chore: update v3 OpenAPI specs to v3.634.0

[Ed Fricker (beastawakens)]

User description

Automated v3 OpenAPI spec update for v3.634.0.

---

PR Type

Enhancement

---

Description

• Replace v3-block-user API with new v3-report-user-fraud endpoint

• New endpoint at POST /v3/users/{user_id}/report_fraud with structured fraud reasons

• Adds required fields: is_fraud, reason enum, reported_by email

• Returns 202 Accepted instead of 200 OK for async processing

---

Diagram Walkthrough

flowchart LR
  Old["v3-block-user (removed)"]
  New["v3-report-user-fraud (added)"]
  Endpoint["POST /v3/users/{user_id}/report_fraud"]
  Old -- "replaced by" --> New
  New -- "defines" --> Endpoint

Loading

File Walkthrough

	Relevant files
Documentation	CHANGELOG.md Add v3.634.0 changelog entry                                                          CHANGELOG.md Added v3.634.0 changelog entry noting v3-report-user-fraud update and v3-block-user removal +8/-0      README.md Update API table with new endpoint                                              README.md Removed Block User row from API table Added Report User Fraud row with new endpoint path and description +1/-1      index.html Update docs spec list                                                                        docs/index.html Removed v3-block-user from SPECS list Added v3-report-user-fraud to SPECS list for documentation UI +1/-1
Enhancement	v3-block-user.yaml Remove Block User OpenAPI spec                                                      specs/v3/v3-block-user.yaml Entire file deleted (261 lines), removing the Block User API specification +0/-261  v3-report-user-fraud.yaml Add Report User Fraud OpenAPI spec                                              specs/v3/v3-report-user-fraud.yaml New OpenAPI spec for POST /v3/users/{user_id}/report_fraud Defines ReportUserFraudRequest with required is_fraud, reported_by, and conditional reason/notes fields Includes fraud reason enum (e.g., FIRST_PARTY_FRAUD, SYNTHETIC_IDENTITY, OTHER) Returns 202 Accepted with ReportUserFraudAcceptedResponse schema +287/-0

---

---

Need help?

Type /help how to ... in the comments thread for any questions about PR-Agent usage.

Check out the documentation for more information.

[prfectionist]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🏅 Score: 82

🧪 No relevant tests

🔒 No security concerns identified

🔀 No multiple PR themes

⚡ Recommended focus areas for review Validation Gap The reason field is not listed in the required array of ReportUserFraudRequest, yet the description states it is required when is_fraud is true. This conditional requirement cannot be expressed via the required keyword alone in OpenAPI 3.0 (no if/then support). However, marking additionalProperties: true combined with not marking reason as required means a client could omit reason entirely and the spec would consider the request valid. Consider documenting this limitation more prominently or using a discriminator/oneOf pattern to better express the conditional validation. ReportUserFraudRequest: type: object required: - is_fraud - reported_by properties: is_fraud: type: boolean description: | `true` to flag the user as fraudulent, `false` to clear a previous fraud flag. example: true reason: type: string description: | Reason for the fraud report. **Required when `is_fraud` is `true`**; ignored when `is_fraud` is `false`. If `OTHER` is selected, `notes` becomes required. enum: - FIRST_PARTY_FRAUD - SECOND_PARTY_FRAUD - THIRD_PARTY_FRAUD - SYNTHETIC_IDENTITY - ACCOUNT_TAKEOVER - DOCUMENT_FORGERY - IDENTITY_FARMING - MULE_ACCOUNT - OTHER example: FIRST_PARTY_FRAUD notes: type: string maxLength: 500 description: | Free-form notes describing the fraud report. **Required when** either `is_fraud` is `false` or `reason` is `OTHER`. Optional in all other cases. Capped at 500 characters. example: Account takeover confirmed via partner internal review. reported_by: type: string format: email description: Email address of the person submitting the report. example: risk@partner.example additionalProperties: true Permissive Schema additionalProperties: true on the request schema allows clients to send arbitrary extra fields in the request body. This could lead to unexpected data being stored or processed. Unless there's a specific reason to allow extra fields, setting additionalProperties: false would be safer for a fraud-reporting endpoint. additionalProperties: true Formatting Issue The ## [Unreleased] heading on line 7 is immediately followed by ## [v3.634.0] on line 8 without a blank line or content under [Unreleased]. This makes the [Unreleased] section appear to contain the v3.634.0 entry rather than being a separate empty section. A blank line should separate them. ## [Unreleased] ## [v3.634.0] - 2026-06-04

[prfectionist]

Suggestion: Setting additionalProperties: true explicitly allows arbitrary fields in the request body, which could let clients send unexpected or malicious data that bypasses validation. This should likely be false to enforce a strict schema, consistent with the removed v3-block-user.yaml which used additionalProperties: false. [security, importance: 7]

Suggested change

	additionalProperties: true
	additionalProperties: false

[Copilot]

Pull request overview

Updates the Smile Identity v3 OpenAPI reference to API version v3.634.0 by replacing the deprecated Block User spec with a new Report User Fraud endpoint and updating the rendered docs/index and changelog accordingly.

Changes:

• Added a new spec for POST /v3/users/{user_id}/report_fraud (async 202 Accepted) with structured fraud reporting fields.
• Removed the v3-block-user OpenAPI spec and updated the docs UI + README endpoint table to reflect the replacement.
• Added a v3.634.0 entry to the changelog documenting the addition/removal.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
specs/v3/v3-report-user-fraud.yaml	Adds the new “Report User Fraud” OpenAPI spec and endpoint definition.
specs/v3/v3-block-user.yaml	Deletes the deprecated “Block User” OpenAPI spec.
README.md	Updates the endpoints table to remove “Block User” and add “Report User Fraud”.
docs/index.html	Updates the Redoc spec picker list to remove the old spec and include the new one.
CHANGELOG.md	Adds a v3.634.0 changelog entry noting the spec update/removal.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.