@1claw/openapi-spec 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +50 -0
  2. package/openapi.json +4940 -0
  3. package/openapi.yaml +3256 -0
  4. package/package.json +40 -0
package/openapi.yaml ADDED
@@ -0,0 +1,3256 @@
1
+ openapi: 3.1.0
2
+
3
+ info:
4
+ title: 1Claw API
5
+ version: 2.0.0
6
+ description: |
7
+ Secure secret management for AI agents. Provides vaults, secrets,
8
+ policy-based access control, agent identity, crypto transaction proxy,
9
+ sharing, billing, and audit logging.
10
+
11
+ All endpoints require JWT Bearer authentication unless marked with
12
+ `security: []`.
13
+ contact:
14
+ email: ops@1claw.xyz
15
+
16
+ servers:
17
+ - url: http://localhost:8443
18
+ description: Development
19
+ - url: https://api.1claw.xyz
20
+ description: Production
21
+
22
+ security:
23
+ - BearerAuth: []
24
+
25
+ tags:
26
+ - name: Authentication
27
+ description: Credential exchange, MFA, device auth, token management
28
+ - name: API Keys
29
+ description: Personal API key management
30
+ - name: Vaults
31
+ description: Vault lifecycle operations
32
+ - name: Secrets
33
+ description: Secret CRUD within vaults
34
+ - name: Policies
35
+ description: Access policy management
36
+ - name: Agents
37
+ description: Agent identity and key management
38
+ - name: Transactions
39
+ description: Crypto transaction proxy (signing, simulation)
40
+ - name: Chains
41
+ description: Blockchain chain registry
42
+ - name: Sharing
43
+ description: Secret sharing links
44
+ - name: Organization
45
+ description: Org membership and roles
46
+ - name: Billing
47
+ description: Subscriptions, credits, and usage
48
+ - name: Audit
49
+ description: Immutable audit event log
50
+ - name: Security
51
+ description: IP rules and security configuration
52
+ - name: Admin
53
+ description: Platform administration
54
+ - name: Health
55
+ description: Service health checks
56
+
57
+ # =============================================================================
58
+ # PATHS
59
+ # =============================================================================
60
+
61
+ paths:
62
+
63
+ # ---------------------------------------------------------------------------
64
+ # Authentication
65
+ # ---------------------------------------------------------------------------
66
+
67
+ /v1/auth/token:
68
+ post:
69
+ tags: [Authentication]
70
+ summary: Login with email and password
71
+ operationId: login
72
+ security: []
73
+ requestBody:
74
+ required: true
75
+ content:
76
+ application/json:
77
+ schema:
78
+ $ref: "#/components/schemas/LoginRequest"
79
+ responses:
80
+ "200":
81
+ description: Authenticated (or MFA required)
82
+ content:
83
+ application/json:
84
+ schema:
85
+ $ref: "#/components/schemas/LoginResponse"
86
+ "401":
87
+ $ref: "#/components/responses/Unauthorized"
88
+ delete:
89
+ tags: [Authentication]
90
+ summary: Revoke current token
91
+ operationId: revokeToken
92
+ responses:
93
+ "204":
94
+ description: Token revoked
95
+ "401":
96
+ $ref: "#/components/responses/Unauthorized"
97
+
98
+ /v1/auth/agent-token:
99
+ post:
100
+ tags: [Authentication]
101
+ summary: Exchange agent credentials for JWT
102
+ operationId: agentToken
103
+ security: []
104
+ requestBody:
105
+ required: true
106
+ content:
107
+ application/json:
108
+ schema:
109
+ $ref: "#/components/schemas/AgentTokenRequest"
110
+ responses:
111
+ "200":
112
+ description: Agent JWT issued
113
+ content:
114
+ application/json:
115
+ schema:
116
+ $ref: "#/components/schemas/TokenResponse"
117
+ "401":
118
+ $ref: "#/components/responses/Unauthorized"
119
+
120
+ /v1/auth/api-key-token:
121
+ post:
122
+ tags: [Authentication]
123
+ summary: Exchange user API key for JWT
124
+ operationId: apiKeyToken
125
+ security: []
126
+ requestBody:
127
+ required: true
128
+ content:
129
+ application/json:
130
+ schema:
131
+ $ref: "#/components/schemas/UserApiKeyTokenRequest"
132
+ responses:
133
+ "200":
134
+ description: JWT issued
135
+ content:
136
+ application/json:
137
+ schema:
138
+ $ref: "#/components/schemas/TokenResponse"
139
+ "401":
140
+ $ref: "#/components/responses/Unauthorized"
141
+
142
+ /v1/auth/refresh:
143
+ post:
144
+ tags: [Authentication]
145
+ summary: Refresh an expiring JWT
146
+ operationId: refreshToken
147
+ security: []
148
+ requestBody:
149
+ required: true
150
+ content:
151
+ application/json:
152
+ schema:
153
+ type: object
154
+ required: [refresh_token]
155
+ properties:
156
+ refresh_token:
157
+ type: string
158
+ responses:
159
+ "200":
160
+ description: Token refreshed
161
+ content:
162
+ application/json:
163
+ schema:
164
+ $ref: "#/components/schemas/TokenResponse"
165
+ "401":
166
+ $ref: "#/components/responses/Unauthorized"
167
+
168
+ /v1/auth/signup:
169
+ post:
170
+ tags: [Authentication]
171
+ summary: Create a new account
172
+ operationId: signup
173
+ security: []
174
+ requestBody:
175
+ required: true
176
+ content:
177
+ application/json:
178
+ schema:
179
+ $ref: "#/components/schemas/SignupRequest"
180
+ responses:
181
+ "200":
182
+ description: Account created (pending verification or auto-login)
183
+ content:
184
+ application/json:
185
+ schema:
186
+ $ref: "#/components/schemas/SignupResponse"
187
+ "400":
188
+ $ref: "#/components/responses/BadRequest"
189
+
190
+ /v1/auth/verify-email:
191
+ post:
192
+ tags: [Authentication]
193
+ summary: Verify email address
194
+ operationId: verifyEmail
195
+ security: []
196
+ requestBody:
197
+ required: true
198
+ content:
199
+ application/json:
200
+ schema:
201
+ type: object
202
+ required: [token]
203
+ properties:
204
+ token:
205
+ type: string
206
+ responses:
207
+ "200":
208
+ description: Email verified
209
+ content:
210
+ application/json:
211
+ schema:
212
+ $ref: "#/components/schemas/TokenResponse"
213
+ "400":
214
+ $ref: "#/components/responses/BadRequest"
215
+
216
+ /v1/auth/google:
217
+ post:
218
+ tags: [Authentication]
219
+ summary: Authenticate with Google OAuth
220
+ operationId: googleAuth
221
+ security: []
222
+ requestBody:
223
+ required: true
224
+ content:
225
+ application/json:
226
+ schema:
227
+ $ref: "#/components/schemas/GoogleAuthRequest"
228
+ responses:
229
+ "200":
230
+ description: Authenticated
231
+ content:
232
+ application/json:
233
+ schema:
234
+ $ref: "#/components/schemas/TokenResponse"
235
+ "401":
236
+ $ref: "#/components/responses/Unauthorized"
237
+
238
+ /v1/auth/change-password:
239
+ post:
240
+ tags: [Authentication]
241
+ summary: Change current user's password
242
+ operationId: changePassword
243
+ requestBody:
244
+ required: true
245
+ content:
246
+ application/json:
247
+ schema:
248
+ $ref: "#/components/schemas/ChangePasswordRequest"
249
+ responses:
250
+ "204":
251
+ description: Password changed
252
+ "400":
253
+ $ref: "#/components/responses/BadRequest"
254
+
255
+ # MFA
256
+
257
+ /v1/auth/mfa/status:
258
+ get:
259
+ tags: [Authentication]
260
+ summary: Check MFA enrollment status
261
+ operationId: mfaStatus
262
+ responses:
263
+ "200":
264
+ description: MFA status
265
+ content:
266
+ application/json:
267
+ schema:
268
+ $ref: "#/components/schemas/MfaStatusResponse"
269
+
270
+ /v1/auth/mfa/setup:
271
+ post:
272
+ tags: [Authentication]
273
+ summary: Begin MFA enrollment
274
+ operationId: mfaSetup
275
+ responses:
276
+ "200":
277
+ description: TOTP setup details
278
+ content:
279
+ application/json:
280
+ schema:
281
+ $ref: "#/components/schemas/MfaSetupResponse"
282
+
283
+ /v1/auth/mfa/verify-setup:
284
+ post:
285
+ tags: [Authentication]
286
+ summary: Confirm MFA enrollment with a TOTP code
287
+ operationId: mfaVerifySetup
288
+ requestBody:
289
+ required: true
290
+ content:
291
+ application/json:
292
+ schema:
293
+ $ref: "#/components/schemas/MfaVerifySetupRequest"
294
+ responses:
295
+ "200":
296
+ description: MFA enabled, recovery codes returned
297
+ content:
298
+ application/json:
299
+ schema:
300
+ $ref: "#/components/schemas/MfaVerifySetupResponse"
301
+ "400":
302
+ $ref: "#/components/responses/BadRequest"
303
+
304
+ /v1/auth/mfa/verify:
305
+ post:
306
+ tags: [Authentication]
307
+ summary: Verify MFA code during login
308
+ operationId: mfaVerify
309
+ security: []
310
+ requestBody:
311
+ required: true
312
+ content:
313
+ application/json:
314
+ schema:
315
+ $ref: "#/components/schemas/MfaVerifyRequest"
316
+ responses:
317
+ "200":
318
+ description: MFA verified, JWT issued
319
+ content:
320
+ application/json:
321
+ schema:
322
+ $ref: "#/components/schemas/TokenResponse"
323
+ "401":
324
+ $ref: "#/components/responses/Unauthorized"
325
+
326
+ /v1/auth/mfa:
327
+ delete:
328
+ tags: [Authentication]
329
+ summary: Disable MFA
330
+ operationId: mfaDisable
331
+ requestBody:
332
+ required: true
333
+ content:
334
+ application/json:
335
+ schema:
336
+ $ref: "#/components/schemas/MfaDisableRequest"
337
+ responses:
338
+ "204":
339
+ description: MFA disabled
340
+ "400":
341
+ $ref: "#/components/responses/BadRequest"
342
+
343
+ # Device Auth (CLI)
344
+
345
+ /v1/auth/device/code:
346
+ post:
347
+ tags: [Authentication]
348
+ summary: Request a device authorization code
349
+ operationId: deviceCode
350
+ security: []
351
+ requestBody:
352
+ required: true
353
+ content:
354
+ application/json:
355
+ schema:
356
+ $ref: "#/components/schemas/DeviceCodeRequest"
357
+ responses:
358
+ "200":
359
+ description: Device code issued
360
+ content:
361
+ application/json:
362
+ schema:
363
