Skip to content
Select themeSelect language

POST /workspaces — create a new workspace

POST
/api/workspaces
curl --request POST \
--url https://example.com/api/workspaces \
--header 'Content-Type: application/json' \
--cookie supacloud_session=<supacloud_session> \
--data '{ "name": "example" }'
Media typeapplication/json
object
name
required
string
Examplegenerated
{
"name": "example"
}

Newly created workspace

Media typeapplication/json
object
active_task_count
required
integer format: int64
allow_debug
required

#583 Item 2 / #582 — the Debug-light CEILING (COALESCE of the sparse workspace_settings.allow_debug; missing/NULL ⇒ FALSE = fail-closed). The FE per-session debug enable-gate ($lib/stores/debug-session) reads it off the active workspace; when false no member can enable debug anywhere in the workspace. Workspace-admin-settable via PATCH .../settings.

boolean
autonomy_level
required

ADR 0045 Stage 4 — the workspace BASE autonomy level (0..=100, mig 214, always concrete: the bottom of the precedence chain). The FE autonomy UI + project-edit form seed the slider from it.

integer format: int32
autonomy_overrides
required

ADR 0045 Stage 4 — the Advanced per-axis autonomy override vector (free-form string-keyed bag). Empty {} = pure slider-derived policy.

object
key
additional properties
backlog_project_count
required

ADR 0045 Stage 1 — count of backlog-enabled projects in the workspace. Drives the FE’s adaptive surfacing (the workspace-scope dispatch controls only appear once >= 2 projects run backlog mode).

integer format: int64
created_at
required
string format: date-time
engine_digest_cadence
required

#519 #11 — the digest cadence (off | daily | weekly; default daily).

string
engine_digest_enabled
required

#519 #11 — whether the autonomous-delivery notification digest is delivered for this workspace (default true). Hydrates the FE digest settings card.

boolean
id
required
string format: uuid
member_count
required
integer format: int64
name
required
string
onboarding_mode
required

ADR 0045 / Safety A2 — true while the workspace is in onboarding-safe mode (autonomy slider capped, backlog dispatch suppressed). Graduated to false by an explicit admin action.

boolean
owner_id
required
string format: uuid
role
required

The caller’s role in this workspace (workspace_members.role). Runtime stays String; the spec narrows it to the closed [WorkspaceRoleSpec].

string
Allowed values: owner admin member
Example
{
"role": "owner"
}

Structured client error

Media typeapplication/json

The canonical JSON body of every error response — the single source of truth the frontend binds to. Every AppError serializes as this exact shape, and the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is what the frontend error schema is generated from, so there is no hand-written error schema on either end.

object
code
required

Machine-readable, stable error code.

string
Allowed values: not_found unauthorized forbidden bad_request unprocessable precondition_failed conflict method_not_allowed rate_limited quota_exceeded database_error docker_error vault_error internal_error
details
One of:
null
error
required

Human-readable message (the server’s English text; the client may localize by code).

string
Example
{
"code": "not_found"
}

Authentication required

Media typeapplication/json

The canonical JSON body of every error response — the single source of truth the frontend binds to. Every AppError serializes as this exact shape, and the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is what the frontend error schema is generated from, so there is no hand-written error schema on either end.

object
code
required

Machine-readable, stable error code.

string
Allowed values: not_found unauthorized forbidden bad_request unprocessable precondition_failed conflict method_not_allowed rate_limited quota_exceeded database_error docker_error vault_error internal_error
details
One of:
null
error
required

Human-readable message (the server’s English text; the client may localize by code).

string
Example
{
"code": "not_found"
}

Permission denied

Media typeapplication/json

The canonical JSON body of every error response — the single source of truth the frontend binds to. Every AppError serializes as this exact shape, and the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is what the frontend error schema is generated from, so there is no hand-written error schema on either end.

object
code
required

Machine-readable, stable error code.

string
Allowed values: not_found unauthorized forbidden bad_request unprocessable precondition_failed conflict method_not_allowed rate_limited quota_exceeded database_error docker_error vault_error internal_error
details
One of:
null
error
required

Human-readable message (the server’s English text; the client may localize by code).

string
Example
{
"code": "not_found"
}

Structured server error

Media typeapplication/json

The canonical JSON body of every error response — the single source of truth the frontend binds to. Every AppError serializes as this exact shape, and the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is what the frontend error schema is generated from, so there is no hand-written error schema on either end.

object
code
required

Machine-readable, stable error code.

string
Allowed values: not_found unauthorized forbidden bad_request unprocessable precondition_failed conflict method_not_allowed rate_limited quota_exceeded database_error docker_error vault_error internal_error
details
One of:
null
error
required

Human-readable message (the server’s English text; the client may localize by code).

string
Example
{
"code": "not_found"
}