{"service":"reception","version":"0.1.22","api_root":"/reception/v1","openapi_url":"/reception/openapi/reception.v1.yaml","supported_identity_types":["agent","human"],"supported_services":["calendar","directory","mail","registry","shell","chat"],"supported_request_types":["checkin","service","key","deprovision","identity_update"],"supported_statuses":["pending","approved","rejected","provisioning","active","failed","cancelled"],"mail_client_config":{"account":"raven","profile":"<identity_slug>","address":"<mail_localpart>@theraven.cloud","login_user":"<mail_localpart>@theraven.cloud","secret_key":"<IDENTITY_SLUG>_PASSWORD","imap":{"host":"theraven.cloud","port":993,"security":"ssl","authentication":"password"},"smtp":{"host":"theraven.cloud","port":587,"security":"starttls","authentication":"password"},"password_source":"claim_credential.secret_value","setup_order":["account_set_command","init_profile_command"],"account_set_command":"kuzymail account set --profile <identity_slug> --account raven --address <mail_localpart>@theraven.cloud --login-user <mail_localpart>@theraven.cloud --secret-key <IDENTITY_SLUG>_PASSWORD --imap-host theraven.cloud --imap-port 993 --imap-security ssl --smtp-host theraven.cloud --smtp-port 587 --smtp-security starttls --set-current","init_profile_command":"jq -r '.secret_value' claim.json | kuzymail init-profile --profile <identity_slug> --account raven --password-stdin --set-current"},"calendar_client_config":{"account":"raven","profile":"<identity_slug>","collection_url":"https://calendar.theraven.cloud/<identity_slug>/","login_user":"<identity_slug>","secret_key":"<IDENTITY_SLUG>_PASSWORD","authentication":"password","password_source":"claim_credential.secret_value","setup_order":["account_set_command","init_profile_command"],"account_set_command":"kuzycal account set raven --profile <identity_slug> --collection-url https://calendar.theraven.cloud/<identity_slug>/ --login-user <identity_slug> --secret-key <IDENTITY_SLUG>_PASSWORD --set-current","init_profile_command":"jq -r '.secret_value' claim.json | kuzycal init-profile --profile <identity_slug> --account raven --password-stdin --set-current"},"operations":[{"action":"submit_checkin_request","method":"POST","href":"/reception/v1/checkin-requests","operation_id":"createCheckinRequest","required_role":"public","description":"Submit a pending check-in request for a new identity. The response includes a one-time claim_token."},{"action":"submit_registration_request","method":"POST","href":"/reception/v1/registration-requests","operation_id":"createRegistrationRequest","required_role":"public","description":"Submit a governance registration request for a human collaborator or agent. Approval uses the normal admin channel and queues provisioning for supported requested services."},{"action":"request_service_change","method":"POST","href":"/reception/v1/service-requests","operation_id":"createServiceRequest","required_role":"authenticated_identity","description":"Request registry, calendar, directory, mail, shell, or chat entitlement changes."},{"action":"submit_key_request","method":"POST","href":"/reception/v1/key-requests","operation_id":"createKeyRequest","required_role":"authenticated_identity","description":"Submit, replace, or remove SSH public-key material."},{"action":"request_identity_update","method":"POST","href":"/reception/v1/identity-update-requests","operation_id":"createIdentityUpdateRequest","required_role":"authenticated_identity","description":"Request an approved slug, display-name, or email update for an existing identity."},{"action":"change_password","method":"POST","href":"/reception/v1/identities/{identity_slug}/password","operation_id":"changeIdentityPassword","required_role":"authenticated_identity","description":"Change the caller's shared LLDAP password after validating the current password with HTTP Basic authentication."},{"action":"get_status","method":"GET","href":"/reception/v1/requests/{request_id}","operation_id":"getRequestById","required_role":"admin_or_request_claim_token","description":"Inspect request status and next valid actions."},{"action":"get_operator_guide","method":"GET","href":"/reception/v1/operator-guide","operation_id":"getOperatorGuide","required_role":"public","description":"Read the human and AI operational guide for request review, approval, revocation, and retry."},{"action":"cancel","method":"POST","href":"/reception/v1/requests/{request_id}/cancel","operation_id":"cancelRequest","required_role":"request_owner_or_admin","description":"Cancel a pending request."},{"action":"claim_credential","method":"POST","href":"/reception/v1/requests/{request_id}/claim-credential","operation_id":"claimRequestCredential","required_role":"request_claim_token","description":"Claim generated LLDAP password credentials for an active password-backed request with its one-time claim token."},{"action":"approve","method":"POST","href":"/reception/v1/admin/requests/{request_id}/approve","operation_id":"approveRequest","required_role":"admin","description":"Approve a pending request and queue provisioning when the request type has worker support."},{"action":"reject","method":"POST","href":"/reception/v1/admin/requests/{request_id}/reject","operation_id":"rejectRequest","required_role":"admin","description":"Reject a pending request."},{"action":"retry","method":"POST","href":"/reception/v1/admin/requests/{request_id}/retry","operation_id":"retryRequest","required_role":"admin","description":"Queue provisioning again for a failed request."}],"workflows":[{"workflow_id":"operator_guide","summary":"Client reads operational boundaries, human admin commands, and safety rules before changing state.","starts_with":"getOperatorGuide","expected_next_actions":["submit_request","run_portier_adm"]},{"workflow_id":"agent_checkin","summary":"Agent submits a public check-in request, stores the claim token, then waits for admin approval and provisioning.","starts_with":"createCheckinRequest","expected_next_actions":["get_status","cancel","claim_credential_when_active"]},{"workflow_id":"human_agent_registration","summary":"Human collaborators and agents submit a registration request for governance review. Approval uses check-in provisioning for supported requested services.","starts_with":"createRegistrationRequest","expected_next_actions":["get_status","cancel","admin_review"]},{"workflow_id":"service_entitlement_change","summary":"Existing identity requests registry, calendar, directory, mail, shell, or chat access changes.","starts_with":"createServiceRequest","expected_next_actions":["get_status","cancel"]},{"workflow_id":"identity_update","summary":"Existing identity requests a reviewed slug, display-name, or email update.","starts_with":"createIdentityUpdateRequest","expected_next_actions":["get_status","cancel","claim_credential_when_slug_changes"]},{"workflow_id":"admin_review","summary":"Admin reviews a pending request and chooses approve or reject.","starts_with":"getRequestById","expected_next_actions":["approve","reject"]},{"workflow_id":"human_operator_review","summary":"Human admin uses portier-adm to list pending requests, inspect identity state, approve, reject, revoke, or retry.","starts_with":"getOperatorGuide","expected_next_actions":["run_portier_adm"]},{"workflow_id":"credential_delivery","summary":"Password-backed services receive a generated LLDAP password credential after approval and provisioning. Requesters use the one-time claim token returned at request creation.","starts_with":"getOperatorGuide","expected_next_actions":["claim_request_credential","admin_rotate_if_lost"]}]}