fix(generated): No changes detected in API specification

[workos-sdk-automation]

Summary

No changes detected in API specification

Spec Diff

• Added: 0 | Removed: 0 | Modified: 0 | Breaking: 0

Triggered by openapi-spec commit: 608a735533a6afbb21e58bd1f1b05b94e8b1c162

---

[devin-ai-integration]

Devin Review found 2 potential issues.

View 5 additional findings in Devin Review.

[devin-ai-integration]

🔴 Enum object passed to JSON body instead of its string value in createUser

In createUser, $body['password_hash_type'] = $password->hashType assigns a CreateUserPasswordHashType backed enum object directly into the request body array. The old code correctly used $passwordHashType?->value to extract the string. PHP backed enums are not directly JSON-serializable — Guzzle's json option calls json_encode with JSON_THROW_ON_ERROR (lib/HttpClient.php:227), which will throw a \JsonException whenever a PasswordHashed object is passed. This completely breaks creating users with hashed passwords.

Suggested change

	$body['password_hash_type'] = $password->hashType;
	$body['password_hash_type'] = $password->hashType->value;

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[devin-ai-integration]

🔴 Enum object passed to JSON body instead of its string value in updateUser

Same issue as in createUser: $body['password_hash_type'] = $password->hashType at line 780 assigns the raw CreateUserPasswordHashType enum object instead of calling ->value. This will cause a \JsonException when Guzzle tries to json_encode the request body (lib/HttpClient.php:227), breaking all updateUser calls that use PasswordHashed.

Suggested change

	$body['password_hash_type'] = $password->hashType;
	$body['password_hash_type'] = $password->hashType->value;

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[greptile-apps]

Greptile Summary

This PR is generated by oagen and introduces several actual changes despite the title and spec-diff metadata claiming "No changes detected in API specification." The diff includes breaking renames across Authorization, AdminPortal, and UserManagement services, two brand-new services (Groups, UserManagementOrganizationMembershipGroups), and several new resource types (WaitlistUser*, CreateGroup, UpdateGroup, etc.).

• The PR description metadata ("Added: 0 | Removed: 0 | Modified: 0 | Breaking: 0") is factually incorrect — at least 11 public methods in Authorization were renamed, adminEmails → itContactEmails in AdminPortal, and the password/role parameter signatures changed in UserManagement. Existing callers of the old names will receive fatal PHP errors.
• Private non-spec property declarations ($passwordless, $vault, etc.) were relocated from the top property block to a position between public method definitions in WorkOS.php — valid PHP but worth flagging for static-analysis tooling.

Confidence Score: 3/5

Not safe to merge without acknowledging multiple breaking API changes that are mislabeled as non-breaking in the PR metadata.

Two P1 findings: 11 public method renames in Authorization and a parameter rename in AdminPortal, both breaking changes for existing SDK consumers. The PR automation metadata ("Breaking: 0") is incorrect, raising concern about whether this was intentional or a tooling defect. New features (Groups service, WaitlistUser resources) look correct and well-tested. Score is pulled below P1 ceiling due to the compounded nature of the breaking changes across multiple services.

lib/Service/Authorization.php (11 renamed methods), lib/Service/AdminPortal.php (renamed parameter + JSON key)

Important Files Changed

Filename	Overview
lib/Service/Authorization.php	11 public methods renamed (breaking), resource-target parameters consolidated into union types, new resourceExternalId filter added to listResources
lib/Service/AdminPortal.php	Breaking rename: $adminEmails parameter and admin_emails JSON key replaced with $itContactEmails / it_contact_emails
lib/Service/UserManagement.php	Password and role parameters refactored into discriminated union types (`PasswordPlaintext
lib/Service/Groups.php	New service: CRUD for organization groups and group membership management; implementation is consistent with other services in the codebase
lib/Service/UserManagementOrganizationMembershipGroups.php	New service: lists groups for a given organization membership via user_management/organization_memberships/{omId}/groups
lib/WorkOS.php	Two new service accessors added (groups(), userManagementOrganizationMembershipGroups()); private non-spec property declarations relocated after public methods — valid PHP but unconventional
lib/Resource/WaitlistUser.php	New resource representing a waitlist user with state enum, nullable approvedAt, and standard timestamp fields
tests/Service/GroupsTest.php	New test file covering all Groups service methods including pagination boundary test; assertions are consistent with service implementation
tests/Service/AuthorizationTest.php	Test method names updated to match renamed service methods; new resourceExternalId query parameter assertion added to testListResources

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[WorkOS Client] --> B[groups]
    A --> C[userManagementOrgMembershipGroups]
    A --> D[authorization]
    A --> E[userManagement]
    A --> F[adminPortal]

    B --> B1[listOrganizationGroups]
    B --> B2[createOrganizationGroup]
    B --> B3[getOrganizationGroup]
    B --> B4[updateOrganizationGroup]
    B --> B5[deleteOrganizationGroup]
    B --> B6[listGroupOrganizationMemberships]
    B --> B7[createGroupOrganizationMembership]
    B --> B8[deleteGroupOrganizationMembership]

    C --> C1[listOrganizationMembershipGroups]

    D --> D1[checkPermission]
    D --> D2[listResourcesForMembership - renamed]
    D --> D3[listEffectivePermissions - renamed]
    D --> D4[listRoleAssignments - renamed]
    D --> D5[removeRoleAssignment - renamed]

    E --> E1[createUser with PasswordPlaintext or PasswordHashed]
    E --> E2[createOrganizationMembership with RoleSingle or RoleMultiple]

    F --> F1[generateLink - itContactEmails renamed from adminEmails]

Loading

_{Reviews (1): Last reviewed commit: "fix(generated): No changes detected in A..." | Re-trigger Greptile}

[greptile-apps]

Breaking public-method renames despite "No changes" PR description

Eleven public methods are renamed in this file (listOrganizationMembershipResources → listResourcesForMembership, listResourcePermissions → listEffectivePermissions, listOrganizationMembershipRoleAssignments → listRoleAssignments, deleteOrganizationMembershipRoleAssignment → removeRoleAssignment, createRolePermission → addOrganizationRolePermission, updateRolePermissions → setOrganizationRolePermissions, deleteRolePermission → removeOrganizationRolePermission, getOrganizationResource → getResourceByExternalId, updateOrganizationResource → updateResourceByExternalId, deleteOrganizationResource → deleteResourceByExternalId, listResourceOrganizationMemberships → listMembershipsForResourceByExternalId). Any existing consumer calling the old method names will get a fatal "call to undefined method" PHP error at runtime. The PR metadata ("Breaking: 0") does not reflect this reality — a semver major bump and changelog entry are likely warranted.

[greptile-apps]

Breaking parameter rename: $adminEmails → $itContactEmails

The parameter was renamed and the corresponding JSON key changed from admin_emails to it_contact_emails. Any caller passing adminEmails: as a named argument (or relying on positional ordering) will silently stop sending the field or receive a PHP named-argument mismatch error. This is a breaking change for existing integrations that is not reflected in the PR's "Breaking: 0" claim.

[greptile-apps]

Private property declarations placed after public methods

The @oagen-ignore-start block containing six private property declarations ($passwordless, $vault, $webhookVerification, $actions, $sessionManager, $pkce) was moved from the top property-declaration section to a position after auditLogs() and before passwordless(). While this is valid PHP, some static-analysis tools and IDEs assume properties precede methods and may report false-positive "undefined property" warnings. Consider keeping property declarations grouped at the top of the class to maintain conventional PHP class structure.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!