@knowledge-stack/ksapi 1.80.0 → 1.80.1

package/dist/esm/models/SubmitSubscriptionResponse.js

@@ -0,0 +1,52 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * Knowledge Stack API
+ * Knowledge Stack backend API for authentication and knowledge management
+ *
+ * The version of the OpenAPI document: 0.1.0
+ *
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+export const SubmitSubscriptionResponsePropertyValidationAttributesMap = {};
+/**
+ * Check if a given object implements the SubmitSubscriptionResponse interface.
+ */
+export function instanceOfSubmitSubscriptionResponse(value) {
+    if (!('submitted' in value) || value['submitted'] === undefined)
+        return false;
+    if (!('noop' in value) || value['noop'] === undefined)
+        return false;
+    if (!('idempotencyKey' in value) || value['idempotencyKey'] === undefined)
+        return false;
+    return true;
+}
+export function SubmitSubscriptionResponseFromJSON(json) {
+    return SubmitSubscriptionResponseFromJSONTyped(json, false);
+}
+export function SubmitSubscriptionResponseFromJSONTyped(json, ignoreDiscriminator) {
+    if (json == null) {
+        return json;
+    }
+    return {
+        'submitted': json['submitted'],
+        'noop': json['noop'],
+        'idempotencyKey': json['idempotency_key'],
+    };
+}
+export function SubmitSubscriptionResponseToJSON(json) {
+    return SubmitSubscriptionResponseToJSONTyped(json, false);
+}
+export function SubmitSubscriptionResponseToJSONTyped(value, ignoreDiscriminator = false) {
+    if (value == null) {
+        return value;
+    }
+    return {
+        'submitted': value['submitted'],
+        'noop': value['noop'],
+        'idempotency_key': value['idempotencyKey'],
+    };
+}

package/dist/esm/models/index.d.ts

@@ -142,6 +142,7 @@ export * from './StepInput';
 export * from './StepKind';
 export * from './StepOutput';
 export * from './SubmitFeedbackRequest';
+export * from './SubmitSubscriptionResponse';
 export * from './SubscriptionPlanResponse';
 export * from './SubtreeChunkGroup';
 export * from './SubtreeChunksResponse';

package/dist/esm/models/index.js

@@ -144,6 +144,7 @@ export * from './StepInput';
 export * from './StepKind';
 export * from './StepOutput';
 export * from './SubmitFeedbackRequest';
+export * from './SubmitSubscriptionResponse';
 export * from './SubscriptionPlanResponse';
 export * from './SubtreeChunkGroup';
 export * from './SubtreeChunksResponse';

package/dist/models/DocumentResponse.d.ts

@@ -121,6 +121,12 @@ export interface DocumentResponse {
      * @memberof DocumentResponse
      */
     tags?: Array<TagResponse> | null;
+    /**
+     * Whether the current caller has write access to this document. Only populated by endpoints that compute it (e.g. folder contents).
+     * @type {boolean}
+     * @memberof DocumentResponse
+     */
+    canWrite?: boolean | null;
 }
 /**
  * @export

package/dist/models/DocumentResponse.js

@@ -93,6 +93,7 @@ function DocumentResponseFromJSONTyped(json, ignoreDiscriminator) {
         'createdAt': (new Date(json['created_at'])),
         'updatedAt': (new Date(json['updated_at'])),
         'tags': json['tags'] == null ? undefined : (json['tags'].map(TagResponse_1.TagResponseFromJSON)),
+        'canWrite': json['can_write'] == null ? undefined : json['can_write'],
     };
 }
 function DocumentResponseToJSON(json) {
@@ -120,5 +121,6 @@ function DocumentResponseToJSONTyped(value, ignoreDiscriminator = false) {
         'created_at': value['createdAt'].toISOString(),
         'updated_at': value['updatedAt'].toISOString(),
         'tags': value['tags'] == null ? undefined : (value['tags'].map(TagResponse_1.TagResponseToJSON)),
+        'can_write': value['canWrite'],
     };
 }

package/dist/models/FolderResponse.d.ts

@@ -88,6 +88,12 @@ export interface FolderResponse {
      * @memberof FolderResponse
      */
     tags?: Array<TagResponse> | null;
+    /**
+     * Whether the current caller has write access to this folder. Only populated by endpoints that compute it (e.g. folder contents).
+     * @type {boolean}
+     * @memberof FolderResponse
+     */
+    canWrite?: boolean | null;
 }
 /**
  * @export

package/dist/models/FolderResponse.js

@@ -75,6 +75,7 @@ function FolderResponseFromJSONTyped(json, ignoreDiscriminator) {
         'createdAt': (new Date(json['created_at'])),
         'updatedAt': (new Date(json['updated_at'])),
         'tags': json['tags'] == null ? undefined : (json['tags'].map(TagResponse_1.TagResponseFromJSON)),
+        'canWrite': json['can_write'] == null ? undefined : json['can_write'],
     };
 }
 function FolderResponseToJSON(json) {
@@ -97,5 +98,6 @@ function FolderResponseToJSONTyped(value, ignoreDiscriminator = false) {
         'created_at': value['createdAt'].toISOString(),
         'updated_at': value['updatedAt'].toISOString(),
         'tags': value['tags'] == null ? undefined : (value['tags'].map(TagResponse_1.TagResponseToJSON)),
+        'can_write': value['canWrite'],
     };
 }

