feat: Add Radar to Node SDK

[gjtorikian]

Summary

• Adds the Radar module to the Node SDK, exposing standalone Radar assess, update-attempt, update-list, and delete-list-entry operations on workos.radar.
• Introduces interfaces, serializers, and JSON fixtures for Radar request/response payloads (verdicts, controls, actions, auth methods, blocklist types, etc.).
• Registers Radar in src/index.ts, src/workos.ts, and .oagen-manifest.json so generated artifacts and barrel exports stay in sync.
• Adds radar.spec.ts covering the new client methods.

Test plan

• npm test -- radar.spec.ts passes
• Full test suite passes
• workos.radar is reachable from a consumer and types resolve correctly

Summary by CodeRabbit

• New Features
  • Added Radar API for fraud detection and risk assessment with support for attempt tracking, challenge management, and blocklist operations
  • Extended webhook events to include Pipes connected account notifications (connected, disconnected, and reauthorization needed)

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 942bb9f7-8198-47a9-a560-e07f1f25f086

📥 Commits

Reviewing files that changed from the base of the PR and between db373f6 and 4d1c0df.

📒 Files selected for processing (34)

• .oagen-manifest.json
• src/index.ts
• src/radar/fixtures/radar-list-entry-already-present-response.json
• src/radar/fixtures/radar-standalone-assess-request.json
• src/radar/fixtures/radar-standalone-delete-radar-list-entry-request.json
• src/radar/fixtures/radar-standalone-response.json
• src/radar/fixtures/radar-standalone-update-radar-attempt-request.json
• src/radar/fixtures/radar-standalone-update-radar-list-request.json
• src/radar/interfaces/index.ts
• src/radar/interfaces/radar-list-action.interface.ts
• src/radar/interfaces/radar-list-entry-already-present-response.interface.ts
• src/radar/interfaces/radar-standalone-assess-request-action.interface.ts
• src/radar/interfaces/radar-standalone-assess-request-auth-method.interface.ts
• src/radar/interfaces/radar-standalone-assess-request.interface.ts
• src/radar/interfaces/radar-standalone-delete-radar-list-entry-request.interface.ts
• src/radar/interfaces/radar-standalone-response-blocklist-type.interface.ts
• src/radar/interfaces/radar-standalone-response-control.interface.ts
• src/radar/interfaces/radar-standalone-response-verdict.interface.ts
• src/radar/interfaces/radar-standalone-response.interface.ts
• src/radar/interfaces/radar-standalone-update-radar-attempt-request.interface.ts
• src/radar/interfaces/radar-standalone-update-radar-list-request.interface.ts
• src/radar/interfaces/radar-type.interface.ts
• src/radar/radar.spec.ts
• src/radar/radar.ts
• src/radar/serializers/index.ts
• src/radar/serializers/radar-list-entry-already-present-response.serializer.ts
• src/radar/serializers/radar-standalone-assess-request.serializer.ts
• src/radar/serializers/radar-standalone-delete-radar-list-entry-request.serializer.ts
• src/radar/serializers/radar-standalone-response.serializer.ts
• src/radar/serializers/radar-standalone-update-radar-attempt-request.serializer.ts
• src/radar/serializers/radar-standalone-update-radar-list-request.serializer.ts
• src/webhooks/interfaces/create-webhook-endpoint-events.interface.ts
• src/webhooks/interfaces/update-webhook-endpoint-events.interface.ts
• src/workos.ts

✅ Files skipped from review due to trivial changes (18)

• src/radar/fixtures/radar-standalone-update-radar-list-request.json
• src/radar/interfaces/radar-standalone-update-radar-attempt-request.interface.ts
• src/radar/interfaces/radar-list-entry-already-present-response.interface.ts
• src/radar/interfaces/radar-list-action.interface.ts
• src/radar/interfaces/radar-standalone-response.interface.ts
• src/radar/interfaces/radar-type.interface.ts
• src/webhooks/interfaces/update-webhook-endpoint-events.interface.ts
• src/radar/fixtures/radar-standalone-delete-radar-list-entry-request.json
• src/radar/serializers/radar-standalone-update-radar-list-request.serializer.ts
• src/radar/interfaces/radar-standalone-update-radar-list-request.interface.ts
• src/radar/serializers/radar-standalone-assess-request.serializer.ts
• src/radar/interfaces/radar-standalone-response-verdict.interface.ts
• src/radar/interfaces/radar-standalone-assess-request.interface.ts
• src/radar/interfaces/radar-standalone-delete-radar-list-entry-request.interface.ts
• .oagen-manifest.json
• src/radar/serializers/radar-standalone-response.serializer.ts
• src/radar/interfaces/radar-standalone-assess-request-auth-method.interface.ts
• src/radar/serializers/radar-list-entry-already-present-response.serializer.ts

---

📝 Walkthrough

Walkthrough

This PR introduces a complete Radar fraud detection API feature to the WorkOS SDK alongside webhook event updates. The Radar feature includes type contracts, serializers, a typed API client, comprehensive tests, test fixtures, and integration into the main WorkOS surface. Three new webhook event types for pipes connected account lifecycle are also added to webhook event mappings.

