feat!(generated): regenerate from spec (6 changes)

[workos-sdk-automation]

Summary

feat!(api_keys): Break ApiKey owner field type and restructure responses

• Removed ApiKeyList, ApiKeyWithValue, ApiKeyWithValueOwner, ApiKeyListListMetadata models
• Changed ApiKey.owner field type from ApiKeyCreatedDataOwner to organization-specific owner type
• Renamed ListOrganizationAPIKeys response from Iterator[ApiKey] to Iterator[OrganizationAPIKey]
• Renamed CreateOrganizationAPIKey response from ApiKeyWithValue to OrganizationAPIKeyWithValue
• Added new organization-scoped models: OrganizationAPIKey, OrganizationAPIKeyWithValue, OrganizationAPIKeyOwner, OrganizationAPIKeyWithValueOwner

feat(user_management): Add user API key management and JWT template retrieval

• Added ListAPIKeys(userID, params) to list user API keys with optional organization filter
• Added CreateAPIKey(userID, params) to create API keys for users
• Added ListJWTTemplate() to retrieve JWT template for current environment
• Added new models: UserAPIKey, UserAPIKeyWithValue, UserAPIKeyOwner, UserAPIKeyWithValueOwner, CreateUserAPIKey
• Added UserManagementListAPIKeysParams and UserManagementCreateAPIKeyParams for new operations

feat!(user_management): Add breaking user field to organization memberships

• Added user field to UserOrganizationMembership (breaking: required new field)
• Added user field to OrganizationMembership (breaking: required new field)
• Added user field to UserOrganizationMembershipBaseListData (breaking: required new field)

feat!(directory_sync): Add breaking name field to directory user models

• Added name field to DirectoryUser (breaking: required new field)
• Added name field to DirectoryUserWithGroups (breaking: required new field)
• Added name field to DsyncUserUpdatedData (breaking: required new field)

feat!(sso): Add breaking name field to user profile

• Added name field to Profile (breaking: required new field)

feat(events): Add ADMIN_PORTAL actor source and vault BYOK key deleted event

• Added ADMIN_PORTAL value to EventContextActorSource enum
• Added ADMIN_PORTAL value to FlagCreatedContextActorSource, FlagDeletedContextActorSource, FlagRuleUpdatedContextActorSource, FlagUpdatedContextActorSource enums
• Added new models: VaultByokKeyDeleted, VaultByokKeyDeletedData, VaultByokKeyDeletedDataKeyProvider enum

Triggered by workos/openapi-spec@058a0a4

BEGIN_COMMIT_OVERRIDE
feat!(api_keys): Break ApiKey owner field type and restructure responses
feat(user_management): Add user API key management and JWT template retrieval
feat!(user_management): Add breaking user field to organization memberships
feat!(directory_sync): Add breaking name field to directory user models
feat!(sso): Add breaking name field to user profile
feat(events): Add ADMIN_PORTAL actor source and vault BYOK key deleted event
END_COMMIT_OVERRIDE

[greptile-apps]

Greptile Summary

This is an auto-generated SDK regeneration from the OpenAPI spec, introducing several breaking changes: org- and user-scoped API key types replace the generic ApiKeyWithValue, new user fields on membership models, name fields on directory/profile types, and new user management endpoints (ListAPIKeys, CreateAPIKey, ListJWTTemplate). The structural changes are consistent with the spec and the alias/type hierarchy (OrganizationAPIKeyOwner, UserAPIKeyOwner) is wired up correctly.

Confidence Score: 4/5

Safe to merge; all findings are P2 style/quality issues with no runtime impact.

The generated changes are structurally sound — type aliases are wired correctly, iterator generics updated consistently, and testdata aligns with the new model shapes. Three P2 findings (unused CreateUserAPIKey model, misleading ListJWTTemplate name, weak test body assertions) reduce confidence slightly from a clean 5.

models.go (unused CreateUserAPIKey struct) and user_management_test.go (empty params in TestUserManagement_CreateAPIKey).