package/dist/models/MeteredQuotaStatus.d.ts

@@ -46,6 +46,12 @@ export interface MeteredQuotaStatus {
      * @memberof MeteredQuotaStatus
      */
     periodEnd: Date;
+    /**
+     * Persistent additional-quota balance for this metric. Unchanged by period rollover; decremented when included is exhausted, incremented on refund or top-up.
+     * @type {number}
+     * @memberof MeteredQuotaStatus
+     */
+    additionalBalance?: number;
 }
 export declare const MeteredQuotaStatusPropertyValidationAttributesMap: {
     [property: string]: {

package/dist/models/MeteredQuotaStatus.js

@@ -50,6 +50,7 @@ function MeteredQuotaStatusFromJSONTyped(json, ignoreDiscriminator) {
         'limit': json['limit'],
         'periodStart': (new Date(json['period_start'])),
         'periodEnd': (new Date(json['period_end'])),
+        'additionalBalance': json['additional_balance'] == null ? undefined : json['additional_balance'],
     };
 }
 function MeteredQuotaStatusToJSON(json) {
@@ -65,5 +66,6 @@ function MeteredQuotaStatusToJSONTyped(value, ignoreDiscriminator = false) {
         'limit': value['limit'],
         'period_start': value['periodStart'].toISOString(),
         'period_end': value['periodEnd'].toISOString(),
+        'additional_balance': value['additionalBalance'],
     };
 }

package/dist/models/SubmitSubscriptionResponse.d.ts

@@ -0,0 +1,75 @@
+/**
+ * Knowledge Stack API
+ * Knowledge Stack backend API for authentication and knowledge management
+ *
+ * The version of the OpenAPI document: 0.1.0
+ *
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+/**
+ * Result envelope for the subscription-change submit endpoint.
+ *
+ * The endpoint returns immediately after the (mock-)Stripe charge is
+ * submitted; the actual plan/seat write happens later in the Stripe
+ * subscription webhook. ``submitted=True`` always when the route
+ * succeeds (errors raise via the global handler).
+ *
+ * ``noop=True`` indicates the tenant is already at the requested
+ * ``(plan, num_seats)`` — no Stripe call was issued, no webhook will
+ * arrive, and the user's account is unchanged. Symmetric with
+ * ``StripeWebhookAck.replayed`` so client UIs can render "already
+ * on this plan" rather than spinning a "waiting for webhook"
+ * indicator forever.
+ *
+ * ``idempotency_key`` echoes the value forwarded to Stripe — clients
+ * can store it to correlate the eventual webhook receipt with the
+ * original request, and re-send it verbatim on retries.
+ * @export
+ * @interface SubmitSubscriptionResponse
+ */
+export interface SubmitSubscriptionResponse {
+    /**
+     * Always True when the submit returns 202.
+     * @type {boolean}
+     * @memberof SubmitSubscriptionResponse
+     */
+    submitted: boolean;
+    /**
+     * True when the tenant was already at the target ``(plan, num_seats)`` — no Stripe call was made and no webhook will arrive.
+     * @type {boolean}
+     * @memberof SubmitSubscriptionResponse
+     */
+    noop: boolean;
+    /**
+     * Idempotency key forwarded to Stripe — sourced from the ``Idempotency-Key`` request header or a server-generated uuid4 when absent.
+     * @type {string}
+     * @memberof SubmitSubscriptionResponse
+     */
+    idempotencyKey: string;
+}
+export declare const SubmitSubscriptionResponsePropertyValidationAttributesMap: {
+    [property: string]: {
+        maxLength?: number;
+        minLength?: number;
+        pattern?: string;
+        maximum?: number;
+        exclusiveMaximum?: boolean;
+        minimum?: number;
+        exclusiveMinimum?: boolean;
+        multipleOf?: number;
+        maxItems?: number;
+        minItems?: number;
+        uniqueItems?: boolean;
+    };
+};
+/**
+ * Check if a given object implements the SubmitSubscriptionResponse interface.
+ */
+export declare function instanceOfSubmitSubscriptionResponse(value: object): value is SubmitSubscriptionResponse;
+export declare function SubmitSubscriptionResponseFromJSON(json: any): SubmitSubscriptionResponse;
+export declare function SubmitSubscriptionResponseFromJSONTyped(json: any, ignoreDiscriminator: boolean): SubmitSubscriptionResponse;
+export declare function SubmitSubscriptionResponseToJSON(json: any): SubmitSubscriptionResponse;
+export declare function SubmitSubscriptionResponseToJSONTyped(value?: SubmitSubscriptionResponse | null, ignoreDiscriminator?: boolean): any;

