@wspc/cli 0.0.4 → 0.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/cli.js +415 -75
  2. package/dist/cli.js.map +1 -1
  3. package/dist/index.d.ts +3 -27
  4. package/dist/index.js +4 -4
  5. package/dist/index.js.map +1 -1
  6. package/package.json +1 -1
  7. package/spec/openapi.json +1704 -1450
package/spec/openapi.json CHANGED
@@ -5,6 +5,11 @@
5
5
  "version": "0.1.0",
6
6
  "description": "Merged OpenAPI document covering every wspc worker (auth, todo, calendar, email, push). For per-domain browsing use api.wspc.ai/<domain>/docs."
7
7
  },
8
+ "servers": [
9
+ {
10
+ "url": "https://api.wspc.ai"
11
+ }
12
+ ],
8
13
  "components": {
9
14
  "securitySchemes": {
10
15
  "bearerAuth": {
@@ -127,6 +132,7 @@
127
132
  },
128
133
  "name": {
129
134
  "type": "string",
135
+ "maxLength": 100,
130
136
  "description": "Human-readable organization name shown in dashboards and headers. Defaults to the owner's display name at signup; changeable via future org-admin endpoints."
131
137
  },
132
138
  "created_at": {
@@ -640,6 +646,64 @@
640
646
  "scope"
641
647
  ]
642
648
  },
649
+ "UpdateApiKeyBody": {
650
+ "type": "object",
651
+ "properties": {
652
+ "label": {
653
+ "type": "string",
654
+ "minLength": 1,
655
+ "maxLength": 60,
656
+ "description": "Human-readable label for the key (1–60 chars after trimming)."
657
+ }
658
+ },
659
+ "required": [
660
+ "label"
661
+ ]
662
+ },
663
+ "UpdateApiKeyResponse": {
664
+ "type": "object",
665
+ "properties": {
666
+ "id": {
667
+ "type": "string",
668
+ "description": "Stable API key id (`key_<ULID>`). Use this id to revoke the key via `DELETE /auth/keys/{id}`. The full plaintext key is never returned here — only at create time."
669
+ },
670
+ "label": {
671
+ "type": "string",
672
+ "description": "Caller-supplied label for distinguishing keys (e.g. machine, agent, or environment). Trimmed and validated to 1–60 chars at create time. Update support is not yet provided — pick a meaningful label up front."
673
+ },
674
+ "key_last4": {
675
+ "type": "string",
676
+ "description": "Last 4 characters of the plaintext key. Lets the user identify a key in lists without exposing the secret. Absent on legacy rows created before this field was tracked."
677
+ },
678
+ "created_at": {
679
+ "type": "number",
680
+ "description": "Unix epoch in milliseconds at which the key was created."
681
+ },
682
+ "last_used_at": {
683
+ "type": "number",
684
+ "description": "Unix epoch in milliseconds of the most recent successful authentication with this key. Absent if the key has never been used. Useful for spotting keys safe to revoke."
685
+ }
686
+ },
687
+ "required": [
688
+ "id",
689
+ "label",
690
+ "created_at"
691
+ ]
692
+ },
693
+ "UpdateOrgInput": {
694
+ "type": "object",
695
+ "properties": {
696
+ "name": {
697
+ "type": "string",
698
+ "minLength": 1,
699
+ "maxLength": 100,
700
+ "description": "The new name for the organization. Cannot be empty or purely whitespace."
701
+ }
702
+ },
703
+ "required": [
704
+ "name"
705
+ ]
706
+ },
643
707
  "VerifyCodeBody": {
644
708
  "type": "object",
645
709
  "properties": {
@@ -685,10 +749,12 @@
685
749
  "title": {
686
750
  "type": "string",
687
751
  "minLength": 1,
752
+ "maxLength": 500,
688
753
  "description": "Short human-readable summary of the event. Shown in list views and `.ics` SUMMARY."
689
754
  },
690
755
  "description": {
691
756
  "type": "string",
757
+ "maxLength": 10000,
692
758
  "description": "Free-form notes about the event (agenda, dial-in instructions, etc.). Markdown formatted (CommonMark + GFM tables, strikethrough, task lists); stored verbatim. Invitation emails include the raw source — most email clients display it as plain text."
693
759
  },
694
760
  "start": {
@@ -701,6 +767,7 @@
701
767
  },
702
768
  "location": {
703
769
  "type": "string",
770
+ "maxLength": 10000,
704
771
  "description": "Free-text location — physical address, room, or short note. Separate from `url` (meeting link)."
705
772
  },
706
773
  "url": {
@@ -958,10 +1025,12 @@
958
1025
  "title": {
959
1026
  "type": "string",
960
1027
  "minLength": 1,
1028
+ "maxLength": 500,
961
1029
  "description": "New event title. Omit to leave unchanged."
962
1030
  },
963
1031
  "description": {
964
1032
  "type": "string",
1033
+ "maxLength": 10000,
965
1034
  "description": "New description. Markdown formatted (CommonMark + GFM tables, strikethrough, task lists). Pass an empty string to clear; omit to leave unchanged."
966
1035
  },
967
1036
  "start": {
@@ -974,6 +1043,7 @@
974
1043
  },
975
1044
  "location": {
976
1045
  "type": "string",
1046
+ "maxLength": 10000,
977
1047
  "description": "New location. Pass an empty string to clear; omit to leave unchanged."
978
1048
  },
979
1049
  "url": {
@@ -1227,12 +1297,12 @@
1227
1297
  },
1228
1298
  "subject": {
1229
1299
  "type": "string",
1300
+ "maxLength": 500,
1230
1301
  "description": "Outbound subject. Required for a fresh send; may be omitted on reply (the server prefixes the inbound subject with `Re: `)."
1231
1302
  },
1232
1303
  "text": {
1233
1304
  "type": "string",
1234
1305
  "minLength": 1,
1235
- "maxLength": 102400,
1236
1306
  "description": "Plain-text body. 1 byte to 100 KiB. HTML bodies are not exposed in the v1 send API — agents compose plain text and clients render as desired."
1237
1307
  },
1238
1308
  "in_reply_to_email_id": {
@@ -1342,6 +1412,7 @@
1342
1412
  },
1343
1413
  "subject": {
1344
1414
  "type": "string",
1415
+ "maxLength": 500,
1345
1416
  "description": "Outbound subject as sent (may include `Re: ` prefix for replies)."
1346
1417
  },
1347
1418
  "text_body": {
@@ -1618,7 +1689,8 @@
1618
1689
  "properties": {
1619
1690
  "name": {
1620
1691
  "type": "string",
1621
- "minLength": 1
1692
+ "minLength": 1,
1693
+ "maxLength": 500
1622
1694
  },
1623
1695
  "default_todo_type_id": {
1624
1696
  "type": "string"
@@ -1682,10 +1754,12 @@
1682
1754
  },
1683
1755
  "title": {
1684
1756
  "type": "string",
1685
- "minLength": 1
1757
+ "minLength": 1,
1758
+ "maxLength": 500
1686
1759
  },
1687
1760
  "description": {
1688
- "type": "string"
1761
+ "type": "string",
1762
+ "maxLength": 10000
1689
1763
  },
1690
1764
  "parent_id": {
1691
1765
  "anyOf": [
@@ -1780,6 +1854,7 @@
1780
1854
  "title": {
1781
1855
  "type": "string",
1782
1856
  "minLength": 1,
1857
+ "maxLength": 500,
1783
1858
  "description": "Short human-readable summary of the work item. Required, non-empty. Shown as the primary label in CLI list output."
1784
1859
  },
1785
1860
  "project_id": {
@@ -1789,6 +1864,7 @@
1789
1864
  },
1790
1865
  "description": {
1791
1866
  "type": "string",
1867
+ "maxLength": 10000,
1792
1868
  "description": "Free-form details about the todo. Fully supports GFM Markdown (tables, strikethrough, task lists). Stored verbatim; client applications are responsible for rendering. Optional. Passing `null` is strictly rejected."
1793
1869
  },
1794
1870
  "parent_id": {
@@ -1938,7 +2014,8 @@
1938
2014
  "properties": {
1939
2015
  "label": {
1940
2016
  "type": "string",
1941
- "minLength": 1
2017
+ "minLength": 1,
2018
+ "maxLength": 500
1942
2019
  },
1943
2020
  "project_id": {
1944
2021
  "type": "string",
@@ -2312,6 +2389,19 @@
2312
2389
  }
2313
2390
  }
2314
2391
  ]
2392
+ },
2393
+ "include_orphan_fields": {
2394
+ "anyOf": [
2395
+ {
2396
+ "type": "string"
2397
+ },
2398
+ {
2399
+ "type": "array",
2400
+ "items": {
2401
+ "type": "string"
2402
+ }
2403
+ }
2404
+ ]
2315
2405
  }
2316
2406
  }
2317
2407
  },
@@ -2402,7 +2492,8 @@
2402
2492
  },
2403
2493
  "name": {
2404
2494
  "type": "string",
2405
- "minLength": 1
2495
+ "minLength": 1,
2496
+ "maxLength": 500
2406
2497
  },
2407
2498
  "default_todo_type_id": {
2408
2499
  "type": "string"
@@ -2426,10 +2517,12 @@
2426
2517
  },
2427
2518
  "title": {
2428
2519
  "type": "string",
2429
- "minLength": 1
2520
+ "minLength": 1,
2521
+ "maxLength": 500
2430
2522
  },
2431
2523
  "description": {
2432
- "type": "string"
2524
+ "type": "string",
2525
+ "maxLength": 10000
2433
2526
  },
2434
2527
  "parent_id": {
2435
2528
  "anyOf": [
@@ -2454,10 +2547,12 @@
2454
2547
  "title": {
2455
2548
  "type": "string",
2456
2549
  "minLength": 1,
2550
+ "maxLength": 500,
2457
2551
  "description": "New title. Omit to leave the existing title unchanged. Must be non-empty when supplied."
2458
2552
  },
2459
2553
  "description": {
2460
2554
  "type": "string",
2555
+ "maxLength": 10000,
2461
2556
  "description": "New description. Markdown formatted (CommonMark + GFM tables, strikethrough, task lists). Pass empty string `\"\"` explicitly to clear an existing description, or omit to leave unchanged. Passing `null` is strictly rejected."
2462
2557
  },
2463
2558
  "parent_id": {
@@ -2527,7 +2622,8 @@
2527
2622
  },
2528
2623
  "label": {
2529
2624
  "type": "string",
2530
- "minLength": 1
2625
+ "minLength": 1,
2626
+ "maxLength": 500
2531
2627
  },
2532
2628
  "hide_core_fields": {
2533
2629
  "type": "array",
@@ -2629,6 +2725,23 @@
2629
2725
  ],
2630
2726
  "summary": "Create a new API key (full value returned once)",
2631
2727
  "description": "### Overview\nCreates and provisions a new long-lived API key for the authenticated user. The complete plaintext API key value (`api_key`) is returned **only once** in this endpoint's response and cannot be retrieved again.\n\n### When to Use\n- Use this endpoint when a user requests a new API key (e.g., `wspc keys create --label \"My Agent\"`) to isolate access for specific environments, applications, or developers.\n\n### Constraints\n- Requires a valid Bearer token in the `Authorization` header.\n- **Key Limit**: A user is limited to a maximum of 25 active API keys. Requesting a new key beyond this limit will result in a `KEY_LIMIT_EXCEEDED` error.\n- **Label Validation**: The `label` parameter must be between 1 and 60 characters after trimming whitespace. Failing to provide a valid label results in an `INVALID_LABEL` error.\n\n### Troubleshooting\n- **401 Unauthorized**: The Bearer token is missing or invalid.\n- **400 Bad Request**: The `label` parameter is empty, too long, or missing.\n- **400 Bad Request (Limit Exceeded)**: The user has hit the maximum limit of 25 active keys. An existing active key must be revoked before creating a new one.",
2728
+ "x-cli": {
2729
+ "command": "keys create",
2730
+ "display": {
2731
+ "shape": "object",
2732
+ "fields": [
2733
+ "id",
2734
+ "label",
2735
+ "api_key",
2736
+ "created_at"
2737
+ ],
2738
+ "format": {
2739
+ "id": "id-short",
2740
+ "created_at": "relative-time"
2741
+ },
2742
+ "secretField": "api_key"
2743
+ }
2744
+ },
2632
2745
  "x-codeSamples": [
2633
2746
  {
2634
2747
  "lang": "shell",
@@ -2638,7 +2751,7 @@
2638
2751
  {
2639
2752
  "lang": "bash",
2640
2753
  "label": "wspc CLI",
2641
- "source": "wspc keys create --label \"Claude\""
2754
+ "source": "wspc keys create --label \"openclaw-tokyo\""
2642
2755
  },
2643
2756
  {
2644
2757
  "lang": "typescript",
@@ -2646,28 +2759,6 @@
2646
2759
  "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nconst { api_key } = await auth.createKey(process.env.WSPC_API_KEY!, { label: \"Claude\" })"
2647
2760
  }
2648
2761
  ],
2649
- "parameters": [
2650
- {
2651
- "schema": {
2652
- "type": "string",
2653
- "enum": [
2654
- "user",
2655
- "agent"
2656
- ]
2657
- },
2658
- "required": false,
2659
- "name": "X-Wspc-Actor",
2660
- "in": "header"
2661
- },
2662
- {
2663
- "schema": {
2664
- "type": "string"
2665
- },
2666
- "required": false,
2667
- "name": "X-Wspc-Agent-Label",
2668
- "in": "header"
2669
- }
2670
- ],
2671
2762
  "requestBody": {
2672
2763
  "required": true,
2673
2764
  "content": {
@@ -3026,6 +3117,26 @@
3026
3117
  ],
3027
3118
  "summary": "List active API keys",
3028
3119
  "description": "### Overview\nReturns a list of all active (non-revoked) API keys belonging to the authenticated user. It also includes the `current_key_id` identifying the specific key used to authenticate the current request.\n\n### When to Use\n- Use this endpoint to view active API keys (e.g., when running `wspc keys list` or displaying API key management screens in user profiles).\n- Use the `current_key_id` to identify which key is making the current call, facilitating self-rotation or auditing.\n\n### Constraints\n- Requires a valid Bearer token in the `Authorization` header.\n- Only active keys are returned; keys that have been revoked are filtered out and excluded from the response.\n- The full secret key is never returned; only the last 4 characters (`key_last4`) are provided for identification.\n\n### Troubleshooting\n- **401 Unauthorized**: The provided Bearer token is missing, expired, or invalid. Ensure you are passing a valid, active API key.",
3120
+ "x-cli": {
3121
+ "command": "keys ls",
3122
+ "display": {
3123
+ "shape": "list",
3124
+ "dataPath": "keys",
3125
+ "columns": [
3126
+ "id",
3127
+ "label",
3128
+ "last_4",
3129
+ "created_at",
3130
+ "last_used_at"
3131
+ ],
3132
+ "format": {
3133
+ "id": "id-short",
3134
+ "created_at": "relative-time",
3135
+ "last_used_at": "relative-time"
3136
+ },
3137
+ "emptyMessage": "(no API keys)"
3138
+ }
3139
+ },
3029
3140
  "x-codeSamples": [
3030
3141
  {
3031
3142
  "lang": "shell",
@@ -3035,7 +3146,7 @@
3035
3146
  {
3036
3147
  "lang": "bash",
3037
3148
  "label": "wspc CLI",
3038
- "source": "wspc keys list"
3149
+ "source": "wspc keys ls"
3039
3150
  },
3040
3151
  {
3041
3152
  "lang": "typescript",
@@ -3043,28 +3154,6 @@
3043
3154
  "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nconst { keys } = await auth.listKeys(process.env.WSPC_API_KEY!)"
3044
3155
  }
3045
3156
  ],
3046
- "parameters": [
3047
- {
3048
- "schema": {
3049
- "type": "string",
3050
- "enum": [
3051
- "user",
3052
- "agent"
3053
- ]
3054
- },
3055
- "required": false,
3056
- "name": "X-Wspc-Actor",
3057
- "in": "header"
3058
- },
3059
- {
3060
- "schema": {
3061
- "type": "string"
3062
- },
3063
- "required": false,
3064
- "name": "X-Wspc-Agent-Label",
3065
- "in": "header"
3066
- }
3067
- ],
3068
3157
  "responses": {
3069
3158
  "200": {
3070
3159
  "description": "List of active API keys and the id of the key used for this request.",
@@ -3410,7 +3499,7 @@
3410
3499
  ],
3411
3500
  "security": [],
3412
3501
  "summary": "Start the device authorization grant",
3413
- "description": "### Overview\nImplements the RFC 8628 (§3.2) device authorization endpoint. It returns a `device_code` (for polling) and a `user_code` with a `verification_uri` for users to approve the client on another device.\n\n### When to Use\n- Use this endpoint in input-constrained environments (like CLI tools, IoT devices, or headless scripts) where direct web browser redirects are impractical or impossible.\n\n### Constraints\n- Public endpoint (no authentication required).\n- **Formats**: Accepts both `application/json` and `application/x-www-form-urlencoded` request formats (though OpenAPI documents JSON only).\n\n### Troubleshooting\n- **400 Bad Request**: The `client_id` is missing, invalid, or does not exist.\n- **429 Too Many Requests**: Device code request rate has been exceeded.",
3502
+ "description": "### Overview\nImplements the RFC 8628 (§3.2) device authorization endpoint. It returns a `device_code` (for polling) and a `user_code` with a `verification_uri` for users to approve the client on another device.\n\n### When to Use\n- Use this endpoint in input-constrained environments (like CLI tools, IoT devices, or headless scripts) where direct web browser redirects are impractical or impossible.\n\n### Constraints\n- Public endpoint (no authentication required).\n- **Formats**: Accepts both `application/json` and `application/x-www-form-urlencoded` request bodies. The body shape is identical in both encodings.\n\n### Troubleshooting\n- **400 Bad Request**: The `client_id` is missing, invalid, or does not exist.\n- **429 Too Many Requests**: Device code request rate has been exceeded.",
3414
3503
  "x-codeSamples": [
3415
3504
  {
3416
3505
  "lang": "shell",
@@ -3428,28 +3517,6 @@
3428
3517
  "source": "// TODO: client method pending\n// Expected shape:\n// const dev = await fetch(\"https://api.wspc.ai/auth/oauth/device\", {\n// method: \"POST\",\n// headers: { \"Content-Type\": \"application/json\" },\n// body: JSON.stringify({ client_id: \"oac_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\" }),\n// }).then(r => r.json())"
3429
3518
  }
3430
3519
  ],
3431
- "parameters": [
3432
- {
3433
- "schema": {
3434
- "type": "string",
3435
- "enum": [
3436
- "user",
3437
- "agent"
3438
- ]
3439
- },
3440
- "required": false,
3441
- "name": "X-Wspc-Actor",
3442
- "in": "header"
3443
- },
3444
- {
3445
- "schema": {
3446
- "type": "string"
3447
- },
3448
- "required": false,
3449
- "name": "X-Wspc-Agent-Label",
3450
- "in": "header"
3451
- }
3452
- ],
3453
3520
  "requestBody": {
3454
3521
  "content": {
3455
3522
  "application/json": {
@@ -3472,6 +3539,11 @@
3472
3539
  }
3473
3540
  }
3474
3541
  }
3542
+ },
3543
+ "application/x-www-form-urlencoded": {
3544
+ "schema": {
3545
+ "$ref": "#/components/schemas/OAuthDeviceBody"
3546
+ }
3475
3547
  }
3476
3548
  }
3477
3549
  },
@@ -3693,28 +3765,6 @@
3693
3765
  "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nconst org = await auth.getOrg(process.env.WSPC_API_KEY!)"
