workos 7.1.1 → 8.0.0

data/rbi/workos/user_api_key.rbi

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+# typed: strong
+
+module WorkOS
+  class UserApiKey
+    sig { params(json: T.any(String, T::Hash[Symbol, T.untyped])).void }
+    def initialize(json); end
+
+    sig { returns(String) }
+    def object; end
+
+    sig { params(value: String).returns(String) }
+    def object=(value); end
+
+    sig { returns(String) }
+    def id; end
+
+    sig { params(value: String).returns(String) }
+    def id=(value); end
+
+    sig { returns(WorkOS::UserApiKeyOwner) }
+    def owner; end
+
+    sig { params(value: WorkOS::UserApiKeyOwner).returns(WorkOS::UserApiKeyOwner) }
+    def owner=(value); end
+
+    sig { returns(String) }
+    def name; end
+
+    sig { params(value: String).returns(String) }
+    def name=(value); end
+
+    sig { returns(String) }
+    def obfuscated_value; end
+
+    sig { params(value: String).returns(String) }
+    def obfuscated_value=(value); end
+
+    sig { returns(T.nilable(String)) }
+    def last_used_at; end
+
+    sig { params(value: T.nilable(String)).returns(T.nilable(String)) }
+    def last_used_at=(value); end
+
+    sig { returns(T::Array[String]) }
+    def permissions; end
+
+    sig { params(value: T::Array[String]).returns(T::Array[String]) }
+    def permissions=(value); end
+
+    sig { returns(String) }
+    def created_at; end
+
+    sig { params(value: String).returns(String) }
+    def created_at=(value); end
+
+    sig { returns(String) }
+    def updated_at; end
+
+    sig { params(value: String).returns(String) }
+    def updated_at=(value); end
+
+    sig { returns(T::Hash[Symbol, T.untyped]) }
+    def to_h; end
+
+    sig { params(args: T.untyped).returns(String) }
+    def to_json(*args); end
+  end
+end

data/rbi/workos/user_api_key_created_data_owner.rbi

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+# typed: strong
+
+module WorkOS
+  class UserApiKeyCreatedDataOwner
+    sig { params(json: T.any(String, T::Hash[Symbol, T.untyped])).void }
+    def initialize(json); end
+
+    sig { returns(String) }
+    def type; end
+
+    sig { params(value: String).returns(String) }
+    def type=(value); end
+
+    sig { returns(String) }
+    def id; end
+
+    sig { params(value: String).returns(String) }
+    def id=(value); end
+
+    sig { returns(String) }
+    def organization_id; end
+
+    sig { params(value: String).returns(String) }
+    def organization_id=(value); end
+
+    sig { returns(T::Hash[Symbol, T.untyped]) }
+    def to_h; end
+
+    sig { params(args: T.untyped).returns(String) }
+    def to_json(*args); end
+  end
+end

data/rbi/workos/user_api_key_owner.rbi

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+# typed: strong
+
+module WorkOS
+  class UserApiKeyOwner
+    sig { params(json: T.any(String, T::Hash[Symbol, T.untyped])).void }
+    def initialize(json); end
+
+    sig { returns(String) }
+    def type; end
+
+    sig { params(value: String).returns(String) }
+    def type=(value); end
+
+    sig { returns(String) }
+    def id; end
+
+    sig { params(value: String).returns(String) }
+    def id=(value); end
+
+    sig { returns(String) }
+    def organization_id; end
+
+    sig { params(value: String).returns(String) }
+    def organization_id=(value); end
+
+    sig { returns(T::Hash[Symbol, T.untyped]) }
+    def to_h; end
+
+    sig { params(args: T.untyped).returns(String) }
+    def to_json(*args); end
+  end
+end

