@company-semantics/contracts 0.117.0 → 0.119.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/package.json +1 -1
  2. package/src/api/generated.ts +449 -350
  3. package/src/chat/index.ts +16 -0
  4. package/src/chat/schemas.ts +40 -0
  5. package/src/chat/types.ts +32 -0
  6. package/src/identity/index.ts +4 -0
  7. package/src/identity/schemas.ts +139 -0
  8. package/src/index.ts +15 -0
package/src/api/generated.ts CHANGED
@@ -56,13 +56,8 @@ export interface paths {
56
56
  };
57
57
  get?: never;
58
58
  put?: never;
59
- /**
60
- * Start passwordless auth flow
61
- * @description Initiates passwordless authentication by generating and sending an OTP to the provided email.
62
- * Rate limited per email (3/15min) and per IP (20/hour).
63
- * If the user's org requires SSO, returns SSO_REQUIRED error with redirect info.
64
- */
65
- post: operations["startAuth"];
59
+ /** Start passwordless auth flow */
60
+ post: operations["authStart"];
66
61
  delete?: never;
67
62
  options?: never;
68
63
  head?: never;
@@ -78,12 +73,7 @@ export interface paths {
78
73
  };
79
74
  get?: never;
80
75
  put?: never;
81
- /**
82
- * Verify OTP and create session
83
- * @description Verifies the OTP code and creates a session.
84
- * Sets an httpOnly session cookie on success.
85
- * Rate limited per email (5/10min) and per IP (20/hour).
86
- */
76
+ /** Verify OTP and create session */
87
77
  post: operations["verifyAuth"];
88
78
  delete?: never;
89
79
  options?: never;
@@ -100,12 +90,7 @@ export interface paths {
100
90
  };
101
91
  get?: never;
102
92
  put?: never;
103
- /**
104
- * Revoke session and clear cookie
105
- * @description Revokes the current session and clears the session cookie.
106
- * Safe to call without auth (clears cookie regardless).
107
- * Requires X-Requested-With header for CSRF protection.
108
- */
93
+ /** Revoke session and clear cookie */
109
94
  post: operations["logout"];
110
95
  delete?: never;
111
96
  options?: never;
@@ -120,11 +105,7 @@ export interface paths {
120
105
  path?: never;
121
106
  cookie?: never;
122
107
  };
123
- /**
124
- * Get current authenticated user
125
- * @description Returns the current user's authentication info.
126
- * Requires valid session cookie.
127
- */
108
+ /** Get current authenticated user */
128
109
  get: operations["getAuthMe"];
129
110
  put?: never;
130
111
  post?: never;
@@ -141,11 +122,7 @@ export interface paths {
141
122
  path?: never;
142
123
  cookie?: never;
143
124
  };
144
- /**
145
- * Initiate SSO flow for organization
146
- * @description Initiates SSO flow for an organization.
147
- * Validates org exists and has SSO configured, generates state token, and redirects to IdP.
148
- */
125
+ /** Initiate SSO flow for organization */
149
126
  get: operations["initiateSso"];
150
127
  put?: never;
151
128
  post?: never;
@@ -162,20 +139,10 @@ export interface paths {
162
139
  path?: never;
163
140
  cookie?: never;
164
141
  };
165
- /**
166
- * OIDC callback endpoint
167
- * @description Handles OIDC callback from identity providers.
168
- * Validates state, exchanges code for tokens, creates session.
169
- * Redirects to return URL or login page on error.
170
- */
142
+ /** OIDC callback endpoint */
171
143
  get: operations["handleOidcCallback"];
172
144
  put?: never;
173
- /**
174
- * SAML callback endpoint
175
- * @description Handles SAML callback from identity providers.
176
- * Validates RelayState, processes SAML assertion, creates session.
177
- * Redirects to return URL or login page on error.
178
- */
145
+ /** SAML callback endpoint */
179
146
  post: operations["handleSamlCallback"];
180
147
  delete?: never;
181
148
  options?: never;
@@ -190,11 +157,7 @@ export interface paths {
190
157
  path?: never;
191
158
  cookie?: never;
192
159
  };
193
- /**
194
- * Get current user and org context
195
- * @description Returns the current user's identity fields and organization context.
196
- * Identity is resolved via request context (DEV_ORG_ID in dev, session in production).
197
- */
160
+ /** Get current user and org context */
198
161
  get: operations["getCurrentUser"];
199
162
  put?: never;
200
163
  post?: never;
@@ -217,12 +180,7 @@ export interface paths {
217
180
  delete?: never;
218
181
  options?: never;
219
182
  head?: never;
220
- /**
221
- * Update current user's profile
222
- * @description Updates the current user's name fields.
223
- * At least one field must be provided.
224
- * displayName is computed at read time and cannot be set directly.
225
- */
183
+ /** Update current user profile */
226
184
  patch: operations["updateUserProfile"];
227
185
  trace?: never;
228
186
  };
@@ -317,11 +275,7 @@ export interface paths {
317
275
  };
318
276
  get?: never;
319
277
  put?: never;
320
- /**
321
- * Resync user avatar from Slack
322
- * @description Manually resync the current user's avatar from their Slack profile.
