feat(generated)!: regenerate from spec (11 changes)

[workos-sdk-automation]

Summary

feat(api_keys): Add expires_at field to API key models

• Add optional expires_at field to APIKeysCreateOrganizationAPIKeyParams
• Add optional expires_at field to UserManagementCreateAPIKeyParams
• Add optional expires_at field to APIKey, APIKeyCreatedData, APIKeyRevokedData, OrganizationAPIKey, OrganizationAPIKeyWithValue, UserAPIKey, and UserAPIKeyWithValue models

feat(audit_logs)!: Rename audit log model types (breaking)

• Rename AuditLogExportJSON to AuditLogExport
• Rename AuditLogsRetentionJSON to AuditLogsRetention
• Rename AuditLogActionJSON to AuditLogAction
• Rename AuditLogExportJSONState to AuditLogExportState
• Update method signatures to use new type names

feat(authorization): Add filter parameters to role/resource assignment list

• Add ResourceID, ResourceExternalID, ResourceTypeSlug parameters to AuthorizationListRoleAssignmentsParams
• Add RoleSlug parameter to AuthorizationListRoleAssignmentsForResourceByExternalIDParams and AuthorizationListRoleAssignmentsForResourceParams
• Remove Search parameter from AuthorizationListResourcesParams

feat(radar)!: Remove device_fingerprint and bot_score parameters

• Remove DeviceFingerprint field from RadarCreateAttemptParams
• Remove BotScore field from RadarCreateAttemptParams
• Remove enum values CREDENTIAL_STUFFING and IP_SIGN_UP_RATE_LIMIT from RadarStandaloneResponseControl
• Remove and update enum values in RadarStandaloneAssessRequestAction (keep only SignUp and SignIn with updated values)

feat(user_management)!: Refactor organization membership to dedicated service

• Move organization membership operations from UserManagementService to new OrganizationMembershipService
• Remove ListOrganizationMemberships, CreateOrganizationMembership, GetOrganizationMembership, UpdateOrganizationMembership, DeleteOrganizationMembership, DeactivateOrganizationMembership, ReactivateOrganizationMembership methods from user management
• Remove role helper types (UserManagementRole, UserManagementRoleSingle, UserManagementRoleMultiple) from user management (now in organization_membership)
• Add ExpiresAt field to UserManagementCreateAPIKeyParams

feat(organization_membership): Add new organization membership service

• Add new OrganizationMembershipService with methods: List, Create, Get, Update, Delete, Deactivate, Reactivate, ListGroups
• Define OrganizationMembershipRole interface with single and multiple variants for flexible role assignment
• Add corresponding parameter types for all service methods

feat(vault): Add new vault service for encryption key management

• Add new VaultService with methods for key operations: CreateDataKey, CreateDecrypt, CreateRekey
• Add object CRUD operations: CreateKv, GetKv, GetName, UpdateKv, DeleteKv, ListKv
• Add metadata and versioning: ListKvMetadata, ListKvVersions
• Support encryption context via VaultCreateDataKeyParams and key-value operations

feat(webhooks): Rename webhook endpoint model type

• Rename WebhookEndpointJSON to WebhookEndpoint
• Rename WebhookEndpointJSONStatus to WebhookEndpointStatus
• Update method signatures and return types accordingly

feat(pipes): Add pipes connected account event models

• Add PipeConnectedAccount model with state tracking
• Add PipesConnectedAccountConnected, PipesConnectedAccountDisconnected, PipesConnectedAccountReauthorizationNeeded event models
• Add PipeConnectedAccountState enum with connected and needs_reauthorization values
• Add webhook event types for pipes integration events

feat(generated): Add new vault-related model types

• Add Actor model for audit log actor representation
• Add vault encryption models: CreateDataKeyResponse, DecryptResponse, DeleteObjectResponse
• Add vault object models: Object, ObjectMetadata, ObjectSummary, ObjectVersion, ObjectWithoutValue
• Add vault request models: CreateDataKeyRequest, DecryptRequest, RekeyRequest, CreateObjectRequest, UpdateObjectRequest
• Add error and metadata models: Error, ListMetadata, VersionListResponse

chore(generated): Update type aliases and enum standardization

• Change PaginationParams.Order from *PaginationOrder to *string for flexibility
• Create type aliases: UserManagementAuthenticationScreenHint now aliases RadarStandaloneAssessRequestAction
• Create type alias: WebhookEndpointStatus as alias for UpdateWebhookEndpointStatus
• Update profile fixtures and SSO references

Triggered by workos/openapi-spec@b0eb6fb

BEGIN_COMMIT_OVERRIDE
feat(api_keys): Add expires_at field to API key models (#554)
feat(audit_logs)!: Rename audit log model types (breaking) (#554)
feat(authorization): Add filter parameters to role/resource assignment list (#554)
feat(radar)!: Remove device_fingerprint and bot_score parameters (#554)
feat(user_management)!: Refactor organization membership to dedicated service (#554)
feat(organization_membership): Add new organization membership service (#554)
feat(vault): Add new vault service for encryption key management (#554)
feat(webhooks): Rename webhook endpoint model type (#554)
feat(pipes): Add pipes connected account event models (#554)
feat(generated): Add new vault-related model types (#554)
chore(generated): Update type aliases and enum standardization (#554)
END_COMMIT_OVERRIDE

[greptile-apps]

Greptile Summary

This is a large spec-driven regeneration that introduces 11 grouped changes: new services (OrganizationMembershipService, VaultService), type renames across audit logs and webhooks, radar parameter removals, API key expires_at fields, and authorization filter additions.

