@1claw/openapi-spec 0.15.2 → 0.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +2 -1
  2. package/openapi.json +273 -6
  3. package/openapi.yaml +195 -6
  4. package/package.json +1 -1
package/README.md CHANGED
@@ -42,13 +42,14 @@ import spec from "@1claw/openapi-spec/openapi.json";
42
42
 
43
43
  ## What's in the spec (v0.15.x)
44
44
 
45
+ - **Billing — LLM token billing** — `GET /v1/billing/llm-token-billing`, `POST .../subscribe`, `POST .../disable` (Stripe AI Gateway add-on; optional org feature)
45
46
  - **Treasury** — Safe multisig treasuries: `POST/GET /v1/treasury`, `GET/PATCH/DELETE /v1/treasury/{id}`, signers, agent access requests (`requests[]` on list)
46
47
  - **Vaults** — CRUD, CMEK enable/disable, key rotation with job tracking
47
48
  - **Secrets** — CRUD, versioning, CMEK-encrypted flag
48
49
  - **Agents** — CRUD with `auth_method` (api_key, mtls, oidc_client_credentials), auto-generated SSH keypairs, `token_ttl_seconds`, `vault_ids`, Intents API, transaction guardrails
49
50
  - **Policies** — Glob-based access control
50
51
  - **Sharing** — Links, user/agent shares, accept/decline
51
- - **Billing** — Subscriptions, credits, x402
52
+ - **Billing** — Subscriptions, credits, x402, LLM token billing (see above)
52
53
  - **Audit** — Hash-chained event log
53
54
  - **Chains** — Supported blockchain registry
54
55
  - **Auth** — JWT, API keys, agent tokens, MFA, device flow, Google OAuth
package/openapi.json CHANGED
@@ -1903,6 +1903,61 @@
1903
1903
  }
1904
1904
  }
1905
1905
  },
1906
+ "/v1/agents/{agent_id}/transactions/sign": {
1907
+ "post": {
1908
+ "tags": [
1909
+ "Transactions"
1910
+ ],
1911
+ "summary": "Sign a transaction without broadcasting",
1912
+ "description": "Signs a transaction inside the server (or TEE when using Shroud) but does\n**not** broadcast it. The caller receives the raw `signed_tx` hex and\n`tx_hash` so it can submit to any RPC of its choosing.\n\nAll agent guardrails (allowlists, value caps, daily limits) are enforced\nexactly as for the submit endpoint. The signed transaction is recorded for\naudit and daily-limit tracking with `status: \"sign_only\"`.\n",
1913
+ "operationId": "signTransaction",
1914
+ "x-agentcash-auth": {
1915
+ "mode": "paid"
1916
+ },
1917
+ "x-payment-info": {
1918
+ "protocols": [
1919
+ "x402"
1920
+ ],
1921
+ "pricingMode": "quote"
1922
+ },
1923
+ "parameters": [
1924
+ {
1925
+ "$ref": "#/components/parameters/AgentId"
1926
+ }
1927
+ ],
1928
+ "requestBody": {
1929
+ "required": true,
1930
+ "content": {
1931
+ "application/json": {
1932
+ "schema": {
1933
+ "$ref": "#/components/schemas/SignTransactionRequest"
1934
+ }
1935
+ }
1936
+ }
1937
+ },
1938
+ "responses": {
1939
+ "200": {
1940
+ "description": "Transaction signed successfully (not broadcast)",
1941
+ "content": {
1942
+ "application/json": {
1943
+ "schema": {
1944
+ "$ref": "#/components/schemas/SignTransactionResponse"
1945
+ }
1946
+ }
1947
+ }
1948
+ },
1949
+ "400": {
1950
+ "$ref": "#/components/responses/BadRequest"
1951
+ },
1952
+ "402": {
1953
+ "$ref": "#/components/responses/PaymentRequired"
1954
+ },
1955
+ "403": {
1956
+ "$ref": "#/components/responses/Forbidden"
1957
+ }
1958
+ }
1959
+ }
1960
+ },
1906
1961
  "/v1/agents/{agent_id}/transactions/simulate": {
1907
1962
  "post": {
1908
1963
  "tags": [
@@ -2763,6 +2818,72 @@
2763
2818
  }
2764
2819
  }
2765
2820
  },
2821
+ "/v1/billing/llm-token-billing": {
2822
+ "get": {
2823
+ "tags": [
2824
+ "Billing"
2825
+ ],
2826
+ "summary": "Get LLM token billing status",
2827
+ "operationId": "getLlmTokenBilling",
2828
+ "description": "Returns whether LLM token billing is enabled for the caller's org.",
2829
+ "responses": {
2830
+ "200": {
2831
+ "description": "LLM token billing status",
2832
+ "content": {
2833
+ "application/json": {
2834
+ "schema": {
2835