data/rbi/workos/user_api_key_revoked_data_owner.rbi

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+# typed: strong
+
+module WorkOS
+  class UserApiKeyRevokedDataOwner
+    sig { params(json: T.any(String, T::Hash[Symbol, T.untyped])).void }
+    def initialize(json); end
+
+    sig { returns(String) }
+    def type; end
+
+    sig { params(value: String).returns(String) }
+    def type=(value); end
+
+    sig { returns(String) }
+    def id; end
+
+    sig { params(value: String).returns(String) }
+    def id=(value); end
+
+    sig { returns(String) }
+    def organization_id; end
+
+    sig { params(value: String).returns(String) }
+    def organization_id=(value); end
+
+    sig { returns(T::Hash[Symbol, T.untyped]) }
+    def to_h; end
+
+    sig { params(args: T.untyped).returns(String) }
+    def to_json(*args); end
+  end
+end

data/rbi/workos/{api_key_with_value.rbi → user_api_key_with_value.rbi}

@@ -5,7 +5,7 @@
 # typed: strong
 
 module WorkOS
-  class ApiKeyWithValue
+  class UserApiKeyWithValue
     sig { params(json: T.any(String, T::Hash[Symbol, T.untyped])).void }
     def initialize(json); end
 
@@ -21,10 +21,10 @@ module WorkOS
     sig { params(value: String).returns(String) }
     def id=(value); end
 
-    sig { returns(WorkOS::ApiKeyWithValueOwner) }
+    sig { returns(WorkOS::UserApiKeyWithValueOwner) }
     def owner; end
 
-    sig { params(value: WorkOS::ApiKeyWithValueOwner).returns(WorkOS::ApiKeyWithValueOwner) }
+    sig { params(value: WorkOS::UserApiKeyWithValueOwner).returns(WorkOS::UserApiKeyWithValueOwner) }
     def owner=(value); end
 
     sig { returns(String) }

data/rbi/workos/user_api_key_with_value_owner.rbi

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+# typed: strong
+
+module WorkOS
+  class UserApiKeyWithValueOwner
+    sig { params(json: T.any(String, T::Hash[Symbol, T.untyped])).void }
+    def initialize(json); end
+
+    sig { returns(String) }
+    def type; end
+
+    sig { params(value: String).returns(String) }
+    def type=(value); end
+
+    sig { returns(String) }
+    def id; end
+
+    sig { params(value: String).returns(String) }
+    def id=(value); end
+
+    sig { returns(String) }
+    def organization_id; end
+
+    sig { params(value: String).returns(String) }
+    def organization_id=(value); end
+
+    sig { returns(T::Hash[Symbol, T.untyped]) }
+    def to_h; end
+
+    sig { params(args: T.untyped).returns(String) }
+    def to_json(*args); end
+  end
+end

data/rbi/workos/user_management.rbi

@@ -6,6 +6,58 @@
 
 module WorkOS
   class UserManagement
+    class PasswordPlaintext
+      sig { returns(String) }
+      def password; end
+
+      sig do
+        params(
+          password: String
+        ).returns(WorkOS::UserManagement::PasswordPlaintext)
+      end
+      def self.new(password:); end
+    end
+
+    class PasswordHashed
+      sig { returns(String) }
+      def password_hash; end
+
+      sig { returns(String) }
+      def password_hash_type; end
+
+      sig do
+        params(
+          password_hash: String,
+          password_hash_type: String
+        ).returns(WorkOS::UserManagement::PasswordHashed)
+      end
+      def self.new(password_hash:, password_hash_type:); end
+    end
+
+    class RoleSingle
+      sig { returns(String) }
+      def role_slug; end
+
+      sig do
+        params(
+          role_slug: String
+        ).returns(WorkOS::UserManagement::RoleSingle)
+      end
+      def self.new(role_slug:); end
+    end
+
+    class RoleMultiple
+      sig { returns(T::Array[String]) }
+      def role_slugs; end
+
+      sig do
+        params(
+          role_slugs: T::Array[String]
+        ).returns(WorkOS::UserManagement::RoleMultiple)
+      end
+      def self.new(role_slugs:); end
+    end
+
     sig { params(client: WorkOS::BaseClient).void }
     def initialize(client); end
 
