POST /workspaces — create a new workspace
const url = 'https://example.com/api/workspaces';const options = { method: 'POST', headers: { cookie: 'supacloud_session=<supacloud_session>', 'Content-Type': 'application/json' }, body: '{"name":"example"}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example.com/api/workspaces \ --header 'Content-Type: application/json' \ --cookie supacloud_session=<supacloud_session> \ --data '{ "name": "example" }'Authorizations
Section titled “Authorizations”Request Bodyrequired
Section titled “Request Bodyrequired”object
Examplegenerated
{ "name": "example"}Responses
Section titled “Responses”Newly created workspace
object
#583 Item 2 / #582 — the Debug-light CEILING (COALESCE of the sparse
workspace_settings.allow_debug; missing/NULL ⇒ FALSE = fail-closed). The
FE per-session debug enable-gate ($lib/stores/debug-session) reads it off
the active workspace; when false no member can enable debug anywhere in
the workspace. Workspace-admin-settable via PATCH .../settings.
ADR 0045 Stage 4 — the workspace BASE autonomy level (0..=100, mig 214,
always concrete: the bottom of the precedence chain). The FE autonomy UI +
project-edit form seed the slider from it.
ADR 0045 Stage 4 — the Advanced per-axis autonomy override vector
(free-form string-keyed bag). Empty {} = pure slider-derived policy.
object
ADR 0045 Stage 1 — count of backlog-enabled projects in the workspace.
Drives the FE’s adaptive surfacing (the workspace-scope dispatch controls
only appear once >= 2 projects run backlog mode).
#519 #11 — the digest cadence (off | daily | weekly; default daily).
#519 #11 — whether the autonomous-delivery notification digest is delivered
for this workspace (default true). Hydrates the FE digest settings card.
ADR 0045 / Safety A2 — true while the workspace is in onboarding-safe
mode (autonomy slider capped, backlog dispatch suppressed). Graduated to
false by an explicit admin action.
The caller’s role in this workspace (workspace_members.role). Runtime
stays String; the spec narrows it to the closed [WorkspaceRoleSpec].
Example
{ "role": "owner"}Structured client error
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Authentication required
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Permission denied
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}Structured server error
The canonical JSON body of every error response — the single source of truth
the frontend binds to. Every AppError serializes as this exact shape, and
the generated OpenAPI component ApiErrorBody (with its ErrorCode enum) is
what the frontend error schema is generated from, so there is no hand-written
error schema on either end.
object
Machine-readable, stable error code.
Present only on a quota-exceeded 403 — the inline upgrade-CTA payload.
object
The entitlement feature key that was hit, e.g. apps.max_count.
The plan’s limit for this key.
Where to send the user to upgrade.
Current usage (count or bytes, per the key).
Human-readable message (the server’s English text; the client may localize
by code).
Example
{ "code": "not_found"}