323
- * Requires user to have a linked Slack identity and the org to have an active Slack connection.
324
- */
278
+ /** Resync Slack avatar */
325
279
  post: operations["resyncSlackAvatar"];
326
280
  delete?: never;
327
281
  options?: never;
@@ -336,11 +290,7 @@ export interface paths {
336
290
  path?: never;
337
291
  cookie?: never;
338
292
  };
339
- /**
340
- * Initiate OAuth flow
341
- * @description Creates a pending connection and redirects to the OAuth provider's consent screen.
342
- * Replaces raw OAuth URLs with first-party redirect for trust and tracking.
343
- */
293
+ /** Initiate OAuth flow */
344
294
  get: operations["initiateOAuth"];
345
295
  put?: never;
346
296
  post?: never;
@@ -357,12 +307,7 @@ export interface paths {
357
307
  path?: never;
358
308
  cookie?: never;
359
309
  };
360
- /**
361
- * OAuth callback handler
362
- * @description Handles the OAuth callback from providers.
363
- * Verifies state, exchanges code for tokens, stores encrypted tokens.
364
- * Returns HTML success or error page.
365
- */
310
+ /** OAuth callback handler */
366
311
  get: operations["handleOAuthCallback"];
367
312
  put?: never;
368
313
  post?: never;
@@ -1893,6 +1838,70 @@ export interface paths {
1893
1838
  patch?: never;
1894
1839
  trace?: never;
1895
1840
  };
1841
+ "/api/company-md/context-bank": {
1842
+ parameters: {
1843
+ query?: never;
1844
+ header?: never;
1845
+ path?: never;
1846
+ cookie?: never;
1847
+ };
1848
+ get?: never;
1849
+ put?: never;
1850
+ /**
1851
+ * Create a new context bank doc and associate with parent
1852
+ * @description Creates a new context doc (level=context) and associates it with the
1853
+ * given parent doc. Requires org.view_company_md capability.
1854
+ */
1855
+ post: operations["createCompanyMdContextDoc"];
1856
+ delete?: never;
1857
+ options?: never;
1858
+ head?: never;
1859
+ patch?: never;
1860
+ trace?: never;
1861
+ };
1862
+ "/api/company-md/docs/{slug}/context-bank/associate": {
1863
+ parameters: {
1864
+ query?: never;
1865
+ header?: never;
1866
+ path?: never;
1867
+ cookie?: never;
1868
+ };
1869
+ get?: never;
1870
+ put?: never;
1871
+ /**
1872
+ * Associate an existing context doc with a parent doc
1873
+ * @description Associates an existing context doc with the given parent doc.
1874
+ * Returns 409 if the association already exists.
1875
+ * Requires org.view_company_md capability.
1876
+ */
1877
+ post: operations["associateCompanyMdContextDoc"];
1878
+ delete?: never;
1879
+ options?: never;
1880
+ head?: never;
1881
+ patch?: never;
1882
+ trace?: never;
1883
+ };
1884
+ "/api/company-md/docs/{slug}/context-bank/{contextDocSlug}": {
1885
+ parameters: {
1886
+ query?: never;
1887
+ header?: never;
1888
+ path?: never;
1889
+ cookie?: never;
1890
+ };
1891
+ get?: never;
1892
+ put?: never;
1893
+ post?: never;
1894
+ /**
1895
+ * Remove a context bank association
1896
+ * @description Removes the association between a context doc and its parent doc.
1897
+ * Requires org.view_company_md capability.
1898
+ */
1899
+ delete: operations["removeCompanyMdContextAssociation"];
1900
+ options?: never;
1901
+ head?: never;
1902
+ patch?: never;
1903
+ trace?: never;
1904
+ };
1896
1905
  "/api/company-md/docs/{slug}/sharing": {
1897
1906
  parameters: {
1898
1907
  query?: never;
@@ -2006,6 +2015,50 @@ export interface paths {
2006
2015
  patch?: never;
2007
2016
  trace?: never;
2008
2017
  };
2018
+ "/api/company-md/settings": {
2019
+ parameters: {
2020
+ query?: never;
2021
+ header?: never;
2022
+ path?: never;
2023
+ cookie?: never;
2024
+ };
2025
+ /**
2026
+ * Get company.md settings for the authenticated org
2027
+ * @description Returns CompanyMdSettings with merged defaults. The root label defaults
2028
+ * to the org name; department and team use system defaults if not customized.
2029
+ * Requires org.view_company_md capability.
