{
  "openapi": "3.0.3",
  "info": {
    "title": "PoisonZero Admin API",
    "version": "1.0.0",
    "description": "Manage your PoisonZero daemon fleet programmatically: create app IDs with enrollment codes, list your fleet, deactivate or delete apps. Authenticate with an API key (pz_live_…) created in the panel at https://app.poisonzero.com/settings."
  },
  "servers": [{ "url": "https://poisonzero.com/api" }],
  "security": [{ "apiKey": [] }],
  "components": {
    "securitySchemes": {
      "apiKey": { "type": "http", "scheme": "bearer", "description": "API key from the panel (pz_live_…)" }
    },
    "schemas": {
      "App": {
        "type": "object",
        "properties": {
          "appId": { "type": "string", "pattern": "^[a-z0-9]{20}$" },
          "name": { "type": "string" },
          "status": { "type": "string", "enum": ["pending", "active", "revoked"] },
          "platform": { "type": "string" },
          "agentVersion": { "type": "string" },
          "lastSeenAt": { "type": "string", "format": "date-time", "nullable": true },
          "createdAt": { "type": "string", "format": "date-time", "nullable": true }
        }
      },
      "Error": {
        "type": "object",
        "properties": {
          "error": {
            "type": "object",
            "properties": { "code": { "type": "string" }, "message": { "type": "string" } }
          }
        }
      }
    }
  },
  "paths": {
    "/v1/apps": {
      "post": {
        "summary": "Create an app plus enrollment code",
        "requestBody": {
          "required": false,
          "content": {
            "application/json": {
              "schema": { "type": "object", "properties": { "name": { "type": "string", "maxLength": 100 } } }
            }
          }
        },
        "responses": {
          "201": {
            "description": "App created",
            "content": {
              "application/json": {
                "schema": {
                  "type": "object",
                  "properties": {
                    "appId": { "type": "string" },
                    "name": { "type": "string" },
                    "status": { "type": "string", "enum": ["pending"] },
                    "enrollCode": { "type": "string" },
                    "enrollCodeExpiresAt": { "type": "string", "format": "date-time" }
                  }
                }
              }
            }
          },
          "400": { "description": "Validation error (invalid_name, limit_reached)", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } },
          "401": { "description": "Invalid key or disabled account", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }
        }
      },
      "get": {
        "summary": "List your fleet",
        "responses": {
          "200": {
            "description": "Apps of the authenticated account",
            "content": {
              "application/json": {
                "schema": { "type": "object", "properties": { "apps": { "type": "array", "items": { "$ref": "#/components/schemas/App" } } } }
              }
            }
          },
          "401": { "description": "Invalid key or disabled account", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }
        }
      }
    },
    "/v1/apps/{appId}": {
      "parameters": [{ "name": "appId", "in": "path", "required": true, "schema": { "type": "string", "pattern": "^[a-z0-9]{20}$" } }],
      "get": {
        "summary": "Get a single app",
        "responses": {
          "200": { "description": "App", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/App" } } } },
          "404": { "description": "Unknown or foreign app ID", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }
        }
      },
      "delete": {
        "summary": "Delete an app permanently (app, config, daemon identity, open enrollment codes, review-queue entries; audit logs retained)",
        "responses": {
          "204": { "description": "Deleted" },
          "404": { "description": "Unknown or foreign app ID", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }
        }
      }
    },
    "/v1/apps/{appId}/enroll-code": {
      "parameters": [{ "name": "appId", "in": "path", "required": true, "schema": { "type": "string", "pattern": "^[a-z0-9]{20}$" } }],
      "post": {
        "summary": "Create a fresh enrollment code (single-use, 30 days)",
        "responses": {
          "201": {
            "description": "Enrollment code",
            "content": {
              "application/json": {
                "schema": { "type": "object", "properties": { "enrollCode": { "type": "string" }, "expiresAt": { "type": "string", "format": "date-time" } } }
              }
            }
          },
          "404": { "description": "Unknown or foreign app ID", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }
        }
      }
    },
    "/v1/apps/{appId}/revoke": {
      "parameters": [{ "name": "appId", "in": "path", "required": true, "schema": { "type": "string", "pattern": "^[a-z0-9]{20}$" } }],
      "post": {
        "summary": "Deactivate an app (daemon credentials stop working immediately)",
        "responses": {
          "200": {
            "description": "Revoked",
            "content": {
              "application/json": {
                "schema": { "type": "object", "properties": { "appId": { "type": "string" }, "status": { "type": "string", "enum": ["revoked"] } } }
              }
            }
          },
          "404": { "description": "Unknown or foreign app ID", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }
        }
      }
    }
  }
}