@reclaimprotocol/client 0.1.0-dev.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (28) hide show
  1. package/lib/client.d.ts +30 -0
  2. package/lib/client.js +107 -0
  3. package/lib/consts.d.ts +3 -0
  4. package/lib/consts.js +4 -0
  5. package/lib/errors.d.ts +5 -0
  6. package/lib/errors.js +22 -0
  7. package/lib/index.d.ts +6 -0
  8. package/lib/index.js +4 -0
  9. package/lib/keypair.d.ts +21 -0
  10. package/lib/keypair.js +51 -0
  11. package/lib/routes.gen.d.ts +279 -0
  12. package/lib/routes.gen.js +75 -0
  13. package/lib/types/index.d.ts +2 -0
  14. package/lib/types/index.js +1 -0
  15. package/lib/types/openapi.d.ts +74 -0
  16. package/lib/types/openapi.gen.d.ts +3989 -0
  17. package/lib/types/openapi.gen.js +5 -0
  18. package/lib/types/openapi.js +1 -0
  19. package/package.json +56 -0
  20. package/src/client.ts +146 -0
  21. package/src/consts.ts +6 -0
  22. package/src/errors.ts +30 -0
  23. package/src/index.ts +10 -0
  24. package/src/keypair.ts +63 -0
  25. package/src/routes.gen.ts +78 -0
  26. package/src/types/index.ts +2 -0
  27. package/src/types/openapi.gen.ts +3990 -0
  28. package/src/types/openapi.ts +80 -0
package/lib/types/openapi.gen.d.ts ADDED
@@ -0,0 +1,3989 @@
1
+ /**
2
+ * This file was auto-generated by openapi-typescript.
3
+ * Do not make direct changes to the file.
4
+ */
5
+ export interface paths {
6
+ "/components_demo": {
7
+ parameters: {
8
+ query?: never;
9
+ header?: never;
10
+ path?: never;
11
+ cookie?: never;
12
+ };
13
+ /**
14
+ * Get demo components
15
+ * @description Retrieve a list of demo components for testing purposes. Only available in development environment.
16
+ */
17
+ get: operations["ComponentsDemo"];
18
+ put?: never;
19
+ post?: never;
20
+ delete?: never;
21
+ options?: never;
22
+ head?: never;
23
+ patch?: never;
24
+ trace?: never;
25
+ };
26
+ "/": {
27
+ parameters: {
28
+ query?: never;
29
+ header?: never;
30
+ path?: never;
31
+ cookie?: never;
32
+ };
33
+ /** Get the homepage */
34
+ get: operations["Index"];
35
+ put?: never;
36
+ post?: never;
37
+ delete?: never;
38
+ options?: never;
39
+ head?: never;
40
+ patch?: never;
41
+ trace?: never;
42
+ };
43
+ "/providers": {
44
+ parameters: {
45
+ query?: never;
46
+ header?: never;
47
+ path?: never;
48
+ cookie?: never;
49
+ };
50
+ /**
51
+ * Search verifications
52
+ * @description Search published Reclaim verifications by domain or data point. A verification is the recipe an end-user follows to prove something about themselves (e.g. "I have N followers on Twitter"). Returns a list of matches. Call this BEFORE `create_provider` — most popular domains already have a public verification you can reuse.
53
+ * Catalog page listing all verifications. Returns a paginated list of verifications the caller can see. Public verifications are visible to everyone; private verifications are only visible to org members.
54
+ */
55
+ get: operations["Providers"];
56
+ put?: never;
57
+ /**
58
+ * Create a verification
59
+ * @description Create a new Reclaim verification. Use this only after `providers` returned nothing useful for the domain. The caller must be an active member of the target organization.
60
+ * Creates a new verification in the specified organization. `visibility` is coerced to `PRIVATE` at creation regardless of what's sent; the author may toggle to `PUBLIC` later via `PATCH /providers/{id}`. While `PRIVATE`, versions go to the go live freely; once `PUBLIC`, non-admin versions need admin review. See `Provider.visibility`.
61
+ * The server also seeds an initial `0.1.0` version on the `draft` branch in the same transaction so the verification is immediately editable. Its `initialUrl` defaults to `https://<domain>`; all other version fields fall back to their schema-declared defaults (structured verification, empty requests, empty web settings). `Provider.latestVersion` stays `null` until the draft is promoted to the live channel.
62
+ */
63
+ post: operations["CreateProvider"];
64
+ delete?: never;
65
+ options?: never;
66
+ head?: never;
67
+ patch?: never;
68
+ trace?: never;
69
+ };
70
+ "/providers/setup": {
71
+ parameters: {
72
+ query?: never;
73
+ header?: never;
74
+ path?: never;
75
+ cookie?: never;
76
+ };
77
+ get?: never;
78
+ put?: never;
79
+ /**
80
+ * Suggest verification fields from a domain/URL scrape
81
+ * @description Pre-flight for `POST /providers`. Accepts a URL or bare
82
+ * domain, scrapes the page head with a short timeout, and
83
+ * returns suggested values (`title`, `slug`, `iconUrl`, brand
84
+ * name) that the caller can review, edit, and submit to
85
+ * `POST /providers`.
86
+ *
87
+ * - HTML / HTMX callers receive the step-2 form HTML
88
+ * pre-filled with the suggestions (swapped into the
89
+ * create-verification dialog body).
90
+ * - JSON / SDK / agent callers receive the same suggestions
91
+ * as a JSON document so they can build their own UI or
92
+ * submit the create request directly.
93
+ *
94
+ * The scrape is best-effort: empty / failing responses simply
95
+ * produce no suggestions for the affected fields.
96
+ */
97
+ post: operations["SetupProviderCreate"];
98
+ delete?: never;
99
+ options?: never;
100
+ head?: never;
101
+ patch?: never;
102
+ trace?: never;
103
+ };
104
+ "/providers/{providerId}/preview.png": {
105
+ parameters: {
106
+ query?: never;
107
+ header?: never;
108
+ path?: never;
109
+ cookie?: never;
110
+ };
111
+ /**
112
+ * Get the verification's OG preview image
113
+ * @description Returns the 1200x630 PNG used in `<meta property="og:image">` for this verification (`Provider.previewImageUrl` points at this route). Rendered server-side on first read, then cached by the standard HTTP cache. The URL is keyed off the verification's preview ETag so it changes whenever the image-affecting fields change (title, iconUrl, effective primaryDataPoint — see `Provider.previewImageUrl`).
114
+ */
115
+ get: operations["ProviderPreviewImage"];
116
+ put?: never;
117
+ post?: never;
118
+ delete?: never;
119
+ options?: never;
120
+ head?: never;
121
+ patch?: never;
122
+ trace?: never;
123
+ };
124
+ "/og/explore.png": {
125
+ parameters: {
126
+ query?: never;
127
+ header?: never;
128
+ path?: never;
129
+ cookie?: never;
130
+ };
131
+ /**
132
+ * Explore-card OG image
133
+ * @description 1200×630 PNG used as `og:image` on the homepage and the providers listing.
134
+ */
135
+ get: operations["ExplorePreviewImage"];
136
+ put?: never;
137
+ post?: never;
138
+ delete?: never;
139
+ options?: never;
140
+ head?: never;
141
+ patch?: never;
142
+ trace?: never;
143
+ };
144
+ "/admin": {
145
+ parameters: {
146
+ query?: never;
147
+ header?: never;
148
+ path?: never;
149
+ cookie?: never;
150
+ };
151
+ /**
152
+ * Admin dashboard (Reclaim staff)
153
+ * @description Admin landing. Returns 403 for non-admin callers (admin = `@reclaimprotocol.org` email; see PRD-1 §3.4).
154
+ */
155
+ get: operations["AdminHome"];
156
+ put?: never;
157
+ post?: never;
158
+ delete?: never;
159
+ options?: never;
160
+ head?: never;
161
+ patch?: never;
162
+ trace?: never;
163
+ };
164
+ "/admin/providers": {
165
+ parameters: {
166
+ query?: never;
167
+ header?: never;
168
+ path?: never;
169
+ cookie?: never;
170
+ };
171
+ /**
172
+ * All verifications (admin-only)
173
+ * @description Admin only. Lists all verifications across all organizations. Supports filtering by visibility, status, and free-text search on title/domain/slug.
174
+ */
175
+ get: operations["AdminProviders"];
176
+ put?: never;
177
+ post?: never;
178
+ delete?: never;
179
+ options?: never;
180
+ head?: never;
181
+ patch?: never;
182
+ trace?: never;
183
+ };
184
+ "/admin/orgs": {
185
+ parameters: {
186
+ query?: never;
187
+ header?: never;
188
+ path?: never;
189
+ cookie?: never;
190
+ };
191
+ /**
192
+ * All workspaces (admin-only)
193
+ * @description Admin only. Lists all organizations. Search matches workspace name or any member's email address.
194
+ */
195
+ get: operations["AdminOrgs"];
196
+ put?: never;
197
+ post?: never;
198
+ delete?: never;
199
+ options?: never;
200
+ head?: never;
201
+ patch?: never;
202
+ trace?: never;
203
+ };
204
+ "/admin/users": {
205
+ parameters: {
206
+ query?: never;
207
+ header?: never;
208
+ path?: never;
209
+ cookie?: never;
210
+ };
211
+ /** User search (admin-only) */
212
+ get: operations["AdminUsers"];
213
+ put?: never;
214
+ post?: never;
215
+ delete?: never;
216
+ options?: never;
217
+ head?: never;
218
+ patch?: never;
219
+ trace?: never;
220
+ };
221
+ "/admin/reviews": {
222
+ parameters: {
223
+ query?: never;
224
+ header?: never;
225
+ path?: never;
226
+ cookie?: never;
227
+ };
228
+ /**
229
+ * Pending review queue (admin-only)
230
+ * @description Admin only. Lists all provider versions currently awaiting review (branch = 'in_review'). Use DecideProviderVersionReview to approve or reject each version.
231
+ */
232
+ get: operations["AdminReviews"];
233
+ put?: never;
234
+ post?: never;
235
+ delete?: never;
236
+ options?: never;
237
+ head?: never;
238
+ patch?: never;
239
+ trace?: never;
240
+ };
241
+ "/admin/themes": {
242
+ parameters: {
243
+ query?: never;
244
+ header?: never;
245
+ path?: never;
246
+ cookie?: never;
247
+ };
248
+ /** All themes (admin-only) */
249
+ get: operations["AdminThemes"];
250
+ put?: never;
251
+ post?: never;
252
+ delete?: never;
253
+ options?: never;
254
+ head?: never;
255
+ patch?: never;
256
+ trace?: never;
257
+ };
258
+ "/providers/{providerId}/transfer": {
259
+ parameters: {
260
+ query?: never;
261
+ header?: never;
262
+ path?: never;
263
+ cookie?: never;
264
+ };
265
+ get?: never;
266
+ put?: never;
267
+ /**
268
+ * Transfer a verification to a different workspace
269
+ * @description Admin-only. Moves the verification's `orgId` to the supplied workspace; preserves slug, versions, members. SQL function `builder.transfer_provider` enforces the admin gate and target existence atomically.
270
+ */
271
+ post: operations["TransferProvider"];
272
+ delete?: never;
273
+ options?: never;
274
+ head?: never;
275
+ patch?: never;
276
+ trace?: never;
277
+ };
278
+ "/sitemap.xml": {
279
+ parameters: {
280
+ query?: never;
281
+ header?: never;
282
+ path?: never;
283
+ cookie?: never;
284
+ };
285
+ /**
286
+ * Catalog sitemap
287
+ * @description XML sitemap listing every publicly-listable provider. Crawlers use it to discover the catalog. The renderer for crawlers (see `system-and-journeys.md`) lives outside the builder, but the sitemap is cheap to serve from the same SQL.
288
+ */
289
+ get: operations["Sitemap"];
290
+ put?: never;
291
+ post?: never;
292
+ delete?: never;
293
+ options?: never;
294
+ head?: never;
295
+ patch?: never;
296
+ trace?: never;
297
+ };
298
+ "/robots.txt": {
299
+ parameters: {
300
+ query?: never;
301
+ header?: never;
302
+ path?: never;
303
+ cookie?: never;
304
+ };
305
+ /** robots.txt */
306
+ get: operations["Robots"];
307
+ put?: never;
308
+ post?: never;
309
+ delete?: never;
310
+ options?: never;
311
+ head?: never;
312
+ patch?: never;
313
+ trace?: never;
314
+ };
315
+ "/openapi.yaml": {
316
+ parameters: {
317
+ query?: never;
318
+ header?: never;
319
+ path?: never;
320
+ cookie?: never;
321
+ };
322
+ /**
323
+ * Get the OpenAPI specification (YAML)
324
+ * @description Returns the OpenAPI 3.0 specification document for this API, with external `$ref`s preserved relative to the spec root. Useful for feeding into API tooling and SDK generators.
325
+ */
326
+ get: operations["OpenApiSpec"];
327
+ put?: never;
328
+ post?: never;
329
+ delete?: never;
330
+ options?: never;
331
+ head?: never;
332
+ patch?: never;
333
+ trace?: never;
334
+ };
335
+ "/docs": {
336
+ parameters: {
337
+ query?: never;
338
+ header?: never;
339
+ path?: never;
340
+ cookie?: never;
341
+ };
342
+ /**
343
+ * View the API reference (Scalar UI)
344
+ * @description Renders an interactive API reference for this service using Scalar, backed by the OpenAPI spec served at `/openapi.yaml`.
345
+ */
346
+ get: operations["Docs"];
347
+ put?: never;
348
+ post?: never;
349
+ delete?: never;
350
+ options?: never;
351
+ head?: never;
352
+ patch?: never;
353
+ trace?: never;
354
+ };
355
+ "/login": {
356
+ parameters: {
357
+ query?: never;
358
+ header?: never;
359
+ path?: never;
360
+ cookie?: never;
361
+ };
362
+ /**
363
+ * Sign-in page
364
+ * @description HTML sign-in form. Submits to `POST /auth/login` via HTMX; the response sets a session cookie and an `HX-Redirect` header to `next` (if provided) or `/me`.
365
+ */
366
+ get: operations["LoginPage"];
367
+ put?: never;
368
+ post?: never;
369
+ delete?: never;
370
+ options?: never;
371
+ head?: never;
372
+ patch?: never;
373
+ trace?: never;
374
+ };
375
+ "/logout": {
376
+ parameters: {
377
+ query?: never;
378
+ header?: never;
379
+ path?: never;
380
+ cookie?: never;
381
+ };
382
+ get?: never;
383
+ put?: never;
384
+ /** Sign out (clears session cookie) */
385
+ post: operations["Logout"];
386
+ delete?: never;
387
+ options?: never;
388
+ head?: never;
389
+ patch?: never;
390
+ trace?: never;
391
+ };
392
+ "/auth/login": {
393
+ parameters: {
394
+ query?: never;
395
+ header?: never;
396
+ path?: never;
397
+ cookie?: never;
398
+ };
399
+ get?: never;
400
+ put?: never;
401
+ /**
402
+ * Dummy sign-in
403
+ * @description **Dummy** sign-in. Returns a token for the supplied email, creating the user (and their personal org) if it doesn't exist. Verifies nothing. Replaced before production; the real auth scheme is not yet chosen.
404
+ */
405
+ post: operations["Login"];
406
+ delete?: never;
407
+ options?: never;
408
+ head?: never;
409
+ patch?: never;
410
+ trace?: never;
411
+ };
412
+ "/me": {
413
+ parameters: {
414
+ query?: never;
415
+ header?: never;
416
+ path?: never;
417
+ cookie?: never;
418
+ };
419
+ /** Get the authenticated user */
420
+ get: operations["GetMe"];
421
+ put?: never;
422
+ post?: never;
423
+ delete?: never;
424
+ options?: never;
425
+ head?: never;
426
+ /** Update the authenticated user's profile */
427
+ patch: operations["UpdateMe"];
428
+ trace?: never;
429
+ };
430
+ "/users/{userId}": {
431
+ parameters: {
432
+ query?: never;
433
+ header?: never;
434
+ path?: never;
435
+ cookie?: never;
436
+ };
437
+ /**
438
+ * Get a user's profile
439
+ * @description Returns a user record. Visible to: the user themselves, or any member of an organization the subject also belongs to.
440
+ */
441
+ get: operations["GetUser"];
442
+ put?: never;
443
+ post?: never;
444
+ delete?: never;
445
+ options?: never;
446
+ head?: never;
447
+ patch?: never;
448
+ trace?: never;
449
+ };
450
+ "/orgs": {
451
+ parameters: {
452
+ query?: never;
453
+ header?: never;
454
+ path?: never;
455
+ cookie?: never;
456
+ };
457
+ /** List organizations the caller belongs to */
458
+ get: operations["ListOrgs"];
459
+ put?: never;
460
+ /**
461
+ * Create an organization
462
+ * @description Creates a new `ORG`-kind organization with the caller as its first `OWNER`. The personal org is created automatically at user signup and is not created via this endpoint.
463
+ */
464
+ post: operations["CreateOrg"];
465
+ delete?: never;
466
+ options?: never;
467
+ head?: never;
468
+ patch?: never;
469
+ trace?: never;
470
+ };
471
+ "/orgs/{orgId}": {
472
+ parameters: {
473
+ query?: never;
474
+ header?: never;
475
+ path?: never;
476
+ cookie?: never;
477
+ };
478
+ /** Get an organization */
479
+ get: operations["GetOrg"];
480
+ put?: never;
481
+ post?: never;
482
+ /**
483
+ * Delete a shared organization
484
+ * @description Owner only. `PERSONAL` organizations cannot be deleted independently of their owning user; deleting a personal org happens implicitly via `DELETE /me`.
485
+ */
486
+ delete: operations["DeleteOrg"];
487
+ options?: never;
488
+ head?: never;
489
+ /**
490
+ * Update an organization
491
+ * @description Owner only.
492
+ */
493
+ patch: operations["UpdateOrg"];
494
+ trace?: never;
495
+ };
496
+ "/orgs/{orgId}/members": {
497
+ parameters: {
498
+ query?: never;
499
+ header?: never;
500
+ path?: never;
501
+ cookie?: never;
502
+ };
503
+ get?: never;
504
+ put?: never;
505
+ /**
506
+ * Invite a member to an organization
507
+ * @description Owner only. Invites a user to the organization by email. The invitee does **not** need to be a registered user — an invite is created in either case, and an email is dispatched. The new row is returned with `status: PENDING`; it flips to `ACTIVE` on first sign-in by the invited email. `PERSONAL` organizations reject this call (409). In the current milestone the email is not actually dispatched — the invite is auto-claimed when the invitee next signs in.
508
+ */
509
+ post: operations["AddOrgMember"];
510
+ delete?: never;
511
+ options?: never;
512
+ head?: never;
513
+ patch?: never;
514
+ trace?: never;
515
+ };
516
+ "/orgs/{orgId}/members/{memberId}": {
517
+ parameters: {
518
+ query?: never;
519
+ header?: never;
520
+ path?: never;
521
+ cookie?: never;
522
+ };
523
+ get?: never;
524
+ put?: never;
525
+ post?: never;
526
+ /**
527
+ * Remove a member or revoke an invite
528
+ * @description Removes an active member or revokes a pending invite. An owner can act on any row; any active member can remove themselves (leave). The last `ACTIVE` `OWNER` cannot leave or be removed.
529
+ */
530
+ delete: operations["RemoveOrgMember"];
531
+ options?: never;
532
+ head?: never;
533
+ /**
534
+ * Change a member's role in an organization
535
+ * @description Owner only. Works for both `PENDING` invites and `ACTIVE` members. The last `ACTIVE` `OWNER` cannot be demoted; at least one active owner must always remain (pending invites do not count).
536
+ */
537
+ patch: operations["UpdateOrgMember"];
538
+ trace?: never;
539
+ };
540
+ "/orgs/{orgId}/icon": {
541
+ parameters: {
542
+ query?: never;
543
+ header?: never;
544
+ path?: never;
545
+ cookie?: never;
546
+ };
547
+ get?: never;
548
+ /**
549
+ * Upload (or replace) the organization's avatar
550
+ * @description Owner only. Accepts a single image file via multipart form (`file`). The server persists the bytes (currently in Postgres as a blob, see `images` table), updates the org's `iconUrl` to the public URL of the stored image, and returns the updated `Organization`.