2030
+ */
2031
+ get: operations["getCompanyMdSettings"];
2032
+ put?: never;
2033
+ post?: never;
2034
+ delete?: never;
2035
+ options?: never;
2036
+ head?: never;
2037
+ patch?: never;
2038
+ trace?: never;
2039
+ };
2040
+ "/api/company-md/settings/level-labels": {
2041
+ parameters: {
2042
+ query?: never;
2043
+ header?: never;
2044
+ path?: never;
2045
+ cookie?: never;
2046
+ };
2047
+ get?: never;
2048
+ /**
2049
+ * Update company.md level labels for the authenticated org
2050
+ * @description Accepts a partial CompanyMdLevelLabels object. Only provided fields are updated;
2051
+ * unspecified fields retain their current values. Returns the full updated
2052
+ * CompanyMdSettings. Requires org.manage_company_md capability (org owner/admin).
2053
+ */
2054
+ put: operations["updateCompanyMdLevelLabels"];
2055
+ post?: never;
2056
+ delete?: never;
2057
+ options?: never;
2058
+ head?: never;
2059
+ patch?: never;
2060
+ trace?: never;
2061
+ };
2009
2062
  "/api/teams": {
2010
2063
  parameters: {
2011
2064
  query?: never;
@@ -2244,46 +2297,45 @@ export interface components {
2244
2297
  MeResponse: {
2245
2298
  /** Format: uuid */
2246
2299
  userId: string;
2247
- /** Format: email */
2248
2300
  email: string;
2249
2301
  fullName: string;
2250
- preferredName?: string | null;
2251
- /** @description Computed at read time (preferredName ?? fullName) */
2302
+ preferredName: string | null;
2252
2303
  displayName: string;
2253
2304
  /** @enum {string} */
2254
2305
  nameSource: "self" | "sso";
2255
2306
  nameEditable: boolean;
2256
2307
  primaryDepartmentId: string | null;
2257
2308
  slackUserId: string | null;
2258
- avatar: components["schemas"]["ResolvedAvatar"];
2309
+ avatar: {
2310
+ /** @enum {string} */
2311
+ source: "slack" | "initials";
2312
+ url?: string;
2313
+ initials: string;
2314
+ };
2259
2315
  /** Format: uuid */
2260
2316
  orgId: string;
2261
2317
  orgName: string | null;
2262
2318
  orgSlug: string;
2263
- /** @enum {string} */
2264
- plan: "free" | "pro" | "enterprise";
2319
+ plan: string;
2265
2320
  hasMultipleOrgs: boolean;
2266
2321
  isInternalAdmin: boolean;
2267
2322
  };
2268
- /** @description At least one field must be provided */
2269
2323
  ProfileUpdateRequest: {
2270
- firstName?: string;
2271
- lastName?: string | null;
2272
2324
  fullName?: string;
2273
- /** @description Cannot contain control characters, newlines, or quotes */
2274
2325
  preferredName?: string | null;
2326
+ primaryDepartmentId?: string | null;
2275
2327
  };
2276
2328
  ProfileUpdateResponse: {
2277
2329
  /** @constant */
2278
2330
  success: true;
2279
2331
  user: {
2280
- /** Format: uuid */
2281
2332
  id: string;
2282
- firstName: string;
2283
- lastName?: string | null;
2284
2333
  fullName: string;
2285
- preferredName?: string | null;
2334
+ preferredName: string | null;
2286
2335
  displayName: string;
2336
+ /** @enum {string} */
2337
+ nameSource: "self" | "sso";
2338
+ primaryDepartmentId: string | null;
2287
2339
  };
2288
2340
  };
2289
2341
  ResyncSlackLogoResponse: {
@@ -2387,6 +2439,25 @@ export interface components {
2387
2439
  /** @enum {string} */
2388
2440
  visibility: "standard" | "admin";
2389
2441
  };
2442
+ CompanyMdLevelLabels: {
2443
+ /** @description Label for the root level (defaults to org name) */
2444
+ root: string;
2445
+ /** @description Label for the department level */
2446
+ department: string;
2447
+ /** @description Label for the team level */
2448
+ team: string;
2449
+ };
2450
+ CompanyMdSettings: {
2451
+ levelLabels: components["schemas"]["CompanyMdLevelLabels"];
2452
+ };
2453
+ UpdateCompanyMdLevelLabelsRequest: {
2454
+ /** @description Label for the root level */
2455
+ root?: string;
2456
+ /** @description Label for the department level */
2457
+ department?: string;
2458
+ /** @description Label for the team level */
2459
+ team?: string;
2460
+ };
2390
2461
  ChatRequest: {
2391
2462
  messages: Record<string, never>[];
2392
2463
  };
@@ -2779,25 +2850,47 @@ export interface components {
2779
2850
  truncated: boolean;
2780
2851
  };
2781
2852
  AuthStartRequest: {
2782
- /**
2783
- * Format: email
2784
- * @description Email address for OTP delivery