+ "$ref": "#/components/schemas/LlmTokenBillingStatus"
2836
+ }
2837
+ }
2838
+ }
2839
+ }
2840
+ }
2841
+ }
2842
+ },
2843
+ "/v1/billing/llm-token-billing/subscribe": {
2844
+ "post": {
2845
+ "tags": [
2846
+ "Billing"
2847
+ ],
2848
+ "summary": "Subscribe to LLM token billing",
2849
+ "operationId": "subscribeLlmTokenBilling",
2850
+ "description": "Creates a Stripe Checkout session for the LLM token billing pricing plan. Returns a checkout URL to redirect the user. After the user completes checkout, a webhook activates LLM billing for the org.\n",
2851
+ "responses": {
2852
+ "200": {
2853
+ "description": "Stripe Checkout URL",
2854
+ "content": {
2855
+ "application/json": {
2856
+ "schema": {
2857
+ "$ref": "#/components/schemas/LlmCheckoutResponse"
2858
+ }
2859
+ }
2860
+ }
2861
+ }
2862
+ }
2863
+ }
2864
+ },
2865
+ "/v1/billing/llm-token-billing/disable": {
2866
+ "post": {
2867
+ "tags": [
2868
+ "Billing"
2869
+ ],
2870
+ "summary": "Disable LLM token billing",
2871
+ "operationId": "disableLlmTokenBilling",
2872
+ "description": "Disables LLM token billing for the org and cancels all active Stripe subscriptions for the LLM pricing plan. Agents will fall back to direct provider routing. You can re-enable it at any time.\n",
2873
+ "responses": {
2874
+ "200": {
2875
+ "description": "LLM billing disabled",
2876
+ "content": {
2877
+ "application/json": {
2878
+ "schema": {
2879
+ "$ref": "#/components/schemas/LlmDisableResponse"
2880
+ }
2881
+ }
2882
+ }
2883
+ }
2884
+ }
2885
+ }
2886
+ },
2766
2887
  "/v1/billing/overage-method": {
2767
2888
  "patch": {
2768
2889
  "tags": [
@@ -3827,10 +3948,11 @@
3827
3948
  "name": "include_signed_tx",
3828
3949
  "in": "query",
3829
3950
  "required": false,
3830
- "description": "Set to `true` or `1` to include the raw signed transaction hex in the response. Omitted by default to reduce key exfiltration risk. Only the literal values \"true\" or \"1\" enable inclusion; any other value or omission returns responses without signed_tx.\n",
3951
+ "description": "Set to `true` or `1` to include the raw signed transaction hex in the response. Omitted by default to reduce key exfiltration risk. Only the literal values \"true\" or \"1\" enable inclusion; any other value or omission returns responses without signed_tx. Applies to GET /v1/agents/{agent_id}/transactions and GET /v1/agents/{agent_id}/transactions/{tx_id}.\n",
3831
3952
  "schema": {
3832
3953
  "type": "boolean",
3833
- "default": false
3954
+ "default": false,
3955
+ "example": false
3834
3956
  }
3835
3957
  }
3836
3958
  },
@@ -3969,13 +4091,13 @@
3969
4091
  "AgentTokenRequest": {
3970
4092
  "type": "object",
3971
4093
  "required": [
3972
- "agent_id",
3973
4094
  "api_key"
3974
4095
  ],
3975
4096
  "properties": {
3976
4097
  "agent_id": {
3977
4098
  "type": "string",
3978
- "format": "uuid"
4099
+ "format": "uuid",
4100
+ "description": "Optional when using key-only auth (ocv_ keys auto-resolve agent)"
3979
4101
  },
3980
4102
  "api_key": {
3981
4103
  "type": "string"
@@ -4126,11 +4248,17 @@
4126
4248
  "DeviceCodeRequest": {
4127
4249
  "type": "object",
4128
4250
  "required": [
4129
- "client_id"
4251
+ "client_id",
4252
+ "email"
4130
4253
  ],
4131
4254
  "properties": {
4132
4255
  "client_id": {
4133
4256
  "type": "string"
4257
+ },
4258
+ "email": {
4259
+ "type": "string",
4260
+ "format": "email",
4261
+ "description": "Account email; only that user may approve the code in the dashboard."
4134
4262
  }
4135
4263
  }
4136
4264
  },
@@ -5539,6 +5667,112 @@
5539
5667
  "simulate_first": {
5540
5668
  "type": "boolean",
5541
5669
  "default": false
5670
+ },
5671
+ "mode": {
5672
+ "type": "string",
5673
+ "description": "Transaction mode",
5674
+ "enum": [
5675
+ "eoa",
5676
+ "smart_account"
5677
+ ],
5678
+ "default": "eoa"
5679
+ }
5680
