The app noun is the usage face; tags and author are build/management
metadata that belong to studio-app, not here. Remove them end to end:
- backend: drop tags/created_by_name from AppListRow, tag from
AppListQuery, the TagItem model, and the tag-name filter lookup;
stop hardcoding the cross-tenant blanks in the permitted-external list
- cli: remove the --tag flag, TAGS/AUTHOR columns, and tag from the
list query; single get app <id> no longer fabricates the fields
- regenerate openapi contracts (types/zod) and markdown docs
get app and get app <id> now agree (neither surfaces tags/author),
resolving the list-vs-single divergence raised in review.
Pause-time token emission now draws only from the recipient set each API
surface is allowed to act on (emit ⊆ validate), so the CLI/OpenAPI caller is
never handed a token the resume endpoint would reject as 404 (WTA-867).
A form's recipients are partitioned once, per surface, into a single
FormDisposition: the surface-actionable recipient yields `form_token`, while
the rest are reported as `approval_channels` (e.g. ["email", "console"]) so the
caller is told where approval actually happens. Token and channels are two
projections of one decision (disposition_for_surface) loaded by one recipient
query (load_form_dispositions_by_form_id); the live pause path and the
reconnect snapshot path consume the same FormDisposition so they cannot drift.
RecipientType carries its user-facing approval-channel label as an enum tuple
value, set in __new__, so a new recipient type cannot be declared without one.
Tests: consolidate recipient/disposition/enrich tests into parametrized
matrices, add CONSOLE-surface and empty-token coverage, extract a shared fake
session for the pause-event tests.
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