2785
- */
2853
+ /** Format: email */
2786
2854
  email: string;
2787
2855
  };
2788
2856
  AuthStartResponse: {
2789
2857
  /** @constant */
2790
- ok: true;
2858
+ mode: "otp";
2859
+ devOtp?: string;
2860
+ } | {
2861
+ /** @constant */
2862
+ mode: "sso";
2863
+ providers: string[];
2864
+ redirectUrl: string;
2865
+ } | {
2866
+ /** @constant */
2867
+ mode: "hybrid";
2868
+ providers: string[];
2869
+ redirectUrl: string;
2870
+ /** @constant */
2871
+ otpAllowed: true;
2872
+ devOtp?: string;
2791
2873
  };
2792
2874
  AuthVerifyRequest: {
2793
2875
  /** Format: email */
2794
2876
  email: string;
2795
- /** @description 6-digit OTP code */
2796
2877
  code: string;
2878
+ inviteToken?: string;
2797
2879
  };
2798
2880
  AuthVerifyResponse: {
2881
+ /** @constant */
2882
+ success: true;
2883
+ /** @constant */
2884
+ ok: true;
2885
+ } | {
2886
+ /** @constant */
2887
+ success: true;
2799
2888
  /** @constant */
2800
2889
  ok: true;
2890
+ /** @constant */
2891
+ acceptedInvite: true;
2892
+ orgId: string;
2893
+ role: string;
2801
2894
  };
2802
2895
  OkResponse: {
2803
2896
  /** @constant */
@@ -2825,9 +2918,7 @@ export interface components {
2825
2918
  orgSlug: string;
2826
2919
  };
2827
2920
  SamlCallbackRequest: {
2828
- /** @description Base64-encoded SAML assertion */
2829
2921
  SAMLResponse: string;
2830
- /** @description State token for CSRF protection */
2831
2922
  RelayState: string;
2832
2923
  };
2833
2924
  InitiateTransferRequest: {
@@ -3282,6 +3373,12 @@ export interface components {
3282
3373
  /** @description Organization name (present when invite is valid) */
3283
3374
  orgName?: string;
3284
3375
  };
3376
+ LogoutResponse: {
3377
+ /** @constant */
3378
+ success: true;
3379
+ /** @constant */
3380
+ ok: true;
3381
+ };
3285
3382
  };
3286
3383
  responses: never;
3287
3384
  parameters: never;
@@ -3331,7 +3428,7 @@ export interface operations {
3331
3428
  };
3332
3429
  };
3333
3430
  };
3334
- startAuth: {
3431
+ authStart: {
3335
3432
  parameters: {
3336
3433
  query?: never;
3337
3434
  header?: never;
@@ -3344,7 +3441,7 @@ export interface operations {
3344
3441
  };
3345
3442
  };
3346
3443
  responses: {
3347
- /** @description OTP sent successfully */
3444
+ /** @description Auth mode resolved; OTP sent when applicable */
3348
3445
  200: {
3349
3446
  headers: {
3350
3447
  [name: string]: unknown;
@@ -3353,33 +3450,6 @@ export interface operations {
3353
3450
  "application/json": components["schemas"]["AuthStartResponse"];
3354
3451
  };
3355
3452
  };
3356
- /** @description Validation error (invalid email format) */
3357
- 400: {
3358
- headers: {
3359
- [name: string]: unknown;
3360
- };
3361
- content: {
3362
- "application/json": components["schemas"]["ErrorResponse"];
3363
- };
3364
- };
3365
- /** @description SSO required for this user's organization */
3366
- 409: {
3367
- headers: {
3368
- [name: string]: unknown;
3369
- };
3370
- content: {
3371
- "application/json": components["schemas"]["SSORequiredErrorResponse"];
3372
- };
3373
- };
3374
- /** @description Rate limit exceeded */
3375
- 429: {
3376
- headers: {
3377
- [name: string]: unknown;
3378
- };
3379
- content: {
3380
- "application/json": components["schemas"]["ErrorResponse"];
3381
- };
3382
- };
3383
3453
  };
3384
3454
  };
3385
3455
  verifyAuth: {
@@ -3395,7 +3465,7 @@ export interface operations {
3395
3465
  };
3396
3466
  };
3397
3467
  responses: {
3398
- /** @description Authentication successful, session cookie set */
3468
+ /** @description Session created; cookie set */
3399
3469
  200: {
3400
3470
  headers: {
3401
3471
  [name: string]: unknown;
@@ -3404,24 +3474,6 @@ export interface operations {
3404
3474
  "application/json": components["schemas"]["AuthVerifyResponse"];
3405
3475
  };
3406
3476
  };
3407
- /** @description Validation error or invalid/expired OTP */
3408
- 400: {
3409
- headers: {
3410
- [name: string]: unknown;
3411
- };
3412
- content: {
3413
- "application/json": components["schemas"]["OTPErrorResponse"];
3414
- };
3415
- };
3416
- /** @description Rate limit exceeded */
3417
- 429: {
3418
- headers: {
3419
- [name: string]: unknown;
3420
- };
3421