+ $ref: "#/components/schemas/DeviceCodeResponse"
364
+
365
+ /v1/auth/device/token:
366
+ post:
367
+ tags: [Authentication]
368
+ summary: Poll for device authorization token
369
+ operationId: deviceToken
370
+ security: []
371
+ requestBody:
372
+ required: true
373
+ content:
374
+ application/json:
375
+ schema:
376
+ $ref: "#/components/schemas/DeviceTokenRequest"
377
+ responses:
378
+ "200":
379
+ description: Token issued or authorization pending
380
+ content:
381
+ application/json:
382
+ schema:
383
+ $ref: "#/components/schemas/DeviceTokenResponse"
384
+
385
+ /v1/auth/device/code/{user_code}:
386
+ get:
387
+ tags: [Authentication]
388
+ summary: Check device code status
389
+ operationId: deviceCodeStatus
390
+ security: []
391
+ parameters:
392
+ - name: user_code
393
+ in: path
394
+ required: true
395
+ schema:
396
+ type: string
397
+ responses:
398
+ "200":
399
+ description: Device code details
400
+ "404":
401
+ $ref: "#/components/responses/NotFound"
402
+
403
+ /v1/auth/device/approve:
404
+ post:
405
+ tags: [Authentication]
406
+ summary: Approve a CLI device login
407
+ operationId: deviceApprove
408
+ requestBody:
409
+ required: true
410
+ content:
411
+ application/json:
412
+ schema:
413
+ $ref: "#/components/schemas/DeviceApproveRequest"
414
+ responses:
415
+ "200":
416
+ description: Device approved
417
+
418
+ /v1/auth/device/deny:
419
+ post:
420
+ tags: [Authentication]
421
+ summary: Deny a CLI device login
422
+ operationId: deviceDeny
423
+ requestBody:
424
+ required: true
425
+ content:
426
+ application/json:
427
+ schema:
428
+ $ref: "#/components/schemas/DeviceApproveRequest"
429
+ responses:
430
+ "200":
431
+ description: Device denied
432
+
433
+ # ---------------------------------------------------------------------------
434
+ # Personal API Keys
435
+ # ---------------------------------------------------------------------------
436
+
437
+ /v1/auth/api-keys:
438
+ post:
439
+ tags: [API Keys]
440
+ summary: Create a personal API key
441
+ operationId: createApiKey
442
+ requestBody:
443
+ required: true
444
+ content:
445
+ application/json:
446
+ schema:
447
+ $ref: "#/components/schemas/CreateApiKeyRequest"
448
+ responses:
449
+ "201":
450
+ description: API key created (full key shown once)
451
+ content:
452
+ application/json:
453
+ schema:
454
+ $ref: "#/components/schemas/ApiKeyCreatedResponse"
455
+ "400":
456
+ $ref: "#/components/responses/BadRequest"
457
+ get:
458
+ tags: [API Keys]
459
+ summary: List personal API keys
460
+ operationId: listApiKeys
461
+ responses:
462
+ "200":
463
+ description: List of API keys (masked)
464
+ content:
465
+ application/json:
466
+ schema:
467
+ $ref: "#/components/schemas/ApiKeyListResponse"
468
+
469
+ /v1/auth/api-keys/{key_id}:
470
+ delete:
471
+ tags: [API Keys]
472
+ summary: Revoke an API key
473
+ operationId: revokeApiKey
474
+ parameters:
475
+ - name: key_id
476
+ in: path
477
+ required: true
478
+ schema:
479
+ type: string
480
+ format: uuid
481
+ responses:
482
+ "204":
483
+ description: Key revoked
484
+ "404":
485
+ $ref: "#/components/responses/NotFound"
486
+
487
+ # ---------------------------------------------------------------------------
488
+ # Vaults
489
+ # ---------------------------------------------------------------------------
490
+
491
+ /v1/vaults:
492
+ post:
493
+ tags: [Vaults]
494
+ summary: Create a vault
495
+ operationId: createVault
496
+ requestBody:
497
+ required: true
498
+ content:
499
+ application/json:
500
+ schema:
501
+ $ref: "#/components/schemas/CreateVaultRequest"
502
+ responses:
503
+ "201":
504
+ description: Vault created
505
+ content:
506
+ application/json:
507
+ schema:
508
+ $ref: "#/components/schemas/VaultResponse"
509
+ "400":
510
+ $ref: "#/components/responses/BadRequest"
511
+ get:
512
+ tags: [Vaults]
513
+ summary: List vaults
514
+ operationId: listVaults
515
+ responses:
516
+ "200":
517
+ description: List of vaults
518
+ content:
519
+ application/json:
520
+ schema:
521
+ $ref: "#/components/schemas/VaultListResponse"
522
+
523
+ /v1/vaults/{vault_id}:
524
+ get:
525
+ tags: [Vaults]
526
+ summary: Get vault details
527
+ operationId: getVault
528
+ parameters:
529
+ - $ref: "#/components/parameters/VaultId"
530
+ responses:
531
+ "200":
532
+ description: Vault details
533
+ content:
534
+ application/json:
535
+ schema:
536
+ $ref: "#/components/schemas/VaultResponse"
537
+ "404":
538
+ $ref: "#/components/responses/NotFound"
539
+ delete:
540
+ tags: [Vaults]
541
+ summary: Delete a vault
542
+ operationId: deleteVault
543
+ parameters:
544
+ - $ref: "#/components/parameters/VaultId"
545
+ responses:
546
+ "204":
547
+ description: Vault deleted
548
+ "404":
549
+ $ref: "#/components/responses/NotFound"
550
+
551
+ # ---------------------------------------------------------------------------
552
+ # Secrets
553
+ # ---------------------------------------------------------------------------
554
+
555
+ /v1/vaults/{vault_id}/secrets:
556
+ get:
557
+ tags: [Secrets]
558
+ summary: List secrets in a vault
559
+ operationId: listSecrets
560
+ parameters:
561
+ - $ref: "#/components/parameters/VaultId"
562
+ - name: prefix
563
+ in: query
564
+ schema:
565
+ type: string
566
+ description: Filter by path prefix
567
+ responses:
568
+ "200":
569
+ description: Secret metadata list
570
+ content:
571
+ application/json:
572
+ schema:
573
+ $ref: "#/components/schemas/SecretListResponse"
574
+ "404":
575
+ $ref: "#/components/responses/NotFound"
576
+
577
+ /v1/vaults/{vault_id}/secrets/{path}:
578
+ put:
579
+ tags: [Secrets]
580
+ summary: Store or update a secret
581
+ operationId: putSecret
582
+ parameters:
583
+ - $ref: "#/components/parameters/VaultId"
584
+ - $ref: "#/components/parameters/SecretPath"
585
+ requestBody:
586
+ required: true
587
+ content:
588
+ application/json:
589
+ schema:
590
+ $ref: "#/components/schemas/PutSecretRequest"
591
+ responses:
592
+ "201":
593
+ description: Secret created or updated
594
+ content:
595
+ application/json:
596
+ schema:
597
+ $ref: "#/components/schemas/SecretMetadataResponse"
598
+ "400":
599
+ $ref: "#/components/responses/BadRequest"
600
+ get:
601
+ tags: [Secrets]
602
+ summary: Retrieve a decrypted secret
603
+ operationId: getSecret
604
+ parameters:
605
+ - $ref: "#/components/parameters/VaultId"
606
+ - $ref: "#/components/parameters/SecretPath"
607
+ responses:
608
+ "200":
609
+ description: Decrypted secret value
610
+ content:
611
+ application/json:
612
+ schema:
613
+ $ref: "#/components/schemas/SecretResponse"
614
+ "402":
615
+ $ref: "#/components/responses/PaymentRequired"
616
+ "404":
617
+ $ref: "#/components/responses/NotFound"
618
+ delete:
619
+ tags: [Secrets]
620
+ summary: Delete a secret
621
+ operationId: deleteSecret
622
+ parameters:
623
+ - $ref: "#/components/parameters/VaultId"
624
+ - $ref: "#/components/parameters/SecretPath"
625
+ responses:
626
+ "204":
627
+ description: Secret deleted
628
+ "404":
629
+ $ref: "#/components/responses/NotFound"
630
+
631
+ # ---------------------------------------------------------------------------
632
+ # Policies
633
+ # ---------------------------------------------------------------------------
634
+
635
+ /v1/vaults/{vault_id}/policies:
636
+ post:
637
+ tags: [Policies]
638
+ summary: Create an access policy
639
+ operationId: createPolicy
640
+ parameters:
641
+ - $ref: "#/components/parameters/VaultId"
642
+ requestBody:
643
+ required: true
644
+ content:
645
+ application/json:
646
+ schema:
647
+ $ref: "#/components/schemas/CreatePolicyRequest"
648
+ responses:
649
+ "201":
650
+ description: Policy created
651
+ content:
652
+ application/json:
653
+ schema:
654
+ $ref: "#/components/schemas/PolicyResponse"
655
+ "400":
656
+ $ref: "#/components/responses/BadRequest"
657
+ get:
658
+ tags: [Policies]
659
+ summary: List policies on a vault
660
+ operationId: listPolicies
661
+ parameters:
662
+ - $ref: "#/components/parameters/VaultId"
663
+ responses:
664
+ "200":
665
+ description: Policy list
666
+ content:
667
+ application/json:
668
+ schema:
669
+ $ref: "#/components/schemas/PolicyListResponse"
670
+
671
+ /v1/vaults/{vault_id}/policies/{policy_id}:
672
+ put:
673
+ tags: [Policies]
674
+ summary: Update a policy
675
+ operationId: updatePolicy
676
+ parameters:
677
+ - $ref: "#/components/parameters/VaultId"
678
+ - $ref: "#/components/parameters/PolicyId"
679
+ requestBody:
680
+ required: true
681
+ content:
682
+ application/json:
683
+ schema:
684
+ $ref: "#/components/schemas/UpdatePolicyRequest"
685
+ responses:
686
+ "200":
687
+ description: Policy updated
688
+ content:
689
+ application/json:
690
+ schema:
691
+ $ref: "#/components/schemas/PolicyResponse"
692
+ "404":
693
+ $ref: "#/components/responses/NotFound"
694
+ delete:
695
+ tags: [Policies]
696
+ summary: Revoke a policy
697
+ operationId: deletePolicy
698
+ parameters:
699
+ - $ref: "#/components/parameters/VaultId"
700
+ - $ref: "#/components/parameters/PolicyId"
701
+ responses:
702
+ "204":
703
+ description: Policy revoked
704
+ "404":
705
+ $ref: "#/components/responses/NotFound"
706
+
707
+ # ---------------------------------------------------------------------------
708
+ # Agents
709
+ # ---------------------------------------------------------------------------
710
+
711
+ /v1/agents:
712
+ post:
713
+ tags: [Agents]
714
+ summary: Register a new agent
715
+ operationId: createAgent
716
+ requestBody:
717
+ required: true
718
+ content:
719
+ application/json:
720
+ schema:
721
+ $ref: "#/components/schemas/CreateAgentRequest"
722
+ responses:
723
+ "201":
724
+ description: Agent created with one-time API key
725
+ content:
726
+ application/json:
727
+ schema:
728
+ $ref: "#/components/schemas/AgentCreatedResponse"
729
+ "400":
730
+ $ref: "#/components/responses/BadRequest"
731
+ get:
732
+ tags: [Agents]
733
+ summary: List agents
734
+ operationId: listAgents
735
+ responses:
736
+ "200":
737
+ description: Agent list
738
+ content:
739
+ application/json:
740
+ schema:
741
+ $ref: "#/components/schemas/AgentListResponse"
742
+
743
+ /v1/agents/me:
744
+ get:
745
+ tags: [Agents]
746
+ summary: Get the calling agent's own profile
747
+ operationId: getAgentSelf
748
+ responses:
749
+ "200":
750
+ description: Agent self profile
751
+ content:
752
+ application/json:
753
+ schema:
754
+ $ref: "#/components/schemas/AgentSelfResponse"
755
+ "403":
756
+ $ref: "#/components/responses/Forbidden"
757
+
758
+ /v1/agents/{agent_id}:
759
+ get:
760
+ tags: [Agents]
761
+ summary: Get agent details
762
+ operationId: getAgent
763
+ parameters:
764
+ - $ref: "#/components/parameters/AgentId"
765
+ responses:
766
+ "200":
767
+ description: Agent details
768
+ content:
769
+ application/json:
770
+ schema:
771
+ $ref: "#/components/schemas/AgentResponse"
772
+ "404":
773
+ $ref: "#/components/responses/NotFound"
774
+ patch:
775
+ tags: [Agents]
776
+ summary: Update an agent
777
+ operationId: updateAgent
778
+ parameters:
779
+ - $ref: "#/components/parameters/AgentId"
780
+ requestBody:
781
+ required: true
782
+ content:
783
+ application/json:
784
+ schema:
785
+ $ref: "#/components/schemas/UpdateAgentRequest"
786
+ responses:
787
+ "200":
788
+ description: Agent updated
789
+ content:
790
+ application/json:
791
+ schema:
792
+ $ref: "#/components/schemas/AgentResponse"
793
+ "404":
794
+ $ref: "#/components/responses/NotFound"
795
+ delete:
796
+ tags: [Agents]
797
+ summary: Delete an agent
798
+ operationId: deleteAgent
799
+ parameters:
800
+ - $ref: "#/components/parameters/AgentId"
801
+ responses:
802
+ "204":
803
+ description: Agent deleted
804
+ "404":
805
+ $ref: "#/components/responses/NotFound"
806
+
807
+ /v1/agents/{agent_id}/rotate-key:
808
+ post:
809
+ tags: [Agents]
810
+ summary: Rotate agent API key
811
+ operationId: rotateAgentKey
812
+ parameters:
813
+ - $ref: "#/components/parameters/AgentId"
814
+ responses:
815
+ "200":
816
+ description: New API key returned
817
+ content:
818
+ application/json:
819
+ schema:
820
+ $ref: "#/components/schemas/AgentKeyRotatedResponse"
821
+ "404":
822
+ $ref: "#/components/responses/NotFound"
823
+
824
+ # ---------------------------------------------------------------------------
825
+ # Transactions (Crypto Proxy)
826
+ # ---------------------------------------------------------------------------
827
+
828
+ /v1/agents/{agent_id}/transactions:
829
+ post:
830
+ tags: [Transactions]
831
+ summary: Submit a transaction for signing
832
+ operationId: submitTransaction
833
+ parameters:
834
+ - $ref: "#/components/parameters/AgentId"
835
+ requestBody:
836
+ required: true
837
+ content:
838
+ application/json:
839
+ schema:
840
+ $ref: "#/components/schemas/SubmitTransactionRequest"
841
+ responses:
842
+ "201":
843
+ description: Transaction signed (and optionally broadcast)
844
+ content:
845
+ application/json:
846
+ schema:
847
+ $ref: "#/components/schemas/TransactionResponse"
848
+ "403":
849
+ $ref: "#/components/responses/Forbidden"
850
+ "422":
851
+ description: Simulation reverted (when simulate_first is true)
852
+ content:
853
+ application/json:
854
+ schema:
855
+ $ref: "#/components/schemas/TransactionResponse"
856
+ get:
857
+ tags: [Transactions]
858
+ summary: List agent transactions
859
+ operationId: listTransactions
860
+ parameters:
861
+ - $ref: "#/components/parameters/AgentId"
862
+ responses:
863
+ "200":
864
+ description: Transaction list
865
+ content:
866
+ application/json:
867
+ schema:
868
+ $ref: "#/components/schemas/TransactionListResponse"
869
+
870
+ /v1/agents/{agent_id}/transactions/{tx_id}:
871
+ get:
872
+ tags: [Transactions]
873
+ summary: Get a transaction by ID
874
+ operationId: getTransaction
875
+ parameters:
876
+ - $ref: "#/components/parameters/AgentId"
877
+ - name: tx_id
878
+ in: path
879
+ required: true
880
+ schema:
881
+ type: string
882
+ format: uuid
883
+ responses:
884
+ "200":
885
+ description: Transaction details
886
+ content:
887
+ application/json:
888
+ schema:
889
+ $ref: "#/components/schemas/TransactionResponse"
890
+ "404":
891
+ $ref: "#/components/responses/NotFound"
892
+
893
+ /v1/agents/{agent_id}/transactions/simulate:
894
+ post:
895
+ tags: [Transactions]
896
+ summary: Simulate a transaction via Tenderly
897
+ operationId: simulateTransaction
898
+ parameters:
899
+ - $ref: "#/components/parameters/AgentId"
900
+ requestBody:
901
+ required: true
902
+ content:
903
+ application/json:
904
+ schema:
905
+ $ref: "#/components/schemas/SimulateTransactionRequest"
906
+ responses:
907
+ "200":
908
+ description: Simulation result
909
+ content:
910
+ application/json:
911
+ schema:
912
+ $ref: "#/components/schemas/SimulationResponse"
913
+ "400":
914
+ $ref: "#/components/responses/BadRequest"
915
+ "403":
916
+ $ref: "#/components/responses/Forbidden"
917
+
918
+ /v1/agents/{agent_id}/transactions/simulate-bundle:
919
+ post:
920
+ tags: [Transactions]
921
+ summary: Simulate a bundle of transactions
922
+ operationId: simulateBundle
923
+ parameters:
924
+ - $ref: "#/components/parameters/AgentId"
925
+ requestBody:
926
+ required: true
927
+ content:
928
+ application/json:
929
+ schema:
930
+ $ref: "#/components/schemas/SimulateBundleRequest"
931
+ responses:
932
+ "200":
933
+ description: Bundle simulation results
934
+ content:
935
+ application/json:
936
+ schema:
937
+ $ref: "#/components/schemas/BundleSimulationResponse"
938
+ "400":
939
+ $ref: "#/components/responses/BadRequest"
940
+
941
+ # ---------------------------------------------------------------------------
942
+ # Chains
943
+ # ---------------------------------------------------------------------------
944
+
945
+ /v1/chains:
946
+ get:
947
+ tags: [Chains]
948
+ summary: List enabled chains
949
+ operationId: listChains
950
+ security: []
951
+ responses:
952
+ "200":
953
+ description: Chain list
954
+ content:
955
+ application/json:
956
+ schema:
957
+ $ref: "#/components/schemas/ChainListResponse"
958
+
959
+ /v1/chains/{identifier}:
960
+ get:
961
+ tags: [Chains]
962
+ summary: Get chain by name or ID
963
+ operationId: getChain
964
+ security: []
965
+ parameters:
966
+ - name: identifier
967
+ in: path
968
+ required: true
969
+ schema:
970
+ type: string
971
+ description: Chain name (e.g. "ethereum") or numeric chain ID
972
+ responses:
973
+ "200":
974
+ description: Chain details
975
+ content:
976
+ application/json:
977
+ schema:
978
+ $ref: "#/components/schemas/ChainResponse"
979
+ "404":
980
+ $ref: "#/components/responses/NotFound"
981
+
982
+ /v1/admin/chains:
983
+ get:
984
+ tags: [Chains]
985
+ summary: List all chains including disabled (admin)
986
+ operationId: adminListChains
987
+ responses:
988
+ "200":
989
+ description: Full chain list
990
+ content:
991
+ application/json:
992
+ schema:
993
+ $ref: "#/components/schemas/ChainListResponse"
994
+ post:
995
+ tags: [Chains]
996
+ summary: Add a chain (admin)
997
+ operationId: createChain
998
+ requestBody:
999
+ required: true
1000
+ content:
1001
+ application/json:
1002
+ schema:
1003
+ $ref: "#/components/schemas/CreateChainRequest"
1004
+ responses:
1005
+ "201":
1006
+ description: Chain added
1007
+ content:
1008
+ application/json:
1009
+ schema:
1010
+ $ref: "#/components/schemas/ChainResponse"
1011
+
1012
+ /v1/admin/chains/{chain_id}:
1013
+ put:
1014
+ tags: [Chains]
1015
+ summary: Update a chain (admin)
1016
+ operationId: updateChain
1017
+ parameters:
1018
+ - name: chain_id
1019
+ in: path
1020
+ required: true
1021
+ schema:
1022
+ type: string
1023
+ format: uuid
1024
+ requestBody:
1025
+ required: true
1026
+ content:
1027
+ application/json:
1028
+ schema:
1029
+ $ref: "#/components/schemas/UpdateChainRequest"
1030
+ responses:
1031
+ "200":
1032
+ description: Chain updated
1033
+ content:
1034
+ application/json:
1035
+ schema:
1036
+ $ref: "#/components/schemas/ChainResponse"
1037
+ delete:
1038
+ tags: [Chains]
1039
+ summary: Remove a chain (admin)
1040
+ operationId: deleteChain
1041
+ parameters:
1042
+ - name: chain_id
1043
+ in: path
1044
+ required: true
1045
+ schema:
1046
+ type: string
1047
+ format: uuid
1048
+ responses:
1049
+ "204":
1050
+ description: Chain removed
1051
+
1052
+ # ---------------------------------------------------------------------------
1053
+ # Sharing
1054
+ # ---------------------------------------------------------------------------
1055
+
1056
+ /v1/secrets/{secret_id}/share:
1057
+ post:
1058
+ tags: [Sharing]
1059
+ summary: Create a share link for a secret
1060
+ operationId: createShare
1061
+ parameters:
1062
+ - name: secret_id
1063
+ in: path
1064
+ required: true
1065
+ schema:
1066
+ type: string
1067
+ format: uuid
1068
+ requestBody:
1069
+ required: true
1070
+ content:
1071
+ application/json:
1072
+ schema:
1073
+ $ref: "#/components/schemas/CreateShareRequest"
1074
+ responses:
1075
+ "201":
1076
+ description: Share created
1077
+ content:
1078
+ application/json:
1079
+ schema:
1080
