@1claw/openapi-spec 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +1 -1
  2. package/openapi.json +272 -8
  3. package/openapi.yaml +191 -9
  4. package/package.json +1 -1
package/README.md CHANGED
@@ -44,7 +44,7 @@ import spec from "@1claw/openapi-spec/openapi.json";
44
44
 
45
45
  - **Vaults** — CRUD, CMEK enable/disable, key rotation with job tracking
46
46
  - **Secrets** — CRUD, versioning, CMEK-encrypted flag
47
- - **Agents** — CRUD with `auth_method` (api_key, mtls, oidc_client_credentials), auto-generated SSH keypairs, `token_ttl_seconds`, `vault_ids`, crypto proxy, transaction guardrails
47
+ - **Agents** — CRUD with `auth_method` (api_key, mtls, oidc_client_credentials), auto-generated SSH keypairs, `token_ttl_seconds`, `vault_ids`, Intents API, transaction guardrails
48
48
  - **Policies** — Glob-based access control
49
49
  - **Sharing** — Links, user/agent shares, accept/decline
50
50
  - **Billing** — Subscriptions, credits, x402
package/openapi.json CHANGED
@@ -3,7 +3,7 @@
3
3
  "info": {
4
4
  "title": "1Claw API",
5
5
  "version": "2.1.0",
6
- "description": "Secure secret management for AI agents. Provides vaults, secrets,\npolicy-based access control, agent identity, crypto transaction proxy,\nsharing, billing, and audit logging.\n\nAll endpoints require JWT Bearer authentication unless marked with\n`security: []`.\n",
6
+ "description": "Secure secret management for AI agents. Provides vaults, secrets,\npolicy-based access control, agent identity, Intents API,\nsharing, billing, and audit logging.\n\nAll endpoints require JWT Bearer authentication unless marked with\n`security: []`.\n",
7
7
  "contact": {
8
8
  "email": "ops@1claw.xyz"
9
9
  }
@@ -50,7 +50,7 @@
50
50
  },
51
51
  {
52
52
  "name": "Transactions",
53
- "description": "Crypto transaction proxy (signing, simulation)"
53
+ "description": "Intents API (signing, simulation)"
54
54
  },
55
55
  {
56
56
  "name": "Chains",
@@ -389,6 +389,93 @@
389
389
  }
390
390
  }
391
391
  },
392
+ "/v1/auth/me": {
393
+ "get": {
394
+ "tags": [
395
+ "Authentication"
396
+ ],
397
+ "summary": "Get current user profile",
398
+ "operationId": "getMe",
399
+ "responses": {
400
+ "200": {
401
+ "description": "User profile",
402
+ "content": {
403
+ "application/json": {
404
+ "schema": {
405
+ "$ref": "#/components/schemas/UserProfileResponse"
406
+ }
407
+ }
408
+ }
409
+ }
410
+ }
411
+ },
412
+ "patch": {
413
+ "tags": [
414
+ "Authentication"
415
+ ],
416
+ "summary": "Update user profile",
417
+ "operationId": "updateMe",
418
+ "requestBody": {
419
+ "required": true,
420
+ "content": {
421
+ "application/json": {
422
+ "schema": {
423
+ "$ref": "#/components/schemas/UpdateProfileRequest"
424
+ }
425
+ }
426
+ }
427
+ },
428
+ "responses": {
429
+ "200": {
430
+ "description": "Profile updated",
431
+ "content": {
432
+ "application/json": {
433
+ "schema": {
434
+ "$ref": "#/components/schemas/UserProfileResponse"
435
+ }
436
+ }
437
+ }
438
+ },
439
+ "400": {
440
+ "$ref": "#/components/responses/BadRequest"
441
+ }
442
+ }
443
+ },
444
+ "delete": {
445
+ "tags": [
446
+ "Authentication"
447
+ ],
448
+ "summary": "Delete current user account",
449
+ "operationId": "deleteMe",
450
+ "requestBody": {
451
+ "required": true,
452
+ "content": {
453
+ "application/json": {
454
+ "schema": {
455
+ "type": "object",
456
+ "required": [
457
+ "confirmation"
458
+ ],
459
+ "properties": {
460
+ "confirmation": {
461
+ "type": "string",
462
+ "description": "Must be \"DELETE MY ACCOUNT\""
463
+ }
464
+ }
465
+ }
466
+ }
467
+ }
468
+ },
469
+ "responses": {
470
+ "204": {
471
+ "description": "Account deleted"
472
