@1claw/openapi-spec 0.15.1 → 0.15.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +3 -1
  2. package/openapi.json +531 -24
  3. package/openapi.yaml +360 -17
  4. package/package.json +1 -1
package/README.md CHANGED
@@ -42,12 +42,14 @@ import spec from "@1claw/openapi-spec/openapi.json";
42
42
 
43
43
  ## What's in the spec (v0.15.x)
44
44
 
45
+ - **Billing — LLM token billing** — `GET /v1/billing/llm-token-billing`, `POST .../subscribe`, `POST .../disable` (Stripe AI Gateway add-on; optional org feature)
46
+ - **Treasury** — Safe multisig treasuries: `POST/GET /v1/treasury`, `GET/PATCH/DELETE /v1/treasury/{id}`, signers, agent access requests (`requests[]` on list)
45
47
  - **Vaults** — CRUD, CMEK enable/disable, key rotation with job tracking
46
48
  - **Secrets** — CRUD, versioning, CMEK-encrypted flag
47
49
  - **Agents** — CRUD with `auth_method` (api_key, mtls, oidc_client_credentials), auto-generated SSH keypairs, `token_ttl_seconds`, `vault_ids`, Intents API, transaction guardrails
48
50
  - **Policies** — Glob-based access control
49
51
  - **Sharing** — Links, user/agent shares, accept/decline
50
- - **Billing** — Subscriptions, credits, x402
52
+ - **Billing** — Subscriptions, credits, x402, LLM token billing (see above)
51
53
  - **Audit** — Hash-chained event log
52
54
  - **Chains** — Supported blockchain registry
53
55
  - **Auth** — JWT, API keys, agent tokens, MFA, device flow, Google OAuth
package/openapi.json CHANGED
@@ -1698,6 +1698,52 @@
1698
1698
  }
1699
1699
  }
1700
1700
  },
1701
+ "/v1/agents/{agent_id}/smart-accounts": {
1702
+ "post": {
1703
+ "tags": [
1704
+ "Agents"
1705
+ ],
1706
+ "summary": "Add a smart account (Safe) for this agent on a chain",
1707
+ "description": "Use after deploying a Safe on a new chain. Multi-chain; one Safe per chain.\nReplaces any existing entry for the same chain_id.\n",
1708
+ "operationId": "addAgentSmartAccount",
1709
+ "parameters": [
1710
+ {
1711
+ "$ref": "#/components/parameters/AgentId"
1712
+ }
1713
+ ],
1714
+ "requestBody": {
1715
+ "required": true,
1716
+ "content": {
1717
+ "application/json": {
1718
+ "schema": {
1719
+ "$ref": "#/components/schemas/AddSmartAccountRequest"
1720
+ }
1721
+ }
1722
+ }
1723
+ },
1724
+ "responses": {
1725
+ "200": {
1726
+ "description": "Agent with updated smart_accounts list",
1727
+ "content": {
1728
+ "application/json": {
1729
+ "schema": {
1730
+ "$ref": "#/components/schemas/AgentResponse"
1731
+ }
1732
+ }
1733
+ }
1734
+ },
1735
+ "400": {
1736
+ "$ref": "#/components/responses/BadRequest"
1737
+ },
1738
+ "403": {
1739
+ "$ref": "#/components/responses/Forbidden"
1740
+ },
1741
+ "404": {
1742
+ "$ref": "#/components/responses/NotFound"
1743
+ }
1744
+ }
1745
+ }
1746
+ },
1701
1747
  "/v1/agents/{agent_id}/transactions": {
1702
1748
  "post": {
1703
1749
  "tags": [
@@ -1857,6 +1903,61 @@
1857
1903
  }
1858
1904
  }
1859
1905
  },
1906
+ "/v1/agents/{agent_id}/transactions/sign": {
1907
+ "post": {
1908
+ "tags": [
1909
+ "Transactions"
1910
+ ],
1911
+ "summary": "Sign a transaction without broadcasting",
1912
+ "description": "Signs a transaction inside the server (or TEE when using Shroud) but does\n**not** broadcast it. The caller receives the raw `signed_tx` hex and\n`tx_hash` so it can submit to any RPC of its choosing.\n\nAll agent guardrails (allowlists, value caps, daily limits) are enforced\nexactly as for the submit endpoint. The signed transaction is recorded for\naudit and daily-limit tracking with `status: \"sign_only\"`.\n",
1913
+ "operationId": "signTransaction",
1914
+ "x-agentcash-auth": {
1915
+ "mode": "paid"
1916
+ },
1917
+ "x-payment-info": {
1918
+ "protocols": [
1919
+ "x402"
1920
+ ],
1921
+ "pricingMode": "quote"
1922
+ },
1923
+ "parameters": [
1924
+ {
1925
+ "$ref": "#/components/parameters/AgentId"
1926
+ }
1927
+ ],
1928
+ "requestBody": {
1929
+ "required": true,
1930
+ "content": {
1931
+ "application/json": {
1932
+ "schema": {
1933
+ "$ref": "#/components/schemas/SignTransactionRequest"
1934
+ }
1935
+ }
1936
+ }
1937
+ },
1938
+ "responses": {
1939
+ "200": {
1940
+ "description": "Transaction signed successfully (not broadcast)",
1941
+ "content": {
1942
+ "application/json": {
1943
+ "schema": {
1944
+ "$ref": "#/components/schemas/SignTransactionResponse"
1945
+ }
1946
+ }
1947
+ }
1948
+ },
1949
+ "400": {
1950
+ "$ref": "#/components/responses/BadRequest"
1951
+ },
1952
+ "402": {
1953
+ "$ref": "#/components/responses/PaymentRequired"
1954
+ },
1955
+ "403": {
1956
+ "$ref": "#/components/responses/Forbidden"
1957
+ }
1958
+ }
1959
+ }
1960
+ },
1860
1961
  "/v1/agents/{agent_id}/transactions/simulate": {
1861
1962
  "post": {
1862
1963
  "tags": [
@@ -2717,6 +2818,72 @@
2717
2818
  }
2718
2819
  }
2719
2820
  },
2821
+ "/v1/billing/llm-token-billing": {
2822
+ "get": {
2823
+ "tags": [
2824
+ "Billing"
2825
+ ],
2826
+ "summary": "Get LLM token billing status",
2827
+ "operationId": "getLlmTokenBilling",
2828
+ "description": "Returns whether LLM token billing is enabled for the caller's org.",
2829
+ "responses": {
2830
+ "200": {
2831
+ "description": "LLM token billing status",
2832
+ "content": {
2833
+ "application/json": {
2834
+ "schema": {
2835
+ "$ref": "#/components/schemas/LlmTokenBillingStatus"
2836
+ }
2837
+ }
2838
+ }
2839
+ }
2840
+ }
2841
+ }
2842
+ },
2843
+ "/v1/billing/llm-token-billing/subscribe": {
2844
+ "post": {
2845
+ "tags": [
2846
+ "Billing"
2847
+ ],
2848
+ "summary": "Subscribe to LLM token billing",
2849
+ "operationId": "subscribeLlmTokenBilling",
2850
+ "description": "Creates a Stripe Checkout session for the LLM token billing pricing plan. Returns a checkout URL to redirect the user. After the user completes checkout, a webhook activates LLM billing for the org.\n",
2851
+ "responses": {
2852
+ "200": {
2853
+ "description": "Stripe Checkout URL",
2854
+ "content": {
2855
+ "application/json": {
2856
+ "schema": {
2857
+ "$ref": "#/components/schemas/LlmCheckoutResponse"
2858
+ }
2859
+ }
2860
+ }
2861
+ }
2862
+ }
2863
+ }
2864
+ },
2865
+ "/v1/billing/llm-token-billing/disable": {
2866
+ "post": {
2867
+ "tags": [
2868
+ "Billing"
2869
+ ],
2870
+ "summary": "Disable LLM token billing",
2871
+ "operationId": "disableLlmTokenBilling",
2872
+ "description": "Disables LLM token billing for the org and cancels all active Stripe subscriptions for the LLM pricing plan. Agents will fall back to direct provider routing. You can re-enable it at any time.\n",
2873
+ "responses": {
2874
+ "200": {
2875
+ "description": "LLM billing disabled",
2876
