Skip to content
Select themeSelect language

post_api_projects_sync_import

POST
/api/projects/sync/import
curl --request POST \
--url https://example.com/api/projects/sync/import \
--header 'Content-Type: application/json' \
--cookie supacloud_session=<supacloud_session> \
--data '{ "credential_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "repos": [ { "clone_url": "example", "default_branch": "example", "name": "example", "provider": "example", "ssh_url": "example" } ] }'
Media typeapplication/json
object
credential_id
required
string format: uuid
repos
required
Array<object>
object
clone_url

HTTPS clone URL — preferred over ssh_url by the importer because the sync flow requires an access_token credential.

string | null
default_branch
string | null
name
required
string
provider
required
string
ssh_url
string | null
Examplegenerated
{
"credential_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0",
"repos": [
{
"clone_url": "example",
"default_branch": "example",
"name": "example",
"provider": "example",
"ssh_url": "example"
}
]
}

Imported projects

Media typeapplication/json
Array<object>
object
auto_developer_workflow_id
required

D1 — the materialized Auto Developer workflow’s id, surfaced so the project-edit UI can render an “Edit workflow” link. None until the arm’s workflow is materialized.

string | null format: uuid
autonomy_level
required

ADR 0045 Stage 4 — the project-scope autonomy level (0..=100), or null to inherit from the workspace. The project-edit form seeds the autonomy slider from it.

integer | null format: int32
autonomy_overrides
required

ADR 0045 Stage 4 — the Advanced per-axis autonomy override vector (free-form string-keyed bag, e.g. {"level": N}). Defaults to {}. The project-edit form seeds the Advanced overrides from it.

object
key
additional properties
backlog_classifier
required

Issue #532 — how items are classified: 'llm' (default — one LLM call per item, tuned by the backlog automation’s source_filter classifier config) or 'rules' (the deterministic mapping). Surfaced so the Automation section shows the editable Classifier tuning for llm and the read-only rules mapping for rules.

string
backlog_daily_budget_usd
required

#708 B4 — per-project daily backlog $-budget (null = no cap). Surfaced so the backlog-limits field can seed + round-trip its current value.

number | null format: double
backlog_max_concurrent
required

#708 B4 — per-project backlog concurrency cap (null = inherit the workspace ceiling). Surfaced so the backlog-limits field can seed + round-trip.

integer | null format: int32
backlog_merge_policy
required

ADR 0045 Stage 1b — backlog merge policy: 'pr_only' (default) | 'auto_on_green' | 'full_auto'. Surfaced so the consolidated Automation section can round-trip the selected Approval-mode.

string
backlog_mode_enabled
required

#364 / #388 — whether the project runs in autonomous backlog-dispatch mode (mutually exclusive with PR-flow auto-developer). Surfaced so the #358 board + project detail can render the “Backlog” chip.

boolean
backlog_required_reviewers
required

ADR 0045 Stage 1b — N human approvals required on the backlog in_review → done/merge step. Surfaced read-only on the project detail.

integer format: int32
closeout_config
required
One of:
null
created_at
required
string format: date-time
daily_budget_usd
required

#708 M5 — the project-TOTAL daily/monthly $-budget caps (mig 296; every launch, not just backlog). Surfaced so the Guardrails budget inputs seed + round-trip their current value. null = no project cap.

number | null format: double
denied_tools
required

ADR 0045 Stage 1b — per-project blast-radius tool denylist (mig 210). Surfaced so the Automation section can render + round-trip the chosen Blast-radius denied tools.

Array<string>
detected_stack
required
git_credential_id
required
string | null format: uuid
git_default_branch
required
string | null
git_provider
required
string | null
git_repo_url
required
string | null
id
required
string format: uuid
image_built_at
required
string | null format: date-time
image_config
required
image_error
required
string | null
image_size
required
integer | null format: int64
image_status
required
string | null
image_tag
required
string | null
issue_tracker
required

ADR 0029 Slice 5 — Linear/Notion issue tracker config.

string | null
issue_tracker_autodev_enabled
required

ADR 0029 Slice 7 — tracker auto-developer toggle. The webhook secret itself (the HMAC signing secret the Linear/Notion receiver verifies against) is NEVER returned outward: a member who could read it could forge validly-signed webhooks that launch agents (H1 audit). Mirroring the auto_developer_webhook_secret posture, we expose only whether one is configured. The user supplies the secret on create/update, so they already know its value and never need it read back.

boolean
issue_tracker_credential_id
required
string | null format: uuid
issue_tracker_key
required
string | null
issue_tracker_state_map
required

