feat: provide more context for policy schema

Author: stainless-app[bot]

.stats.yml

@@ -1,4 +1,4 @@
-configured_endpoints: 107
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/keycard%2Fkeycard-api-e0b7b296f7b0cac79675a790974f3ad90eb46833027467ee97c3ed21675628b8.yml
-openapi_spec_hash: 5e60faefb18dd2fca721f14252ab907a
-config_hash: a411a6a5bb4519b00f84eef745a194b3
+configured_endpoints: 106
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/keycard%2Fkeycard-api-2052af02ac981a44897f047d65dcc9e7a7643c8b2168dd73969ef94ec3d56948.yml
+openapi_spec_hash: ed47ef3c3f1aed86c2cb1ff009d60483
+config_hash: 8fdc6a9c1185417459f79052b1222ff0

README.md

@@ -9,15 +9,6 @@ and offers both synchronous and asynchronous clients powered by [httpx](https://
 
 It is generated with [Stainless](https://www.stainless.com/).
 
-## MCP Server
-
-Use the Keycard API MCP Server to enable AI assistants to interact with this API, allowing them to explore endpoints, make test requests, and use documentation to help integrate this SDK into your application.
-
-[![Add to Cursor](https://cursor.com/deeplink/mcp-install-dark.svg)](https://cursor.com/en-US/install-mcp?name=%40keycardai%2Fapi-mcp&config=eyJjb21tYW5kIjoibnB4IiwiYXJncyI6WyIteSIsIkBrZXljYXJkYWkvYXBpLW1jcCJdLCJlbnYiOnsiS0VZQ0FSRF9BUElfQVBJX0tFWSI6Ik15IEFQSSBLZXkiLCJLRVlDQVJEX0FQSV9DTElFTlRfSUQiOiJNeSBDbGllbnQgSUQiLCJLRVlDQVJEX0FQSV9DTElFTlRfU0VDUkVUIjoiTXkgQ2xpZW50IFNlY3JldCJ9fQ)
-[![Install in VS Code](https://img.shields.io/badge/_-Add_to_VS_Code-blue?style=for-the-badge&logo=data:image/svg%2bxml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGZpbGw9Im5vbmUiIHZpZXdCb3g9IjAgMCA0MCA0MCI+PHBhdGggZmlsbD0iI0VFRSIgZmlsbC1ydWxlPSJldmVub2RkIiBkPSJNMzAuMjM1IDM5Ljg4NGEyLjQ5MSAyLjQ5MSAwIDAgMS0xLjc4MS0uNzNMMTIuNyAyNC43OGwtMy40NiAyLjYyNC0zLjQwNiAyLjU4MmExLjY2NSAxLjY2NSAwIDAgMS0xLjA4Mi4zMzggMS42NjQgMS42NjQgMCAwIDEtMS4wNDYtLjQzMWwtMi4yLTJhMS42NjYgMS42NjYgMCAwIDEgMC0yLjQ2M0w3LjQ1OCAyMCA0LjY3IDE3LjQ1MyAxLjUwNyAxNC41N2ExLjY2NSAxLjY2NSAwIDAgMSAwLTIuNDYzbDIuMi0yYTEuNjY1IDEuNjY1IDAgMCAxIDIuMTMtLjA5N2w2Ljg2MyA1LjIwOUwyOC40NTIuODQ0YTIuNDg4IDIuNDg4IDAgMCAxIDEuODQxLS43MjljLjM1MS4wMDkuNjk5LjA5MSAxLjAxOS4yNDVsOC4yMzYgMy45NjFhMi41IDIuNSAwIDAgMSAxLjQxNSAyLjI1M3YuMDk5LS4wNDVWMzMuMzd2LS4wNDUuMDk1YTIuNTAxIDIuNTAxIDAgMCAxLTEuNDE2IDIuMjU3bC04LjIzNSAzLjk2MWEyLjQ5MiAyLjQ5MiAwIDAgMS0xLjA3Ny4yNDZabS43MTYtMjguOTQ3LTExLjk0OCA5LjA2MiAxMS45NTIgOS4wNjUtLjAwNC0xOC4xMjdaIi8+PC9zdmc+)](https://vscode.stainless.com/mcp/%7B%22name%22%3A%22%40keycardai%2Fapi-mcp%22%2C%22command%22%3A%22npx%22%2C%22args%22%3A%5B%22-y%22%2C%22%40keycardai%2Fapi-mcp%22%5D%2C%22env%22%3A%7B%22KEYCARD_API_API_KEY%22%3A%22My%20API%20Key%22%2C%22KEYCARD_API_CLIENT_ID%22%3A%22My%20Client%20ID%22%2C%22KEYCARD_API_CLIENT_SECRET%22%3A%22My%20Client%20Secret%22%7D%7D)
-
-> Note: You may need to set environment variables in your MCP client.
-
 ## Documentation
 
