Skip to content
SupaCloud Docs
Search
Ctrl
K
Cancel
Repository
Select theme
Dark
Light
Auto
Auto
Dark
Light
Auto
Select language
English
Deutsch
English
English
Deutsch
User
Tutorials
Build your first workflow
Your first agent run
How-to guides
Approve or reject agent actions
Choose the autodev mode
Configure the standard closeout
Configure visual-verify gates
Connect a Discord bot
Connect a support-conversation channel (Chatwoot / Intercom)
Connect a Telegram bot
Install a marketplace connector
Launch a task from an issue
Manage memories
Manage secrets in the UI
Run the backlog
Schedule a report
Set the live-feed verbosity
Set the autonomy level
Set up a schedule
Track usage and budget
Use debug mode
Use voice input
Reference
Discord commands
Glossary
Telegram commands
Web terminal commands
Explanation
Automations
Autonomy and the delivery engine
Entitlements and the MCP tool tiers
Navigation and hubs
The runner fleet
Runs and tasks
Workspaces and Organizations
Admin
Tutorials
Stand up SupaCloud in 15 minutes
How-to guides
Apply an edition license
Configure OIDC / BYO-OIDC SSO
Configure voice input
Import a Windmill repository
Manage seats and billing
Observability: Prometheus, Grafana and the nightly load checks
Use the OpenBao secret backend
Operate the Delivery Engine
Pin the system LLM credential
Run migrations and upgrade
Self-host with Docker Compose
Separate-origin App hosting
Set up a runner securely
SSH execution backends
Steer & monitor runners
Reference
Environment variables
Ports and hosting domains
SECRET_BACKEND matrix
Explanation
Editions and entitlements
Runner-fleet defense-in-depth and elasticity
Runner-fleet security model
Secret provisioning
The self-learning Governor
Why separate-origin App hosting
Developer
Tutorials
Local development setup
How-to guides
Add a credential kind
Add a database migration
Add an i18n key
Connect an external MCP client
Create App backend functions
Cut a release
Run the architecture tests
Wire a new Telegram command
Reference
Commands API (CIP)
Contract Artifacts
Core data model
Server environment variables (full)
Management API
MCP Tool Surface
Migration Index
Workflow YAML reference
API reference
Web API
Overview
auth
Overview
POST /api/auth/2fa/verify — exchange the interim 2FA token + a valid TOTP (or single-use recovery) code for a full session (ADR 0031 D10). Re-fetches the login row and re-checks the lockout so the second factor honours the same lockout chokepoint as the password step.
POST /api/auth/discover — given a login email, return a per-organization BYO-OIDC start URL if its verified domain maps to an enabled IdP, else `None` (ADR 0031 D2a). ALWAYS 200 and non-enumerating: it never reveals whether an email or account exists. It does NOT call `normalize_email` (which errors on malformed) — the service normalizes and returns `None` for malformed input.
post_api_auth_login
post_api_auth_logout
GET /api/auth/magic/consume?token=… — redirects to the frontend confirm interstitial page so that corporate email pre-scanners (SafeLinks, Proofpoint, Gmail prefetch) that follow emailed links via automated GET do NOT consume the single-use token prematurely. The actual token consumption is POST-only; this redirect safely passes the token to the real browser for the user to confirm.
POST /api/auth/magic/consume — consume a sign-in link token submitted by the user's own browser via the /auth/magic/confirm interstitial page. Accepts `{"token": "…"}` in the request body. Returns the same JSON shape as password login (200 with session + CSRF cookies, or `{"totp_required":true}` for armed 2FA) so the confirm page can use the same session-adoption path.
POST /api/auth/magic/request — send a one-time sign-in link. Always returns 202 and is non-enumerating (ADR 0031 D3).
`GET /auth/oidc/byo/{slug}/callback` — verify the IdP response, upsert the user, issue a session, and redirect to the SPA. On any failure: clear the state cookie AND the remembered-realm hint, and redirect to `/login?switch=1&auth_error=` (the bypass prevents an auto-redirect loop).
`GET /auth/oidc/byo/{slug}/info` — public, pre-auth org info for the `/sso/{slug}` confirm-fallback landing (board-auth-sso, ADR 0031 A6 hybrid). Fail-closed and non-enumerating exactly like `start`: an unknown/disabled/unentitled slug is a generic 404; an enabled one returns the org's display name + slug + plan label (no secrets) for the chip. The default `/sso/{slug}` path still auto-redirects; this is only hit when the SPA renders the confirm landing.
`GET /auth/oidc/byo/{slug}/start` — redirect to the organization IdP's authorize endpoint. Fails closed when the slug is unknown or the organization has no enabled BYO config: rather than a bare 401 (this endpoint is only ever reached by a top-level browser navigation — the remembered-realm cookie, the `/sso/{slug}` entry URL, or the discover redirect), it clears the realm hint and sends the browser to the login form with the auto-redirect suppressed. That keeps a stale/deleted realm from looping (Issue #339 / ADR 0031 A6) while still not initiating OIDC. Fail-closed: an unknown slug and a disabled/lapsed config are indistinguishable (both land on `/login`). It is NOT fully non-enumerating — an *enabled* realm must redirect to its own IdP, which is inherently observable; the strong non-enumeration guarantee lives at `discover` (always 200) and the callback (uniform error).
get_api_auth_oidc_callback
get_api_auth_oidc_start
post_api_auth_register
POST /api/auth/reset/consume — set a new password using a reset token. The token holder is authenticated by possession of the single-use token. Returns 200 on success; 400 for a weak password or an invalid/expired/used token. The password is validated and the token consumed BEFORE the expensive Argon2 hash, so a bad token cannot be used to force hashing work.
POST /api/auth/reset/request — (re)send a password-reset link. Always returns 202 and is non-enumerating: it reveals nothing about whether the address exists (ADR 0031 D4).
`GET /api/auth/sso/forget` — the visible "use a different sign-in" escape (Issue #339 / ADR 0031 A6). Clears the remembered-realm hint and returns to the login form with the auto-redirect suppressed. No auth required: it only removes a non-secret hint cookie and is idempotent. A GET so it can be a plain link on the login form.
GET /api/auth/verify/consume?token=… — consume a verification link, flip `email_verified`, then redirect to the login page with a status flag. Always redirects, so the HTTP status never leaks whether the token was valid.
POST /api/auth/verify/request — (re)send an email-verification link. Always returns 202 and is non-enumerating: it reveals nothing about whether the address exists or is already verified (ADR 0031 D5).
POST /api/me/2fa/confirm — confirm enrolment with a live code, arm 2FA, and return the one-time recovery codes (shown to the user exactly once).
POST /api/me/2fa/disable — disable 2FA. Requires a currently-valid TOTP or recovery code so a session alone cannot strip protection.
POST /api/me/2fa/enroll — begin enrolment. Returns the otpauth provisioning URI (for the QR code) and the base32 secret (for manual entry). The secret is stored encrypted+pending; 2FA is not yet armed until confirmed.
`GET /v1/org/oidc` — config (without secret) + domain list.
`PUT /v1/org/oidc` — upsert the organization BYO-OIDC config.
`DELETE /v1/org/oidc` — remove the organization BYO-OIDC config. CLEANUP is allowed without the `sso_oidc_byo` entitlement (only `authorize_admin`): an org whose subscription lapsed must still be able to remove its config — and, via the domains, release its globally-unique verified domain claims so other orgs are not permanently blocked.
`POST /v1/org/oidc/domains` — register a pending domain, returning the DNS TXT record the organization must publish.
`DELETE /v1/org/oidc/domains/{id}` — remove a domain claim.
`POST /v1/org/oidc/domains/{id}/verify` — check the DNS TXT record and mark the domain verified. A concurrent claim by another organization surfaces as `domain_taken`.
users
Overview
GET /api/me — get current user profile + approval status
PUT /api/me — update the user profile and return the refreshed profile.
PUT /api/me/password - change password for builtin auth users.
PATCH /api/me/verbosity — set or clear the current user's default live-feed verbosity. Delegates label validation + persistence to the verbosity service.
projects
Overview
get_api_projects
post_api_projects
`GET /api/projects/board` — one server-paginated, tab/provider/autodev-filtered page of the projects board plus the total + the summary/provider facets.
post_api_projects_sync_import
post_api_projects_sync_list
get_api_projects_id_
put_api_projects_id_
delete_api_projects_id_
#358 — archive or restore a project (toggles `projects.archived_at`).
post_api_projects_id_automation_setup
get_api_projects_id_automations
Read-only backlog status for a project (S2). Auth required; the project must belong to the caller's active workspace (enforced in the service).
`GET /api/projects/{id}/backlog/board` (ADR 0039 S8). Workspace-scoped, member-readable: the per-column Kanban board for a project. The project must belong to the caller's authorized workspace (404 otherwise).
`GET /api/projects/{id}/backlog/items/{item_id}` (#532 A8). Workspace-scoped, member-readable (the SAME `authorized_workspace` gate as the board + the PATCH): the item-detail drawer payload — the item, its prior dispatched runs (newest-first), the latest routing decision and the SMART-TRUNCATED issue body. The item must belong to the caller's authorized workspace AND to `{id}` (404 otherwise).
`PATCH /api/projects/{id}/backlog/items/{item_id}` (ADR 0039 S9). RBAC: workspace member (any role). The project must belong to the caller's workspace (404 otherwise). A state move outside the manual-steering allowlist → 422; a drag → `done` whose quality gates are not green → 422 (the card snaps back). Every accepted mutation is audited + published over the WS hub.
`PATCH /api/projects/{id}/backlog/order` (ADR 0039 S9 / L68). RBAC: workspace member (any role), via the same `authorized_workspace` gate as the single-item PATCH. Applies a WHOLE board-column reorder plan (`[{item_id, priority}]`) in ONE server-side transaction — the board sends its computed plan as a single request instead of N sequential per-card PATCHes. The project must own every targeted item (404 otherwise); a plan referencing a terminal (`done`) item is rejected whole (422). Audited + published over the WS hub once.