@@ -113,13 +165,11 @@ module WorkOS
         email_verified: T.nilable(T::Boolean),
         metadata: T.nilable(T::Hash[String, String]),
         external_id: T.nilable(String),
-        password: T.nilable(String),
-        password_hash: T.nilable(String),
-        password_hash_type: T.nilable(String),
+        password: T.nilable(T.any(WorkOS::UserManagement::PasswordPlaintext, WorkOS::UserManagement::PasswordHashed)),
         request_options: T::Hash[Symbol, T.untyped]
       ).returns(WorkOS::User)
     end
-    def create_user(email:, first_name:, last_name:, email_verified:, metadata:, external_id:, password:, password_hash:, password_hash_type:, request_options:); end
+    def create_user(email:, first_name:, last_name:, email_verified:, metadata:, external_id:, password:, request_options:); end
 
     sig do
       params(
@@ -147,13 +197,11 @@ module WorkOS
         metadata: T.nilable(T::Hash[String, String]),
         external_id: T.nilable(String),
         locale: T.nilable(String),
-        password: T.nilable(String),
-        password_hash: T.nilable(String),
-        password_hash_type: T.nilable(String),
+        password: T.nilable(T.any(WorkOS::UserManagement::PasswordPlaintext, WorkOS::UserManagement::PasswordHashed)),
         request_options: T::Hash[Symbol, T.untyped]
       ).returns(WorkOS::User)
     end
-    def update_user(id:, email:, first_name:, last_name:, email_verified:, metadata:, external_id:, locale:, password:, password_hash:, password_hash_type:, request_options:); end
+    def update_user(id:, email:, first_name:, last_name:, email_verified:, metadata:, external_id:, locale:, password:, request_options:); end
 
     sig do
       params(
@@ -285,6 +333,13 @@ module WorkOS
     end
     def revoke_invitation(id:, request_options:); end
 
+    sig do
+      params(
+        request_options: T::Hash[Symbol, T.untyped]
+      ).returns(WorkOS::JWTTemplateResponse)
+    end
+    def list_jwt_template(request_options:); end
+
     sig do
       params(
         content: String,
@@ -328,12 +383,11 @@ module WorkOS
       params(
         user_id: String,
         organization_id: String,
-        role_slug: T.nilable(String),
-        role_slugs: T.nilable(T::Array[String]),
+        role: T.nilable(T.any(WorkOS::UserManagement::RoleSingle, WorkOS::UserManagement::RoleMultiple)),
         request_options: T::Hash[Symbol, T.untyped]
       ).returns(WorkOS::OrganizationMembership)
     end
-    def create_organization_membership(user_id:, organization_id:, role_slug:, role_slugs:, request_options:); end
+    def create_organization_membership(user_id:, organization_id:, role:, request_options:); end
 
     sig do
       params(
@@ -346,12 +400,11 @@ module WorkOS
     sig do
       params(
         id: String,
-        role_slug: T.nilable(String),
-        role_slugs: T.nilable(T::Array[String]),
+        role: T.nilable(T.any(WorkOS::UserManagement::RoleSingle, WorkOS::UserManagement::RoleMultiple)),
         request_options: T::Hash[Symbol, T.untyped]
       ).returns(WorkOS::UserOrganizationMembership)
     end
-    def update_organization_membership(id:, role_slug:, role_slugs:, request_options:); end
+    def update_organization_membership(id:, role:, request_options:); end
 
     sig do
       params(
@@ -406,5 +459,29 @@ module WorkOS
     end
     def delete_user_authorized_application(application_id:, user_id:, request_options:); end
 
