feat!: Port AuditLogs to oagen

[gjtorikian]

Description

This PR generates the AuditLogs category in the Node SDK from the OpenAPI spec.

Almost every existing method changed its input signature, its output, or both. Callers cannot expect the same input/output format.

┌──────────────┬─────────────────────────────────────────────────┬────────────────────────────────────────────────────────────┐
│    Method    │                     Before                      │                           After                            │
├──────────────┼─────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ createEvent  │ createEvent(organization: string, event,        │ createEvent(options: CreateEventOptions) →                 │
│              │ options?) → Promise<void>                       │ Promise<AuditLogEventCreateResponse>                       │
├──────────────┼─────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ createSchema │ createSchema(schema: {action, ...}, options?)   │ createSchema(options: {actionName, ...})                   │
├──────────────┼─────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ listSchemas  │ listSchemas(action: string, options?)           │ renamed → listActionSchemas(options: {actionName, ...})    │
├──────────────┼─────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ getExport    │ getExport(auditLogExportId: string)             │ getExport(options: {auditLogExportId})                     │
├──────────────┼─────────────────────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ createExport │ createExport(options: AuditLogExportOptions)    │ same signature                                             │
└──────────────┴─────────────────────────────────────────────────┴────────────────────────────────────────────────────────────┘

As well:

• AuditLogExport.createdAt / updatedAt change: string → Date
• AuditLogSchema.createdAt also changed string → Date

The following new methods were added:

• getOrganizationAuditLogsRetention(options)
• updateOrganizationAuditLogsRetention(options)
• listActions(options?)

Because of these changes, this is a major breaking change to the SDK.

[greptile-apps]

Greptile Summary

This PR ports the AuditLogs module to the oagen code generator, replacing hand-written serializers and interfaces with auto-generated equivalents from the OpenAPI spec. It is an intentional major breaking change: all existing method signatures changed, listSchemas was renamed to listActionSchemas, date fields shifted between string and Date, and three new methods were added (getOrganizationAuditLogsRetention, updateOrganizationAuditLogsRetention, listActions).

• All 73 changed files are auto-generated by oagen; serializers correctly handle camelCase↔snake_case mapping and Date deserialization for createdAt/updatedAt fields throughout.
• createEvent loses the automatic idempotency key generation that prevented duplicate events on retries, and CreateEventOptions exposes no way for callers to supply one manually.
• SerializedAuditLogExportOptions remains exported as public API despite its only consumer (the deleted serializeAuditLogExportOptions) being removed.

Confidence Score: 3/5

The generated code is mostly correct, but createEvent no longer attaches any idempotency key, meaning the HTTP client's built-in retry logic can produce duplicate audit log events without any recourse for the caller.

The bulk of the change — new interfaces, serializers, and method routing — is mechanically consistent and the Date deserialization is handled correctly throughout. The concerning part is createEvent: the old implementation always guaranteed an idempotency key (auto-generated if not supplied), and the new CreateEventOptions interface removes even the ability to pass one. Because the WorkOS HTTP client retries on 5xx responses, a network hiccup can now silently duplicate an audit log event with no way for callers to prevent it. This regression on a write path that carries compliance implications warrants careful review before merging.

src/audit-logs/audit-logs.ts (createEvent idempotency regression) and src/audit-logs/interfaces/audit-log-export-options.interface.ts (orphaned SerializedAuditLogExportOptions export)

Important Files Changed

Filename	Overview
src/audit-logs/audit-logs.ts	Core class rewritten by oagen — adds 4 new methods, renames listSchemas→listActionSchemas, changes all signatures; idempotency key generation silently dropped from createEvent and JSDoc for createExport documents a field not present in AuditLogExportOptions.
src/audit-logs/audit-logs.spec.ts	Tests replaced with oagen-generated stubs; retry/idempotency/error-path coverage removed and not replaced.
src/audit-logs/interfaces/audit-log-export-options.interface.ts	rangeStart/rangeEnd changed from Date to string (breaking); SerializedAuditLogExportOptions left as orphaned dead code in the public API.
src/audit-logs/interfaces/audit-log-export.interface.ts	createdAt/updatedAt promoted from string to Date; serializer correctly calls new Date() on the wire value.
src/audit-logs/serializers/audit-log-export.serializer.ts	Correctly maps snake_case wire fields to camelCase and converts date strings to Date objects.
src/audit-logs/serializers/audit-log-event-ingestion.serializer.ts	Correctly maps organizationId→organization_id and delegates event serialization.
src/audit-logs/interfaces/index.ts	Expanded to re-export all new interfaces; create-audit-log-event-options removed from public API as expected for breaking change.
src/audit-logs/serializers/audit-log-schema-input.serializer.ts	Correctly serializes schema input including optional actor/metadata handling.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant Caller
    participant AuditLogs
    participant WorkOS HTTP