3694
3766
  }
3695
3767
  ],
3696
- "parameters": [
3697
- {
3698
- "schema": {
3699
- "type": "string",
3700
- "enum": [
3701
- "user",
3702
- "agent"
3703
- ]
3704
- },
3705
- "required": false,
3706
- "name": "X-Wspc-Actor",
3707
- "in": "header"
3708
- },
3709
- {
3710
- "schema": {
3711
- "type": "string"
3712
- },
3713
- "required": false,
3714
- "name": "X-Wspc-Agent-Label",
3715
- "in": "header"
3716
- }
3717
- ],
3718
3768
  "responses": {
3719
3769
  "200": {
3720
3770
  "description": "The authenticated user's organization.",
@@ -4050,31 +4100,31 @@
4050
4100
  }
4051
4101
  }
4052
4102
  }
4053
- }
4054
- },
4055
- "/auth/me": {
4056
- "get": {
4057
- "operationId": "auth_me",
4103
+ },
4104
+ "patch": {
4105
+ "operationId": "org_update",
4058
4106
  "tags": [
4059
- "Auth"
4107
+ "Org"
4060
4108
  ],
4061
4109
  "x-cli": {
4062
- "command": "auth me",
4110
+ "command": "org rename",
4063
4111
  "examples": [
4064
- "wspc auth me",
4065
- "wspc auth me --json"
4112
+ "wspc org rename \"New Name\"",
4113
+ "wspc org rename \"New Name\" --json"
4066
4114
  ],
4067
4115
  "display": {
4068
4116
  "shape": "object",
4069
4117
  "fields": [
4070
- "user_id",
4071
- "email",
4072
- "display_name",
4073
- "api_key_id"
4118
+ "id",
4119
+ "name",
4120
+ "created_at",
4121
+ "updated_at"
4074
4122
  ],
4075
4123
  "format": {
4076
- "user_id": "id-short",
4077
- "api_key_id": "id-short"
4124
+ "id": "id-short",
4125
+ "name": "truncate",
4126
+ "created_at": "relative-time",
4127
+ "updated_at": "relative-time"
4078
4128
  }
4079
4129
  }
4080
4130
  },
@@ -4083,72 +4133,41 @@
4083
4133
  "bearerAuth": []
4084
4134
  }
4085
4135
  ],
4086
- "summary": "Fetch the user identified by the bearer token",
4087
- "description": "### Overview\nRetrieves the stable identity profile (user ID, email, and optional display name) of the user associated with the active Bearer token. Works for both long-lived `wspc_*` API keys and OAuth access tokens.\n\n### When to Use\n- Use this endpoint (e.g., in `wspc verify` or `wspc whoami`) to confirm that the active environment's API key or OAuth access token remains valid.\n- Use it in UIs to display the logged-in user's profile details and retrieve the stable `user_id`.\n\n### Constraints\n- Requires a valid Bearer token (either a long-lived `wspc_*` API key or a temporary OAuth access token) in the `Authorization` header.\n- **Response Fields**: The `api_key_id` field is only returned if authenticated via a WSPC API key (prefixed with `wspc_`). OAuth access tokens will omit `api_key_id`. `display_name` is omitted if not configured.\n\n### Troubleshooting\n- **401 Unauthorized**: The Bearer token is missing, malformed, or has been revoked. Ensure the `Authorization` header matches the `Bearer <token>` format.",
4136
+ "summary": "Update the authenticated user's organization",
4137
+ "description": "### Overview\nUpdates the metadata (currently, the name) of the organization associated with the authenticated user.\n\n### Constraints\n- Requires a valid Bearer token.\n- The organization name cannot be empty or purely whitespace.\n- Maximum length is capped by `MAX_ORG_NAME_LEN`.",
4088
4138
  "x-codeSamples": [
4089
4139
  {
4090
4140
  "lang": "shell",
4091
4141
  "label": "curl",
4092
- "source": "curl https://api.wspc.ai/auth/me \\\n -H \"Authorization: Bearer $WSPC_API_KEY\""
4142
+ "source": "curl -X PATCH https://api.wspc.ai/auth/me/org \\\n -H \"Authorization: Bearer $WSPC_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"name\": \"New Name\"}'"
4093
4143
  },
4094
4144
  {
4095
4145
  "lang": "bash",
4096
4146
  "label": "wspc CLI",
4097
- "source": "wspc verify # checks the active env API key\nwspc verify --json # JSON output"
4147
+ "source": "wspc org rename \"New Name\""
4098
4148
  },
4099
4149
  {
4100
4150
  "lang": "typescript",
4101
4151
  "label": "@wspc/client",
4102
- "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nconst me = await auth.getMe(process.env.WSPC_API_KEY!)"
4152
+ "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nconst org = await auth.updateOrg(process.env.WSPC_API_KEY!, \"New Name\")"
4103
4153
  }
4104
4154
  ],
4105
- "parameters": [
4106
- {
4107
- "schema": {
4108
- "type": "string",
4109
- "enum": [
4110
- "user",
4111
- "agent"
4112
- ]
4113
- },
4114
- "required": false,
4115
- "name": "X-Wspc-Actor",
4116
- "in": "header"
4117
- },
4118
- {
4119
- "schema": {
4120
- "type": "string"
4121
- },
4122
- "required": false,
4123
- "name": "X-Wspc-Agent-Label",
4124
- "in": "header"
4155
+ "requestBody": {
4156
+ "content": {
4157
+ "application/json": {
4158
+ "schema": {
4159
+ "$ref": "#/components/schemas/UpdateOrgInput"
4160
+ }
4161
+ }
4125
4162
  }
4126
- ],
4163
+ },
4127
4164
  "responses": {
4128
4165
  "200": {
4129
- "description": "The bearer token is valid. The response carries the stable `user_id`, the user's email, and — for `wspc_*` API keys only — the `api_key_id` that authenticated the call.",
4166
+ "description": "The updated organization metadata.",
4130
4167
  "content": {
4131
4168
  "application/json": {
4132
4169
  "schema": {
4133
- "$ref": "#/components/schemas/GetMeResponse"
4134
- },
4135
- "examples": {
4136
- "apiKey": {
4137
- "summary": "Caller used a `wspc_*` API key",
4138
- "value": {
4139
- "user_id": "usr_01HW3K4N9V5G6Z8C2Q7B1Y0M3F",
4140
- "email": "alice@example.com",
4141
- "display_name": "Alice Example",
4142
- "api_key_id": "key_01HW3K4N9V5G6Z8C2Q7B1Y0M3F"
4143
- }
4144
- },
4145
- "oauthToken": {
4146
- "summary": "Caller used an OAuth access token",
4147
- "value": {
4148
- "user_id": "usr_01HW3K4N9V5G6Z8C2Q7B1Y0M3F",
4149
- "email": "alice@example.com"
4150
- }
4151
- }
4170
+ "$ref": "#/components/schemas/Org"
4152
4171
  }
4153
4172
  }
4154
4173
  }
@@ -4479,87 +4498,81 @@
4479
4498
  }
4480
4499
  }
4481
4500
  },
4482
- "/auth/me/org/members": {
4501
+ "/auth/me": {
4483
4502
  "get": {
4484
- "operationId": "org_members_list",
4503
+ "operationId": "auth_me",
4485
4504
  "tags": [
4486
- "Org"
4505
+ "Auth"
4487
4506
  ],
4488
- "security": [
4489
- {
4490
- "bearerAuth": []
4507
+ "x-cli": {
4508
+ "command": "auth me",
4509
+ "examples": [
4510
+ "wspc auth me",
4511
+ "wspc auth me --json"
4512
+ ],
4513
+ "display": {
4514
+ "shape": "object",
4515
+ "fields": [
4516
+ "user_id",
4517
+ "email",
4518
+ "display_name",
4519
+ "api_key_id"
4520
+ ],
4521
+ "format": {
4522
+ "user_id": "id-short",
4523
+ "api_key_id": "id-short"
4524
+ }
4525
+ }
4526
+ },
4527
+ "security": [
4528
+ {
4529
+ "bearerAuth": []
4491
4530
  }
4492
4531
  ],
4493
- "summary": "List members of the authenticated user's organization",
4494
- "description": "### Overview\nRetrieves a paginated list of all members belonging to the authenticated user's organization, including their basic profile information, emails, and roles.\n\n### When to Use\n- Use this endpoint to list members in command-line tools (e.g., `wspc org members ls`) or to display a team directory in a user dashboard.\n- Use this to paginate through large lists of organization members using cursor-based pagination.\n\n### Constraints\n- Requires a valid Bearer token in the `Authorization` header.\n- In the current version (v1), organizations are single-user only, meaning this endpoint will always return exactly one member (the caller).\n- **Pagination**: Supports cursor-based pagination. The `limit` query parameter must be a positive integer, defaulting to 50 and capped at a maximum of 100. Pass `cursor` from the previous response's `next_cursor` to fetch subsequent pages.\n\n### Troubleshooting\n- **401 Unauthorized**: The Bearer token is invalid or has expired.\n- **400 Bad Request**: The query parameters `limit` or `cursor` are malformed. Ensure `limit` is an integer between 1 and 100.\n- **404 Not Found**: The organization associated with this user was not found.",
4532
+ "summary": "Fetch the user identified by the bearer token",
4533
+ "description": "### Overview\nRetrieves the stable identity profile (user ID, email, and optional display name) of the user associated with the active Bearer token. Works for both long-lived `wspc_*` API keys and OAuth access tokens.\n\n### When to Use\n- Use this endpoint (e.g., in `wspc verify` or `wspc whoami`) to confirm that the active environment's API key or OAuth access token remains valid.\n- Use it in UIs to display the logged-in user's profile details and retrieve the stable `user_id`.\n\n### Constraints\n- Requires a valid Bearer token (either a long-lived `wspc_*` API key or a temporary OAuth access token) in the `Authorization` header.\n- **Response Fields**: The `api_key_id` field is only returned if authenticated via a WSPC API key (prefixed with `wspc_`). OAuth access tokens will omit `api_key_id`. `display_name` is omitted if not configured.\n\n### Troubleshooting\n- **401 Unauthorized**: The Bearer token is missing, malformed, or has been revoked. Ensure the `Authorization` header matches the `Bearer <token>` format.",
4495
4534
  "x-codeSamples": [
4496
4535
  {
4497
4536
  "lang": "shell",
4498
4537
  "label": "curl",
4499
- "source": "curl https://api.wspc.ai/auth/me/org/members \\\n -H \"Authorization: Bearer $WSPC_API_KEY\""
4538
+ "source": "curl https://api.wspc.ai/auth/me \\\n -H \"Authorization: Bearer $WSPC_API_KEY\""
4500
4539
  },
4501
4540
  {
4502
4541
  "lang": "bash",
4503
4542
  "label": "wspc CLI",
4504
- "source": "wspc org members ls"
4543
+ "source": "wspc verify # checks the active env API key\nwspc verify --json # JSON output"
4505
4544
  },
4506
4545
  {
4507
4546
  "lang": "typescript",
4508
4547
  "label": "@wspc/client",
4509
- "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nconst { members } = await auth.listOrgMembers(process.env.WSPC_API_KEY!)"
4510
- }
4511
- ],
4512
- "parameters": [
4513
- {
4514
- "schema": {
4515
- "type": "string",
4516
- "description": "Opaque pagination cursor. Pass the `next_cursor` returned by the previous page to fetch the next slice. Omit on the first call."
4517
- },
4518
- "required": false,
4519
- "description": "Opaque pagination cursor. Pass the `next_cursor` returned by the previous page to fetch the next slice. Omit on the first call.",
4520
- "name": "cursor",
4521
- "in": "query"
4522
- },
4523
- {
4524
- "schema": {
4525
- "type": "integer",
4526
- "minimum": 1,
4527
- "maximum": 100,
4528
- "description": "Maximum number of members to return in this page (1–100). Defaults to 50. Larger values trade fewer round-trips for more bytes per response."
4529
- },
4530
- "required": false,
4531
- "description": "Maximum number of members to return in this page (1–100). Defaults to 50. Larger values trade fewer round-trips for more bytes per response.",
4532
- "name": "limit",
4533
- "in": "query"
4534
- },
4535
- {
4536
- "schema": {
4537
- "type": "string",
4538
- "enum": [
4539
- "user",
4540
- "agent"
4541
- ]
4542
- },
4543
- "required": false,
4544
- "name": "X-Wspc-Actor",
4545
- "in": "header"
4546
- },
4547
- {
4548
- "schema": {
4549
- "type": "string"
4550
- },
4551
- "required": false,
4552
- "name": "X-Wspc-Agent-Label",
4553
- "in": "header"
4548
+ "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nconst me = await auth.getMe(process.env.WSPC_API_KEY!)"
4554
4549
  }
4555
4550
  ],
4556
4551
  "responses": {
4557
4552
  "200": {
4558
- "description": "List of organization members and optional cursor for next page.",
4553
+ "description": "The bearer token is valid. The response carries the stable `user_id`, the user's email, and for `wspc_*` API keys only — the `api_key_id` that authenticated the call.",
4559
4554
  "content": {
4560
4555
  "application/json": {
4561
4556
  "schema": {
4562
- "$ref": "#/components/schemas/ListOrgMembersResponse"
4557
+ "$ref": "#/components/schemas/GetMeResponse"
4558
+ },
4559
+ "examples": {
4560
+ "apiKey": {
4561
+ "summary": "Caller used a `wspc_*` API key",
4562
+ "value": {
4563
+ "user_id": "usr_01HW3K4N9V5G6Z8C2Q7B1Y0M3F",
4564
+ "email": "alice@example.com",
4565
+ "display_name": "Alice Example",
4566
+ "api_key_id": "key_01HW3K4N9V5G6Z8C2Q7B1Y0M3F"
4567
+ }
4568
+ },
4569
+ "oauthToken": {
4570
+ "summary": "Caller used an OAuth access token",
4571
+ "value": {
4572
+ "user_id": "usr_01HW3K4N9V5G6Z8C2Q7B1Y0M3F",
4573
+ "email": "alice@example.com"
4574
+ }
4575
+ }
4563
4576
  }
4564
4577
  }
4565
4578
  }
@@ -4890,69 +4903,84 @@
4890
4903
  }
4891
4904
  }
4892
4905
  },
4893
- "/.well-known/oauth-authorization-server": {
4906
+ "/auth/me/org/members": {
4894
4907
  "get": {
4895
- "operationId": "oauth_metadata",
4908
+ "operationId": "org_members_list",
4896
4909
  "tags": [
4897
- "OAuth"
4910
+ "Org"
4898
4911
  ],
4899
- "security": [],
4900
- "summary": "Discover OAuth 2.1 authorization-server metadata",
4901
- "description": "### Overview\nExposes the RFC 8414 OAuth 2.1 authorization server metadata document. This enables clients (like MCP servers, custom GPTs, and SDKs) to dynamically discover authorization, token, registration, device, and revocation endpoints instead of hard-coding them.\n\n### When to Use\n- Use this endpoint on first boot or setup of any OAuth client. To optimize performance, clients should cache this metadata, as it is highly stable per deployment environment.\n\n### Constraints\n- Public endpoint (no authentication required).\n- Currently advertises PKCE-only public clients (`token_endpoint_auth_methods_supported: [\"none\"]`, `code_challenge_methods_supported: [\"S256\"]`) and a single `wspc:full` scope.\n\n### Troubleshooting\n- **500 Internal Server Error**: Constructed endpoint URLs are invalid due to server-side configuration issues.",
4912
+ "x-cli": {
4913
+ "command": "org members",
4914
+ "display": {
4915
+ "shape": "list",
4916
+ "dataPath": "members",
4917
+ "columns": [
4918
+ "user_id",
4919
+ "email",
4920
+ "display_name",
4921
+ "joined_at"
4922
+ ],
4923
+ "format": {
4924
+ "user_id": "id-short",
4925
+ "joined_at": "relative-time"
4926
+ }
4927
+ }
4928
+ },
4929
+ "security": [
4930
+ {
4931
+ "bearerAuth": []
4932
+ }
4933
+ ],
4934
+ "summary": "List members of the authenticated user's organization",
4935
+ "description": "### Overview\nRetrieves a paginated list of all members belonging to the authenticated user's organization, including their basic profile information, emails, and roles.\n\n### When to Use\n- Use this endpoint to list members in command-line tools (e.g., `wspc org members ls`) or to display a team directory in a user dashboard.\n- Use this to paginate through large lists of organization members using cursor-based pagination.\n\n### Constraints\n- Requires a valid Bearer token in the `Authorization` header.\n- In the current version (v1), organizations are single-user only, meaning this endpoint will always return exactly one member (the caller).\n- **Pagination**: Supports cursor-based pagination. The `limit` query parameter must be a positive integer, defaulting to 50 and capped at a maximum of 100. Pass `cursor` from the previous response's `next_cursor` to fetch subsequent pages.\n\n### Troubleshooting\n- **401 Unauthorized**: The Bearer token is invalid or has expired.\n- **400 Bad Request**: The query parameters `limit` or `cursor` are malformed. Ensure `limit` is an integer between 1 and 100.\n- **404 Not Found**: The organization associated with this user was not found.",
4902
4936
  "x-codeSamples": [
4903
4937
  {
4904
4938
  "lang": "shell",
4905
4939
  "label": "curl",
4906
- "source": "curl https://api.wspc.ai/.well-known/oauth-authorization-server"
4940
+ "source": "curl https://api.wspc.ai/auth/me/org/members \\\n -H \"Authorization: Bearer $WSPC_API_KEY\""
4907
4941
  },
4908
4942
  {
4909
4943
  "lang": "bash",
4910
4944
  "label": "wspc CLI",
4911
- "source": "# No direct CLI command — OAuth is consumed by third-party clients"
4945
+ "source": "wspc org members ls"
4912
4946
  },
4913
4947
  {
4914
4948
  "lang": "typescript",
4915
4949
  "label": "@wspc/client",
4916
- "source": "// TODO: client method pending\n// Expected shape:\n// const meta = await fetch(\"https://api.wspc.ai/.well-known/oauth-authorization-server\").then(r => r.json())"
4950
+ "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nconst { members } = await auth.listOrgMembers(process.env.WSPC_API_KEY!)"
4951
+ }
4952
+ ],
4953
+ "parameters": [
4954
+ {
4955
+ "schema": {
4956
+ "type": "string",
4957
+ "description": "Opaque pagination cursor. Pass the `next_cursor` returned by the previous page to fetch the next slice. Omit on the first call."
4958
+ },
4959
+ "required": false,
4960
+ "description": "Opaque pagination cursor. Pass the `next_cursor` returned by the previous page to fetch the next slice. Omit on the first call.",
4961
+ "name": "cursor",
4962
+ "in": "query"
4963
+ },
4964
+ {
4965
+ "schema": {
4966
+ "type": "integer",
4967
+ "minimum": 1,
4968
+ "maximum": 100,
4969
+ "description": "Maximum number of members to return in this page (1–100). Defaults to 50. Larger values trade fewer round-trips for more bytes per response."