`POST /api/projects/{id}/backlog/scan?dry_run=<bool>` (S3). Auth required; the project must belong to the caller's active workspace (enforced in the service). `dry_run` defaults to `true` (preview — writes nothing). The acting user is the authenticated caller (the service is workspace-scoped, so a foreign project is a 404).
`PATCH /api/projects/{id}/concurrency` -- set `projects.max_concurrent_runs`.
Trigger image build for a project
Get image config (from DB or auto-detected)
put_api_projects_id_image_config
Detect stack for a project without building
Get image build status for a project
List open issues from the project's git repository
commands
Overview
`GET /api/commands` — the seeded command registry filtered to the commands the caller's identity (workspace + role) can run. A new SurfaceDriver reads this list to build its command palette; it will never contain a command the caller can't invoke.
`GET /api/commands/options/{provider_id}?q=` — resolve a named `OptionProvider` (`recent_tasks` / `models` / `efforts` / `projects` / `agents` / …) against the caller's tenancy, filtered by `q`. An unregistered provider id is a 404.
`POST /api/commands/{word}/invoke` — resolve `word` with the supplied args and, when `ready`, return the structured `ResponsePlan` (text / html / media / affordances) acknowledging the resolved invocation; an under-specified or invalid invocation returns the resolver's `need_param` / `invalid` guidance instead (never a half-run). An unknown OR role-hidden word is a 404.
`POST /api/commands/{word}/resolve` — step the resolver state machine for `word` with the supplied partial args. Returns `ready` (the resolved invocation), `need_param` (the next param + its options), or `invalid` (a bad value + a hint). An unknown OR role-hidden word is a 404.
tasks
Overview
get_api_tasks
post_api_tasks
`GET /tasks/board` — one server-paginated, group-collapsed page of the tasks board plus the unit total and the NavTab count facets.
post_api_tasks_group
get_api_tasks_group_group_id_
post_api_tasks_group_group_id_cancel
post_api_tasks_group_group_id_launch
get_api_tasks_names
get_api_tasks_id_
delete_api_tasks_id_
post_api_tasks_id_cancel
patch_api_tasks_id_config
post_api_tasks_id_interrupt
post_api_tasks_id_intervene
post_api_tasks_id_launch
put_api_tasks_id_notes
post_api_tasks_id_pr
post_api_tasks_id_rerun
post_api_tasks_id_restart
`GET /api/tasks/{id}/subtasks` — list the delegated child tasks of a parent task. Workspace-scoped: a parent task in another workspace is `NotFound`.
`POST /api/tasks/{id}/subtasks` — delegate a child task under a parent task, using a named agent profile. Returns the spawned subtask's id + status.
`GET /api/tasks/{id}/subtasks/{subtask_id}` — fetch the redaction-safe result of a completed (or in-flight) subtask. Workspace-scoped via the parent.
`POST /api/tasks/{id}/subtasks/{subtask_id}/cancel` — cancel an in-flight subtask. Workspace-scoped via the parent task.
#538 L5 — rename a task after creation. Returns `{ title: <resolved> }` (the effective title the service stored) so the FE can reflect a derived fallback.
`GET /api/tasks/{id}/undo` — list a task's undo/rollback actions, newest first. The service authz's the caller against the task's workspace.
`POST /api/tasks/{id}/undo` — record a new reversible undo action for the task, inside its grace window. A bad `kind` token -> 400; the service authz's the caller against the task's workspace and persists the `state='grace'` row.
`GET /api/team-board` — the dense, server-paginated delivery board for the active workspace: one row per agent profile (or unassigned-agent fallback), each carrying aggregate queued / running / needs-input / done-PR / failed counts plus last activity and cost. Route name unchanged (ADR 0040).
`GET /api/tool-approvals/board` — the #691 §E server-paginated pending-approvals board: filtered+paged REDACTED rows + total + (optional) kind facets.
`GET /api/tool-approvals/count` — the scalar count of pending approvals across the caller's active workspace, for the topbar badge (mirrors `/api/proposals/count`). The dashboard / web-CLI list still uses `list_pending`; this avoids fetching and redacting the full list only to read its `.length` (Track-F lever H, #626). Reuses the shared `PendingCount` envelope (same component the proposals badge uses). The service authz's the caller's membership of the resolved workspace.
`GET /api/tool-approvals/pending` — the interactive approvals `pending` across the caller's active workspace (the `X-Workspace-Id` header, else the default joined workspace), newest first, REDACTED for delivery. Read-only; the decision flows through `decide` below. The service authz's the caller's membership of the resolved workspace.
`POST /api/tool-approvals/{id}/decide` — approve/reject one interactive approval by id. The SINGLE decide source (`services::tool_approvals::decide_approval`) every surface's Approve/Reject button resolves through: the service binds the workspace-membership authz to the approval row, CAS-resolves it, and resumes the paused agent. A bad verdict token -> 400; an approval the caller can't access -> 403; one that no longer exists / is already decided -> 404 / 400 from the service.
`POST /api/undo/{id}/execute` — confirm + run an undo action by id (the prominent "Undo now" affordance in run-detail / live-mode). Executes the reversal immediately (inside or skipping the grace window); the service authz's the caller against the action's task workspace and CAS-claims the row so a double-tap or a racing grace sweep runs the reversal exactly once.
workflows
Overview
`GET /api/workflow-node-types` — list the workspace's connector node-types for the builder palette.
`POST /api/workflow-node-types` — author a connector node-type. Validates name/slug; a slug collision returns 400.
`GET /api/workflow-node-types/{id}` — fetch one node-type. An id from another workspace looks identical to an unknown id (NotFound).
`GET /api/workflow_triggers/{tid}/email_alias` -- single alias row keyed by trigger. 404 when the trigger does not exist, is not owned by this workspace, or is not an `email_plus_address` trigger (no alias row).
`GET /api/workflows?project_id=<uuid>` — list a project's workflows.
`POST /api/workflows` — create a workflow from a JSON body. The DAG is validated by the service; an invalid DAG yields 400.
`GET /api/workflows/all` — every workflow in the caller's workspace, in one query. Seeds the command palette's fuzzy search without a per-project fan-out (one `/workflows?project_id=` request per project was an N+1 burst on Ctrl+K).
`GET /api/workflows/board?project_id=<uuid>` — one server-paginated, tab/ trigger/status-filtered page of a project's workflows + total + NavTab facets.
`GET /api/workflows/email-unrouted` -- list messages in Unrouted/ that belong to the caller's workspace. Workspace-admin only.
`DELETE /api/workflows/email-unrouted/{uid}` -- expunge one message.
`POST /api/workflows/email-unrouted/{uid}/create-alias` -- mint a new alias for the given (workflow, user_slug) and move the message back to INBOX so the next poll tick fires it.
`POST /api/workflows/import` — create a workflow from a YAML document.
Handler: convert the Windmill flow JSON, persist the resulting spec, return the new workflow id and any conversion warnings.
Handler: clone the repo, scan it, apply the plan, return the report.
`GET /api/workflows/pending-approvals` — the human gates `waiting` on the caller across their own workflows (user-scoped, oldest first). Backs the Web-CLI `approvals` list — the same view the chat `/approvals` renders. Read-only; the decision flows through `decide_pending_approval` below.
`POST /api/workflows/pending-approvals/{run_id}/decision` — approve/reject a human gate by its workflow run id (user-scoped). The SAME single decide source (`decide_pending_human_node_for_user`) the Telegram/Discord buttons resolve through: at most one human node waits per run, so the run id alone targets the gate (no node key). A bad token -> 400; a run the caller does not own or that is not `waiting` -> the service's 404/400.
`GET /api/workflows/runs/{run_id}` — the run (status + timestamps) plus each step's task state so the UI can render per-step progress.
`POST /api/workflows/runs/{run_id}/cancel` — cancel an in-flight workflow run and its subtree. 400 if the id is not a workflow run; 404 when the run is outside the caller's workspace. Idempotent (cancelling a terminal run no-ops).
`POST /api/workflows/runs/{run_id}/nodes/{node_key}/decision` — resolve a `human` node's approve/reject decision (ADR 0020 V3).
`GET /api/workflows/stats?project_id=<uuid>` — the #358 header-card stats for the caller's workspace, optionally narrowed to one project (Active runs, Workflows, Success 24h %, Failed 24h, Avg duration).
`GET /api/workflows/templates` — list every shipped template (WP D).
`POST /api/workflows/templates/{slug}` — materialize a template into a project (WP D). Returns the new workflow id and any triggers the template provisioned (e.g. the token-addressed receiver URLs the user must paste into their git host's webhook UI).
`DELETE /api/workflows/triggers/{trigger_id}` — delete a trigger.
`PATCH /api/workflows/triggers/{trigger_id}` — enable/disable or reconfigure a trigger.
`POST /api/workflows/triggers/{trigger_id}/migrate-email` (ADR 0024 E1d) -- one-click migration of a legacy `email` (token-forwarder) trigger to the workspace-managed `email_plus_address` flow. Workspace-admin only.
`POST /api/workflows/triggers/{trigger_id}/rotate-token` -- rotate a token-addressed trigger's receiver URL secret and return it once.
`GET /api/workflows/{id}` — get one workflow with its ordered steps.
`PUT /api/workflows/{id}` — replace the workflow's steps (and optionally its name). A clean full-replace: the service re-validates the DAG, deletes the workflow's steps and re-inserts the request's steps. An invalid DAG -> 400.
`DELETE /api/workflows/{id}` — delete a workflow (cascades to steps + runs).
`PATCH /api/workflows/{id}/concurrency` -- set `workflows.max_concurrent_runs`.
`GET /api/workflows/{id}/export` — render the workflow as a YAML document.