551
+ */
552
+ put: operations["UpdateOrgIcon"];
553
+ post?: never;
554
+ /** Clear the organization's avatar */
555
+ delete: operations["DeleteOrgIcon"];
556
+ options?: never;
557
+ head?: never;
558
+ patch?: never;
559
+ trace?: never;
560
+ };
561
+ "/orgs/{orgId}/themes": {
562
+ parameters: {
563
+ query?: never;
564
+ header?: never;
565
+ path?: never;
566
+ cookie?: never;
567
+ };
568
+ /** List themes owned by an organization */
569
+ get: operations["ListThemes"];
570
+ put?: never;
571
+ /**
572
+ * Create a theme in an organization
573
+ * @description Caller must be a member of the organization.
574
+ */
575
+ post: operations["CreateTheme"];
576
+ delete?: never;
577
+ options?: never;
578
+ head?: never;
579
+ patch?: never;
580
+ trace?: never;
581
+ };
582
+ "/orgs/{orgId}/themes/{themeId}": {
583
+ parameters: {
584
+ query?: never;
585
+ header?: never;
586
+ path?: never;
587
+ cookie?: never;
588
+ };
589
+ /** Get a theme */
590
+ get: operations["GetTheme"];
591
+ put?: never;
592
+ post?: never;
593
+ /** Delete a theme */
594
+ delete: operations["DeleteTheme"];
595
+ options?: never;
596
+ head?: never;
597
+ /** Update a theme */
598
+ patch: operations["UpdateTheme"];
599
+ trace?: never;
600
+ };
601
+ "/orgs/{orgId}/credentials": {
602
+ parameters: {
603
+ query?: never;
604
+ header?: never;
605
+ path?: never;
606
+ cookie?: never;
607
+ };
608
+ /**
609
+ * List credentials linked to an organization
610
+ * @description Returns every credential whose `orgId` equals the path parameter. Caller must be an active member of the org.
611
+ */
612
+ get: operations["ListOrgCredentials"];
613
+ put?: never;
614
+ post?: never;
615
+ delete?: never;
616
+ options?: never;
617
+ head?: never;
618
+ patch?: never;
619
+ trace?: never;
620
+ };
621
+ "/orgs/{orgId}/billing": {
622
+ parameters: {
623
+ query?: never;
624
+ header?: never;
625
+ path?: never;
626
+ cookie?: never;
627
+ };
628
+ /**
629
+ * Get the billing record for an organization
630
+ * @description Owner only. Returns `404` when no billing has been set; presence of the row is what promotes the org's credentials out of sandbox mode (see `Credential.mode`).
631
+ */
632
+ get: operations["GetOrgBilling"];
633
+ /**
634
+ * Add or update billing details for an organization
635
+ * @description Owner only. Upserts the billing row. The first successful call flips every credential linked to this org from `SANDBOX` to `PRODUCTION` (see `Credential.mode`). Subsequent calls update the contact fields without affecting credential mode.
636
+ */
637
+ put: operations["UpdateOrgBilling"];
638
+ post?: never;
639
+ /**
640
+ * Remove billing details for an organization
641
+ * @description Owner only. Deleting billing drops every credential linked to this org back to `SANDBOX` mode immediately.
642
+ */
643
+ delete: operations["DeleteOrgBilling"];
644
+ options?: never;
645
+ head?: never;
646
+ patch?: never;
647
+ trace?: never;
648
+ };
649
+ "/credentials": {
650
+ parameters: {
651
+ query?: never;
652
+ header?: never;
653
+ path?: never;
654
+ cookie?: never;
655
+ };
656
+ get?: never;
657
+ put?: never;
658
+ /**
659
+ * Link a credential to an organization
660
+ * @description Links an ETH credential to an organization — registering it directly, or attaching an already-known one (matched by `address`). The private key MUST NOT leave the client — only the derived address and uncompressed public key are sent. `orgId` is required and the caller must be allowed to edit it. Idempotent for the same `(address, orgId)`. (Anonymous credentials live client-side; they are only stored here once linked.)
661
+ */
662
+ post: operations["LinkCredential"];
663
+ delete?: never;
664
+ options?: never;
665
+ head?: never;
666
+ patch?: never;
667
+ trace?: never;
668
+ };
669
+ "/credentials/by-address/{address}": {
670
+ parameters: {
671
+ query?: never;
672
+ header?: never;
673
+ path?: never;
674
+ cookie?: never;
675
+ };
676
+ /**
677
+ * Look up a credential by its lowercase ETH address
678
+ * @description Companion to `GET /credentials/{credentialId}`. The MCP / CLI knows the credential by its address (the public handle the user actually types) rather than by its UUID id, so this shortcut returns the same `Credential` shape keyed on the address. Visibility rules mirror `GetCredential`: anonymous credentials are world-readable; linked credentials are visible only to active members of the owning org. Bumps `lastUsedAt` so the dashboard shows liveness.
679
+ */
680
+ get: operations["GetCredentialByAddress"];
681
+ put?: never;
682
+ post?: never;
683
+ delete?: never;
684
+ options?: never;
685
+ head?: never;
686
+ patch?: never;
687
+ trace?: never;
688
+ };
689
+ "/credentials/{credentialId}": {
690
+ parameters: {
691
+ query?: never;
692
+ header?: never;
693
+ path?: never;
694
+ cookie?: never;
695
+ };
696
+ /**
697
+ * Get a credential
698
+ * @description Returns the credential row. Visibility: anyone can fetch an anonymous (`orgId` null) credential by id; linked credentials are visible only to active members of the owning org.
699
+ */
700
+ get: operations["GetCredential"];
701
+ put?: never;
702
+ post?: never;
703
+ /**
704
+ * Revoke a credential
705
+ * @description Soft-revokes the credential (sets `revokedAt`). Allowed for the creating user (anonymous credentials), an active OWNER of the owning org (linked credentials), or a Reclaim admin. Revoked credentials cannot be used for verification and cannot be re-linked.
706
+ */
707
+ delete: operations["RevokeCredential"];
708
+ options?: never;
709
+ head?: never;
710
+ patch?: never;
711
+ trace?: never;
712
+ };
713
+ "/credentials/auth/challenge": {
714
+ parameters: {
715
+ query?: never;
716
+ header?: never;
717
+ path?: never;
718
+ cookie?: never;
719
+ };
720
+ get?: never;
721
+ put?: never;
722
+ /**
723
+ * Issue a sign-in challenge for a credential
724
+ * @description Future endpoint. Returns a short-lived nonce the client signs with its private key (EIP-4361 / SIWE message). The signed nonce is then exchanged via `POST /credentials/auth/verify` for a bearer token. Currently returns `501 Not Implemented`.
725
+ */
726
+ post: operations["CredentialAuthChallenge"];
727
+ delete?: never;
728
+ options?: never;
729
+ head?: never;
730
+ patch?: never;
731
+ trace?: never;
732
+ };
733
+ "/credentials/auth/verify": {
734
+ parameters: {
735
+ query?: never;
736
+ header?: never;
737
+ path?: never;
738
+ cookie?: never;
739
+ };
740
+ get?: never;
741
+ put?: never;
742
+ /**
743
+ * Verify a signed challenge and exchange for a bearer token
744
+ * @description Future endpoint. Verifies that `signature` over the issued challenge recovers an address matching a registered (and non-revoked) credential, then returns a short-lived bearer token bound to that credential. Currently returns `501 Not Implemented`.
745
+ */
746
+ post: operations["CredentialAuthVerify"];
747
+ delete?: never;
748
+ options?: never;
749
+ head?: never;
750
+ patch?: never;
751
+ trace?: never;
752
+ };
753
+ "/credentials/attach/sessions": {
754
+ parameters: {
755
+ query?: never;
756
+ header?: never;
757
+ path?: never;
758
+ cookie?: never;
759
+ };
760
+ get?: never;
761
+ put?: never;
762
+ /**
763
+ * Open a device-pairing session to authorize a device
764
+ * @description Opens a short-lived (15-minute) device-pairing session. The CLI / MCP needs a bearer token to make authenticated API calls: the human opens `attachUrl`, signs in, and taps "Authorize this device". On confirmation the CLI receives a 2-day auth token via `GetAttachSession` polling. Linking a credential to an org is a separate step (`POST /credentials`) and is not part of pairing.
765
+ */
766
+ post: operations["CreateAttachSession"];
767
+ delete?: never;
768
+ options?: never;
769
+ head?: never;
770
+ patch?: never;
771
+ trace?: never;
772
+ };
773
+ "/credentials/attach/sessions/{code}": {
774
+ parameters: {
775
+ query?: never;
776
+ header?: never;
777
+ path?: never;
778
+ cookie?: never;
779
+ };
780
+ /**
781
+ * Poll a pairing session
782
+ * @description Anonymous poll endpoint used by the CLI / MCP while it waits for the human to complete the dashboard step. Once `status` is `LINKED`, the response includes a `token` (2-day bearer token) the CLI / MCP can use for authenticated API calls. Expired or unknown codes return `404`.
783
+ */
784
+ get: operations["GetAttachSession"];
785
+ put?: never;
786
+ post?: never;
787
+ delete?: never;
788
+ options?: never;
789
+ head?: never;
790
+ patch?: never;
791
+ trace?: never;
792
+ };
793
+ "/credentials/attach/sessions/{code}/confirm": {
794
+ parameters: {
795
+ query?: never;
796
+ header?: never;
797
+ path?: never;
798
+ cookie?: never;
799
+ };
800
+ get?: never;
801
+ put?: never;
802
+ /**
803
+ * Confirm a pairing session and authorize the device
804
+ * @description Called by the dashboard once the user has typed the code and clicked "Authorize this device". Server verifies the session is still `PENDING`, issues a 2-day bearer token for the signed-in user, and flips the session to `LINKED`.
805
+ */
806
+ post: operations["ConfirmAttachSession"];
807
+ delete?: never;
808
+ options?: never;
809
+ head?: never;
810
+ patch?: never;
811
+ trace?: never;
812
+ };
813
+ "/attach/{code}": {
814
+ parameters: {
815
+ query?: never;
816
+ header?: never;
817
+ path?: never;
818
+ cookie?: never;
819
+ };
820
+ /**
821
+ * Device-pairing page pre-filled with a code
822
+ * @description Same as `GET /attach`, but the form arrives pre-filled with `code`. The link the CLI / MCP shows points here so users only copy a single URL.
823
+ */
824
+ get: operations["AttachPage"];
825
+ put?: never;
826
+ post?: never;
827
+ delete?: never;
828
+ options?: never;
829
+ head?: never;
830
+ patch?: never;
831
+ trace?: never;
832
+ };
833
+ "/images/{imageId}": {
834
+ parameters: {
835
+ query?: never;
836
+ header?: never;
837
+ path?: never;
838
+ cookie?: never;
839
+ };
840
+ /**
841
+ * Serve the bytes of a stored image
842
+ * @description Returns the raw bytes of the uploaded image with the original `Content-Type`. The URL is content-addressed (by image id) so the response is immutable — long `Cache-Control: max-age` is applied. Images are referenced via parent records (e.g. `Organization.iconUrl`).
843
+ */
844
+ get: operations["GetImage"];
845
+ put?: never;
846
+ post?: never;
847
+ delete?: never;
848
+ options?: never;
849
+ head?: never;
850
+ patch?: never;
851
+ trace?: never;
852
+ };
853
+ "/providers/{providerId}": {
854
+ parameters: {
855
+ query?: never;
856
+ header?: never;
857
+ path?: never;
858
+ cookie?: never;
859
+ };
860
+ /**
861
+ * Get a verification
862
+ * @description Fetch a single Reclaim verification by id. Returns every field needed
863
+ * to integrate it into a flow: domain, the live version (initialUrl + requests),
864
+ * and the data points it can prove. Use `providers` first if you only
865
+ * have a query string.
866
+ *
867
+ * Returns the verification record.
868
+ *
869
+ * **Canonical URL.** For SEO and stable sharing, the canonical
870
+ * HTML URL for a verification is `/providers/{providerId}/{slug}`
871
+ * (see `GetProviderBySlug`). HTML callers (`Accept: text/html`)
872
+ * that hit this route — which omits the slug — receive a `301`
873
+ * redirect to the slugged URL. JSON callers
874
+ * (`Accept: application/json`) receive the body directly without
875
+ * redirect; the slug is on the response.
876
+ */
877
+ get: operations["GetProvider"];
878
+ put?: never;
879
+ post?: never;
880
+ /**
881
+ * Delete a verification
882
+ * @description Owner of the verification's organization only. Soft-archives the verification (sets `status` to `ARCHIVED`) so historical references remain resolvable. Supports optimistic concurrency via `If-Match`.
883
+ */
884
+ delete: operations["DeleteProvider"];
885
+ options?: never;
886
+ head?: never;
887
+ /**
888
+ * Update a verification
889
+ * @description Update a Reclaim verification's metadata. Partial PATCH — pass only fields you want to change. The caller must be an active member of the owning organization. To change the verification's recipe (initialUrl, requests, …) cut a new version via the dashboard. Use `seo` to control how the verification appears in search results and social shares; omit a subfield to keep the server default.
890
+ * Caller must be a member of the verification's owning organization. `id`, `orgId`, and `slug` are immutable. Supports optimistic concurrency via `If-Match`.
891
+ */
892
+ patch: operations["UpdateProvider"];
893
+ trace?: never;
894
+ };
895
+ "/providers/{providerId}/{slug}": {
896
+ parameters: {
897
+ query?: never;
898
+ header?: never;
899
+ path?: never;
900
+ cookie?: never;
901
+ };
902
+ /**
903
+ * Get a verification (canonical slugged URL)
904
+ * @description Canonical HTML URL for a verification. The slug in the path is
905
+ * primarily an SEO and link-readability affordance — the
906
+ * verification is resolved by `providerId`.
907
+ *
908
+ * - If `slug` matches the verification's current slug, returns the
909
+ * resource (HTML or JSON per `Accept`).
910
+ * - If `slug` does not match (e.g. the verification was renamed since
911
+ * the URL was minted), HTML callers receive a `301` redirect
912
+ * to this same route with the *current* slug. JSON callers
913
+ * receive the resource directly with `200` regardless of slug
914
+ * correctness; SDKs should read the canonical slug off the
915
+ * response.
916
+ *
917
+ * Mutating operations (`PATCH` / `DELETE`) are only on
918
+ * `/providers/{providerId}` — they don't need a canonical URL.
919
+ */
920
+ get: operations["GetProviderBySlug"];
921
+ put?: never;
922
+ post?: never;
923
+ delete?: never;
924
+ options?: never;
925
+ head?: never;
926
+ patch?: never;
927
+ trace?: never;
928
+ };
929
+ "/providers/{providerId}/versions": {
930
+ parameters: {
931
+ query?: never;
932
+ header?: never;
933
+ path?: never;
934
+ cookie?: never;
935
+ };
936
+ /**
937
+ * List a verification's versions
938
+ * @description Lists versions visible to the caller. Non-public branches (`ai`, `draft`, `in_review`, `rejected`) are only visible to members of the verification's owning organization.
939
+ */
940
+ get: operations["ListProviderVersions"];
941
+ put?: never;
942
+ /**
943
+ * Create a new verification version
944
+ * @description Creates a new version of the verification. The starting branch
945
+ * depends on the verification's `visibility` and the caller's role:
946
+ *
947
+ * - `PRIVATE` verification (any caller): the live channel (no review).
948
+ *
949
+ * - `PUBLIC` verification, admin caller (Reclaim staff): the live channel
950
+ * (no review).
951
+ *
952
+ * - `PUBLIC` verification, non-admin caller: `draft` (or `ai` if
953
+ * authored by the AI assistant). Must pass review (see
954
+ * `POST /providers/{id}/versions/{version}/review`) before
955
+ * reaching the live channel.
956
+ */
957
+ post: operations["CreateProviderVersion"];
958
+ delete?: never;
959
+ options?: never;
960
+ head?: never;
961
+ patch?: never;
962
+ trace?: never;
963
+ };
964
+ "/providers/{providerId}/versions/{version}": {
965
+ parameters: {
966
+ query?: never;
967
+ header?: never;
968
+ path?: never;
969
+ cookie?: never;
970
+ };
971
+ /** Get a specific verification version */
972
+ get: operations["GetProviderVersion"];
973
+ put?: never;
974
+ post?: never;
975
+ /**
976
+ * Delete a verification version
977
+ * @description Soft-archives a version on the `draft`, `ai`, or `rejected` branch — sets `status` to `ARCHIVED` so history is preserved. Trunk (live) and `in_review` versions cannot be archived this way; archive the parent verification instead. Supports optimistic concurrency via `If-Match`.
978
+ */
979
+ delete: operations["DeleteProviderVersion"];
980
+ options?: never;
981
+ head?: never;
982
+ /**
983
+ * Update a verification version
984
+ * @description Mutable only while the version is on the `draft` or `rejected` branch. Versions on `in_review` or the live channel reject all writes here. Caller must be a member of the verification's owning organization. Supports optimistic concurrency via `If-Match`.
985
+ */
986
+ patch: operations["UpdateProviderVersion"];
987
+ trace?: never;
988
+ };
989
+ "/providers/{providerId}/versions/{version}/review": {
990
+ parameters: {
991
+ query?: never;
992
+ header?: never;
993
+ path?: never;
994
+ cookie?: never;
995
+ };
996
+ get?: never;
997
+ put?: never;
998
+ /**
999
+ * Submit a verification version for review
1000
+ * @description Submits a verification version (currently on the `draft` or `rejected` branch) for admin review. On success the version's branch transitions to `in_review`. Callable by any authenticated member of the verification's owning org. Meaningful only on `PUBLIC` verifications — on `PRIVATE` verifications new versions go to the live channel directly and never need review.
1001
+ */
1002
+ post: operations["SubmitProviderVersionForReview"];
1003
+ delete?: never;
1004
+ options?: never;
1005
+ head?: never;
1006
+ patch?: never;
1007
+ trace?: never;
1008
+ };
1009
+ "/providers/{providerId}/versions/{version}/review-decision": {
1010
+ parameters: {
1011
+ query?: never;
1012
+ header?: never;
1013
+ path?: never;
1014
+ cookie?: never;
1015
+ };
1016
+ get?: never;
1017
+ put?: never;
1018
+ /**
1019
+ * Record a decision on a verification version review
1020
+ * @description Admin only (Reclaim staff). Approves or rejects a verification version currently on the `in_review` branch. `APPROVED` clears the branch tag and promotes the version to the live channel; `REJECTED` moves it to the `rejected` branch where the author can address feedback and resubmit. A rejected version stays rejected — the author either fixes and resubmits, or abandons it.
1021
+ * Until RBAC is designed, "admin" is detected via the user's email domain (`@reclaimprotocol.org`). Non-admin callers receive a 403.
1022
+ */
1023
+ post: operations["DecideProviderVersionReview"];
1024
+ delete?: never;
1025
+ options?: never;
1026
+ head?: never;
1027
+ patch?: never;
1028
+ trace?: never;
1029
+ };
1030
+ "/providers/{providerId}/versions/{version}/publish": {
1031
+ parameters: {
1032
+ query?: never;
1033
+ header?: never;
1034
+ path?: never;
1035
+ cookie?: never;
1036
+ };
1037
+ get?: never;
1038
+ put?: never;
1039
+ /**
1040
+ * Publish a draft version directly (PRIVATE providers only)
1041
+ * @description Publishes a verification version on the `draft` branch directly to the live channel (trunk). Only allowed for PRIVATE providers — PUBLIC providers must use the review flow (`POST .../review` → admin decision). On success the version's branch transitions from `draft` to `null` (trunk/live).