package/dist/models/SubmitSubscriptionResponse.js

@@ -0,0 +1,60 @@
+"use strict";
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * Knowledge Stack API
+ * Knowledge Stack backend API for authentication and knowledge management
+ *
+ * The version of the OpenAPI document: 0.1.0
+ *
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SubmitSubscriptionResponsePropertyValidationAttributesMap = void 0;
+exports.instanceOfSubmitSubscriptionResponse = instanceOfSubmitSubscriptionResponse;
+exports.SubmitSubscriptionResponseFromJSON = SubmitSubscriptionResponseFromJSON;
+exports.SubmitSubscriptionResponseFromJSONTyped = SubmitSubscriptionResponseFromJSONTyped;
+exports.SubmitSubscriptionResponseToJSON = SubmitSubscriptionResponseToJSON;
+exports.SubmitSubscriptionResponseToJSONTyped = SubmitSubscriptionResponseToJSONTyped;
+exports.SubmitSubscriptionResponsePropertyValidationAttributesMap = {};
+/**
+ * Check if a given object implements the SubmitSubscriptionResponse interface.
+ */
+function instanceOfSubmitSubscriptionResponse(value) {
+    if (!('submitted' in value) || value['submitted'] === undefined)
+        return false;
+    if (!('noop' in value) || value['noop'] === undefined)
+        return false;
+    if (!('idempotencyKey' in value) || value['idempotencyKey'] === undefined)
+        return false;
+    return true;
+}
+function SubmitSubscriptionResponseFromJSON(json) {
+    return SubmitSubscriptionResponseFromJSONTyped(json, false);
+}
+function SubmitSubscriptionResponseFromJSONTyped(json, ignoreDiscriminator) {
+    if (json == null) {
+        return json;
+    }
+    return {
+        'submitted': json['submitted'],
+        'noop': json['noop'],
+        'idempotencyKey': json['idempotency_key'],
+    };
+}
+function SubmitSubscriptionResponseToJSON(json) {
+    return SubmitSubscriptionResponseToJSONTyped(json, false);
+}
+function SubmitSubscriptionResponseToJSONTyped(value, ignoreDiscriminator = false) {
+    if (value == null) {
+        return value;
+    }
+    return {
+        'submitted': value['submitted'],
+        'noop': value['noop'],
+        'idempotency_key': value['idempotencyKey'],
+    };
+}

package/dist/models/index.d.ts

@@ -142,6 +142,7 @@ export * from './StepInput';
 export * from './StepKind';
 export * from './StepOutput';
 export * from './SubmitFeedbackRequest';
+export * from './SubmitSubscriptionResponse';
 export * from './SubscriptionPlanResponse';
 export * from './SubtreeChunkGroup';
 export * from './SubtreeChunksResponse';

package/dist/models/index.js

@@ -160,6 +160,7 @@ __exportStar(require("./StepInput"), exports);
 __exportStar(require("./StepKind"), exports);
 __exportStar(require("./StepOutput"), exports);
 __exportStar(require("./SubmitFeedbackRequest"), exports);
+__exportStar(require("./SubmitSubscriptionResponse"), exports);
 __exportStar(require("./SubscriptionPlanResponse"), exports);
 __exportStar(require("./SubtreeChunkGroup"), exports);
 __exportStar(require("./SubtreeChunksResponse"), exports);

package/docs/AgentApi.md

@@ -15,7 +15,7 @@ All URIs are relative to *http://localhost:8000*
 
 Agent Ask Handler
 
-Run a one-shot text agent request to completion and return the payload.  The request blocks until the underlying Temporal workflow finishes. Clients should set a generous HTTP timeout to accommodate tool-heavy runs.  Quota: consumes one MESSAGE before ``start_workflow``. Refunds on any failure between consume and ``handle.result()`` returning — pre-enqueue ``start_workflow`` raises and post-enqueue workflow failures both refund.
+Run a one-shot text agent request to completion and return the payload.  The request blocks until the underlying Temporal workflow finishes. Clients should set a generous HTTP timeout to accommodate tool-heavy runs.  Quota: consumes one MESSAGE before ``start_workflow``. Refund semantics distinguish cause:  * **Cancellation** (client disconnect → ``asyncio.CancelledError``,   OR explicit ``DELETE /v1/workflows/{id}`` while we await   ``handle.result()`` → Temporal-wrapped ``CancelledError``)   → **NO REFUND.** The user walked away or actively cancelled;   that\'s their volition. We still best-effort cancel the   workflow so the agent stops burning LLM tokens, but the   consume stays charged. Detection uses   ``temporalio.exceptions.is_cancelled_exception`` which spans   both forms. * Any other exception (pre-enqueue ``start_workflow`` raise,   Temporal failure, workflow-internal error) → **REFUND.** Server   / our-problem failures don\'t bill the user.
 