`GET /api/workflows/{id}/nodes/{node_key}/files` — list project-mode files for one Code node.
`PUT /api/workflows/{id}/nodes/{node_key}/files` — insert or replace one file in the Code node's project tree.
`DELETE /api/workflows/{id}/nodes/{node_key}/files?path=...`.
`POST /api/workflows/{id}/runs` — start a run; returns the new `run_id`.
`GET /api/workflows/{id}/triggers` — list a workflow's triggers.
`POST /api/workflows/{id}/triggers` — add a trigger. An unknown kind -> 400.
`GET /api/workspaces/{wid}/email_aliases` -- list every alias row owned by the workspace, newest first. A workspace mismatch (the path's `wid` is not the caller's workspace) returns 403.
runs
Overview
`GET /api/runs` — list workspace-scoped runs, newest first, with optional `status` / `kind` / `project_id` / `task_id` filters. Top-level runs only by default; `include_children=true` also surfaces workflow node child runs.
`GET /api/runs/board` — one server-paginated, filtered + sorted page of the runs board plus the total + the workspace-wide facet chips.
`GET /api/runs/{id}` -- one run plus its descendant run tree. A run outside the caller's workspace maps to `NotFound`.
`GET /api/runs/{id}/events` — that run's event log, in `sequence_num` order, paginated. A run outside the caller's workspace maps to `NotFound`.
runners
Overview
`GET /api/organization/runners` — the runners OWNED BY the caller's active org, enriched with live dispatch signals. Any active org member may read (`OrgAction::Read`). The shared/instance pool is never included.
`GET /api/organization/runners/offers` — the org's runner offers (the DERIVED set: offers WHERE `runner_pool_id` IN the org's runners), each enriched with its live metered usage + settled earnings (the same numbers the SellerEarningsTab shows). Any active org member may read (`OrgAction::Read`).
`GET /api/organization/runners/onboarding-status` — whether owner runner-onboarding is enabled instance-wide (#716 E-6). Any active org member may read (`OrgAction::Read`); the FE gates the Enroll CTA on it. A small dedicated read so the array-shaped `GET /api/organization/runners` list contract stays untouched.
`DELETE /api/organization/runners/{id}` — deregister (offboard) an org-owned runner. Owner/admin only. The `runners` row deletion CASCADEs its grant.
`PATCH /api/organization/runners/{id}` — rename and/or re-scope an org-owned runner. Owner/admin only. A rename reuses `runners.name`; a re-scope adjusts only `allowed_workspace_ids` (clamped) + `allowed_labels` (class change forbidden). Returns the refreshed enriched runner.
`POST /api/organization/runners/{id}/drain` — set an org-owned runner's drain state (graceful quiesce). Owner/admin only.
`POST /api/organization/runners/{id}/offer` — offer an org-owned runner for rent. Owner/admin only (`authorize_org_runner(ManageMembers)`). Resolves the caller's seller profile (a `400` with the onboarding need if absent), auto-creates/reuses a backing catalog item, and REUSES `create_runner_offer` with `runner_pool_id={id}` + `secret_trust_policy='deny'` (the ADR-0048 baseline). The offer flips ONLY the seller side; the rented-runner edge/secret-denied gates stay enforced at dispatch.
`DELETE /api/organization/runners/{id}/offer` — unoffer (deactivate) the runner's offer. Owner/admin only. Sets the offer's `activation_status='inactive'` so it can no longer be checked out/dispatched. A runner with no offer is a no-op success.
`POST /api/organization/runners/{id}/rotate-token` — rotate an org-owned runner's bearer token. Owner/admin only. Returns the new plaintext token once.
`POST /api/organization/runners/{id}/status` — disable / re-enable an org-owned runner. Owner/admin only (`OrgAction::ManageMembers`). The guardrail proves the runner belongs to the caller's org first.
`GET /api/projects/{id}/runner-line` — the member-safe runner match line for a project (#708 M4). No per-task pin applies, so the row is `matched`/`local`; returns `NotFound` for a project outside the caller's active workspace.
`GET /api/runners` — list registered runners. System-admin auth, for the Settings UI. Never returns token material.
`POST /api/runners` — register a runner. System-admin auth. Returns the runner plus its plaintext bearer token, shown exactly once.
`GET /api/runners/config` — read the runner-subsystem config (system-admin). Exposes `hub_mode_enabled` (the `SUPACLOUD_HUB_MODE` runtime switch) and `least_loaded_dispatch` (the RUNG 4 lever) so the fleet UI can render both.
`PATCH /api/runners/config` — change the runtime fleet config (system-admin). `hub_mode_enabled` flips the process hub-mode (the boot env var stays the restart default); `least_loaded_dispatch` flips the persisted global RUNG-4 switch. Each provided lever is applied and audited; omitted levers are untouched.
`GET /api/runners/dispatch-state` — per-runner load / cap / drain / liveness for the operator console (ADR 0046 P2.7). System-admin auth. Replaces the dashboard's fragile container-id heuristic with a real wire field.
`POST /api/runners/enroll` — mint a single-use enrollment token. A system admin may always mint; an org/workspace owner may mint only when the `runner_onboarding_by_owner` switch is on AND the scope is a non-empty `edge` set of workspaces they own (ADR 0046 Phase 0, decision #9). The runner later exchanges the token for a scoped JWT. The plaintext is returned once; the audit payload carries no token material.
`DELETE /api/runners/{id}` — deregister (offboard) a runner from the whole instance fleet (#716 runners-6 authority-monotony). System-admin auth, like the other operator routes. Deleting the `runners` row CASCADEs its `runner_grants` row, leaving no orphan grant. The org-scoped tenant deregister lives on `DELETE /api/organization/runners/{id}` behind the `authorize_org_runner` wall; this operator route is org-agnostic (a system admin offboards ANY runner, including the shared/instance pool), so it never applies an org-ownership check. An unknown id maps to `NotFound`.
`POST /api/runners/{id}/drain` — set a runner's drain state (ADR 0046 RUNG 2). System-admin auth, like `GET /api/runners`. Graceful quiesce: a cordoned / draining runner receives no new dispatch but keeps heartbeating and finishes its in-flight work (unlike the abrupt `disabled`). An unknown id is `NotFound`, an invalid state is `BadRequest`.
`GET /api/runners/{id}/grants` — read a runner's authoritative scope (system-admin). A runner with no grant row resolves to the trusted-wildcard default (the pre-enrollment `scrn_` fleet), so dispatch stays byte-identical.
`PUT /api/runners/{id}/grants` — set a runner's authoritative scope (system-admin). Upserts the `runner_grants` row; the next JWT refresh narrows the runner within one TTL. Audited (`runner_grant_set`).
post_api_runners_id_rotate_token
`POST /api/runners/{id}/status` — disable or re-enable a runner (ADR 0021, R6). System-admin auth, like `GET /api/runners`. A disabled runner stops receiving dispatched work and its heartbeats are rejected; re-enabling resets it to `pending`. An unknown id maps to `NotFound`.
`GET /api/tasks/{id}/runner-line` — the member-safe runner match line for a task (#708 M4). Composes the pin-aware dispatch state; returns `NotFound` for a task outside the caller's active workspace.
`GET /api/workspaces/{id}/available-runners` — the org runners AVAILABLE to this workspace (the org's runners whose grant allows it), a read-only inventory for a WORKSPACE admin who need not be an org admin. Gated by `authorize_workspace (ManageMembers)` (workspace owner/admin). No token material; slim DTO.
`GET /api/workspaces/{id}/worker-groups` — list the workspace's groups ∪ the instance-global set (workspace admin).
`POST /api/workspaces/{id}/worker-groups` — create a workspace-owned group (workspace admin). Audited (`worker_group_created`).
`PUT /api/workspaces/{id}/worker-groups/{gid}` — update a workspace-owned group (workspace admin). A group not owned by this workspace (unknown or global) is refused. Audited (`worker_group_updated`).
`DELETE /api/workspaces/{id}/worker-groups/{gid}` — delete a workspace-owned group (workspace admin). Dangling binding ids simply resolve to no labels (no CASCADE table). Audited (`worker_group_deleted`).
schedules
Overview
get_api_schedules
post_api_schedules
`GET /api/schedules/board` — the #691 §E server-paginated schedules board: filtered+paged rows + total + (optional) status/cadence/agent facets.
get_api_schedules_id_
put_api_schedules_id_
delete_api_schedules_id_
`POST /schedules/{id}/run` — fire the schedule's target now, out-of-band. Does not advance the cadence cursor; returns the created task/run id.
memories
Overview
get_api_memories
post_api_memories
`GET /api/memories/board` — one server-paginated, filtered + sorted page of the memories board plus the total + the workspace-wide facet chips.
get_api_memories_closeouts
get_api_memories_context_snapshots
post_api_memories_explain
get_api_memories_graph
get_api_memories_reviews
post_api_memories_reviews
post_api_memories_reviews_comprehensive
post_api_memories_reviews_outcome_candidates
post_api_memories_reviews_id_approve
post_api_memories_reviews_id_reject
put_api_memories_id_
post_api_memories_id_archive
ADR 0049 P3 / Tier-3 (#547/#548) — the memory detail drawer's "Context usage" panel: every context snapshot whose selected-memory set referenced THIS memory, so the user sees which tasks/prompts an agent saw it in. Workspace-scoped + capped; the service owns the JSONB-containment query (the interface never touches the DB directly).
post_api_memories_id_pin
get_api_memories_id_versions
settings
Overview
`GET /api/agent-profiles` — list the workspace's agent profiles (runbooks).
`POST /api/agent-profiles` — create an agent profile (workspace-admin).
`GET /api/agent-profiles/board` — one server-paginated, filtered + sorted page of the settings agent-profiles board plus the total + the facet chips.
`GET /api/agent-profiles/{id}` — fetch a single agent profile. Workspace-scoped.
