@1claw/openapi-spec 0.15.2 → 0.15.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +2 -1
  2. package/openapi.json +266 -5
  3. package/openapi.yaml +190 -5
  4. package/package.json +1 -1
package/README.md CHANGED
@@ -42,13 +42,14 @@ import spec from "@1claw/openapi-spec/openapi.json";
42
42
 
43
43
  ## What's in the spec (v0.15.x)
44
44
 
45
+ - **Billing — LLM token billing** — `GET /v1/billing/llm-token-billing`, `POST .../subscribe`, `POST .../disable` (Stripe AI Gateway add-on; optional org feature)
45
46
  - **Treasury** — Safe multisig treasuries: `POST/GET /v1/treasury`, `GET/PATCH/DELETE /v1/treasury/{id}`, signers, agent access requests (`requests[]` on list)
46
47
  - **Vaults** — CRUD, CMEK enable/disable, key rotation with job tracking
47
48
  - **Secrets** — CRUD, versioning, CMEK-encrypted flag
48
49
  - **Agents** — CRUD with `auth_method` (api_key, mtls, oidc_client_credentials), auto-generated SSH keypairs, `token_ttl_seconds`, `vault_ids`, Intents API, transaction guardrails
49
50
  - **Policies** — Glob-based access control
50
51
  - **Sharing** — Links, user/agent shares, accept/decline
51
- - **Billing** — Subscriptions, credits, x402
52
+ - **Billing** — Subscriptions, credits, x402, LLM token billing (see above)
52
53
  - **Audit** — Hash-chained event log
53
54
  - **Chains** — Supported blockchain registry
54
55
  - **Auth** — JWT, API keys, agent tokens, MFA, device flow, Google OAuth
package/openapi.json CHANGED
@@ -1903,6 +1903,61 @@
1903
1903
  }
1904
1904
  }
1905
1905
  },
1906
+ "/v1/agents/{agent_id}/transactions/sign": {
1907
+ "post": {
1908
+ "tags": [
1909
+ "Transactions"
1910
+ ],
1911
+ "summary": "Sign a transaction without broadcasting",
1912
+ "description": "Signs a transaction inside the server (or TEE when using Shroud) but does\n**not** broadcast it. The caller receives the raw `signed_tx` hex and\n`tx_hash` so it can submit to any RPC of its choosing.\n\nAll agent guardrails (allowlists, value caps, daily limits) are enforced\nexactly as for the submit endpoint. The signed transaction is recorded for\naudit and daily-limit tracking with `status: \"sign_only\"`.\n",
1913
+ "operationId": "signTransaction",
1914
+ "x-agentcash-auth": {
1915
+ "mode": "paid"
1916
+ },
1917
+ "x-payment-info": {
1918
+ "protocols": [
1919
+ "x402"
1920
+ ],
1921
+ "pricingMode": "quote"
1922
+ },
1923
+ "parameters": [
1924
+ {
1925
+ "$ref": "#/components/parameters/AgentId"
1926
+ }
1927
+ ],
1928
+ "requestBody": {
1929
+ "required": true,
1930
+ "content": {
1931
+ "application/json": {
1932
+ "schema": {
1933
+ "$ref": "#/components/schemas/SignTransactionRequest"
1934
+ }
1935
+ }
1936
+ }
1937
+ },
1938
+ "responses": {
1939
+ "200": {
1940
+ "description": "Transaction signed successfully (not broadcast)",
1941
+ "content": {
1942
+ "application/json": {
1943
+ "schema": {
1944
+ "$ref": "#/components/schemas/SignTransactionResponse"
1945
+ }
1946
+ }
1947
+ }
1948
+ },
1949
+ "400": {
1950
+ "$ref": "#/components/responses/BadRequest"
1951
+ },
1952
+ "402": {
1953
+ "$ref": "#/components/responses/PaymentRequired"
1954
+ },
1955
+ "403": {
1956
+ "$ref": "#/components/responses/Forbidden"
1957
+ }
1958
+ }
1959
+ }
1960
+ },
1906
1961
  "/v1/agents/{agent_id}/transactions/simulate": {
