@thinkai/tai-api-contract 2.48.0 → 2.49.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/generated/openapi.d.ts +950 -18
- package/dist/generated/openapi.d.ts.map +1 -1
- package/dist/index.d.ts +45 -10
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js.map +1 -1
- package/openapi/openapi.yaml +892 -11
- package/package.json +1 -1
- package/src/generated/openapi.ts +950 -18
- package/src/index.ts +48 -10
package/openapi/openapi.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
openapi: 3.0.3
|
|
2
2
|
info:
|
|
3
3
|
title: ThinkAI API
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.49.0
|
|
5
5
|
description: >
|
|
6
6
|
Contract surface for the AI Driven SDLC backend used by ThinkAI.
|
|
7
7
|
Workspace-scoped routes use `/workspaces/{workspaceId}/...`.
|
|
@@ -60,6 +60,10 @@ tags:
|
|
|
60
60
|
description: Platform-admin operations restricted to PLATFORM_ADMIN_EMAILS. Callers must present a valid JWT from an email on that allowlist; all other callers receive 403.
|
|
61
61
|
- name: HRIS
|
|
62
62
|
description: HRIS integrations (Personio, ZenHR, …); absence data, sync status, and manual sync (issue #447).
|
|
63
|
+
- name: PrivacyRequests
|
|
64
|
+
description: >
|
|
65
|
+
Data subject access / erasure / portability request intake and privacy-ops management (DSAR, issue #611).
|
|
66
|
+
Public and authenticated submission; platform-admin queue, export, and fulfillment.
|
|
63
67
|
|
|
64
68
|
paths:
|
|
65
69
|
/admin/users/{userId}:
|
|
@@ -296,6 +300,400 @@ paths:
|
|
|
296
300
|
error: Forbidden
|
|
297
301
|
code: forbidden
|
|
298
302
|
|
|
303
|
+
/privacy-requests:
|
|
304
|
+
post:
|
|
305
|
+
tags: [PrivacyRequests]
|
|
306
|
+
summary: Submit a privacy rights request (public)
|
|
307
|
+
operationId: submitPublicPrivacyRequest
|
|
308
|
+
security: []
|
|
309
|
+
description: >
|
|
310
|
+
Public, unauthenticated intake for data subject access, erasure, portability, rectification,
|
|
311
|
+
restriction, and objection requests (#611). No bearer token required.
|
|
312
|
+
|
|
313
|
+
**Abuse controls:** requests are rate limited per client IP (`429` with `Retry-After` when
|
|
314
|
+
exceeded). A hidden honeypot field (`companyWebsite`) silently absorbs bot submissions. The
|
|
315
|
+
response shape is identical whether or not the email matches an existing account, so the
|
|
316
|
+
endpoint cannot be used to enumerate users. Duplicate open requests for the same email and
|
|
317
|
+
request type within 24h are rejected with `409`.
|
|
318
|
+
|
|
319
|
+
**Identity is not proven** by this route; privacy ops must verify identity before any export
|
|
320
|
+
or erasure is fulfilled.
|
|
321
|
+
requestBody:
|
|
322
|
+
required: true
|
|
323
|
+
content:
|
|
324
|
+
application/json:
|
|
325
|
+
schema:
|
|
326
|
+
$ref: "#/components/schemas/CreatePrivacyRequestBodyDto"
|
|
327
|
+
responses:
|
|
328
|
+
"201":
|
|
329
|
+
description: Request accepted and queued for privacy ops.
|
|
330
|
+
content:
|
|
331
|
+
application/json:
|
|
332
|
+
schema:
|
|
333
|
+
$ref: "#/components/schemas/CreatePrivacyRequestResultDto"
|
|
334
|
+
"400":
|
|
335
|
+
description: Missing or invalid email, unknown request type, or details too long.
|
|
336
|
+
content:
|
|
337
|
+
application/json:
|
|
338
|
+
schema:
|
|
339
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
340
|
+
example:
|
|
341
|
+
error: A valid email is required
|
|
342
|
+
code: invalid_email
|
|
343
|
+
"409":
|
|
344
|
+
description: An open request for this email and type already exists.
|
|
345
|
+
content:
|
|
346
|
+
application/json:
|
|
347
|
+
schema:
|
|
348
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
349
|
+
example:
|
|
350
|
+
error: An open request for this email already exists
|
|
351
|
+
code: duplicate_open_request
|
|
352
|
+
"429":
|
|
353
|
+
description: Too many submissions from this client; retry later.
|
|
354
|
+
content:
|
|
355
|
+
application/json:
|
|
356
|
+
schema:
|
|
357
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
358
|
+
example:
|
|
359
|
+
error: Too many requests
|
|
360
|
+
code: too_many_requests
|
|
361
|
+
|
|
362
|
+
/me/privacy-requests:
|
|
363
|
+
get:
|
|
364
|
+
tags: [PrivacyRequests, Me]
|
|
365
|
+
summary: List the caller's privacy requests
|
|
366
|
+
operationId: listMyPrivacyRequests
|
|
367
|
+
description: >
|
|
368
|
+
Returns privacy requests whose subject is the authenticated caller (matched by user id or
|
|
369
|
+
email), limited to a reference code and status so callers can track progress.
|
|
370
|
+
responses:
|
|
371
|
+
"200":
|
|
372
|
+
description: Caller's privacy requests, newest first.
|
|
373
|
+
content:
|
|
374
|
+
application/json:
|
|
375
|
+
schema:
|
|
376
|
+
$ref: "#/components/schemas/MyPrivacyRequestListDto"
|
|
377
|
+
"401":
|
|
378
|
+
$ref: "#/components/responses/Unauthorized"
|
|
379
|
+
post:
|
|
380
|
+
tags: [PrivacyRequests, Me]
|
|
381
|
+
summary: Submit a privacy request as the authenticated user
|
|
382
|
+
operationId: submitMyPrivacyRequest
|
|
383
|
+
description: >
|
|
384
|
+
Authenticated intake. The subject is always the caller's own profile; the request is
|
|
385
|
+
auto-marked identity-verified because the JWT proves identity. Supplying an `email` that
|
|
386
|
+
does not match the caller is rejected with `400`.
|
|
387
|
+
requestBody:
|
|
388
|
+
required: true
|
|
389
|
+
content:
|
|
390
|
+
application/json:
|
|
391
|
+
schema:
|
|
392
|
+
$ref: "#/components/schemas/CreateMyPrivacyRequestBodyDto"
|
|
393
|
+
responses:
|
|
394
|
+
"201":
|
|
395
|
+
description: Request accepted and queued.
|
|
396
|
+
content:
|
|
397
|
+
application/json:
|
|
398
|
+
schema:
|
|
399
|
+
$ref: "#/components/schemas/CreatePrivacyRequestResultDto"
|
|
400
|
+
"400":
|
|
401
|
+
description: Unknown request type, details too long, or email override attempted.
|
|
402
|
+
content:
|
|
403
|
+
application/json:
|
|
404
|
+
schema:
|
|
405
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
406
|
+
example:
|
|
407
|
+
error: Email cannot be overridden on an authenticated request
|
|
408
|
+
code: email_override_rejected
|
|
409
|
+
"401":
|
|
410
|
+
$ref: "#/components/responses/Unauthorized"
|
|
411
|
+
"409":
|
|
412
|
+
description: An open request for this subject and type already exists.
