {
+  /**
+   * Normalized severity label.
+   */
+  export enum severity {
+    CRITICAL = 'Critical',
+    HIGH = 'High',
+    MEDIUM = 'Medium',
+    LOW = 'Low',
+    NONE = 'None',
+    UNKNOWN = 'Unknown',
+  }
+}
+

libs/types/alpha/models/VulnerabilityGroup.ts

@@ -0,0 +1,55 @@
+/* generated using openapi-typescript-codegen -- do no edit */
+/* istanbul ignore file */
+/* tslint:disable */
+/* eslint-disable */
+import type { ApiVersion } from './ApiVersion';
+import type { VulnerabilityGroupItem } from './VulnerabilityGroupItem';
+/**
+ * A CVE grouped across one or more images, as returned by fleet-scoped and organization-wide vulnerability list endpoints. Each finding represents one image in which the CVE was detected.
+ *
+ */
+export type VulnerabilityGroup = {
+  apiVersion: ApiVersion;
+  /**
+   * Kind is a string value representing the REST resource. Always VulnerabilityGroup.
+   */
+  kind: string;
+  /**
+   * CVE identifier (e.g. CVE-2024-1234).
+   */
+  cveId: string;
+  /**
+   * Worst severity across all findings in this group.
+   */
+  severity: VulnerabilityGroup.severity;
+  /**
+   * Highest CVSS base score across all findings.
+   */
+  maxCvssScore?: number;
+  /**
+   * Latest advisory publish time across all findings.
+   */
+  maxPublishedAt?: string;
+  /**
+   * Total distinct devices affected by this CVE within scope.
+   */
+  affectedDevices?: number;
+  /**
+   * Per-digest findings for this CVE within the query scope.
+   */
+  findings: Array<VulnerabilityGroupItem>;
+};
+export namespace VulnerabilityGroup {
+  /**
+   * Worst severity across all findings in this group.
+   */
+  export enum severity {
+    CRITICAL = 'Critical',
+    HIGH = 'High',
+    MEDIUM = 'Medium',
+    LOW = 'Low',
+    NONE = 'None',
+    UNKNOWN = 'Unknown',
+  }
+}
+