4970
+ },
4971
+ "required": false,
4972
+ "description": "Maximum number of members to return in this page (1–100). Defaults to 50. Larger values trade fewer round-trips for more bytes per response.",
4973
+ "name": "limit",
4974
+ "in": "query"
4917
4975
  }
4918
4976
  ],
4919
4977
  "responses": {
4920
4978
  "200": {
4921
- "description": "Authorization-server metadata document as defined by RFC 8414. Stable per environment; safe to cache for the lifetime of the client process.",
4979
+ "description": "List of organization members and optional cursor for next page.",
4922
4980
  "content": {
4923
4981
  "application/json": {
4924
4982
  "schema": {
4925
- "$ref": "#/components/schemas/OAuthAuthServerMetadata"
4926
- },
4927
- "examples": {
4928
- "happyPath": {
4929
- "summary": "Production metadata",
4930
- "value": {
4931
- "issuer": "https://api.wspc.ai",
4932
- "authorization_endpoint": "https://app.wspc.ai/authorize",
4933
- "token_endpoint": "https://api.wspc.ai/auth/oauth/token",
4934
- "registration_endpoint": "https://api.wspc.ai/auth/oauth/register",
4935
- "revocation_endpoint": "https://api.wspc.ai/auth/oauth/revoke",
4936
- "device_authorization_endpoint": "https://api.wspc.ai/auth/oauth/device",
4937
- "response_types_supported": [
4938
- "code"
4939
- ],
4940
- "grant_types_supported": [
4941
- "authorization_code",
4942
- "refresh_token",
4943
- "urn:ietf:params:oauth:grant-type:device_code"
4944
- ],
4945
- "code_challenge_methods_supported": [
4946
- "S256"
4947
- ],
4948
- "token_endpoint_auth_methods_supported": [
4949
- "none"
4950
- ],
4951
- "scopes_supported": [
4952
- "wspc:full"
4953
- ]
4954
- }
4955
- }
4983
+ "$ref": "#/components/schemas/ListOrgMembersResponse"
4956
4984
  }
4957
4985
  }
4958
4986
  }
@@ -5283,20 +5311,21 @@
5283
5311
  }
5284
5312
  }
5285
5313
  },
5286
- "/auth/oauth/register": {
5287
- "post": {
5288
- "operationId": "oauth_client_register",
5314
+ "/.well-known/oauth-authorization-server": {
5315
+ "get": {
5316
+ "operationId": "oauth_metadata",
5289
5317
  "tags": [
5290
5318
  "OAuth"
5291
5319
  ],
5320
+ "excludeActorHeaders": true,
5292
5321
  "security": [],
5293
- "summary": "Dynamically register an OAuth client",
5294
- "description": "### Overview\nImplements RFC 7591 dynamic client registration. This endpoint mints a unique `client_id` for a public OAuth client (e.g., an MCP server or third-party integration), enabling it to initiate OAuth authorization or device flows.\n\n### When to Use\n- Use this endpoint during the first-run installation or setup of an integration to dynamically generate a client identity. Persist the generated `client_id` for subsequent sessions.\n\n### Constraints\n- Public endpoint (no authentication required).\n- **Public Clients Only**: WSPC only supports public PKCE clients. Client secrets are not generated or returned.\n- **Redirect URI Matching**: All `redirect_uris` registered here must match exactly with those requested in the authorization endpoint later.\n\n### Troubleshooting\n- **400 Bad Request / invalid_client_metadata**: The request body is missing required fields like `client_name` or `redirect_uris`, or provides invalid parameters.\n- **429 Too Many Requests**: Dynamic registration requests from the requesting IP have exceeded the rate limit.",
5322
+ "summary": "Discover OAuth 2.1 authorization-server metadata",
5323
+ "description": "### Overview\nExposes the RFC 8414 OAuth 2.1 authorization server metadata document. This enables clients (like MCP servers, custom GPTs, and SDKs) to dynamically discover authorization, token, registration, device, and revocation endpoints instead of hard-coding them.\n\n### When to Use\n- Use this endpoint on first boot or setup of any OAuth client. To optimize performance, clients should cache this metadata, as it is highly stable per deployment environment.\n\n### Constraints\n- Public endpoint (no authentication required).\n- Currently advertises PKCE-only public clients (`token_endpoint_auth_methods_supported: [\"none\"]`, `code_challenge_methods_supported: [\"S256\"]`) and a single `wspc:full` scope.\n\n### Troubleshooting\n- **500 Internal Server Error**: Constructed endpoint URLs are invalid due to server-side configuration issues.",
5295
5324
  "x-codeSamples": [
5296
5325
  {
5297
5326
  "lang": "shell",
5298
5327
  "label": "curl",
5299
- "source": "curl -X POST https://api.wspc.ai/auth/oauth/register \\\n -H \"Content-Type: application/json\" \\\n -d '{\"client_name\":\"Acme MCP Agent\",\"redirect_uris\":[\"http://localhost:3000/callback\"]}'"
5328
+ "source": "curl https://api.wspc.ai/.well-known/oauth-authorization-server"
5300
5329
  },
5301
5330
  {
5302
5331
  "lang": "bash",
@@ -5306,110 +5335,1191 @@
5306
5335
  {
5307
5336
  "lang": "typescript",
5308
5337
  "label": "@wspc/client",
5309
- "source": "// TODO: client method pending\n// Expected shape:\n// const reg = await fetch(\"https://api.wspc.ai/auth/oauth/register\", {\n// method: \"POST\",\n// headers: { \"Content-Type\": \"application/json\" },\n// body: JSON.stringify({ client_name: \"Acme MCP Agent\", redirect_uris: [\"http://localhost:3000/callback\"] }),\n// }).then(r => r.json())"
5310
- }
5311
- ],
5312
- "parameters": [
5313
- {
5314
- "schema": {
5315
- "type": "string",
5316
- "enum": [
5317
- "user",
5318
- "agent"
5319
- ]
5320
- },
5321
- "required": false,
5322
- "name": "X-Wspc-Actor",
5323
- "in": "header"
5324
- },
5325
- {
5326
- "schema": {
5327
- "type": "string"
5328
- },
5329
- "required": false,
5330
- "name": "X-Wspc-Agent-Label",
5331
- "in": "header"
5338
+ "source": "// TODO: client method pending\n// Expected shape:\n// const meta = await fetch(\"https://api.wspc.ai/.well-known/oauth-authorization-server\").then(r => r.json())"
5332
5339
  }
5333
5340
  ],
5334
- "requestBody": {
5335
- "content": {
5336
- "application/json": {
5337
- "schema": {
5338
- "$ref": "#/components/schemas/OAuthRegisterBody"
5339
- },
5340
- "examples": {
5341
- "minimal": {
5342
- "summary": "Register a local MCP client",
5343
- "value": {
5344
- "client_name": "Acme MCP Agent",
5345
- "redirect_uris": [
5346
- "http://localhost:3000/callback"
5347
- ]
5348
- }
5349
- },
5350
- "full": {
5351
- "summary": "Register with explicit grant types",
5352
- "value": {
5353
- "client_name": "Acme MCP Agent",
5354
- "redirect_uris": [
5355
- "http://localhost:3000/callback"
5356
- ],
5357
- "token_endpoint_auth_method": "none",
5358
- "grant_types": [
5359
- "authorization_code",
5360
- "refresh_token",
5361
- "urn:ietf:params:oauth:grant-type:device_code"
5362
- ]
5363
- }
5364
- }
5365
- }
5366
- }
5367
- }
5368
- },
5369
5341
  "responses": {
5370
- "201": {
5371
- "description": "Client registered. The response carries the newly minted `client_id` plus the echo of the registration request after defaults are applied.",
5342
+ "200": {
5343
+ "description": "Authorization-server metadata document as defined by RFC 8414. Stable per environment; safe to cache for the lifetime of the client process.",
5372
5344
  "content": {
5373
5345
  "application/json": {
5374
5346
  "schema": {
5375
- "$ref": "#/components/schemas/OAuthRegisterResponse"
5347
+ "$ref": "#/components/schemas/OAuthAuthServerMetadata"
5376
5348
  },
5377
5349
  "examples": {
5378
5350
  "happyPath": {
5379
- "summary": "Public PKCE client registered",
5351
+ "summary": "Production metadata",
5380
5352
  "value": {
5381
- "client_id": "oac_01HW3K4N9V5G6Z8C2Q7B1Y0M3F",
5382
- "client_name": "Acme MCP Agent",
5383
- "redirect_uris": [
5384
- "http://localhost:3000/callback"
5353
+ "issuer": "https://api.wspc.ai",
5354
+ "authorization_endpoint": "https://app.wspc.ai/authorize",
5355
+ "token_endpoint": "https://api.wspc.ai/auth/oauth/token",
5356
+ "registration_endpoint": "https://api.wspc.ai/auth/oauth/register",
5357
+ "revocation_endpoint": "https://api.wspc.ai/auth/oauth/revoke",
5358
+ "device_authorization_endpoint": "https://api.wspc.ai/auth/oauth/device",
5359
+ "response_types_supported": [
5360
+ "code"
5385
5361
  ],
5386
- "token_endpoint_auth_method": "none",
5387
- "grant_types": [
5362
+ "grant_types_supported": [
5388
5363
  "authorization_code",
5389
- "refresh_token"
5364
+ "refresh_token",
5365
+ "urn:ietf:params:oauth:grant-type:device_code"
5390
5366
  ],
5391
- "client_id_issued_at": 1748736000
5367
+ "code_challenge_methods_supported": [
5368
+ "S256"
5369
+ ],
5370
+ "token_endpoint_auth_methods_supported": [
5371
+ "none"
5372
+ ],
5373
+ "scopes_supported": [
5374
+ "wspc:full"
5375
+ ]
5376
+ }
5377
+ }
5378
+ }
5379
+ }
5380
+ }
5381
+ },
5382
+ "400": {
5383
+ "description": "Request validation failed. The body, query, or path parameters did not match the operation's schema.",
5384
+ "content": {
5385
+ "application/json": {
5386
+ "schema": {
5387
+ "type": "object",
5388
+ "properties": {
5389
+ "error": {
5390
+ "type": "object",
5391
+ "properties": {
5392
+ "code": {
5393
+ "type": "string"
5394
+ },
5395
+ "message": {
5396
+ "type": "string"
5397
+ },
5398
+ "extra": {
5399
+ "type": "object",
5400
+ "additionalProperties": {}
5401
+ }
5402
+ },
5403
+ "required": [
5404
+ "code",
5405
+ "message"
5406
+ ]
5407
+ }
5408
+ },
5409
+ "required": [
5410
+ "error"
5411
+ ]
5412
+ },
5413
+ "examples": {
5414
+ "validationError": {
5415
+ "summary": "Body failed schema validation",
5416
+ "value": {
5417
+ "error": {
5418
+ "code": "VALIDATION_ERROR",
5419
+ "message": "title must not be empty"
5420
+ }
5421
+ }
5422
+ }
5423
+ }
5424
+ }
5425
+ }
5426
+ },
5427
+ "401": {
5428
+ "description": "Authentication is required but missing or invalid. The Bearer token (API key or OAuth access token) was absent, malformed, or rejected.",
5429
+ "content": {
5430
+ "application/json": {
5431
+ "schema": {
5432
+ "type": "object",
5433
+ "properties": {
5434
+ "error": {
5435
+ "type": "object",
5436
+ "properties": {
5437
+ "code": {
5438
+ "type": "string"
5439
+ },
5440
+ "message": {
5441
+ "type": "string"
5442
+ },
5443
+ "extra": {
5444
+ "type": "object",
5445
+ "additionalProperties": {}
5446
+ }
5447
+ },
5448
+ "required": [
5449
+ "code",
5450
+ "message"
5451
+ ]
5452
+ }
5453
+ },
5454
+ "required": [
5455
+ "error"
5456
+ ]
5457
+ },
5458
+ "examples": {
5459
+ "authRequired": {
5460
+ "summary": "Missing Authorization header",
5461
+ "value": {
5462
+ "error": {
5463
+ "code": "AUTH_REQUIRED",
5464
+ "message": "missing bearer token"
5465
+ }
5466
+ }
5467
+ }
5468
+ }
5469
+ }
5470
+ }
5471
+ },
5472
+ "403": {
5473
+ "description": "The caller is authenticated but not permitted to perform this operation on the target resource.",
5474
+ "content": {
5475
+ "application/json": {
5476
+ "schema": {
5477
+ "type": "object",
5478
+ "properties": {
5479
+ "error": {
5480
+ "type": "object",
5481
+ "properties": {
5482
+ "code": {
5483
+ "type": "string"
5484
+ },
5485
+ "message": {
5486
+ "type": "string"
5487
+ },
5488
+ "extra": {
5489
+ "type": "object",
5490
+ "additionalProperties": {}
5491
+ }
5492
+ },
5493
+ "required": [
5494
+ "code",
5495
+ "message"
5496
+ ]
5497
+ }
5498
+ },
5499
+ "required": [
5500
+ "error"
5501
+ ]
5502
+ },
5503
+ "examples": {
5504
+ "forbidden": {
5505
+ "summary": "Caller does not own the resource",
5506
+ "value": {
5507
+ "error": {
5508
+ "code": "FORBIDDEN",
5509
+ "message": "not allowed"
5510
+ }
5511
+ }
5512
+ }
5513
+ }
5514
+ }
5515
+ }
5516
+ },
5517
+ "404": {
5518
+ "description": "The target resource does not exist or is not visible to the caller. Soft-deleted resources are treated as not found unless an `include_deleted` flag is set.",
5519
+ "content": {
5520
+ "application/json": {
5521
+ "schema": {
5522
+ "type": "object",
5523
+ "properties": {
5524
+ "error": {
5525
+ "type": "object",
5526
+ "properties": {
5527
+ "code": {
5528
+ "type": "string"
5529
+ },
5530
+ "message": {
5531
+ "type": "string"
5532
+ },
5533
+ "extra": {
5534
+ "type": "object",
5535
+ "additionalProperties": {}
5536
+ }
5537
+ },
5538
+ "required": [
5539
+ "code",
5540
+ "message"
5541
+ ]
5542
+ }
5543
+ },
5544
+ "required": [
5545
+ "error"
5546
+ ]
5547
+ },
5548
+ "examples": {
5549
+ "notFound": {
5550
+ "summary": "Resource id is unknown to the service",
5551
+ "value": {
5552
+ "error": {
5553
+ "code": "NOT_FOUND",
5554
+ "message": "todo not found"
5555
+ }
5556
+ }
5557
+ }
5558
+ }
5559
+ }
5560
+ }
5561
+ },
5562
+ "409": {
5563
+ "description": "Optimistic-lock conflict. The supplied `expected_version` does not match the server's current version. Refetch the resource and retry.",
5564
+ "content": {
5565
+ "application/json": {
5566
+ "schema": {
5567
+ "type": "object",
5568
+ "properties": {
5569
+ "error": {
5570
+ "type": "object",
5571
+ "properties": {
5572
+ "code": {
5573
+ "type": "string"
5574
+ },
5575
+ "message": {
5576
+ "type": "string"
5577
+ },
5578
+ "extra": {
5579
+ "type": "object",
5580
+ "additionalProperties": {}
5581
+ }
5582
+ },
5583
+ "required": [
5584
+ "code",
5585
+ "message"
5586
+ ]
5587
+ }
5588
+ },
5589
+ "required": [
5590
+ "error"
5591
+ ]
5592
+ },
5593
+ "examples": {
5594
+ "versionConflict": {
5595
+ "summary": "expected_version does not match server version",
5596
+ "value": {
5597
+ "error": {
5598
+ "code": "VERSION_CONFLICT",
5599
+ "message": "expected_version 3 but current is 4",
5600
+ "extra": {
5601
+ "expected_version": 3,
5602
+ "actual_version": 4
5603
+ }
5604
+ }
5605
+ }
5606
+ }
5607
+ }
5608
+ }
5609
+ }
5610
+ },
5611
+ "429": {
5612
+ "description": "Rate limit exceeded. Retry after the duration in `error.extra.retry_after_seconds`. `limit_kind` identifies which bucket was exhausted.",
5613
+ "content": {
5614
+ "application/json": {
5615
+ "schema": {
5616
+ "type": "object",
5617
+ "properties": {
5618
+ "error": {
5619
+ "type": "object",
5620
+ "properties": {
5621
+ "code": {
5622
+ "type": "string"
5623
+ },
5624
+ "message": {
5625
+ "type": "string"
5626
+ },
5627
+ "extra": {
5628
+ "type": "object",
5629
+ "additionalProperties": {}
5630
+ }
5631
+ },
5632
+ "required": [
5633
+ "code",
5634
+ "message"
5635
+ ]
5636
+ }
5637
+ },
5638
+ "required": [
5639
+ "error"
5640
+ ]
5641
+ },
5642
+ "examples": {
5643
+ "rateLimited": {
5644
+ "summary": "Per-key rate limit hit",
5645
+ "value": {
5646
+ "error": {
5647
+ "code": "RATE_LIMITED",
5648
+ "message": "rate limit exceeded",
5649
+ "extra": {
5650
+ "retry_after_seconds": 60,
5651
+ "limit_kind": "authenticated_per_key"
5652
+ }
5653
+ }
5654
+ }
5655
+ }
5656
+ }
5657
+ }
5658
+ }
5659
+ },
5660
+ "500": {
5661
+ "description": "Unhandled server error. The request was well-formed but the service failed unexpectedly. Safe to retry idempotent operations.",
5662
+ "content": {
5663
+ "application/json": {
5664
+ "schema": {
5665
+ "type": "object",
5666
+ "properties": {
5667
+ "error": {
5668
+ "type": "object",
5669
+ "properties": {
5670
+ "code": {
5671
+ "type": "string"
5672
+ },
5673
+ "message": {
5674
+ "type": "string"
5675
+ },
5676
+ "extra": {
5677
+ "type": "object",
5678
+ "additionalProperties": {}
5679
+ }
5680
+ },
5681
+ "required": [
5682
+ "code",
5683
+ "message"
5684
+ ]
5685
+ }
5686
+ },
5687
+ "required": [
5688
+ "error"
5689
+ ]
5690
+ },
5691
+ "examples": {
5692
+ "internalError": {
5693
+ "summary": "Unhandled exception",
5694
+ "value": {
5695
+ "error": {
5696
+ "code": "INTERNAL_ERROR",
5697
+ "message": "internal error"
5698
+ }
5699
+ }
5700
+ }
5701
+ }
5702
+ }
5703
+ }
5704
+ }
5705
+ }
5706
+ }
5707
+ },
5708
+ "/.well-known/openid-configuration": {
5709
+ "get": {
5710
+ "operationId": "oauth_metadata_openid_alias",
5711
+ "tags": [
5712
+ "OAuth"
5713
+ ],
5714
+ "excludeActorHeaders": true,
5715
+ "security": [],
5716
+ "summary": "Discover OAuth metadata (OIDC discovery alias)",
5717
+ "description": "### Overview\nOIDC discovery alias that returns the **same payload** as `GET /.well-known/oauth-authorization-server` (RFC 8414). WSPC is not an OpenID Connect identity provider — it does not issue ID tokens or expose a `userinfo` endpoint — but several MCP SDKs probe `/.well-known/openid-configuration` before falling back to the RFC 8414 path, so this alias is provided to avoid that fallback round-trip.\n\n### When to Use\n- Prefer `GET /.well-known/oauth-authorization-server` for new clients. Use this alias only if your client library hard-codes the OIDC discovery path.\n\n### Constraints\n- Public endpoint (no authentication required).\n- Response is byte-for-byte identical to the RFC 8414 endpoint; OIDC-specific fields (`userinfo_endpoint`, `jwks_uri`, `id_token_signing_alg_values_supported`, …) are intentionally absent.",
5718
+ "x-codeSamples": [
5719
+ {
5720
+ "lang": "shell",
5721
+ "label": "curl",
5722
+ "source": "curl https://api.wspc.ai/.well-known/openid-configuration"
5723
+ },
5724
+ {
5725
+ "lang": "typescript",
5726
+ "label": "@wspc/client",
5727
+ "source": "// TODO: client method pending\n// Expected shape (identical to /.well-known/oauth-authorization-server):\n// const meta = await fetch(\"https://api.wspc.ai/.well-known/openid-configuration\").then(r => r.json())"
5728
+ }
5729
+ ],
5730
+ "responses": {
5731
+ "200": {
5732
+ "description": "Authorization-server metadata document. Identical payload to the RFC 8414 endpoint; safe to cache for the lifetime of the client process.",