+ },
473
+ "400": {
474
+ "$ref": "#/components/responses/BadRequest"
475
+ }
476
+ }
477
+ }
478
+ },
392
479
  "/v1/auth/mfa/status": {
393
480
  "get": {
394
481
  "tags": [
@@ -1280,6 +1367,41 @@
1280
1367
  }
1281
1368
  }
1282
1369
  },
1370
+ "/v1/agents/enroll": {
1371
+ "post": {
1372
+ "tags": [
1373
+ "Agents"
1374
+ ],
1375
+ "summary": "Self-enroll an agent",
1376
+ "operationId": "enrollAgent",
1377
+ "description": "Public endpoint (no auth required). Creates an agent under the human's org\nand emails the credentials to the specified human email. The API key is NOT\nreturned in the response. Anti-spam: IP rate limiting + per-email cooldown.\n",
1378
+ "requestBody": {
1379
+ "required": true,
1380
+ "content": {
1381
+ "application/json": {
1382
+ "schema": {
1383
+ "$ref": "#/components/schemas/EnrollAgentRequest"
1384
+ }
1385
+ }
1386
+ }
1387
+ },
1388
+ "responses": {
1389
+ "201": {
1390
+ "description": "Enrollment processed (uniform response to prevent email enumeration)",
1391
+ "content": {
1392
+ "application/json": {
1393
+ "schema": {
1394
+ "$ref": "#/components/schemas/EnrollAgentResponse"
1395
+ }
1396
+ }
1397
+ }
1398
+ },
1399
+ "429": {
1400
+ "description": "Rate limit exceeded"
1401
+ }
1402
+ }
1403
+ }
1404
+ },
1283
1405
  "/v1/agents": {
1284
1406
  "post": {
1285
1407
  "tags": [
@@ -2854,6 +2976,48 @@
2854
2976
  }
2855
2977
  }
2856
2978
  },
2979
+ "/v1/admin/orgs/{org_id}/billing-tier": {
2980
+ "put": {
2981
+ "tags": [
2982
+ "Admin"
2983
+ ],
2984
+ "summary": "Set org billing tier (without Stripe)",
2985
+ "operationId": "adminSetBillingTier",
2986
+ "description": "Manually set an organization's billing tier to free, pro, or business.\nFor testing and manual upgrades — does not create a Stripe subscription.\nSetting to \"pro\" or \"business\" sets period_end to +1 year.\nSetting to \"free\" clears subscription data.\n",
2987
+ "parameters": [
2988
+ {
2989
+ "name": "org_id",
2990
+ "in": "path",
2991
+ "required": true,
2992
+ "schema": {
2993
+ "type": "string",
2994
+ "format": "uuid"
2995
+ }
2996
+ }
2997
+ ],
2998
+ "requestBody": {
2999
+ "required": true,
3000
+ "content": {
3001
+ "application/json": {
3002
+ "schema": {
3003
+ "$ref": "#/components/schemas/SetBillingTierRequest"
3004
+ }
3005
+ }
3006
+ }
3007
+ },
3008
+ "responses": {
3009
+ "200": {
3010
+ "description": "Billing tier updated"
3011
+ },
3012
+ "400": {
3013
+ "$ref": "#/components/responses/BadRequest"
3014
+ },
3015
+ "403": {
3016
+ "$ref": "#/components/responses/Forbidden"
3017
+ }
3018
+ }
3019
+ }
3020
+ },
2857
3021
  "/v1/health": {
2858
3022
  "get": {
2859
3023
  "tags": [
@@ -3343,6 +3507,51 @@
3343
3507
  }
3344
3508
  }
3345
3509
  },
3510
+ "UserProfileResponse": {
3511
+ "type": "object",
3512
+ "properties": {
3513
+ "id": {
3514
+ "type": "string",
3515
+ "format": "uuid"
3516
+ },
3517
+ "email": {
3518
+ "type": "string"
3519
+ },
3520
+ "display_name": {
3521
+ "type": "string"
3522
+ },
3523
+ "auth_method": {
3524
+ "type": "string"
3525
+ },
3526
+ "role": {
3527
+ "type": "string"
3528
+ },
3529
+ "email_verified": {
3530
+ "type": "boolean"
3531
+ },
3532
+ "marketing_emails": {
3533
+ "type": "boolean"
3534
+ },
3535
+ "totp_enabled": {
3536
+ "type": "boolean"
3537
+ },
3538
+ "created_at": {
3539
+ "type": "string",
3540
+ "format": "date-time"
3541
+ }
3542
+ }
3543
+ },
3544
+ "UpdateProfileRequest": {
3545
+ "type": "object",
3546
+ "properties": {
3547
+ "display_name": {
3548
+ "type": "string"
3549
+ },
3550
+ "marketing_emails": {
3551
+ "type": "boolean"
3552
+ }
3553
+ }
3554
+ },
3346
3555
  "CreateApiKeyRequest": {
3347