+ }
5681
+ },
5682
+ "SignTransactionRequest": {
5683
+ "type": "object",
5684
+ "required": [
5685
+ "to",
5686
+ "value",
5687
+ "chain"
5688
+ ],
5689
+ "properties": {
5690
+ "to": {
5691
+ "type": "string",
5692
+ "description": "Destination address (0x-prefixed)"
5693
+ },
5694
+ "value": {
5695
+ "type": "string",
5696
+ "description": "Value in ETH"
5697
+ },
5698
+ "chain": {
5699
+ "type": "string",
5700
+ "description": "Chain name or numeric ID"
5701
+ },
5702
+ "data": {
5703
+ "type": "string",
5704
+ "description": "Hex-encoded calldata"
5705
+ },
5706
+ "signing_key_path": {
5707
+ "type": "string"
5708
+ },
5709
+ "nonce": {
5710
+ "type": "integer"
5711
+ },
5712
+ "gas_price": {
5713
+ "type": "string"
5714
+ },
5715
+ "gas_limit": {
5716
+ "type": "integer"
5717
+ },
5718
+ "max_fee_per_gas": {
5719
+ "type": "string"
5720
+ },
5721
+ "max_priority_fee_per_gas": {
5722
+ "type": "string"
5723
+ },
5724
+ "simulate_first": {
5725
+ "type": "boolean",
5726
+ "default": false
5727
+ }
5728
+ }
5729
+ },
5730
+ "SignTransactionResponse": {
5731
+ "type": "object",
5732
+ "properties": {
5733
+ "signed_tx": {
5734
+ "type": "string",
5735
+ "description": "Raw signed transaction hex (always included)"
5736
+ },
5737
+ "tx_hash": {
5738
+ "type": "string"
5739
+ },
5740
+ "from": {
5741
+ "type": "string",
5742
+ "description": "Derived sender address"
5743
+ },
5744
+ "to": {
5745
+ "type": "string"
5746
+ },
5747
+ "chain": {
5748
+ "type": "string"
5749
+ },
5750
+ "chain_id": {
5751
+ "type": "integer"
5752
+ },
5753
+ "nonce": {
5754
+ "type": "integer"
5755
+ },
5756
+ "value_wei": {
5757
+ "type": "string"
5758
+ },
5759
+ "status": {
5760
+ "type": "string",
5761
+ "enum": [
5762
+ "sign_only"
5763
+ ]
5764
+ },
5765
+ "simulation_id": {
5766
+ "type": "string"
5767
+ },
5768
+ "simulation_status": {
5769
+ "type": "string"
5770
+ },
5771
+ "max_fee_per_gas": {
5772
+ "type": "string"
5773
+ },
5774
+ "max_priority_fee_per_gas": {
5775
+ "type": "string"
5542
5776
  }
5543
5777
  }
5544
5778
  },
@@ -5612,6 +5846,7 @@
5612
5846
  "enum": [
5613
5847
  "pending",
5614
5848
  "signed",
5849
+ "sign_only",
5615
5850
  "broadcast",
5616
5851
  "failed",
5617
5852
  "simulation_failed"
@@ -5620,7 +5855,7 @@
5620
5855
  "signed_tx": {
5621
5856
  "type": "string",
5622
5857
  "nullable": true,
5623
- "description": "Raw signed transaction hex. Omitted (null) by default to reduce exfiltration risk. Pass `include_signed_tx=true` query param on GET endpoints to include it. Always returned on the initial POST submission response.\n"
5858
+ "description": "Raw signed transaction hex. On GET list and GET by id, this property is omitted by default (absent from the response). Pass `include_signed_tx=true` on those endpoints to include it. Always present on the initial POST submit response.\n"
5624
5859
  },
5625
5860
  "tx_hash": {
5626
5861
  "type": "string"
@@ -6310,6 +6545,38 @@
6310
6545
  }
6311
6546
  }
6312
6547
  },
6548
+ "LlmTokenBillingStatus": {
6549
+ "type": "object",
6550
+ "properties": {
6551
+ "enabled": {
6552
+ "type": "boolean"
6553
+ },
6554
+ "subscription_status": {
6555
+ "type": "string",
6556
+ "enum": [
6557
+ "active",
6558
+ "inactive"
6559
+ ]
6560
+ }
6561
+ }
6562
+ },
6563
+ "LlmCheckoutResponse": {
6564
+ "type": "object",
6565
+ "properties": {
6566
+ "checkout_url": {
6567
+ "type": "string",
6568
+ "format": "uri"
6569
+ }
6570
+ }
6571
+ },
6572
+ "LlmDisableResponse": {
6573
+ "type": "object",
6574
+ "properties": {
6575
+ "enabled": {
6576
+ "type": "boolean"
6577
+ }
6578
+ }
6579
+ },
6313
6580
  "CreditBalanceResponse": {
6314
6581
  "type": "object",
6315
6582
  "properties": {
package/openapi.yaml CHANGED
@@ -1213,6 +1213,46 @@ paths:
1213
1213
  "404":
1214
1214
  $ref: "#/components/responses/NotFound"
1215
1215
 