+ "content": {
2877
+ "application/json": {
2878
+ "schema": {
2879
+ "$ref": "#/components/schemas/LlmDisableResponse"
2880
+ }
2881
+ }
2882
+ }
2883
+ }
2884
+ }
2885
+ }
2886
+ },
2720
2887
  "/v1/billing/overage-method": {
2721
2888
  "patch": {
2722
2889
  "tags": [
@@ -3042,6 +3209,88 @@
3042
3209
  "$ref": "#/components/responses/NotFound"
3043
3210
  }
3044
3211
  }
3212
+ },
3213
+ "patch": {
3214
+ "tags": [
3215
+ "Treasury"
3216
+ ],
3217
+ "summary": "Update treasury name and/or threshold",
3218
+ "operationId": "updateTreasury",
3219
+ "security": [
3220
+ {
3221
+ "BearerAuth": []
3222
+ }
3223
+ ],
3224
+ "parameters": [
3225
+ {
3226
+ "name": "treasury_id",
3227
+ "in": "path",
3228
+ "required": true,
3229
+ "schema": {
3230
+ "type": "string",
3231
+ "format": "uuid"
3232
+ }
3233
+ }
3234
+ ],
3235
+ "requestBody": {
3236
+ "required": true,
3237
+ "content": {
3238
+ "application/json": {
3239
+ "schema": {
3240
+ "$ref": "#/components/schemas/UpdateTreasuryRequest"
3241
+ }
3242
+ }
3243
+ }
3244
+ },
3245
+ "responses": {
3246
+ "200": {
3247
+ "description": "Treasury updated",
3248
+ "content": {
3249
+ "application/json": {
3250
+ "schema": {
3251
+ "$ref": "#/components/schemas/TreasuryResponse"
3252
+ }
3253
+ }
3254
+ }
3255
+ },
3256
+ "400": {
3257
+ "$ref": "#/components/responses/BadRequest"
3258
+ },
3259
+ "404": {
3260
+ "$ref": "#/components/responses/NotFound"
3261
+ }
3262
+ }
3263
+ },
3264
+ "delete": {
3265
+ "tags": [
3266
+ "Treasury"
3267
+ ],
3268
+ "summary": "Delete a treasury and its signers",
3269
+ "operationId": "deleteTreasury",
3270
+ "security": [
3271
+ {
3272
+ "BearerAuth": []
3273
+ }
3274
+ ],
3275
+ "parameters": [
3276
+ {
3277
+ "name": "treasury_id",
3278
+ "in": "path",
3279
+ "required": true,
3280
+ "schema": {
3281
+ "type": "string",
3282
+ "format": "uuid"
3283
+ }
3284
+ }
3285
+ ],
3286
+ "responses": {
3287
+ "204": {
3288
+ "description": "Treasury deleted"
3289
+ },
3290
+ "404": {
3291
+ "$ref": "#/components/responses/NotFound"
3292
+ }
3293
+ }
3045
3294
  }
3046
3295
  },
3047
3296
  "/v1/treasury/{treasury_id}/signers": {
@@ -3198,7 +3447,7 @@
3198
3447
  "schema": {
3199
3448
  "type": "object",
3200
3449
  "properties": {
3201
- "access_requests": {
3450
+ "requests": {
3202
3451
  "type": "array",
3203
3452
  "items": {
3204
3453
  "$ref": "#/components/schemas/AccessRequestResponse"
@@ -3699,10 +3948,11 @@
3699
3948
  "name": "include_signed_tx",
3700
3949
  "in": "query",
3701
3950
  "required": false,
3702
- "description": "Set to `true` or `1` to include the raw signed transaction hex in the response. Omitted by default to reduce key exfiltration risk. Only the literal values \"true\" or \"1\" enable inclusion; any other value or omission returns responses without signed_tx.\n",
3951
+ "description": "Set to `true` or `1` to include the raw signed transaction hex in the response. Omitted by default to reduce key exfiltration risk. Only the literal values \"true\" or \"1\" enable inclusion; any other value or omission returns responses without signed_tx. Applies to GET /v1/agents/{agent_id}/transactions and GET /v1/agents/{agent_id}/transactions/{tx_id}.\n",
3703
3952
  "schema": {
3704
3953
  "type": "boolean",
3705
- "default": false
3954
+ "default": false,
3955
+ "example": false
3706
3956
  }
3707
3957
  }
3708
3958
  },
@@ -3841,13 +4091,13 @@
3841
4091
  "AgentTokenRequest": {
3842
4092
  "type": "object",
3843
4093
  "required": [
3844
- "agent_id",
3845
4094
  "api_key"
3846
4095
  ],
3847
4096
  "properties": {
3848
4097
  "agent_id": {
3849
4098
  "type": "string",
3850
- "format": "uuid"
4099
+ "format": "uuid",
4100
+ "description": "Optional when using key-only auth (ocv_ keys auto-resolve agent)"
3851
4101
  },
3852
4102
  "api_key": {
3853
4103
  "type": "string"
@@ -4892,6 +5142,67 @@
4892
5142
  "last_active_at": {
4893
5143
  "type": "string",
4894
5144
  "format": "date-time"
5145
+ },
5146
+ "smart_accounts": {
5147
+ "type": "array",
5148
+ "description": "Multi-chain; one Safe per chain",
5149
+ "items": {
5150
+ "$ref": "#/components/schemas/AgentSmartAccountResponse"
5151
+ }
5152
+ }
5153
+ }
5154
+ },
5155
+ "AgentSmartAccountResponse": {
5156
+ "type": "object",
5157
+ "description": "One Safe smart account per chain for an agent",
5158
+ "properties": {
5159
+ "id": {
5160
+ "type": "string",
5161
+ "format": "uuid"
5162
+ },
5163
+ "chain": {
5164
+ "type": "string"
5165
+ },
5166
+ "chain_id": {
5167
+ "type": "integer"
5168
+ },
5169
+ "safe_address": {
5170
+ "type": "string"
5171
+ },
5172
+ "nonce": {
5173
+ "type": "string"
5174
+ },
5175
+ "init_data": {
5176
+ "type": "object"
5177
+ },
5178
+ "created_at": {
5179
+ "type": "string",
5180
+ "format": "date-time"
5181
+ }
5182
+ }
5183
+ },
5184
+ "AddSmartAccountRequest": {
5185
+ "type": "object",
5186
+ "required": [
5187
+ "chain",
5188
+ "chain_id",
5189
+ "safe_address"
5190
+ ],
5191
+ "properties": {
5192
+ "chain": {
5193
+ "type": "string"
5194
+ },
5195
+ "chain_id": {
5196
+ "type": "integer"
5197
+ },
5198
+ "safe_address": {
5199
+ "type": "string"
5200
+ },
5201
+ "nonce": {
5202
+ "type": "string"
5203
+ },
5204
+ "init_data": {
5205
+ "type": "object"
4895
5206
  }
4896
5207
  }
4897
5208
  },
@@ -5350,6 +5661,112 @@
5350
5661
  "simulate_first": {
5351
5662
  "type": "boolean",
5352
5663
  "default": false
5664
+ },
5665
+ "mode": {
5666
+ "type": "string",
5667
+ "description": "Transaction mode",
5668
+ "enum": [
5669
+ "eoa",
5670
+ "smart_account"
5671
+ ],
5672
+ "default": "eoa"
5673
+ }
5674
+ }
5675
+ },
5676
+ "SignTransactionRequest": {
5677
+ "type": "object",
5678
+ "required": [
5679
+ "to",
5680
+ "value",
5681
+ "chain"
5682
+ ],
5683
+ "properties": {
5684
+ "to": {
5685
+ "type": "string",
5686
+ "description": "Destination address (0x-prefixed)"
5687
+ },
5688
+ "value": {
5689
+ "type": "string",
5690
+ "description": "Value in ETH"
5691
+ },
5692
+ "chain": {
5693
+ "type": "string",
5694
+ "description": "Chain name or numeric ID"
5695
+ },
5696
+ "data": {
5697
+ "type": "string",
5698
+ "description": "Hex-encoded calldata"
5699
+ },
5700
+ "signing_key_path": {
5701
+ "type": "string"
5702
+ },
5703
+ "nonce": {
5704
+ "type": "integer"
5705
+ },
5706
+ "gas_price": {
5707
+ "type": "string"
5708
+ },
5709
+ "gas_limit": {
5710
+ "type": "integer"
5711
+ },
5712
+ "max_fee_per_gas": {
5713
+ "type": "string"
5714
+ },
5715
+ "max_priority_fee_per_gas": {
5716
+ "type": "string"
5717
+ },
5718
+ "simulate_first": {
5719
+ "type": "boolean",
5720