3556
  "type": "object",
3348
3557
  "required": [
@@ -3817,6 +4026,42 @@
3817
4026
  }
3818
4027
  }
3819
4028
  },
4029
+ "EnrollAgentRequest": {
4030
+ "type": "object",
4031
+ "required": [
4032
+ "name",
4033
+ "human_email"
4034
+ ],
4035
+ "properties": {
4036
+ "name": {
4037
+ "type": "string",
4038
+ "description": "Display name for the new agent"
4039
+ },
4040
+ "human_email": {
4041
+ "type": "string",
4042
+ "format": "email",
4043
+ "description": "Email of the human who will receive the agent credentials"
4044
+ },
4045
+ "description": {
4046
+ "type": "string",
4047
+ "description": "Optional agent description"
4048
+ }
4049
+ }
4050
+ },
4051
+ "EnrollAgentResponse": {
4052
+ "type": "object",
4053
+ "properties": {
4054
+ "agent_id": {
4055
+ "type": "string",
4056
+ "format": "uuid",
4057
+ "description": "UUID of the created agent (nil UUID when email not found — uniform response)"
4058
+ },
4059
+ "message": {
4060
+ "type": "string",
4061
+ "description": "Status message (always generic to prevent email enumeration)"
4062
+ }
4063
+ }
4064
+ },
3820
4065
  "CreateAgentRequest": {
3821
4066
  "type": "object",
3822
4067
  "required": [
@@ -3849,7 +4094,7 @@
3849
4094
  "type": "string",
3850
4095
  "format": "date-time"
3851
4096
  },
3852
- "crypto_proxy_enabled": {
4097
+ "intents_api_enabled": {
3853
4098
  "type": "boolean",
3854
4099
  "default": false
3855
4100
  },
@@ -3917,7 +4162,7 @@
3917
4162
  "type": "string",
3918
4163
  "format": "date-time"
3919
4164
  },
3920
- "crypto_proxy_enabled": {
4165
+ "intents_api_enabled": {
3921
4166
  "type": "boolean"
3922
4167
  },
3923
4168
  "tx_to_allowlist": {
@@ -3958,7 +4203,7 @@
3958
4203
  "name",
3959
4204
  "auth_method",
3960
4205
  "is_active",
3961
- "crypto_proxy_enabled",
4206
+ "intents_api_enabled",
3962
4207
  "created_at"
3963
4208
  ],
3964
4209
  "properties": {
@@ -3989,7 +4234,7 @@
3989
4234
  "is_active": {
3990
4235
  "type": "boolean"
3991
4236
  },
3992
- "crypto_proxy_enabled": {
4237
+ "intents_api_enabled": {
3993
4238
  "type": "boolean"
3994
4239
  },
3995
4240
  "tx_to_allowlist": {
@@ -4081,7 +4326,7 @@
4081
4326
  "is_active": {
4082
4327
  "type": "boolean"
4083
4328
  },
4084
- "crypto_proxy_enabled": {
4329
+ "intents_api_enabled": {
4085
4330
  "type": "boolean"
4086
4331
  },
4087
4332
  "created_by": {
@@ -4930,7 +5175,7 @@
4930
5175
  "team_members": {
4931
5176
  "$ref": "#/components/schemas/UsageMeter"
4932
5177
  },
4933
- "proxy_transactions": {
5178
+ "intent_transactions": {
4934
5179
  "$ref": "#/components/schemas/UsageMeter"
4935
5180
  },
4936
5181
  "shares": {
@@ -5233,6 +5478,9 @@
5233
5478
  "org_name": {
5234
5479
  "type": "string"
5235
5480
  },
5481
+ "billing_tier": {
5482
+ "type": "string"
5483
+ },
5236
5484
  "created_at": {
5237
5485
  "type": "string",
5238
5486
  "format": "date-time"
@@ -5280,6 +5528,22 @@
5280
5528
  }
5281
5529
  }
5282
5530
  },
5531
+ "SetBillingTierRequest": {
5532
+ "type": "object",
5533
+ "required": [
5534
+ "tier"
5535
+ ],
5536
+ "properties": {
5537
+ "tier": {
5538
+ "type": "string",
5539
+ "enum": [
5540
+ "free",
5541
+ "pro",
5542
+ "business"
5543
+ ]
5544
+ }
5545
+ }
5546
+ },
5283
5547
  "PaymentRequirement": {
5284
5548
  "type": "object",
5285
5549
  "properties": {
package/openapi.yaml CHANGED
@@ -5,7 +5,7 @@ info:
5
5
  version: 2.1.0
6
6
  description: |
7
7
  Secure secret management for AI agents. Provides vaults, secrets,
8
- policy-based access control, agent identity, crypto transaction proxy,
8
+ policy-based access control, agent identity, Intents API,
9
9
  sharing, billing, and audit logging.
10
10
 