1216
+ /v1/agents/{agent_id}/transactions/sign:
1217
+ post:
1218
+ tags: [Transactions]
1219
+ summary: Sign a transaction without broadcasting
1220
+ description: |
1221
+ Signs a transaction inside the server (or TEE when using Shroud) but does
1222
+ **not** broadcast it. The caller receives the raw `signed_tx` hex and
1223
+ `tx_hash` so it can submit to any RPC of its choosing.
1224
+
1225
+ All agent guardrails (allowlists, value caps, daily limits) are enforced
1226
+ exactly as for the submit endpoint. The signed transaction is recorded for
1227
+ audit and daily-limit tracking with `status: "sign_only"`.
1228
+ operationId: signTransaction
1229
+ x-agentcash-auth:
1230
+ mode: paid
1231
+ x-payment-info:
1232
+ protocols: [x402]
1233
+ pricingMode: quote
1234
+ parameters:
1235
+ - $ref: "#/components/parameters/AgentId"
1236
+ requestBody:
1237
+ required: true
1238
+ content:
1239
+ application/json:
1240
+ schema:
1241
+ $ref: "#/components/schemas/SignTransactionRequest"
1242
+ responses:
1243
+ "200":
1244
+ description: Transaction signed successfully (not broadcast)
1245
+ content:
1246
+ application/json:
1247
+ schema:
1248
+ $ref: "#/components/schemas/SignTransactionResponse"
1249
+ "400":
1250
+ $ref: "#/components/responses/BadRequest"
1251
+ "403":
1252
+ $ref: "#/components/responses/Forbidden"
1253
+ "402":
1254
+ $ref: "#/components/responses/PaymentRequired"
1255
+
1216
1256
  /v1/agents/{agent_id}/transactions/simulate:
1217
1257
  post:
1218
1258
  tags: [Transactions]
@@ -1760,6 +1800,58 @@ paths:
1760
1800
  schema:
1761
1801
  $ref: "#/components/schemas/CreditTransactionsListResponse"
1762
1802
 
