feat(generated): Add new classes and fields for directory tokens, profiles, and memberships

[workos-sdk-automation]

Summary

• New Classes: Added DsyncTokenCreated, DsyncTokenCreatedData, DsyncTokenDeleted, DsyncTokenDeletedData, UserOrganizationMembershipBaseWithUser, and type aliases ApiKeyValidationResponseApiKey, ApiKeyValidationResponseApiKeyOwner
• New Fields: Added name field to DirectoryUser, DirectoryUserWithGroups, DsyncUserUpdatedData, and Profile classes
• New Fields: Added user field to OrganizationMembership and UserOrganizationMembership classes
• API Changes: Updated Authorization.list_memberships_for_resource and list_memberships_for_resource_by_external_id to return UserOrganizationMembershipBaseWithUser instead of UserOrganizationMembershipBaseListData
• Type Additions: Added new enum value ADMIN_PORTAL to EventContextActorSource and new type UserOrganizationMembershipBaseWithUserStatus
• Reorganization: Moved user_organization_membership_base_list_data.rb from authorization/ to groups/ directory
• Internal Changes: Modified ApiKeyCreatedData to store raw owner hash instead of instantiating object; updated ApiKeyValidationResponse to use new ApiKeyValidationResponseApiKey type

Triggered by workos/openapi-spec@91fc76a

[greptile-apps]

Greptile Summary

This auto-generated PR adds new event classes (DsyncTokenCreated, DsyncTokenDeleted) and their data models, extends several existing models (DirectoryUser, Profile, OrganizationMembership) with new fields, introduces UserOrganizationMembershipBaseWithUser as the new return type for two authorization list endpoints, and reorganises one file from authorization/ to groups/.

Two type-safety issues stand out: ApiKeyCreatedData#owner now stores a raw Hash at runtime but its Sorbet RBI still declares the return type as WorkOS::ApiKeyCreatedDataOwner, so any typed caller invoking .type or .id on owner will receive a NoMethodError. Additionally, the user accessor on OrganizationMembership, UserOrganizationMembership, and UserOrganizationMembershipBaseWithUser is declared non-nilable in all three RBIs while the implementation conditionally returns nil.

Confidence Score: 3/5

Two P1 Sorbet type mismatches need to be addressed before merging to avoid runtime surprises in typed callers.

Two independent P1 findings: the ApiKeyCreatedData owner field is a raw Hash at runtime but typed as ApiKeyCreatedDataOwner in the RBI, and the user field on three membership models is typed non-nilable in RBIs despite a nullable implementation. Both can produce runtime errors in Sorbet-checked code.

lib/workos/api_keys/api_key_created_data.rb (RBI not updated after owner type change) and rbi/workos/organization_membership.rbi, rbi/workos/user_organization_membership.rbi, rbi/workos/user_organization_membership_base_with_user.rbi (non-nilable user type)

Important Files Changed

Filename	Overview
lib/workos/api_keys/api_key_created_data.rb	Intentionally stores raw owner Hash instead of ApiKeyCreatedDataOwner, but the RBI was not updated — Sorbet type mismatch
rbi/workos/organization_membership.rbi	New user field typed non-nilable but implementation can return nil; same pattern in user_organization_membership.rbi and user_organization_membership_base_with_user.rbi
lib/workos/authorization/user_organization_membership_base_with_user.rb	New model with user field correctly using conditional instantiation of WorkOS::User
lib/workos/directory_sync/dsync_token_created.rb	New DsyncTokenCreated event model, correctly delegates data and context instantiation
lib/workos/directory_sync/dsync_token_deleted.rb	New DsyncTokenDeleted event model, mirrors DsyncTokenCreated pattern
lib/workos/api_keys/api_key_validation_response.rb	Updated to use new ApiKeyValidationResponseApiKey type alias instead of ApiKey
lib/workos/authorization.rb	Return types for list_memberships_for_resource and list_memberships_for_resource_by_external_id updated to UserOrganizationMembershipBaseWithUser
lib/workos/groups/user_organization_membership_base_list_data.rb	File moved from authorization/ to groups/ directory with no code changes
test/workos/test_model_round_trip.rb	Added round-trip tests for all new models; reordered some existing tests

Class Diagram

%%{init: {'theme': 'neutral'}}%%
classDiagram
    class UserOrganizationMembershipBaseWithUser {
        +String object
        +String id
        +String user_id
        +String organization_id
        +String status
        +Boolean directory_managed
        +String organization_name
        +Hash custom_attributes
        +String created_at
        +String updated_at
        +User user
    }
    class OrganizationMembership {
        +SlimRole role
        +User user
    }
    class UserOrganizationMembership {
        +SlimRole role
        +User user
    }
    class DsyncTokenCreated {
        +String id
        +String event
        +DsyncTokenCreatedData data
        +EventContext context
        +String object
    }
    class DsyncTokenCreatedData {
        +String id
        +String directory_id
        +String organization_id
        +String token_suffix
        +String created_at
        +String expires_at
    }
    DsyncTokenDeletedData --|> DsyncTokenCreatedData : type alias
    DsyncTokenDeleted --> DsyncTokenDeletedData
    DsyncTokenCreated --> DsyncTokenCreatedData
    UserOrganizationMembershipBaseWithUser --> User
    OrganizationMembership --> User
    UserOrganizationMembership --> User
    ApiKeyValidationResponseApiKey --|> ApiKey : type alias
    ApiKeyValidationResponseApiKeyOwner --|> ApiKeyCreatedDataOwner : type alias

Loading

Comments Outside Diff (1)

1. lib/workos/api_keys/api_key_created_data.rb, line 103 (link)

   RBI type signature mismatch for owner

   The implementation now stores hash[:owner] as a raw Hash, but rbi/workos/api_key_created_data.rbi still declares owner as returning WorkOS::ApiKeyCreatedDataOwner. Any Sorbet-typed caller that receives ApiKeyCreatedData#owner and calls .type or .id on it will get a NoMethodError at runtime, since it now receives a plain Hash rather than the typed object. The RBI was not updated in this PR to reflect this intentional change.

_{Reviews (1): Last reviewed commit: "feat(generated): Add new classes and fie..." | Re-trigger Greptile}

[greptile-apps]

Non-nilable user type disagrees with nullable implementation

The Ruby implementation initialises @user as hash[:user] ? WorkOS::User.new(hash[:user]) : nil, meaning user can be nil when the field is absent. The RBI declares sig { returns(WorkOS::User) } (non-nilable), so any Sorbet-checked caller that omits a nil guard will silently propagate nil at runtime while the type system promises an object. The same mismatch is present in rbi/workos/user_organization_membership.rbi and rbi/workos/user_organization_membership_base_with_user.rbi.

Suggested change

	sig { returns(WorkOS::User) }
	def user; end
	sig { params(value: WorkOS::User).returns(WorkOS::User) }
	def user=(value); end
	sig { returns(T.nilable(WorkOS::User)) }
	def user; end
	sig { params(value: T.nilable(WorkOS::User)).returns(T.nilable(WorkOS::User)) }
	def user=(value); end