 ### Example
 

package/docs/DocumentResponse.md

@@ -24,6 +24,7 @@ Name | Type
 `createdAt` | Date
 `updatedAt` | Date
 `tags` | [Array<TagResponse>](TagResponse.md)
+`canWrite` | boolean
 
 ## Example
 
@@ -49,6 +50,7 @@ const example = {
   "createdAt": null,
   "updatedAt": null,
   "tags": null,
+  "canWrite": null,
 } satisfies DocumentResponse
 
 console.log(example)

package/docs/FolderResponse.md

@@ -19,6 +19,7 @@ Name | Type
 `createdAt` | Date
 `updatedAt` | Date
 `tags` | [Array<TagResponse>](TagResponse.md)
+`canWrite` | boolean
 
 ## Example
 
@@ -39,6 +40,7 @@ const example = {
   "createdAt": null,
   "updatedAt": null,
   "tags": null,
+  "canWrite": null,
 } satisfies FolderResponse
 
 console.log(example)

package/docs/FolderResponseOrDocumentResponse.md

@@ -18,6 +18,7 @@ Name | Type
 `createdAt` | Date
 `updatedAt` | Date
 `tags` | [Array<TagResponse>](TagResponse.md)
+`canWrite` | boolean
 `documentType` | [DocumentType](DocumentType.md)
 `documentOrigin` | [DocumentOrigin](DocumentOrigin.md)
 `activeVersionId` | string
@@ -43,6 +44,7 @@ const example = {
   "createdAt": null,
   "updatedAt": null,
   "tags": null,
+  "canWrite": null,
   "documentType": null,
   "documentOrigin": null,
   "activeVersionId": null,

package/docs/MeteredQuotaStatus.md

@@ -12,6 +12,7 @@ Name | Type
 `limit` | number
 `periodStart` | Date
 `periodEnd` | Date
+`additionalBalance` | number
 
 ## Example
 
@@ -25,6 +26,7 @@ const example = {
   "limit": null,
   "periodStart": null,
   "periodEnd": null,
+  "additionalBalance": null,
 } satisfies MeteredQuotaStatus
 
 console.log(example)

package/docs/SubmitSubscriptionResponse.md

@@ -0,0 +1,39 @@
+
+# SubmitSubscriptionResponse
+
+Result envelope for the subscription-change submit endpoint.  The endpoint returns immediately after the (mock-)Stripe charge is submitted; the actual plan/seat write happens later in the Stripe subscription webhook. ``submitted=True`` always when the route succeeds (errors raise via the global handler).  ``noop=True`` indicates the tenant is already at the requested ``(plan, num_seats)`` — no Stripe call was issued, no webhook will arrive, and the user\'s account is unchanged. Symmetric with ``StripeWebhookAck.replayed`` so client UIs can render \"already on this plan\" rather than spinning a \"waiting for webhook\" indicator forever.  ``idempotency_key`` echoes the value forwarded to Stripe — clients can store it to correlate the eventual webhook receipt with the original request, and re-send it verbatim on retries.
+
+## Properties
+
+Name | Type
+------------ | -------------
+`submitted` | boolean
+`noop` | boolean
+`idempotencyKey` | string
+
+## Example
+
+```typescript
+import type { SubmitSubscriptionResponse } from '@knowledge-stack/ksapi'
+
+// TODO: Update the object below with actual values
+const example = {
+  "submitted": null,
+  "noop": null,
+  "idempotencyKey": null,
+} satisfies SubmitSubscriptionResponse
+
+console.log(example)
+
+// Convert the instance to a JSON string
+const exampleJSON: string = JSON.stringify(example)
+console.log(exampleJSON)
+
+// Parse the JSON string back to an object
+const exampleParsed = JSON.parse(exampleJSON) as SubmitSubscriptionResponse
+console.log(exampleParsed)
+```
+
+[[Back to top]](#) [[Back to API list]](../README.md#api-endpoints) [[Back to Model list]](../README.md#models) [[Back to README]](../README.md)
+
+

package/docs/SubscriptionsApi.md

@@ -11,11 +11,11 @@ All URIs are relative to *http://localhost:8000*
 
 ## changeTenantSubscription
 
-> TenantResponse changeTenantSubscription(tenantId, changeSubscriptionRequest, idempotencyKey, authorization, ksUat)
+> SubmitSubscriptionResponse changeTenantSubscription(tenantId, changeSubscriptionRequest, idempotencyKey, authorization, ksUat)
 
