feat(generated): regenerate from spec (8 changes)

[workos-sdk-automation]

Summary

feat(api_keys): Add API key expiration and update event support

• Add create_api_key_expire operation to expire API keys via POST /api_keys/{id}/expire
• Add ApiKeyUpdated event class with ApiKeyUpdatedData and related nested models for tracking API key update events
• Add new expires_at required field to ApiKeyCreatedData and ApiKeyRevokedData

feat(user_management)!: Remove return_to param from revoke_session; add name field to user models

• Remove return_to parameter from revoke_session method (breaking change)
• Add optional name field to User, CreateUser, UpdateUser, and EmailChangeConfirmationUser models
• Update related .rbi type stubs to reflect signature changes

feat(directory_sync): Remove DsyncDeactivated models; add DsyncToken events

• Remove DsyncDeactivated, DsyncDeactivatedData, and related enum classes (breaking change)
• Add DsyncTokenCreated, DsyncTokenCreatedData, DsyncTokenRevoked, and DsyncTokenRevokedData event models
• Support new directory token lifecycle events in webhooks

feat(vault): Rename ObjectModel class to VaultObject

• Rename ObjectModel class to VaultObject for consistency with vault service naming (breaking change)
• Update get_name and get_kv methods to return VaultObject instead of ObjectModel
• Remove object inflection mapping that no longer applies

feat(connect): Add name field to UserObject

• Add optional name field to UserObject model for Connect applications

feat(groups): Move UserOrganizationMembershipBaseListData from authorization to groups

• Relocate UserOrganizationMembershipBaseListData model from authorization service to groups service (organizational change)

feat(types): Add SNOWFLAKE log stream type; remove DOMAIN_SIGN_UP_RATE_LIMIT enum

• Add SNOWFLAKE value to AuditLogConfigurationLogStreamType enum
• Remove DOMAIN_SIGN_UP_RATE_LIMIT value from RadarStandaloneResponseControl enum (breaking at type level)
• Add API_KEY_UPDATED event type to webhook endpoint event enums

feat(user_management)!: Add UserApiKeyUpdatedDataOwner model

• Add UserApiKeyUpdatedDataOwner model for API key update events owned by users

Triggered by workos/openapi-spec@dee95fc

BEGIN_COMMIT_OVERRIDE
feat(generated): regenerate from spec (8 changes)
END_COMMIT_OVERRIDE

[greptile-apps]

Greptile Summary

Auto-generated SDK update regenerated from the WorkOS OpenAPI spec, bundling 8 spec changes into a single release. All breaking changes are explicitly flagged in the PR description and a pending changelog entry.

• API Keys: adds create_api_key_expire (POST /api_keys/{id}/expire), new ApiKeyUpdated webhook event with discriminated owner (org/user), and expires_at fields on ApiKeyCreatedData/ApiKeyRevokedData.
• User Management: removes return_to from revoke_session (breaking), adds optional name field to User/CreateUser/UpdateUser/EmailChangeConfirmationUser models.
• Directory Sync / Vault / other models: removes DsyncDeactivated* classes and adds DsyncTokenCreated/DsyncTokenRevoked events; renames ObjectModel → VaultObject (breaking); adds SNOWFLAKE to AuditLogConfigurationLogStreamType; moves UserOrganizationMembershipBaseListData from authorization to groups service.

Confidence Score: 5/5

Safe to merge — all breaking changes are deliberately spec-driven, fully reflected in the changelog, and the refactoring (ObjectModel → VaultObject, removal of DsyncDeactivated, removal of return_to) has no dangling references left in the codebase.

The changes are auto-generated from a versioned OpenAPI spec, every model has a corresponding round-trip test, and the inflection table and RBI type stubs are kept in sync. The only known gap (the compact-drops-nil behaviour on expires_at in create_api_key_expire) was already raised and discussed in a prior review comment.

No files require special attention beyond the previously discussed expires_at/compact behaviour in lib/workos/api_keys.rb.