1042
+ */
1043
+ post: operations["PublishProviderVersion"];
1044
+ delete?: never;
1045
+ options?: never;
1046
+ head?: never;
1047
+ patch?: never;
1048
+ trace?: never;
1049
+ };
1050
+ "/providers/{providerId}/request-public": {
1051
+ parameters: {
1052
+ query?: never;
1053
+ header?: never;
1054
+ path?: never;
1055
+ cookie?: never;
1056
+ };
1057
+ get?: never;
1058
+ put?: never;
1059
+ /**
1060
+ * Request public listing for a PRIVATE provider
1061
+ * @description Submits a PRIVATE provider's latest trunk version for admin review. When approved, the provider's visibility becomes PUBLIC and all future versions require review before going live. Fails if the provider is already PUBLIC or has no live versions.
1062
+ */
1063
+ post: operations["RequestPublicListing"];
1064
+ delete?: never;
1065
+ options?: never;
1066
+ head?: never;
1067
+ patch?: never;
1068
+ trace?: never;
1069
+ };
1070
+ "/providers/{providerId}/make-private": {
1071
+ parameters: {
1072
+ query?: never;
1073
+ header?: never;
1074
+ path?: never;
1075
+ cookie?: never;
1076
+ };
1077
+ get?: never;
1078
+ put?: never;
1079
+ /**
1080
+ * Change a PUBLIC provider back to PRIVATE
1081
+ * @description Changes a PUBLIC provider's visibility to PRIVATE. Unlike the reverse (PRIVATE → PUBLIC), this does not require review since it restricts rather than expands access. Existing live versions remain but are no longer publicly listed.
1082
+ */
1083
+ post: operations["MakePrivate"];
1084
+ delete?: never;
1085
+ options?: never;
1086
+ head?: never;
1087
+ patch?: never;
1088
+ trace?: never;
1089
+ };
1090
+ "/providers/{providerId}/versions/{version}/cancel-review": {
1091
+ parameters: {
1092
+ query?: never;
1093
+ header?: never;
1094
+ path?: never;
1095
+ cookie?: never;
1096
+ };
1097
+ get?: never;
1098
+ put?: never;
1099
+ /**
1100
+ * Cancel a pending public listing review request
1101
+ * @description Cancels a pending public listing request by moving the version from `in_review` back to `draft`. Only org members can cancel their own review requests. This allows users to withdraw a request before admin review if they change their mind.
1102
+ */
1103
+ post: operations["CancelPublicListingRequest"];
1104
+ delete?: never;
1105
+ options?: never;
1106
+ head?: never;
1107
+ patch?: never;
1108
+ trace?: never;
1109
+ };
1110
+ }
1111
+ export type webhooks = Record<string, never>;
1112
+ export interface components {
1113
+ schemas: {
1114
+ /** @example <html><body><h1>Hello, World!</h1></body></html> */
1115
+ HtmlContent: string;
1116
+ /** Format: uuid */
1117
+ UserID: string;
1118
+ /** Format: date-time */
1119
+ Timestamp: string;
1120
+ /** Format: uuid */
1121
+ ProviderID: string;
1122
+ /** Format: uuid */
1123
+ OrgID: string;
1124
+ /** Format: uuid */
1125
+ ThemeID: string;
1126
+ /**
1127
+ * Format: uuid
1128
+ * @description Stable id for an `OrganizationMember` row. Used as the path component for member operations because pending invites do not yet have an associated `userId`.
1129
+ */
1130
+ MemberID: string;
1131
+ /**
1132
+ * Format: uuid
1133
+ * @description Stable id for a `Credential` row.
1134
+ */
1135
+ CredentialID: string;
1136
+ /** @description Lowercase Ethereum address (no EIP-55 mixed-case checksum). The client derives this from the public key via keccak-256 of the uncompressed pubkey minus the `0x04` prefix, taking the last 20 bytes. The server re-validates the format on insert but does not re-derive from the public key — that match is the client's responsibility. */
1137
+ EthAddress: string;
1138
+ /**
1139
+ * @description Live-derived operating mode of a credential.
1140
+ *
1141
+ * - `SANDBOX`: default. A credential is in sandbox iff it is
1142
+ * **either** not linked to any org **or** linked to an org
1143
+ * without a billing record. Sandbox is informational only —
1144
+ * there is no quota or usage tracking today.
1145
+ *
1146
+ * - `PRODUCTION`: linked to an org that has billing on file.
1147
+ *
1148
+ * - `REVOKED`: credential has been revoked and cannot be used.
1149
+ *
1150
+ * Mode is recomputed at read time from
1151
+ * `(orgId, organizationHasBilling, revokedAt)` — it is never
1152
+ * stored as a column.
1153
+ * @enum {string}
1154
+ */
1155
+ CredentialMode: "SANDBOX" | "PRODUCTION" | "REVOKED";
1156
+ /** @description Five-character device-pairing code. The CLI / MCP shows this to the user, who types it into the dashboard's `/attach` page to confirm the link. Always uppercase alphanumeric; chars `O`/`0` and `I`/`1` are excluded to avoid ambiguity when copied from a terminal. */
1157
+ AttachCode: string;
1158
+ /**
1159
+ * @description Lifecycle state of a `CredentialAttachSession`.
1160
+ *
1161
+ * - `PENDING`: session created by the CLI / MCP, waiting for the
1162
+ * dashboard user to confirm.
1163
+ * - `LINKED`: dashboard user confirmed; the device is authorized
1164
+ * and a bearer `token` has been issued. Terminal state.
1165
+ * - `EXPIRED`: session passed its `expiresAt` without a confirm.
1166
+ * Terminal state — the CLI / MCP must open a fresh session.
1167
+ * @enum {string}
1168
+ */
1169
+ AttachStatus: "PENDING" | "LINKED" | "EXPIRED";
1170
+ /** @description RFC 9457 Problem Details for HTTP APIs. Returned by JSON callers with `Content-Type: application/problem+json`. HTML callers receive an error page with the same HTTP status instead of this body. */
1171
+ Problem: {
1172
+ /**
1173
+ * Format: uri-reference
1174
+ * @description URI reference identifying the problem type. Defaults to `about:blank`, in which case `title` MUST be the standard HTTP reason phrase.
1175
+ * @default about:blank
1176
+ */
1177
+ type: string;
1178
+ /** @description Short, human-readable summary of the problem type. */
1179
+ title?: string;
1180
+ /** @description HTTP status code generated by the origin server. */
1181
+ status?: number;
1182
+ /** @description Human-readable explanation specific to this occurrence. Not a substitute for `type` — clients machine-read `type`, humans read `detail`. */
1183
+ detail?: string;
1184
+ /**
1185
+ * Format: uri-reference
1186
+ * @description URI reference identifying this specific occurrence (often the request id or a log link). Useful for cross-referencing with server logs.
1187
+ */
1188
+ instance?: string;
1189
+ };
1190
+ /**
1191
+ * @description The visibility of the entity.
1192
+ *
1193
+ * - `PRIVATE`: Only the owner can see the entity.
1194
+ *
1195
+ * - `PUBLIC`: Anyone can see the entity.
1196
+ * @enum {string}
1197
+ */
1198
+ EntityVisibility: "PRIVATE" | "PUBLIC";
1199
+ /**
1200
+ * @description The status of the entity.
1201
+ *
1202
+ * - `ACTIVE`: The entity is active.
1203
+ *
1204
+ * - `ARCHIVED`: The entity is archived.
1205
+ * @enum {string}
1206
+ */
1207
+ EntityStatus: "ACTIVE" | "ARCHIVED";
1208
+ /**
1209
+ * @description - `PERSONAL`: Auto-provisioned at user signup. Exactly one
1210
+ * `OWNER`, no other members.
1211
+ *
1212
+ * - `ORG`: Explicitly created via `POST /orgs`. Multiple
1213
+ * members, always ≥ 1 active `OWNER`.
1214
+ * @enum {string}
1215
+ */
1216
+ OrganizationKind: "PERSONAL" | "ORG";
1217
+ /** @description A free-form label attached to an entity for grouping and filtering in listings. Must start and end with an alphanumeric character; only ASCII letters, digits, spaces, and hyphens are allowed between. */
1218
+ Tag: string;
1219
+ ActorMetadata: {
1220
+ id: components["schemas"]["UserID"];
1221
+ doneAt: components["schemas"]["Timestamp"];
1222
+ /** @description Free-form notes from actor describing this change */
1223
+ notes?: string;
1224
+ };
1225
+ /** @description A registered user of the platform. Every newly created user is automatically granted a personal organization (see `Organization.kind = PERSONAL`) whose id is exposed here as `personalOrgId`. */
1226
+ User: {
1227
+ id: components["schemas"]["UserID"];
1228
+ /**
1229
+ * Format: email
1230
+ * @description User's verified email address. Used as the login identifier.
1231
+ */
1232
+ email: string;
1233
+ /** @description Timestamp of when the user's email was verified. */
1234
+ emailVerifiedAt?: components["schemas"]["Timestamp"];
1235
+ /** @description Display name of the user. */
1236
+ name: string;
1237
+ /** @description ID of the user's auto-created personal organization. This organization is provisioned the moment the user is created and cannot be deleted independently of the user. */
1238
+ personalOrgId: components["schemas"]["OrgID"];
1239
+ createMetadata: components["schemas"]["ActorMetadata"];
1240
+ updateMetadata: components["schemas"]["ActorMetadata"];
1241
+ };
1242
+ /**
1243
+ * @description Role a user holds in an organization. `OWNER` can invite, promote, demote, and remove members, and delete the org. `MEMBER` has read/write access to resources owned by the org but cannot manage membership. `PERSONAL` orgs have exactly one `OWNER` and reject all member-mutating operations.
1244
+ * @enum {string}
1245
+ */
1246
+ OrganizationMemberRole: "OWNER" | "MEMBER";
1247
+ /** @description A row in an organization's member list. Covers both pending invites and active members; distinguish via `status`. The invitee does not need to be a registered user when the invite is created — they are invited by email. Once they sign in for the first time the row is upgraded to `ACTIVE` and `userId` / `joinedAt` are populated. `id` is the stable handle used in member-mutating endpoints. */
1248
+ OrganizationMember: {
1249
+ id: components["schemas"]["MemberID"];
1250
+ /** @description Set once the invitee has a `User` record and the invite is `ACTIVE`. Absent for `PENDING` invites whose email does not yet match a registered user. */
1251
+ userId?: components["schemas"]["UserID"];
1252
+ /**
1253
+ * Format: email
1254
+ * @description Email the invite was sent to. Stable for the lifetime of the row; it is the natural identifier of the invitee before they have a `userId`.
1255
+ */
1256
+ email: string;
1257
+ role: components["schemas"]["OrganizationMemberRole"];
1258
+ /**
1259
+ * @description - `PENDING`: invite issued, not yet accepted.
1260
+ * - `ACTIVE`: invite accepted; the row represents an active
1261
+ * member of the organization.
1262
+ * @enum {string}
1263
+ */
1264
+ status: "PENDING" | "ACTIVE";
1265
+ /** @description Timestamp the invite was issued. */
1266
+ invitedAt: components["schemas"]["Timestamp"];
1267
+ /** @description Timestamp the invite was accepted. Absent while `status` is `PENDING`. */
1268
+ joinedAt?: components["schemas"]["Timestamp"];
1269
+ };
1270
+ /** @description A workspace that owns providers and other resources. Every user gets exactly one `PERSONAL` organization on signup; additional `ORG` organizations can be created and have multiple members. */
1271
+ Organization: {
1272
+ id: components["schemas"]["OrgID"];
1273
+ /** @description Display name of the organization. For `PERSONAL` orgs this defaults to the owner's name and may be edited by the owner. */
1274
+ name: string;
1275
+ /** @description Whether this is a user's personal org or a shared org. */
1276
+ kind: components["schemas"]["OrganizationKind"];
1277
+ /**
1278
+ * Format: uri
1279
+ * @description Public URL for the org avatar. Set via `PUT /orgs/{orgId}/icon` (multipart upload) or cleared via `DELETE /orgs/{orgId}/icon`. Bytes are persisted server-side and served from `/images/{imageId}`.
1280
+ */
1281
+ iconUrl?: string;
1282
+ /** @description Marker for system-managed singleton orgs. `'reclaim-staff'` identifies the auto-membership org that every `@reclaimprotocol.org` user is enrolled into on login (PRD-1 §3). Absent on normal user-created orgs. Names, status, and lifecycle of system-managed orgs are server-protected — clients cannot rename, archive, or delete them. */
1283
+ readonly systemId?: string;
1284
+ /** @description All users with a role in this organization. Always contains at least one `OWNER`. `PERSONAL` orgs contain exactly one member. */
1285
+ members: components["schemas"]["OrganizationMember"][];
1286
+ /** @description Providers owned by this organization. */
1287
+ providers?: components["schemas"]["ProviderListItem"][];
1288
+ /** @description Themes owned by this organization. */
1289
+ themes?: components["schemas"]["Theme"][];
1290
+ /** @description Ethereum credentials linked to this organization. Only populated on the org-detail endpoint and only visible to active members. */
1291
+ credentials?: components["schemas"]["Credential"][];
1292
+ /** @description Billing record attached to the org, if any. Owner-visible only; absent for members. Presence promotes every linked credential out of sandbox mode. */
1293
+ billing?: components["schemas"]["OrgBilling"];
1294
+ createMetadata: components["schemas"]["ActorMetadata"];
1295
+ updateMetadata: components["schemas"]["ActorMetadata"];
1296
+ /**
1297
+ * @description Status of the org.
1298
+ * @default ACTIVE
1299
+ */
1300
+ status: components["schemas"]["EntityStatus"];
1301
+ };
1302
+ /** @description A visual theme owned by an organization. Customizes the **end-user verification UX** rendered inside apps that integrate the Reclaim client SDK — brand colors, logos, and copy shown to end-users while they verify. Not applied to the builder UI itself. */
1303
+ Theme: {
1304
+ id: components["schemas"]["ThemeID"];
1305
+ /** @description Organization that owns this theme. */
1306
+ orgId: components["schemas"]["OrgID"];
1307
+ /** @description Human-readable name of the theme. */
1308
+ label: string;
1309
+ /**
1310
+ * Format: uri
1311
+ * @description URL to a square icon image used to represent this theme.
1312
+ */
1313
+ iconUrl?: string;
1314
+ createMetadata: components["schemas"]["ActorMetadata"];
1315
+ updateMetadata: components["schemas"]["ActorMetadata"];
1316
+ /**
1317
+ * @description Status of the theme.
1318
+ * @default ACTIVE
1319
+ */
1320
+ status: components["schemas"]["EntityStatus"];
1321
+ };
1322
+ /** @description A client-generated Ethereum credential registered with the builder. Identified by its lowercase ETH `address` — the only field stored server-side. The private key NEVER leaves the client and the public key is never sent (the address is derived from the key client-side). A credential is either anonymous (`orgId` absent) or linked to exactly one organization. Linking is one-way: a linked credential cannot be moved to a different org — revoke and reissue instead. */
1323
+ Credential: {
1324
+ id: components["schemas"]["CredentialID"];
1325
+ address: components["schemas"]["EthAddress"];
1326
+ /** @description Organization this credential is linked to. Absent for anonymous credentials. */
1327
+ orgId?: components["schemas"]["OrgID"];
1328
+ /** @description Optional human-readable label set at issue time (e.g. "Mobile app", "CI server"). Helps the dashboard distinguish multiple credentials in the same org. */
1329
+ label?: string;
1330
+ mode: components["schemas"]["CredentialMode"];
1331
+ /** @description Timestamp of revocation, if revoked. */
1332
+ revokedAt?: components["schemas"]["Timestamp"];
1333
+ /** @description Last verification attempt (success or quota-reject). */
1334
+ lastUsedAt?: components["schemas"]["Timestamp"];
1335
+ createMetadata: components["schemas"]["ActorMetadata"];
1336
+ };
1337
+ /** @description Billing record attached to an organization. Presence of this record is the single signal that promotes every credential linked to the org out of `SANDBOX` and into `PRODUCTION` mode. Today the fields are dummy contact info — the real payment-processor integration is a future PR and will extend this shape additively. */
1338
+ OrgBilling: {
1339
+ orgId: components["schemas"]["OrgID"];
1340
+ /**
1341
+ * Format: email
1342
+ * @description Billing contact email.
1343
+ */
1344
+ contactEmail: string;
1345
+ /** @description Billing contact name (person or company). */
1346
+ contactName: string;
1347
+ createMetadata: components["schemas"]["ActorMetadata"];
1348
+ updateMetadata: components["schemas"]["ActorMetadata"];
1349
+ };
1350
+ ProviderVersionRef: {
1351
+ major: number;
1352
+ minor: number;
1353
+ patch: number;
1354
+ /**
1355
+ * @description Branch (lifecycle stage) of this provider version.
1356
+ *
1357
+ * - `ai`: changes authored by the AI assistant live on this branch.
1358
+ *
1359
+ * - `draft`: a human is actively editing the version.
1360
+ *
1361
+ * - `in_review`: the author has submitted the version to be made
1362
+ * public and it is awaiting review. On approval the branch tag
1363
+ * is cleared (the version is promoted to the live channel and becomes
1364
+ * public).
1365
+ *
1366
+ * - `rejected`: review concluded with a rejection. When the author
1367
+ * addresses the feedback the branch transitions back to
1368
+ * `in_review`.
1369
+ * @enum {string}
1370
+ */
1371
+ branch?: "ai" | "draft" | "in_review" | "rejected";
1372
+ /** @description Build number for the provider version */
1373
+ buildNumber?: number;
1374
+ };
1375
+ /**
1376
+ * @description Mirrors the Fetch API `RequestCredentials` value used when issuing the request — controls whether cookies and auth headers are sent.
1377
+ * @enum {string}
1378
+ */
1379
+ WebCredentialsType: "omit" | "same-origin" | "include";
1380
+ /** @description Geographic location (e.g. ISO country code or {{DYNAMIC_GEO}} to use user's geo location) the verification should appear to originate from. */
1381
+ Geolocation: string;
1382
+ /** @description A matcher for one HTTP request in observed traffic, together with the response constraints that must hold for a Reclaim proof over that request to be valid. Used by interceptors, in-page injections, and LLM agents. */
1383
+ RequestSelection: {
1384
+ /** @description The URL or generic path of the HTTP request. */
1385
+ url: string;
1386
+ /**
1387
+ * @description The HTTP method used for the request.
1388
+ * @enum {string}
1389
+ */
1390
+ method: "GET" | "POST" | "PUT" | "PATCH" | "DELETE";
1391
+ /** @description Template used to match or capture an outgoing request body. Template can use regex templates as placeholders. For example, to match an outgoing request body that contains a request ID, you can use the following template: `(?<requestId>.*)`. */
1392
+ requestBodyTemplate?: string;
1393
+ /**
1394
+ * @description Credentials mode to use when issuing the request. If not provided, defaults to `include`.
1395
+ * @default include
1396
+ */
1397
+ credentials: components["schemas"]["WebCredentialsType"];
1398
+ /** @description How the matched bytes should be redacted from the transcript before it is sent to the attestor. */
1399
+ writeRedactionMode?: components["schemas"]["WriteRedactionMode"];
1400
+ /** @description Apply TLS configuration when creating the tunnel to the attestor. */
1401
+ additionalClientOptions?: components["schemas"]["AdditionalTlsClientOptions"];
1402
+ /** @description A list of match conditions for the response. */
1403
+ matches?: components["schemas"]["ResponseMatch"][];
1404
+ };
1405
+ /** @description A template for selecting request */
1406
+ RequestSelectionTemplate: components["schemas"]["RequestSelection"] & {
1407
+ /**
1408
+ * @description If true, the template is allowed for multiple requests. Useful for requests like paginated API calls.
1409
+ * @default true
1410
+ */
1411
+ multiple: boolean;
1412
+ /**
1413
+ * @description If true, a request is required to match with this template. If not requests matches this template in proof, then validation fails.
1414
+ * @default true
1415
+ */
1416
+ required: boolean;
1417
+ };
1418
+ /**
1419
+ * @description How the matched portion of the response should be redacted before the transcript is handed to the attestor.