 The REST API documentation can be found on [docs.keycard.ai](https://docs.keycard.ai). The full API of this library can be found in [api.md](api.md).

api.md

@@ -8,7 +8,6 @@ from keycardai_api.types import (
     PageInfoPagination,
     Zone,
     ZoneListResponse,
-    ZoneListSessionResourceAccessResponse,
 )
 ```
 
@@ -19,7 +18,6 @@ Methods:
 - <code title="patch /zones/{zoneId}">client.zones.<a href="./src/keycardai_api/resources/zones/zones.py">update</a>(zone_id, \*\*<a href="src/keycardai_api/types/zone_update_params.py">params</a>) -> <a href="./src/keycardai_api/types/zone.py">Zone</a></code>
 - <code title="get /zones">client.zones.<a href="./src/keycardai_api/resources/zones/zones.py">list</a>(\*\*<a href="src/keycardai_api/types/zone_list_params.py">params</a>) -> <a href="./src/keycardai_api/types/zone_list_response.py">ZoneListResponse</a></code>
 - <code title="delete /zones/{zoneId}">client.zones.<a href="./src/keycardai_api/resources/zones/zones.py">delete</a>(zone_id) -> None</code>
-- <code title="get /zones/{zoneId}/session-resource-access">client.zones.<a href="./src/keycardai_api/resources/zones/zones.py">list_session_resource_access</a>(zone_id, \*\*<a href="src/keycardai_api/types/zone_list_session_resource_access_params.py">params</a>) -> <a href="./src/keycardai_api/types/zone_list_session_resource_access_response.py">ZoneListSessionResourceAccessResponse</a></code>
 
 ## Applications
 

src/keycardai_api/resources/zones/policies/versions.py

@@ -68,6 +68,8 @@ def create(
         Create a new immutable policy version
 
         Args:
+          schema_version: Schema version to validate this policy against. Must not be archived.
+
           cedar_json: Cedar policy in JSON representation. Mutually exclusive with cedar_raw.
 
           cedar_raw: Cedar policy in human-readable Cedar syntax. Mutually exclusive with cedar_json.
@@ -348,6 +350,8 @@ async def create(
         Create a new immutable policy version
 
         Args:
+          schema_version: Schema version to validate this policy against. Must not be archived.
+
           cedar_json: Cedar policy in JSON representation. Mutually exclusive with cedar_raw.
 
           cedar_raw: Cedar policy in human-readable Cedar syntax. Mutually exclusive with cedar_json.

src/keycardai_api/resources/zones/policy_schemas.py

@@ -26,7 +26,22 @@
 
 
 class PolicySchemasResource(SyncAPIResource):
-    """Zone-scoped Cedar schema management"""
+    """Zone-scoped Cedar schema management.
+
+    The Cedar schema defines the entity model used for authorization decisions.
+    Key entity types and their attributes:
+
+    - **Keycard::User** — `email` (String), `groups` (Set of String)
+    - **Keycard::Application** — `registration_method` (RegistrationMethod entity), `credential_type` (CredentialType entity)
+    - **Keycard::RegistrationMethod** — enum entity: `"managed"`, `"dcr"`
+    - **Keycard::CredentialType** — enum entity: `"token"`, `"password"`, `"public-key"`, `"url"`, `"public"`
+    - **Keycard::Resource** — `id` (String), `name` (String), `scopes` (Set of String)
+    - **Keycard::Claims** — `email` (String), `groups` (Set of String), plus arbitrary additional fields
+
+    Enum-like attributes use Cedar enum entity types (schema version `2026-03-16`+).
