[Blocker] Missing member contract and roster APIs block final Studio de-serviceId cleanup

[AbigailDeng]

Related

• merged backend slice: Add member-first Studio APIs #427
• remaining durable run truth blocker: [Blocker] Backend durable service-run registry blocking refresh-safe Studio Observe #429
• earlier broad member-first blocker: [Blocker] Backend gaps blocking 100% pure member-first Invoke/Observe closeout for #340 #364

Why this issue exists

#427 already unlocked the core member-first runtime routes for Studio:

• member binding
• member invoke
• member runs / audit / stop / resume / signal

That is enough for frontend to start switching Bind / Invoke / Observe onto memberId.

But after wiring the current frontend against those routes, there are still backend contract gaps that prevent Studio from fully removing service-first reads and serviceId-based inference.

This issue isolates those remaining API blockers so backend teammates can close the last semantic gap cleanly.

Current frontend reality after #427

Frontend can now call member routes for:

• PUT /members/{memberId}/binding
• POST /members/{memberId}/invoke/...
• GET /members/{memberId}/runs...

But frontend still has to keep some serviceId-level reads alive because the following member-first APIs do not exist yet.

Missing backend APIs

1. No authoritative member roster / detail API

Missing routes such as:

• GET /api/scopes/{scopeId}/members
• GET /api/scopes/{scopeId}/members/{memberId}

Without these, Studio still has to infer the member rail and selected-member details from a mix of:

• workflow inventory
• script inventory
• published service catalog
• route compatibility state

That keeps the UI semantics partially inferred instead of backend-authoritative.

2. No member endpoint contract API

Today the Bind / Invoke surfaces still need service-centric contract inspection such as:

• GET /api/scopes/{scopeId}/services/{serviceId}/endpoints/{endpointId}/contract

What frontend still needs is a member-first equivalent, for example:

• GET /api/scopes/{scopeId}/members/{memberId}/endpoints/{endpointId}/contract

or another member-centric contract read path that does not require frontend to first resolve and pass serviceId.

Without this, Studio cannot fully remove service-level contract lookups for:

• invoke URL display
• request/response schema display
• smoke-test/editor defaults
• snippet generation

3. Member-first revision lifecycle API is still missing

If Studio is expected to manage revisions without falling back to service routes, backend still needs member-scoped lifecycle actions such as:

• POST /api/scopes/{scopeId}/members/{memberId}/binding/revisions/{revisionId}:activate
• POST /api/scopes/{scopeId}/members/{memberId}/binding/revisions/{revisionId}:retire

This is smaller than the roster/contract gap, but it still blocks a fully pure member-first revision management story.

Why this is a blocker

Until the APIs above exist, frontend can improve a lot, but it still cannot honestly claim:

• Studio member rail is backed by authoritative member catalog truth
• Bind / Invoke contract inspection is fully member-first
• serviceId is fully gone from the steady-state Studio query path

In practice that means frontend must continue to keep compatibility bridges and inferred service lookups alive even after #427.

Acceptance

• Backend exposes authoritative member roster API for a scope
• Backend exposes authoritative member detail API
• Backend exposes member-first endpoint contract read API
• If revision management is in scope, backend exposes member-first revision activate/retire APIs
• Frontend can remove remaining service-level contract / roster inference from Studio without inventing client-side truth

Non-goal

This issue does not cover durable run registry / refresh-safe Observe truth. That remains tracked separately in #429.