@1claw/openapi-spec 0.15.3 → 0.16.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +2 -1
  2. package/openapi.json +240 -2
  3. package/openapi.yaml +164 -2
  4. package/package.json +1 -1
package/README.md CHANGED
@@ -40,8 +40,9 @@ openapi-generator generate \
40
40
  import spec from "@1claw/openapi-spec/openapi.json";
41
41
  ```
42
42
 
43
- ## What's in the spec (v0.15.x)
43
+ ## What's in the spec (v0.16.x)
44
44
 
45
+ - **Auth — password reset** — `POST /v1/auth/forgot-password`, `POST /v1/auth/reset-password` (public; anti-enumeration on forgot)
45
46
  - **Billing — LLM token billing** — `GET /v1/billing/llm-token-billing`, `POST .../subscribe`, `POST .../disable` (Stripe AI Gateway add-on; optional org feature)
46
47
  - **Treasury** — Safe multisig treasuries: `POST/GET /v1/treasury`, `GET/PATCH/DELETE /v1/treasury/{id}`, signers, agent access requests (`requests[]` on list)
47
48
  - **Vaults** — CRUD, CMEK enable/disable, key rotation with job tracking
package/openapi.json CHANGED
@@ -2,7 +2,7 @@
2
2
  "openapi": "3.1.0",
3
3
  "info": {
4
4
  "title": "1Claw API",
5
- "version": "2.5.0",
5
+ "version": "2.6.0",
6
6
  "description": "Secure secret management for AI agents. Provides vaults, secrets,\npolicy-based access control, agent identity, Intents API,\nsharing, billing, and audit logging.\n\nAll endpoints require JWT Bearer authentication unless marked with\n`security: []`.\n",
7
7
  "contact": {
8
8
  "email": "ops@1claw.xyz"
@@ -375,6 +375,74 @@
375
375
  }
376
376
  }
377
377
  },
378
+ "/v1/auth/forgot-password": {
379
+ "post": {
380
+ "tags": [
381
+ "Authentication"
382
+ ],
383
+ "summary": "Request password reset email",
384
+ "description": "Always returns the same message whether or not the email exists (no account enumeration).\nOnly password-based accounts receive mail.\n",
385
+ "operationId": "forgotPassword",
386
+ "security": [],
387
+ "requestBody": {
388
+ "required": true,
389
+ "content": {
390
+ "application/json": {
391
+ "schema": {
392
+ "$ref": "#/components/schemas/ForgotPasswordRequest"
393
+ }
394
+ }
395
+ }
396
+ },
397
+ "responses": {
398
+ "200": {
399
+ "description": "Acknowledgement (check email if account exists)",
400
+ "content": {
401
+ "application/json": {
402
+ "schema": {
403
+ "$ref": "#/components/schemas/ForgotPasswordResponse"
404
+ }
405
+ }
406
+ }
407
+ }
408
+ }
409
+ }
410
+ },
411
+ "/v1/auth/reset-password": {
412
+ "post": {
413
+ "tags": [
414
+ "Authentication"
415
+ ],
416
+ "summary": "Set a new password using reset token from email",
417
+ "operationId": "resetPassword",
418
+ "security": [],
419
+ "requestBody": {
420
+ "required": true,
421
+ "content": {
422
+ "application/json": {
423
+ "schema": {
424
+ "$ref": "#/components/schemas/ResetPasswordRequest"
425
+ }
426
+ }
427
+ }
428
+ },
429
+ "responses": {
430
+ "200": {
431
+ "description": "Password updated",
432
+ "content": {
433
+ "application/json": {
434
+ "schema": {
435
+ "$ref": "#/components/schemas/ResetPasswordResponse"
436
+ }
437
+ }
438
+ }
439
+ },
440
+ "400": {
441
+ "$ref": "#/components/responses/BadRequest"
442
+ }
443
+ }
444
+ }
445
+ },
378
446
  "/v1/auth/google": {
379
447
  "post": {
380
448
  "tags": [
@@ -3839,6 +3907,72 @@
3839
3907
  }
3840
3908
  }
3841
3909
  },
3910
+ "/v1/admin/usage/reset": {
3911
+ "post": {
3912
+ "tags": [
3913
+ "Admin"
3914
+ ],
3915
+ "summary": "Reset all API usage events (testing)",
3916
+ "operationId": "adminResetUsageEvents",
