{"openapi":"3.1.0","info":{"title":"인사책 AI Integration API","version":"v1","description":"AI clients can discover Insacheck OAuth, MCP, tool registry, and public AI documentation from this OpenAPI document."},"servers":[{"url":"https://insacheck.com"}],"tags":[{"name":"AI Discovery","description":"Public metadata for AI clients and agents."},{"name":"MCP","description":"Model Context Protocol server and tool catalog."},{"name":"OAuth","description":"OAuth 2.1 + PKCE endpoints for MCP connection."},{"name":"Documentation","description":"Human-readable and AI-readable public documents."}],"paths":{"/ai":{"get":{"tags":["Documentation"],"summary":"AI integration landing page","responses":{"200":{"description":"HTML documentation page"}}}},"/docs/ai":{"get":{"tags":["Documentation"],"summary":"AI capabilities documentation","responses":{"200":{"description":"HTML documentation page"}}}},"/docs/mcp":{"get":{"tags":["Documentation"],"summary":"MCP documentation","responses":{"200":{"description":"HTML documentation page"}}}},"/.well-known/ai-plugin.json":{"get":{"tags":["AI Discovery"],"summary":"AI plugin metadata","responses":{"200":{"description":"AI plugin metadata","content":{"application/json":{"schema":{"type":"object"}}}}}}},"/.well-known/oauth-authorization-server":{"get":{"tags":["OAuth"],"summary":"OAuth authorization server metadata","responses":{"200":{"description":"RFC 8414 OAuth metadata","content":{"application/json":{"schema":{"type":"object"}}}}}}},"/.well-known/openid-configuration":{"get":{"tags":["OAuth"],"summary":"OpenID-style discovery metadata for AI clients","responses":{"200":{"description":"Discovery metadata. id_token is not issued.","content":{"application/json":{"schema":{"type":"object"}}}}}}},"/ai/tools":{"get":{"tags":["AI Discovery","MCP"],"summary":"AI agent tool registry","responses":{"200":{"description":"Tool registry with schemas, examples, permissions, versions, and status.","content":{"application/json":{"schema":{"type":"object","required":["tool_count","tools"],"properties":{"tool_count":{"type":"integer"},"tools":{"type":"array","items":{"$ref":"#/components/schemas/AiTool"}}}}}}}}}},"/mcp/tools.json":{"get":{"tags":["MCP"],"summary":"Legacy public MCP tool catalog","responses":{"200":{"description":"Backward-compatible compact tool catalog","content":{"application/json":{"schema":{"type":"object"}}}}}}},"/api/mcp":{"get":{"tags":["MCP"],"summary":"Canonical MCP server information","responses":{"200":{"description":"MCP server metadata"}}},"post":{"tags":["MCP"],"summary":"Canonical MCP JSON-RPC endpoint","security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/JsonRpcRequest"}}}},"responses":{"200":{"description":"JSON-RPC response","content":{"application/json":{"schema":{"type":"object"}}}},"401":{"description":"Bearer token required for tool calls"}}}},"/mcp":{"get":{"tags":["MCP"],"summary":"Legacy MCP server information","responses":{"200":{"description":"MCP server metadata"}}},"post":{"tags":["MCP"],"summary":"Legacy MCP JSON-RPC endpoint","security":[{"bearerAuth":[]}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/JsonRpcRequest"}}}},"responses":{"200":{"description":"JSON-RPC response","content":{"application/json":{"schema":{"type":"object"}}}},"401":{"description":"Bearer token required for tool calls"}}}},"/oauth/register":{"post":{"tags":["OAuth"],"summary":"Canonical Dynamic Client Registration","requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["redirect_uris"],"properties":{"client_name":{"type":"string"},"redirect_uris":{"type":"array","items":{"type":"string","format":"uri"}}}}}}},"responses":{"201":{"description":"Registered OAuth client"}}}},"/oauth/authorize":{"get":{"tags":["OAuth"],"summary":"Canonical OAuth authorization endpoint","parameters":[{"name":"client_id","in":"query","required":true,"schema":{"type":"string"}},{"name":"redirect_uri","in":"query","required":true,"schema":{"type":"string","format":"uri"}},{"name":"response_type","in":"query","required":true,"schema":{"type":"string","enum":["code"]}},{"name":"code_challenge","in":"query","required":true,"schema":{"type":"string"}},{"name":"code_challenge_method","in":"query","required":true,"schema":{"type":"string","enum":["S256"]}},{"name":"scope","in":"query","required":false,"description":"Use read for read-only access or read_write for full access. read_write includes read. Space-delimited \"read read_write\" is accepted and normalized to read_write for compatibility, but clients should request read_write alone.","schema":{"type":"string","enum":["read","read_write"]}},{"name":"state","in":"query","required":false,"schema":{"type":"string"}}],"responses":{"302":{"description":"Redirects to login or approval/redirect_uri"}}}},"/oauth/token":{"post":{"tags":["OAuth"],"summary":"Canonical OAuth token