{"openapi":"3.0.3","info":{"title":"RuleDeck API","version":"1.0.0+schema.1","description":"Release artifact: ruledeck-service"},"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{}},"paths":{"/":{"get":{"responses":{"200":{"description":"Default Response"}}}},"/health":{"get":{"responses":{"200":{"description":"Default Response"}}}},"/ready":{"get":{"responses":{"200":{"description":"Default Response"}}}},"/v1/admin/login":{"post":{"summary":"Tenant admin login","tags":["admin"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["email","password"],"properties":{"email":{"type":"string","format":"email"},"password":{"type":"string","minLength":6},"totp":{"type":"string","minLength":6}}}}},"required":true},"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"token":{"type":"string"}},"required":["token"]}}}},"401":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"}},"required":["error"]}}}},"500":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"}},"required":["error"]}}}}}}},"/v1/admin/login/oidc":{"post":{"summary":"Tenant admin login with OIDC token","tags":["admin"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["oidcToken"],"properties":{"oidcToken":{"type":"string","minLength":20},"totp":{"type":"string","minLength":6}}}}},"required":true},"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"token":{"type":"string"}},"required":["token"]}}}},"401":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"500":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/mfa/bootstrap/setup":{"post":{"summary":"Bootstrap MFA setup (public, email/password)","tags":["admin"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["email","password"],"properties":{"email":{"type":"string","format":"email"},"password":{"type":"string","minLength":6}}}}},"required":true},"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"otpauthUrl":{"type":"string"}},"required":["otpauthUrl"]}}}},"401":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/mfa/bootstrap/confirm":{"post":{"summary":"Bootstrap MFA confirm (public, returns token)","tags":["admin"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["email","password","totp"],"properties":{"email":{"type":"string","format":"email"},"password":{"type":"string","minLength":6},"totp":{"type":"string","minLength":6}}}}},"required":true},"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"token":{"type":"string"}},"required":["token"]}}}},"400":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"401":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/2fa/setup":{"post":{"summary":"Start 2FA setup (returns otpauthUrl)","tags":["admin"],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"otpauthUrl":{"type":"string"}},"required":["otpauthUrl"]}}}},"401":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/2fa/confirm":{"post":{"summary":"Confirm 2FA (enable TOTP)","tags":["admin"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["totp"],"properties":{"totp":{"type":"string","minLength":6}}}}},"required":true},"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"enabled":{"type":"boolean"}},"required":["enabled"]}}}},"400":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"401":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/users/{id}/roles":{"get":{"summary":"Get current tenant role assignments for a user","tags":["admin"],"parameters":[{"schema":{"type":"string","format":"uuid"},"in":"path","name":"id","required":true}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"user_id":{"type":"string"},"tenant_membership_id":{"type":"string"},"membership_status":{"type":"string"},"roles":{"type":"array","items":{"type":"string"}}},"required":["user_id","tenant_membership_id","membership_status","roles"]}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"404":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/users":{"get":{"summary":"List tenant console users","tags":["admin"],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"items":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string"},"user_id":{"type":"string"},"tenant_membership_id":{"type":["null","string"]},"email":{"type":"string"},"display_name":{"type":["null","string"]},"user_type":{"type":"string"},"membership_type":{"type":["null","string"]},"membership_status":{"type":["null","string"]},"roles":{"type":"array","items":{"type":"string"}},"totp_enabled":{"type":"boolean"},"created_at":{"type":"string"},"updated_at":{"type":"string"}},"required":["id","user_id","email","user_type","roles","totp_enabled","created_at","updated_at"]}}},"required":["items"]}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}},"post":{"summary":"Create a tenant console user with membership and role assignments","tags":["admin"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["email","password","roles"],"properties":{"email":{"type":"string","format":"email"},"password":{"type":"string","minLength":8},"roles":{"type":"array","items":{"type":"string"},"minItems":1},"displayName":{"type":"string"},"userType":{"type":"string","enum":["wallet_only","wallet_vc","tenant_console","hybrid"]},"membershipType":{"type":"string","enum":["member","admin","service_delegate","individual_owner"]}}}}},"required":true},"security":[{"bearerAuth":[]}],"responses":{"201":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"id":{"type":"string"},"user_id":{"type":"string"},"tenant_membership_id":{"type":"string"},"email":{"type":"string"},"roles":{"type":"array","items":{"type":"string"}}},"required":["id","user_id","tenant_membership_id","email","roles"]}}}},"400":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"409":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/members":{"get":{"summary":"List