1420
+ * - `zk`: redact using a zero-knowledge proof over the original
1421
+ * bytes.
1422
+ *
1423
+ * - `key-update`: redact by performing a TLS key update so the
1424
+ * attestor never observes the matched bytes in cleartext.
1425
+ * @enum {string}
1426
+ */
1427
+ WriteRedactionMode: "zk" | "key-update";
1428
+ /** @description Apply TLS configuration when creating the tunnel to the attestor. */
1429
+ AdditionalTlsClientOptions: {
1430
+ /** @description TLS protocol versions the client is allowed to negotiate. */
1431
+ supportedProtocolVersions?: ("TLS1_2" | "TLS1_3")[];
1432
+ };
1433
+ /** @description Specifies a rule to match against a string in response to validate proof content. */
1434
+ ResponseMatch: {
1435
+ /**
1436
+ * @description If true, the match condition is optional and won't fail if absent
1437
+ * @default false
1438
+ */
1439
+ isOptional: boolean;
1440
+ /** @description The description of the field that is extracted using this match rule */
1441
+ description?: string;
1442
+ /** @description The order in which the field should be displayed to user in UI */
1443
+ order?: number;
1444
+ /**
1445
+ * @description The matching mechanism to use value as against response. Typically regex or simple string containment
1446
+ * @enum {string}
1447
+ */
1448
+ type: "regex" | "contains";
1449
+ /** @description The pattern or value to look for in the response. When `type` is 'contains', supports template variable declaration using `{{variable}}` syntax. When `type` is 'regex', can be used to extract variables using regex named groups. */
1450
+ value: string;
1451
+ /** @description Optional extractor describing which portion of the response to pin to the proof. When absent, the match runs against the raw response body. */
1452
+ extract?: components["schemas"]["ExtractDataSpecifier"];
1453
+ };
1454
+ /** @description Which portions to select from a response. These are selected in order, xpath => jsonPath => regex * These redactions are done client side and only the selected portions are sent to the attestor. The attestor will only be able to see the selected portions alongside the first line of the HTTP response (i.e. "HTTP/1.1 200 OK") */
1455
+ ExtractDataSpecifier: {
1456
+ /** @description expect an HTML response, and to contain a certain xpath for eg. "/html/body/div.a1/div.a2/span.a5" */
1457
+ xPath?: string;
1458
+ /** @description expect a JSON response, retrieve the item at this path using dot notation for e.g. 'email.addresses.0' */
1459
+ jsonPath?: string;
1460
+ /** @description select a regex match from the response */
1461
+ regex?: string;
1462
+ /**
1463
+ * @description If provided, the value inside will be hashed instead of being redacted. Useful for cases where the data inside is an identifiying piece of information that you don't want to reveal to the attestor, eg. an email address.
1464
+ * If the hash function produces more bytes than the original value, the hash will be truncated.
1465
+ * Eg. if hash is enabled, the original value is "hello", and hashed is "a1b2c", then the attestor will only see "a1b2c".
1466
+ * Note: if a regex with named groups is provided, only the named groups will be hashed.
1467
+ * @enum {string}
1468
+ */
1469
+ hash?: "oprf" | "oprf-mpc" | "oprf-raw";
1470
+ };
1471
+ /**
1472
+ * @description A provider represents a website or service for which Reclaim can produce verifiable claims. Owned by an organization, addressable at a single canonical `domain`, identified by a globally-unique `slug`, and configured through one or more `ProviderVersion`s.
1473
+ * `title` may be omitted; when absent the dashboard renders the chain `seo.titleOverride ?? title ?? seoSuggestions.title` so a server-derived name still appears.
1474
+ */
1475
+ Provider: {
1476
+ readonly id: components["schemas"]["ProviderID"];
1477
+ /** @description Organization that owns this provider. */
1478
+ orgId: components["schemas"]["OrgID"];
1479
+ /**
1480
+ * Format: hostname
1481
+ * @description Canonical root domain of the provider (e.g. `google.com`) — no scheme, no port, no path. Clients may submit a `www.` prefix; the server normalizes it away before storage.
1482
+ */
1483
+ domain: string;
1484
+ /** @description URL-safe identifier for the provider. Lowercase letters, digits and hyphens only; globally unique across all providers. */
1485
+ slug: string;
1486
+ /** @description The title of the provider as displayed on the detail page. */
1487
+ title?: string;
1488
+ /** @description Description of the provider. Rendered on the detail page and used by SEO renderers as the `<meta name="description">` / OG description (truncated as needed). Plain text; no markup. */
1489
+ description?: string;
1490
+ /**
1491
+ * Format: uri
1492
+ * @description Author-set icon URL for the provider, shown in listings,
1493
+ * pickers, and headers. **Optional** — when omitted, the
1494
+ * dashboard falls back to `seoSuggestions.iconUrl`, which
1495
+ * resolves to the server's cached favicon (downloaded from
1496
+ * Google's S2 service into the `images` table) or, if that
1497
+ * cache hasn't filled yet, to Google's S2 URL directly.
1498
+ *
1499
+ * The scraper never overwrites an author-set value.
1500
+ */
1501
+ iconUrl?: string;
1502
+ /**
1503
+ * Format: uri
1504
+ * @description URL to a 1200x630 Open Graph preview card for this
1505
+ * provider, suitable for `<meta property="og:image">` and
1506
+ * Twitter Card tags. Server-rendered by the builder
1507
+ * (Satori → SVG → Resvg → PNG) and cached at a stable
1508
+ * URL. Asset storage (CDN or DB-served blob) is internal;
1509
+ * clients only see this URL.
1510
+ *
1511
+ * - `null` until the first render completes — clients MUST
1512
+ * NOT assume the field is populated immediately after
1513
+ * `POST /providers`. Render may be inline-on-first-read
1514
+ * or async.
1515
+ *
1516
+ * - Invalidated on change to `title`, `iconUrl`, or the
1517
+ * effective `primaryDataPoint` (override from `seo`, else
1518
+ * `seoSuggestions`, which itself updates when a new
1519
+ * version reaches the live channel).
1520
+ *
1521
+ * - Treat the URL as opaque. The builder may change the URL
1522
+ * or swap the bytes behind it; clients tolerate either
1523
+ * and rely on standard HTTP caching.
1524
+ */
1525
+ readonly previewImageUrl?: string;
1526
+ readonly createMetadata: components["schemas"]["ActorMetadata"];
1527
+ readonly updateMetadata: components["schemas"]["ActorMetadata"];
1528
+ /** @description The latest version of this provider. */
1529
+ readonly latestVersion?: components["schemas"]["ProviderVersionRef"];
1530
+ /**
1531
+ * @description Author-controlled. Toggleable via `PATCH /providers/{id}`;
1532
+ * coerced to `PRIVATE` on creation.
1533
+ *
1534
+ * - `PRIVATE`: only org members see the provider. New
1535
+ * versions go to the live channel on save — no review.
1536
+ *
1537
+ * - `PUBLIC`: catalog-visible (subject to the listing rule
1538
+ * in PRD-2 §6). New versions from non-admin authors must
1539
+ * pass admin review before reaching the live channel; the
1540
+ * previously-live version stays live until then.
1541
+ * Admin-authored versions go to the live channel directly even
1542
+ * while `PUBLIC`.
1543
+ *
1544
+ * Toggling `PUBLIC` → `PRIVATE` hides the provider from
1545
+ * the public listing immediately. Versions already on
1546
+ * `draft` / `in_review` / `rejected` stay where they are —
1547
+ * the provider's visibility at version-creation time
1548
+ * decides the review path, and a later toggle does not
1549
+ * retroactively un-gate non-live versions.
1550
+ * @default PRIVATE
1551
+ */
1552
+ visibility: components["schemas"]["EntityVisibility"];
1553
+ /**
1554
+ * @description Status of the provider.
1555
+ * @default ACTIVE
1556
+ */
1557
+ status: components["schemas"]["EntityStatus"];
1558
+ /**
1559
+ * @description Labels attached to the provider. Used for grouping and filtering providers in listings.
1560
+ * @default []
1561
+ */
1562
+ tags: components["schemas"]["Tag"][];
1563
+ /** @description Author-set SEO fields. See `ProviderSeo` for the merge rule with `seoSuggestions`. */
1564
+ seo?: components["schemas"]["ProviderSeo"];
1565
+ /** @description Read-only server-derived SEO defaults, paired with `seo`. See `ProviderSeoSuggestions`. */
1566
+ seoSuggestions: components["schemas"]["ProviderSeoSuggestions"];
1567
+ /** @description Read-only pre-resolved SEO surface. The server applies the documented override chain (`seo.*Override` → row value → `seoSuggestions.*`) and exposes the result here so HTML renderers, JSON-LD, sitemap, and OG cards read one source. */
1568
+ effectiveSeo: components["schemas"]["ProviderEffectiveSeo"];
1569
+ };
1570
+ /**
1571
+ * @description Card-shape projection of a `Provider` used by catalog listings (`GET /providers`, `Organization.providers`). Differs from `Provider` in three ways:
1572
+ *
1573
+ * 1. `title` is pre-resolved via the SEO fallback chain (`seo.titleOverride` → row `title` → scraped site name → `derive_brand_name(domain)`) and is always present here, whereas `Provider.title` is optional.
1574
+ *
1575
+ * 2. The `seo`, `seoSuggestions`, and `effectiveSeo` surfaces are omitted — the catalog query intentionally skips the SEO subqueries so each tile stays cheap.
1576
+ *
1577
+ * 3. The owning organization's display fields (`orgName`, `orgIconUrl`) are inlined so a listing renderer does not need a second lookup.
1578
+ */
1579
+ ProviderListItem: {
1580
+ readonly id: components["schemas"]["ProviderID"];
1581
+ /** @description Organization that owns this provider. */
1582
+ orgId: components["schemas"]["OrgID"];
1583
+ /**
1584
+ * Format: hostname
1585
+ * @description Canonical root domain of the provider (e.g. `google.com`).
1586
+ */
1587
+ domain: string;
1588
+ /** @description URL-safe identifier for the provider. */
1589
+ slug: string;
1590
+ /** @description Pre-resolved display title. Never null — the server walks the SEO fallback chain server-side so renderers don't have to. */
1591
+ title: string;
1592
+ description?: string;
1593
+ /**
1594
+ * Format: uri
1595
+ * @description Effective icon URL — the author-set value if present, otherwise the cached / live S2 favicon for `domain`.
1596
+ */
1597
+ iconUrl?: string;
1598
+ /**
1599
+ * Format: uri
1600
+ * @description URL to the 1200×630 OG preview card. Absent until the first render completes. See `Provider.previewImageUrl` for the cache invalidation rules.
1601
+ */
1602
+ readonly previewImageUrl?: string;
1603
+ /** @default PRIVATE */
1604
+ visibility: components["schemas"]["EntityVisibility"];
1605
+ /** @default ACTIVE */
1606
+ status: components["schemas"]["EntityStatus"];
1607
+ /** @default [] */
1608
+ tags: components["schemas"]["Tag"][];
1609
+ /** @description The latest version of this provider, if any. */
1610
+ readonly latestVersion?: components["schemas"]["ProviderVersionRef"];
1611
+ /** @description Display name of the owning organization. */
1612
+ orgName: string;
1613
+ /**
1614
+ * Format: uri
1615
+ * @description Avatar URL of the owning organization, if set.
1616
+ */
1617
+ orgIconUrl?: string;
1618
+ readonly createMetadata: components["schemas"]["ActorMetadata"];
1619
+ readonly updateMetadata: components["schemas"]["ActorMetadata"];
1620
+ };
1621
+ /** @description Pre-resolved SEO values for a provider. Always present. Renderers should prefer these over `seo` / `seoSuggestions` when the un-decorated brand surface is what's needed (use `brandName`) or when the SEO-decorated title is needed (use `title`). */
1622
+ ProviderEffectiveSeo: {
1623
+ title: string;
1624
+ description: string;
1625
+ brandName: string;
1626
+ /** Format: uri */
1627
+ brandUrl: string;
1628
+ primaryDataPoint?: string;
1629
+ dataPoints: string[];
1630
+ };
1631
+ InterceptorOptions: {
1632
+ /**
1633
+ * @description How traffic interception is implemented.
1634
+ * @enum {string}
1635
+ */
1636
+ interceptorType: "HAWKEYE" | "MSWJS" | "CDP";
1637
+ /**
1638
+ * @description Whether the main document request is replayed via the attestor
1639
+ * @default false
1640
+ */
1641
+ isDocumentRequestReplayEnabled: boolean;
1642
+ /** @description Free-form configuration passed through to the interceptor implementation selected by `interceptorType`. Keys and value shapes are defined by the chosen interceptor. */
1643
+ interceptorSettings?: string;
1644
+ };
1645
+ /** @description Options that influence how the portal verification client behaves. */
1646
+ PortalClientOptions: {
1647
+ /**
1648
+ * @description When true, network traffic from the portal client and attestation is routed through a proxy.
1649
+ * @default false
1650
+ */
1651
+ useProxy: boolean;
1652
+ /** @description User-agent string used for web verification. */
1653
+ userAgent?: components["schemas"]["UserAgentString"];
1654
+ };
1655
+ /** @description Options that influence how the in-app verification client behaves. */
1656
+ InAppClientOptions: {
1657
+ interceptorOptions?: components["schemas"]["InterceptorOptions"];
1658
+ /** @description User-agent strings used for in-app verification on each platform. */
1659
+ userAgents?: components["schemas"]["PlatformUserAgents"];
1660
+ };
1661
+ /** @description Options that influence how the web verification client behaves. */
1662
+ ClientOptions: {
1663
+ portal?: components["schemas"]["PortalClientOptions"];
1664
+ inapp?: components["schemas"]["InAppClientOptions"];
1665
+ };
1666
+ /** @description User-agent string used for platform verification. */
1667
+ UserAgentString: string;
1668
+ /** @description User-agent strings keyed by platform. */
1669
+ PlatformUserAgents: {
1670
+ /** @description User-agent used for Android verification. */
1671
+ android?: components["schemas"]["UserAgentString"];
1672
+ /** @description User-agent used for iOS verification. */
1673
+ ios?: components["schemas"]["UserAgentString"];
1674
+ };
1675
+ /** @description Settings used by the web-based verification client. */
1676
+ ProviderWebSettings: {
1677
+ /**
1678
+ * @description Geographic location (e.g. ISO country code or {{DYNAMIC_GEO}} to use user's geo location) the verification should appear to originate from.
1679
+ * @default {{DYNAMIC_GEO}}
1680
+ */
1681
+ geoLocation: components["schemas"]["Geolocation"];
1682
+ clientOptions?: components["schemas"]["ClientOptions"];
1683
+ /** @description JavaScript snippets injected into the page which runs before every page load. `window.Reclaim.` APIs are available to these scripts to request actions to the client like claim creation. */
1684
+ jsUserScripts?: string;
1685
+ };
1686
+ /** @description Map of parameter names needed (optional or required) to use this provider to their human-readable descriptions/labels. Values are plain strings shown alongside the field in dashboards and prompts. */
1687
+ ProviderRequiredParameters: {
1688
+ [key: string]: string;
1689
+ };
1690
+ /**
1691
+ * @description How a provider version verifies a claim. `structured` uses the explicit match rules on this version (the `matches` / `allowedJsMatches` and related settings). `llm` defers the verification decision to a language model and requires `prompt` to be set.
1692
+ * @enum {string}
1693
+ */
1694
+ VerificationType: "llm" | "structured";
1695
+ /**
1696
+ * @description Author-set SEO fields. All optional.
1697
+ *
1698
+ * Each field is paired with a server-derived default of the
1699
+ * same name on `Provider.seoSuggestions`. Renderers pick the
1700
+ * effective value per field:
1701
+ *
1702
+ * effective.<field> = seo.<field> ?? seoSuggestions.<field>
1703
+ *
1704
+ * Set a field here to override; leave it unset to let the
1705
+ * default win. Both objects are returned on every
1706
+ * `GET /providers/{id}` — the builder does not pre-merge.
1707
+ */
1708
+ ProviderSeo: {
1709
+ /**
1710
+ * Format: uri
1711
+ * @description Canonical homepage of the brand (e.g. `https://google.com`). Used in brand-link cards and JSON-LD.
1712
+ */
1713
+ brandUrl?: string;
1714
+ /** @description Headline data point — the single most-important variable this provider can verify (e.g. `subscriber count`). Used in the provider's SEO title. */
1715
+ primaryDataPoint?: string;
1716
+ /** @description Full list of data points this provider can verify. */
1717
+ dataPoints?: string[];
1718
+ /** @description Replaces the renderer's composed `<title>` / OG title. Use when the default composition reads awkwardly. */
1719
+ titleOverride?: string;
1720
+ /** @description Replaces the renderer's composed `<meta name="description">` / OG description. */
1721
+ descriptionOverride?: string;
1722
+ };
1723
+ /**
1724
+ * @description Server-derived SEO defaults. Used by renderers wherever the
1725
+ * author-set value (on `Provider.title` / `Provider.iconUrl` /
1726
+ * `Provider.seo`) is unset.
1727
+ *
1728
+ * How each value is computed:
1729
+ *
1730
+ * - `brandUrl` ← `https://{provider.domain}`.
1731
+ *
1732
+ * - `title` ← the latest scraped `<title>` / `og:site_name`
1733
+ * from the provider's domain (or `initialUrl` of the live
1734
+ * version when present); otherwise the domain-derived brand
1735
+ * name via `builder.derive_brand_name(domain)` — e.g.
1736
+ * `github.com` → `"Github"`.
1737
+ *
1738
+ * - `iconUrl` ← the cached `/images/{uuid}` once the favicon
1739
+ * download from Google's S2 service has landed; otherwise
1740
+ * the live S2 URL
1741
+ * (`https://www.google.com/s2/favicons?domain=<host>&sz=128`).
1742
+ * Always present.
1743
+ *
1744
+ * - `primaryDataPoint` ← name of the first data point declared
1745
+ * on the provider's latest live version — either a regex named
1746
+ * group `(?P<name>…)` or a `contains` template variable
1747
+ * `{{name}}`.
1748
+ *
1749
+ * - `dataPoints` ← deduplicated list of all data-point names on
1750
+ * the provider's latest live version, from both regex named
1751
+ * groups and `{{name}}` template variables.
1752
+ *
1753
+ * Recomputed when a new version is added to the live channel
1754
+ * or the server-side scrape runs. Read-only; clients MUST NOT
1755
+ * submit this field.
1756
+ */
1757
+ ProviderSeoSuggestions: {
1758
+ /** Format: uri */
1759
+ brandUrl: string;
1760
+ title: string;
1761
+ /**
1762
+ * Format: uri
1763
+ * @description Suggested icon URL. Resolved server-side via
1764
+ * `provider_json()` to either:
1765
+ *
1766
+ * - The cached favicon at `/images/{uuid}` — bytes
1767
+ * downloaded from Google's S2 service at create / version
1768
+ * time and stored in the `images` table. Preferred when
1769
+ * present so renders are local.
1770
+ * - Google's S2 URL directly
1771
+ * (`https://www.google.com/s2/favicons?domain=<host>&sz=128`)
1772
+ * when the cache hasn't filled yet, so the dashboard
1773
+ * always has something to show.
1774
+ *
1775
+ * Always present — `domain` is required, so the fallback
1776
+ * URL is too. Authors can copy this into `Provider.iconUrl`
1777
+ * from the Edit dialog.
1778
+ */
1779
+ iconUrl: string;
1780
+ primaryDataPoint?: string;
1781
+ dataPoints?: string[];
1782
+ };
1783
+ ProviderVersion: {
1784
+ providerId: components["schemas"]["ProviderID"];
1785
+ version: components["schemas"]["ProviderVersionRef"];
1786
+ /**
1787
+ * Format: uri
1788
+ * @description Initial URL to open at the start of the verification flow. On create or change, the server caches both a title hint (from the page's `<title>` / `og:site_name`) and a favicon (downloaded from Google's S2 service) keyed off this URL's hostname. Both feed `seoSuggestions` until the author accepts the suggestion on the provider detail page.