`PUT /api/agent-profiles/{id}` — update an agent profile's runbook fields PLUS the optional flattened autonomy override (workspace-admin).
GET /api/agent-profiles/{id}/drift-status — the profile's CURRENT drift status (the live freeze evidence that accompanies a remediation proposal, or not-frozen). Owner-gated like the proposal queue it sits beside.
GET /api/agent-profiles/{id}/governor-audit — the profile's most recent governor audit report (golden-set/judge quality verdict over the last window), or `null` when the governor has not yet audited the profile. Workspace-admin read.
GET /api/agent-profiles/{id}/proposals — list a profile's OPEN (draft) profile- version proposals (owner-gated review queue).
POST /api/agent-profiles/{id}/proposals/{proposal_id}/decide — owner approves or rejects a profile-version proposal. The `{id}` path segment scopes the proposal to the profile (the service re-asserts the proposal's profile belongs to the owner's workspace).
`GET /api/agent-profiles/{id}/versions` — list a profile's version history (immutable runbook snapshots). Workspace-scoped.
`POST /api/agent-profiles/{id}/workspace-default` — promote a profile to the workspace default (or clear it) (#708 who-4; #242/ADR 0033 — a task with no `agent_profile_id` resolves to this default, so it drives WHO). Atomic (clears the team's other defaults + sets one). Workspace-admin gated.
get_api_agents_available
GET /api/governor/proposals — #708 K-08a: list EVERY open (draft) profile-version proposal across the workspace's profiles (the workspace-wide owner review inbox that backs the unified Inbox governor feed; the per-profile `/api/agent-profiles/{id}/proposals` backs the profile page). Owner-gated, reusing the SAME `proposals::list_open_for_workspace` service the chat `/governor` command calls.
GET /api/organization/tracker-oauth-clients — list the caller org's configured BYO tracker OAuth clients (provider + client id only; never the secret).
PUT /api/organization/tracker-oauth-clients/{provider} — set the caller org's BYO OAuth client (org owner/admin). Once set, the org's tracker OAuth flow uses this client; absent it the instance client is used.
DELETE /api/organization/tracker-oauth-clients/{provider} — remove the caller org's BYO OAuth client (org owner/admin); resolution falls back to the instance client.
List env vars for a specific project (project-specific + linked globals)
Create or update an env var scoped to a project. The project id comes from the path; the body still carries the scope/target, mirroring the settings-scoped POST (the FE sets `project_id` to the path id). Delegates to the same service as [`save_env_var`].
post_api_projects_id_env_vars_link
Unlink a global env var from a project
get_api_settings_agent_capabilities
post_api_settings_agent_capabilities
put_api_settings_agent_capabilities_kind__name_
DELETE `/settings/agent-capabilities/{kind}/{name}` — remove a custom capability. Built-ins return 400 (disable them instead).
PATCH `/settings/agent-capabilities/{kind}/{name}` — replace the full config (skill editor). Routes built-in vs custom in the service.
get_api_settings_api_keys
post_api_settings_api_keys
`GET /api/settings/api-keys/board` — one server-paginated, filtered + sorted page of the settings api-keys board plus the total + the facet chips.
delete_api_settings_api_keys_id_
Toggle the org-lock on an org-scoped API key (ADR 0038). No workspace header is read: the row carries its own org, and authority is the org owner/admin check in the service.
get_api_settings_budget
put_api_settings_budget
get_api_settings_chat_accounts
put_api_settings_chat_accounts_telegram_forum
delete_api_settings_chat_accounts_platform_
put_api_settings_chat_accounts_platform_forum_group
put_api_settings_chat_accounts_platform_tldr
List global env vars (project_id IS NULL)
Create or update an env var (global or project-specific)
`GET /api/settings/env-vars/board` — one server-paginated, filtered + sorted page of the settings env-vars board plus the total + the facet chips.
Delete an env var
Set the org-lock flag on an org-scoped env var (ADR 0038). Org owner/admin only. Shares the lock-request DTO with the api-key / git-credential toggles (`settings.rs`).
get_api_settings_git_credentials
post_api_settings_git_credentials
`GET /api/settings/git-credentials/board` — one server-paginated, filtered + sorted page of the settings git-credentials board plus the total + the facet chips.
delete_api_settings_git_credentials_id_
Toggle the org-lock on an org-scoped git credential (ADR 0038); see [`super::set_api_key_locked`].
GET `/settings/skill-proposals` — list induced skill proposals for review. Default = open `draft` queue; `?all=true` = full history. Member-open read.
GET `/settings/skill-proposals/{id}` — fetch one proposal. Member-open read.
POST `/settings/skill-proposals/{id}/approve` — publish the skill (admin-only).
POST `/settings/skill-proposals/{id}/reject` — close the proposal (admin-only).
`GET /api/settings/skills/board` — one server-paginated, filtered + sorted page of the settings skills board plus the total + the facet chips.
List system-level API keys from vault (only provider names, no values)
post_api_settings_telegram_link_token
get_api_settings_telegram_whitelist
post_api_settings_telegram_whitelist
delete_api_settings_telegram_whitelist_id_
Get user settings (creates default if not exists)
Update user settings
GET /api/trackers/credentials — list the workspace's connected Linear/Notion credentials (ADR 0029, Slice 5). Used to populate the issue-tracker credential picker in the project-edit modal.
agent-oauth
Overview
GET /api/oauth/:provider/callback — provider redirects here after user authorizes
delete_api_settings_claude_oauth
post_api_settings_claude_oauth_connect
get_api_settings_claude_oauth_status
post_api_settings_claude_oauth_token
get_api_settings_oauth
DELETE /settings/oauth/:provider — disconnect
POST /settings/oauth/:provider/connect — initiate OAuth PKCE flow
POST /settings/oauth/:provider/device/poll — exchange the pending device code for a token (the FE polls this at the GitHub-dictated interval until connected).
POST /settings/oauth/:provider/device/start — begin a device-code flow.
POST /settings/oauth/:provider/exchange — exchange auth code for tokens (code-paste flow)
GET /settings/oauth/:provider/status
POST /settings/oauth/:provider/token — manual token paste
workspaces
Overview
POST /invites/accept — accept an invite token
GET /invites/incoming — list pending invites where the caller's email matches the recipient. Lets the UI render an "you've been invited" panel without the invitee having to paste a raw token.
POST /invites/{invite_id}/accept — accept a specific invite by id. Server-side verifies the email matches the invite before adding the member, so callers can't accept invites that aren't for them.
POST /invites/{invite_id}/decline — decline a specific invite by id. Server-side verifies the caller's email matches the invite, so a user can only decline invites addressed to them; the invite row is removed.
post_api_workspace_apply_manifest
get_api_workspace_export
GET /workspace/invites — list pending invites
POST /workspace/invite — invite someone to workspace
PUT /workspace/invites/{invite_id} — update pending invite target or role
DELETE /workspace/invites/{invite_id} — revoke invite
GET /workspace/members — list workspace members with display names
`GET /api/workspace/members/board` — one server-paginated, filtered + sorted page of the workspace-members board plus the total + the facet chips.
DELETE /workspace/members/{user_id} — remove member
PUT /workspace/members/{user_id}/role — change member role
post_api_workspace_validate_manifest
GET /workspaces — list all workspaces the user belongs to
POST /workspaces — create a new workspace
PUT /workspaces/{id} — rename a workspace
DELETE /workspaces/{id} — delete a workspace (owner only)
`GET /api/workspaces/{id}/adaptive` (ADR 0045 §3.12). RBAC: workspace member. Resolves the experience tier (auto-advancing + persisting on accrued signals) and the capability-detection map in one response so the FE can size its surface in a single fetch.
`PUT /api/workspaces/{id}/adaptive/experience-tier` (ADR 0045 §3.12). RBAC: workspace admin. Manual override — may move the tier in either direction (an expert may simplify back to novice). Returns the persisted tier.
GET /workspaces/{id}/autonomy — the resolved effective autonomy + policy + ceilings for the workspace. A workspace MEMBER may read it (the slider preview + the plan-ceiling source every scope's slider clamps to). The acting user is the entitlement-scoping identity for the plan-ceiling read.
`GET /api/workspaces/{id}/backlog` (ADR 0045 Stage 1). RBAC: `Read`. Returns one page of the workspace's backlog items with the pager total and (optionally) the per-state facets — the #358 `{items, total, facets}` board contract.
`GET /api/workspaces/{id}/backlog/board` (ADR 0045 Stage 1). RBAC: `Read`. The per-project Kanban board (`Vec<ProjectBacklogBoard>` — per-project columns, so the per-card schema stays project-id-free).
`POST /api/workspaces/{id}/backlog/dispatch` (ADR 0045 Stage 1). The body's `dry_run` defaults to `true` (a bodiless POST is a safe preview).
`GET /api/workspaces/{id}/backlog/status` (ADR 0045 Stage 1). RBAC: `Read`. The cross-project status summary (per-state counts, queued/in-progress totals, the resolved workspace concurrency ceiling, and the onboarding flag).
GET /workspaces/{id}/settings — read the persisted workspace settings the FE pre-hydrates from (today: the system-LLM credential pin). A workspace MEMBER may read it; the PATCH on the same path stays admin-only.
PATCH /workspaces/{id}/settings — update workspace settings (admin only). Carries the ADR 0045 onboarding-safe flag (graduating a workspace flips `onboarding_mode` to `false` and unlocks autonomous dispatch) and the backlog QUIET-HOURS window (Stage 1). All fields optional; see [`PatchWorkspaceSettingsRequest`]. Requires workspace admin (`ManageMembers`).
`GET /api/workspaces/{id}/usage` (ADR 0045 Stage 2a). RBAC: workspace admin/owner. Returns the workspace [`BudgetStatus`] — the existing $-budget fields PLUS the `per_provider_windows` subscription/API saturation snapshots the usage panel renders. `BudgetStatus` is secret-free (usage figures + window math only; never a token value or an env-var value).
admin
Overview
`GET /api/admin/audit` — the billing/admin audit log (plan edits, override grants/revokes, template changes) with before/after snapshots.