 Change Tenant Subscription Handler
 
-Change the tenant\'s subscription plan and/or seat count.  OWNER-only on the target tenant. Covers three scenarios with one shape:   - Plan change (with optional seat-count change).   - Pure seat-count change (same plan, different ``num_seats``).   - No-op (same plan, same seats) — returns 200, performs no DB or     Stripe writes.  Optional ``Idempotency-Key`` request header is forwarded to Stripe verbatim (clients that retry the same logical operation MUST send the same value across attempts; Stripe collapses duplicates server- side). Absent the header, the server generates a fresh ``uuid4()`` per call and emits a warning — retries in that case are NOT deduplicated. v1 mock-Stripe doesn\'t care, but the contract is in place for the real integration.
+Submit a subscription change (mock-Stripe).  OWNER-only on the target tenant. Validates the request (tenant + plan exist, ``num_seats`` within bounds), submits the (mock-)Stripe subscription update, and returns 202. The plan/seat write is NOT applied here — that happens in ``POST /webhooks/stripe/subscription`` after Stripe confirms the change.  Async two-hop workflow per ``docs/billing_additional_limits.md`` §\"Async payment workflow\": the dev environment exercises the same submit/webhook split as production will when the real Stripe SDK replaces the log-line stub in ``notify_billing``.  Optional ``Idempotency-Key`` request header is forwarded to Stripe verbatim (clients that retry the same logical operation MUST send the same value across attempts; Stripe collapses duplicates server- side). Absent the header, the server generates a fresh ``uuid4()`` per call and emits a warning — but only when a Stripe call is actually about to fire (i.e. the validation passed AND the change is not a no-op). Warning before validation would false-positive on every 4xx and on every redundant submit.  **Header value lands in structured logs.** The header value is forwarded into the ``stripe.update_subscription`` log event\'s ``idempotency_key`` field (and into the eventual real Stripe call). Use opaque random IDs (e.g. ``uuid4()``); do NOT pass user identifiers, tokens, or other sensitive material as the ``Idempotency-Key`` header.
 
 ### Example
 
@@ -68,7 +68,7 @@ example().catch(console.error);
 
 ### Return type
 
-[**TenantResponse**](TenantResponse.md)
+[**SubmitSubscriptionResponse**](SubmitSubscriptionResponse.md)
 
 ### Authorization
 
@@ -83,7 +83,7 @@ No authorization required
 ### HTTP response details
 | Status code | Description | Response headers |
 |-------------|-------------|------------------|
-| **200** | Successful Response |  -  |
+| **202** | Successful Response |  -  |
 | **422** | Validation Error |  -  |
 
 [[Back to top]](#) [[Back to API list]](../README.md#api-endpoints) [[Back to Model list]](../README.md#models) [[Back to README]](../README.md)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@knowledge-stack/ksapi",
-  "version": "1.80.0",
+  "version": "1.80.1",
   "description": "OpenAPI client for @knowledge-stack/ksapi",
   "author": "OpenAPI-Generator",
   "repository": {

package/src/apis/AgentApi.ts

@@ -64,7 +64,7 @@ export interface AgentApiInterface {
     agentAskRequestOpts(requestParameters: AgentAskRequest): Promise<runtime.RequestOpts>;
 
     /**
-     * Run a one-shot text agent request to completion and return the payload.  The request blocks until the underlying Temporal workflow finishes. Clients should set a generous HTTP timeout to accommodate tool-heavy runs.  Quota: consumes one MESSAGE before ``start_workflow``. Refunds on any failure between consume and ``handle.result()`` returning — pre-enqueue ``start_workflow`` raises and post-enqueue workflow failures both refund.
+     * Run a one-shot text agent request to completion and return the payload.  The request blocks until the underlying Temporal workflow finishes. Clients should set a generous HTTP timeout to accommodate tool-heavy runs.  Quota: consumes one MESSAGE before ``start_workflow``. Refund semantics distinguish cause:  * **Cancellation** (client disconnect → ``asyncio.CancelledError``,   OR explicit ``DELETE /v1/workflows/{id}`` while we await   ``handle.result()`` → Temporal-wrapped ``CancelledError``)   → **NO REFUND.** The user walked away or actively cancelled;   that\'s their volition. We still best-effort cancel the   workflow so the agent stops burning LLM tokens, but the   consume stays charged. Detection uses   ``temporalio.exceptions.is_cancelled_exception`` which spans   both forms. * Any other exception (pre-enqueue ``start_workflow`` raise,   Temporal failure, workflow-internal error) → **REFUND.** Server   / our-problem failures don\'t bill the user.
      * @summary Agent Ask Handler
      * @param {AskRequest} askRequest 
      * @param {string} [authorization] 
@@ -76,7 +76,7 @@ export interface AgentApiInterface {
     agentAskRaw(requestParameters: AgentAskRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<AskResponse>>;
 
     /**
-     * Run a one-shot text agent request to completion and return the payload.  The request blocks until the underlying Temporal workflow finishes. Clients should set a generous HTTP timeout to accommodate tool-heavy runs.  Quota: consumes one MESSAGE before ``start_workflow``. Refunds on any failure between consume and ``handle.result()`` returning — pre-enqueue ``start_workflow`` raises and post-enqueue workflow failures both refund.
+     * Run a one-shot text agent request to completion and return the payload.  The request blocks until the underlying Temporal workflow finishes. Clients should set a generous HTTP timeout to accommodate tool-heavy runs.  Quota: consumes one MESSAGE before ``start_workflow``. Refund semantics distinguish cause:  * **Cancellation** (client disconnect → ``asyncio.CancelledError``,   OR explicit ``DELETE /v1/workflows/{id}`` while we await   ``handle.result()`` → Temporal-wrapped ``CancelledError``)   → **NO REFUND.** The user walked away or actively cancelled;   that\'s their volition. We still best-effort cancel the   workflow so the agent stops burning LLM tokens, but the   consume stays charged. Detection uses   ``temporalio.exceptions.is_cancelled_exception`` which spans   both forms. * Any other exception (pre-enqueue ``start_workflow`` raise,   Temporal failure, workflow-internal error) → **REFUND.** Server   / our-problem failures don\'t bill the user.
      * Agent Ask Handler
      */
     agentAsk(requestParameters: AgentAskRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<AskResponse>;
@@ -150,7 +150,7 @@ export class AgentApi extends runtime.BaseAPI implements AgentApiInterface {
     }
 