endpoint","requestBody":{"required":true,"content":{"application/x-www-form-urlencoded":{"schema":{"type":"object","properties":{"grant_type":{"type":"string","enum":["authorization_code","refresh_token"]},"client_id":{"type":"string"},"code":{"type":"string"},"redirect_uri":{"type":"string","format":"uri"},"code_verifier":{"type":"string"},"refresh_token":{"type":"string"}}}}}},"responses":{"200":{"description":"Bearer access token and refresh token"}}}},"/oauth/revoke":{"post":{"tags":["OAuth"],"summary":"OAuth token revocation endpoint","requestBody":{"required":true,"content":{"application/x-www-form-urlencoded":{"schema":{"type":"object","required":["token"],"properties":{"token":{"type":"string"},"token_type_hint":{"type":"string","enum":["access_token","refresh_token"]},"client_id":{"type":"string"}}}}}},"responses":{"200":{"description":"Token revoked or already inactive"}}}},"/oauth/introspect":{"post":{"tags":["OAuth"],"summary":"OAuth token introspection endpoint","requestBody":{"required":true,"content":{"application/x-www-form-urlencoded":{"schema":{"type":"object","required":["token"],"properties":{"token":{"type":"string"}}}}}},"responses":{"200":{"description":"Token active metadata"}}}},"/mcp/oauth/register":{"post":{"tags":["OAuth"],"summary":"Legacy Dynamic Client Registration","requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["redirect_uris"],"properties":{"client_name":{"type":"string"},"redirect_uris":{"type":"array","items":{"type":"string","format":"uri"}}}}}}},"responses":{"201":{"description":"Registered OAuth client"}}}},"/mcp/oauth/authorize":{"get":{"tags":["OAuth"],"summary":"Legacy OAuth authorization endpoint","parameters":[{"name":"client_id","in":"query","required":true,"schema":{"type":"string"}},{"name":"redirect_uri","in":"query","required":true,"schema":{"type":"string","format":"uri"}},{"name":"response_type","in":"query","required":true,"schema":{"type":"string","enum":["code"]}},{"name":"code_challenge","in":"query","required":true,"schema":{"type":"string"}},{"name":"code_challenge_method","in":"query","required":true,"schema":{"type":"string","enum":["S256"]}},{"name":"scope","in":"query","required":false,"description":"Use read for read-only access or read_write for full access. read_write includes read. Space-delimited \"read read_write\" is accepted and normalized to read_write for compatibility, but clients should request read_write alone.","schema":{"type":"string","enum":["read","read_write"]}},{"name":"state","in":"query","required":false,"schema":{"type":"string"}}],"responses":{"302":{"description":"Redirects to login or approval/redirect_uri"}}}},"/mcp/oauth/token":{"post":{"tags":["OAuth"],"summary":"Legacy OAuth token endpoint","requestBody":{"required":true,"content":{"application/x-www-form-urlencoded":{"schema":{"type":"object","required":["grant_type","client_id","code","redirect_uri","code_verifier"],"properties":{"grant_type":{"type":"string","enum":["authorization_code","refresh_token"]},"client_id":{"type":"string"},"code":{"type":"string"},"redirect_uri":{"type":"string","format":"uri"},"code_verifier":{"type":"string"},"refresh_token":{"type":"string"}}}}}},"responses":{"200":{"description":"Bearer access token and refresh token"}}}},"/mcp/oauth/revoke":{"post":{"tags":["OAuth"],"summary":"Legacy OAuth token revocation endpoint","responses":{"200":{"description":"Token revoked or already inactive"}}}},"/mcp/oauth/introspect":{"post":{"tags":["OAuth"],"summary":"Legacy OAuth token introspection endpoint","responses":{"200":{"description":"Token active metadata"}}}}},"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer"}},"schemas":{"JsonRpcRequest":{"type":"object","required":["jsonrpc","method"],"properties":{"jsonrpc":{"type":"string","enum":["2.0"]},"id":{"oneOf":[{"type":"string"},{"type":"number"},{"type":"null"}]},"method":{"type":"string","examples":["initialize","tools/list","tools/call"]},"params":{"type":"object"}}},"AiTool":{"type":"object","required":["name","description","permission","input_schema","output_schema","example","version","status"],"properties":{"name":{"type":"string"},"description":{"type":"string"},"permission":{"type":"string"},"required_role":{"type":"string","enum":["employee","dept_manager","hr_manager","owner"]},"required_scope":{"type":"string","enum":["read","read_write"]},"input_schema":{"type":"object"},"output_schema":{"type":"object"},"example":{"type":"object"},"version":{"type":"string"},"status":{"type":"string","enum":["active"]},"requires_confirmation":{"type":"boolean"}}}}},"x-insacheck":{"service_name":"인사책","ai_native_standard_version":"v1","mcp_protocol_version":"2024-11-05","mcp_server_version":"0.2.0","tool_registry_url":"https://insacheck.com/ai/tools","mcp_server_url":"https://insacheck.com/api/mcp","legacy_mcp_server_url":"https://insacheck.com/mcp","docs_url":"https://insacheck.com/docs/ai"}}