Skip to content
Select themeSelect language

GET /workspaces/{id}/autonomy — the resolved effective autonomy + policy + ceilings for the workspace. A workspace MEMBER may read it (the slider preview + the plan-ceiling source every scope's slider clamps to). The acting user is the entitlement-scoping identity for the plan-ceiling read.

GET
/api/workspaces/{id}/autonomy
curl --request GET \
--url https://example.com/api/workspaces/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/autonomy \
--cookie supacloud_session=<supacloud_session>
id
required
string format: uuid

Workspace ID whose resolved autonomy to read

Resolved effective autonomy + policy + ceilings

Media typeapplication/json

The resolved workspace autonomy a member reads for the live preview: the EFFECTIVE level (after the plan ceiling + onboarding cap), the two ceilings that bounded it, and the slider-derived policy vector. Mirrors the FE resolvedAutonomySchema (web/src/lib/autonomy.ts).

object
effective_level
required

The level the engine actually acts at (after the chain + both ceilings).

integer format: int32
onboarding_cap
required

The onboarding cap currently in force (ONBOARDING_AUTONOMY_CAP while onboarding, else the engine maximum).

integer format: int32
plan_ceiling
required

The plan/edition entitlement ceiling on the autonomy level.

integer format: int32
policy
required

The resolved policy vector (dispatch/ask/effort/merge) the engine threads in.

object
ask_threshold
required

Which tool calls raise a human clarification ask (relaxes as autonomy rises).

string
Allowed values: always risky_only never
dispatch_enabled
required

false ⇒ the global/auto dispatcher does nothing (manual trigger only).

boolean
effort_bias
required

Signed nudge intended for the router’s effort selection (-1 economical · 0 balanced · +1 generous). An i8 (not an enum) so a consumer can add it to a numeric effort index and clamp; it is intentionally a small bounded range.

NOTE: this axis is currently snapshot-only / informational (the sole such axis; [AskThreshold] and [MergePolicy] are wired) — it is resolved, override-clamped and recorded into runs.autonomy_policy_json (and exposed in the FE policy preview), but no router pass reads it yet (routing effort is still derived solely from item severity). It is a forward axis not yet consumed; wiring it into classify_routing is a follow-up phase.

integer format: int32
merge_ceiling
required

The upper bound the merge step is clamped to.

string
Allowed values: none pr_only auto_on_green full_auto
Example
{
"policy": {
"ask_threshold": "always",
"merge_ceiling": "none"
}
}

Authentication required

Media typeapplication/json

The canonical JSON body of every error response — the single source of truth the frontend binds to. Every AppError serializes as this exact shape, and the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is what the frontend error schema is generated from, so there is no hand-written error schema on either end.

object
code
required

Machine-readable, stable error code.

string
Allowed values: not_found unauthorized forbidden bad_request unprocessable precondition_failed conflict method_not_allowed rate_limited quota_exceeded database_error docker_error vault_error internal_error
details
One of:
null
error
required

Human-readable message (the server’s English text; the client may localize by code).

string
Example
{
"code": "not_found"
}

Permission denied

Media typeapplication/json

The canonical JSON body of every error response — the single source of truth the frontend binds to. Every AppError serializes as this exact shape, and the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is what the frontend error schema is generated from, so there is no hand-written error schema on either end.

object
code
required

Machine-readable, stable error code.

string
Allowed values: not_found unauthorized forbidden bad_request unprocessable precondition_failed conflict method_not_allowed rate_limited quota_exceeded database_error docker_error vault_error internal_error
details
One of:
null
error
required

Human-readable message (the server’s English text; the client may localize by code).

string
Example
{
"code": "not_found"
}

Workspace not found

Media typeapplication/json

The canonical JSON body of every error response — the single source of truth the frontend binds to. Every AppError serializes as this exact shape, and the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is what the frontend error schema is generated from, so there is no hand-written error schema on either end.

object
code
required

Machine-readable, stable error code.

string
Allowed values: not_found unauthorized forbidden bad_request unprocessable precondition_failed conflict method_not_allowed rate_limited quota_exceeded database_error docker_error vault_error internal_error
details
One of:
null
error
required

Human-readable message (the server’s English text; the client may localize by code).

string
Example
{
"code": "not_found"
}

Structured server error

Media typeapplication/json

The canonical JSON body of every error response — the single source of truth the frontend binds to. Every AppError serializes as this exact shape, and the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is what the frontend error schema is generated from, so there is no hand-written error schema on either end.

object
code
required

Machine-readable, stable error code.

string
Allowed values: not_found unauthorized forbidden bad_request unprocessable precondition_failed conflict method_not_allowed rate_limited quota_exceeded database_error docker_error vault_error internal_error
details
One of:
null
error
required

Human-readable message (the server’s English text; the client may localize by code).

string
Example
{
"code": "not_found"
}