5733
+ "content": {
5734
+ "application/json": {
5735
+ "schema": {
5736
+ "$ref": "#/components/schemas/OAuthAuthServerMetadata"
5737
+ }
5738
+ }
5739
+ }
5740
+ },
5741
+ "400": {
5742
+ "description": "Request validation failed. The body, query, or path parameters did not match the operation's schema.",
5743
+ "content": {
5744
+ "application/json": {
5745
+ "schema": {
5746
+ "type": "object",
5747
+ "properties": {
5748
+ "error": {
5749
+ "type": "object",
5750
+ "properties": {
5751
+ "code": {
5752
+ "type": "string"
5753
+ },
5754
+ "message": {
5755
+ "type": "string"
5756
+ },
5757
+ "extra": {
5758
+ "type": "object",
5759
+ "additionalProperties": {}
5760
+ }
5761
+ },
5762
+ "required": [
5763
+ "code",
5764
+ "message"
5765
+ ]
5766
+ }
5767
+ },
5768
+ "required": [
5769
+ "error"
5770
+ ]
5771
+ },
5772
+ "examples": {
5773
+ "validationError": {
5774
+ "summary": "Body failed schema validation",
5775
+ "value": {
5776
+ "error": {
5777
+ "code": "VALIDATION_ERROR",
5778
+ "message": "title must not be empty"
5779
+ }
5780
+ }
5781
+ }
5782
+ }
5783
+ }
5784
+ }
5785
+ },
5786
+ "401": {
5787
+ "description": "Authentication is required but missing or invalid. The Bearer token (API key or OAuth access token) was absent, malformed, or rejected.",
5788
+ "content": {
5789
+ "application/json": {
5790
+ "schema": {
5791
+ "type": "object",
5792
+ "properties": {
5793
+ "error": {
5794
+ "type": "object",
5795
+ "properties": {
5796
+ "code": {
5797
+ "type": "string"
5798
+ },
5799
+ "message": {
5800
+ "type": "string"
5801
+ },
5802
+ "extra": {
5803
+ "type": "object",
5804
+ "additionalProperties": {}
5805
+ }
5806
+ },
5807
+ "required": [
5808
+ "code",
5809
+ "message"
5810
+ ]
5811
+ }
5812
+ },
5813
+ "required": [
5814
+ "error"
5815
+ ]
5816
+ },
5817
+ "examples": {
5818
+ "authRequired": {
5819
+ "summary": "Missing Authorization header",
5820
+ "value": {
5821
+ "error": {
5822
+ "code": "AUTH_REQUIRED",
5823
+ "message": "missing bearer token"
5824
+ }
5825
+ }
5826
+ }
5827
+ }
5828
+ }
5829
+ }
5830
+ },
5831
+ "403": {
5832
+ "description": "The caller is authenticated but not permitted to perform this operation on the target resource.",
5833
+ "content": {
5834
+ "application/json": {
5835
+ "schema": {
5836
+ "type": "object",
5837
+ "properties": {
5838
+ "error": {
5839
+ "type": "object",
5840
+ "properties": {
5841
+ "code": {
5842
+ "type": "string"
5843
+ },
5844
+ "message": {
5845
+ "type": "string"
5846
+ },
5847
+ "extra": {
5848
+ "type": "object",
5849
+ "additionalProperties": {}
5850
+ }
5851
+ },
5852
+ "required": [
5853
+ "code",
5854
+ "message"
5855
+ ]
5856
+ }
5857
+ },
5858
+ "required": [
5859
+ "error"
5860
+ ]
5861
+ },
5862
+ "examples": {
5863
+ "forbidden": {
5864
+ "summary": "Caller does not own the resource",
5865
+ "value": {
5866
+ "error": {
5867
+ "code": "FORBIDDEN",
5868
+ "message": "not allowed"
5869
+ }
5870
+ }
5871
+ }
5872
+ }
5873
+ }
5874
+ }
5875
+ },
5876
+ "404": {
5877
+ "description": "The target resource does not exist or is not visible to the caller. Soft-deleted resources are treated as not found unless an `include_deleted` flag is set.",
5878
+ "content": {
5879
+ "application/json": {
5880
+ "schema": {
5881
+ "type": "object",
5882
+ "properties": {
5883
+ "error": {
5884
+ "type": "object",
5885
+ "properties": {
5886
+ "code": {
5887
+ "type": "string"
5888
+ },
5889
+ "message": {
5890
+ "type": "string"
5891
+ },
5892
+ "extra": {
5893
+ "type": "object",
5894
+ "additionalProperties": {}
5895
+ }
5896
+ },
5897
+ "required": [
5898
+ "code",
5899
+ "message"
5900
+ ]
5901
+ }
5902
+ },
5903
+ "required": [
5904
+ "error"
5905
+ ]
5906
+ },
5907
+ "examples": {
5908
+ "notFound": {
5909
+ "summary": "Resource id is unknown to the service",
5910
+ "value": {
5911
+ "error": {
5912
+ "code": "NOT_FOUND",
5913
+ "message": "todo not found"
5914
+ }
5915
+ }
5916
+ }
5917
+ }
5918
+ }
5919
+ }
5920
+ },
5921
+ "409": {
5922
+ "description": "Optimistic-lock conflict. The supplied `expected_version` does not match the server's current version. Refetch the resource and retry.",
5923
+ "content": {
5924
+ "application/json": {
5925
+ "schema": {
5926
+ "type": "object",
5927
+ "properties": {
5928
+ "error": {
5929
+ "type": "object",
5930
+ "properties": {
5931
+ "code": {
5932
+ "type": "string"
5933
+ },
5934
+ "message": {
5935
+ "type": "string"
5936
+ },
5937
+ "extra": {
5938
+ "type": "object",
5939
+ "additionalProperties": {}
5940
+ }
5941
+ },
5942
+ "required": [
5943
+ "code",
5944
+ "message"
5945
+ ]
5946
+ }
5947
+ },
5948
+ "required": [
5949
+ "error"
5950
+ ]
5951
+ },
5952
+ "examples": {
5953
+ "versionConflict": {
5954
+ "summary": "expected_version does not match server version",
5955
+ "value": {
5956
+ "error": {
5957
+ "code": "VERSION_CONFLICT",
5958
+ "message": "expected_version 3 but current is 4",
5959
+ "extra": {
5960
+ "expected_version": 3,
5961
+ "actual_version": 4
5962
+ }
5963
+ }
5964
+ }
5965
+ }
5966
+ }
5967
+ }
5968
+ }
5969
+ },
5970
+ "429": {
5971
+ "description": "Rate limit exceeded. Retry after the duration in `error.extra.retry_after_seconds`. `limit_kind` identifies which bucket was exhausted.",
5972
+ "content": {
5973
+ "application/json": {
5974
+ "schema": {
5975
+ "type": "object",
5976
+ "properties": {
5977
+ "error": {
5978
+ "type": "object",
5979
+ "properties": {
5980
+ "code": {
5981
+ "type": "string"
5982
+ },
5983
+ "message": {
5984
+ "type": "string"
5985
+ },
5986
+ "extra": {
5987
+ "type": "object",
5988
+ "additionalProperties": {}
5989
+ }
5990
+ },
5991
+ "required": [
5992
+ "code",
5993
+ "message"
5994
+ ]
5995
+ }
5996
+ },
5997
+ "required": [
5998
+ "error"
5999
+ ]
6000
+ },
6001
+ "examples": {
6002
+ "rateLimited": {
6003
+ "summary": "Per-key rate limit hit",
6004
+ "value": {
6005
+ "error": {
6006
+ "code": "RATE_LIMITED",
6007
+ "message": "rate limit exceeded",
6008
+ "extra": {
6009
+ "retry_after_seconds": 60,
6010
+ "limit_kind": "authenticated_per_key"
6011
+ }
6012
+ }
6013
+ }
6014
+ }
6015
+ }
6016
+ }
6017
+ }
6018
+ },
6019
+ "500": {
6020
+ "description": "Unhandled server error. The request was well-formed but the service failed unexpectedly. Safe to retry idempotent operations.",
6021
+ "content": {
6022
+ "application/json": {
6023
+ "schema": {
6024
+ "type": "object",
6025
+ "properties": {
6026
+ "error": {
6027
+ "type": "object",
6028
+ "properties": {
6029
+ "code": {
6030
+ "type": "string"
6031
+ },
6032
+ "message": {
6033
+ "type": "string"
6034
+ },
6035
+ "extra": {
6036
+ "type": "object",
6037
+ "additionalProperties": {}
6038
+ }
6039
+ },
6040
+ "required": [
6041
+ "code",
6042
+ "message"
6043
+ ]
6044
+ }
6045
+ },
6046
+ "required": [
6047
+ "error"
6048
+ ]
6049
+ },
6050
+ "examples": {
6051
+ "internalError": {
6052
+ "summary": "Unhandled exception",
6053
+ "value": {
6054
+ "error": {
6055
+ "code": "INTERNAL_ERROR",
6056
+ "message": "internal error"
6057
+ }
6058
+ }
6059
+ }
6060
+ }
6061
+ }
6062
+ }
6063
+ }
6064
+ }
6065
+ }
6066
+ },
6067
+ "/auth/oauth/register": {
6068
+ "post": {
6069
+ "operationId": "oauth_client_register",
6070
+ "tags": [
6071
+ "OAuth"
6072
+ ],
6073
+ "security": [],
6074
+ "summary": "Dynamically register an OAuth client",
6075
+ "description": "### Overview\nImplements RFC 7591 dynamic client registration. This endpoint mints a unique `client_id` for a public OAuth client (e.g., an MCP server or third-party integration), enabling it to initiate OAuth authorization or device flows.\n\n### When to Use\n- Use this endpoint during the first-run installation or setup of an integration to dynamically generate a client identity. Persist the generated `client_id` for subsequent sessions.\n\n### Constraints\n- Public endpoint (no authentication required).\n- **Public Clients Only**: WSPC only supports public PKCE clients. Client secrets are not generated or returned.\n- **Redirect URI Matching**: All `redirect_uris` registered here must match exactly with those requested in the authorization endpoint later.\n\n### Troubleshooting\n- **400 Bad Request / invalid_client_metadata**: The request body is missing required fields like `client_name` or `redirect_uris`, or provides invalid parameters.\n- **429 Too Many Requests**: Dynamic registration requests from the requesting IP have exceeded the rate limit.",
6076
+ "x-codeSamples": [
6077
+ {
6078
+ "lang": "shell",
6079
+ "label": "curl",
6080
+ "source": "curl -X POST https://api.wspc.ai/auth/oauth/register \\\n -H \"Content-Type: application/json\" \\\n -d '{\"client_name\":\"Acme MCP Agent\",\"redirect_uris\":[\"http://localhost:3000/callback\"]}'"
6081
+ },
6082
+ {
6083
+ "lang": "bash",
6084
+ "label": "wspc CLI",
6085
+ "source": "# No direct CLI command — OAuth is consumed by third-party clients"
6086
+ },
6087
+ {
6088
+ "lang": "typescript",
6089
+ "label": "@wspc/client",
6090
+ "source": "// TODO: client method pending\n// Expected shape:\n// const reg = await fetch(\"https://api.wspc.ai/auth/oauth/register\", {\n// method: \"POST\",\n// headers: { \"Content-Type\": \"application/json\" },\n// body: JSON.stringify({ client_name: \"Acme MCP Agent\", redirect_uris: [\"http://localhost:3000/callback\"] }),\n// }).then(r => r.json())"
6091
+ }
6092
+ ],
6093
+ "requestBody": {
6094
+ "content": {
6095
+ "application/json": {
6096
+ "schema": {
6097
+ "$ref": "#/components/schemas/OAuthRegisterBody"
6098
+ },
6099
+ "examples": {
6100
+ "minimal": {
6101
+ "summary": "Register a local MCP client",
6102
+ "value": {
6103
+ "client_name": "Acme MCP Agent",
6104
+ "redirect_uris": [
6105
+ "http://localhost:3000/callback"
6106
+ ]
6107
+ }
6108
+ },
6109
+ "full": {
6110
+ "summary": "Register with explicit grant types",
6111
+ "value": {
6112
+ "client_name": "Acme MCP Agent",
6113
+ "redirect_uris": [
6114
+ "http://localhost:3000/callback"
6115
+ ],
6116
+ "token_endpoint_auth_method": "none",
6117
+ "grant_types": [
6118
+ "authorization_code",
6119
+ "refresh_token",
6120
+ "urn:ietf:params:oauth:grant-type:device_code"
6121
+ ]
6122
+ }
6123
+ }
6124
+ }
6125
+ }
6126
+ }
6127
+ },
6128
+ "responses": {
6129
+ "201": {
6130
+ "description": "Client registered. The response carries the newly minted `client_id` plus the echo of the registration request after defaults are applied.",
6131
+ "content": {
6132
+ "application/json": {
6133
+ "schema": {
6134
+ "$ref": "#/components/schemas/OAuthRegisterResponse"
6135
+ },
6136
+ "examples": {
6137
+ "happyPath": {
6138
+ "summary": "Public PKCE client registered",
6139
+ "value": {
6140
+ "client_id": "oac_01HW3K4N9V5G6Z8C2Q7B1Y0M3F",
6141
+ "client_name": "Acme MCP Agent",
6142
+ "redirect_uris": [
6143
+ "http://localhost:3000/callback"
6144
+ ],
6145
+ "token_endpoint_auth_method": "none",
6146
+ "grant_types": [
6147
+ "authorization_code",
6148
+ "refresh_token"
6149
+ ],
6150
+ "client_id_issued_at": 1748736000
6151
+ }
6152
+ }
6153
+ }
6154
+ }
6155
+ }
6156
+ },
6157
+ "400": {
6158
+ "description": "OAuth request error. `error` is a snake_case code from RFC 6749 §5.2 (e.g. `invalid_request`, `invalid_grant`, `unsupported_grant_type`) or RFC 8628 §3.5 (`authorization_pending`, `slow_down`, `expired_token`, `access_denied`).",
6159
+ "content": {
6160
+ "application/json": {
6161
+ "schema": {
6162
+ "type": "object",
6163
+ "properties": {
6164
+ "error": {
6165
+ "type": "string"
6166
+ },
6167
+ "error_description": {
6168
+ "type": "string"
6169
+ },
6170
+ "error_uri": {
6171
+ "type": "string"
6172
+ }
6173
+ },
6174
+ "required": [
6175
+ "error"
6176
+ ]
6177
+ },
6178
+ "examples": {
6179
+ "pending": {
6180
+ "summary": "Device flow: user has not yet approved/denied",
6181
+ "value": {
6182
+ "error": "authorization_pending",
6183
+ "error_description": "AUTHORIZATION_PENDING"
6184
+ }
6185
+ },
6186
+ "invalidGrant": {
6187
+ "summary": "Refresh token rejected or device code consumed",
6188
+ "value": {
6189
+ "error": "invalid_grant",
6190
+ "error_description": "INVALID_GRANT"
6191
+ }
6192
+ }
6193
+ }
6194
+ }
6195
+ }
6196
+ },
6197
+ "401": {
6198
+ "description": "OAuth client authentication failed (RFC 6749 §5.2). The client_id was not registered, or for confidential clients the credentials were rejected.",
6199
+ "content": {
6200
+ "application/json": {
6201
+ "schema": {
6202
+ "type": "object",
6203
+ "properties": {
6204
+ "error": {
6205
+ "type": "string"
6206
+ },
6207
+ "error_description": {
6208
+ "type": "string"
6209
+ },
6210
+ "error_uri": {
6211
+ "type": "string"
6212
+ }
6213
+ },
6214
+ "required": [
6215
+ "error"
6216
+ ]
6217
+ },
6218
+ "examples": {
6219
+ "invalidClient": {
6220
+ "summary": "Unknown client_id",
6221
+ "value": {
6222
+ "error": "invalid_client",
6223
+ "error_description": "INVALID_CLIENT"
6224
+ }
6225
+ }
6226
+ }
6227
+ }
6228
+ }
6229
+ },
6230
+ "429": {
6231
+ "description": "Rate limit exceeded.",
6232
+ "content": {
6233
+ "application/json": {
6234
+ "schema": {
6235
+ "type": "object",
6236
+ "properties": {
6237
+ "error": {
6238
+ "type": "string"
6239
+ },
6240
+ "error_description": {
6241
+ "type": "string"
6242
+ },
6243
+ "error_uri": {
6244
+ "type": "string"
6245
+ }
6246
+ },
6247
+ "required": [
6248
+ "error"
6249
+ ]
6250
+ },
6251
+ "examples": {
6252
+ "rateLimited": {
6253
+ "summary": "Per-IP rate limit hit",
6254
+ "value": {
6255
+ "error": "invalid_request",
6256
+ "error_description": "rate limit exceeded"
6257
+ }
6258
+ }
6259
+ }
6260
+ }
6261
+ }
6262
+ },
6263
+ "500": {
6264
+ "description": "Unhandled server error.",
6265
+ "content": {
6266
+ "application/json": {
6267
+ "schema": {
6268
+ "type": "object",
6269
+ "properties": {
6270
+ "error": {
6271
+ "type": "string"
6272
+ },
6273
+ "error_description": {
6274
+ "type": "string"
6275
+ },
6276
+ "error_uri": {
6277
+ "type": "string"
6278
+ }
6279
+ },
6280
+ "required": [
6281
+ "error"
6282
+ ]
6283
+ },
6284
+ "examples": {
6285
+ "internalError": {
6286
+ "summary": "Unhandled exception",
6287
+ "value": {
6288
+ "error": "server_error",
6289
+ "error_description": "internal error"
6290
+ }
6291
+ }
6292
+ }
6293
+ }
6294
+ }
6295
+ }
6296
+ }
6297
+ }
6298
+ },
6299
+ "/auth/request-code": {
6300
+ "post": {
6301
+ "operationId": "auth_request_code",
6302
+ "tags": [
6303
+ "Auth"
6304
+ ],
6305
+ "excludeActorHeaders": true,
6306
+ "security": [],
6307
+ "summary": "Request an email magic code",
6308
+ "description": "### Overview\nInitiates the passwordless email magic-code authentication flow by sending a short, time-limited numeric verification code to the specified email address.\n\n### When to Use\n- Use this endpoint as the first step of the CLI login flow (`wspc login`) or any interactive UI where the user initiates authentication by inputting their email address.\n- Pair this request with `POST /auth/verify-code` once the user retrieves the code from their inbox.\n\n### Constraints\n- Does not require authentication (public endpoint).\n- **Security**: The same HTTP 200 response structure is returned regardless of whether the email address is already registered or not. This is an intentional security design to prevent account-existence disclosure (email harvesting).\n- **Rate Limiting**: This endpoint enforces strict rate limits based on both the requesting IP address and the target email address to prevent abuse. Too many consecutive requests will result in a `RATE_LIMITED` error.\n\n### Troubleshooting\n- **429 Too Many Requests**: The requesting IP or target email has exceeded the allowable request rate. Wait a few minutes before trying again.\n- **400 Bad Request**: The `email` payload is malformed or invalid. Verify that the email matches basic email formats.",
6309
+ "x-codeSamples": [
6310
+ {
6311
+ "lang": "shell",
6312
+ "label": "curl",
6313
+ "source": "curl -X POST https://api.wspc.ai/auth/request-code \\\n -H \"Content-Type: application/json\" \\\n -d '{\"email\":\"alice@example.com\"}'"
6314
+ },
6315
+ {
6316
+ "lang": "bash",
6317
+ "label": "wspc CLI",
6318
+ "source": "wspc login # prompts for email, then for the magic code"
6319
+ },
6320
+ {
6321
+ "lang": "typescript",
6322
+ "label": "@wspc/client",
6323
+ "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nawait auth.requestCode(\"alice@example.com\")"
6324
+ }
6325
+ ],
6326
+ "requestBody": {
6327
+ "content": {
6328
+ "application/json": {
6329
+ "schema": {
6330
+ "$ref": "#/components/schemas/RequestCodeBody"
6331
+ },
6332
+ "examples": {
6333
+ "minimal": {
6334
+ "summary": "Request a magic code for a user",
6335
+ "value": {
6336
+ "email": "alice@example.com"
6337
+ }
6338
+ }
6339
+ }
6340
+ }
6341
+ }
6342
+ },
6343
+ "responses": {
6344
+ "200": {
6345
+ "description": "The magic code was generated and an email was dispatched. The same response shape is returned for registered and unregistered addresses to avoid account-existence disclosure.",
6346
+ "content": {
6347
+ "application/json": {
6348
+ "schema": {
6349
+ "$ref": "#/components/schemas/RequestCodeResponse"
6350
+ },
6351
+ "examples": {
6352
+ "happyPath": {
6353
+ "summary": "Code accepted; email dispatched",
6354
+ "value": {
6355
+ "status": "code_sent",
6356
+ "message": "Magic code sent."