1907
1962
  "post": {
1908
1963
  "tags": [
@@ -2763,6 +2818,72 @@
2763
2818
  }
2764
2819
  }
2765
2820
  },
2821
+ "/v1/billing/llm-token-billing": {
2822
+ "get": {
2823
+ "tags": [
2824
+ "Billing"
2825
+ ],
2826
+ "summary": "Get LLM token billing status",
2827
+ "operationId": "getLlmTokenBilling",
2828
+ "description": "Returns whether LLM token billing is enabled for the caller's org.",
2829
+ "responses": {
2830
+ "200": {
2831
+ "description": "LLM token billing status",
2832
+ "content": {
2833
+ "application/json": {
2834
+ "schema": {
2835
+ "$ref": "#/components/schemas/LlmTokenBillingStatus"
2836
+ }
2837
+ }
2838
+ }
2839
+ }
2840
+ }
2841
+ }
2842
+ },
2843
+ "/v1/billing/llm-token-billing/subscribe": {
2844
+ "post": {
2845
+ "tags": [
2846
+ "Billing"
2847
+ ],
2848
+ "summary": "Subscribe to LLM token billing",
2849
+ "operationId": "subscribeLlmTokenBilling",
2850
+ "description": "Creates a Stripe Checkout session for the LLM token billing pricing plan. Returns a checkout URL to redirect the user. After the user completes checkout, a webhook activates LLM billing for the org.\n",
2851
+ "responses": {
2852
+ "200": {
2853
+ "description": "Stripe Checkout URL",
2854
+ "content": {
2855
+ "application/json": {
2856
+ "schema": {
2857
+ "$ref": "#/components/schemas/LlmCheckoutResponse"
2858
+ }
2859
+ }
2860
+ }
2861
+ }
2862
+ }
2863
+ }
2864
+ },
2865
+ "/v1/billing/llm-token-billing/disable": {
2866
+ "post": {
2867
+ "tags": [
2868
+ "Billing"
2869
+ ],
2870
+ "summary": "Disable LLM token billing",
2871
+ "operationId": "disableLlmTokenBilling",
2872
+ "description": "Disables LLM token billing for the org and cancels all active Stripe subscriptions for the LLM pricing plan. Agents will fall back to direct provider routing. You can re-enable it at any time.\n",
2873
+ "responses": {
2874
+ "200": {
2875
+ "description": "LLM billing disabled",
2876
+ "content": {
2877
+ "application/json": {
2878
+ "schema": {
2879
+ "$ref": "#/components/schemas/LlmDisableResponse"
2880
+ }
2881
+ }
2882
+ }
2883
+ }
2884
+ }
2885
+ }
2886
+ },
2766
2887
  "/v1/billing/overage-method": {
2767
2888
  "patch": {
2768
2889
  "tags": [
@@ -3827,10 +3948,11 @@
3827
3948
  "name": "include_signed_tx",
3828
3949
  "in": "query",
3829
3950
  "required": false,
3830
- "description": "Set to `true` or `1` to include the raw signed transaction hex in the response. Omitted by default to reduce key exfiltration risk. Only the literal values \"true\" or \"1\" enable inclusion; any other value or omission returns responses without signed_tx.\n",
3951
+ "description": "Set to `true` or `1` to include the raw signed transaction hex in the response. Omitted by default to reduce key exfiltration risk. Only the literal values \"true\" or \"1\" enable inclusion; any other value or omission returns responses without signed_tx. Applies to GET /v1/agents/{agent_id}/transactions and GET /v1/agents/{agent_id}/transactions/{tx_id}.\n",
3831
3952
  "schema": {
3832
3953
  "type": "boolean",
3833
- "default": false
3954
+ "default": false,
3955
+ "example": false
3834
3956
  }
3835
3957
  }
3836
3958
  },
@@ -3969,13 +4091,13 @@
3969
4091
  "AgentTokenRequest": {
3970
4092
  "type": "object",
3971
4093
  "required": [
3972
- "agent_id",
3973
4094