`GET /api/admin/audit/board` — the #691 §E server-paginated admin-audit board: filtered+paged rows + total + (optional) action/target-kind facets.
`GET /api/admin/customers` — every paying workspace with its owner, plan, subscription status, Stripe customer id and owning organization.
GET /api/admin/feature-availability — which secret-backed features are configured (env or `supacloud/app` vault map). Read-only; never returns secret values. Issue #276 / ADR 0036.
`GET /api/admin/overrides` — list the active entitlement overrides (workspace- or user-scoped feature grants).
`POST /api/admin/overrides` — grant a feature-entitlement override to a workspace or user, with a reason + optional expiry.
`GET /api/admin/overrides/board` — the #691 §E server-paginated overrides board: filtered+paged rows + total + (optional) feature/scope/status facets.
`POST /api/admin/overrides/{override_id}/revoke` — revoke an active entitlement override, returning the revoked row.
`GET /api/admin/plans` — list every billing plan (admin), including inactive and non-public plans, for the admin Plans tab.
`PUT /api/admin/plans/{plan_id}` — edit a plan (display name, pricing, features, visibility). An `amount_cents` change rotates the Stripe Price.
`POST /api/admin/plans/{plan_id}/stripe-sync` — preview the Stripe Price reconciliation for a plan (the action + message describing what a sync does).
`GET /api/admin/queues` — the Stripe-event processing dashboard (total / processed / pending event counts + reconciliation status).
`GET /api/admin/seo` — the marketing-site SEO dashboard (score + per-check breakdown + indexed routes / canonical / OG metadata).
`GET /api/admin/templates` — list the editable transactional-email templates with a rendered sample preview.
`PUT /api/admin/templates/{key}` — edit a transactional-email template's subject / body, returning the re-rendered preview.
GET /api/admin/users — list all users (admin only)
GET /api/admin/users/pending — list users awaiting approval (admin only)
POST /api/admin/users/:user_id/approve — approve a user (admin only)
DELETE /api/admin/users/:user_id/reject — reject a pending user (admin only)
billing
Overview
`GET /api/me/entitlements` — the active workspace's resolved entitlement summary (plan id, subscription status, feature map).
`GET /api/me/storage-usage` — the active workspace's live storage tally (`used_mb`) and the resolved plan limit (`limit_mb`, `null` = unlimited).
`GET /api/public/pricing` — the unauthenticated public plan catalogue (`{ plans: [...] }`). Backs the marketing pricing table.
`GET /api/usages` — every App-quota dimension the active workspace consumes (apps / storage / build minutes / bandwidth), each with its live tally + plan limit, in one round-trip.
`POST /api/v1/billing/checkout` — open a Stripe Checkout session for a plan against the caller's workspace, returning the hosted-checkout session id/url.
`POST /api/v1/billing/portal` — open a Stripe Billing-Portal session for the caller's workspace, returning the hosted-portal session id/url.
models
Overview
get_api_models_catalog
post_api_models_catalog_refresh
search
Overview
get_api_search
events
Overview
get_api_tasks_id_events
intelligence
Overview
`GET /api/intelligence/agent-experiments` — list the workspace's experiments.
`POST /api/intelligence/agent-experiments` — create an experiment. Admin-only.
`GET /api/intelligence/agent-experiments/dashboard` — the KPI dashboard (overview, leaderboard, comparisons, recommendations, benchmark matrix).
`GET /api/intelligence/agent-experiments/{id}` — the full experiment detail.
`POST /api/intelligence/agent-experiments/{id}/export-memory` — persist the experiment's recommendation as a workspace memory. Admin-only.
`POST /api/intelligence/agent-experiments/{id}/launch` — launch the experiment's dataset cases as a task group. Admin-only.
`PUT /api/intelligence/agent-experiments/{id}/recommendation` — set the experiment's recommendation + confidence. Admin-only.
`POST /api/intelligence/agent-experiments/{id}/runs` — record a manual run for an experiment. Admin-only.
`POST /api/intelligence/agent-experiments/{id}/runs/from-task/{task_id}` — record a run from the latest outcome of an existing task. Admin-only.
`GET /api/intelligence/audit` — the #358 server-paginated workspace audit board: filtered+paged rows + total + (optional) window facets. Admin-only.
`GET /api/intelligence/model-selection` — recent model-selection events.
`GET /api/intelligence/model-selection/board` — the #691 §E server-paginated model-selection board: filtered+paged rows + total + (optional) workspace facets.
`GET /api/intelligence/outcomes` — task outcome telemetry for the workspace.
`GET /api/intelligence/switches` — the workspace's effective safety-switch state (operator console). Admin-only.
`PUT /api/intelligence/switches/{key}` — flip a workspace safety switch. Admin-only; records an audit event.
`GET /api/reports/overview` — windowed totals + per-dimension breakdown + gap-filled per-day series over `task_outcomes`.
get_api_reports_schedules
post_api_reports_schedules
`GET /api/reports/schedules/board` — one server-paginated, filtered + sorted page of the Geplante board plus the total + the workspace-wide facet chips.
`GET /api/reports/schedules/deliveries/stats` — the three workspace-wide send KPIs (`sent` / `delivered` / `failed`) from the `report_schedule_deliveries` log.
get_api_reports_schedules_id_
delete_api_reports_schedules_id_
patch_api_reports_schedules_id_
runtime
Overview
Public config endpoint for frontend bootstrap before authentication.
Health endpoint with process status and global safety-switch state.
get_metrics
get_ws
operator
Overview
get_api_operator_v1_audit
GET /api/operator/v1/circuit-breakers — currently-tripped breakers.
GET /api/operator/v1/dispatch/metrics — cross-tenant dispatch metrics snapshot.
get_api_operator_v1_overview
GET /api/operator/v1/routing — the routing decision-log BOARD (explainability), on the #358 `{items,total,facets}` contract. Returns a server-paginated, filtered + sorted page of `backlog_routing_decisions` (each enriched with the chosen profile name, candidate count, item state + a reason summary) plus the pager total and optional facet chips. `?workspace_id=` filters to one workspace; absent reads cross-tenant. `q`/`sort`/`dir`/`limit`/`offset`/`include_facets`/`since`/`until` drive the board.
get_api_operator_v1_switches
put_api_operator_v1_switches_key_
GET /api/operator/v1/tenant/circuit-breakers — this workspace's tripped breakers. Only the workspace's PROJECT-scope breakers; provider breakers are instance-global and excluded (a tenant never sees another tenant's provider outage).
GET /api/operator/v1/tenant/dispatch/metrics — this workspace's dispatch metrics. Queue depth/age/priority, dispatch throughput, the workspace's OWN per-credential provider quota saturation and per-class recovery — all scoped to the workspace.
GET /api/operator/v1/tenant/routing — this workspace's routing decision-log BOARD, on the #358 `{items,total,facets}` contract. Always filtered to the resolved workspace (the `workspace_id` is taken from the authorized session, never a query param, so a tenant cannot widen scope). The same board axes as the operator routing board drive it (`q`/`sort`/`dir`/`limit`/`offset`/`include_facets`/range).
GET /api/operator/v1/tenant/run-analytics — cross-run analytics for THIS workspace (#626 BIG15 C1 §28): the slowest workflow steps (per `workflow_node_key` p95 + max duration) and the failure counts per workflow. Read-only, scoped to the authorized workspace (owner/admin) — mirrors `tenant_dispatch_metrics`, with an optional `?since=` window bound.
organization
Overview
GET /organization — the caller's active organization + the caller's own role.
PUT /organization — rename the organization (owner/admin).
DELETE /organization — delete the organization (owner-only; refused while it still owns workspaces or has an active subscription → 412).
GET /organization/invites — list pending invitations (token omitted).
POST /organization/invites — invite an email to the organization.
POST /organization/invites/accept — accept an invite by token (logged-in; the account email must match the invite). Returns the joined organization id.
POST /organization/invites/bulk — invite many emails; per-email verdicts.
DELETE /organization/invites/{id} — revoke a pending invite.
POST /organization/invites/{id}/resend — re-send a pending invite.
GET /organization/members — list members of the active organization.
`GET /api/organization/members/board` — one server-paginated, filtered + sorted page of the org-members board plus the total + the facet chips.
DELETE /organization/members/{user_id} — offboard a member (cascades workspace memberships + frees seat in the service).
GET /organization/members/{user_id}/audit — recent audit events authored by a member, scoped to the org (member detail drawer).
POST /organization/members/{user_id}/reactivate — reactivate a member.
PUT /organization/members/{user_id}/role — change a member's org role.
PUT /organization/members/{user_id}/seat-type — assign or clear a member's seat (reconciles seat quantities). Single C1 entry point.
POST /organization/members/{user_id}/suspend — suspend a member (frees seat).
GET /organization/members/{user_id}/workspaces — the org workspaces a member belongs to (member detail drawer).
GET /organization/seat-summary — the server-computed seat + MRR rollup (ADR 0045 / F2). Included vs extra (overage) member seats, role add-on lines, and the total MRR — all derived server-side so the seat-billing FE renders the numbers without any client MRR math.
GET /organization/seat-types — the seat tiers a member can be assigned to.
GET /organization/summary — the org's plan label + authoritative member count for the #358 overview KPI strip.
POST /organization/transfer-ownership — promote an existing member to owner.
notifications
Overview
GET /notifications — the caller's inbox as `{items,total,facets}`.
`GET /api/notifications/board` — one server-paginated, filtered + sorted page of the caller's notifications plus the total + the facet chips.
POST /notifications/read-all — mark every unread notification read.
DELETE /notifications/{id} — delete one of the caller's notifications.
