From d7705b5aa3232212d5e24f993c31ef22c5741526 Mon Sep 17 00:00:00 2001 From: ZdenekSrotyr Date: Sun, 3 May 2026 08:48:49 +0200 Subject: [PATCH] chore(openapi): regenerate snapshot after /api/welcome removal --- tests/snapshots/openapi.json | 214 ++++++++++++----------------------- 1 file changed, 74 insertions(+), 140 deletions(-) diff --git a/tests/snapshots/openapi.json b/tests/snapshots/openapi.json index f163fb0..120d3e0 100644 --- a/tests/snapshots/openapi.json +++ b/tests/snapshots/openapi.json @@ -147,6 +147,19 @@ "title": "AdminTokenItem", "type": "object" }, + "BannerResponse": { + "properties": { + "content": { + "title": "Content", + "type": "string" + } + }, + "required": [ + "content" + ], + "title": "BannerResponse", + "type": "object" + }, "BatchActionRequest": { "properties": { "action": { @@ -2095,10 +2108,6 @@ ], "title": "Content" }, - "default": { - "title": "Default", - "type": "string" - }, "updated_at": { "anyOf": [ { @@ -2123,8 +2132,7 @@ } }, "required": [ - "content", - "default" + "content" ], "title": "TemplateGetResponse", "type": "object" @@ -2748,19 +2756,6 @@ ], "title": "VoteRequest", "type": "object" - }, - "WelcomeResponse": { - "properties": { - "content": { - "title": "Content", - "type": "string" - } - }, - "required": [ - "content" - ], - "title": "WelcomeResponse", - "type": "object" } } }, @@ -2919,6 +2914,55 @@ ] } }, + "/admin/agent-prompt": { + "get": { + "operationId": "admin_agent_prompt_page_admin_agent_prompt_get", + "parameters": [ + { + "in": "header", + "name": "authorization", + "required": false, + "schema": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "title": "Authorization" + } + } + ], + "responses": { + "200": { + "content": { + "text/html": { + "schema": { + "type": "string" + } + } + }, + "description": "Successful Response" + }, + "422": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + }, + "description": "Validation Error" + } + }, + "summary": "Admin Agent Prompt Page", + "tags": [ + "web" + ] + } + }, "/admin/grants": { "get": { "description": "Backward-compat redirect for the page's previous URL.", @@ -3358,55 +3402,6 @@ ] } }, - "/admin/agent-prompt": { - "get": { - "operationId": "admin_agent_prompt_page_admin_agent_prompt_get", - "parameters": [ - { - "in": "header", - "name": "authorization", - "required": false, - "schema": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "null" - } - ], - "title": "Authorization" - } - } - ], - "responses": { - "200": { - "content": { - "text/html": { - "schema": { - "type": "string" - } - } - }, - "description": "Successful Response" - }, - "422": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/HTTPValidationError" - } - } - }, - "description": "Validation Error" - } - }, - "summary": "Admin Welcome Page", - "tags": [ - "web" - ] - } - }, "/api/admin/access-overview": { "get": { "description": "One-shot snapshot for the /admin/access page.\n\nReturns:\n - ``groups``: every user_group with member + grant counts\n - ``grants``: every (group_id, resource_type, resource_id) row\n - ``resources``: per-resource-type hierarchical layout, where each\n type has a list of *blocks* (parent entities, e.g. a marketplace)\n and each block has *items* (concrete grantable resources).\n\nUI stitches the three pieces into the two-column layout: groups on\nthe left, resources tree on the right with per-item checkboxes whose\nstate derives from ``grants``.", @@ -5289,7 +5284,7 @@ }, "/api/admin/users/{user_id}/memberships/{group_id}": { "delete": { - "description": "Remove a user from a group from the user-centric page.\n\nOnly deletes admin-source rows (Google-sync / system-seed managed\nelsewhere). Last-admin guard: refuse to remove yourself from Admin\nwhen you'd be the only remaining admin \u2014 keeps the system unlockable.", + "description": "Remove a user from a group from the user-centric page.\n\nOnly deletes admin-source rows (Google-sync / system-seed managed\nelsewhere). Last-admin guard: refuse to remove anyone from Admin\nwhen they are the only active admin \u2014 recovery from zero admins\nrequires direct DB access.", "operationId": "remove_user_from_group_api_admin_users__user_id__memberships__group_id__delete", "parameters": [ { @@ -5494,7 +5489,7 @@ }, "/api/admin/welcome-template/preview": { "post": { - "description": "Render arbitrary template content against the live context for the\ncalling admin, without persisting. Used by the /admin/welcome editor's\nPreview button so admins can see their edits before saving.", + "description": "Render arbitrary template content against the live context for the\ncalling admin, without persisting. Used by the /admin/agent-prompt editor's\nPreview button so admins can see their edits before saving.", "operationId": "admin_preview_template_api_admin_welcome_template_preview_post", "parameters": [ { @@ -5529,7 +5524,7 @@ "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/WelcomeResponse" + "$ref": "#/components/schemas/BannerResponse" } } }, @@ -10289,67 +10284,6 @@ ] } }, - "/api/welcome": { - "get": { - "description": "Render the welcome prompt for the calling user. Returns rendered markdown.", - "operationId": "get_welcome_api_welcome_get", - "parameters": [ - { - "description": "The server URL the analyst is bootstrapping