+ $ref: "#/components/schemas/ShareResponse"
1081
+ "404":
1082
+ $ref: "#/components/responses/NotFound"
1083
+
1084
+ /v1/share/{share_id}:
1085
+ get:
1086
+ tags: [Sharing]
1087
+ summary: Access a shared secret
1088
+ operationId: accessShare
1089
+ security: []
1090
+ parameters:
1091
+ - name: share_id
1092
+ in: path
1093
+ required: true
1094
+ schema:
1095
+ type: string
1096
+ format: uuid
1097
+ responses:
1098
+ "200":
1099
+ description: Shared secret value
1100
+ content:
1101
+ application/json:
1102
+ schema:
1103
+ $ref: "#/components/schemas/SharedSecretResponse"
1104
+ "402":
1105
+ $ref: "#/components/responses/PaymentRequired"
1106
+ "404":
1107
+ $ref: "#/components/responses/NotFound"
1108
+ delete:
1109
+ tags: [Sharing]
1110
+ summary: Revoke a share link
1111
+ operationId: revokeShare
1112
+ parameters:
1113
+ - name: share_id
1114
+ in: path
1115
+ required: true
1116
+ schema:
1117
+ type: string
1118
+ format: uuid
1119
+ responses:
1120
+ "204":
1121
+ description: Share revoked
1122
+
1123
+ /v1/shares/outbound:
1124
+ get:
1125
+ tags: [Sharing]
1126
+ summary: List shares you have sent
1127
+ operationId: listOutboundShares
1128
+ responses:
1129
+ "200":
1130
+ description: Outbound share list
1131
+ content:
1132
+ application/json:
1133
+ schema:
1134
+ $ref: "#/components/schemas/ShareListResponse"
1135
+
1136
+ /v1/shares/inbound:
1137
+ get:
1138
+ tags: [Sharing]
1139
+ summary: List shares sent to you
1140
+ operationId: listInboundShares
1141
+ responses:
1142
+ "200":
1143
+ description: Inbound share list
1144
+ content:
1145
+ application/json:
1146
+ schema:
1147
+ $ref: "#/components/schemas/ShareListResponse"
1148
+
1149
+ /v1/shares/{share_id}/accept:
1150
+ post:
1151
+ tags: [Sharing]
1152
+ summary: Accept an inbound share
1153
+ operationId: acceptShare
1154
+ parameters:
1155
+ - name: share_id
1156
+ in: path
1157
+ required: true
1158
+ schema:
1159
+ type: string
1160
+ format: uuid
1161
+ responses:
1162
+ "204":
1163
+ description: Share accepted
1164
+
1165
+ /v1/shares/{share_id}/decline:
1166
+ post:
1167
+ tags: [Sharing]
1168
+ summary: Decline an inbound share
1169
+ operationId: declineShare
1170
+ parameters:
1171
+ - name: share_id
1172
+ in: path
1173
+ required: true
1174
+ schema:
1175
+ type: string
1176
+ format: uuid
1177
+ responses:
1178
+ "204":
1179
+ description: Share declined
1180
+
1181
+ # ---------------------------------------------------------------------------
1182
+ # Organization
1183
+ # ---------------------------------------------------------------------------
1184
+
1185
+ /v1/org/members:
1186
+ get:
1187
+ tags: [Organization]
1188
+ summary: List organization members
1189
+ operationId: listOrgMembers
1190
+ responses:
1191
+ "200":
1192
+ description: Member list
1193
+ content:
1194
+ application/json:
1195
+ schema:
1196
+ $ref: "#/components/schemas/OrgMemberListResponse"
1197
+
1198
+ /v1/org/invite:
1199
+ post:
1200
+ tags: [Organization]
1201
+ summary: Invite a member by email
1202
+ operationId: inviteMember
1203
+ requestBody:
1204
+ required: true
1205
+ content:
1206
+ application/json:
1207
+ schema:
1208
+ $ref: "#/components/schemas/InviteMemberRequest"
1209
+ responses:
1210
+ "200":
1211
+ description: Invitation sent
1212
+ content:
1213
+ application/json:
1214
+ schema:
1215
+ $ref: "#/components/schemas/InviteMemberResponse"
1216
+
1217
+ /v1/org/members/{user_id}:
1218
+ patch:
1219
+ tags: [Organization]
1220
+ summary: Update a member's role
1221
+ operationId: updateMemberRole
1222
+ parameters:
1223
+ - name: user_id
1224
+ in: path
1225
+ required: true
1226
+ schema:
1227
+ type: string
1228
+ format: uuid
1229
+ requestBody:
1230
+ required: true
1231
+ content:
1232
+ application/json:
1233
+ schema:
1234
+ $ref: "#/components/schemas/UpdateMemberRoleRequest"
1235
+ responses:
1236
+ "200":
1237
+ description: Role updated
1238
+ content:
1239
+ application/json:
1240
+ schema:
1241
+ $ref: "#/components/schemas/OrgMemberResponse"
1242
+ delete:
1243
+ tags: [Organization]
1244
+ summary: Remove a member from the organization
1245
+ operationId: removeMember
1246
+ parameters:
1247
+ - name: user_id
1248
+ in: path
1249
+ required: true
1250
+ schema:
1251
+ type: string
1252
+ format: uuid
1253
+ responses:
1254
+ "204":
1255
+ description: Member removed
1256
+
1257
+ # ---------------------------------------------------------------------------
1258
+ # Billing
1259
+ # ---------------------------------------------------------------------------
1260
+
1261
+ /v1/billing/usage:
1262
+ get:
1263
+ tags: [Billing]
1264
+ summary: Get usage summary (legacy)
1265
+ operationId: billingUsage
1266
+ responses:
1267
+ "200":
1268
+ description: Usage summary
1269
+ content:
1270
+ application/json:
1271
+ schema:
1272
+ $ref: "#/components/schemas/UsageSummaryResponse"
1273
+
1274
+ /v1/billing/history:
1275
+ get:
1276
+ tags: [Billing]
1277
+ summary: Get usage event history (legacy)
1278
+ operationId: billingHistory
1279
+ parameters:
1280
+ - name: limit
1281
+ in: query
1282
+ schema:
1283
+ type: integer
1284
+ default: 50
1285
+ responses:
1286
+ "200":
1287
+ description: Usage event list
1288
+ content:
1289
+ application/json:
1290
+ schema:
1291
+ $ref: "#/components/schemas/UsageHistoryResponse"
1292
+
1293
+ /v1/billing/subscribe:
1294
+ post:
1295
+ tags: [Billing]
1296
+ summary: Start a subscription via Stripe Checkout
1297
+ operationId: billingSubscribe
1298
+ requestBody:
1299
+ required: true
1300
+ content:
1301
+ application/json:
1302
+ schema:
1303
+ $ref: "#/components/schemas/SubscribeRequest"
1304
+ responses:
1305
+ "200":
1306
+ description: Checkout URL
1307
+ content:
1308
+ application/json:
1309
+ schema:
1310
+ $ref: "#/components/schemas/CheckoutUrlResponse"
1311
+
1312
+ /v1/billing/portal:
1313
+ post:
1314
+ tags: [Billing]
1315
+ summary: Open Stripe Customer Portal
1316
+ operationId: billingPortal
1317
+ responses:
1318
+ "200":
1319
+ description: Portal URL
1320
+ content:
1321
+ application/json:
1322
+ schema:
1323
+ $ref: "#/components/schemas/PortalUrlResponse"
1324
+
1325
+ /v1/billing/subscription:
1326
+ get:
1327
+ tags: [Billing]
1328
+ summary: Get subscription, usage, and credit summary
1329
+ operationId: billingSubscription
1330
+ responses:
1331
+ "200":
1332
+ description: Full billing summary
1333
+ content:
1334
+ application/json:
1335
+ schema:
1336
+ $ref: "#/components/schemas/SubscriptionResponse"
1337
+
1338
+ /v1/billing/credits/topup:
1339
+ post:
1340
+ tags: [Billing]
1341
+ summary: Top up prepaid credits via Stripe
1342
+ operationId: billingCreditTopup
1343
+ requestBody:
1344
+ required: true
1345
+ content:
1346
+ application/json:
1347
+ schema:
1348
+ $ref: "#/components/schemas/TopupRequest"
1349
+ responses:
1350
+ "200":
1351
+ description: Checkout URL for top-up
1352
+ content:
1353
+ application/json:
1354
+ schema:
1355
+ $ref: "#/components/schemas/CheckoutUrlResponse"
1356
+
1357
+ /v1/billing/credits/balance:
1358
+ get:
1359
+ tags: [Billing]
1360
+ summary: Get credit balance
1361
+ operationId: billingCreditBalance
1362
+ responses:
1363
+ "200":
1364
+ description: Credit balance
1365
+ content:
1366
+ application/json:
1367
+ schema:
1368
+ $ref: "#/components/schemas/CreditBalanceResponse"
1369
+
1370
+ /v1/billing/credits/transactions:
1371
+ get:
1372
+ tags: [Billing]
1373
+ summary: Get credit transaction ledger
1374
+ operationId: billingCreditTransactions
1375
+ parameters:
1376
+ - name: page
1377
+ in: query
1378
+ schema:
1379
+ type: integer
1380
+ default: 1
1381
+ - name: limit
1382
+ in: query
1383
+ schema:
1384
+ type: integer
1385
+ default: 50
1386
+ responses:
1387
+ "200":
1388
+ description: Credit ledger
1389
+ content:
1390
+ application/json:
1391
+ schema:
1392
+ $ref: "#/components/schemas/CreditTransactionsListResponse"
1393
+
1394
+ /v1/billing/overage-method:
1395
+ patch:
1396
+ tags: [Billing]
1397
+ summary: Set overage payment method
1398
+ operationId: billingOverageMethod
1399
+ requestBody:
1400
+ required: true
1401
+ content:
1402
+ application/json:
1403
+ schema:
1404
+ $ref: "#/components/schemas/OverageMethodRequest"
1405
+ responses:
1406
+ "200":
1407
+ description: Overage method updated
1408
+ content:
1409
+ application/json:
1410
+ schema:
1411
+ $ref: "#/components/schemas/OverageMethodResponse"
1412
+
1413
+ /v1/billing/webhooks:
1414
+ post:
1415
+ tags: [Billing]
1416
+ summary: Stripe webhook receiver
1417
+ operationId: billingWebhook
1418
+ security: []
1419
+ responses:
1420
+ "200":
1421
+ description: Webhook processed
1422
+
1423
+ # ---------------------------------------------------------------------------
1424
+ # Audit
1425
+ # ---------------------------------------------------------------------------
1426
+
1427
+ /v1/audit/events:
1428
+ get:
1429
+ tags: [Audit]
1430
+ summary: Query audit events
1431
+ operationId: queryAuditEvents
1432
+ parameters:
1433
+ - name: resource_id
1434
+ in: query
1435
+ schema:
1436
+ type: string
1437
+ - name: actor_id
1438
+ in: query
1439
+ schema:
1440
+ type: string
1441
+ - name: action
1442
+ in: query
1443
+ schema:
1444
+ type: string
1445
+ - name: from
1446
+ in: query
1447
+ schema:
1448
+ type: string
1449
+ format: date-time
1450
+ - name: to
1451
+ in: query
1452
+ schema:
1453
+ type: string
1454
+ format: date-time
1455
+ - name: limit
1456
+ in: query
1457
+ schema:
1458
+ type: integer
1459
+ default: 100
1460