+ "default": false
5721
+ }
5722
+ }
5723
+ },
5724
+ "SignTransactionResponse": {
5725
+ "type": "object",
5726
+ "properties": {
5727
+ "signed_tx": {
5728
+ "type": "string",
5729
+ "description": "Raw signed transaction hex (always included)"
5730
+ },
5731
+ "tx_hash": {
5732
+ "type": "string"
5733
+ },
5734
+ "from": {
5735
+ "type": "string",
5736
+ "description": "Derived sender address"
5737
+ },
5738
+ "to": {
5739
+ "type": "string"
5740
+ },
5741
+ "chain": {
5742
+ "type": "string"
5743
+ },
5744
+ "chain_id": {
5745
+ "type": "integer"
5746
+ },
5747
+ "nonce": {
5748
+ "type": "integer"
5749
+ },
5750
+ "value_wei": {
5751
+ "type": "string"
5752
+ },
5753
+ "status": {
5754
+ "type": "string",
5755
+ "enum": [
5756
+ "sign_only"
5757
+ ]
5758
+ },
5759
+ "simulation_id": {
5760
+ "type": "string"
5761
+ },
5762
+ "simulation_status": {
5763
+ "type": "string"
5764
+ },
5765
+ "max_fee_per_gas": {
5766
+ "type": "string"
5767
+ },
5768
+ "max_priority_fee_per_gas": {
5769
+ "type": "string"
5353
5770
  }
5354
5771
  }
5355
5772
  },
@@ -5423,6 +5840,7 @@
5423
5840
  "enum": [
5424
5841
  "pending",
5425
5842
  "signed",
5843
+ "sign_only",
5426
5844
  "broadcast",
5427
5845
  "failed",
5428
5846
  "simulation_failed"
@@ -5431,7 +5849,7 @@
5431
5849
  "signed_tx": {
5432
5850
  "type": "string",
5433
5851
  "nullable": true,
5434
- "description": "Raw signed transaction hex. Omitted (null) by default to reduce exfiltration risk. Pass `include_signed_tx=true` query param on GET endpoints to include it. Always returned on the initial POST submission response.\n"
5852
+ "description": "Raw signed transaction hex. On GET list and GET by id, this property is omitted by default (absent from the response). Pass `include_signed_tx=true` on those endpoints to include it. Always present on the initial POST submit response.\n"
5435
5853
  },
5436
5854
  "tx_hash": {
5437
5855
  "type": "string"
@@ -6121,6 +6539,38 @@
6121
6539
  }
6122
6540
  }
6123
6541
  },
6542
+ "LlmTokenBillingStatus": {
6543
+ "type": "object",
6544
+ "properties": {
6545
+ "enabled": {
6546
+ "type": "boolean"
6547
+ },
6548
+ "subscription_status": {
6549
+ "type": "string",
6550
+ "enum": [
6551
+ "active",
6552
+ "inactive"
6553
+ ]
6554
+ }
6555
+ }
6556
+ },
6557
+ "LlmCheckoutResponse": {
6558
+ "type": "object",
6559
+ "properties": {
6560
+ "checkout_url": {
6561
+ "type": "string",
6562
+ "format": "uri"
6563
+ }
6564
+ }
6565
+ },
6566
+ "LlmDisableResponse": {
6567
+ "type": "object",
6568
+ "properties": {
6569
+ "enabled": {
6570
+ "type": "boolean"
6571
+ }
6572
+ }
6573
+ },
6124
6574
  "CreditBalanceResponse": {
6125
6575
  "type": "object",
6126
6576
  "properties": {
@@ -6480,38 +6930,79 @@
6480
6930
  "type": "object",
6481
6931
  "required": [
6482
6932
  "name",
6483
- "chain",
6484
- "chain_id",
6485
- "threshold"
6933
+ "safe_address"
6486
6934
  ],
6487
6935
  "properties": {
6488
6936
  "name": {
6489
- "type": "string"
6937
+ "type": "string",
6938
+ "description": "Display name (1–128 characters)"
6939
+ },
6940
+ "safe_address": {
6941
+ "type": "string",
6942
+ "description": "Deployed Safe contract address (0x-prefixed, 42 characters)"
6490
6943
  },
6491
6944
  "chain": {
6492
- "type": "string"
6945
+ "type": "string",
6946
+ "description": "Chain name (default base)"
6493
6947
  },
6494
6948
  "chain_id": {
6495
- "type": "integer"
6949
+ "type": "integer",
6950
+ "description": "EVM chain ID (default 8453 for Base)"
6496
6951
  },
6497
6952
  "threshold": {
6498
6953
  "type": "integer",
6499
- "minimum": 1
6954
+ "minimum": 1,
6955
+ "description": "Safe threshold (default 1)"
6500
6956
  },
6501
- "safe_address": {
6502
- "type": "string",
6503
- "description": "Pre-deployed Safe address (optional)"
6957
+ "signers": {
6958
+ "type": "array",
6959
+ "items": {
6960
+ "$ref": "#/components/schemas/CreateTreasurySignerEntry"
6961
+ }
6504
6962
  }
6505
6963
  }
6506
6964
  },
6507
- "TreasuryResponse": {
6965
+ "CreateTreasurySignerEntry": {
6508
6966
  "type": "object",
6967
+ "required": [
6968
+ "signer_type",
6969
+ "signer_id",
6970
+ "signer_address"
6971
+ ],
6509
6972
  "properties": {
6510
- "id": {
6973
+ "signer_type": {
6974
+ "type": "string",
6975
+ "enum": [
6976
+ "user",
6977
+ "agent"
6978
+ ]
6979
+ },
6980
+ "signer_id": {
6511
6981
  "type": "string",
6512
6982
  "format": "uuid"
6513
6983
  },
6514
- "org_id": {
6984
+ "signer_address": {
6985
+ "type": "string",
6986
+ "description": "EVM address (0x-prefixed)"
6987
+ }
6988
+ }
6989
+ },
6990
+ "UpdateTreasuryRequest": {
6991
+ "type": "object",
6992
+ "properties": {
6993
+ "name": {
6994
+ "type": "string"
6995
+ },
6996
+ "threshold": {
6997
+ "type": "integer",
6998
+ "minimum": 1
6999
+ }
7000
+ }
7001
+ },
7002
+ "TreasuryResponse": {
7003
+ "type": "object",
7004
+ "properties": {
7005
+ "id": {
6515
7006
  "type": "string",
6516
7007
  "format": "uuid"
6517
7008
  },
@@ -6530,6 +7021,10 @@
6530
7021
  "threshold": {
6531
7022
  "type": "integer"
6532
7023
  },
7024
+ "created_by": {
7025
+ "type": "string",
7026
+ "format": "uuid"
7027
+ },
6533
7028
  "signers": {
6534
7029
  "type": "array",
6535
7030
  "items": {
@@ -6560,10 +7055,10 @@
6560
7055
  "type": "string",
6561
7056
  "format": "uuid"
6562
7057
  },
6563
- "evm_address": {
7058
+ "signer_address": {
6564
7059
  "type": "string"
6565
7060
  },
6566
- "created_at": {
7061
+ "added_at": {
6567
7062
  "type": "string",
6568
7063
  "format": "date-time"
6569
7064
  }
@@ -6573,7 +7068,8 @@
6573
7068
  "type": "object",
6574
7069
  "required": [
6575
7070
  "signer_type",
6576
- "signer_id"
7071
+ "signer_id",
7072
+ "signer_address"
6577
7073
  ],
6578
7074
  "properties": {
6579
7075
  "signer_type": {
@@ -6586,6 +7082,9 @@
6586
7082
  "signer_id": {
6587
7083
  "type": "string",
6588
7084
  "format": "uuid"
7085
+ },
7086
+ "signer_address": {
7087
+ "type": "string"
6589
7088
  }
6590
7089
  }
6591
7090
  },
@@ -6612,10 +7111,18 @@
6612
7111
  "denied"
6613
7112
  ]
6614
7113
  },
6615
- "evm_address": {
7114
+ "reason": {
6616
7115
  "type": "string"
6617
7116
  },
6618
- "created_at": {
7117
+ "requested_at": {
7118
+ "type": "string",
7119
+ "format": "date-time"
7120
+ },
7121
+ "resolved_by": {
7122
+ "type": "string",
7123
+ "format": "uuid"
7124
+ },
7125
+ "resolved_at": {
6619
7126
  "type": "string",
6620
7127
  "format": "date-time"
6621
7128
  }
package/openapi.yaml CHANGED
@@ -1083,6 +1083,36 @@ paths:
1083
1083
  "404":
1084
1084
  $ref: "#/components/responses/NotFound"
1085
1085
 
