AI-Cognitive-Leap/agnes-the-ai-analyst
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(openapi): regenerate snapshot after /api/welcome removal

Browse source
This commit is contained in:
ZdenekSrotyr 2026-05-03 08:48:49 +02:00
parent 8f71af6c22
commit d7705b5aa3
1 changed files with 74 additions and 140 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

214
tests/snapshots/openapi.json
View file

@ -147,6 +147,19 @@
"title": "AdminTokenItem",
"type": "object"
},
"BannerResponse": {
"properties": {
"content": {
"title": "Content",
"type": "string"
}
},
"required": [
"content"
],
"title": "BannerResponse",
"type": "object"
},
"BatchActionRequest": {
"properties": {
"action": {
@ -2095,10 +2108,6 @@
],
"title": "Content"
},
"default": {
"title": "Default",
"type": "string"
},
"updated_at": {
"anyOf": [
{
@ -2123,8 +2132,7 @@
}
},
"required": [
"content",
"default"
"content"
],
"title": "TemplateGetResponse",
"type": "object"
@ -2748,19 +2756,6 @@
],
"title": "VoteRequest",
"type": "object"
},
"WelcomeResponse": {
"properties": {
"content": {
"title": "Content",
"type": "string"
}
},
"required": [
"content"
],
"title": "WelcomeResponse",
"type": "object"
}
}
},
@ -2919,6 +2914,55 @@
]
}
},
"/admin/agent-prompt": {
"get": {
"operationId": "admin_agent_prompt_page_admin_agent_prompt_get",
"parameters": [
{
"in": "header",
"name": "authorization",
"required": false,
"schema": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"title": "Authorization"
}
}
],
"responses": {
"200": {
"content": {
"text/html": {
"schema": {
"type": "string"
}
}
},
"description": "Successful Response"
},
"422": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/HTTPValidationError"
}
}
},
"description": "Validation Error"
}
},
"summary": "Admin Agent Prompt Page",
"tags": [
"web"
]
}
},
"/admin/grants": {
"get": {
"description": "Backward-compat redirect for the page's previous URL.",
@ -3358,55 +3402,6 @@
]
}
},
"/admin/agent-prompt": {
"get": {
"operationId": "admin_agent_prompt_page_admin_agent_prompt_get",
"parameters": [
{
"in": "header",
"name": "authorization",
"required": false,
"schema": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"title": "Authorization"
}
}
],
"responses": {
"200": {
"content": {
"text/html": {
"schema": {
"type": "string"
}
}
},
"description": "Successful Response"
},
"422": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/HTTPValidationError"
}
}
},
"description": "Validation Error"
}
},
"summary": "Admin Welcome Page",
"tags": [
"web"
]
}
},
"/api/admin/access-overview": {
"get": {
"description": "One-shot snapshot for the /admin/access page.\n\nReturns:\n - ``groups``: every user_group with member + grant counts\n - ``grants``: every (group_id, resource_type, resource_id) row\n - ``resources``: per-resource-type hierarchical layout, where each\n type has a list of *blocks* (parent entities, e.g. a marketplace)\n and each block has *items* (concrete grantable resources).\n\nUI stitches the three pieces into the two-column layout: groups on\nthe left, resources tree on the right with per-item checkboxes whose\nstate derives from ``grants``.",
@ -5289,7 +5284,7 @@
},
"/api/admin/users/{user_id}/memberships/{group_id}": {
"delete": {
"description": "Remove a user from a group from the user-centric page.\n\nOnly deletes admin-source rows (Google-sync / system-seed managed\nelsewhere). Last-admin guard: refuse to remove yourself from Admin\nwhen you'd be the only remaining admin \u2014 keeps the system unlockable.",
"description": "Remove a user from a group from the user-centric page.\n\nOnly deletes admin-source rows (Google-sync / system-seed managed\nelsewhere). Last-admin guard: refuse to remove anyone from Admin\nwhen they are the only active admin \u2014 recovery from zero admins\nrequires direct DB access.",
"operationId": "remove_user_from_group_api_admin_users__user_id__memberships__group_id__delete",
"parameters": [
{
@ -5494,7 +5489,7 @@
},
"/api/admin/welcome-template/preview": {
"post": {
"description": "Render arbitrary template content against the live context for the\ncalling admin, without persisting. Used by the /admin/welcome editor's\nPreview button so admins can see their edits before saving.",
"description": "Render arbitrary template content against the live context for the\ncalling admin, without persisting. Used by the /admin/agent-prompt editor's\nPreview button so admins can see their edits before saving.",
"operationId": "admin_preview_template_api_admin_welcome_template_preview_post",
"parameters": [
{
@ -5529,7 +5524,7 @@
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/WelcomeResponse"
"$ref": "#/components/schemas/BannerResponse"
}
}
},
@ -10289,67 +10284,6 @@
]
}
},
"/api/welcome": {
"get": {
"description": "Render the welcome prompt for the calling user. Returns rendered markdown.",
"operationId": "get_welcome_api_welcome_get",
"parameters": [
{
"description": "The server URL the analyst is bootstrapping against",
"in": "query",
"name": "server_url",
"required": true,
"schema": {
"description": "The server URL the analyst is bootstrapping against",