  "api_key"
3974
4095
  ],
3975
4096
  "properties": {
3976
4097
  "agent_id": {
3977
4098
  "type": "string",
3978
- "format": "uuid"
4099
+ "format": "uuid",
4100
+ "description": "Optional when using key-only auth (ocv_ keys auto-resolve agent)"
3979
4101
  },
3980
4102
  "api_key": {
3981
4103
  "type": "string"
@@ -5539,6 +5661,112 @@
5539
5661
  "simulate_first": {
5540
5662
  "type": "boolean",
5541
5663
  "default": false
5664
+ },
5665
+ "mode": {
5666
+ "type": "string",
5667
+ "description": "Transaction mode",
5668
+ "enum": [
5669
+ "eoa",
5670
+ "smart_account"
5671
+ ],
5672
+ "default": "eoa"
5673
+ }
5674
+ }
5675
+ },
5676
+ "SignTransactionRequest": {
5677
+ "type": "object",
5678
+ "required": [
5679
+ "to",
5680
+ "value",
5681
+ "chain"
5682
+ ],
5683
+ "properties": {
5684
+ "to": {
5685
+ "type": "string",
5686
+ "description": "Destination address (0x-prefixed)"
5687
+ },
5688
+ "value": {
5689
+ "type": "string",
5690
+ "description": "Value in ETH"
5691
+ },
5692
+ "chain": {
5693
+ "type": "string",
5694
+ "description": "Chain name or numeric ID"
5695
+ },
5696
+ "data": {
5697
+ "type": "string",
5698
+ "description": "Hex-encoded calldata"
5699
+ },
5700
+ "signing_key_path": {
5701
+ "type": "string"
5702
+ },
5703
+ "nonce": {
5704
+ "type": "integer"
5705
+ },
5706
+ "gas_price": {
5707
+ "type": "string"
5708
+ },
5709
+ "gas_limit": {
5710
+ "type": "integer"
5711
+ },
5712
+ "max_fee_per_gas": {
5713
+ "type": "string"
5714
+ },
5715
+ "max_priority_fee_per_gas": {
5716
+ "type": "string"
5717
+ },
5718
+ "simulate_first": {
5719
+ "type": "boolean",
5720
+ "default": false
5721
+ }
5722
+ }
5723
+ },
5724
+ "SignTransactionResponse": {
5725
+ "type": "object",
5726
+ "properties": {
5727
+ "signed_tx": {
5728
+ "type": "string",
5729
+ "description": "Raw signed transaction hex (always included)"
5730
+ },
5731
+ "tx_hash": {
5732
+ "type": "string"
5733
+ },
5734
+ "from": {
5735
+ "type": "string",
5736
+ "description": "Derived sender address"
5737
+ },
5738
+ "to": {
5739
+ "type": "string"
5740
+ },
5741
+ "chain": {
5742
+ "type": "string"
5743
+ },
5744
+ "chain_id": {
5745
+ "type": "integer"
5746
+ },
5747
+ "nonce": {
5748
+ "type": "integer"
5749
+ },
5750
+ "value_wei": {
5751
+ "type": "string"
5752
+ },
5753
+ "status": {
5754
+ "type": "string",
5755
+ "enum": [
5756
+ "sign_only"
5757
+ ]
5758
+ },
5759
+ "simulation_id": {
5760
+ "type": "string"
5761
+ },
5762
+ "simulation_status": {
5763
+ "type": "string"
5764
+ },
5765
+ "max_fee_per_gas": {
5766
+ "type": "string"
5767
+ },
5768
+ "max_priority_fee_per_gas": {
5769
+ "type": "string"
5542
5770
  }
5543
5771
  }
5544
5772
  },
@@ -5612,6 +5840,7 @@
5612
5840
  "enum": [
5613
5841
  "pending",
5614
5842
  "signed",
5843
+ "sign_only",
5615
5844
  "broadcast",
5616
5845
  "failed",
5617
5846
  "simulation_failed"
@@ -5620,7 +5849,7 @@
5620
5849
  "signed_tx": {
5621
5850
  "type": "string",
5622
5851
  "nullable": true,
5623
- "description": "Raw signed transaction hex. Omitted (null) by default to reduce exfiltration risk. Pass `include_signed_tx=true` query param on GET endpoints to include it. Always returned on the initial POST submission response.\n"
5852
