@wspc/cli 0.0.5 → 0.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/cli.js +147 -81
  2. package/dist/cli.js.map +1 -1
  3. package/dist/index.d.ts +3 -27
  4. package/dist/index.js +4 -4
  5. package/dist/index.js.map +1 -1
  6. package/package.json +1 -1
  7. package/spec/openapi.json +1564 -1446
package/spec/openapi.json CHANGED
@@ -5,6 +5,11 @@
5
5
  "version": "0.1.0",
6
6
  "description": "Merged OpenAPI document covering every wspc worker (auth, todo, calendar, email, push). For per-domain browsing use api.wspc.ai/<domain>/docs."
7
7
  },
8
+ "servers": [
9
+ {
10
+ "url": "https://api.wspc.ai"
11
+ }
12
+ ],
8
13
  "components": {
9
14
  "securitySchemes": {
10
15
  "bearerAuth": {
@@ -127,6 +132,7 @@
127
132
  },
128
133
  "name": {
129
134
  "type": "string",
135
+ "maxLength": 100,
130
136
  "description": "Human-readable organization name shown in dashboards and headers. Defaults to the owner's display name at signup; changeable via future org-admin endpoints."
131
137
  },
132
138
  "created_at": {
@@ -640,6 +646,64 @@
640
646
  "scope"
641
647
  ]
642
648
  },
649
+ "UpdateApiKeyBody": {
650
+ "type": "object",
651
+ "properties": {
652
+ "label": {
653
+ "type": "string",
654
+ "minLength": 1,
655
+ "maxLength": 60,
656
+ "description": "Human-readable label for the key (1–60 chars after trimming)."
657
+ }
658
+ },
659
+ "required": [
660
+ "label"
661
+ ]
662
+ },
663
+ "UpdateApiKeyResponse": {
664
+ "type": "object",
665
+ "properties": {
666
+ "id": {
667
+ "type": "string",
668
+ "description": "Stable API key id (`key_<ULID>`). Use this id to revoke the key via `DELETE /auth/keys/{id}`. The full plaintext key is never returned here — only at create time."
669
+ },
670
+ "label": {
671
+ "type": "string",
672
+ "description": "Caller-supplied label for distinguishing keys (e.g. machine, agent, or environment). Trimmed and validated to 1–60 chars at create time. Update support is not yet provided — pick a meaningful label up front."
673
+ },
674
+ "key_last4": {
675
+ "type": "string",
676
+ "description": "Last 4 characters of the plaintext key. Lets the user identify a key in lists without exposing the secret. Absent on legacy rows created before this field was tracked."
677
+ },
678
+ "created_at": {
679
+ "type": "number",
680
+ "description": "Unix epoch in milliseconds at which the key was created."
681
+ },
682
+ "last_used_at": {
683
+ "type": "number",
684
+ "description": "Unix epoch in milliseconds of the most recent successful authentication with this key. Absent if the key has never been used. Useful for spotting keys safe to revoke."
685
+ }
686
+ },
687
+ "required": [
688
+ "id",
689
+ "label",
690
+ "created_at"
691
+ ]
692
+ },
693
+ "UpdateOrgInput": {
694
+ "type": "object",
695
+ "properties": {
696
+ "name": {
697
+ "type": "string",
698
+ "minLength": 1,
699
+ "maxLength": 100,
700
+ "description": "The new name for the organization. Cannot be empty or purely whitespace."
701
+ }
702
+ },
703
+ "required": [
704
+ "name"
705
+ ]
706
+ },
643
707
  "VerifyCodeBody": {
644
708
  "type": "object",
645
709
  "properties": {
@@ -685,10 +749,12 @@
685
749
  "title": {
686
750
  "type": "string",
687
751
  "minLength": 1,
752
+ "maxLength": 500,
688
753
  "description": "Short human-readable summary of the event. Shown in list views and `.ics` SUMMARY."
689
754
  },
690
755
  "description": {
691
756
  "type": "string",
757
+ "maxLength": 10000,
692
758
  "description": "Free-form notes about the event (agenda, dial-in instructions, etc.). Markdown formatted (CommonMark + GFM tables, strikethrough, task lists); stored verbatim. Invitation emails include the raw source — most email clients display it as plain text."
693
759
  },
694
760
  "start": {
@@ -701,6 +767,7 @@
701
767
  },
702
768
  "location": {
703
769
  "type": "string",
770
+ "maxLength": 10000,
704
771
  "description": "Free-text location — physical address, room, or short note. Separate from `url` (meeting link)."
705
772
  },
706
773
  "url": {
@@ -958,10 +1025,12 @@
958
1025
  "title": {
959
1026
  "type": "string",
960
1027
  "minLength": 1,
1028
+ "maxLength": 500,
961
1029
  "description": "New event title. Omit to leave unchanged."
962
1030
  },
963
1031
  "description": {
964
1032
  "type": "string",
1033
+ "maxLength": 10000,
965
1034
  "description": "New description. Markdown formatted (CommonMark + GFM tables, strikethrough, task lists). Pass an empty string to clear; omit to leave unchanged."
966
1035
  },
967
1036
  "start": {
@@ -974,6 +1043,7 @@
974
1043
  },
975
1044
  "location": {
976
1045
  "type": "string",
1046
+ "maxLength": 10000,
977
1047
  "description": "New location. Pass an empty string to clear; omit to leave unchanged."
978
1048
  },
979
1049
  "url": {
@@ -1227,12 +1297,12 @@
1227
1297
  },
1228
1298
  "subject": {
1229
1299
  "type": "string",
1300
+ "maxLength": 500,
1230
1301
  "description": "Outbound subject. Required for a fresh send; may be omitted on reply (the server prefixes the inbound subject with `Re: `)."
1231
1302
  },
1232
1303
  "text": {
1233
1304
  "type": "string",
1234
1305
  "minLength": 1,
1235
- "maxLength": 102400,
1236
1306
  "description": "Plain-text body. 1 byte to 100 KiB. HTML bodies are not exposed in the v1 send API — agents compose plain text and clients render as desired."
1237
1307
  },
1238
1308
  "in_reply_to_email_id": {
@@ -1342,6 +1412,7 @@
1342
1412
  },
1343
1413
  "subject": {
1344
1414
  "type": "string",
1415
+ "maxLength": 500,
1345
1416
  "description": "Outbound subject as sent (may include `Re: ` prefix for replies)."
1346
1417
  },
1347
1418
  "text_body": {
@@ -1618,7 +1689,8 @@
1618
1689
  "properties": {
1619
1690
  "name": {
1620
1691
  "type": "string",
1621
- "minLength": 1
1692
+ "minLength": 1,
1693
+ "maxLength": 500
1622
1694
  },
1623
1695
  "default_todo_type_id": {
1624
1696
  "type": "string"
@@ -1682,10 +1754,12 @@
1682
1754
  },
1683
1755
  "title": {
1684
1756
  "type": "string",
1685
- "minLength": 1
1757
+ "minLength": 1,
1758
+ "maxLength": 500
1686
1759
  },
1687
1760
  "description": {
1688
- "type": "string"
1761
+ "type": "string",
1762
+ "maxLength": 10000
1689
1763
  },
1690
1764
  "parent_id": {
1691
1765
  "anyOf": [
@@ -1780,6 +1854,7 @@
1780
1854
  "title": {
1781
1855
  "type": "string",
1782
1856
  "minLength": 1,
1857
+ "maxLength": 500,
1783
1858
  "description": "Short human-readable summary of the work item. Required, non-empty. Shown as the primary label in CLI list output."
1784
1859
  },
1785
1860
  "project_id": {
@@ -1789,6 +1864,7 @@
1789
1864
  },
1790
1865
  "description": {
1791
1866
  "type": "string",
1867
+ "maxLength": 10000,
1792
1868
  "description": "Free-form details about the todo. Fully supports GFM Markdown (tables, strikethrough, task lists). Stored verbatim; client applications are responsible for rendering. Optional. Passing `null` is strictly rejected."
1793
1869
  },
1794
1870
  "parent_id": {
@@ -1938,7 +2014,8 @@
1938
2014
  "properties": {
1939
2015
  "label": {
1940
2016
  "type": "string",
1941
- "minLength": 1
2017
+ "minLength": 1,
2018
+ "maxLength": 500
1942
2019
  },
1943
2020
  "project_id": {
1944
2021
  "type": "string",
@@ -2312,6 +2389,19 @@
2312
2389
  }
2313
2390
  }
2314
2391
  ]
2392
+ },
2393
+ "include_orphan_fields": {
2394
+ "anyOf": [
2395
+ {
2396
+ "type": "string"
2397
+ },
2398
+ {
2399
+ "type": "array",
2400
+ "items": {
2401
+ "type": "string"
2402
+ }
2403
+ }
2404
+ ]
2315
2405
  }
2316
2406
  }
2317
2407
  },
@@ -2402,7 +2492,8 @@
2402
2492
  },
2403
2493
  "name": {
2404
2494
  "type": "string",
2405
- "minLength": 1
2495
+ "minLength": 1,
2496
+ "maxLength": 500
2406
2497
  },
2407
2498
  "default_todo_type_id": {
2408
2499
  "type": "string"
@@ -2426,10 +2517,12 @@
2426
2517
  },
2427
2518
  "title": {
2428
2519
  "type": "string",
2429
- "minLength": 1
2520
+ "minLength": 1,
2521
+ "maxLength": 500
2430
2522
  },
2431
2523
  "description": {
2432
- "type": "string"
2524
+ "type": "string",
2525
+ "maxLength": 10000
2433
2526
  },
2434
2527
  "parent_id": {
2435
2528
  "anyOf": [
@@ -2454,10 +2547,12 @@
2454
2547
  "title": {
2455
2548
  "type": "string",
2456
2549
  "minLength": 1,
2550
+ "maxLength": 500,
2457
2551
  "description": "New title. Omit to leave the existing title unchanged. Must be non-empty when supplied."
2458
2552
  },
2459
2553
  "description": {
2460
2554
  "type": "string",
2555
+ "maxLength": 10000,
2461
2556
  "description": "New description. Markdown formatted (CommonMark + GFM tables, strikethrough, task lists). Pass empty string `\"\"` explicitly to clear an existing description, or omit to leave unchanged. Passing `null` is strictly rejected."
2462
2557
  },
2463
2558
  "parent_id": {
@@ -2527,7 +2622,8 @@
2527
2622
  },
2528
2623
  "label": {
2529
2624
  "type": "string",
2530
- "minLength": 1
2625
+ "minLength": 1,
2626
+ "maxLength": 500
2531
2627
  },
2532
2628
  "hide_core_fields": {
2533
2629
  "type": "array",
@@ -2663,28 +2759,6 @@
2663
2759
  "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nconst { api_key } = await auth.createKey(process.env.WSPC_API_KEY!, { label: \"Claude\" })"
2664
2760
  }
2665
2761
  ],
2666
- "parameters": [
2667
- {
2668
- "schema": {
2669
- "type": "string",
2670
- "enum": [
2671
- "user",
2672
- "agent"
2673
- ]
2674
- },
2675
- "required": false,
2676
- "name": "X-Wspc-Actor",
2677
- "in": "header"
2678
- },
2679
- {
2680
- "schema": {
2681
- "type": "string"
2682
- },
2683
- "required": false,
2684
- "name": "X-Wspc-Agent-Label",
2685
- "in": "header"
2686
- }
2687
- ],
2688
2762
  "requestBody": {
2689
2763
  "required": true,
2690
2764
  "content": {
@@ -3080,28 +3154,6 @@
3080
3154
  "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nconst { keys } = await auth.listKeys(process.env.WSPC_API_KEY!)"
3081
3155
  }
3082
3156
  ],
3083
- "parameters": [
3084
- {
3085
- "schema": {
3086
- "type": "string",
3087
- "enum": [
3088
- "user",
3089
- "agent"
3090
- ]
3091
- },
3092
- "required": false,
3093
- "name": "X-Wspc-Actor",
3094
- "in": "header"
3095
- },
3096
- {
3097
- "schema": {
3098
- "type": "string"
3099
- },
3100
- "required": false,
3101
- "name": "X-Wspc-Agent-Label",
3102
- "in": "header"
3103
- }
3104
- ],
3105
3157
  "responses": {
3106
3158
  "200": {
3107
3159
  "description": "List of active API keys and the id of the key used for this request.",
@@ -3447,7 +3499,7 @@
3447
3499
  ],
3448
3500
  "security": [],
3449
3501
  "summary": "Start the device authorization grant",
3450
- "description": "### Overview\nImplements the RFC 8628 (§3.2) device authorization endpoint. It returns a `device_code` (for polling) and a `user_code` with a `verification_uri` for users to approve the client on another device.\n\n### When to Use\n- Use this endpoint in input-constrained environments (like CLI tools, IoT devices, or headless scripts) where direct web browser redirects are impractical or impossible.\n\n### Constraints\n- Public endpoint (no authentication required).\n- **Formats**: Accepts both `application/json` and `application/x-www-form-urlencoded` request formats (though OpenAPI documents JSON only).\n\n### Troubleshooting\n- **400 Bad Request**: The `client_id` is missing, invalid, or does not exist.\n- **429 Too Many Requests**: Device code request rate has been exceeded.",
3502
+ "description": "### Overview\nImplements the RFC 8628 (§3.2) device authorization endpoint. It returns a `device_code` (for polling) and a `user_code` with a `verification_uri` for users to approve the client on another device.\n\n### When to Use\n- Use this endpoint in input-constrained environments (like CLI tools, IoT devices, or headless scripts) where direct web browser redirects are impractical or impossible.\n\n### Constraints\n- Public endpoint (no authentication required).\n- **Formats**: Accepts both `application/json` and `application/x-www-form-urlencoded` request bodies. The body shape is identical in both encodings.\n\n### Troubleshooting\n- **400 Bad Request**: The `client_id` is missing, invalid, or does not exist.\n- **429 Too Many Requests**: Device code request rate has been exceeded.",
3451
3503
  "x-codeSamples": [
3452
3504
  {
3453
3505
  "lang": "shell",
@@ -3465,28 +3517,6 @@
3465
3517
  "source": "// TODO: client method pending\n// Expected shape:\n// const dev = await fetch(\"https://api.wspc.ai/auth/oauth/device\", {\n// method: \"POST\",\n// headers: { \"Content-Type\": \"application/json\" },\n// body: JSON.stringify({ client_id: \"oac_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\" }),\n// }).then(r => r.json())"
3466
3518
  }
3467
3519
  ],
3468
- "parameters": [
3469
- {
3470
- "schema": {
3471
- "type": "string",
3472
- "enum": [
3473
- "user",
3474
- "agent"
3475
- ]
3476
- },
3477
- "required": false,
3478
- "name": "X-Wspc-Actor",
3479
- "in": "header"
3480
- },
3481
- {
3482
- "schema": {
3483
- "type": "string"
3484
- },
3485
- "required": false,
3486
- "name": "X-Wspc-Agent-Label",
3487
- "in": "header"
3488
- }
3489
- ],
3490
3520
  "requestBody": {
3491
3521
  "content": {
3492
3522
  "application/json": {
@@ -3509,6 +3539,11 @@
3509
3539
  }
3510
3540
  }
3511
3541
  }
3542
+ },
3543
+ "application/x-www-form-urlencoded": {
3544
+ "schema": {
3545
+ "$ref": "#/components/schemas/OAuthDeviceBody"
3546
+ }
3512
3547
  }
3513
3548
  }
3514
3549
  },
@@ -3730,28 +3765,6 @@
3730
3765
  "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nconst org = await auth.getOrg(process.env.WSPC_API_KEY!)"
3731
3766
  }
3732
3767
  ],
3733
- "parameters": [
3734
- {
3735
- "schema": {
3736
- "type": "string",
3737
- "enum": [
3738
- "user",
3739
- "agent"
3740
- ]
3741
- },
3742
- "required": false,
3743
- "name": "X-Wspc-Actor",
3744
- "in": "header"
3745
- },
3746
- {
3747
- "schema": {
3748
- "type": "string"
3749
- },
3750
- "required": false,
3751
- "name": "X-Wspc-Agent-Label",
3752
- "in": "header"
3753
- }
3754
- ],
3755
3768
  "responses": {
3756
3769
  "200": {
3757
3770
  "description": "The authenticated user's organization.",
@@ -4087,31 +4100,31 @@
4087
4100
  }
4088
4101
  }
4089
4102
  }
4090
- }
4091
- },
4092
- "/auth/me": {
4093
- "get": {
4094
- "operationId": "auth_me",
4103
+ },
4104
+ "patch": {
4105
+ "operationId": "org_update",
4095
4106
  "tags": [
4096
- "Auth"
4107
+ "Org"
4097
4108
  ],
4098
4109
  "x-cli": {
4099
- "command": "auth me",
4110
+ "command": "org rename",
4100
4111
  "examples": [
4101
- "wspc auth me",
4102
- "wspc auth me --json"
4112
+ "wspc org rename \"New Name\"",
4113
+ "wspc org rename \"New Name\" --json"
4103
4114
  ],
4104
4115
  "display": {
4105
4116
  "shape": "object",
4106
4117
  "fields": [
4107
- "user_id",
4108
- "email",
4109
- "display_name",
4110
- "api_key_id"
4118
+ "id",
4119
+ "name",
4120
+ "created_at",
4121
+ "updated_at"
4111
4122
  ],
4112
4123
  "format": {
4113
- "user_id": "id-short",
4114
- "api_key_id": "id-short"
4124
+ "id": "id-short",
4125
+ "name": "truncate",
4126
+ "created_at": "relative-time",
4127
+ "updated_at": "relative-time"
4115
4128
  }
4116
4129
  }
4117
4130
  },
@@ -4120,72 +4133,41 @@
4120
4133
  "bearerAuth": []
4121
4134
  }
4122
4135
  ],
4123
- "summary": "Fetch the user identified by the bearer token",
4124
- "description": "### Overview\nRetrieves the stable identity profile (user ID, email, and optional display name) of the user associated with the active Bearer token. Works for both long-lived `wspc_*` API keys and OAuth access tokens.\n\n### When to Use\n- Use this endpoint (e.g., in `wspc verify` or `wspc whoami`) to confirm that the active environment's API key or OAuth access token remains valid.\n- Use it in UIs to display the logged-in user's profile details and retrieve the stable `user_id`.\n\n### Constraints\n- Requires a valid Bearer token (either a long-lived `wspc_*` API key or a temporary OAuth access token) in the `Authorization` header.\n- **Response Fields**: The `api_key_id` field is only returned if authenticated via a WSPC API key (prefixed with `wspc_`). OAuth access tokens will omit `api_key_id`. `display_name` is omitted if not configured.\n\n### Troubleshooting\n- **401 Unauthorized**: The Bearer token is missing, malformed, or has been revoked. Ensure the `Authorization` header matches the `Bearer <token>` format.",
4136
+ "summary": "Update the authenticated user's organization",
4137
+ "description": "### Overview\nUpdates the metadata (currently, the name) of the organization associated with the authenticated user.\n\n### Constraints\n- Requires a valid Bearer token.\n- The organization name cannot be empty or purely whitespace.\n- Maximum length is capped by `MAX_ORG_NAME_LEN`.",
4125
4138
  "x-codeSamples": [
4126
4139
  {
4127
4140
  "lang": "shell",
4128
4141
  "label": "curl",
4129
- "source": "curl https://api.wspc.ai/auth/me \\\n -H \"Authorization: Bearer $WSPC_API_KEY\""
4142
+ "source": "curl -X PATCH https://api.wspc.ai/auth/me/org \\\n -H \"Authorization: Bearer $WSPC_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"name\": \"New Name\"}'"
4130
4143
  },
4131
4144
  {
4132
4145
  "lang": "bash",
4133
4146
  "label": "wspc CLI",
4134
- "source": "wspc verify # checks the active env API key\nwspc verify --json # JSON output"
4147
+ "source": "wspc org rename \"New Name\""
4135
4148
  },
4136
4149
  {
4137
4150
  "lang": "typescript",
4138
4151
  "label": "@wspc/client",
4139
- "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nconst me = await auth.getMe(process.env.WSPC_API_KEY!)"