tenant memberships with assigned roles","tags":["admin"],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"items":{"type":"array","items":{"type":"object","properties":{"membership_id":{"type":"string"},"user_id":{"type":"string"},"email":{"type":["null","string"]},"display_name":{"type":["null","string"]},"user_type":{"type":"string"},"user_status":{"type":"string"},"membership_type":{"type":"string"},"membership_status":{"type":"string"},"source":{"type":"string"},"is_default":{"type":"boolean"},"totp_enabled":{"type":"boolean"},"roles":{"type":"array","items":{"type":"string"}},"created_at":{"type":"string"},"updated_at":{"type":"string"}},"required":["membership_id","user_id","user_type","user_status","membership_type","membership_status","source","is_default","totp_enabled","roles","created_at","updated_at"]}}},"required":["items"]}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/members/invite":{"post":{"summary":"Invite a tenant member before wallet binding or console activation","tags":["admin"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["email"],"properties":{"email":{"type":"string","format":"email"},"displayName":{"type":"string"},"userType":{"type":"string","enum":["wallet_only","wallet_vc","tenant_console","hybrid"]},"membershipType":{"type":"string","enum":["member","admin","service_delegate","individual_owner"]}}}}},"required":true},"security":[{"bearerAuth":[]}],"responses":{"201":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"membership_id":{"type":"string"},"user_id":{"type":"string"},"email":{"type":"string"},"membership_status":{"type":"string"},"source":{"type":"string"}},"required":["membership_id","user_id","email","membership_status","source"]}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"409":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/members/{id}/revoke":{"post":{"summary":"Revoke a tenant membership and invalidate linked console sessions","tags":["admin"],"parameters":[{"schema":{"type":"string","format":"uuid"},"in":"path","name":"id","required":true}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"ok":{"type":"boolean"}},"required":["ok"]}}}},"400":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"404":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/members/{id}/activate-wallet":{"post":{"summary":"Activate an invited membership from ProofGate wallet evidence","tags":["admin"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["walletType","walletRef"],"properties":{"walletType":{"type":"string","enum":["hedera","evm"]},"walletRef":{"type":"string","minLength":1}}}}},"required":true},"parameters":[{"schema":{"type":"string","format":"uuid"},"in":"path","name":"id","required":true},{"schema":{"type":"string"},"in":"header","name":"authorization","required":false},{"schema":{"type":"string"},"in":"header","name":"x-api-key","required":false}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"membership_id":{"type":"string"},"membership_status":{"type":"string"},"source":{"type":"string"},"wallet_type":{"type":"string"},"wallet_ref":{"type":"string"},"roles":{"type":"array","items":{"type":"string"}}},"required":["membership_id","membership_status","source","wallet_type","wallet_ref","roles"]}}}},"400":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"401":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"404":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/roles/custom":{"post":{"summary":"Create a tenant custom role from tenant-available permissions","tags":["admin"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["name","permissionCodes"],"properties":{"name":{"type":"string","minLength":1},"description":{"type":"string"},"permissionCodes":{"type":"array","items":{"type":"string"},"minItems":1}}}}},"required":true},"security":[{"bearerAuth":[]}],"responses":{"201":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"id":{"type":"string"},"role_id":{"type":"string"},"code":{"type":"string"},"display_name":{"type":"string"},"description":{"type":["null","string"]},"source":{"type":"string"},"enabled":{"type":"boolean"},"permission_codes":{"type":"array","items":{"type":"string"}}},"required":["id","role_id","code","display_name","source","enabled","permission_codes"]}}}},"400":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"409":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/roles/available":{"get":{"summary":"List tenant-visible assignable roles","tags":["admin"],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"items":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string"},"role_id":{"type":"string"},"code":{"type":"string"},"display_name":{"type":"string"},"description":{"type":["null","string"]},"source":{"type":"string"},"enabled":{"type":"boolean"},"permission_codes":{"type":"array","items":{"type":"string"}}},"required":["id","role_id","code","display_name","source","enabled","permission_codes"]}}},"required":["items"]}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/roles/assignments":{"get":{"summary":"List