1086
+ /v1/agents/{agent_id}/smart-accounts:
1087
+ post:
1088
+ tags: [Agents]
1089
+ summary: Add a smart account (Safe) for this agent on a chain
1090
+ description: |
1091
+ Use after deploying a Safe on a new chain. Multi-chain; one Safe per chain.
1092
+ Replaces any existing entry for the same chain_id.
1093
+ operationId: addAgentSmartAccount
1094
+ parameters:
1095
+ - $ref: "#/components/parameters/AgentId"
1096
+ requestBody:
1097
+ required: true
1098
+ content:
1099
+ application/json:
1100
+ schema:
1101
+ $ref: "#/components/schemas/AddSmartAccountRequest"
1102
+ responses:
1103
+ "200":
1104
+ description: Agent with updated smart_accounts list
1105
+ content:
1106
+ application/json:
1107
+ schema:
1108
+ $ref: "#/components/schemas/AgentResponse"
1109
+ "400":
1110
+ $ref: "#/components/responses/BadRequest"
1111
+ "403":
1112
+ $ref: "#/components/responses/Forbidden"
1113
+ "404":
1114
+ $ref: "#/components/responses/NotFound"
1115
+
1086
1116
  # ---------------------------------------------------------------------------
1087
1117
  # Transactions (Intents API)
1088
1118
  # ---------------------------------------------------------------------------
@@ -1183,6 +1213,46 @@ paths:
1183
1213
  "404":
1184
1214
  $ref: "#/components/responses/NotFound"
1185
1215
 