4152
+ "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nconst org = await auth.updateOrg(process.env.WSPC_API_KEY!, \"New Name\")"
4140
4153
  }
4141
4154
  ],
4142
- "parameters": [
4143
- {
4144
- "schema": {
4145
- "type": "string",
4146
- "enum": [
4147
- "user",
4148
- "agent"
4149
- ]
4150
- },
4151
- "required": false,
4152
- "name": "X-Wspc-Actor",
4153
- "in": "header"
4154
- },
4155
- {
4156
- "schema": {
4157
- "type": "string"
4158
- },
4159
- "required": false,
4160
- "name": "X-Wspc-Agent-Label",
4161
- "in": "header"
4155
+ "requestBody": {
4156
+ "content": {
4157
+ "application/json": {
4158
+ "schema": {
4159
+ "$ref": "#/components/schemas/UpdateOrgInput"
4160
+ }
4161
+ }
4162
4162
  }
4163
- ],
4163
+ },
4164
4164
  "responses": {
4165
4165
  "200": {
4166
- "description": "The bearer token is valid. The response carries the stable `user_id`, the user's email, and — for `wspc_*` API keys only — the `api_key_id` that authenticated the call.",
4166
+ "description": "The updated organization metadata.",
4167
4167
  "content": {
4168
4168
  "application/json": {
4169
4169
  "schema": {
4170
- "$ref": "#/components/schemas/GetMeResponse"
4171
- },
4172
- "examples": {
4173
- "apiKey": {
4174
- "summary": "Caller used a `wspc_*` API key",
4175
- "value": {
4176
- "user_id": "usr_01HW3K4N9V5G6Z8C2Q7B1Y0M3F",
4177
- "email": "alice@example.com",
4178
- "display_name": "Alice Example",
4179
- "api_key_id": "key_01HW3K4N9V5G6Z8C2Q7B1Y0M3F"
4180
- }
4181
- },
4182
- "oauthToken": {
4183
- "summary": "Caller used an OAuth access token",
4184
- "value": {
4185
- "user_id": "usr_01HW3K4N9V5G6Z8C2Q7B1Y0M3F",
4186
- "email": "alice@example.com"
4187
- }
4188
- }
4170
+ "$ref": "#/components/schemas/Org"
4189
4171
  }
4190
4172
  }
4191
4173
  }
@@ -4516,26 +4498,29 @@
4516
4498
  }
4517
4499
  }
4518
4500
  },
4519
- "/auth/me/org/members": {
4501
+ "/auth/me": {
4520
4502
  "get": {
4521
- "operationId": "org_members_list",
4503
+ "operationId": "auth_me",
4522
4504
  "tags": [
4523
- "Org"
4505
+ "Auth"
4524
4506
  ],
4525
4507
  "x-cli": {
4526
- "command": "org members",
4508
+ "command": "auth me",
4509
+ "examples": [
4510
+ "wspc auth me",
4511
+ "wspc auth me --json"
4512
+ ],
4527
4513
  "display": {
4528
- "shape": "list",
4529
- "dataPath": "members",
4530
- "columns": [
4514
+ "shape": "object",
4515
+ "fields": [
4531
4516
  "user_id",
4532
4517
  "email",
4533
4518
  "display_name",
4534
- "joined_at"
4519
+ "api_key_id"
4535
4520
  ],
4536
4521
  "format": {
4537
4522
  "user_id": "id-short",
4538
- "joined_at": "relative-time"
4523
+ "api_key_id": "id-short"
4539
4524
  }
4540
4525
  }
4541
4526
  },
@@ -4544,76 +4529,50 @@
4544
4529
  "bearerAuth": []
4545
4530
  }
4546
4531
  ],
4547
- "summary": "List members of the authenticated user's organization",
4548
- "description": "### Overview\nRetrieves a paginated list of all members belonging to the authenticated user's organization, including their basic profile information, emails, and roles.\n\n### When to Use\n- Use this endpoint to list members in command-line tools (e.g., `wspc org members ls`) or to display a team directory in a user dashboard.\n- Use this to paginate through large lists of organization members using cursor-based pagination.\n\n### Constraints\n- Requires a valid Bearer token in the `Authorization` header.\n- In the current version (v1), organizations are single-user only, meaning this endpoint will always return exactly one member (the caller).\n- **Pagination**: Supports cursor-based pagination. The `limit` query parameter must be a positive integer, defaulting to 50 and capped at a maximum of 100. Pass `cursor` from the previous response's `next_cursor` to fetch subsequent pages.\n\n### Troubleshooting\n- **401 Unauthorized**: The Bearer token is invalid or has expired.\n- **400 Bad Request**: The query parameters `limit` or `cursor` are malformed. Ensure `limit` is an integer between 1 and 100.\n- **404 Not Found**: The organization associated with this user was not found.",
4532
+ "summary": "Fetch the user identified by the bearer token",
4533
+ "description": "### Overview\nRetrieves the stable identity profile (user ID, email, and optional display name) of the user associated with the active Bearer token. Works for both long-lived `wspc_*` API keys and OAuth access tokens.\n\n### When to Use\n- Use this endpoint (e.g., in `wspc verify` or `wspc whoami`) to confirm that the active environment's API key or OAuth access token remains valid.\n- Use it in UIs to display the logged-in user's profile details and retrieve the stable `user_id`.\n\n### Constraints\n- Requires a valid Bearer token (either a long-lived `wspc_*` API key or a temporary OAuth access token) in the `Authorization` header.\n- **Response Fields**: The `api_key_id` field is only returned if authenticated via a WSPC API key (prefixed with `wspc_`). OAuth access tokens will omit `api_key_id`. `display_name` is omitted if not configured.\n\n### Troubleshooting\n- **401 Unauthorized**: The Bearer token is missing, malformed, or has been revoked. Ensure the `Authorization` header matches the `Bearer <token>` format.",
4549
4534
  "x-codeSamples": [
4550
4535
  {
4551
4536
  "lang": "shell",
4552
4537
  "label": "curl",
4553
- "source": "curl https://api.wspc.ai/auth/me/org/members \\\n -H \"Authorization: Bearer $WSPC_API_KEY\""
4538
+ "source": "curl https://api.wspc.ai/auth/me \\\n -H \"Authorization: Bearer $WSPC_API_KEY\""
4554
4539
  },
4555
4540
  {
4556
4541
  "lang": "bash",
4557
4542
  "label": "wspc CLI",
4558
- "source": "wspc org members ls"
4543
+ "source": "wspc verify # checks the active env API key\nwspc verify --json # JSON output"
4559
4544
  },
4560
4545
  {
4561
4546
  "lang": "typescript",
4562
4547
  "label": "@wspc/client",
4563
- "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nconst { members } = await auth.listOrgMembers(process.env.WSPC_API_KEY!)"
4564
- }
4565
- ],
4566
- "parameters": [
4567
- {
4568
- "schema": {
4569
- "type": "string",
4570
- "description": "Opaque pagination cursor. Pass the `next_cursor` returned by the previous page to fetch the next slice. Omit on the first call."
4571
- },
4572
- "required": false,
4573
- "description": "Opaque pagination cursor. Pass the `next_cursor` returned by the previous page to fetch the next slice. Omit on the first call.",
4574
- "name": "cursor",
4575
- "in": "query"
4576
- },
4577
- {
4578
- "schema": {
4579
- "type": "integer",
4580
- "minimum": 1,
4581
- "maximum": 100,
4582
- "description": "Maximum number of members to return in this page (1–100). Defaults to 50. Larger values trade fewer round-trips for more bytes per response."
4583
- },
4584
- "required": false,
4585
- "description": "Maximum number of members to return in this page (1–100). Defaults to 50. Larger values trade fewer round-trips for more bytes per response.",
4586
- "name": "limit",
4587
- "in": "query"
4588
- },
4589
- {
4590
- "schema": {
4591
- "type": "string",
4592
- "enum": [
4593
- "user",
4594
- "agent"
4595
- ]
4596
- },
4597
- "required": false,
4598
- "name": "X-Wspc-Actor",
4599
- "in": "header"
4600
- },
4601
- {
4602
- "schema": {
4603
- "type": "string"
4604
- },
4605
- "required": false,
4606
- "name": "X-Wspc-Agent-Label",
4607
- "in": "header"
4548
+ "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nconst me = await auth.getMe(process.env.WSPC_API_KEY!)"
4608
4549
  }
4609
4550
  ],
4610
4551
  "responses": {
4611
4552
  "200": {
4612
- "description": "List of organization members and optional cursor for next page.",
4553
+ "description": "The bearer token is valid. The response carries the stable `user_id`, the user's email, and for `wspc_*` API keys only — the `api_key_id` that authenticated the call.",
4613
4554
  "content": {
4614
4555
  "application/json": {
4615
4556
  "schema": {
4616
- "$ref": "#/components/schemas/ListOrgMembersResponse"
4557
+ "$ref": "#/components/schemas/GetMeResponse"
4558
+ },
4559
+ "examples": {
4560
+ "apiKey": {
4561
+ "summary": "Caller used a `wspc_*` API key",
4562
+ "value": {
4563
+ "user_id": "usr_01HW3K4N9V5G6Z8C2Q7B1Y0M3F",
4564
+ "email": "alice@example.com",
4565
+ "display_name": "Alice Example",
4566
+ "api_key_id": "key_01HW3K4N9V5G6Z8C2Q7B1Y0M3F"
4567
+ }
4568
+ },
4569
+ "oauthToken": {
4570
+ "summary": "Caller used an OAuth access token",
4571
+ "value": {
4572
+ "user_id": "usr_01HW3K4N9V5G6Z8C2Q7B1Y0M3F",
4573
+ "email": "alice@example.com"
4574
+ }
4575
+ }
4617
4576
  }
4618
4577
  }
4619
4578
  }
@@ -4944,69 +4903,84 @@
4944
4903
  }
4945
4904
  }
4946
4905
  },
4947
- "/.well-known/oauth-authorization-server": {
4906
+ "/auth/me/org/members": {
4948
4907
  "get": {
4949
- "operationId": "oauth_metadata",
4908
+ "operationId": "org_members_list",
4950
4909
  "tags": [
4951
- "OAuth"
4910
+ "Org"
4952
4911
  ],
4953
- "security": [],
4954
- "summary": "Discover OAuth 2.1 authorization-server metadata",
4955
- "description": "### Overview\nExposes the RFC 8414 OAuth 2.1 authorization server metadata document. This enables clients (like MCP servers, custom GPTs, and SDKs) to dynamically discover authorization, token, registration, device, and revocation endpoints instead of hard-coding them.\n\n### When to Use\n- Use this endpoint on first boot or setup of any OAuth client. To optimize performance, clients should cache this metadata, as it is highly stable per deployment environment.\n\n### Constraints\n- Public endpoint (no authentication required).\n- Currently advertises PKCE-only public clients (`token_endpoint_auth_methods_supported: [\"none\"]`, `code_challenge_methods_supported: [\"S256\"]`) and a single `wspc:full` scope.\n\n### Troubleshooting\n- **500 Internal Server Error**: Constructed endpoint URLs are invalid due to server-side configuration issues.",
4912
+ "x-cli": {
4913
+ "command": "org members",
4914
+ "display": {
4915
+ "shape": "list",
4916
+ "dataPath": "members",
4917
+ "columns": [
4918
+ "user_id",
4919
+ "email",
4920
+ "display_name",
4921
+ "joined_at"
4922
+ ],
4923
+ "format": {
4924
+ "user_id": "id-short",
4925
+ "joined_at": "relative-time"
4926
+ }
4927
+ }
4928
+ },
4929
+ "security": [
4930
+ {
4931
+ "bearerAuth": []
4932
+ }
4933
+ ],
4934
+ "summary": "List members of the authenticated user's organization",
4935
+ "description": "### Overview\nRetrieves a paginated list of all members belonging to the authenticated user's organization, including their basic profile information, emails, and roles.\n\n### When to Use\n- Use this endpoint to list members in command-line tools (e.g., `wspc org members ls`) or to display a team directory in a user dashboard.\n- Use this to paginate through large lists of organization members using cursor-based pagination.\n\n### Constraints\n- Requires a valid Bearer token in the `Authorization` header.\n- In the current version (v1), organizations are single-user only, meaning this endpoint will always return exactly one member (the caller).\n- **Pagination**: Supports cursor-based pagination. The `limit` query parameter must be a positive integer, defaulting to 50 and capped at a maximum of 100. Pass `cursor` from the previous response's `next_cursor` to fetch subsequent pages.\n\n### Troubleshooting\n- **401 Unauthorized**: The Bearer token is invalid or has expired.\n- **400 Bad Request**: The query parameters `limit` or `cursor` are malformed. Ensure `limit` is an integer between 1 and 100.\n- **404 Not Found**: The organization associated with this user was not found.",
4956
4936
  "x-codeSamples": [
4957
4937
  {
4958
4938
  "lang": "shell",
4959
4939
  "label": "curl",
4960
- "source": "curl https://api.wspc.ai/.well-known/oauth-authorization-server"
4940
+ "source": "curl https://api.wspc.ai/auth/me/org/members \\\n -H \"Authorization: Bearer $WSPC_API_KEY\""
4961
4941
  },
4962
4942
  {
4963
4943
  "lang": "bash",
4964
4944
  "label": "wspc CLI",
4965
- "source": "# No direct CLI command — OAuth is consumed by third-party clients"
4945
+ "source": "wspc org members ls"
4966
4946
  },
4967
4947
  {
4968
4948
  "lang": "typescript",
4969
4949
  "label": "@wspc/client",
4970
- "source": "// TODO: client method pending\n// Expected shape:\n// const meta = await fetch(\"https://api.wspc.ai/.well-known/oauth-authorization-server\").then(r => r.json())"
4950
+ "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nconst { members } = await auth.listOrgMembers(process.env.WSPC_API_KEY!)"
4951
+ }
4952
+ ],
4953
+ "parameters": [
4954
+ {
4955
+ "schema": {
4956
+ "type": "string",
4957
+ "description": "Opaque pagination cursor. Pass the `next_cursor` returned by the previous page to fetch the next slice. Omit on the first call."
4958
+ },
4959
+ "required": false,
4960
+ "description": "Opaque pagination cursor. Pass the `next_cursor` returned by the previous page to fetch the next slice. Omit on the first call.",
4961
+ "name": "cursor",
4962
+ "in": "query"
4963
+ },
4964
+ {
4965
+ "schema": {
4966
+ "type": "integer",
4967
+ "minimum": 1,
4968
+ "maximum": 100,
4969
+ "description": "Maximum number of members to return in this page (1–100). Defaults to 50. Larger values trade fewer round-trips for more bytes per response."