11
11
  All endpoints require JWT Bearer authentication unless marked with
@@ -36,7 +36,7 @@ tags:
36
36
  - name: Agents
37
37
  description: Agent identity and key management
38
38
  - name: Transactions
39
- description: Crypto transaction proxy (signing, simulation)
39
+ description: Intents API (signing, simulation)
40
40
  - name: Chains
41
41
  description: Blockchain chain registry
42
42
  - name: Sharing
@@ -252,6 +252,58 @@ paths:
252
252
  "400":
253
253
  $ref: "#/components/responses/BadRequest"
254
254
 
255
+ /v1/auth/me:
256
+ get:
257
+ tags: [Authentication]
258
+ summary: Get current user profile
259
+ operationId: getMe
260
+ responses:
261
+ "200":
262
+ description: User profile
263
+ content:
264
+ application/json:
265
+ schema:
266
+ $ref: "#/components/schemas/UserProfileResponse"
267
+ patch:
268
+ tags: [Authentication]
269
+ summary: Update user profile
270
+ operationId: updateMe
271
+ requestBody:
272
+ required: true
273
+ content:
274
+ application/json:
275
+ schema:
276
+ $ref: "#/components/schemas/UpdateProfileRequest"
277
+ responses:
278
+ "200":
279
+ description: Profile updated
280
+ content:
281
+ application/json:
282
+ schema:
283
+ $ref: "#/components/schemas/UserProfileResponse"
284
+ "400":
285
+ $ref: "#/components/responses/BadRequest"
286
+ delete:
287
+ tags: [Authentication]
288
+ summary: Delete current user account
289
+ operationId: deleteMe
290
+ requestBody:
291
+ required: true
292
+ content:
293
+ application/json:
294
+ schema:
295
+ type: object
296
+ required: [confirmation]
297
+ properties:
298
+ confirmation:
299
+ type: string
300
+ description: Must be "DELETE MY ACCOUNT"
301
+ responses:
302
+ "204":
303
+ description: Account deleted
304
+ "400":
305
+ $ref: "#/components/responses/BadRequest"
306
+
255
307
  # MFA
256
308
 
257
309
  /v1/auth/mfa/status:
@@ -816,6 +868,35 @@ paths:
816
868
  "404":
817
869
  $ref: "#/components/responses/NotFound"
818
870
 