     /**
-     * Run a one-shot text agent request to completion and return the payload.  The request blocks until the underlying Temporal workflow finishes. Clients should set a generous HTTP timeout to accommodate tool-heavy runs.  Quota: consumes one MESSAGE before ``start_workflow``. Refunds on any failure between consume and ``handle.result()`` returning — pre-enqueue ``start_workflow`` raises and post-enqueue workflow failures both refund.
+     * Run a one-shot text agent request to completion and return the payload.  The request blocks until the underlying Temporal workflow finishes. Clients should set a generous HTTP timeout to accommodate tool-heavy runs.  Quota: consumes one MESSAGE before ``start_workflow``. Refund semantics distinguish cause:  * **Cancellation** (client disconnect → ``asyncio.CancelledError``,   OR explicit ``DELETE /v1/workflows/{id}`` while we await   ``handle.result()`` → Temporal-wrapped ``CancelledError``)   → **NO REFUND.** The user walked away or actively cancelled;   that\'s their volition. We still best-effort cancel the   workflow so the agent stops burning LLM tokens, but the   consume stays charged. Detection uses   ``temporalio.exceptions.is_cancelled_exception`` which spans   both forms. * Any other exception (pre-enqueue ``start_workflow`` raise,   Temporal failure, workflow-internal error) → **REFUND.** Server   / our-problem failures don\'t bill the user.
      * Agent Ask Handler
      */
     async agentAskRaw(requestParameters: AgentAskRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<AskResponse>> {
@@ -161,7 +161,7 @@ export class AgentApi extends runtime.BaseAPI implements AgentApiInterface {
     }
 
     /**
-     * Run a one-shot text agent request to completion and return the payload.  The request blocks until the underlying Temporal workflow finishes. Clients should set a generous HTTP timeout to accommodate tool-heavy runs.  Quota: consumes one MESSAGE before ``start_workflow``. Refunds on any failure between consume and ``handle.result()`` returning — pre-enqueue ``start_workflow`` raises and post-enqueue workflow failures both refund.
+     * Run a one-shot text agent request to completion and return the payload.  The request blocks until the underlying Temporal workflow finishes. Clients should set a generous HTTP timeout to accommodate tool-heavy runs.  Quota: consumes one MESSAGE before ``start_workflow``. Refund semantics distinguish cause:  * **Cancellation** (client disconnect → ``asyncio.CancelledError``,   OR explicit ``DELETE /v1/workflows/{id}`` while we await   ``handle.result()`` → Temporal-wrapped ``CancelledError``)   → **NO REFUND.** The user walked away or actively cancelled;   that\'s their volition. We still best-effort cancel the   workflow so the agent stops burning LLM tokens, but the   consume stays charged. Detection uses   ``temporalio.exceptions.is_cancelled_exception`` which spans   both forms. * Any other exception (pre-enqueue ``start_workflow`` raise,   Temporal failure, workflow-internal error) → **REFUND.** Server   / our-problem failures don\'t bill the user.
      * Agent Ask Handler
      */
     async agentAsk(requestParameters: AgentAskRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<AskResponse> {

package/src/apis/SubscriptionsApi.ts

@@ -17,18 +17,18 @@ import * as runtime from '../runtime';
 import type {
   ChangeSubscriptionRequest,
   HTTPValidationError,
+  SubmitSubscriptionResponse,
   SubscriptionPlanResponse,
-  TenantResponse,
 } from '../models/index';
 import {
     ChangeSubscriptionRequestFromJSON,
     ChangeSubscriptionRequestToJSON,
     HTTPValidationErrorFromJSON,
     HTTPValidationErrorToJSON,
+    SubmitSubscriptionResponseFromJSON,
+    SubmitSubscriptionResponseToJSON,
     SubscriptionPlanResponseFromJSON,
     SubscriptionPlanResponseToJSON,
-    TenantResponseFromJSON,
-    TenantResponseToJSON,
 } from '../models/index';
 
 export interface ChangeTenantSubscriptionRequest {
@@ -65,7 +65,7 @@ export interface SubscriptionsApiInterface {
     changeTenantSubscriptionRequestOpts(requestParameters: ChangeTenantSubscriptionRequest): Promise<runtime.RequestOpts>;
 