+ - name: offset
1461
+ in: query
1462
+ schema:
1463
+ type: integer
1464
+ default: 0
1465
+ responses:
1466
+ "200":
1467
+ description: Audit events
1468
+ content:
1469
+ application/json:
1470
+ schema:
1471
+ $ref: "#/components/schemas/AuditEventsResponse"
1472
+
1473
+ # ---------------------------------------------------------------------------
1474
+ # Security (IP Rules)
1475
+ # ---------------------------------------------------------------------------
1476
+
1477
+ /v1/security/ip-rules:
1478
+ get:
1479
+ tags: [Security]
1480
+ summary: List IP rules
1481
+ operationId: listIpRules
1482
+ responses:
1483
+ "200":
1484
+ description: IP rule list
1485
+ content:
1486
+ application/json:
1487
+ schema:
1488
+ $ref: "#/components/schemas/IpRulesListResponse"
1489
+ post:
1490
+ tags: [Security]
1491
+ summary: Create an IP rule
1492
+ operationId: createIpRule
1493
+ requestBody:
1494
+ required: true
1495
+ content:
1496
+ application/json:
1497
+ schema:
1498
+ $ref: "#/components/schemas/CreateIpRuleRequest"
1499
+ responses:
1500
+ "201":
1501
+ description: Rule created
1502
+ content:
1503
+ application/json:
1504
+ schema:
1505
+ $ref: "#/components/schemas/IpRuleResponse"
1506
+
1507
+ /v1/security/ip-rules/{rule_id}:
1508
+ delete:
1509
+ tags: [Security]
1510
+ summary: Delete an IP rule
1511
+ operationId: deleteIpRule
1512
+ parameters:
1513
+ - name: rule_id
1514
+ in: path
1515
+ required: true
1516
+ schema:
1517
+ type: string
1518
+ format: uuid
1519
+ responses:
1520
+ "204":
1521
+ description: Rule deleted
1522
+
1523
+ # ---------------------------------------------------------------------------
1524
+ # Admin
1525
+ # ---------------------------------------------------------------------------
1526
+
1527
+ /v1/admin/settings:
1528
+ get:
1529
+ tags: [Admin]
1530
+ summary: List platform settings
1531
+ operationId: adminListSettings
1532
+ responses:
1533
+ "200":
1534
+ description: Settings list
1535
+ content:
1536
+ application/json:
1537
+ schema:
1538
+ $ref: "#/components/schemas/SettingsListResponse"
1539
+
1540
+ /v1/admin/settings/{key}:
1541
+ put:
1542
+ tags: [Admin]
1543
+ summary: Update a platform setting
1544
+ operationId: adminUpdateSetting
1545
+ parameters:
1546
+ - name: key
1547
+ in: path
1548
+ required: true
1549
+ schema:
1550
+ type: string
1551
+ requestBody:
1552
+ required: true
1553
+ content:
1554
+ application/json:
1555
+ schema:
1556
+ $ref: "#/components/schemas/UpdateSettingRequest"
1557
+ responses:
1558
+ "200":
1559
+ description: Setting updated
1560
+ content:
1561
+ application/json:
1562
+ schema:
1563
+ $ref: "#/components/schemas/SettingResponse"
1564
+ delete:
1565
+ tags: [Admin]
1566
+ summary: Delete a platform setting
1567
+ operationId: adminDeleteSetting
1568
+ parameters:
1569
+ - name: key
1570
+ in: path
1571
+ required: true
1572
+ schema:
1573
+ type: string
1574
+ responses:
1575
+ "204":
1576
+ description: Setting deleted
1577
+
1578
+ /v1/admin/x402:
1579
+ get:
1580
+ tags: [Admin]
1581
+ summary: Get x402 payment config
1582
+ operationId: adminGetX402Config
1583
+ responses:
1584
+ "200":
1585
+ description: x402 config
1586
+ content:
1587
+ application/json:
1588
+ schema:
1589
+ $ref: "#/components/schemas/X402ConfigResponse"
1590
+ put:
1591
+ tags: [Admin]
1592
+ summary: Update x402 payment config
1593
+ operationId: adminUpdateX402Config
1594
+ requestBody:
1595
+ required: true
1596
+ content:
1597
+ application/json:
1598
+ schema:
1599
+ $ref: "#/components/schemas/X402ConfigResponse"
1600
+ responses:
1601
+ "200":
1602
+ description: Config updated
1603
+ content:
1604
+ application/json:
1605
+ schema:
1606
+ $ref: "#/components/schemas/X402ConfigResponse"
1607
+
1608
+ /v1/admin/users:
1609
+ get:
1610
+ tags: [Admin]
1611
+ summary: List all platform users
1612
+ operationId: adminListUsers
1613
+ responses:
1614
+ "200":
1615
+ description: User list
1616
+ content:
1617
+ application/json:
1618
+ schema:
1619
+ $ref: "#/components/schemas/AdminUsersListResponse"
1620
+
1621
+ /v1/admin/users/{user_id}:
1622
+ delete:
1623
+ tags: [Admin]
1624
+ summary: Delete a user (cascade)
1625
+ operationId: adminDeleteUser
1626
+ parameters:
1627
+ - name: user_id
1628
+ in: path
1629
+ required: true
1630
+ schema:
1631
+ type: string
1632
+ format: uuid
1633
+ responses:
1634
+ "204":
1635
+ description: User deleted
1636
+
1637
+ /v1/admin/orgs/{org_id}/limits:
1638
+ get:
1639
+ tags: [Admin]
1640
+ summary: Get org limits
1641
+ operationId: adminGetOrgLimits
1642
+ parameters:
1643
+ - name: org_id
1644
+ in: path
1645
+ required: true
1646
+ schema:
1647
+ type: string
1648
+ format: uuid
1649
+ responses:
1650
+ "200":
1651
+ description: Org limits
1652
+ content:
1653
+ application/json:
1654
+ schema:
1655
+ $ref: "#/components/schemas/OrgLimitsResponse"
1656
+ put:
1657
+ tags: [Admin]
1658
+ summary: Update org limits
1659
+ operationId: adminUpdateOrgLimits
1660
+ parameters:
1661
+ - name: org_id
1662
+ in: path
1663
+ required: true
1664
+ schema:
1665
+ type: string
1666
+ format: uuid
1667
+ requestBody:
1668
+ required: true
1669
+ content:
1670
+ application/json:
1671
+ schema:
1672
+ $ref: "#/components/schemas/UpdateOrgLimitsRequest"
1673
+ responses:
1674
+ "200":
1675
+ description: Limits updated
1676
+ content:
1677
+ application/json:
1678
+ schema:
1679
+ $ref: "#/components/schemas/OrgLimitsResponse"
1680
+
1681
+ # ---------------------------------------------------------------------------
1682
+ # Health
1683
+ # ---------------------------------------------------------------------------
1684
+
1685
+ /v1/health:
1686
+ get:
1687
+ tags: [Health]
1688
+ summary: Service health check
1689
+ operationId: healthCheck
1690
+ security: []
1691
+ responses:
1692
+ "200":
1693
+ description: Healthy
1694
+ content:
1695
+ application/json:
1696
+ schema:
1697
+ $ref: "#/components/schemas/HealthResponse"
1698
+
1699
+ /v1/health/hsm:
1700
+ get:
1701
+ tags: [Health]
1702
+ summary: HSM connectivity check
1703
+ operationId: healthHsm
1704
+ security: []
1705
+ responses:
1706
+ "200":
1707
+ description: HSM status
1708
+ content:
1709
+ application/json:
1710
+ schema:
1711
+ type: object
1712
+ properties:
1713
+ status:
1714
+ type: string
1715
+ enum: [ok, degraded, unavailable]
1716
+
1717
+ # =============================================================================
1718
+ # COMPONENTS
1719
+ # =============================================================================
1720
+
1721
+ components:
1722
+
1723
+ securitySchemes:
1724
+ BearerAuth:
1725
+ type: http
1726
+ scheme: bearer
1727
+ bearerFormat: JWT
1728
+ ApiKeyAuth:
1729
+ type: http
1730
+ scheme: bearer
1731
+ description: 1ck_ prefixed API key used as Bearer token
1732
+
1733
+ parameters:
1734
+ VaultId:
1735
+ name: vault_id
1736
+ in: path
1737
+ required: true
1738
+ schema:
1739
+ type: string
1740
+ format: uuid
1741
+ SecretPath:
1742
+ name: path
1743
+ in: path
1744
+ required: true
1745
+ schema:
1746
+ type: string
1747
+ description: Secret path (e.g. "db/credentials")
1748
+ AgentId:
1749
+ name: agent_id
1750
+ in: path
1751
+ required: true
1752
+ schema:
1753
+ type: string
1754
+ format: uuid
1755
+ PolicyId:
1756
+ name: policy_id
1757
+ in: path
1758
+ required: true
1759
+ schema:
1760
+ type: string
1761
+ format: uuid
1762
+
1763
+ responses:
1764
+ BadRequest:
1765
+ description: Invalid request
1766
+ content:
1767
+ application/json:
1768
+ schema:
1769
+ $ref: "#/components/schemas/ProblemDetails"
1770
+ Unauthorized:
1771
+ description: Authentication required or invalid
1772
+ content:
1773
+ application/json:
1774
+ schema:
1775
+ $ref: "#/components/schemas/ProblemDetails"
1776
+ Forbidden:
1777
+ description: Insufficient permissions
1778
+ content:
1779
+ application/json:
1780
+ schema:
1781
+ $ref: "#/components/schemas/ProblemDetails"
1782
+ NotFound:
1783
+ description: Resource not found
1784
+ content:
1785
+ application/json:
1786
+ schema:
1787
+ $ref: "#/components/schemas/ProblemDetails"
1788
+ PaymentRequired:
1789
+ description: x402 payment required
1790
+ content:
1791
+ application/json:
1792
+ schema:
1793
+ $ref: "#/components/schemas/PaymentRequirement"
1794
+
1795
+ schemas:
1796
+
1797
+ ProblemDetails:
1798
+ type: object
1799
+ description: RFC 7807 error envelope
1800
+ properties:
1801
+ type:
1802
+ type: string
1803
+ title:
1804
+ type: string
1805
+ status:
1806
+ type: integer
1807
+ detail:
1808
+ type: string
1809
+
1810
+ # --- Auth ---
1811
+
1812
+ LoginRequest:
1813
+ type: object
1814
+ required: [email, password]
1815
+ properties:
1816
+ email:
1817
+ type: string
1818
+ format: email
1819
+ password:
1820
+ type: string
1821
+ format: password
1822
+
1823
+ LoginResponse:
1824
+ type: object
1825
+ properties:
1826
+ access_token:
1827
+ type: string
1828
+ token_type:
1829
+ type: string
1830
+ expires_in:
1831
+ type: integer
1832
+ refresh_token:
1833
+ type: string
1834
+ mfa_required:
1835
+ type: boolean
1836
+ mfa_token:
1837
+ type: string
1838
+
1839
+ TokenResponse:
1840
+ type: object
1841
+ required: [access_token, token_type]
1842
+ properties:
1843
+ access_token:
1844
+ type: string
1845
+ token_type:
1846
+ type: string
1847
+ expires_in:
1848
+ type: integer
1849
+ refresh_token:
1850
+ type: string
1851
+
1852
+ AgentTokenRequest:
1853
+ type: object
1854
+ required: [agent_id, api_key]
1855
+ properties:
1856
+ agent_id:
1857
+ type: string