+ "description": "Raw signed transaction hex. On GET list and GET by id, this property is omitted by default (absent from the response). Pass `include_signed_tx=true` on those endpoints to include it. Always present on the initial POST submit response.\n"
5624
5853
  },
5625
5854
  "tx_hash": {
5626
5855
  "type": "string"
@@ -6310,6 +6539,38 @@
6310
6539
  }
6311
6540
  }
6312
6541
  },
6542
+ "LlmTokenBillingStatus": {
6543
+ "type": "object",
6544
+ "properties": {
6545
+ "enabled": {
6546
+ "type": "boolean"
6547
+ },
6548
+ "subscription_status": {
6549
+ "type": "string",
6550
+ "enum": [
6551
+ "active",
6552
+ "inactive"
6553
+ ]
6554
+ }
6555
+ }
6556
+ },
6557
+ "LlmCheckoutResponse": {
6558
+ "type": "object",
6559
+ "properties": {
6560
+ "checkout_url": {
6561
+ "type": "string",
6562
+ "format": "uri"
6563
+ }
6564
+ }
6565
+ },
6566
+ "LlmDisableResponse": {
6567
+ "type": "object",
6568
+ "properties": {
6569
+ "enabled": {
6570
+ "type": "boolean"
6571
+ }
6572
+ }
6573
+ },
6313
6574
  "CreditBalanceResponse": {
6314
6575
  "type": "object",
6315
6576
  "properties": {
package/openapi.yaml CHANGED
@@ -1213,6 +1213,46 @@ paths:
1213
1213
  "404":
1214
1214
  $ref: "#/components/responses/NotFound"
1215
1215
 
1216
+ /v1/agents/{agent_id}/transactions/sign:
1217
+ post:
1218
+ tags: [Transactions]
1219
+ summary: Sign a transaction without broadcasting
1220
+ description: |
1221
+ Signs a transaction inside the server (or TEE when using Shroud) but does
1222
+ **not** broadcast it. The caller receives the raw `signed_tx` hex and
1223
+ `tx_hash` so it can submit to any RPC of its choosing.
1224
+
1225
+ All agent guardrails (allowlists, value caps, daily limits) are enforced
1226
+ exactly as for the submit endpoint. The signed transaction is recorded for
1227
+ audit and daily-limit tracking with `status: "sign_only"`.
1228
+ operationId: signTransaction
1229
+ x-agentcash-auth:
1230
+ mode: paid
1231
+ x-payment-info:
1232
+ protocols: [x402]
1233
+ pricingMode: quote
1234
+ parameters:
1235
+ - $ref: "#/components/parameters/AgentId"
1236
+ requestBody:
1237
+ required: true
1238
+ content:
1239
+ application/json:
1240
+ schema:
1241
+ $ref: "#/components/schemas/SignTransactionRequest"
1242
+ responses:
1243
+ "200":
1244
+ description: Transaction signed successfully (not broadcast)
1245
+ content:
1246
+ application/json:
1247
+ schema:
1248
+ $ref: "#/components/schemas/SignTransactionResponse"
1249
+ "400":
1250
+ $ref: "#/components/responses/BadRequest"
1251
+ "403":
1252
+ $ref: "#/components/responses/Forbidden"
1253
+ "402":
1254
+ $ref: "#/components/responses/PaymentRequired"
1255
+
1216
1256
  /v1/agents/{agent_id}/transactions/simulate:
1217
1257
  post:
1218
1258
  tags: [Transactions]
@@ -1760,6 +1800,58 @@ paths:
1760
1800
  schema:
1761
1801
  $ref: "#/components/schemas/CreditTransactionsListResponse"
1762
1802
 
1803
+ # ---------------------------------------------------------------------------
1804
+ # LLM Token Billing
1805
+ # ---------------------------------------------------------------------------
1806
+
1807
+ /v1/billing/llm-token-billing:
1808
+ get:
1809
+ tags: [Billing]
1810
+ summary: Get LLM token billing status
1811
+ operationId: getLlmTokenBilling
1812
+ description: Returns whether LLM token billing is enabled for the caller's org.