1789
+ */
1790
+ initialUrl: string;
1791
+ createMetadata: components["schemas"]["ActorMetadata"];
1792
+ /** @description Details about the changes that this version represents. */
1793
+ updateMetadata: components["schemas"]["ActorMetadata"];
1794
+ /** @description Details about the rejection of this version. This field is only present when the version branch is rejected. */
1795
+ rejectionMetadata?: components["schemas"]["ActorMetadata"];
1796
+ /** @default [] */
1797
+ requests: components["schemas"]["RequestSelection"][];
1798
+ /** @default [] */
1799
+ allowedJsRequests: components["schemas"]["RequestSelectionTemplate"][];
1800
+ /** @default structured */
1801
+ readonly verificationType: components["schemas"]["VerificationType"];
1802
+ /** @description The prompt used for LLM verification (only when verificationType is "llm"). */
1803
+ readonly prompt?: string;
1804
+ webSettings: components["schemas"]["ProviderWebSettings"];
1805
+ requiredParameters?: components["schemas"]["ProviderRequiredParameters"];
1806
+ };
1807
+ /** @description **Dummy** login body. Email is accepted; password (if sent) is ignored. Replaced when real auth is chosen. */
1808
+ LoginRequest: {
1809
+ /** Format: email */
1810
+ email: string;
1811
+ /** @description Accepted but ignored. */
1812
+ password?: string;
1813
+ /** @description Post-login redirect path. Must start with `/`. Injected as a hidden field by the login page when `?next=` is in the URL (e.g. from `/attach/{code}`). HTMX callers redirect to this path via `HX-Redirect`; SDK callers ignore it. */
1814
+ next?: string;
1815
+ };
1816
+ /** @description **Dummy** bearer credential. Opaque; the server resolves it to the authenticated user. Clients fetch identity via `GET /me`. */
1817
+ AuthToken: {
1818
+ /** @description Opaque bearer token. Send as `Authorization: Bearer <token>` on every authenticated request. */
1819
+ token: string;
1820
+ };
1821
+ /** @description Caller-editable fields on the authenticated user. */
1822
+ UpdateUserRequest: {
1823
+ name?: string;
1824
+ };
1825
+ CreateOrgRequest: {
1826
+ name: string;
1827
+ };
1828
+ UpdateOrgRequest: {
1829
+ name?: string;
1830
+ status?: components["schemas"]["EntityStatus"];
1831
+ /**
1832
+ * Format: uri
1833
+ * @description Replace the org avatar URL directly. Most clients upload via `PUT /orgs/{orgId}/icon` and let the server write this field.
1834
+ */
1835
+ iconUrl?: string;
1836
+ };
1837
+ /** @description Body for inviting a member to an organization. The invitee does not need to be a registered user; an invite is created either way and an email is dispatched. */
1838
+ AddOrgMemberRequest: {
1839
+ /**
1840
+ * Format: email
1841
+ * @description Email to invite. Need not match an existing `User`.
1842
+ */
1843
+ email: string;
1844
+ role: components["schemas"]["OrganizationMemberRole"];
1845
+ };
1846
+ TransferProviderRequest: {
1847
+ /** @description New owning workspace. */
1848
+ orgId: components["schemas"]["OrgID"];
1849
+ };
1850
+ CreateThemeRequest: {
1851
+ label: string;
1852
+ /** Format: uri */
1853
+ iconUrl?: string;
1854
+ };
1855
+ UpdateThemeRequest: {
1856
+ label?: string;
1857
+ /** Format: uri */
1858
+ iconUrl?: string;
1859
+ status?: components["schemas"]["EntityStatus"];
1860
+ };
1861
+ /** @description Body of `POST /providers/setup`. Caller supplies the target `orgId` and either a bare domain (`github.com`) or a full URL (`https://github.com/login`); the server scrapes the page head and returns suggested provider fields. */
1862
+ SetupProviderCreateRequest: {
1863
+ orgId: components["schemas"]["OrgID"];
1864
+ /** @description Either a bare domain (`github.com`) or a full URL (`https://github.com/login`). When a URL is provided the server still treats only the registered domain as the provider's `domain`; the path/query are discarded at this stage. */
1865
+ urlOrDomain: string;
1866
+ };
1867
+ /** @description Suggestions returned by `POST /providers/setup`. Every field except `orgId` and `domain` is best-effort — `null`/absent when the scrape produced nothing usable. SDK / agent clients can merge these directly into a `CreateProviderRequest` (overriding any field the caller prefers to set explicitly). */
1868
+ SetupProviderCreateResponse: {
1869
+ orgId: components["schemas"]["OrgID"];
1870
+ /**
1871
+ * Format: hostname
1872
+ * @description Normalized registered domain.
1873
+ */
1874
+ domain: string;
1875
+ /** @description URL-safe slug suggestion derived from the domain (e.g. `news.ycombinator.com` → `news-ycombinator`). Callers should treat as a starting point and may edit before submit. */
1876
+ slug: string;
1877
+ /** @description Site title pulled from `og:site_name` / `og:title` / `<title>`. Absent when the scrape failed or returned no usable text — callers can fall back to `brandName`. */
1878
+ title?: string;
1879
+ /** @description Brand fallback derived from the domain when the scrape returned no title (e.g. `github.com` → `Github`). Always present. */
1880
+ brandName: string;
1881
+ /** @description Optional description suggestion. Currently always blank; present so callers can pre-populate the field once a description heuristic lands. Reserved for future use. */
1882
+ description?: string;
1883
+ /**
1884
+ * Format: uri
1885
+ * @description Live Google S2 favicon URL for the domain. Always present. The server downloads and caches the bytes after the provider is created via `POST /providers`; SDK clients can pass this through unchanged or replace with their own URL.
1886
+ */
1887
+ iconUrl: string;
1888
+ };
1889
+ /** @description `title` is optional — when omitted the dashboard renders `seoSuggestions.title` (server-derived from the scrape result or `derive_brand_name(domain)`). */
1890
+ CreateProviderRequest: {
1891
+ /** @description uuid identifier of the organization that will own the verification. */
1892
+ orgId: components["schemas"]["OrgID"];
1893
+ /**
1894
+ * Format: hostname
1895
+ * @description Canonical root domain (e.g. `github.com`). No scheme, no port, no path.
1896
+ */
1897
+ domain: string;
1898
+ /** @description URL-safe identifier. Globally unique — pick something domain-specific like `github-followers`. */
1899
+ slug: string;
1900
+ /** @description Short headline shown to end-users. Defaults to a domain-derived brand name. */
1901
+ title?: string;
1902
+ description?: string;
1903
+ /**
1904
+ * Format: uri
1905
+ * @description uri of the icon. Optional. If omitted, the server auto-populates from the first version's `initialUrl` (see `Provider.iconUrl`).
1906
+ */
1907
+ iconUrl?: string;
1908
+ /**
1909
+ * @description Initial visibility. Coerced to `PRIVATE` on creation; toggle later via `PATCH /providers/{id}` (see `Provider.visibility`).
1910
+ * @default PRIVATE
1911
+ */
1912
+ visibility: components["schemas"]["EntityVisibility"];
1913
+ /** @default [] */
1914
+ tags: components["schemas"]["Tag"][];
1915
+ /** @description Optional author SEO fields. `seoSuggestions` is server-derived and cannot be set. */
1916
+ seo?: components["schemas"]["ProviderSeo"];
1917
+ };
1918
+ /** @description Partial update of an existing provider. Immutable fields (`id`, `orgId`, `slug`) are not accepted here. */
1919
+ UpdateProviderRequest: {
1920
+ /** Format: hostname */
1921
+ domain?: string;
1922
+ title?: string;
1923
+ description?: string;
1924
+ /**
1925
+ * Format: uri
1926
+ * @description uri of the icon
1927
+ */
1928
+ iconUrl?: string;
1929
+ visibility?: components["schemas"]["EntityVisibility"];
1930
+ status?: components["schemas"]["EntityStatus"];
1931
+ tags?: components["schemas"]["Tag"][];
1932
+ /** @description Author SEO fields. Send `null` for a subfield to clear that override and let `seoSuggestions` win again. */
1933
+ seo?: components["schemas"]["ProviderSeo"];
1934
+ };
1935
+ /** @description Body for creating a new version of a provider. Every new version starts on the `draft` branch — see `CreateProviderVersion`. The request body never sets `branch` directly; going live is a separate, explicit step (publish for PRIVATE, submit-for-review → approve for PUBLIC). The version's `verificationType` is always `structured` and is not settable here; a `prompt` field is reserved for a future AI authoring flow and is also not accepted on this surface. */
1936
+ CreateProviderVersionRequest: {
1937
+ /**
1938
+ * @description The version of this Provider upon creation. Clients typically omit this and let the dashboard's bump-suggestion compute it. When omitted, defaults to `0.1.0` for the very first version; otherwise the caller is expected to pass a value higher than the latest existing version.
1939
+ * @default {
1940
+ * "major": 0,
1941
+ * "minor": 1,
1942
+ * "patch": 0
1943
+ * }
1944
+ */
1945
+ version: components["schemas"]["ProviderVersionRef"];
1946
+ /** Format: uri */
1947
+ initialUrl: string;
1948
+ /** @default [] */
1949
+ requests: components["schemas"]["RequestSelection"][];
1950
+ /** @default [] */
1951
+ allowedJsRequests: components["schemas"]["RequestSelectionTemplate"][];
1952
+ webSettings: components["schemas"]["ProviderWebSettings"];
1953
+ requiredParameters?: components["schemas"]["ProviderRequiredParameters"];
1954
+ /** @description Free-form change note recorded on `createMetadata`. */
1955
+ notes?: string;
1956
+ };
1957
+ /** @description Partial update of a provider version. Mutable only while the version is on the `draft` or `rejected` branch; versions on `in_review` or the live channel reject all writes here. The semver does not change on update — `build_number` increments instead, giving callers a monotonic revision counter without touching the (major, minor, patch) PK. `verificationType` / `prompt` are not accepted; see `ProviderVersion` for why. */
1958
+ UpdateProviderVersionRequest: {
1959
+ /** Format: uri */
1960
+ initialUrl?: string;
1961
+ requests?: components["schemas"]["RequestSelection"][];
1962
+ allowedJsRequests?: components["schemas"]["RequestSelectionTemplate"][];
1963
+ webSettings?: components["schemas"]["ProviderWebSettings"];
1964
+ requiredParameters?: components["schemas"]["ProviderRequiredParameters"];
1965
+ /** @description Free-form change note recorded on `updateMetadata`. */
1966
+ notes?: string;
1967
+ };
1968
+ /** @description Body for submitting a provider version for review. Transitions the version's branch from `draft` (or `rejected`) to `in_review`. */
1969
+ ProviderVersionReviewSubmission: {
1970
+ /** @description Optional note from the author to reviewers (changelog, areas to focus on, etc.). */
1971
+ notes?: string;
1972
+ };
1973
+ /** @description Body for recording a decision on a provider version in `in_review`. On `APPROVED` the branch tag is cleared and the version is promoted to the live channel (becomes public). On `REJECTED` the branch becomes `rejected`. */
1974
+ ProviderVersionReviewDecision: {
1975
+ /** @enum {string} */
1976
+ decision: "APPROVED" | "REJECTED";
1977
+ /** @description Free-form rationale shown to the author. */
1978
+ notes?: string;
1979
+ };
1980
+ /** @description Body for publishing a draft version directly to the live channel. Only allowed for PRIVATE providers. */
1981
+ ProviderVersionPublishRequest: {
1982
+ /** @description Optional publish note. */
1983
+ notes?: string;
1984
+ };
1985
+ /** @description Body for visibility change requests (request public listing or make private). */
1986
+ VisibilityChangeRequest: {
1987
+ /** @description Optional note explaining the change. */
1988
+ notes?: string;
1989
+ };
1990
+ /** @description Body for `POST /credentials`. Only the lowercase ETH `address` is sent — the private key MUST NOT leave the client, and the public key is not sent (the client derives the address from the key: keccak-256 of the uncompressed pubkey minus its `0x04` prefix, last 20 bytes, lowercase hex). */
1991
+ LinkCredentialRequest: {
1992
+ address: components["schemas"]["EthAddress"];
1993
+ /** @description Organization to link this credential to. The caller must be allowed to edit it. Required — this endpoint is the link action; it never stores an org-less credential. */
1994
+ orgId: components["schemas"]["OrgID"];
1995
+ /** @description Optional human-readable label. */
1996
+ label?: string;
1997
+ };
1998
+ /** @description Body for `PUT /orgs/{orgId}/billing`. */
1999
+ UpdateOrgBillingRequest: {
2000
+ /** Format: email */
2001
+ contactEmail: string;
2002
+ contactName: string;
2003
+ };
2004
+ /** @description Body for `POST /credentials/auth/challenge`. Identifies which credential is about to sign in so the server can issue a nonce bound to that address. */
2005
+ CredentialAuthChallengeRequest: {
2006
+ address: components["schemas"]["EthAddress"];
2007
+ };
2008
+ /** @description Server-issued challenge to be signed by the credential's private key. The shape is intentionally minimal; production deployments will likely return a full EIP-4361 message string the client signs verbatim. */
2009
+ CredentialAuthChallenge: {
2010
+ address: components["schemas"]["EthAddress"];
2011
+ /** @description Opaque nonce. Client must sign exactly this value. */
2012
+ nonce: string;
2013
+ expiresAt: components["schemas"]["Timestamp"];
2014
+ };
2015
+ /** @description Body for `POST /credentials/auth/verify`. */
2016
+ CredentialAuthVerifyRequest: {
2017
+ address: components["schemas"]["EthAddress"];
2018
+ nonce: string;
2019
+ /** @description Hex-encoded `0x`-prefixed secp256k1 signature over the issued nonce (`r || s || v`, 65 bytes → 132 chars). */
2020
+ signature: string;
2021
+ };
2022
+ /** @description Short-lived bearer token bound to a verified credential. The token is opaque to clients — pass it verbatim in the `Authorization: Bearer …` header on subsequent verification API calls. */
2023
+ CredentialAuthToken: {
2024
+ token: string;
2025
+ address: components["schemas"]["EthAddress"];
2026
+ expiresAt: components["schemas"]["Timestamp"];
2027
+ };
2028
+ /** @description Server-side state of a device-pairing session. The CLI / MCP polls this until `status` is `LINKED`, then reads `token` for authenticated API calls. */
2029
+ CredentialAttachSession: {
2030
+ code: components["schemas"]["AttachCode"];
2031
+ status: components["schemas"]["AttachStatus"];
2032
+ /** @description 2-day bearer token issued when `status` becomes `LINKED`. Use as `Authorization: Bearer <token>` for authenticated API calls. Cache in `~/.reclaim/session.json` for automatic re-use across CLI / MCP restarts. */
2033
+ token?: string;
2034
+ /**
2035
+ * Format: uri
2036
+ * @description Fully-qualified URL pointing at the dashboard's `/attach/{code}` page. Show to the user verbatim.
2037
+ */
2038
+ attachUrl: string;
2039
+ expiresAt: components["schemas"]["Timestamp"];
2040
+ createdAt: components["schemas"]["Timestamp"];
2041
+ };
2042
+ /** @description Body for `POST /credentials/attach/sessions/{code}/confirm`. No fields — authorizing the device only requires the signed-in session and the `code` in the path. */
2043
+ ConfirmAttachSessionRequest: Record<string, never>;
2044
+ };
2045
+ responses: {
2046
+ /** @description HTML response */
2047
+ HTMLResponse: {
2048
+ headers: {
2049
+ [name: string]: unknown;
2050
+ };
2051
+ content: {
2052
+ "text/html": components["schemas"]["HtmlContent"];
2053
+ };
2054
+ };
2055
+ /** @description Error response. JSON callers receive an RFC 9457 problem document; HTML callers receive a rendered error page. Status code is set by the origin server and reflected in the `Problem.status` field. */
2056
+ ProblemResponse: {
2057
+ headers: {
2058
+ [name: string]: unknown;
2059
+ };
2060
+ content: {
2061
+ "application/problem+json": components["schemas"]["Problem"];
2062
+ "text/html": components["schemas"]["HtmlContent"];
2063
+ };
2064
+ };
2065
+ /** @description The caller is authenticated but not authorized to perform this operation — most commonly because they are not an active member (or, for owner-only operations, an active OWNER) of the organization that owns the affected resource. Authorization is enforced in SQL via `user_can_edit_org` / `user_can_own_org`, so the server cannot leak whether the resource exists when the caller has no access. */
2066
+ ForbiddenResponse: {
2067
+ headers: {
2068
+ [name: string]: unknown;
2069
+ };
2070
+ content: {
2071
+ "application/problem+json": components["schemas"]["Problem"];
2072
+ "text/html": components["schemas"]["HtmlContent"];
2073
+ };
2074
+ };
2075
+ /**
2076
+ * @description 301 Moved Permanently. Returned to HTML callers that hit a
2077
+ * non-canonical URL for a resource that has a slug — e.g.
2078
+ * `/providers/{providerId}` with no slug, or
2079
+ * `/providers/{providerId}/{staleSlug}` after a rename. The
2080
+ * `Location` header points at the canonical URL with the
2081
+ * resource's current slug. JSON callers receive the resource
2082
+ * body directly (200) and do NOT see this status.
2083
+ */
2084
+ CanonicalRedirectResponse: {
2085
+ headers: {
2086
+ /** @description Canonical URL with the resource's current slug. */
2087
+ Location: string;
2088
+ [name: string]: unknown;
2089
+ };
2090
+ content?: never;
2091
+ };
2092
+ };
2093
+ parameters: {
2094
+ /** @description Semver string of the provider version, e.g. `1.4.2`. */
2095
+ ProviderVersionPath: string;
2096
+ /**
2097
+ * @description Opaque `ETag` from a prior GET on the same resource. When
2098
+ * supplied, the server applies optimistic concurrency: the
2099
+ * mutation fails with `412 Precondition Failed` if the
2100
+ * resource has been modified since. Omit for last-write-wins.
2101
+ */
2102
+ IfMatch: string;
2103
+ };
2104
+ requestBodies: never;
2105
+ headers: {
2106
+ /**
2107
+ * @description Opaque concurrency token for this resource. Pass back in
2108
+ * `If-Match` on a subsequent mutation to enable optimistic
2109
+ * concurrency control. Format is server-internal; clients
2110
+ * treat it as opaque.
