Add bot detection commands

docs/auth0_protection.md

@@ -8,6 +8,7 @@ Auth0 can detect attacks and stop malicious attempts to access your application
 
 ## Commands
 
+- [auth0 protection bot-detection](auth0_protection_bot-detection.md) - Manage bot detection settings
 - [auth0 protection breached-password-detection](auth0_protection_breached-password-detection.md) - Manage breached password detection settings
 - [auth0 protection brute-force-protection](auth0_protection_brute-force-protection.md) - Manage brute force protection settings
 - [auth0 protection suspicious-ip-throttling](auth0_protection_suspicious-ip-throttling.md) - Manage suspicious ip throttling settings

docs/auth0_protection_bot-detection.md

@@ -0,0 +1,14 @@
+---
+layout: default
+has_toc: false
+has_children: true
+---
+# auth0 protection bot-detection
+
+Bot detection protects your applications from automated attacks by detecting and blocking bot traffic. Auth0 can challenge suspicious requests with CAPTCHA or block them entirely. Configure detection sensitivity, CAPTCHA policies for different authentication flows, and allowlists for trusted IP addresses.
+
+## Commands
+
+- [auth0 protection bot-detection show](auth0_protection_bot-detection_show.md) - Show bot detection settings
+- [auth0 protection bot-detection update](auth0_protection_bot-detection_update.md) - Update bot detection settings
+

docs/auth0_protection_bot-detection_show.md

@@ -0,0 +1,47 @@
+---
+layout: default
+parent: auth0 protection bot-detection
+has_toc: false
+---
+# auth0 protection bot-detection show
+
+Display the current bot detection settings.
+
+## Usage
+```
+auth0 protection bot-detection show [flags]
+```
+
+## Examples
+
+```
+  auth0 protection bot-detection show
+  auth0 ap bd show --json
+  auth0 ap bd show --json-compact
+```
+
+
+## Flags
+
+```
+      --json           Output in json format.
+      --json-compact   Output in compact json format.
+```
+
+
+## Inherited Flags
+
+```
+      --debug           Enable debug mode.
+      --no-color        Disable colors.
+      --no-input        Disable interactivity.
+      --tenant string   Specific tenant to use.
+```
+
+
+## Related Commands
+
+- [auth0 protection bot-detection show](auth0_protection_bot-detection_show.md) - Show bot detection settings
+- [auth0 protection bot-detection update](auth0_protection_bot-detection_update.md) - Update bot detection settings
+
+

docs/auth0_protection_bot-detection_update.md

@@ -0,0 +1,55 @@
+---
+layout: default
+parent: auth0 protection bot-detection
+has_toc: false
+---
+# auth0 protection bot-detection update
+
+Update the bot detection settings.
+
+## Usage
+```
+auth0 protection bot-detection update [flags]
+```
+
+## Examples
+
+```
+  auth0 protection bot-detection update
+  auth0 ap bd update --bot-detection-level medium --json-compact
+  auth0 ap bd update --bot-detection-level low --challenge-password-policy never
+  auth0 ap bd update --monitoring-mode=true --allowlist "198.51.100.42,10.0.0.0/24"
+  auth0 ap bd update -l high -a "198.51.100.42" -m=false --json
+```
+
+
+## Flags
+
+```
+  -a, --allowlist strings                        List of comma-separated trusted IP addresses that will not have bot detection enforced against them. Supports IPv4, IPv6 and CIDR notations.
+  -l, --bot-detection-level string               The level of bot detection sensitivity. Possible values: low, medium, high.
+      --challenge-password-policy string         Determines how often to challenge users with a CAPTCHA for password-based login. Possible values: never, when_risky, always.
+      --challenge-password-reset-policy string   Determines how often to challenge users with a CAPTCHA for password reset. Possible values: never, when_risky, always.
+      --challenge-passwordless-policy string     Determines how often to challenge users with a CAPTCHA for passwordless login. Possible values: never, when_risky, always.
+      --json                                     Output in json format.
+      --json-compact                             Output in compact json format.
+  -m, --monitoring-mode                          Enable (or disable) monitoring mode. When enabled, logs but does not block.
+```
+
+
+## Inherited Flags
+
+```
+      --debug           Enable debug mode.
+      --no-color        Disable colors.
+      --no-input        Disable interactivity.
+      --tenant string   Specific tenant to use.
+```
+
+
+## Related Commands
+
+- [auth0 protection bot-detection show](auth0_protection_bot-detection_show.md) - Show bot detection settings
+- [auth0 protection bot-detection update](auth0_protection_bot-detection_update.md) - Update bot detection settings
+
+