PUT /notifications/{id}/read — mark one read.
resources
Overview
`GET /api/resources` — list the workspace's resources, optionally filtered by kind. Never returns secret material.
`POST /api/resources` — create a resource. The secret (if any) is stored in vault under `workflows/resources/<workspace>/<id>`; the response only surfaces `has_secret`.
`GET /api/resources/board` — one server-paginated page of the resources board (kind + connection-state filtered) plus the total + kind/error facets.
`GET /api/resources/usage` — per-resource "used by" counts for the whole workspace, so the board list can fill its "Used" column in one round-trip.
`GET /api/resources/{id}` — fetch a resource. Workspace-scoped; an id from another workspace looks identical to an unknown id (`NotFound`).
`PUT /api/resources/{id}` — update name / config / secret. Each field is optional; an absent field is left alone. `secret = ""` clears the stored secret, `secret = "..."` overwrites it, `secret` absent leaves it intact.
`DELETE /api/resources/{id}` — delete a resource. The vault secret is removed on a best-effort basis; a vault flake leaves dead secret material but the row is gone, so the resource cannot be re-read by name.
`PATCH /api/resources/{id}/concurrency` -- set `resources.max_concurrent_uses`.
`GET /api/resources/{id}/discord/channels` — #465. List the guilds + text-capable channels reachable with this discord resource's bot token, backing the workflow-builder channel picker (notify_discord node + Discord trigger). The token is resolved server-side and never leaves the server; upstream auth failures map to 400 with a user-readable message.
`POST /api/resources/{id}/rls_refresh` — ADR 0023 v4 / S2c. Re-runs the RLS provisioning sync against the target database and returns the resulting `RlsStatusView` (the refreshed `rls_provisioning_log` row, or the `unprovisioned` sentinel with null log fields if no row was written) so the UI can re-render the badge without a follow-up GET. 400 when the resource is not `postgresql`/`rls_managed`.
`GET /api/resources/{id}/rls_status` — ADR 0023 v4 / S2c. Returns the `rls_provisioning_log` row for a resource as the typed `RlsStatusView` (status `unprovisioned` with every log field `null` when no row exists yet — the fields are present-but-nullable). Workspace-scoped via `get_resource` upstream.
`POST /api/resources/{id}/test` — run the per-kind reachability probe and return `{ ok, message }`. An obviously broken config (missing host / URL) maps to 400; a transport-level failure maps to 200 + `ok: false` so the UI can render a red badge with the message.
`GET /api/resources/{id}/usage` — the workflows + Apps that reference the resource, for the detail drawer's "used by" section.
scripts
Overview
`GET /api/scripts` — list the workspace's Scripts (without `source` so the payload stays small for long lists).
`POST /api/scripts` — create a Script. Validates name / slug / language / source up front so a 400 surfaces before the DB; a slug collision returns 400 with a clear message.
`GET /api/scripts/board` — one server-paginated, language-filtered page of the scripts board plus the total + the per-language facets.
`GET /api/scripts/{id}` — fetch a Script with its full source. An id from another workspace looks identical to an unknown id (NotFound).
`DELETE /api/scripts/{id}` — delete a Script. Returns 400 with the dependent workflow ids if any workflow's `code`-node still carries `script_ref = '<id>'`. The UI shows the blocked-by list as deep-links.
`PATCH /api/scripts/{id}` — update name / slug / language / description / source. Each field is optional; an absent field is left alone. The description field is three-state (see deserialize_description_field).
`GET /api/scripts/{id}/revisions` -- list a Script's source-history revisions newest-first (ADR 0030 UX3-E). Each row drops `source`; the diff view fetches a single version's source via the per-version endpoint.
`GET /api/scripts/{id}/revisions/{version}` -- fetch one prior revision with its full `source` so the revisions tab can diff it against the current script source (ADR 0030 UX3-E). 404 for an unknown id/version or one in another workspace.
`POST /api/scripts/{id}/run` — dispatch a standalone-script run (#626 C3 / §13). Reuses the existing `services::scripts::dispatch` Wasm executor verbatim; resolves + tenancy-checks the script via `resolve_script` (an id from another workspace is indistinguishable from an unknown id → 404).
`GET /api/scripts/{id}/runs` — the recent standalone runs of a script, newest first (#626 §13). The run panel renders this history alongside the live run it polls after a `POST .../run`. Tenancy-checks the script first (404 for an unknown id / wrong workspace).
repo-sync
Overview
`GET /api/workspace/repo_sync` — fetch the workspace's repo-sync config.
`PUT /api/workspace/repo_sync` — insert-or-update the repo binding.
`DELETE /api/workspace/repo_sync` — remove the workspace's repo binding.
`GET /api/workspace/repo_sync/log?limit=N` — recent audit-log rows.
`POST /api/workspace/repo_sync/preview` — clone/pull + parse + classify without mutating DB, vault, audit log, or last-sync metadata.
`POST /api/workspace/repo_sync/pull` — clone/pull repo + apply YAML files to DB with last-write-wins. Returns parse outcomes + the sync event id/timestamp.
`POST /api/workspace/repo_sync/push` — serialize DB rows + commit/push. Returns `{ commit_sha, files_written, outcomes, event }` — every returned event carries `event_id` + `timestamp` per the wire contract.
`POST /api/workspace/repo_sync/resolve` — accept the REMOTE version of one conflicted file (#397): force-applies it, overriding last-write-wins. Gated by `sync_mode` (rejected in `ui-only`).
proposals
Overview
`GET /api/proposals` -- list the workspace's proposals, newest-first, optionally filtered by `?status=` and paginated by `?limit`/`?offset` (the service clamps `limit` to a bounded ceiling so the JSONB payload is never streamed unbounded).
`GET /api/proposals/board` — one server-paginated, status/kind/source-filtered page of the proposals board plus the total + the status/source facets.
`GET /api/proposals/count` -- number of pending proposals (topbar badge).
`GET /api/proposals/{id}` -- one proposal (the diff modal's source of truth).
`POST /api/proposals/{id}/approve` -- approve + apply + materialize. Returns the applied proposal with `apply_result` describing what landed; records an audit event with the materialized resource id.
`POST /api/proposals/{id}/reject` -- reject a pending proposal. The optional reviewer note is recorded in the audit event (no note column on the row).
apps
Overview
`GET /api/admin/error-page` -- global error page default (admin only).
`PUT /api/admin/error-page` -- set global error page default (admin only).
`GET /api/app_uploads/{id}/download` -- stream the bytes of a stored upload to the caller. Workspace-scoped; a missing/expired row is a 404.
`GET /api/apps` -- list the workspace's Apps (without `manifest_yaml` so the payload stays small for long lists).
`POST /api/apps` -- create an App. Validates name + manifest_yaml up front so a 400 surfaces before the DB; a name collision returns 400 with a clear message.
`GET /api/apps/board` — one server-paginated, filtered + sorted page of the Apps board plus the total + the workspace-wide facet chips.
`GET /api/apps/{id}` -- fetch an App with its membership lists, so the detail page renders in one round-trip. An id from another workspace looks identical to an unknown id (NotFound).
`PUT /api/apps/{id}` -- update name / description / manifest_yaml. Each field is optional; an absent field is left alone. The description field is three-state (see `deserialize_description_field`).
`DELETE /api/apps/{id}` -- delete an App. The schema CASCADE clears membership rows; underlying Workflows / Scripts / Resources survive.
`GET /api/apps/{id}/backend` -- list the App's declared backend functions (name / operation / argument metadata; never the SQL). Authenticated by EITHER a per-deployment App token (`Bearer scwa_…`) OR a logged-in session (the operator viewing the App-Tab).
`POST /api/apps/{id}/backend/{function_name}` -- invoke a declared backend function synchronously (ADR 0053). The author-fixed SQL runs under the db_query/db_execute guard with RLS `supacloud.app_id` injected; only the function name + positional args cross the wire, so a caller cannot inject SQL. Authenticated by EITHER a per-deployment App token OR a session.
`GET /api/apps/{id}/builds` -- the App's most-recent build (ADR 0030 UX3-A). Returns `null` when the App has never been built; the WebIde polls this to learn when a build reaches a terminal state.
`POST /api/apps/{id}/builds` -- enqueue a build of the App's current source for the WebIde live-preview (ADR 0030 UX3-A). Idempotent on the source hash: an unchanged source returns the existing (possibly succeeded) build. Returns the build row so the client can start polling immediately.
`POST /api/apps/{id}/deploy` -- deploy an App at a route path.
`GET /api/apps/{id}/deployment` -- fetch the deployment for an App.
`PATCH /api/apps/{id}/deployment` -- update deployment config.
`GET /api/apps/{id}/deployment/error-page` -- resolved error page for a deployment (walks the full cascade).
App API token for SERVER-SIDE callbacks (supacloud#410 / ADR 0041). Owner-only (workspace admin). Returns the plaintext **once** (`{ "token": "scwa_…" }`); only its hash is stored. Intended for server-side use by the App owner — it must NOT be embedded in the public App frontend (it would then be public).
`DELETE /api/apps/{id}/deployment/token` -- revoke the per-deployment App API token (supacloud#410 / ADR 0041). Owner-only (workspace admin). Idempotent.
`GET /api/apps/{id}/files` -- the App's file tree (metadata only).
`GET /api/apps/{id}/files/{*path}` -- one file with content. The current etag is returned both in the body and the `ETag` response header.
`PUT /api/apps/{id}/files/{*path}` -- upsert a file. Honours an optional `If-Match` request header (hex etag); a stale value yields 412.
`DELETE /api/apps/{id}/files/{*path}` -- remove a file.
`POST /api/apps/{id}/install` -- parse the App's manifest_yaml and wire up the join rows. Idempotent: re-running install never duplicates membership. A member id from another workspace returns 403.