|
|
413
|
+
content:
|
|
414
|
+
application/json:
|
|
415
|
+
schema:
|
|
416
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
417
|
+
|
|
418
|
+
/workspaces/{workspaceId}/privacy-requests:
|
|
419
|
+
post:
|
|
420
|
+
tags: [PrivacyRequests, Workspace]
|
|
421
|
+
summary: Submit a privacy request on behalf of a workspace member (B2B controller)
|
|
422
|
+
operationId: submitWorkspacePrivacyRequest
|
|
423
|
+
description: >
|
|
424
|
+
Workspace-admin route for B2B controllers to raise a privacy request on behalf of an
|
|
425
|
+
employee (`subjectEmail`). The request is bound to the workspace and requires manual
|
|
426
|
+
identity verification by privacy ops before fulfillment. Non-admin members receive `403`.
|
|
427
|
+
parameters:
|
|
428
|
+
- $ref: "#/components/parameters/WorkspaceId"
|
|
429
|
+
requestBody:
|
|
430
|
+
required: true
|
|
431
|
+
content:
|
|
432
|
+
application/json:
|
|
433
|
+
schema:
|
|
434
|
+
$ref: "#/components/schemas/CreateWorkspacePrivacyRequestBodyDto"
|
|
435
|
+
responses:
|
|
436
|
+
"201":
|
|
437
|
+
description: Request accepted and queued.
|
|
438
|
+
content:
|
|
439
|
+
application/json:
|
|
440
|
+
schema:
|
|
441
|
+
$ref: "#/components/schemas/CreatePrivacyRequestResultDto"
|
|
442
|
+
"400":
|
|
443
|
+
description: Invalid subject email, unknown request type, or details too long.
|
|
444
|
+
content:
|
|
445
|
+
application/json:
|
|
446
|
+
schema:
|
|
447
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
448
|
+
"401":
|
|
449
|
+
$ref: "#/components/responses/Unauthorized"
|
|
450
|
+
"403":
|
|
451
|
+
description: Caller is not a workspace admin.
|
|
452
|
+
content:
|
|
453
|
+
application/json:
|
|
454
|
+
schema:
|
|
455
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
456
|
+
example:
|
|
457
|
+
error: Forbidden
|
|
458
|
+
code: workspace_admin_required
|
|
459
|
+
"404":
|
|
460
|
+
description: Workspace not found.
|
|
461
|
+
content:
|
|
462
|
+
application/json:
|
|
463
|
+
schema:
|
|
464
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
465
|
+
|
|
466
|
+
/admin/privacy-requests:
|
|
467
|
+
get:
|
|
468
|
+
tags: [PrivacyRequests, PlatformAdmin]
|
|
469
|
+
summary: List privacy requests (privacy-ops queue)
|
|
470
|
+
operationId: adminListPrivacyRequests
|
|
471
|
+
description: >
|
|
472
|
+
Platform-admin queue of privacy requests, newest first, with SLA due dates for triage.
|
|
473
|
+
|
|
474
|
+
**Authorization:** Bearer JWT required. Caller email must appear in `PLATFORM_ADMIN_EMAILS`.
|
|
475
|
+
parameters:
|
|
476
|
+
- name: status
|
|
477
|
+
in: query
|
|
478
|
+
required: false
|
|
479
|
+
schema:
|
|
480
|
+
$ref: "#/components/schemas/PrivacyRequestStatus"
|
|
481
|
+
description: Filter by workflow status.
|
|
482
|
+
- name: requestType
|
|
483
|
+
in: query
|
|
484
|
+
required: false
|
|
485
|
+
schema:
|
|
486
|
+
$ref: "#/components/schemas/PrivacyRequestType"
|
|
487
|
+
description: Filter by request type.
|
|
488
|
+
- name: overdue
|
|
489
|
+
in: query
|
|
490
|
+
required: false
|
|
491
|
+
schema:
|
|
492
|
+
type: boolean
|
|
493
|
+
description: When true, return only requests past their SLA due date and not yet completed.
|
|
494
|
+
- name: limit
|
|
495
|
+
in: query
|
|
496
|
+
required: false
|
|
497
|
+
schema:
|
|
498
|
+
type: integer
|
|
499
|
+
minimum: 1
|
|
500
|
+
maximum: 200
|
|
501
|
+
default: 100
|
|
502
|
+
description: Maximum number of rows to return (default 100, max 200).
|
|
503
|
+
responses:
|
|
504
|
+
"200":
|
|
505
|
+
description: Privacy request queue.
|
|
506
|
+
content:
|
|
507
|
+
application/json:
|
|
508
|
+
schema:
|
|
509
|
+
$ref: "#/components/schemas/PrivacyRequestListDto"
|
|
510
|
+
"401":
|
|
511
|
+
$ref: "#/components/responses/Unauthorized"
|
|
512
|
+
"403":
|
|
513
|
+
description: Caller is not a platform admin.
|
|
514
|
+
content:
|
|
515
|
+
application/json:
|
|
516
|
+
schema:
|
|
517
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
518
|
+
example:
|
|
519
|
+
error: Forbidden
|
|
520
|
+
code: forbidden
|
|
521
|
+
|
|
522
|
+
/admin/privacy-requests/{requestId}:
|
|
523
|
+
get:
|
|
524
|
+
tags: [PrivacyRequests, PlatformAdmin]
|
|
525
|
+
summary: Get a privacy request with its event timeline
|
|
526
|
+
operationId: adminGetPrivacyRequest
|
|
527
|
+
parameters:
|
|
528
|
+
- $ref: "#/components/parameters/PrivacyRequestId"
|
|
529
|
+
responses:
|
|
530
|
+
"200":
|
|
531
|
+
description: Privacy request detail with audit timeline.
|
|
532
|
+
content:
|
|
533
|
+
application/json:
|
|
534
|
+
schema:
|
|
535
|
+
$ref: "#/components/schemas/PrivacyRequestDetailDto"
|
|
536
|
+
"401":
|
|
537
|
+
$ref: "#/components/responses/Unauthorized"
|
|
538
|
+
"403":
|
|
539
|
+
description: Caller is not a platform admin.
|
|
540
|
+
content:
|
|
541
|
+
application/json:
|
|
542
|
+
schema:
|
|
543
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
544
|
+
"404":
|
|
545
|
+
description: Request not found.
|
|
546
|
+
content:
|
|
547
|
+
application/json:
|
|
548
|
+
schema:
|
|
549
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
550
|
+
patch:
|
|
551
|
+
tags: [PrivacyRequests, PlatformAdmin]
|
|
552
|
+
summary: Update a privacy request (status, assignee, notes, identity verification)
|
|
553
|
+
operationId: adminUpdatePrivacyRequest
|
|
554
|
+
description: >
|
|
555
|
+
Update workflow fields. Setting `markIdentityVerified: true` records the verifying admin and
|
|
556
|
+
unlocks export and erasure fulfillment. Transitioning `status` to `completed` requires both
|
|
557
|
+
`fulfillmentAction` and `fulfillmentRef`.
|
|
558
|
+
parameters:
|
|
559
|
+
- $ref: "#/components/parameters/PrivacyRequestId"
|
|
560
|
+
requestBody:
|
|
561
|
+
required: true
|
|
562
|
+
content:
|
|
563
|
+
application/json:
|
|
564
|
+
schema:
|
|
565
|
+
$ref: "#/components/schemas/UpdatePrivacyRequestBodyDto"
|
|
566
|
+
responses:
|
|
567
|
+
"200":
|
|
568
|
+
description: Updated privacy request detail.