go.mod

@@ -6,7 +6,7 @@ require (
 	github.com/AlecAivazis/survey/v2 v2.3.7
 	github.com/PuerkitoBio/rehttp v1.4.0
 	github.com/atotto/clipboard v0.1.4
-	github.com/auth0/go-auth0 v1.33.0
+	github.com/auth0/go-auth0 v1.33.1-0.20260211120643-ac1cfcb90495
 	github.com/briandowns/spinner v1.23.2
 	github.com/charmbracelet/glamour v0.10.0
 	github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e

go.sum

@@ -26,6 +26,8 @@ github.com/auth0/go-auth0 v1.32.1 h1:AAXQqaNaFZWkRm2bg5mVVXpqDLmusv7v238uIaxuFpo
 github.com/auth0/go-auth0 v1.32.1/go.mod h1:32sQB1uAn+99fJo6N819EniKq8h785p0ag0lMWhiTaE=
 github.com/auth0/go-auth0 v1.33.0 h1:7qx0UCA6Tn2udnEVA35xzKsseh/R9559f+nnGcUI0Ss=
 github.com/auth0/go-auth0 v1.33.0/go.mod h1:32sQB1uAn+99fJo6N819EniKq8h785p0ag0lMWhiTaE=
+github.com/auth0/go-auth0 v1.33.1-0.20260211120643-ac1cfcb90495 h1:RMJY2JenrbX8RiEIihcEJFnsQVwjs1njavZAgKTwIzg=
+github.com/auth0/go-auth0 v1.33.1-0.20260211120643-ac1cfcb90495/go.mod h1:32sQB1uAn+99fJo6N819EniKq8h785p0ag0lMWhiTaE=
 github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0 h1:0NmehRCgyk5rljDQLKUO+cRJCnduDyn11+zGZIc9Z48=
 github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0/go.mod h1:6L7zgvqo0idzI7IO8de6ZC051AfXb5ipkIJ7bIA2tGA=
 github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=

internal/auth0/attack_protection.go

@@ -63,4 +63,18 @@ type AttackProtectionAPI interface {
 		ctx context.Context, sit *management.SuspiciousIPThrottling,
 		opts ...management.RequestOption,
 	) (err error)
+
+	// GetBotDetection retrieves bot detection settings.
+	//
+	// Required scope: `read:attack_protection`
+	//
+	// See: https://auth0.com/docs/api/management/v2#!/attack-protection/get-bot-detection
+	GetBotDetection(ctx context.Context, opts ...management.RequestOption) (bd *management.BotDetection, err error)
+
+	// UpdateBotDetection updates the bot detection settings.
+	//
+	// Required scope: `update:attack_protection`
+	//
+	// See: https://auth0.com/docs/api/management/v2#!/attack-protection/patch-bot-detection
+	UpdateBotDetection(ctx context.Context, bd *management.BotDetection, opts ...management.RequestOption) (err error)
 }

internal/cli/attack_protection.go

@@ -19,6 +19,7 @@ func attackProtectionCmd(cli *cli) *cobra.Command {
 	cmd.AddCommand(breachedPasswordDetectionCmd(cli))
 	cmd.AddCommand(bruteForceProtectionCmd(cli))
 	cmd.AddCommand(suspiciousIPThrottlingCmd(cli))
+	cmd.AddCommand(botDetectionCmd(cli))
 
 	return cmd
 }