1216
+ /v1/agents/{agent_id}/transactions/sign:
1217
+ post:
1218
+ tags: [Transactions]
1219
+ summary: Sign a transaction without broadcasting
1220
+ description: |
1221
+ Signs a transaction inside the server (or TEE when using Shroud) but does
1222
+ **not** broadcast it. The caller receives the raw `signed_tx` hex and
1223
+ `tx_hash` so it can submit to any RPC of its choosing.
1224
+
1225
+ All agent guardrails (allowlists, value caps, daily limits) are enforced
1226
+ exactly as for the submit endpoint. The signed transaction is recorded for
1227
+ audit and daily-limit tracking with `status: "sign_only"`.
1228
+ operationId: signTransaction
1229
+ x-agentcash-auth:
1230
+ mode: paid
1231
+ x-payment-info:
1232
+ protocols: [x402]
1233
+ pricingMode: quote
1234
+ parameters:
1235
+ - $ref: "#/components/parameters/AgentId"
1236
+ requestBody:
1237
+ required: true
1238
+ content:
1239
+ application/json:
1240
+ schema:
1241
+ $ref: "#/components/schemas/SignTransactionRequest"
1242
+ responses:
1243
+ "200":
1244
+ description: Transaction signed successfully (not broadcast)
1245
+ content:
1246
+ application/json:
1247
+ schema:
1248
+ $ref: "#/components/schemas/SignTransactionResponse"
1249
+ "400":
1250
+ $ref: "#/components/responses/BadRequest"
1251
+ "403":
1252
+ $ref: "#/components/responses/Forbidden"
1253
+ "402":
1254
+ $ref: "#/components/responses/PaymentRequired"
1255
+
1186
1256
  /v1/agents/{agent_id}/transactions/simulate:
1187
1257
  post:
1188
1258
  tags: [Transactions]
@@ -1730,6 +1800,58 @@ paths:
1730
1800
  schema:
1731
1801
  $ref: "#/components/schemas/CreditTransactionsListResponse"
1732
1802
 