4970
+ },
4971
+ "required": false,
4972
+ "description": "Maximum number of members to return in this page (1–100). Defaults to 50. Larger values trade fewer round-trips for more bytes per response.",
4973
+ "name": "limit",
4974
+ "in": "query"
4971
4975
  }
4972
4976
  ],
4973
4977
  "responses": {
4974
4978
  "200": {
4975
- "description": "Authorization-server metadata document as defined by RFC 8414. Stable per environment; safe to cache for the lifetime of the client process.",
4979
+ "description": "List of organization members and optional cursor for next page.",
4976
4980
  "content": {
4977
4981
  "application/json": {
4978
4982
  "schema": {
4979
- "$ref": "#/components/schemas/OAuthAuthServerMetadata"
4980
- },
4981
- "examples": {
4982
- "happyPath": {
4983
- "summary": "Production metadata",
4984
- "value": {
4985
- "issuer": "https://api.wspc.ai",
4986
- "authorization_endpoint": "https://app.wspc.ai/authorize",
4987
- "token_endpoint": "https://api.wspc.ai/auth/oauth/token",
4988
- "registration_endpoint": "https://api.wspc.ai/auth/oauth/register",
4989
- "revocation_endpoint": "https://api.wspc.ai/auth/oauth/revoke",
4990
- "device_authorization_endpoint": "https://api.wspc.ai/auth/oauth/device",
4991
- "response_types_supported": [
4992
- "code"
4993
- ],
4994
- "grant_types_supported": [
4995
- "authorization_code",
4996
- "refresh_token",
4997
- "urn:ietf:params:oauth:grant-type:device_code"
4998
- ],
4999
- "code_challenge_methods_supported": [
5000
- "S256"
5001
- ],
5002
- "token_endpoint_auth_methods_supported": [
5003
- "none"
5004
- ],
5005
- "scopes_supported": [
5006
- "wspc:full"
5007
- ]
5008
- }
5009
- }
4983
+ "$ref": "#/components/schemas/ListOrgMembersResponse"
5010
4984
  }
5011
4985
  }
5012
4986
  }
@@ -5337,20 +5311,21 @@
5337
5311
  }
5338
5312
  }
5339
5313
  },
5340
- "/auth/oauth/register": {
5341
- "post": {
5342
- "operationId": "oauth_client_register",
5314
+ "/.well-known/oauth-authorization-server": {
5315
+ "get": {
5316
+ "operationId": "oauth_metadata",
5343
5317
  "tags": [
5344
5318
  "OAuth"
5345
5319
  ],
5320
+ "excludeActorHeaders": true,
5346
5321
  "security": [],
5347
- "summary": "Dynamically register an OAuth client",
5348
- "description": "### Overview\nImplements RFC 7591 dynamic client registration. This endpoint mints a unique `client_id` for a public OAuth client (e.g., an MCP server or third-party integration), enabling it to initiate OAuth authorization or device flows.\n\n### When to Use\n- Use this endpoint during the first-run installation or setup of an integration to dynamically generate a client identity. Persist the generated `client_id` for subsequent sessions.\n\n### Constraints\n- Public endpoint (no authentication required).\n- **Public Clients Only**: WSPC only supports public PKCE clients. Client secrets are not generated or returned.\n- **Redirect URI Matching**: All `redirect_uris` registered here must match exactly with those requested in the authorization endpoint later.\n\n### Troubleshooting\n- **400 Bad Request / invalid_client_metadata**: The request body is missing required fields like `client_name` or `redirect_uris`, or provides invalid parameters.\n- **429 Too Many Requests**: Dynamic registration requests from the requesting IP have exceeded the rate limit.",
5322
+ "summary": "Discover OAuth 2.1 authorization-server metadata",
5323
+ "description": "### Overview\nExposes the RFC 8414 OAuth 2.1 authorization server metadata document. This enables clients (like MCP servers, custom GPTs, and SDKs) to dynamically discover authorization, token, registration, device, and revocation endpoints instead of hard-coding them.\n\n### When to Use\n- Use this endpoint on first boot or setup of any OAuth client. To optimize performance, clients should cache this metadata, as it is highly stable per deployment environment.\n\n### Constraints\n- Public endpoint (no authentication required).\n- Currently advertises PKCE-only public clients (`token_endpoint_auth_methods_supported: [\"none\"]`, `code_challenge_methods_supported: [\"S256\"]`) and a single `wspc:full` scope.\n\n### Troubleshooting\n- **500 Internal Server Error**: Constructed endpoint URLs are invalid due to server-side configuration issues.",
5349
5324
  "x-codeSamples": [
5350
5325
  {
5351
5326
  "lang": "shell",
5352
5327
  "label": "curl",
5353
- "source": "curl -X POST https://api.wspc.ai/auth/oauth/register \\\n -H \"Content-Type: application/json\" \\\n -d '{\"client_name\":\"Acme MCP Agent\",\"redirect_uris\":[\"http://localhost:3000/callback\"]}'"
5328
+ "source": "curl https://api.wspc.ai/.well-known/oauth-authorization-server"
5354
5329
  },
5355
5330
  {
5356
5331
  "lang": "bash",
@@ -5360,89 +5335,44 @@
5360
5335
  {
5361
5336
  "lang": "typescript",
5362
5337
  "label": "@wspc/client",
5363
- "source": "// TODO: client method pending\n// Expected shape:\n// const reg = await fetch(\"https://api.wspc.ai/auth/oauth/register\", {\n// method: \"POST\",\n// headers: { \"Content-Type\": \"application/json\" },\n// body: JSON.stringify({ client_name: \"Acme MCP Agent\", redirect_uris: [\"http://localhost:3000/callback\"] }),\n// }).then(r => r.json())"
5364
- }
5365
- ],
5366
- "parameters": [
5367
- {
5368
- "schema": {
5369
- "type": "string",
5370
- "enum": [
5371
- "user",
5372
- "agent"
5373
- ]
5374
- },
5375
- "required": false,
5376
- "name": "X-Wspc-Actor",
5377
- "in": "header"
5378
- },
5379
- {
5380
- "schema": {
5381
- "type": "string"
5382
- },
5383
- "required": false,
5384
- "name": "X-Wspc-Agent-Label",
5385
- "in": "header"
5338
+ "source": "// TODO: client method pending\n// Expected shape:\n// const meta = await fetch(\"https://api.wspc.ai/.well-known/oauth-authorization-server\").then(r => r.json())"
5386
5339
  }
5387
5340
  ],
5388
- "requestBody": {
5389
- "content": {
5390
- "application/json": {
5391
- "schema": {
5392
- "$ref": "#/components/schemas/OAuthRegisterBody"
5393
- },
5394
- "examples": {
5395
- "minimal": {
5396
- "summary": "Register a local MCP client",
5397
- "value": {
5398
- "client_name": "Acme MCP Agent",
5399
- "redirect_uris": [
5400
- "http://localhost:3000/callback"
5401
- ]
5402
- }
5403
- },
5404
- "full": {
5405
- "summary": "Register with explicit grant types",
5406
- "value": {
5407
- "client_name": "Acme MCP Agent",
5408
- "redirect_uris": [
5409
- "http://localhost:3000/callback"
5410
- ],
5411
- "token_endpoint_auth_method": "none",
5412
- "grant_types": [
5413
- "authorization_code",
5414
- "refresh_token",
5415
- "urn:ietf:params:oauth:grant-type:device_code"
5416
- ]
5417
- }
5418
- }
5419
- }
5420
- }
5421
- }
5422
- },
5423
5341
  "responses": {
5424
- "201": {
5425
- "description": "Client registered. The response carries the newly minted `client_id` plus the echo of the registration request after defaults are applied.",
5342
+ "200": {
5343
+ "description": "Authorization-server metadata document as defined by RFC 8414. Stable per environment; safe to cache for the lifetime of the client process.",
5426
5344
  "content": {
5427
5345
  "application/json": {
5428
5346
  "schema": {
5429
- "$ref": "#/components/schemas/OAuthRegisterResponse"
5347
+ "$ref": "#/components/schemas/OAuthAuthServerMetadata"
5430
5348
  },
5431
5349
  "examples": {
5432
5350
  "happyPath": {
5433
- "summary": "Public PKCE client registered",
5351
+ "summary": "Production metadata",
5434
5352
  "value": {
5435
- "client_id": "oac_01HW3K4N9V5G6Z8C2Q7B1Y0M3F",
5436
- "client_name": "Acme MCP Agent",
5437
- "redirect_uris": [
5438
- "http://localhost:3000/callback"
5353
+ "issuer": "https://api.wspc.ai",
5354
+ "authorization_endpoint": "https://app.wspc.ai/authorize",
5355
+ "token_endpoint": "https://api.wspc.ai/auth/oauth/token",
5356
+ "registration_endpoint": "https://api.wspc.ai/auth/oauth/register",
5357
+ "revocation_endpoint": "https://api.wspc.ai/auth/oauth/revoke",
5358
+ "device_authorization_endpoint": "https://api.wspc.ai/auth/oauth/device",
5359
+ "response_types_supported": [
5360
+ "code"
5439
5361
  ],
5440
- "token_endpoint_auth_method": "none",
5441
- "grant_types": [
5362
+ "grant_types_supported": [
5442
5363
  "authorization_code",
5443
- "refresh_token"
5364
+ "refresh_token",
5365
+ "urn:ietf:params:oauth:grant-type:device_code"
5444
5366
  ],
5445
- "client_id_issued_at": 1748736000
5367
+ "code_challenge_methods_supported": [
5368
+ "S256"
5369
+ ],
5370
+ "token_endpoint_auth_methods_supported": [
5371
+ "none"
5372
+ ],
5373
+ "scopes_supported": [
5374
+ "wspc:full"
5375
+ ]
5446
5376
  }
5447
5377
  }
5448
5378
  }
@@ -5450,15 +5380,896 @@
5450
5380
  }
5451
5381
  },
5452
5382
  "400": {
5453
- "description": "OAuth request error. `error` is a snake_case code from RFC 6749 §5.2 (e.g. `invalid_request`, `invalid_grant`, `unsupported_grant_type`) or RFC 8628 §3.5 (`authorization_pending`, `slow_down`, `expired_token`, `access_denied`).",
5383
+ "description": "Request validation failed. The body, query, or path parameters did not match the operation's schema.",
5454
5384
  "content": {
5455
5385
  "application/json": {
5456
5386
  "schema": {
5457
5387
  "type": "object",
5458
5388
  "properties": {
5459
5389
  "error": {
5460
- "type": "string"
5461
- },
5390
+ "type": "object",
5391
+ "properties": {
5392
+ "code": {
5393
+ "type": "string"
5394
+ },
5395
+ "message": {
5396
+ "type": "string"
5397
+ },
5398
+ "extra": {
5399
+ "type": "object",
5400
+ "additionalProperties": {}
5401
+ }
5402
+ },
5403
+ "required": [
5404
+ "code",
5405
+ "message"
5406
+ ]
5407
+ }
5408
+ },
5409
+ "required": [
5410
+ "error"
5411
+ ]
5412
+ },
5413
+ "examples": {
5414
+ "validationError": {
5415
+ "summary": "Body failed schema validation",
5416
+ "value": {
5417
+ "error": {
5418
+ "code": "VALIDATION_ERROR",
5419
+ "message": "title must not be empty"
5420
+ }
5421
+ }
5422
+ }
5423
+ }
5424
+ }
5425
+ }
5426
+ },
5427
+ "401": {
5428
+ "description": "Authentication is required but missing or invalid. The Bearer token (API key or OAuth access token) was absent, malformed, or rejected.",
5429
+ "content": {
5430
+ "application/json": {
5431
+ "schema": {
5432
+ "type": "object",
5433
+ "properties": {
5434
+ "error": {
5435
+ "type": "object",
5436
+ "properties": {
5437
+ "code": {
5438
+ "type": "string"
5439
+ },
5440
+ "message": {
5441
+ "type": "string"
5442
+ },
5443
+ "extra": {
5444
+ "type": "object",
5445
+ "additionalProperties": {}
5446
+ }
5447
+ },
5448
+ "required": [
5449
+ "code",
5450
+ "message"
5451
+ ]
5452
+ }
5453
+ },
5454
+ "required": [
5455
+ "error"
5456
+ ]
5457
+ },
5458
+ "examples": {
5459
+ "authRequired": {
5460
+ "summary": "Missing Authorization header",
5461
+ "value": {
5462
+ "error": {
5463
+ "code": "AUTH_REQUIRED",
5464
+ "message": "missing bearer token"
5465
+ }
5466
+ }
5467
+ }
5468
+ }
5469
+ }
5470
+ }
5471
+ },
5472
+ "403": {
5473
+ "description": "The caller is authenticated but not permitted to perform this operation on the target resource.",
5474
+ "content": {
5475
+ "application/json": {
5476
+ "schema": {
5477
+ "type": "object",
5478
+ "properties": {
5479
+ "error": {
5480
+ "type": "object",
5481
+ "properties": {
5482
+ "code": {
5483
+ "type": "string"
5484
+ },
5485
+ "message": {
5486
+ "type": "string"
5487
+ },
5488
+ "extra": {
5489
+ "type": "object",
5490
+ "additionalProperties": {}
5491
+ }
5492
+ },
5493
+ "required": [
5494
+ "code",
5495
+ "message"
5496
+ ]
5497
+ }
5498
+ },
5499
+ "required": [
5500
+ "error"
5501
+ ]
5502
+ },
5503
+ "examples": {
5504
+ "forbidden": {
5505
+ "summary": "Caller does not own the resource",
5506
+ "value": {
5507
+ "error": {
5508
+ "code": "FORBIDDEN",
5509
+ "message": "not allowed"
5510
+ }
5511
+ }
5512
+ }
5513
+ }
5514
+ }
5515
+ }
5516
+ },
5517
+ "404": {
5518
+ "description": "The target resource does not exist or is not visible to the caller. Soft-deleted resources are treated as not found unless an `include_deleted` flag is set.",
5519
+ "content": {
5520
+ "application/json": {
5521
+ "schema": {
5522
+ "type": "object",
5523
+ "properties": {
5524
+ "error": {
5525
+ "type": "object",
5526
+ "properties": {
5527
+ "code": {
5528
+ "type": "string"
5529
+ },
5530
+ "message": {
5531
+ "type": "string"
5532
+ },
5533
+ "extra": {
5534
+ "type": "object",
5535
+ "additionalProperties": {}
5536
+ }
5537
+ },
5538
+ "required": [
5539
+ "code",
5540
+ "message"
5541
+ ]
5542
+ }
5543
+ },
5544
+ "required": [
5545
+ "error"
5546
+ ]
5547
+ },
5548
+ "examples": {
5549
+ "notFound": {
5550
+ "summary": "Resource id is unknown to the service",
5551
+ "value": {
5552
+ "error": {
5553
+ "code": "NOT_FOUND",
5554
+ "message": "todo not found"
5555
+ }
5556
+ }
5557
+ }
5558
+ }
5559
+ }
5560
+ }
5561
+ },
5562
+ "409": {
5563
+ "description": "Optimistic-lock conflict. The supplied `expected_version` does not match the server's current version. Refetch the resource and retry.",
5564
+ "content": {
5565
+ "application/json": {
5566
+ "schema": {
5567
+ "type": "object",
5568
+ "properties": {
5569
+ "error": {
5570
+ "type": "object",
5571
+ "properties": {
5572
+ "code": {
5573
+ "type": "string"
5574
+ },
5575
+ "message": {
5576
+ "type": "string"
5577
+ },
5578
+ "extra": {
5579
+ "type": "object",
5580
+ "additionalProperties": {}
5581
+ }
5582
+ },
5583
+ "required": [
5584
+ "code",
5585
+ "message"
5586
+ ]
5587
+ }
5588
+ },
5589
+ "required": [
5590
+ "error"
5591
+ ]
5592
+ },
5593
+ "examples": {
5594
+ "versionConflict": {
5595
+ "summary": "expected_version does not match server version",
5596
+ "value": {
5597
+ "error": {
5598
+ "code": "VERSION_CONFLICT",
5599
+ "message": "expected_version 3 but current is 4",
5600
+ "extra": {
5601
+ "expected_version": 3,
5602
+ "actual_version": 4
5603
+ }
5604
+ }
5605
+ }
5606
+ }
5607
+ }
5608
+ }
5609
+ }
5610
+ },
5611
+ "429": {
5612
+ "description": "Rate limit exceeded. Retry after the duration in `error.extra.retry_after_seconds`. `limit_kind` identifies which bucket was exhausted.",
5613
+ "content": {
5614
+ "application/json": {
5615
+ "schema": {
5616
+ "type": "object",
5617
+ "properties": {
5618
+ "error": {
5619
+ "type": "object",
5620
+ "properties": {
5621
+ "code": {
5622
+ "type": "string"
5623
+ },
5624
+ "message": {
5625
+ "type": "string"
5626
+ },
5627
+ "extra": {
5628
+ "type": "object",
5629
+ "additionalProperties": {}
5630
+ }
5631
+ },
5632
+ "required": [
5633
+ "code",
5634
+ "message"
5635
+ ]
5636
+ }
5637
+ },
5638
+ "required": [
5639
+ "error"
5640
+ ]
5641
+ },
5642
+ "examples": {
5643
+ "rateLimited": {
5644
+ "summary": "Per-key rate limit hit",
5645
+ "value": {
5646
+ "error": {
5647
+ "code": "RATE_LIMITED",
5648
+ "message": "rate limit exceeded",
5649
+ "extra": {
5650
+ "retry_after_seconds": 60,
5651
+ "limit_kind": "authenticated_per_key"
5652
+ }
5653
+ }
5654
+ }
5655
+ }
5656
+ }
5657
+ }
5658
+ }
5659
+ },
5660
+ "500": {
5661
+ "description": "Unhandled server error. The request was well-formed but the service failed unexpectedly. Safe to retry idempotent operations.",
5662
+ "content": {
5663
+ "application/json": {
5664
+ "schema": {
5665
+ "type": "object",
5666
+ "properties": {
5667
+ "error": {
5668
+ "type": "object",
5669
+ "properties": {
5670
+ "code": {
5671
+ "type": "string"
5672
+ },
5673
+ "message": {
5674
+ "type": "string"
5675
+ },
5676
+ "extra": {
5677
+ "type": "object",
5678
+ "additionalProperties": {}
5679
+ }
5680
+ },
5681
+ "required": [
5682
+ "code",
5683
+ "message"
5684
+ ]
5685
+ }
5686
+ },
5687
+ "required": [
5688
+ "error"
5689
+ ]
5690
+ },
5691
+ "examples": {
5692
+ "internalError": {
5693
+ "summary": "Unhandled exception",
5694
+ "value": {
5695
+ "error": {
5696
+ "code": "INTERNAL_ERROR",
5697
+ "message": "internal error"
5698
+ }
5699
+ }
5700
+ }
5701
+ }
5702
+ }
5703
+ }
5704
+ }
5705
+ }
5706
+ }
5707
+ },
5708
+ "/.well-known/openid-configuration": {
5709
+ "get": {
5710
+ "operationId": "oauth_metadata_openid_alias",
5711
+ "tags": [
5712
+ "OAuth"
5713
+ ],
5714
+ "excludeActorHeaders": true,
5715
+ "security": [],
5716
+ "summary": "Discover OAuth metadata (OIDC discovery alias)",
5717
+ "description": "### Overview\nOIDC discovery alias that returns the **same payload** as `GET /.well-known/oauth-authorization-server` (RFC 8414). WSPC is not an OpenID Connect identity provider — it does not issue ID tokens or expose a `userinfo` endpoint — but several MCP SDKs probe `/.well-known/openid-configuration` before falling back to the RFC 8414 path, so this alias is provided to avoid that fallback round-trip.\n\n### When to Use\n- Prefer `GET /.well-known/oauth-authorization-server` for new clients. Use this alias only if your client library hard-codes the OIDC discovery path.\n\n### Constraints\n- Public endpoint (no authentication required).\n- Response is byte-for-byte identical to the RFC 8414 endpoint; OIDC-specific fields (`userinfo_endpoint`, `jwks_uri`, `id_token_signing_alg_values_supported`, …) are intentionally absent.",
5718
+ "x-codeSamples": [
5719
+ {
5720
+ "lang": "shell",
5721
+ "label": "curl",
5722
+ "source": "curl https://api.wspc.ai/.well-known/openid-configuration"
5723
+ },
5724
+ {
5725
+ "lang": "typescript",
5726
+ "label": "@wspc/client",
5727
+ "source": "// TODO: client method pending\n// Expected shape (identical to /.well-known/oauth-authorization-server):\n// const meta = await fetch(\"https://api.wspc.ai/.well-known/openid-configuration\").then(r => r.json())"
5728
+ }
5729
+ ],
5730