871
+ # ---------------------------------------------------------------------------
872
+ # Agent Self-Enrollment (public)
873
+ # ---------------------------------------------------------------------------
874
+
875
+ /v1/agents/enroll:
876
+ post:
877
+ tags: [Agents]
878
+ summary: Self-enroll an agent
879
+ operationId: enrollAgent
880
+ description: |
881
+ Public endpoint (no auth required). Creates an agent under the human's org
882
+ and emails the credentials to the specified human email. The API key is NOT
883
+ returned in the response. Anti-spam: IP rate limiting + per-email cooldown.
884
+ requestBody:
885
+ required: true
886
+ content:
887
+ application/json:
888
+ schema:
889
+ $ref: "#/components/schemas/EnrollAgentRequest"
890
+ responses:
891
+ "201":
892
+ description: Enrollment processed (uniform response to prevent email enumeration)
893
+ content:
894
+ application/json:
895
+ schema:
896
+ $ref: "#/components/schemas/EnrollAgentResponse"
897
+ "429":
898
+ description: Rate limit exceeded
899
+
819
900
  # ---------------------------------------------------------------------------
820
901
  # Agents
821
902
  # ---------------------------------------------------------------------------
@@ -934,7 +1015,7 @@ paths:
934
1015
  $ref: "#/components/responses/NotFound"
935
1016
 
936
1017
  # ---------------------------------------------------------------------------
937
- # Transactions (Crypto Proxy)
1018
+ # Transactions (Intents API)
938
1019
  # ---------------------------------------------------------------------------
939
1020
 
940
1021
  /v1/agents/{agent_id}/transactions:
@@ -1814,6 +1895,37 @@ paths:
1814
1895
  schema:
1815
1896
  $ref: "#/components/schemas/OrgLimitsResponse"
1816
1897
 
1898
+ /v1/admin/orgs/{org_id}/billing-tier:
1899
+ put:
1900
+ tags: [Admin]
1901
+ summary: Set org billing tier (without Stripe)
1902
+ operationId: adminSetBillingTier
1903
+ description: |
1904
+ Manually set an organization's billing tier to free, pro, or business.
1905
+ For testing and manual upgrades — does not create a Stripe subscription.
1906
+ Setting to "pro" or "business" sets period_end to +1 year.
1907
+ Setting to "free" clears subscription data.
1908
+ parameters:
1909
+ - name: org_id
1910
+ in: path
1911
+ required: true
1912
+ schema:
1913
+ type: string
1914
+ format: uuid
1915
+ requestBody:
1916
+ required: true
1917
+ content:
1918
+ application/json:
1919
+ schema:
1920
+ $ref: "#/components/schemas/SetBillingTierRequest"
1921
+ responses:
1922
+ "200":
1923
+ description: Billing tier updated
1924
+ "400":
1925
+ $ref: "#/components/responses/BadRequest"
1926
+ "403":
1927
+ $ref: "#/components/responses/Forbidden"
1928
+
1817
1929
  # ---------------------------------------------------------------------------
1818
1930
  # Health
1819
1931
  # ---------------------------------------------------------------------------
@@ -2159,6 +2271,38 @@ components:
2159
2271
  user_code:
2160
2272
  type: string
2161
2273
 
2274
+ UserProfileResponse:
2275
+ type: object
2276
+ properties:
2277
+ id:
2278
+ type: string
2279
+ format: uuid
2280
+ email:
2281
+ type: string
2282
+ display_name:
2283
+ type: string
2284
+ auth_method:
2285
+ type: string
2286
+ role:
2287
+ type: string
2288
+ email_verified:
2289
+ type: boolean
2290
+ marketing_emails:
2291
+ type: boolean
2292
+ totp_enabled:
2293
+ type: boolean
2294
+ created_at:
2295
+ type: string
2296
+ format: date-time
2297
+
2298
+ UpdateProfileRequest:
2299
+ type: object
2300
+ properties:
2301
+ display_name:
2302
+ type: string
2303
+ marketing_emails:
2304
+ type: boolean
2305
+
2162
2306
  # --- API Keys ---
2163
2307
 
2164
2308
  CreateApiKeyRequest:
@@ -2478,6 +2622,34 @@ components:
2478
2622
  items:
2479
2623
  $ref: "#/components/schemas/PolicyResponse"
2480
2624
 
