POST /api/v1/admin/reload-features
This page is auto-generated from
src/admin/routes.ts. Do not edit by hand — seedocs/dev/docs-auto-sync.md.
:warning: Heuristic extraction — not a contract. Response shapes below are mined from
c.json(...)literals in the handler via an AST walker. Computed fields, ternaries, and non-literal returns are shown as placeholders. Refer to the linked source file for the authoritative behaviour.
POST /api/v1/admin/reload-features
Section titled “POST /api/v1/admin/reload-features”Authentication
Section titled “Authentication”No requireCapability middleware detected on this route. Surface-level auth (admin token, dashboard session, org API key, anonymous proxy) is enforced by the parent router — see Source below.
Description
Section titled “Description”--- RBAC config hot-reload (#116) -----------------------------------------
POST /api/v1/admin/reload-features — re-reads role-defaults.json, tier-features.json, and capability-features.json from disk and atomically swaps the in-process cache. The loader validates EVERY file before the swap; a parse/shape error on any one keeps the previous cache (and the loader logs WARN). Auth-gated by the existing admin-token middleware.
Why: SSO/BYOS today sit at tier ‘org’. Moving them to ‘team’ must be a JSON edit + a POST to this endpoint — never a code change + redeploy.
Responses
Section titled “Responses”HTTP 200 (default)
Section titled “HTTP 200 (default)”{ "ok": true, "loadedAt": <call>, "tiers": <call>, "roles": <call>}HTTP 400
Section titled “HTTP 400”{ "ok": false, "error": <ternary>}Source
Section titled “Source”- File:
src/admin/routes.ts - Line: 295