+ "responses": {
5731
+ "200": {
5732
+ "description": "Authorization-server metadata document. Identical payload to the RFC 8414 endpoint; safe to cache for the lifetime of the client process.",
5733
+ "content": {
5734
+ "application/json": {
5735
+ "schema": {
5736
+ "$ref": "#/components/schemas/OAuthAuthServerMetadata"
5737
+ }
5738
+ }
5739
+ }
5740
+ },
5741
+ "400": {
5742
+ "description": "Request validation failed. The body, query, or path parameters did not match the operation's schema.",
5743
+ "content": {
5744
+ "application/json": {
5745
+ "schema": {
5746
+ "type": "object",
5747
+ "properties": {
5748
+ "error": {
5749
+ "type": "object",
5750
+ "properties": {
5751
+ "code": {
5752
+ "type": "string"
5753
+ },
5754
+ "message": {
5755
+ "type": "string"
5756
+ },
5757
+ "extra": {
5758
+ "type": "object",
5759
+ "additionalProperties": {}
5760
+ }
5761
+ },
5762
+ "required": [
5763
+ "code",
5764
+ "message"
5765
+ ]
5766
+ }
5767
+ },
5768
+ "required": [
5769
+ "error"
5770
+ ]
5771
+ },
5772
+ "examples": {
5773
+ "validationError": {
5774
+ "summary": "Body failed schema validation",
5775
+ "value": {
5776
+ "error": {
5777
+ "code": "VALIDATION_ERROR",
5778
+ "message": "title must not be empty"
5779
+ }
5780
+ }
5781
+ }
5782
+ }
5783
+ }
5784
+ }
5785
+ },
5786
+ "401": {
5787
+ "description": "Authentication is required but missing or invalid. The Bearer token (API key or OAuth access token) was absent, malformed, or rejected.",
5788
+ "content": {
5789
+ "application/json": {
5790
+ "schema": {
5791
+ "type": "object",
5792
+ "properties": {
5793
+ "error": {
5794
+ "type": "object",
5795
+ "properties": {
5796
+ "code": {
5797
+ "type": "string"
5798
+ },
5799
+ "message": {
5800
+ "type": "string"
5801
+ },
5802
+ "extra": {
5803
+ "type": "object",
5804
+ "additionalProperties": {}
5805
+ }
5806
+ },
5807
+ "required": [
5808
+ "code",
5809
+ "message"
5810
+ ]
5811
+ }
5812
+ },
5813
+ "required": [
5814
+ "error"
5815
+ ]
5816
+ },
5817
+ "examples": {
5818
+ "authRequired": {
5819
+ "summary": "Missing Authorization header",
5820
+ "value": {
5821
+ "error": {
5822
+ "code": "AUTH_REQUIRED",
5823
+ "message": "missing bearer token"
5824
+ }
5825
+ }
5826
+ }
5827
+ }
5828
+ }
5829
+ }
5830
+ },
5831
+ "403": {
5832
+ "description": "The caller is authenticated but not permitted to perform this operation on the target resource.",
5833
+ "content": {
5834
+ "application/json": {
5835
+ "schema": {
5836
+ "type": "object",
5837
+ "properties": {
5838
+ "error": {
5839
+ "type": "object",
5840
+ "properties": {
5841
+ "code": {
5842
+ "type": "string"
5843
+ },
5844
+ "message": {
5845
+ "type": "string"
5846
+ },
5847
+ "extra": {
5848
+ "type": "object",
5849
+ "additionalProperties": {}
5850
+ }
5851
+ },
5852
+ "required": [
5853
+ "code",
5854
+ "message"
5855
+ ]
5856
+ }
5857
+ },
5858
+ "required": [
5859
+ "error"
5860
+ ]
5861
+ },
5862
+ "examples": {
5863
+ "forbidden": {
5864
+ "summary": "Caller does not own the resource",
5865
+ "value": {
5866
+ "error": {
5867
+ "code": "FORBIDDEN",
5868
+ "message": "not allowed"
5869
+ }
5870
+ }
5871
+ }
5872
+ }
5873
+ }
5874
+ }
5875
+ },
5876
+ "404": {
5877
+ "description": "The target resource does not exist or is not visible to the caller. Soft-deleted resources are treated as not found unless an `include_deleted` flag is set.",
5878
+ "content": {
5879
+ "application/json": {
5880
+ "schema": {
5881
+ "type": "object",
5882
+ "properties": {
5883
+ "error": {
5884
+ "type": "object",
5885
+ "properties": {
5886
+ "code": {
5887
+ "type": "string"
5888
+ },
5889
+ "message": {
5890
+ "type": "string"
5891
+ },
5892
+ "extra": {
5893
+ "type": "object",
5894
+ "additionalProperties": {}
5895
+ }
5896
+ },
5897
+ "required": [
5898
+ "code",
5899
+ "message"
5900
+ ]
5901
+ }
5902
+ },
5903
+ "required": [
5904
+ "error"
5905
+ ]
5906
+ },
5907
+ "examples": {
5908
+ "notFound": {
5909
+ "summary": "Resource id is unknown to the service",
5910
+ "value": {
5911
+ "error": {
5912
+ "code": "NOT_FOUND",
5913
+ "message": "todo not found"
5914
+ }
5915
+ }
5916
+ }
5917
+ }
5918
+ }
5919
+ }
5920
+ },
5921
+ "409": {
5922
+ "description": "Optimistic-lock conflict. The supplied `expected_version` does not match the server's current version. Refetch the resource and retry.",
5923
+ "content": {
5924
+ "application/json": {
5925
+ "schema": {
5926
+ "type": "object",
5927
+ "properties": {
5928
+ "error": {
5929
+ "type": "object",
5930
+ "properties": {
5931
+ "code": {
5932
+ "type": "string"
5933
+ },
5934
+ "message": {
5935
+ "type": "string"
5936
+ },
5937
+ "extra": {
5938
+ "type": "object",
5939
+ "additionalProperties": {}
5940
+ }
5941
+ },
5942
+ "required": [
5943
+ "code",
5944
+ "message"
5945
+ ]
5946
+ }
5947
+ },
5948
+ "required": [
5949
+ "error"
5950
+ ]
5951
+ },
5952
+ "examples": {
5953
+ "versionConflict": {
5954
+ "summary": "expected_version does not match server version",
5955
+ "value": {
5956
+ "error": {
5957
+ "code": "VERSION_CONFLICT",
5958
+ "message": "expected_version 3 but current is 4",
5959
+ "extra": {
5960
+ "expected_version": 3,
5961
+ "actual_version": 4
5962
+ }
5963
+ }
5964
+ }
5965
+ }
5966
+ }
5967
+ }
5968
+ }
5969
+ },
5970
+ "429": {
5971
+ "description": "Rate limit exceeded. Retry after the duration in `error.extra.retry_after_seconds`. `limit_kind` identifies which bucket was exhausted.",
5972
+ "content": {
5973
+ "application/json": {
5974
+ "schema": {
5975
+ "type": "object",
5976
+ "properties": {
5977
+ "error": {
5978
+ "type": "object",
5979
+ "properties": {
5980
+ "code": {
5981
+ "type": "string"
5982
+ },
5983
+ "message": {
5984
+ "type": "string"
5985
+ },
5986
+ "extra": {
5987
+ "type": "object",
5988
+ "additionalProperties": {}
5989
+ }
5990
+ },
5991
+ "required": [
5992
+ "code",
5993
+ "message"
5994
+ ]
5995
+ }
5996
+ },
5997
+ "required": [
5998
+ "error"
5999
+ ]
6000
+ },
6001
+ "examples": {
6002
+ "rateLimited": {
6003
+ "summary": "Per-key rate limit hit",
6004
+ "value": {
6005
+ "error": {
6006
+ "code": "RATE_LIMITED",
6007
+ "message": "rate limit exceeded",
6008
+ "extra": {
6009
+ "retry_after_seconds": 60,
6010
+ "limit_kind": "authenticated_per_key"
6011
+ }
6012
+ }
6013
+ }
6014
+ }
6015
+ }
6016
+ }
6017
+ }
6018
+ },
6019
+ "500": {
6020
+ "description": "Unhandled server error. The request was well-formed but the service failed unexpectedly. Safe to retry idempotent operations.",
6021
+ "content": {
6022
+ "application/json": {
6023
+ "schema": {
6024
+ "type": "object",
6025
+ "properties": {
6026
+ "error": {
6027
+ "type": "object",
6028
+ "properties": {
6029
+ "code": {
6030
+ "type": "string"
6031
+ },
6032
+ "message": {
6033
+ "type": "string"
6034
+ },
6035
+ "extra": {
6036
+ "type": "object",
6037
+ "additionalProperties": {}
6038
+ }
6039
+ },
6040
+ "required": [
6041
+ "code",
6042
+ "message"
6043
+ ]
6044
+ }
6045
+ },
6046
+ "required": [
6047
+ "error"
6048
+ ]
6049
+ },
6050
+ "examples": {
6051
+ "internalError": {
6052
+ "summary": "Unhandled exception",
6053
+ "value": {
6054
+ "error": {
6055
+ "code": "INTERNAL_ERROR",
6056
+ "message": "internal error"
6057
+ }
6058
+ }
6059
+ }
6060
+ }
6061
+ }
6062
+ }
6063
+ }
6064
+ }
6065
+ }
6066
+ },
6067
+ "/auth/oauth/register": {
6068
+ "post": {
6069
+ "operationId": "oauth_client_register",
6070
+ "tags": [
6071
+ "OAuth"
6072
+ ],
6073
+ "security": [],
6074
+ "summary": "Dynamically register an OAuth client",
6075
+ "description": "### Overview\nImplements RFC 7591 dynamic client registration. This endpoint mints a unique `client_id` for a public OAuth client (e.g., an MCP server or third-party integration), enabling it to initiate OAuth authorization or device flows.\n\n### When to Use\n- Use this endpoint during the first-run installation or setup of an integration to dynamically generate a client identity. Persist the generated `client_id` for subsequent sessions.\n\n### Constraints\n- Public endpoint (no authentication required).\n- **Public Clients Only**: WSPC only supports public PKCE clients. Client secrets are not generated or returned.\n- **Redirect URI Matching**: All `redirect_uris` registered here must match exactly with those requested in the authorization endpoint later.\n\n### Troubleshooting\n- **400 Bad Request / invalid_client_metadata**: The request body is missing required fields like `client_name` or `redirect_uris`, or provides invalid parameters.\n- **429 Too Many Requests**: Dynamic registration requests from the requesting IP have exceeded the rate limit.",
6076
+ "x-codeSamples": [
6077
+ {
6078
+ "lang": "shell",
6079
+ "label": "curl",
6080
+ "source": "curl -X POST https://api.wspc.ai/auth/oauth/register \\\n -H \"Content-Type: application/json\" \\\n -d '{\"client_name\":\"Acme MCP Agent\",\"redirect_uris\":[\"http://localhost:3000/callback\"]}'"
6081
+ },
6082
+ {
6083
+ "lang": "bash",
6084
+ "label": "wspc CLI",
6085
+ "source": "# No direct CLI command — OAuth is consumed by third-party clients"
6086
+ },
6087
+ {
6088
+ "lang": "typescript",
6089
+ "label": "@wspc/client",
6090
+ "source": "// TODO: client method pending\n// Expected shape:\n// const reg = await fetch(\"https://api.wspc.ai/auth/oauth/register\", {\n// method: \"POST\",\n// headers: { \"Content-Type\": \"application/json\" },\n// body: JSON.stringify({ client_name: \"Acme MCP Agent\", redirect_uris: [\"http://localhost:3000/callback\"] }),\n// }).then(r => r.json())"
6091
+ }
6092
+ ],
6093
+ "requestBody": {
6094
+ "content": {
6095
+ "application/json": {
6096
+ "schema": {
6097
+ "$ref": "#/components/schemas/OAuthRegisterBody"
6098
+ },
6099
+ "examples": {
6100
+ "minimal": {
6101
+ "summary": "Register a local MCP client",
6102
+ "value": {
6103
+ "client_name": "Acme MCP Agent",
6104
+ "redirect_uris": [
6105
+ "http://localhost:3000/callback"
6106
+ ]
6107
+ }
6108
+ },
6109
+ "full": {
6110
+ "summary": "Register with explicit grant types",
6111
+ "value": {
6112
+ "client_name": "Acme MCP Agent",
6113
+ "redirect_uris": [
6114
+ "http://localhost:3000/callback"
6115
+ ],
6116
+ "token_endpoint_auth_method": "none",
6117
+ "grant_types": [
6118
+ "authorization_code",
6119
+ "refresh_token",
6120
+ "urn:ietf:params:oauth:grant-type:device_code"
6121
+ ]
6122
+ }
6123
+ }
6124
+ }
6125
+ }
6126
+ }
6127
+ },
6128
+ "responses": {
6129
+ "201": {
6130
+ "description": "Client registered. The response carries the newly minted `client_id` plus the echo of the registration request after defaults are applied.",
6131
+ "content": {
6132
+ "application/json": {
6133
+ "schema": {
6134
+ "$ref": "#/components/schemas/OAuthRegisterResponse"
6135
+ },
6136
+ "examples": {
6137
+ "happyPath": {
6138
+ "summary": "Public PKCE client registered",
6139
+ "value": {
6140
+ "client_id": "oac_01HW3K4N9V5G6Z8C2Q7B1Y0M3F",
6141
+ "client_name": "Acme MCP Agent",
6142
+ "redirect_uris": [
6143
+ "http://localhost:3000/callback"
6144
+ ],
6145
+ "token_endpoint_auth_method": "none",
6146
+ "grant_types": [
6147
+ "authorization_code",
6148
+ "refresh_token"
6149
+ ],
6150
+ "client_id_issued_at": 1748736000
6151
+ }
6152
+ }
6153
+ }
6154
+ }
6155
+ }
6156
+ },
6157
+ "400": {
6158
+ "description": "OAuth request error. `error` is a snake_case code from RFC 6749 §5.2 (e.g. `invalid_request`, `invalid_grant`, `unsupported_grant_type`) or RFC 8628 §3.5 (`authorization_pending`, `slow_down`, `expired_token`, `access_denied`).",
6159
+ "content": {
6160
+ "application/json": {
6161
+ "schema": {
6162
+ "type": "object",
6163
+ "properties": {
6164
+ "error": {
6165
+ "type": "string"
6166
+ },
6167
+ "error_description": {
6168
+ "type": "string"
6169
+ },
6170
+ "error_uri": {
6171
+ "type": "string"
6172
+ }
6173
+ },
6174
+ "required": [
6175
+ "error"
6176
+ ]
6177
+ },
6178
+ "examples": {
6179
+ "pending": {
6180
+ "summary": "Device flow: user has not yet approved/denied",
6181
+ "value": {
6182
+ "error": "authorization_pending",
6183
+ "error_description": "AUTHORIZATION_PENDING"
6184
+ }
6185
+ },
6186
+ "invalidGrant": {
6187
+ "summary": "Refresh token rejected or device code consumed",
6188
+ "value": {
6189
+ "error": "invalid_grant",
6190
+ "error_description": "INVALID_GRANT"
6191
+ }
6192
+ }
6193
+ }
6194
+ }
6195
+ }
6196
+ },
6197
+ "401": {
6198
+ "description": "OAuth client authentication failed (RFC 6749 §5.2). The client_id was not registered, or for confidential clients the credentials were rejected.",
6199
+ "content": {
6200
+ "application/json": {
6201
+ "schema": {
6202
+ "type": "object",
6203
+ "properties": {
6204
+ "error": {
6205
+ "type": "string"
6206
+ },
6207
+ "error_description": {
6208
+ "type": "string"
6209
+ },
6210
+ "error_uri": {
6211
+ "type": "string"
6212
+ }
6213
+ },
6214
+ "required": [
6215
+ "error"
6216
+ ]
6217
+ },
6218
+ "examples": {
6219
+ "invalidClient": {
6220
+ "summary": "Unknown client_id",
6221
+ "value": {
6222
+ "error": "invalid_client",
6223
+ "error_description": "INVALID_CLIENT"
6224
+ }
6225
+ }
6226
+ }
6227
+ }
6228
+ }
6229
+ },
6230
+ "429": {
6231
+ "description": "Rate limit exceeded.",
6232
+ "content": {
6233
+ "application/json": {
6234
+ "schema": {
6235
+ "type": "object",
6236
+ "properties": {
6237
+ "error": {
6238
+ "type": "string"
6239
+ },
6240
+ "error_description": {
6241
+ "type": "string"
6242
+ },
6243
+ "error_uri": {
6244
+ "type": "string"
6245
+ }
6246
+ },
6247
+ "required": [
6248
+ "error"
6249
+ ]
6250
+ },
6251
+ "examples": {
6252
+ "rateLimited": {
6253
+ "summary": "Per-IP rate limit hit",
6254
+ "value": {
6255
+ "error": "invalid_request",
6256
+ "error_description": "rate limit exceeded"
6257
+ }
6258
+ }
6259
+ }
6260
+ }
6261
+ }
6262
+ },
6263
+ "500": {
6264
+ "description": "Unhandled server error.",
6265
+ "content": {
6266
+ "application/json": {
6267
+ "schema": {
6268
+ "type": "object",
6269
+ "properties": {
6270
+ "error": {
6271
+ "type": "string"
6272
+ },
5462
6273
  "error_description": {
5463
6274
  "type": "string"
5464
6275
  },
@@ -5471,39 +6282,289 @@
5471
6282
  ]
5472
6283
  },
5473
6284
  "examples": {
5474
- "pending": {
5475
- "summary": "Device flow: user has not yet approved/denied",
6285
+ "internalError": {
6286
+ "summary": "Unhandled exception",
6287
+ "value": {
6288
+ "error": "server_error",
6289
+ "error_description": "internal error"
6290
+ }
6291
+ }
6292
+ }
6293
+ }
6294
+ }
6295
+ }
6296
+ }
6297
+ }
6298
+ },
6299
+ "/auth/request-code": {
6300
+ "post": {
6301
+ "operationId": "auth_request_code",
6302
+ "tags": [
6303
+ "Auth"
6304
+ ],
6305
+ "excludeActorHeaders": true,
6306
+ "security": [],
6307
+ "summary": "Request an email magic code",
6308
+ "description": "### Overview\nInitiates the passwordless email magic-code authentication flow by sending a short, time-limited numeric verification code to the specified email address.\n\n### When to Use\n- Use this endpoint as the first step of the CLI login flow (`wspc login`) or any interactive UI where the user initiates authentication by inputting their email address.\n- Pair this request with `POST /auth/verify-code` once the user retrieves the code from their inbox.\n\n### Constraints\n- Does not require authentication (public endpoint).\n- **Security**: The same HTTP 200 response structure is returned regardless of whether the email address is already registered or not. This is an intentional security design to prevent account-existence disclosure (email harvesting).\n- **Rate Limiting**: This endpoint enforces strict rate limits based on both the requesting IP address and the target email address to prevent abuse. Too many consecutive requests will result in a `RATE_LIMITED` error.\n\n### Troubleshooting\n- **429 Too Many Requests**: The requesting IP or target email has exceeded the allowable request rate. Wait a few minutes before trying again.\n- **400 Bad Request**: The `email` payload is malformed or invalid. Verify that the email matches basic email formats.",
6309
+ "x-codeSamples": [
6310
+ {
6311
+ "lang": "shell",
6312
+ "label": "curl",
6313
+ "source": "curl -X POST https://api.wspc.ai/auth/request-code \\\n -H \"Content-Type: application/json\" \\\n -d '{\"email\":\"alice@example.com\"}'"
6314
+ },
6315
+ {
6316
+ "lang": "bash",
6317
+ "label": "wspc CLI",
6318
+ "source": "wspc login # prompts for email, then for the magic code"
6319
+ },
6320
+ {
6321
+ "lang": "typescript",
6322
+ "label": "@wspc/client",
6323
+ "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nawait auth.requestCode(\"alice@example.com\")"
6324
+ }
6325
+ ],
6326
+ "requestBody": {
6327
+ "content": {
6328
+ "application/json": {
6329
+ "schema": {
6330
+ "$ref": "#/components/schemas/RequestCodeBody"
6331
+ },
6332
+ "examples": {
6333
+ "minimal": {
6334
+ "summary": "Request a magic code for a user",
6335
+ "value": {
6336
+ "email": "alice@example.com"
6337
+ }
6338
+ }
6339
+ }
6340
+ }
6341
+ }
6342
+ },
6343
+ "responses": {
6344
+ "200": {
6345
+ "description": "The magic code was generated and an email was dispatched. The same response shape is returned for registered and unregistered addresses to avoid account-existence disclosure.",
6346
+ "content": {
6347
+ "application/json": {
6348
+ "schema": {
6349
+ "$ref": "#/components/schemas/RequestCodeResponse"
6350
+ },
6351
+ "examples": {
6352
+ "happyPath": {
6353
+ "summary": "Code accepted; email dispatched",
6354
+ "value": {
6355
+ "status": "code_sent",
6356
+ "message": "Magic code sent."