6357
+ }
6358
+ }
6359
+ }
6360
+ }
6361
+ }
6362
+ },
6363
+ "400": {
6364
+ "description": "Request validation failed. The body, query, or path parameters did not match the operation's schema.",
6365
+ "content": {
6366
+ "application/json": {
6367
+ "schema": {
6368
+ "type": "object",
6369
+ "properties": {
6370
+ "error": {
6371
+ "type": "object",
6372
+ "properties": {
6373
+ "code": {
6374
+ "type": "string"
6375
+ },
6376
+ "message": {
6377
+ "type": "string"
6378
+ },
6379
+ "extra": {
6380
+ "type": "object",
6381
+ "additionalProperties": {}
6382
+ }
6383
+ },
6384
+ "required": [
6385
+ "code",
6386
+ "message"
6387
+ ]
6388
+ }
6389
+ },
6390
+ "required": [
6391
+ "error"
6392
+ ]
6393
+ },
6394
+ "examples": {
6395
+ "validationError": {
6396
+ "summary": "Body failed schema validation",
6397
+ "value": {
6398
+ "error": {
6399
+ "code": "VALIDATION_ERROR",
6400
+ "message": "title must not be empty"
6401
+ }
6402
+ }
6403
+ }
6404
+ }
6405
+ }
6406
+ }
6407
+ },
6408
+ "401": {
6409
+ "description": "Authentication is required but missing or invalid. The Bearer token (API key or OAuth access token) was absent, malformed, or rejected.",
6410
+ "content": {
6411
+ "application/json": {
6412
+ "schema": {
6413
+ "type": "object",
6414
+ "properties": {
6415
+ "error": {
6416
+ "type": "object",
6417
+ "properties": {
6418
+ "code": {
6419
+ "type": "string"
6420
+ },
6421
+ "message": {
6422
+ "type": "string"
6423
+ },
6424
+ "extra": {
6425
+ "type": "object",
6426
+ "additionalProperties": {}
6427
+ }
6428
+ },
6429
+ "required": [
6430
+ "code",
6431
+ "message"
6432
+ ]
6433
+ }
6434
+ },
6435
+ "required": [
6436
+ "error"
6437
+ ]
6438
+ },
6439
+ "examples": {
6440
+ "authRequired": {
6441
+ "summary": "Missing Authorization header",
6442
+ "value": {
6443
+ "error": {
6444
+ "code": "AUTH_REQUIRED",
6445
+ "message": "missing bearer token"
6446
+ }
6447
+ }
6448
+ }
6449
+ }
6450
+ }
6451
+ }
6452
+ },
6453
+ "403": {
6454
+ "description": "The caller is authenticated but not permitted to perform this operation on the target resource.",
6455
+ "content": {
6456
+ "application/json": {
6457
+ "schema": {
6458
+ "type": "object",
6459
+ "properties": {
6460
+ "error": {
6461
+ "type": "object",
6462
+ "properties": {
6463
+ "code": {
6464
+ "type": "string"
6465
+ },
6466
+ "message": {
6467
+ "type": "string"
6468
+ },
6469
+ "extra": {
6470
+ "type": "object",
6471
+ "additionalProperties": {}
6472
+ }
6473
+ },
6474
+ "required": [
6475
+ "code",
6476
+ "message"
6477
+ ]
6478
+ }
6479
+ },
6480
+ "required": [
6481
+ "error"
6482
+ ]
6483
+ },
6484
+ "examples": {
6485
+ "forbidden": {
6486
+ "summary": "Caller does not own the resource",
6487
+ "value": {
6488
+ "error": {
6489
+ "code": "FORBIDDEN",
6490
+ "message": "not allowed"
6491
+ }
5392
6492
  }
5393
6493
  }
5394
6494
  }
5395
6495
  }
5396
6496
  }
5397
6497
  },
5398
- "400": {
5399
- "description": "OAuth request error. `error` is a snake_case code from RFC 6749 §5.2 (e.g. `invalid_request`, `invalid_grant`, `unsupported_grant_type`) or RFC 8628 §3.5 (`authorization_pending`, `slow_down`, `expired_token`, `access_denied`).",
6498
+ "404": {
6499
+ "description": "The target resource does not exist or is not visible to the caller. Soft-deleted resources are treated as not found unless an `include_deleted` flag is set.",
5400
6500
  "content": {
5401
6501
  "application/json": {
5402
6502
  "schema": {
5403
6503
  "type": "object",
5404
6504
  "properties": {
5405
6505
  "error": {
5406
- "type": "string"
5407
- },
5408
- "error_description": {
5409
- "type": "string"
5410
- },
5411
- "error_uri": {
5412
- "type": "string"
6506
+ "type": "object",
6507
+ "properties": {
6508
+ "code": {
6509
+ "type": "string"
6510
+ },
6511
+ "message": {
6512
+ "type": "string"
6513
+ },
6514
+ "extra": {
6515
+ "type": "object",
6516
+ "additionalProperties": {}
6517
+ }
6518
+ },
6519
+ "required": [
6520
+ "code",
6521
+ "message"
6522
+ ]
5413
6523
  }
5414
6524
  },
5415
6525
  "required": [
@@ -5417,39 +6527,44 @@
5417
6527
  ]
5418
6528
  },
5419
6529
  "examples": {
5420
- "pending": {
5421
- "summary": "Device flow: user has not yet approved/denied",
5422
- "value": {
5423
- "error": "authorization_pending",
5424
- "error_description": "AUTHORIZATION_PENDING"
5425
- }
5426
- },
5427
- "invalidGrant": {
5428
- "summary": "Refresh token rejected or device code consumed",
6530
+ "notFound": {
6531
+ "summary": "Resource id is unknown to the service",
5429
6532
  "value": {
5430
- "error": "invalid_grant",
5431
- "error_description": "INVALID_GRANT"
6533
+ "error": {
6534
+ "code": "NOT_FOUND",
6535
+ "message": "todo not found"
6536
+ }
5432
6537
  }
5433
6538
  }
5434
6539
  }
5435
6540
  }
5436
6541
  }
5437
6542
  },
5438
- "401": {
5439
- "description": "OAuth client authentication failed (RFC 6749 §5.2). The client_id was not registered, or for confidential clients the credentials were rejected.",
6543
+ "409": {
6544
+ "description": "Optimistic-lock conflict. The supplied `expected_version` does not match the server's current version. Refetch the resource and retry.",
5440
6545
  "content": {
5441
6546
  "application/json": {
5442
6547
  "schema": {
5443
6548
  "type": "object",
5444
6549
  "properties": {
5445
6550
  "error": {
5446
- "type": "string"
5447
- },
5448
- "error_description": {
5449
- "type": "string"
5450
- },
5451
- "error_uri": {
5452
- "type": "string"
6551
+ "type": "object",
6552
+ "properties": {
6553
+ "code": {
6554
+ "type": "string"
6555
+ },
6556
+ "message": {
6557
+ "type": "string"
6558
+ },
6559
+ "extra": {
6560
+ "type": "object",
6561
+ "additionalProperties": {}
6562
+ }
6563
+ },
6564
+ "required": [
6565
+ "code",
6566
+ "message"
6567
+ ]
5453
6568
  }
5454
6569
  },
5455
6570
  "required": [
@@ -5457,11 +6572,17 @@
5457
6572
  ]
5458
6573
  },
5459
6574
  "examples": {
5460
- "invalidClient": {
5461
- "summary": "Unknown client_id",
6575
+ "versionConflict": {
6576
+ "summary": "expected_version does not match server version",
5462
6577
  "value": {
5463
- "error": "invalid_client",
5464
- "error_description": "INVALID_CLIENT"
6578
+ "error": {
6579
+ "code": "VERSION_CONFLICT",
6580
+ "message": "expected_version 3 but current is 4",
6581
+ "extra": {
6582
+ "expected_version": 3,
6583
+ "actual_version": 4
6584
+ }
6585
+ }
5465
6586
  }
5466
6587
  }
5467
6588
  }
@@ -5469,20 +6590,30 @@
5469
6590
  }
5470
6591
  },
5471
6592
  "429": {
5472
- "description": "Rate limit exceeded.",
6593
+ "description": "Rate limit exceeded. Retry after the duration in `error.extra.retry_after_seconds`. `limit_kind` identifies which bucket was exhausted.",
5473
6594
  "content": {
5474
6595
  "application/json": {
5475
6596
  "schema": {
5476
6597
  "type": "object",
5477
6598
  "properties": {
5478
6599
  "error": {
5479
- "type": "string"
5480
- },
5481
- "error_description": {
5482
- "type": "string"
5483
- },
5484
- "error_uri": {
5485
- "type": "string"
6600
+ "type": "object",
6601
+ "properties": {
6602
+ "code": {
6603
+ "type": "string"
6604
+ },
6605
+ "message": {
6606
+ "type": "string"
6607
+ },
6608
+ "extra": {
6609
+ "type": "object",
6610
+ "additionalProperties": {}
6611
+ }
6612
+ },
6613
+ "required": [
6614
+ "code",
6615
+ "message"
6616
+ ]
5486
6617
  }
5487
6618
  },
5488
6619
  "required": [
@@ -5491,10 +6622,16 @@
5491
6622
  },
5492
6623
  "examples": {
5493
6624
  "rateLimited": {
5494
- "summary": "Per-IP rate limit hit",
6625
+ "summary": "Per-key rate limit hit",
5495
6626
  "value": {
5496
- "error": "invalid_request",
5497
- "error_description": "rate limit exceeded"
6627
+ "error": {
6628
+ "code": "RATE_LIMITED",
6629
+ "message": "rate limit exceeded",
6630
+ "extra": {
6631
+ "retry_after_seconds": 60,
6632
+ "limit_kind": "authenticated_per_key"
6633
+ }
6634
+ }
5498
6635
  }
5499
6636
  }
5500
6637
  }
@@ -5502,20 +6639,30 @@
5502
6639
  }
5503
6640
  },
5504
6641
  "500": {
5505
- "description": "Unhandled server error.",
6642
+ "description": "Unhandled server error. The request was well-formed but the service failed unexpectedly. Safe to retry idempotent operations.",
5506
6643
  "content": {
5507
6644
  "application/json": {
5508
6645
  "schema": {
5509
6646
  "type": "object",
5510
6647
  "properties": {
5511
6648
  "error": {
5512
- "type": "string"
5513
- },
5514
- "error_description": {
5515
- "type": "string"
5516
- },
5517
- "error_uri": {
5518
- "type": "string"
6649
+ "type": "object",
6650
+ "properties": {
6651
+ "code": {
6652
+ "type": "string"
6653
+ },
6654
+ "message": {
6655
+ "type": "string"
6656
+ },
6657
+ "extra": {
6658
+ "type": "object",
6659
+ "additionalProperties": {}
6660
+ }
6661
+ },
6662
+ "required": [
6663
+ "code",
6664
+ "message"
6665
+ ]
5519
6666
  }
5520
6667
  },
5521
6668
  "required": [
@@ -5526,8 +6673,10 @@
5526
6673
  "internalError": {
5527
6674
  "summary": "Unhandled exception",
5528
6675
  "value": {
5529
- "error": "server_error",
5530
- "error_description": "internal error"
6676
+ "error": {
6677
+ "code": "INTERNAL_ERROR",
6678
+ "message": "internal error"
6679
+ }
5531
6680
  }
5532
6681
  }
5533
6682
  }
@@ -5537,65 +6686,61 @@
5537
6686
  }
5538
6687
  }
5539
6688
  },
5540
- "/auth/request-code": {
5541
- "post": {
5542
- "operationId": "auth_request_code",
6689
+ "/auth/keys/{id}": {
6690
+ "delete": {
6691
+ "operationId": "key_revoke",
5543
6692
  "tags": [
5544
- "Auth"
6693
+ "Keys"
5545
6694
  ],
5546
- "security": [],
5547
- "summary": "Request an email magic code",
5548
- "description": "### Overview\nInitiates the passwordless email magic-code authentication flow by sending a short, time-limited numeric verification code to the specified email address.\n\n### When to Use\n- Use this endpoint as the first step of the CLI login flow (`wspc login`) or any interactive UI where the user initiates authentication by inputting their email address.\n- Pair this request with `POST /auth/verify-code` once the user retrieves the code from their inbox.\n\n### Constraints\n- Does not require authentication (public endpoint).\n- **Security**: The same HTTP 200 response structure is returned regardless of whether the email address is already registered or not. This is an intentional security design to prevent account-existence disclosure (email harvesting).\n- **Rate Limiting**: This endpoint enforces strict rate limits based on both the requesting IP address and the target email address to prevent abuse. Too many consecutive requests will result in a `RATE_LIMITED` error.\n\n### Troubleshooting\n- **429 Too Many Requests**: The requesting IP or target email has exceeded the allowable request rate. Wait a few minutes before trying again.\n- **400 Bad Request**: The `email` payload is malformed or invalid. Verify that the email matches basic email formats.",
6695
+ "security": [
6696
+ {
6697
+ "bearerAuth": []
6698
+ }
6699
+ ],
6700
+ "summary": "Soft-revoke an API key",
6701
+ "description": "### Overview\nPermanently revokes an active API key by its unique ID. Once revoked, the key becomes immediately invalid and will be rejected by all services.\n\n### When to Use\n- Use this endpoint to permanently deactivate an API key (e.g., when running `wspc keys revoke <id>`) due to token rotation, key leakage, or decommissioning of a machine/service.\n\n### Constraints\n- Requires a valid Bearer token in the `Authorization` header.\n- Revocation is permanent and cannot be undone.\n- A user can revoke any key they own, including the one they are currently using to make the call. If they revoke the current key, subsequent requests using that key will return `401 Unauthorized`.\n\n### Troubleshooting\n- **401 Unauthorized**: The active token is missing, expired, or invalid.\n- **404 Not Found**: The specified key ID does not exist, belongs to another user, or has already been revoked.\n- **400 Bad Request**: The `id` path parameter format is invalid. It must be in the format `key_<ULID>`.",
6702
+ "x-cli": {
6703
+ "command": "keys rm",
6704
+ "positional": [
6705
+ "id"
6706
+ ]
6707
+ },
5549
6708
  "x-codeSamples": [
5550
6709
  {
5551
6710
  "lang": "shell",
5552
6711
  "label": "curl",
5553
- "source": "curl -X POST https://api.wspc.ai/auth/request-code \\\n -H \"Content-Type: application/json\" \\\n -d '{\"email\":\"alice@example.com\"}'"
6712
+ "source": "curl -X DELETE https://api.wspc.ai/auth/keys/key_01HW3K4N9V5G6Z8C2Q7B1Y0M3F \\\n -H \"Authorization: Bearer $WSPC_API_KEY\""
5554
6713
  },
5555
6714
  {
5556
6715
  "lang": "bash",
5557
6716
  "label": "wspc CLI",
5558
- "source": "wspc login # prompts for email, then for the magic code"
6717
+ "source": "wspc keys rm key_abcd1234efgh5678"
5559
6718
  },
5560
6719
  {
5561
6720
  "lang": "typescript",
5562
6721
  "label": "@wspc/client",
5563
- "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nawait auth.requestCode(\"alice@example.com\")"
6722
+ "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nawait auth.revokeKey(process.env.WSPC_API_KEY!, \"key_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\")"
5564
6723
  }
5565
6724
  ],
5566
- "requestBody": {
5567
- "content": {
5568
- "application/json": {
5569
- "schema": {
5570
- "$ref": "#/components/schemas/RequestCodeBody"
5571
- },
5572
- "examples": {
5573
- "minimal": {
5574
- "summary": "Request a magic code for a user",
5575
- "value": {
5576
- "email": "alice@example.com"
5577
- }
5578
- }
5579
- }
5580
- }
6725
+ "parameters": [
6726
+ {
6727
+ "schema": {
6728
+ "type": "string",
6729
+ "description": "Id of the API key to revoke, as returned by `GET /auth/keys` (`key_<ULID>`)."
6730
+ },
6731
+ "required": true,
6732
+ "description": "Id of the API key to revoke, as returned by `GET /auth/keys` (`key_<ULID>`).",
6733
+ "name": "id",
6734
+ "in": "path"
5581
6735
  }
5582
- },
6736
+ ],
5583
6737
  "responses": {
5584
6738
  "200": {
5585
- "description": "The magic code was generated and an email was dispatched. The same response shape is returned for registered and unregistered addresses to avoid account-existence disclosure.",
6739
+ "description": "Key revoked successfully.",
5586
6740
  "content": {
5587
6741
  "application/json": {
5588
6742
  "schema": {
5589
- "$ref": "#/components/schemas/RequestCodeResponse"
5590
- },
5591
- "examples": {
5592
- "happyPath": {
5593
- "summary": "Code accepted; email dispatched",
5594
- "value": {
5595
- "status": "code_sent",
5596
- "message": "Magic code sent."