2111
+ */
2112
+ ETag: string;
2113
+ };
2114
+ pathItems: never;
2115
+ }
2116
+ export type $defs = Record<string, never>;
2117
+ export interface operations {
2118
+ ComponentsDemo: {
2119
+ parameters: {
2120
+ query?: never;
2121
+ header?: never;
2122
+ path?: never;
2123
+ cookie?: never;
2124
+ };
2125
+ requestBody?: never;
2126
+ responses: {
2127
+ 200: components["responses"]["HTMLResponse"];
2128
+ default: components["responses"]["ProblemResponse"];
2129
+ };
2130
+ };
2131
+ Index: {
2132
+ parameters: {
2133
+ query?: never;
2134
+ header?: never;
2135
+ path?: never;
2136
+ cookie?: never;
2137
+ };
2138
+ requestBody?: never;
2139
+ responses: {
2140
+ 200: components["responses"]["HTMLResponse"];
2141
+ default: components["responses"]["ProblemResponse"];
2142
+ };
2143
+ };
2144
+ Providers: {
2145
+ parameters: {
2146
+ query?: {
2147
+ /** @description Free-text search across `title`, `description`, `domain`, `primaryDataPoint`, `dataPoints`, and the latest version's `initialUrl`. Matched case-insensitively; returns results ranked by relevance (e.g., data point matches rank higher than description matches). */
2148
+ q?: string;
2149
+ /** @description Filter by tag. Repeat the parameter to OR multiple tags (a provider matching any of them is returned). Combined with `q` via AND. */
2150
+ tag?: components["schemas"]["Tag"][];
2151
+ /** @description Opaque cursor returned as `nextPageCursor` on a prior response. Pass it back as-is to fetch the next page; omit on the first request. Clients must not parse, modify, or fabricate cursors — the server reserves the encoding. */
2152
+ cursor?: string;
2153
+ };
2154
+ header?: never;
2155
+ path?: never;
2156
+ cookie?: never;
2157
+ };
2158
+ requestBody?: never;
2159
+ responses: {
2160
+ /** @description Ok */
2161
+ 200: {
2162
+ headers: {
2163
+ [name: string]: unknown;
2164
+ };
2165
+ content: {
2166
+ "application/json": {
2167
+ items: components["schemas"]["ProviderListItem"][];
2168
+ nextPageCursor?: string;
2169
+ };
2170
+ "text/html": components["schemas"]["HtmlContent"];
2171
+ };
2172
+ };
2173
+ default: components["responses"]["ProblemResponse"];
2174
+ };
2175
+ };
2176
+ CreateProvider: {
2177
+ parameters: {
2178
+ query?: never;
2179
+ header?: never;
2180
+ path?: never;
2181
+ cookie?: never;
2182
+ };
2183
+ requestBody: {
2184
+ content: {
2185
+ "application/json": components["schemas"]["CreateProviderRequest"];
2186
+ "application/x-www-form-urlencoded": components["schemas"]["CreateProviderRequest"];
2187
+ };
2188
+ };
2189
+ responses: {
2190
+ /** @description Created */
2191
+ 201: {
2192
+ headers: {
2193
+ [name: string]: unknown;
2194
+ };
2195
+ content: {
2196
+ "application/json": components["schemas"]["Provider"];
2197
+ };
2198
+ };
2199
+ 400: components["responses"]["ProblemResponse"];
2200
+ 403: components["responses"]["ForbiddenResponse"];
2201
+ default: components["responses"]["ProblemResponse"];
2202
+ };
2203
+ };
2204
+ SetupProviderCreate: {
2205
+ parameters: {
2206
+ query?: never;
2207
+ header?: never;
2208
+ path?: never;
2209
+ cookie?: never;
2210
+ };
2211
+ requestBody: {
2212
+ content: {
2213
+ "application/json": components["schemas"]["SetupProviderCreateRequest"];
2214
+ "application/x-www-form-urlencoded": components["schemas"]["SetupProviderCreateRequest"];
2215
+ };
2216
+ };
2217
+ responses: {
2218
+ /** @description Suggestions. HTML callers receive the step-2 form HTML; JSON callers receive the suggestions document. */
2219
+ 200: {
2220
+ headers: {
2221
+ [name: string]: unknown;
2222
+ };
2223
+ content: {
2224
+ "application/json": components["schemas"]["SetupProviderCreateResponse"];
2225
+ "text/html": components["schemas"]["HtmlContent"];
2226
+ };
2227
+ };
2228
+ 403: components["responses"]["ForbiddenResponse"];
2229
+ default: components["responses"]["ProblemResponse"];
2230
+ };
2231
+ };
2232
+ ProviderPreviewImage: {
2233
+ parameters: {
2234
+ query?: {
2235
+ /** @description Cache buster. The server includes the current ETag here on the canonical URL; stale values still return the current image but without long cache headers. */
2236
+ v?: string;
2237
+ };
2238
+ header?: never;
2239
+ path: {
2240
+ providerId: components["schemas"]["ProviderID"];
2241
+ };
2242
+ cookie?: never;
2243
+ };
2244
+ requestBody?: never;
2245
+ responses: {
2246
+ /** @description PNG bytes */
2247
+ 200: {
2248
+ headers: {
2249
+ "Cache-Control"?: string;
2250
+ [name: string]: unknown;
2251
+ };
2252
+ content: {
2253
+ "image/png": string;
2254
+ };
2255
+ };
2256
+ default: components["responses"]["ProblemResponse"];
2257
+ };
2258
+ };
2259
+ ExplorePreviewImage: {
2260
+ parameters: {
2261
+ query?: never;
2262
+ header?: never;
2263
+ path?: never;
2264
+ cookie?: never;
2265
+ };
2266
+ requestBody?: never;
2267
+ responses: {
2268
+ /** @description PNG bytes */
2269
+ 200: {
2270
+ headers: {
2271
+ "Cache-Control"?: string;
2272
+ [name: string]: unknown;
2273
+ };
2274
+ content: {
2275
+ "image/png": string;
2276
+ };
2277
+ };
2278
+ default: components["responses"]["ProblemResponse"];
2279
+ };
2280
+ };
2281
+ AdminHome: {
2282
+ parameters: {
2283
+ query?: never;
2284
+ header?: never;
2285
+ path?: never;
2286
+ cookie?: never;
2287
+ };
2288
+ requestBody?: never;
2289
+ responses: {
2290
+ 200: components["responses"]["HTMLResponse"];
2291
+ default: components["responses"]["ProblemResponse"];
2292
+ };
2293
+ };
2294
+ AdminProviders: {
2295
+ parameters: {
2296
+ query?: {
2297
+ /** @description Free-text search on title, domain, or slug. */
2298
+ q?: string;
2299
+ visibility?: components["schemas"]["EntityVisibility"];
2300
+ status?: components["schemas"]["EntityStatus"];
2301
+ };
2302
+ header?: never;
2303
+ path?: never;
2304
+ cookie?: never;
2305
+ };
2306
+ requestBody?: never;
2307
+ responses: {
2308
+ /** @description Ok */
2309
+ 200: {
2310
+ headers: {
2311
+ [name: string]: unknown;
2312
+ };
2313
+ content: {
2314
+ "text/html": string;
2315
+ "application/json": {
2316
+ items: {
2317
+ /** Format: uuid */
2318
+ id?: string;
2319
+ /** Format: uuid */
2320
+ orgId?: string;
2321
+ orgName?: string;
2322
+ orgIconUrl?: string;
2323
+ domain?: string;
2324
+ slug?: string;
2325
+ title?: string;
2326
+ description?: string;
2327
+ iconUrl?: string;
2328
+ visibility?: components["schemas"]["EntityVisibility"];
2329
+ status?: components["schemas"]["EntityStatus"];
2330
+ tags?: string[];
2331
+ /** Format: date-time */
2332
+ updatedAt?: string;
2333
+ }[];
2334
+ };
2335
+ };
2336
+ };
2337
+ default: components["responses"]["ProblemResponse"];
2338
+ };
2339
+ };
2340
+ AdminOrgs: {
2341
+ parameters: {
2342
+ query?: {
2343
+ /** @description Matches workspace name or any member's email. */
2344
+ q?: string;
2345
+ };
2346
+ header?: never;
2347
+ path?: never;
2348
+ cookie?: never;
2349
+ };
2350
+ requestBody?: never;
2351
+ responses: {
2352
+ /** @description Ok */
2353
+ 200: {
2354
+ headers: {
2355
+ [name: string]: unknown;
2356
+ };
2357
+ content: {
2358
+ "text/html": string;
2359
+ "application/json": {
2360
+ items: {
2361
+ /** Format: uuid */
2362
+ id?: string;
2363
+ name?: string;
2364
+ /** @enum {string} */
2365
+ kind?: "PERSONAL" | "ORG";
2366
+ status?: components["schemas"]["EntityStatus"];
2367
+ iconUrl?: string;
2368
+ memberCount?: number;
2369
+ providerCount?: number;
2370
+ /** Format: date-time */
2371
+ createdAt?: string;
2372
+ /** Format: date-time */
2373
+ updatedAt?: string;
2374
+ }[];
2375
+ };
2376
+ };
2377
+ };
2378
+ default: components["responses"]["ProblemResponse"];
2379
+ };
2380
+ };
2381
+ AdminUsers: {
2382
+ parameters: {
2383
+ query?: {
2384
+ q?: string;
2385
+ };
2386
+ header?: never;
2387
+ path?: never;
2388
+ cookie?: never;
2389
+ };
2390
+ requestBody?: never;
2391
+ responses: {
2392
+ 200: components["responses"]["HTMLResponse"];
2393
+ default: components["responses"]["ProblemResponse"];
2394
+ };
2395
+ };
2396
+ AdminReviews: {
2397
+ parameters: {
2398
+ query?: never;
2399
+ header?: never;
2400
+ path?: never;
2401
+ cookie?: never;
2402
+ };
2403
+ requestBody?: never;
2404
+ responses: {
2405
+ /** @description Ok */
2406
+ 200: {
2407
+ headers: {
2408
+ [name: string]: unknown;
2409
+ };
2410
+ content: {
2411
+ "text/html": string;
2412
+ "application/json": {
2413
+ items: {
2414
+ /** Format: uuid */
2415
+ providerId?: string;
2416
+ providerTitle?: string;
2417
+ providerSlug?: string;
2418
+ providerDomain?: string;
2419
+ orgName?: string;
2420
+ version?: {
2421
+ major?: number;
2422
+ minor?: number;
2423
+ patch?: number;
2424
+ branch?: string;
2425
+ };
2426
+ initialUrl?: string;
2427
+ verificationType?: string;
2428
+ /** Format: date-time */
2429
+ updatedAt?: string;
2430
+ updatedNotes?: string;
2431
+ }[];
2432
+ };
2433
+ };
2434
+ };
2435
+ default: components["responses"]["ProblemResponse"];
2436
+ };
2437
+ };
2438
+ AdminThemes: {
2439
+ parameters: {
2440
+ query?: {
2441
+ q?: string;
2442
+ };
2443
+ header?: never;
2444
+ path?: never;
2445
+ cookie?: never;
2446
+ };
2447
+ requestBody?: never;
2448
+ responses: {
2449
+ 200: components["responses"]["HTMLResponse"];
2450
+ default: components["responses"]["ProblemResponse"];
2451
+ };
2452
+ };
2453
+ TransferProvider: {
2454
+ parameters: {
2455
+ query?: never;
2456
+ header?: never;
2457
+ path: {
2458
+ providerId: components["schemas"]["ProviderID"];
2459
+ };
2460
+ cookie?: never;
2461
+ };
2462
+ requestBody: {
2463
+ content: {
2464
+ "application/json": components["schemas"]["TransferProviderRequest"];
2465
+ };
2466
+ };
2467
+ responses: {
2468
+ /** @description Transferred */
2469
+ 200: {
2470
+ headers: {
2471
+ [name: string]: unknown;
2472
+ };
2473
+ content: {
2474
+ "application/json": components["schemas"]["Provider"];
2475
+ };
2476
+ };
2477
+ 403: components["responses"]["ForbiddenResponse"];
2478
+ default: components["responses"]["ProblemResponse"];
2479
+ };
2480
+ };
2481
+ Sitemap: {
2482
+ parameters: {
2483
+ query?: never;
2484
+ header?: never;
2485
+ path?: never;
2486
+ cookie?: never;
2487
+ };
2488
+ requestBody?: never;
2489
+ responses: {
2490
+ /** @description Ok */
2491
+ 200: {
2492
+ headers: {
2493
+ [name: string]: unknown;
2494
+ };
2495
+ content: {
2496
+ "application/xml": string;
2497
+ };
2498
+ };
2499
+ default: components["responses"]["ProblemResponse"];
2500
+ };
2501
+ };
2502
+ Robots: {
2503
+ parameters: {
2504
+ query?: never;
2505
+ header?: never;
2506
+ path?: never;
2507
+ cookie?: never;
2508
+ };
2509
+ requestBody?: never;
2510
+ responses: {
2511
+ /** @description Ok */
2512
+ 200: {
2513
+ headers: {
2514
+ [name: string]: unknown;
2515
+ };
2516
+ content: {
2517
+ "text/plain": string;
2518
+ };
2519
+ };
2520
+ default: components["responses"]["ProblemResponse"];
2521
+ };
2522
+ };
2523
+ OpenApiSpec: {
2524
+ parameters: {
2525
+ query?: never;
2526
+ header?: never;
2527
+ path?: never;
2528
+ cookie?: never;
2529
+ };
2530
+ requestBody?: never;
2531
+ responses: {
2532
+ /** @description Ok */
2533
+ 200: {
2534
+ headers: {
2535
+ [name: string]: unknown;
2536
+ };
2537
+ content: {
2538
+ "application/yaml": string;
2539
+ };
2540
+ };
2541
+ default: components["responses"]["ProblemResponse"];
2542
+ };
2543
+ };
2544
+ Docs: {
2545
+ parameters: {
2546
+ query?: never;
2547
+ header?: never;
2548
+ path?: never;
2549
+ cookie?: never;
2550
+ };
2551
+ requestBody?: never;
2552
+ responses: {
2553
+ 200: components["responses"]["HTMLResponse"];
2554
+ default: components["responses"]["ProblemResponse"];
2555
+ };
2556
+ };
2557
+ LoginPage: {
2558
+ parameters: {
2559
+ query?: {
2560
+ /** @description URL to redirect to after successful sign-in. Must start with `/`. Defaults to `/me`. Used by `/attach/{code}` to return the user to the pairing page after they sign in. */
2561
+ next?: string;
2562
+ };
2563
+ header?: never;
2564
+ path?: never;
2565
+ cookie?: never;
2566
+ };
2567
+ requestBody?: never;
2568
+ responses: {
2569
+ 200: components["responses"]["HTMLResponse"];
2570
+ default: components["responses"]["ProblemResponse"];
2571
+ };
2572
+ };
2573
+ Logout: {
2574
+ parameters: {
2575
+ query?: never;
2576
+ header?: never;
2577
+ path?: never;
2578
+ cookie?: never;
2579
+ };
2580
+ requestBody?: never;
2581
+ responses: {
2582
+ /** @description Signed out */
2583
+ 204: {
2584
+ headers: {
2585
+ [name: string]: unknown;
2586
+ };
2587
+ content?: never;
2588
+ };
2589
+ default: components["responses"]["ProblemResponse"];
2590
+ };
2591
+ };
2592
+ Login: {
2593
+ parameters: {
2594
+ query?: never;
2595
+ header?: never;
2596
+ path?: never;
2597
+ cookie?: never;
2598
+ };
2599
+ requestBody: {
2600
+ content: {
2601
+ "application/json": components["schemas"]["LoginRequest"];
2602
+ "application/x-www-form-urlencoded": components["schemas"]["LoginRequest"];
2603
+ };
2604
+ };
2605
+ responses: {
2606
+ /** @description Authenticated */
2607
+ 200: {
2608
+ headers: {
2609
+ [name: string]: unknown;
2610
+ };
2611
+ content: {
2612
+ "application/json": components["schemas"]["AuthToken"];
2613
+ };
2614
+ };
2615
+ default: components["responses"]["ProblemResponse"];
2616
+ };
2617
+ };
2618
+ GetMe: {
2619
+ parameters: {
2620
+ query?: never;
2621
+ header?: never;
2622
+ path?: never;
2623
+ cookie?: never;
2624
+ };
2625
+ requestBody?: never;
2626
+ responses: {
2627
+ /** @description Ok */
2628
+ 200: {
2629
+ headers: {
2630
+ [name: string]: unknown;
2631
+ };
2632
+ content: {
2633
+ "application/json": components["schemas"]["User"];
2634
+ "text/html": components["schemas"]["HtmlContent"];
2635
+ };
2636
+ };
2637
+ default: components["responses"]["ProblemResponse"];
2638
+ };
2639
+ };
2640
+ UpdateMe: {
2641
+ parameters: {
2642
+ query?: never;
2643
+ header?: never;
2644
+ path?: never;
2645
+ cookie?: never;
2646
+ };
2647
+ requestBody: {
2648
+ content: {
2649
+ "application/json": components["schemas"]["UpdateUserRequest"];
2650
+ };
2651
+ };
2652
+ responses: {
2653
+ /** @description Updated */
2654
+ 200: {
2655
+ headers: {
2656
+ [name: string]: unknown;
2657
+ };
2658
+ content: {
2659
+ "application/json": components["schemas"]["User"];
2660
+ };
2661
+ };
2662
+ default: components["responses"]["ProblemResponse"];
2663
+ };
2664
+ };
2665
+ GetUser: {
2666
+ parameters: {
2667
+ query?: never;
2668
+ header?: never;
2669
+ path: {
2670
+ userId: components["schemas"]["UserID"];
2671
+ };
2672
+ cookie?: never;
2673
+ };
2674
+ requestBody?: never;
2675
+ responses: {
2676
+ /** @description Ok */
2677
+ 200: {
2678
+ headers: {
2679
+ [name: string]: unknown;
2680
+ };
2681
+ content: {
2682
+ "application/json": components["schemas"]["User"];
2683
+ };
2684
+ };
2685
+ default: components["responses"]["ProblemResponse"];
2686
+ };
2687
+ };
2688
+ ListOrgs: {
2689
+ parameters: {
2690
+ query?: {
2691
+ /** @description Opaque cursor returned as `nextPageCursor` on a prior response. Pass it back as-is to fetch the next page; omit on the first request. Clients must not parse, modify, or fabricate cursors — the server reserves the encoding. */
2692
+ cursor?: string;
2693
+ };
2694
+ header?: never;
2695
+ path?: never;
2696
+ cookie?: never;
2697
+ };
2698
+ requestBody?: never;
2699
+ responses: {
2700
+ /** @description Ok */
2701
+ 200: {
2702
+ headers: {
2703
+ [name: string]: unknown;
2704
+ };
2705
+ content: {
2706
+ "application/json": {
2707
+ items: components["schemas"]["Organization"][];
2708
+ nextPageCursor?: string;
2709
+ };
2710
+ "text/html": components["schemas"]["HtmlContent"];
2711
+ };
2712
+ };
2713
+ default: components["responses"]["ProblemResponse"];
2714
+ };
2715
+ };
2716
+ CreateOrg: {
2717
+ parameters: {
2718
+ query?: never;
2719
+ header?: never;
2720
+ path?: never;
2721
+ cookie?: never;
2722
+ };
2723
+ requestBody: {
2724
+ content: {
2725
+ "application/json": components["schemas"]["CreateOrgRequest"];
2726
+ "application/x-www-form-urlencoded": components["schemas"]["CreateOrgRequest"];
2727
+ };
2728
+ };
2729
+ responses: {
2730
+ /** @description Created */
2731
+ 201: {
2732
+ headers: {
2733
+ [name: string]: unknown;
2734
+ };
2735
+ content: {
2736
+ "application/json": components["schemas"]["Organization"];
2737
+ };
2738
+ };
2739
+ default: components["responses"]["ProblemResponse"];
2740
+ };
2741
+ };
2742
+ GetOrg: {
2743
+ parameters: {
2744
+ query?: never;
2745
+ header?: never;
2746
+ path: {
2747
+ orgId: components["schemas"]["OrgID"];
2748
+ };
2749
+ cookie?: never;
2750
+ };
2751
+ requestBody?: never;
2752
+ responses: {
2753
+ /** @description Ok */
2754
+ 200: {
2755
+ headers: {
2756
+ [name: string]: unknown;
2757
+ };
2758
+ content: {
2759
+ "application/json": components["schemas"]["Organization"];
2760
+ "text/html": components["schemas"]["HtmlContent"];
2761
+ };
2762
+ };
2763
+ default: components["responses"]["ProblemResponse"];
2764
+ };
2765
+ };
2766
+ DeleteOrg: {
2767
+ parameters: {
2768
+ query?: never;
2769
+ header?: never;
2770
+ path: {
2771
+ orgId: components["schemas"]["OrgID"];
2772
+ };
2773
+ cookie?: never;
2774
+ };
2775
+ requestBody?: never;
2776
+ responses: {
2777
+ /** @description Deleted. */
2778
+ 204: {
2779
+ headers: {
2780
+ [name: string]: unknown;
2781
+ };
2782
+ content?: never;
2783
+ };
2784
+ 403: components["responses"]["ForbiddenResponse"];
2785
+ default: components["responses"]["ProblemResponse"];
2786
+ };
2787
+ };
2788
+ UpdateOrg: {
2789
+ parameters: {
2790
+ query?: never;
2791
+ header?: never;
2792
+ path: {
2793
+ orgId: components["schemas"]["OrgID"];
2794
+ };
2795
+ cookie?: never;
2796
+ };
2797
+ requestBody: {
2798
+ content: {
2799
+ "application/json": components["schemas"]["UpdateOrgRequest"];
2800
+ "application/x-www-form-urlencoded": components["schemas"]["UpdateOrgRequest"];
2801
+ };
2802
+ };
2803
+ responses: {
2804
+ /** @description Updated */
2805
+ 200: {
2806
+ headers: {
2807
+ [name: string]: unknown;
2808
+ };
2809
+ content: {
2810
+ "application/json": components["schemas"]["Organization"];
2811
+ };
2812
+ };
2813
+ 403: components["responses"]["ForbiddenResponse"];
2814
+ default: components["responses"]["ProblemResponse"];
2815
+ };
2816
+ };
2817
+ AddOrgMember: {
2818
+ parameters: {
2819
+ query?: never;
2820
+ header?: never;
2821
+ path: {
2822
+ orgId: components["schemas"]["OrgID"];
2823
+ };
2824
+ cookie?: never;
2825
+ };
2826
+ requestBody: {
2827
+ content: {
2828
+ "application/json": components["schemas"]["AddOrgMemberRequest"];
2829
+ "application/x-www-form-urlencoded": components["schemas"]["AddOrgMemberRequest"];
2830
+ };
2831
+ };
2832
+ responses: {
2833
+ /** @description Invite created */
2834
+ 201: {
2835
+ headers: {
2836
+ [name: string]: unknown;
2837
+ };
2838
+ content: {
2839
+ "application/json": components["schemas"]["OrganizationMember"];
2840
+ };
2841
+ };
2842
+ 403: components["responses"]["ForbiddenResponse"];
2843
+ default: components["responses"]["ProblemResponse"];
2844
+ };
2845
+ };
2846
+ RemoveOrgMember: {
2847
+ parameters: {
2848
+ query?: never;
2849
+ header?: never;
2850
+ path: {
2851
+ orgId: components["schemas"]["OrgID"];
2852
+ memberId: components["schemas"]["MemberID"];
2853
+ };
2854
+ cookie?: never;
2855
+ };
2856
+ requestBody?: never;
2857
+ responses: {
2858
+ /** @description Removed. */
2859
+ 204: {
2860
+ headers: {
2861
+ [name: string]: unknown;
2862
+ };
2863
+ content?: never;
2864
+ };
2865
+ 403: components["responses"]["ForbiddenResponse"];
2866
+ default: components["responses"]["ProblemResponse"];
2867
+ };
2868
+ };
2869
+ UpdateOrgMember: {
2870
+ parameters: {
2871
+ query?: never;
2872
+ header?: never;
2873
+ path: {
2874
+ orgId: components["schemas"]["OrgID"];
2875
+ memberId: components["schemas"]["MemberID"];
2876
+ };
2877
+ cookie?: never;
2878
+ };
2879
+ requestBody: {
2880
+ content: {
2881
+ "application/json": {
2882
+ role: components["schemas"]["OrganizationMemberRole"];
2883
+ };
2884
+ };
2885
+ };
2886
+ responses: {
2887
+ /** @description Updated */
2888
+ 200: {
2889
+ headers: {
2890
+ [name: string]: unknown;
2891
+ };
2892
+ content: {
2893
+ "application/json": components["schemas"]["OrganizationMember"];
2894
+ };
2895
+ };
2896
+ 403: components["responses"]["ForbiddenResponse"];
2897
+ default: components["responses"]["ProblemResponse"];
2898
+ };
2899
+ };
2900
+ UpdateOrgIcon: {
2901
+ parameters: {
2902
+ query?: never;
2903
+ header?: never;
2904
+ path: {
2905
+ orgId: components["schemas"]["OrgID"];
2906
+ };
2907
+ cookie?: never;
2908
+ };
2909
+ requestBody: {
2910
+ content: {
2911
+ "multipart/form-data": {
2912
+ /**
2913
+ * Format: binary
2914
+ * @description PNG, JPEG, WebP or GIF, ≤ 4 MB.