|
|
569
|
+
content:
|
|
570
|
+
application/json:
|
|
571
|
+
schema:
|
|
572
|
+
$ref: "#/components/schemas/PrivacyRequestDetailDto"
|
|
573
|
+
"400":
|
|
574
|
+
description: Invalid field value or missing fulfillment metadata for completion.
|
|
575
|
+
content:
|
|
576
|
+
application/json:
|
|
577
|
+
schema:
|
|
578
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
579
|
+
example:
|
|
580
|
+
error: Completing a request requires a fulfillment action and reference
|
|
581
|
+
code: fulfillment_metadata_required
|
|
582
|
+
"401":
|
|
583
|
+
$ref: "#/components/responses/Unauthorized"
|
|
584
|
+
"403":
|
|
585
|
+
description: Caller is not a platform admin.
|
|
586
|
+
content:
|
|
587
|
+
application/json:
|
|
588
|
+
schema:
|
|
589
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
590
|
+
"404":
|
|
591
|
+
description: Request not found.
|
|
592
|
+
content:
|
|
593
|
+
application/json:
|
|
594
|
+
schema:
|
|
595
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
596
|
+
|
|
597
|
+
/admin/privacy-requests/{requestId}/export:
|
|
598
|
+
post:
|
|
599
|
+
tags: [PrivacyRequests, PlatformAdmin]
|
|
600
|
+
summary: Generate a DSAR export bundle for a privacy request
|
|
601
|
+
operationId: adminExportPrivacyRequest
|
|
602
|
+
description: >
|
|
603
|
+
Assembles the subject's personal data across workspaces into a single JSON bundle for an
|
|
604
|
+
access or portability request, per the PII inventory scope. The subject is resolved by user
|
|
605
|
+
id or email. Blocked until identity is verified (`403 identity_not_verified`). Bundles larger
|
|
606
|
+
than the size cap return `413 export_too_large`; scope by workspace in that case. The bundle
|
|
607
|
+
is generated on demand and not persisted server-side.
|
|
608
|
+
|
|
609
|
+
**Authorization:** Bearer JWT required. Caller email must appear in `PLATFORM_ADMIN_EMAILS`.
|
|
610
|
+
parameters:
|
|
611
|
+
- $ref: "#/components/parameters/PrivacyRequestId"
|
|
612
|
+
responses:
|
|
613
|
+
"200":
|
|
614
|
+
description: DSAR export bundle (also offered as a file download via Content-Disposition).
|
|
615
|
+
content:
|
|
616
|
+
application/json:
|
|
617
|
+
schema:
|
|
618
|
+
$ref: "#/components/schemas/PrivacyRequestExportDto"
|
|
619
|
+
"401":
|
|
620
|
+
$ref: "#/components/responses/Unauthorized"
|
|
621
|
+
"403":
|
|
622
|
+
description: Caller is not a platform admin, or identity has not been verified.
|
|
623
|
+
content:
|
|
624
|
+
application/json:
|
|
625
|
+
schema:
|
|
626
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
627
|
+
example:
|
|
628
|
+
error: Identity must be verified before export
|
|
629
|
+
code: identity_not_verified
|
|
630
|
+
"404":
|
|
631
|
+
description: Request not found.
|
|
632
|
+
content:
|
|
633
|
+
application/json:
|
|
634
|
+
schema:
|
|
635
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
636
|
+
"413":
|
|
637
|
+
description: Export exceeds the size cap; scope the request by workspace.
|
|
638
|
+
content:
|
|
639
|
+
application/json:
|
|
640
|
+
schema:
|
|
641
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
642
|
+
example:
|
|
643
|
+
error: Export bundle is too large; scope by workspace
|
|
644
|
+
code: export_too_large
|
|
645
|
+
|
|
646
|
+
/admin/privacy-requests/{requestId}/fulfill/person-erasure:
|
|
647
|
+
post:
|
|
648
|
+
tags: [PrivacyRequests, PlatformAdmin]
|
|
649
|
+
summary: Fulfill an erasure request by erasing workspace person-level data
|
|
650
|
+
operationId: adminFulfillPrivacyRequestPersonErasure
|
|
651
|
+
description: >
|
|
652
|
+
Thin wrapper around workspace person-level insights erasure (#706) for privacy-request
|
|
653
|
+
fulfillment. Erases or anonymizes the subject's org-chart, AI-tool, dashboard, absence, and
|
|
654
|
+
readiness data in one workspace. Blocked until identity is verified. Records an audit event
|
|
655
|
+
on the privacy request with the categories erased.
|
|
656
|
+
|
|
657
|
+
**Authorization:** Bearer JWT required. Caller email must appear in `PLATFORM_ADMIN_EMAILS`.
|
|
658
|
+
parameters:
|
|
659
|
+
- $ref: "#/components/parameters/PrivacyRequestId"
|
|
660
|
+
requestBody:
|
|
661
|
+
required: true
|
|
662
|
+
content:
|
|
663
|
+
application/json:
|
|
664
|
+
schema:
|
|
665
|
+
$ref: "#/components/schemas/FulfillPersonErasureBodyDto"
|
|
666
|
+
responses:
|
|
667
|
+
"200":
|
|
668
|
+
description: Erasure result.
|
|
669
|
+
content:
|
|
670
|
+
application/json:
|
|
671
|
+
schema:
|
|
672
|
+
$ref: "#/components/schemas/PrivacyRequestPersonErasureResultDto"
|
|
673
|
+
"400":
|
|
674
|
+
description: Missing workspaceId/personId or invalid options.
|
|
675
|
+
content:
|
|
676
|
+
application/json:
|
|
677
|
+
schema:
|
|
678
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
679
|
+
"401":
|
|
680
|
+
$ref: "#/components/responses/Unauthorized"
|
|
681
|
+
"403":
|
|
682
|
+
description: Caller is not a platform admin, or identity has not been verified.
|
|
683
|
+
content:
|
|
684
|
+
application/json:
|
|
685
|
+
schema:
|
|
686
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
687
|
+
example:
|
|
688
|
+
error: Identity must be verified before erasure
|
|
689
|
+
code: identity_not_verified
|
|
690
|
+
"404":
|
|
691
|
+
description: Request not found, or person not found in the workspace org chart.
