Azure · AlitzelMendez · May 6, 2026 · May 6, 2026
@@ -5,6 +5,7 @@ import "./autoreview.tsp";
 import "./apirevisions.tsp";
 import "./comments.tsp";
 import "./reviews.tsp";
+import "./permissions.tsp";
 
 using TypeSpec.Http;
 

@@ -0,0 +1,55 @@
+import "@typespec/http";
+import "./models.tsp";
+
+using TypeSpec.Http;
+
+namespace APIView;
+
+/** A user returned by a reviewer/admin endpoint */
+model ReviewerInfo {
+    /** GitHub username */
+    name: string;
+    /** The user's role (e.g. "Architect", "DeputyArchitect", "admin") */
+    role: string;
+}
+
+/** Response envelope for the get-approvers-for-language endpoint */
+model ApproversForLanguageResponse {
+    /** The language these approvers are scoped to */
+    language: string;
+    /** List of approvers with their language-scoped role */
+    approvers: ReviewerInfo[];
+}
+
+/**
+ * Permissions endpoints accessible via Azure AD token or cookie authentication.
+ * These endpoints are intended for use by agents and MCP clients via Bearer token.
+ */
+@route("/api/permissions")
+@useAuth(BearerAuth)
+namespace Permissions {
+    /**
+     * Get the approvers for a given language with their roles.
+     * @param language The language to get approvers for (e.g. "Python", "Java").
+     * @returns List of approvers with their language-scoped role
+     */
+    @get
+    @route("/approvers/{language}")
+    op GetApproversForLanguage(
+        @path language: string
+    ): {
+        @statusCode statusCode: 200;
+        @body body: ApproversForLanguageResponse;
+    } | UnauthorizedErrorResponse | InternalServerErrorResponse;
+
+    /**
+     * Get the list of GitHub usernames who have APIView admin permissions.
+     * @returns Admins with role "admin"
+     */
+    @get
+    @route("/admins")
+    op GetAdminUsernames(): {
+        @statusCode statusCode: 200;
+        @body admins: ReviewerInfo[];
+    } | UnauthorizedErrorResponse | InternalServerErrorResponse;
+}