2915
+ */
2916
+ file: string;
2917
+ };
2918
+ };
2919
+ };
2920
+ responses: {
2921
+ /** @description Updated */
2922
+ 200: {
2923
+ headers: {
2924
+ [name: string]: unknown;
2925
+ };
2926
+ content: {
2927
+ "application/json": components["schemas"]["Organization"];
2928
+ };
2929
+ };
2930
+ 403: components["responses"]["ForbiddenResponse"];
2931
+ default: components["responses"]["ProblemResponse"];
2932
+ };
2933
+ };
2934
+ DeleteOrgIcon: {
2935
+ parameters: {
2936
+ query?: never;
2937
+ header?: never;
2938
+ path: {
2939
+ orgId: components["schemas"]["OrgID"];
2940
+ };
2941
+ cookie?: never;
2942
+ };
2943
+ requestBody?: never;
2944
+ responses: {
2945
+ /** @description Cleared */
2946
+ 200: {
2947
+ headers: {
2948
+ [name: string]: unknown;
2949
+ };
2950
+ content: {
2951
+ "application/json": components["schemas"]["Organization"];
2952
+ };
2953
+ };
2954
+ 403: components["responses"]["ForbiddenResponse"];
2955
+ default: components["responses"]["ProblemResponse"];
2956
+ };
2957
+ };
2958
+ ListThemes: {
2959
+ parameters: {
2960
+ query?: never;
2961
+ header?: never;
2962
+ path: {
2963
+ orgId: components["schemas"]["OrgID"];
2964
+ };
2965
+ cookie?: never;
2966
+ };
2967
+ requestBody?: never;
2968
+ responses: {
2969
+ /** @description Ok */
2970
+ 200: {
2971
+ headers: {
2972
+ [name: string]: unknown;
2973
+ };
2974
+ content: {
2975
+ "application/json": {
2976
+ items: components["schemas"]["Theme"][];
2977
+ };
2978
+ };
2979
+ };
2980
+ default: components["responses"]["ProblemResponse"];
2981
+ };
2982
+ };
2983
+ CreateTheme: {
2984
+ parameters: {
2985
+ query?: never;
2986
+ header?: never;
2987
+ path: {
2988
+ orgId: components["schemas"]["OrgID"];
2989
+ };
2990
+ cookie?: never;
2991
+ };
2992
+ requestBody: {
2993
+ content: {
2994
+ "application/json": components["schemas"]["CreateThemeRequest"];
2995
+ "application/x-www-form-urlencoded": components["schemas"]["CreateThemeRequest"];
2996
+ };
2997
+ };
2998
+ responses: {
2999
+ /** @description Created */
3000
+ 201: {
3001
+ headers: {
3002
+ [name: string]: unknown;
3003
+ };
3004
+ content: {
3005
+ "application/json": components["schemas"]["Theme"];
3006
+ };
3007
+ };
3008
+ 400: components["responses"]["ProblemResponse"];
3009
+ 403: components["responses"]["ForbiddenResponse"];
3010
+ default: components["responses"]["ProblemResponse"];
3011
+ };
3012
+ };
3013
+ GetTheme: {
3014
+ parameters: {
3015
+ query?: never;
3016
+ header?: never;
3017
+ path: {
3018
+ orgId: components["schemas"]["OrgID"];
3019
+ themeId: components["schemas"]["ThemeID"];
3020
+ };
3021
+ cookie?: never;
3022
+ };
3023
+ requestBody?: never;
3024
+ responses: {
3025
+ /** @description Ok */
3026
+ 200: {
3027
+ headers: {
3028
+ [name: string]: unknown;
3029
+ };
3030
+ content: {
3031
+ "application/json": components["schemas"]["Theme"];
3032
+ };
3033
+ };
3034
+ default: components["responses"]["ProblemResponse"];
3035
+ };
3036
+ };
3037
+ DeleteTheme: {
3038
+ parameters: {
3039
+ query?: never;
3040
+ header?: never;
3041
+ path: {
3042
+ orgId: components["schemas"]["OrgID"];
3043
+ themeId: components["schemas"]["ThemeID"];
3044
+ };
3045
+ cookie?: never;
3046
+ };
3047
+ requestBody?: never;
3048
+ responses: {
3049
+ /** @description Deleted */
3050
+ 204: {
3051
+ headers: {
3052
+ [name: string]: unknown;
3053
+ };
3054
+ content?: never;
3055
+ };
3056
+ 403: components["responses"]["ForbiddenResponse"];
3057
+ default: components["responses"]["ProblemResponse"];
3058
+ };
3059
+ };
3060
+ UpdateTheme: {
3061
+ parameters: {
3062
+ query?: never;
3063
+ header?: never;
3064
+ path: {
3065
+ orgId: components["schemas"]["OrgID"];
3066
+ themeId: components["schemas"]["ThemeID"];
3067
+ };
3068
+ cookie?: never;
3069
+ };
3070
+ requestBody: {
3071
+ content: {
3072
+ "application/json": components["schemas"]["UpdateThemeRequest"];
3073
+ "application/x-www-form-urlencoded": components["schemas"]["UpdateThemeRequest"];
3074
+ };
3075
+ };
3076
+ responses: {
3077
+ /** @description Updated */
3078
+ 200: {
3079
+ headers: {
3080
+ [name: string]: unknown;
3081
+ };
3082
+ content: {
3083
+ "application/json": components["schemas"]["Theme"];
3084
+ };
3085
+ };
3086
+ 403: components["responses"]["ForbiddenResponse"];
3087
+ default: components["responses"]["ProblemResponse"];
3088
+ };
3089
+ };
3090
+ ListOrgCredentials: {
3091
+ parameters: {
3092
+ query?: never;
3093
+ header?: never;
3094
+ path: {
3095
+ orgId: components["schemas"]["OrgID"];
3096
+ };
3097
+ cookie?: never;
3098
+ };
3099
+ requestBody?: never;
3100
+ responses: {
3101
+ /** @description Ok */
3102
+ 200: {
3103
+ headers: {
3104
+ [name: string]: unknown;
3105
+ };
3106
+ content: {
3107
+ "application/json": {
3108
+ items: components["schemas"]["Credential"][];
3109
+ };
3110
+ };
3111
+ };
3112
+ 403: components["responses"]["ForbiddenResponse"];
3113
+ default: components["responses"]["ProblemResponse"];
3114
+ };
3115
+ };
3116
+ GetOrgBilling: {
3117
+ parameters: {
3118
+ query?: never;
3119
+ header?: never;
3120
+ path: {
3121
+ orgId: components["schemas"]["OrgID"];
3122
+ };
3123
+ cookie?: never;
3124
+ };
3125
+ requestBody?: never;
3126
+ responses: {
3127
+ /** @description Ok */
3128
+ 200: {
3129
+ headers: {
3130
+ [name: string]: unknown;
3131
+ };
3132
+ content: {
3133
+ "application/json": components["schemas"]["OrgBilling"];
3134
+ };
3135
+ };
3136
+ 403: components["responses"]["ForbiddenResponse"];
3137
+ 404: components["responses"]["ProblemResponse"];
3138
+ default: components["responses"]["ProblemResponse"];
3139
+ };
3140
+ };
3141
+ UpdateOrgBilling: {
3142
+ parameters: {
3143
+ query?: never;
3144
+ header?: never;
3145
+ path: {
3146
+ orgId: components["schemas"]["OrgID"];
3147
+ };
3148
+ cookie?: never;
3149
+ };
3150
+ requestBody: {
3151
+ content: {
3152
+ "application/json": components["schemas"]["UpdateOrgBillingRequest"];
3153
+ "application/x-www-form-urlencoded": components["schemas"]["UpdateOrgBillingRequest"];
3154
+ };
3155
+ };
3156
+ responses: {
3157
+ /** @description Updated */
3158
+ 200: {
3159
+ headers: {
3160
+ [name: string]: unknown;
3161
+ };
3162
+ content: {
3163
+ "application/json": components["schemas"]["OrgBilling"];
3164
+ };
3165
+ };
3166
+ 403: components["responses"]["ForbiddenResponse"];
3167
+ default: components["responses"]["ProblemResponse"];
3168
+ };
3169
+ };
3170
+ DeleteOrgBilling: {
3171
+ parameters: {
3172
+ query?: never;
3173
+ header?: never;
3174
+ path: {
3175
+ orgId: components["schemas"]["OrgID"];
3176
+ };
3177
+ cookie?: never;
3178
+ };
3179
+ requestBody?: never;
3180
+ responses: {
3181
+ /** @description Deleted */
3182
+ 204: {
3183
+ headers: {
3184
+ [name: string]: unknown;
3185
+ };
3186
+ content?: never;
3187
+ };
3188
+ 403: components["responses"]["ForbiddenResponse"];
3189
+ default: components["responses"]["ProblemResponse"];
3190
+ };
3191
+ };
3192
+ LinkCredential: {
3193
+ parameters: {
3194
+ query?: never;
3195
+ header?: never;
3196
+ path?: never;
3197
+ cookie?: never;
3198
+ };
3199
+ requestBody: {
3200
+ content: {
3201
+ "application/json": components["schemas"]["LinkCredentialRequest"];
3202
+ "application/x-www-form-urlencoded": components["schemas"]["LinkCredentialRequest"];
3203
+ };
3204
+ };
3205
+ responses: {
3206
+ /** @description Credential registered or attached */
3207
+ 201: {
3208
+ headers: {
3209
+ [name: string]: unknown;
3210
+ };
3211
+ content: {
3212
+ "application/json": components["schemas"]["Credential"];
3213
+ };
3214
+ };
3215
+ 403: components["responses"]["ForbiddenResponse"];
3216
+ /** @description Address already registered under a different public key, the credential is revoked, or it is already linked to another organization. */
3217
+ 409: {
3218
+ headers: {
3219
+ [name: string]: unknown;
3220
+ };
3221
+ content: {
3222
+ "application/problem+json": components["schemas"]["Problem"];
3223
+ };
3224
+ };
3225
+ default: components["responses"]["ProblemResponse"];
3226
+ };
3227
+ };
3228
+ GetCredentialByAddress: {
3229
+ parameters: {
3230
+ query?: never;
3231
+ header?: never;
3232
+ path: {
3233
+ address: components["schemas"]["EthAddress"];
3234
+ };
3235
+ cookie?: never;
3236
+ };
3237
+ requestBody?: never;
3238
+ responses: {
3239
+ /** @description Ok */
3240
+ 200: {
3241
+ headers: {
3242
+ [name: string]: unknown;
3243
+ };
3244
+ content: {
3245
+ "application/json": components["schemas"]["Credential"];
3246
+ };
3247
+ };
3248
+ 404: components["responses"]["ProblemResponse"];
3249
+ default: components["responses"]["ProblemResponse"];
3250
+ };
3251
+ };
3252
+ GetCredential: {
3253
+ parameters: {
3254
+ query?: never;
3255
+ header?: never;
3256
+ path: {
3257
+ credentialId: components["schemas"]["CredentialID"];
3258
+ };
3259
+ cookie?: never;
3260
+ };
3261
+ requestBody?: never;
3262
+ responses: {
3263
+ /** @description Ok */
3264
+ 200: {
3265
+ headers: {
3266
+ [name: string]: unknown;
3267
+ };
3268
+ content: {
3269
+ "application/json": components["schemas"]["Credential"];
3270
+ };
3271
+ };
3272
+ 404: components["responses"]["ProblemResponse"];
3273
+ default: components["responses"]["ProblemResponse"];
3274
+ };
3275
+ };
3276
+ RevokeCredential: {
3277
+ parameters: {
3278
+ query?: never;
3279
+ header?: never;
3280
+ path: {
3281
+ credentialId: components["schemas"]["CredentialID"];
3282
+ };
3283
+ cookie?: never;
3284
+ };
3285
+ requestBody?: never;
3286
+ responses: {
3287
+ /** @description Revoked */
3288
+ 200: {
3289
+ headers: {
3290
+ [name: string]: unknown;
3291
+ };
3292
+ content: {
3293
+ "application/json": components["schemas"]["Credential"];
3294
+ };
3295
+ };
3296
+ 403: components["responses"]["ForbiddenResponse"];
3297
+ 404: components["responses"]["ProblemResponse"];
3298
+ default: components["responses"]["ProblemResponse"];
3299
+ };
3300
+ };
3301
+ CredentialAuthChallenge: {
3302
+ parameters: {
3303
+ query?: never;
3304
+ header?: never;
3305
+ path?: never;
3306
+ cookie?: never;
3307
+ };
3308
+ requestBody: {
3309
+ content: {
3310
+ "application/json": components["schemas"]["CredentialAuthChallengeRequest"];
3311
+ };
3312
+ };
3313
+ responses: {
3314
+ /** @description Challenge issued */
3315
+ 200: {
3316
+ headers: {
3317
+ [name: string]: unknown;
3318
+ };
3319
+ content: {
3320
+ "application/json": components["schemas"]["CredentialAuthChallenge"];
3321
+ };
3322
+ };
3323
+ 501: components["responses"]["ProblemResponse"];
3324
+ default: components["responses"]["ProblemResponse"];
3325
+ };
3326
+ };
3327
+ CredentialAuthVerify: {
3328
+ parameters: {
3329
+ query?: never;
3330
+ header?: never;
3331
+ path?: never;
3332
+ cookie?: never;
3333
+ };
3334
+ requestBody: {
3335
+ content: {
3336
+ "application/json": components["schemas"]["CredentialAuthVerifyRequest"];
3337
+ };
3338
+ };
3339
+ responses: {
3340
+ /** @description Verified */
3341
+ 200: {
3342
+ headers: {
3343
+ [name: string]: unknown;
3344
+ };
3345
+ content: {
3346
+ "application/json": components["schemas"]["CredentialAuthToken"];
3347
+ };
3348
+ };
3349
+ 501: components["responses"]["ProblemResponse"];
3350
+ default: components["responses"]["ProblemResponse"];
3351
+ };
3352
+ };
3353
+ CreateAttachSession: {
3354
+ parameters: {
3355
+ query?: never;
3356
+ header?: never;
3357
+ path?: never;
3358
+ cookie?: never;
3359
+ };
3360
+ requestBody?: never;
3361
+ responses: {
3362
+ /** @description Pairing session opened */
3363
+ 201: {
3364
+ headers: {
3365
+ [name: string]: unknown;
3366
+ };
3367
+ content: {
3368
+ "application/json": components["schemas"]["CredentialAttachSession"];
3369
+ };
3370
+ };
3371
+ default: components["responses"]["ProblemResponse"];
3372
+ };
3373
+ };
3374
+ GetAttachSession: {
3375
+ parameters: {
3376
+ query?: never;
3377
+ header?: never;
3378
+ path: {
3379
+ code: components["schemas"]["AttachCode"];
3380
+ };
3381
+ cookie?: never;
3382
+ };
3383
+ requestBody?: never;
3384
+ responses: {
3385
+ /** @description Session state */
3386
+ 200: {
3387
+ headers: {
3388
+ [name: string]: unknown;
3389
+ };
3390
+ content: {
3391
+ "application/json": components["schemas"]["CredentialAttachSession"];
3392
+ };
3393
+ };
3394
+ 404: components["responses"]["ProblemResponse"];
3395
+ default: components["responses"]["ProblemResponse"];
3396
+ };
3397
+ };
3398
+ ConfirmAttachSession: {
3399
+ parameters: {
3400
+ query?: never;
3401
+ header?: never;
3402
+ path: {
3403
+ code: components["schemas"]["AttachCode"];
3404
+ };
3405
+ cookie?: never;
3406
+ };
3407
+ requestBody?: {
3408
+ content: {
3409
+ "application/json": components["schemas"]["ConfirmAttachSessionRequest"];
3410
+ "application/x-www-form-urlencoded": components["schemas"]["ConfirmAttachSessionRequest"];
3411
+ };
3412
+ };
3413
+ responses: {
3414
+ /** @description Device authorized */
3415
+ 200: {
3416
+ headers: {
3417
+ [name: string]: unknown;
3418
+ };
3419
+ content: {
3420
+ "application/json": components["schemas"]["CredentialAttachSession"];
3421
+ };
3422
+ };
3423
+ 404: components["responses"]["ProblemResponse"];
3424
+ default: components["responses"]["ProblemResponse"];
3425
+ };
3426
+ };
3427
+ AttachPage: {
3428
+ parameters: {
3429
+ query?: never;
3430
+ header?: never;
3431
+ path: {
3432
+ code: components["schemas"]["AttachCode"];
3433
+ };
3434
+ cookie?: never;
3435
+ };
3436
+ requestBody?: never;
3437
+ responses: {
3438
+ 200: components["responses"]["HTMLResponse"];
3439
+ default: components["responses"]["ProblemResponse"];
3440
+ };
3441
+ };
3442
+ GetImage: {
3443
+ parameters: {
3444
+ query?: never;
3445
+ header?: never;
3446
+ path: {
3447
+ imageId: string;
3448
+ };
3449
+ cookie?: never;
3450
+ };
3451
+ requestBody?: never;
3452
+ responses: {
3453
+ /** @description Image bytes */
3454
+ 200: {
3455
+ headers: {
3456
+ "Cache-Control"?: string;
3457
+ ETag?: string;
3458
+ [name: string]: unknown;
3459
+ };
3460
+ content: {
3461
+ "image/*": string;
3462
+ };
3463
+ };
3464
+ default: components["responses"]["ProblemResponse"];
3465
+ };
3466
+ };
3467
+ GetProvider: {
3468
+ parameters: {
3469
+ query?: never;
3470
+ header?: never;
3471
+ path: {
3472
+ providerId: components["schemas"]["ProviderID"];
3473
+ };
3474
+ cookie?: never;
3475
+ };
3476
+ requestBody?: never;
3477
+ responses: {
3478
+ /** @description Ok (JSON callers, or HTML callers when content negotiation falls through). */
3479
+ 200: {
3480
+ headers: {
3481
+ ETag: components["headers"]["ETag"];
3482
+ [name: string]: unknown;
3483
+ };
3484
+ content: {
3485
+ "application/json": components["schemas"]["Provider"];
3486
+ "text/html": components["schemas"]["HtmlContent"];
3487
+ };
3488
+ };
3489
+ 301: components["responses"]["CanonicalRedirectResponse"];
3490
+ /** @description Verification not found, or it is `PRIVATE` and the caller is not authorized to see it. */
3491
+ 404: {
3492
+ headers: {
3493
+ [name: string]: unknown;
3494
+ };
3495
+ content?: never;
3496
+ };
3497
+ default: components["responses"]["ProblemResponse"];
3498
+ };
3499
+ };
3500
+ DeleteProvider: {
3501
+ parameters: {
3502
+ query?: never;
3503
+ header?: {
3504
+ /**
3505
+ * @description Opaque `ETag` from a prior GET on the same resource. When
3506
+ * supplied, the server applies optimistic concurrency: the
3507
+ * mutation fails with `412 Precondition Failed` if the
3508
+ * resource has been modified since. Omit for last-write-wins.