2625
+ # --- Agent Enrollment ---
2626
+
2627
+ EnrollAgentRequest:
2628
+ type: object
2629
+ required: [name, human_email]
2630
+ properties:
2631
+ name:
2632
+ type: string
2633
+ description: Display name for the new agent
2634
+ human_email:
2635
+ type: string
2636
+ format: email
2637
+ description: Email of the human who will receive the agent credentials
2638
+ description:
2639
+ type: string
2640
+ description: Optional agent description
2641
+
2642
+ EnrollAgentResponse:
2643
+ type: object
2644
+ properties:
2645
+ agent_id:
2646
+ type: string
2647
+ format: uuid
2648
+ description: UUID of the created agent (nil UUID when email not found — uniform response)
2649
+ message:
2650
+ type: string
2651
+ description: Status message (always generic to prevent email enumeration)
2652
+
2481
2653
  # --- Agents ---
2482
2654
 
2483
2655
  CreateAgentRequest:
@@ -2500,7 +2672,7 @@ components:
2500
2672
  expires_at:
2501
2673
  type: string
2502
2674
  format: date-time
2503
- crypto_proxy_enabled:
2675
+ intents_api_enabled:
2504
2676
  type: boolean
2505
2677
  default: false
2506
2678
  tx_to_allowlist:
@@ -2549,7 +2721,7 @@ components:
2549
2721
  expires_at:
2550
2722
  type: string
2551
2723
  format: date-time
2552
- crypto_proxy_enabled:
2724
+ intents_api_enabled:
2553
2725
  type: boolean
2554
2726
  tx_to_allowlist:
2555
2727
  type: array
@@ -2574,7 +2746,7 @@ components:
2574
2746
 
2575
2747
  AgentResponse:
2576
2748
  type: object
2577
- required: [id, name, auth_method, is_active, crypto_proxy_enabled, created_at]
2749
+ required: [id, name, auth_method, is_active, intents_api_enabled, created_at]
2578
2750
  properties:
2579
2751
  id:
2580
2752
  type: string
@@ -2592,7 +2764,7 @@ components:
2592
2764
  type: string
2593
2765
  is_active:
2594
2766
  type: boolean
2595
- crypto_proxy_enabled:
2767
+ intents_api_enabled:
2596
2768
  type: boolean
2597
2769
  tx_to_allowlist:
2598
2770
  type: array
@@ -2658,7 +2830,7 @@ components:
2658
2830
  type: string
2659
2831
  is_active:
2660
2832
  type: boolean
2661
- crypto_proxy_enabled:
2833
+ intents_api_enabled:
2662
2834
  type: boolean
2663
2835
  created_by:
2664
2836
  type: string
@@ -3242,7 +3414,7 @@ components:
3242
3414
  $ref: "#/components/schemas/UsageMeter"
3243
3415
  team_members:
3244
3416
  $ref: "#/components/schemas/UsageMeter"
3245
- proxy_transactions:
3417
+ intent_transactions:
3246
3418
  $ref: "#/components/schemas/UsageMeter"
3247
3419
  shares:
3248
3420
  $ref: "#/components/schemas/UsageMeter"
@@ -3459,6 +3631,8 @@ components:
3459
3631
  format: uuid
3460
3632
  org_name:
3461
3633
  type: string
3634
+ billing_tier:
3635
+ type: string
3462
3636
  created_at:
3463
3637
  type: string
3464
3638
  format: date-time
@@ -3490,6 +3664,14 @@ components:
3490
3664
  is_sponsored:
3491
3665
  type: boolean
3492
3666
 
3667
+ SetBillingTierRequest:
3668
+ type: object
3669
+ required: [tier]
3670
+ properties:
3671
+ tier:
3672
+ type: string
3673
+ enum: [free, pro, business]
3674
+
3493
3675
  # --- x402 ---
3494
3676
 
3495
3677
  PaymentRequirement:
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@1claw/openapi-spec",
3
- "version": "0.4.0",
3
+ "version": "0.5.0",
4
4
  "description": "OpenAPI 3.1.0 specification for the 1Claw Vault API — generate clients in any language",
5
5
  "license": "PolyForm-Noncommercial-1.0.0",
6
6
  "repository": {