ADR 0029 Slice 6 (D7) — per-provider state-name overrides. The runtime type stays serde_json::Value (a free-form JSONB column); the spec is narrowed to the real serialized shape — a map keyed by tracker provider name (linear / notion) to a [TrackerStateNames] override bag.

object | null
issue_tracker_webhook_secret_set
required
boolean
max_concurrent_runs
required

Issue #110: per-project concurrency cap; None = unlimited.

integer | null format: int32
memory_governance_policy
required

#708 W13 — the project-tier SPARSE memory-governance override (mig 289), or null to inherit the workspace policy entirely. A sparse per-scope JSONB bag ({workspace, project, personal}) the project-edit settings seed from.

monthly_budget_usd
required
number | null format: double
name
required
string
user_id
required
string format: uuid
workspace_id
required
string | null format: uuid
Examplegenerated
[
{
"auto_developer_workflow_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0",
"autonomy_level": 1,
"autonomy_overrides": {
"additionalProperty": "example"
},
"backlog_classifier": "example",
"backlog_daily_budget_usd": 1,
"backlog_max_concurrent": 1,
"backlog_merge_policy": "example",
"backlog_mode_enabled": true,
"backlog_required_reviewers": 1,
"closeout_config": {
"memory": true,
"project_docs": {
"condition": "example",
"enabled": true,
"globs": [
"example"
]
},
"user_docs": {
"condition": "example",
"enabled": true,
"globs": [
"example"
],
"langs": [
"example"
]
},
"wiki": {
"condition": "example",
"enabled": true
}
},
"created_at": "2026-04-15T12:00:00Z",
"daily_budget_usd": 1,
"denied_tools": [
"example"
],
"detected_stack": "example",
"git_credential_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0",
"git_default_branch": "example",
"git_provider": "example",
"git_repo_url": "example",
"id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0",
"image_built_at": "2026-04-15T12:00:00Z",
"image_config": "example",
"image_error": "example",
"image_size": 1,
"image_status": "example",
"image_tag": "example",
"issue_tracker": "example",
"issue_tracker_autodev_enabled": true,
"issue_tracker_credential_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0",
"issue_tracker_key": "example",
"issue_tracker_state_map": "example",
"issue_tracker_webhook_secret_set": true,
"max_concurrent_runs": 1,
"memory_governance_policy": "example",
"monthly_budget_usd": 1,
"name": "example",
"user_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0",
"workspace_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0"
}
]

Structured client error

Media typeapplication/json

The canonical JSON body of every error response — the single source of truth the frontend binds to. Every AppError serializes as this exact shape, and the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is what the frontend error schema is generated from, so there is no hand-written error schema on either end.

object
code
required

Machine-readable, stable error code.

string
Allowed values: not_found unauthorized forbidden bad_request unprocessable precondition_failed conflict method_not_allowed rate_limited quota_exceeded database_error docker_error vault_error internal_error
details
One of:
null
error
required

Human-readable message (the server’s English text; the client may localize by code).

string
Example
{
"code": "not_found"
}

Authentication required

Media typeapplication/json

The canonical JSON body of every error response — the single source of truth the frontend binds to. Every AppError serializes as this exact shape, and the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is what the frontend error schema is generated from, so there is no hand-written error schema on either end.

object
code
required

Machine-readable, stable error code.

string
Allowed values: not_found unauthorized forbidden bad_request unprocessable precondition_failed conflict method_not_allowed rate_limited quota_exceeded database_error docker_error vault_error internal_error
details
One of:
null
error
required

Human-readable message (the server’s English text; the client may localize by code).

string
Example
{
"code": "not_found"
}

Permission denied

Media typeapplication/json

The canonical JSON body of every error response — the single source of truth the frontend binds to. Every AppError serializes as this exact shape, and the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is what the frontend error schema is generated from, so there is no hand-written error schema on either end.

object
code
required

Machine-readable, stable error code.

string
Allowed values: not_found unauthorized forbidden bad_request unprocessable precondition_failed conflict method_not_allowed rate_limited quota_exceeded database_error docker_error vault_error internal_error
details
One of:
null
error
required

Human-readable message (the server’s English text; the client may localize by code).

string
Example
{
"code": "not_found"
}

Structured server error

Media typeapplication/json

The canonical JSON body of every error response — the single source of truth the frontend binds to. Every AppError serializes as this exact shape, and the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is what the frontend error schema is generated from, so there is no hand-written error schema on either end.

object
code
required

Machine-readable, stable error code.

string
Allowed values: not_found unauthorized forbidden bad_request unprocessable precondition_failed conflict method_not_allowed rate_limited quota_exceeded database_error docker_error vault_error internal_error
details
One of:
null
error
required

Human-readable message (the server’s English text; the client may localize by code).

string
Example
{
"code": "not_found"
}