current tenant member role assignments","tags":["admin"],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"items":{"type":"array","items":{"type":"object","properties":{"assignment_id":{"type":"string"},"membership_id":{"type":"string"},"user_id":{"type":"string"},"email":{"type":["null","string"]},"display_name":{"type":["null","string"]},"membership_status":{"type":"string"},"role_code":{"type":"string"},"role_display_name":{"type":"string"},"assignment_source":{"type":"string"},"created_at":{"type":"string"}},"required":["assignment_id","membership_id","user_id","membership_status","role_code","role_display_name","assignment_source","created_at"]}}},"required":["items"]}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/members/{id}/roles/assign":{"post":{"summary":"Assign multiple tenant-visible roles to a tenant membership","tags":["admin"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["roleCodes"],"properties":{"roleCodes":{"type":"array","items":{"type":"string"},"minItems":1},"assignmentSource":{"type":"string","enum":["system_default","tenant_default","tenant_admin_manual","risk_upgrade","invite_flow","vc_mapping","default_tenant_role","default_individual_role","manual_admin_assign"]}}}}},"required":true},"parameters":[{"schema":{"type":"string","format":"uuid"},"in":"path","name":"id","required":true}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"membership_id":{"type":"string"},"assigned":{"type":"array","items":{"type":"string"}},"roles":{"type":"array","items":{"type":"string"}}},"required":["membership_id","assigned","roles"]}}}},"400":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"404":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/members/{id}/roles/revoke":{"post":{"summary":"Revoke multiple role assignments from a tenant membership","tags":["admin"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["roleCodes"],"properties":{"roleCodes":{"type":"array","items":{"type":"string"},"minItems":1}}}}},"required":true},"parameters":[{"schema":{"type":"string","format":"uuid"},"in":"path","name":"id","required":true}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"membership_id":{"type":"string"},"revoked":{"type":"array","items":{"type":"string"}},"roles":{"type":"array","items":{"type":"string"}}},"required":["membership_id","revoked","roles"]}}}},"400":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"404":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/keys":{"get":{"summary":"List API keys (metadata only)","tags":["keys"],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"keys":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string"},"tenant_id":{"type":"string"},"name":{"type":"string"},"scopes":{"type":"array","items":{"type":"string"}},"status":{"type":"string"},"created_by":{"type":["null","string"]},"created_at":{"type":"string"},"revoked_at":{"type":["null","string"]},"last_used_at":{"type":["null","string"]},"expires_at":{"type":["null","string"]},"rotated_from_key_id":{"type":["null","string"]}},"required":["id","tenant_id","name","scopes","status","created_at"]}}},"required":["keys"]}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}},"post":{"summary":"Create API key (returns secret once)","tags":["keys"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["name","scopes"],"properties":{"name":{"type":"string","minLength":1},"scopes":{"type":"array","items":{"type":"string","minLength":1},"minItems":1},"expiresAt":{"type":"string","format":"date-time"}}}}},"required":true},"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"keyId":{"type":"string"},"secret":{"type":"string"}},"required":["keyId","secret"]}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/keys/{id}/rotate":{"post":{"summary":"Rotate API key (revokes old key, creates new key, returns new secret once)","tags":["keys"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"expiresAt":{"type":"string","format":"date-time"}}}}}},"parameters":[{"schema":{"type":"string","format":"uuid"},"in":"path","name":"id","required":true}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"oldKeyId":{"type":"string"},"newKeyId":{"type":"string"},"secret":{"type":"string"}},"required":["oldKeyId","newKeyId","secret"]}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"404":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/keys/{id}/revoke":{"post":{"summary":"Revoke API key","tags":["keys"],"parameters":[{"schema":{"type":"string","format":"uuid"},"in":"path","name":"id","required":true}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"ok":{"type":"boolean"}},"required":["ok"]}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"404":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/audit":{"get":{"summary":"List audit events for tenant","tags":["audit"],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"events":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string"},"action":{"type":"string"},"payload":{},"anchor_ref":{"type":"string"},"created_at":{"type":"string"}},"required":["id","action","payload","anchor_ref","created_at"]}}},"required":["events"]}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/sessions":{"get":{"summary":"List admin sessions (tenant_admin can see all; others see