1803
+ # ---------------------------------------------------------------------------
1804
+ # LLM Token Billing
1805
+ # ---------------------------------------------------------------------------
1806
+
1807
+ /v1/billing/llm-token-billing:
1808
+ get:
1809
+ tags: [Billing]
1810
+ summary: Get LLM token billing status
1811
+ operationId: getLlmTokenBilling
1812
+ description: Returns whether LLM token billing is enabled for the caller's org.
1813
+ responses:
1814
+ "200":
1815
+ description: LLM token billing status
1816
+ content:
1817
+ application/json:
1818
+ schema:
1819
+ $ref: "#/components/schemas/LlmTokenBillingStatus"
1820
+
1821
+ /v1/billing/llm-token-billing/subscribe:
1822
+ post:
1823
+ tags: [Billing]
1824
+ summary: Subscribe to LLM token billing
1825
+ operationId: subscribeLlmTokenBilling
1826
+ description: >
1827
+ Creates a Stripe Checkout session for the LLM token billing pricing plan.
1828
+ Returns a checkout URL to redirect the user. After the user completes checkout,
1829
+ a webhook activates LLM billing for the org.
1830
+ responses:
1831
+ "200":
1832
+ description: Stripe Checkout URL
1833
+ content:
1834
+ application/json:
1835
+ schema:
1836
+ $ref: "#/components/schemas/LlmCheckoutResponse"
1837
+
1838
+ /v1/billing/llm-token-billing/disable:
1839
+ post:
1840
+ tags: [Billing]
1841
+ summary: Disable LLM token billing
1842
+ operationId: disableLlmTokenBilling
1843
+ description: >
1844
+ Disables LLM token billing for the org and cancels all active
1845
+ Stripe subscriptions for the LLM pricing plan. Agents will fall
1846
+ back to direct provider routing. You can re-enable it at any time.
1847
+ responses:
1848
+ "200":
1849
+ description: LLM billing disabled
1850
+ content:
1851
+ application/json:
1852
+ schema:
1853
+ $ref: "#/components/schemas/LlmDisableResponse"
1854
+
1733
1855
  /v1/billing/overage-method:
1734
1856
  patch:
1735
1857
  tags: [Billing]
@@ -1939,6 +2061,54 @@ paths:
1939
2061
  $ref: "#/components/schemas/TreasuryResponse"
1940
2062
  "404":
1941
2063
  $ref: "#/components/responses/NotFound"
2064
+ patch:
2065
+ tags: [Treasury]
2066
+ summary: Update treasury name and/or threshold
2067
+ operationId: updateTreasury
2068
+ security:
2069
+ - BearerAuth: []
2070
+ parameters:
2071
+ - name: treasury_id
2072
+ in: path
2073
+ required: true
2074
+ schema:
2075
+ type: string
2076
+ format: uuid
2077
+ requestBody:
2078
+ required: true
2079
+ content:
2080
+ application/json:
2081
+ schema:
2082
+ $ref: "#/components/schemas/UpdateTreasuryRequest"
2083
+ responses:
2084
+ "200":
2085
+ description: Treasury updated
2086
+ content:
2087
+ application/json:
2088
+ schema:
2089
+ $ref: "#/components/schemas/TreasuryResponse"
2090
+ "400":
2091
+ $ref: "#/components/responses/BadRequest"
2092
+ "404":
2093
+ $ref: "#/components/responses/NotFound"
2094
+ delete:
2095
+ tags: [Treasury]
2096
+ summary: Delete a treasury and its signers
2097
+ operationId: deleteTreasury
2098
+ security:
2099
+ - BearerAuth: []
2100
+ parameters:
2101
+ - name: treasury_id
2102
+ in: path
2103
+ required: true
2104
+ schema:
2105
+ type: string
2106
+ format: uuid
2107
+ responses:
2108
+ "204":
2109
+ description: Treasury deleted
2110
+ "404":
2111
+ $ref: "#/components/responses/NotFound"
1942
2112
 