6357
+ }
6358
+ }
6359
+ }
6360
+ }
6361
+ }
6362
+ },
6363
+ "400": {
6364
+ "description": "Request validation failed. The body, query, or path parameters did not match the operation's schema.",
6365
+ "content": {
6366
+ "application/json": {
6367
+ "schema": {
6368
+ "type": "object",
6369
+ "properties": {
6370
+ "error": {
6371
+ "type": "object",
6372
+ "properties": {
6373
+ "code": {
6374
+ "type": "string"
6375
+ },
6376
+ "message": {
6377
+ "type": "string"
6378
+ },
6379
+ "extra": {
6380
+ "type": "object",
6381
+ "additionalProperties": {}
6382
+ }
6383
+ },
6384
+ "required": [
6385
+ "code",
6386
+ "message"
6387
+ ]
6388
+ }
6389
+ },
6390
+ "required": [
6391
+ "error"
6392
+ ]
6393
+ },
6394
+ "examples": {
6395
+ "validationError": {
6396
+ "summary": "Body failed schema validation",
6397
+ "value": {
6398
+ "error": {
6399
+ "code": "VALIDATION_ERROR",
6400
+ "message": "title must not be empty"
6401
+ }
6402
+ }
6403
+ }
6404
+ }
6405
+ }
6406
+ }
6407
+ },
6408
+ "401": {
6409
+ "description": "Authentication is required but missing or invalid. The Bearer token (API key or OAuth access token) was absent, malformed, or rejected.",
6410
+ "content": {
6411
+ "application/json": {
6412
+ "schema": {
6413
+ "type": "object",
6414
+ "properties": {
6415
+ "error": {
6416
+ "type": "object",
6417
+ "properties": {
6418
+ "code": {
6419
+ "type": "string"
6420
+ },
6421
+ "message": {
6422
+ "type": "string"
6423
+ },
6424
+ "extra": {
6425
+ "type": "object",
6426
+ "additionalProperties": {}
6427
+ }
6428
+ },
6429
+ "required": [
6430
+ "code",
6431
+ "message"
6432
+ ]
6433
+ }
6434
+ },
6435
+ "required": [
6436
+ "error"
6437
+ ]
6438
+ },
6439
+ "examples": {
6440
+ "authRequired": {
6441
+ "summary": "Missing Authorization header",
6442
+ "value": {
6443
+ "error": {
6444
+ "code": "AUTH_REQUIRED",
6445
+ "message": "missing bearer token"
6446
+ }
6447
+ }
6448
+ }
6449
+ }
6450
+ }
6451
+ }
6452
+ },
6453
+ "403": {
6454
+ "description": "The caller is authenticated but not permitted to perform this operation on the target resource.",
6455
+ "content": {
6456
+ "application/json": {
6457
+ "schema": {
6458
+ "type": "object",
6459
+ "properties": {
6460
+ "error": {
6461
+ "type": "object",
6462
+ "properties": {
6463
+ "code": {
6464
+ "type": "string"
6465
+ },
6466
+ "message": {
6467
+ "type": "string"
6468
+ },
6469
+ "extra": {
6470
+ "type": "object",
6471
+ "additionalProperties": {}
6472
+ }
6473
+ },
6474
+ "required": [
6475
+ "code",
6476
+ "message"
6477
+ ]
6478
+ }
6479
+ },
6480
+ "required": [
6481
+ "error"
6482
+ ]
6483
+ },
6484
+ "examples": {
6485
+ "forbidden": {
6486
+ "summary": "Caller does not own the resource",
5476
6487
  "value": {
5477
- "error": "authorization_pending",
5478
- "error_description": "AUTHORIZATION_PENDING"
6488
+ "error": {
6489
+ "code": "FORBIDDEN",
6490
+ "message": "not allowed"
6491
+ }
6492
+ }
6493
+ }
6494
+ }
6495
+ }
6496
+ }
6497
+ },
6498
+ "404": {
6499
+ "description": "The target resource does not exist or is not visible to the caller. Soft-deleted resources are treated as not found unless an `include_deleted` flag is set.",
6500
+ "content": {
6501
+ "application/json": {
6502
+ "schema": {
6503
+ "type": "object",
6504
+ "properties": {
6505
+ "error": {
6506
+ "type": "object",
6507
+ "properties": {
6508
+ "code": {
6509
+ "type": "string"
6510
+ },
6511
+ "message": {
6512
+ "type": "string"
6513
+ },
6514
+ "extra": {
6515
+ "type": "object",
6516
+ "additionalProperties": {}
6517
+ }
6518
+ },
6519
+ "required": [
6520
+ "code",
6521
+ "message"
6522
+ ]
5479
6523
  }
5480
6524
  },
5481
- "invalidGrant": {
5482
- "summary": "Refresh token rejected or device code consumed",
6525
+ "required": [
6526
+ "error"
6527
+ ]
6528
+ },
6529
+ "examples": {
6530
+ "notFound": {
6531
+ "summary": "Resource id is unknown to the service",
5483
6532
  "value": {
5484
- "error": "invalid_grant",
5485
- "error_description": "INVALID_GRANT"
6533
+ "error": {
6534
+ "code": "NOT_FOUND",
6535
+ "message": "todo not found"
6536
+ }
5486
6537
  }
5487
6538
  }
5488
6539
  }
5489
6540
  }
5490
6541
  }
5491
6542
  },
5492
- "401": {
5493
- "description": "OAuth client authentication failed (RFC 6749 §5.2). The client_id was not registered, or for confidential clients the credentials were rejected.",
6543
+ "409": {
6544
+ "description": "Optimistic-lock conflict. The supplied `expected_version` does not match the server's current version. Refetch the resource and retry.",
5494
6545
  "content": {
5495
6546
  "application/json": {
5496
6547
  "schema": {
5497
6548
  "type": "object",
5498
6549
  "properties": {
5499
6550
  "error": {
5500
- "type": "string"
5501
- },
5502
- "error_description": {
5503
- "type": "string"
5504
- },
5505
- "error_uri": {
5506
- "type": "string"
6551
+ "type": "object",
6552
+ "properties": {
6553
+ "code": {
6554
+ "type": "string"
6555
+ },
6556
+ "message": {
6557
+ "type": "string"
6558
+ },
6559
+ "extra": {
6560
+ "type": "object",
6561
+ "additionalProperties": {}
6562
+ }
6563
+ },
6564
+ "required": [
6565
+ "code",
6566
+ "message"
6567
+ ]
5507
6568
  }
5508
6569
  },
5509
6570
  "required": [
@@ -5511,11 +6572,17 @@
5511
6572
  ]
5512
6573
  },
5513
6574
  "examples": {
5514
- "invalidClient": {
5515
- "summary": "Unknown client_id",
6575
+ "versionConflict": {
6576
+ "summary": "expected_version does not match server version",
5516
6577
  "value": {
5517
- "error": "invalid_client",
5518
- "error_description": "INVALID_CLIENT"
6578
+ "error": {
6579
+ "code": "VERSION_CONFLICT",
6580
+ "message": "expected_version 3 but current is 4",
6581
+ "extra": {
6582
+ "expected_version": 3,
6583
+ "actual_version": 4
6584
+ }
6585
+ }
5519
6586
  }
5520
6587
  }
5521
6588
  }
@@ -5523,20 +6590,30 @@
5523
6590
  }
5524
6591
  },
5525
6592
  "429": {
5526
- "description": "Rate limit exceeded.",
6593
+ "description": "Rate limit exceeded. Retry after the duration in `error.extra.retry_after_seconds`. `limit_kind` identifies which bucket was exhausted.",
5527
6594
  "content": {
5528
6595
  "application/json": {
5529
6596
  "schema": {
5530
6597
  "type": "object",
5531
6598
  "properties": {
5532
6599
  "error": {
5533
- "type": "string"
5534
- },
5535
- "error_description": {
5536
- "type": "string"
5537
- },
5538
- "error_uri": {
5539
- "type": "string"
6600
+ "type": "object",
6601
+ "properties": {
6602
+ "code": {
6603
+ "type": "string"
6604
+ },
6605
+ "message": {
6606
+ "type": "string"
6607
+ },
6608
+ "extra": {
6609
+ "type": "object",
6610
+ "additionalProperties": {}
6611
+ }
6612
+ },
6613
+ "required": [
6614
+ "code",
6615
+ "message"
6616
+ ]
5540
6617
  }
5541
6618
  },
5542
6619
  "required": [
@@ -5545,10 +6622,16 @@
5545
6622
  },
5546
6623
  "examples": {
5547
6624
  "rateLimited": {
5548
- "summary": "Per-IP rate limit hit",
6625
+ "summary": "Per-key rate limit hit",
5549
6626
  "value": {
5550
- "error": "invalid_request",
5551
- "error_description": "rate limit exceeded"
6627
+ "error": {
6628
+ "code": "RATE_LIMITED",
6629
+ "message": "rate limit exceeded",
6630
+ "extra": {
6631
+ "retry_after_seconds": 60,
6632
+ "limit_kind": "authenticated_per_key"
6633
+ }
6634
+ }
5552
6635
  }
5553
6636
  }
5554
6637
  }
@@ -5556,20 +6639,30 @@
5556
6639
  }
5557
6640
  },
5558
6641
  "500": {
5559
- "description": "Unhandled server error.",
6642
+ "description": "Unhandled server error. The request was well-formed but the service failed unexpectedly. Safe to retry idempotent operations.",
5560
6643
  "content": {
5561
6644
  "application/json": {
5562
6645
  "schema": {
5563
6646
  "type": "object",
5564
6647
  "properties": {
5565
6648
  "error": {
5566
- "type": "string"
5567
- },
5568
- "error_description": {
5569
- "type": "string"
5570
- },
5571
- "error_uri": {
5572
- "type": "string"
6649
+ "type": "object",
6650
+ "properties": {
6651
+ "code": {
6652
+ "type": "string"
6653
+ },
6654
+ "message": {
6655
+ "type": "string"
6656
+ },
6657
+ "extra": {
6658
+ "type": "object",
6659
+ "additionalProperties": {}
6660
+ }
6661
+ },
6662
+ "required": [
6663
+ "code",
6664
+ "message"
6665
+ ]
5573
6666
  }
5574
6667
  },
5575
6668
  "required": [
@@ -5580,8 +6673,10 @@
5580
6673
  "internalError": {
5581
6674
  "summary": "Unhandled exception",
5582
6675
  "value": {
5583
- "error": "server_error",
5584
- "error_description": "internal error"
6676
+ "error": {
6677
+ "code": "INTERNAL_ERROR",
6678
+ "message": "internal error"
6679
+ }
5585
6680
  }
5586
6681
  }
5587
6682
  }
@@ -5591,65 +6686,61 @@
5591
6686
  }
5592
6687
  }
5593
6688
  },
5594
- "/auth/request-code": {
5595
- "post": {
5596
- "operationId": "auth_request_code",
6689
+ "/auth/keys/{id}": {
6690
+ "delete": {
6691
+ "operationId": "key_revoke",
5597
6692
  "tags": [
5598
- "Auth"
6693
+ "Keys"
5599
6694
  ],
5600
- "security": [],
5601
- "summary": "Request an email magic code",
5602
- "description": "### Overview\nInitiates the passwordless email magic-code authentication flow by sending a short, time-limited numeric verification code to the specified email address.\n\n### When to Use\n- Use this endpoint as the first step of the CLI login flow (`wspc login`) or any interactive UI where the user initiates authentication by inputting their email address.\n- Pair this request with `POST /auth/verify-code` once the user retrieves the code from their inbox.\n\n### Constraints\n- Does not require authentication (public endpoint).\n- **Security**: The same HTTP 200 response structure is returned regardless of whether the email address is already registered or not. This is an intentional security design to prevent account-existence disclosure (email harvesting).\n- **Rate Limiting**: This endpoint enforces strict rate limits based on both the requesting IP address and the target email address to prevent abuse. Too many consecutive requests will result in a `RATE_LIMITED` error.\n\n### Troubleshooting\n- **429 Too Many Requests**: The requesting IP or target email has exceeded the allowable request rate. Wait a few minutes before trying again.\n- **400 Bad Request**: The `email` payload is malformed or invalid. Verify that the email matches basic email formats.",
6695
+ "security": [
6696
+ {
6697
+ "bearerAuth": []
6698
+ }
6699
+ ],
6700
+ "summary": "Soft-revoke an API key",
6701
+ "description": "### Overview\nPermanently revokes an active API key by its unique ID. Once revoked, the key becomes immediately invalid and will be rejected by all services.\n\n### When to Use\n- Use this endpoint to permanently deactivate an API key (e.g., when running `wspc keys revoke <id>`) due to token rotation, key leakage, or decommissioning of a machine/service.\n\n### Constraints\n- Requires a valid Bearer token in the `Authorization` header.\n- Revocation is permanent and cannot be undone.\n- A user can revoke any key they own, including the one they are currently using to make the call. If they revoke the current key, subsequent requests using that key will return `401 Unauthorized`.\n\n### Troubleshooting\n- **401 Unauthorized**: The active token is missing, expired, or invalid.\n- **404 Not Found**: The specified key ID does not exist, belongs to another user, or has already been revoked.\n- **400 Bad Request**: The `id` path parameter format is invalid. It must be in the format `key_<ULID>`.",
6702
+ "x-cli": {
6703
+ "command": "keys rm",
6704
+ "positional": [
6705
+ "id"
6706
+ ]
6707
+ },
5603
6708
  "x-codeSamples": [
5604
6709
  {
5605
6710
  "lang": "shell",
5606
6711
  "label": "curl",
5607
- "source": "curl -X POST https://api.wspc.ai/auth/request-code \\\n -H \"Content-Type: application/json\" \\\n -d '{\"email\":\"alice@example.com\"}'"
6712
+ "source": "curl -X DELETE https://api.wspc.ai/auth/keys/key_01HW3K4N9V5G6Z8C2Q7B1Y0M3F \\\n -H \"Authorization: Bearer $WSPC_API_KEY\""
5608
6713
  },
5609
6714
  {
5610
6715
  "lang": "bash",
5611
6716
  "label": "wspc CLI",
5612
- "source": "wspc login # prompts for email, then for the magic code"
6717
+ "source": "wspc keys rm key_abcd1234efgh5678"
5613
6718
  },
5614
6719
  {
5615
6720
  "lang": "typescript",
5616
6721
  "label": "@wspc/client",
5617
- "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nawait auth.requestCode(\"alice@example.com\")"
6722
+ "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nawait auth.revokeKey(process.env.WSPC_API_KEY!, \"key_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\")"
5618
6723
  }
5619
6724
  ],
5620
- "requestBody": {
5621
- "content": {
5622
- "application/json": {
5623
- "schema": {
5624
- "$ref": "#/components/schemas/RequestCodeBody"
5625
- },
5626
- "examples": {
5627
- "minimal": {
5628
- "summary": "Request a magic code for a user",
5629
- "value": {
5630
- "email": "alice@example.com"
5631
- }
5632
- }
5633
- }
5634
- }
6725
+ "parameters": [
6726
+ {
6727
+ "schema": {
6728
+ "type": "string",
6729
+ "description": "Id of the API key to revoke, as returned by `GET /auth/keys` (`key_<ULID>`)."
6730
+ },
6731
+ "required": true,
6732
+ "description": "Id of the API key to revoke, as returned by `GET /auth/keys` (`key_<ULID>`).",
6733
+ "name": "id",
6734
+ "in": "path"
5635
6735
  }
5636
- },
6736
+ ],
5637
6737
  "responses": {
5638
6738
  "200": {
5639
- "description": "The magic code was generated and an email was dispatched. The same response shape is returned for registered and unregistered addresses to avoid account-existence disclosure.",
6739
+ "description": "Key revoked successfully.",
5640
6740
  "content": {
5641
6741
  "application/json": {
5642
- "schema": {
5643
- "$ref": "#/components/schemas/RequestCodeResponse"
5644
- },
5645
- "examples": {
5646
- "happyPath": {
5647
- "summary": "Code accepted; email dispatched",
5648
- "value": {
5649
- "status": "code_sent",
5650
- "message": "Magic code sent."