|
|
692
|
+
content:
|
|
693
|
+
application/json:
|
|
694
|
+
schema:
|
|
695
|
+
$ref: "#/components/schemas/ErrorMessageDto"
|
|
696
|
+
|
|
299
697
|
/me:
|
|
300
698
|
get:
|
|
301
699
|
tags: [Me]
|
|
@@ -1172,6 +1570,8 @@ paths:
|
|
|
1172
1570
|
parameters:
|
|
1173
1571
|
- $ref: "#/components/parameters/WorkspaceId"
|
|
1174
1572
|
- $ref: "#/components/parameters/InsightsProductivityRangeId"
|
|
1573
|
+
- $ref: "#/components/parameters/InsightsProductivityFrom"
|
|
1574
|
+
- $ref: "#/components/parameters/InsightsProductivityTo"
|
|
1175
1575
|
- $ref: "#/components/parameters/InsightsDepartmentFilter"
|
|
1176
1576
|
- name: team
|
|
1177
1577
|
in: query
|
|
@@ -1220,6 +1620,8 @@ paths:
|
|
|
1220
1620
|
parameters:
|
|
1221
1621
|
- $ref: "#/components/parameters/WorkspaceId"
|
|
1222
1622
|
- $ref: "#/components/parameters/InsightsProductivityRangeId"
|
|
1623
|
+
- $ref: "#/components/parameters/InsightsProductivityFrom"
|
|
1624
|
+
- $ref: "#/components/parameters/InsightsProductivityTo"
|
|
1223
1625
|
- $ref: "#/components/parameters/InsightsDepartmentFilter"
|
|
1224
1626
|
- name: team
|
|
1225
1627
|
in: query
|
|
@@ -1284,6 +1686,8 @@ paths:
|
|
|
1284
1686
|
maximum: 10
|
|
1285
1687
|
default: 3
|
|
1286
1688
|
- $ref: "#/components/parameters/InsightsProductivityRangeId"
|
|
1689
|
+
- $ref: "#/components/parameters/InsightsProductivityFrom"
|
|
1690
|
+
- $ref: "#/components/parameters/InsightsProductivityTo"
|
|
1287
1691
|
- $ref: "#/components/parameters/InsightsDepartmentFilter"
|
|
1288
1692
|
- name: team
|
|
1289
1693
|
in: query
|
|
@@ -1349,6 +1753,8 @@ paths:
|
|
|
1349
1753
|
schema:
|
|
1350
1754
|
type: string
|
|
1351
1755
|
- $ref: "#/components/parameters/InsightsProductivityRangeId"
|
|
1756
|
+
- $ref: "#/components/parameters/InsightsProductivityFrom"
|
|
1757
|
+
- $ref: "#/components/parameters/InsightsProductivityTo"
|
|
1352
1758
|
- $ref: "#/components/parameters/InsightsDepartmentFilter"
|
|
1353
1759
|
- name: team
|
|
1354
1760
|
in: query
|
|
@@ -1422,6 +1828,8 @@ paths:
|
|
|
1422
1828
|
maximum: 10
|
|
1423
1829
|
default: 3
|
|
1424
1830
|
- $ref: "#/components/parameters/InsightsProductivityRangeId"
|
|
1831
|
+
- $ref: "#/components/parameters/InsightsProductivityFrom"
|
|
1832
|
+
- $ref: "#/components/parameters/InsightsProductivityTo"
|
|
1425
1833
|
- $ref: "#/components/parameters/InsightsDepartmentFilter"
|
|
1426
1834
|
- name: team
|
|
1427
1835
|
in: query
|
|
@@ -5705,6 +6113,14 @@ components:
|
|
|
5705
6113
|
type: string
|
|
5706
6114
|
format: uuid
|
|
5707
6115
|
description: Workspace member user id (`tai_users.id`).
|
|
6116
|
+
PrivacyRequestId:
|
|
6117
|
+
name: requestId
|
|
6118
|
+
in: path
|
|
6119
|
+
required: true
|
|
6120
|
+
schema:
|
|
6121
|
+
type: string
|
|
6122
|
+
format: uuid
|
|
6123
|
+
description: Privacy request id (`tai_privacy_requests.id`).
|
|
5708
6124
|
FixId:
|
|
5709
6125
|
name: fixId
|
|
5710
6126
|
in: path
|
|
@@ -5716,12 +6132,30 @@ components:
|
|
|
5716
6132
|
name: rangeId
|
|
5717
6133
|
in: query
|
|
5718
6134
|
description: >
|
|
5719
|
-
Productivity insights time range
|
|
5720
|
-
|
|
6135
|
+
Productivity insights time range. Daily windows: `7d`, `30d`, `90d`, `180d`, or custom
|
|
6136
|
+
`cr:YYYY-MM-DD:YYYY-MM-DD`. Weekly legacy: `4w`, `8w`, `q` (12 weeks), `12w`, `16w`.
|
|
6137
|
+
Omit when using explicit `from`/`to` day bounds.
|
|
5721
6138
|
schema:
|
|
5722
6139
|
type: string
|
|
5723
|
-
enum: [4w, 8w, q, 12w, 16w]
|
|
5724
6140
|
default: 4w
|
|
6141
|
+
InsightsProductivityFrom:
|
|
6142
|
+
name: from
|
|
6143
|
+
in: query
|
|
6144
|
+
description: >
|
|
6145
|
+
Inclusive start of a daily window (`YYYY-MM-DD`). When set with `to`, overrides `rangeId`
|
|
6146
|
+
for day-mode responses (max 180 days).
|
|
6147
|
+
schema:
|
|
6148
|
+
type: string
|
|
6149
|
+
format: date
|
|
6150
|
+
InsightsProductivityTo:
|
|
6151
|
+
name: to
|
|
6152
|
+
in: query
|
|
6153
|
+
description: >
|
|
6154
|
+
Inclusive end of a daily window (`YYYY-MM-DD`). When set with `from`, overrides `rangeId`
|
|
6155
|
+
for day-mode responses (max 180 days).
|
|
6156
|
+
schema:
|
|
6157
|
+
type: string
|
|
6158
|
+
format: date
|
|
5725
6159
|
InsightsDepartmentFilter:
|
|
5726
6160
|
name: department
|
|
5727
6161
|
in: query
|
|
@@ -6687,6 +7121,32 @@ components:
|
|
|
6687
7121
|
type: string
|
|
6688
7122
|
description: Applied team name filter from the Measure UI.
|
|
6689
7123
|
|
|
7124
|
+
ProductivityInsightsGranularity:
|
|
7125
|
+
type: string
|
|
7126
|
+
enum: [day, week]
|
|
7127
|
+
description: >
|
|
7128
|
+
Echo of the resolved time bucket for this response. `day` when the request used an
|
|
7129
|
+
`Nd`/`cr:`/`from`+`to` window; `week` for legacy weekly rangeIds or `year` heatmap mode.
|
|
7130
|
+
|
|
7131
|
+
ProductivityInsightsDailyBucketDto:
|
|
7132
|
+
type: object
|
|
7133
|
+
additionalProperties: false
|
|
7134
|
+
required: [date, mergedPrCount]
|
|
7135
|
+
properties:
|
|
7136
|
+
date:
|
|
7137
|
+
type: string
|
|
7138
|
+
format: date
|
|
7139
|
+
description: UTC calendar day (`YYYY-MM-DD`).
|
|
7140
|
+
mergedPrCount:
|
|
7141
|
+
type: number
|
|
7142
|
+
minimum: 0
|
|
7143
|
+
ciFailuresCount:
|
|
7144
|
+
type: integer
|
|
7145
|
+
minimum: 0
|
|
7146
|
+
description: >
|
|
7147
|
+
GitHub Actions CI build failures on this day from `ciFailureRuns` ledger when CI
|
|
7148
|
+
ingest is enabled.