"title": "Server Url",
"type": "string"
}
},
{
"in": "header",
"name": "authorization",
"required": false,
"schema": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"title": "Authorization"
}
}
],
"responses": {
"200": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/WelcomeResponse"
}
}
},
"description": "Successful Response"
},
"422": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/HTTPValidationError"
}
}
},
"description": "Validation Error"
}
},
"summary": "Get Welcome",
"tags": [
"welcome"
]
}
},
"/auth/admin/tokens": {
"get": {
"operationId": "admin_list_tokens_auth_admin_tokens_get",
@ -10538,7 +10472,7 @@
},
"/auth/email/verify": {
"get": {
"description": "Click-through variant \u2014 verifies token, sets cookie, redirects to /dashboard.\n\nThis is the URL we embed in outgoing emails (and the dev-fallback link), so\nclicking it in a mail client logs the user in without a separate API call.",
"description": "Click-through variant \u2014 verifies token, sets cookie, redirects to /dashboard.\n\nThis is the URL we embed in outgoing emails (and the dev-fallback link), so\nclicking it in a mail client logs the user in without a separate API call.\n\nRate limited 10/min per IP for the same reason as the POST variant \u2014\ndon't let the click-through path bypass the brute-force throttle.",
"operationId": "verify_magic_link_get_auth_email_verify_get",
"parameters": [
{
@ -10586,7 +10520,7 @@
]
},
"post": {
"description": "Verify a magic link token and issue JWT (JSON API for programmatic clients).",
"description": "Verify a magic link token and issue JWT (JSON API for programmatic clients).\n\nRate limited 10/min per IP to slow brute-forcing the 32-byte\n``reset_token`` (the same column doubles as the magic-link token).",
"operationId": "verify_magic_link_auth_email_verify_post",
"requestBody": {
"content": {
@ -10798,7 +10732,7 @@
]
},
"post": {
"description": "Request a password-reset link. Anti-enumeration: same response regardless.",
"description": "Request a password-reset link. Anti-enumeration: same response regardless.\n\nRate limited at the same 5/min as ``/auth/email/send-link`` \u2014 the\nattack surface is identical (single IP rotates random recipient\naddresses, anti-enumeration response shape masks which addresses\nlanded, attacker burns SMTP / SendGrid quota + spams real users).",
"operationId": "reset_request_auth_password_reset_post",
"requestBody": {
"content": {
@ -10837,7 +10771,7 @@
},
"/auth/password/reset/confirm": {
"post": {
"description": "Submit a new password using a reset token.",
"description": "Submit a new password using a reset token.\n\nRate limited 10/min per IP to slow brute-force guessing of the 32-byte\nURL-safe ``reset_token`` \u2014 the token is high-entropy but logs / proxy\nreferer leaks have surfaced partial tokens before, and there's no\nreason to allow unbounded attempts.",
"operationId": "reset_confirm_auth_password_reset_confirm_post",
"requestBody": {
"content": {
@ -10929,7 +10863,7 @@
]
},
"post": {
"description": "Set initial password using setup token (JSON API).",
"description": "Set initial password using setup token (JSON API).\n\nRate limited 10/min per IP \u2014 same throttle as the form sibling\n``/setup/confirm``. Without this, the new web-form throttle is\nbypassable: an attacker brute-forcing the ``setup_token`` just\nswitches to this JSON path and resumes at unbounded RPS.",
"operationId": "password_setup_auth_password_setup_post",
"requestBody": {
"content": {
@ -10969,7 +10903,7 @@
},
"/auth/password/setup/confirm": {
"post": {
"description": "Web form: complete initial password setup via setup token.",
"description": "Web form: complete initial password setup via setup token.\n\nRate limited 10/min per IP \u2014 same rationale as ``/reset/confirm``:\nhigh-entropy ``setup_token`` should still not be brute-forceable at\nunbounded RPS in case a partial token leaks via logs / referer.",
"operationId": "setup_confirm_auth_password_setup_confirm_post",
"requestBody": {
"content": {
@ -11009,7 +10943,7 @@
},
"/auth/password/setup/request": {
"post": {
"description": "Self-service 'Request Access' \u2014 emails a setup link if user is pre-approved and unset.",
"description": "Self-service 'Request Access' \u2014 emails a setup link if user is pre-approved and unset.\n\nSame 5/min rate limit as ``/auth/password/reset`` and ``/send-link``\n\u2014 same email-bombing surface (anti-enumeration response, sends mail\non each request).",
"operationId": "setup_request_auth_password_setup_request_post",
"requestBody": {
"content": {
@ -11627,7 +11561,7 @@
},
"/install": {
"get": {
"description": "Backwards-compat redirect: /install \u2192 /setup (301).",
"description": "Backwards-compat redirect: /install \u2192 /setup (302).\n\nUsing 302 (temporary) rather than 301 (permanent) so browsers/proxies\ndon't cache indefinitely \u2014 if the path ever changes again, cached 301s\nrequire manual cache clearing to recover.",
"operationId": "install_redirect_install_get",
"responses": {
"200": {