feat(generated)!: regenerate from spec (8 changes)

[workos-sdk-automation]

Summary

feat(api_keys): Add API key expiration and update event support

• Add create_api_key_expire operation to expire API keys via POST /api_keys/{id}/expire
• Add ApiKeyUpdated event class with ApiKeyUpdatedData and related nested models for tracking API key update events
• Add new expires_at required field to ApiKeyCreatedData and ApiKeyRevokedData

feat(user_management)!: Remove return_to param from revoke_session; add name field to user models

• Remove return_to parameter from revoke_session method (breaking change)
• Add optional name field to User, CreateUser, UpdateUser, and EmailChangeConfirmationUser models
• Update related .rbi type stubs to reflect signature changes

feat(directory_sync): Remove DsyncDeactivated models; add DsyncToken events

• Remove DsyncDeactivated, DsyncDeactivatedData, and related enum classes (breaking change)
• Add DsyncTokenCreated, DsyncTokenCreatedData, DsyncTokenRevoked, and DsyncTokenRevokedData event models
• Support new directory token lifecycle events in webhooks

feat(vault): Rename ObjectModel class to VaultObject

• Rename ObjectModel class to VaultObject for consistency with vault service naming (breaking change)
• Update get_name and get_kv methods to return VaultObject instead of ObjectModel
• Remove object inflection mapping that no longer applies

feat(connect): Add name field to UserObject

• Add optional name field to UserObject model for Connect applications

feat(groups): Move UserOrganizationMembershipBaseListData from authorization to groups

• Relocate UserOrganizationMembershipBaseListData model from authorization service to groups service (organizational change)

feat(types): Add SNOWFLAKE log stream type; remove DOMAIN_SIGN_UP_RATE_LIMIT enum

• Add SNOWFLAKE value to AuditLogConfigurationLogStreamType enum
• Remove DOMAIN_SIGN_UP_RATE_LIMIT value from RadarStandaloneResponseControl enum (breaking at type level)
• Add API_KEY_UPDATED event type to webhook endpoint event enums

feat(user_management)!: Add UserApiKeyUpdatedDataOwner model

• Add UserApiKeyUpdatedDataOwner model for API key update events owned by users

Triggered by workos/openapi-spec@dee95fc

BEGIN_COMMIT_OVERRIDE
feat(api_keys): Add API key expiration and update event support (#495)
feat(user_management)!: Remove return_to param from revoke_session; add name field to user models (#495)
feat(directory_sync): Remove DsyncDeactivated models; add DsyncToken events (#495)
feat(vault): Rename ObjectModel class to VaultObject (#495)
feat(connect): Add name field to UserObject (#495)
feat(groups): Move UserOrganizationMembershipBaseListData from authorization to groups (#495)
feat(types): Add SNOWFLAKE log stream type; remove DOMAIN_SIGN_UP_RATE_LIMIT enum (#495)
feat(user_management)!: Add UserApiKeyUpdatedDataOwner model (#495)
END_COMMIT_OVERRIDE

[greptile-apps]

Greptile Summary

Auto-generated regeneration from the OpenAPI spec adding API key expiration support, new event models (ApiKeyUpdated, DsyncTokenCreated/Revoked), a name field to user models, the VaultObject rename (from ObjectModel), and removal of return_to from revoke_session and DsyncDeactivated models.

• create_api_key_expire (lib/workos/api_keys.rb): new endpoint method that expires an API key via POST /api_keys/{id}/expire; body construction uses .compact which prevents sending an explicit JSON null for expires_at (see inline comment).
• VaultObject rename: ObjectModel → VaultObject across lib, rbi, and tests; inflection entry removed; no remaining references to the old name.
• Breaking removals: return_to dropped from revoke_session, DsyncDeactivated* models removed and replaced with DsyncToken{Created,Revoked} event models.

Confidence Score: 4/5

The bulk of the PR is safe mechanical code generation — model additions, renames, and removals all look correct. The one functional gap is in create_api_key_expire where .compact makes it impossible to send a JSON null for expires_at, meaning the "clear a scheduled future expiration" use-case described in the docstring cannot currently be exercised.

Nearly all changes are clean renames, additions, and removals consistent with the rest of the SDK. The create_api_key_expire method is the only substantive logic change, and it has a mismatch between the documented null-to-clear behavior and what the body builder actually sends.

lib/workos/api_keys.rb — specifically the body construction in create_api_key_expire.

Important Files Changed

Filename	Overview
lib/workos/api_keys.rb	Adds create_api_key_expire method; .compact on body prevents sending explicit null for expires_at, making the "clear scheduled expiration" doc claim unreachable.
lib/workos/api_keys/expire_api_key.rb	New model class for the expire API key request shape; straightforward struct with a single expires_at field.
lib/workos/api_keys/api_key_updated_data.rb	New data model for api_key.updated events; polymorphic owner dispatch by type mirrors the pre-existing pattern in api_key_created_data.rb.
lib/workos/vault/vault_object.rb	Renames ObjectModel to VaultObject; content is identical to the old object.rb.
lib/workos/user_management.rb	Removes return_to from revoke_session, adds optional name field to create_user and update_user; all changes are clean and consistent.
lib/workos/directory_sync/dsync_token_revoked_data.rb	Defines DsyncTokenRevokedData as a Ruby type alias for DsyncTokenCreatedData; consistent with the established alias pattern used across the SDK.
lib/workos/user_management/revoke_session.rb	Removes return_to attribute from the model class; change is complete and consistent with the service-layer update.
test/workos/test_model_round_trip.rb	Round-trip tests added/updated for all new models (ApiKeyUpdated, DsyncToken*, VaultObject rename); old DsyncDeactivated tests correctly repurposed.
lib/workos/inflections.rb	Removes the "object" => "ObjectModel" inflection mapping; correct cleanup following the VaultObject rename.

Sequence Diagram

sequenceDiagram
    participant Caller
    participant ApiKeys
    participant WorkOSAPI

    Caller->>ApiKeys: create_api_key_expire(id:, expires_at:)
    Note over ApiKeys: body = {"expires_at" => expires_at}.compact
    ApiKeys->>WorkOSAPI: "POST /api_keys/{id}/expire"
    WorkOSAPI-->>ApiKeys: ApiKey JSON
    ApiKeys-->>Caller: WorkOS::ApiKey

    Caller->>ApiKeys: delete_api_key(id:)
    ApiKeys->>WorkOSAPI: "DELETE /api_keys/{id}"
    WorkOSAPI-->>ApiKeys: 204
    ApiKeys-->>Caller: nil

Loading

_{Reviews (1): Last reviewed commit: "chore(generated): add release notes frag..." | Re-trigger Greptile}

[greptile-apps]

nil expires_at silently omitted — "clear scheduled expiration" use-case is unreachable

The docstring says "Use null to clear a scheduled future expiration", but the body is built with .compact, which drops any nil value. Calling create_api_key_expire(id: "key_id", expires_at: nil) (the explicit-null form) produces body = {}, identical to omitting the parameter entirely. If the API distinguishes {"expires_at": null} (cancel pending expiry) from an empty body (expire immediately), that distinction is permanently lost here and the "clear scheduled expiration" path can never be exercised.