5651
- }
5652
- }
6742
+ "schema": {
6743
+ "$ref": "#/components/schemas/RevokeApiKeyResponse"
5653
6744
  }
5654
6745
  }
5655
6746
  }
@@ -5978,11 +7069,9 @@
5978
7069
  }
5979
7070
  }
5980
7071
  }
5981
- }
5982
- },
5983
- "/auth/keys/{id}": {
5984
- "delete": {
5985
- "operationId": "key_revoke",
7072
+ },
7073
+ "patch": {
7074
+ "operationId": "key_update",
5986
7075
  "tags": [
5987
7076
  "Keys"
5988
7077
  ],
@@ -5991,10 +7080,10 @@
5991
7080
  "bearerAuth": []
5992
7081
  }
5993
7082
  ],
5994
- "summary": "Soft-revoke an API key",
5995
- "description": "### Overview\nPermanently revokes an active API key by its unique ID. Once revoked, the key becomes immediately invalid and will be rejected by all services.\n\n### When to Use\n- Use this endpoint to permanently deactivate an API key (e.g., when running `wspc keys revoke <id>`) due to token rotation, key leakage, or decommissioning of a machine/service.\n\n### Constraints\n- Requires a valid Bearer token in the `Authorization` header.\n- Revocation is permanent and cannot be undone.\n- A user can revoke any key they own, including the one they are currently using to make the call. If they revoke the current key, subsequent requests using that key will return `401 Unauthorized`.\n\n### Troubleshooting\n- **401 Unauthorized**: The active token is missing, expired, or invalid.\n- **404 Not Found**: The specified key ID does not exist, belongs to another user, or has already been revoked.\n- **400 Bad Request**: The `id` path parameter format is invalid. It must be in the format `key_<ULID>`.",
7083
+ "summary": "Update an active API key's label",
7084
+ "description": "### Overview\nUpdates the human-readable label of an active API key. Only active (non-revoked) keys owned by the authenticated user can be updated.\n\n### Constraints\n- Requires a valid Bearer token in the `Authorization` header.\n- **Label Validation**: The `label` parameter must be between 1 and 60 characters after trimming whitespace. Failing to provide a valid label results in an `INVALID_LABEL` error.",
5996
7085
  "x-cli": {
5997
- "command": "keys rm",
7086
+ "command": "keys edit",
5998
7087
  "positional": [
5999
7088
  "id"
6000
7089
  ]
@@ -6003,58 +7092,48 @@
6003
7092
  {
6004
7093
  "lang": "shell",
6005
7094
  "label": "curl",
6006
- "source": "curl -X DELETE https://api.wspc.ai/auth/keys/key_01HW3K4N9V5G6Z8C2Q7B1Y0M3F \\\n -H \"Authorization: Bearer $WSPC_API_KEY\""
7095
+ "source": "curl -X PATCH https://api.wspc.ai/auth/keys/key_01HW3K4N9V5G6Z8C2Q7B1Y0M3F \\\n -H \"Authorization: Bearer $WSPC_API_KEY\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\"label\":\"New Label\"}'"
6007
7096
  },
6008
7097
  {
6009
7098
  "lang": "bash",
6010
7099
  "label": "wspc CLI",
6011
- "source": "wspc keys rm key_abcd1234efgh5678"
7100
+ "source": "wspc keys edit key_01HW3K4N9V5G6Z8C2Q7B1Y0M3F --label \"New Label\""
6012
7101
  },
6013
7102
  {
6014
7103
  "lang": "typescript",
6015
7104
  "label": "@wspc/client",
6016
- "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nawait auth.revokeKey(process.env.WSPC_API_KEY!, \"key_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\")"
7105
+ "source": "import { AuthClient } from \"@wspc/client\"\nconst auth = new AuthClient({ baseUrl: \"https://api.wspc.ai\" })\nawait auth.updateApiKeyLabel(process.env.WSPC_API_KEY!, \"key_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\", \"New Label\")"
6017
7106
  }
6018
7107
  ],
6019
7108
  "parameters": [
6020
7109
  {
6021
7110
  "schema": {
6022
7111
  "type": "string",
6023
- "description": "Id of the API key to revoke, as returned by `GET /auth/keys` (`key_<ULID>`)."
7112
+ "description": "Id of the API key to update."
6024
7113
  },
6025
7114
  "required": true,
6026
- "description": "Id of the API key to revoke, as returned by `GET /auth/keys` (`key_<ULID>`).",
7115
+ "description": "Id of the API key to update.",
6027
7116
  "name": "id",
6028
7117
  "in": "path"
6029
- },
6030
- {
6031
- "schema": {
6032
- "type": "string",
6033
- "enum": [
6034
- "user",
6035
- "agent"
6036
- ]
6037
- },
6038
- "required": false,
6039
- "name": "X-Wspc-Actor",
6040
- "in": "header"
6041
- },
6042
- {
6043
- "schema": {
6044
- "type": "string"
6045
- },
6046
- "required": false,
6047
- "name": "X-Wspc-Agent-Label",
6048
- "in": "header"
6049
7118
  }
6050
7119
  ],
7120
+ "requestBody": {
7121
+ "required": true,
7122
+ "content": {
7123
+ "application/json": {
7124
+ "schema": {
7125
+ "$ref": "#/components/schemas/UpdateApiKeyBody"
7126
+ }
7127
+ }
7128
+ }
7129
+ },
6051
7130
  "responses": {
6052
7131
  "200": {
6053
- "description": "Key revoked successfully.",
7132
+ "description": "API key label updated successfully.",
6054
7133
  "content": {
6055
7134
  "application/json": {
6056
7135
  "schema": {
6057
- "$ref": "#/components/schemas/RevokeApiKeyResponse"
7136
+ "$ref": "#/components/schemas/UpdateApiKeyResponse"
6058
7137
  }
6059
7138
  }
6060
7139
  }
@@ -6411,28 +7490,6 @@
6411
7490
  "source": "// TODO: client method pending\n// Expected shape:\n// await fetch(\"https://api.wspc.ai/auth/oauth/revoke\", {\n// method: \"POST\",\n// headers: { \"Content-Type\": \"application/json\" },\n// body: JSON.stringify({ token: \"rt_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\", token_type_hint: \"refresh_token\" }),\n// })"
6412
7491
  }
6413
7492
  ],
6414
- "parameters": [
6415
- {
6416
- "schema": {
6417
- "type": "string",
6418
- "enum": [
6419
- "user",
6420
- "agent"
6421
- ]
6422
- },
6423
- "required": false,
6424
- "name": "X-Wspc-Actor",
6425
- "in": "header"
6426
- },
6427
- {
6428
- "schema": {
6429
- "type": "string"
6430
- },
6431
- "required": false,
6432
- "name": "X-Wspc-Agent-Label",
6433
- "in": "header"
6434
- }
6435
- ],
6436
7493
  "requestBody": {
6437
7494
  "content": {
6438
7495
  "application/json": {
@@ -6454,6 +7511,11 @@
6454
7511
  }
6455
7512
  }
6456
7513
  }
7514
+ },
7515
+ "application/x-www-form-urlencoded": {
7516
+ "schema": {
7517
+ "$ref": "#/components/schemas/OAuthRevokeBody"
7518
+ }
6457
7519
  }
6458
7520
  }
6459
7521
  },
@@ -6643,28 +7705,6 @@
6643
7705
  "source": "// TODO: client method pending\n// Expected shape:\n// const tok = await fetch(\"https://api.wspc.ai/auth/oauth/token\", {\n// method: \"POST\",\n// headers: { \"Content-Type\": \"application/json\" },\n// body: JSON.stringify({\n// grant_type: \"refresh_token\",\n// refresh_token: \"rt_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\",\n// client_id: \"oac_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\",\n// }),\n// }).then(r => r.json())"
6644
7706
  }
6645
7707
  ],
6646
- "parameters": [
6647
- {
6648
- "schema": {
6649
- "type": "string",
6650
- "enum": [
6651
- "user",
6652
- "agent"
6653
- ]
6654
- },
6655
- "required": false,
6656
- "name": "X-Wspc-Actor",
6657
- "in": "header"
6658
- },
6659
- {
6660
- "schema": {
6661
- "type": "string"
6662
- },
6663
- "required": false,
6664
- "name": "X-Wspc-Agent-Label",
6665
- "in": "header"
6666
- }
6667
- ],
6668
7708
  "requestBody": {
6669
7709
  "content": {
6670
7710
  "application/json": {
@@ -6699,6 +7739,11 @@
6699
7739
  }
6700
7740
  }
6701
7741
  }
7742
+ },
7743
+ "application/x-www-form-urlencoded": {
7744
+ "schema": {
7745
+ "$ref": "#/components/schemas/OAuthTokenBody"
7746
+ }
6702
7747
  }
6703
7748
  }
6704
7749
  },
@@ -6873,6 +7918,7 @@
6873
7918
  "tags": [
6874
7919
  "Auth"
6875
7920
  ],
7921
+ "excludeActorHeaders": true,
6876
7922
  "security": [],
6877
7923
  "summary": "Verify a magic code and issue an API key",
6878
7924
  "description": "### Overview\nCompletes the passwordless login flow by verifying the magic code received via email. If the code is correct, it registers a new user (if not already registered) and issues a long-lived WSPC API key.\n\n### When to Use\n- Use this endpoint as the second step of the login flow, exchanging the user-provided code and email address for a valid credential.\n- Store the returned `api_key` securely client-side to authorize subsequent calls to all WSPC services.\n\n### Constraints\n- Does not require authentication (public endpoint).\n- **One-time Use & Expiry**: The verification code is single-use and expires after a short period (typically a few minutes). Re-using a code or attempting to guess code values results in `INVALID_CODE` or `CODE_EXPIRED`.\n- **Account Creation**: If the email address is not linked to an existing account, a new user profile and personal organization are automatically provisioned (`created: true` in response).\n\n### Troubleshooting\n- **400 Bad Request**: The code has expired (`CODE_EXPIRED`), is incorrect (`INVALID_CODE`), or has already been used. Request a fresh code via `POST /auth/request-code`.\n- **429 Too Many Requests**: The rate limit for verification attempts on this email address has been exceeded.",
@@ -7339,28 +8385,6 @@
7339
8385
  "source": "import { CalendarClient } from \"@wspc/client\"\nconst calendar = new CalendarClient({ baseUrl: \"https://api.wspc.ai\", apiKey: process.env.WSPC_API_KEY! })\nawait calendar.create({\n title: \"Lunch with Alice\",\n start: \"2026-06-01T12:30:00+08:00\",\n end: \"2026-06-01T13:30:00+08:00\",\n attendees: [{ email: \"alice@example.com\", display_name: \"Alice\" }],\n})"
7340
8386
  }
7341
8387
  ],
7342
- "parameters": [
7343
- {
7344
- "schema": {
7345
- "type": "string",
7346
- "enum": [
7347
- "user",
7348
- "agent"
7349
- ]
7350
- },
7351
- "required": false,
7352
- "name": "X-Wspc-Actor",
7353
- "in": "header"
7354
- },
7355
- {
7356
- "schema": {
7357
- "type": "string"
7358
- },
7359
- "required": false,
7360
- "name": "X-Wspc-Agent-Label",
7361
- "in": "header"
7362
- }
7363
- ],
7364
8388
  "requestBody": {
7365
8389
  "content": {
7366
8390
  "application/json": {
@@ -7934,26 +8958,6 @@
7934
8958
  "description": "When omitted or `false`, events whose `end` is before now are hidden. Pass `true` to include them. Ignored when any of `start_from`/`start_to`/`end_from`/`end_to` is provided — explicit time bounds always win.",
7935
8959
  "name": "include_past",
7936
8960
  "in": "query"
7937
- },
7938
- {
7939
- "schema": {
7940
- "type": "string",
7941
- "enum": [
7942
- "user",
7943
- "agent"
7944
- ]
7945
- },
7946
- "required": false,
7947
- "name": "X-Wspc-Actor",
7948
- "in": "header"
7949
- },
7950
- {
7951
- "schema": {
7952
- "type": "string"
7953
- },
7954
- "required": false,
7955
- "name": "X-Wspc-Agent-Label",
7956
- "in": "header"
7957
8961
  }
7958
8962
  ],
7959
8963
  "responses": {
@@ -8399,26 +9403,6 @@
8399
9403
  "description": "Event id (`evt_<ULID>` for new rows; legacy UUID ids remain accepted).",
8400
9404
  "name": "id",
8401
9405
  "in": "path"
8402
- },
8403
- {
8404
- "schema": {
8405
- "type": "string",
8406
- "enum": [
8407
- "user",
8408
- "agent"
8409
- ]
8410
- },
8411
- "required": false,
8412
- "name": "X-Wspc-Actor",
8413
- "in": "header"
8414
- },
8415
- {
8416
- "schema": {
8417
- "type": "string"
8418
- },
8419
- "required": false,
8420
- "name": "X-Wspc-Agent-Label",
8421
- "in": "header"
8422
9406
  }
8423
9407
  ],
8424
9408
  "requestBody": {
@@ -8859,26 +9843,6 @@
8859
9843
  "description": "When `true`, return the row even if soft-deleted. Default `false` (returns 404).",
8860
9844
  "name": "include_deleted",
8861
9845
  "in": "query"
8862
- },
8863
- {
8864
- "schema": {
8865
- "type": "string",
8866
- "enum": [
8867
- "user",
8868
- "agent"
8869
- ]
8870
- },
8871
- "required": false,
8872
- "name": "X-Wspc-Actor",
8873
- "in": "header"
8874
- },
8875
- {
8876
- "schema": {
8877
- "type": "string"
8878
- },
8879
- "required": false,
8880
- "name": "X-Wspc-Agent-Label",
8881
- "in": "header"
8882
9846
  }
8883
9847
  ],
8884
9848
  "responses": {
@@ -9324,26 +10288,6 @@
9324
10288
  "description": "Event id (`evt_<ULID>` for new rows; legacy UUID ids remain accepted).",
9325
10289
  "name": "id",
9326
10290
  "in": "path"
9327
- },
9328
- {
9329
- "schema": {
9330
- "type": "string",
9331
- "enum": [
9332
- "user",
9333
- "agent"
9334
- ]
9335
- },
9336
- "required": false,
9337
- "name": "X-Wspc-Actor",
9338
- "in": "header"
9339
- },
9340
- {
9341
- "schema": {
9342
- "type": "string"
9343
- },
9344
- "required": false,
9345
- "name": "X-Wspc-Agent-Label",
9346
- "in": "header"
9347
10291
  }
9348
10292
  ],
9349
10293
  "requestBody": {
@@ -9805,26 +10749,6 @@
9805
10749
  "description": "`<event_id>.ics`. The `.ics` suffix is required so the router matches this endpoint ahead of the JSON detail route.",
9806
10750
  "name": "filename",
9807
10751
  "in": "path"
9808
- },
9809
- {
9810
- "schema": {
9811
- "type": "string",
9812
- "enum": [
9813
- "user",
9814
- "agent"
9815
- ]
9816
- },
9817
- "required": false,
9818
- "name": "X-Wspc-Actor",
9819
- "in": "header"
9820
- },
9821
- {
9822
- "schema": {
9823
- "type": "string"
9824
- },
9825
- "required": false,
9826
- "name": "X-Wspc-Agent-Label",
9827
- "in": "header"
9828
10752
  }
9829
10753
  ],
9830
10754
  "responses": {
@@ -10203,26 +11127,6 @@
10203
11127
  "description": "Event id (`evt_<ULID>` for new rows; legacy UUID ids remain accepted).",
10204
11128
  "name": "id",
10205
11129
  "in": "path"
10206
- },
10207
- {
10208
- "schema": {
10209
- "type": "string",
10210
- "enum": [
10211
- "user",
10212
- "agent"
10213
- ]
10214
- },
10215
- "required": false,
10216
- "name": "X-Wspc-Actor",
10217
- "in": "header"
10218
- },
10219
- {
10220
- "schema": {
10221
- "type": "string"
10222
- },
10223
- "required": false,
10224
- "name": "X-Wspc-Agent-Label",
10225
- "in": "header"
10226
11130
  }
10227
11131
  ],
10228
11132
  "requestBody": {
@@ -10615,7 +11519,7 @@
10615
11519
  "EmailAliases"
10616
11520
  ],
10617
11521
  "summary": "Create a receiving alias",
10618
- "description": "### Overview\nReserves and provisions a new passwordless/disposable receiving email alias address under the configured WSPC domain. All inbound emails received on this alias will be forwarded into the caller's inbox.\n\n### When to Use\n- Use this endpoint to spin up a fresh, dedicated email address (e.g., `alice-shop@wspc.app`) for specific websites, newsletters, or contexts to prevent spam or categorize incoming mail.\n\n### Constraints\n- Requires a valid Bearer token in the `Authorization` header.\n- **Alias Formatting**: The local part must be between 6 and 32 characters, start with an alphanumeric character, and only contain letters, numbers, dots, underscores, and hyphens.\n- **Limit Check**: Each user is allowed a maximum of 10 active email aliases. Soft-deleted aliases do not count against this quota limit.\n\n### Troubleshooting\n- **401 Unauthorized**: Bearer token is missing, invalid, or expired.\n- **400 Bad Request / INVALID_CHARSET / RESERVED**: The alias local part contains invalid characters, is too short/long, or matches a reserved keyword.\n- **409 Conflict / ALIAS_CONFLICT**: An alias with the exact requested email address already exists globally (whether active or soft-deleted by any user).\n- **429 Too Many Requests / ALIAS_LIMIT_EXCEEDED**: The user has reached the active alias cap limit of 10. A previously deleted alias must be cleaned up or wait for quota availability.",
11522
