feat: add list-my-workspaces operation and document IAM in API specs (#961)

Add a new `list-my-workspaces` operation so non-admin users can discover which workspaces they have access to. For OSS IAM, regular users see their home workspace; admins see all workspaces. Also add the full IAM service to both OpenAPI and AsyncAPI specs — it was previously undocumented despite being a first-class service on both HTTP and WebSocket interfaces.
2026-06-12 00:05:13 +02:00 · 2026-05-29 19:17:37 +01:00 · 2026-05-29 19:17:37 +01:00 · 6564adad80
commit 6564adad80
parent 2a10e16c02
20 changed files with 689 additions and 2 deletions
--- a/trustgraph-cli/pyproject.toml
+++ b/trustgraph-cli/pyproject.toml
@ -56,6 +56,7 @@ tg-create-api-key = "trustgraph.cli.create_api_key:main"
 tg-list-api-keys = "trustgraph.cli.list_api_keys:main"
 tg-revoke-api-key = "trustgraph.cli.revoke_api_key:main"
 tg-list-workspaces = "trustgraph.cli.list_workspaces:main"
+tg-list-my-workspaces = "trustgraph.cli.list_my_workspaces:main"
 tg-create-workspace = "trustgraph.cli.create_workspace:main"
 tg-invoke-agent = "trustgraph.cli.invoke_agent:main"
 tg-invoke-document-rag = "trustgraph.cli.invoke_document_rag:main"
--- a/trustgraph-cli/trustgraph/cli/list_my_workspaces.py
+++ b/trustgraph-cli/trustgraph/cli/list_my_workspaces.py
@ -0,0 +1,53 @@
+"""
+List workspaces the current user has access to.
+"""
+
+import argparse
+
+import tabulate
+
+from ._iam import DEFAULT_URL, DEFAULT_TOKEN, call_iam, run_main
+
+
+def do_list_my_workspaces(args):
+    resp = call_iam(
+        args.api_url, args.token, {"operation": "list-my-workspaces"},
+    )
+    workspaces = resp.get("workspaces", [])
+    if not workspaces:
+        print("No workspaces.")
+        return
+    rows = [
+        [
+            w.get("id", ""),
+            w.get("name", ""),
+            "yes" if w.get("enabled") else "no",
+            w.get("created", ""),
+        ]
+        for w in workspaces
+    ]
+    print(tabulate.tabulate(
+        rows,
+        headers=["id", "name", "enabled", "created"],
+        tablefmt="pretty",
+        stralign="left",
+    ))
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        prog="tg-list-my-workspaces", description=__doc__,
+    )
+    parser.add_argument(
+        "-u", "--api-url", default=DEFAULT_URL,
+        help=f"API URL (default: {DEFAULT_URL})",
+    )
+    parser.add_argument(
+        "-t", "--token", default=DEFAULT_TOKEN,
+        help="Auth token (default: $TRUSTGRAPH_TOKEN)",
+    )
+    run_main(do_list_my_workspaces, parser)
+
+
+if __name__ == "__main__":
+    main()