5597
- }
5598
- }
6743
+ "$ref": "#/components/schemas/RevokeApiKeyResponse"
5599
6744
  }
5600
6745
  }
5601
6746
  }
@@ -5924,11 +7069,9 @@
5924
7069
  }
5925
7070
  }
5926
7071
  }
5927
- }
5928
- },
5929
- "/auth/keys/{id}": {
5930
- "delete": {
5931
- "operationId": "key_revoke",
7072
+ },
7073
+ "patch": {
7074
+ "operationId": "key_update",
5932
7075
  "tags": [
5933
7076
  "Keys"
5934
7077
  ],
@@ -5937,64 +7080,60 @@
5937
7080
  "bearerAuth": []
5938
7081
  }
5939
7082
  ],
5940
- "summary": "Soft-revoke an API key",
5941
- "description": "### Overview\nPermanently revokes an active API key by its unique ID. Once revoked, the key becomes immediately invalid and will be rejected by all services.\n\n### When to Use\n- Use this endpoint to permanently deactivate an API key (e.g., when running `wspc keys revoke <id>`) due to token rotation, key leakage, or decommissioning of a machine/service.\n\n### Constraints\n- Requires a valid Bearer token in the `Authorization` header.\n- Revocation is permanent and cannot be undone.\n- A user can revoke any key they own, including the one they are currently using to make the call. If they revoke the current key, subsequent requests using that key will return `401 Unauthorized`.\n\n### Troubleshooting\n- **401 Unauthorized**: The active token is missing, expired, or invalid.\n- **404 Not Found**: The specified key ID does not exist, belongs to another user, or has already been revoked.\n- **400 Bad Request**: The `id` path parameter format is invalid. It must be in the format `key_<ULID>`.",
7083
+ "summary": "Update an active API key's label",
7084
+ "description": "### Overview\nUpdates the human-readable label of an active API key. Only active (non-revoked) keys owned by the authenticated user can be updated.\n\n### Constraints\n- Requires a valid Bearer token in the `Authorization` header.\n- **Label Validation**: The `label` parameter must be between 1 and 60 characters after trimming whitespace. Failing to provide a valid label results in an `INVALID_LABEL` error.",
7085
+ "x-cli": {
7086
+ "command": "keys edit",
7087
+ "positional": [
7088
+ "id"
7089
+ ]
7090
+ },
5942
7091
  "x-codeSamples": [
5943
7092
  {
5944
7093
  "lang": "shell",
5945
7094
  "label": "curl",
5946
- "source": "curl -X DELETE https://api.wspc.ai/auth/keys/key_01HW3K4N9V5G6Z8C2Q7B1Y0M3F \\\n -H \"Authorization: Bearer $WSPC_API_KEY\""
7095
+ "source": "curl -X PATCH https://api.wspc.ai/auth/keys/key_01HW3K4N9V5G6Z8C2Q7B1Y0M3F \\\n -H \"Authorization: Bearer $WSPC_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"label\":\"New Label\"}'"
5947
7096
  },
5948
7097
  {
5949
7098
  "lang": "bash",
5950
7099
  "label": "wspc CLI",
5951
- "source": "wspc keys revoke key_01HW3K4N9V5G6Z8C2Q7B1Y0M3F"
7100
+ "source": "wspc keys edit key_01HW3K4N9V5G6Z8C2Q7B1Y0M3F --label \"New Label\""
5952
7101
  },
5953
7102
  {
5954
7103
  "lang": "typescript",
5955
7104
  "label": "@wspc/client",
5956
- "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nawait auth.revokeKey(process.env.WSPC_API_KEY!, \"key_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\")"
7105
+ "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nawait auth.updateApiKeyLabel(process.env.WSPC_API_KEY!, \"key_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\", \"New Label\")"
5957
7106
  }
5958
7107
  ],
5959
7108
  "parameters": [
5960
7109
  {
5961
7110
  "schema": {
5962
7111
  "type": "string",
5963
- "description": "Id of the API key to revoke, as returned by `GET /auth/keys` (`key_<ULID>`)."
7112
+ "description": "Id of the API key to update."
5964
7113
  },
5965
7114
  "required": true,
5966
- "description": "Id of the API key to revoke, as returned by `GET /auth/keys` (`key_<ULID>`).",
7115
+ "description": "Id of the API key to update.",
5967
7116
  "name": "id",
5968
- "in": "path"
5969
- },
5970
- {
5971
- "schema": {
5972
- "type": "string",
5973
- "enum": [
5974
- "user",
5975
- "agent"
5976
- ]
5977
- },
5978
- "required": false,
5979
- "name": "X-Wspc-Actor",
5980
- "in": "header"
5981
- },
5982
- {
5983
- "schema": {
5984
- "type": "string"
5985
- },
5986
- "required": false,
5987
- "name": "X-Wspc-Agent-Label",
5988
- "in": "header"
7117
+ "in": "path"
5989
7118
  }
5990
7119
  ],
7120
+ "requestBody": {
7121
+ "required": true,
7122
+ "content": {
7123
+ "application/json": {
7124
+ "schema": {
7125
+ "$ref": "#/components/schemas/UpdateApiKeyBody"
7126
+ }
7127
+ }
7128
+ }
7129
+ },
5991
7130
  "responses": {
5992
7131
  "200": {
5993
- "description": "Key revoked successfully.",
7132
+ "description": "API key label updated successfully.",
5994
7133
  "content": {
5995
7134
  "application/json": {
5996
7135
  "schema": {
5997
- "$ref": "#/components/schemas/RevokeApiKeyResponse"
7136
+ "$ref": "#/components/schemas/UpdateApiKeyResponse"
5998
7137
  }
5999
7138
  }
6000
7139
  }
@@ -6351,28 +7490,6 @@
6351
7490
  "source": "// TODO: client method pending\n// Expected shape:\n// await fetch(\"https://api.wspc.ai/auth/oauth/revoke\", {\n// method: \"POST\",\n// headers: { \"Content-Type\": \"application/json\" },\n// body: JSON.stringify({ token: \"rt_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\", token_type_hint: \"refresh_token\" }),\n// })"
6352
7491
  }
6353
7492
  ],
6354
- "parameters": [
6355
- {
6356
- "schema": {
6357
- "type": "string",
6358
- "enum": [
6359
- "user",
6360
- "agent"
6361
- ]
6362
- },
6363
- "required": false,
6364
- "name": "X-Wspc-Actor",
6365
- "in": "header"
6366
- },
6367
- {
6368
- "schema": {
6369
- "type": "string"
6370
- },
6371
- "required": false,
6372
- "name": "X-Wspc-Agent-Label",
6373
- "in": "header"
6374
- }
6375
- ],
6376
7493
  "requestBody": {
6377
7494
  "content": {
6378
7495
  "application/json": {
@@ -6394,6 +7511,11 @@
6394
7511
  }
6395
7512
  }
6396
7513
  }
7514
+ },
7515
+ "application/x-www-form-urlencoded": {
7516
+ "schema": {
7517
+ "$ref": "#/components/schemas/OAuthRevokeBody"
7518
+ }
6397
7519
  }
6398
7520
  }
6399
7521
  },
@@ -6583,28 +7705,6 @@
6583
7705
  "source": "// TODO: client method pending\n// Expected shape:\n// const tok = await fetch(\"https://api.wspc.ai/auth/oauth/token\", {\n// method: \"POST\",\n// headers: { \"Content-Type\": \"application/json\" },\n// body: JSON.stringify({\n// grant_type: \"refresh_token\",\n// refresh_token: \"rt_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\",\n// client_id: \"oac_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\",\n// }),\n// }).then(r => r.json())"
6584
7706
  }
6585
7707
  ],
6586
- "parameters": [
6587
- {
6588
- "schema": {
6589
- "type": "string",
6590
- "enum": [
6591
- "user",
6592
- "agent"
6593
- ]
6594
- },
6595
- "required": false,
6596
- "name": "X-Wspc-Actor",
6597
- "in": "header"
6598
- },
6599
- {
6600
- "schema": {
6601
- "type": "string"
6602
- },
6603
- "required": false,
6604
- "name": "X-Wspc-Agent-Label",
6605
- "in": "header"
6606
- }
6607
- ],
6608
7708
  "requestBody": {
6609
7709
  "content": {
6610
7710
  "application/json": {
@@ -6639,6 +7739,11 @@
6639
7739
  }
6640
7740
  }
6641
7741
  }
7742
+ },
7743
+ "application/x-www-form-urlencoded": {
7744
+ "schema": {
7745
+ "$ref": "#/components/schemas/OAuthTokenBody"
7746
+ }
6642
7747
  }
6643
7748
  }
6644
7749
  },
@@ -6813,6 +7918,7 @@
6813
7918
  "tags": [
6814
7919
  "Auth"
6815
7920
  ],
7921
+ "excludeActorHeaders": true,
6816
7922
  "security": [],
6817
7923
  "summary": "Verify a magic code and issue an API key",
6818
7924
  "description": "### Overview\nCompletes the passwordless login flow by verifying the magic code received via email. If the code is correct, it registers a new user (if not already registered) and issues a long-lived WSPC API key.\n\n### When to Use\n- Use this endpoint as the second step of the login flow, exchanging the user-provided code and email address for a valid credential.\n- Store the returned `api_key` securely client-side to authorize subsequent calls to all WSPC services.\n\n### Constraints\n- Does not require authentication (public endpoint).\n- **One-time Use & Expiry**: The verification code is single-use and expires after a short period (typically a few minutes). Re-using a code or attempting to guess code values results in `INVALID_CODE` or `CODE_EXPIRED`.\n- **Account Creation**: If the email address is not linked to an existing account, a new user profile and personal organization are automatically provisioned (`created: true` in response).\n\n### Troubleshooting\n- **400 Bad Request**: The code has expired (`CODE_EXPIRED`), is incorrect (`INVALID_CODE`), or has already been used. Request a fresh code via `POST /auth/request-code`.\n- **429 Too Many Requests**: The rate limit for verification attempts on this email address has been exceeded.",
@@ -7279,28 +8385,6 @@
7279
8385
  "source": "import { CalendarClient } from \"@wspc/client\"\nconst calendar = new CalendarClient({ baseUrl: \"https://api.wspc.ai\", apiKey: process.env.WSPC_API_KEY! })\nawait calendar.create({\n title: \"Lunch with Alice\",\n start: \"2026-06-01T12:30:00+08:00\",\n end: \"2026-06-01T13:30:00+08:00\",\n attendees: [{ email: \"alice@example.com\", display_name: \"Alice\" }],\n})"
7280
8386
  }
7281
8387
  ],
7282
- "parameters": [
7283
- {
7284
- "schema": {
7285
- "type": "string",
7286
- "enum": [
7287
- "user",
7288
- "agent"
7289
- ]
7290
- },
7291
- "required": false,
7292
- "name": "X-Wspc-Actor",
7293
- "in": "header"
7294
- },
7295
- {
7296
- "schema": {
7297
- "type": "string"
7298
- },
7299
- "required": false,
7300
- "name": "X-Wspc-Agent-Label",
7301
- "in": "header"
7302
- }
7303
- ],
7304
8388
  "requestBody": {
7305
8389
  "content": {
7306
8390
  "application/json": {
@@ -7874,26 +8958,6 @@
7874
8958
  "description": "When omitted or `false`, events whose `end` is before now are hidden. Pass `true` to include them. Ignored when any of `start_from`/`start_to`/`end_from`/`end_to` is provided — explicit time bounds always win.",
7875
8959
  "name": "include_past",
7876
8960
  "in": "query"
7877
- },
7878
- {
7879
- "schema": {
7880
- "type": "string",
7881
- "enum": [
7882
- "user",
7883
- "agent"
7884
- ]
7885
- },
7886
- "required": false,
7887
- "name": "X-Wspc-Actor",
7888
- "in": "header"
7889
- },
7890
- {
7891
- "schema": {
7892
- "type": "string"
7893
- },
7894
- "required": false,
7895
- "name": "X-Wspc-Agent-Label",
7896
- "in": "header"
7897
8961
  }
7898
8962
  ],
7899
8963
  "responses": {
@@ -8339,26 +9403,6 @@
8339
9403
  "description": "Event id (`evt_<ULID>` for new rows; legacy UUID ids remain accepted).",
8340
9404
  "name": "id",
8341
9405
  "in": "path"
8342
- },
8343
- {
8344
- "schema": {
8345
- "type": "string",
8346
- "enum": [
8347
- "user",
8348
- "agent"
8349
- ]
8350
- },
8351
- "required": false,
8352
- "name": "X-Wspc-Actor",
8353
- "in": "header"
8354
- },
8355
- {
8356
- "schema": {
8357
- "type": "string"
8358
- },
8359
- "required": false,
8360
- "name": "X-Wspc-Agent-Label",
8361
- "in": "header"
8362
9406
  }
8363
9407
  ],
8364
9408
  "requestBody": {
@@ -8799,26 +9843,6 @@
8799
9843
  "description": "When `true`, return the row even if soft-deleted. Default `false` (returns 404).",
8800
9844
  "name": "include_deleted",
8801
9845
  "in": "query"
8802
- },
8803
- {
8804
- "schema": {
8805
- "type": "string",
8806
- "enum": [
8807
- "user",
8808
- "agent"
8809
- ]
8810
- },
8811
- "required": false,
8812
- "name": "X-Wspc-Actor",
8813
- "in": "header"
8814
- },
8815
- {
8816
- "schema": {
8817
- "type": "string"
8818
- },
8819
- "required": false,
8820
- "name": "X-Wspc-Agent-Label",
8821
- "in": "header"
8822
9846
  }
8823
9847
  ],
8824
9848
  "responses": {
@@ -9264,26 +10288,6 @@
9264
10288
  "description": "Event id (`evt_<ULID>` for new rows; legacy UUID ids remain accepted).",
9265
10289
  "name": "id",
9266
10290
  "in": "path"
9267
- },
9268
- {
9269
- "schema": {
9270
- "type": "string",
9271
- "enum": [
9272
- "user",
9273
- "agent"
9274
- ]
9275
- },
9276
- "required": false,
9277
- "name": "X-Wspc-Actor",
9278
- "in": "header"
9279
- },
9280
- {
9281
- "schema": {
9282
- "type": "string"
9283
- },
9284
- "required": false,
9285
- "name": "X-Wspc-Agent-Label",
9286
- "in": "header"
9287
10291
  }
9288
10292
  ],
9289
10293
  "requestBody": {
@@ -9745,26 +10749,6 @@
9745
10749
  "description": "`<event_id>.ics`. The `.ics` suffix is required so the router matches this endpoint ahead of the JSON detail route.",
9746
10750
  "name": "filename",
9747
10751
  "in": "path"
9748
- },
9749
- {
9750
- "schema": {
9751
- "type": "string",
9752
- "enum": [
9753
- "user",
9754
- "agent"
9755
- ]
9756
- },
9757
- "required": false,
9758
- "name": "X-Wspc-Actor",
9759
- "in": "header"
9760
- },
9761
- {
9762
- "schema": {
9763
- "type": "string"
9764
- },
9765
- "required": false,
9766
- "name": "X-Wspc-Agent-Label",
9767
- "in": "header"
9768
10752
  }
9769
10753
  ],
9770
10754
  "responses": {
@@ -10143,26 +11127,6 @@
10143
11127
  "description": "Event id (`evt_<ULID>` for new rows; legacy UUID ids remain accepted).",
10144
11128
  "name": "id",
10145
11129
  "in": "path"
10146
- },
10147
- {
10148
- "schema": {
10149
- "type": "string",
10150
- "enum": [
10151
- "user",
10152
- "agent"
10153
- ]
10154
- },
10155
- "required": false,
10156
- "name": "X-Wspc-Actor",
10157
- "in": "header"
10158
- },
10159
- {
10160
- "schema": {
10161
- "type": "string"
10162
- },
10163
- "required": false,
10164
- "name": "X-Wspc-Agent-Label",
10165
- "in": "header"
10166
11130
  }
10167
11131
  ],
10168
11132
  "requestBody": {
@@ -10555,7 +11519,7 @@
10555
11519
  "EmailAliases"
10556
11520
  ],
10557
11521
  "summary": "Create a receiving alias",
10558
- "description": "### Overview\nReserves and provisions a new passwordless/disposable receiving email alias address under the configured WSPC domain. All inbound emails received on this alias will be forwarded into the caller's inbox.\n\n### When to Use\n- Use this endpoint to spin up a fresh, dedicated email address (e.g., `alice-shop@wspc.app`) for specific websites, newsletters, or contexts to prevent spam or categorize incoming mail.\n\n### Constraints\n- Requires a valid Bearer token in the `Authorization` header.\n- **Alias Formatting**: The local part must be between 6 and 32 characters, start with an alphanumeric character, and only contain letters, numbers, dots, underscores, and hyphens.\n- **Limit Check**: Each user is allowed a maximum of 10 active email aliases. Soft-deleted aliases do not count against this quota limit.\n\n### Troubleshooting\n- **401 Unauthorized**: Bearer token is missing, invalid, or expired.\n- **400 Bad Request / INVALID_CHARSET / RESERVED**: The alias local part contains invalid characters, is too short/long, or matches a reserved keyword.\n- **409 Conflict / ALIAS_CONFLICT**: An alias with the exact requested email address already exists globally (whether active or soft-deleted by any user).\n- **429 Too Many Requests / ALIAS_LIMIT_EXCEEDED**: The user has reached the active alias cap limit of 10. A previously deleted alias must be cleaned up or wait for quota availability.",
11522
+ "description": "### Overview\nReserves and provisions a new passwordless/disposable receiving email alias address under the configured WSPC domain. All inbound emails received on this alias will be forwarded into the caller's inbox.\n\n### When to Use\n- Use this endpoint to spin up a fresh, dedicated email address (e.g., `alice-shop@wspc.app`) for specific websites, newsletters, or contexts to prevent spam or categorize incoming mail.\n\n### Constraints\n- Requires a valid Bearer token in the `Authorization` header.\n- **Alias Formatting**: The local part must be between 5 and 32 characters, start with an alphanumeric character, and only contain letters, numbers, dots, underscores, and hyphens.\n- **Limit Check**: Each user is allowed a maximum of 10 active email aliases. Soft-deleted aliases do not count against this quota limit.\n\n### Troubleshooting\n- **401 Unauthorized**: Bearer token is missing, invalid, or expired.\n- **400 Bad Request / INVALID_CHARSET / RESERVED**: The alias local part contains invalid characters, is too short/long, or matches a reserved keyword.\n- **409 Conflict / ALIAS_CONFLICT**: An alias with the exact requested email address already exists globally (whether active or soft-deleted by any user).\n- **429 Too Many Requests / ALIAS_LIMIT_EXCEEDED**: The user has reached the active alias cap limit of 10. A previously deleted alias must be cleaned up or wait for quota availability.",
10559
11523
  "security": [
10560
11524
  {
10561
11525
  "bearerAuth": []
@@ -10593,28 +11557,6 @@
10593
11557
  "source": "import { EmailClient } from \"@wspc/client\"\nconst email = new EmailClient({ baseUrl: \"https://api.wspc.ai\", apiKey: process.env.WSPC_API_KEY! })\nawait email.aliasCreate({ email: \"alice-shop@wspc.app\" })"
10594
11558
  }
10595
11559
  ],
10596
- "parameters": [
10597
- {
10598
- "schema": {
10599
- "type": "string",
10600
- "enum": [
10601
- "user",
10602
- "agent"
10603
- ]
10604
- },
10605
- "required": false,
10606
- "name": "X-Wspc-Actor",
10607
- "in": "header"
10608
- },
10609
- {
10610
- "schema": {
10611
- "type": "string"
10612
- },
10613
- "required": false,
10614
- "name": "X-Wspc-Agent-Label",
10615
- "in": "header"
10616
- }
10617
- ],
10618
11560
  "requestBody": {
10619
11561
  "required": true,
10620
11562
  "content": {
@@ -10912,26 +11854,6 @@
10912
11854
  "description": "When `true`, include soft-deleted aliases (with `deleted_at` set) alongside active ones. Defaults to `false`.",
10913
11855
  "name": "include_deleted",
10914
11856
  "in": "query"
10915
- },
10916
- {
10917
- "schema": {
10918
- "type": "string",
10919
- "enum": [
10920
- "user",
10921
- "agent"
10922
- ]
10923
- },
10924
- "required": false,
10925
- "name": "X-Wspc-Actor",
10926
- "in": "header"
10927
- },
10928
- {
10929
- "schema": {
10930
- "type": "string"
10931
- },
10932
- "required": false,
10933
- "name": "X-Wspc-Agent-Label",
10934
- "in": "header"
10935
11857
  }
10936
11858
  ],
10937
11859
  "responses": {
@@ -11200,26 +12122,6 @@
11200
12122
  "description": "Full alias email address. URL-encode @ as %40 in paths.",
11201
12123
  "name": "email",
11202
12124
  "in": "path"
11203
- },
11204
- {
11205
- "schema": {
11206
- "type": "string",
11207
- "enum": [
11208
- "user",
11209
- "agent"
11210
- ]
11211
- },
11212
- "required": false,
11213
- "name": "X-Wspc-Actor",
11214
- "in": "header"
11215
- },
11216
- {
11217
- "schema": {
11218
- "type": "string"
11219
- },
11220
- "required": false,
11221
- "name": "X-Wspc-Agent-Label",
11222
- "in": "header"
11223
12125
  }
11224
12126
  ],
11225
12127
  "responses": {
@@ -11448,28 +12350,6 @@
11448
12350
  "source": "import { EmailClient } from \"@wspc/client\"\nconst email = new EmailClient({ baseUrl: \"https://api.wspc.ai\", apiKey: process.env.WSPC_API_KEY! })\nawait email.deleteMany([\"eml_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\", \"eml_01HW3K4N9V5G6Z8C2Q7B1Y0M3G\"])"
11449
12351
  }
11450
12352
  ],
11451
- "parameters": [
11452
- {
11453
- "schema": {
11454
- "type": "string",
11455
- "enum": [
11456
- "user",
11457
- "agent"
11458
- ]
11459
- },
11460
- "required": false,
11461
- "name": "X-Wspc-Actor",
11462
- "in": "header"
11463
- },
11464
- {
11465
- "schema": {
11466
- "type": "string"
11467
- },
11468
- "required": false,
11469
- "name": "X-Wspc-Agent-Label",
11470
- "in": "header"
11471
- }
11472
- ],
11473
12353
  "requestBody": {
11474
12354
  "required": true,
11475
12355
  "content": {
@@ -11776,26 +12656,6 @@
11776
12656
  "description": "When `true`, allow downloading an attachment whose parent email is soft-deleted. Defaults to `false`.",
11777
12657
  "name": "include_deleted",
11778
12658
  "in": "query"
11779
- },
11780
- {
11781
- "schema": {
11782
- "type": "string",
11783
- "enum": [
11784
- "user",
11785
- "agent"
11786
- ]
11787
- },
11788
- "required": false,
11789
- "name": "X-Wspc-Actor",
11790
- "in": "header"
11791
- },
11792
- {
11793
- "schema": {
11794
- "type": "string"
11795
- },
11796
- "required": false,
11797
- "name": "X-Wspc-Agent-Label",
11798
- "in": "header"
11799
12659
  }
11800
12660
  ],
11801
12661
  "responses": {
@@ -12063,26 +12923,6 @@
12063
12923
  "description": "When `true`, allow fetching a soft-deleted email. Defaults to `false` (returns 404 for soft-deleted rows).",
12064
12924
  "name": "include_deleted",
12065
12925
  "in": "query"
12066
- },
12067
- {
12068
- "schema": {
12069
- "type": "string",
12070
- "enum": [
12071
- "user",
12072
- "agent"
12073
- ]
12074
- },
12075
- "required": false,
12076
- "name": "X-Wspc-Actor",
12077
- "in": "header"
12078
- },
12079
- {
12080
- "schema": {
12081
- "type": "string"
12082
- },
12083
- "required": false,
12084
- "name": "X-Wspc-Agent-Label",
12085
- "in": "header"
12086
12926
  }
12087
12927
  ],
12088
12928
  "responses": {
@@ -12123,6 +12963,7 @@
12123
12963
  },
12124
12964
  "subject": {
12125
12965
  "type": "string",
12966
+ "maxLength": 500,
12126
12967
  "description": "Subject header. Absent if the sender omitted it."