|
|
7149
|
+
|
|
6690
7150
|
ProductivityInsightsAggregatedTeamWeekDto:
|
|
6691
7151
|
type: object
|
|
6692
7152
|
additionalProperties: false
|
|
@@ -6734,7 +7194,7 @@ components:
|
|
|
6734
7194
|
ProductivityInsightsAggregatedTeamRowDto:
|
|
6735
7195
|
type: object
|
|
6736
7196
|
additionalProperties: false
|
|
6737
|
-
required: [teamId, teamName, headcount
|
|
7197
|
+
required: [teamId, teamName, headcount]
|
|
6738
7198
|
properties:
|
|
6739
7199
|
teamId:
|
|
6740
7200
|
type: string
|
|
@@ -6748,6 +7208,11 @@ components:
|
|
|
6748
7208
|
notInOrgChart:
|
|
6749
7209
|
type: boolean
|
|
6750
7210
|
description: True when the team aggregates GitHub logins not mapped in the org chart (`teamId` `__other`).
|
|
7211
|
+
days:
|
|
7212
|
+
type: array
|
|
7213
|
+
description: Present in day-mode responses — daily merged PR and CI failure counts.
|
|
7214
|
+
items:
|
|
7215
|
+
$ref: "#/components/schemas/ProductivityInsightsDailyBucketDto"
|
|
6751
7216
|
weeks:
|
|
6752
7217
|
type: array
|
|
6753
7218
|
items:
|
|
@@ -6755,9 +7220,9 @@ components:
|
|
|
6755
7220
|
|
|
6756
7221
|
ProductivityInsightsRangeId:
|
|
6757
7222
|
type: string
|
|
6758
|
-
enum: [4w, 8w, q, 12w, 16w]
|
|
6759
7223
|
description: >
|
|
6760
|
-
|
|
7224
|
+
Daily windows: `7d`, `30d`, `90d`, `180d`, or custom `cr:YYYY-MM-DD:YYYY-MM-DD`.
|
|
7225
|
+
Weekly legacy: `4w`, `8w`, `q` (12 weeks), `12w`, `16w`.
|
|
6761
7226
|
|
|
6762
7227
|
ProductivityInsightsAggregatedTeamsDto:
|
|
6763
7228
|
type: object
|
|
@@ -6769,6 +7234,16 @@ components:
|
|
|
6769
7234
|
format: uuid
|
|
6770
7235
|
range:
|
|
6771
7236
|
$ref: "#/components/schemas/ProductivityInsightsRangeId"
|
|
7237
|
+
granularity:
|
|
7238
|
+
$ref: "#/components/schemas/ProductivityInsightsGranularity"
|
|
7239
|
+
from:
|
|
7240
|
+
type: string
|
|
7241
|
+
format: date
|
|
7242
|
+
description: Inclusive start day when `granularity` is `day`.
|
|
7243
|
+
to:
|
|
7244
|
+
type: string
|
|
7245
|
+
format: date
|
|
7246
|
+
description: Inclusive end day when `granularity` is `day`.
|
|
6772
7247
|
scope:
|
|
6773
7248
|
$ref: "#/components/schemas/ProductivityInsightsAggregatedTeamsScopeDto"
|
|
6774
7249
|
generatedAt:
|
|
@@ -6802,7 +7277,7 @@ components:
|
|
|
6802
7277
|
ProductivityInsightsMergedPrContributorRowDto:
|
|
6803
7278
|
type: object
|
|
6804
7279
|
additionalProperties: false
|
|
6805
|
-
required: [personId, personName
|
|
7280
|
+
required: [personId, personName]
|
|
6806
7281
|
properties:
|
|
6807
7282
|
personId:
|
|
6808
7283
|
type: string
|
|
@@ -6820,6 +7295,11 @@ components:
|
|
|
6820
7295
|
githubLogin:
|
|
6821
7296
|
type: string
|
|
6822
7297
|
description: GitHub login for unattributed contributors (when notInOrgChart is true).
|
|
7298
|
+
days:
|
|
7299
|
+
type: array
|
|
7300
|
+
description: Present in day-mode responses — daily merged PR counts per contributor.
|
|
7301
|
+
items:
|
|
7302
|
+
$ref: "#/components/schemas/ProductivityInsightsDailyBucketDto"
|
|
6823
7303
|
weeks:
|
|
6824
7304
|
type: array
|
|
6825
7305
|
items:
|
|
@@ -6828,23 +7308,40 @@ components:
|
|
|
6828
7308
|
ProductivityInsightsMergedPrTrendsDto:
|
|
6829
7309
|
type: object
|
|
6830
7310
|
additionalProperties: false
|
|
6831
|
-
required: [workspaceId, range, scope, generatedAt,
|
|
7311
|
+
required: [workspaceId, range, scope, generatedAt, contributors]
|
|
6832
7312
|
properties:
|
|
6833
7313
|
workspaceId:
|
|
6834
7314
|
type: string
|
|
6835
7315
|
format: uuid
|
|
6836
7316
|
range:
|
|
6837
7317
|
$ref: "#/components/schemas/ProductivityInsightsRangeId"
|
|
7318
|
+
granularity:
|
|
7319
|
+
$ref: "#/components/schemas/ProductivityInsightsGranularity"
|
|
7320
|
+
from:
|
|
7321
|
+
type: string
|
|
7322
|
+
format: date
|
|
7323
|
+
description: Inclusive start day when `granularity` is `day`.
|
|
7324
|
+
to:
|
|
7325
|
+
type: string
|
|
7326
|
+
format: date
|
|
7327
|
+
description: Inclusive end day when `granularity` is `day`.
|
|
6838
7328
|
scope:
|
|
6839
7329
|
$ref: "#/components/schemas/ProductivityInsightsAggregatedTeamsScopeDto"
|
|
6840
7330
|
generatedAt:
|
|
6841
7331
|
type: string
|
|
6842
7332
|
format: date-time
|
|
7333
|
+
days:
|
|
7334
|
+
type: array
|
|
7335
|
+
description: >-
|
|
7336
|
+
Portfolio daily merged PR series in day mode (max of contributor sum and org ledger).
|
|
7337
|
+
items:
|
|
7338
|
+
$ref: "#/components/schemas/ProductivityInsightsDailyBucketDto"
|
|
6843
7339
|
weeks:
|
|
6844
7340
|
type: array
|
|
6845
7341
|
description: >-
|
|
6846
7342
|
Sum of contributor weekly merged PR counts (matches the contributors table).
|
|
6847
7343
|
Not deduplicated org-wide unique PRs when the same PR appears on multiple rows.
|
|
7344
|
+
Present in week-mode responses.
|
|
6848
7345
|
items:
|
|
6849
7346
|
$ref: "#/components/schemas/ProductivityInsightsMergedPrTrendWeekDto"
|
|
6850
7347
|
contributors:
|
|
@@ -6901,7 +7398,7 @@ components:
|
|
|
6901
7398
|
ProductivityInsightsTeamDetailDto:
|
|
6902
7399
|
type: object
|
|
6903
7400
|
additionalProperties: false
|
|
6904
|
-
required: [teamId, teamName, headcount,
|
|
7401
|
+
required: [teamId, teamName, headcount, summary]
|
|
6905
7402
|
properties:
|
|
6906
7403
|
teamId:
|
|
6907
7404
|
type: string
|
|
@@ -6920,6 +7417,13 @@ components:
|
|
|
6920
7417
|
minimum: 2000
|
|
6921
7418
|
maximum: 2100
|
|
6922
7419
|
description: Present when the request included `year` — calendar-year heatmap mode.
|
|
7420
|
+
days:
|
|
7421
|
+
type: array
|
|
7422
|
+
description: >-
|
|
7423
|
+
Daily merged PR and CI failure counts for the selected period when `granularity` is
|
|
7424
|
+
`day` (not present in `year` heatmap mode).