+    sig do
+      params(
+        user_id: String,
+        before: T.nilable(String),
+        after: T.nilable(String),
+        limit: T.nilable(Integer),
+        order: T.nilable(String),
+        organization_id: T.nilable(String),
+        request_options: T::Hash[Symbol, T.untyped]
+      ).returns(WorkOS::Types::ListStruct)
+    end
+    def list_user_api_keys(user_id:, before:, after:, limit:, order:, organization_id:, request_options:); end
+
+    sig do
+      params(
+        user_id: String,
+        name: String,
+        organization_id: String,
+        permissions: T.nilable(T::Array[String]),
+        request_options: T::Hash[Symbol, T.untyped]
+      ).returns(WorkOS::UserApiKeyWithValue)
+    end
+    def create_user_api_key(user_id:, name:, organization_id:, permissions:, request_options:); end
+
   end
 end

data/rbi/workos/user_organization_membership.rbi

@@ -75,6 +75,12 @@ module WorkOS
     sig { params(value: WorkOS::SlimRole).returns(WorkOS::SlimRole) }
     def role=(value); end
 
+    sig { returns(WorkOS::User) }
+    def user; end
+
+    sig { params(value: WorkOS::User).returns(WorkOS::User) }
+    def user=(value); end
+
     sig { returns(T::Hash[Symbol, T.untyped]) }
     def to_h; end
 

data/rbi/workos/user_organization_membership_base_list_data.rbi

@@ -69,6 +69,12 @@ module WorkOS
     sig { params(value: String).returns(String) }
     def updated_at=(value); end
 
+    sig { returns(WorkOS::User) }
+    def user; end
+
+    sig { params(value: WorkOS::User).returns(WorkOS::User) }
+    def user=(value); end
+
     sig { returns(T::Hash[Symbol, T.untyped]) }
     def to_h; end
 

data/rbi/workos/{role_assignment.rbi → user_role_assignment.rbi}

@@ -5,7 +5,7 @@
 # typed: strong
 
 module WorkOS
-  class RoleAssignment
+  class UserRoleAssignment
     sig { params(json: T.any(String, T::Hash[Symbol, T.untyped])).void }
     def initialize(json); end
 
@@ -21,16 +21,22 @@ module WorkOS
     sig { params(value: String).returns(String) }
     def id=(value); end
 
+    sig { returns(String) }
+    def organization_membership_id; end
+
+    sig { params(value: String).returns(String) }
+    def organization_membership_id=(value); end
+
     sig { returns(WorkOS::SlimRole) }
     def role; end
 
     sig { params(value: WorkOS::SlimRole).returns(WorkOS::SlimRole) }
     def role=(value); end
 
-    sig { returns(WorkOS::RoleAssignmentResource) }
+    sig { returns(WorkOS::UserRoleAssignmentResource) }
     def resource; end
 
-    sig { params(value: WorkOS::RoleAssignmentResource).returns(WorkOS::RoleAssignmentResource) }
+    sig { params(value: WorkOS::UserRoleAssignmentResource).returns(WorkOS::UserRoleAssignmentResource) }
     def resource=(value); end
 
     sig { returns(String) }

data/rbi/workos/{role_assignment_resource.rbi → user_role_assignment_resource.rbi}

@@ -5,7 +5,7 @@
 # typed: strong
 
 module WorkOS
-  class RoleAssignmentResource
+  class UserRoleAssignmentResource
     sig { params(json: T.any(String, T::Hash[Symbol, T.untyped])).void }
     def initialize(json); end
 

data/rbi/workos/vault_byok_key_deleted.rbi

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+# typed: strong
+
+module WorkOS
+  class VaultByokKeyDeleted
+    sig { params(json: T.any(String, T::Hash[Symbol, T.untyped])).void }
+    def initialize(json); end
+
+    sig { returns(String) }
+    def id; end
+
+    sig { params(value: String).returns(String) }
+    def id=(value); end
+
+    sig { returns(String) }
+    def event; end
+
+    sig { params(value: String).returns(String) }
+    def event=(value); end
+
+    sig { returns(WorkOS::VaultByokKeyDeletedData) }
+    def data; end
+
+    sig { params(value: WorkOS::VaultByokKeyDeletedData).returns(WorkOS::VaultByokKeyDeletedData) }
+    def data=(value); end
+
+    sig { returns(String) }
+    def created_at; end
+
+    sig { params(value: String).returns(String) }
+    def created_at=(value); end
+
+    sig { returns(T.nilable(WorkOS::EventContext)) }
+    def context; end
+
+    sig { params(value: T.nilable(WorkOS::EventContext)).returns(T.nilable(WorkOS::EventContext)) }
+    def context=(value); end
+
+    sig { returns(String) }
+    def object; end
+
+    sig { params(value: String).returns(String) }
+    def object=(value); end
+
+    sig { returns(T::Hash[Symbol, T.untyped]) }
+    def to_h; end
+
+    sig { params(args: T.untyped).returns(String) }
+    def to_json(*args); end
+  end
+end