Important Files Changed

Filename	Overview
api_keys.go	Reordered methods and updated return types: ListOrganizationAPIKeys now returns Iterator[OrganizationAPIKey] and CreateOrganizationAPIKey returns *OrganizationAPIKeyWithValue; CreateValidation and Delete moved to end of file but functionally unchanged.
models.go	Added org- and user-scoped API key models, new membership user fields, Name field on directory/profile types, VaultByokKeyDeleted event, and JWTTemplateResponse relocation; CreateUserAPIKey is added but never referenced as a param type.
user_management.go	Added ListJWTTemplate, ListAPIKeys, and CreateAPIKey endpoints; method name ListJWTTemplate is misleading for a single-resource GET that returns *JWTTemplateResponse.
user_management_test.go	Added tests for ListJWTTemplate, ListAPIKeys, and CreateAPIKey; TestUserManagement_CreateAPIKey passes an empty params struct without asserting request body fields.
enums.go	Added EventContextActorSourceAdminPortal, VaultByokKeyDeletedDataKeyProvider enum, and APIKeysOrder as the new canonical order type; all ApplicationsOrder aliases now point to APIKeysOrder.
workos.go	Cosmetic reordering of apiKeys field and APIKeys() accessor; no functional change.
api_keys_test.go	Updated fixtures to org-scoped files (list_organization_api_key.json, organization_api_key_with_value.json) and switched error tests to use the iterator-based ListOrganizationAPIKeys.

Class Diagram

%%{init: {'theme': 'neutral'}}%%
classDiagram
    class OrganizationAPIKey {
        +string Object
        +string ID
        +OrganizationAPIKeyOwner Owner
        +string Name
        +string ObfuscatedValue
        +[]string Permissions
    }
    class OrganizationAPIKeyWithValue {
        +string Object
        +string ID
        +OrganizationAPIKeyWithValueOwner Owner
        +string Name
        +string ObfuscatedValue
        +string Value
        +[]string Permissions
    }
    class UserAPIKey {
        +string Object
        +string ID
        +UserAPIKeyOwner Owner
        +string Name
        +string ObfuscatedValue
        +[]string Permissions
    }
    class UserAPIKeyWithValue {
        +string Object
        +string ID
        +UserAPIKeyWithValueOwner Owner
        +string Name
        +string ObfuscatedValue
        +string Value
        +[]string Permissions
    }
    class APIKeyCreatedDataOwner {
        +string Type
        +string ID
    }
    class UserAPIKeyOwner {
        +string Type
        +string ID
        +string OrganizationID
    }
    OrganizationAPIKey --> APIKeyCreatedDataOwner : Owner (alias)
    OrganizationAPIKeyWithValue --> APIKeyCreatedDataOwner : Owner (alias)
    UserAPIKey --> UserAPIKeyOwner : Owner
    UserAPIKeyWithValue --> UserAPIKeyOwner : Owner (alias)

Loading

Comments Outside Diff (2)

1. user_management.go, line 794-803 (link)

   Misleading method name for a single-resource GET

   ListJWTTemplate returns a single *JWTTemplateResponse (not an iterator or slice), so the List prefix is counterintuitive and inconsistent with how list operations are modeled elsewhere in this SDK (which return *Iterator[T]). A name like GetJWTTemplate would better reflect that this fetches one resource.

   Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

2. user_management_test.go, line 948-972 (link)

   Test doesn't validate required request body fields

   TestUserManagement_CreateAPIKey calls CreateAPIKey with an empty UserManagementCreateAPIKeyParams{}. Since Name and OrganizationID have no omitempty tags, they serialize as empty strings — the server would reject this in production. The handler unmarshals bodyMap but never asserts on its contents, so the test passes without confirming the SDK sends valid data. Consider asserting bodyMap["name"] and bodyMap["organization_id"] are non-empty.

_{Reviews (1): Last reviewed commit: "feat!(generated): regenerate from spec (..." | Re-trigger Greptile}

[greptile-apps]

CreateUserAPIKey is unused dead code

CreateUserAPIKey has the exact same fields as UserManagementCreateAPIKeyParams (both have Name, OrganizationID, and Permissions), but no function in the codebase accepts CreateUserAPIKey as a parameter — UserManagementCreateAPIKeyParams is what CreateAPIKey actually uses. This struct appears to be a generated artifact that was never wired up.