|
|
7425
|
+
items:
|
|
7426
|
+
$ref: "#/components/schemas/ProductivityInsightsDailyBucketDto"
|
|
6923
7427
|
heatmapWeeks:
|
|
6924
7428
|
type: array
|
|
6925
7429
|
description: >-
|
|
@@ -6953,6 +7457,16 @@ components:
|
|
|
6953
7457
|
format: uuid
|
|
6954
7458
|
range:
|
|
6955
7459
|
$ref: "#/components/schemas/ProductivityInsightsRangeId"
|
|
7460
|
+
granularity:
|
|
7461
|
+
$ref: "#/components/schemas/ProductivityInsightsGranularity"
|
|
7462
|
+
from:
|
|
7463
|
+
type: string
|
|
7464
|
+
format: date
|
|
7465
|
+
description: Inclusive start day when `granularity` is `day`.
|
|
7466
|
+
to:
|
|
7467
|
+
type: string
|
|
7468
|
+
format: date
|
|
7469
|
+
description: Inclusive end day when `granularity` is `day`.
|
|
6956
7470
|
year:
|
|
6957
7471
|
type: integer
|
|
6958
7472
|
minimum: 2000
|
|
@@ -7139,7 +7653,6 @@ components:
|
|
|
7139
7653
|
- scope
|
|
7140
7654
|
- generatedAt
|
|
7141
7655
|
- contributor
|
|
7142
|
-
- weeks
|
|
7143
7656
|
- summary
|
|
7144
7657
|
properties:
|
|
7145
7658
|
workspaceId:
|
|
@@ -7149,6 +7662,16 @@ components:
|
|
|
7149
7662
|
type: string
|
|
7150
7663
|
range:
|
|
7151
7664
|
$ref: "#/components/schemas/ProductivityInsightsRangeId"
|
|
7665
|
+
granularity:
|
|
7666
|
+
$ref: "#/components/schemas/ProductivityInsightsGranularity"
|
|
7667
|
+
from:
|
|
7668
|
+
type: string
|
|
7669
|
+
format: date
|
|
7670
|
+
description: Inclusive start day when `granularity` is `day`.
|
|
7671
|
+
to:
|
|
7672
|
+
type: string
|
|
7673
|
+
format: date
|
|
7674
|
+
description: Inclusive end day when `granularity` is `day`.
|
|
7152
7675
|
year:
|
|
7153
7676
|
type: integer
|
|
7154
7677
|
minimum: 2000
|
|
@@ -7164,6 +7687,13 @@ components:
|
|
|
7164
7687
|
description: True when the workspace has opted in to GitHub Actions CI ingest.
|
|
7165
7688
|
contributor:
|
|
7166
7689
|
$ref: "#/components/schemas/ProductivityInsightsContributorProfileDto"
|
|
7690
|
+
days:
|
|
7691
|
+
type: array
|
|
7692
|
+
description: >-
|
|
7693
|
+
Daily merged PR and CI failure counts for the selected period when `granularity` is
|
|
7694
|
+
`day` (not present in `year` heatmap mode).
|
|
7695
|
+
items:
|
|
7696
|
+
$ref: "#/components/schemas/ProductivityInsightsDailyBucketDto"
|
|
7167
7697
|
weeks:
|
|
7168
7698
|
type: array
|
|
7169
7699
|
items:
|
|
@@ -7212,6 +7742,16 @@ components:
|
|
|
7212
7742
|
format: uuid
|
|
7213
7743
|
range:
|
|
7214
7744
|
$ref: "#/components/schemas/ProductivityInsightsRangeId"
|
|
7745
|
+
granularity:
|
|
7746
|
+
$ref: "#/components/schemas/ProductivityInsightsGranularity"
|
|
7747
|
+
from:
|
|
7748
|
+
type: string
|
|
7749
|
+
format: date
|
|
7750
|
+
description: Inclusive start day when `granularity` is `day`.
|
|
7751
|
+
to:
|
|
7752
|
+
type: string
|
|
7753
|
+
format: date
|
|
7754
|
+
description: Inclusive end day when `granularity` is `day`.
|
|
7215
7755
|
scope:
|
|
7216
7756
|
$ref: "#/components/schemas/ProductivityInsightsAggregatedTeamsScopeDto"
|
|
7217
7757
|
entityType:
|
|
@@ -7977,6 +8517,12 @@ components:
|
|
|
7977
8517
|
defaultWorkspaceId:
|
|
7978
8518
|
type: string
|
|
7979
8519
|
nullable: true
|
|
8520
|
+
isPlatformAdmin:
|
|
8521
|
+
type: boolean
|
|
8522
|
+
description: >
|
|
8523
|
+
True when the caller's email is on the `PLATFORM_ADMIN_EMAILS` allowlist. Lets the
|
|
8524
|
+
frontend gate platform-admin surfaces (e.g. the privacy-request queue) without
|
|
8525
|
+
duplicating the allowlist client-side.
|
|
7980
8526
|
|
|
7981
8527
|
UpdateMeBodyDto:
|
|
7982
8528
|
type: object
|
|
@@ -8000,6 +8546,341 @@ components:
|
|
|
8000
8546
|
Must match the authenticated user's email (case-insensitive). Acts as
|
|
8001
8547
|
a type-to-confirm guard against accidental deletion.
|
|
8002
8548
|
|
|
8549
|
+
PrivacyRequestType:
|
|
8550
|
+
type: string
|
|
8551
|
+
enum: [access, erasure, portability, rectification, restriction, objection]
|
|
8552
|
+
description: Data subject right being exercised (GDPR Arts. 15–21 / UAE PDPL).
|
|
8553
|
+
|
|
8554
|
+
PrivacyRequestStatus:
|
|
8555
|
+
type: string
|
|
8556
|
+
enum: [pending, in_progress, completed, rejected]
|
|
8557
|
+
description: Workflow status of a privacy request.
|
|
8558
|
+
|
|
8559
|
+
PrivacyRequestIntakeChannel:
|
|
8560
|
+
type: string
|
|
8561
|
+
enum: [public, authenticated, workspace_admin]
|
|
8562
|
+
description: How the request was submitted.
|
|
8563
|
+
|
|
8564
|
+
CreatePrivacyRequestBodyDto:
|
|
8565
|
+
type: object
|
|
8566
|
+
required: [email, requestType]
|
|
8567
|
+
properties:
|
|
8568
|
+
email:
|
|
8569
|
+
type: string
|
|
8570
|
+
format: email
|
|
8571
|
+
description: Subject's email address.
|
|
8572
|
+
requestType:
|
|
8573
|
+
$ref: "#/components/schemas/PrivacyRequestType"
|
|
8574
|
+
details:
|
|
8575
|
+
type: string
|
|
8576
|
+
maxLength: 4000
|
|
8577
|
+
description: Optional free-text description of the request (max 4000 chars).
|
|
8578
|
+
workspaceHint:
|
|
8579
|
+
type: string
|
|
8580
|
+
maxLength: 200
|
|
8581
|
+
description: >
|
|
8582
|
+
Optional free-text hint (e.g. company or workspace name) to help privacy ops locate the
|
|
8583
|
+
subject. Never bound to a workspace id on the public channel.