data/rbi/workos/vault_byok_key_deleted_data.rbi

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+# This file is auto-generated by oagen. Do not edit.
+
+# typed: strong
+
+module WorkOS
+  class VaultByokKeyDeletedData
+    sig { params(json: T.any(String, T::Hash[Symbol, T.untyped])).void }
+    def initialize(json); end
+
+    sig { returns(String) }
+    def organization_id; end
+
+    sig { params(value: String).returns(String) }
+    def organization_id=(value); end
+
+    sig { returns(String) }
+    def key_provider; end
+
+    sig { params(value: String).returns(String) }
+    def key_provider=(value); end
+
+    sig { returns(T::Hash[Symbol, T.untyped]) }
+    def to_h; end
+
+    sig { params(args: T.untyped).returns(String) }
+    def to_json(*args); end
+  end
+end

data/script/docs

@@ -0,0 +1,16 @@
+#!/bin/sh
+set -eu
+cd "$(dirname "$0")/.."
+bundle config set --local with 'docs'
+bundle install
+rm -rf docs/_site
+# 1. Generate HTML docs (default YARD format).
+bundle exec yard doc
+# 2. Generate Markdown docs alongside the HTML, using the yard-markdown plugin.
+#    We point output at the same docs/_site directory so .md files land next to .html.
+#    --no-cache forces a re-parse so the markdown formatter sees fresh registry data.
+#    --plugin yard-markdown ensures the plugin is loaded without relying on ~/.yard/config.
+bundle exec yard doc --plugin yard-markdown --format markdown --no-cache --output-dir docs/_site
+# 3. Generate llms.txt (index) from the markdown output, so the published site
+#    is consumable by LLM tooling.
+bundle exec ./script/llms-txt

data/script/docs-serve

@@ -0,0 +1,12 @@
+#!/bin/sh
+set -eu
+cd "$(dirname "$0")/.."
+bundle config set --local with 'docs'
+bundle install --quiet
+if [ "${1:-}" = "--static" ]; then
+  if [ ! -d docs/_site ]; then
+    ./script/docs
+  fi
+  exec bundle exec ruby -run -e httpd -- docs/_site -p 4000
+fi
+exec bundle exec yard server --reload --port 4000

data/script/llms-txt

@@ -0,0 +1,37 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+# Generates llms.txt (curated index) from the Markdown docs produced by
+# `yard --format markdown` in docs/_site. See https://llmstxt.org for the format.
+
+require "pathname"
+
+ROOT = Pathname.new(__dir__).join("..").expand_path
+SITE = ROOT.join("docs/_site")
+require ROOT.join("lib/workos/version").to_s
+
+abort "docs/_site is missing — run script/docs first" unless SITE.directory?
+
+md_files = Pathname.glob(SITE.join("**/*.md")).sort_by { |p| p.relative_path_from(SITE).to_s }
+
+title_for = lambda do |path|
+  first_heading = path.each_line.lazy.map(&:strip).find { |l| l.start_with?("# ") }
+  first_heading ? first_heading.sub(/^#\s+/, "").sub(/\s*<a id=.*?<\/a>\s*$/, "").strip : path.basename(".md").to_s
+end
+
+index_lines = []
+index_lines << "# WorkOS Ruby SDK v#{WorkOS::VERSION}"
+index_lines << ""
+index_lines << "> API client for WorkOS. This file indexes the auto-generated YARD documentation for the `workos` gem so language models can locate per-class references."
+index_lines << ""
+index_lines << "## API Reference"
+index_lines << ""
+md_files.each do |path|
+  rel = path.relative_path_from(SITE).to_s
+  index_lines << "- [#{title_for.call(path)}](#{rel})"
+end
+index_lines << ""
+
+SITE.join("llms.txt").write(index_lines.join("\n"))
+
+puts "Wrote #{SITE.join("llms.txt")} (#{md_files.size} entries)"