- content: {
3422
- "application/json": components["schemas"]["ErrorResponse"];
3423
- };
3424
- };
3425
3477
  };
3426
3478
  };
3427
3479
  logout: {
@@ -3433,22 +3485,13 @@ export interface operations {
3433
3485
  };
3434
3486
  requestBody?: never;
3435
3487
  responses: {
3436
- /** @description Session revoked successfully */
3488
+ /** @description Session revoked; cookie cleared */
3437
3489
  200: {
3438
3490
  headers: {
3439
3491
  [name: string]: unknown;
3440
3492
  };
3441
3493
  content: {
3442
- "application/json": components["schemas"]["OkResponse"];
3443
- };
3444
- };
3445
- /** @description Missing CSRF header */
3446
- 403: {
3447
- headers: {
3448
- [name: string]: unknown;
3449
- };
3450
- content: {
3451
- "application/json": components["schemas"]["ErrorResponse"];
3494
+ "application/json": components["schemas"]["LogoutResponse"];
3452
3495
  };
3453
3496
  };
3454
3497
  };
@@ -3467,32 +3510,17 @@ export interface operations {
3467
3510
  headers: {
3468
3511
  [name: string]: unknown;
3469
3512
  };
3470
- content: {
3471
- "application/json": components["schemas"]["AuthMeResponse"];
3472
- };
3473
- };
3474
- /** @description Not authenticated */
3475
- 401: {
3476
- headers: {
3477
- [name: string]: unknown;
3478
- };
3479
- content: {
3480
- "application/json": components["schemas"]["ErrorResponse"];
3481
- };
3513
+ content?: never;
3482
3514
  };
3483
3515
  };
3484
3516
  };
3485
3517
  initiateSso: {
3486
3518
  parameters: {
3487
3519
  query?: {
3488
- /** @description URL to redirect after successful auth (validated against allowlist) */
3489
3520
  return_to?: string;
3490
3521
  };
3491
3522
  header?: never;
3492
- path: {
3493
- /** @description Organization slug */
3494
- orgSlug: string;
3495
- };
3523
+ path?: never;
3496
3524
  cookie?: never;
3497
3525
  };
3498
3526
  requestBody?: never;
@@ -3500,42 +3528,18 @@ export interface operations {
3500
3528
  /** @description Redirect to identity provider */
3501
3529
  302: {
3502
3530
  headers: {
3503
- /** @description Identity provider authorization URL */
3504
- Location?: string;
3505
3531
  [name: string]: unknown;
3506
3532
  };
3507
3533
  content?: never;
3508
3534
  };
3509
- /** @description SSO not configured for organization */
3510
- 400: {
3511
- headers: {
3512
- [name: string]: unknown;
3513
- };
3514
- content: {
3515
- "application/json": components["schemas"]["ErrorResponse"];
3516
- };
3517
- };
3518
- /** @description Organization not found */
3519
- 404: {
3520
- headers: {
3521
- [name: string]: unknown;
3522
- };
3523
- content: {
3524
- "application/json": components["schemas"]["ErrorResponse"];
3525
- };
3526
- };
3527
3535
  };
3528
3536
  };
3529
3537
  handleOidcCallback: {
3530
3538
  parameters: {
3531
3539
  query?: {
3532
- /** @description Authorization code from IdP */
3533
3540
  code?: string;
3534
- /** @description State token for CSRF protection */
3535
3541
  state?: string;
3536
- /** @description Error code if auth failed at IdP */
3537
3542
  error?: string;
3538
- /** @description Human-readable error description */
3539
3543
  error_description?: string;
3540
3544
  };
3541
3545
  header?: never;
@@ -3547,20 +3551,10 @@ export interface operations {
3547
3551
  /** @description Redirect to return URL or login page */
3548
3552
  302: {
3549
3553
  headers: {
3550
- Location?: string;
3551
3554
  [name: string]: unknown;
3552
3555
  };
3553
3556
  content?: never;
3554
3557
  };
3555
- /** @description Invalid callback parameters */
3556
- 400: {
3557
- headers: {
3558
- [name: string]: unknown;
3559
- };
3560
- content: {
3561
- "application/json": components["schemas"]["ErrorResponse"];
3562
- };
3563
- };
3564
3558
  };
3565
3559
  };
3566
3560
  handleSamlCallback: {
@@ -3579,20 +3573,10 @@ export interface operations {
3579
3573
  /** @description Redirect to return URL or login page */
3580
3574
  302: {
3581
3575
  headers: {
3582
- Location?: string;
3583
3576
  [name: string]: unknown;
3584
3577
  };
3585
3578
  content?: never;
3586
3579
  };
3587
- /** @description Invalid callback parameters */
3588
- 400: {
3589
- headers: {
3590
- [name: string]: unknown;
3591
- };
3592