|
|
8584
|
+
companyWebsite:
|
|
8585
|
+
type: string
|
|
8586
|
+
description: >
|
|
8587
|
+
Honeypot field. Must be left empty by real clients; non-empty submissions are silently
|
|
8588
|
+
accepted but not persisted. Rendered hidden in the UI.
|
|
8589
|
+
|
|
8590
|
+
CreateMyPrivacyRequestBodyDto:
|
|
8591
|
+
type: object
|
|
8592
|
+
required: [requestType]
|
|
8593
|
+
properties:
|
|
8594
|
+
requestType:
|
|
8595
|
+
$ref: "#/components/schemas/PrivacyRequestType"
|
|
8596
|
+
details:
|
|
8597
|
+
type: string
|
|
8598
|
+
maxLength: 4000
|
|
8599
|
+
email:
|
|
8600
|
+
type: string
|
|
8601
|
+
format: email
|
|
8602
|
+
description: >
|
|
8603
|
+
Optional. If provided it must match the caller's own email; a differing value is
|
|
8604
|
+
rejected with `400 email_override_rejected`.
|
|
8605
|
+
|
|
8606
|
+
CreateWorkspacePrivacyRequestBodyDto:
|
|
8607
|
+
type: object
|
|
8608
|
+
required: [subjectEmail, requestType]
|
|
8609
|
+
properties:
|
|
8610
|
+
subjectEmail:
|
|
8611
|
+
type: string
|
|
8612
|
+
format: email
|
|
8613
|
+
description: Email of the workspace member the request is raised on behalf of.
|
|
8614
|
+
requestType:
|
|
8615
|
+
$ref: "#/components/schemas/PrivacyRequestType"
|
|
8616
|
+
details:
|
|
8617
|
+
type: string
|
|
8618
|
+
maxLength: 4000
|
|
8619
|
+
|
|
8620
|
+
CreatePrivacyRequestResultDto:
|
|
8621
|
+
type: object
|
|
8622
|
+
required: [referenceCode, requestType, status, slaDueAt]
|
|
8623
|
+
properties:
|
|
8624
|
+
referenceCode:
|
|
8625
|
+
type: string
|
|
8626
|
+
description: Human-friendly tracking code (e.g. `PR-2026-00042`).
|
|
8627
|
+
requestType:
|
|
8628
|
+
$ref: "#/components/schemas/PrivacyRequestType"
|
|
8629
|
+
status:
|
|
8630
|
+
$ref: "#/components/schemas/PrivacyRequestStatus"
|
|
8631
|
+
slaDueAt:
|
|
8632
|
+
type: string
|
|
8633
|
+
format: date-time
|
|
8634
|
+
description: When the request should be resolved by (default 30 days from submission).
|
|
8635
|
+
|
|
8636
|
+
MyPrivacyRequestSummaryDto:
|
|
8637
|
+
type: object
|
|
8638
|
+
required: [referenceCode, requestType, status, createdAt, slaDueAt]
|
|
8639
|
+
properties:
|
|
8640
|
+
referenceCode:
|
|
8641
|
+
type: string
|
|
8642
|
+
requestType:
|
|
8643
|
+
$ref: "#/components/schemas/PrivacyRequestType"
|
|
8644
|
+
status:
|
|
8645
|
+
$ref: "#/components/schemas/PrivacyRequestStatus"
|
|
8646
|
+
createdAt:
|
|
8647
|
+
type: string
|
|
8648
|
+
format: date-time
|
|
8649
|
+
slaDueAt:
|
|
8650
|
+
type: string
|
|
8651
|
+
format: date-time
|
|
8652
|
+
completedAt:
|
|
8653
|
+
type: string
|
|
8654
|
+
format: date-time
|
|
8655
|
+
nullable: true
|
|
8656
|
+
|
|
8657
|
+
MyPrivacyRequestListDto:
|
|
8658
|
+
type: object
|
|
8659
|
+
required: [requests]
|
|
8660
|
+
properties:
|
|
8661
|
+
requests:
|
|
8662
|
+
type: array
|
|
8663
|
+
items:
|
|
8664
|
+
$ref: "#/components/schemas/MyPrivacyRequestSummaryDto"
|
|
8665
|
+
|
|
8666
|
+
PrivacyRequestDto:
|
|
8667
|
+
type: object
|
|
8668
|
+
required:
|
|
8669
|
+
[id, referenceCode, requestType, status, intakeChannel, subjectEmail, createdAt, updatedAt, slaDueAt]
|
|
8670
|
+
properties:
|
|
8671
|
+
id:
|
|
8672
|
+
type: string
|
|
8673
|
+
format: uuid
|
|
8674
|
+
referenceCode:
|
|
8675
|
+
type: string
|
|
8676
|
+
requestType:
|
|
8677
|
+
$ref: "#/components/schemas/PrivacyRequestType"
|
|
8678
|
+
status:
|
|
8679
|
+
$ref: "#/components/schemas/PrivacyRequestStatus"
|
|
8680
|
+
intakeChannel:
|
|
8681
|
+
$ref: "#/components/schemas/PrivacyRequestIntakeChannel"
|
|
8682
|
+
subjectEmail:
|
|
8683
|
+
type: string
|
|
8684
|
+
subjectUserId:
|
|
8685
|
+
type: string
|
|
8686
|
+
format: uuid
|
|
8687
|
+
nullable: true
|
|
8688
|
+
workspaceId:
|
|
8689
|
+
type: string
|
|
8690
|
+
format: uuid
|
|
8691
|
+
nullable: true
|
|
8692
|
+
description: Set only for workspace-admin (B2B) submissions.
|
|
8693
|
+
subjectWorkspaceHint:
|
|
8694
|
+
type: string
|
|
8695
|
+
nullable: true
|
|
8696
|
+
requestedByUserId:
|
|
8697
|
+
type: string
|
|
8698
|
+
format: uuid
|
|
8699
|
+
nullable: true
|
|
8700
|
+
details:
|
|
8701
|
+
type: string
|
|
8702
|
+
nullable: true
|
|
8703
|
+
internalNotes:
|
|
8704
|
+
type: string
|
|
8705
|
+
nullable: true
|
|
8706
|
+
assignedTo:
|
|
8707
|
+
type: string
|
|
8708
|
+
nullable: true
|
|
8709
|
+
identityVerifiedAt:
|
|
8710
|
+
type: string
|
|
8711
|
+
format: date-time
|
|
8712
|
+
nullable: true
|
|
8713
|
+
verifiedBy:
|
|
8714
|
+
type: string
|
|
8715
|
+
nullable: true
|
|
8716
|
+
fulfillmentAction:
|
|
8717
|
+
type: string
|
|
8718
|
+
nullable: true
|
|
8719
|
+
fulfillmentRef:
|
|
8720
|
+
type: string
|
|
8721
|
+
nullable: true
|
|
8722
|
+
slaDueAt:
|
|
8723
|
+
type: string
|
|
8724
|
+
format: date-time
|
|
8725
|
+
completedAt:
|
|
8726
|
+
type: string
|
|
8727
|
+
format: date-time
|
|
8728
|
+
nullable: true
|
|
8729
|
+
createdAt:
|
|
8730
|
+
type: string
|
|
8731
|
+
format: date-time
|
|
8732
|
+
updatedAt:
|
|
8733
|
+
type: string
|
|
8734
|
+
format: date-time
|
|
8735
|
+
overdue:
|
|
8736
|
+
type: boolean
|
|
8737
|
+
description: True when the SLA due date has passed and the request is not completed/rejected.