1858
+ format: uuid
1859
+ api_key:
1860
+ type: string
1861
+
1862
+ UserApiKeyTokenRequest:
1863
+ type: object
1864
+ required: [api_key]
1865
+ properties:
1866
+ api_key:
1867
+ type: string
1868
+
1869
+ SignupRequest:
1870
+ type: object
1871
+ required: [email, password]
1872
+ properties:
1873
+ email:
1874
+ type: string
1875
+ format: email
1876
+ password:
1877
+ type: string
1878
+ format: password
1879
+ display_name:
1880
+ type: string
1881
+
1882
+ SignupResponse:
1883
+ type: object
1884
+ properties:
1885
+ message:
1886
+ type: string
1887
+ email:
1888
+ type: string
1889
+ access_token:
1890
+ type: string
1891
+ token_type:
1892
+ type: string
1893
+
1894
+ GoogleAuthRequest:
1895
+ type: object
1896
+ required: [id_token]
1897
+ properties:
1898
+ id_token:
1899
+ type: string
1900
+
1901
+ ChangePasswordRequest:
1902
+ type: object
1903
+ required: [current_password, new_password]
1904
+ properties:
1905
+ current_password:
1906
+ type: string
1907
+ new_password:
1908
+ type: string
1909
+
1910
+ # --- MFA ---
1911
+
1912
+ MfaStatusResponse:
1913
+ type: object
1914
+ properties:
1915
+ enabled:
1916
+ type: boolean
1917
+
1918
+ MfaSetupResponse:
1919
+ type: object
1920
+ properties:
1921
+ otpauth_uri:
1922
+ type: string
1923
+ secret:
1924
+ type: string
1925
+
1926
+ MfaVerifySetupRequest:
1927
+ type: object
1928
+ required: [code]
1929
+ properties:
1930
+ code:
1931
+ type: string
1932
+
1933
+ MfaVerifySetupResponse:
1934
+ type: object
1935
+ properties:
1936
+ recovery_codes:
1937
+ type: array
1938
+ items:
1939
+ type: string
1940
+
1941
+ MfaVerifyRequest:
1942
+ type: object
1943
+ required: [code, mfa_token]
1944
+ properties:
1945
+ code:
1946
+ type: string
1947
+ mfa_token:
1948
+ type: string
1949
+
1950
+ MfaDisableRequest:
1951
+ type: object
1952
+ properties:
1953
+ code:
1954
+ type: string
1955
+ password:
1956
+ type: string
1957
+
1958
+ # --- Device Auth ---
1959
+
1960
+ DeviceCodeRequest:
1961
+ type: object
1962
+ required: [client_id]
1963
+ properties:
1964
+ client_id:
1965
+ type: string
1966
+
1967
+ DeviceCodeResponse:
1968
+ type: object
1969
+ properties:
1970
+ device_code:
1971
+ type: string
1972
+ user_code:
1973
+ type: string
1974
+ verification_uri:
1975
+ type: string
1976
+ format: uri
1977
+ expires_in:
1978
+ type: integer
1979
+ interval:
1980
+ type: integer
1981
+
1982
+ DeviceTokenRequest:
1983
+ type: object
1984
+ required: [device_code, grant_type]
1985
+ properties:
1986
+ device_code:
1987
+ type: string
1988
+ grant_type:
1989
+ type: string
1990
+
1991
+ DeviceTokenResponse:
1992
+ type: object
1993
+ properties:
1994
+ access_token:
1995
+ type: string
1996
+ token_type:
1997
+ type: string
1998
+ expires_in:
1999
+ type: integer
2000
+ error:
2001
+ type: string
2002
+ email:
2003
+ type: string
2004
+ user_id:
2005
+ type: string
2006
+ org_id:
2007
+ type: string
2008
+
2009
+ DeviceApproveRequest:
2010
+ type: object
2011
+ required: [user_code]
2012
+ properties:
2013
+ user_code:
2014
+ type: string
2015
+
2016
+ # --- API Keys ---
2017
+
2018
+ CreateApiKeyRequest:
2019
+ type: object
2020
+ required: [name]
2021
+ properties:
2022
+ name:
2023
+ type: string
2024
+ scopes:
2025
+ type: array
2026
+ items:
2027
+ type: string
2028
+ expires_at:
2029
+ type: string
2030
+ format: date-time
2031
+
2032
+ ApiKeyResponse:
2033
+ type: object
2034
+ properties:
2035
+ id:
2036
+ type: string
2037
+ format: uuid
2038
+ name:
2039
+ type: string
2040
+ key_prefix:
2041
+ type: string
2042
+ scopes:
2043
+ type: array
2044
+ items:
2045
+ type: string
2046
+ is_active:
2047
+ type: boolean
2048
+ created_at:
2049
+ type: string
2050
+ format: date-time
2051
+ expires_at:
2052
+ type: string
2053
+ format: date-time
2054
+ last_used_at:
2055
+ type: string
2056
+ format: date-time
2057
+
2058
+ ApiKeyCreatedResponse:
2059
+ type: object
2060
+ properties:
2061
+ key:
2062
+ $ref: "#/components/schemas/ApiKeyResponse"
2063
+ api_key:
2064
+ type: string
2065
+ description: Full key (shown once)
2066
+
2067
+ ApiKeyListResponse:
2068
+ type: object
2069
+ properties:
2070
+ keys:
2071
+ type: array
2072
+ items:
2073
+ $ref: "#/components/schemas/ApiKeyResponse"
2074
+
2075
+ # --- Vaults ---
2076
+
2077
+ CreateVaultRequest:
2078
+ type: object
2079
+ required: [name]
2080
+ properties:
2081
+ name:
2082
+ type: string
2083
+ description:
2084
+ type: string
2085
+
2086
+ VaultResponse:
2087
+ type: object
2088
+ required: [id, name, created_at]
2089
+ properties:
2090
+ id:
2091
+ type: string
2092
+ format: uuid
2093
+ name:
2094
+ type: string
2095
+ description:
2096
+ type: string
2097
+ created_by:
2098
+ type: string
2099
+ created_by_type:
2100
+ type: string
2101
+ created_at:
2102
+ type: string
2103
+ format: date-time
2104
+
2105
+ VaultListResponse:
2106
+ type: object
2107
+ properties:
2108
+ vaults:
2109
+ type: array
2110
+ items:
2111
+ $ref: "#/components/schemas/VaultResponse"
2112
+
2113
+ # --- Secrets ---
2114
+
2115
+ PutSecretRequest:
2116
+ type: object
2117
+ required: [value]
2118
+ properties:
2119
+ type:
2120
+ type: string
2121
+ description: Secret type (generic, password, api_key, certificate, private_key, ssh_key, env)
2122
+ default: generic
2123
+ value:
2124
+ type: string
2125
+ metadata:
2126
+ type: object
2127
+ additionalProperties: true
2128
+ expires_at:
2129
+ type: string
2130
+ format: date-time
2131
+ rotation_policy:
2132
+ type: object
2133
+ additionalProperties: true
2134
+ max_access_count:
2135
+ type: integer
2136
+
2137
+ SecretMetadataResponse:
2138
+ type: object
2139
+ required: [id, path, type, version, created_at]
2140
+ properties:
2141
+ id:
2142
+ type: string
2143
+ format: uuid
2144
+ path:
2145
+ type: string
2146
+ type:
2147
+ type: string
2148
+ version:
2149
+ type: integer
2150
+ metadata:
2151
+ type: object
2152
+ additionalProperties: true
2153
+ created_at:
2154
+ type: string
2155
+ format: date-time
2156
+ expires_at:
2157
+ type: string
2158
+ format: date-time
2159
+
2160
+ SecretResponse:
2161
+ type: object
2162
+ required: [id, path, type, value, version, created_at]
2163
+ properties:
2164
+ id:
2165
+ type: string
2166
+ format: uuid
2167
+ path:
2168
+ type: string
2169
+ type:
2170
+ type: string
2171
+ value:
2172
+ type: string
2173
+ version:
2174
+ type: integer
2175
+ metadata:
2176
+ type: object
2177
+ additionalProperties: true
2178
+ created_by:
2179
+ type: string
2180
+ created_at:
2181
+ type: string
2182
+ format: date-time
2183
+ expires_at:
2184
+ type: string
2185
+ format: date-time
2186
+
2187
+ SecretListResponse:
2188
+ type: object
2189
+ properties:
2190
+ secrets:
2191
+ type: array
2192
+ items:
2193
+ $ref: "#/components/schemas/SecretMetadataResponse"
2194
+
2195
+ # --- Policies ---
2196
+
2197
+ CreatePolicyRequest:
2198
+ type: object
2199
+ required: [secret_path_pattern, principal_type, principal_id, permissions]
2200
+ properties:
2201
+ secret_path_pattern:
2202
+ type: string
2203
+ principal_type:
2204
+ type: string
2205
+ enum: [user, agent]
2206
+ principal_id:
2207
+ type: string
2208
+ permissions:
2209
+ type: array
2210
+ items:
2211
+ type: string
2212
+ conditions:
2213
+ type: object
2214
+ additionalProperties: true
2215
+ expires_at:
2216
+ type: string
2217
+ format: date-time
2218
+
2219
+ UpdatePolicyRequest:
2220
+ type: object
2221
+ properties:
2222
+ permissions:
2223
+ type: array
2224
+ items:
2225
+ type: string
2226
+ conditions:
2227
+ type: object
2228
+ additionalProperties: true
2229
+ expires_at:
2230
+ type: string
2231
+ format: date-time
2232
+
2233
+ PolicyResponse:
2234
+ type: object
2235
+ required: [id, vault_id, secret_path_pattern, principal_type, principal_id, permissions, created_at]
2236
+ properties:
2237
+ id:
2238
+ type: string
2239
+ format: uuid
2240
+ vault_id:
2241
+ type: string
2242
+ format: uuid
2243
+ secret_path_pattern:
2244
+ type: string
2245
+ principal_type:
2246
+ type: string
2247
+ principal_id:
2248
+ type: string
2249
+ permissions:
2250
+ type: array
2251
+ items:
2252
+ type: string
2253
+ conditions:
2254
+ type: object
2255
+ additionalProperties: true
2256
+ expires_at:
2257
+ type: string
2258
+ format: date-time
2259
+ created_by:
2260
+ type: string
2261
+ created_by_type:
2262
+ type: string
2263
+ created_at:
2264
+ type: string
2265
+ format: date-time
2266
+
2267
+ PolicyListResponse:
2268
+ type: object
2269
+ properties:
2270
+ policies:
2271
+ type: array
2272
+ items:
2273
+ $ref: "#/components/schemas/PolicyResponse"
2274
+
2275
+ # --- Agents ---
2276
+
2277
+ CreateAgentRequest:
2278
+ type: object
2279
+ required: [name]
2280
+ properties:
2281
+ name:
2282
+ type: string
2283
+ description:
2284
+ type: string
2285
+ auth_method:
2286
+ type: string
2287
+ scopes:
2288
+ type: array
2289
+ items:
2290
+ type: string
2291
+ expires_at:
2292
+ type: string
2293
+ format: date-time
2294
+ crypto_proxy_enabled:
2295
+ type: boolean
2296
+ default: false
2297
+ tx_to_allowlist:
2298
+ type: array
2299
+ items:
2300
+ type: string
2301
+ tx_max_value_eth:
2302
+ type: string
2303
+ tx_daily_limit_eth:
2304
+ type: string
2305
+ tx_allowed_chains:
2306
+ type: array
2307
+ items:
2308
+ type: string
2309
+
2310
+ UpdateAgentRequest:
2311
+ type: object
2312
+ properties:
2313
+ name:
2314
+ type: string
2315
+ scopes:
2316
+ type: array
2317
+ items:
2318
+ type: string
2319
+ is_active:
2320
+ type: boolean
2321
+ expires_at:
2322
+ type: string