data/test/workos/test_api_keys.rb

@@ -11,20 +11,6 @@ class ApiKeysTest < Minitest::Test
     @client = WorkOS::Client.new(api_key: "sk_test_123")
   end
 
-  def test_create_validation_returns_expected_result
-    stub_request(:post, %r{\Ahttps://api\.workos\.com/api_keys/validations(\?|\z)})
-      .to_return(body: "{}", status: 200)
-    result = @client.api_keys.create_validation(value: "stub")
-    refute_nil result
-  end
-
-  def test_delete_api_key_returns_expected_result
-    stub_request(:delete, %r{\Ahttps://api\.workos\.com/api_keys/stub(\?|\z)})
-      .to_return(body: "{}", status: 200)
-    result = @client.api_keys.delete_api_key(id: "stub")
-    assert_nil result
-  end
-
   def test_list_organization_api_keys_returns_expected_result
     stub_request(:get, %r{\Ahttps://api\.workos\.com/organizations/stub/api_keys(\?|\z)})
       .to_return(body: '{"data": [], "list_metadata": {}}', status: 200)
@@ -39,12 +25,26 @@ class ApiKeysTest < Minitest::Test
     refute_nil result
   end
 
+  def test_create_validation_returns_expected_result
+    stub_request(:post, %r{\Ahttps://api\.workos\.com/api_keys/validations(\?|\z)})
+      .to_return(body: "{}", status: 200)
+    result = @client.api_keys.create_validation(value: "stub")
+    refute_nil result
+  end
+
+  def test_delete_api_key_returns_expected_result
+    stub_request(:delete, %r{\Ahttps://api\.workos\.com/api_keys/stub(\?|\z)})
+      .to_return(body: "{}", status: 200)
+    result = @client.api_keys.delete_api_key(id: "stub")
+    assert_nil result
+  end
+
   # Parameterized authentication error tests (one per endpoint).
   [
-    {name: :create_validation, verb: :post, url: %r{\Ahttps://api\.workos\.com/api_keys/validations(\?|\z)}, args: {value: "stub"}},
-    {name: :delete_api_key, verb: :delete, url: %r{\Ahttps://api\.workos\.com/api_keys/stub(\?|\z)}, args: {id: "stub"}},
     {name: :list_organization_api_keys, verb: :get, url: %r{\Ahttps://api\.workos\.com/organizations/stub/api_keys(\?|\z)}, args: {organization_id: "stub"}},
-    {name: :create_organization_api_key, verb: :post, url: %r{\Ahttps://api\.workos\.com/organizations/stub/api_keys(\?|\z)}, args: {organization_id: "stub", name: "stub"}}
+    {name: :create_organization_api_key, verb: :post, url: %r{\Ahttps://api\.workos\.com/organizations/stub/api_keys(\?|\z)}, args: {organization_id: "stub", name: "stub"}},
+    {name: :create_validation, verb: :post, url: %r{\Ahttps://api\.workos\.com/api_keys/validations(\?|\z)}, args: {value: "stub"}},
+    {name: :delete_api_key, verb: :delete, url: %r{\Ahttps://api\.workos\.com/api_keys/stub(\?|\z)}, args: {id: "stub"}}
   ].each do |spec|
     define_method("test_#{spec[:name]}_raises_authentication_error_on_401") do
       stub_request(spec[:verb], spec[:url])