• Vault: Hand-written vault_kv.go is replaced by a generated vault.go; vault_crypto.go is updated to use the new generated model types (CreateDataKeyResponse, DecryptResponse, map[string]string key context), and testdata/version_list_response.json (previously absent) is now included so TestVault_ListKvVersions can pass.
• Organization membership: Operations previously on UserManagementService move to the new OrganizationMembershipService, with a matching test file and all required fixture files present.
• Breaking enum changes: AuditLogExportJSON, WebhookEndpointJSON, and related types are renamed per the spec; the changelog documents these. However, RadarAction→RadarListAction and the removal of the RadarType alias are not listed in the changelog despite changing the public API of AddListEntry and RemoveListEntry.

Confidence Score: 4/5

Safe to merge with one follow-up: the changelog omits two public breaking changes in the Radar service.

All previously flagged compilation issues (vault field duplicate, missing version_list_response.json fixture) are resolved. AddListEntry and RemoveListEntry now take RadarListType/RadarListAction instead of the old RadarType/RadarAction, and the RadarType alias is removed entirely — none of which appear in the changelog or PR description. Users upgrading will hit compile errors on these call sites without any migration guidance.

enums.go and radar.go — the RadarType removal and RadarAction→RadarListAction rename are missing from the documented breaking changes list.

Important Files Changed

Filename	Overview
workos.go	Resolves previously flagged duplicate vault field and method: the struct, NewClient initializer, and Vault() accessor are now each defined exactly once. OrganizationMembershipService replaces the removed UserManagementOrganizationMembershipGroupService.
vault.go	New generated VaultService consolidating all KV and key-management operations; replaces the hand-written vault_kv.go. API surface matches the generated spec.
vault_crypto.go	Updated to use the new generated model types (CreateDataKeyResponse, DecryptResponse, map[string]string key context). The Decrypt helper correctly extracts the encrypted-keys blob, fetches the plaintext key via the API, and passes the full ciphertext to LocalDecrypt.
organization_membership.go	New OrganizationMembershipService with all CRUD + ListGroups operations. Follows the same MarshalJSON pattern used by the old UserManagementService for polymorphic role assignment.
enums.go	Large enum refactor: RadarAction→RadarListAction and RadarType alias removed — both are breaking changes absent from the changelog. Other renames (AuditLogExportState, WebhookEndpointStatus, etc.) are properly documented.
radar.go	AddListEntry / RemoveListEntry parameter types changed from RadarType/RadarAction to RadarListType/RadarListAction; not listed as a breaking change in the PR description or changelog.
vault_test.go	New comprehensive test file covering all VaultService methods. testdata/version_list_response.json (previously missing) is now included in the PR, so TestVault_ListKvVersions should pass.
audit_logs.go	Method signatures updated to use renamed types (AuditLogsRetention, AuditLogAction, AuditLogSchema, AuditLogExport) — matches the breaking-change documentation.
models.go	Large addition of generated model types for vault (CreateDataKeyResponse, DecryptResponse, Object, ObjectMetadata, etc.), pipes events, and new audit log input schemas. No structural issues observed.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    Client["workos.Client"]
    Client --> OM["OrganizationMembershipService\n(NEW — was UserManagementService)"]
    Client --> Vault["VaultService\n(NEW — was vault_kv.go)"]
    Client --> UM["UserManagementService\n(org membership ops removed)"]
    Client --> AL["AuditLogService\n(renamed return types)"]
    Client --> WH["WebhookService\n(renamed return types)"]
    Client --> AZ["AuthorizationService\n(new filter params)"]
    Client --> Radar["RadarService\n(removed fields/enums)"]
    OM --> List["List()"]
    OM --> Create["Create()"]
    OM --> Get["Get()"]
    OM --> Update["Update()"]
    OM --> Delete["Delete()"]
    OM --> Deactivate["Deactivate()"]
    OM --> Reactivate["Reactivate()"]
    OM --> ListGroups["ListGroups()"]
    Vault --> CreateDataKey["CreateDataKey()"]
    Vault --> CreateDecrypt["CreateDecrypt()"]
    Vault --> CreateRekey["CreateRekey()"]
    Vault --> ListKv["ListKv()"]
    Vault --> CreateKv["CreateKv()"]
    Vault --> GetKv["GetKv()"]
    Vault --> GetName["GetName()"]
    Vault --> UpdateKv["UpdateKv()"]
    Vault --> DeleteKv["DeleteKv()"]
    Vault --> ListKvMetadata["ListKvMetadata()"]
    Vault --> ListKvVersions["ListKvVersions()"]
    Vault --> Encrypt["Encrypt() (local)"]
    Vault --> Decrypt["Decrypt() (local)"]

Loading

_{Reviews (2): Last reviewed commit: "docs: add missing breaking changes to re..." | Re-trigger Greptile}

[greptile-apps]

Missing fixture file causes TestVault_ListKvVersions to fail

TestVault_ListKvVersions loads testdata/version_list_response.json via os.ReadFile, but this file is not present in the repository and was not added by this PR. The test calls t.Fatalf on a read error, so the test will fail immediately when run.