2323
+ format: date-time
2324
+ crypto_proxy_enabled:
2325
+ type: boolean
2326
+ tx_to_allowlist:
2327
+ type: array
2328
+ items:
2329
+ type: string
2330
+ tx_max_value_eth:
2331
+ type: string
2332
+ tx_daily_limit_eth:
2333
+ type: string
2334
+ tx_allowed_chains:
2335
+ type: array
2336
+ items:
2337
+ type: string
2338
+
2339
+ AgentResponse:
2340
+ type: object
2341
+ required: [id, name, auth_method, is_active, crypto_proxy_enabled, created_at]
2342
+ properties:
2343
+ id:
2344
+ type: string
2345
+ format: uuid
2346
+ name:
2347
+ type: string
2348
+ description:
2349
+ type: string
2350
+ auth_method:
2351
+ type: string
2352
+ scopes:
2353
+ type: array
2354
+ items:
2355
+ type: string
2356
+ is_active:
2357
+ type: boolean
2358
+ crypto_proxy_enabled:
2359
+ type: boolean
2360
+ tx_to_allowlist:
2361
+ type: array
2362
+ items:
2363
+ type: string
2364
+ tx_max_value_eth:
2365
+ type: string
2366
+ tx_daily_limit_eth:
2367
+ type: string
2368
+ tx_allowed_chains:
2369
+ type: array
2370
+ items:
2371
+ type: string
2372
+ created_at:
2373
+ type: string
2374
+ format: date-time
2375
+ expires_at:
2376
+ type: string
2377
+ format: date-time
2378
+ last_active_at:
2379
+ type: string
2380
+ format: date-time
2381
+
2382
+ AgentSelfResponse:
2383
+ type: object
2384
+ properties:
2385
+ id:
2386
+ type: string
2387
+ format: uuid
2388
+ name:
2389
+ type: string
2390
+ description:
2391
+ type: string
2392
+ org_id:
2393
+ type: string
2394
+ format: uuid
2395
+ scopes:
2396
+ type: array
2397
+ items:
2398
+ type: string
2399
+ is_active:
2400
+ type: boolean
2401
+ crypto_proxy_enabled:
2402
+ type: boolean
2403
+ created_by:
2404
+ type: string
2405
+ format: uuid
2406
+ created_at:
2407
+ type: string
2408
+ format: date-time
2409
+ expires_at:
2410
+ type: string
2411
+ format: date-time
2412
+ last_active_at:
2413
+ type: string
2414
+ format: date-time
2415
+
2416
+ AgentCreatedResponse:
2417
+ type: object
2418
+ required: [agent, api_key]
2419
+ properties:
2420
+ agent:
2421
+ $ref: "#/components/schemas/AgentResponse"
2422
+ api_key:
2423
+ type: string
2424
+ description: One-time API key (store securely)
2425
+
2426
+ AgentListResponse:
2427
+ type: object
2428
+ properties:
2429
+ agents:
2430
+ type: array
2431
+ items:
2432
+ $ref: "#/components/schemas/AgentResponse"
2433
+
2434
+ AgentKeyRotatedResponse:
2435
+ type: object
2436
+ properties:
2437
+ api_key:
2438
+ type: string
2439
+
2440
+ # --- Transactions ---
2441
+
2442
+ SubmitTransactionRequest:
2443
+ type: object
2444
+ required: [to, value, chain]
2445
+ properties:
2446
+ to:
2447
+ type: string
2448
+ description: Destination address (0x-prefixed)
2449
+ value:
2450
+ type: string
2451
+ description: Value in ETH
2452
+ chain:
2453
+ type: string
2454
+ description: Chain name or numeric ID
2455
+ data:
2456
+ type: string
2457
+ description: Hex-encoded calldata
2458
+ signing_key_path:
2459
+ type: string
2460
+ nonce:
2461
+ type: integer
2462
+ gas_price:
2463
+ type: string
2464
+ gas_limit:
2465
+ type: integer
2466
+ max_fee_per_gas:
2467
+ type: string
2468
+ max_priority_fee_per_gas:
2469
+ type: string
2470
+ simulate_first:
2471
+ type: boolean
2472
+ default: false
2473
+
2474
+ SimulateTransactionRequest:
2475
+ type: object
2476
+ required: [to, value, chain]
2477
+ properties:
2478
+ to:
2479
+ type: string
2480
+ value:
2481
+ type: string
2482
+ chain:
2483
+ type: string
2484
+ data:
2485
+ type: string
2486
+ signing_key_path:
2487
+ type: string
2488
+ gas_limit:
2489
+ type: integer
2490
+
2491
+ SimulateBundleRequest:
2492
+ type: object
2493
+ required: [transactions]
2494
+ properties:
2495
+ transactions:
2496
+ type: array
2497
+ items:
2498
+ $ref: "#/components/schemas/SimulateTransactionRequest"
2499
+
2500
+ TransactionResponse:
2501
+ type: object
2502
+ properties:
2503
+ id:
2504
+ type: string
2505
+ format: uuid
2506
+ agent_id:
2507
+ type: string
2508
+ format: uuid
2509
+ chain:
2510
+ type: string
2511
+ chain_id:
2512
+ type: integer
2513
+ to:
2514
+ type: string
2515
+ value_wei:
2516
+ type: string
2517
+ status:
2518
+ type: string
2519
+ enum: [pending, signed, broadcast, failed, simulation_failed]
2520
+ signed_tx:
2521
+ type: string
2522
+ tx_hash:
2523
+ type: string
2524
+ error_message:
2525
+ type: string
2526
+ created_at:
2527
+ type: string
2528
+ format: date-time
2529
+ signed_at:
2530
+ type: string
2531
+ format: date-time
2532
+ simulation_id:
2533
+ type: string
2534
+ simulation_status:
2535
+ type: string
2536
+ tenderly_dashboard_url:
2537
+ type: string
2538
+ format: uri
2539
+ max_fee_per_gas:
2540
+ type: string
2541
+ max_priority_fee_per_gas:
2542
+ type: string
2543
+
2544
+ TransactionListResponse:
2545
+ type: object
2546
+ properties:
2547
+ transactions:
2548
+ type: array
2549
+ items:
2550
+ $ref: "#/components/schemas/TransactionResponse"
2551
+
2552
+ BalanceChange:
2553
+ type: object
2554
+ properties:
2555
+ address:
2556
+ type: string
2557
+ token:
2558
+ type: string
2559
+ token_symbol:
2560
+ type: string
2561
+ before:
2562
+ type: string
2563
+ after:
2564
+ type: string
2565
+ change:
2566
+ type: string
2567
+
2568
+ SimulationResponse:
2569
+ type: object
2570
+ properties:
2571
+ simulation_id:
2572
+ type: string
2573
+ status:
2574
+ type: string
2575
+ enum: [success, reverted, error]
2576
+ gas_used:
2577
+ type: integer
2578
+ gas_estimate_usd:
2579
+ type: string
2580
+ balance_changes:
2581
+ type: array
2582
+ items:
2583
+ $ref: "#/components/schemas/BalanceChange"
2584
+ error:
2585
+ type: string
2586
+ error_code:
2587
+ type: string
2588
+ error_human_readable:
2589
+ type: string
2590
+ revert_reason:
2591
+ type: string
2592
+ tenderly_dashboard_url:
2593
+ type: string
2594
+ format: uri
2595
+ simulated_at:
2596
+ type: string
2597
+ format: date-time
2598
+
2599
+ BundleSimulationResponse:
2600
+ type: object
2601
+ properties:
2602
+ simulations:
2603
+ type: array
2604
+ items:
2605
+ $ref: "#/components/schemas/SimulationResponse"
2606
+
2607
+ # --- Chains ---
2608
+
2609
+ ChainResponse:
2610
+ type: object
2611
+ properties:
2612
+ id:
2613
+ type: string
2614
+ format: uuid
2615
+ name:
2616
+ type: string
2617
+ display_name:
2618
+ type: string
2619
+ chain_id:
2620
+ type: integer
2621
+ rpc_url:
2622
+ type: string
2623
+ ws_url:
2624
+ type: string
2625
+ explorer_url:
2626
+ type: string
2627
+ native_currency:
2628
+ type: string
2629
+ is_testnet:
2630
+ type: boolean
2631
+ is_enabled:
2632
+ type: boolean
2633
+ created_at:
2634
+ type: string
2635
+ format: date-time
2636
+ updated_at:
2637
+ type: string
2638
+ format: date-time
2639
+
2640
+ ChainListResponse:
2641
+ type: object
2642
+ properties:
2643
+ chains:
2644
+ type: array
2645
+ items:
2646
+ $ref: "#/components/schemas/ChainResponse"
2647
+
2648
+ CreateChainRequest:
2649
+ type: object
2650
+ required: [name, display_name, chain_id]
2651
+ properties:
2652
+ name:
2653
+ type: string
2654
+ display_name:
2655
+ type: string
2656
+ chain_id:
2657
+ type: integer
2658
+ rpc_url:
2659
+ type: string
2660
+ ws_url:
2661
+ type: string
2662
+ explorer_url:
2663
+ type: string
2664
+ native_currency:
2665
+ type: string
2666
+ default: ETH
2667
+ is_testnet:
2668
+ type: boolean
2669
+ default: false
2670
+ is_enabled:
2671
+ type: boolean
2672
+ default: true
2673
+
2674
+ UpdateChainRequest:
2675
+ type: object
2676
+ properties:
2677
+ display_name:
2678
+ type: string
2679
+ rpc_url:
2680
+ type: string
2681
+ ws_url:
2682
+ type: string
2683
+ explorer_url:
2684
+ type: string
2685
+ native_currency:
2686
+ type: string
2687
+ is_testnet:
2688
+ type: boolean
2689
+ is_enabled:
2690
+ type: boolean
2691
+
2692
+ # --- Sharing ---
2693
+
2694
+ CreateShareRequest:
2695
+ type: object
2696
+ required: [recipient_type, expires_at]
2697
+ properties:
2698
+ recipient_type:
2699
+ type: string
2700
+ enum: [user, agent, external_email, anyone_with_link, creator]
2701
+ recipient_id:
2702
+ type: string
2703
+ format: uuid
2704
+ email:
2705
+ type: string
2706
+ format: email
2707
+ permissions:
2708
+ type: array
2709
+ items:
2710
+ type: string
2711
+ max_access_count:
2712
+ type: integer
2713
+ expires_at:
2714
+ type: string
2715
+ format: date-time
2716
+ passphrase:
2717
+ type: string
2718
+ ip_allowlist:
2719
+ type: array
2720
+ items:
2721
+ type: string
2722
+
2723
+ ShareResponse:
2724
+ type: object
2725
+ properties:
2726
+ id:
2727
+ type: string
2728
+ format: uuid
2729
+ share_url:
2730
+ type: string
2731
+ format: uri
2732
+ recipient_type:
2733
+ type: string
2734
+ recipient_email:
2735
+ type: string
2736
+ expires_at:
2737
+ type: string
2738
+ format: date-time
2739
+ max_access_count:
2740
+ type: integer
2741
+
2742
+ SharedSecretResponse:
2743
+ type: object
2744
+ properties:
2745
+ id:
2746
+ type: string
2747
+ format: uuid
2748
+ path:
2749
+ type: string
2750
+ type:
2751
+ type: string
2752
+ value:
2753
+ type: string
2754
+ access_count:
2755
+ type: integer
2756
+ max_access_count:
2757
+ type: integer
2758
+
2759
+ ShareListItem:
2760
+ type: object
2761
+ properties:
2762
+ id:
2763
+ type: string
2764
+ format: uuid
2765
+ secret_path:
2766
+ type: string
2767
+ recipient_type:
2768
+ type: string
2769
+ recipient_email:
2770
+ type: string
2771
+ access_count:
2772
+ type: integer
2773
+ max_access_count:
2774
+ type: integer
2775
+ expires_at:
2776
+ type: string
2777
+ format: date-time
2778
+ created_at:
2779
+ type: string
2780
+ format: date-time
2781
+ is_expired:
2782
+ type: boolean
2783
+ is_accepted:
2784
+ type: boolean
2785
+
2786
+ ShareListResponse:
2787
+ type: object
2788
+ properties:
2789
+ shares:
2790
+ type: array
2791
+ items:
2792
+ $ref: "#/components/schemas/ShareListItem"
2793
+
2794
+ # --- Organization ---
2795
+
2796
+ OrgMemberResponse:
2797
+ type: object
2798
+ properties:
2799
+ id:
2800
+ type: string
2801
+ format: uuid
2802
+ email:
2803
+ type: string
2804
+ display_name:
2805
+ type: string
2806
+ role:
2807
+ type: string
2808
+ auth_method:
2809
+ type: string
2810
+ created_at:
2811
+ type: string
2812
+ format: date-time
2813
+
2814
+ OrgMemberListResponse:
2815
+ type: object
2816
+ properties:
2817
+ members:
2818
+ type: array
2819
+ items:
2820
+ $ref: "#/components/schemas/OrgMemberResponse"
2821
+
2822
+ UpdateMemberRoleRequest:
2823
+ type: object
2824
+ required: [role]
2825
+ properties:
2826
+ role:
2827
+ type: string
2828
+ enum: [owner, admin, member]
2829
+
2830
+ InviteMemberRequest:
2831
+ type: object
2832
+ required: [email]
2833
+ properties:
2834
+ email:
2835
+ type: string
2836
+ format: email
2837
+ role:
2838
+ type: string
2839
+
2840
+ InviteMemberResponse:
2841
+ type: object
2842
+ properties:
2843
+ message:
2844
+ type: string
2845
+ email:
2846
+ type: string
2847
+
2848
+ # --- Billing ---
2849
+
2850
+ UsageSummaryResponse:
2851
+ type: object
2852
+ properties:
2853
+ billing_tier:
2854
+ type: string
2855
+ free_tier_limit:
2856
+ type: integer
2857
+ current_month:
2858
+ type: object
2859
+ properties:
2860
+ total_requests:
2861
+ type: integer
2862
+ paid_requests:
2863
+ type: integer
2864
+ free_requests:
2865
+ type: integer
2866
+ total_cost_usd:
2867
+ type: string
2868
+
2869
+ UsageHistoryResponse:
2870
+ type: object
2871
+ properties:
2872
+ events:
2873
+ type: array
2874
+ items:
2875
+ type: object
2876
+ properties:
2877
+ id:
2878
+ type: string
2879
+ format: uuid
2880
+ principal_type:
2881
+ type: string
2882
+ principal_id:
2883
+ type: string
2884
+ method:
2885
+ type: string
2886
+ endpoint:
2887
+ type: string
2888
+ status_code:
2889
+ type: integer
2890
+ price_usd:
2891
+ type: string
2892
+ is_paid:
2893
+ type: boolean
2894
+ created_at:
2895
+ type: string
2896
+ format: date-time
2897
+
2898
+ SubscribeRequest:
2899
+ type: object
2900
+ required: [tier, interval]
2901
+ properties:
2902
+ tier:
2903
+ type: string
2904
+ enum: [pro, business]
2905
+ interval:
2906
+ type: string
2907
+ enum: [monthly, yearly]
2908
+ trial:
2909
+ type: boolean
2910
+ default: true
2911
+
2912
+ TopupRequest:
2913
+ type: object
2914
+ required: [amount_usd]
2915
+ properties:
2916
+ amount_usd:
2917
+ type: integer
2918
+ minimum: 5
2919
+ maximum: 1000
2920
+
2921
+ OverageMethodRequest:
2922
+ type: object
2923
+ required: [method]
2924
+ properties:
2925
+ method:
2926
+ type: string
2927
+ enum: [credits, x402]
2928
+
2929
+ CheckoutUrlResponse:
2930
+ type: object
2931
+ properties:
2932
+ checkout_url:
2933
+ type: string
2934
+ format: uri
2935
+
2936
+ PortalUrlResponse:
2937
+ type: object
2938
+ properties:
2939
+ portal_url:
2940
+ type: string
2941
+ format: uri
2942
+
2943
+ SubscriptionResponse:
2944
+ type: object
2945
+ properties:
2946
+ tier:
2947
+ type: string
2948
+ interval:
2949
+ type: string
2950
+ period_end:
2951
+ type: string
2952
+ format: date-time
2953
+ status:
2954
+ type: string
2955
+ credit_balance_cents:
2956
+ type: integer
2957
+ credit_balance_usd:
2958
+ type: string
2959
+ overage_method:
2960
+ type: string
2961
+ usage:
2962
+ type: object
2963
+ properties:
2964
+ requests:
2965
+ $ref: "#/components/schemas/UsageMeter"
2966
+ secrets:
2967
+ $ref: "#/components/schemas/UsageMeter"
2968
+ agents:
2969
+ $ref: "#/components/schemas/UsageMeter"
2970
+ vaults:
2971
+ $ref: "#/components/schemas/UsageMeter"
2972
+ team_members:
2973
+ $ref: "#/components/schemas/UsageMeter"
2974
+ proxy_transactions:
2975
+ $ref: "#/components/schemas/UsageMeter"
2976
+ shares:
2977
+ $ref: "#/components/schemas/UsageMeter"
2978
+
2979
+ UsageMeter:
2980
+ type: object
2981
+ properties:
2982
+ used:
2983
+ type: integer
2984
+ limit:
2985
+ type: integer
2986
+
2987
+ CreditBalanceResponse:
2988
+ type: object
2989
+ properties:
2990
+ balance_cents:
2991
+ type: integer
2992
+ balance_usd:
2993
+ type: string
2994
+ expiring_within_90_days:
2995
+ type: object
2996
+ properties:
2997
+ amount_cents:
2998
+ type: integer
2999
+ earliest_expiry:
3000
+ type: string
3001
+ format: date-time
3002
+
3003
+ CreditTransactionsListResponse:
3004
+ type: object
3005
+ properties:
3006
+ transactions:
3007
+ type: array
3008
+ items:
3009
+ type: object
3010
+ properties:
3011
+ id:
3012
+ type: string
3013
+ format: uuid
3014
+ type:
3015
+ type: string
3016
+ amount_cents:
3017
+ type: integer
3018
+ balance_after_cents:
3019
+ type: integer
3020
+ description:
3021
+ type: string
3022
+ created_at:
3023
+ type: string
3024
+ format: date-time
3025
+ page:
3026
+ type: integer
3027
+ limit:
3028
+ type: integer
3029
+
3030
+ OverageMethodResponse:
3031
+ type: object
3032
+ properties:
3033
+ overage_method:
3034
+ type: string
3035
+
3036
+ # --- Audit ---
3037
+
3038
+ AuditEventsResponse:
3039
+ type: object
3040
+ properties:
3041
+ events:
3042
+ type: array
3043
+ items:
3044
+ $ref: "#/components/schemas/AuditEvent"
3045
+ count:
3046
+ type: integer
3047
+
3048
+ AuditEvent:
3049
+ type: object
3050
+ properties:
3051
+ id:
3052
+ type: string
3053
+ format: uuid
3054
+ action:
3055
+ type: string
3056
+ actor_id:
3057
+ type: string
3058
+ actor_type:
3059
+ type: string
3060
+ resource_type:
3061
+ type: string
3062
+ resource_id:
3063
+ type: string
3064
+ org_id:
3065
+ type: string
3066
+ format: uuid
3067
+ details:
3068
+ type: object
3069
+ additionalProperties: true
3070
+ ip_address:
3071
+ type: string
3072
+ created_at:
3073
+ type: string
3074
+ format: date-time
3075
+
3076
+ # --- Security ---
3077
+
3078
+ CreateIpRuleRequest:
3079
+ type: object
3080
+ required: [rule_type, cidr]
3081
+ properties:
3082
+ rule_type:
3083
+ type: string
3084
+ enum: [allow, deny]
3085
+ cidr:
3086
+ type: string
3087
+ label:
3088
+ type: string
3089
+ applies_to:
3090
+ type: string
3091
+
3092
+ IpRuleResponse:
3093
+ type: object
3094
+ properties:
3095
+ id:
3096
+ type: string
3097
+ format: uuid
3098
+ org_id:
3099
+ type: string
3100
+ format: uuid
3101
+ rule_type:
3102
+ type: string
3103
+ cidr:
3104
+ type: string
3105
+ label:
3106
+ type: string
3107
+ applies_to:
3108
+ type: string
3109
+ created_by:
3110
+ type: string
3111
+ created_at:
3112
+ type: string
3113
+ format: date-time
3114
+
3115
+ IpRulesListResponse:
3116
+ type: object
3117
+ properties:
3118
+ rules:
3119
+ type: array
3120
+ items:
3121
+ $ref: "#/components/schemas/IpRuleResponse"
3122
+
3123
+ # --- Admin ---
3124
+
3125
+ SettingResponse:
3126
+ type: object
3127
+ properties:
3128
+ key:
3129
+ type: string
3130
+ value:
3131
+ type: string
3132
+ updated_by:
3133
+ type: string
3134
+ updated_at:
3135
+ type: string
3136
+ format: date-time
3137
+
3138
+ SettingsListResponse:
3139
+ type: object
3140
+ properties:
3141
+ settings:
3142
+ type: array
3143
+ items:
3144
+ $ref: "#/components/schemas/SettingResponse"
3145
+
3146
+ UpdateSettingRequest:
3147
+ type: object
3148
+ required: [value]
3149
+ properties:
3150
+ value:
3151
+ type: string
3152
+
3153
+ X402ConfigResponse:
3154
+ type: object
3155
+ properties:
3156
+ pay_to:
3157
+ type: string
3158
+ network:
3159
+ type: string
3160
+ scheme:
3161
+ type: string
3162
+ free_tier_limit:
3163
+ type: integer
3164
+ facilitator_url:
3165
+ type: string
3166
+
3167
+ AdminUsersListResponse:
3168
+ type: object
3169
+ properties:
3170
+ users:
3171
+ type: array
3172
+ items:
3173
+ type: object
3174
+ properties:
3175
+ id:
3176
+ type: string
3177
+ format: uuid
3178
+ email:
3179
+ type: string
3180
+ display_name:
3181
+ type: string
3182
+ role:
3183
+ type: string
3184
+ auth_method:
3185
+ type: string
3186
+ org_id:
3187
+ type: string
3188
+ format: uuid
3189
+ org_name:
3190
+ type: string
3191
+ created_at:
3192
+ type: string
3193
+ format: date-time
3194
+ free_tier_override:
3195
+ type: integer
3196
+ is_sponsored:
3197
+ type: boolean
3198
+ current_month_requests:
3199
+ type: integer
3200
+ total:
3201
+ type: integer
3202
+
3203
+ UpdateOrgLimitsRequest:
3204
+ type: object
3205
+ properties:
3206
+ free_tier_override:
3207
+ type: integer
3208
+ is_sponsored:
3209
+ type: boolean
3210
+
3211
+ OrgLimitsResponse:
3212
+ type: object
3213
+ properties:
3214
+ org_id:
3215
+ type: string
3216
+ format: uuid
3217
+ free_tier_override:
3218
+ type: integer
3219
+ is_sponsored:
3220
+ type: boolean
3221
+
3222
+ # --- x402 ---
3223
+
3224
+ PaymentRequirement:
3225
+ type: object
3226
+ properties:
3227
+ x402Version:
3228
+ type: integer
3229
+ accepts:
3230
+ type: array
3231
+ items:
3232
+ type: object
3233
+ properties:
3234
+ scheme:
3235
+ type: string
3236
+ network:
3237
+ type: string
3238
+ payTo:
3239
+ type: string
3240
+ price:
3241
+ type: string
3242
+ requiredDeadlineSeconds:
3243
+ type: integer
3244
+ description:
3245
+ type: string
3246
+
3247
+ # --- Health ---
3248
+
3249
+ HealthResponse:
3250
+ type: object
3251
+ properties:
3252
+ status:
3253
+ type: string
3254
+ enum: [healthy, degraded]
3255
+ version:
3256
+ type: string