1803
+ # ---------------------------------------------------------------------------
1804
+ # LLM Token Billing
1805
+ # ---------------------------------------------------------------------------
1806
+
1807
+ /v1/billing/llm-token-billing:
1808
+ get:
1809
+ tags: [Billing]
1810
+ summary: Get LLM token billing status
1811
+ operationId: getLlmTokenBilling
1812
+ description: Returns whether LLM token billing is enabled for the caller's org.
1813
+ responses:
1814
+ "200":
1815
+ description: LLM token billing status
1816
+ content:
1817
+ application/json:
1818
+ schema:
1819
+ $ref: "#/components/schemas/LlmTokenBillingStatus"
1820
+
1821
+ /v1/billing/llm-token-billing/subscribe:
1822
+ post:
1823
+ tags: [Billing]
1824
+ summary: Subscribe to LLM token billing
1825
+ operationId: subscribeLlmTokenBilling
1826
+ description: >
1827
+ Creates a Stripe Checkout session for the LLM token billing pricing plan.
1828
+ Returns a checkout URL to redirect the user. After the user completes checkout,
1829
+ a webhook activates LLM billing for the org.
1830
+ responses:
1831
+ "200":
1832
+ description: Stripe Checkout URL
1833
+ content:
1834
+ application/json:
1835
+ schema:
1836
+ $ref: "#/components/schemas/LlmCheckoutResponse"
1837
+
1838
+ /v1/billing/llm-token-billing/disable:
1839
+ post:
1840
+ tags: [Billing]
1841
+ summary: Disable LLM token billing
1842
+ operationId: disableLlmTokenBilling
1843
+ description: >
1844
+ Disables LLM token billing for the org and cancels all active
1845
+ Stripe subscriptions for the LLM pricing plan. Agents will fall
1846
+ back to direct provider routing. You can re-enable it at any time.
1847
+ responses:
1848
+ "200":
1849
+ description: LLM billing disabled
1850
+ content:
1851
+ application/json:
1852
+ schema:
1853
+ $ref: "#/components/schemas/LlmDisableResponse"
1854
+
1763
1855
  /v1/billing/overage-method:
1764
1856
  patch:
1765
1857
  tags: [Billing]
@@ -2447,9 +2539,11 @@ components:
2447
2539
  description: >
2448
2540
  Set to `true` or `1` to include the raw signed transaction hex in the response.
2449
2541
  Omitted by default to reduce key exfiltration risk. Only the literal values "true" or "1" enable inclusion; any other value or omission returns responses without signed_tx.
2542
+ Applies to GET /v1/agents/{agent_id}/transactions and GET /v1/agents/{agent_id}/transactions/{tx_id}.
2450
2543
  schema:
2451
2544
  type: boolean
2452
2545
  default: false
2546
+ example: false
2453
2547
 