Changes

Radar API feature addition

Layer / File(s)	Summary
Radar type contracts and value enums src/radar/interfaces/radar-type.interface.ts, src/radar/interfaces/radar-list-action.interface.ts, src/radar/interfaces/radar-standalone-assess-request-action.interface.ts, src/radar/interfaces/radar-standalone-assess-request-auth-method.interface.ts, src/radar/interfaces/radar-standalone-response-verdict.interface.ts, src/radar/interfaces/radar-standalone-response-control.interface.ts, src/radar/interfaces/radar-standalone-response-blocklist-type.interface.ts	Foundational types and as const value enums defining radar assessment actions, authentication methods, response verdicts, active controls, and blocklist categories used across the API surface.
Radar request and response interfaces src/radar/interfaces/radar-standalone-assess-request.interface.ts, src/radar/interfaces/radar-list-entry-already-present-response.interface.ts, src/radar/interfaces/radar-standalone-delete-radar-list-entry-request.interface.ts, src/radar/interfaces/radar-standalone-update-radar-list-request.interface.ts, src/radar/interfaces/radar-standalone-update-radar-attempt-request.interface.ts, src/radar/interfaces/radar-standalone-response.interface.ts	Request/response interface pairs for assess, list update, list delete, and attempt update operations, with both camelCase domain model and snake_case wire transport shapes.
Radar serializers src/radar/serializers/index.ts, src/radar/serializers/radar-*.serializer.ts	Serialization and deserialization functions transforming between domain models (camelCase) and wire formats (snake_case), including barrel re-export of all serializer modules.
Radar API client src/radar/radar.ts	Radar class exposing four async methods (createAttempt, updateAttempt, addListEntry, removeListEntry) that coordinate HTTP requests via WorkOS helpers and apply serialization/deserialization.
Radar tests and fixtures src/radar/radar.spec.ts, src/radar/fixtures/radar-*.json	Jest test suite exercising all four Radar API methods with mocked fetch responses and assertions, plus JSON fixtures providing request and response payloads.
Package integration src/radar/interfaces/index.ts, src/index.ts, src/workos.ts, .oagen-manifest.json	Radar interfaces barrel module, package entrypoint re-exports, WorkOS main class Radar property initialization, and manifest metadata refresh.

Webhook pipes connected account events

Layer / File(s)	Summary
Pipes connected account webhook events src/webhooks/interfaces/create-webhook-endpoint-events.interface.ts, src/webhooks/interfaces/update-webhook-endpoint-events.interface.ts	Adds three new webhook event enum entries (Connected, Disconnected, ReauthorizationNeeded) for pipes connected account lifecycle to both create and update webhook endpoint event mappings.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description provides a comprehensive summary of changes, test plan, and implementation details, but does not address the template's documentation requirement section.	Fill out the documentation section of the template: explicitly state whether changes to WorkOS Docs are required, or check the 'No' option if not applicable.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat: Add Radar to Node SDK' clearly and concisely summarizes the main change—adding a new Radar feature module to the Node SDK.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch add-radar

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR integrates the Radar fraud-detection module into the WorkOS Node SDK, exposing four new methods on workos.radar: createAttempt, updateAttempt, addListEntry, and removeListEntry. The implementation follows the established oagen code-generation pattern used throughout the SDK, with matching interfaces, serializers, fixtures, and tests.

• createAttempt POSTs to /radar/attempts and deserializes the response into RadarStandaloneResponse (verdict, reason, attemptId, optional control and blocklistType).
• updateAttempt PUTs to /radar/attempts/:id and returns void; addListEntry/removeListEntry manage per-type, per-action blocklist entries via POST and DELETE-with-body respectively.
• Two webhook event enums (CreateWebhookEndpointEvents, UpdateWebhookEndpointEvents) gain the new authentication.radar_risk_detected event value.

Confidence Score: 4/5

Safe to merge once the addListEntry response type mismatch is resolved; all other changes are well-structured and follow established SDK patterns.

The addListEntry method unconditionally deserializes every API response using RadarListEntryAlreadyPresentResponse, whose message field is declared as a required string. When a brand-new entry is successfully inserted the API returns a different body, so message will be undefined at runtime while TypeScript believes it is always present. Any caller that reads result.message on a normal insertion will silently receive undefined. This unresolved issue in radar.ts is the primary concern.

src/radar/radar.ts — the addListEntry return type and its deserialization path need attention before merging.

Important Files Changed

Filename	Overview
src/radar/radar.ts	Core Radar client with four methods; addListEntry unconditionally deserializes all responses as RadarListEntryAlreadyPresentResponse, which gives callers a non-null message: string that is actually undefined on a successful new-entry 201 response.
src/radar/radar.spec.ts	Tests cover all four methods; addListEntry only exercises the already-present fixture, leaving the successful-insert path untested.
src/radar/interfaces/radar-list-entry-already-present-response.interface.ts	Declares message as a required string, but this type is incorrectly used as the return type for all addListEntry responses, not just the duplicate-entry case.
.oagen-manifest.json	Adds all new Radar files to the manifest; four existing webhook fixture files were dropped, which may cause them to be deleted on the next oagen codegen run.
src/webhooks/interfaces/create-webhook-endpoint-events.interface.ts	Adds authentication.radar_risk_detected event value to keep webhook event enum in sync with Radar integration.
src/webhooks/interfaces/update-webhook-endpoint-events.interface.ts	Mirrors create-webhook change; adds authentication.radar_risk_detected to the update events enum.