|
|
8738
|
+
|
|
8739
|
+
PrivacyRequestEventDto:
|
|
8740
|
+
type: object
|
|
8741
|
+
required: [id, eventType, createdAt]
|
|
8742
|
+
properties:
|
|
8743
|
+
id:
|
|
8744
|
+
type: string
|
|
8745
|
+
format: uuid
|
|
8746
|
+
eventType:
|
|
8747
|
+
type: string
|
|
8748
|
+
enum:
|
|
8749
|
+
[submitted, identity_verified, status_changed, assigned, export_generated, fulfillment_noted, duplicate_rejected]
|
|
8750
|
+
actorEmail:
|
|
8751
|
+
type: string
|
|
8752
|
+
nullable: true
|
|
8753
|
+
payload:
|
|
8754
|
+
type: object
|
|
8755
|
+
additionalProperties: true
|
|
8756
|
+
nullable: true
|
|
8757
|
+
createdAt:
|
|
8758
|
+
type: string
|
|
8759
|
+
format: date-time
|
|
8760
|
+
|
|
8761
|
+
PrivacyRequestDetailDto:
|
|
8762
|
+
type: object
|
|
8763
|
+
required: [request, events]
|
|
8764
|
+
properties:
|
|
8765
|
+
request:
|
|
8766
|
+
$ref: "#/components/schemas/PrivacyRequestDto"
|
|
8767
|
+
events:
|
|
8768
|
+
type: array
|
|
8769
|
+
items:
|
|
8770
|
+
$ref: "#/components/schemas/PrivacyRequestEventDto"
|
|
8771
|
+
|
|
8772
|
+
PrivacyRequestListDto:
|
|
8773
|
+
type: object
|
|
8774
|
+
required: [requests]
|
|
8775
|
+
properties:
|
|
8776
|
+
requests:
|
|
8777
|
+
type: array
|
|
8778
|
+
items:
|
|
8779
|
+
$ref: "#/components/schemas/PrivacyRequestDto"
|
|
8780
|
+
|
|
8781
|
+
UpdatePrivacyRequestBodyDto:
|
|
8782
|
+
type: object
|
|
8783
|
+
properties:
|
|
8784
|
+
status:
|
|
8785
|
+
$ref: "#/components/schemas/PrivacyRequestStatus"
|
|
8786
|
+
assignedTo:
|
|
8787
|
+
type: string
|
|
8788
|
+
nullable: true
|
|
8789
|
+
internalNotes:
|
|
8790
|
+
type: string
|
|
8791
|
+
nullable: true
|
|
8792
|
+
markIdentityVerified:
|
|
8793
|
+
type: boolean
|
|
8794
|
+
description: When true, records the caller as the verifier and unlocks export/erasure.
|
|
8795
|
+
fulfillmentAction:
|
|
8796
|
+
type: string
|
|
8797
|
+
description: Short label for how the request was fulfilled (required when completing).
|
|
8798
|
+
fulfillmentRef:
|
|
8799
|
+
type: string
|
|
8800
|
+
description: Reference to the fulfillment artifact (e.g. deletion job id; required when completing).
|
|
8801
|
+
|
|
8802
|
+
FulfillPersonErasureBodyDto:
|
|
8803
|
+
type: object
|
|
8804
|
+
required: [workspaceId, personId]
|
|
8805
|
+
properties:
|
|
8806
|
+
workspaceId:
|
|
8807
|
+
type: string
|
|
8808
|
+
format: uuid
|
|
8809
|
+
personId:
|
|
8810
|
+
type: string
|
|
8811
|
+
description: Org-chart person id (usually the subject's email) within the workspace.
|
|
8812
|
+
orgChart:
|
|
8813
|
+
type: boolean
|
|
8814
|
+
dashboardMetrics:
|
|
8815
|
+
type: boolean
|
|
8816
|
+
aiToolData:
|
|
8817
|
+
type: boolean
|
|
8818
|
+
absences:
|
|
8819
|
+
type: boolean
|
|
8820
|
+
readinessAnonymize:
|
|
8821
|
+
type: boolean
|
|
8822
|
+
|
|
8823
|
+
PrivacyRequestPersonErasureResultDto:
|
|
8824
|
+
type: object
|
|
8825
|
+
required: [deleted]
|
|
8826
|
+
properties:
|
|
8827
|
+
deleted:
|
|
8828
|
+
type: boolean
|
|
8829
|
+
aiToolRowsDeleted:
|
|
8830
|
+
type: integer
|
|
8831
|
+
absencesDeleted:
|
|
8832
|
+
type: integer
|
|
8833
|
+
readinessRunsAnonymized:
|
|
8834
|
+
type: integer
|
|
8835
|
+
auditEntriesAnonymized:
|
|
8836
|
+
type: integer
|
|
8837
|
+
|
|
8838
|
+
PrivacyRequestExportDto:
|
|
8839
|
+
type: object
|
|
8840
|
+
required: [metadata, subject]
|
|
8841
|
+
description: >
|
|
8842
|
+
DSAR export bundle assembled on demand for an access/portability request. `sections` holds
|
|
8843
|
+
the subject's data grouped by source; shapes vary by section, so values are opaque objects.
|
|
8844
|
+
properties:
|
|
8845
|
+
metadata:
|
|
8846
|
+
type: object
|
|
8847
|
+
required: [referenceCode, generatedAt, subjectEmail]
|
|
8848
|
+
properties:
|
|
8849
|
+
referenceCode:
|
|
8850
|
+
type: string
|
|
8851
|
+
generatedAt:
|
|
8852
|
+
type: string
|
|
8853
|
+
format: date-time
|
|
8854
|
+
subjectEmail:
|
|
8855
|
+
type: string
|
|
8856
|
+
subjectUserId:
|
|
8857
|
+
type: string
|
|
8858
|
+
nullable: true
|
|
8859
|
+
workspaceCount:
|
|
8860
|
+
type: integer
|
|
8861
|
+
excluded:
|
|
8862
|
+
type: array
|
|
8863
|
+
items:
|
|
8864
|
+
type: string
|
|
8865
|
+
description: Data categories intentionally excluded from the bundle.
|
|
8866
|
+
readinessRedaction:
|
|
8867
|
+
type: string
|
|
8868
|
+
description: Redaction policy applied to readiness runs (e.g. `requester_runs_only`).
|
|
8869
|
+
subject:
|
|
8870
|
+
type: object
|
|
8871
|
+
additionalProperties: true
|
|
8872
|
+
description: Profile and consent records for the subject.
|
|
8873
|
+
sections:
|
|
8874
|
+
type: object
|
|
8875
|
+
additionalProperties: true
|
|
8876
|
+
description: Per-source personal data (memberships, AI-tool, dashboard, absences, org chart, activity).
|
|
8877
|
+
residualPersonData:
|
|
8878
|
+
type: array
|
|
8879
|
+
items:
|
|
8880
|
+
type: object
|
|
8881
|
+
additionalProperties: true
|
|
8882
|
+
description: Workspaces where person-keyed rows exist but the subject has no membership (#269).
|
|
8883
|
+
|
|
8003
8884
|
WorkspaceSummaryDto:
|
|
8004
8885
|
type: object
|
|
8005
8886
|
required: [id, slug, name, status, role]
|