1943
2113
  /v1/treasury/{treasury_id}/signers:
1944
2114
  post:
@@ -2036,7 +2206,7 @@ paths:
2036
2206
  schema:
2037
2207
  type: object
2038
2208
  properties:
2039
- access_requests:
2209
+ requests:
2040
2210
  type: array
2041
2211
  items:
2042
2212
  $ref: "#/components/schemas/AccessRequestResponse"
@@ -2369,9 +2539,11 @@ components:
2369
2539
  description: >
2370
2540
  Set to `true` or `1` to include the raw signed transaction hex in the response.
2371
2541
  Omitted by default to reduce key exfiltration risk. Only the literal values "true" or "1" enable inclusion; any other value or omission returns responses without signed_tx.
2542
+ Applies to GET /v1/agents/{agent_id}/transactions and GET /v1/agents/{agent_id}/transactions/{tx_id}.
2372
2543
  schema:
2373
2544
  type: boolean
2374
2545
  default: false
2546
+ example: false
2375
2547
 
2376
2548
  responses:
2377
2549
  BadRequest:
@@ -2463,11 +2635,12 @@ components:
2463
2635
 
2464
2636
  AgentTokenRequest:
2465
2637
  type: object
2466
- required: [agent_id, api_key]
2638
+ required: [api_key]
2467
2639
  properties:
2468
2640
  agent_id:
2469
2641
  type: string
2470
2642
  format: uuid
2643
+ description: Optional when using key-only auth (ocv_ keys auto-resolve agent)
2471
2644
  api_key:
2472
2645
  type: string
2473
2646
 
@@ -3200,6 +3373,47 @@ components:
3200
3373
  last_active_at:
3201
3374
  type: string
3202
3375
  format: date-time
3376
+ smart_accounts:
3377
+ type: array
3378
+ description: Multi-chain; one Safe per chain
3379
+ items:
3380
+ $ref: "#/components/schemas/AgentSmartAccountResponse"
3381
+
3382
+ AgentSmartAccountResponse:
3383
+ type: object
3384
+ description: One Safe smart account per chain for an agent
3385
+ properties:
3386
+ id:
3387
+ type: string
3388
+ format: uuid
3389
+ chain:
3390
+ type: string
3391
+ chain_id:
3392
+ type: integer
3393
+ safe_address:
3394
+ type: string
3395
+ nonce:
3396
+ type: string
3397
+ init_data:
3398
+ type: object
3399
+ created_at:
3400
+ type: string
3401
+ format: date-time
3402
+
3403
+ AddSmartAccountRequest:
3404
+ type: object
3405
+ required: [chain, chain_id, safe_address]
3406
+ properties:
3407
+ chain:
3408
+ type: string
3409
+ chain_id:
3410
+ type: integer
3411
+ safe_address:
3412
+ type: string
3413
+ nonce:
3414
+ type: string
3415
+ init_data:
3416
+ type: object
3203
3417
 
3204
3418
  AgentSelfResponse:
3205
3419
  type: object
@@ -3515,6 +3729,76 @@ components:
3515
3729
  simulate_first:
3516
3730
  type: boolean
3517
3731
  default: false
3732
+ mode:
3733
+ type: string
3734
+ description: Transaction mode
3735
+ enum: [eoa, smart_account]
3736
+ default: eoa
3737
+
3738
+ SignTransactionRequest:
3739
+ type: object
3740
+ required: [to, value, chain]
3741
+ properties:
3742
+ to:
3743
+ type: string
3744
+ description: Destination address (0x-prefixed)
3745
+ value:
3746
+ type: string
3747
+ description: Value in ETH
3748
+ chain:
3749
+ type: string
3750
+ description: Chain name or numeric ID
3751
+ data:
3752
+ type: string
3753
+ description: Hex-encoded calldata
3754
+ signing_key_path:
3755
+ type: string
3756
+ nonce:
3757
+ type: integer
3758
+ gas_price:
3759
+ type: string
3760
+ gas_limit:
3761
+ type: integer
3762
+ max_fee_per_gas:
3763
+ type: string
3764
+ max_priority_fee_per_gas:
3765
+ type: string
3766
+ simulate_first:
3767
+ type: boolean
3768
+ default: false
3769
+
3770
+ SignTransactionResponse:
3771
+ type: object
3772
+ properties:
3773
+ signed_tx:
3774
+ type: string
3775
+ description: Raw signed transaction hex (always included)
3776
+ tx_hash:
3777
+ type: string
3778
+ from:
3779
+ type: string
3780
+ description: Derived sender address
3781
+ to:
3782
+ type: string
3783
+ chain:
3784
+ type: string
3785
+ chain_id:
3786
+ type: integer
3787
+ nonce:
3788
+ type: integer
3789
+ value_wei:
3790
+ type: string
3791
+ status:
3792
+ type: string
3793
+ enum: [sign_only]
3794
+ simulation_id:
3795
+ type: string
3796
+ simulation_status:
3797
+ type: string
3798
+ max_fee_per_gas:
3799
+ type: string
3800
+ max_priority_fee_per_gas:
3801
+ type: string
3518
3802
 