`GET /api/apps/{id}/migrations` -- list the recorded migrations for this App, oldest-first. Each row carries the SHA-256 checksum (hex) and the `applied_at` timestamp (null when not yet applied).
`POST /api/apps/{id}/migrations` -- record a new migration and apply every pending migration. Idempotent: re-uploading the same `(name, sql)` is a no-op (the stored checksum matches). Re-uploading the same name with new content surfaces a 400; rename the file to register a follow-up.
`POST /api/apps/{id}/runs` -- multipart submit. Authenticated by EITHER a logged-in session (the operator) OR a per-deployment App API token (`Authorization: Bearer scwa_…`, supacloud#410 — a server-side caller now that a hosted App on the separate content domain cannot ride the session). The token must own this `app_id`; the run is attributed to the App's deployer.
`POST /api/apps/{id}/undeploy` -- undeploy an App.
`POST /api/apps/{id}/uninstall` -- drop every membership row but keep the App row. Idempotent: re-running uninstall on an empty App is a no-op (the report counts go to zero).
`GET /api/workspace/error-page` -- workspace error page config.
`PUT /api/workspace/error-page` -- set workspace error page config.
marketplace
Overview
`GET /api/admin/marketplace/fee-settings` — fetch the active platform fee settings (singleton row).
`PUT /api/admin/marketplace/fee-settings` — update the platform fee settings.
`POST /api/admin/marketplace/items/{id}/review/approve` — owner-gated. Marks the item's latest review approved and flips `marketplace_items.verified` (the install-gate signal) so a paid/central item becomes installable.
`POST /api/admin/marketplace/items/{id}/review/reject` — owner-gated. Marks the latest review rejected; `verified` stays false (uninstallable for paid/central items).
`GET /api/admin/marketplace/payouts/batches` — admin-only. List payout batches, optionally filtered by status, with pagination.
`POST /api/admin/marketplace/payouts/batches` — admin-only. Create a payout batch from a list of seller/account/amount entries.
`GET /api/admin/marketplace/payouts/batches/board` — admin-only. The #691 §E server-paginated payout-batches board: filtered+paged rows + total + (optional) instance-wide status facets.
`GET /api/admin/marketplace/payouts/batches/{id}` — admin-only. Full batch detail (batch + items).
`POST /api/admin/marketplace/payouts/batches/{id}/approve` — admin-only. Approve a draft batch, advancing it toward submission.
`POST /api/admin/marketplace/payouts/batches/{id}/cancel` — admin-only. Cancel a batch (allowed after approval, before completion).
`POST /api/admin/marketplace/payouts/batches/{id}/reconcile` — admin-only. Reconcile a submitted batch against bank results. Returns the reconciliation report.
`GET /api/admin/marketplace/payouts/batches/{id}/sepa_xml` — admin-only. Generate the SEPA credit-transfer XML for a batch.
`POST /api/admin/marketplace/payouts/batches/{id}/submit` — admin-only. Submit an approved batch (FinTS/SEPA). Returns the batch plus an optional `challenge`, present only when the bank issues a TAN.
`POST /api/admin/marketplace/payouts/batches/{id}/tan` — admin-only. Confirm a FinTS TAN challenge for a submitting batch. The TAN value is forwarded to the provider session and never persisted.
`GET /api/admin/marketplace/payouts/queue` — admin-only. The current payout queue (sellers with a payable ledger balance).
`POST /api/marketplace/checkout/{version_id}` — initiate a purchase for the given item version. Creates a purchase record in `pending` status; the payment provider callback transitions it to `active`.
`GET /api/marketplace/installs` — list the workspace's marketplace installs.
`POST /api/marketplace/installs/{id}/update` — update an existing install to the latest version. Returns the updated install row.
`POST /api/marketplace/installs/{id}/update_preview` — dry-run an update of an existing install to the latest version.
`GET /api/marketplace/items` — browse marketplace items with optional filters. Any approved user can browse.
`GET /api/marketplace/items/{id}` — fetch a single marketplace item.
`GET /api/marketplace/items/{id}/files` — read-only source tree of the item's latest version (ADR 0030 W6-5). Text files carry capped content; binary files report metadata only. Any approved user can preview.
`GET /api/marketplace/items/{id}/preview/graph` -- read-only workflow graph preview (Issue #279 / ADR 0034 P1). The server resolves the newest version and projects its stored spec; the FE needs only the item id. Any approved user can read.
`GET /api/marketplace/items/{id}/preview/node` -- read-only connector-node preset preview (Issue #279 / ADR 0034 P3). Any approved user can read.
`GET /api/marketplace/items/{id}/preview/script` -- read-only script source preview (Issue #279 / ADR 0034 P2). The server resolves the newest version and returns its frozen source; any approved user can read.
`PUT /api/marketplace/items/{id}/rating` — create/update the workspace's rating (install-gated + validated in the service).
`DELETE /api/marketplace/items/{id}/rating` — remove the workspace's rating.
`GET /api/marketplace/items/{id}/rating/mine` — the calling workspace's own rating (for prefilling the edit form), or `null` if it has not rated.
`GET /api/marketplace/items/{id}/ratings?limit&offset` — PUBLIC paginated list of an item's customer ratings (most recent first) + the total count.
`GET /api/marketplace/items/{id}/review` — the latest review for an item, or `null` if it has never been reviewed. Public so the catalog/detail UI can surface the verdict badge; returns the redacted `PublicItemReview` (no internal moderation fields).
`GET /api/marketplace/items/{id}/versions/{version}` — fetch a specific version by semver string (e.g. "1.2.0").
`POST /api/marketplace/items/{id}/versions/{version}/install` — install the item version into the workspace. Returns the created install row.
`POST /api/marketplace/items/{id}/versions/{version}/install_preview` — dry-run the install: returns the package summary, requirement analysis, and predicted outcomes.
`POST /api/marketplace/nodes/publish` -- publish a workspace connector node-type as a `kind='node'` marketplace item. Workspace-admin only.
`POST /api/marketplace/publish` — publish a workspace App to the marketplace as a buildable source listing (ADR 0030 UX3-D). Workspace-admin only: a publish creates a public listing, so it mirrors the source-mutation auth.
`GET /api/marketplace/purchases` — list purchases for the authenticated buyer with optional status filter and pagination.
`GET /api/marketplace/purchases/{id}` — fetch a single purchase by ID. Only accessible to the buyer who owns the purchase.
`GET /api/marketplace/runner-offers` — list runner offers with optional filters. Any approved user can browse.
`POST /api/marketplace/runner-offers` — create a runner offer. The seller profile is resolved from the authenticated user.
`GET /api/marketplace/runner-offers/{id}` — fetch a single runner offer.
`PATCH /api/marketplace/runner-offers/{id}` — update a runner offer. Only the owning seller can update.
`POST /api/marketplace/runner-offers/{id}/activate` — activate a runner offer.
`POST /api/marketplace/runner-offers/{id}/attach` — attach a runner offer to a workspace.
`POST /api/marketplace/runner-offers/{id}/attach_preview` — preview whether a workspace can attach to a runner offer.
`POST /api/marketplace/runner-offers/{id}/checkout` — checkout prepaid runner credit for a workspace.
`GET /api/marketplace/runner-usage` — list usage records for the current workspace (buyer side).
`POST /api/marketplace/runner-usage/{id}/dispute` — initiate a dispute on a usage record.
`POST /api/marketplace/scripts/publish` -- publish a workspace Script as a `kind='script'` marketplace item. Workspace-admin only. Returns the created item.
`GET /api/marketplace/seller/ledger` — list ledger entries for the authenticated seller with optional status filter and pagination.
`GET /api/marketplace/seller/ledger/board` — the #691 §E server-paginated seller-earnings board: filtered+paged ledger rows + total + (optional) facets + the whole-set KPI + the 30-day net series.
`POST /api/marketplace/seller/payout-account` — add a payout account to the authenticated user's seller profile.
`GET /api/marketplace/seller/payout-accounts` — list payout accounts for the authenticated seller.
`GET /api/marketplace/seller/profile` — fetch the authenticated user's seller profile.
`POST /api/marketplace/seller/profile` — create the authenticated user's seller profile. One profile per user (unique constraint on `user_id`).
`GET /api/marketplace/seller/purchases` — list purchases where the authenticated user is the seller (sales received).
`GET /api/marketplace/seller/purchases/board` — the #691 §E server-paginated seller-listings board: filtered+paged purchase rows + total + (optional) status facets + the filter-tracking KPI (gross / fee / net / count).
`GET /api/marketplace/seller/runner-offers` — list the AUTHENTICATED seller's OWN runner offers (scoped), vs the public browse `list_offers` which has no seller filter. #626 — the seller dashboard's "my offers" must use this or it shows every seller's offers. A user with no seller profile sees an empty list (not an error).
`GET /api/marketplace/sources` — list sources visible to the workspace.
`POST /api/marketplace/sources` — create a source. Workspace-admin only.
`DELETE /api/marketplace/sources/{id}` — delete a source, completing the Source-Registry CRUD (#626 G-market). Workspace-admin only; the service rejects a cross-workspace or official (curated) source, and refuses (409) while the source still has published items so deleting it never silently CASCADE-destroys its catalog.
`PATCH /api/marketplace/sources/{id}` — update a source. Workspace-admin only.
`POST /api/marketplace/sources/{id}/sync` — trigger a source sync. Workspace-admin only.
`POST /api/marketplace/workflows/publish` -- publish a workspace workflow as a `kind='workflow'` marketplace item. Workspace-admin only. Returns the created item.
councils
Overview
`GET /api/councils` — list the workspace's councils.
`POST /api/councils` — create a council.
`GET /api/councils/{id}` — fetch a single council.
`POST /api/councils/{id}/convert-to-task` — convert a council into a task.
`POST /api/councils/{id}/dismiss` — dismiss a council with a reason (workspace admin).
`POST /api/councils/{id}/fork` — fork a council with an optional new prompt.