3917
+ "description": "Deletes every row in `usage_events` for all organizations. Resets monthly\nrequest counts used for free-tier / x402 quota. Does not change prepaid credit\nbalances or Stripe. **Platform admin only** (same guard as other `/v1/admin/*` routes).\n",
3918
+ "responses": {
3919
+ "200": {
3920
+ "description": "Usage table cleared; returns number of deleted rows",
3921
+ "content": {
3922
+ "application/json": {
3923
+ "schema": {
3924
+ "$ref": "#/components/schemas/ResetUsageEventsResponse"
3925
+ }
3926
+ }
3927
+ }
3928
+ },
3929
+ "403": {
3930
+ "$ref": "#/components/responses/Forbidden"
3931
+ }
3932
+ }
3933
+ }
3934
+ },
3935
+ "/v1/admin/usage/reset-for-user": {
3936
+ "post": {
3937
+ "tags": [
3938
+ "Admin"
3939
+ ],
3940
+ "summary": "Reset API usage for a user's organization",
3941
+ "operationId": "adminResetUsageForUserByEmail",
3942
+ "description": "Looks up a registered user by email and deletes all `usage_events` rows for that\nuser's `org_id`. Resets free-tier / monthly quota for the whole org (not other orgs).\n**Platform admin only.**\n",
3943
+ "requestBody": {
3944
+ "required": true,
3945
+ "content": {
3946
+ "application/json": {
3947
+ "schema": {
3948
+ "$ref": "#/components/schemas/ResetUsageForUserEmailRequest"
3949
+ }
3950
+ }
3951
+ }
3952
+ },
3953
+ "responses": {
3954
+ "200": {
3955
+ "description": "Usage cleared for the user's org",
3956
+ "content": {
3957
+ "application/json": {
3958
+ "schema": {
3959
+ "$ref": "#/components/schemas/ResetUsageForUserEmailResponse"
3960
+ }
3961
+ }
3962
+ }
3963
+ },
3964
+ "400": {
3965
+ "$ref": "#/components/responses/BadRequest"
3966
+ },
3967
+ "403": {
3968
+ "$ref": "#/components/responses/Forbidden"
3969
+ },
3970
+ "404": {
3971
+ "$ref": "#/components/responses/NotFound"
3972
+ }
3973
+ }
3974
+ }
3975
+ },
3842
3976
  "/v1/health": {
3843
3977
  "get": {
3844
3978
  "tags": [
@@ -4027,6 +4161,61 @@
4027
4161
  }
4028
4162
  }
4029
4163
  },
4164
+ "ResetUsageEventsResponse": {
4165
+ "type": "object",
4166
+ "required": [
4167
+ "deleted_events"
4168
+ ],
4169
+ "properties": {
4170
+ "deleted_events": {
4171
+ "type": "integer",
4172
+ "format": "int64",
4173
+ "description": "Number of usage_events rows removed"
4174
+ }
4175
+ }
4176
+ },
4177
+ "ResetUsageForUserEmailRequest": {
4178
+ "type": "object",
4179
+ "required": [
4180
+ "email"
4181
+ ],
4182
+ "properties": {
4183
+ "email": {
4184
+ "type": "string",
4185
+ "format": "email"
4186
+ }
4187
+ }
4188
+ },
4189
+ "ResetUsageForUserEmailResponse": {
4190
+ "type": "object",
4191
+ "required": [
4192
+ "deleted_events",
4193
+ "org_id",
4194
+ "user_id",
4195
+ "email",
4196
+ "display_name"
4197
+ ],
4198
+ "properties": {
4199
+ "deleted_events": {
4200
+ "type": "integer",
4201
+ "format": "int64"
4202
+ },
4203
+ "org_id": {
4204
+ "type": "string",
4205
+ "format": "uuid"
4206
+ },
4207
+ "user_id": {
4208
+ "type": "string",
4209
+ "format": "uuid"
4210
+ },
4211
+ "email": {
4212
+ "type": "string"
4213
+ },
4214
+ "display_name": {
4215
+ "type": "string"
4216
+ }
4217
+ }
4218
+ },
4030
4219
  "LoginRequest": {
4031
4220
  "type": "object",
4032
4221
  "required": [
@@ -4178,6 +4367,49 @@
4178
4367
  }
4179
4368
  }
4180
4369
  },
4370
+ "ForgotPasswordRequest": {
4371
+ "type": "object",
4372
+ "required": [
4373
+ "email"
4374
+ ],
4375
+ "properties": {
4376
+ "email": {
4377
+ "type": "string",
4378
+ "format": "email"
4379
+ }
4380
+ }