3509
+ */
3510
+ "If-Match"?: components["parameters"]["IfMatch"];
3511
+ };
3512
+ path: {
3513
+ providerId: components["schemas"]["ProviderID"];
3514
+ };
3515
+ cookie?: never;
3516
+ };
3517
+ requestBody?: never;
3518
+ responses: {
3519
+ /** @description Archived. */
3520
+ 204: {
3521
+ headers: {
3522
+ [name: string]: unknown;
3523
+ };
3524
+ content?: never;
3525
+ };
3526
+ /** @description Precondition Failed. The supplied `If-Match` does not match the verification's current `ETag` — re-fetch and retry. */
3527
+ 412: {
3528
+ headers: {
3529
+ [name: string]: unknown;
3530
+ };
3531
+ content?: never;
3532
+ };
3533
+ default: components["responses"]["ProblemResponse"];
3534
+ };
3535
+ };
3536
+ UpdateProvider: {
3537
+ parameters: {
3538
+ query?: never;
3539
+ header?: {
3540
+ /**
3541
+ * @description Opaque `ETag` from a prior GET on the same resource. When
3542
+ * supplied, the server applies optimistic concurrency: the
3543
+ * mutation fails with `412 Precondition Failed` if the
3544
+ * resource has been modified since. Omit for last-write-wins.
3545
+ */
3546
+ "If-Match"?: components["parameters"]["IfMatch"];
3547
+ };
3548
+ path: {
3549
+ providerId: components["schemas"]["ProviderID"];
3550
+ };
3551
+ cookie?: never;
3552
+ };
3553
+ requestBody: {
3554
+ content: {
3555
+ "application/json": components["schemas"]["UpdateProviderRequest"];
3556
+ "application/x-www-form-urlencoded": components["schemas"]["UpdateProviderRequest"];
3557
+ };
3558
+ };
3559
+ responses: {
3560
+ /** @description Updated */
3561
+ 200: {
3562
+ headers: {
3563
+ ETag: components["headers"]["ETag"];
3564
+ [name: string]: unknown;
3565
+ };
3566
+ content: {
3567
+ "application/json": components["schemas"]["Provider"];
3568
+ };
3569
+ };
3570
+ 403: components["responses"]["ForbiddenResponse"];
3571
+ /** @description Precondition Failed. The supplied `If-Match` does not match the verification's current `ETag` — re-fetch and retry. */
3572
+ 412: {
3573
+ headers: {
3574
+ [name: string]: unknown;
3575
+ };
3576
+ content?: never;
3577
+ };
3578
+ default: components["responses"]["ProblemResponse"];
3579
+ };
3580
+ };
3581
+ GetProviderBySlug: {
3582
+ parameters: {
3583
+ query?: never;
3584
+ header?: never;
3585
+ path: {
3586
+ providerId: components["schemas"]["ProviderID"];
3587
+ /** @description Verification slug. URL-safe identifier; lowercase letters, digits, and hyphens only. If stale, HTML callers get a 301 to the current slug. */
3588
+ slug: string;
3589
+ };
3590
+ cookie?: never;
3591
+ };
3592
+ requestBody?: never;
3593
+ responses: {
3594
+ /** @description Ok. Slug matched the provider's current slug. */
3595
+ 200: {
3596
+ headers: {
3597
+ ETag: components["headers"]["ETag"];
3598
+ [name: string]: unknown;
3599
+ };
3600
+ content: {
3601
+ "application/json": components["schemas"]["Provider"];
3602
+ "text/html": components["schemas"]["HtmlContent"];
3603
+ };
3604
+ };
3605
+ 301: components["responses"]["CanonicalRedirectResponse"];
3606
+ /** @description Verification not found, or it is `PRIVATE` and the caller is not authorized to see it. */
3607
+ 404: {
3608
+ headers: {
3609
+ [name: string]: unknown;
3610
+ };
3611
+ content?: never;
3612
+ };
3613
+ default: components["responses"]["ProblemResponse"];
3614
+ };
3615
+ };
3616
+ ListProviderVersions: {
3617
+ parameters: {
3618
+ query?: {
3619
+ /** @description Opaque cursor returned as `nextPageCursor` on a prior response. Pass it back as-is to fetch the next page; omit on the first request. Clients must not parse, modify, or fabricate cursors — the server reserves the encoding. */
3620
+ cursor?: string;
3621
+ };
3622
+ header?: never;
3623
+ path: {
3624
+ providerId: components["schemas"]["ProviderID"];
3625
+ };
3626
+ cookie?: never;
3627
+ };
3628
+ requestBody?: never;
3629
+ responses: {
3630
+ /** @description Ok */
3631
+ 200: {
3632
+ headers: {
3633
+ [name: string]: unknown;
3634
+ };
3635
+ content: {
3636
+ "application/json": {
3637
+ items: components["schemas"]["ProviderVersion"][];
3638
+ nextPageCursor?: string;
3639
+ };
3640
+ };
3641
+ };
3642
+ default: components["responses"]["ProblemResponse"];
3643
+ };
3644
+ };
3645
+ CreateProviderVersion: {
3646
+ parameters: {
3647
+ query?: never;
3648
+ header?: never;
3649
+ path: {
3650
+ providerId: components["schemas"]["ProviderID"];
3651
+ };
3652
+ cookie?: never;
3653
+ };
3654
+ requestBody: {
3655
+ content: {
3656
+ "application/json": components["schemas"]["CreateProviderVersionRequest"];
3657
+ };
3658
+ };
3659
+ responses: {
3660
+ /** @description Created */
3661
+ 201: {
3662
+ headers: {
3663
+ [name: string]: unknown;
3664
+ };
3665
+ content: {
3666
+ "application/json": components["schemas"]["ProviderVersion"];
3667
+ };
3668
+ };
3669
+ 400: components["responses"]["ProblemResponse"];
3670
+ 403: components["responses"]["ForbiddenResponse"];
3671
+ default: components["responses"]["ProblemResponse"];
3672
+ };
3673
+ };
3674
+ GetProviderVersion: {
3675
+ parameters: {
3676
+ query?: never;
3677
+ header?: never;
3678
+ path: {
3679
+ providerId: components["schemas"]["ProviderID"];
3680
+ /** @description Semver string of the provider version, e.g. `1.4.2`. */
3681
+ version: components["parameters"]["ProviderVersionPath"];
3682
+ };
3683
+ cookie?: never;
3684
+ };
3685
+ requestBody?: never;
3686
+ responses: {
3687
+ /** @description Ok */
3688
+ 200: {
3689
+ headers: {
3690
+ ETag: components["headers"]["ETag"];
3691
+ [name: string]: unknown;
3692
+ };
3693
+ content: {
3694
+ "application/json": components["schemas"]["ProviderVersion"];
3695
+ "text/html": components["schemas"]["HtmlContent"];
3696
+ };
3697
+ };
3698
+ default: components["responses"]["ProblemResponse"];
3699
+ };
3700
+ };
3701
+ DeleteProviderVersion: {
3702
+ parameters: {
3703
+ query?: never;
3704
+ header?: {
3705
+ /**
3706
+ * @description Opaque `ETag` from a prior GET on the same resource. When
3707
+ * supplied, the server applies optimistic concurrency: the
3708
+ * mutation fails with `412 Precondition Failed` if the
3709
+ * resource has been modified since. Omit for last-write-wins.
3710
+ */
3711
+ "If-Match"?: components["parameters"]["IfMatch"];
3712
+ };
3713
+ path: {
3714
+ providerId: components["schemas"]["ProviderID"];
3715
+ /** @description Semver string of the provider version, e.g. `1.4.2`. */
3716
+ version: components["parameters"]["ProviderVersionPath"];
3717
+ };
3718
+ cookie?: never;
3719
+ };
3720
+ requestBody?: never;
3721
+ responses: {
3722
+ /** @description Deleted. */
3723
+ 204: {
3724
+ headers: {
3725
+ [name: string]: unknown;
3726
+ };
3727
+ content?: never;
3728
+ };
3729
+ /** @description Precondition Failed. The supplied `If-Match` does not match the version's current `ETag` — re-fetch and retry. */
3730
+ 412: {
3731
+ headers: {
3732
+ [name: string]: unknown;
3733
+ };
3734
+ content?: never;
3735
+ };
3736
+ default: components["responses"]["ProblemResponse"];
3737
+ };
3738
+ };
3739
+ UpdateProviderVersion: {
3740
+ parameters: {
3741
+ query?: never;
3742
+ header?: {
3743
+ /**
3744
+ * @description Opaque `ETag` from a prior GET on the same resource. When
3745
+ * supplied, the server applies optimistic concurrency: the
3746
+ * mutation fails with `412 Precondition Failed` if the
3747
+ * resource has been modified since. Omit for last-write-wins.
3748
+ */
3749
+ "If-Match"?: components["parameters"]["IfMatch"];
3750
+ };
3751
+ path: {
3752
+ providerId: components["schemas"]["ProviderID"];
3753
+ /** @description Semver string of the provider version, e.g. `1.4.2`. */
3754
+ version: components["parameters"]["ProviderVersionPath"];
3755
+ };
3756
+ cookie?: never;
3757
+ };
3758
+ requestBody: {
3759
+ content: {
3760
+ "application/json": components["schemas"]["UpdateProviderVersionRequest"];
3761
+ };
3762
+ };
3763
+ responses: {
3764
+ /** @description Updated */
3765
+ 200: {
3766
+ headers: {
3767
+ ETag: components["headers"]["ETag"];
3768
+ [name: string]: unknown;
3769
+ };
3770
+ content: {
3771
+ "application/json": components["schemas"]["ProviderVersion"];
3772
+ };
3773
+ };
3774
+ 400: components["responses"]["ProblemResponse"];
3775
+ 403: components["responses"]["ForbiddenResponse"];
3776
+ /** @description Precondition Failed. The supplied `If-Match` does not match the version's current `ETag` — re-fetch and retry. */
3777
+ 412: {
3778
+ headers: {
3779
+ [name: string]: unknown;
3780
+ };
3781
+ content?: never;
3782
+ };
3783
+ default: components["responses"]["ProblemResponse"];
3784
+ };
3785
+ };
3786
+ SubmitProviderVersionForReview: {
3787
+ parameters: {
3788
+ query?: never;
3789
+ header?: never;
3790
+ path: {
3791
+ providerId: components["schemas"]["ProviderID"];
3792
+ /** @description Semver string of the provider version, e.g. `1.4.2`. */
3793
+ version: components["parameters"]["ProviderVersionPath"];
3794
+ };
3795
+ cookie?: never;
3796
+ };
3797
+ requestBody?: {
3798
+ content: {
3799
+ "application/json": components["schemas"]["ProviderVersionReviewSubmission"];
3800
+ "application/x-www-form-urlencoded": components["schemas"]["ProviderVersionReviewSubmission"];
3801
+ };
3802
+ };
3803
+ responses: {
3804
+ /** @description Submitted for review */
3805
+ 200: {
3806
+ headers: {
3807
+ [name: string]: unknown;
3808
+ };
3809
+ content: {
3810
+ "application/json": components["schemas"]["ProviderVersion"];
3811
+ };
3812
+ };
3813
+ default: components["responses"]["ProblemResponse"];
3814
+ };
3815
+ };
3816
+ DecideProviderVersionReview: {
3817
+ parameters: {
3818
+ query?: never;
3819
+ header?: never;
3820
+ path: {
3821
+ providerId: components["schemas"]["ProviderID"];
3822
+ /** @description Semver string of the provider version, e.g. `1.4.2`. */
3823
+ version: components["parameters"]["ProviderVersionPath"];
3824
+ };
3825
+ cookie?: never;
3826
+ };
3827
+ requestBody: {
3828
+ content: {
3829
+ "application/json": components["schemas"]["ProviderVersionReviewDecision"];
3830
+ "application/x-www-form-urlencoded": components["schemas"]["ProviderVersionReviewDecision"];
3831
+ };
3832
+ };
3833
+ responses: {
3834
+ /** @description Decision recorded */
3835
+ 200: {
3836
+ headers: {
3837
+ [name: string]: unknown;
3838
+ };
3839
+ content: {
3840
+ "application/json": components["schemas"]["ProviderVersion"];
3841
+ };
3842
+ };
3843
+ default: components["responses"]["ProblemResponse"];
3844
+ };
3845
+ };
3846
+ PublishProviderVersion: {
3847
+ parameters: {
3848
+ query?: never;
3849
+ header?: never;
3850
+ path: {
3851
+ providerId: components["schemas"]["ProviderID"];
3852
+ /** @description Semver string of the provider version, e.g. `1.4.2`. */
3853
+ version: components["parameters"]["ProviderVersionPath"];
3854
+ };
3855
+ cookie?: never;
3856
+ };
3857
+ requestBody?: {
3858
+ content: {
3859
+ "application/json": components["schemas"]["ProviderVersionPublishRequest"];
3860
+ "application/x-www-form-urlencoded": components["schemas"]["ProviderVersionPublishRequest"];
3861
+ };
3862
+ };
3863
+ responses: {
3864
+ /** @description Published to live channel */
3865
+ 200: {
3866
+ headers: {
3867
+ [name: string]: unknown;
3868
+ };
3869
+ content: {
3870
+ "application/json": components["schemas"]["ProviderVersion"];
3871
+ };
3872
+ };
3873
+ default: components["responses"]["ProblemResponse"];
3874
+ };
3875
+ };
3876
+ RequestPublicListing: {
3877
+ parameters: {
3878
+ query?: never;
3879
+ header?: never;
3880
+ path: {
3881
+ providerId: components["schemas"]["ProviderID"];
3882
+ };
3883
+ cookie?: never;
3884
+ };
3885
+ requestBody?: {
3886
+ content: {
3887
+ "application/json": components["schemas"]["VisibilityChangeRequest"];
3888
+ "application/x-www-form-urlencoded": components["schemas"]["VisibilityChangeRequest"];
3889
+ };
3890
+ };
3891
+ responses: {
3892
+ /** @description Submitted for public listing review */
3893
+ 200: {
3894
+ headers: {
3895
+ [name: string]: unknown;
3896
+ };
3897
+ content: {
3898
+ "application/json": components["schemas"]["Provider"];
3899
+ };
3900
+ };
3901
+ /** @description Provider is already PUBLIC or has no live versions */
3902
+ 409: {
3903
+ headers: {
3904
+ [name: string]: unknown;
3905
+ };
3906
+ content: {
3907
+ "application/problem+json": components["schemas"]["Problem"];
3908
+ };
3909
+ };
3910
+ default: components["responses"]["ProblemResponse"];
3911
+ };
3912
+ };
3913
+ MakePrivate: {
3914
+ parameters: {
3915
+ query?: never;
3916
+ header?: never;
3917
+ path: {
3918
+ providerId: components["schemas"]["ProviderID"];
3919
+ };
3920
+ cookie?: never;
3921
+ };
3922
+ requestBody?: {
3923
+ content: {
3924
+ "application/json": components["schemas"]["VisibilityChangeRequest"];
3925
+ "application/x-www-form-urlencoded": components["schemas"]["VisibilityChangeRequest"];
3926
+ };
3927
+ };
3928
+ responses: {
3929
+ /** @description Visibility changed to PRIVATE */
3930
+ 200: {
3931
+ headers: {
3932
+ [name: string]: unknown;
3933
+ };
3934
+ content: {
3935
+ "application/json": components["schemas"]["Provider"];
3936
+ };
3937
+ };
3938
+ /** @description Provider is already PRIVATE */
3939
+ 409: {
3940
+ headers: {
3941
+ [name: string]: unknown;
3942
+ };
3943
+ content: {
3944
+ "application/problem+json": components["schemas"]["Problem"];
3945
+ };
3946
+ };
3947
+ default: components["responses"]["ProblemResponse"];
3948
+ };
3949
+ };
3950
+ CancelPublicListingRequest: {
3951
+ parameters: {
3952
+ query?: never;
3953
+ header?: never;
3954
+ path: {
3955
+ providerId: components["schemas"]["ProviderID"];
3956
+ /** @description Semver string of the provider version, e.g. `1.4.2`. */
3957
+ version: components["parameters"]["ProviderVersionPath"];
3958
+ };
3959
+ cookie?: never;
3960
+ };
3961
+ requestBody?: {
3962
+ content: {
3963
+ "application/json": components["schemas"]["VisibilityChangeRequest"];
3964
+ "application/x-www-form-urlencoded": components["schemas"]["VisibilityChangeRequest"];
3965
+ };
3966
+ };
3967
+ responses: {
3968
+ /** @description Review request cancelled, version moved to draft */
3969
+ 200: {
3970
+ headers: {
3971
+ [name: string]: unknown;
3972
+ };
3973
+ content: {
3974
+ "application/json": components["schemas"]["ProviderVersion"];
3975
+ };
3976
+ };
3977
+ /** @description Version is not in_review or cannot be cancelled */
3978
+ 409: {
3979
+ headers: {
3980
+ [name: string]: unknown;
3981
+ };
3982
+ content: {
3983
+ "application/problem+json": components["schemas"]["Problem"];
3984
+ };
3985
+ };
3986
+ default: components["responses"]["ProblemResponse"];
3987
+ };
3988
+ };
3989
+ }