- content: {
3593
- "application/json": components["schemas"]["ErrorResponse"];
3594
- };
3595
- };
3596
3580
  };
3597
3581
  };
3598
3582
  getCurrentUser: {
@@ -3613,24 +3597,6 @@ export interface operations {
3613
3597
  "application/json": components["schemas"]["MeResponse"];
3614
3598
  };
3615
3599
  };
3616
- /** @description User or organization not found */
3617
- 404: {
3618
- headers: {
3619
- [name: string]: unknown;
3620
- };
3621
- content: {
3622
- "application/json": components["schemas"]["ErrorResponse"];
3623
- };
3624
- };
3625
- /** @description Configuration error (e.g., missing DEV_ORG_ID) */
3626
- 500: {
3627
- headers: {
3628
- [name: string]: unknown;
3629
- };
3630
- content: {
3631
- "application/json": components["schemas"]["ErrorResponse"];
3632
- };
3633
- };
3634
3600
  };
3635
3601
  };
3636
3602
  updateUserProfile: {
@@ -3655,24 +3621,6 @@ export interface operations {
3655
3621
  "application/json": components["schemas"]["ProfileUpdateResponse"];
3656
3622
  };
3657
3623
  };
3658
- /** @description Validation error */
3659
- 400: {
3660
- headers: {
3661
- [name: string]: unknown;
3662
- };
3663
- content: {
3664
- "application/json": components["schemas"]["ValidationErrorResponse"];
3665
- };
3666
- };
3667
- /** @description User not found */
3668
- 404: {
3669
- headers: {
3670
- [name: string]: unknown;
3671
- };
3672
- content: {
3673
- "application/json": components["schemas"]["ErrorResponse"];
3674
- };
3675
- };
3676
3624
  };
3677
3625
  };
3678
3626
  listUserOrgs: {
@@ -3796,67 +3744,20 @@ export interface operations {
3796
3744
  cookie?: never;
3797
3745
  };
3798
3746
  requestBody?: never;
3799
- responses: {
3800
- /** @description Banner dismissed */
3801
- 200: {
3802
- headers: {
3803
- [name: string]: unknown;
3804
- };
3805
- content: {
3806
- "application/json": {
3807
- success: boolean;
3808
- };
3809
- };
3810
- };
3811
- /** @description Invalid banner ID */
3812
- 400: {
3813
- headers: {
3814
- [name: string]: unknown;
3815
- };
3816
- content: {
3817
- "application/json": components["schemas"]["ErrorResponse"];
3818
- };
3819
- };
3820
- /** @description Not authenticated */
3821
- 401: {
3822
- headers: {
3823
- [name: string]: unknown;
3824
- };
3825
- content: {
3826
- "application/json": components["schemas"]["ErrorResponse"];
3827
- };
3828
- };
3829
- };
3830
- };
3831
- resyncSlackAvatar: {
3832
- parameters: {
3833
- query?: never;
3834
- header?: never;
3835
- path?: never;
3836
- cookie?: never;
3837
- };
3838
- requestBody?: never;
3839
- responses: {
3840
- /** @description Avatar resynced successfully */
3841
- 200: {
3842
- headers: {
3843
- [name: string]: unknown;
3844
- };
3845
- content: {
3846
- "application/json": components["schemas"]["ResyncSlackAvatarResponse"];
3847
- };
3848
- };
3849
- /** @description Not authenticated */
3850
- 401: {
3747
+ responses: {
3748
+ /** @description Banner dismissed */
3749
+ 200: {
3851
3750
  headers: {
3852
3751
  [name: string]: unknown;
3853
3752
  };
3854
3753
  content: {
3855
- "application/json": components["schemas"]["ErrorResponse"];
3754
+ "application/json": {
3755
+ success: boolean;
3756
+ };
3856
3757
  };
3857
3758
  };
3858
- /** @description User not found */
3859
- 404: {
3759
+ /** @description Invalid banner ID */
3760
+ 400: {
3860
3761
  headers: {
3861
3762
  [name: string]: unknown;
3862
3763
  };
@@ -3864,8 +3765,8 @@ export interface operations {
3864
3765
  "application/json": components["schemas"]["ErrorResponse"];
3865
3766
  };
3866
3767
  };
3867
- /** @description Rate limit exceeded */
3868
- 429: {
3768
+ /** @description Not authenticated */
3769
+ 401: {
3869
3770
  headers: {
3870
3771
  [name: string]: unknown;
3871
3772
  };
@@ -3875,91 +3776,69 @@ export interface operations {
3875
3776
  };
3876
3777
  };
3877
3778
  };
3878
- initiateOAuth: {
3779
+ resyncSlackAvatar: {
3879
3780
  parameters: {
3880
- query?: {
3881
- /**
3882
- * @deprecated
3883
- * @description DEPRECATED: Organization ID derived from session.
3884
- * Query parameter accepted only in dev mode for backwards compatibility.
3885
- * Production: orgId is always derived from authenticated session.