own)","tags":["sessions"],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"items":{"type":"array","items":{"type":"object","properties":{"id":{"type":"string"},"tenant_id":{"type":"string"},"user_id":{"type":"string"},"created_at":{"type":"string"},"last_seen_at":{"type":["null","string"]},"revoked_at":{"type":["null","string"]},"ip":{"type":["null","string"]},"user_agent":{"type":["null","string"]}},"required":["id","tenant_id","user_id","created_at"]}}},"required":["items"]}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/sessions/{id}/revoke":{"post":{"summary":"Revoke a session (forced logout). tenant_admin can revoke anyone; others can revoke own.","tags":["sessions"],"parameters":[{"schema":{"type":"string","format":"uuid"},"in":"path","name":"id","required":true}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"ok":{"type":"boolean"}},"required":["ok"]}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"404":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/logout":{"post":{"summary":"Logout current session (revoke current sid)","tags":["sessions"],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"ok":{"type":"boolean"}},"required":["ok"]}}}},"401":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/security-policy":{"get":{"summary":"Get tenant security policy (MFA enforcement)","tags":["security"],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"tenantId":{"type":"string"},"requireMfa":{"type":"boolean"},"requireMfaRoles":{"type":["null","array"],"items":{"type":"string"}},"updatedAt":{"type":"string"}},"required":["tenantId","requireMfa","updatedAt"]}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}},"put":{"summary":"Update tenant security policy (MFA enforcement)","tags":["security"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["requireMfa"],"properties":{"requireMfa":{"type":"boolean"},"requireMfaRoles":{"type":"array","items":{"type":"string","minLength":1}}}}}},"required":true},"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"ok":{"type":"boolean"}},"required":["ok"]}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/bundles":{"get":{"summary":"List regimes","tags":["bundles"],"description":"Retrieve all policy packs (regimes) available for the current tenant. Only admins with the scope bundle:read can access this endpoint.","security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","required":["bundles"],"properties":{"bundles":{"type":"array","description":"List of regimes (policy packs) configured for the tenant","items":{"type":"object","required":["id","regime"],"properties":{"id":{"type":"string","description":"Unique identifier of the policy pack"},"regime":{"type":"string","description":"Name of the regime (policy pack)"},"description":{"type":"string","nullable":true,"description":"Description of the policy pack"}}}}}}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}},"post":{"summary":"Create a regime (policy pack)","tags":["bundles"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["regime"],"properties":{"regime":{"type":"string","description":"Name of the regime (policy pack)"},"description":{"type":"string","nullable":true,"description":"Optional description of the policy pack"}}}}},"required":true},"security":[{"bearerAuth":[]}],"responses":{"201":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","required":["id","regime"],"properties":{"id":{"type":"string"},"regime":{"type":"string"},"description":{"type":"string","nullable":true}}}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/bundles/schemas":{"post":{"summary":"Publish a bundle JSON schema version","tags":["bundles"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["version","jsonSchema"],"properties":{"version":{"type":"string"},"jsonSchema":{"type":"object"}}}}},"required":true},"security":[{"bearerAuth":[]}],"responses":{"201":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","required":["ok","version"],"properties":{"ok":{"type":"boolean"},"version":{"type":"string"}}}}}},"400":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"},"details":{"type":"array","items":{"type":"object","properties":{"code":{"type":"string"},"path":{"type":"string"},"message":{"type":"string"}},"required":["code","path","message"]}}},"required":["error","message","details"]}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/bundles/{regime}/drafts":{"post":{"summary":"Upload a draft mode bundle (Mode A JSON / Mode B raw YAML)","tags":["bundles"],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"type":"object","required":["schemaVersion","content"],"properties":{"schemaVersion":{"type":"string"},"content":{"anyOf":[{"type":"string"},{"type":"object"}]},"baselineVersionId":{"type":"string","format":"uuid"}},"additionalProperties":false},{"type":"string","description":"Raw YAML or raw JSON text