2454
2548
  responses:
2455
2549
  BadRequest:
@@ -2541,11 +2635,12 @@ components:
2541
2635
 
2542
2636
  AgentTokenRequest:
2543
2637
  type: object
2544
- required: [agent_id, api_key]
2638
+ required: [api_key]
2545
2639
  properties:
2546
2640
  agent_id:
2547
2641
  type: string
2548
2642
  format: uuid
2643
+ description: Optional when using key-only auth (ocv_ keys auto-resolve agent)
2549
2644
  api_key:
2550
2645
  type: string
2551
2646
 
@@ -2649,10 +2744,14 @@ components:
2649
2744
 
2650
2745
  DeviceCodeRequest:
2651
2746
  type: object
2652
- required: [client_id]
2747
+ required: [client_id, email]
2653
2748
  properties:
2654
2749
  client_id:
2655
2750
  type: string
2751
+ email:
2752
+ type: string
2753
+ format: email
2754
+ description: Account email; only that user may approve the code in the dashboard.
2656
2755
 
2657
2756
  DeviceCodeResponse:
2658
2757
  type: object
@@ -3634,6 +3733,76 @@ components:
3634
3733
  simulate_first:
3635
3734
  type: boolean
3636
3735
  default: false
3736
+ mode:
3737
+ type: string
3738
+ description: Transaction mode
3739
+ enum: [eoa, smart_account]
3740
+ default: eoa
3741
+
3742
+ SignTransactionRequest:
3743
+ type: object
3744
+ required: [to, value, chain]
3745
+ properties:
3746
+ to:
3747
+ type: string
3748
+ description: Destination address (0x-prefixed)
3749
+ value:
3750
+ type: string
3751
+ description: Value in ETH
3752
+ chain:
3753
+ type: string
3754
+ description: Chain name or numeric ID
3755
+ data:
3756
+ type: string
3757
+ description: Hex-encoded calldata
3758
+ signing_key_path:
3759
+ type: string
3760
+ nonce:
3761
+ type: integer
3762
+ gas_price:
3763
+ type: string
3764
+ gas_limit:
3765
+ type: integer
3766
+ max_fee_per_gas:
3767
+ type: string
3768
+ max_priority_fee_per_gas:
3769
+ type: string
3770
+ simulate_first:
3771
+ type: boolean
3772
+ default: false
3773
+
3774
+ SignTransactionResponse:
3775
+ type: object
3776
+ properties:
3777
+ signed_tx:
3778
+ type: string
3779
+ description: Raw signed transaction hex (always included)
3780
+ tx_hash:
3781
+ type: string
3782
+ from:
3783
+ type: string
3784
+ description: Derived sender address
3785
+ to:
3786
+ type: string
3787
+ chain:
3788
+ type: string
3789
+ chain_id:
3790
+ type: integer
3791
+ nonce:
3792
+ type: integer
3793
+ value_wei:
3794
+ type: string
3795
+ status:
3796
+ type: string
3797
+ enum: [sign_only]
3798
+ simulation_id:
3799
+ type: string
3800
+ simulation_status:
3801
+ type: string
3802
+ max_fee_per_gas:
3803
+ type: string
3804
+ max_priority_fee_per_gas:
3805
+ type: string
3637
3806
 
3638
3807
  SimulateTransactionRequest:
3639
3808
  type: object
@@ -3681,14 +3850,12 @@ components:
3681
3850
  status:
3682
3851
  type: string
3683
3852
  enum:
3684
- [pending, signed, broadcast, failed, simulation_failed]
3853
+ [pending, signed, sign_only, broadcast, failed, simulation_failed]
3685
3854
  signed_tx:
3686
3855
  type: string
3687
3856
  nullable: true
3688
3857
  description: >
3689
- Raw signed transaction hex. Omitted (null) by default to reduce exfiltration risk.
3690
- Pass `include_signed_tx=true` query param on GET endpoints to include it.
3691
- Always returned on the initial POST submission response.
3858
+ Raw signed transaction hex. On GET list and GET by id, this property is omitted by default (absent from the response). Pass `include_signed_tx=true` on those endpoints to include it. Always present on the initial POST submit response.
3692
3859
  tx_hash:
3693
3860
  type: string
3694
3861
  error_message:
@@ -4162,6 +4329,28 @@ components:
4162
4329
  limit:
4163
4330
  type: integer
4164
4331
 
4332
+ LlmTokenBillingStatus:
4333
+ type: object
4334
+ properties:
4335
+ enabled:
4336
+ type: boolean
4337
+ subscription_status:
4338
+ type: string
4339
+ enum: [active, inactive]
4340
+
4341
+ LlmCheckoutResponse:
4342
+ type: object
4343
+ properties:
4344
+ checkout_url:
4345
+ type: string
4346
+ format: uri
4347
+
4348
+ LlmDisableResponse:
4349
+ type: object
4350
+ properties:
4351
+ enabled:
4352
+ type: boolean
4353
+
4165
4354
  CreditBalanceResponse:
4166
4355
  type: object
4167
4356
  properties:
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@1claw/openapi-spec",
3
- "version": "0.15.2",
3
+ "version": "0.16.0",
4
4
  "description": "OpenAPI 3.1.0 specification for the 1Claw Vault API — generate clients in any language",
5
5
  "license": "MIT",
6
6
  "repository": {