@thinkai/tai-api-contract 2.46.0-pr.858.7e24f603 → 2.47.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,7 +1,7 @@
1
1
  openapi: 3.0.3
2
2
  info:
3
3
  title: ThinkAI API
4
- version: 2.46.0
4
+ version: 2.47.0
5
5
  description: >
6
6
  Contract surface for the AI Driven SDLC backend used by ThinkAI.
7
7
  Workspace-scoped routes use `/workspaces/{workspaceId}/...`.
@@ -327,6 +327,56 @@ paths:
327
327
  description: Updated
328
328
  "401":
329
329
  $ref: "#/components/responses/Unauthorized"
330
+ delete:
331
+ tags: [Me]
332
+ summary: Delete current user account and all owned data
333
+ operationId: deleteMe
334
+ description: >
335
+ Self-service account deletion. Hard-deletes the authenticated user in a single
336
+ atomic transaction with the same semantics as admin `deleteUserAndData` (#428):
337
+ owned workspaces (and all workspace-level child tables via CASCADE), membership
338
+ rows in other workspaces, invitations where the user is `invited_by`, and the
339
+ user row itself. After the DB commit, removes the corresponding Supabase Auth
340
+ user via the service-role key; Auth deletion failure is logged but does not
341
+ roll back the DB changes.
342
+
343
+ **Irreversible.** Owned workspaces in the #440 soft-delete grace period are
344
+ also hard-deleted immediately; there is no restore window after account delete.
345
+
346
+ **Authorization:** Bearer JWT required. Body must include the caller's email
347
+ exactly (case-insensitive) as a type-to-confirm guard.
348
+ requestBody:
349
+ required: true
350
+ content:
351
+ application/json:
352
+ schema:
353
+ $ref: "#/components/schemas/DeleteMeBodyDto"
354
+ responses:
355
+ "204":
356
+ description: Account and all owned data deleted.
357
+ "400":
358
+ description: Missing or mismatched confirmation email.
359
+ content:
360
+ application/json:
361
+ schema:
362
+ $ref: "#/components/schemas/ErrorMessageDto"
363
+ example:
364
+ error: Confirmation email does not match account email
365
+ code: email_mismatch
366
+ "401":
367
+ $ref: "#/components/responses/Unauthorized"
368
+ "409":
369
+ description: Identity conflict resolving the current user.
370
+ content:
371
+ application/json:
372
+ schema:
373
+ $ref: "#/components/schemas/ErrorMessageDto"
374
+ "503":
375
+ description: Account deletion not supported by the configured store.
376
+ content:
377
+ application/json:
378
+ schema:
379
+ $ref: "#/components/schemas/ErrorMessageDto"
330
380
 
331
381
  /me/workspaces:
332
382
  get:
@@ -7784,6 +7834,17 @@ components:
7784
7834
  type: string
7785
7835
  nullable: true
7786
7836
 
7837
+ DeleteMeBodyDto:
7838
+ type: object
7839
+ required: [email]
7840
+ properties:
7841
+ email:
7842
+ type: string
7843
+ format: email
7844
+ description: >
7845
+ Must match the authenticated user's email (case-insensitive). Acts as
7846
+ a type-to-confirm guard against accidental deletion.
7847
+
7787
7848
  WorkspaceSummaryDto:
7788
7849
  type: object
7789
7850
  required: [id, slug, name, status, role]
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@thinkai/tai-api-contract",
3
- "version": "2.46.0-pr.858.7e24f603",
3
+ "version": "2.47.0",
4
4
  "private": false,
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
@@ -82,7 +82,13 @@ export interface paths {
82
82
  /** Update current user profile */
83
83
  put: operations["updateMe"];
84
84
  post?: never;
85
- delete?: never;
85
+ /**
86
+ * Delete current user account and all owned data
87
+ * @description Self-service account deletion. Hard-deletes the authenticated user in a single atomic transaction with the same semantics as admin `deleteUserAndData` (#428): owned workspaces (and all workspace-level child tables via CASCADE), membership rows in other workspaces, invitations where the user is `invited_by`, and the user row itself. After the DB commit, removes the corresponding Supabase Auth user via the service-role key; Auth deletion failure is logged but does not roll back the DB changes.