body"}]}}}},"parameters":[{"schema":{"type":"string"},"in":"query","name":"schemaVersion","required":false},{"schema":{"type":"string","format":"uuid"},"in":"query","name":"baselineVersionId","required":false},{"schema":{"type":"string"},"in":"path","name":"regime","required":true}],"security":[{"bearerAuth":[]}],"responses":{"201":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","required":["draftId","version","bundleHash","schemaHash","evidenceRef","diffSummary","validation","idempotent"],"properties":{"draftId":{"type":"string"},"version":{"type":"integer"},"bundleHash":{"type":"string"},"schemaHash":{"type":"string"},"evidenceRef":{"type":["null","string"]},"diffSummary":{"type":"object","additionalProperties":true},"validation":{"type":"object","required":["ok","errors"],"properties":{"ok":{"type":"boolean"},"errors":{"type":"array","items":{"type":"object","properties":{"code":{"type":"string"},"path":{"type":"string"},"message":{"type":"string"}},"required":["code","path","message"]}}}},"idempotent":{"type":"boolean"}}}}}},"400":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"},"details":{"type":"array","items":{"type":"object","properties":{"code":{"type":"string"},"path":{"type":"string"},"message":{"type":"string"}},"required":["code","path","message"]}}},"required":["error","message","details"]}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/bundles/{regime}/versions/{id}/diff":{"get":{"summary":"Get semantic diff for a policy version","tags":["bundles"],"parameters":[{"schema":{"type":"string"},"in":"query","name":"baseline","required":false,"description":"active | latest | <policyVersionId>"},{"schema":{"type":"string"},"in":"path","name":"regime","required":true},{"schema":{"type":"string","format":"uuid"},"in":"path","name":"id","required":true}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","required":["versionId","diff"],"properties":{"versionId":{"type":"string"},"diff":{"type":"object","additionalProperties":true}}}}}},"400":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"404":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/bundles/{regime}/versions/{id}/preview":{"post":{"summary":"Run preview sandbox fixtures against a draft","tags":["bundles"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["fixtures"],"properties":{"fixtures":{"type":"array","minItems":1,"items":{"type":"object","required":["id","input"],"properties":{"id":{"type":"string"},"input":{},"expect":{}}}}}}}},"required":true},"parameters":[{"schema":{"type":"string"},"in":"path","name":"regime","required":true},{"schema":{"type":"string","format":"uuid"},"in":"path","name":"id","required":true}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","required":["versionId","preview"],"properties":{"versionId":{"type":"string"},"preview":{"type":"object","additionalProperties":true}}}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"404":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/bundles/{regime}/versions/{id}/publish-request":{"post":{"summary":"Create publish request package (stored in audit_events + evidence_bundle)","tags":["bundles"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"targetEnv":{"type":"string","enum":["DEV","UAT","PROD"]},"targetTenantIds":{"type":"array","items":{"type":"string","format":"uuid"}}}}}}},"parameters":[{"schema":{"type":"string"},"in":"path","name":"regime","required":true},{"schema":{"type":"string","format":"uuid"},"in":"path","name":"id","required":true}],"security":[{"bearerAuth":[]}],"responses":{"201":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","required":["requestId","status","evidence"],"properties":{"requestId":{"type":"string"},"status":{"type":"string"},"submittedAt":{"type":["null","string"],"format":"date-time"},"evidence":{"type":"object","additionalProperties":true}}}}}},"400":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"404":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"409":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/bundles/{regime}/versions/{id}/publish-approve":{"post":{"summary":"Approve a publish request for a policy version (PGM approval marker)","tags":["bundles"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"requestId":{"type":"string","format":"uuid"},"approvalRef":{"type":"string"},"note":{"type":"string"}}}}}},"parameters":[{"schema":{"type":"string"},"in":"path","name":"regime","required":true},{"schema":{"type":"string","format":"uuid"},"in":"path","name":"id","required":true}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","required":["ok","status","policyVersionId"],"properties":{"ok":{"type":"boolean"},"status":{"type":"string"},"policyVersionId":{"type":"string"}}}}}},"400":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"404":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/modes/{regime}/activate":{"post":{"summary":"Activate a policy version atomically for tenant mode","tags":["modes"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["policyVersionId"],"properties":{"policyVersionId":{"type":"string","format":"uuid"},"scopeType":{"type":"string","enum":["ENV","TENANT","TENANT_OVERRIDE"]},"targetEnv":{"type":"string","enum":["DEV","UAT","PROD"]},"targetTenantIds":{"type":"array","items":{"type":"string","format":"uuid"}}}}}},"required":true},"parameters":[{"schema":{"type":"string","minLength":1,"maxLength":32},"in":"path","name":"regime","required":true}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","required":["ok","regime","policyVersionId","previousPolicyVersionId","etag"],"properties":{"ok":{"type":"boolean"},"regime":{"type":"string"},"policyVersionId":{"type":"string"},"previousPolicyVersionId":{"type":["null","string"]},"etag":{"type":"string"}}}}}},"400":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"404":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/modes/{regime}/rollback":{"post":{"summary":"Rollback active policy to previous or explicit