4381
+ },
4382
+ "ForgotPasswordResponse": {
4383
+ "type": "object",
4384
+ "properties": {
4385
+ "message": {
4386
+ "type": "string"
4387
+ }
4388
+ }
4389
+ },
4390
+ "ResetPasswordRequest": {
4391
+ "type": "object",
4392
+ "required": [
4393
+ "token",
4394
+ "new_password"
4395
+ ],
4396
+ "properties": {
4397
+ "token": {
4398
+ "type": "string"
4399
+ },
4400
+ "new_password": {
4401
+ "type": "string"
4402
+ }
4403
+ }
4404
+ },
4405
+ "ResetPasswordResponse": {
4406
+ "type": "object",
4407
+ "properties": {
4408
+ "message": {
4409
+ "type": "string"
4410
+ }
4411
+ }
4412
+ },
4181
4413
  "MfaStatusResponse": {
4182
4414
  "type": "object",
4183
4415
  "properties": {
@@ -4248,11 +4480,17 @@
4248
4480
  "DeviceCodeRequest": {
4249
4481
  "type": "object",
4250
4482
  "required": [
4251
- "client_id"
4483
+ "client_id",
4484
+ "email"
4252
4485
  ],
4253
4486
  "properties": {
4254
4487
  "client_id": {
4255
4488
  "type": "string"
4489
+ },
4490
+ "email": {
4491
+ "type": "string",
4492
+ "format": "email",
4493
+ "description": "Account email; only that user may approve the code in the dashboard."
4256
4494
  }
4257
4495
  }
4258
4496
  },
package/openapi.yaml CHANGED
@@ -2,7 +2,7 @@ openapi: 3.1.0
2
2
 
3
3
  info:
4
4
  title: 1Claw API
5
- version: 2.5.0
5
+ version: 2.6.0
6
6
  description: |
7
7
  Secure secret management for AI agents. Provides vaults, secrets,
8
8
  policy-based access control, agent identity, Intents API,
@@ -245,6 +245,51 @@ paths:
245
245
  "400":
246
246
  $ref: "#/components/responses/BadRequest"
247
247
 
248
+ /v1/auth/forgot-password:
249
+ post:
250
+ tags: [Authentication]
251
+ summary: Request password reset email
252
+ description: |
253
+ Always returns the same message whether or not the email exists (no account enumeration).
254
+ Only password-based accounts receive mail.
255
+ operationId: forgotPassword
256
+ security: []
257
+ requestBody:
258
+ required: true
259
+ content:
260
+ application/json:
261
+ schema:
262
+ $ref: "#/components/schemas/ForgotPasswordRequest"
263
+ responses:
264
+ "200":
265
+ description: Acknowledgement (check email if account exists)
266
+ content:
267
+ application/json:
268
+ schema:
269
+ $ref: "#/components/schemas/ForgotPasswordResponse"
270
+
271
+ /v1/auth/reset-password:
272
+ post:
273
+ tags: [Authentication]
274
+ summary: Set a new password using reset token from email
275
+ operationId: resetPassword
276
+ security: []
277
+ requestBody:
278
+ required: true
279
+ content:
280
+ application/json:
281
+ schema:
282
+ $ref: "#/components/schemas/ResetPasswordRequest"
283
+ responses:
284
+ "200":
285
+ description: Password updated
286
+ content:
287
+ application/json:
288
+ schema:
289
+ $ref: "#/components/schemas/ResetPasswordResponse"
290
+ "400":
291
+ $ref: "#/components/responses/BadRequest"
292
+
248
293
  /v1/auth/google:
249
294
  post:
250
295
  tags: [Authentication]
@@ -2452,6 +2497,54 @@ paths:
2452
2497
  "403":
2453
2498
  $ref: "#/components/responses/Forbidden"
2454
2499
 
2500
+ /v1/admin/usage/reset:
2501
+ post:
2502
+ tags: [Admin]
2503
+ summary: Reset all API usage events (testing)
2504
+ operationId: adminResetUsageEvents
2505
+ description: |
2506
+ Deletes every row in `usage_events` for all organizations. Resets monthly
2507
+ request counts used for free-tier / x402 quota. Does not change prepaid credit
2508
+ balances or Stripe. **Platform admin only** (same guard as other `/v1/admin/*` routes).