3886
- */
3887
- orgId?: string;
3888
- };
3781
+ query?: never;
3889
3782
  header?: never;
3890
- path: {
3891
- provider: components["schemas"]["OAuthProvider"];
3892
- };
3783
+ path?: never;
3893
3784
  cookie?: never;
3894
3785
  };
3895
3786
  requestBody?: never;
3896
3787
  responses: {
3897
- /** @description Redirect to OAuth provider */
3898
- 302: {
3788
+ /** @description Avatar resynced successfully */
3789
+ 200: {
3899
3790
  headers: {
3900
- /** @description OAuth provider authorization URL */
3901
- Location?: string;
3902
3791
  [name: string]: unknown;
3903
3792
  };
3904
3793
  content?: never;
3905
3794
  };
3906
- /** @description Invalid provider or missing/invalid orgId */
3907
- 400: {
3908
- headers: {
3909
- [name: string]: unknown;
3910
- };
3911
- content: {
3912
- "application/json": components["schemas"]["ErrorResponse"];
3913
- };
3914
- };
3915
- /** @description OAuth initialization failed */
3916
- 500: {
3795
+ };
3796
+ };
3797
+ initiateOAuth: {
3798
+ parameters: {
3799
+ query?: never;
3800
+ header?: never;
3801
+ path?: never;
3802
+ cookie?: never;
3803
+ };
3804
+ requestBody?: never;
3805
+ responses: {
3806
+ /** @description Redirect to OAuth provider consent screen */
3807
+ 302: {
3917
3808
  headers: {
3918
3809
  [name: string]: unknown;
3919
3810
  };
3920
- content: {
3921
- "application/json": components["schemas"]["ErrorResponse"];
3922
- };
3811
+ content?: never;
3923
3812
  };
3924
3813
  };
3925
3814
  };
3926
3815
  handleOAuthCallback: {
3927
3816
  parameters: {
3928
3817
  query?: {
3929
- /** @description Authorization code from provider */
3930
3818
  code?: string;
3931
- /** @description State token for CSRF protection */
3932
3819
  state?: string;
3933
- /** @description Error code from provider (if authorization denied) */
3934
3820
  error?: string;
3935
- /** @description Human-readable error description from provider */
3936
3821
  error_description?: string;
3937
3822
  };
3938
3823
  header?: never;
3939
- path: {
3940
- provider: components["schemas"]["OAuthProvider"];
3941
- };
3824
+ path?: never;
3942
3825
  cookie?: never;
3943
3826
  };
3944
3827
  requestBody?: never;
3945
3828
  responses: {
3946
- /** @description Authorization successful (HTML page) */
3829
+ /** @description HTML success or error page (for popup flows) */
3947
3830
  200: {
3948
3831
  headers: {
3949
3832
  [name: string]: unknown;
3950
3833
  };
3951
- content: {
3952
- "text/html": string;
3953
- };
3834
+ content?: never;
3954
3835
  };
3955
- /** @description Authorization failed or invalid request (HTML page) */
3956
- 400: {
3836
+ /** @description Redirect to return URL on success */
3837
+ 302: {
3957
3838
  headers: {
3958
3839
  [name: string]: unknown;
3959
3840
  };
3960
- content: {
3961
- "text/html": string;
3962
- };
3841
+ content?: never;
3963
3842
  };
3964
3843
  };
3965
3844
  };
@@ -7473,6 +7352,155 @@ export interface operations {
7473
7352
  };
7474
7353
  };
7475
7354
  };
7355
+ createCompanyMdContextDoc: {
7356
+ parameters: {
7357
+ query?: never;
7358
+ header?: never;
7359
+ path?: never;
7360
+ cookie?: never;
7361
+ };
7362
+ requestBody: {
7363
+ content: {
7364
+ "application/json": {
7365
+ title: string;
7366
+ parentDocSlug: string;
7367
+ };
7368
+ };
7369
+ };
7370
+ responses: {
7371
+ /** @description Created context doc */
7372
+ 201: {
7373
+ headers: {
7374
+ [name: string]: unknown;
7375
+ };
7376
+ content: {
7377
+ "application/json": {
7378
+ /** Format: uuid */
7379
+ id: string;
7380
+ slug: string;
7381
+ title: string;
7382
+ };
7383
+ };
7384
+ };
7385
+ /** @description No org.view_company_md capability */
7386
+ 403: {
7387
+ headers: {
7388
+ [name: string]: unknown;
7389
+ };
7390
+ content: {
7391
+ "application/json": components["schemas"]["ErrorResponse"];
7392
+ };
7393
+ };
7394
+ /** @description Parent doc not found */
7395
+ 404: {
7396
+ headers: {
7397
+ [name: string]: unknown;
7398
+ };
7399
+ content: {
7400
+ "application/json": components["schemas"]["ErrorResponse"];
7401
+ };
7402
+ };
7403
+ };
7404
+ };
7405
+ associateCompanyMdContextDoc: {
7406
+ parameters: {
7407
+ query?: never;
7408
+ header?: never;
7409
+ path: {
7410