version","tags":["modes"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"toPolicyVersionId":{"type":"string","format":"uuid"},"scopeType":{"type":"string","enum":["ENV","TENANT","TENANT_OVERRIDE"]},"targetEnv":{"type":"string","enum":["DEV","UAT","PROD"]},"targetTenantIds":{"type":"array","items":{"type":"string","format":"uuid"}}}}}}},"parameters":[{"schema":{"type":"string","minLength":1,"maxLength":32},"in":"path","name":"regime","required":true}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","required":["ok","regime","policyVersionId","previousPolicyVersionId","etag"],"properties":{"ok":{"type":"boolean"},"regime":{"type":"string"},"policyVersionId":{"type":"string"},"previousPolicyVersionId":{"type":["null","string"]},"etag":{"type":"string"}}}}}},"400":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"404":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/modes/{regime}/status":{"get":{"summary":"Propagation status per consumer (last seen version, lag, errors)","tags":["modes"],"parameters":[{"schema":{"type":"string"},"in":"path","name":"regime","required":true}],"security":[{"bearerAuth":[]}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"regime":{"type":"string"},"activePolicyVersionId":{"type":["null","string"]},"activatedAt":{"type":["null","string"]},"etag":{"type":["null","string"]},"sla":{"type":"object","properties":{"totalConsumers":{"type":"number"},"updatedConsumers":{"type":"number"},"updatedPct":{"type":"number"},"maxLagSeconds":{"type":["null","number"]}}},"consumers":{"type":"array","items":{"type":"object","additionalProperties":true}}}}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/admin/modes/consumers":{"post":{"summary":"Register a consumer for propagation monitoring","tags":["modes"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["name"],"properties":{"name":{"type":"string","minLength":1,"maxLength":128},"channel":{"type":"string","enum":["pull","push"]}}}}},"required":true},"security":[{"bearerAuth":[]}],"responses":{"201":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"consumerId":{"type":"string"},"name":{"type":"string"},"channel":{"type":"string"}},"required":["consumerId","name","channel"]}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/modes/{regime}/current":{"get":{"summary":"Pull active mode with ETag support (API key auth)","tags":["modes"],"parameters":[{"schema":{"type":"string","format":"uuid"},"in":"query","name":"policyVersionId","required":false},{"schema":{"type":"string","minLength":1,"maxLength":32},"in":"path","name":"regime","required":true}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","required":["regime","policyVersionId","activatedAt","etag","bundle","pinned"],"properties":{"regime":{"type":"string"},"policyVersionId":{"type":"string"},"activatedAt":{"type":"string"},"etag":{"type":"string"},"pinned":{"type":"boolean"},"bundle":{"type":"object","additionalProperties":true}}}}}},"304":{"description":"Default Response"},"401":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"404":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/modes/{regime}/ack":{"post":{"summary":"Consumer acknowledges applied policy version","tags":["modes"],"requestBody":{"content":{"application/json":{"schema":{"type":"object","required":["policyVersionId"],"properties":{"policyVersionId":{"type":"string","format":"uuid"},"etag":{"type":"string"},"error":{"type":"string"}}}}},"required":true},"parameters":[{"schema":{"type":"string","minLength":1,"maxLength":32},"in":"path","name":"regime","required":true},{"schema":{"type":"string"},"in":"header","name":"x-consumer-name","required":true}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"ok":{"type":"boolean"}},"required":["ok"]}}}},"400":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"401":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"403":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}},"404":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"},"message":{"type":"string"}}}}}}}}},"/v1/debug/apikey":{"get":{"summary":"Test API key authentication (DEV only)","tags":["debug"],"parameters":[{"schema":{"type":"string"},"in":"header","name":"x-api-key","required":true,"description":"API key secret (rdk_...)"}],"responses":{"200":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"apiKeyId":{"type":"string"},"tenantId":{"type":"string"},"scopes":{"type":"array","items":{"type":"string"}}},"required":["apiKeyId","tenantId","scopes"]}}}},"401":{"description":"Default Response","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string"}},"required":["error"]}}}}}}},"/docs":{"get":{"responses":{"200":{"description":"Default Response"}}}},"/v1/docs/versions":{"get":{"responses":{"200":{"description":"Default Response"}}}},"/v1/docs/openapi.json":{"get":{"responses":{"200":{"description":"Default Response"}}}},"/v1/docs/asyncapi.json":{"get":{"responses":{"200":{"description":"Default Response"}}}},"/v1/docs/auth-helper":{"get":{"responses":{"200":{"description":"Default Response"}}}},"/v1/docs/sdk-surface":{"get":{"responses":{"200":{"description":"Default Response"}}}},"/v1/docs/snippets":{"post":{"responses":{"200":{"description":"Default Response"}}}},"/v1/docs/mock/evaluate":{"post":{"responses":{"200":{"description":"Default Response"}}}}},"x-release-artifact":"ruledeck-service","x-policy-schema-version":"1","x-policy-schema-versions":["1"]}