1813
+ responses:
1814
+ "200":
1815
+ description: LLM token billing status
1816
+ content:
1817
+ application/json:
1818
+ schema:
1819
+ $ref: "#/components/schemas/LlmTokenBillingStatus"
1820
+
1821
+ /v1/billing/llm-token-billing/subscribe:
1822
+ post:
1823
+ tags: [Billing]
1824
+ summary: Subscribe to LLM token billing
1825
+ operationId: subscribeLlmTokenBilling
1826
+ description: >
1827
+ Creates a Stripe Checkout session for the LLM token billing pricing plan.
1828
+ Returns a checkout URL to redirect the user. After the user completes checkout,
1829
+ a webhook activates LLM billing for the org.
1830
+ responses:
1831
+ "200":
1832
+ description: Stripe Checkout URL
1833
+ content:
1834
+ application/json:
1835
+ schema:
1836
+ $ref: "#/components/schemas/LlmCheckoutResponse"
1837
+
1838
+ /v1/billing/llm-token-billing/disable:
1839
+ post:
1840
+ tags: [Billing]
1841
+ summary: Disable LLM token billing
1842
+ operationId: disableLlmTokenBilling
1843
+ description: >
1844
+ Disables LLM token billing for the org and cancels all active
1845
+ Stripe subscriptions for the LLM pricing plan. Agents will fall
1846
+ back to direct provider routing. You can re-enable it at any time.
1847
+ responses:
1848
+ "200":
1849
+ description: LLM billing disabled
1850
+ content:
1851
+ application/json:
1852
+ schema:
1853
+ $ref: "#/components/schemas/LlmDisableResponse"
1854
+
1763
1855
  /v1/billing/overage-method:
1764
1856
  patch:
1765
1857
  tags: [Billing]
@@ -2447,9 +2539,11 @@ components:
2447
2539
  description: >
2448
2540
  Set to `true` or `1` to include the raw signed transaction hex in the response.
2449
2541
  Omitted by default to reduce key exfiltration risk. Only the literal values "true" or "1" enable inclusion; any other value or omission returns responses without signed_tx.
2542
+ Applies to GET /v1/agents/{agent_id}/transactions and GET /v1/agents/{agent_id}/transactions/{tx_id}.
2450
2543
  schema:
2451
2544
  type: boolean
2452
2545
  default: false
2546
+ example: false
2453
2547
 
2454
2548
  responses:
2455
2549
  BadRequest:
@@ -2541,11 +2635,12 @@ components:
2541
2635
 
2542
2636
  AgentTokenRequest:
2543
2637
  type: object
2544
- required: [agent_id, api_key]
2638
+ required: [api_key]
2545
2639
  properties:
2546
2640
  agent_id:
2547
2641
  type: string
2548
2642
  format: uuid
2643
+ description: Optional when using key-only auth (ocv_ keys auto-resolve agent)
2549
2644
  api_key:
2550
2645
  type: string
2551
2646
 
@@ -3604,6 +3699,43 @@ components:
3604
3699
  # --- Transactions ---
3605
3700
 
3606
3701
  SubmitTransactionRequest:
3702
+ type: object
3703
+ required: [to, value, chain]
3704
+ properties:
3705
+ to:
3706
+ type: string
3707
+ description: Destination address (0x-prefixed)
3708
+ value:
3709
+ type: string
3710
+ description: Value in ETH
3711
+ chain:
3712
+ type: string
3713
+ description: Chain name or numeric ID
3714
+ data:
3715
+ type: string
3716
+ description: Hex-encoded calldata
3717
+ signing_key_path:
3718
+ type: string
3719
+ nonce:
3720
+ type: integer
3721
+ gas_price:
3722
+ type: string
3723
+ gas_limit:
