feat: add Bot Detection and CAPTCHA attack protection endpoints

[fern-api]

Changes

This PR adds support for managing Bot Detection and CAPTCHA attack protection settings in the Management API client. It introduces new resource clients for both features with full CRUD operations, comprehensive type definitions, and test coverage.

Endpoints Added

Bot Detection Resource (client.attackProtection.botDetection)

• GET /api/v2/attack-protection/bot-detection - Get bot detection configuration
• PATCH /api/v2/attack-protection/bot-detection - Update bot detection settings

CAPTCHA Resource (client.attackProtection.captcha)

• GET /api/v2/attack-protection/captcha - Get CAPTCHA configuration
• PATCH /api/v2/attack-protection/captcha - Update CAPTCHA settings

Classes and Methods Added

New Resource Clients:

• BotDetection class with:
  • get() - Retrieve bot detection configuration
  • update(request) - Update bot detection settings
• Captcha class with:
  • get() - Retrieve CAPTCHA configuration
  • update(request) - Update CAPTCHA settings

AttackProtection Class Enhanced:

• Added botDetection: BotDetection property
• Added captcha: Captcha property

Type Definitions Added

Bot Detection Types:

• GetBotDetectionSettingsResponseContent
• UpdateBotDetectionSettingsRequestContent
• UpdateBotDetectionSettingsResponseContent
• BotDetectionAllowlist
• BotDetectionLevelEnum (strict, moderate, relaxed)
• BotDetectionMonitoringModeEnabled
• BotDetectionChallengePolicyPasswordFlowEnum
• BotDetectionChallengePolicyPasswordResetFlowEnum
• BotDetectionChallengePolicyPasswordlessFlowEnum
• BotDetectionIPv4OrCidrBlock, BotDetectionIPv6OrCidrBlock, BotDetectionIpAddressOrCidrBlock

CAPTCHA Types:

• GetAttackProtectionCaptchaResponseContent
• UpdateAttackProtectionCaptchaRequestContent
• UpdateAttackProtectionCaptchaResponseContent
• AttackProtectionCaptchaProviderId (enum for provider selection)
• AttackProtectionCaptchaAuthChallengeRequest
• AttackProtectionCaptchaAuthChallengeResponseContent
• Provider-specific types:
  • AttackProtectionCaptchaArkoseResponseContent & AttackProtectionUpdateCaptchaArkose
  • AttackProtectionCaptchaRecaptchaV2ResponseContent & AttackProtectionUpdateCaptchaRecaptchaV2
  • AttackProtectionCaptchaRecaptchaEnterpriseResponseContent & AttackProtectionUpdateCaptchaRecaptchaEnterprise
  • AttackProtectionCaptchaHcaptchaResponseContent & AttackProtectionUpdateCaptchaHcaptcha
  • AttackProtectionCaptchaFriendlyCaptchaResponseContent & AttackProtectionUpdateCaptchaFriendlyCaptcha
  • AttackProtectionCaptchaSimpleCaptchaResponseContent

Usage Examples

// Get bot detection settings
const botDetectionSettings = await client.attackProtection.botDetection.get();

// Update bot detection configuration
await client.attackProtection.botDetection.update({
  level: 'moderate',
  monitoringModeEnabled: true,
  allowlist: {
    ipv4: ['192.168.1.1'],
    ipv6: ['::1']
  }
});

// Get CAPTCHA settings
const captchaSettings = await client.attackProtection.captcha.get();

// Update CAPTCHA configuration
await client.attackProtection.captcha.update({
  providerId: 'recaptcha-v2',
  provider: {
    siteKey: 'your-site-key',
    secretKey: 'your-secret-key'
  }
});

Documentation

• Updated reference.md with comprehensive API documentation for new endpoints
• Added usage examples, parameter descriptions, and error handling documentation

Dependency Updates

• Updated various yarn.lock dependencies

References

• Management API v2 specification updates for Attack Protection features
• Fern API definition changes for Bot Detection and CAPTCHA resources
• Internal API specification: https://auth0.com/docs/api/management/v2

Testing

All new functionality has comprehensive test coverage.

• This change adds unit test coverage
• This change adds integration test coverage

New Test Files:

• src/management/tests/wire/attackProtection/botDetection.test.ts (237 lines) - Tests for bot detection operations
• src/management/tests/wire/attackProtection/captcha.test.ts (272 lines) - Tests for CAPTCHA operations

CI Status:
All checks are expected to pass for this Fern-generated code.

Checklist

• I have read the Auth0 general contribution guidelines
• I have read the Auth0 Code of Conduct
• All existing and new tests complete without errors

[codecov]

Codecov Report

❌ Patch coverage is 80.95238% with 40 lines in your changes missing coverage. Please review.
✅ Project coverage is 79.56%. Comparing base (1b2a5aa) to head (09af838).
⚠️ Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
...Protection/resources/botDetection/client/Client.ts	76.47%	20 Missing ⚠️
...ttackProtection/resources/captcha/client/Client.ts	75.90%	20 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1235      +/-   ##
==========================================
+ Coverage   79.55%   79.56%   +0.01%     
==========================================
  Files         506      515       +9     
  Lines       18716    18926     +210     
  Branches     8934     9027      +93     
==========================================
+ Hits        14889    15059     +170     
- Misses       3827     3867      +40     

Flag	Coverage Δ
alltests	79.56% <80.95%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[developerkunal]

LGTM