against", - "in": "query", - "name": "server_url", - "required": true, - "schema": { - "description": "The server URL the analyst is bootstrapping against", - "title": "Server Url", - "type": "string" - } - }, - { - "in": "header", - "name": "authorization", - "required": false, - "schema": { - "anyOf": [ - { - "type": "string" - }, - { - "type": "null" - } - ], - "title": "Authorization" - } - } - ], - "responses": { - "200": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/WelcomeResponse" - } - } - }, - "description": "Successful Response" - }, - "422": { - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/HTTPValidationError" - } - } - }, - "description": "Validation Error" - } - }, - "summary": "Get Welcome", - "tags": [ - "welcome" - ] - } - }, "/auth/admin/tokens": { "get": { "operationId": "admin_list_tokens_auth_admin_tokens_get", @@ -10538,7 +10472,7 @@ }, "/auth/email/verify": { "get": { - "description": "Click-through variant \u2014 verifies token, sets cookie, redirects to /dashboard.\n\nThis is the URL we embed in outgoing emails (and the dev-fallback link), so\nclicking it in a mail client logs the user in without a separate API call.", + "description": "Click-through variant \u2014 verifies token, sets cookie, redirects to /dashboard.\n\nThis is the URL we embed in outgoing emails (and the dev-fallback link), so\nclicking it in a mail client logs the user in without a separate API call.\n\nRate limited 10/min per IP for the same reason as the POST variant \u2014\ndon't let the click-through path bypass the brute-force throttle.", "operationId": "verify_magic_link_get_auth_email_verify_get", "parameters": [ { @@ -10586,7 +10520,7 @@ ] }, "post": { - "description": "Verify a magic link token and issue JWT (JSON API for programmatic clients).", + "description": "Verify a magic link token and issue JWT (JSON API for programmatic clients).\n\nRate limited 10/min per IP to slow brute-forcing the 32-byte\n``reset_token`` (the same column doubles as the magic-link token).", "operationId": "verify_magic_link_auth_email_verify_post", "requestBody": { "content": { @@ -10798,7 +10732,7 @@ ] }, "post": { - "description": "Request a password-reset link. Anti-enumeration: same response regardless.", + "description": "Request a password-reset link. Anti-enumeration: same response regardless.\n\nRate limited at the same 5/min as ``/auth/email/send-link`` \u2014 the\nattack surface is identical (single IP rotates random recipient\naddresses, anti-enumeration response shape masks which addresses\nlanded, attacker burns SMTP / SendGrid quota + spams real users).", "operationId": "reset_request_auth_password_reset_post", "requestBody": { "content": { @@ -10837,7 +10771,7 @@ }, "/auth/password/reset/confirm": { "post": { - "description": "Submit a new password using a reset token.", + "description": "Submit a new password using a reset token.\n\nRate limited 10/min per IP to slow brute-force guessing of the 32-byte\nURL-safe ``reset_token`` \u2014 the token is high-entropy but logs / proxy\nreferer leaks have surfaced partial tokens before, and there's no\nreason to allow unbounded attempts.", "operationId": "reset_confirm_auth_password_reset_confirm_post", "requestBody": { "content": { @@ -10929,7 +10863,7 @@ ] }, "post": { - "description": "Set initial password using setup token (JSON API).", + "description": "Set initial password using setup token (JSON API).\n\nRate limited 10/min per IP \u2014 same throttle as the form sibling\n``/setup/confirm``. Without this, the new web-form throttle is\nbypassable: an attacker brute-forcing the ``setup_token`` just\nswitches to this JSON path and resumes at unbounded RPS.", "operationId": "password_setup_auth_password_setup_post", "requestBody": { "content": { @@ -10969,7 +10903,7 @@ }, "/auth/password/setup/confirm": { "post": { - "description": "Web form: complete initial password setup via setup token.", + "description": "Web form: complete initial password setup via setup token.\n\nRate limited 10/min per IP \u2014 same rationale as ``/reset/confirm``:\nhigh-entropy ``setup_token`` should still not be brute-forceable at\nunbounded RPS in case a partial token leaks via logs / referer.", "operationId": "setup_confirm_auth_password_setup_confirm_post", "requestBody": { "content": { @@ -11009,7 +10943,7 @@ }, "/auth/password/setup/request": { "post": { - "description": "Self-service 'Request Access' \u2014 emails a setup link if user is pre-approved and unset.", + "description": "Self-service 'Request Access' \u2014 emails a setup link if user is pre-approved and unset.\n\nSame 5/min rate limit as ``/auth/password/reset`` and ``/send-link``\n\u2014 same email-bombing surface (anti-enumeration response, sends mail\non each request).", "operationId": "setup_request_auth_password_setup_request_post", "requestBody": { "content": { @@ -11627,7 +11561,7 @@ }, "/install": { "get": { - "description": "Backwards-compat redirect: /install \u2192 /setup (301).", + "description": "Backwards-compat redirect: /install \u2192 /setup (302).\n\nUsing 302 (temporary) rather than 301 (permanent) so browsers/proxies\ndon't cache indefinitely \u2014 if the path ever changes again, cached 301s\nrequire manual cache clearing to recover.", "operationId": "install_redirect_install_get", "responses": { "200": {