     /**
-     * Change the tenant\'s subscription plan and/or seat count.  OWNER-only on the target tenant. Covers three scenarios with one shape:   - Plan change (with optional seat-count change).   - Pure seat-count change (same plan, different ``num_seats``).   - No-op (same plan, same seats) — returns 200, performs no DB or     Stripe writes.  Optional ``Idempotency-Key`` request header is forwarded to Stripe verbatim (clients that retry the same logical operation MUST send the same value across attempts; Stripe collapses duplicates server- side). Absent the header, the server generates a fresh ``uuid4()`` per call and emits a warning — retries in that case are NOT deduplicated. v1 mock-Stripe doesn\'t care, but the contract is in place for the real integration.
+     * Submit a subscription change (mock-Stripe).  OWNER-only on the target tenant. Validates the request (tenant + plan exist, ``num_seats`` within bounds), submits the (mock-)Stripe subscription update, and returns 202. The plan/seat write is NOT applied here — that happens in ``POST /webhooks/stripe/subscription`` after Stripe confirms the change.  Async two-hop workflow per ``docs/billing_additional_limits.md`` §\"Async payment workflow\": the dev environment exercises the same submit/webhook split as production will when the real Stripe SDK replaces the log-line stub in ``notify_billing``.  Optional ``Idempotency-Key`` request header is forwarded to Stripe verbatim (clients that retry the same logical operation MUST send the same value across attempts; Stripe collapses duplicates server- side). Absent the header, the server generates a fresh ``uuid4()`` per call and emits a warning — but only when a Stripe call is actually about to fire (i.e. the validation passed AND the change is not a no-op). Warning before validation would false-positive on every 4xx and on every redundant submit.  **Header value lands in structured logs.** The header value is forwarded into the ``stripe.update_subscription`` log event\'s ``idempotency_key`` field (and into the eventual real Stripe call). Use opaque random IDs (e.g. ``uuid4()``); do NOT pass user identifiers, tokens, or other sensitive material as the ``Idempotency-Key`` header.
      * @summary Change Tenant Subscription Handler
      * @param {string} tenantId 
      * @param {ChangeSubscriptionRequest} changeSubscriptionRequest 
@@ -76,13 +76,13 @@ export interface SubscriptionsApiInterface {
      * @throws {RequiredError}
      * @memberof SubscriptionsApiInterface
      */
-    changeTenantSubscriptionRaw(requestParameters: ChangeTenantSubscriptionRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<TenantResponse>>;
+    changeTenantSubscriptionRaw(requestParameters: ChangeTenantSubscriptionRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<SubmitSubscriptionResponse>>;
 
     /**
-     * Change the tenant\'s subscription plan and/or seat count.  OWNER-only on the target tenant. Covers three scenarios with one shape:   - Plan change (with optional seat-count change).   - Pure seat-count change (same plan, different ``num_seats``).   - No-op (same plan, same seats) — returns 200, performs no DB or     Stripe writes.  Optional ``Idempotency-Key`` request header is forwarded to Stripe verbatim (clients that retry the same logical operation MUST send the same value across attempts; Stripe collapses duplicates server- side). Absent the header, the server generates a fresh ``uuid4()`` per call and emits a warning — retries in that case are NOT deduplicated. v1 mock-Stripe doesn\'t care, but the contract is in place for the real integration.
+     * Submit a subscription change (mock-Stripe).  OWNER-only on the target tenant. Validates the request (tenant + plan exist, ``num_seats`` within bounds), submits the (mock-)Stripe subscription update, and returns 202. The plan/seat write is NOT applied here — that happens in ``POST /webhooks/stripe/subscription`` after Stripe confirms the change.  Async two-hop workflow per ``docs/billing_additional_limits.md`` §\"Async payment workflow\": the dev environment exercises the same submit/webhook split as production will when the real Stripe SDK replaces the log-line stub in ``notify_billing``.  Optional ``Idempotency-Key`` request header is forwarded to Stripe verbatim (clients that retry the same logical operation MUST send the same value across attempts; Stripe collapses duplicates server- side). Absent the header, the server generates a fresh ``uuid4()`` per call and emits a warning — but only when a Stripe call is actually about to fire (i.e. the validation passed AND the change is not a no-op). Warning before validation would false-positive on every 4xx and on every redundant submit.  **Header value lands in structured logs.** The header value is forwarded into the ``stripe.update_subscription`` log event\'s ``idempotency_key`` field (and into the eventual real Stripe call). Use opaque random IDs (e.g. ``uuid4()``); do NOT pass user identifiers, tokens, or other sensitive material as the ``Idempotency-Key`` header.
      * Change Tenant Subscription Handler
      */
-    changeTenantSubscription(requestParameters: ChangeTenantSubscriptionRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<TenantResponse>;
+    changeTenantSubscription(requestParameters: ChangeTenantSubscriptionRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<SubmitSubscriptionResponse>;
 
     /**
      * Creates request options for getTenantSubscription without sending the request
@@ -165,21 +165,21 @@ export class SubscriptionsApi extends runtime.BaseAPI implements SubscriptionsAp
     }
 