+ "description": "### Overview\nReserves and provisions a new passwordless/disposable receiving email alias address under the configured WSPC domain. All inbound emails received on this alias will be forwarded into the caller's inbox.\n\n### When to Use\n- Use this endpoint to spin up a fresh, dedicated email address (e.g., `alice-shop@wspc.app`) for specific websites, newsletters, or contexts to prevent spam or categorize incoming mail.\n\n### Constraints\n- Requires a valid Bearer token in the `Authorization` header.\n- **Alias Formatting**: The local part must be between 5 and 32 characters, start with an alphanumeric character, and only contain letters, numbers, dots, underscores, and hyphens.\n- **Limit Check**: Each user is allowed a maximum of 10 active email aliases. Soft-deleted aliases do not count against this quota limit.\n\n### Troubleshooting\n- **401 Unauthorized**: Bearer token is missing, invalid, or expired.\n- **400 Bad Request / INVALID_CHARSET / RESERVED**: The alias local part contains invalid characters, is too short/long, or matches a reserved keyword.\n- **409 Conflict / ALIAS_CONFLICT**: An alias with the exact requested email address already exists globally (whether active or soft-deleted by any user).\n- **429 Too Many Requests / ALIAS_LIMIT_EXCEEDED**: The user has reached the active alias cap limit of 10. A previously deleted alias must be cleaned up or wait for quota availability.",
10619
11523
  "security": [
10620
11524
  {
10621
11525
  "bearerAuth": []
@@ -10653,28 +11557,6 @@
10653
11557
  "source": "import { EmailClient } from \"@wspc/client\"\nconst email = new EmailClient({ baseUrl: \"https://api.wspc.ai\", apiKey: process.env.WSPC_API_KEY! })\nawait email.aliasCreate({ email: \"alice-shop@wspc.app\" })"
10654
11558
  }
10655
11559
  ],
10656
- "parameters": [
10657
- {
10658
- "schema": {
10659
- "type": "string",
10660
- "enum": [
10661
- "user",
10662
- "agent"
10663
- ]
10664
- },
10665
- "required": false,
10666
- "name": "X-Wspc-Actor",
10667
- "in": "header"
10668
- },
10669
- {
10670
- "schema": {
10671
- "type": "string"
10672
- },
10673
- "required": false,
10674
- "name": "X-Wspc-Agent-Label",
10675
- "in": "header"
10676
- }
10677
- ],
10678
11560
  "requestBody": {
10679
11561
  "required": true,
10680
11562
  "content": {
@@ -10972,26 +11854,6 @@
10972
11854
  "description": "When `true`, include soft-deleted aliases (with `deleted_at` set) alongside active ones. Defaults to `false`.",
10973
11855
  "name": "include_deleted",
10974
11856
  "in": "query"
10975
- },
10976
- {
10977
- "schema": {
10978
- "type": "string",
10979
- "enum": [
10980
- "user",
10981
- "agent"
10982
- ]
10983
- },
10984
- "required": false,
10985
- "name": "X-Wspc-Actor",
10986
- "in": "header"
10987
- },
10988
- {
10989
- "schema": {
10990
- "type": "string"
10991
- },
10992
- "required": false,
10993
- "name": "X-Wspc-Agent-Label",
10994
- "in": "header"
10995
11857
  }
10996
11858
  ],
10997
11859
  "responses": {
@@ -11260,26 +12122,6 @@
11260
12122
  "description": "Full alias email address. URL-encode @ as %40 in paths.",
11261
12123
  "name": "email",
11262
12124
  "in": "path"
11263
- },
11264
- {
11265
- "schema": {
11266
- "type": "string",
11267
- "enum": [
11268
- "user",
11269
- "agent"
11270
- ]
11271
- },
11272
- "required": false,
11273
- "name": "X-Wspc-Actor",
11274
- "in": "header"
11275
- },
11276
- {
11277
- "schema": {
11278
- "type": "string"
11279
- },
11280
- "required": false,
11281
- "name": "X-Wspc-Agent-Label",
11282
- "in": "header"
11283
12125
  }
11284
12126
  ],
11285
12127
  "responses": {
@@ -11508,28 +12350,6 @@
11508
12350
  "source": "import { EmailClient } from \"@wspc/client\"\nconst email = new EmailClient({ baseUrl: \"https://api.wspc.ai\", apiKey: process.env.WSPC_API_KEY! })\nawait email.deleteMany([\"eml_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\", \"eml_01HW3K4N9V5G6Z8C2Q7B1Y0M3G\"])"
11509
12351
  }
11510
12352
  ],
11511
- "parameters": [
11512
- {
11513
- "schema": {
11514
- "type": "string",
11515
- "enum": [
11516
- "user",
11517
- "agent"
11518
- ]
11519
- },
11520
- "required": false,
11521
- "name": "X-Wspc-Actor",
11522
- "in": "header"
11523
- },
11524
- {
11525
- "schema": {
11526
- "type": "string"
11527
- },
11528
- "required": false,
11529
- "name": "X-Wspc-Agent-Label",
11530
- "in": "header"
11531
- }
11532
- ],
11533
12353
  "requestBody": {
11534
12354
  "required": true,
11535
12355
  "content": {
@@ -11836,26 +12656,6 @@
11836
12656
  "description": "When `true`, allow downloading an attachment whose parent email is soft-deleted. Defaults to `false`.",
11837
12657
  "name": "include_deleted",
11838
12658
  "in": "query"
11839
- },
11840
- {
11841
- "schema": {
11842
- "type": "string",
11843
- "enum": [
11844
- "user",
11845
- "agent"
11846
- ]
11847
- },
11848
- "required": false,
11849
- "name": "X-Wspc-Actor",
11850
- "in": "header"
11851
- },
11852
- {
11853
- "schema": {
11854
- "type": "string"
11855
- },
11856
- "required": false,
11857
- "name": "X-Wspc-Agent-Label",
11858
- "in": "header"
11859
12659
  }
11860
12660
  ],
11861
12661
  "responses": {
@@ -12123,26 +12923,6 @@
12123
12923
  "description": "When `true`, allow fetching a soft-deleted email. Defaults to `false` (returns 404 for soft-deleted rows).",
12124
12924
  "name": "include_deleted",
12125
12925
  "in": "query"
12126
- },
12127
- {
12128
- "schema": {
12129
- "type": "string",
12130
- "enum": [
12131
- "user",
12132
- "agent"
12133
- ]
12134
- },
12135
- "required": false,
12136
- "name": "X-Wspc-Actor",
12137
- "in": "header"
12138
- },
12139
- {
12140
- "schema": {
12141
- "type": "string"
12142
- },
12143
- "required": false,
12144
- "name": "X-Wspc-Agent-Label",
12145
- "in": "header"
12146
12926
  }
12147
12927
  ],
12148
12928
  "responses": {
@@ -12183,6 +12963,7 @@
12183
12963
  },
12184
12964
  "subject": {
12185
12965
  "type": "string",
12966
+ "maxLength": 500,
12186
12967
  "description": "Subject header. Absent if the sender omitted it."
12187
12968
  },
12188
12969
  "text_body": {
@@ -12693,26 +13474,6 @@
12693
13474
  "description": "When `true`, also return soft-deleted emails. Defaults to `false`.",
12694
13475
  "name": "include_deleted",
12695
13476
  "in": "query"
12696
- },
12697
- {
12698
- "schema": {
12699
- "type": "string",
12700
- "enum": [
12701
- "user",
12702
- "agent"
12703
- ]
12704
- },
12705
- "required": false,
12706
- "name": "X-Wspc-Actor",
12707
- "in": "header"
12708
- },
12709
- {
12710
- "schema": {
12711
- "type": "string"
12712
- },
12713
- "required": false,
12714
- "name": "X-Wspc-Agent-Label",
12715
- "in": "header"
12716
13477
  }
12717
13478
  ],
12718
13479
  "responses": {
@@ -12755,6 +13516,7 @@
12755
13516
  },
12756
13517
  "subject": {
12757
13518
  "type": "string",
13519
+ "maxLength": 500,
12758
13520
  "description": "Subject header. Absent if the sender omitted it."
12759
13521
  },
12760
13522
  "text_body": {
@@ -13086,28 +13848,6 @@
13086
13848
  "source": "import { EmailClient } from \"@wspc/client\"\nconst email = new EmailClient({ baseUrl: \"https://api.wspc.ai\", apiKey: process.env.WSPC_API_KEY! })\nawait email.markRead([\"eml_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\", \"eml_01HW3K4N9V5G6Z8C2Q7B1Y0M3G\"])"
13087
13849
  }
13088
13850
  ],
13089
- "parameters": [
13090
- {
13091
- "schema": {
13092
- "type": "string",
13093
- "enum": [
13094
- "user",
13095
- "agent"
13096
- ]
13097
- },
13098
- "required": false,
13099
- "name": "X-Wspc-Actor",
13100
- "in": "header"
13101
- },
13102
- {
13103
- "schema": {
13104
- "type": "string"
13105
- },
13106
- "required": false,
13107
- "name": "X-Wspc-Agent-Label",
13108
- "in": "header"
13109
- }
13110
- ],
13111
13851
  "requestBody": {
13112
13852
  "required": true,
13113
13853
  "content": {
@@ -13400,28 +14140,6 @@
13400
14140
  "source": "import { EmailClient } from \"@wspc/client\"\nconst email = new EmailClient({ baseUrl: \"https://api.wspc.ai\", apiKey: process.env.WSPC_API_KEY! })\nawait email.markUnread([\"eml_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\"])"
13401
14141
  }
13402
14142
  ],
13403
- "parameters": [
13404
- {
13405
- "schema": {
13406
- "type": "string",
13407
- "enum": [
13408
- "user",
13409
- "agent"
13410
- ]
13411
- },
13412
- "required": false,
13413
- "name": "X-Wspc-Actor",
13414
- "in": "header"
13415
- },
13416
- {
13417
- "schema": {
13418
- "type": "string"
13419
- },
13420
- "required": false,
13421
- "name": "X-Wspc-Agent-Label",
13422
- "in": "header"
13423
- }
13424
- ],
13425
14143
  "requestBody": {
13426
14144
  "required": true,
13427
14145
  "content": {
@@ -13707,26 +14425,6 @@
13707
14425
  "description": "Full alias email address. URL-encode @ as %40 in paths.",
13708
14426
  "name": "email",
13709
14427
  "in": "path"
13710
- },
13711
- {
13712
- "schema": {
13713
- "type": "string",
13714
- "enum": [
13715
- "user",
13716
- "agent"
13717
- ]
13718
- },
13719
- "required": false,
13720
- "name": "X-Wspc-Actor",
13721
- "in": "header"
13722
- },
13723
- {
13724
- "schema": {
13725
- "type": "string"
13726
- },
13727
- "required": false,
13728
- "name": "X-Wspc-Agent-Label",
13729
- "in": "header"
13730
14428
  }
13731
14429
  ],
13732
14430
  "responses": {
@@ -13923,28 +14621,6 @@
13923
14621
  "source": "import { EmailClient } from \"@wspc/client\"\nconst email = new EmailClient({ baseUrl: \"https://api.wspc.ai\", apiKey: process.env.WSPC_API_KEY! })\nawait email.restoreMany([\"eml_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\"])"
13924
14622
  }
13925
14623
  ],
13926
- "parameters": [
13927
- {
13928
- "schema": {
13929
- "type": "string",
13930
- "enum": [
13931
- "user",
13932
- "agent"
13933
- ]
13934
- },
13935
- "required": false,
13936
- "name": "X-Wspc-Actor",
13937
- "in": "header"
13938
- },
13939
- {
13940
- "schema": {
13941
- "type": "string"
13942
- },
13943
- "required": false,
13944
- "name": "X-Wspc-Agent-Label",
13945
- "in": "header"
13946
- }
13947
- ],
13948
14624
  "requestBody": {
13949
14625
  "required": true,
13950
14626
  "content": {
@@ -14225,28 +14901,6 @@
14225
14901
  "source": "import { EmailClient } from \"@wspc/client\"\nconst email = new EmailClient({ baseUrl: \"https://api.wspc.ai\", apiKey: process.env.WSPC_API_KEY! })\nawait email.send({\n from_alias_email: \"alice-shop@wspc.app\",\n to: [\"alice@example.com\"],\n subject: \"Welcome to WSPC\",\n text: \"Hi Alice — welcome aboard.\",\n idempotency_key: \"retry-20260601-001\",\n})"
14226
14902
  }
14227
14903
  ],
14228
- "parameters": [
14229
- {
14230
- "schema": {
14231
- "type": "string",
14232
- "enum": [
14233
- "user",
14234
- "agent"
14235
- ]
14236
- },
14237
- "required": false,
14238
- "name": "X-Wspc-Actor",
14239
- "in": "header"
14240
- },
14241
- {
14242
- "schema": {
14243
- "type": "string"
14244
- },
14245
- "required": false,
14246
- "name": "X-Wspc-Agent-Label",
14247
- "in": "header"
14248
- }
14249
- ],
14250
14904
  "requestBody": {
14251
14905
  "required": true,
14252
14906
  "content": {
@@ -14678,26 +15332,6 @@
14678
15332
  "description": "Transport name to delete (e.g. `telegram`). Only transports the caller has previously registered exist; unknown values return 400 `UNKNOWN_TRANSPORT`.",
14679
15333
  "name": "transport",
14680
15334
  "in": "path"
14681
- },
14682
- {
14683
- "schema": {
14684
- "type": "string",
14685
- "enum": [
14686
- "user",
14687
- "agent"
14688
- ]
14689
- },
14690
- "required": false,
14691
- "name": "X-Wspc-Actor",
14692
- "in": "header"
14693
- },
14694
- {
14695
- "schema": {
14696
- "type": "string"
14697
- },
14698
- "required": false,
14699
- "name": "X-Wspc-Agent-Label",
14700
- "in": "header"
14701
15335
  }
14702
15336
  ],
14703
15337
  "responses": {
@@ -14971,28 +15605,6 @@
14971
15605
  }
14972
15606
  }
14973
15607
  },
14974
- "parameters": [
14975
- {
14976
- "schema": {
14977
- "type": "string",
14978
- "enum": [
14979
- "user",
14980
- "agent"
14981
- ]
14982
- },
14983
- "required": false,
14984
- "name": "X-Wspc-Actor",
14985
- "in": "header"
14986
- },
14987
- {
14988
- "schema": {
14989
- "type": "string"
14990
- },
14991
- "required": false,
14992
- "name": "X-Wspc-Agent-Label",
14993
- "in": "header"
14994
- }
14995
- ],
14996
15608
  "requestBody": {
14997
15609
  "required": true,
14998
15610
  "content": {
@@ -15328,28 +15940,6 @@
15328
15940
  "emptyMessage": "(no push transports registered)"
15329
15941
  }
15330
15942
  },
15331
- "parameters": [
15332
- {
15333
- "schema": {
15334
- "type": "string",
15335
- "enum": [
15336
- "user",
15337
- "agent"
15338
- ]
15339
- },
15340
- "required": false,
15341
- "name": "X-Wspc-Actor",
15342
- "in": "header"
15343
- },
15344
- {
15345
- "schema": {
15346
- "type": "string"
15347
- },
15348
- "required": false,
15349
- "name": "X-Wspc-Agent-Label",
15350
- "in": "header"
15351
- }
15352
- ],
15353
15943
  "responses": {
15354
15944
  "200": {
15355
15945
  "description": "All push transports registered for the authenticated user.",
@@ -15624,28 +16214,6 @@
15624
16214
  }
15625
16215
  }
15626
16216
  },
15627
- "parameters": [
15628
- {
15629
- "schema": {
15630
- "type": "string",
15631
- "enum": [
15632
- "user",
15633
- "agent"
15634
- ]
15635
- },
15636
- "required": false,
15637
- "name": "X-Wspc-Actor",
15638
- "in": "header"
15639
- },
15640
- {
15641
- "schema": {
15642
- "type": "string"
15643
- },
15644
- "required": false,
15645
- "name": "X-Wspc-Agent-Label",
15646
- "in": "header"
15647
- }
15648
- ],
15649
16217
  "requestBody": {
15650
16218
  "required": true,
15651
16219
  "content": {
@@ -15973,28 +16541,6 @@
15973
16541
  "source": "await todo.projects.create({ name: \"Work\" })"
15974
16542
  }
15975
16543
  ],
15976
- "parameters": [
15977
- {
15978
- "schema": {
15979
- "type": "string",
15980
- "enum": [
15981
- "user",
15982
- "agent"
15983
- ]
15984
- },
15985
- "required": false,
15986
- "name": "X-Wspc-Actor",
15987
- "in": "header"
15988
- },
15989
- {
15990
- "schema": {
15991
- "type": "string"
15992
- },
15993
- "required": false,
15994
- "name": "X-Wspc-Agent-Label",
15995
- "in": "header"
15996
- }
15997
- ],
15998
16544
  "requestBody": {
15999
16545
  "content": {
16000
16546
  "application/json": {
@@ -16430,26 +16976,6 @@
16430
16976
  "description": "Set to `true` to include soft-deleted projects in the response.",
16431
16977
  "name": "include_deleted",
16432
16978
  "in": "query"
16433
- },
16434
- {
16435
- "schema": {
16436
- "type": "string",
16437
- "enum": [
16438
- "user",
16439
- "agent"
16440
- ]
16441
- },
16442
- "required": false,
16443
- "name": "X-Wspc-Actor",
16444
- "in": "header"
16445
- },
16446
- {
16447
- "schema": {
16448
- "type": "string"
16449
- },
16450
- "required": false,
16451
- "name": "X-Wspc-Agent-Label",
16452
- "in": "header"
16453
16979
  }
16454
16980
  ],
16455
16981
  "responses": {
@@ -16881,28 +17407,6 @@
16881
17407
  "source": "import { TodoClient } from \"@wspc/client\"\nconst todo = new TodoClient({ baseUrl: \"https://api.wspc.ai\", apiKey: process.env.WSPC_API_KEY! })\nawait todo.createRule({ title: \"Draft weekly review\", rrule: \"FREQ=WEEKLY;BYDAY=MO\", dtstart: \"2026-05-18\", project_id: \"prj_01HW3K4N9V5G6Z8C2Q7B1Y0M3F\" })"
16882
17408
  }
16883
17409
  ],
16884
- "parameters": [
16885
- {
16886
- "schema": {
16887
- "type": "string",
16888
- "enum": [
16889
- "user",
16890
- "agent"
16891
- ]
16892
- },
16893
- "required": false,
16894
- "name": "X-Wspc-Actor",
16895
- "in": "header"
16896
- },
16897
- {
16898
- "schema": {
16899
- "type": "string"
16900
- },
16901
- "required": false,
16902
- "name": "X-Wspc-Agent-Label",
16903
- "in": "header"
16904
- }
16905
- ],
16906
17410
  "requestBody": {
16907
17411
  "content": {
16908
17412
  "application/json": {
@@ -17356,26 +17860,6 @@
