`POST /api/organization/runners/{id}/offer` — offer an org-owned runner for rent. Owner/admin only (`authorize_org_runner(ManageMembers)`). Resolves the caller's seller profile (a `400` with the onboarding need if absent), auto-creates/reuses a backing catalog item, and REUSES `create_runner_offer` with `runner_pool_id={id}` + `secret_trust_policy='deny'` (the ADR-0048 baseline). The offer flips ONLY the seller side; the rented-runner edge/secret-denied gates stay enforced at dispatch.
const url = 'https://example.com/api/organization/runners/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/offer';const options = { method: 'POST', headers: {'Content-Type': 'application/json'}, body: '{"capabilities":"example","display_region":"example","hardware":"example","heartbeat_interval_secs":1,"job_class_allowlist":["example"],"max_concurrency":1,"rate_minor_per_minute":1,"terms_accepted":true,"trust_tier":"example"}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example.com/api/organization/runners/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/offer \ --header 'Content-Type: application/json' \ --data '{ "capabilities": "example", "display_region": "example", "hardware": "example", "heartbeat_interval_secs": 1, "job_class_allowlist": [ "example" ], "max_concurrency": 1, "rate_minor_per_minute": 1, "terms_accepted": true, "trust_tier": "example" }'Parameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”Runner ID
Request Bodyrequired
Section titled “Request Bodyrequired”Body for POST /api/organization/runners/{id}/offer. Everything else (the
backing catalog item, the seller binding, the runner binding, the ADR-0048
secret-deny baseline) is server-derived — the runner IS the binding, so there is
no item-id input.
object
Advertised capabilities (a JSON object; defaulted to {} if absent/invalid).
Display region label for the offer (informational).
Advertised hardware (a JSON object; defaulted to {} if absent/invalid).
Heartbeat interval seconds (>= 10; defaults 60).
Job-class allowlist (the renter job classes this runner accepts).
Max concurrent rented runs (>= 1; defaults to 1).
Metered per-minute price (minor currency units). Absent/non-positive = unpriced.
Accept the marketplace runner terms at offer time (required before activation).
Trust tier (community | verified | official; defaults community).
Examplegenerated
{ "capabilities": "example", "display_region": "example", "hardware": "example", "heartbeat_interval_secs": 1, "job_class_allowlist": [ "example" ], "max_concurrency": 1, "rate_minor_per_minute": 1, "terms_accepted": true, "trust_tier": "example"}Responses
Section titled “Responses”The created/updated runner offer (bound to the runner, secret-denied)
Runner offer capacity metadata for a runner_offer item. Owned by the
catalog slice; later slices add FK constraints for seller_profile_id
and runner_pool_id.
object
Examplegenerated
{ "activation_status": "example", "active": true, "capabilities": "example", "created_at": "2026-04-15T12:00:00Z", "display_region": "example", "hardware": "example", "health_status": "example", "heartbeat_interval_secs": 1, "id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "item_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "job_class_allowlist": [ "example" ], "last_heartbeat_at": "2026-04-15T12:00:00Z", "max_concurrency": 1, "network_policy": "example", "runner_pool_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "secret_trust_policy": "example", "seller_profile_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "terms_accepted_at": "2026-04-15T12:00:00Z", "trust_tier": "example", "updated_at": "2026-04-15T12:00:00Z"}Seller onboarding required / invalid offer
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Authentication required
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Permission denied / not your org’s runner
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Unknown runner
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Structured server error
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}