88
+ * **Irreversible.** Owned workspaces in the #440 soft-delete grace period are also hard-deleted immediately; there is no restore window after account delete.
89
+ * **Authorization:** Bearer JWT required. Body must include the caller's email exactly (case-insensitive) as a type-to-confirm guard.
90
+ */
91
+ delete: operations["deleteMe"];
86
92
  options?: never;
87
93
  head?: never;
88
94
  patch?: never;
@@ -3104,6 +3110,13 @@ export interface components {
3104
3110
  email?: string;
3105
3111
  defaultWorkspaceId?: string | null;
3106
3112
  };
3113
+ DeleteMeBodyDto: {
3114
+ /**
3115
+ * Format: email
3116
+ * @description Must match the authenticated user's email (case-insensitive). Acts as a type-to-confirm guard against accidental deletion.
3117
+ */
3118
+ email: string;
3119
+ };
3107
3120
  WorkspaceSummaryDto: {
3108
3121
  id: string;
3109
3122
  slug: string;
@@ -4716,6 +4729,7 @@ export type AiToolMemberHeatmapDayDto = components['schemas']['AiToolMemberHeatm
4716
4729
  export type AiToolMemberDetailDto = components['schemas']['AiToolMemberDetailDto'];
4717
4730
  export type MeProfileDto = components['schemas']['MeProfileDto'];
4718
4731
  export type UpdateMeBodyDto = components['schemas']['UpdateMeBodyDto'];
4732
+ export type DeleteMeBodyDto = components['schemas']['DeleteMeBodyDto'];
4719
4733
  export type WorkspaceSummaryDto = components['schemas']['WorkspaceSummaryDto'];
4720
4734
  export type WorkspacesForUserDto = components['schemas']['WorkspacesForUserDto'];
4721
4735
  export type CreateWorkspaceBodyDto = components['schemas']['CreateWorkspaceBodyDto'];
@@ -5113,6 +5127,62 @@ export interface operations {
5113
5127
  401: components["responses"]["Unauthorized"];
5114
5128
  };
5115
5129
  };
5130
+ deleteMe: {
5131
+ parameters: {
5132
+ query?: never;
5133
+ header?: never;
5134
+ path?: never;
5135
+ cookie?: never;
5136
+ };
5137
+ requestBody: {
5138
+ content: {
5139
+ "application/json": components["schemas"]["DeleteMeBodyDto"];
5140
+ };
5141
+ };
5142
+ responses: {
5143
+ /** @description Account and all owned data deleted. */
5144
+ 204: {
5145
+ headers: {
5146
+ [name: string]: unknown;
5147
+ };
5148
+ content?: never;
5149
+ };
5150
+ /** @description Missing or mismatched confirmation email. */
5151
+ 400: {
5152
+ headers: {
5153
+ [name: string]: unknown;
5154
+ };
5155
+ content: {
5156
+ /**
5157
+ * @example {
5158
+ * "error": "Confirmation email does not match account email",
5159
+ * "code": "email_mismatch"
5160
+ * }
5161
+ */
5162
+ "application/json": components["schemas"]["ErrorMessageDto"];
5163
+ };
5164
+ };
5165
+ 401: components["responses"]["Unauthorized"];
5166
+ /** @description Identity conflict resolving the current user. */
5167
+ 409: {
5168
+ headers: {
5169
+ [name: string]: unknown;
5170
+ };
5171
+ content: {
5172
+ "application/json": components["schemas"]["ErrorMessageDto"];
5173
+ };
5174
+ };
5175
+ /** @description Account deletion not supported by the configured store. */
5176
+ 503: {
5177
+ headers: {
5178
+ [name: string]: unknown;
5179
+ };
5180
+ content: {
5181
+ "application/json": components["schemas"]["ErrorMessageDto"];
5182
+ };
5183
+ };
5184
+ };
5185
+ };
5116
5186
  listMyWorkspaces: {
5117
5187
  parameters: {
5118
5188
  query?: never;