17356
17860
  "required": false,
17357
17861
  "name": "user_id",
17358
17862
  "in": "query"
17359
- },
17360
- {
17361
- "schema": {
17362
- "type": "string",
17363
- "enum": [
17364
- "user",
17365
- "agent"
17366
- ]
17367
- },
17368
- "required": false,
17369
- "name": "X-Wspc-Actor",
17370
- "in": "header"
17371
- },
17372
- {
17373
- "schema": {
17374
- "type": "string"
17375
- },
17376
- "required": false,
17377
- "name": "X-Wspc-Agent-Label",
17378
- "in": "header"
17379
17863
  }
17380
17864
  ],
17381
17865
  "responses": {
@@ -17800,28 +18284,6 @@
17800
18284
  "source": "import { TodoClient } from \"@wspc/client\"\nconst todo = new TodoClient({ baseUrl: \"https://api.wspc.ai\", apiKey: process.env.WSPC_API_KEY! })\nawait todo.create({ title: \"Buy milk\", due_at: \"2026-06-01\" })"
17801
18285
  }
17802
18286
  ],
17803
- "parameters": [
17804
- {
17805
- "schema": {
17806
- "type": "string",
17807
- "enum": [
17808
- "user",
17809
- "agent"
17810
- ]
17811
- },
17812
- "required": false,
17813
- "name": "X-Wspc-Actor",
17814
- "in": "header"
17815
- },
17816
- {
17817
- "schema": {
17818
- "type": "string"
17819
- },
17820
- "required": false,
17821
- "name": "X-Wspc-Agent-Label",
17822
- "in": "header"
17823
- }
17824
- ],
17825
18287
  "requestBody": {
17826
18288
  "content": {
17827
18289
  "application/json": {
@@ -18238,7 +18700,7 @@
18238
18700
  }
18239
18701
  },
18240
18702
  "summary": "List todos with filters",
18241
- "description": "### 🎯 Overview & Purpose\nReturn the caller's active or archived todos, with comprehensive options to filter by project, parent task, status, due-date window, and template visibility.\n\n### 🔍 When to Use\n* Use this to render the main todo board dashboard, query items due in a specific timeframe (using `due_after` and `due_before`), or lazy-load subtasks for an expanded parent todo by passing its ID.\n\n### 💡 Key Features & Constraints\n* **Required Parameter**: The `project_id` query parameter is strictly required and must match an active project.\n* **Parent Tasks**: Omitting `parent_id` lists root-level todos by default. Pass a todo id to list direct children of that specific task.\n* **Multi-Status Filters**: Multi-value `status` query is supported by repeating the parameter, e.g., `?status=open&status=in_progress`.\n* **Due-Date Windowing**: The `due_after` filter is inclusive, while `due_before` is exclusive, forming a half-open window `[due_after, due_before)`. Both parameters exclude todos with no due date.\n* **Template & Soft-Delete Visibility**: Soft-deleted todos are hidden unless `include_deleted=true`. Template todos backing recurrence rules are hidden unless `include_templates=true`.\n\n### ⚠️ Common Errors & Troubleshooting\n* **`VALIDATION_ERROR` (HTTP 400)**: Thrown if `project_id` is missing, or if query parameters fail schema validation.",
18703
+ "description": "### 🎯 Overview & Purpose\nReturn the caller's active or archived todos, with comprehensive options to filter by project, parent task, status, due-date window, and template visibility.\n\n### 🔍 When to Use\n* Use this to render the main todo board dashboard, query items due in a specific timeframe (using `due_after` and `due_before`), or lazy-load subtasks for an expanded parent todo by passing its ID.\n\n### 💡 Key Features & Constraints\n* **Required Parameter**: The `project_id` query parameter is strictly required and must match an active project.\n* **Parent Tasks**: Omitting `parent_id` lists root-level todos by default. Pass a todo id to list direct children of that specific task.\n* **Multi-Status Filters**: Multi-value `status` query is supported by repeating the parameter, e.g., `?status=open&status=in_progress`.\n* **Due-Date Windowing**: The `due_after` filter is inclusive, while `due_before` is exclusive, forming a half-open window `[due_after, due_before)`. Both parameters exclude todos with no due date.\n* **Template & Soft-Delete Visibility**: Soft-deleted todos are hidden unless `include_deleted=true`. Template todos backing recurrence rules are hidden unless `include_templates=true`.\n* **Custom-Field Filters (`cf.<key>=<value>`)**: Repeatable dynamic-prefix query parameters whose name follows the `cf.<key>` pattern (e.g. `?cf.priority=high&cf.team=eng`). Each pair is ANDed; for `string_array` custom fields the match is positive when the array contains the value. Keys must be declared on the project's todo type schema. Because the prefix is dynamic, these parameters cannot be expressed in the JSON Schema below — clients must construct them from the URL query string directly.\n\n### ⚠️ Common Errors & Troubleshooting\n* **`VALIDATION_ERROR` (HTTP 400)**: Thrown if `project_id` is missing, or if query parameters fail schema validation.",
18242
18704
  "security": [
18243
18705
  {
18244
18706
  "bearerAuth": []
@@ -18399,33 +18861,13 @@
18399
18861
  "type": "array",
18400
18862
  "items": {
18401
18863
  "type": "string"
18402
- }
18403
- }
18404
- ]
18405
- },
18406
- "required": false,
18407
- "name": "include_orphan_fields",
18408
- "in": "query"
18409
- },
18410
- {
18411
- "schema": {
18412
- "type": "string",
18413
- "enum": [
18414
- "user",
18415
- "agent"
18864
+ }
18865
+ }
18416
18866
  ]
18417
18867
  },
18418
18868
  "required": false,
18419
- "name": "X-Wspc-Actor",
18420
- "in": "header"
18421
- },
18422
- {
18423
- "schema": {
18424
- "type": "string"
18425
- },
18426
- "required": false,
18427
- "name": "X-Wspc-Agent-Label",
18428
- "in": "header"
18869
+ "name": "include_orphan_fields",
18870
+ "in": "query"
18429
18871
  }
18430
18872
  ],
18431
18873
  "responses": {
@@ -18840,28 +19282,6 @@
18840
19282
  "source": "await todo.types.create({ label: \"Task\" })"
18841
19283
  }
18842
19284
  ],
18843
- "parameters": [
18844
- {
18845
- "schema": {
18846
- "type": "string",
18847
- "enum": [
18848
- "user",
18849
- "agent"
18850
- ]
18851
- },
18852
- "required": false,
18853
- "name": "X-Wspc-Actor",
18854
- "in": "header"
18855
- },
18856
- {
18857
- "schema": {
18858
- "type": "string"
18859
- },
18860
- "required": false,
18861
- "name": "X-Wspc-Agent-Label",
18862
- "in": "header"
18863
- }
18864
- ],
18865
19285
  "requestBody": {
18866
19286
  "content": {
18867
19287
  "application/json": {
@@ -19282,26 +19702,6 @@
19282
19702
  "required": false,
19283
19703
  "name": "include_deleted",
19284
19704
  "in": "query"
19285
- },
19286
- {
19287
- "schema": {
19288
- "type": "string",
19289
- "enum": [
19290
- "user",
19291
- "agent"
19292
- ]
19293
- },
19294
- "required": false,
19295
- "name": "X-Wspc-Actor",
19296
- "in": "header"
19297
- },
19298
- {
19299
- "schema": {
19300
- "type": "string"
19301
- },
19302
- "required": false,
19303
- "name": "X-Wspc-Agent-Label",
19304
- "in": "header"
19305
19705
  }
19306
19706
  ],
19307
19707
  "responses": {
@@ -19697,26 +20097,6 @@
19697
20097
  "description": "Project id (`prj_<ULID>`).",
19698
20098
  "name": "id",
19699
20099
  "in": "path"
19700
- },
19701
- {
19702
- "schema": {
19703
- "type": "string",
19704
- "enum": [
19705
- "user",
19706
- "agent"
19707
- ]
19708
- },
19709
- "required": false,
19710
- "name": "X-Wspc-Actor",
19711
- "in": "header"
19712
- },
19713
- {
19714
- "schema": {
19715
- "type": "string"
19716
- },
19717
- "required": false,
19718
- "name": "X-Wspc-Agent-Label",
19719
- "in": "header"
19720
20100
  }
19721
20101
  ],
19722
20102
  "responses": {
@@ -20115,26 +20495,6 @@
20115
20495
  "description": "Project id (`prj_<ULID>`).",
20116
20496
  "name": "id",
20117
20497
  "in": "path"
20118
- },
20119
- {
20120
- "schema": {
20121
- "type": "string",
20122
- "enum": [
20123
- "user",
20124
- "agent"
20125
- ]
20126
- },
20127
- "required": false,
20128
- "name": "X-Wspc-Actor",
20129
- "in": "header"
20130
- },
20131
- {
20132
- "schema": {
20133
- "type": "string"
20134
- },
20135
- "required": false,
20136
- "name": "X-Wspc-Agent-Label",
20137
- "in": "header"
20138
20498
  }
20139
20499
  ],
20140
20500
  "responses": {
@@ -20532,26 +20892,6 @@
20532
20892
  "description": "Project id (`prj_<ULID>`).",
20533
20893
  "name": "id",
20534
20894
  "in": "path"
20535
- },
20536
- {
20537
- "schema": {
20538
- "type": "string",
20539
- "enum": [
20540
- "user",
20541
- "agent"
20542
- ]
20543
- },
20544
- "required": false,
20545
- "name": "X-Wspc-Actor",
20546
- "in": "header"
20547
- },
20548
- {
20549
- "schema": {
20550
- "type": "string"
20551
- },
20552
- "required": false,
20553
- "name": "X-Wspc-Agent-Label",
20554
- "in": "header"
20555
20895
  }
20556
20896
  ],
20557
20897
  "requestBody": {
@@ -20978,26 +21318,6 @@
20978
21318
  "required": true,
20979
21319
  "name": "id",
20980
21320
  "in": "path"
20981
- },
20982
- {
20983
- "schema": {
20984
- "type": "string",
20985
- "enum": [
20986
- "user",
20987
- "agent"
20988
- ]
20989
- },
20990
- "required": false,
20991
- "name": "X-Wspc-Actor",
20992
- "in": "header"
20993
- },
20994
- {
20995
- "schema": {
20996
- "type": "string"
20997
- },
20998
- "required": false,
20999
- "name": "X-Wspc-Agent-Label",
21000
- "in": "header"
21001
21321
  }
21002
21322
  ],
21003
21323
  "requestBody": {
@@ -21406,26 +21726,6 @@
21406
21726
  "required": true,
21407
21727
  "name": "id",
21408
21728
  "in": "path"
21409
- },
21410
- {
21411
- "schema": {
21412
- "type": "string",
21413
- "enum": [
21414
- "user",
21415
- "agent"
21416
- ]
21417
- },
21418
- "required": false,
21419
- "name": "X-Wspc-Actor",
21420
- "in": "header"
21421
- },
21422
- {
21423
- "schema": {
21424
- "type": "string"
21425
- },
21426
- "required": false,
21427
- "name": "X-Wspc-Agent-Label",
21428
- "in": "header"
21429
21729
  }
21430
21730
  ],
21431
21731
  "responses": {
@@ -21835,26 +22135,6 @@
21835
22135
  "required": true,
21836
22136
  "name": "id",
21837
22137
  "in": "path"
21838
- },
21839
- {
21840
- "schema": {
21841
- "type": "string",
21842
- "enum": [
21843
- "user",
21844
- "agent"
21845
- ]
21846
- },
21847
- "required": false,
21848
- "name": "X-Wspc-Actor",
21849
- "in": "header"
21850
- },
21851
- {
21852
- "schema": {
21853
- "type": "string"
21854
- },
21855
- "required": false,
21856
- "name": "X-Wspc-Agent-Label",
21857
- "in": "header"
21858
22138
  }
21859
22139
  ],
21860
22140
  "requestBody": {
@@ -22301,26 +22581,6 @@
22301
22581
  "required": true,
22302
22582
  "name": "id",
22303
22583
  "in": "path"
22304
- },
22305
- {
22306
- "schema": {
22307
- "type": "string",
22308
- "enum": [
22309
- "user",
22310
- "agent"
22311
- ]
22312
- },
22313
- "required": false,
22314
- "name": "X-Wspc-Actor",
22315
- "in": "header"
22316
- },
22317
- {
22318
- "schema": {
22319
- "type": "string"
22320
- },
22321
- "required": false,
22322
- "name": "X-Wspc-Agent-Label",
22323
- "in": "header"
22324
22584
  }
22325
22585
  ],
22326
22586
  "requestBody": {
@@ -22781,23 +23041,21 @@
22781
23041
  },
22782
23042
  {
22783
23043
  "schema": {
22784
- "type": "string",
22785
- "enum": [
22786
- "user",
22787
- "agent"
23044
+ "anyOf": [
23045
+ {
23046
+ "type": "string"
23047
+ },
23048
+ {
23049
+ "type": "array",
23050
+ "items": {
23051
+ "type": "string"
23052
+ }
23053
+ }
22788
23054
  ]
22789
23055
  },
22790
23056
  "required": false,
22791
- "name": "X-Wspc-Actor",
22792
- "in": "header"
22793
- },
22794
- {
22795
- "schema": {
22796
- "type": "string"
22797
- },
22798
- "required": false,
22799
- "name": "X-Wspc-Agent-Label",
22800
- "in": "header"
23057
+ "name": "include_orphan_fields",
23058
+ "in": "query"
22801
23059
  }
22802
23060
  ],
22803
23061
  "responses": {
@@ -23219,26 +23477,6 @@
23219
23477
  "required": true,
23220
23478
  "name": "id",
23221
23479
  "in": "path"
23222
- },
23223
- {
23224
- "schema": {
23225
- "type": "string",
23226
- "enum": [
23227
- "user",
23228
- "agent"
23229
- ]
23230
- },
23231
- "required": false,
23232
- "name": "X-Wspc-Actor",
23233
- "in": "header"
23234
- },
23235
- {
23236
- "schema": {
23237
- "type": "string"
23238
- },
23239
- "required": false,
23240
- "name": "X-Wspc-Agent-Label",
23241
- "in": "header"
23242
23480
  }
23243
23481
  ],
23244
23482
  "requestBody": {
@@ -23673,26 +23911,6 @@
23673
23911
  "required": true,
23674
23912
  "name": "id",
23675
23913
  "in": "path"
23676
- },
23677
- {
23678
- "schema": {
23679
- "type": "string",
23680
- "enum": [
23681
- "user",
23682
- "agent"
23683
- ]
23684
- },
23685
- "required": false,
23686
- "name": "X-Wspc-Actor",
23687
- "in": "header"
23688
- },
23689
- {
23690
- "schema": {
23691
- "type": "string"
23692
- },
23693
- "required": false,
23694
- "name": "X-Wspc-Agent-Label",
23695
- "in": "header"
23696
23914
  }
23697
23915
  ],
23698
23916
  "responses": {
@@ -24072,26 +24290,6 @@
24072
24290
  "required": true,
24073
24291
  "name": "id",
24074
24292
  "in": "path"
24075
- },
24076
- {
24077
- "schema": {
24078
- "type": "string",
24079
- "enum": [
24080
- "user",
24081
- "agent"
24082
- ]
24083
- },
24084
- "required": false,
24085
- "name": "X-Wspc-Actor",
24086
- "in": "header"
24087
- },
24088
- {
24089
- "schema": {
24090
- "type": "string"
24091
- },
24092
- "required": false,
24093
- "name": "X-Wspc-Agent-Label",
24094
- "in": "header"
24095
24293
  }
24096
24294
  ],
24097
24295
  "responses": {
@@ -24471,26 +24669,6 @@
24471
24669
  "required": true,
24472
24670
  "name": "id",
24473
24671
  "in": "path"
24474
- },
24475
- {
24476
- "schema": {
24477
- "type": "string",
24478
- "enum": [
24479
- "user",
24480
- "agent"
24481
- ]
24482
- },
24483
- "required": false,
24484
- "name": "X-Wspc-Actor",
24485
- "in": "header"
24486
- },
24487
- {
24488
- "schema": {
24489
- "type": "string"
24490
- },
24491
- "required": false,
24492
- "name": "X-Wspc-Agent-Label",
24493
- "in": "header"
24494
24672
  }
24495
24673
  ],
24496
24674
  "requestBody": {
@@ -24879,26 +25057,6 @@
24879
25057
  "description": "Project id (`prj_<ULID>`).",
24880
25058
  "name": "id",
24881
25059
  "in": "path"
24882
- },
24883
- {
24884
- "schema": {
24885
- "type": "string",
24886
- "enum": [
24887
- "user",
24888
- "agent"
24889
- ]
24890
- },
24891
- "required": false,
24892
- "name": "X-Wspc-Actor",
24893
- "in": "header"
24894
- },
24895
- {
24896
- "schema": {
24897
- "type": "string"
24898
- },
24899
- "required": false,
24900
- "name": "X-Wspc-Agent-Label",
24901
- "in": "header"
24902
25060
  }
24903
25061
  ],
24904
25062
  "responses": {
@@ -25290,26 +25448,6 @@
25290
25448
  "required": true,
25291
25449
  "name": "id",
25292
25450
  "in": "path"
25293
- },
25294
- {
25295
- "schema": {
25296
- "type": "string",
25297
- "enum": [
25298
- "user",
25299
- "agent"
25300
- ]
25301
- },
25302
- "required": false,
25303
- "name": "X-Wspc-Actor",
25304
- "in": "header"
25305
- },
25306
- {
25307
- "schema": {
25308
- "type": "string"
25309
- },
25310
- "required": false,
25311
- "name": "X-Wspc-Agent-Label",
25312
- "in": "header"
25313
25451
  }
25314
25452
  ],
25315
25453
  "requestBody": {
@@ -25726,26 +25864,6 @@
25726
25864
  "required": true,
25727
25865
  "name": "id",
25728
25866
  "in": "path"
25729
- },
25730
- {
25731
- "schema": {
25732
- "type": "string",
25733
- "enum": [
25734
- "user",
25735
- "agent"
25736
- ]
25737
- },
25738
- "required": false,
25739
- "name": "X-Wspc-Actor",
25740
- "in": "header"
25741
- },
25742
- {
25743
- "schema": {
25744
- "type": "string"
25745
- },
25746
- "required": false,
25747
- "name": "X-Wspc-Agent-Label",
25748
- "in": "header"
25749
25867
  }
25750
25868
  ],
25751
25869
  "responses": {