+    In policies, reference values as `RegistrationMethod::"managed"` or `CredentialType::"token"`.
+    See the Credentials API spec for the full entity model reference.
+    """
 
     @cached_property
     def with_raw_response(self) -> PolicySchemasResourceWithRawResponse:
@@ -243,7 +258,22 @@ def set_default(
 
 
 class AsyncPolicySchemasResource(AsyncAPIResource):
-    """Zone-scoped Cedar schema management"""
+    """Zone-scoped Cedar schema management.
+
+    The Cedar schema defines the entity model used for authorization decisions.
+    Key entity types and their attributes:
+
+    - **Keycard::User** — `email` (String), `groups` (Set of String)
+    - **Keycard::Application** — `registration_method` (RegistrationMethod entity), `credential_type` (CredentialType entity)
+    - **Keycard::RegistrationMethod** — enum entity: `"managed"`, `"dcr"`
+    - **Keycard::CredentialType** — enum entity: `"token"`, `"password"`, `"public-key"`, `"url"`, `"public"`
+    - **Keycard::Resource** — `id` (String), `name` (String), `scopes` (Set of String)
+    - **Keycard::Claims** — `email` (String), `groups` (Set of String), plus arbitrary additional fields
+
+    Enum-like attributes use Cedar enum entity types (schema version `2026-03-16`+).
+    In policies, reference values as `RegistrationMethod::"managed"` or `CredentialType::"token"`.
+    See the Credentials API spec for the full entity model reference.
+    """
 
     @cached_property
     def with_raw_response(self) -> AsyncPolicySchemasResourceWithRawResponse:

src/keycardai_api/resources/zones/policy_sets/policy_sets.py

@@ -81,6 +81,14 @@ def create(
         version.
 
         Args:
+          scope_type:
+              The scope at which this policy set applies:
+
+              - `"zone"` — applies to all requests in the zone.
+              - `"resource"` — scoped to a specific resource.
+              - `"user"` — scoped to a specific user.
+              - `"session"` — scoped to a specific session.
+
           extra_headers: Send extra headers
 
           extra_query: Add additional query parameters to the request
@@ -391,6 +399,14 @@ async def create(
         version.
 
         Args:
+          scope_type:
+              The scope at which this policy set applies:
+
+              - `"zone"` — applies to all requests in the zone.
+              - `"resource"` — scoped to a specific resource.
+              - `"user"` — scoped to a specific user.
+              - `"session"` — scoped to a specific session.
+
           extra_headers: Send extra headers
 
           extra_query: Add additional query parameters to the request

src/keycardai_api/resources/zones/policy_sets/versions.py

@@ -74,6 +74,8 @@ def create(
         Validates the manifest, computes SHA, and creates an immutable version snapshot.
 
         Args:
+          schema_version: Schema version to pin to this policy set version.
+
           extra_headers: Send extra headers
 
           extra_query: Add additional query parameters to the request
@@ -478,6 +480,8 @@ async def create(
         Validates the manifest, computes SHA, and creates an immutable version snapshot.
 
         Args:
+          schema_version: Schema version to pin to this policy set version.
+
           extra_headers: Send extra headers
 
           extra_query: Add additional query parameters to the request