2509
+ responses:
2510
+ "200":
2511
+ description: Usage table cleared; returns number of deleted rows
2512
+ content:
2513
+ application/json:
2514
+ schema:
2515
+ $ref: "#/components/schemas/ResetUsageEventsResponse"
2516
+ "403":
2517
+ $ref: "#/components/responses/Forbidden"
2518
+
2519
+ /v1/admin/usage/reset-for-user:
2520
+ post:
2521
+ tags: [Admin]
2522
+ summary: Reset API usage for a user's organization
2523
+ operationId: adminResetUsageForUserByEmail
2524
+ description: |
2525
+ Looks up a registered user by email and deletes all `usage_events` rows for that
2526
+ user's `org_id`. Resets free-tier / monthly quota for the whole org (not other orgs).
2527
+ **Platform admin only.**
2528
+ requestBody:
2529
+ required: true
2530
+ content:
2531
+ application/json:
2532
+ schema:
2533
+ $ref: "#/components/schemas/ResetUsageForUserEmailRequest"
2534
+ responses:
2535
+ "200":
2536
+ description: Usage cleared for the user's org
2537
+ content:
2538
+ application/json:
2539
+ schema:
2540
+ $ref: "#/components/schemas/ResetUsageForUserEmailResponse"
2541
+ "400":
2542
+ $ref: "#/components/responses/BadRequest"
2543
+ "403":
2544
+ $ref: "#/components/responses/Forbidden"
2545
+ "404":
2546
+ $ref: "#/components/responses/NotFound"
2547
+
2455
2548
  # ---------------------------------------------------------------------------
2456
2549
  # Health
2457
2550
  # ---------------------------------------------------------------------------
@@ -2591,6 +2684,42 @@ components:
2591
2684
  detail:
2592
2685
  type: string
2593
2686
 
2687
+ ResetUsageEventsResponse:
2688
+ type: object
2689
+ required: [deleted_events]
2690
+ properties:
2691
+ deleted_events:
2692
+ type: integer
2693
+ format: int64
2694
+ description: Number of usage_events rows removed
2695
+
2696
+ ResetUsageForUserEmailRequest:
2697
+ type: object
2698
+ required: [email]
2699
+ properties:
2700
+ email:
2701
+ type: string
2702
+ format: email
2703
+
2704
+ ResetUsageForUserEmailResponse:
2705
+ type: object
2706
+ required:
2707
+ [deleted_events, org_id, user_id, email, display_name]
2708
+ properties:
2709
+ deleted_events:
2710
+ type: integer
2711
+ format: int64
2712
+ org_id:
2713
+ type: string
2714
+ format: uuid
2715
+ user_id:
2716
+ type: string
2717
+ format: uuid
2718
+ email:
2719
+ type: string
2720
+ display_name:
2721
+ type: string
2722
+
2594
2723
  # --- Auth ---
2595
2724
 
2596
2725
  LoginRequest:
@@ -2692,6 +2821,35 @@ components:
2692
2821
  new_password:
2693
2822
  type: string
2694
2823
 
2824
+ ForgotPasswordRequest:
2825
+ type: object
2826
+ required: [email]
2827
+ properties:
2828
+ email:
2829
+ type: string
2830
+ format: email
2831
+
2832
+ ForgotPasswordResponse:
2833
+ type: object
2834
+ properties:
2835
+ message:
2836
+ type: string
2837
+
2838
+ ResetPasswordRequest:
2839
+ type: object
2840
+ required: [token, new_password]
2841
+ properties:
2842
+ token:
2843
+ type: string
2844
+ new_password:
2845
+ type: string
2846
+
2847
+ ResetPasswordResponse:
2848
+ type: object
2849
+ properties:
2850
+ message:
2851
+ type: string
2852
+
2695
2853
  # --- MFA ---
2696
2854
 
2697
2855
  MfaStatusResponse:
@@ -2744,10 +2902,14 @@ components:
2744
2902
 
2745
2903
  DeviceCodeRequest:
2746
2904
  type: object
2747
- required: [client_id]
2905
+ required: [client_id, email]
2748
2906
  properties:
2749
2907
  client_id:
2750
2908
  type: string
2909
+ email:
2910
+ type: string
2911
+ format: email
2912
+ description: Account email; only that user may approve the code in the dashboard.
2751
2913
 
2752
2914
  DeviceCodeResponse:
2753
2915
  type: object
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@1claw/openapi-spec",
3
- "version": "0.15.3",
3
+ "version": "0.16.1",
4
4
  "description": "OpenAPI 3.1.0 specification for the 1Claw Vault API — generate clients in any language",
5
5
  "license": "MIT",
6
6
  "repository": {