3724
+ type: integer
3725
+ max_fee_per_gas:
3726
+ type: string
3727
+ max_priority_fee_per_gas:
3728
+ type: string
3729
+ simulate_first:
3730
+ type: boolean
3731
+ default: false
3732
+ mode:
3733
+ type: string
3734
+ description: Transaction mode
3735
+ enum: [eoa, smart_account]
3736
+ default: eoa
3737
+
3738
+ SignTransactionRequest:
3607
3739
  type: object
3608
3740
  required: [to, value, chain]
3609
3741
  properties:
@@ -3635,6 +3767,39 @@ components:
3635
3767
  type: boolean
3636
3768
  default: false
3637
3769
 
3770
+ SignTransactionResponse:
3771
+ type: object
3772
+ properties:
3773
+ signed_tx:
3774
+ type: string
3775
+ description: Raw signed transaction hex (always included)
3776
+ tx_hash:
3777
+ type: string
3778
+ from:
3779
+ type: string
3780
+ description: Derived sender address
3781
+ to:
3782
+ type: string
3783
+ chain:
3784
+ type: string
3785
+ chain_id:
3786
+ type: integer
3787
+ nonce:
3788
+ type: integer
3789
+ value_wei:
3790
+ type: string
3791
+ status:
3792
+ type: string
3793
+ enum: [sign_only]
3794
+ simulation_id:
3795
+ type: string
3796
+ simulation_status:
3797
+ type: string
3798
+ max_fee_per_gas:
3799
+ type: string
3800
+ max_priority_fee_per_gas:
3801
+ type: string
3802
+
3638
3803
  SimulateTransactionRequest:
3639
3804
  type: object
3640
3805
  required: [to, value, chain]
@@ -3681,14 +3846,12 @@ components:
3681
3846
  status:
3682
3847
  type: string
3683
3848
  enum:
3684
- [pending, signed, broadcast, failed, simulation_failed]
3849
+ [pending, signed, sign_only, broadcast, failed, simulation_failed]
3685
3850
  signed_tx:
3686
3851
  type: string
3687
3852
  nullable: true
3688
3853
  description: >
3689
- Raw signed transaction hex. Omitted (null) by default to reduce exfiltration risk.
3690
- Pass `include_signed_tx=true` query param on GET endpoints to include it.
3691
- Always returned on the initial POST submission response.
3854
+ Raw signed transaction hex. On GET list and GET by id, this property is omitted by default (absent from the response). Pass `include_signed_tx=true` on those endpoints to include it. Always present on the initial POST submit response.
3692
3855
  tx_hash:
3693
3856
  type: string
3694
3857
  error_message:
@@ -4162,6 +4325,28 @@ components:
4162
4325
  limit:
4163
4326
  type: integer
4164
4327
 
4328
+ LlmTokenBillingStatus:
4329
+ type: object
4330
+ properties:
4331
+ enabled:
4332
+ type: boolean
4333
+ subscription_status:
4334
+ type: string
4335
+ enum: [active, inactive]
4336
+
4337
+ LlmCheckoutResponse:
4338
+ type: object
4339
+ properties:
4340
+ checkout_url:
4341
+ type: string
4342
+ format: uri
4343
+
4344
+ LlmDisableResponse:
4345
+ type: object
4346
+ properties:
4347
+ enabled:
4348
+ type: boolean
4349
+
4165
4350
  CreditBalanceResponse:
4166
4351
  type: object
4167
4352
  properties:
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@1claw/openapi-spec",
3
- "version": "0.15.2",
3
+ "version": "0.15.3",
4
4
  "description": "OpenAPI 3.1.0 specification for the 1Claw Vault API — generate clients in any language",
5
5
  "license": "MIT",
6
6
  "repository": {