     /**
-     * Change the tenant\'s subscription plan and/or seat count.  OWNER-only on the target tenant. Covers three scenarios with one shape:   - Plan change (with optional seat-count change).   - Pure seat-count change (same plan, different ``num_seats``).   - No-op (same plan, same seats) — returns 200, performs no DB or     Stripe writes.  Optional ``Idempotency-Key`` request header is forwarded to Stripe verbatim (clients that retry the same logical operation MUST send the same value across attempts; Stripe collapses duplicates server- side). Absent the header, the server generates a fresh ``uuid4()`` per call and emits a warning — retries in that case are NOT deduplicated. v1 mock-Stripe doesn\'t care, but the contract is in place for the real integration.
+     * Submit a subscription change (mock-Stripe).  OWNER-only on the target tenant. Validates the request (tenant + plan exist, ``num_seats`` within bounds), submits the (mock-)Stripe subscription update, and returns 202. The plan/seat write is NOT applied here — that happens in ``POST /webhooks/stripe/subscription`` after Stripe confirms the change.  Async two-hop workflow per ``docs/billing_additional_limits.md`` §\"Async payment workflow\": the dev environment exercises the same submit/webhook split as production will when the real Stripe SDK replaces the log-line stub in ``notify_billing``.  Optional ``Idempotency-Key`` request header is forwarded to Stripe verbatim (clients that retry the same logical operation MUST send the same value across attempts; Stripe collapses duplicates server- side). Absent the header, the server generates a fresh ``uuid4()`` per call and emits a warning — but only when a Stripe call is actually about to fire (i.e. the validation passed AND the change is not a no-op). Warning before validation would false-positive on every 4xx and on every redundant submit.  **Header value lands in structured logs.** The header value is forwarded into the ``stripe.update_subscription`` log event\'s ``idempotency_key`` field (and into the eventual real Stripe call). Use opaque random IDs (e.g. ``uuid4()``); do NOT pass user identifiers, tokens, or other sensitive material as the ``Idempotency-Key`` header.
      * Change Tenant Subscription Handler
      */
-    async changeTenantSubscriptionRaw(requestParameters: ChangeTenantSubscriptionRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<TenantResponse>> {
+    async changeTenantSubscriptionRaw(requestParameters: ChangeTenantSubscriptionRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<SubmitSubscriptionResponse>> {
         const requestOptions = await this.changeTenantSubscriptionRequestOpts(requestParameters);
         const response = await this.request(requestOptions, initOverrides);
 
-        return new runtime.JSONApiResponse(response, (jsonValue) => TenantResponseFromJSON(jsonValue));
+        return new runtime.JSONApiResponse(response, (jsonValue) => SubmitSubscriptionResponseFromJSON(jsonValue));
     }
 
     /**
-     * Change the tenant\'s subscription plan and/or seat count.  OWNER-only on the target tenant. Covers three scenarios with one shape:   - Plan change (with optional seat-count change).   - Pure seat-count change (same plan, different ``num_seats``).   - No-op (same plan, same seats) — returns 200, performs no DB or     Stripe writes.  Optional ``Idempotency-Key`` request header is forwarded to Stripe verbatim (clients that retry the same logical operation MUST send the same value across attempts; Stripe collapses duplicates server- side). Absent the header, the server generates a fresh ``uuid4()`` per call and emits a warning — retries in that case are NOT deduplicated. v1 mock-Stripe doesn\'t care, but the contract is in place for the real integration.
+     * Submit a subscription change (mock-Stripe).  OWNER-only on the target tenant. Validates the request (tenant + plan exist, ``num_seats`` within bounds), submits the (mock-)Stripe subscription update, and returns 202. The plan/seat write is NOT applied here — that happens in ``POST /webhooks/stripe/subscription`` after Stripe confirms the change.  Async two-hop workflow per ``docs/billing_additional_limits.md`` §\"Async payment workflow\": the dev environment exercises the same submit/webhook split as production will when the real Stripe SDK replaces the log-line stub in ``notify_billing``.  Optional ``Idempotency-Key`` request header is forwarded to Stripe verbatim (clients that retry the same logical operation MUST send the same value across attempts; Stripe collapses duplicates server- side). Absent the header, the server generates a fresh ``uuid4()`` per call and emits a warning — but only when a Stripe call is actually about to fire (i.e. the validation passed AND the change is not a no-op). Warning before validation would false-positive on every 4xx and on every redundant submit.  **Header value lands in structured logs.** The header value is forwarded into the ``stripe.update_subscription`` log event\'s ``idempotency_key`` field (and into the eventual real Stripe call). Use opaque random IDs (e.g. ``uuid4()``); do NOT pass user identifiers, tokens, or other sensitive material as the ``Idempotency-Key`` header.
      * Change Tenant Subscription Handler
      */
-    async changeTenantSubscription(requestParameters: ChangeTenantSubscriptionRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<TenantResponse> {
+    async changeTenantSubscription(requestParameters: ChangeTenantSubscriptionRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<SubmitSubscriptionResponse> {
         const response = await this.changeTenantSubscriptionRaw(requestParameters, initOverrides);
         return await response.value();
     }