12127
12968
  },
12128
12969
  "text_body": {
@@ -12631,28 +13472,8 @@
12631
13472
  },
12632
13473
  "required": false,
12633
13474
  "description": "When `true`, also return soft-deleted emails. Defaults to `false`.",
12634
- "name": "include_deleted",
12635
- "in": "query"
12636
- },
12637
- {
12638
- "schema": {
12639
- "type": "string",
12640
- "enum": [
12641
- "user",
12642
- "agent"
12643
- ]
12644
- },
12645
- "required": false,
12646
- "name": "X-Wspc-Actor",
12647
- "in": "header"
12648
- },
12649
- {
12650
- "schema": {
12651
- "type": "string"
12652
- },
12653
- "required": false,
12654
- "name": "X-Wspc-Agent-Label",
12655
- "in": "header"
13475
+ "name": "include_deleted",
13476
+ "in": "query"
12656
13477
  }
12657
13478
  ],
12658
13479
  "responses": {
@@ -12695,6 +13516,7 @@
12695
13516
  },
12696
13517
  "subject": {
12697
13518
  "type": "string",
13519
+ "maxLength": 500,
12698
13520
  "description": "Subject header. Absent if the sender omitted it."
12699
13521
  },
12700
13522
  "text_body": {
@@ -13026,28 +13848,6 @@
13026
13848
  "source": "import { EmailClient } from \"@wspc/client\"\nconst email = new EmailClient({ baseUrl: \"https://api.wspc.ai\", apiKey: process.env.WSPC_API_KEY! })\nawait email.markRead([\"eml_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\", \"eml_01HW3K4N9V5G6Z8C2Q7B1Y0M3G\"])"
13027
13849
  }
13028
13850
  ],
13029
- "parameters": [
13030
- {
13031
- "schema": {
13032
- "type": "string",
13033
- "enum": [
13034
- "user",
13035
- "agent"
13036
- ]
13037
- },
13038
- "required": false,
13039
- "name": "X-Wspc-Actor",
13040
- "in": "header"
13041
- },
13042
- {
13043
- "schema": {
13044
- "type": "string"
13045
- },
13046
- "required": false,
13047
- "name": "X-Wspc-Agent-Label",
13048
- "in": "header"
13049
- }
13050
- ],
13051
13851
  "requestBody": {
13052
13852
  "required": true,
13053
13853
  "content": {
@@ -13340,28 +14140,6 @@
13340
14140
  "source": "import { EmailClient } from \"@wspc/client\"\nconst email = new EmailClient({ baseUrl: \"https://api.wspc.ai\", apiKey: process.env.WSPC_API_KEY! })\nawait email.markUnread([\"eml_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\"])"
13341
14141
  }
13342
14142
  ],
13343
- "parameters": [
13344
- {
13345
- "schema": {
13346
- "type": "string",
13347
- "enum": [
13348
- "user",
13349
- "agent"
13350
- ]
13351
- },
13352
- "required": false,
13353
- "name": "X-Wspc-Actor",
13354
- "in": "header"
13355
- },
13356
- {
13357
- "schema": {
13358
- "type": "string"
13359
- },
13360
- "required": false,
13361
- "name": "X-Wspc-Agent-Label",
13362
- "in": "header"
13363
- }
13364
- ],
13365
14143
  "requestBody": {
13366
14144
  "required": true,
13367
14145
  "content": {
@@ -13647,26 +14425,6 @@
13647
14425
  "description": "Full alias email address. URL-encode @ as %40 in paths.",
13648
14426
  "name": "email",
13649
14427
  "in": "path"
13650
- },
13651
- {
13652
- "schema": {
13653
- "type": "string",
13654
- "enum": [
13655
- "user",
13656
- "agent"
13657
- ]
13658
- },
13659
- "required": false,
13660
- "name": "X-Wspc-Actor",
13661
- "in": "header"
13662
- },
13663
- {
13664
- "schema": {
13665
- "type": "string"
13666
- },
13667
- "required": false,
13668
- "name": "X-Wspc-Agent-Label",
13669
- "in": "header"
13670
14428
  }
13671
14429
  ],
13672
14430
  "responses": {
@@ -13863,28 +14621,6 @@
13863
14621
  "source": "import { EmailClient } from \"@wspc/client\"\nconst email = new EmailClient({ baseUrl: \"https://api.wspc.ai\", apiKey: process.env.WSPC_API_KEY! })\nawait email.restoreMany([\"eml_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\"])"
13864
14622
  }
13865
14623
  ],
13866
- "parameters": [
13867
- {
13868
- "schema": {
13869
- "type": "string",
13870
- "enum": [
13871
- "user",
13872
- "agent"
13873
- ]
13874
- },
13875
- "required": false,
13876
- "name": "X-Wspc-Actor",
13877
- "in": "header"
13878
- },
13879
- {
13880
- "schema": {
13881
- "type": "string"
13882
- },
13883
- "required": false,
13884
- "name": "X-Wspc-Agent-Label",
13885
- "in": "header"
13886
- }
13887
- ],
13888
14624
  "requestBody": {
13889
14625
  "required": true,
13890
14626
  "content": {
@@ -14165,28 +14901,6 @@
14165
14901
  "source": "import { EmailClient } from \"@wspc/client\"\nconst email = new EmailClient({ baseUrl: \"https://api.wspc.ai\", apiKey: process.env.WSPC_API_KEY! })\nawait email.send({\n from_alias_email: \"alice-shop@wspc.app\",\n to: [\"alice@example.com\"],\n subject: \"Welcome to WSPC\",\n text: \"Hi Alice — welcome aboard.\",\n idempotency_key: \"retry-20260601-001\",\n})"
14166
14902
  }
14167
14903
  ],
14168
- "parameters": [
14169
- {
14170
- "schema": {
14171
- "type": "string",
14172
- "enum": [
14173
- "user",
14174
- "agent"
14175
- ]
14176
- },
14177
- "required": false,
14178
- "name": "X-Wspc-Actor",
14179
- "in": "header"
14180
- },
14181
- {
14182
- "schema": {
14183
- "type": "string"
14184
- },
14185
- "required": false,
14186
- "name": "X-Wspc-Agent-Label",
14187
- "in": "header"
14188
- }
14189
- ],
14190
14904
  "requestBody": {
14191
14905
  "required": true,
14192
14906
  "content": {
@@ -14594,7 +15308,7 @@
14594
15308
  {
14595
15309
  "lang": "bash",
14596
15310
  "label": "wspc CLI",
14597
- "source": "wspc push config rm --transport telegram"
15311
+ "source": "wspc push config rm telegram"
14598
15312
  },
14599
15313
  {
14600
15314
  "lang": "typescript",
@@ -14602,6 +15316,12 @@
14602
15316
  "source": "import { PushClient } from \"@wspc/client\"\nconst push = new PushClient({ baseUrl: \"https://push.wspc.app\", apiKey: process.env.WSPC_API_KEY! })\nawait push.configDelete(\"telegram\")"
14603
15317
  }
14604
15318
  ],
15319
+ "x-cli": {
15320
+ "command": "push config rm",
15321
+ "positional": [
15322
+ "transport"
15323
+ ]
15324
+ },
14605
15325
  "parameters": [
14606
15326
  {
14607
15327
  "schema": {
@@ -14612,26 +15332,6 @@
14612
15332
  "description": "Transport name to delete (e.g. `telegram`). Only transports the caller has previously registered exist; unknown values return 400 `UNKNOWN_TRANSPORT`.",
14613
15333
  "name": "transport",
14614
15334
  "in": "path"
14615
- },
14616
- {
14617
- "schema": {
14618
- "type": "string",
14619
- "enum": [
14620
- "user",
14621
- "agent"
14622
- ]
14623
- },
14624
- "required": false,
14625
- "name": "X-Wspc-Actor",
14626
- "in": "header"
14627
- },
14628
- {
14629
- "schema": {
14630
- "type": "string"
14631
- },
14632
- "required": false,
14633
- "name": "X-Wspc-Agent-Label",
14634
- "in": "header"
14635
15335
  }
14636
15336
  ],
14637
15337
  "responses": {
@@ -14881,7 +15581,7 @@
14881
15581
  {
14882
15582
  "lang": "bash",
14883
15583
  "label": "wspc CLI",
14884
- "source": "wspc push config set --transport telegram --target-bot @your_agent_bot --skip-test"
15584
+ "source": "wspc push config set --transport telegram --target-bot @your_agent_bot"
14885
15585
  },
14886
15586
  {
14887
15587
  "lang": "typescript",
@@ -14889,28 +15589,22 @@
14889
15589
  "source": "import { PushClient } from \"@wspc/client\"\nconst push = new PushClient({ baseUrl: \"https://push.wspc.app\", apiKey: process.env.WSPC_API_KEY! })\nawait push.configSet({ transport: \"telegram\", target_bot_username: \"@your_agent_bot\" })"
14890
15590
  }
14891
15591
  ],
14892
- "parameters": [
14893
- {
14894
- "schema": {
14895
- "type": "string",
14896
- "enum": [
14897
- "user",
14898
- "agent"
14899
- ]
14900
- },
14901
- "required": false,
14902
- "name": "X-Wspc-Actor",
14903
- "in": "header"
15592
+ "x-cli": {
15593
+ "command": "push config set",
15594
+ "body": {
15595
+ "unwrap": "config"
14904
15596
  },
14905
- {
14906
- "schema": {
14907
- "type": "string"
14908
- },
14909
- "required": false,
14910
- "name": "X-Wspc-Agent-Label",
14911
- "in": "header"
15597
+ "display": {
15598
+ "shape": "object",
15599
+ "fields": [
15600
+ "transport",
15601
+ "target_bot_username"
15602
+ ],
15603
+ "format": {
15604
+ "transport": "truncate"
15605
+ }
14912
15606
  }
14913
- ],
15607
+ },
14914
15608
  "requestBody": {
14915
15609
  "required": true,
14916
15610
  "content": {
@@ -15211,28 +15905,41 @@
15211
15905
  "source": "import { PushClient } from \"@wspc/client\"\nconst push = new PushClient({ baseUrl: \"https://push.wspc.app\", apiKey: process.env.WSPC_API_KEY! })\nconst { configs } = await push.configList()"
15212
15906
  }
15213
15907
  ],
15214
- "parameters": [
15215
- {
15216
- "schema": {
15217
- "type": "string",
15218
- "enum": [
15219
- "user",
15220
- "agent"
15221
- ]
15908
+ "x-cli": {
15909
+ "command": "push config show",
15910
+ "display": {
15911
+ "shape": "list",
15912
+ "dataPath": "configs",
15913
+ "columns": [
15914
+ "transport",
15915
+ "target_bot_username",
15916
+ "last_test_at",
15917
+ "last_test_status"
15918
+ ],
15919
+ "format": {
15920
+ "transport": "truncate",
15921
+ "last_test_at": "relative-time",
15922
+ "last_test_status": "enum-badge"
15222
15923
  },
15223
- "required": false,
15224
- "name": "X-Wspc-Actor",
15225
- "in": "header"
15226
- },
15227
- {
15228
- "schema": {
15229
- "type": "string"
15924
+ "enumColorMap": {
15925
+ "last_test_status": {
15926
+ "ok": {
15927
+ "label": "✓ ok",
15928
+ "color": "green"
15929
+ },
15930
+ "*": {
15931
+ "label": "✕ <value>",
15932
+ "color": "red"
15933
+ },
15934
+ "null": {
15935
+ "label": "—",
15936
+ "color": "dim"
15937
+ }
15938
+ }
15230
15939
  },
15231
- "required": false,
15232
- "name": "X-Wspc-Agent-Label",
15233
- "in": "header"
15940
+ "emptyMessage": "(no push transports registered)"
15234
15941
  }
15235
- ],
15942
+ },
15236
15943
  "responses": {
15237
15944
  "200": {
15238
15945
  "description": "All push transports registered for the authenticated user.",
@@ -15488,28 +16195,25 @@
15488
16195
  "source": "import { PushClient } from \"@wspc/client\"\nconst push = new PushClient({ baseUrl: \"https://push.wspc.app\", apiKey: process.env.WSPC_API_KEY! })\nconst result = await push.test(\"telegram\")"
15489
16196
  }
15490
16197
  ],
15491
- "parameters": [
15492
- {
15493
- "schema": {
15494
- "type": "string",
15495
- "enum": [
15496
- "user",
15497
- "agent"
15498
- ]
15499
- },
15500
- "required": false,
15501
- "name": "X-Wspc-Actor",
15502
- "in": "header"
16198
+ "x-cli": {
16199
+ "command": "push test",
16200
+ "exitOnField": {
16201
+ "path": "ok",
16202
+ "failOn": false
15503
16203
  },
15504
- {
15505
- "schema": {
15506
- "type": "string"
15507
- },
15508
- "required": false,
15509
- "name": "X-Wspc-Agent-Label",
15510
- "in": "header"
16204
+ "display": {
16205
+ "shape": "object",
16206
+ "fields": [
16207
+ "ok",
16208
+ "status",
16209
+ "detail",
16210
+ "durationMs"
16211
+ ],
16212
+ "format": {
16213
+ "ok": "bool-badge"
16214
+ }
15511
16215
  }
15512
- ],
16216
+ },
15513
16217
  "requestBody": {
15514
16218
  "required": true,
15515
16219
  "content": {
@@ -15837,28 +16541,6 @@
15837
16541
  "source": "await todo.projects.create({ name: \"Work\" })"
15838
16542
  }
15839
16543
  ],
15840
- "parameters": [
15841
- {
15842
- "schema": {
15843
- "type": "string",
15844
- "enum": [
15845
- "user",
15846
- "agent"
15847
- ]
15848
- },
15849
- "required": false,
15850
- "name": "X-Wspc-Actor",
15851
- "in": "header"
15852
- },
15853
- {
15854
- "schema": {
15855
- "type": "string"
15856
- },
15857
- "required": false,
15858
- "name": "X-Wspc-Agent-Label",
15859
- "in": "header"
15860
- }
15861
- ],
15862
16544
  "requestBody": {
15863
16545
  "content": {
15864
16546
  "application/json": {
@@ -16294,26 +16976,6 @@
16294
16976
  "description": "Set to `true` to include soft-deleted projects in the response.",
16295
16977
  "name": "include_deleted",
16296
16978
  "in": "query"
16297
- },
16298
- {
16299
- "schema": {
16300
- "type": "string",
16301
- "enum": [
16302
- "user",
16303
- "agent"
16304
- ]
16305
- },
16306
- "required": false,
16307
- "name": "X-Wspc-Actor",
16308
- "in": "header"
16309
- },
16310
- {
16311
- "schema": {
16312
- "type": "string"
16313
- },
16314
- "required": false,
16315
- "name": "X-Wspc-Agent-Label",
16316
- "in": "header"
16317
16979
  }
16318
16980
  ],
16319
16981
  "responses": {
@@ -16745,28 +17407,6 @@
16745
17407
  "source": "import { TodoClient } from \"@wspc/client\"\nconst todo = new TodoClient({ baseUrl: \"https://api.wspc.ai\", apiKey: process.env.WSPC_API_KEY! })\nawait todo.createRule({ title: \"Draft weekly review\", rrule: \"FREQ=WEEKLY;BYDAY=MO\", dtstart: \"2026-05-18\", project_id: \"prj_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\" })"
16746
17408
  }
16747
17409
  ],
16748
- "parameters": [
16749
- {
16750
- "schema": {
16751
- "type": "string",
16752
- "enum": [
16753
- "user",
16754
- "agent"
16755
- ]
16756
- },
16757
- "required": false,
16758
- "name": "X-Wspc-Actor",
16759
- "in": "header"
16760
- },
16761
- {
16762
- "schema": {
16763
- "type": "string"
16764
- },
16765
- "required": false,
16766
- "name": "X-Wspc-Agent-Label",
16767
- "in": "header"
16768
- }
16769
- ],
16770
17410
  "requestBody": {
16771
17411
  "content": {
16772
17412
  "application/json": {
@@ -17220,26 +17860,6 @@
17220
17860
  "required": false,
17221
17861
  "name": "user_id",
17222
17862
  "in": "query"
17223
- },
17224
- {
17225
- "schema": {
17226
- "type": "string",
17227
- "enum": [
17228
- "user",
17229
- "agent"
17230
- ]
17231
- },
17232
- "required": false,
17233
- "name": "X-Wspc-Actor",
17234
- "in": "header"
17235
- },
17236
- {
17237
- "schema": {
17238
- "type": "string"
17239
- },
17240
- "required": false,
17241
- "name": "X-Wspc-Agent-Label",
17242
- "in": "header"
17243
17863
  }
17244
17864
  ],
17245
17865
  "responses": {
@@ -17664,28 +18284,6 @@
17664
18284
  "source": "import { TodoClient } from \"@wspc/client\"\nconst todo = new TodoClient({ baseUrl: \"https://api.wspc.ai\", apiKey: process.env.WSPC_API_KEY! })\nawait todo.create({ title: \"Buy milk\", due_at: \"2026-06-01\" })"
17665
18285
  }
17666
18286
  ],
17667
- "parameters": [
17668
- {
17669
- "schema": {
17670
- "type": "string",
17671
- "enum": [
17672
- "user",
17673
- "agent"
17674
- ]
17675
- },
17676
- "required": false,
17677
- "name": "X-Wspc-Actor",
17678
- "in": "header"
17679
- },
17680
- {
17681
- "schema": {
17682
- "type": "string"
17683
- },
17684
- "required": false,
17685
- "name": "X-Wspc-Agent-Label",