`POST /api/councils/{id}/pin-to-memory` — pin a council's outcome to memory.
prompt-assist
Overview
`POST /api/prompt-assist/runs/{id}/accept` — mark an assist run as accepted, optionally linking it to the task it produced.
post_api_prompt_assist_voice_transcribe
`POST /api/prompt-assist/{action}` — run a PromptComposer assist action (e.g. expand / clarify / structure) over the supplied input text.
suggestions
Overview
`GET /api/suggestions` — list the workspace's suggestions.
`POST /api/suggestions/run` — run the suggestion analyzers and return the resulting suggestions.
`POST /api/suggestions/{id}/action` — act on a suggestion.
`POST /api/suggestions/{id}/dismiss` — dismiss a suggestion with a reason.
hub
`GET /api/hub/summary` — the Build-hub tab-rail per-kind totals for the active workspace (one round-trip; replaces the FE's four list-length over-fetches).
Webhooks
bitbucket repository webhook
Conversation webhook delivery
Workflow trigger delivery
forgejo repository webhook
Workflow trigger delivery
github repository webhook
gitlab repository webhook
Conversation webhook delivery
Workflow trigger delivery
Workflow trigger delivery
Management API
Overview
management
Overview
get_api_management_v1_organizations
get_api_management_v1_organizations_org_id_
put_api_management_v1_organizations_org_id_
delete_api_management_v1_organizations_org_id_
get_api_management_v1_organizations_org_id_invites
post_api_management_v1_organizations_org_id_invites
delete_api_management_v1_organizations_org_id_invites_invite_id_
get_api_management_v1_organizations_org_id_members
delete_api_management_v1_organizations_org_id_members_user_id_
post_api_management_v1_organizations_org_id_members_user_id_reactivate
put_api_management_v1_organizations_org_id_members_user_id_role
post_api_management_v1_organizations_org_id_members_user_id_suspend
get_api_management_v1_organizations_org_id_oidc
put_api_management_v1_organizations_org_id_oidc
delete_api_management_v1_organizations_org_id_oidc
post_api_management_v1_organizations_org_id_transfer_ownership
get_api_management_v1_workspaces
post_api_management_v1_workspaces
put_api_management_v1_workspaces_slug_
delete_api_management_v1_workspaces_slug_
get_api_management_v1_workspaces_slug_api_tokens
post_api_management_v1_workspaces_slug_api_tokens
delete_api_management_v1_workspaces_slug_api_tokens_fingerprint_
get_api_management_v1_workspaces_slug_approvals
get_api_management_v1_workspaces_slug_budget
put_api_management_v1_workspaces_slug_budget
get_api_management_v1_workspaces_slug_config_autonomy
put_api_management_v1_workspaces_slug_config_autonomy
get_api_management_v1_workspaces_slug_credentials
put_api_management_v1_workspaces_slug_credentials_ai_provider_
delete_api_management_v1_workspaces_slug_credentials_ai_provider_
put_api_management_v1_workspaces_slug_credentials_git_label_
delete_api_management_v1_workspaces_slug_credentials_git_label_
put_api_management_v1_workspaces_slug_credentials_mailboxes_label_
delete_api_management_v1_workspaces_slug_credentials_mailboxes_label_
put_api_management_v1_workspaces_slug_credentials_oauth_provider_
delete_api_management_v1_workspaces_slug_credentials_oauth_provider_
get_api_management_v1_workspaces_slug_members
post_api_management_v1_workspaces_slug_members
put_api_management_v1_workspaces_slug_members_user_id_
delete_api_management_v1_workspaces_slug_members_user_id_
get_api_management_v1_workspaces_slug_projects
get_api_management_v1_workspaces_slug_projects_id_issues
put_api_management_v1_workspaces_slug_projects_key_
delete_api_management_v1_workspaces_slug_projects_key_
get_api_management_v1_workspaces_slug_schedules
put_api_management_v1_workspaces_slug_schedules_key_
delete_api_management_v1_workspaces_slug_schedules_key_
put_api_management_v1_workspaces_slug_schedules_key_status
get_api_management_v1_workspaces_slug_secrets
put_api_management_v1_workspaces_slug_secrets_key_
delete_api_management_v1_workspaces_slug_secrets_key_
get_api_management_v1_workspaces_slug_state
put_api_management_v1_workspaces_slug_state
get_api_management_v1_workspaces_slug_tasks
put_api_management_v1_workspaces_slug_tasks_key_
delete_api_management_v1_workspaces_slug_tasks_key_
post_api_management_v1_workspaces_slug_tasks_key_cancel
get_api_management_v1_workspaces_slug_tasks_key_events
post_api_management_v1_workspaces_slug_tasks_key_launch
get_api_management_v1_workspaces_slug_tasks_key_logs
get_api_management_v1_workspaces_slug_usage
get_api_management_v1_workspaces_slug_variables
put_api_management_v1_workspaces_slug_variables_key_
delete_api_management_v1_workspaces_slug_variables_key_
Explanation
adrs
Architecture Decision Records
Architecture
Repository
Select theme
Dark
Light
Auto
Auto
Dark
Light
Auto
Select language
English
Deutsch
English
English
Deutsch
Overview
SupaCloud Management API
0.6.0
Section titled “SupaCloud Management API 0.6.0”
Information
License: AGPL-3.0-only
OpenAPI version:
3.1.0
Operations
Section titled “Operations”
GET
/api/management/v1/organizations
GET
/api/management/v1/organizations/{org_id}
PUT
/api/management/v1/organizations/{org_id}
DELETE
/api/management/v1/organizations/{org_id}
GET
/api/management/v1/organizations/{org_id}/invites
POST
/api/management/v1/organizations/{org_id}/invites
DELETE
/api/management/v1/organizations/{org_id}/invites/{invite_id}
GET
/api/management/v1/organizations/{org_id}/members
DELETE
/api/management/v1/organizations/{org_id}/members/{user_id}
POST
/api/management/v1/organizations/{org_id}/members/{user_id}/reactivate
PUT
/api/management/v1/organizations/{org_id}/members/{user_id}/role
POST
/api/management/v1/organizations/{org_id}/members/{user_id}/suspend
GET
/api/management/v1/organizations/{org_id}/oidc
PUT
/api/management/v1/organizations/{org_id}/oidc
DELETE
/api/management/v1/organizations/{org_id}/oidc
POST
/api/management/v1/organizations/{org_id}/transfer-ownership
GET
/api/management/v1/workspaces
POST
/api/management/v1/workspaces
PUT
/api/management/v1/workspaces/{slug}
DELETE
/api/management/v1/workspaces/{slug}
GET
/api/management/v1/workspaces/{slug}/api-tokens
POST
/api/management/v1/workspaces/{slug}/api-tokens
DELETE
/api/management/v1/workspaces/{slug}/api-tokens/{fingerprint}
GET
/api/management/v1/workspaces/{slug}/approvals
GET
/api/management/v1/workspaces/{slug}/budget
PUT
/api/management/v1/workspaces/{slug}/budget
GET
/api/management/v1/workspaces/{slug}/config/autonomy
PUT
/api/management/v1/workspaces/{slug}/config/autonomy
GET
/api/management/v1/workspaces/{slug}/credentials
PUT
/api/management/v1/workspaces/{slug}/credentials/ai/{provider}
DELETE
/api/management/v1/workspaces/{slug}/credentials/ai/{provider}
PUT
/api/management/v1/workspaces/{slug}/credentials/git/{label}
DELETE
/api/management/v1/workspaces/{slug}/credentials/git/{label}
PUT
/api/management/v1/workspaces/{slug}/credentials/mailboxes/{label}
DELETE
/api/management/v1/workspaces/{slug}/credentials/mailboxes/{label}
PUT
/api/management/v1/workspaces/{slug}/credentials/oauth/{provider}
DELETE
/api/management/v1/workspaces/{slug}/credentials/oauth/{provider}
GET
/api/management/v1/workspaces/{slug}/members
POST
/api/management/v1/workspaces/{slug}/members
PUT
/api/management/v1/workspaces/{slug}/members/{user_id}
DELETE
/api/management/v1/workspaces/{slug}/members/{user_id}
GET
/api/management/v1/workspaces/{slug}/projects
GET
/api/management/v1/workspaces/{slug}/projects/{id}/issues
PUT
/api/management/v1/workspaces/{slug}/projects/{key}
DELETE
/api/management/v1/workspaces/{slug}/projects/{key}
GET
/api/management/v1/workspaces/{slug}/schedules
PUT
/api/management/v1/workspaces/{slug}/schedules/{key}
DELETE
/api/management/v1/workspaces/{slug}/schedules/{key}
PUT
/api/management/v1/workspaces/{slug}/schedules/{key}/status
GET
/api/management/v1/workspaces/{slug}/secrets
PUT
/api/management/v1/workspaces/{slug}/secrets/{key}
DELETE
/api/management/v1/workspaces/{slug}/secrets/{key}
GET
/api/management/v1/workspaces/{slug}/state
PUT
/api/management/v1/workspaces/{slug}/state
GET
/api/management/v1/workspaces/{slug}/tasks
PUT
/api/management/v1/workspaces/{slug}/tasks/{key}
DELETE
/api/management/v1/workspaces/{slug}/tasks/{key}
POST
/api/management/v1/workspaces/{slug}/tasks/{key}/cancel
GET
/api/management/v1/workspaces/{slug}/tasks/{key}/events
POST
/api/management/v1/workspaces/{slug}/tasks/{key}/launch
GET
/api/management/v1/workspaces/{slug}/tasks/{key}/logs
GET
/api/management/v1/workspaces/{slug}/usage
GET
/api/management/v1/workspaces/{slug}/variables
PUT
/api/management/v1/workspaces/{slug}/variables/{key}
DELETE
/api/management/v1/workspaces/{slug}/variables/{key}