Important Files Changed

Filename	Overview
lib/workos/api_keys.rb	Adds create_api_key_expire; the body is built with .compact, silently dropping an explicit nil expires_at (previously flagged in review thread).
lib/workos/api_keys/api_key_updated_data.rb	New model for api_key.updated webhook event data; discriminated owner follows the same type-switch pattern used in ApiKey and ApiKeyCreatedData.
lib/workos/user_management.rb	Removes return_to from revoke_session (breaking) and adds optional name parameter to create_user/update_user; request body construction is consistent with existing optional fields.
lib/workos/vault.rb	Updates get_name and get_kv to return WorkOS::VaultObject instead of WorkOS::ObjectModel; no remaining ObjectModel references found in Ruby source.
lib/workos/directory_sync/dsync_token_revoked_data.rb	Aliases DsyncTokenRevokedData to DsyncTokenCreatedData; both events share an identical schema, consistent with how DsyncTokenRevokedData is modelled in the spec.
lib/workos/user_management/user_api_key_updated_data_owner.rb	Aliases UserApiKeyUpdatedDataOwner to UserApiKeyCreatedDataOwner; correct — both carry identical type/id/organization_id fields.
lib/workos/inflections.rb	Removes the "object" => "ObjectModel" inflection mapping, completing the VaultObject rename with no dangling references.
test/workos/test_model_round_trip.rb	Round-trip tests added for all new models (ApiKeyUpdated*, DsyncToken*, ExpireApiKey, VaultObject); renamed tests updated to use new class names.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    subgraph API Keys
        AKE[create_api_key_expire\nPOST /api_keys/id/expire] --> AK[WorkOS::ApiKey]
        AKU[ApiKeyUpdated webhook] --> AKUD[ApiKeyUpdatedData]
        AKUD -->|type=organization| AKUDO[ApiKeyUpdatedDataOwner\n= ApiKeyCreatedDataOwner]
        AKUD -->|type=user| UAKUDO[UserApiKeyUpdatedDataOwner\n= UserApiKeyCreatedDataOwner]
    end

    subgraph User Management
        RS[revoke_session] -->|removed: return_to| RS2[session_id only]
        CU[create_user / update_user] -->|added| NAME[name field]
        USER[User model] -->|alias| ECU[EmailChangeConfirmationUser\n+ name field]
    end

    subgraph Directory Sync - Removed
        DD[DsyncDeactivated X]
        DDD[DsyncDeactivatedData X]
    end

    subgraph Directory Sync - Added
        DTC[DsyncTokenCreated] --> DTCD[DsyncTokenCreatedData]
        DTR[DsyncTokenRevoked] --> DTRD[DsyncTokenRevokedData\n= DsyncTokenCreatedData]
    end

    subgraph Vault
        OLD[ObjectModel X] -->|renamed to| VO[VaultObject]
        GN[get_name] --> VO
        GK[get_kv] --> VO
    end

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    subgraph API Keys
        AKE[create_api_key_expire\nPOST /api_keys/id/expire] --> AK[WorkOS::ApiKey]
        AKU[ApiKeyUpdated webhook] --> AKUD[ApiKeyUpdatedData]
        AKUD -->|type=organization| AKUDO[ApiKeyUpdatedDataOwner\n= ApiKeyCreatedDataOwner]
        AKUD -->|type=user| UAKUDO[UserApiKeyUpdatedDataOwner\n= UserApiKeyCreatedDataOwner]
    end

    subgraph User Management
        RS[revoke_session] -->|removed: return_to| RS2[session_id only]
        CU[create_user / update_user] -->|added| NAME[name field]
        USER[User model] -->|alias| ECU[EmailChangeConfirmationUser\n+ name field]
    end

    subgraph Directory Sync - Removed
        DD[DsyncDeactivated X]
        DDD[DsyncDeactivatedData X]
    end

    subgraph Directory Sync - Added
        DTC[DsyncTokenCreated] --> DTCD[DsyncTokenCreatedData]
        DTR[DsyncTokenRevoked] --> DTRD[DsyncTokenRevokedData\n= DsyncTokenCreatedData]
    end

    subgraph Vault
        OLD[ObjectModel X] -->|renamed to| VO[VaultObject]
        GN[get_name] --> VO
        GK[get_kv] --> VO
    end

Loading

_{Reviews (2): Last reviewed commit: "update changelog data" | Re-trigger Greptile}

[greptile-apps]

nil expires_at silently omitted — "clear scheduled expiration" use-case is unreachable

The docstring says "Use null to clear a scheduled future expiration", but the body is built with .compact, which drops any nil value. Calling create_api_key_expire(id: "key_id", expires_at: nil) (the explicit-null form) produces body = {}, identical to omitting the parameter entirely. If the API distinguishes {"expires_at": null} (cancel pending expiry) from an empty body (expire immediately), that distinction is permanently lost here and the "clear scheduled expiration" path can never be exercised.