+ /** @description Parent doc slug */
7411
+ slug: string;
7412
+ };
7413
+ cookie?: never;
7414
+ };
7415
+ requestBody: {
7416
+ content: {
7417
+ "application/json": {
7418
+ contextDocSlug: string;
7419
+ };
7420
+ };
7421
+ };
7422
+ responses: {
7423
+ /** @description Association created */
7424
+ 200: {
7425
+ headers: {
7426
+ [name: string]: unknown;
7427
+ };
7428
+ content: {
7429
+ "application/json": {
7430
+ ok?: boolean;
7431
+ };
7432
+ };
7433
+ };
7434
+ /** @description No org.view_company_md capability */
7435
+ 403: {
7436
+ headers: {
7437
+ [name: string]: unknown;
7438
+ };
7439
+ content: {
7440
+ "application/json": components["schemas"]["ErrorResponse"];
7441
+ };
7442
+ };
7443
+ /** @description Doc not found */
7444
+ 404: {
7445
+ headers: {
7446
+ [name: string]: unknown;
7447
+ };
7448
+ content: {
7449
+ "application/json": components["schemas"]["ErrorResponse"];
7450
+ };
7451
+ };
7452
+ /** @description Association already exists */
7453
+ 409: {
7454
+ headers: {
7455
+ [name: string]: unknown;
7456
+ };
7457
+ content: {
7458
+ "application/json": components["schemas"]["ErrorResponse"];
7459
+ };
7460
+ };
7461
+ };
7462
+ };
7463
+ removeCompanyMdContextAssociation: {
7464
+ parameters: {
7465
+ query?: never;
7466
+ header?: never;
7467
+ path: {
7468
+ /** @description Parent doc slug */
7469
+ slug: string;
7470
+ /** @description Context doc slug */
7471
+ contextDocSlug: string;
7472
+ };
7473
+ cookie?: never;
7474
+ };
7475
+ requestBody?: never;
7476
+ responses: {
7477
+ /** @description Association removed */
7478
+ 204: {
7479
+ headers: {
7480
+ [name: string]: unknown;
7481
+ };
7482
+ content?: never;
7483
+ };
7484
+ /** @description No org.view_company_md capability */
7485
+ 403: {
7486
+ headers: {
7487
+ [name: string]: unknown;
7488
+ };
7489
+ content: {
7490
+ "application/json": components["schemas"]["ErrorResponse"];
7491
+ };
7492
+ };
7493
+ /** @description Doc not found */
7494
+ 404: {
7495
+ headers: {
7496
+ [name: string]: unknown;
7497
+ };
7498
+ content: {
7499
+ "application/json": components["schemas"]["ErrorResponse"];
7500
+ };
7501
+ };
7502
+ };
7503
+ };
7476
7504
  getCompanyMdDocSharing: {
7477
7505
  parameters: {
7478
7506
  query?: never;
@@ -7785,6 +7813,77 @@ export interface operations {
7785
7813
  };
7786
7814
  };
7787
7815
  };
7816
+ getCompanyMdSettings: {
7817
+ parameters: {
7818
+ query?: never;
7819
+ header?: never;
7820
+ path?: never;
7821
+ cookie?: never;
7822
+ };
7823
+ requestBody?: never;
7824
+ responses: {
7825
+ /** @description Company.md settings with merged defaults */
7826
+ 200: {
7827
+ headers: {
7828
+ [name: string]: unknown;
7829
+ };
7830
+ content: {
7831
+ "application/json": components["schemas"]["CompanyMdSettings"];
7832
+ };
7833
+ };
7834
+ /** @description No org.view_company_md capability */
7835
+ 403: {
7836
+ headers: {
7837
+ [name: string]: unknown;
7838
+ };
7839
+ content: {
7840
+ "application/json": components["schemas"]["ErrorResponse"];
7841
+ };
7842
+ };
7843
+ };
7844
+ };
7845
+ updateCompanyMdLevelLabels: {
7846
+ parameters: {
7847
+ query?: never;
7848
+ header?: never;
7849
+ path?: never;
7850
+ cookie?: never;
7851
+ };
7852
+ requestBody: {
7853
+ content: {
7854
+ "application/json": components["schemas"]["UpdateCompanyMdLevelLabelsRequest"];
7855
+ };
7856
+ };
7857
+ responses: {
7858
+ /** @description Updated company.md settings */
7859
+ 200: {
7860
+ headers: {
7861
+ [name: string]: unknown;
7862
+ };
7863
+ content: {
7864
+ "application/json": components["schemas"]["CompanyMdSettings"];
7865
+ };
7866
+ };
7867
+ /** @description Invalid label values (empty or exceeds 50 characters) */
7868
+ 400: {
7869
+ headers: {
7870
+ [name: string]: unknown;
7871
+ };
7872
+ content: {
7873
+ "application/json": components["schemas"]["ErrorResponse"];
7874
+ };
7875
+ };
7876
+ /** @description No org.manage_company_md capability */
7877
+ 403: {
7878
+ headers: {
7879
+ [name: string]: unknown;
7880
+ };
7881
+ content: {
7882
+ "application/json": components["schemas"]["ErrorResponse"];
7883
+ };
7884
+ };
7885
+ };
7886
+ };
7788
7887
  listTeams: {
7789
7888
  parameters: {
7790
7889
  query?: never;