    Caller->>AuditLogs: createEvent(CreateEventOptions)
    Note over AuditLogs: No idempotency key generated
    AuditLogs->>WorkOS HTTP: POST /audit_logs/events (body)
    WorkOS HTTP-->>AuditLogs: AuditLogEventCreateResponseWire
    AuditLogs-->>Caller: AuditLogEventCreateResponse

    Caller->>AuditLogs: createExport(AuditLogExportOptions)
    AuditLogs->>WorkOS HTTP: POST /audit_logs/exports
    WorkOS HTTP-->>AuditLogs: AuditLogExportResponse
    AuditLogs-->>Caller: AuditLogExport (createdAt/updatedAt as Date)

    Caller->>AuditLogs: "getOrganizationAuditLogsRetention({ id })"
    AuditLogs->>WorkOS HTTP: GET /organizations/:id/audit_logs_retention
    WorkOS HTTP-->>AuditLogs: AuditLogsRetentionResponse
    AuditLogs-->>Caller: AuditLogsRetention

    Caller->>AuditLogs: listActions(options?)
    AuditLogs->>WorkOS HTTP: GET /audit_logs/actions
    WorkOS HTTP-->>AuditLogs: list response
    AuditLogs-->>Caller: "AutoPaginatable<AuditLogAction>"

    Caller->>AuditLogs: "listActionSchemas({ actionName, ...pagination })"
    AuditLogs->>WorkOS HTTP: GET /audit_logs/actions/:name/schemas
    WorkOS HTTP-->>AuditLogs: list response
    AuditLogs-->>Caller: "AutoPaginatable<AuditLogSchema>"

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant Caller
    participant AuditLogs
    participant WorkOS HTTP

    Caller->>AuditLogs: createEvent(CreateEventOptions)
    Note over AuditLogs: No idempotency key generated
    AuditLogs->>WorkOS HTTP: POST /audit_logs/events (body)
    WorkOS HTTP-->>AuditLogs: AuditLogEventCreateResponseWire
    AuditLogs-->>Caller: AuditLogEventCreateResponse

    Caller->>AuditLogs: createExport(AuditLogExportOptions)
    AuditLogs->>WorkOS HTTP: POST /audit_logs/exports
    WorkOS HTTP-->>AuditLogs: AuditLogExportResponse
    AuditLogs-->>Caller: AuditLogExport (createdAt/updatedAt as Date)

    Caller->>AuditLogs: "getOrganizationAuditLogsRetention({ id })"
    AuditLogs->>WorkOS HTTP: GET /organizations/:id/audit_logs_retention
    WorkOS HTTP-->>AuditLogs: AuditLogsRetentionResponse
    AuditLogs-->>Caller: AuditLogsRetention

    Caller->>AuditLogs: listActions(options?)
    AuditLogs->>WorkOS HTTP: GET /audit_logs/actions
    WorkOS HTTP-->>AuditLogs: list response
    AuditLogs-->>Caller: "AutoPaginatable<AuditLogAction>"

    Caller->>AuditLogs: "listActionSchemas({ actionName, ...pagination })"
    AuditLogs->>WorkOS HTTP: GET /audit_logs/actions/:name/schemas
    WorkOS HTTP-->>AuditLogs: list response
    AuditLogs-->>Caller: "AutoPaginatable<AuditLogSchema>"

Loading

Comments Outside Diff (1)

1. src/audit-logs/interfaces/audit-log-export-options.interface.ts, line 11-19 (link)

   SerializedAuditLogExportOptions is now dead code in the public API

   The SerializedAuditLogExportOptions interface is re-exported through interfaces/index.ts and therefore part of the public SDK surface, but the only serializer that used it (serializeAuditLogExportOptions) was deleted in this PR. Leaving it exported creates noise for consumers and could cause confusion about the intended type contract for export serialization.

   Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

_{Reviews (1): Last reviewed commit: "Port AuditLogs to oagen" | Re-trigger Greptile}

[greptile-apps]

Idempotency key dropped from createEvent

The old implementation always attached an idempotency key to every createEvent call — either the caller-supplied one or an auto-generated workos-node-{uuid}. The new implementation sends no idempotency header at all, and CreateEventOptions exposes no field to supply one. The WorkOS HTTP client retries on 5xx responses, so a transient server error will now silently produce duplicate audit log events. The JSDoc comment retained in this method still explicitly documents idempotency-key semantics, making the omission especially surprising for callers.

[greptile-apps]

JSDoc documents @param options.actors for createExport but the field is absent from AuditLogExportOptions

The JSDoc for createExport includes @param options.actors - (deprecated) Deprecated. Use actor_names instead., yet AuditLogExportOptions has no actors field. A caller reading the docs and attempting to pass actors would get a TypeScript error. AuditLogExportCreation (the internal serialization type) has this field; the mismatch between the public option type and the documented param should either be resolved by adding actors to AuditLogExportOptions or by removing the @param entry.