17686
- "in": "header"
17687
- }
17688
- ],
17689
18287
  "requestBody": {
17690
18288
  "content": {
17691
18289
  "application/json": {
@@ -18102,7 +18700,7 @@
18102
18700
  }
18103
18701
  },
18104
18702
  "summary": "List todos with filters",
18105
- "description": "### 🎯 Overview & Purpose\nReturn the caller's active or archived todos, with comprehensive options to filter by project, parent task, status, due-date window, and template visibility.\n\n### 🔍 When to Use\n* Use this to render the main todo board dashboard, query items due in a specific timeframe (using `due_after` and `due_before`), or lazy-load subtasks for an expanded parent todo by passing its ID.\n\n### 💡 Key Features & Constraints\n* **Required Parameter**: The `project_id` query parameter is strictly required and must match an active project.\n* **Parent Tasks**: Omitting `parent_id` lists root-level todos by default. Pass a todo id to list direct children of that specific task.\n* **Multi-Status Filters**: Multi-value `status` query is supported by repeating the parameter, e.g., `?status=open&status=in_progress`.\n* **Due-Date Windowing**: The `due_after` filter is inclusive, while `due_before` is exclusive, forming a half-open window `[due_after, due_before)`. Both parameters exclude todos with no due date.\n* **Template & Soft-Delete Visibility**: Soft-deleted todos are hidden unless `include_deleted=true`. Template todos backing recurrence rules are hidden unless `include_templates=true`.\n\n### ⚠️ Common Errors & Troubleshooting\n* **`VALIDATION_ERROR` (HTTP 400)**: Thrown if `project_id` is missing, or if query parameters fail schema validation.",
18703
+ "description": "### 🎯 Overview & Purpose\nReturn the caller's active or archived todos, with comprehensive options to filter by project, parent task, status, due-date window, and template visibility.\n\n### 🔍 When to Use\n* Use this to render the main todo board dashboard, query items due in a specific timeframe (using `due_after` and `due_before`), or lazy-load subtasks for an expanded parent todo by passing its ID.\n\n### 💡 Key Features & Constraints\n* **Required Parameter**: The `project_id` query parameter is strictly required and must match an active project.\n* **Parent Tasks**: Omitting `parent_id` lists root-level todos by default. Pass a todo id to list direct children of that specific task.\n* **Multi-Status Filters**: Multi-value `status` query is supported by repeating the parameter, e.g., `?status=open&status=in_progress`.\n* **Due-Date Windowing**: The `due_after` filter is inclusive, while `due_before` is exclusive, forming a half-open window `[due_after, due_before)`. Both parameters exclude todos with no due date.\n* **Template & Soft-Delete Visibility**: Soft-deleted todos are hidden unless `include_deleted=true`. Template todos backing recurrence rules are hidden unless `include_templates=true`.\n* **Custom-Field Filters (`cf.<key>=<value>`)**: Repeatable dynamic-prefix query parameters whose name follows the `cf.<key>` pattern (e.g. `?cf.priority=high&cf.team=eng`). Each pair is ANDed; for `string_array` custom fields the match is positive when the array contains the value. Keys must be declared on the project's todo type schema. Because the prefix is dynamic, these parameters cannot be expressed in the JSON Schema below — clients must construct them from the URL query string directly.\n\n### ⚠️ Common Errors & Troubleshooting\n* **`VALIDATION_ERROR` (HTTP 400)**: Thrown if `project_id` is missing, or if query parameters fail schema validation.",
18106
18704
  "security": [
18107
18705
  {
18108
18706
  "bearerAuth": []
@@ -18263,33 +18861,13 @@
18263
18861
  "type": "array",
18264
18862
  "items": {
18265
18863
  "type": "string"
18266
- }
18267
- }
18268
- ]
18269
- },
18270
- "required": false,
18271
- "name": "include_orphan_fields",
18272
- "in": "query"
18273
- },
18274
- {
18275
- "schema": {
18276
- "type": "string",
18277
- "enum": [
18278
- "user",
18279
- "agent"
18864
+ }
18865
+ }
18280
18866
  ]
18281
18867
  },
18282
18868
  "required": false,
18283
- "name": "X-Wspc-Actor",
18284
- "in": "header"
18285
- },
18286
- {
18287
- "schema": {
18288
- "type": "string"
18289
- },
18290
- "required": false,
18291
- "name": "X-Wspc-Agent-Label",
18292
- "in": "header"
18869
+ "name": "include_orphan_fields",
18870
+ "in": "query"
18293
18871
  }
18294
18872
  ],
18295
18873
  "responses": {
@@ -18704,28 +19282,6 @@
18704
19282
  "source": "await todo.types.create({ label: \"Task\" })"
18705
19283
  }
18706
19284
  ],
18707
- "parameters": [
18708
- {
18709
- "schema": {
18710
- "type": "string",
18711
- "enum": [
18712
- "user",
18713
- "agent"
18714
- ]
18715
- },
18716
- "required": false,
18717
- "name": "X-Wspc-Actor",
18718
- "in": "header"
18719
- },
18720
- {
18721
- "schema": {
18722
- "type": "string"
18723
- },
18724
- "required": false,
18725
- "name": "X-Wspc-Agent-Label",
18726
- "in": "header"
18727
- }
18728
- ],
18729
19285
  "requestBody": {
18730
19286
  "content": {
18731
19287
  "application/json": {
@@ -19146,26 +19702,6 @@
19146
19702
  "required": false,
19147
19703
  "name": "include_deleted",
19148
19704
  "in": "query"
19149
- },
19150
- {
19151
- "schema": {
19152
- "type": "string",
19153
- "enum": [
19154
- "user",
19155
- "agent"
19156
- ]
19157
- },
19158
- "required": false,
19159
- "name": "X-Wspc-Actor",
19160
- "in": "header"
19161
- },
19162
- {
19163
- "schema": {
19164
- "type": "string"
19165
- },
19166
- "required": false,
19167
- "name": "X-Wspc-Agent-Label",
19168
- "in": "header"
19169
19705
  }
19170
19706
  ],
19171
19707
  "responses": {
@@ -19561,26 +20097,6 @@
19561
20097
  "description": "Project id (`prj_<ULID>`).",
19562
20098
  "name": "id",
19563
20099
  "in": "path"
19564
- },
19565
- {
19566
- "schema": {
19567
- "type": "string",
19568
- "enum": [
19569
- "user",
19570
- "agent"
19571
- ]
19572
- },
19573
- "required": false,
19574
- "name": "X-Wspc-Actor",
19575
- "in": "header"
19576
- },
19577
- {
19578
- "schema": {
19579
- "type": "string"
19580
- },
19581
- "required": false,
19582
- "name": "X-Wspc-Agent-Label",
19583
- "in": "header"
19584
20100
  }
19585
20101
  ],
19586
20102
  "responses": {
@@ -19979,26 +20495,6 @@
19979
20495
  "description": "Project id (`prj_<ULID>`).",
19980
20496
  "name": "id",
19981
20497
  "in": "path"
19982
- },
19983
- {
19984
- "schema": {
19985
- "type": "string",
19986
- "enum": [
19987
- "user",
19988
- "agent"
19989
- ]
19990
- },
19991
- "required": false,
19992
- "name": "X-Wspc-Actor",
19993
- "in": "header"
19994
- },
19995
- {
19996
- "schema": {
19997
- "type": "string"
19998
- },
19999
- "required": false,
20000
- "name": "X-Wspc-Agent-Label",
20001
- "in": "header"
20002
20498
  }
20003
20499
  ],
20004
20500
  "responses": {
@@ -20396,26 +20892,6 @@
20396
20892
  "description": "Project id (`prj_<ULID>`).",
20397
20893
  "name": "id",
20398
20894
  "in": "path"
20399
- },
20400
- {
20401
- "schema": {
20402
- "type": "string",
20403
- "enum": [
20404
- "user",
20405
- "agent"
20406
- ]
20407
- },
20408
- "required": false,
20409
- "name": "X-Wspc-Actor",
20410
- "in": "header"
20411
- },
20412
- {
20413
- "schema": {
20414
- "type": "string"
20415
- },
20416
- "required": false,
20417
- "name": "X-Wspc-Agent-Label",
20418
- "in": "header"
20419
20895
  }
20420
20896
  ],
20421
20897
  "requestBody": {
@@ -20842,26 +21318,6 @@
20842
21318
  "required": true,
20843
21319
  "name": "id",
20844
21320
  "in": "path"
20845
- },
20846
- {
20847
- "schema": {
20848
- "type": "string",
20849
- "enum": [
20850
- "user",
20851
- "agent"
20852
- ]
20853
- },
20854
- "required": false,
20855
- "name": "X-Wspc-Actor",
20856
- "in": "header"
20857
- },
20858
- {
20859
- "schema": {
20860
- "type": "string"
20861
- },
20862
- "required": false,
20863
- "name": "X-Wspc-Agent-Label",
20864
- "in": "header"
20865
21321
  }
20866
21322
  ],
20867
21323
  "requestBody": {
@@ -21270,26 +21726,6 @@
21270
21726
  "required": true,
21271
21727
  "name": "id",
21272
21728
  "in": "path"
21273
- },
21274
- {
21275
- "schema": {
21276
- "type": "string",
21277
- "enum": [
21278
- "user",
21279
- "agent"
21280
- ]
21281
- },
21282
- "required": false,
21283
- "name": "X-Wspc-Actor",
21284
- "in": "header"
21285
- },
21286
- {
21287
- "schema": {
21288
- "type": "string"
21289
- },
21290
- "required": false,
21291
- "name": "X-Wspc-Agent-Label",
21292
- "in": "header"
21293
21729
  }
21294
21730
  ],
21295
21731
  "responses": {
@@ -21699,26 +22135,6 @@
21699
22135
  "required": true,
21700
22136
  "name": "id",
21701
22137
  "in": "path"
21702
- },
21703
- {
21704
- "schema": {
21705
- "type": "string",
21706
- "enum": [
21707
- "user",
21708
- "agent"
21709
- ]
21710
- },
21711
- "required": false,
21712
- "name": "X-Wspc-Actor",
21713
- "in": "header"
21714
- },
21715
- {
21716
- "schema": {
21717
- "type": "string"
21718
- },
21719
- "required": false,
21720
- "name": "X-Wspc-Agent-Label",
21721
- "in": "header"
21722
22138
  }
21723
22139
  ],
21724
22140
  "requestBody": {
@@ -22165,26 +22581,6 @@
22165
22581
  "required": true,
22166
22582
  "name": "id",
22167
22583
  "in": "path"
22168
- },
22169
- {
22170
- "schema": {
22171
- "type": "string",
22172
- "enum": [
22173
- "user",
22174
- "agent"
22175
- ]
22176
- },
22177
- "required": false,
22178
- "name": "X-Wspc-Actor",
22179
- "in": "header"
22180
- },
22181
- {
22182
- "schema": {
22183
- "type": "string"
22184
- },
22185
- "required": false,
22186
- "name": "X-Wspc-Agent-Label",
22187
- "in": "header"
22188
22584
  }
22189
22585
  ],
22190
22586
  "requestBody": {
@@ -22645,23 +23041,21 @@
22645
23041
  },
22646
23042
  {
22647
23043
  "schema": {
22648
- "type": "string",
22649
- "enum": [
22650
- "user",
22651
- "agent"
23044
+ "anyOf": [
23045
+ {
23046
+ "type": "string"
23047
+ },
23048
+ {
23049
+ "type": "array",
23050
+ "items": {
23051
+ "type": "string"
23052
+ }
23053
+ }
22652
23054
  ]
22653
23055
  },
22654
23056
  "required": false,
22655
- "name": "X-Wspc-Actor",
22656
- "in": "header"
22657
- },
22658
- {
22659
- "schema": {
22660
- "type": "string"
22661
- },
22662
- "required": false,
22663
- "name": "X-Wspc-Agent-Label",
22664
- "in": "header"
23057
+ "name": "include_orphan_fields",
23058
+ "in": "query"
22665
23059
  }
22666
23060
  ],
22667
23061
  "responses": {
@@ -23083,26 +23477,6 @@
23083
23477
  "required": true,
23084
23478
  "name": "id",
23085
23479
  "in": "path"
23086
- },
23087
- {
23088
- "schema": {
23089
- "type": "string",
23090
- "enum": [
23091
- "user",
23092
- "agent"
23093
- ]
23094
- },
23095
- "required": false,
23096
- "name": "X-Wspc-Actor",
23097
- "in": "header"
23098
- },
23099
- {
23100
- "schema": {
23101
- "type": "string"
23102
- },
23103
- "required": false,
23104
- "name": "X-Wspc-Agent-Label",
23105
- "in": "header"
23106
23480
  }
23107
23481
  ],
23108
23482
  "requestBody": {
@@ -23537,26 +23911,6 @@
23537
23911
  "required": true,
23538
23912
  "name": "id",
23539
23913
  "in": "path"
23540
- },
23541
- {
23542
- "schema": {
23543
- "type": "string",
23544
- "enum": [
23545
- "user",
23546
- "agent"
23547
- ]
23548
- },
23549
- "required": false,
23550
- "name": "X-Wspc-Actor",
23551
- "in": "header"
23552
- },
23553
- {
23554
- "schema": {
23555
- "type": "string"
23556
- },
23557
- "required": false,
23558
- "name": "X-Wspc-Agent-Label",
23559
- "in": "header"
23560
23914
  }
23561
23915
  ],
23562
23916
  "responses": {
@@ -23936,26 +24290,6 @@
23936
24290
  "required": true,
23937
24291
  "name": "id",
23938
24292
  "in": "path"
23939
- },
23940
- {
23941
- "schema": {
23942
- "type": "string",
23943
- "enum": [
23944
- "user",
23945
- "agent"
23946
- ]
23947
- },
23948
- "required": false,
23949
- "name": "X-Wspc-Actor",
23950
- "in": "header"
23951
- },
23952
- {
23953
- "schema": {
23954
- "type": "string"
23955
- },
23956
- "required": false,
23957
- "name": "X-Wspc-Agent-Label",
23958
- "in": "header"
23959
24293
  }
23960
24294
  ],
23961
24295
  "responses": {
@@ -24335,26 +24669,6 @@
24335
24669
  "required": true,
24336
24670
  "name": "id",
24337
24671
  "in": "path"
24338
- },
24339
- {
24340
- "schema": {
24341
- "type": "string",
24342
- "enum": [
24343
- "user",
24344
- "agent"
24345
- ]
24346
- },
24347
- "required": false,
24348
- "name": "X-Wspc-Actor",
24349
- "in": "header"
24350
- },
24351
- {
24352
- "schema": {
24353
- "type": "string"
24354
- },
24355
- "required": false,
24356
- "name": "X-Wspc-Agent-Label",
24357
- "in": "header"
24358
24672
  }
24359
24673
  ],
24360
24674
  "requestBody": {
@@ -24743,26 +25057,6 @@
24743
25057
  "description": "Project id (`prj_<ULID>`).",
24744
25058
  "name": "id",
24745
25059
  "in": "path"
24746
- },
24747
- {
24748
- "schema": {
24749
- "type": "string",
24750
- "enum": [
24751
- "user",
24752
- "agent"
24753
- ]
24754
- },
24755
- "required": false,
24756
- "name": "X-Wspc-Actor",
24757
- "in": "header"
24758
- },
24759
- {
24760
- "schema": {
24761
- "type": "string"
24762
- },
24763
- "required": false,
24764
- "name": "X-Wspc-Agent-Label",
24765
- "in": "header"
24766
25060
  }
24767
25061
  ],
24768
25062
  "responses": {
@@ -25154,26 +25448,6 @@
25154
25448
  "required": true,
25155
25449
  "name": "id",
25156
25450
  "in": "path"
25157
- },
25158
- {
25159
- "schema": {
25160
- "type": "string",
25161
- "enum": [
25162
- "user",
25163
- "agent"
25164
- ]
25165
- },
25166
- "required": false,
25167
- "name": "X-Wspc-Actor",
25168
- "in": "header"
25169
- },
25170
- {
25171
- "schema": {
25172
- "type": "string"
25173
- },
25174
- "required": false,
25175
- "name": "X-Wspc-Agent-Label",
25176
- "in": "header"
25177
25451
  }
25178
25452
  ],
25179
25453
  "requestBody": {
@@ -25590,26 +25864,6 @@
25590
25864
  "required": true,
25591
25865
  "name": "id",
25592
25866
  "in": "path"
25593
- },
25594
- {
25595
- "schema": {
25596
- "type": "string",
25597
- "enum": [
25598
- "user",
25599
- "agent"
25600
- ]
25601
- },
25602
- "required": false,
25603
- "name": "X-Wspc-Actor",
25604
- "in": "header"
25605
- },
25606
- {
25607
- "schema": {
25608
- "type": "string"
25609
- },
25610
- "required": false,
25611
- "name": "X-Wspc-Agent-Label",
25612
- "in": "header"
25613
25867
  }
25614
25868
  ],
25615
25869
  "responses": {