3519
3803
  SimulateTransactionRequest:
3520
3804
  type: object
@@ -3562,14 +3846,12 @@ components:
3562
3846
  status:
3563
3847
  type: string
3564
3848
  enum:
3565
- [pending, signed, broadcast, failed, simulation_failed]
3849
+ [pending, signed, sign_only, broadcast, failed, simulation_failed]
3566
3850
  signed_tx:
3567
3851
  type: string
3568
3852
  nullable: true
3569
3853
  description: >
3570
- Raw signed transaction hex. Omitted (null) by default to reduce exfiltration risk.
3571
- Pass `include_signed_tx=true` query param on GET endpoints to include it.
3572
- Always returned on the initial POST submission response.
3854
+ Raw signed transaction hex. On GET list and GET by id, this property is omitted by default (absent from the response). Pass `include_signed_tx=true` on those endpoints to include it. Always present on the initial POST submit response.
3573
3855
  tx_hash:
3574
3856
  type: string
3575
3857
  error_message:
@@ -4043,6 +4325,28 @@ components:
4043
4325
  limit:
4044
4326
  type: integer
4045
4327
 
4328
+ LlmTokenBillingStatus:
4329
+ type: object
4330
+ properties:
4331
+ enabled:
4332
+ type: boolean
4333
+ subscription_status:
4334
+ type: string
4335
+ enum: [active, inactive]
4336
+
4337
+ LlmCheckoutResponse:
4338
+ type: object
4339
+ properties:
4340
+ checkout_url:
4341
+ type: string
4342
+ format: uri
4343
+
4344
+ LlmDisableResponse:
4345
+ type: object
4346
+ properties:
4347
+ enabled:
4348
+ type: boolean
4349
+
4046
4350
  CreditBalanceResponse:
4047
4351
  type: object
4048
4352
  properties:
@@ -4297,20 +4601,51 @@ components:
4297
4601
 
4298
4602
  CreateTreasuryRequest:
4299
4603
  type: object
4300
- required: [name, chain, chain_id, threshold]
4604
+ required: [name, safe_address]
4301
4605
  properties:
4302
4606
  name:
4303
4607
  type: string
4608
+ description: Display name (1–128 characters)
4609
+ safe_address:
4610
+ type: string
4611
+ description: Deployed Safe contract address (0x-prefixed, 42 characters)
4304
4612
  chain:
4305
4613
  type: string
4614
+ description: Chain name (default base)
4306
4615
  chain_id:
4307
4616
  type: integer
4617
+ description: EVM chain ID (default 8453 for Base)
4308
4618
  threshold:
4309
4619
  type: integer
4310
4620
  minimum: 1
4311
- safe_address:
4621
+ description: Safe threshold (default 1)
4622
+ signers:
4623
+ type: array
4624
+ items:
4625
+ $ref: "#/components/schemas/CreateTreasurySignerEntry"
4626
+
4627
+ CreateTreasurySignerEntry:
4628
+ type: object
4629
+ required: [signer_type, signer_id, signer_address]
4630
+ properties:
4631
+ signer_type:
4312
4632
  type: string
4313
- description: Pre-deployed Safe address (optional)
4633
+ enum: [user, agent]
4634
+ signer_id:
4635
+ type: string
4636
+ format: uuid
4637
+ signer_address:
4638
+ type: string
4639
+ description: EVM address (0x-prefixed)
4640
+
4641
+ UpdateTreasuryRequest:
4642
+ type: object
4643
+ properties:
4644
+ name:
4645
+ type: string
4646
+ threshold:
4647
+ type: integer
4648
+ minimum: 1
4314
4649
 
4315
4650
  TreasuryResponse:
4316
4651
  type: object
@@ -4318,9 +4653,6 @@ components:
4318
4653
  id:
4319
4654
  type: string
4320
4655
  format: uuid
4321
- org_id:
4322
- type: string
4323
- format: uuid
4324
4656
  name:
4325
4657
  type: string
4326
4658
  safe_address:
@@ -4331,6 +4663,9 @@ components:
4331
4663
  type: integer
4332
4664
  threshold:
4333
4665
  type: integer
4666
+ created_by:
4667
+ type: string
4668
+ format: uuid
4334
4669
  signers:
4335
4670
  type: array
4336
4671
  items:
@@ -4351,15 +4686,15 @@ components:
4351
4686
  signer_id:
4352
4687
  type: string
4353
4688
  format: uuid
4354
- evm_address:
4689
+ signer_address:
4355
4690
  type: string
4356
- created_at:
4691
+ added_at:
4357
4692
  type: string
4358
4693
  format: date-time
4359
4694
 
4360
4695
  AddSignerRequest:
4361
4696
  type: object
4362
- required: [signer_type, signer_id]
4697
+ required: [signer_type, signer_id, signer_address]
4363
4698
  properties:
4364
4699
  signer_type:
4365
4700
  type: string
@@ -4367,6 +4702,8 @@ components:
4367
4702
  signer_id:
4368
4703
  type: string
4369
4704
  format: uuid
4705
+ signer_address:
4706
+ type: string
4370
4707
 
4371
4708
  AccessRequestResponse:
4372
4709
  type: object
@@ -4383,9 +4720,15 @@ components:
4383
4720
  status:
4384
4721
  type: string
4385
4722
  enum: [pending, approved, denied]
4386
- evm_address:
4723
+ reason:
4387
4724
  type: string
4388
- created_at:
4725
+ requested_at:
4726
+ type: string
4727
+ format: date-time
4728
+ resolved_by:
4729
+ type: string
4730
+ format: uuid
4731
+ resolved_at:
4389
4732
  type: string
4390
4733
  format: date-time
4391
4734
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@1claw/openapi-spec",
3
- "version": "0.15.1",
3
+ "version": "0.15.3",
4
4
  "description": "OpenAPI 3.1.0 specification for the 1Claw Vault API — generate clients in any language",
5
5
  "license": "MIT",
6
6
  "repository": {