Sequence Diagram

sequenceDiagram
    participant Consumer
    participant WorkOS SDK (radar.ts)
    participant Radar API

    Consumer->>WorkOS SDK (radar.ts): createAttempt(payload)
    WorkOS SDK (radar.ts)->>Radar API: POST /radar/attempts
    Radar API-->>WorkOS SDK (radar.ts): RadarStandaloneResponseWire
    WorkOS SDK (radar.ts)-->>Consumer: RadarStandaloneResponse (verdict, reason, attemptId)

    Consumer->>WorkOS SDK (radar.ts): updateAttempt(id, payload)
    WorkOS SDK (radar.ts)->>Radar API: PUT /radar/attempts/:id
    Radar API-->>WorkOS SDK (radar.ts): 204 No Content
    WorkOS SDK (radar.ts)-->>Consumer: void

    Consumer->>WorkOS SDK (radar.ts): addListEntry(type, action, payload)
    WorkOS SDK (radar.ts)->>Radar API: POST /radar/lists/:type/:action
    Radar API-->>WorkOS SDK (radar.ts): RadarListEntryAlreadyPresentResponseWire (or new-entry body)
    WorkOS SDK (radar.ts)-->>Consumer: RadarListEntryAlreadyPresentResponse

    Consumer->>WorkOS SDK (radar.ts): removeListEntry(type, action, payload)
    WorkOS SDK (radar.ts)->>Radar API: DELETE /radar/lists/:type/:action (with body)
    Radar API-->>WorkOS SDK (radar.ts): 204 No Content
    WorkOS SDK (radar.ts)-->>Consumer: void

Loading

_{Reviews (3): Last reviewed commit: "Regenerate radar" | Re-trigger Greptile}

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 627d1c96-cafe-4f8a-8104-191f04a43bea

📥 Commits

Reviewing files that changed from the base of the PR and between e5015b0 and 13233a9.

📒 Files selected for processing (32)

• .oagen-manifest.json
• src/index.ts
• src/radar/fixtures/radar-list-entry-already-present-response.json
• src/radar/fixtures/radar-standalone-assess-request.json
• src/radar/fixtures/radar-standalone-delete-radar-list-entry-request.json
• src/radar/fixtures/radar-standalone-response.json
• src/radar/fixtures/radar-standalone-update-radar-attempt-request.json
• src/radar/fixtures/radar-standalone-update-radar-list-request.json
• src/radar/interfaces/index.ts
• src/radar/interfaces/radar-action.interface.ts
• src/radar/interfaces/radar-list-entry-already-present-response.interface.ts
• src/radar/interfaces/radar-standalone-assess-request-action.interface.ts
• src/radar/interfaces/radar-standalone-assess-request-auth-method.interface.ts
• src/radar/interfaces/radar-standalone-assess-request.interface.ts
• src/radar/interfaces/radar-standalone-delete-radar-list-entry-request.interface.ts
• src/radar/interfaces/radar-standalone-response-blocklist-type.interface.ts
• src/radar/interfaces/radar-standalone-response-control.interface.ts
• src/radar/interfaces/radar-standalone-response-verdict.interface.ts
• src/radar/interfaces/radar-standalone-response.interface.ts
• src/radar/interfaces/radar-standalone-update-radar-attempt-request.interface.ts
• src/radar/interfaces/radar-standalone-update-radar-list-request.interface.ts
• src/radar/interfaces/radar-type.interface.ts
• src/radar/radar.spec.ts
• src/radar/radar.ts
• src/radar/serializers/index.ts
• src/radar/serializers/radar-list-entry-already-present-response.serializer.ts
• src/radar/serializers/radar-standalone-assess-request.serializer.ts
• src/radar/serializers/radar-standalone-delete-radar-list-entry-request.serializer.ts
• src/radar/serializers/radar-standalone-response.serializer.ts
• src/radar/serializers/radar-standalone-update-radar-attempt-request.serializer.ts
• src/radar/serializers/radar-standalone-update-radar-list-request.serializer.ts
• src/workos.ts

[blairworkos]

We can also issue a Challenge: 'challenge' action here

[blairworkos]

oh I see - this is just for lists, where we only support block and allow. Could we update the const naming to be something like "RadarListAction"?

[blairworkos]

Could we narrow this to just be "sign-up" and "sign-in"? I'm also looking at the public docs, and we support like a lot of different variations, but I think that's just iterations. Wonder if we can only show these two options publicly to try and get users to send the right one.

[blairworkos]

hmmm this ip_sign_up_rate_limit should have been deprecated - I think that's something we'll need to do in the API.